From mjo at pbj.dk Thu Feb 1 09:26:09 2001 From: mjo at pbj.dk (Mikael Johnsen) Date: Thu, 1 Feb 2001 16:26:09 +0100 Subject: [pptp-server] Error 678 Message-ID: <1DA605F7E2EAD411B7A9009027DDD2C359CA@PBJ-EXCHG> Hi Guys I have been looking through the Archives all day, with no solution, and it's driving me mad! I'm trying to connect a Win 2000 Pro client, but I get This Error 678, what is it? Med venlig hilsen / Best regards Mikael Johnsen Systemadministrator / System Administrator PBJ Consult A/S Phone: +45 43 62 74 00 Roholmsvej 10 G Fax: +45 43 62 74 24 DK-2620 Albertslund Email: mailto:mjo at pbj.dk Homepage: www.pbj.dk From rcd at amherst.com Thu Feb 1 15:16:17 2001 From: rcd at amherst.com (Robert Dege) Date: Thu, 01 Feb 2001 16:16:17 -0500 Subject: [pptp-server] Samba can't access Workgroups References: <1DA605F7E2EAD411B7A9009027DDD2C359CA@PBJ-EXCHG> Message-ID: <3A79D221.D7069E79@comptekamherst.com> I can successfully make a PPTP connection. I can also successfully access Network Neighborhood & view the workgroups.... But for the Love of God, I can't access any of the workgroups. There is no NT domain, and I have Samba setup as the Wins server. I have 2 ethernet cards, and am able to do: >smbclient -U% -L host1 >smbclient -U% -L host2 & see the same output. Any suggestions? -Rob From GeorgeV at citadelcomputer.com.au Thu Feb 1 15:20:38 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 2 Feb 2001 08:20:38 +1100 Subject: [pptp-server] Problems logging into PopTop. Message-ID: <200FAA488DE0D41194F10010B597610D080B7F@JUPITER> I think you need to patch your 192.168.1.X firewall for PPTP masquerading I think. Also, I'd patch your kernel up to version 2.2.16 at least due to a root access bug.. Don't ask what it is and how they gain access 'coz I don't know but I just avoid it. thanks, George Vieira -----Original Message----- From: Andy Ennamorato [mailto:ajennamo at uncc.edu] Sent: Thursday, February 01, 2001 3:45 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Problems logging into PopTop. Howdy... After having installed a couple weeks ago, I'm still struggling to have a machine connect to my PoPTop server. I'm using RedHat 6.2, kernel 2.2.14 and PopTop 1.1.2 and pppd 2.3.11. The poptop software IS running on the firewall, and every time I've tested, I've enabled all packets (i.e. IPCHAINS -P INPUT ACCEPT, OUTPUT ACCEPT) so that "shouldn't" be blocking anything. I've attempted to connect in two different ways - the first time, from a Win98 machine behind the firewall (using the 192.168.x.x IP class). When I connect to the internal interface (in this case, eth1), the Win98 box connects temporarily - it seems to authenticate - but then immediately drops the connection. Here's a snippet of the log file when this happens (I can post the complete log if needed): ... (pptpd.log) ... Jan 25 18:47:15 yoyodyne pptpd[19937]: CTRL (PPPD Launcher): local address = 192.168.1.80 Jan 25 18:47:15 yoyodyne pptpd[19937]: CTRL (PPPD Launcher): remote address = 192.168.1.70 Jan 25 18:47:15 yoyodyne pptpd[19936]: CTRL: I wrote 32 bytes to the client. Jan 25 18:47:15 yoyodyne pptpd[19936]: CTRL: Sent packet to client Jan 25 18:47:16 yoyodyne pppd[19937]: pppd 2.3.11 started by root, uid 0 Jan 25 18:47:16 yoyodyne pppd[19937]: Using interface ppp1 Jan 25 18:47:16 yoyodyne pppd[19937]: Connect: ppp1 <--> /dev/pts/1 Jan 25 18:47:16 yoyodyne pptpd[19936]: Buffering out-of-order packet; got 1 after 4294967295 Jan 25 18:47:16 yoyodyne pptpd[19936]: Packet reorder timeout waiting for 0 Jan 25 18:47:16 yoyodyne pptpd[19936]: Buffering out-of-order packet; got 2 after 0 Jan 25 18:47:16 yoyodyne pppd[19937]: Peer is not authorized to use remote address 192.168.1.70 Jan 25 18:47:16 yoyodyne pppd[19937]: CCP terminated by peer Jan 25 18:47:16 yoyodyne pppd[19937]: Compression disabled by peer. Jan 25 18:47:16 yoyodyne pppd[19937]: Connection terminated. Jan 25 18:47:16 yoyodyne pppd[19937]: Connect time 0.0 minutes. Jan 25 18:47:16 yoyodyne pppd[19937]: Sent 334 bytes, received 346 bytes. Jan 25 18:47:16 yoyodyne pppd[19937]: Exit. Jan 25 18:47:16 yoyodyne pptpd[19936]: Error reading from pppd: Input/output error Jan 25 18:47:16 yoyodyne pptpd[19936]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4) Jan 25 18:47:16 yoyodyne pptpd[19936]: CTRL: Client 192.168.0.2 control connection finished Recently, I tried to have someone connect from a Windows ME machine, and something similar happens on the client side. They were able to connect/authenticate, but again, the connection is immediately disconnected. Here's the log for that: ... pptpd.log ... Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Client 216.67.54.235 control connection started Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Received PPTP Control Message (type: 1) Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Made a START CTRL CONN RPLY packet Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: I wrote 156 bytes to the client. Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Sent packet to client Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Received PPTP Control Message (type: 7) Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Made a OUT CALL RPLY packet Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Starting call (launching pppd, opening GRE) Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: pty_fd = 4 Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: tty_fd = 5 Jan 25 19:02:33 yoyodyne pptpd[19976]: CTRL (PPPD Launcher): Connection speed = 115200 Jan 25 19:02:33 yoyodyne pptpd[19976]: CTRL (PPPD Launcher): local address = 192.168.1.80 Jan 25 19:02:33 yoyodyne pptpd[19976]: CTRL (PPPD Launcher): remote address = 192.168.1.70 Jan 25 19:02:33 yoyodyne pppd[19976]: pppd 2.3.11 started by root, uid 0 Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: I wrote 32 bytes to the client. Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Sent packet to client Jan 25 19:02:33 yoyodyne pppd[19976]: Using interface ppp1 Jan 25 19:02:33 yoyodyne pppd[19976]: Connect: ppp1 <--> /dev/pts/1 Jan 25 19:03:03 yoyodyne pppd[19976]: LCP: timeout sending Config-Requests Jan 25 19:03:03 yoyodyne pppd[19976]: Connection terminated. Jan 25 19:03:03 yoyodyne pppd[19976]: Exit. Jan 25 19:03:03 yoyodyne pptpd[19975]: Error reading from pppd: Input/output error Jan 25 19:03:03 yoyodyne pptpd[19975]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4) Jan 25 19:03:03 yoyodyne pptpd[19975]: CTRL: Client 216.67.54.235 control connection finished Jan 25 19:03:03 yoyodyne pptpd[19975]: CTRL: Exiting now Jan 25 19:03:03 yoyodyne pptpd[19925]: MGR: Reaped child 19975 Here's a copy of my options.pptpd file: lock debug proxyarp auth +chap Here's chap-secrets: # Secrets for authentication using CHAP # client server secret IP addresses noauth guest * xxxxx * andy * xxxx * "anjoju" * "xxxxx" Here's my pptpd.conf: speed 115200 /etc/ppp/options.pptp debug localip 192.168.1.80-89 remoteip 192.168.1.70-79 Additionally, here's the /var/log/messages file from the client connection attempt from "inside" my massive 2 computer LAN: Jan 25 18:47:15 yoyodyne pptpd[19936]: CTRL: Client 192.168.0.2 control connection started Jan 25 18:47:15 yoyodyne pptpd[19936]: CTRL: Starting call (launching pppd, opening GRE) Jan 25 18:47:16 yoyodyne pppd[19937]: pppd 2.3.11 started by root, uid 0 Jan 25 18:47:16 yoyodyne kernel: registered device ppp1 Jan 25 18:47:16 yoyodyne pppd[19937]: Using interface ppp1 Jan 25 18:47:16 yoyodyne pppd[19937]: Connect: ppp1 <--> /dev/pts/1 Jan 25 18:47:16 yoyodyne pptpd[19936]: Buffering out-of-order packet; got 1 after 4294967295 Jan 25 18:47:16 yoyodyne pptpd[19936]: Packet reorder timeout waiting for 0 Jan 25 18:47:16 yoyodyne pptpd[19936]: Buffering out-of-order packet; got 2 after 0 Jan 25 18:47:16 yoyodyne kernel: PPP BSD Compression module registered Jan 25 18:47:16 yoyodyne kernel: PPP Deflate Compression module registered Jan 25 18:47:16 yoyodyne pppd[19937]: Peer is not authorized to use remote address 192.168.1.70 Jan 25 18:47:16 yoyodyne pppd[19937]: CCP terminated by peer Jan 25 18:47:16 yoyodyne pppd[19937]: Compression disabled by peer. Jan 25 18:47:16 yoyodyne pppd[19937]: Connection terminated. Jan 25 18:47:16 yoyodyne pppd[19937]: Connect time 0.0 minutes. Jan 25 18:47:16 yoyodyne pppd[19937]: Sent 334 bytes, received 346 bytes. Jan 25 18:47:16 yoyodyne pppd[19937]: Exit. Jan 25 18:47:16 yoyodyne pptpd[19936]: Error reading from pppd: Input/output error Jan 25 18:47:16 yoyodyne pptpd[19936]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4) Jan 25 18:47:16 yoyodyne pptpd[19936]: CTRL: Client 192.168.0.2 control connection finished Does anyone have any ideas on what to try? I'm working on this as a senior project, and need to get this "home" configuration running before I try to implement it on our campus' network. Thanks to those that have already given me suggestions... Andy Ennamorato NCO CLT Help Desk aennam at us.ibm.com http://w3.ibm.com/help _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From marc.charbonneau at prepar.com Thu Feb 1 15:24:01 2001 From: marc.charbonneau at prepar.com (Marc Charbonneau) Date: Thu, 1 Feb 2001 16:24:01 -0500 Subject: [pptp-server] Linux VPN client Message-ID: <005b01c08c95$4df520e0$6e00a8c0@prepar.lan> I really need some help here... I'm trying to connect a Linux box to my PoPToP-Linux server. Description : VPN server: - Red-Hat 6.2 with PoPToP 1.0.0. No encryption, nothing... - 2 NIC, one on LAN, other for ADSL internet access works fine. Clients connect without problem and use it to access our AS/400 server. N.B.: All clients are Windoze98 Now, I have one client that wants to use a Linux box to do the same thing. I downloaded the Linux client v.1.0.2 and followed the tiny instructions that came with it. I'm using a Linux box here to make some tests. I connect it to the net with a dial-up account. I tried accessing my PPTP server with it but every time I try, it just bomb with 3 messages. Here they are : >warn [open_unixsock:pptp_callmgr.c:308]: Call manager for "PPTP server's IP" is already running. >fatal [callmgr_main:pptp_callmgr.c:124]: Could not open unix socket for "PPTP server's IP" >fatal [launch_callmgr:pptp.c:213]: Call manager exited with error 256 my chap-secret file ------------------- # Secrets for authentication using CHAP # client server secret IP addresses marc squirmy XXXX I have pppd version 2.3.11 Can somebody help me as I'm going nuts with that. And the last thing I want to do is tell the client that he can't use Linux to do something that a Micros~1 OS can !!! From anesthes at cisdi.com Thu Feb 1 15:55:19 2001 From: anesthes at cisdi.com (Joey Coco) Date: Thu, 1 Feb 2001 16:55:19 -0500 (EST) Subject: [pptp-server] Anyone seen this one? In-Reply-To: <1DA605F7E2EAD411B7A9009027DDD2C359CA@PBJ-EXCHG> Message-ID: Feb 2 08:13:42 demo pppd[1625]: Couldn't set tty to PPP discipline: Invalid argument Feb 2 08:13:42 demo pptpd[1624]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY failed: status = -1 error = Input/output error Feb 2 08:13:42 demo pptpd[1624]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) demo:/var/log# ???? From Jeffy at myrealbox.com Fri Feb 2 05:24:36 2001 From: Jeffy at myrealbox.com (Jeff Forsyth) Date: Fri, 02 Feb 2001 11:24:36 GMT Subject: [pptp-server] PoPTop on a PowerPC Linux Box.....Unresolved symbols.... Message-ID: <981113076.259Jeffy@myrealbox.com> Ok....I followed all the FAQ's I could find...read all the documentation I could get my hands on. Examined the code. I am unable to find the source of this problem. I have determined that the common ssl patch for PPP is configured for i386. But this doesn't fix these problems. depmod: *** Unresolved symbols in /lib/modules/2.2.18/net/ppp_mppe.o depmod: __floatsidf depmod: __adddf3 This is a Carbon Mac "NewWorld" running Debian 2.2 Linux version 2.2.18......PPP version 2.3.11....Poptop version 1.01.....128 Mb.......Configured as a firewall. Any ideas would be helpful. Very bad juju to run without encryption.... From james at lrgmail.com Fri Feb 2 06:58:58 2001 From: james at lrgmail.com (James Orr) Date: Fri, 2 Feb 2001 07:58:58 -0500 (EST) Subject: [pptp-server] Samba on another machine? Message-ID: Hi, I installed PopTop and everything went fine. I can connect from my Windows Me machine at home, ping the private network, connect to a webserver on the private network fine. So far so good. The machine that runs PopTop also does IP Masq'ing for the private network, i'd like to keep that machine doing ONLY those two things, and have no business related files on that computer, however I also need to connect to samba shares running on a computer on the private network. I read that you can connect to samba shares running on the same computer as PopTop OK, but nothing about when samba is running on another computer. Is this possible? I don't particularly care about browsing the network, just connecting to the shares. On another note, what would be the easiest way to change the windows routing after connecting so that internet traffic does not go through the tunnel? Is there a way this could be done automatically after connecting? TIA, - James From Lillian.Kulhanek at energy.on.ca Fri Feb 2 15:01:53 2001 From: Lillian.Kulhanek at energy.on.ca (Lillian Kulhanek) Date: Fri, 2 Feb 2001 16:01:53 -0500 Subject: [pptp-server] GRE: Bad checksum from pppd Message-ID: <003201c08d5b$6099b3c0$2c02a8c0@Lillian.energy.on.ca> Hi all, So close and yet so far. PPTP on a Linux box, masqueraded behind a firewall. We could establish a connection with a client, but it disconnects almost immediately, looks like from the peer side. In our debugging efforts, we tried to isolate the problem by connecting from a Win98SE computer within the network directly to the vpn (modems/firewall bypassed). In this manner, we are able to login, with MSCHAP-v2 peer authentication, as you'll see in the logs, then the peer disconnects. From bojan at binarix.com Fri Feb 2 18:18:08 2001 From: bojan at binarix.com (Bojan Smojver) Date: Sat, 03 Feb 2001 11:18:08 +1100 Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 Message-ID: <3A7B4E40.2F484B@binarix.com> Now available from ftp://ftp.binarix.com/pub/ppp-mppe/. Enjoy, Bojan From ms at marcant.net Sat Feb 3 02:57:59 2001 From: ms at marcant.net (Matthias Suencksen) Date: Sat, 03 Feb 2001 08:57:59 +0000 Subject: [pptp-server] two problems: connection lost after 15 to 30 minutes / packet mix-up upon re-dialing Message-ID: <3A7BD627.13EBFE75@marcant.net> Hello! I've been playing around with pptp but run into Anybody has expierenced problems with sudden drops of the connection ? I've got an pptp 1.1.2 server(linux) which serves windows 98 dialup clients. also there is a checkpoint-1 firewall in front of the server which passes traffic to it. Things go mostly well but when the client does ftp uploads/downloads (and using their ISDN 8KB/s bandwidth to the max) the connections usually drop after 15 - 30 minutes .. .. this does not occur when doing low bandwidth stuff like telnet over the vpn connection ( the connections lasts for hours then ). So in the case where the ISDN line is filled up with traffic the following happens: Either the win98 computer says that the vpn adapter has hung up ( the dial-up connections is still active though) OR the pptp server says something like "can't read packet header" and quits the connection itself. Strace'ing the server in the latter case showed a ECONNRESET on the GRE socket ( unfortunatelay I forgot wheter it was during read or write ). In the former case where the win98 reported that the vpn has hung up the following happened what I suspect as a bug in the pptp server (which is second problem I want to report and which may be completly unrelated to the connection-dropping-stuff !) The pptp-child processes didn't notice that the windows 98 client already had declared the connection for dead. After using "reconnect" on the the windows client a new pptp child process was spawned but the original pptp process seemed to eat up the packets for the new connection. Consequently I wasn't able to do even do a "ping". This resulted in the following interesting log: Feb 3 08:39:11 server2 pptpd[7504]: CTRL: Sent packet to client Feb 3 08:40:27 server2 pptpd[7504]: CTRL: Received PPTP Control Message (type: 5) Feb 3 08:40:27 server2 pptpd[7504]: CTRL: Made a ECHO RPLY packet Feb 3 08:40:27 server2 pptpd[7504]: CTRL: I wrote 20 bytes to the client. Feb 3 08:40:27 server2 pptpd[7504]: CTRL: Sent packet to client Feb 3 08:41:59 server2 pptpd[7504]: CTRL: Received PPTP Control Message (type: 5) Feb 3 08:41:59 server2 pptpd[7504]: CTRL: Made a ECHO RPLY packet Feb 3 08:41:59 server2 pptpd[7504]: CTRL: I wrote 20 bytes to the client. Feb 3 08:41:59 server2 pptpd[7504]: CTRL: Sent packet to client At this point the pptp server does not any long receive type 5 control messages from the client. the windows computer popped up a message that the vpn adapter has been hung up. I then type "reconnect": Feb 3 08:44:10 server2 pptpd[7809]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Feb 3 08:44:10 server2 pptpd[7809]: CTRL: local address = 172.19.210.10 Feb 3 08:44:10 server2 pptpd[7809]: CTRL: remote address = 172.19.212.2 So process no 7809 is the new handler for the new connection. [..] Feb 3 08:44:10 server2 pppd[7810]: pppd 2.3.11 started by root, uid 0 Feb 3 08:44:10 server2 pppd[7810]: Using interface ppp1 Feb 3 08:44:10 server2 pppd[7810]: Connect: ppp1 <--> /dev/pts/6 Feb 3 08:44:10 server2 pppd[7810]: sent [LCP ConfReq id=0x1 ] Feb 3 08:44:10 server2 pppd[7810]: Timeout 0x8050444:0x80788a0 in 3 seconds. Now: Feb 3 08:44:10 server2 pptpd[7504]: Discarding out-of-order packet 1, already have 24692 It is strange that the "old" pptpd process no. 7504 wants to handle the packets for the new connection whild should be handled by no.7809 (see above) - of course "packet 1" is out of sync with its own sequence number of 24692 ..! Their seems to be contention for incoming packets: Feb 3 08:44:10 server2 pptpd[7504]: Discarding out-of-order packet 1, already have 24692 Feb 3 08:44:10 server2 pptpd[7809]: Buffering out-of-order packet; got 1 after 4294967295 Feb 3 08:44:13 server2 pppd[7810]: sent [LCP ConfReq id=0x1 ] Feb 3 08:44:13 server2 pppd[7810]: Timeout 0x8050444:0x80788a0 in 3 seconds. Feb 3 08:44:13 server2 pptpd[7504]: Discarding out-of-order packet 2, already have 24692 Feb 3 08:44:13 server2 pptpd[7809]: Packet reorder timeout waiting for 0 .. any ideas appreciated ..! my pppd setup is: auth require-chap # proxyarp +chapms-v2 mppe-40 mppe-128 mppe-stateless # be strict require-mppe require-mppe-stateless # workaround silly Windows clients which send NT-domain prefix chapms-strip-domain -- Matthias From santtu.hyrkko at hut.fi Sat Feb 3 18:03:11 2001 From: santtu.hyrkko at hut.fi (Santtu =?iso-8859-1?q?Hyrkk=F6?=) Date: 04 Feb 2001 02:03:11 +0200 Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 In-Reply-To: <3A7B4E40.2F484B@binarix.com> References: <3A7B4E40.2F484B@binarix.com> Message-ID: <87n1c3e2m8.fsf@ab62d3hel.dial.kolumbus.fi> Bojan Smojver writes: > Now available from ftp://ftp.binarix.com/pub/ppp-mppe/. This indeed fixes the "Protocol reject" with random protocol number -problem I was experiencing with the old (kernel 2.2.x) version. But now ping over pptp-link gives following errors: pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 59 40 00 ff 01 fa 3e 0a 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c 3a a3 ... pppd[11753]: sent [LCP ProtRej id=0x14 21 45 00 00 54 55 59 40 00 ff 01 fa 3e 0a 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c ...] pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 5c 40 00 ff 01 fa 3b 0a 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c 3a 2c ... pppd[11753]: sent [LCP ProtRej id=0x15 21 45 00 00 54 55 5c 40 00 ff 01 fa 3b 0a 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c ...] Any idea what's going on? -- Santtu Hyrkk? From GeorgeV at citadelcomputer.com.au Sat Feb 3 18:51:47 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sun, 4 Feb 2001 11:51:47 +1100 Subject: [pptp-server] Samba on another machine? Message-ID: <200FAA488DE0D41194F10010B597610D080C51@JUPITER> Yes you can, you must remember these things. 1: Have "proxyarp" in your options file so the internal network knows how to get back to you because the PPTPD server will respond to your PPTP IP requests.. 2: You must map via either \\IP\share or \\NAME\share depending you have WINS or hosts file entered into your machine. Test first that you can actually ping the samba machine, if that works OK then try doing a "net view \\IP". If this returns a list of shares then your IN!. thanks, George Vieira -----Original Message----- From: James Orr [mailto:james at lrgmail.com] Sent: Friday, February 02, 2001 11:59 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Samba on another machine? Hi, I installed PopTop and everything went fine. I can connect from my Windows Me machine at home, ping the private network, connect to a webserver on the private network fine. So far so good. The machine that runs PopTop also does IP Masq'ing for the private network, i'd like to keep that machine doing ONLY those two things, and have no business related files on that computer, however I also need to connect to samba shares running on a computer on the private network. I read that you can connect to samba shares running on the same computer as PopTop OK, but nothing about when samba is running on another computer. Is this possible? I don't particularly care about browsing the network, just connecting to the shares. On another note, what would be the easiest way to change the windows routing after connecting so that internet traffic does not go through the tunnel? Is there a way this could be done automatically after connecting? TIA, - James _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From anesthes at cisdi.com Sat Feb 3 19:32:37 2001 From: anesthes at cisdi.com (Joey Coco) Date: Sat, 3 Feb 2001 20:32:37 -0500 (EST) Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 In-Reply-To: <87n1c3e2m8.fsf@ab62d3hel.dial.kolumbus.fi> Message-ID: Hello, I'm not even getting that far. I've moved to 2.4, with 2.4.0 PPPD and the below MPPE patch however, I'm getting the following pppd error: Feb 4 11:50:01 demo pppd[1102]: Couldn't set tty to PPP discipline: Invalid argument Feb 4 11:50:01 demo pptpd[1099]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY failed: status = -1 error = Input/output error Feb 4 11:50:01 demo pptpd[1099]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) I did setup the /dev/ppp device: crw------- 1 root root 108, 0 Jan 30 08:54 /dev/ppp And the following modules are loaded: bsd_comp 4176 0 (unused) ppp_deflate 40928 0 (unused) ppp_generic 12672 0 [bsd_comp ppp_deflate] Any ideas anyone?? I've read the README.linux file with pppd 2.4.0 and it doesnt mention anything else..? Thanks -- Joe On 4 Feb 2001, Santtu [iso-8859-1] Hyrkk? wrote: > Bojan Smojver writes: > > > Now available from ftp://ftp.binarix.com/pub/ppp-mppe/. > > This indeed fixes the "Protocol reject" with random protocol number > -problem I was experiencing with the old (kernel 2.2.x) version. > But now ping over pptp-link gives following errors: > > pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 59 40 00 ff 01 fa 3e 0a > 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c 3a a3 ... > pppd[11753]: sent [LCP ProtRej id=0x14 21 45 00 00 54 55 59 40 00 ff > 01 fa 3e 0a 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c ...] > pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 5c 40 00 ff 01 fa 3b 0a > 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c 3a 2c ... > pppd[11753]: sent [LCP ProtRej id=0x15 21 45 00 00 54 55 5c 40 00 ff > 01 fa 3b 0a 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c ...] > > Any idea what's going on? > > -- > Santtu Hyrkk? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ / "I'd like to think that everything is beautiful, and I'd like to think / \ that everything is fair. I'd like to think that everything is plentiful,\ / and i'd like to think that every body cares. We'd like to thank you.." / \ \ / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n / \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n c. From lhfrjgtn at peterlink.ru Sat Feb 3 22:14:52 2001 From: lhfrjgtn at peterlink.ru (Andrey Glazunov) Date: Sun, 4 Feb 2001 07:14:52 +0300 Subject: [pptp-server] PPTP server to LRP ? Message-ID: <000801c08e61$06dd9250$ec13f2c3@drakanworkst> Hi All ! i have a problem trying to 'move' pptp server to LRP machine... i have setup from .rpm at RedHat 7.0 and want to 'move' it to LRP with 2.0.36 or 2.2.16 (same as RH70) kernel... so i copy /etc/pptpd.conf /etc/init.d/pptpd /usr/sbin/pptpdctrl /usr/sbin/pptpd only do not found chckconfig at /sbin in my LRP installation... when i try to start pptp (or pptpctrl) daemon there is error 'Segmentation fault' at both 2.0.36 and 2.2.16 LRP kernels... are there any ideas how to fix it ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From BrokH at aol.com Sat Feb 3 22:58:59 2001 From: BrokH at aol.com (BrokH at aol.com) Date: Sat, 3 Feb 2001 23:58:59 EST Subject: [pptp-server] PPTPD with Kernel 2.4.0 Message-ID: I am running a firewall on my internal masq'ed network. The firewall provides the gateway to the internet. I have been trying to setup the pptpd server so that I can have access to the internal network. I am using kernel 2.4.0 with pppd 2.3.10 and pptpd 1.0.1. Has anyone had any success with pptpd and kernel 2.4.0 and how exactly did they get it to work? Frusterated Linux Network Administrator From djm at wiz.net.au Sun Feb 4 02:18:08 2001 From: djm at wiz.net.au (David Moylan) Date: Sun, 4 Feb 2001 19:18:08 +1100 Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 References: Message-ID: <001701c08e83$04d0b2e0$1464a8c0@dmoylan> where's the ppp_mppe module?? it's not listed have you done a "insmod ppp_mppe" or "modprobe ppp_mppe" it should show up in "lsmod" as an active module. cheers, Wiz!! ----- Original Message ----- From: "Joey Coco" To: "Santtu Hyrkk?" Cc: Sent: Sunday, February 04, 2001 12:32 PM Subject: Re: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 > > Hello, > > I'm not even getting that far. I've moved to 2.4, with 2.4.0 PPPD and the > below MPPE patch however, I'm getting the following pppd error: > > Feb 4 11:50:01 demo pppd[1102]: Couldn't set tty to PPP > discipline: Invalid argument > Feb 4 11:50:01 demo > pptpd[1099]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY > failed: status = -1 error = Input/output error > Feb 4 11:50:01 demo pptpd[1099]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > > > I did setup the /dev/ppp device: > > crw------- 1 root root 108, 0 Jan 30 08:54 /dev/ppp > > And the following modules are loaded: > > bsd_comp 4176 0 (unused) > ppp_deflate 40928 0 (unused) > ppp_generic 12672 0 [bsd_comp ppp_deflate] > > Any ideas anyone?? I've read the README.linux file with pppd 2.4.0 and > it doesnt mention anything else..? > > Thanks > > -- Joe > > > On 4 Feb 2001, Santtu [iso-8859-1] Hyrkk? wrote: > > > Bojan Smojver writes: > > > > > Now available from ftp://ftp.binarix.com/pub/ppp-mppe/. > > > > This indeed fixes the "Protocol reject" with random protocol number > > -problem I was experiencing with the old (kernel 2.2.x) version. > > But now ping over pptp-link gives following errors: > > > > pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 59 40 00 ff 01 fa 3e 0a > > 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c 3a a3 ... > > pppd[11753]: sent [LCP ProtRej id=0x14 21 45 00 00 54 55 59 40 00 ff > > 01 fa 3e 0a 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c ...] > > pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 5c 40 00 ff 01 fa 3b 0a > > 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c 3a 2c ... > > pppd[11753]: sent [LCP ProtRej id=0x15 21 45 00 00 54 55 5c 40 00 ff > > 01 fa 3b 0a 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c ...] > > > > Any idea what's going on? > > > > -- > > Santtu Hyrkk? > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ > / "I'd like to think that everything is beautiful, and I'd like to think / > \ that everything is fair. I'd like to think that everything is plentiful,\ > / and i'd like to think that every body cares. We'd like to thank you.." / > \ \ > / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n / > \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ > C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n c. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From anesthes at cisdi.com Sun Feb 4 06:37:49 2001 From: anesthes at cisdi.com (Joey Coco) Date: Sun, 4 Feb 2001 07:37:49 -0500 (EST) Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 In-Reply-To: <001701c08e83$04d0b2e0$1464a8c0@dmoylan> Message-ID: Hi, Oddly enough, there is none. The patch did not fail, however the patch also comments out the makefile option for "make kernel" which I found kind of strange. How did you get a ppp_mppe module? modprobe ppp_mppe modprobe: Can't locate module ppp_mppe Thanks! -- Joe On Sun, 4 Feb 2001, David Moylan wrote: > where's the ppp_mppe module?? it's not listed > > have you done a "insmod ppp_mppe" or "modprobe ppp_mppe" > it should show up in "lsmod" as an active module. > > cheers, Wiz!! > > ----- Original Message ----- > From: "Joey Coco" > To: "Santtu Hyrkk?" > Cc: > Sent: Sunday, February 04, 2001 12:32 PM > Subject: Re: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 > > > > > > Hello, > > > > I'm not even getting that far. I've moved to 2.4, with 2.4.0 PPPD and the > > below MPPE patch however, I'm getting the following pppd error: > > > > Feb 4 11:50:01 demo pppd[1102]: Couldn't set tty to PPP > > discipline: Invalid argument > > Feb 4 11:50:01 demo > > pptpd[1099]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY > > failed: status = -1 error = Input/output error > > Feb 4 11:50:01 demo pptpd[1099]: CTRL: PTY read or GRE write failed > > (pty,gre)=(4,5) > > > > > > I did setup the /dev/ppp device: > > > > crw------- 1 root root 108, 0 Jan 30 08:54 /dev/ppp > > > > And the following modules are loaded: > > > > bsd_comp 4176 0 (unused) > > ppp_deflate 40928 0 (unused) > > ppp_generic 12672 0 [bsd_comp ppp_deflate] > > > > Any ideas anyone?? I've read the README.linux file with pppd 2.4.0 and > > it doesnt mention anything else..? > > > > Thanks > > > > -- Joe > > > > > > On 4 Feb 2001, Santtu [iso-8859-1] Hyrkk? wrote: > > > > > Bojan Smojver writes: > > > > > > > Now available from ftp://ftp.binarix.com/pub/ppp-mppe/. > > > > > > This indeed fixes the "Protocol reject" with random protocol number > > > -problem I was experiencing with the old (kernel 2.2.x) version. > > > But now ping over pptp-link gives following errors: > > > > > > pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 59 40 00 ff 01 fa 3e 0a > > > 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c 3a a3 ... > > > pppd[11753]: sent [LCP ProtRej id=0x14 21 45 00 00 54 55 59 40 00 ff > > > 01 fa 3e 0a 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c ...] > > > pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 5c 40 00 ff 01 fa 3b 0a > > > 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c 3a 2c ... > > > pppd[11753]: sent [LCP ProtRej id=0x15 21 45 00 00 54 55 5c 40 00 ff > > > 01 fa 3b 0a 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c ...] > > > > > > Any idea what's going on? > > > > > > -- > > > Santtu Hyrkk? > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ > > / "I'd like to think that everything is beautiful, and I'd like to think > / > > \ that everything is fair. I'd like to think that everything is > plentiful,\ > > / and i'd like to think that every body cares. We'd like to thank you.." > / > > \ > \ > > / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n > / > > \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ > > C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n > c. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ / "I'd like to think that everything is beautiful, and I'd like to think / \ that everything is fair. I'd like to think that everything is plentiful,\ / and i'd like to think that every body cares. We'd like to thank you.." / \ \ / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n / \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n c. From djm at wiz.net.au Sun Feb 4 08:35:53 2001 From: djm at wiz.net.au (David Moylan) Date: Mon, 5 Feb 2001 01:35:53 +1100 Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 References: Message-ID: <010c01c08eb7$c6ecc920$1464a8c0@dmoylan> someone correct me if i am wrong, but the ppp_mppe module is created when you do a: make modules ; make modules_install after re-compiling the kernel. this isn't based on 2.4.x experience however - it's on the previous 2.2.x which i've been running cheers, Wiz!! ----- Original Message ----- From: "Joey Coco" To: "David Moylan" Cc: "VPN MailList" Sent: Sunday, February 04, 2001 11:37 PM Subject: Re: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 > > Hi, > > Oddly enough, there is none. The patch did not fail, however the patch > also comments out the makefile option for "make kernel" which I found kind > of strange. How did you get a ppp_mppe module? > > modprobe ppp_mppe > modprobe: Can't locate module ppp_mppe > > Thanks! > > -- Joe > > > On Sun, 4 Feb 2001, David Moylan wrote: > > > where's the ppp_mppe module?? it's not listed > > > > have you done a "insmod ppp_mppe" or "modprobe ppp_mppe" > > it should show up in "lsmod" as an active module. > > > > cheers, Wiz!! > > > > ----- Original Message ----- > > From: "Joey Coco" > > To: "Santtu Hyrkk?" > > Cc: > > Sent: Sunday, February 04, 2001 12:32 PM > > Subject: Re: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 > > > > > > > > > > Hello, > > > > > > I'm not even getting that far. I've moved to 2.4, with 2.4.0 PPPD and the > > > below MPPE patch however, I'm getting the following pppd error: > > > > > > Feb 4 11:50:01 demo pppd[1102]: Couldn't set tty to PPP > > > discipline: Invalid argument > > > Feb 4 11:50:01 demo > > > pptpd[1099]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY > > > failed: status = -1 error = Input/output error > > > Feb 4 11:50:01 demo pptpd[1099]: CTRL: PTY read or GRE write failed > > > (pty,gre)=(4,5) > > > > > > > > > I did setup the /dev/ppp device: > > > > > > crw------- 1 root root 108, 0 Jan 30 08:54 /dev/ppp > > > > > > And the following modules are loaded: > > > > > > bsd_comp 4176 0 (unused) > > > ppp_deflate 40928 0 (unused) > > > ppp_generic 12672 0 [bsd_comp ppp_deflate] > > > > > > Any ideas anyone?? I've read the README.linux file with pppd 2.4.0 and > > > it doesnt mention anything else..? > > > > > > Thanks > > > > > > -- Joe > > > > > > > > > On 4 Feb 2001, Santtu [iso-8859-1] Hyrkk? wrote: > > > > > > > Bojan Smojver writes: > > > > > > > > > Now available from ftp://ftp.binarix.com/pub/ppp-mppe/. > > > > > > > > This indeed fixes the "Protocol reject" with random protocol number > > > > -problem I was experiencing with the old (kernel 2.2.x) version. > > > > But now ping over pptp-link gives following errors: > > > > > > > > pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 59 40 00 ff 01 fa 3e 0a > > > > 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c 3a a3 ... > > > > pppd[11753]: sent [LCP ProtRej id=0x14 21 45 00 00 54 55 59 40 00 ff > > > > 01 fa 3e 0a 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c ...] > > > > pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 5c 40 00 ff 01 fa 3b 0a > > > > 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c 3a 2c ... > > > > pppd[11753]: sent [LCP ProtRej id=0x15 21 45 00 00 54 55 5c 40 00 ff > > > > 01 fa 3b 0a 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c ...] > > > > > > > > Any idea what's going on? > > > > > > > > -- > > > > Santtu Hyrkk? > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > > > > > > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ > > > / "I'd like to think that everything is beautiful, and I'd like to think > > / > > > \ that everything is fair. I'd like to think that everything is > > plentiful,\ > > > / and i'd like to think that every body cares. We'd like to thank you.." > > / > > > \ > > \ > > > / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n > > / > > > \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ > > > C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n > > c. > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ > / "I'd like to think that everything is beautiful, and I'd like to think / > \ that everything is fair. I'd like to think that everything is plentiful,\ > / and i'd like to think that every body cares. We'd like to thank you.." / > \ \ > / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n / > \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ > C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n c. > From anesthes at cisdi.com Sun Feb 4 07:09:48 2001 From: anesthes at cisdi.com (Joey Coco) Date: Sun, 4 Feb 2001 08:09:48 -0500 (EST) Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 In-Reply-To: <010c01c08eb7$c6ecc920$1464a8c0@dmoylan> Message-ID: Hi, This is true but the MPPE patch for 2.4.0 PPPD doesn't create kernel patches, like it did for 2.3.11. So there is no ppp_mppe module to be found anywhere. Infact, it comments out the "kernel: " option on the pppd 2.4.0 Makefile. so you could never do a make kernel. Besides that, I'm not even getting as far as MPPE yet anyhow, I can't even get PPPD to start the initial GRE tunnel. I'm getting that error: Feb 4 13:49:27 demo pppd[2055]: Couldn't set tty to PPP discipline: Invalid argument Which I cannot find any documentation for. -- Joe On Mon, 5 Feb 2001, David Moylan wrote: > someone correct me if i am wrong, but the ppp_mppe module > is created when you do a: > > make modules ; make modules_install > > after re-compiling the kernel. > > this isn't based on 2.4.x experience however - it's on the > previous 2.2.x which i've been running > > cheers, Wiz!! > > ----- Original Message ----- > From: "Joey Coco" > To: "David Moylan" > Cc: "VPN MailList" > Sent: Sunday, February 04, 2001 11:37 PM > Subject: Re: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 > > > > > > Hi, > > > > Oddly enough, there is none. The patch did not fail, however the patch > > also comments out the makefile option for "make kernel" which I found kind > > of strange. How did you get a ppp_mppe module? > > > > modprobe ppp_mppe > > modprobe: Can't locate module ppp_mppe > > > > Thanks! > > > > -- Joe > > > > > > On Sun, 4 Feb 2001, David Moylan wrote: > > > > > where's the ppp_mppe module?? it's not listed > > > > > > have you done a "insmod ppp_mppe" or "modprobe ppp_mppe" > > > it should show up in "lsmod" as an active module. > > > > > > cheers, Wiz!! > > > > > > ----- Original Message ----- > > > From: "Joey Coco" > > > To: "Santtu Hyrkk?" > > > Cc: > > > Sent: Sunday, February 04, 2001 12:32 PM > > > Subject: Re: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 > > > > > > > > > > > > > > Hello, > > > > > > > > I'm not even getting that far. I've moved to 2.4, with 2.4.0 PPPD and > the > > > > below MPPE patch however, I'm getting the following pppd error: > > > > > > > > Feb 4 11:50:01 demo pppd[1102]: Couldn't set tty to PPP > > > > discipline: Invalid argument > > > > Feb 4 11:50:01 demo > > > > pptpd[1099]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY > > > > failed: status = -1 error = Input/output error > > > > Feb 4 11:50:01 demo pptpd[1099]: CTRL: PTY read or GRE write failed > > > > (pty,gre)=(4,5) > > > > > > > > > > > > I did setup the /dev/ppp device: > > > > > > > > crw------- 1 root root 108, 0 Jan 30 08:54 /dev/ppp > > > > > > > > And the following modules are loaded: > > > > > > > > bsd_comp 4176 0 (unused) > > > > ppp_deflate 40928 0 (unused) > > > > ppp_generic 12672 0 [bsd_comp ppp_deflate] > > > > > > > > Any ideas anyone?? I've read the README.linux file with pppd 2.4.0 and > > > > it doesnt mention anything else..? > > > > > > > > Thanks > > > > > > > > -- Joe > > > > > > > > > > > > On 4 Feb 2001, Santtu [iso-8859-1] Hyrkk? wrote: > > > > > > > > > Bojan Smojver writes: > > > > > > > > > > > Now available from ftp://ftp.binarix.com/pub/ppp-mppe/. > > > > > > > > > > This indeed fixes the "Protocol reject" with random protocol number > > > > > -problem I was experiencing with the old (kernel 2.2.x) version. > > > > > But now ping over pptp-link gives following errors: > > > > > > > > > > pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 59 40 00 ff 01 fa 3e 0a > > > > > 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c 3a a3 ... > > > > > pppd[11753]: sent [LCP ProtRej id=0x14 21 45 00 00 54 55 59 40 00 ff > > > > > 01 fa 3e 0a 00 0c 01 0a 00 0c 10 00 00 a4 24 fa 2d 00 00 53 9b 7c > ...] > > > > > pppd[11753]: rcvd [proto=0x2145] 00 00 54 55 5c 40 00 ff 01 fa 3b 0a > > > > > 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c 3a 2c ... > > > > > pppd[11753]: sent [LCP ProtRej id=0x15 21 45 00 00 54 55 5c 40 00 ff > > > > > 01 fa 3b 0a 00 0c 01 0a 00 0c 10 00 00 19 26 fa 2d 01 00 54 9b 7c > ...] > > > > > > > > > > Any idea what's going on? > > > > > > > > > > -- > > > > > Santtu Hyrkk? > > > > > > > > > > _______________________________________________ > > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > > > > > > > > > > > > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ > > > > / "I'd like to think that everything is beautiful, and I'd like to > think > > > / > > > > \ that everything is fair. I'd like to think that everything is > > > plentiful,\ > > > > / and i'd like to think that every body cares. We'd like to thank > you.." > > > / > > > > \ > > > \ > > > > / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n > > > / > > > > > \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ > > > > C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, > I n > > > c. > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ > > / "I'd like to think that everything is beautiful, and I'd like to think > / > > \ that everything is fair. I'd like to think that everything is > plentiful,\ > > / and i'd like to think that every body cares. We'd like to thank you.." > / > > \ > \ > > / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n > / > > \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ > > C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n > c. > > > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ / "I'd like to think that everything is beautiful, and I'd like to think / \ that everything is fair. I'd like to think that everything is plentiful,\ / and i'd like to think that every body cares. We'd like to thank you.." / \ \ / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n / \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n c. From Steve at SteveCowles.com Sun Feb 4 09:21:12 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sun, 4 Feb 2001 09:21:12 -0600 Subject: [pptp-server] PPTP server to LRP ? Message-ID: <90769AF04F76D41186C700A0C90AFC3EE63F@defiant.infohiiway.com> > -----Original Message----- > From: Andrey Glazunov [mailto:lhfrjgtn at peterlink.ru] > Sent: Saturday, February 03, 2001 10:15 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] PPTP server to LRP ? > > Hi All ! > i have a problem trying to 'move' pptp server to LRP machine... > i have setup from .rpm at RedHat 7.0 and want to 'move' it to > LRP with 2.0.36 or 2.2.16 (same as RH70) kernel... so i copy > > /etc/pptpd.conf > /etc/init.d/pptpd > /usr/sbin/pptpdctrl > /usr/sbin/pptpd > only do not found chckconfig at /sbin in my LRP installation... > when i try to start pptp (or pptpctrl) daemon there is error > 'Segmentation fault' at both 2.0.36 and 2.2.16 LRP kernels... > are there any ideas how to fix it ? LRP is based on the Debian release, which is compiled against a different set of libraries than Redhat 6 or 7 releases. With that in mind, you cannot simply copy the PopTop binaries (pptpd and pptpctrl) from one distribution to another with a segmentation fault occurring. To fix... download and install a debian release (like 2.1) and then compile Poptop against the debian libraries. Steve Cowles From santtu.hyrkko at hut.fi Sun Feb 4 13:38:47 2001 From: santtu.hyrkko at hut.fi (Santtu =?iso-8859-1?q?Hyrkk=F6?=) Date: 04 Feb 2001 21:38:47 +0200 Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 In-Reply-To: References: Message-ID: <87k876ck6w.fsf@ab62d3hel.dial.kolumbus.fi> Joey Coco writes: > This is true but the MPPE patch for 2.4.0 PPPD doesn't create kernel > patches, like it did for 2.3.11. So there is no ppp_mppe module to be > found anywhere. You must patch your kernel source with this: ftp://ftp.binarix.com/pub/ppp-mppe/linux-2.4.0-openssl-0.9.6-mppe.patch.gz > Besides that, I'm not even getting as far as MPPE yet anyhow, I can't even > get PPPD to start the initial GRE tunnel. I'm getting that error: > > Feb 4 13:49:27 demo pppd[2055]: Couldn't set tty to PPP > discipline: Invalid argument Have you configured UNIX98 PTY support in your kernel? -- Santtu Hyrkk? From anesthes at cisdi.com Sun Feb 4 19:29:53 2001 From: anesthes at cisdi.com (Joey Coco) Date: Sun, 4 Feb 2001 20:29:53 -0500 (EST) Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 In-Reply-To: <87k876ck6w.fsf@ab62d3hel.dial.kolumbus.fi> Message-ID: Hello, On 4 Feb 2001, Santtu [iso-8859-1] Hyrkk? wrote: > Joey Coco writes: > > > This is true but the MPPE patch for 2.4.0 PPPD doesn't create kernel > > patches, like it did for 2.3.11. So there is no ppp_mppe module to be > > found anywhere. > > You must patch your kernel source with this: Kernel source?? That won't patch the kernel, but it patches pppd just fine..?? - Joe > > ftp://ftp.binarix.com/pub/ppp-mppe/linux-2.4.0-openssl-0.9.6-mppe.patch.gz > > > Besides that, I'm not even getting as far as MPPE yet anyhow, I can't even > > get PPPD to start the initial GRE tunnel. I'm getting that error: > > > > Feb 4 13:49:27 demo pppd[2055]: Couldn't set tty to PPP > > discipline: Invalid argument > > Have you configured UNIX98 PTY support in your kernel? > > -- > Santtu Hyrkk? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ / "I'd like to think that everything is beautiful, and I'd like to think / \ that everything is fair. I'd like to think that everything is plentiful,\ / and i'd like to think that every body cares. We'd like to thank you.." / \ \ / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n / \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n c. From vgill at technologist.com Mon Feb 5 00:01:40 2001 From: vgill at technologist.com (Gill, Vern) Date: Sun, 4 Feb 2001 22:01:40 -0800 Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C3A@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> This IS the kernel patch file. The ppp-2.4.0-openssl-0.9.6-mppe.patch.gz is the PPP patch file... You need both for it to work... See ftp://ftp.binarix.com/pub/ppp-mppe/README.ASC for more info. BTW, the following instructions are not correct; It should be easy to apply: assuming you keep your linux source in /usr/src/linux, just cd to /usr/src and do zcat linux-2.4.0-openssl-0.9.6-mppe.patch.gz | patch -p1 This should be done in /usr/src/linux ^^^^^ Enjoy -----Original Message----- From: Joey Coco [mailto:anesthes at cisdi.com] Sent: Sunday, February 04, 2001 5:30 PM To: Santtu Hyrkk? Cc: VPN MailList Subject: Re: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 Hello, On 4 Feb 2001, Santtu [iso-8859-1] Hyrkk wrote: > Joey Coco writes: > > > This is true but the MPPE patch for 2.4.0 PPPD doesn't create kernel > > patches, like it did for 2.3.11. So there is no ppp_mppe module to be > > found anywhere. > > You must patch your kernel source with this: Kernel source?? That won't patch the kernel, but it patches pppd just fine..?? - Joe > > ftp://ftp.binarix.com/pub/ppp-mppe/linux-2.4.0-openssl-0.9.6-mppe.patch .gz > > > Besides that, I'm not even getting as far as MPPE yet anyhow, I can't even > > get PPPD to start the initial GRE tunnel. I'm getting that error: > > > > Feb 4 13:49:27 demo pppd[2055]: Couldn't set tty to PPP > > discipline: Invalid argument > > Have you configured UNIX98 PTY support in your kernel? > > -- > Santtu Hyrkk From daniel.craig at cognix.co.nz Mon Feb 5 02:26:56 2001 From: daniel.craig at cognix.co.nz (Daniel Craig) Date: Mon, 5 Feb 2001 20:26:56 +1200 Subject: [pptp-server] Getting MPPE to work with kernel 2.2.18 and Redhat Message-ID: Hey everyone I had PPPD and poptop 1.1.2 working just fine. Now when I try to follow the instructions in the http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt to get MPPE going(4.0 PPP with MSCHAPv2/MPPE Installation) I can't get it to work. I get errors in the make after I patch ppp-2.3.11.tar.gz with ppp-2.3.11-openssl-0.9.5-mppe.patch.gz and ppp_mppe_compressed_data_fix.diff When I do a make on ppp I get the following: extra_crypto.c: In function `DesEncrypt': extra_crypto.c:141: warning: implicit declaration of function `setkey' extra_crypto.c:144: warning: implicit declaration of function `encrypt' chap_ms.c: In function `ChapMS_v2_Auth': chap_ms.c:328: warning: implicit declaration of function `stpcpy' chap_ms.c:328: warning: assignment makes pointer from integer without a cast then when I make the kernel modules it doesn't create the mppe module Any clues anybody? From daniel.craig at cognix.co.nz Mon Feb 5 02:33:39 2001 From: daniel.craig at cognix.co.nz (Daniel Craig) Date: Mon, 5 Feb 2001 20:33:39 +1200 Subject: [pptp-server] Getting MPPE to work with kernel 2.2.18 and Redhat Message-ID: these are the errors I got when i did a 'make modules SUBDIRS=drivers/net' in /usr/src/linux include/linux/modversions.h -DEXPORT_SYMTAB -c ppp.c ppp.c:188: warning: static declaration for `ppp_register_compressor_Rsmp_9682e733' follows non-static ppp.c:189: warning: static declaration for `ppp_unregister_compressor_Rsmp_a1b928df' follows non-static ppp.c: In function `ppp_async_init': ppp.c:443: structure has no member named `tty_pushing' ppp.c: In function `ppp_tty_open': ppp.c:502: `PPP_MAGIC' undeclared (first use in this function) ppp.c:502: (Each undeclared identifier is reported only once ppp.c:502: for each function it appears in.) ppp.c: In function `ppp_tty_close': ppp.c:547: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_read': ppp.c:595: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_write': ppp.c:684: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_ioctl': ppp.c:744: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_poll': ppp.c:947: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_wakeup': ppp.c:976: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_sync_send': ppp.c:1000: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_sync_push': ppp.c:1054: `PPP_MAGIC' undeclared (first use in this function) ppp.c:1062: structure has no member named `tty_pushing' ppp.c:1065: structure has no member named `woke_up' ppp.c:1069: structure has no member named `tty_pushing' ppp.c:1076: structure has no member named `woke_up' ppp.c:1092: structure has no member named `woke_up' ppp.c:1099: structure has no member named `tty_pushing' ppp.c:1109: structure has no member named `tty_pushing' ppp.c: In function `ppp_async_send': ppp.c:1124: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_push': ppp.c:1149: `PPP_MAGIC' undeclared (first use in this function) ppp.c:1150: structure has no member named `tty_pushing' ppp.c:1151: structure has no member named `woke_up' ppp.c:1157: structure has no member named `tty_pushing' ppp.c:1159: structure has no member named `woke_up' ppp.c:1170: structure has no member named `tty_pushing' ppp.c:1172: structure has no member named `woke_up' ppp.c:1180: structure has no member named `tty_pushing' ppp.c:1185: structure has no member named `tty_pushing' ppp.c:1195: structure has no member named `tty_pushing' ppp.c: In function `ppp_async_encode': ppp.c:1214: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_flush_output': ppp.c:1320: structure has no member named `tty_pushing' ppp.c:1329: structure has no member named `tty_pushing' ppp.c: In function `ppp_tty_receive': ppp.c:1358: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_dev_close': ppp.c:1733: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_dev_ioctl': ppp.c:1767: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_ioctl': ppp.c:1815: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_receive_error': ppp.c:2413: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ip': ppp.c:2444: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ipv6': ppp.c:2457: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ipx': ppp.c:2470: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_at': ppp.c:2483: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_vjc_comp': ppp.c:2498: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_vjc_uncomp': ppp.c:2523: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ccp': ppp.c:2538: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_unknown': ppp.c:2549: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_send_frame': ppp.c:2596: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_output_wakeup': ppp.c:2772: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_send_ctrl': ppp.c:2788: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_alloc': ppp.c:3048: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_release': ppp.c:3139: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `cleanup_module': ppp.c:3345: `PPP_MAGIC' undeclared (first use in this function) make[1]: *** [ppp.o] Error 1 make[1]: Leaving directory `/usr/src/linux/drivers/net' make: *** [_mod_drivers/net] Error 2 Cheers Dan From vgill at technologist.com Mon Feb 5 01:37:49 2001 From: vgill at technologist.com (Gill, Vern) Date: Sun, 4 Feb 2001 23:37:49 -0800 Subject: [pptp-server] ppp-2.4.0 combined patch Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C3B@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> I have created a patch file for ppp-2.4.0. This patch file incorporates all of the following functionality; MPPE for PPP require-mppe for ppp stripmsdomain for ppp use smbpasswd file for ppp chap authentication This patch applies cleanly against a fresh ppp-2.4.0 source tree To build ppp with this patch, you need libsmbpw To apply, do the following; If your ppp source is /usr/src/ppp-2.4.0, cd /usr/src, patch -p1 < /location/of/file/filename.diff > /some/dir/patch.log I did NOT write ANY of this stuff... I only made the individual patches work for me, then diffed a clean tree against my completely patched tree. PLEASE do NOT ask me about the patches. I am only submitting this for people who want/need all of these features... BTW, this works on kernel-2.2.16 just as well as 2.4.x To get all of the functionality out of this patch, you need the following; /etc/ppp/options.pptpd +chap +chapms +chapms-v2 chapms-strip-domain ## makes DOMAIN\user come thru as user mppe-40 mppe-128 mppe-stateless require-chap require-mppe require-mppe-stateless /etc/modules.conf alias ppp-compress-18 ppp_mppe /etc/modules.conf alias char-major-108 ppp_generic alias /dev/ppp ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate then do; mknod /dev/ppp c 108 0 chmod 600 /dev/ppp As always, your mileage may vary. Enjoy From matthias.mueller at rz.uni-karlsruhe.de Mon Feb 5 01:30:31 2001 From: matthias.mueller at rz.uni-karlsruhe.de (Matthias Mueller) Date: Mon, 5 Feb 2001 08:30:31 +0100 Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 In-Reply-To: ; from anesthes@cisdi.com on Sun, Feb 04, 2001 at 08:09:48AM -0500 References: <010c01c08eb7$c6ecc920$1464a8c0@dmoylan> Message-ID: <20010205083031.A2024@rz.uni-karlsruhe.de> Hi, On Sun, Feb 04, 2001 at 08:09:48AM -0500, Joey Coco wrote: > This is true but the MPPE patch for 2.4.0 PPPD doesn't create kernel > patches, like it did for 2.3.11. So there is no ppp_mppe module to be > found anywhere. I changed the ppp_mppe Patch to work with ppp-2.4.0 and kernel-2.4.0. I created 2 Patches, one for the kernel and one for ppp, you can find them here: http://rz-obrian.rz.uni-karlsruhe.de/download/src There are also split patches for pppd-2.3.11 and kernel-2.2.18 Bye, Matthias -- Matthias.Mueller at rz.uni-karlsruhe.de Rechenzentrum Universitaet Karlsruhe Abteilung Netze From dan at fullmotions.com Mon Feb 5 10:31:37 2001 From: dan at fullmotions.com (Dan L. Brow, Jr.) Date: Mon, 5 Feb 2001 11:31:37 -0500 Subject: [pptp-server] PPPD Message-ID: <000801c08f91$1cc1d9b0$565b7218@cr589775c> Hi, Anyone know where I can get the most up to date version of PPPd. Thanks, Dan. From santtu.hyrkko at hut.fi Mon Feb 5 11:02:17 2001 From: santtu.hyrkko at hut.fi (Santtu =?iso-8859-1?q?Hyrkk=F6?=) Date: 05 Feb 2001 19:02:17 +0200 Subject: [pptp-server] PPPD In-Reply-To: <000801c08f91$1cc1d9b0$565b7218@cr589775c> References: <000801c08f91$1cc1d9b0$565b7218@cr589775c> Message-ID: <87pugxawrq.fsf@ab62d3hel.dial.kolumbus.fi> "Dan L. Brow, Jr." writes: > Anyone know where I can get the most up to date version of PPPd. Try ftp://ftp.linuxcare.com.au/pub/ppp/ -- Santtu Hyrkk? From santtu.hyrkko at hut.fi Mon Feb 5 11:22:02 2001 From: santtu.hyrkko at hut.fi (Santtu =?iso-8859-1?q?Hyrkk=F6?=) Date: 05 Feb 2001 19:22:02 +0200 Subject: [pptp-server] ppp_mppe doesn't support PFC Message-ID: <87lmrlavut.fsf@ab62d3hel.dial.kolumbus.fi> The ppp-mppe patch at ftp://ftp.binarix.com/pub/ppp-mppe doesn't support Protocol-Field-Compression inside incoming MPPE encrypted frames. Here is a (quite hackish) patch which fixes this. This is against the kernel 2.4.0 version. I'm not sure whether this should be included in anything, but this fixes the problems I was having with my PPTP connection. --- drivers/net/ppp_mppe.c~ Mon Feb 5 19:08:46 2001 +++ drivers/net/ppp_mppe.c Mon Feb 5 19:12:23 2001 @@ -576,6 +576,7 @@ mppe_synchronize_key(state); return DECOMP_ERROR; } else { + int retval; if(!state->stateless && (MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED)) mppe_synchronize_key(state); mppe_update_count(state); @@ -583,10 +584,18 @@ /* decrypt - adjust for PPP_HDRLEN + MPPE_OVHD - mru should be OK */ RC4(&(state->RC4_recv_key),isize-6,ibuf+6,obuf); + /* Do PFC decompression if necessary */ + retval = isize - MPPE_OVHD; + if(obuf[0] & 0x1) { + memmove(obuf + 1, obuf, isize - MPPE_OVHD); + obuf[0] = 0; + ++retval; + } + (state->stats).unc_bytes += (isize-MPPE_OVHD); (state->stats).unc_packets ++; - return isize-MPPE_OVHD; + return retval; } } -- Santtu Hyrkk? From rcd at amherst.com Mon Feb 5 11:43:40 2001 From: rcd at amherst.com (Robert Dege) Date: Mon, 05 Feb 2001 12:43:40 -0500 Subject: [pptp-server] Network Neighborhood problems Message-ID: <3A7EE64C.BCCC187C@comptekamherst.com> Hi. I've been rattling my brain on this for several days now, and have yet to find the problem. I have a Win98 client that makes a PPTP connection. From there, I am able to ping, telnet & load web pages. When I double click on Network Neighborhood, I see the PPTP server (I have the workgroups setup the same). When I double click on Entire Network, I can see all the workgroups on the network. However, when I try to doubleclick on ANY of the workgroups, I get an error saying that the workgroup is inaccessible. If I try to do a Start -> Find -> Computer on a LAN Win machine, it says that it can't find that machine. I can see these machines through the PPTP server & access their drives. I also have the PPTP server running a WINS server through Samba. Anybody have any ideas or thoughts??? here is my smb.conf & options.pptp files: smb.conf ======== [global] workgroup = PPTP_Group netbios name = Skid server string = I am the PPTP Server security = SHARE encrypt passwords = yes #Makes Samba the WINS Server wins support = yes name resolve order = wins bcast browse list = yes [homes] browseable = no map archive = yes [test] comment = For testing only, please path = /home/samba read only = no guest ok = yes ====================== options.pptp ============ debug lock name pptp ms-dns 172.28.254.1 ms-wins 172.28.254.46 172.28.254.46: auth +chap +chapms +chapms-v2 chapms-strip-domain require-chap mppe-128 mppe-40 mppe-stateless require-mppe require-mppe-stateless proxyarp ========================== -Rob From gord at amador.ca Mon Feb 5 15:22:48 2001 From: gord at amador.ca (Gord Belsey) Date: Mon, 5 Feb 2001 14:22:48 -0700 Subject: [pptp-server] two problems: connection lost after 15 to 30 minutes / packet mix-upupon re-dialing In-Reply-To: <3A7BD627.13EBFE75@marcant.net> Message-ID: <001e01c08fb9$ca5a4850$280111ac@amadorinc.com> Matthias: I've seen similar problems to what you describe. On the sessions "going away", I haven't invested any time yet (so hopefully someone has a response). On the second, where multiple pids are running, I fixed it by adding the following to the options file on the pptp server: lcp-echo-failure 10 lcp-echo-interval 3 This says "no response to lcp echo after 3 seconds is a failed echo" and "10 failed echo's means connection is down". With this, the server closes the "dead" (no response to echo requests for 30 seconds) connection after 30 seconds, kill the process. You can adjust these times to suit your needs. There is supposed to be a default value, but I found it only works if I actually configure some value for these two variables. BTW I also add these on linux clients which also would die after some time. This forces the ppp interface to go down, so I can restart a client. Hope this helpful Gord Belsey -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Matthias Suencksen Sent: Saturday, February 03, 2001 1:58 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] two problems: connection lost after 15 to 30 minutes / packet mix-upupon re-dialing Hello! I've been playing around with pptp but run into Anybody has expierenced problems with sudden drops of the connection ? I've got an pptp 1.1.2 server(linux) which serves windows 98 dialup clients. also there is a checkpoint-1 firewall in front of the server which passes traffic to it. Things go mostly well but when the client does ftp uploads/downloads (and using their ISDN 8KB/s bandwidth to the max) the connections usually drop after 15 - 30 minutes .. .. this does not occur when doing low bandwidth stuff like telnet over the vpn connection ( the connections lasts for hours then ). So in the case where the ISDN line is filled up with traffic the following happens: Either the win98 computer says that the vpn adapter has hung up ( the dial-up connections is still active though) OR the pptp server says something like "can't read packet header" and quits the connection itself. Strace'ing the server in the latter case showed a ECONNRESET on the GRE socket ( unfortunatelay I forgot wheter it was during read or write ). In the former case where the win98 reported that the vpn has hung up the following happened what I suspect as a bug in the pptp server (which is second problem I want to report and which may be completly unrelated to the connection-dropping-stuff !) The pptp-child processes didn't notice that the windows 98 client already had declared the connection for dead. After using "reconnect" on the the windows client a new pptp child process was spawned but the original pptp process seemed to eat up the packets for the new connection. Consequently I wasn't able to do even do a "ping". This resulted in the following interesting log: Feb 3 08:39:11 server2 pptpd[7504]: CTRL: Sent packet to client Feb 3 08:40:27 server2 pptpd[7504]: CTRL: Received PPTP Control Message (type: 5) Feb 3 08:40:27 server2 pptpd[7504]: CTRL: Made a ECHO RPLY packet Feb 3 08:40:27 server2 pptpd[7504]: CTRL: I wrote 20 bytes to the client. Feb 3 08:40:27 server2 pptpd[7504]: CTRL: Sent packet to client Feb 3 08:41:59 server2 pptpd[7504]: CTRL: Received PPTP Control Message (type: 5) Feb 3 08:41:59 server2 pptpd[7504]: CTRL: Made a ECHO RPLY packet Feb 3 08:41:59 server2 pptpd[7504]: CTRL: I wrote 20 bytes to the client. Feb 3 08:41:59 server2 pptpd[7504]: CTRL: Sent packet to client At this point the pptp server does not any long receive type 5 control messages from the client. the windows computer popped up a message that the vpn adapter has been hung up. I then type "reconnect": Feb 3 08:44:10 server2 pptpd[7809]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Feb 3 08:44:10 server2 pptpd[7809]: CTRL: local address = 172.19.210.10 Feb 3 08:44:10 server2 pptpd[7809]: CTRL: remote address = 172.19.212.2 So process no 7809 is the new handler for the new connection. [..] Feb 3 08:44:10 server2 pppd[7810]: pppd 2.3.11 started by root, uid 0 Feb 3 08:44:10 server2 pppd[7810]: Using interface ppp1 Feb 3 08:44:10 server2 pppd[7810]: Connect: ppp1 <--> /dev/pts/6 Feb 3 08:44:10 server2 pppd[7810]: sent [LCP ConfReq id=0x1 ] Feb 3 08:44:10 server2 pppd[7810]: Timeout 0x8050444:0x80788a0 in 3 seconds. Now: Feb 3 08:44:10 server2 pptpd[7504]: Discarding out-of-order packet 1, already have 24692 It is strange that the "old" pptpd process no. 7504 wants to handle the packets for the new connection whild should be handled by no.7809 (see above) - of course "packet 1" is out of sync with its own sequence number of 24692 ..! Their seems to be contention for incoming packets: Feb 3 08:44:10 server2 pptpd[7504]: Discarding out-of-order packet 1, already have 24692 Feb 3 08:44:10 server2 pptpd[7809]: Buffering out-of-order packet; got 1 after 4294967295 Feb 3 08:44:13 server2 pppd[7810]: sent [LCP ConfReq id=0x1 ] Feb 3 08:44:13 server2 pppd[7810]: Timeout 0x8050444:0x80788a0 in 3 seconds. Feb 3 08:44:13 server2 pptpd[7504]: Discarding out-of-order packet 2, already have 24692 Feb 3 08:44:13 server2 pptpd[7809]: Packet reorder timeout waiting for 0 .. any ideas appreciated ..! my pppd setup is: auth require-chap # proxyarp +chapms-v2 mppe-40 mppe-128 mppe-stateless # be strict require-mppe require-mppe-stateless # workaround silly Windows clients which send NT-domain prefix chapms-strip-domain -- Matthias _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From rcd at amherst.com Mon Feb 5 17:24:37 2001 From: rcd at amherst.com (Robert Dege) Date: Mon, 05 Feb 2001 18:24:37 -0500 Subject: [pptp-server] WINS resolution Message-ID: <3A7F3635.FE312F63@comptekamherst.com> okay, how about this instead. (once connected). From the Run command, I can do a \\IP.address & bring up the machine's share. But \\machine_name will not work. I have WINS up & running on the PPTP server. any suggestions? -Rob From anesthes at cisdi.com Mon Feb 5 18:12:53 2001 From: anesthes at cisdi.com (Joey Coco) Date: Mon, 5 Feb 2001 19:12:53 -0500 (EST) Subject: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 In-Reply-To: <8D043DEA73DFD411958A00A0C90AB7607C3A@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Message-ID: Hello, Thanks. Understand the fact that I didn't notice more than one "2.4.0" patch file on the ftp server, and assumed I grabbed the patch for "both".. I grabbed the PPP patch file, whooops.. I do however have the Kernel and PPPD patched, and I authenticate and everything seems to work fine. Except, I cannot get any data to travel accross the tunnel. It ping, tcp sockets, nothing. The rx and tx packets go up when I do an ifconfig ppp0.. But nothing seems to be getting through. I checked IP on both sides, and the Windows client gets the proper IP address.. The problem I had with the "TTY line dicipline" was a config option in the Kernel. There are options for "PPP with Async lines" and "PPP with Sync" lines. Well the async option has to be compiled in for pppd to work with pptpd. Otherwise it fails. Makes sence now, but this was not a configurable sub option on 2.2.x kernels, so I wasn't looking for it. Apperently when 2.4.0 brought new methods of using PPPD, they made the kernel-time configuration a bit better. So now I've got a tunnel that establishes, but data doesn't seem to work. Thanks. -- Joe On Sun, 4 Feb 2001, Gill, Vern wrote: > This IS the kernel patch file. The ppp-2.4.0-openssl-0.9.6-mppe.patch.gz > is the PPP patch file... You need both for it to work... > See ftp://ftp.binarix.com/pub/ppp-mppe/README.ASC for more info. > > BTW, the following instructions are not correct; > It should be easy to apply: assuming you keep your linux source in > /usr/src/linux, just cd to /usr/src and do > > zcat linux-2.4.0-openssl-0.9.6-mppe.patch.gz | patch -p1 > > > This should be done in /usr/src/linux > ^^^^^ > > Enjoy > > > -----Original Message----- > From: Joey Coco [mailto:anesthes at cisdi.com] > Sent: Sunday, February 04, 2001 5:30 PM > To: Santtu Hyrkk? > Cc: VPN MailList > Subject: Re: [pptp-server] MPPE for Linux kernel 2.4.x and pppd-2.4.0 > > Hello, > > > On 4 Feb 2001, Santtu [iso-8859-1] Hyrkk wrote: > > > Joey Coco writes: > > > > > This is true but the MPPE patch for 2.4.0 PPPD doesn't create kernel > > > patches, like it did for 2.3.11. So there is no ppp_mppe module to > be > > > found anywhere. > > > > You must patch your kernel source with this: > > Kernel source?? That won't patch the kernel, but it patches pppd just > fine..?? > > - Joe > > > > > ftp://ftp.binarix.com/pub/ppp-mppe/linux-2.4.0-openssl-0.9.6-mppe.patch > .gz > > > > > Besides that, I'm not even getting as far as MPPE yet anyhow, I > can't > even > > > get PPPD to start the initial GRE tunnel. I'm getting that error: > > > > > > Feb 4 13:49:27 demo pppd[2055]: Couldn't set tty to PPP > > > discipline: Invalid argument > > > > Have you configured UNIX98 PTY support in your kernel? > > > > -- > > Santtu Hyrkk > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ / "I'd like to think that everything is beautiful, and I'd like to think / \ that everything is fair. I'd like to think that everything is plentiful,\ / and i'd like to think that every body cares. We'd like to thank you.." / \ \ / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n / \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n c. From ron at mel.compumod.com.au Mon Feb 5 21:45:29 2001 From: ron at mel.compumod.com.au (Ron Cresswell) Date: Tue, 06 Feb 2001 14:45:29 +1100 Subject: [pptp-server] Out of order packets - any idea what's going on? Message-ID: <3A7F7359.9050407@mel.compumod.com.au> Hi Folks - I'm getting the following: Feb 6 14:23:19 ghost pptpd[2974]: Buffering out-of-order packet; got 29164 after 29159 Feb 6 14:23:58 ghost pptpd[2974]: Packet reorder timeout waiting for 29161 Feb 6 14:23:58 ghost pptpd[2974]: Buffering out-of-order packet; got 29167 after 29163 Feb 6 14:24:03 ghost pptpd[2974]: Packet reorder timeout waiting for 29165 Feb 6 14:24:03 ghost pptpd[2974]: Buffering out-of-order packet; got 29168 after 29166 Feb 6 14:24:47 ghost pptpd[2974]: Buffering out-of-order packet; got 29172 after 29169 Feb 6 14:24:52 ghost pptpd[2974]: Packet reorder timeout waiting for 29170 Feb 6 14:24:52 ghost pptpd[2974]: Buffering out-of-order packet; got 29174 after 29171 Feb 6 14:24:56 ghost pptpd[2974]: Packet reorder timeout waiting for 29173 Feb 6 14:24:56 ghost pptpd[2974]: Buffering out-of-order packet; got 29175 after 29173 I'm using pptpd-1.1.2. I'm not going into copious detail here - I was just wondering if the above looks very familiar to people? Cheers Ron From james at lrgmail.com Mon Feb 5 22:46:58 2001 From: james at lrgmail.com (James Orr) Date: Mon, 5 Feb 2001 23:46:58 -0500 Subject: [pptp-server] Samba on another machine? References: <200FAA488DE0D41194F10010B597610D080C51@JUPITER> Message-ID: <000b01c08ff7$d789cbc0$93a3b218@home.com> Hi, Thank you for your reply. When I try net view \\10.0.0.1, or net view \\server (which is an entry in my hosts file to 10.0.0.1) I get the following message : Error 31: A device attached to the system is not functioning. For more information, type NET HELP 31 at the command prompt. I can ping 10.0.0.1 fine, and I do have proxyarp in my options file. Of course I can mount the drives OK on windows machines in the actual office. The samba server is not currently setup as a WINS server, as I don't really need to be able to browse the network, but would it help in this situation if it was? - James ----- Original Message ----- From: "George Vieira" To: "James Orr" ; Sent: Saturday, February 03, 2001 7:51 PM Subject: RE: [pptp-server] Samba on another machine? > Yes you can, you must remember these things. > > 1: Have "proxyarp" in your options file so the internal network knows how to > get back to you because the PPTPD server will respond to your PPTP IP > requests.. > 2: You must map via either \\IP\share or \\NAME\share depending you have > WINS or hosts file entered into your machine. > > Test first that you can actually ping the samba machine, if that works OK > then try doing a "net view \\IP". > If this returns a list of shares then your IN!. From james at lrgmail.com Mon Feb 5 22:53:05 2001 From: james at lrgmail.com (James Orr) Date: Mon, 5 Feb 2001 23:53:05 -0500 Subject: [pptp-server] Not sending internet traffic through the tunnel Message-ID: <001801c08ff8$b1bba520$93a3b218@home.com> Hi, Whats the best way to set things up under windows (any version) so that after connecting to the PPTP server traffic going out to the internet will just go through my cable modem connection rather than going through the (slower) office DSL connection? Is there a way this could be set automatically after connection? Thanks, - James -------------- next part -------------- An HTML attachment was scrubbed... URL: From Steve at SteveCowles.com Tue Feb 6 00:53:24 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 6 Feb 2001 00:53:24 -0600 Subject: [pptp-server] Not sending internet traffic through the tunnel Message-ID: <90769AF04F76D41186C700A0C90AFC3EE642@defiant.infohiiway.com> > -----Original Message----- > From: James Orr [mailto:james at lrgmail.com] > Sent: Monday, February 05, 2001 10:53 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Not sending internet traffic through the tunnel > > Hi, > > Whats the best way to set things up under windows (any version) so > that after connecting to the PPTP server traffic going out to the > internet will just go through my cable modem connection rather than > going through the (slower) office DSL connection? Is there a way this > could be set automatically after connection? > Yes, in your Windows PPTP connection profile... disable the "Use Default Gateway on Remote Network" check box. Steve Cowles From Steve at SteveCowles.com Tue Feb 6 02:12:28 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 6 Feb 2001 02:12:28 -0600 Subject: [pptp-server] Samba on another machine? Message-ID: <90769AF04F76D41186C700A0C90AFC3EE643@defiant.infohiiway.com> > -----Original Message----- > From: James Orr [mailto:james at lrgmail.com] > Sent: Monday, February 05, 2001 10:47 PM > To: George Vieira; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Samba on another machine? > > > Hi, > > Thank you for your reply. When I try net view \\10.0.0.1, or net view > \\server (which is an entry in my hosts file to 10.0.0.1) I get the > following message : > > Error 31: A device attached to the system is not functioning. > For more information, type NET HELP 31 at the command prompt. > > I can ping 10.0.0.1 fine, and I do have proxyarp in my > options file. Of course I can mount the drives OK on windows > machines in the actual office. The samba server is not currently > setup as a WINS server, as I don't really need to be able to > browse the network, but would it help in this situation > if it was? > First of all, at the lower layers of the network OSI model, "ping" and "net view" really have nothing to do with each other. "Ping" uses your TCP/IP stacks resolver libraries for name resolution. i.e. /etc/hosts and DNS. Except when pinging by ip address. "Net view" uses nmb/smb packets which basically (at a 30,000 foot level) are an encapsulated netbios over TCP/IP packet. In order for "net view" to work properly, (based on windows netbios configured node type) it must either be able to issue a broadcast packet for the netbios name or be able to contact a WINS server for nmb/smb name resolution. For future reference: Based on your Windows client configured node type, the following rules applies when a windows client tries to perform a netbios based name resolution query. i.e. net view The NetBIOS node type option allows NetBIOS over TCP/IP clients, which are configurable to be configured as described in RFC 1001/1002. The value is specified as a single octet which identifies the client type. Possible node types are: 1 B-node: Broadcast - no WINS 2 P-node: Peer - WINS only. 4 M-node: Mixed - broadcast, then WINS 8 H-node: Hybrid - WINS, then broadcast You can determine how your windows client node type is configured by using "ipconfig /all" for NT/W2K and "winipcfg" for the Win9x releases. I most cases, 1) If not configured to use a WINS server, node type = broadcast 2) If configured to use a WINS server, node type = hybrid. Since broadcast packets (by default) DO NOT get routed across "any" VPN you have two choices: 1) Edit your LMHOSTS file (netbios's equivalent to hosts file) on the remote PPTP client and include the name/ip address pair of the desktop/server you are trying to mount a share on. If you have a Domain Controller and/or workgroup... these entries must also be specified in the LMHOSTS file. Using the LMHOSTS file could have the potential of being an administration nightmare on large networks, but it works. You have been warned!!! 2) Enable a WINS server on the remote LAN and include its definition "ms-wins 10.0.0.x" in your ppp options file. This way, the remote PPTP client will not issue a broadcast packet (which will never get routed and/or answered), but contact the WINS server directly for the ip address of the requested netbios name. FWIW: This is exactly why Microsoft developed a WINS server... to resolve the problem with broadcast packets not being routed across routers!! Your PPTP server IS a router. As for "why" your net view \\ipaddress is not working, I really do not know. That is an odd error. I would start by checking your windows clients netbios settings. i.e. workgroup/domain, file/print sharing settings. Something else is wrong here if you "are" actually able to ping the ip address of the system you are trying to connect to. Good luck Steve Cowles From Steve at SteveCowles.com Tue Feb 6 02:18:16 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 6 Feb 2001 02:18:16 -0600 Subject: [pptp-server] WINS resolution Message-ID: <90769AF04F76D41186C700A0C90AFC3EE644@defiant.infohiiway.com> > -----Original Message----- > From: Robert Dege [mailto:rcd at amherst.com] > Sent: Monday, February 05, 2001 5:25 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] WINS resolution > > > okay, how about this instead. > > (once connected). From the Run command, I can do a > \\IP.address & bring up the machine's share. > But \\machine_name will not work. > > I have WINS up & running on the PPTP server. > > any suggestions? > Are you sure the WINS server is operational? Check your WINS server for the file browse.dat (i think), which contains entries of all the nodes that have registered with that WINS server. Also, all systems on the LAN must be configured to use the WINS server. i.e. They must register with the WINS server at boot-up. Otherwise, they will not show up in the browse list. Steve Cowles From awdavis at waretec.com Tue Feb 6 02:25:48 2001 From: awdavis at waretec.com (Andrew W. Davis) Date: Tue, 6 Feb 2001 02:25:48 -0600 Subject: [pptp-server] poptop and NT domain controller authentication Message-ID: <20010206022548.A12341@falcon.waretec.com> so maybe I'm missing something here, but it's late and my eyes can't take any more archive reading... I've set up my poptop server and it finally will authenticate MPPE and the such. I've figured out how to get it to correctly authenticate with the smbpassword file. I've got some routing issues I need to straighten out between the 2 NIC's in my Linux box, but I guess here's my real question: Do I have to set up domain logins to Samba on my Linux box? Is there no way that they can be sent to my NT Domain controller? From all that I'm reading, I have to set up my Linux box in a different domain all together. This introduces an entirely new set of issues... Isn't the client machine actually looking for an NT Domain controller after it actually establishes the VPN tunnel? So why can't it just seek out my NT box? Forgive my ignorance and I'll apreciate your help ;) Andrew From Steve at SteveCowles.com Tue Feb 6 10:34:13 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 6 Feb 2001 10:34:13 -0600 Subject: [pptp-server] poptop and NT domain controller authentication Message-ID: <90769AF04F76D41186C700A0C90AFC3EE645@defiant.infohiiway.com> > -----Original Message----- > From: Andrew W. Davis [mailto:awdavis at waretec.com] > Sent: Tuesday, February 06, 2001 2:26 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] poptop and NT domain controller authentication > > > so maybe I'm missing something here, but it's late and my > eyes can't take any more archive reading... > > I've set up my poptop server and it finally will authenticate > MPPE and the such. I've figured out how to get it to correctly > authenticate with the smbpassword file. I've got some routing > issues I need to straighten out between the 2 NIC's in my Linux > box, but I guess here's my real question: > > Do I have to set up domain logins to Samba on my Linux box? > Is there no way that they can be sent to my NT Domain controller? > From all that I'm reading, I have to set up my Linux box in a > different domain all together. This introduces an entirely new > set of issues... Personally, I have always configured my samba servers to be "member servers" to an existing MS domain. i.e. security = domain in smb.conf. In fact, I agree with you, by placing a samba server in a different MS domain/workgroup would introduce an entirely new set of issues. Unfortunately, making your samba server a member server really only creates a workstation/server entry in Domain Manager. It does not enable samba to authenticate to a PDC for login requests. i.e. a single username/password on NT. FYI: There is a lot of work being done in this area. i.e. winbind. Checkout the following white paper: http://us4.samba.org/samba/ftp/appliance/winbind.pdf I especially like the first paragraph of this paper... (holy grail) Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous computing environments for a long time. We present winbind, a component of the Samba suite of programs as a solution to the unified logon problem. Winbind uses UNIX implementation of Microsoft RPC calls, Pluggable Authentication Modules, and the Name Service Switch to allow Windows NT domain users to appear and operate as UNIX users on a UNIX machine. This paper describes the winbind system, explaining the functionality it provides, how it is configured and how it works internally. Hopefully, after reading the above white paper, you will understand why you must maintain to separate login accounts. One on your PopTop server and one on NT PDC. If I get the time, I am going to try and implement "winbind". I have been following its development for a long time. Looks like they have made some progress, but with limitations. I have never liked maintaining two separate login accounts. This has always been a royal pain in the ass from an administration point of view. Steve Cowles From baust at healthdec.com Tue Feb 6 11:01:43 2001 From: baust at healthdec.com (Brian Aust) Date: Tue, 6 Feb 2001 12:01:43 -0500 Subject: [pptp-server] poptop and NT domain controller authentication Message-ID: Well, what do people think about Novell Account Management, formerly known as Novell NDS Corporate Edition? This directory services/account management product is supposed to have Single SignOn capabilities that replace both NT and Linux password accounts with NDS clients, allowing for unified management in the NDS console. Would this not provide what we are looking for with this holy grail? Check it out: http://www.novell.com/products/nds/accountmanagement/ I'm considering this as a solution for my small company (50 people) to integrate the user/ACL management of the NT and Linux servers and their applications (like Apache)... what do you guys think? Brian R. Aust -----Original Message----- From: Cowles, Steve [mailto:Steve at SteveCowles.com] Sent: Tuesday, February 06, 2001 11:34 AM To: 'Andrew W. Davis'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] poptop and NT domain controller authentication > -----Original Message----- > From: Andrew W. Davis [mailto:awdavis at waretec.com] > Sent: Tuesday, February 06, 2001 2:26 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] poptop and NT domain controller authentication > > > so maybe I'm missing something here, but it's late and my > eyes can't take any more archive reading... > > I've set up my poptop server and it finally will authenticate > MPPE and the such. I've figured out how to get it to correctly > authenticate with the smbpassword file. I've got some routing > issues I need to straighten out between the 2 NIC's in my Linux > box, but I guess here's my real question: > > Do I have to set up domain logins to Samba on my Linux box? > Is there no way that they can be sent to my NT Domain controller? > From all that I'm reading, I have to set up my Linux box in a > different domain all together. This introduces an entirely new > set of issues... Personally, I have always configured my samba servers to be "member servers" to an existing MS domain. i.e. security = domain in smb.conf. In fact, I agree with you, by placing a samba server in a different MS domain/workgroup would introduce an entirely new set of issues. Unfortunately, making your samba server a member server really only creates a workstation/server entry in Domain Manager. It does not enable samba to authenticate to a PDC for login requests. i.e. a single username/password on NT. FYI: There is a lot of work being done in this area. i.e. winbind. Checkout the following white paper: http://us4.samba.org/samba/ftp/appliance/winbind.pdf I especially like the first paragraph of this paper... (holy grail) Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a "holy grail" in heterogeneous computing environments for a long time. We present winbind, a component of the Samba suite of programs as a solution to the unified logon problem. Winbind uses UNIX implementation of Microsoft RPC calls, Pluggable Authentication Modules, and the Name Service Switch to allow Windows NT domain users to appear and operate as UNIX users on a UNIX machine. This paper describes the winbind system, explaining the functionality it provides, how it is configured and how it works internally. Hopefully, after reading the above white paper, you will understand why you must maintain to separate login accounts. One on your PopTop server and one on NT PDC. If I get the time, I am going to try and implement "winbind". I have been following its development for a long time. Looks like they have made some progress, but with limitations. I have never liked maintaining two separate login accounts. This has always been a royal pain in the ass from an administration point of view. Steve Cowles _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From rcd at amherst.com Tue Feb 6 11:05:21 2001 From: rcd at amherst.com (Robert Dege) Date: Tue, 06 Feb 2001 12:05:21 -0500 Subject: [pptp-server] WINS resolution References: <90769AF04F76D41186C700A0C90AFC3EE644@defiant.infohiiway.com> Message-ID: <3A802ED1.4827307@comptekamherst.com> Steve, I'm not entirely sure if WINS is working correctly. I do have browse.dat & wins.dat files in /var/lock/samba. browse.dat only shows the local master for each workgroup. Right now, there are only 2 machines on the LAN that point to WINS. They are both local Masters. I added 4 more machines to point to WINS inside a separate workgroup. If I try to double-click on that workgroup from network neighborhood (from the PPTP client), I still get that workgroup is inaccessible. The remaining workgroups & computers show up via broadcast & are also inaccessible. wins.dat shows all the computers that are pointing to it. One thing bugs me though. Here is a quick sample of the file: "__MSBROWSE__#01" 981932577 255.255.255.255 84R "HOMER#00" 981996600 172.28.254.32 44R "HOMER#03" 981996600 172.28.254.32 44R "HOMER#20" 981996594 172.28.254.32 44R "PPTP_GROUP#00" 981996810 255.255.255.255 c4R "PPTP_GROUP#1e" 981996810 255.255.255.255 c4R "SIMPLE#00" 981996594 255.255.255.255 c4R "SIMPLE#1e" 981996594 255.255.255.255 c4R "SKID#00" 981996810 172.28.254.46 46R "SKID#03" 981996810 172.28.254.46 46R "SKID#20" 981996810 172.28.254.46 46R "SNIFFER#00" 981996765 172.28.41.46 4R "SNIFFER#03" 981996764 172.28.41.46 4R "SNIFFER#20" 981932487 172.28.41.46 4R Homer is the local Master of the workgroup SIMPLE. SKID is the local Master of the workgroup PPTP_GROUP. (PPTP Server) Sniffer is the PPTP Client Notice how MSBROWSE & the workgroups have a 255.255.255.255 address, as if to infer no viewing capabilities via subnet mask. Is this supposed to be normal? Thank for the insight. -Rob > Are you sure the WINS server is operational? Check your WINS server for the > file browse.dat (i think), which contains entries of all the nodes that have > registered with that WINS server. > > Also, all systems on the LAN must be configured to use the WINS server. i.e. > They must register with the WINS server at boot-up. Otherwise, they will not > show up in the browse list. > > Steve Cowles From Steve at SteveCowles.com Tue Feb 6 11:33:04 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 6 Feb 2001 11:33:04 -0600 Subject: [pptp-server] poptop and NT domain controller authentication Message-ID: <90769AF04F76D41186C700A0C90AFC3EE646@defiant.infohiiway.com> > -----Original Message----- > From: Brian Aust [mailto:baust at healthdec.com] > Sent: Tuesday, February 06, 2001 11:02 AM > To: Cowles, Steve; 'Andrew W. Davis'; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] poptop and NT domain controller > authentication > > > Well, what do people think about Novell Account Management, > formerly known as Novell NDS Corporate Edition? This directory > services/account management product is supposed to have Single > SignOn capabilities that replace both NT and Linux password > accounts with NDS clients, allowing for unified management in > the NDS console. > > Would this not provide what we are looking for with this holy grail? > > Check it out: http://www.novell.com/products/nds/accountmanagement/ > > I'm considering this as a solution for my small company (50 people) to > integrate the user/ACL management of the NT and Linux servers > and their applications (like Apache)... what do you guys think? > Brian, I have actually deployed NDS (successfully) into existing Novell/NT 4.0 environments in the past. Unfortunately, these deployments did not include integration with UNIX/Linux based systems. So I cannot answer your question directly. Based on what I read at the above web site, this looks like it might be a viable solution that meets with your requirements. On a separate but related subject: This is my opinion... but Windows 2000 new authentication scheme (active directory) looks like a knock off of Novells NDS trees. Why was I not surprised? Anyway, if you do decide to implement NDS, I would be interested in your results. Especially with any linux related integration issues. Steve Cowles From Steve at SteveCowles.com Tue Feb 6 12:31:30 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 6 Feb 2001 12:31:30 -0600 Subject: [pptp-server] WINS resolution Message-ID: <90769AF04F76D41186C700A0C90AFC3EE647@defiant.infohiiway.com> > -----Original Message----- > From: Robert Dege [mailto:rcd at amherst.com] > Sent: Tuesday, February 06, 2001 11:05 AM > To: Cowles, Steve > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] WINS resolution > > Steve, > I'm not entirely sure if WINS is working correctly. I do have > browse.dat & wins.dat files in /var/lock/samba. > > browse.dat only shows the local master for each workgroup. > Right now, there are only 2 machines on the LAN that point > to WINS. They are both local Masters. I added 4 more machines > to point to WINS inside a separate workgroup. If I try to > double-click on that workgroup from network neighborhood > (from the PPTP client), I still get that workgroup is > inaccessible. The remaining workgroups & computers show up > via broadcast & are also inaccessible. > > wins.dat shows all the computers that are pointing to it. > One thing bugs me though. Here is a quick sample of the file: > > "__MSBROWSE__#01" 981932577 255.255.255.255 84R > "HOMER#00" 981996600 172.28.254.32 44R > "HOMER#03" 981996600 172.28.254.32 44R > "HOMER#20" 981996594 172.28.254.32 44R > "PPTP_GROUP#00" 981996810 255.255.255.255 c4R > "PPTP_GROUP#1e" 981996810 255.255.255.255 c4R > "SIMPLE#00" 981996594 255.255.255.255 c4R > "SIMPLE#1e" 981996594 255.255.255.255 c4R > "SKID#00" 981996810 172.28.254.46 46R > "SKID#03" 981996810 172.28.254.46 46R > "SKID#20" 981996810 172.28.254.46 46R > "SNIFFER#00" 981996765 172.28.41.46 4R > "SNIFFER#03" 981996764 172.28.41.46 4R > "SNIFFER#20" 981932487 172.28.41.46 4R > > Homer is the local Master of the workgroup SIMPLE. > SKID is the local Master of the workgroup PPTP_GROUP. > (PPTP Server) Sniffer is the PPTP Client > > Notice how MSBROWSE & the workgroups have a 255.255.255.255 > address, as if to infer no viewing capabilities via subnet > mask. Is this supposed to be normal? > > Thank for the insight. > Something is not right here. The __MSBROWSE__ entry is probably the most important record. It should be pointing to an IP address of the system that "won" the election process to become the master. I have never seen this entry pointing to all one's. ie. 255.255.255.255. Based on the current state of the browse.dat file, I would think that the election process has not decided on a winner... so to speak. Also, I noticed that you "possibly" have different subnets. 172.28.254 and 172.28.41. What are the netmasks for these network addresses. If they are set to a 24bit mask, are you using a separate WINS server per network or are the clients on this other network registering with a single WINS server? The reason I ask; is if you go by the MS "Enterprise" model... they recommend that you install a WINS server on each LAN and have each client system register with the WINS server on that LAN. Then enable push/pull replication between the WINS servers so that a copy of each WINS server database is local. Furthermore, in setting up push/pull replication, you also toggle the "replicate on change" switch, which will send change only updates to all the other WINS servers as clients register/de-register. This keeps the "very chatty" MS browse requests from spanning routers. Unfortunately, I don't think Samba's WINs server supports the push/pull replication with MS WINS servers, but it does between Samba based WINS servers. i.e. remote browse sync (G) This option allows you to setup nmbd to periodi? cally request synchronization of browse lists with the master browser of a samba server that is on a remote segment. This option will allow you to gain browse lists for multiple workgroups across routed networks. This is done in a manner that does not work with any non-samba servers. This is useful if you want your Samba server and all local clients to appear in a remote workgroup for which the normal browse propagation rules don?t work. The remote workgroup can be anywhere that you can send IP packets to. For example: remote browse sync = 192.168.2.255 192.168.4.255 the above line would cause nmbd to request the mas? ter browser on the specified subnets or addresses to synchronize their browse lists with the local server. The IP addresses you choose would normally be the broadcast addresses of the remote networks, but can also be the IP addresses of known browse masters if your network config is that stable. If a machine IP address is given Samba makes NO attempt to validate that the remote machine is available, is listening, nor that it is in fact the browse master on it?s segment. You might want to check the following options in your smb.conf file. They would seem to apply to your problem. OS level remote announce local master Steve Cowles From Lillian.Kulhanek at energy.on.ca Tue Feb 6 14:37:58 2001 From: Lillian.Kulhanek at energy.on.ca (Lillian Kulhanek) Date: Tue, 6 Feb 2001 15:37:58 -0500 Subject: [pptp-server] Solved: GRE: Bad checksum from pppd or Windows 720 errors Message-ID: <000f01c0907c$b1b8da00$2c02a8c0@Lillian.energy.on.ca> We figured out the solution internally. I was assigning the local and remote ip addresses in pptpd.conf, and the vpn adapter on the windows client was configured to have the addresses assigned by the server, which is supposed to work. But they weren't being assigned, and Error 720 would pop up. When I manually assigned the addresses in the vpn adapter properties, everything worked, compression, encryption, browsing, life is grand. I'm using linux kernel 2.2.17 with pppd 2.3.11 and associated patches/diffs. Here's the hitch: For the sake of getting a vpn up, earlier on I installed a 2.2.16 kernel with pptp and ppp rpms, I was still getting booted off, but the local and remote addresses were being assigned, according to the logs. Hmm. Why then, but not now? I'm investigating now why the addresses don't get assigned in pptpd.conf, but if anyone sees something I've missed, I'd be glad to hear it. -----Original Message----- From: Lillian Kulhanek [mailto:Lillian.Kulhanek at energy.on.ca] Sent: February 2, 2001 4:02 PM To: 'pptp-server at lists.schulte.org' Subject: GRE: Bad checksum from pppd Hi all, So close and yet so far. PPTP on a Linux box, masqueraded behind a firewall. We could establish a connection with a client, but it disconnects almost immediately, looks like from the peer side. In our debugging efforts, we tried to isolate the problem by connecting from a Win98SE computer within the network directly to the vpn (modems/firewall bypassed). In this manner, we are able to login, with MSCHAP-v2 peer authentication, as you'll see in the logs, then the peer disconnects. From dreadboy at hotmail.com Wed Feb 7 01:50:39 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Wed, 07 Feb 2001 00:50:39 -0700 Subject: [pptp-server] Redhat 6.2 compilation problems Message-ID: I've followed every single HOWTO on compiling the MS-CHAP authentication into my kernel. I've downloaded the source code & patches from exactly where all of the HOWTOs state, but still I am having major trouble. =( PoPToP HOWTO's I've tried: - 19991104 - Matthew Ramsay - 20000503 - Mike Barsalou - 20001005 - Mike Barsalou - "Example PPTPD Configuration" - www.vibres.com/pptpd/example.html Man, I have a mountain of paper here, but no luck after 80 hours of waiting with a grin-on that quickly turns to a sha-grin after compilation fails once again. I can never seem to compile the ppp.o, ppp_mppe.o, ppp_deflate.o, bsd_comp.o, slhc.o, etc, etc. under RedHat 6.2. Always get "Unresolved symbols in modules xxxxxx.o" after doing a "depmod -a". Also, everyone in the mailing list seems to have kernel 2.2.16, whereas my version of RedHat 6.2 has a default of 2.2.14 in it. Not sure what that's all about. Does anyone have an easy solution for this? I would figure that just tossing the above object modules into /lib/modules/kern_vers/net would be enough. Is this true? And if so, does anyone have them for 2.2.14? _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From jbecker at jbecker.storerunner.net Wed Feb 7 14:35:02 2001 From: jbecker at jbecker.storerunner.net (jbecker) Date: Wed, 7 Feb 2001 12:35:02 -0800 Subject: [pptp-server] Redhat 6.2 compilation problems In-Reply-To: References: Message-ID: <01020712350205.10694@jbecker.storerunner.net> Where did you get your kernel sources? does uname -a report kernel 2.2.14? I've had trouble compiling kernels on one of my redhat 6.2 (2.2.14) boxes but they compile on one of my other 6.2 boxes fine, so i just compile them on the other boxes and copy them over. where you get your kernel sources is pretty important. I like them right off the CD... On Tuesday 06 February 2001 23:50, you wrote: > I've followed every single HOWTO on compiling the MS-CHAP authentication > into my kernel. I've downloaded the source code & patches from exactly > where all of the HOWTOs state, but still I am having major trouble. =( > > PoPToP HOWTO's I've tried: > > - 19991104 - Matthew Ramsay > - 20000503 - Mike Barsalou > - 20001005 - Mike Barsalou > - "Example PPTPD Configuration" - www.vibres.com/pptpd/example.html > > Man, I have a mountain of paper here, but no luck after 80 hours of waiting > with a grin-on that quickly turns to a sha-grin after compilation fails > once again. > > I can never seem to compile the ppp.o, ppp_mppe.o, ppp_deflate.o, > bsd_comp.o, slhc.o, etc, etc. under RedHat 6.2. Always get "Unresolved > symbols in modules xxxxxx.o" after doing a "depmod -a". Also, everyone in > the mailing list seems to have kernel 2.2.16, whereas my version of RedHat > 6.2 has a default of 2.2.14 in it. Not sure what that's all about. > > Does anyone have an easy solution for this? I would figure that just > tossing the above object modules into /lib/modules/kern_vers/net would be > enough. Is this true? And if so, does anyone have them for 2.2.14? > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From dreadboy at hotmail.com Wed Feb 7 23:00:00 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Wed, 07 Feb 2001 22:00:00 -0700 Subject: [pptp-server] Compiled and logging in - but can't find any network nodes... =( Message-ID: OK, thx to some fresh 2.2.17 kernel source, I'm off and running with the whole MS-CHAP login thing on my server now. Every logon goes off without a hitch. I've made SaMBa the main WINS server assigned by DHCPD on the Linux box, etc. - the way it's always been, anyway. I edited /etc/pptpd.conf with the line: ms-wins 192.168.0.2 I've changed the samba resolve order to wins, lmhosts, blah, blah, blah... I've even added corresponding entries to /etc/lmhosts for a few machines on my network. The Linux server controls every function my old NT server used to on the network, why can't it see even the name of it, let alone the other nodes? When I log in, my IP address is an acceptable number falling into the 192.168.x.x subnet. Is it maybe because my remoteip and my localip range are both in the 192.168.x.x subnet? Could this be it? What is it I'm doing wrong? I know you guys can spit the answer out way faster than I could ever sort my way through vague documentation. Thx. Dreadly. =) _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From Steve at SteveCowles.com Thu Feb 8 00:28:03 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Thu, 8 Feb 2001 00:28:03 -0600 Subject: [pptp-server] Compiled and logging in - but can't find any ne twork nodes... =( Message-ID: <90769AF04F76D41186C700A0C90AFC3EE64C@defiant.infohiiway.com> > -----Original Message----- > From: Dread Boy [mailto:dreadboy at hotmail.com] > Sent: Wednesday, February 07, 2001 11:00 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Compiled and logging in - but can't find any > network nodes... =( > > > OK, thx to some fresh 2.2.17 kernel source, I'm off and > running with the whole MS-CHAP login thing on my server > now. Every logon goes off without a hitch. > > I've made SaMBa the main WINS server assigned by DHCPD on the > Linux box, etc. - the way it's always been, anyway. WINS server assignment through DHCP is valid, but only for clients configured to use DHCP to configure the TCP/IP stack. Keep in mind, when using a PopTop PPTP server - PPTP clients are configured through pppd options, not DHCP. Although - On the other side of the coin, Microsoft's PPTP server can be configured to use DHCP to configure remote PPTP clients. > > I edited /etc/pptpd.conf with the line: > > ms-wins 192.168.0.2 BZZT! I hope the above is a type-o, but ms-wins is a pppd option, not a PPTP option. FYI: from man pppd ms-dns If pppd is acting as a server for Microsoft Windows clients, this option allows pppd to supply one or two DNS (Domain Name Server) addresses to the clients. The first instance of this option speci? fies the primary DNS address; the second instance (if given) specifies the secondary DNS address. (This option was present in some older versions of pppd under the name dns-addr.) ms-wins If pppd is acting as a server for Microsoft Windows or "Samba" clients, this option allows pppd to sup? ply one or two WINS (Windows Internet Name Ser? vices) server addresses to the clients. The first instance of this option specifies the primary WINS address; the second instance (if given) specifies the secondary WINS address. > > I've changed the samba resolve order to wins, lmhosts, blah, > blah, blah... I've even added corresponding entries to > /etc/lmhosts for a few machines on my network. The default search order should be fine. Also, its rather hard to debug WINS related problems when you add entries to the lmhosts file. > > The Linux server controls every function my old NT server > used to on the network, why can't it see even the name of it, > let alone the other nodes? Based on your post, it sounds like you do not have WINS/Samba setup properly. Without seeing your smb.conf file, I would only be guessing at what the problem. > > When I log in, my IP address is an acceptable number falling > into the 192.168.x.x subnet. Is it maybe because my remoteip > and my localip range are both in the 192.168.x.x subnet? > Could this be it? No, in fact I specify the remote and local ip addresses within the same subnet. Helps with proxyarp's > What is it I'm doing wrong? > > I know you guys can spit the answer out way faster than I > could ever sort my way through vague documentation. > From vasilis at cosmoline.gr Wed Feb 7 17:06:48 2001 From: vasilis at cosmoline.gr (Vasilis) Date: Thu, 8 Feb 2001 01:06:48 +0200 Subject: [pptp-server] (no subject) Message-ID: <000801c0915a$a6b15ea0$ad01a8c0@prv.cosmoline.gr> I want to ask something general about VPN's can i setup up a Vpn server without dial up server ? I mean : can the client connect to an diferent ISP and then connect to my VPN server ? U will help me very much Vasilis Ventirozos -------------- next part -------------- An HTML attachment was scrubbed... URL: From vu at sivell.com Thu Feb 8 06:57:59 2001 From: vu at sivell.com (Vu Pham) Date: Thu, 8 Feb 2001 06:57:59 -0600 Subject: [pptp-server] ms-chap References: <90769AF04F76D41186C700A0C90AFC3EE64C@defiant.infohiiway.com> Message-ID: <001801c091ce$c3e09620$c802a8c0@khoapham> Hi all, I ve' installed pptpd and things go well, and my password authentication is Chap I would like to use Ms-Chap, and data encryption also. My workstations use NT4 and W2k. Can I do that ? Do I need to download something else ? I appreciate your help, Vu From anesthes at cisdi.com Thu Feb 8 06:47:05 2001 From: anesthes at cisdi.com (Joey Coco) Date: Thu, 8 Feb 2001 07:47:05 -0500 (EST) Subject: [pptp-server] PPP2.4.0b4 Kernel 2.4.1 Message-ID: Hello, I've got this far. It conencts, authentictes, gives my win98/win2000 clients an IP address. But I cannot ping or telnet or anything accross. Here is the log info, and ifconfig result: info, and notice logs to /var/adm/messages: Feb 8 22:43:22 demo login[277]: ROOT LOGIN on `tty1' Feb 8 22:46:33 demo pptpd[334]: CTRL: Client 216.20.15.63 control connection started Feb 8 22:46:33 demo pptpd[334]: CTRL: Starting call (launching pppd, opening GRE) Feb 8 22:46:33 demo pppd[335]: pppd 2.4.0b4 started by anesthes, uid 0 Feb 8 22:46:33 demo pppd[335]: Using interface ppp0 Feb 8 22:46:33 demo pppd[335]: Connect: ppp0 <--> /dev/ttyp0 Feb 8 22:46:35 demo pppd[335]: MSCHAP-v2 peer authentication succeeded for anesthes Feb 8 22:46:35 demo pppd[335]: local IP address 10.200.1.254 Feb 8 22:46:35 demo pppd[335]: remote IP address 10.200.1.1 Feb 8 22:46:35 demo pppd[335]: MPPE 128 bit, stateless compression enabled err logs to /var/adm/syslog: Feb 8 22:46:33 demo pptpd[334]: GRE: Discarding duplicate packet Feb 8 22:46:35 demo pptpd[334]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! And debug to /var/adm/debug: Feb 8 22:46:35 demo pppd[335]: sent [CCP ConfNak id=0x6 ] Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfReq id=0x7 ] Feb 8 22:46:35 demo pppd[335]: sent [IPCP ConfReq id=0x2 ] Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfRej id=0x1 ] Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfReq id=0x8 ] Feb 8 22:46:35 demo pppd[335]: sent [CCP ConfAck id=0x8 ] Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfReq id=0x9 ] Feb 8 22:46:35 demo pppd[335]: sent [IPCP ConfNak id=0x9 ] Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfAck id=0x2 ] Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfNak id=0x2 ] Feb 8 22:46:35 demo pppd[335]: sent [CCP ConfReq id=0x3 ] Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfReq id=0xa ] Feb 8 22:46:35 demo pppd[335]: sent [IPCP ConfAck id=0xa ] Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfAck id=0x3 ] Feb 8 22:47:33 demo pptpd[334]: CTRL: Received PPTP Control Message (type: 5) Feb 8 22:47:33 demo pptpd[334]: CTRL: Made a ECHO RPLY packet Feb 8 22:47:33 demo pptpd[334]: CTRL: I wrote 20 bytes to the client. # ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:10.200.1.254 P-t-P:10.200.1.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:1889 errors:0 dropped:0 overruns:0 frame:0 TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 demo:/var/log# ping 10.200.1.1 PING 10.200.1.1 (10.200.1.1): 56 data bytes --- 10.200.1.1 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss demo:/var/log# ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:10.200.1.254 P-t-P:10.200.1.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:1892 errors:0 dropped:0 overruns:0 frame:0 TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 Anyone have any ideas?? demo:/var/log# uname -a Linux demo 2.4.1 #1 Wed Feb 7 21:25:25 EST 2001 i586 unknown demo:/var/log# pppd --version pppd version 2.4.0b4 The two patches I used: linux-2.4.0-openssl-0.9.6-mppe.patch.gz ppp-2.4.0-openssl-0.9.6-mppe.patch.gz I tried with kernel 2.4.0, and pppd 2.4.0, still the same results.n -- Joe From kelly.black at testquest.com Thu Feb 8 09:26:26 2001 From: kelly.black at testquest.com (Kelly Black) Date: Thu, 8 Feb 2001 09:26:26 -0600 Subject: [pptp-server] PPP2.4.0b4 Kernel 2.4.1 In-Reply-To: ; from anesthes@cisdi.com on Thu, Feb 08, 2001 at 07:47:05AM -0500 References: Message-ID: <20010208092626.B26351@testquest.com> Check the route table on the client end. I am seeing the same thing happening on one of my clients access. The route to the VPN tunnel interface is not being added to the route table, and I am not sure why this is happening. Kelly Black Sys Admin TestQuest, Inc. On Thu, Feb 08, 2001 at 07:47:05AM -0500, Joey Coco wrote: > > Hello, > > I've got this far. It conencts, authentictes, gives my win98/win2000 > clients an IP address. But I cannot ping or telnet or anything accross. > Here is the log info, and ifconfig result: > > info, and notice logs to /var/adm/messages: > > Feb 8 22:43:22 demo login[277]: ROOT LOGIN on `tty1' > Feb 8 22:46:33 demo pptpd[334]: CTRL: Client 216.20.15.63 control > connection started > Feb 8 22:46:33 demo pptpd[334]: CTRL: Starting call (launching pppd, > opening GRE) > Feb 8 22:46:33 demo pppd[335]: pppd 2.4.0b4 started by anesthes, uid 0 > Feb 8 22:46:33 demo pppd[335]: Using interface ppp0 > Feb 8 22:46:33 demo pppd[335]: Connect: ppp0 <--> /dev/ttyp0 > Feb 8 22:46:35 demo pppd[335]: MSCHAP-v2 peer authentication succeeded > for anesthes > Feb 8 22:46:35 demo pppd[335]: local IP address 10.200.1.254 > Feb 8 22:46:35 demo pppd[335]: remote IP address 10.200.1.1 > Feb 8 22:46:35 demo pppd[335]: MPPE 128 bit, stateless compression > enabled > > err logs to /var/adm/syslog: > > Feb 8 22:46:33 demo pptpd[334]: GRE: Discarding duplicate packet > Feb 8 22:46:35 demo pptpd[334]: CTRL: Ignored a SET LINK INFO packet with > real ACCMs! > > And debug to /var/adm/debug: > > Feb 8 22:46:35 demo pppd[335]: sent [CCP ConfNak id=0x6 ] > Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfReq id=0x7 > 0.0.0.0> ] > Feb 8 22:46:35 demo pppd[335]: sent [IPCP ConfReq id=0x2 10.200.1.254>] > Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfRej id=0x1 > 0 0 60>] > Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfReq id=0x8 ] > Feb 8 22:46:35 demo pppd[335]: sent [CCP ConfAck id=0x8 ] > Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfReq id=0x9 ] > Feb 8 22:46:35 demo pppd[335]: sent [IPCP ConfNak id=0x9 10.200.1.1>] > Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfAck id=0x2 10.200.1.254>] > Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfNak id=0x2 ] > Feb 8 22:46:35 demo pppd[335]: sent [CCP ConfReq id=0x3 ] > Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfReq id=0xa 10.200.1.1>] > Feb 8 22:46:35 demo pppd[335]: sent [IPCP ConfAck id=0xa 10.200.1.1>] > Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfAck id=0x3 ] > Feb 8 22:47:33 demo pptpd[334]: CTRL: Received PPTP Control Message > (type: 5) > Feb 8 22:47:33 demo pptpd[334]: CTRL: Made a ECHO RPLY packet > Feb 8 22:47:33 demo pptpd[334]: CTRL: I wrote 20 bytes to the client. > > > # ifconfig ppp0 > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.200.1.254 P-t-P:10.200.1.1 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:1889 errors:0 dropped:0 overruns:0 frame:0 > TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 > > demo:/var/log# ping 10.200.1.1 > PING 10.200.1.1 (10.200.1.1): 56 data bytes > > --- 10.200.1.1 ping statistics --- > 4 packets transmitted, 0 packets received, 100% packet loss > demo:/var/log# ifconfig ppp0 > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.200.1.254 P-t-P:10.200.1.1 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:1892 errors:0 dropped:0 overruns:0 frame:0 > TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 > > Anyone have any ideas?? > > > demo:/var/log# uname -a > Linux demo 2.4.1 #1 Wed Feb 7 21:25:25 EST 2001 i586 unknown > demo:/var/log# pppd --version > pppd version 2.4.0b4 > > The two patches I used: > > linux-2.4.0-openssl-0.9.6-mppe.patch.gz > ppp-2.4.0-openssl-0.9.6-mppe.patch.gz > > I tried with kernel 2.4.0, and pppd 2.4.0, still the same results.n > > -- Joe > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From clemens.niederreiter at chello.at Thu Feb 8 12:50:07 2001 From: clemens.niederreiter at chello.at (Clemens Niederreiter) Date: Thu, 8 Feb 2001 19:50:07 +0100 Subject: [pptp-server] pptp server and kernels higher 2.2.12-20 ... Message-ID: hi, i was just trying setting up the pptp server on a RH6.2 kernel 2.2.14-5.0 but it seems that the patch making win2k workstations happy :) doesnt work and a tunnel without encryption doesnt make any sense anything goes fine 'til the point making the modules .... at this point i get an error :??( here is the failure notice: [root at gate linux]# make modules SUBDIRS=drivers/net make -C drivers/net CFLAGS="-Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce -m386 -DCPU=386 -DMODULE -DMODVERSIONS -include /usr/src/linux-2.2.14/include/linux/modversions.h" MAKING_MODULES=1 modules make[1]: Entering directory `/usr/src/linux-2.2.14/drivers/net' gcc -D__KERNEL__ -I/usr/src/linux-2.2.14/include -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce -m386 -DCPU=386 -DMODULE -DMODVERSIONS -include /usr/src/linux-2.2.14/include/linux/modversions.h -E -D__GENKSYMS__ ppp.c | /sbin/genksyms -k 2.2.14 > /usr/src/linux-2.2.14/include/linux/modules/ppp.ver.tmp In file included from ppp.c:52: /usr/src/linux-2.2.14/include/linux/module.h:13: warning: `_set_ver' redefined /usr/src/linux-2.2.14/include/linux/modsetver.h:9: warning: this is the location of the previous definition /usr/src/linux-2.2.14/include/linux/modules/ppp.ver is unchanged gcc -D__KERNEL__ -I/usr/src/linux-2.2.14/include -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce -m386 -DCPU=386 -DMODULE -DMODVERSIONS -include /usr/src/linux-2.2.14/include/linux/modversions.h -DEXPORT_SYMTAB -c ppp.c ppp.c:188: warning: static declaration for `ppp_register_compressor_R9682e733' follows non-static ppp.c:189: warning: static declaration for `ppp_unregister_compressor_Ra1b928df' follows non-static ppp.c: In function `rcv_proto_unknown': ppp.c:2563: too few arguments to function `kill_fasync_R5e73d35d' make[1]: *** [ppp.o] Error 1 make[1]: Leaving directory `/usr/src/linux-2.2.14/drivers/net' make: *** [_mod_drivers/net] Error 2 please, could u help me? maybe u know a solution for my problem or know any updates for kernels higher than 2.2.12-20 i also tried it with ppp-2.4.0 and the ppp-2.4.0-openssl-0.9.6 patch, but this doesnt work at all ... thank u very much for our assistance Clemens Niederreiter -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2840 bytes Desc: not available URL: From GeorgeV at citadelcomputer.com.au Thu Feb 8 15:58:14 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 9 Feb 2001 08:58:14 +1100 Subject: [pptp-server] 2.2.17 and ip_masq_vpn.patch Message-ID: <200FAA488DE0D41194F10010B597610D080F2D@JUPITER> Hi all, My setup was running sweet and as the old saying goes "If it ain't broken....tweak it" so I did. I wanted to add ip_masq_vpn to my firewall at home so my windows machine behind it can access the PPTPD server on the net due to the below error messages : Feb 9 07:54:13 firewall pptpd[20126]: Error reading from pppd: Input/output error Feb 9 07:54:13 firewall pptpd[20126]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Feb 9 07:54:13 firewall pptpd[20126]: CTRL: Client x.x.x.x control connection finished My first problem came when I was in the middle of compiling and Linux had crapped itself and locked up (first time ever), after the reboot I fully recompiled again and it finished OK and patched the /boot/* files and lilo -v all done. My problem now is that ip_masq_portfw is stuffed and won't load due to Unresolved Symbols error and my Windows VPN also still doesn't connect yet another machine without a firewall works OK.. I'm using ip_masq_vpm.patch.gz suggested from ftp://ftp.rubyriver.com/pub/jhardin/masquerade for 2.2.17 and couldn't find the command to use as it's usually placed in the first line of the patch so I tried patch < ../ip_masq_vpn.patch and it seemed to patch OK. Can anybody help here? There isn't many instructions on how to patch or use this... thanks, George Vieira From anesthes at cisdi.com Thu Feb 8 14:20:29 2001 From: anesthes at cisdi.com (Joey Coco) Date: Thu, 8 Feb 2001 15:20:29 -0500 (EST) Subject: [pptp-server] PPP2.4.0b4 Kernel 2.4.1 In-Reply-To: <20010208092626.B26351@testquest.com> Message-ID: Hi, Your right. I've come to the conclusion that this is happening on Win2k and NT clients.. I tried with a few win98 and its working. Not very well tho. I'm getting the following in dmesg: NAT: 0 dropping untracked packet c77b44e0 1 10.200.1.2 -> 224.0.0.2 NAT: 0 dropping untracked packet c77b44e0 1 10.200.1.2 -> 224.0.0.2 NAT: 0 dropping untracked packet c77b44e0 1 10.200.1.2 -> 224.0.0.2 NAT: 0 dropping untracked packet c77b49e0 1 10.200.1.2 -> 10.200.1.254 NAT: 0 dropping untracked packet c77b49e0 1 10.200.1.2 -> 10.200.1.254 NAT: 0 dropping untracked packet c77b49e0 1 10.200.1.2 -> 10.200.1.254 NAT: 0 dropping untracked packet c77b49e0 1 10.200.1.2 -> 10.200.1.254 NAT: 0 dropping untracked packet c77b49e0 1 10.200.1.2 -> 10.200.1.254 NAT: 0 dropping untracked packet c77b49e0 1 10.200.1.2 -> 10.200.1.254 NAT: 0 dropping untracked packet c77b49e0 1 10.200.1.2 -> 10.200.1.254 NAT: 0 dropping untracked packet c77b49e0 1 10.200.1.2 -> 10.200.1.254 NAT: 0 dropping untracked packet c77b49e0 1 10.200.1.2 -> 10.200.1.254 NAT: 0 dropping untracked packet c77b49e0 1 10.200.1.2 -> 10.200.1.254 NET: 13 messages suppressed. NAT: 0 dropping untracked packet c77b49e0 1 10.200.1.2 -> 10.200.1.254 NET: 22 messages suppressed. Also, my ping responses are. Horrible... This is over a 100meg ethernet. demo:~# ping 10.200.1.2 PING 10.200.1.2 (10.200.1.2): 56 data bytes 64 bytes from 10.200.1.2: icmp_seq=0 ttl=128 time=17.6 ms 64 bytes from 10.200.1.2: icmp_seq=1 ttl=128 time=15.4 ms 64 bytes from 10.200.1.2: icmp_seq=2 ttl=128 time=15.3 ms 64 bytes from 10.200.1.2: icmp_seq=3 ttl=128 time=15.2 ms 64 bytes from 10.200.1.2: icmp_seq=4 ttl=128 time=15.1 ms 64 bytes from 10.200.1.2: icmp_seq=5 ttl=128 time=14.7 ms --- 10.200.1.2 ping statistics --- 6 packets transmitted, 6 packets received, 0% packet loss round-trip min/avg/max = 14.7/15.5/17.6 ms demo:~# Even better check out this loss on a flood: demo:~# ping -f 10.200.1.2 PING 10.200.1.2 (10.200.1.2): 56 data bytes ............................................................................................................................................... --- 10.200.1.2 ping statistics --- 246 packets transmitted, 100 packets received, 59% packet loss round-trip min/avg/max = 15.5/280.0/359.9 ms demo:~# And one more thing. It appears poptop (1.0.1) doesnt realize when interfaces come down. I.e, it gave out 10.200.1.1 to ppp0 an hour ago, then that client quit. Now ppp0 gets 10.200.1.2. Is this normal ? Here is a quote from the stock pptpd.conf # 2. If you give more IP addresses than MAX_CONNECTIONS, it will # start at the beginning of the list and go until it gets # MAX_CONNECTIONS IPs. Others will be ignored. # I'm not sure if that means it won't recycle until it gets to the end.? Anyone else seeing these problems? -- Joe On Thu, 8 Feb 2001, Kelly Black wrote: > > Check the route table on the client end. I am seeing the same thing > happening on one of my clients access. The route to the VPN tunnel > interface is not being added to the route table, and I am not sure why > this is happening. > > Kelly Black > Sys Admin > TestQuest, Inc. > On Thu, Feb 08, 2001 at 07:47:05AM -0500, Joey Coco wrote: > > > > Hello, > > > > I've got this far. It conencts, authentictes, gives my win98/win2000 > > clients an IP address. But I cannot ping or telnet or anything accross. > > Here is the log info, and ifconfig result: > > > > info, and notice logs to /var/adm/messages: > > > > Feb 8 22:43:22 demo login[277]: ROOT LOGIN on `tty1' > > Feb 8 22:46:33 demo pptpd[334]: CTRL: Client 216.20.15.63 control > > connection started > > Feb 8 22:46:33 demo pptpd[334]: CTRL: Starting call (launching pppd, > > opening GRE) > > Feb 8 22:46:33 demo pppd[335]: pppd 2.4.0b4 started by anesthes, uid 0 > > Feb 8 22:46:33 demo pppd[335]: Using interface ppp0 > > Feb 8 22:46:33 demo pppd[335]: Connect: ppp0 <--> /dev/ttyp0 > > Feb 8 22:46:35 demo pppd[335]: MSCHAP-v2 peer authentication succeeded > > for anesthes > > Feb 8 22:46:35 demo pppd[335]: local IP address 10.200.1.254 > > Feb 8 22:46:35 demo pppd[335]: remote IP address 10.200.1.1 > > Feb 8 22:46:35 demo pppd[335]: MPPE 128 bit, stateless compression > > enabled > > > > err logs to /var/adm/syslog: > > > > Feb 8 22:46:33 demo pptpd[334]: GRE: Discarding duplicate packet > > Feb 8 22:46:35 demo pptpd[334]: CTRL: Ignored a SET LINK INFO packet with > > real ACCMs! > > > > And debug to /var/adm/debug: > > > > Feb 8 22:46:35 demo pppd[335]: sent [CCP ConfNak id=0x6 ] > > Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfReq id=0x7 > > > 0.0.0.0> > ] > > Feb 8 22:46:35 demo pppd[335]: sent [IPCP ConfReq id=0x2 > 10.200.1.254>] > > Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfRej id=0x1 > > > 0 0 60>] > > Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfReq id=0x8 ] > > Feb 8 22:46:35 demo pppd[335]: sent [CCP ConfAck id=0x8 ] > > Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfReq id=0x9 ] > > Feb 8 22:46:35 demo pppd[335]: sent [IPCP ConfNak id=0x9 > 10.200.1.1>] > > Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfAck id=0x2 > 10.200.1.254>] > > Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfNak id=0x2 ] > > Feb 8 22:46:35 demo pppd[335]: sent [CCP ConfReq id=0x3 ] > > Feb 8 22:46:35 demo pppd[335]: rcvd [IPCP ConfReq id=0xa > 10.200.1.1>] > > Feb 8 22:46:35 demo pppd[335]: sent [IPCP ConfAck id=0xa > 10.200.1.1>] > > Feb 8 22:46:35 demo pppd[335]: rcvd [CCP ConfAck id=0x3 ] > > Feb 8 22:47:33 demo pptpd[334]: CTRL: Received PPTP Control Message > > (type: 5) > > Feb 8 22:47:33 demo pptpd[334]: CTRL: Made a ECHO RPLY packet > > Feb 8 22:47:33 demo pptpd[334]: CTRL: I wrote 20 bytes to the client. > > > > > > # ifconfig ppp0 > > ppp0 Link encap:Point-to-Point Protocol > > inet addr:10.200.1.254 P-t-P:10.200.1.1 Mask:255.255.255.255 > > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > > RX packets:1889 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 > > > > demo:/var/log# ping 10.200.1.1 > > PING 10.200.1.1 (10.200.1.1): 56 data bytes > > > > --- 10.200.1.1 ping statistics --- > > 4 packets transmitted, 0 packets received, 100% packet loss > > demo:/var/log# ifconfig ppp0 > > ppp0 Link encap:Point-to-Point Protocol > > inet addr:10.200.1.254 P-t-P:10.200.1.1 Mask:255.255.255.255 > > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > > RX packets:1892 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 > > > > Anyone have any ideas?? > > > > > > demo:/var/log# uname -a > > Linux demo 2.4.1 #1 Wed Feb 7 21:25:25 EST 2001 i586 unknown > > demo:/var/log# pppd --version > > pppd version 2.4.0b4 > > > > The two patches I used: > > > > linux-2.4.0-openssl-0.9.6-mppe.patch.gz > > ppp-2.4.0-openssl-0.9.6-mppe.patch.gz > > > > I tried with kernel 2.4.0, and pppd 2.4.0, still the same results.n > > > > -- Joe > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ / "I'd like to think that everything is beautiful, and I'd like to think / \ that everything is fair. I'd like to think that everything is plentiful,\ / and i'd like to think that every body cares. We'd like to thank you.." / \ \ / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n / \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n c. From dreadboy at hotmail.com Thu Feb 8 18:56:26 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Thu, 08 Feb 2001 17:56:26 -0700 Subject: [pptp-server] Almost there! =) A few more helpful hints will get me on my way... Message-ID: >>I've made SaMBa the main WINS server assigned by DHCPD on the Linux box, >>etc. - the way it's always been, anyway. > >WINS server assignment through DHCP is valid, but only for clients >configured to use DHCP to configure the TCP/IP stack. Keep in mind, when >using a PopTop PPTP server - PPTP clients are configured through pppd >options, not DHCP. Although - On the other side of the coin, Microsoft's >PPTP server can be configured to use DHCP to configure remote PPTP clients. Right. I only use DHCP for local connections, I don't expect it to work for PPTP. >> >>I edited /etc/pptpd.conf with the line: >> >> ms-wins 192.168.0.2 > >BZZT! I hope the above is a type-o, but ms-wins is a pppd option, not a >PPTP >option. FYI: from man pppd OK. I didn't realize this. Should I then put the ms-wins statement in /etc/ppp/options vs /etc/ppp/options/pptp ? >> >>I've changed the samba resolve order to wins, lmhosts, blah, blah, blah... >>I've even added corresponding entries to >>/etc/lmhosts for a few machines on my network. > >The default search order should be fine. Also, its rather hard to debug >WINS >related problems when you add entries to the lmhosts file. OK, I'll toast the lmhosts file then. Should I also toast the hosts file? >Based on your post, it sounds like you do not have WINS/Samba setup >properly. Without seeing your smb.conf file, I would only be guessing at >what the problem. OK, I'll post all of the related files at the bottom of this message. Thanks to everyone who's muddled me through this stuff. =) P.S. Is there anyway to "follow up" a message directly on the message board? I seem to have to mail my message each time. --- /etc/smb.conf --- workgroup = WestLogic server string = Linux Samba Server hosts allow = 192.168.0. 127. security = user encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/smbusers include = /etc/smb.conf.%m socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #eth0 and eth1 - so don't want NetBIOS hanging its arse off my ext eth interfaces = 192.168.0.0/24 bind interfaces only = yes remote announce = 192.168.0.255 local master = yes domain master = yes preferred master = yes name resolve order = wins lmhosts bcast wins support = yes wins proxy = yes preserve case = yes case sensitive = yes --- /var/lock/samba/browse.dat --- "WESTLOGIC" c0001000 "WL2" "WESTLOGIC" "WL2" 400d9a03 "Linux Samba Server" "WESTLOGIC" "WL1" 40019603 "WestLogic Server" "WESTLOGIC" "MICKEY" 40412203 "Craig's Hunk Of Ham" "WESTLOGIC" "CRAIG" 40011003 "" "WESTLOGIC" --- /var/lock/samba/wins.dat --- VERSION 1 140101 "__MSBROWSE__#01" 982124812 255.255.255.255 e4R "CRAIG#00" 982192619 192.168.0.16 64R "CRAIG#20" 982192619 192.168.0.16 64R "CRAIG#6a" 982192636 192.168.0.16 64R "CRAIG#87" 982192636 192.168.0.16 64R "INET~SERVICES#1c" 982197525 192.168.0.1 e4R "IS~WL1#00" 982197524 192.168.0.1 64R "MICKEY#00" 982192017 192.168.0.19 4R "MICKEY#03" 982192017 192.168.0.19 4R "MICKEY#20" 982192017 192.168.0.19 4R "WESTLOGIC#00" 982197525 255.255.255.255 c4R "WESTLOGIC#1b" 982197427 192.168.0.2 44R "WESTLOGIC#1e" 982197427 255.255.255.255 c4R "WL1#00" 982197525 192.168.0.1 64R "WL1#03" 982197525 192.168.0.1 64R "WL1#06" 982197525 192.168.0.1 64R "WL1#20" 982197525 192.168.0.1 64R "WL1#6a" 982197525 192.168.0.1 64R "WL1#87" 982197525 192.168.0.1 64R "WL2#00" 982197427 192.168.0.2 46R "WL2#03" 982197427 192.168.0.2 46R "WL2#20" 982197427 192.168.0.2 46R "WORKGROUP#00" 982124604 255.255.255.255 e4R "WORKGROUP#1e" 982124604 255.255.255.255 e4R --- /etc/pptpd.conf --- option /etc/ppp/options.pptp debug localip 192.168.0.128-135 remoteip 192.168.0.136-143 --- /etc/ppp/options.pptp --- debug name wl2 mru 1450 mtu 1450 auth require-chap #lock proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless #ms-wins 192.168.0.2 --- /etc/ppp/chap-secrets --- # Force IPs with next two lines #craig wl2 password 192.168.0.201 #westlogic\\craig wl2 password 192.168.0.202 craig wl2 password * westlogic\\craig wl2 password * --- /etc/dhcpd.conf --- subnet 192.168.0.0 netmask 255.255.255.0 { option routers 192.168.0.2; option subnet-mask 255.255.255.0; option domain-name "westlogic"; # External ISP's name servers below option domain-name-servers w.x.y.z,a.b.c.d; option time-offset -7; # Mountain Standard Time option netbios-name-servers 192.168.0.2; range dynamic-bootp 192.168.0.16 192.168.0.127; default-lease-time 21600; max-lease-time 43200; } _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From vu at sivell.com Thu Feb 8 21:18:04 2001 From: vu at sivell.com (Vu Pham) Date: Thu, 8 Feb 2001 21:18:04 -0600 Subject: [pptp-server] PPP2.4.0b4 Kernel 2.4.1 References: <20010208092626.B26351@testquest.com> Message-ID: <016001c09246$eb1064a0$c802a8c0@khoapham> > > The two patches I used: > > > > linux-2.4.0-openssl-0.9.6-mppe.patch.gz > > ppp-2.4.0-openssl-0.9.6-mppe.patch.gz > > I amsuing 2.4.1 & ppp2.4.0b4, too.Where can I download these patches ? I search on google but find nothing. Thanks, Vu From acline at rimvisions.com Thu Feb 8 20:59:47 2001 From: acline at rimvisions.com (Aaron Cline) Date: Thu, 8 Feb 2001 21:59:47 -0500 Subject: [pptp-server] 2.0.34 and MIPS Message-ID: <01020821594702.03519@eros> Ok: This is a biggy. I am trying, actually dying, to use this PPTP server on a MIPS machine running the 2.0.34. When I try to compile I get the following. cd . && /home/users/admin/pptpd-1.0.1/missing aclocal WARNING: `aclocal' is missing on your system. You should only need it if you modified `acinclude.m4' or `configure.in'. You might want to install the `Automake' and `Perl' packages. Grab them from any GNU archive site. cd . && /home/users/admin/pptpd-1.0.1/missing automake --foreign Makefile WARNING: `automake' is missing on your system. You should only need it if you modified `Makefile.am', `acinclude.m4' or `configure.in'. You might want to install the `Automake' and `Perl' packages. Grab them from any GNU archive site. cd . && autoconf autoconf: Undefined macros: configure.in:14:AC_EXEEXT configure.in:15:AC_OBJEXT make: *** [configure] Error 1 I am using gcc 2.7.2 Is this my problem or is it the kernel or can anyone tell me. I would greatly appreciate any information possible. Any successes with a MIPS or any failures. Thanks, -- Aaron Cline CCNA, Self Proclamed Linux Quasi-Guru, A+ RIM Visions Unlimited acline at rimvisions.com "Just because you act like a dork doesn't make you a geek." (Bob Myers) "Telnet - The original pcAnywhere." (Me) "Cause it's cool like that." (Marcus G.) From neale at lowendale.com.au Thu Feb 8 23:30:36 2001 From: neale at lowendale.com.au (Neale Banks) Date: Fri, 9 Feb 2001 16:30:36 +1100 (EST) Subject: [pptp-server] 2.0.34 and MIPS In-Reply-To: <01020821594702.03519@eros> Message-ID: On Thu, 8 Feb 2001, Aaron Cline wrote: > This is a biggy. I am trying, actually dying, to use this PPTP server on a > MIPS machine running the 2.0.34. When I try to compile I get the following. IIRC, a kernel upgrade is definitely recommended here (not related to PPTP, just general security issues). 2.0.38 has been *very* stable and secure; 2.0.39 came out recently. > cd . && /home/users/admin/pptpd-1.0.1/missing aclocal > WARNING: `aclocal' is missing on your system. You should only need it if > you modified `acinclude.m4' or `configure.in'. You might want > to install the `Automake' and `Perl' packages. Grab them from > any GNU archive site. What's unclear or bizzare about this (sounds like you need whatever package in your distro which includes automake)? [...] > make: *** [configure] Error 1 > > I am using gcc 2.7.2 Is this my problem or is it the kernel or can anyone > tell me. I would greatly appreciate any information possible. Any successes > with a MIPS or any failures. Can't speak for MIPS specifically, but I'd go with a kernel upgrade (assuming you're not in a completely trusted environment) and installation of whatever apckage includes "automake" plus anything that depends on. Oh yeah, perl too (but I'm figuring you probably have that on board already). HTH, Neale. From vgill at technologist.com Thu Feb 8 23:32:33 2001 From: vgill at technologist.com (Gill, Vern) Date: Thu, 8 Feb 2001 21:32:33 -0800 Subject: [pptp-server] PPP2.4.0b4 Kernel 2.4.1 Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C56@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> ftp://ftp.binarix.com/pub/ppp-mppe/ -----Original Message----- From: Vu Pham [mailto:vu at sivell.com] Sent: Thursday, February 08, 2001 7:18 PM To: Kelly Black; pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPP2.4.0b4 Kernel 2.4.1 > > The two patches I used: > > > > linux-2.4.0-openssl-0.9.6-mppe.patch.gz > > ppp-2.4.0-openssl-0.9.6-mppe.patch.gz > > I amsuing 2.4.1 & ppp2.4.0b4, too.Where can I download these patches ? I search on google but find nothing. Thanks, Vu _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From Steve at SteveCowles.com Thu Feb 8 23:59:34 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Thu, 8 Feb 2001 23:59:34 -0600 Subject: [pptp-server] Almost there! =) A few more helpful hints wil l get me on my way... Message-ID: <90769AF04F76D41186C700A0C90AFC3EE650@defiant.infohiiway.com> > -----Original Message----- > From: Dread Boy [mailto:dreadboy at hotmail.com] > Sent: Thursday, February 08, 2001 6:56 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Almost there! =) A few more helpful hints will > get me on my way... > > > > I've made SaMBa the main WINS server assigned by DHCPD > > > on the Linux box, etc. - the way it's always been, anyway. > > > > WINS server assignment through DHCP is valid, but only for > > clients configured to use DHCP to configure the TCP/IP stack. > > Keep in mind, when using a PopTop PPTP server - PPTP clients > > are configured through pppd options, not DHCP. Although - On > > the other side of the coin, Microsoft's PPTP server can be > > configured to use DHCP to configure remote PPTP clients. > > Right. I only use DHCP for local connections, I don't expect > it to work for PPTP. > > > > > > > I edited /etc/pptpd.conf with the line: > > > > > > ms-wins 192.168.0.2 > > > > BZZT! I hope the above is a type-o, but ms-wins is a pppd > > option, not a PPTP option. FYI: from man pppd > > OK. I didn't realize this. Should I then put the ms-wins > statement in /etc/ppp/options vs /etc/ppp/options/pptp ? Based on the "option" parameter in your /etc/pptpd.conf file... the ms-wins option would be placed in the /etc/ppp/options.pptp file. > > > > > > I've changed the samba resolve order to wins, lmhosts, > > > blah, blah, blah... I've even added corresponding > > > entries to /etc/lmhosts for a few machines on my network. > > > > The default search order should be fine. Also, its rather > > hard to debug WINS related problems when you add entries > > to the lmhosts file. > > OK, I'll toast the lmhosts file then. Should I also toast > the hosts file? On all of my pptp clients and even the hosts on the LAN, the lmhosts and hosts file are blank. Well... with the exception of the loopback interface in the hosts file. That entry should already be there. > > > Based on your post, it sounds like you do not have > > WINS/Samba setup properly. Without seeing your smb.conf > > file, I would only be guessing at what the problem. > > OK, I'll post all of the related files at the bottom of this > message. Thanks to everyone who's muddled me through this > stuff. =) > > P.S. Is there anyway to "follow up" a message directly on > the message board? I seem to have to mail my message each > time. I have always used e-mail to reply to this list. > > --- /etc/smb.conf --- > workgroup = WestLogic > server string = Linux Samba Server > hosts allow = 192.168.0. 127. > security = user > encrypt passwords = yes > smb passwd file = /etc/smbpasswd > unix password sync = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n > *ReType*new*UNIX*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* > username map = /etc/smbusers > include = /etc/smb.conf.%m > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > #eth0 and eth1 - so don't want NetBIOS hanging its arse > off my ext eth > interfaces = 192.168.0.0/24 I have always set this to the IP address/netmask or interface name that I want active, not the network address. > bind interfaces only = yes Are you sure you want to use this parameter??? From the man pages regarding the use of bind interfaces only: For file service it causes smbd to bind only to the interface list given in the ?interfaces? parameter. This restricts the networks that smbd will serve to packets coming in those interfaces. Note that you should not use this parameter for machines that are <--- serving PPP or other intermittent or non-broadcast <--- network interfaces as it will not cope with non- <--- permanent interfaces. > remote announce = 192.168.0.255 > local master = yes > domain master = yes > preferred master = yes Since I do not understand your network architecture i.e. domain/workgroup, I'm assuming you want this system to win the master browser election process. To insure that is does... I would try adding os level = 100 > name resolve order = wins lmhosts bcast > wins support = yes > wins proxy = yes Is there a reason you are using WINS proxy? > preserve case = yes > case sensitive = yes > I don't know if you have had a chance to read some of the samba docs, but a good starting place is BROWSE.txt. On my system, its located in the /usr/doc/samba/docs/textdocs directory. If you have the samba source tree, its included in the docs directoy. Steve Cowles From dreadboy at hotmail.com Fri Feb 9 01:01:21 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Fri, 09 Feb 2001 00:01:21 -0700 Subject: [pptp-server] Stripping domainname and SMB password sync... Message-ID: Quick questions: 1) I have the pamsmb.pat file. Is this the right one I should have to strip domainnames off of Windoze clients, and optionally do the SMB password thing? 2) If so, how exactly do I apply the patch. It keeps asking me for the filename to patch. I dunno... The other patches seem to apply to an entire directory tree automatically wihtout asking such things. The patch file itself doesn't seem to offer a hint, and I can find no documentation on the sites I downloaded the patch from that can shed any light on this either. I know others have done it, but I'm not entirely sure how to do it myself. Does anyone know of the top of their head? 3) I assume the SMB password thing only works when you specify &/etc/smbpasswd& as the password line in /etc/ppp/chap-secrets. IS this correct? 4) I assume using the &/etc/smbpasswd& option is optional, one can still use typed plain-text passwords directly in chap-secrets. Is this true? 5) When logging in does the fact that chap-secrets' passwords are in plain text also mean that the password from the client is also sent in plain text or is it encrypted first, then somehow decoded before chap-secrets get a hold of it for verification? Thx all. Everyone on this mailing list has been of great help so far. =) Muchly appreciated. _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From dreadboy at hotmail.com Fri Feb 9 01:02:54 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Fri, 09 Feb 2001 00:02:54 -0700 Subject: [pptp-server] Almost there! =) A few more helpful hints wil l get me on my way... Message-ID: Thx, Steve. >From: "Cowles, Steve" >To: "'Dread Boy'" , pptp-server at lists.schulte.org >Subject: RE: [pptp-server] Almost there! =) A few more helpful hints wil >l get me on my way... >Date: Thu, 8 Feb 2001 23:59:34 -0600 > > > -----Original Message----- > > From: Dread Boy [mailto:dreadboy at hotmail.com] > > Sent: Thursday, February 08, 2001 6:56 PM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] Almost there! =) A few more helpful hints will > > get me on my way... > > > > > > I've made SaMBa the main WINS server assigned by DHCPD > > > > on the Linux box, etc. - the way it's always been, anyway. > > > > > > WINS server assignment through DHCP is valid, but only for > > > clients configured to use DHCP to configure the TCP/IP stack. > > > Keep in mind, when using a PopTop PPTP server - PPTP clients > > > are configured through pppd options, not DHCP. Although - On > > > the other side of the coin, Microsoft's PPTP server can be > > > configured to use DHCP to configure remote PPTP clients. > > > > Right. I only use DHCP for local connections, I don't expect > > it to work for PPTP. > > > > > > > > > > I edited /etc/pptpd.conf with the line: > > > > > > > > ms-wins 192.168.0.2 > > > > > > BZZT! I hope the above is a type-o, but ms-wins is a pppd > > > option, not a PPTP option. FYI: from man pppd > > > > OK. I didn't realize this. Should I then put the ms-wins > > statement in /etc/ppp/options vs /etc/ppp/options/pptp ? > >Based on the "option" parameter in your /etc/pptpd.conf file... the ms-wins >option would be placed in the /etc/ppp/options.pptp file. OK. Some HOWTO's state to use options vs options.pptp, just whatever the last one I used, I guess. > > > > > > > > I've changed the samba resolve order to wins, lmhosts, > > > > blah, blah, blah... I've even added corresponding > > > > entries to /etc/lmhosts for a few machines on my network. > > > > > > The default search order should be fine. Also, its rather > > > hard to debug WINS related problems when you add entries > > > to the lmhosts file. > > > > OK, I'll toast the lmhosts file then. Should I also toast > > the hosts file? > >On all of my pptp clients and even the hosts on the LAN, the lmhosts and >hosts file are blank. Well... with the exception of the loopback interface >in the hosts file. That entry should already be there. Yes, I've done this now. > > > > > Based on your post, it sounds like you do not have > > > WINS/Samba setup properly. Without seeing your smb.conf > > > file, I would only be guessing at what the problem. > > > > OK, I'll post all of the related files at the bottom of this > > message. Thanks to everyone who's muddled me through this > > stuff. =) > > > > P.S. Is there anyway to "follow up" a message directly on > > the message board? I seem to have to mail my message each > > time. > >I have always used e-mail to reply to this list. OK. I was just wondering how some people manage to follow up directly to a given question, rather than posting a new message at the bottom of the thread list. > > > > --- /etc/smb.conf --- > > workgroup = WestLogic > > server string = Linux Samba Server > > hosts allow = 192.168.0. 127. > > security = user > > encrypt passwords = yes > > smb passwd file = /etc/smbpasswd > > unix password sync = Yes > > passwd program = /usr/bin/passwd %u > > passwd chat = *New*UNIX*password* %n\n > > *ReType*new*UNIX*password* %n\n > > *passwd:*all*authentication*tokens*updated*successfully* > > username map = /etc/smbusers > > include = /etc/smb.conf.%m > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > #eth0 and eth1 - so don't want NetBIOS hanging its arse > > off my ext eth > > interfaces = 192.168.0.0/24 > >I have always set this to the IP address/netmask or interface name that I >want active, not the network address. So really, I should have "interfaces = eth0" instead? > > bind interfaces only = yes ? >Are you sure you want to use this parameter??? From the man pages regarding Pretty sure. I set SMB up at one of my clients without doing this and they were attacked via the NetBIOS port (139) of the external interface. I always make sure to close 139 for NT and Linux Samba servers - always. Otherwise, the risk is there for outsiders to poke around the share list of not just the Linux gateway, but other machines on the private LAN. The one thing is that when a pptp client connects, they are given a remote and local IP within the 192.168 subnet, so really SMB should be running just fine in theory. What do you think? I'd really hate to have to tell my clients that we'll have to open that NetBIOS port again for them to use pptp, especially when I know it can be done under NT without dangling the dreaded port 139 wide open to the Internet. >the use of bind interfaces only: > > For file service it causes smbd to bind only to the > interface list given in the ?interfaces? parameter. > This restricts the networks that smbd will serve to > packets coming in those interfaces. Note that you > should not use this parameter for machines that are <--- > serving PPP or other intermittent or non-broadcast <--- > network interfaces as it will not cope with non- <--- > permanent interfaces. > > > remote announce = 192.168.0.255 > > local master = yes > > domain master = yes > > preferred master = yes > >Since I do not understand your network architecture i.e. domain/workgroup, >I'm assuming you want this system to win the master browser election >process. To insure that is does... I would try adding > > os level = 100 OK. This may help. Thx. > > > name resolve order = wins lmhosts bcast > > wins support = yes > > wins proxy = yes > >Is there a reason you are using WINS proxy? Sorry, I disabled that line just after I sent this message. (My own stupidity.) I was swapping WINS control back and forth between my NT server and my Linux box to test incoming pptp connections. The NT box was misbehaving without it being able to be THE primary wins server. > > > preserve case = yes > > case sensitive = yes > > > >I don't know if you have had a chance to read some of the samba docs, but a >good starting place is BROWSE.txt. On my system, its located in the >/usr/doc/samba/docs/textdocs directory. If you have the samba >source tree, its included in the docs directoy. > > >Steve Cowles OK. Thx, man. _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From dreadboy at hotmail.com Fri Feb 9 01:50:44 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Fri, 09 Feb 2001 00:50:44 -0700 Subject: [pptp-server] Almost there! =) A few more helpful hints wil l get me on my way... Message-ID: > > > > interfaces = 192.168.0.0/24 > > > > > > I have always set this to the IP address/netmask or > > > interface name that I >want active, not the network > > > address. > > > > So really, I should have "interfaces = eth0" instead? > > > >either form should work. I use interfaces = 192.168.9.3/24, not the network >address. Ah... I've gotcha now. Just put 192.168.0.2/24. Great. Thx. > > > > > bind interfaces only = yes > > > > > Are you sure you want to use this parameter??? From the man > > > pages regarding > > > > Pretty sure. I set SMB up at one of my clients without doing > > this and they were attacked via the NetBIOS port (139) of the > > external interface. I always make sure to close 139 for NT and > > Linux Samba servers - always. > > > Otherwise, the risk is there for outsiders to poke around the > > share list of not just the Linux gateway, but other machines > > on the private LAN. > > > > The one thing is that when a pptp client connects, they are > > given a remote and local IP within the 192.168 subnet, so > > really SMB should be running just fine in theory. What do > > you think? > >I actually write security policies for corporations and install firewalls >for a living. So I understand the importance of closing off these ports. >Are >you sure you understand where you need to be blocking these ports??? i.e. >the external interface and samba, not ppp0 > >When I setup a samba server that also has a physical connection to the >internet and running samba : > >1) I configure Samba to not accept nmd/smb requests on the external >interface using the "interface" statement. > >With your samba configuration, by including the "bind interfaces only" >parameter, your telling samba to ONLY allow smb packets on the bound >interfaces at bootup (eth0 or eth1, not ppp0). What happens when the kernel >creates a ppp0 device when a PPTP client connects?? Samba is not going to >accept smb packets from ppp0. OK. I thought the 192.168.0.0/24 would include the entire internal network regardless of interface seeing that pptp clients would grab an IP from this range. My mistake. > >2) Using ipchains... I DENY ports 137:139 on the external interface (eth0), >NOT the ppp interfaces. i.e. You want smb/nmb packets to be accepted on >ppp0 >(from the tunnel) and then forwarded to your internal interface to be >routed. > >FWIW: IN a perfect world... Your firewall should be forwarding inbound pptp >connections to a masq PPTP and/or samba server. This is what I do. My linux >based firewall is strictly a firewall. It runs no applications to be >exploited. I configure it to port forward inbound PPTP connections to a >masqueraded PPTP server behind the firewall. i.e. It accepts inbound PPTP >connections port/protocol 1723/47, but denys ports 137:139. > > > > > I'd really hate to have to tell my clients that we'll have to > > open that NetBIOS port again for them to use pptp, especially > > when I know it can be done under NT without dangling the > > dreaded port 139 wide open to the Internet. > > > >If samba and ipchains are properly configured, you should not have to open >these ports to the world. I have never had one of my customers exploited >using ports 137:139. The key is your ipchain rules on the external >interface. Oh man, they might as well write ipchains in Greek or Zimbabwean. =( I just don't get it. As many times as I've tried to allow access to an FTP server behind my firewall, tried to link to another web server (i.e. BeOS Poorman), etc, etc. I just can't get it. Right on! If I provide my ipchains startup script below, would you be able to fill in the missing blanks for sealing eth1 netbios ports? =) That would be swell. Also, can you include the lines I would need for GRE so I can connect to other VPNs outside of my firewall? Thx. The problem I've been having in the past is that everyone examples for ipchains regarding the above two things never specify interfaces, whereas my ipchains statements always include "-i eth0" or "-i eth1". Thx, Steve. #!/bin/sh # A simple example of ipchains saved as /etc/rc.d/rc.firewall # #PATH=/sbin:/bin:/usr/sbin:/usr/bin echo "Executing Firewall script... (/etc/rc.d/rc.firewall)" # Load required ip_masq modules (FTP included here) /sbin/depmod -a #/sbin/modprobe ip_masq_vpn /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_irc /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_quake /sbin/modprobe ip_masq_vdolive # Enable IP forwarding echo "1" > /proc/sys/net/ipv4/ip_forward # Assign external IP variables extif="eth1" #extip="24.68.222.94" extip=`/sbin/ifconfig | grep -A 4 eth1 | awk '/inet/ { print $2 } ' | sed -e s/addr://` # Assign internal IP variables intif="eth0" intnet="192.168.0.0/24" intip=192.168.0.2 # Assign misc variables any="0.0.0.0/0" echo - Initializing router/gateway on eth0/eth1 echo - Internal IP on eth0: $intip echo - External IP on eth1: $extip echo # Initialize MASQ timeout and standard chains ipchains -M -S 7200 10 60 ipchains -F input ipchains -P input REJECT ipchains -F output ipchains -P output REJECT ipchains -F forward ipchains -P forward DENY # Setup input policy # local interface, local machines, going anywhere is valid ipchains -A input -i $intif -s $intnet -d $any -j ACCEPT # reject IP spoofing where external computer claims to be a local ipchains -A input -i $extif -s $intnet -d $any -l -j REJECT # allow external access via external interface ipchains -A input -i $extif -s $any -d $extip/32 -j ACCEPT # loopback interface is valid ipchains -A input -i lo -s $any -d $any -j ACCEPT # Setup output policy # all outgoing traffic is allowed ipchains -A output -i $intif -s $any -d $intnet -j ACCEPT # prevent traffic for local network from using external interface ipchains -A output -i $extif -s $any -d $intnet -l -j REJECT # prevent traffic from local network from using external interface ipchains -A output -i $extif -s $intnet -d $any -l -j REJECT # anything else can go out ipchains -A output -i $extif -s $extip/32 -d $any -j ACCEPT # loopback interface is valid ipchains -A output -i lo -s $any -d $any -j ACCEPT # pptpd - Broken # Set the default forwarding policy to DENY: #ipchains -P forward DENY # Allow local-network traffic #ipchains -A input -j ACCEPT -s $intnet -d 0.0.0.0/0 -i eth0 #ipchains -A output -j ACCEPT -s 0.0.0.0/0 -d $intnet -i eth0 #ipchains -A forward -j MASQ -s $intnet -d 0.0.0.0/0 -i eth1 # Masquerade traffic for internet addresses and allow internet traffic #ipchains -A output -j ACCEPT -s 0.0.0.0/0 -d 0.0.0.0/0 -i eth1 #ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d 0.0.0.0/0 -i eth1 # GRE - Broken #ipchains -A input -i eth0 -p TCP -d 0.0.0.0/0 1723 -j ACCEPT #ipchains -A input -i eth0 -p 47 -j ACCEPT #ipchains -A output -i eth0 -p TCP -s 0.0.0.0/0 1723 -j ACCEPT #ipchains -A output -i eth0 -p 47 -j ACCEPT #ipchains -A input -i eth1 -p TCP -d 0.0.0.0/0 1723 -j ACCEPT #ipchains -A input -i eth1 -p 47 -j ACCEPT #ipchains -A output -i eth1 -p TCP -s 0.0.0.0/0 1723 -j ACCEPT #ipchains -A output -i eth1 -p 47 -j ACCEPT # Setup forwarding policy # Masquerade local net traffic to anywhere ipchains -A forward -i $extif -s $intnet -d $any -j MASQ _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From jkreger at avidsolutionsinc.com Fri Feb 9 05:47:57 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Fri, 9 Feb 2001 06:47:57 -0500 Subject: [pptp-server] Windows 2k Routing and Remote Access Services Message-ID: <6B8A85826C35D31193BD0090278589C81DEFE3@CIC-EXCHANGE> I'm working with two Win2k servers that have RRAS installed, we're routing subnets between offices (well, one office, and one MIS staff person's house). We have found that it just stops working after time, The connection, and all. I'm thinking that the win2k boxes forget which network to properly route to... But, I can't even ping the other side's tunnel endpoint ip address, so its like it forgets entirlly. I have a WinNT 4 Server also running RRAS, and we have not had any such problems like this with that office, So I'm thinking its win2k. Any body run into this? any ideas? I'm pritty sure this is not a poptop problem, but I can't be sure at this time. Justin Kreger, MCP MCSE Network Administrator Avid Solutions, Inc. jkreger at avidsolutionsinc.com jkreger at earthling.penguinpowered.com From ed at ammocomp.com Fri Feb 9 06:38:21 2001 From: ed at ammocomp.com (Ed LaBonte) Date: Fri, 9 Feb 2001 07:38:21 -0500 Subject: [pptp-server] redhat 7 Message-ID: <000001c09295$30a9f140$670d00bd@acsed> Good Morning, I have recently decided to try redhat 7 and want to setup the pptp server on it. Before I do so, I figured I'd ask... Has anyone tried this successfully? Any tricks? Thanks Ed From vgill at technologist.com Fri Feb 9 08:15:51 2001 From: vgill at technologist.com (Gill, Vern) Date: Fri, 9 Feb 2001 06:15:51 -0800 Subject: [pptp-server] Stripping domainname and SMB password sync... Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C57@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> 3) I assume the SMB password thing only works when you specify &/etc/smbpasswd& as the password line in /etc/ppp/chap-secrets. IS this correct? Yes, this is correct. 4) I assume using the &/etc/smbpasswd& option is optional, one can still use typed plain-text passwords directly in chap-secrets. Is this true? Yes, this is correct. You can use both, but why? I don't know what the patch you have is, but if you would like to grab the patch I have compiled go here; http://linus.yi.org/smbpw-mppe-stripdom-requiremppe.diff.bz2 I didn't write any of this stuff, I only combined them into a single diff. This patch combines the following functions; mppe for ppp use smb passwd file strip ms domain require mppe require mppe-stateless To use this patch, you need the following; /etc/modules.conf alias ppp-compress-18 ppp_mppe /etc/ppp/chap-secrets * * &/home/samba/smbpasswd * /etc/ppp/options.pptpd chapms-strip-domain require-mppe require-mppe-stateless This should be applied to a pristine ppp-2.4.0 source tree. The top of the patch has the instructions for applying...] Again, I did NOT create these patches, I only combined them into one. Enjoy... From dolivier at bondedcollections.com Fri Feb 9 09:42:56 2001 From: dolivier at bondedcollections.com (Doug Olivier) Date: Fri, 9 Feb 2001 08:42:56 -0700 Subject: [pptp-server] Sending tty connects via vpn Message-ID: <005f01c092af$29d60d80$8da61dc7@dakotanet.com> Hello this is my first time addressing this mailing list so if my question has previously been answered ( I looked through archives) please bear with me. I have installed PopTop and current have win98 clients connecting correctly. My network: Win98 Clients Non-Employees \ \ Linux 2.2.17 Router/Firewall --> Dsl --> Internet --> Wireless Internet --> VPN Server --> Internal network -> Target Server / Wyse terminals The internal network is a mixed Novell, win, Unix environment using public IP's which we do not own (previous admin). Two things I need to do 1. Non-employees need access to only telnet the Target Server. I assume doing IP-allocation and special routing for these IP's would solve that. 2. The Linux Router/Firewall has to pass 6 dumb terminal connections to the same target server on the Internal network. Redirect gettys ? Any suggestions, links, stories of success with a similar setup would be appreciated. Douglas J. Olivier Network Administrator Bonded Collections of Tucson Inc. 520.322.7283 -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaa at netman.dk Fri Feb 9 13:44:11 2001 From: aaa at netman.dk (Alaa AlAmood) Date: Fri, 09 Feb 2001 20:44:11 +0100 Subject: [pptp-server] chage and pptp Message-ID: <3A84488B.BF28675F@netman.dk> Hi Is any body have idea how to use chage program to control the pptp users expiration date Thanks Alaa From ms at marcant.de Fri Feb 9 18:51:57 2001 From: ms at marcant.de (Matthias Suencksen) Date: Sat, 10 Feb 2001 01:51:57 +0100 Subject: [pptp-server] two problems: connection lost after 15 to 30 minutes / packet mix-upupon re-dialing Message-ID: <3A8490AD.4C7FC19B@marcant.de> > Matthias: > > I've seen similar problems to what you describe. On the sessions "going > away", I haven't invested any time yet (so hopefully someone has a > response). On the second, where multiple pids are running, I fixed it by > adding the following to the options file on the pptp server: > > lcp-echo-failure 10 > lcp-echo-interval 3 > yes .. that works quite well .. ! .. in the meantime I have spent some time debugging the other problem. Although I've found out some interesting things I couldn't find the real cause of the disconnects. For the record - the PPTP protocol requires that both link partners send "ACK" packets for any GRE packet received. The ACKs can go piggybacked with real data (the "payload"). After installing lots and lots of additional syslog() messages into the server ( displaying wheter a packet has a payload, an ACK or both and every packet's sequence number and every sequence number which is ack'ed ) I found out: The link goes on quite well for some time .. packet numbers increasing on both sides to (for example ) 5000 or even 20000. But sometimes the pptpd server will receive an ACK packet from the Windows98 peer which is completly nonsense , e.g. if the runnning sequence number is at 5000 the pptpd server will receive an ACK for sequence 166 or sequence 38232988. After this strange packet other ACKs are received which will continue the normal sequence. During a call with 20000 packets I get 4-5 of this bogus packets. I tried out the following: putting in some code which will drop these packets as they are obviously corrupt. I wonder where these sequence number come frome - packet corruption on the network or maybe bugs in either pptpd or the windows client ?? However even after dropping these corrupted ACKs ( and any attached payload data - I won't trust these packets ;) I still get disconnects. They seem to fall in two categories now: either the WIndows98 client says abruptly good-bye or the pptpd server's log is overflowing with "Unsupported Protocol" from the pppd. The next debugging step will be in the MPPE module I think .. I already target this "coherency count" stuff (which chooses the key to decrypt any given packet ) .. sigh !! :-) -- Matthias > This says "no response to lcp echo after 3 seconds is a failed echo" and "10 > failed echo's means connection is down". With this, the server closes the > "dead" (no response to echo requests for 30 seconds) connection after 30 > seconds, kill the process. You can adjust these times to suit your needs. > There is supposed to be a default value, but I found it only works if I > actually configure some value for these two variables. > > BTW I also add these on linux clients which also would die after some time. > This forces the ppp interface to go down, so I can restart a client. > > Hope this helpful > > Gord Belsey From acline at rimvisions.com Fri Feb 9 23:05:57 2001 From: acline at rimvisions.com (Aaron Cline) Date: Sat, 10 Feb 2001 00:05:57 -0500 Subject: [pptp-server] PPTP Question Message-ID: <01021000055701.04882@eros> I have what I'm sure is a basic question. If I use the PoPToP server with the Linux PPTP client, is my communication encrypted? If not, how do I make it so. Thanks for the help. -- Aaron Cline CCNA, Self Proclamed Linux Quasi-Guru, A+ RIM Visions Unlimited acline at rimvisions.com "Just because you act like a dork doesn't make you a geek." (Bob Myers) "Telnet - The original pcAnywhere." (Me) "Cause it's cool like that." (Marcus G.) From clawz at vcn.bc.ca Fri Feb 9 21:49:04 2001 From: clawz at vcn.bc.ca (Clement Law) Date: Sat, 10 Feb 2001 11:49:04 +0800 Subject: [pptp-server] Linux PPTP Server and Windows PPTP Client Message-ID: <01021011494800.04234@cr132773-d> Is there a way to enable the data encryption? From jkreger at avidsolutionsinc.com Sat Feb 10 14:35:00 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Sat, 10 Feb 2001 15:35:00 -0500 Subject: [pptp-server] Linux PPTP Server and Windows PPTP Client Message-ID: <6B8A85826C35D31193BD0090278589C81DEFE7@CIC-EXCHANGE> Yes.... you have to install mschap and mppe onto the linux box.... ofcorse, if your using ipsec, you dont need mppe. -----Original Message----- From: Clement Law [mailto:clawz at vcn.bc.ca] Sent: Friday, February 09, 2001 10:49 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Linux PPTP Server and Windows PPTP Client Is there a way to enable the data encryption? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From jkreger at avidsolutionsinc.com Sat Feb 10 15:53:03 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Sat, 10 Feb 2001 16:53:03 -0500 Subject: [pptp-server] Authenticating off a SMB server without PAM when using PAP! Message-ID: <6B8A85826C35D31193BD0090278589C81DEFE8@CIC-EXCHANGE> for all you who are interrested.... I finally finished taking libvalid off of the pamsmbd stuffs and attached it to pppd, you can find it at http://www.avidsolutionsinc.com/jkreger/index.html Email me if you cant get it to work. Justin Kreger, MCP MCSE Network Administrator Avid Solutions, Inc. Work E-Mail: jkreger at avidsolutionsinc.com Home E-Mail: jkreger at earthling.penguinpowered.com From clawz at vcn.bc.ca Sat Feb 10 00:12:43 2001 From: clawz at vcn.bc.ca (Clement Law) Date: Sat, 10 Feb 2001 14:12:43 +0800 Subject: [pptp-server] Linux PPTP Server and Windows PPTP Client In-Reply-To: <6B8A85826C35D31193BD0090278589C81DEFE7@CIC-EXCHANGE> References: <6B8A85826C35D31193BD0090278589C81DEFE7@CIC-EXCHANGE> Message-ID: <01021014165000.05108@cr132773-d> How do I get it working I've tried to do it on Redhat 7 but it keeps giving me errors, even when I'm tried to compile PPP 2.3.11. Just wondering if anyone got it working under Redhat 7... On Sun, 11 Feb 2001, you wrote: > Yes.... you have to install mschap and mppe onto the linux box.... ofcorse, > if your using ipsec, you dont need mppe. > > -----Original Message----- > From: Clement Law [mailto:clawz at vcn.bc.ca] > Sent: Friday, February 09, 2001 10:49 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Linux PPTP Server and Windows PPTP Client > > > Is there a way to enable the data encryption? > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From vgill at technologist.com Sat Feb 10 22:06:21 2001 From: vgill at technologist.com (Gill, Vern) Date: Sat, 10 Feb 2001 20:06:21 -0800 Subject: [pptp-server] Authenticating off a SMB server without PAM whe n using PAP! Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C5B@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Also, any chance of extracting out your changes into a seperate diff, or multiple files? I would like to use this with ppp-2.4.0, but I don't want a complete ppp tree, cuz I have several other patches that I use as well. Thanks. -----Original Message----- From: Justin Kreger [mailto:jkreger at avidsolutionsinc.com] Sent: Saturday, February 10, 2001 1:53 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Authenticating off a SMB server without PAM when using PAP! for all you who are interrested.... I finally finished taking libvalid off of the pamsmbd stuffs and attached it to pppd, you can find it at http://www.avidsolutionsinc.com/jkreger/index.html Email me if you cant get it to work. Justin Kreger, MCP MCSE Network Administrator Avid Solutions, Inc. Work E-Mail: jkreger at avidsolutionsinc.com Home E-Mail: jkreger at earthling.penguinpowered.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From jkreger at avidsolutionsinc.com Sat Feb 10 22:11:58 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Sat, 10 Feb 2001 23:11:58 -0500 Subject: [pptp-server] Authenticating off a SMB server without PAM whe n using PAP! Message-ID: <6B8A85826C35D31193BD0090278589C81C7F1F@CIC-EXCHANGE> I was going to make a patch today, but I did not get around to it, Tommarrow if I have time. As for a port to 2.4.... That will happen when we move our linux systems to linux 2.4.... atleast a month away, if not more... -----Original Message----- From: Gill, Vern To: 'Justin Kreger'; pptp-server at lists.schulte.org Sent: 2/10/01 11:06 PM Subject: RE: [pptp-server] Authenticating off a SMB server without PAM whe n using PAP! Also, any chance of extracting out your changes into a seperate diff, or multiple files? I would like to use this with ppp-2.4.0, but I don't want a complete ppp tree, cuz I have several other patches that I use as well. Thanks. -----Original Message----- From: Justin Kreger [mailto:jkreger at avidsolutionsinc.com] Sent: Saturday, February 10, 2001 1:53 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Authenticating off a SMB server without PAM when using PAP! for all you who are interrested.... I finally finished taking libvalid off of the pamsmbd stuffs and attached it to pppd, you can find it at http://www.avidsolutionsinc.com/jkreger/index.html Email me if you cant get it to work. Justin Kreger, MCP MCSE Network Administrator Avid Solutions, Inc. Work E-Mail: jkreger at avidsolutionsinc.com Home E-Mail: jkreger at earthling.penguinpowered.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From clawz at vcn.bc.ca Sat Feb 10 06:48:31 2001 From: clawz at vcn.bc.ca (Clement Law) Date: Sat, 10 Feb 2001 20:48:31 +0800 Subject: [pptp-server] Redhat V7.0 and Kernel V2.2.16-22 Message-ID: <01021020520500.05236@cr132773-d> I'm just wondering if anyone has made the modules for MPPE and the other one under Redhat 7.0 with Kernel 2.2.16-22. I'm getting a whole lot of errors when I'm trying to make the kernel stuff. Like what do I have to edit and so on. It would be muct appreciated if the people that know could help me out. Thanx in advance. From jkreger at avidsolutionsinc.com Sun Feb 11 09:40:31 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Sun, 11 Feb 2001 10:40:31 -0500 Subject: [pptp-server] Authenticating off a SMB server without PAM whe n using PAP! Message-ID: <6B8A85826C35D31193BD0090278589C81DEFEF@CIC-EXCHANGE> the patch is now at www.avidsolutionsinc.com/jkreger/ppp-smbpapauth.patch So... dose anybody know if a Server operator or an Accounts operator can pull a users password hash from a nt server with SMB? -----Original Message----- From: Gill, Vern [mailto:vgill at technologist.com] Sent: Saturday, February 10, 2001 11:06 PM To: 'Justin Kreger'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Authenticating off a SMB server without PAM whe n using PAP! Also, any chance of extracting out your changes into a seperate diff, or multiple files? I would like to use this with ppp-2.4.0, but I don't want a complete ppp tree, cuz I have several other patches that I use as well. Thanks. -----Original Message----- From: Justin Kreger [mailto:jkreger at avidsolutionsinc.com] Sent: Saturday, February 10, 2001 1:53 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Authenticating off a SMB server without PAM when using PAP! for all you who are interrested.... I finally finished taking libvalid off of the pamsmbd stuffs and attached it to pppd, you can find it at http://www.avidsolutionsinc.com/jkreger/index.html Email me if you cant get it to work. Justin Kreger, MCP MCSE Network Administrator Avid Solutions, Inc. Work E-Mail: jkreger at avidsolutionsinc.com Home E-Mail: jkreger at earthling.penguinpowered.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From clawz at vcn.bc.ca Sat Feb 10 19:23:24 2001 From: clawz at vcn.bc.ca (Clement Law) Date: Sun, 11 Feb 2001 09:23:24 +0800 Subject: [pptp-server] Redhat V7.0 and Kernel V2.2.16-22 In-Reply-To: <3A868D01.3E428D@cardinalengineering.com> References: <01021020520500.05236@cr132773-d> <3A868D01.3E428D@cardinalengineering.com> Message-ID: <01021109484600.09096@cr132773-d> Right now I'm using... glibc-2.2-12 gcc-2.96-69 kgcc-1.1.2-40 when I compile the kernel stuff, it automatically uses kgcc ok, this is how far I got for now... I have the following installed just to compile this thing. cpp 2.96-69 gcc 2.96-69 kgcc 1.1.2-40 glibc 2.2-12 glibc-common 2.2-12 glibc-devel 2.2-12 ncurses 5.2-2 ncurses-devel 5.2-2 openssl 0.9.5a-14 openssl-devel 0.9.5a-14 kernel 2.2.16-22 kernel-headers 2.4.0-0.26 kernel-source 2.2.16-22 binutils 2.10.0.18-1 make 3.79.1-5 patch 2.5.4-4 ppp-2.3.11-7 pptpd 1.0.1-1 This is what I have for the compiling part ppp.spec ppp-2.3.11.tar.gz ppp-2.3.11-make.patch ppp-2.3.6-smaple.patch ppp-2.3.9-wtmp.patch ppp-2.3.11-reap.patch ppp-2.3.11-pam_session.patch ppp-2.3.11-openssl-0.9.5-mppe.patch ppp_mppe_compressed_data_fix.diff ppp-2.3.5-pamd.conf if_ppp_2.2.17.diff this is what I did for the PPP-2.3.11 tar -zxvf ppp-2.3.11.tar.gz cd ppp-2.3.11 patch -p1 < ../ppp-2.3.11-make.patch patch -p1 < ../ppp-2.3.6-sample.patch patch -p1 < ../ppp-2.3.9-wtmp.patch patch -p1 < ../ppp-2.3.11-reap.patch patch -p1 < ../ppp-2.3.11-pam_session.patch patch -p1 < ../ppp-2.3.11-openssl-0.9.5-mppe.patch cd linux patch < ../../ppp_mppe_compressed_data_fix.diff the other patches were from the ppp-2.3.11-7.src.rpm, it's patched in that order, so says in the ppp.spec then I went to my linux directory and did... make menuconfig make dep clean (fix the kill thing in drivers/net/ppp.c) kill_fasync (ppp->tty->fasync, SIGIO, POLL_IN); make modules SUBDIRS=drivers/net (fix something in include/linux/modules.h so I could compile the rest of the needed files) extern unsigned long get_module_symbol(char *, char *); I then copied bsd_comp.o, ppp.o, ppp_deflate.o, ppp_mppe.o and slhc.o to /lib/modules/2.2.16-22/net I tried to load up the ppp.o, but it gives me this error. - insmod ppp /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_remember_R__ver_slhc_remember /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_uncompress_R__ver_slhc_uncompress /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol skb_over_panic_R__ver_skb_over_panic /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol interruptible_sleep_on_R__ver_interruptible_sleep_on /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol unregister_netdev_R__ver_unregister_netdev /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_init_R__ver_slhc_init /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol netif_rx_R__ver_netif_rx /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol alloc_skb_R__ver_alloc_skb /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol __wake_up_R__ver___wake_up /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_free_R__ver_slhc_free /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol register_netdev_R__ver_register_netdev /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol kill_fasync_R__ver_kill_fasync /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol request_module_R__ver_request_module /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol dev_alloc_name_R__ver_dev_alloc_name /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol __kfree_skb_R__ver___kfree_skb /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol skb_under_panic_R__ver_skb_under_panic /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol tty_register_ldisc_R__ver_tty_register_ldisc /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_toss_R__ver_slhc_toss /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_compress_R__ver_slhc_compress /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol n_tty_ioctl_R__ver_n_tty_ioctl /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol __pollwait_R__ver___pollwait /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol tty_hung_up_p_R__ver_tty_hung_up_p and these errors for insmod ppp_mppe & insmod ppp_deflate & insmod bsd_comp /lib/modules/2.2.16-22/net/ppp_mppe.o: unresolved symbol ppp_register_compressor_R9682e733 /lib/modules/2.2.16-22/net/ppp_mppe.o: unresolved symbol ppp_unregister_compressor_Ra1b928df the only one without errors is slhc.o This is how far I got, but now I'm stuck again Please give me some assistances if possible. Thanx On Sun, 11 Feb 2001, you wrote: > Have you updated gcc? It's badly broken under 7.0. > > Search deja or just run up2date, and make sure you update glibc as well. > > --Yan > > Clement Law wrote: > > > > I'm just wondering if anyone has made the modules for MPPE and the other one > > under Redhat 7.0 with Kernel 2.2.16-22. > > I'm getting a whole lot of errors when I'm trying to make the kernel stuff. > > Like what do I have to edit and so on. > > > > It would be muct appreciated if the people that know could help me out. > > Thanx in advance. > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! From giulioo at pobox.com Sun Feb 11 11:58:06 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Sun, 11 Feb 2001 18:58:06 +0100 Subject: [pptp-server] Redhat V7.0 and Kernel V2.2.16-22 In-Reply-To: <01021020520500.05236@cr132773-d> References: <01021020520500.05236@cr132773-d> Message-ID: <20010211180049.149C2164A1@i3.golden.dom> On Sat, 10 Feb 2001 20:48:31 +0800, you wrote: >I'm just wondering if anyone has made the modules for MPPE and the other one >under Redhat 7.0 with Kernel 2.2.16-22. I'm using the rh70 2.2.16-22 kernel on rh61 and it works ok. See: http://www.vibrationresearch.com/pptpd/example.html http://www.vibrationresearch.com/pptpd/if_ppp_2.2.17.diff -- giulioo at pobox.com From djolivier at bigfoot.com Sun Feb 11 12:20:31 2001 From: djolivier at bigfoot.com (Douglas J. Olivier) Date: Sun, 11 Feb 2001 11:20:31 -0700 Subject: [pptp-server] pptp Linux client and pptp-server Message-ID: <000201c09457$51f3c650$0201a8c0@kahunabro.dakotacom.net> I have a pptp-server running that has no problems with MS vpn clients connecting, but when my linux pptp attempts to connect I get errors on client side with no logs on server side. Client root at tempe:/home/admin# pptp vpn debug name admin remotename admin 199.29.166.50:199.29.166.80 route add -net 199.29.166.0 netmask 255.255.255.0 gw 199.29.166.8 warn[open_inetsock:pptp_callmgr.c:287]: connect: Connection refused fatal[callmgr_main:pptp_callmgr.c:122]: Could not open control connection to 208.1.34.221 fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256 Server Feb 11 11:14:30 vpn pptpd[1507]: CTRL: Client 63.86.241.49 control connection started Feb 11 11:14:30 vpn pptpd[1507]: CTRL: Client 63.86.241.49 control connection finished From djolivier at bigfoot.com Sun Feb 11 16:06:27 2001 From: djolivier at bigfoot.com (Douglas J. Olivier) Date: Sun, 11 Feb 2001 15:06:27 -0700 Subject: [pptp-server] RE: pptp Linux client and pptp-server Message-ID: <000401c09476$e23cc8a0$0201a8c0@kahunabro.dakotacom.net> Ok after some digging here is the background. Client tempe Linux 2.2.17 /etc/ppp/options noauth local defaultroute passive +chap debug remotename vpn ipcp-accept-local /etc/ppp/pptp.options vpn tempe ******** 208.1.34.221 tempe vpn ******** 199.29.166.50 route -n Destination Gateway Genmask Flags Metric Ref Use Iface 208.1.34.221 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 63.86.x.x 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 63.86.x.x 0.0.0.0 UG 1 0 0 eth0 Host vpn Linux 2.2.17 Is in DMZ of Linksys Router /etc/ppp/options debug name vpn auth /etc/pptpd.conf speed 115200 localip 199.29.166.8 remoteip 199.29.166.50-80 route -n ernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 199.29.166.50 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 199.29.166.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 199.29.166.2 0.0.0.0 UG 1 0 0 eth0 My problem now is I cannot ping the internal network at 199.29.166.x And all my routing attempts have failed. Any help appreciated. -----Original Message----- From: Douglas J. Olivier [mailto:djolivier at bigfoot.com] Sent: Sunday, February 11, 2001 11:21 AM To: 'pptp-server at lists.schulte.org' Subject: pptp Linux client and pptp-server I have a pptp-server running that has no problems with MS vpn clients connecting, but when my linux pptp attempts to connect I get errors on client side with no logs on server side. Client root at tempe:/home/admin# pptp vpn debug name admin remotename admin 199.29.166.50:199.29.166.80 route add -net 199.29.166.0 netmask 255.255.255.0 gw 199.29.166.8 warn[open_inetsock:pptp_callmgr.c:287]: connect: Connection refused fatal[callmgr_main:pptp_callmgr.c:122]: Could not open control connection to 208.1.34.221 fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256 Server Feb 11 11:14:30 vpn pptpd[1507]: CTRL: Client 63.86.241.49 control connection started Feb 11 11:14:30 vpn pptpd[1507]: CTRL: Client 63.86.241.49 control connection finished From jvonau at home.com Sun Feb 11 16:40:40 2001 From: jvonau at home.com (Jerry Vonau) Date: Sun, 11 Feb 2001 16:40:40 -0600 Subject: [pptp-server] RE: pptp Linux client and pptp-server References: <000401c09476$e23cc8a0$0201a8c0@kahunabro.dakotacom.net> Message-ID: <3A8714E7.EA6CB941@home.com> Douglas: take the default route out of the client Jerry Vonau "Douglas J. Olivier" wrote: > Ok after some digging here is the background. > > Client tempe > Linux 2.2.17 > > /etc/ppp/options > noauth > local > defaultroute > passive > +chap > debug > remotename vpn > ipcp-accept-local > > /etc/ppp/pptp.options > > vpn tempe ******** 208.1.34.221 > tempe vpn ******** 199.29.166.50 > > route -n > Destination Gateway Genmask Flags Metric Ref Use > Iface > 208.1.34.221 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 63.86.x.x 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 63.86.x.x 0.0.0.0 UG 1 0 0 eth0 > > Host vpn > Linux 2.2.17 > Is in DMZ of Linksys Router > /etc/ppp/options > > debug > name vpn > auth > > /etc/pptpd.conf > > speed 115200 > localip 199.29.166.8 > remoteip 199.29.166.50-80 > > route -n > ernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 199.29.166.50 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 199.29.166.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 199.29.166.2 0.0.0.0 UG 1 0 0 eth0 > > My problem now is I cannot ping the internal network at 199.29.166.x > And all my routing attempts have failed. > > Any help appreciated. > > -----Original Message----- > From: Douglas J. Olivier [mailto:djolivier at bigfoot.com] > Sent: Sunday, February 11, 2001 11:21 AM > To: 'pptp-server at lists.schulte.org' > Subject: pptp Linux client and pptp-server > > I have a pptp-server running that has no problems with MS vpn clients > connecting, but when my linux pptp attempts to connect I get errors on > client side with no logs on server side. > > Client > root at tempe:/home/admin# pptp vpn debug name admin remotename admin > 199.29.166.50:199.29.166.80 route add -net 199.29.166.0 netmask > 255.255.255.0 gw 199.29.166.8 > warn[open_inetsock:pptp_callmgr.c:287]: connect: Connection refused > fatal[callmgr_main:pptp_callmgr.c:122]: Could not open control connection to > 208.1.34.221 > fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256 > > Server > Feb 11 11:14:30 vpn pptpd[1507]: CTRL: Client 63.86.241.49 control > connection started > Feb 11 11:14:30 vpn pptpd[1507]: CTRL: Client 63.86.241.49 control > connection finished > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From berzerke at swbell.net Sun Feb 11 22:28:38 2001 From: berzerke at swbell.net (robert) Date: Sun, 11 Feb 2001 22:28:38 -0600 Subject: [pptp-server] compile problem with ppp.c Message-ID: <01021122283802.01336@linux> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've got a problem compiling ppp.c. This is with ppp 2.3.11, kernel 2.2.17 (Mandrake). Everything goes fine after applying all the patches until I get the following errors: ppp.c:188: warning: static declaration for 'ppp_register_compression_R9682e733' follows non-static ppp.c:189: warning: static declaration for 'ppp_unregister_compression_Ra1b9928df' follows non-static The showstopper is: ppp.c: In function: 'rcv_proto_unknown': ppp.c:2563: too few arguments to function 'kill_fasync_R8e941aa8' The compile then exits with error 2. I haven't found this error in the FAQ's, examples, or mailing list. What am I missing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6h2Z8XPYCfjiVIJURArzaAJ9tjnNl8R9K4/YinhF110zrZ1R9cgCeOcre OXM9WnpJ2gO0dsbBbmgAuNc= =g5xa -----END PGP SIGNATURE----- From christian.tardif at videotron.ca Sun Feb 11 23:30:51 2001 From: christian.tardif at videotron.ca (Christian Tardif) Date: Mon, 12 Feb 2001 00:30:51 -0500 Subject: [pptp-server] PPTP-IPTABLES.... Message-ID: <5.0.2.1.2.20010212002340.00a85ab8@pop.videotron.ca> Hi, I've been trying to make PPTP-IPTABLES-WIN200 setup working for some time, but there must be something I'm missing. I can't get through it. My exact setup is as follows: WIN2000 Client---------Linux Firewall IPCHAINS----------INTERNET----------Linux Firewall IPTABLES-------------------Linux PPTP Server Could someone explain in details how to make this working ? Mainly, I need to understand exactly how should I configure both firewalls. Is my IPCHAINS firewall OK for that or do I need to upgrade this one to IPTABLES too ? Both firewalls are on kernel 2.4.0, so they both can be on IPTABLES, if needed. Any help would be helpful ! From clawz at vcn.bc.ca Sun Feb 11 07:38:21 2001 From: clawz at vcn.bc.ca (Clement Law) Date: Sun, 11 Feb 2001 21:38:21 +0800 Subject: [pptp-server] Anyone got it working with.... Message-ID: <01021121453400.01559@cr132773-d> ok, I'm wondering if anyone got it working under these settings and stuff. The compiling of the MPPE and the other thing. Redhat V7.0 - With all the updates/fixes from redhat.com kernel-2.2.17-14.i686.rpm kernel-source-2.2.17-14.i386.rpm ppp-2.3.11-7.src.rpm (the ppp-2.3.11.tar.gz with all the patches, around 4-5) ppp-2.3.11-openssl-0.9.5-mppe.patch if_ppp_2.2.17.diff the compressed data patch one too. I keep getting errors when I compile it the ppp_register_compressor and ppp_unregister_compressor static error the EXPORT_SYMTAB errors and more.. Please help. From mjo at pbj.dk Mon Feb 12 03:55:45 2001 From: mjo at pbj.dk (Mikael Johnsen) Date: Mon, 12 Feb 2001 10:55:45 +0100 Subject: [pptp-server] error 732 Message-ID: <1DA605F7E2EAD411B7A9009027DDD2C35A18@PBJ-EXCHG> Hi Guys I get this error when I try to connect my NT 4.0 to my pptp server roughly translated from danish :-) Controlling the connections to networkprotocols TCP/IP PC has reported error 732 : The PPP negotiation does not converge The Pc and the server could not agree on a common set of parameters Please help :-) Med venlig hilsen / Best regards Mikael Johnsen Systemadministrator / System Administrator PBJ Consult A/S Phone: +45 43 62 74 00 Roholmsvej 10 G Fax: +45 43 62 74 24 DK-2620 Albertslund Email: mailto:mjo at pbj.dk Homepage: www.pbj.dk From rage at sohonetworks.cc Mon Feb 12 05:10:11 2001 From: rage at sohonetworks.cc (Jason Osborne) Date: Mon, 12 Feb 2001 05:10:11 -0600 Subject: [pptp-server] error 732 In-Reply-To: <1DA605F7E2EAD411B7A9009027DDD2C35A18@PBJ-EXCHG> Message-ID: Take a look at http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt. They have some common errors and solutions. If this does not help, please go into a little more detail so that we can take a look at possible causes. -- Jason Osborne Data and Telecom Network Solutions Your total Internetworking solutions provider! 3847 Timberglen Rd., STE 4013 Dallas, TX 75287 Phone: 972-307-0676 Pager: 972-320-2426 Web: http://www.sohonetworks.cc E-mail: sales at sohonetworks.cc -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Mikael Johnsen Sent: Monday, February 12, 2001 3:56 AM To: pptp-server at lists.schulte.org Cc: Lars Lindhardsen Subject: [pptp-server] error 732 Hi Guys I get this error when I try to connect my NT 4.0 to my pptp server roughly translated from danish :-) Controlling the connections to networkprotocols TCP/IP PC has reported error 732 : The PPP negotiation does not converge The Pc and the server could not agree on a common set of parameters Please help :-) Med venlig hilsen / Best regards Mikael Johnsen Systemadministrator / System Administrator PBJ Consult A/S Phone: +45 43 62 74 00 Roholmsvej 10 G Fax: +45 43 62 74 24 DK-2620 Albertslund Email: mailto:mjo at pbj.dk Homepage: www.pbj.dk _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From mjo at pbj.dk Mon Feb 12 05:29:59 2001 From: mjo at pbj.dk (Mikael Johnsen) Date: Mon, 12 Feb 2001 12:29:59 +0100 Subject: SV: [pptp-server] error 732 Message-ID: <1DA605F7E2EAD411B7A9009027DDD2C35A1A@PBJ-EXCHG> This should be the session on the Server Hopefully this can help :-) Feb 12 10:30:18 mail pptpd[23662]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Feb 12 10:30:18 mail pptpd[23662]: CTRL: local address = 192.168.10.10 Feb 12 10:30:18 mail pptpd[23662]: CTRL: remote address = 192.168.10.71 Feb 12 10:30:18 mail pptpd[23662]: CTRL: pppd options file = /etc/ppp/options Feb 12 10:30:18 mail pptpd[23662]: CTRL: Client 212.97.242.8 control connection started Feb 12 10:30:18 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 1) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Made a START CTRL CONN RPLY packet Feb 12 10:30:18 mail pptpd[23662]: CTRL: I wrote 156 bytes to the client. Feb 12 10:30:18 mail pptpd[23662]: CTRL: Sent packet to client Feb 12 10:30:18 mail kernel: Packet log: input - eth0 PROTO=17 212.97.242.8:137 130.228.111.2:137 L=78 S=0x00 I=51713 F=0x0000 T=118 (#16) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 7) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Set parameters to 152 maxbps, 3 window size Feb 12 10:30:18 mail pptpd[23662]: CTRL: Made a OUT CALL RPLY packet Feb 12 10:30:18 mail pptpd[23662]: CTRL: Starting call (launching pppd, opening GRE) Feb 12 10:30:18 mail pptpd[23662]: CTRL: pty_fd = 5 Feb 12 10:30:18 mail pptpd[23662]: CTRL: tty_fd = 6 Feb 12 10:30:18 mail pptpd[23662]: CTRL: I wrote 32 bytes to the client. Feb 12 10:30:18 mail pptpd[23662]: CTRL: Sent packet to client Feb 12 10:30:18 mail pptpd[23663]: CTRL (PPPD Launcher): Connection speed = 115200 Feb 12 10:30:18 mail pptpd[23663]: CTRL (PPPD Launcher): local address = 192.168.10.10 Feb 12 10:30:18 mail pptpd[23663]: CTRL (PPPD Launcher): remote address = 192.168.10.71 Feb 12 10:30:18 mail pppd[23663]: pppd 2.3.11 started by root, uid 0 Feb 12 10:30:18 mail pppd[23663]: Using interface ppp0 Feb 12 10:30:18 mail pppd[23663]: Connect: ppp0 <--> /dev/pts/2 Feb 12 10:30:18 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 15) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Got a SET LINK INFO packet with standard ACCMs Feb 12 10:30:19 mail kernel: Packet log: input - eth0 PROTO=17 212.97.242.8:137 130.228.111.2:137 L=78 S=0x00 I=53249 F=0x0000 T=118 (#16) Feb 12 10:30:21 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 15) Feb 12 10:30:21 mail pptpd[23662]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Feb 12 10:30:22 mail pppd[23663]: MSCHAP peer authentication succeeded for elk Feb 12 10:30:22 mail pppd[23663]: found interface eth1 for proxy arp Feb 12 10:30:22 mail pppd[23663]: local IP address 192.168.10.10 Feb 12 10:30:22 mail pppd[23663]: remote IP address 192.168.10.102 Feb 12 10:30:41 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 12) Feb 12 10:30:41 mail pptpd[23662]: CTRL: Made a CALL DISCONNECT RPLY packet Feb 12 10:30:41 mail pptpd[23662]: CTRL: Received CALL CLR request (closing call) Feb 12 10:30:41 mail pptpd[23662]: CTRL: I wrote 148 bytes to the client. Feb 12 10:30:41 mail pptpd[23662]: CTRL: Sent packet to client Feb 12 10:30:41 mail pptpd[23662]: CTRL: Error with select(), quitting Feb 12 10:30:41 mail pptpd[23662]: CTRL: Client 212.97.242.8 control connection finished Feb 12 10:30:41 mail pptpd[23662]: CTRL: Exiting now Feb 12 10:30:41 mail pptpd[976]: MGR: Reaped child 23662 Feb 12 10:30:41 mail pppd[23663]: Modem hangup Feb 12 10:30:41 mail pppd[23663]: Connection terminated. Feb 12 10:30:41 mail pppd[23663]: Connect time 0.4 minutes. Feb 12 10:30:41 mail pppd[23663]: Sent 2402 bytes, received 2106 bytes. Feb 12 10:30:41 mail pppd[23663]: Exit -----Oprindelig meddelelse----- Fra: Jason Osborne [mailto:rage at sohonetworks.cc] Sendt: 12. februar 2001 12:10 Til: Mikael Johnsen; pptp-server at lists.schulte.org Cc: Lars Lindhardsen Emne: RE: [pptp-server] error 732 Take a look at http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt. They have some common errors and solutions. If this does not help, please go into a little more detail so that we can take a look at possible causes. -- Jason Osborne Data and Telecom Network Solutions Your total Internetworking solutions provider! 3847 Timberglen Rd., STE 4013 Dallas, TX 75287 Phone: 972-307-0676 Pager: 972-320-2426 Web: http://www.sohonetworks.cc E-mail: sales at sohonetworks.cc -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Mikael Johnsen Sent: Monday, February 12, 2001 3:56 AM To: pptp-server at lists.schulte.org Cc: Lars Lindhardsen Subject: [pptp-server] error 732 Hi Guys I get this error when I try to connect my NT 4.0 to my pptp server roughly translated from danish :-) Controlling the connections to networkprotocols TCP/IP PC has reported error 732 : The PPP negotiation does not converge The Pc and the server could not agree on a common set of parameters Please help :-) Med venlig hilsen / Best regards Mikael Johnsen Systemadministrator / System Administrator PBJ Consult A/S Phone: +45 43 62 74 00 Roholmsvej 10 G Fax: +45 43 62 74 24 DK-2620 Albertslund Email: mailto:mjo at pbj.dk Homepage: www.pbj.dk _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From rage at sohonetworks.cc Mon Feb 12 05:43:33 2001 From: rage at sohonetworks.cc (Jason Osborne) Date: Mon, 12 Feb 2001 05:43:33 -0600 Subject: [pptp-server] error 732 In-Reply-To: <1DA605F7E2EAD411B7A9009027DDD2C35A1A@PBJ-EXCHG> Message-ID: Mikael, First you might want to try uninstalling and reinstalling vpn on the client. There might be a problem there. You could also try reinstalling tcp/ip. From what I see below, it looks like the client is getting confused with the server and it seems that the server was nice enough to drop an ip for the client but the client refused it. Make sure that you don't have any other protocols turned on besides tcp/ip for the vpn connection too. Anyone else have any ideas? -----Original Message----- From: Mikael Johnsen [mailto:mjo at pbj.dk] Sent: Monday, February 12, 2001 5:30 AM To: 'Jason Osborne' Cc: 'pptp-server at lists.schulte.org' Subject: SV: [pptp-server] error 732 This should be the session on the Server Hopefully this can help :-) Feb 12 10:30:18 mail pptpd[23662]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Feb 12 10:30:18 mail pptpd[23662]: CTRL: local address = 192.168.10.10 Feb 12 10:30:18 mail pptpd[23662]: CTRL: remote address = 192.168.10.71 Feb 12 10:30:18 mail pptpd[23662]: CTRL: pppd options file = /etc/ppp/options Feb 12 10:30:18 mail pptpd[23662]: CTRL: Client 212.97.242.8 control connection started Feb 12 10:30:18 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 1) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Made a START CTRL CONN RPLY packet Feb 12 10:30:18 mail pptpd[23662]: CTRL: I wrote 156 bytes to the client. Feb 12 10:30:18 mail pptpd[23662]: CTRL: Sent packet to client Feb 12 10:30:18 mail kernel: Packet log: input - eth0 PROTO=17 212.97.242.8:137 130.228.111.2:137 L=78 S=0x00 I=51713 F=0x0000 T=118 (#16) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 7) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Set parameters to 152 maxbps, 3 window size Feb 12 10:30:18 mail pptpd[23662]: CTRL: Made a OUT CALL RPLY packet Feb 12 10:30:18 mail pptpd[23662]: CTRL: Starting call (launching pppd, opening GRE) Feb 12 10:30:18 mail pptpd[23662]: CTRL: pty_fd = 5 Feb 12 10:30:18 mail pptpd[23662]: CTRL: tty_fd = 6 Feb 12 10:30:18 mail pptpd[23662]: CTRL: I wrote 32 bytes to the client. Feb 12 10:30:18 mail pptpd[23662]: CTRL: Sent packet to client Feb 12 10:30:18 mail pptpd[23663]: CTRL (PPPD Launcher): Connection speed = 115200 Feb 12 10:30:18 mail pptpd[23663]: CTRL (PPPD Launcher): local address = 192.168.10.10 Feb 12 10:30:18 mail pptpd[23663]: CTRL (PPPD Launcher): remote address = 192.168.10.71 Feb 12 10:30:18 mail pppd[23663]: pppd 2.3.11 started by root, uid 0 Feb 12 10:30:18 mail pppd[23663]: Using interface ppp0 Feb 12 10:30:18 mail pppd[23663]: Connect: ppp0 <--> /dev/pts/2 Feb 12 10:30:18 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 15) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Got a SET LINK INFO packet with standard ACCMs Feb 12 10:30:19 mail kernel: Packet log: input - eth0 PROTO=17 212.97.242.8:137 130.228.111.2:137 L=78 S=0x00 I=53249 F=0x0000 T=118 (#16) Feb 12 10:30:21 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 15) Feb 12 10:30:21 mail pptpd[23662]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Feb 12 10:30:22 mail pppd[23663]: MSCHAP peer authentication succeeded for elk Feb 12 10:30:22 mail pppd[23663]: found interface eth1 for proxy arp Feb 12 10:30:22 mail pppd[23663]: local IP address 192.168.10.10 Feb 12 10:30:22 mail pppd[23663]: remote IP address 192.168.10.102 Feb 12 10:30:41 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 12) Feb 12 10:30:41 mail pptpd[23662]: CTRL: Made a CALL DISCONNECT RPLY packet Feb 12 10:30:41 mail pptpd[23662]: CTRL: Received CALL CLR request (closing call) Feb 12 10:30:41 mail pptpd[23662]: CTRL: I wrote 148 bytes to the client. Feb 12 10:30:41 mail pptpd[23662]: CTRL: Sent packet to client Feb 12 10:30:41 mail pptpd[23662]: CTRL: Error with select(), quitting Feb 12 10:30:41 mail pptpd[23662]: CTRL: Client 212.97.242.8 control connection finished Feb 12 10:30:41 mail pptpd[23662]: CTRL: Exiting now Feb 12 10:30:41 mail pptpd[976]: MGR: Reaped child 23662 Feb 12 10:30:41 mail pppd[23663]: Modem hangup Feb 12 10:30:41 mail pppd[23663]: Connection terminated. Feb 12 10:30:41 mail pppd[23663]: Connect time 0.4 minutes. Feb 12 10:30:41 mail pppd[23663]: Sent 2402 bytes, received 2106 bytes. Feb 12 10:30:41 mail pppd[23663]: Exit -----Oprindelig meddelelse----- Fra: Jason Osborne [mailto:rage at sohonetworks.cc] Sendt: 12. februar 2001 12:10 Til: Mikael Johnsen; pptp-server at lists.schulte.org Cc: Lars Lindhardsen Emne: RE: [pptp-server] error 732 Take a look at http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt. They have some common errors and solutions. If this does not help, please go into a little more detail so that we can take a look at possible causes. -- Jason Osborne Data and Telecom Network Solutions Your total Internetworking solutions provider! 3847 Timberglen Rd., STE 4013 Dallas, TX 75287 Phone: 972-307-0676 Pager: 972-320-2426 Web: http://www.sohonetworks.cc E-mail: sales at sohonetworks.cc -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Mikael Johnsen Sent: Monday, February 12, 2001 3:56 AM To: pptp-server at lists.schulte.org Cc: Lars Lindhardsen Subject: [pptp-server] error 732 Hi Guys I get this error when I try to connect my NT 4.0 to my pptp server roughly translated from danish :-) Controlling the connections to networkprotocols TCP/IP PC has reported error 732 : The PPP negotiation does not converge The Pc and the server could not agree on a common set of parameters Please help :-) Med venlig hilsen / Best regards Mikael Johnsen Systemadministrator / System Administrator PBJ Consult A/S Phone: +45 43 62 74 00 Roholmsvej 10 G Fax: +45 43 62 74 24 DK-2620 Albertslund Email: mailto:mjo at pbj.dk Homepage: www.pbj.dk _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From martin at tuatha.org Mon Feb 12 06:01:06 2001 From: martin at tuatha.org (Martin Feeney) Date: Mon, 12 Feb 2001 12:01:06 +0000 Subject: [pptp-server] VPN Daemon Message-ID: <20010212120106.U13759@greenspot.ie.nwcgroup.com> Anyone interested in a daemon written in Perl that will detect when a pptp connection dies and restart it? On that note, does this list accept attachments? M. From mjo at pbj.dk Mon Feb 12 06:19:39 2001 From: mjo at pbj.dk (Mikael Johnsen) Date: Mon, 12 Feb 2001 13:19:39 +0100 Subject: SV: [pptp-server] error 732 Message-ID: <1DA605F7E2EAD411B7A9009027DDD2C35A1B@PBJ-EXCHG> thanks the problem was a service pack update! -----Oprindelig meddelelse----- Fra: Jason Osborne [mailto:rage at sohonetworks.cc] Sendt: 12. februar 2001 12:44 Til: Mikael Johnsen; 'Jason Osborne' Cc: pptp-server at lists.schulte.org Emne: RE: [pptp-server] error 732 Mikael, First you might want to try uninstalling and reinstalling vpn on the client. There might be a problem there. You could also try reinstalling tcp/ip. From what I see below, it looks like the client is getting confused with the server and it seems that the server was nice enough to drop an ip for the client but the client refused it. Make sure that you don't have any other protocols turned on besides tcp/ip for the vpn connection too. Anyone else have any ideas? -----Original Message----- From: Mikael Johnsen [mailto:mjo at pbj.dk] Sent: Monday, February 12, 2001 5:30 AM To: 'Jason Osborne' Cc: 'pptp-server at lists.schulte.org' Subject: SV: [pptp-server] error 732 This should be the session on the Server Hopefully this can help :-) Feb 12 10:30:18 mail pptpd[23662]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Feb 12 10:30:18 mail pptpd[23662]: CTRL: local address = 192.168.10.10 Feb 12 10:30:18 mail pptpd[23662]: CTRL: remote address = 192.168.10.71 Feb 12 10:30:18 mail pptpd[23662]: CTRL: pppd options file = /etc/ppp/options Feb 12 10:30:18 mail pptpd[23662]: CTRL: Client 212.97.242.8 control connection started Feb 12 10:30:18 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 1) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Made a START CTRL CONN RPLY packet Feb 12 10:30:18 mail pptpd[23662]: CTRL: I wrote 156 bytes to the client. Feb 12 10:30:18 mail pptpd[23662]: CTRL: Sent packet to client Feb 12 10:30:18 mail kernel: Packet log: input - eth0 PROTO=17 212.97.242.8:137 130.228.111.2:137 L=78 S=0x00 I=51713 F=0x0000 T=118 (#16) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 7) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Set parameters to 152 maxbps, 3 window size Feb 12 10:30:18 mail pptpd[23662]: CTRL: Made a OUT CALL RPLY packet Feb 12 10:30:18 mail pptpd[23662]: CTRL: Starting call (launching pppd, opening GRE) Feb 12 10:30:18 mail pptpd[23662]: CTRL: pty_fd = 5 Feb 12 10:30:18 mail pptpd[23662]: CTRL: tty_fd = 6 Feb 12 10:30:18 mail pptpd[23662]: CTRL: I wrote 32 bytes to the client. Feb 12 10:30:18 mail pptpd[23662]: CTRL: Sent packet to client Feb 12 10:30:18 mail pptpd[23663]: CTRL (PPPD Launcher): Connection speed = 115200 Feb 12 10:30:18 mail pptpd[23663]: CTRL (PPPD Launcher): local address = 192.168.10.10 Feb 12 10:30:18 mail pptpd[23663]: CTRL (PPPD Launcher): remote address = 192.168.10.71 Feb 12 10:30:18 mail pppd[23663]: pppd 2.3.11 started by root, uid 0 Feb 12 10:30:18 mail pppd[23663]: Using interface ppp0 Feb 12 10:30:18 mail pppd[23663]: Connect: ppp0 <--> /dev/pts/2 Feb 12 10:30:18 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 15) Feb 12 10:30:18 mail pptpd[23662]: CTRL: Got a SET LINK INFO packet with standard ACCMs Feb 12 10:30:19 mail kernel: Packet log: input - eth0 PROTO=17 212.97.242.8:137 130.228.111.2:137 L=78 S=0x00 I=53249 F=0x0000 T=118 (#16) Feb 12 10:30:21 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 15) Feb 12 10:30:21 mail pptpd[23662]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Feb 12 10:30:22 mail pppd[23663]: MSCHAP peer authentication succeeded for elk Feb 12 10:30:22 mail pppd[23663]: found interface eth1 for proxy arp Feb 12 10:30:22 mail pppd[23663]: local IP address 192.168.10.10 Feb 12 10:30:22 mail pppd[23663]: remote IP address 192.168.10.102 Feb 12 10:30:41 mail pptpd[23662]: CTRL: Received PPTP Control Message (type: 12) Feb 12 10:30:41 mail pptpd[23662]: CTRL: Made a CALL DISCONNECT RPLY packet Feb 12 10:30:41 mail pptpd[23662]: CTRL: Received CALL CLR request (closing call) Feb 12 10:30:41 mail pptpd[23662]: CTRL: I wrote 148 bytes to the client. Feb 12 10:30:41 mail pptpd[23662]: CTRL: Sent packet to client Feb 12 10:30:41 mail pptpd[23662]: CTRL: Error with select(), quitting Feb 12 10:30:41 mail pptpd[23662]: CTRL: Client 212.97.242.8 control connection finished Feb 12 10:30:41 mail pptpd[23662]: CTRL: Exiting now Feb 12 10:30:41 mail pptpd[976]: MGR: Reaped child 23662 Feb 12 10:30:41 mail pppd[23663]: Modem hangup Feb 12 10:30:41 mail pppd[23663]: Connection terminated. Feb 12 10:30:41 mail pppd[23663]: Connect time 0.4 minutes. Feb 12 10:30:41 mail pppd[23663]: Sent 2402 bytes, received 2106 bytes. Feb 12 10:30:41 mail pppd[23663]: Exit -----Oprindelig meddelelse----- Fra: Jason Osborne [mailto:rage at sohonetworks.cc] Sendt: 12. februar 2001 12:10 Til: Mikael Johnsen; pptp-server at lists.schulte.org Cc: Lars Lindhardsen Emne: RE: [pptp-server] error 732 Take a look at http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt. They have some common errors and solutions. If this does not help, please go into a little more detail so that we can take a look at possible causes. -- Jason Osborne Data and Telecom Network Solutions Your total Internetworking solutions provider! 3847 Timberglen Rd., STE 4013 Dallas, TX 75287 Phone: 972-307-0676 Pager: 972-320-2426 Web: http://www.sohonetworks.cc E-mail: sales at sohonetworks.cc -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Mikael Johnsen Sent: Monday, February 12, 2001 3:56 AM To: pptp-server at lists.schulte.org Cc: Lars Lindhardsen Subject: [pptp-server] error 732 Hi Guys I get this error when I try to connect my NT 4.0 to my pptp server roughly translated from danish :-) Controlling the connections to networkprotocols TCP/IP PC has reported error 732 : The PPP negotiation does not converge The Pc and the server could not agree on a common set of parameters Please help :-) Med venlig hilsen / Best regards Mikael Johnsen Systemadministrator / System Administrator PBJ Consult A/S Phone: +45 43 62 74 00 Roholmsvej 10 G Fax: +45 43 62 74 24 DK-2620 Albertslund Email: mailto:mjo at pbj.dk Homepage: www.pbj.dk _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From rayw at rayw.org Mon Feb 12 08:29:02 2001 From: rayw at rayw.org (Ray Willis) Date: Mon, 12 Feb 2001 08:29:02 -0600 Subject: [pptp-server] VPN Daemon In-Reply-To: <20010212120106.U13759@greenspot.ie.nwcgroup.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Last time I check xinetd did this.... RayW - -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Martin Feeney Sent: Monday, February 12, 2001 6:01 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] VPN Daemon Anyone interested in a daemon written in Perl that will detect when a pptp connection dies and restart it? On that note, does this list accept attachments? M. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBOofzLTjiHLqyVsKkEQLjagCeNPG0FR6Rb9PmjVh/v4ky83hWZOMAoJBE os6ksAR6AuG/dEaLJQcOR8Xh =vGS/ -----END PGP SIGNATURE----- From gord at amador.ca Mon Feb 12 08:40:12 2001 From: gord at amador.ca (Gord Belsey) Date: Mon, 12 Feb 2001 07:40:12 -0700 Subject: [pptp-server] VPN Daemon In-Reply-To: Message-ID: <000001c09501$b5402640$280111ac@amadorinc.com> Since I don't use xinetd, I'm interested. Send me a note offline... Thanks gord gbelsey at amador-group.com -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Ray Willis Sent: Monday, February 12, 2001 7:29 AM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] VPN Daemon -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Last time I check xinetd did this.... RayW - -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Martin Feeney Sent: Monday, February 12, 2001 6:01 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] VPN Daemon Anyone interested in a daemon written in Perl that will detect when a pptp connection dies and restart it? On that note, does this list accept attachments? M. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBOofzLTjiHLqyVsKkEQLjagCeNPG0FR6Rb9PmjVh/v4ky83hWZOMAoJBE os6ksAR6AuG/dEaLJQcOR8Xh =vGS/ -----END PGP SIGNATURE----- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From martin at tuatha.org Mon Feb 12 08:53:23 2001 From: martin at tuatha.org (Martin Feeney) Date: Mon, 12 Feb 2001 14:53:23 +0000 Subject: [pptp-server] VPN Daemon In-Reply-To: ; from rayw@rayw.org on Mon, Feb 12, 2001 at 14:29:02 +0000 References: <20010212120106.U13759@greenspot.ie.nwcgroup.com> Message-ID: <20010212145323.E13759@greenspot.ie.nwcgroup.com> On Mon, 12 Feb 2001 14:29:02 Ray Willis wrote: > Last time I check xinetd did this.... Maybe, but it doesn't know anything about pptp so it can't really recover when pptp gets confused. I'll tidy up the code a bit and stick it on a webpage. Maybe I'll even make a .deb at a later stage for those who have seen the true path. M. From hka at eFrog.se Mon Feb 12 10:00:35 2001 From: hka at eFrog.se (Hans Karlinius) Date: Mon, 12 Feb 2001 17:00:35 +0100 Subject: [pptp-server] pptp&ppp giving out a gw Message-ID: How do I get pptp&ppp to give out a specific gateway to the clients. Not the default gateway, but a different one. /Hazze From hka at eFrog.se Mon Feb 12 10:23:03 2001 From: hka at eFrog.se (Hans Karlinius) Date: Mon, 12 Feb 2001 17:23:03 +0100 Subject: [pptp-server] pptp&ppp giving out a gw Message-ID: How do I get pptp&ppp to give out a specific gateway to the clients. Not the default gateway, but a different one. /Hazze From admin at pmcipa.com Mon Feb 12 10:52:59 2001 From: admin at pmcipa.com (Eric Robinson) Date: Mon, 12 Feb 2001 08:52:59 -0800 Subject: [pptp-server] My Apologies Message-ID: <21B377B36413D311861C0004ACB8854A08D065@www.pmcipa.com> Greetings! My apologies for this message, but will someone please tell me how to unsubscribe from this list? I've been to http://lists.schulte.org/mailman/listinfo/pptp-server but the instructions do not appear to be there. TIA. --Eric From vgill at technologist.com Mon Feb 12 11:14:53 2001 From: vgill at technologist.com (Gill, Vern) Date: Mon, 12 Feb 2001 09:14:53 -0800 Subject: [pptp-server] ppp-2.4.0 combined patch Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C66@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Well, I sent this msg almost a month ago. The mail-list rejected it because it was too big. The admins were "supposed" to review, and post if they like. They never did. So, here is a link to the patch, if anyone wants it... http://linus.yi.org/smbpw-mppe-stripdom-requiremppe.diff.bz2 Enjoy.. -----Original Message----- From: Gill, Vern [mailto:vgill at technologist.com] Sent: Sunday, February 04, 2001 11:38 PM To: VPN MailList Subject: [pptp-server] ppp-2.4.0 combined patch I have created a patch file for ppp-2.4.0. This patch file incorporates all of the following functionality; MPPE for PPP require-mppe for ppp stripmsdomain for ppp use smbpasswd file for ppp chap authentication This patch applies cleanly against a fresh ppp-2.4.0 source tree To build ppp with this patch, you need libsmbpw To apply, do the following; If your ppp source is /usr/src/ppp-2.4.0, cd /usr/src, patch -p1 < /location/of/file/filename.diff > /some/dir/patch.log I did NOT write ANY of this stuff... I only made the individual patches work for me, then diffed a clean tree against my completely patched tree. PLEASE do NOT ask me about the patches. I am only submitting this for people who want/need all of these features... BTW, this works on kernel-2.2.16 just as well as 2.4.x To get all of the functionality out of this patch, you need the following; /etc/ppp/options.pptpd +chap +chapms +chapms-v2 chapms-strip-domain ## makes DOMAIN\user come thru as user mppe-40 mppe-128 mppe-stateless require-chap require-mppe require-mppe-stateless /etc/modules.conf alias ppp-compress-18 ppp_mppe /etc/modules.conf alias char-major-108 ppp_generic alias /dev/ppp ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate then do; mknod /dev/ppp c 108 0 chmod 600 /dev/ppp As always, your mileage may vary. Enjoy _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From martin at tuatha.org Mon Feb 12 11:24:29 2001 From: martin at tuatha.org (Martin Feeney) Date: Mon, 12 Feb 2001 17:24:29 +0000 Subject: [pptp-server] VPN Daemon In-Reply-To: <20010212145323.E13759@greenspot.ie.nwcgroup.com>; from martin@tuatha.org on Mon, Feb 12, 2001 at 14:53:23 +0000 References: <20010212120106.U13759@greenspot.ie.nwcgroup.com> <20010212145323.E13759@greenspot.ie.nwcgroup.com> Message-ID: <20010212172429.I13759@greenspot.ie.nwcgroup.com> OK, check out http://greenspot.ie.nwcgroup.com/vpnd/ From berzerke at swbell.net Mon Feb 12 11:27:36 2001 From: berzerke at swbell.net (robert) Date: Mon, 12 Feb 2001 11:27:36 -0600 Subject: [pptp-server] Follow-up to problem compiling ppp.c Message-ID: <01021211273604.01336@linux> I've got a problem compiling ppp.c. ?This is with ppp 2.3.11, kernel 2.2.17 (Mandrake). ?Everything goes fine after applying all the patches until I get the following errors: ppp.c:188: warning: static declaration for 'ppp_register_compression_R9682e733' follows non-static ppp.c:189: warning: static declaration for 'ppp_unregister_compression_Ra1b9928df' follows non-static The showstopper is: ppp.c: In function: 'rcv_proto_unknown': ppp.c:2563: too few arguments to function 'kill_fasync_R8e941aa8' The compile then exits with error 2. I've found that editing the line of code for kill_fasync and adding ", POLL_IN" (no quotes of course) before the closing ) allows the module to compile. However, I get the unresolved symbols in ppp_register_compression and in ppp_unregister_compression. I also still get the above error about static following non-static. I went through the patch code by hand and found the ppp_register_compression and it's companion were declared EXTERN, so I changed the ppp.c code. Compiles without a problem now . However, I still get the unresolved symbols error when I try to use it. I've checked for the problem and it isn't in any of the patches (or ppp.c code from pppd). Yes, I got the patch with the rc.4 "files". I'm stumped. If anyone has this successfully running for a 2.2.17 kernel, I would appreciate you emailing me (off the list) your ppp.c from /usr/src/linux/drivers/net so I could do a diff and hopefully find out what's wrong. From msuencks at marcant.de Mon Feb 12 13:45:06 2001 From: msuencks at marcant.de (Matthias Suencksen) Date: Mon, 12 Feb 2001 20:45:06 +0100 Subject: [pptp-server] Follow-up to problem compiling ppp.c In-Reply-To: <01021211273604.01336@linux> Message-ID: robert wrote: > > I've got a problem compiling ppp.c. ?This is with ppp 2.3.11, kernel 2.2.17 > (Mandrake). ?Everything goes fine after applying all the patches until I get > the following errors: > > ppp.c:188: warning: static declaration for > 'ppp_register_compression_R9682e733' follows non-static > ppp.c:189: warning: static declaration for > 'ppp_unregister_compression_Ra1b9928df' follows non-static > this looks like a problem with version of the modules vs. version of the kernel. I usuallay check that /usr/src/linux is really a symlink to the source directory of the currently running kernel. If unshure I about the status of it I do the full build again ( make dep; make bzImage ; make modules; make_modules_install ; depmod -a ; and aquainting lilo with the new image) My personal experence with 2.2.17 is that after un-tarring a fresh tar-ball of kernel source and doing "make kernel" with ppp-2.3.11 I only had to adjust if_ppp.h ( as said in section 7.3.5 in the RedHat Howto). -- Matthias > The showstopper is: > > ppp.c: In function: 'rcv_proto_unknown': ppp.c:2563: too few arguments to > function 'kill_fasync_R8e941aa8' > > The compile then exits with error 2. > > I've found that editing the line of code for kill_fasync and adding ", > POLL_IN" (no quotes of course) before the closing ) allows the module to > compile. However, I get the unresolved symbols in ppp_register_compression > and in ppp_unregister_compression. I also still get the above error about > static following non-static. I think's covered > > I went through the patch code by hand and found the ppp_register_compression > and it's companion were declared EXTERN, so I changed the ppp.c code. > Compiles without a problem now . However, I still get the unresolved symbols > error when I try to use it. > > I've checked for the problem and it isn't in any of the patches (or > ppp.c code from pppd). Yes, I got the patch with the rc.4 "files". I'm > stumped. If anyone has this successfully running for a 2.2.17 kernel, I > would appreciate you emailing me (off the list) your ppp.c from > /usr/src/linux/drivers/net so I could do a diff and hopefully find out what's > wrong. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > > -- Out-of-order Execution (Feature von modernen Microprozessoren) From djolivier at bigfoot.com Mon Feb 12 14:04:50 2001 From: djolivier at bigfoot.com (Doug Olivier) Date: Mon, 12 Feb 2001 13:04:50 -0700 Subject: [pptp-server] This has to be a routing issue. Message-ID: <00a401c0952f$113bb0e0$8da61dc7@dakotanet.com> > Basically the client should log into the server obtain an local IP on that > network and be able to telnet to the dB server on that network, > for some reason even though the link appears to be up neither the client or > server can ping each other. > > If anyone has any ideas please help me. > > > Client Linux 2.2.17 > > route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 199.29.166.70 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 199.29.166.0 199.29.166.50 255.255.255.0 UG 0 0 0 ppp0 > 199.29.166.0 199.29.166.70 255.255.255.0 UG 0 0 0 ppp0 > 63.86.241.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 63.86.241.1 0.0.0.0 UG 1 0 0 eth0 > > route add -net 199.29.166.0 netmask 255.255.255.0 gw 199.29.166.70 > > route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 199.29.166.70 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 199.29.166.0 199.29.166.70 255.255.255.0 UG 0 0 0 ppp0 > 63.86.241.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 63.86.241.1 0.0.0.0 UG 1 0 0 eth0 > > PING 199.29.166.50 (199.29.166.50): 56 data bytes > 64 bytes from 199.29.166.50: icmp_seq=0 ttl=255 time=0.5 ms > 64 bytes from 199.29.166.50: icmp_seq=1 ttl=255 time=0.2 ms > 64 bytes from 199.29.166.50: icmp_seq=2 ttl=255 time=0.3 ms > 64 bytes from 199.29.166.50: icmp_seq=3 ttl=255 time=0.2 ms > 64 bytes from 199.29.166.50: icmp_seq=4 ttl=255 time=0.2 ms > 64 bytes from 199.29.166.50: icmp_seq=5 ttl=255 time=0.2 ms > 64 bytes from 199.29.166.50: icmp_seq=6 ttl=255 time=0.2 ms > 64 bytes from 199.29.166.50: icmp_seq=7 ttl=255 time=0.2 ms > > --- 199.29.166.50 ping statistics --- > 8 packets transmitted, 8 packets received, 0% packet loss > round-trip min/avg/max = 0.2/0.2/0.5 ms > > > PING 199.29.166.70 (199.29.166.70): 56 data bytes > ping: wrote 199.29.166.70 64 chars, ret=-1 > ping: wrote 199.29.166.70 64 chars, ret=-1 > ping: wrote 199.29.166.70 64 chars, ret=-1 > ping: wrote 199.29.166.70 64 chars, ret=-1 > > --- 199.29.166.70 ping statistics --- > 4 packets transmitted, 0 packets received, 100% packet loss > > /etc/ppp/options > noauth > local > passive > debug > remotename vpn > ipcp-accept-local > ipcp-accept-remote > name tempe > > tail -n50 /var/adm/messages > Feb 12 10:48:15 ip-86-241-49 (unknown)[362]: > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection > established. > Feb 12 10:48:16 ip-86-241-49 (unknown)[362]: > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. > Feb 12 10:48:16 ip-86-241-49 pppd[364]: pppd 2.3.11 started by root, uid 0 > Feb 12 10:48:16 ip-86-241-49 kernel: registered device ppp1 > Feb 12 10:48:16 ip-86-241-49 pppd[364]: Using interface ppp1 > Feb 12 10:48:16 ip-86-241-49 pppd[364]: Connect: ppp1 <--> /dev/ttya0 > Feb 12 10:48:21 ip-86-241-49 pppd[364]: Remote message: Welcome to vpn. > Feb 12 10:48:21 ip-86-241-49 pppd[364]: Deflate (15) compression enabled > Feb 12 10:48:22 ip-86-241-49 pppd[364]: local IP address 199.29.166.50 > Feb 12 10:48:22 ip-86-241-49 pppd[364]: remote IP address 199.29.166.70 > > ifconfig > > eth0 Link encap:Ethernet HWaddr 00:10:5A:7B:FA:BD > inet addr:63.86.241.49 Bcast:63.86.241.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:15209 errors:0 dropped:0 overruns:0 frame:0 > TX packets:10634 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:11 Base address:0x6100 > > eth1 Link encap:Ethernet HWaddr 00:D0:B7:AF:46:4F > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:9779 errors:0 dropped:0 overruns:0 frame:0 > TX packets:6466 errors:0 dropped:0 overruns:0 carrier:0 > collisions:2 txqueuelen:100 > Interrupt:9 Base address:0x6200 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:50 errors:0 dropped:0 overruns:0 frame:0 > TX packets:50 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > > ppp0 Link encap:Point-to-Point Protocol > inet addr:199.29.166.50 P-t-P:199.29.166.70 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:23 errors:0 dropped:0 overruns:0 frame:0 > TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:10 > > Server Linux 2.2.17 > > route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 172.31.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 199.29.166.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 199.29.166.2 0.0.0.0 UG 1 0 0 eth0 > PING 199.29.166.50 (199.29.166.50): 56 data bytes > > --- 199.29.166.50 ping statistics --- > 3 packets transmitted, 0 packets received, 100% packet loss > PING 199.29.166.70 (199.29.166.70): 56 data bytes > 64 bytes from 199.29.166.70: icmp_seq=0 ttl=255 time=0.2 ms > 64 bytes from 199.29.166.70: icmp_seq=1 ttl=255 time=0.0 ms > 64 bytes from 199.29.166.70: icmp_seq=2 ttl=255 time=0.0 ms > 64 bytes from 199.29.166.70: icmp_seq=3 ttl=255 time=0.0 ms > > --- 199.29.166.70 ping statistics --- > 4 packets transmitted, 4 packets received, 0% packet loss > round-trip min/avg/max = 0.0/0.0/0.2 ms > PING 199.29.166.1 (199.29.166.1): 56 data bytes > 64 bytes from 199.29.166.1: icmp_seq=0 ttl=64 time=0.9 ms > 64 bytes from 199.29.166.1: icmp_seq=1 ttl=64 time=0.4 ms > 64 bytes from 199.29.166.1: icmp_seq=2 ttl=64 time=0.5 ms > > --- 199.29.166.1 ping statistics --- > 3 packets transmitted, 3 packets received, 0% packet loss > round-trip min/avg/max = 0.4/0.6/0.9 ms > > > /etc/pptpd.conf > ############################################################################ > #### > # > # Sample PoPToP configuration file > # > # for PoPToP version 1.0.1 > # > ############################################################################ > #### > > # TAG: speed > # > # Specifies the speed for the PPP daemon to talk at. > # Some PPP daemons will ignore this value. > # > speed 115200 > > # TAG: option > # > # Specifies the location of the PPP options file. > # By default PPP looks in '/etc/ppp/options' > # > #option /this/is/the/options/file > > # TAG: debug > # > # Turns on (more) debugging to syslog. > # > debug > > # TAG: localip > # TAG: remoteip > # > # Specifies the local and remote IP address ranges. > # > # You can specify single IP addresses seperated by commas or you can > # specify ranges, or both. For example: > # > # 192.168.0.234,192.168.0.245-249,192.168.0.254 > # > # IMPORTANT RESTRICTIONS: > # > # 1. No spaces are permitted between commas or within addresses. > # > # 2. If you give more IP addresses than MAX_CONNECTIONS, it will > # start at the beginning of the list and go until it gets > # MAX_CONNECTIONS IPs. Others will be ignored. > # > # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, > # you must type 234-238 if you mean this. > # > # 4. If you give a single localIP, that's ok - all local IPs will > # be set to the given one. You MUST still give at least one remote > # IP for each simultaneous client. > # > localip 199.29.166.50-69 > remoteip 199.29.166.70-89 > > # TAG: ipxnets > # > # This gives the range of IPX networks to allocate to clients. By > # default IPX network number allocation is not handled internally. > # By putting a low and high network number here a pool of IPX networks > # can be defined. If this is done then there must be one IPX network > # per client. > # > # The format is a pair of hex numbers without any 0x prefix separated > # by a hyphen. > # > #ipxnets 00001000-00001FFF > > # TAG: listen > # > # Defines the IP address of the local interface on which pptpd > # should listen for connections. The default is to listen on all > # local interfaces (even ones brought up by pptp connections, thus > # permitting pptp tunnels inside the pptp tunnels). > # > #listen 199.29.166.8 > > # TAG: pidfile > # > # This defines the file name in which pptpd should store its process > # ID (or pid). The default is /var/run/pptpd.pid. > # > #pidfile /var/run/pptpd.pid > > /etc/ppp/options > debug > name vpn > auth > require-chap > proxyarp > > ifconfig > > eth0 Link encap:Ethernet HWaddr 00:50:04:81:5D:FA > inet addr:199.29.166.8 Bcast:199.29.166.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:115362 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4346 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:10 Base address:0xde00 > > eth1 Link encap:Ethernet HWaddr 52:54:05:DE:8D:50 > inet addr:172.31.1.1 Bcast:172.31.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:9 Base address:0xdc00 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:50 errors:0 dropped:0 overruns:0 frame:0 > TX packets:50 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > > ppp0 Link encap:Point-to-Point Protocol > inet addr:199.29.166.70 P-t-P:199.29.166.50 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:11 errors:0 dropped:0 overruns:0 frame:0 > TX packets:69 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:10 > > > Douglas J. Olivier > Network Administrator > Bonded Collections of Tucson Inc. > 520.322.7283 > From christian.tardif at videotron.ca Mon Feb 12 20:31:28 2001 From: christian.tardif at videotron.ca (Christian Tardif) Date: Mon, 12 Feb 2001 21:31:28 -0500 Subject: [pptp-server] Kernel 2.4.0? In-Reply-To: References: <01012912422200.01094@levski> Message-ID: <5.0.2.1.2.20010212213009.00a6f530@pop.videotron.ca> At 10:30 29-01-2001 -0800, you wrote: >I just got it going with 2.4.1pre-10. > >I built PPP into the kernel (along with all the PPP extras), >then I made a /dev/ppp device: > > # mknod /dev/ppp c 108 0 > # chmod 600 /dev/ppp > >I had to add a rule to IPTABLES to open port 1723. > >That was it, basic poptop up and running. Could you send me a draft of your setup (connexions + iptables relative to PPTPD) ? It would be helpful. I'm having a hard time trying to make this work... From greg at aftech.net Mon Feb 12 22:08:57 2001 From: greg at aftech.net (Greg Hoffman) Date: Mon, 12 Feb 2001 20:08:57 -0800 Subject: [pptp-server] PREMIUM VersaCheck 2001 References: <200102130334.VAA60187@poontang.schulte.org> Message-ID: <001f01c09572$b0e85380$3c00a8c0@aftech.net> What is this crap?? ----- Original Message ----- From: Financial Advisor To: Sent: Monday, February 12, 2001 7:55 PM Subject: [pptp-server] PREMIUM VersaCheck 2001 > To: MIDWEST ENGINEERING SYSTEMS INC > > POWERFUL > VERSACHECK 2001 Premium > Create and Print fully bankable Custom Checks! > > Allows you to print bank accepted checks on-demand using regular paper or blank security check paper > available online or at major office superstores and computer retailers. > > Even prints the bank code line at the bottom of the check, your address with logo and all details required > by banks and retailers. > > Click on the following link for more details: > http://www.g7ps.com/scripts/premium.asp > > > Thank you very much. > Yours truly, > > sales at g7ps.com > 800-303-2620 > > If you do not want to hear about product news in the future, click on: > http://www.globalzon2k.com/scripts/mf_de.asp?e=pptp-server at lists.schulte.org > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From hjw at superstar.co.kr Tue Feb 13 06:36:48 2001 From: hjw at superstar.co.kr (=?ks_c_5601-1987?B?x8/BpL/s?=) Date: Tue, 13 Feb 2001 21:36:48 +0900 Subject: [pptp-server] can't connection pptp server Message-ID: <000801c095b9$a90d8da0$2e3befcb@superstar.co.kr> hi !!! pptp client : windows 98 pptp server : linux kerner version 2.2.14 test bed pptp Client : win98 pptpserver Linux 203.239.59.212 ------- eth0 203.23.59.210 eth1 203.239.59.96/27 RedHat-PoPToP HOWTO I don't know that , so i did not - 9. Edit /etc/inittab and comment out the reference to pptpd. We will use the pptpd daemon. [init Q] # rereads /etc/inittab - 4.2 Adding fixed IP addresses based on userid - 4.3 Adding packet reordering pptp server is - #ipchains -L Chain input(polocy ACCEPT): Chain forward(polocy ACCEPT): Chain output(polocy ACCEPT): - echo 1 > /proc/sys/net/ipv4/ip_forward pptp Client - perfect setting Q1. Why??? pptp Client ------->direct<------- pptp server : succeed but pptp Client ---modem--->IPS----->pptp server : Failed Client side errors Error 629: You have disconnected from the computer you dialed..... Error 650: The Remote Access server is not responding. - run the pptpd daemon [pptpd -d] ==> Is's OK!!! - /etc/services ==>pptp 1723/tcp pptp - /etc/protocols ==> pptp 47 pptp - /etc/inetd.conf ==> pptpcrl stream tcp nowait root /usr/sbin/tcp /ur/local/sbin/pptpctrl 1 1 1 1 1 1 pptpctrl what's the matter ?.?; Q2. what's mean /etc/pptpd.conf localip, remoteip ==> what's mean?? how that setting ?? thank so much!! *^^* have a nice day!!! -------------- next part -------------- An HTML attachment was scrubbed... URL: From ms at marcant.net Tue Feb 13 06:53:59 2001 From: ms at marcant.net (Matthias Suencksen) Date: Tue, 13 Feb 2001 12:53:59 +0000 Subject: [pptp-server] ppp_mppe doesn't support PFC Message-ID: <3A893C77.1628951C@marcant.net> Hi, looks like a interesting patch as other compressor (e.g. deflate) seem to handle pfc already. What client did you use (or what options did you enable) - windows98 at least doesn't do pfc even if negotiated during lcp. -- Matthias From coelho at persogo.com.br Tue Feb 13 08:19:41 2001 From: coelho at persogo.com.br (Leonardo Rodrigues) Date: Tue, 13 Feb 2001 11:19:41 -0300 Subject: [pptp-server] CTRL: PTY read or GRE write failed Message-ID: <5.0.2.1.2.20010213111524.00a5cca0@pop.persogo.com.br> Hello guys, I'm having problems with pptpd. This is my /var/log/messages file: Feb 13 10:58:25 firewall pptpd[879]: CTRL: Client 200.209.153.40 control connection started Feb 13 10:58:25 firewall pptpd[879]: CTRL: Starting call (launching pppd, opening GRE) Feb 13 10:58:25 firewall kernel: registered device ppp0 Feb 13 10:58:25 firewall pptpd[879]: GRE: read(fd=5,buffer=804d8a0,len=8196) from PTY failed: status = -1 error = Input/output error Feb 13 10:58:25 firewall pptpd[879]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Feb 13 10:58:25 firewall pptpd[879]: CTRL: Client 200.209.153.40 control connection finished This is /etc/pptpd.conf: speed 115200 option /etc/ppp/options.pptp debug localip 192.168.0.50-100 remoteip 192.168.1.50-100 listen 200.200.88.178 pidfile /var/run/pptpd.pid this is options.pptp: lock debug auth +chap Finally, pptpd was hand compiled, with: ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-pppd-ip-alloc I've searched the list archive, and noticed there are some guys with the same problem ( GRE 5,6 ) ... but I couldn't find a solution. Do anybody knows how to get this working ..... do anybody knows whats the REAL cause of this error ??? kernel 2.2.18 and ppp 2.3.11-4 Hope hearing from you soon, Leonardo Rodrigues From santtu.hyrkko at hut.fi Tue Feb 13 08:21:48 2001 From: santtu.hyrkko at hut.fi (Santtu =?iso-8859-1?q?Hyrkk=F6?=) Date: 13 Feb 2001 16:21:48 +0200 Subject: [pptp-server] ppp_mppe doesn't support PFC In-Reply-To: <3A893C77.1628951C@marcant.net> References: <3A893C77.1628951C@marcant.net> Message-ID: <871yt28xz7.fsf@ab62d3hel.dial.kolumbus.fi> Matthias Suencksen writes: > Hi, > > looks like a interesting patch as other compressor (e.g. deflate) > seem to handle pfc already. What client did you use (or what options > did you enable) - windows98 at least doesn't do pfc even if negotiated > during lcp. The client I'm using is "pptp-linux 1.0.2" on Debian Linux. The server is (if I remember correctly) some BSD box. I don't know what sofware it's running. I tried almost all possible combinations of 'nopcomp', 'nodeflate', 'novj' etc. but had no luck: the server always used pfc inside the mppe encoded frames. (or so it seems, it might also be an off by one bug somewhere in pptp client's ppp-gre conversion). With the patch I posted here I've had no problems whatsoever. My current /etc/ppp/options has only 'nopcomp' besides the obvious ones, but I think it works even without it. -- Santtu Hyrkk? From dlandgre at bpinet.com Tue Feb 13 11:31:43 2001 From: dlandgre at bpinet.com (David LANDGREN) Date: Tue, 13 Feb 2001 18:31:43 +0100 Subject: [pptp-server] Multiple clients Message-ID: Hello, I have a pptp setup that is nearly perfect, except that multiple people are meant to be able to use it, but as things stand only one person at a time is able to. My ppp.conf file looks, in part, like this pptp: set log phase lcp ipcp debug tun command set timeout 0 set speed 115200 set ifaddr 192.168.4.1/24 192.168.5.1/24 255.255.255.0 set server /tmp/pptploop%d "" 0177 That is, the remote and local addresses are from 192.168.4.1 to 192.168.4.254 and 192.168.5.1 to 192.168.5.254. The /tmp/pptploop%d works correctly, I see sockets being created, named pptploop0 pptploop1 and so on. The problem, however, is that the second and subsequent connection also wants to use the remote and local addresses 192.168.4.1 and 192.168.5.1 instead of, say 192.168.4.2 and 192.168.5.2. I've tried fiddling with the address mask, 255.255.255.255 or 255.255.255.0 but that doesn't have any effect. Thus, the only address that gets attributed is 192.168.4.1, hence only one person at a time. What is the error of my ways? Thanks, David From giulioo at pobox.com Tue Feb 13 16:34:39 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Tue, 13 Feb 2001 23:34:39 +0100 Subject: [pptp-server] Follow-up to problem compiling ppp.c In-Reply-To: <01021211273604.01336@linux> References: <01021211273604.01336@linux> Message-ID: <20010213223702.B466A163B0@i3.golden.dom> On Mon, 12 Feb 2001 11:27:36 -0600, you wrote: >The showstopper is: >ppp.c: In function: 'rcv_proto_unknown': ppp.c:2563: too few arguments to >function 'kill_fasync_R8e941aa8' >The compile then exits with error 2. >I've found that editing the line of code for kill_fasync and adding ", >POLL_IN" (no quotes of course) before the closing ) allows the module to I use redhat kernels as a base. I've been using 2.2.16-22 for some time now, and today I compiled mppe with the new 2.2.17-14. ppp_mppe loads succesfully in 2.2.17 but couldn't try pptpd yet. I get the 2 warnings ppp.c:188: warning: static declaration for 'ppp_register_compression_R9682e733' follows non-static ppp.c:189: warning: static declaration for 'ppp_unregister_compression_Ra1b9928df' follows non-static both in 2.2.16 and 2.2.17 and I just ignore them. drivers/net/ppp.c is the same in redhat2.2.16+mppe and redhat2.2.17+mppe This is the diff between the original linux/ppp.c of ppp-2.3.11 and the ppp.c in drivers/net (word wrap will break it): =========== --- ppp-2.3.11/linux/ppp.c Thu Dec 23 02:48:45 1999 +++ rhat70a/BUILD/linux/drivers/net/ppp.c Tue Feb 13 23:21:15 2001 @@ -77,6 +77,9 @@ #include /* used in new tty drivers */ #include #include +#if LINUX_VERSION_CODE < VERSION(2,2,0) +#include +#endif #include #include #include @@ -2351,6 +2354,7 @@ if (new_count == DECOMP_FATALERROR) { ppp->flags |= SC_DC_FERROR; } else { + if (ppp->sc_rcomp->compress_proto!=CI_MPPE) ppp->flags |= SC_DC_ERROR; } } @@ -2556,7 +2560,7 @@ wake_up_interruptible (&ppp->read_wait); if (ppp->tty->fasync != NULL) - kill_fasync (ppp->tty->fasync, SIGIO); + kill_fasync (ppp->tty->fasync, SIGIO, POLL_IN); return 1; } ============= POLL_IN is added by hand, the remaining is due to ppp-2.3.11-openssl-0.9.5-mppe.patch that gets applied to ppp.c before it is installed in the kernel tree. $ uname -r 2.2.17-14.g1 $ lsmod|grep ppp ppp_mppe 13584 0 (unused) ppp 20012 0 [ppp_mppe] slhc 4328 0 [ppp] $ -- giulioo at pobox.com From jdonahue at agiletech.com Tue Feb 13 18:49:56 2001 From: jdonahue at agiletech.com (jdonahue at agiletech.com) Date: Tue, 13 Feb 2001 19:49:56 -0500 Subject: [pptp-server] Error While compiling modules Message-ID: Any help here is GREATLY appreciated... I have been able to get vpn working without encryption without any problems. The trouble comes in when I try to add encryption...I've done this several times, always with different errors while compiling the modules. Here's the situation I face now: I overcame one compile error about `PPP_MAGIC' undeclared (first use in this function) make[1]: *** [ppp.o] Error 1 by adding some lines to /usr/src/linux/include/linux/if_ppp.h then tried re-compiling, this is where is starts to go bad : /usr/src/linux/include/asm/processor.h:96: warning: `cpu_data' redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:6: warning: this is the location of the previous definition In file included from /usr/src/linux/include/linux/interrupt.h:51, from ppp_mppe.c:39: /usr/src/linux/include/asm/hardirq.h:23: warning: `synchronize_irq' redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:138: warning: this is the location of the previous definition In file included from /usr/src/linux/include/linux/interrupt.h:52, from ppp_mppe.c:39: /usr/src/linux/include/asm/softirq.h:75: warning: `synchronize_bh' redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:142: warning: this is the location of the previous definition ppp_mppe.c:66: rc4.h: No such file or directory ppp_mppe.c:67: rc4_enc.c: No such file or directory ppp_mppe.c:68: rc4_skey.c: No such file or directory ppp_mppe.c:77: parse error before `RC4_KEY' ppp_mppe.c:77: warning: no semicolon at end of struct or union ppp_mppe.c:78: warning: type defaults to `int' in declaration of `RC4_recv_key' ppp_mppe.c:78: warning: data definition has no type or storage class ppp_mppe.c:91: parse error before `}' ppp_mppe.c: In function `mppe_synchronize_key': ppp_mppe.c:105: warning: implicit declaration of function `RC4_set_key' ppp_mppe.c:105: dereferencing pointer to incomplete type ppp_mppe.c:105: dereferencing pointer to incomplete type ppp_mppe.c:105: dereferencing pointer to incomplete type ppp_mppe.c:106: dereferencing pointer to incomplete type ppp_mppe.c:106: dereferencing pointer to incomplete type ppp_mppe.c:106: dereferencing pointer to incomplete type ppp_mppe.c:108: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_initialize_key': ppp_mppe.c:116: dereferencing pointer to incomplete type ppp_mppe.c:116: dereferencing pointer to incomplete type ppp_mppe.c:117: dereferencing pointer to incomplete type ppp_mppe.c:117: dereferencing pointer to incomplete type ppp_mppe.c:118: dereferencing pointer to incomplete type ppp_mppe.c:118: dereferencing pointer to incomplete type ppp_mppe.c:119: dereferencing pointer to incomplete type ppp_mppe.c:119: dereferencing pointer to incomplete type ppp_mppe.c:121: dereferencing pointer to incomplete type ppp_mppe.c:123: dereferencing pointer to incomplete type ppp_mppe.c:123: dereferencing pointer to incomplete type ppp_mppe.c:124: dereferencing pointer to incomplete type ppp_mppe.c:124: dereferencing pointer to incomplete type ppp_mppe.c:125: dereferencing pointer to incomplete type ppp_mppe.c:125: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_change_key': ppp_mppe.c:139: dereferencing pointer to incomplete type ppp_mppe.c:139: dereferencing pointer to incomplete type ppp_mppe.c:140: dereferencing pointer to incomplete type ppp_mppe.c:141: dereferencing pointer to incomplete type ppp_mppe.c:141: dereferencing pointer to incomplete type ppp_mppe.c:142: dereferencing pointer to incomplete type ppp_mppe.c:145: dereferencing pointer to incomplete type ppp_mppe.c:145: dereferencing pointer to incomplete type ppp_mppe.c:146: dereferencing pointer to incomplete type ppp_mppe.c:146: dereferencing pointer to incomplete type ppp_mppe.c:149: warning: implicit declaration of function `RC4' ppp_mppe.c:149: dereferencing pointer to incomplete type ppp_mppe.c:149: dereferencing pointer to incomplete type ppp_mppe.c:150: dereferencing pointer to incomplete type ppp_mppe.c:151: dereferencing pointer to incomplete type ppp_mppe.c:151: dereferencing pointer to incomplete type ppp_mppe.c:152: dereferencing pointer to incomplete type ppp_mppe.c:154: dereferencing pointer to incomplete type ppp_mppe.c:157: dereferencing pointer to incomplete type ppp_mppe.c:157: dereferencing pointer to incomplete type ppp_mppe.c:158: dereferencing pointer to incomplete type ppp_mppe.c:158: dereferencing pointer to incomplete type ppp_mppe.c:159: dereferencing pointer to incomplete type ppp_mppe.c:159: dereferencing pointer to incomplete type ppp_mppe.c:163: dereferencing pointer to incomplete type ppp_mppe.c:163: dereferencing pointer to incomplete type ppp_mppe.c:163: dereferencing pointer to incomplete type ppp_mppe.c:164: dereferencing pointer to incomplete type ppp_mppe.c:164: dereferencing pointer to incomplete type ppp_mppe.c:164: dereferencing pointer to incomplete type ppp_mppe.c:166: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_comp_alloc': ppp_mppe.c:275: dereferencing pointer to incomplete type ppp_mppe.c:281: sizeof applied to an incomplete type ppp_mppe.c:281: sizeof applied to an incomplete type ppp_mppe.c:281: sizeof applied to an incomplete type ppp_mppe.c:281: sizeof applied to an incomplete type ppp_mppe.c:281: sizeof applied to an incomplete type ppp_mppe.c:281: sizeof applied to an incomplete type ppp_mppe.c:284: dereferencing pointer to incomplete type ppp_mppe.c:284: dereferencing pointer to incomplete type ppp_mppe.c:286: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c:288: dereferencing pointer to incomplete type ppp_mppe.c:288: dereferencing pointer to incomplete type ppp_mppe.c:288: dereferencing pointer to incomplete type ppp_mppe.c:288: dereferencing pointer to incomplete type ppp_mppe.c:288: dereferencing pointer to incomplete type ppp_mppe.c:288: dereferencing pointer to incomplete type ppp_mppe.c:288: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_comp_init': ppp_mppe.c:308: dereferencing pointer to incomplete type ppp_mppe.c:309: dereferencing pointer to incomplete type ppp_mppe.c:310: dereferencing pointer to incomplete type ppp_mppe.c:314: dereferencing pointer to incomplete type ppp_mppe.c:314: dereferencing pointer to incomplete type ppp_mppe.c:316: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c:318: dereferencing pointer to incomplete type ppp_mppe.c:318: dereferencing pointer to incomplete type ppp_mppe.c:318: dereferencing pointer to incomplete type ppp_mppe.c:318: dereferencing pointer to incomplete type ppp_mppe.c:318: dereferencing pointer to incomplete type ppp_mppe.c:318: dereferencing pointer to incomplete type ppp_mppe.c:318: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_decomp_init': ppp_mppe.c:338: dereferencing pointer to incomplete type ppp_mppe.c:339: dereferencing pointer to incomplete type ppp_mppe.c:340: dereferencing pointer to incomplete type ppp_mppe.c:341: dereferencing pointer to incomplete type ppp_mppe.c:345: dereferencing pointer to incomplete type ppp_mppe.c:345: dereferencing pointer to incomplete type ppp_mppe.c:347: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c:349: dereferencing pointer to incomplete type ppp_mppe.c:349: dereferencing pointer to incomplete type ppp_mppe.c:349: dereferencing pointer to incomplete type ppp_mppe.c:349: dereferencing pointer to incomplete type ppp_mppe.c:349: dereferencing pointer to incomplete type ppp_mppe.c:349: dereferencing pointer to incomplete type ppp_mppe.c:349: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_comp_reset': ppp_mppe.c:365: dereferencing pointer to incomplete type ppp_mppe.c:366: dereferencing pointer to incomplete type ppp_mppe.c:367: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_update_count': ppp_mppe.c:376: dereferencing pointer to incomplete type ppp_mppe.c:378: dereferencing pointer to incomplete type ppp_mppe.c:380: dereferencing pointer to incomplete type ppp_mppe.c:381: dereferencing pointer to incomplete type ppp_mppe.c:383: dereferencing pointer to incomplete type ppp_mppe.c:387: dereferencing pointer to incomplete type ppp_mppe.c:390: dereferencing pointer to incomplete type ppp_mppe.c:391: dereferencing pointer to incomplete type ppp_mppe.c:393: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_compress': ppp_mppe.c:432: dereferencing pointer to incomplete type ppp_mppe.c:432: dereferencing pointer to incomplete type ppp_mppe.c:433: dereferencing pointer to incomplete type ppp_mppe.c:436: dereferencing pointer to incomplete type ppp_mppe.c:440: dereferencing pointer to incomplete type ppp_mppe.c:443: dereferencing pointer to incomplete type ppp_mppe.c:444: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_comp_stats': ppp_mppe.c:460: dereferencing pointer to incomplete type ppp_mppe.c:460: dereferencing pointer to incomplete type ppp_mppe.c:461: dereferencing pointer to incomplete type ppp_mppe.c:461: dereferencing pointer to incomplete type ppp_mppe.c:464: dereferencing pointer to incomplete type ppp_mppe.c:464: dereferencing pointer to incomplete type ppp_mppe.c:464: dereferencing pointer to incomplete type ppp_mppe.c:466: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_decompress': ppp_mppe.c:480: dereferencing pointer to incomplete type ppp_mppe.c:482: dereferencing pointer to incomplete type ppp_mppe.c:491: dereferencing pointer to incomplete type ppp_mppe.c:492: dereferencing pointer to incomplete type ppp_mppe.c:493: dereferencing pointer to incomplete type ppp_mppe.c:496: dereferencing pointer to incomplete type ppp_mppe.c:500: dereferencing pointer to incomplete type ppp_mppe.c:501: dereferencing pointer to incomplete type ppp_mppe.c:503: dereferencing pointer to incomplete type ppp_mppe.c:503: dereferencing pointer to incomplete type ppp_mppe.c:506: dereferencing pointer to incomplete type ppp_mppe.c:525: dereferencing pointer to incomplete type ppp_mppe.c:530: dereferencing pointer to incomplete type ppp_mppe.c:532: dereferencing pointer to incomplete type ppp_mppe.c:533: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_incomp': ppp_mppe.c:546: dereferencing pointer to incomplete type ppp_mppe.c:547: dereferencing pointer to incomplete type {standard input}: Assembler messages: {standard input}:9: Warning: Ignoring changed section attributes for .modinfo make[1]: *** [ppp_mppe.o] Error 1 make[1]: Leaving directory `/usr/src/linux-2.2.16/drivers/net' make: *** [_mod_drivers/net] Error 2 And there you have it...please HELP!!! From dschoi at superstar.co.kr Tue Feb 13 22:51:12 2001 From: dschoi at superstar.co.kr (DaeSooChoi) Date: Wed, 14 Feb 2001 13:51:12 +0900 Subject: [pptp-server] MS clients cannot connect to PoPToP through ISP Message-ID: Hi I have a pptp-server running that has no problems with MS windows clients over local LAN connecting, but when my MS windows client attempts to connect to pptp-server through dialing-up isp. MS pptp client <------------local lan---------------> Linux PoPToP server (connection OK) (problem) MS pptt client <---dialing---> (through)ISP <------------internet------------> Linux PoPToP server ( connected (like below message)but disconnected immediately) I get errors like below. -------------------------------- Feb 14 11:34:10 localhost pptpd[5848]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Feb 14 11:34:10 localhost pptpd[5848]: CTRL: pppd speed = 115200 Feb 14 11:34:10 localhost pptpd[5848]: CTRL: pppd options file = /etc/ppp/options.pptp Feb 14 11:34:10 localhost pptpd[5848]: CTRL: Client 203.252.3.27 control connection started Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Received PPTP Control Message (type: 1) Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Made a START CTRL CONN RPLY packet Feb 14 11:34:11 localhost pptpd[5848]: CTRL: I wrote 156 bytes to the client. Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Sent packet to client Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Received PPTP Control Message (type: 7) Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Set parameters to 0 maxbps, 16 window size Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Made a OUT CALL RPLY packet Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Starting call (launching pppd, opening GRE) Feb 14 11:34:11 localhost pptpd[5848]: CTRL: pty_fd = 5 Feb 14 11:34:11 localhost pptpd[5848]: CTRL: tty_fd = 6 Feb 14 11:34:11 localhost pptpd[5850]: CTRL (PPPD Launcher): Connection speed = 115200 Feb 14 11:34:11 localhost pptpd[5848]: CTRL: I wrote 32 bytes to the client. Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Sent packet to client Feb 14 11:34:41 localhost pptpd[5848]: GRE: read(fd=5,buffer=804d8a0,len=8196) from PTY failed: status = -1 error = intput/output error Feb 14 11:34:41 localhost pptpd[5848]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Feb 14 11:34:41 localhost pptpd[5848]: CTRL: Client 203.252.3.27 control connection finished Feb 14 11:34:41 localhost pptpd[5848]: CTRL: Exiting now Feb 14 11:34:41 localhost pptpd[5835]: MGR: Reaped child 5848 --------------------------- in /var/log/pptpd.log How can I solve "GRE: read from PTY failed ......" Any help appreciated. From awdavis at qicserv.net Tue Feb 13 23:56:49 2001 From: awdavis at qicserv.net (Andrew W. Davis) Date: Tue, 13 Feb 2001 23:56:49 -0600 Subject: [pptp-server] RH7 2.2.17 -> I've tried EVERYTHING & still NO WORKY! Message-ID: <3A8A1E1F.9EEAA30B@qicserv.net> ok...I can get everything to work just fine under the 2.2.12 kernel except 128-bit encryption, but that's just not good enough because then my box is prone to exploits. The problem I'm having is I can't get the dang modules to compile. It keeps comming up with PPP_MAGIC errors and I'm not able to apply the if_ppp_2.2.17.diff patch...I get hunk errors. I've tried both the RPM and tarball of 2.2.17 kernel and neither will patch or compile modules correctly. Using the tarball of ppp-2.3.11, here's the patches I'm applying: ppp-2.3.11-openssl-0.9.5-mppe.patch ppp_mppe_compressed_data_fix.diff pppsmb.pat strip-MSdomain-patch.diff I had to do some serious battle just to get the kernel to compile. Is there someone out there who has this same configuration (128-bit MPPE and password validation against smbpasswd support) who can just send me the modules I need?? Any and all help would be appreciated... Andrew From awdavis at qicserv.net Wed Feb 14 00:03:39 2001 From: awdavis at qicserv.net (Andrew W. Davis) Date: Wed, 14 Feb 2001 00:03:39 -0600 Subject: [pptp-server] RH7 2.2.17 -> I've tried EVERYTHING: correction Message-ID: <3A8A1FBA.151A60A0@qicserv.net> the PPP_MAGIC was an error in the kernel compile...sorry about that. the actuall error I get is the ppp.c --> ppp.o module compile. Andrew From georgec at dyb.com Wed Feb 14 01:13:31 2001 From: georgec at dyb.com (george csahanin) Date: Wed, 14 Feb 2001 01:13:31 -0600 Subject: [pptp-server] Cable Modem Problem References: <3A8A1E1F.9EEAA30B@qicserv.net> Message-ID: <001701c09655$a31dce40$0301a8c0@bdfrd1.tx.home.com> Anyone ever heard of AT&T suddenly not passing port 1723 to your cable modem? Really looks like that was what happenned to me today. Worked fine, was able to watch inside the house while travelling, then port 1723 no longer was "visible" Recompiled pptp and pptpd for port 1722, and while still not working for another reason, both sides saw each other... -George C From giulioo at pobox.com Wed Feb 14 01:34:08 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Wed, 14 Feb 2001 08:34:08 +0100 Subject: [pptp-server] Error While compiling modules In-Reply-To: References: Message-ID: <20010214073632.C6D8E15C5C@i3.golden.dom> On Tue, 13 Feb 2001 19:49:56 -0500, you wrote: >`PPP_MAGIC' undeclared (first use in this function) >make[1]: *** [ppp.o] Error 1 You need http://www.vibrationresearch.com/pptpd/if_ppp_2.2.17.diff >ppp_mppe.c:105: warning: implicit declaration of function `RC4_set_key' >ppp_mppe.c:105: dereferencing pointer to incomplete type You need ftp://ftp.binarix.com/pub/ppp-mppe/ppp-2.3.11-openssl-0.9.5-mppe.patch.gz Follow instructions you find at http://www.vibrationresearch.com/pptpd/example.html -- giulioo at pobox.com From giulioo at pobox.com Wed Feb 14 01:36:25 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Wed, 14 Feb 2001 08:36:25 +0100 Subject: [pptp-server] RH7 2.2.17 -> I've tried EVERYTHING: correction In-Reply-To: <3A8A1FBA.151A60A0@qicserv.net> References: <3A8A1FBA.151A60A0@qicserv.net> Message-ID: <20010214073849.A356B15C5C@i3.golden.dom> On Wed, 14 Feb 2001 00:03:39 -0600, you wrote: >the PPP_MAGIC was an error in the kernel compile...sorry about that. >the actuall error I get is the ppp.c --> ppp.o module compile. show the error. -- giulioo at pobox.com From alex at milton.king.net.nz Wed Feb 14 05:00:58 2001 From: alex at milton.king.net.nz (Alex King) Date: Thu, 15 Feb 2001 00:00:58 +1300 Subject: [pptp-server] 2.4 woes Message-ID: <20010215000058.A19565@milton.king.net.nz> I'm having this basic problem using pptp with linux 2.4.1: it doesn't work. (syslog included below:) After a little research tonight (reading the list archive) I realise one of my problems at least is likely to be my using pppd 2.3.11 (vs 2.4.0 which I should have). I selected a 2.4 kernel before considering the pptp issues because it supports my ide controler natively (an HPT366 on an ABIT MB), I would need to find a patch to use 2.2. My basic question is is it going to be easier to downgrade the kernel or do people have 2.4.1/ppp 2.4.0/pptpd working well now? Secondly, I'm just trying with standard kernel/pppd at the moment, no encryption. When I go to using encryption, can I build all the needed drivers in to the kernel, or do they need to be modules? I prefer to have my kernels setup without modules if possible. Finally, I'm using standard debian packages, I'd be interested in other debian users' experiences, and to know if there are debian packages floating around for mschap/mppe enabled kernel/pppd. Here is my present configuration: Win98 Internet Nokia Linux Router Private Client --- --- DSL Box --- PPTP Box --- network The nokia pinholes (reverse masquerades) the tcp control conection and proto 47 (if I have it set up correctly). Here is the extract from the logs: Feb 14 13:44:38 server pptpd[6635]: CTRL: Client 202.36.170.118 control connection started Feb 14 13:44:39 server pptpd[6635]: CTRL: Starting call (launching pppd, opening GRE) Feb 14 13:44:39 server pppd[6636]: pppd 2.3.11 started by root, uid 0 Feb 14 13:44:39 server pppd[6636]: ioctl(PPPIOCGFLAGS): Invalid argument Feb 14 13:44:39 server pppd[6636]: tcsetattr: Invalid argument Feb 14 13:44:39 server pppd[6636]: Exit. Feb 14 13:44:39 server pptpd[6635]: GRE: read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = Input/output error Feb 14 13:44:39 server pptpd[6635]: CTRL: PTY read or GRE write failed (pty,gre) =(5,6) Feb 14 13:44:39 server pptpd[6635]: CTRL: Client 202.36.170.118 control connection finished From msuencks at marcant.de Wed Feb 14 05:41:46 2001 From: msuencks at marcant.de (Matthias Suencksen) Date: Wed, 14 Feb 2001 12:41:46 +0100 Subject: [pptp-server] MS clients cannot connect to PoPToP through ISP In-Reply-To: Message-ID: "DaeSooChoi" wrote: > > Hi > I have a pptp-server running that has no problems with MS windows clients over local LAN connecting, > but when my MS windows client attempts to connect to pptp-server through dialing-up isp. > > MS pptp client <------------local lan---------------> Linux PoPToP server (connection OK) > (problem) MS pptt client <---dialing---> (through)ISP <------------internet------------> Linux PoPToP server ( connected (like below message)but disconnected immediately) > > I get errors like below. > -------------------------------- > Feb 14 11:34:10 localhost pptpd[5848]: MGR: Launching /usr/local/sbin/pptpctrl to handle client > Feb 14 11:34:10 localhost pptpd[5848]: CTRL: pppd speed = 115200 > Feb 14 11:34:10 localhost pptpd[5848]: CTRL: pppd options file = /etc/ppp/options.pptp > Feb 14 11:34:10 localhost pptpd[5848]: CTRL: Client 203.252.3.27 control connection started > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Received PPTP Control Message (type: 1) > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Made a START CTRL CONN RPLY packet > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: I wrote 156 bytes to the client. > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Sent packet to client > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Received PPTP Control Message (type: 7) > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Set parameters to 0 maxbps, 16 window size > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Made a OUT CALL RPLY packet > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Starting call (launching pppd, opening GRE) > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: pty_fd = 5 > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: tty_fd = 6 > Feb 14 11:34:11 localhost pptpd[5850]: CTRL (PPPD Launcher): Connection speed = 115200 > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: I wrote 32 bytes to the client. > Feb 14 11:34:11 localhost pptpd[5848]: CTRL: Sent packet to client .. it would be interesting what happend in the 30 seconds between the above line and the line below. Usually there should be some output from pppd ( use "debug" in the pppd-options file and enable *.debug in syslog ) If pppd says "timeout sending lcp request" your ISP possibly filters GRE packets but until now I would suspect a pppd problem. -- Matthias > Feb 14 11:34:41 localhost pptpd[5848]: GRE: read(fd=5,buffer=804d8a0,len=8196) from PTY failed: status = -1 error = intput/output error > Feb 14 11:34:41 localhost pptpd[5848]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) > Feb 14 11:34:41 localhost pptpd[5848]: CTRL: Client 203.252.3.27 control connection finished > Feb 14 11:34:41 localhost pptpd[5848]: CTRL: Exiting now > Feb 14 11:34:41 localhost pptpd[5835]: MGR: Reaped child 5848 > --------------------------- > in /var/log/pptpd.log > How can I solve "GRE: read from PTY failed ......" > > Any help appreciated. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > > -- Out-of-order Execution (Feature von modernen Microprozessoren) From msuencks at marcant.de Wed Feb 14 05:47:11 2001 From: msuencks at marcant.de (Matthias Suencksen) Date: Wed, 14 Feb 2001 12:47:11 +0100 Subject: [pptp-server] 2.4 woes In-Reply-To: <20010215000058.A19565@milton.king.net.nz> Message-ID: Alex King wrote: [..] > Feb 14 13:44:39 server pppd[6636]: pppd 2.3.11 started by root, uid 0 > Feb 14 13:44:39 server pppd[6636]: ioctl(PPPIOCGFLAGS): Invalid > argument try to start pppd from the shell and look if it outputs the typical "ppp garbage". If it exits instead with an error message either the pppd is not compiled with the 2.4x includes or the kernel has not the needed options configured ( afair you need async_ppp driver) -- Matthias > Feb 14 13:44:39 server pppd[6636]: tcsetattr: Invalid argument > Feb 14 13:44:39 server pppd[6636]: Exit. > Feb 14 13:44:39 server pptpd[6635]: GRE: > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error > = Input/output error > Feb 14 13:44:39 server pptpd[6635]: CTRL: PTY read or GRE write > failed (pty,gre) =(5,6) > Feb 14 13:44:39 server pptpd[6635]: CTRL: Client 202.36.170.118 > control connection finished > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > > -- Out-of-order Execution (Feature von modernen Microprozessoren) From aaa at netman.dk Wed Feb 14 06:44:36 2001 From: aaa at netman.dk (Alaa AlAmood) Date: Wed, 14 Feb 2001 13:44:36 +0100 Subject: [pptp-server] Ignored a SET LINK INFO Message-ID: <3A8A7DB4.5030901@netman.dk> Hi What dose the following message means, in pptp log file "Ignored a SET LINK INFO packet with real ACCMs" thanks Alaa From david_luyer at pacific.net.au Wed Feb 14 07:18:41 2001 From: david_luyer at pacific.net.au (David Luyer) Date: Thu, 15 Feb 2001 00:18:41 +1100 Subject: [pptp-server] Ignored a SET LINK INFO In-Reply-To: Message from Alaa AlAmood of "Wed, 14 Feb 2001 13:44:36 BST." <3A8A7DB4.5030901@netman.dk> References: <3A8A7DB4.5030901@netman.dk> Message-ID: <200102141318.f1EDIfs13583@typhaon.pacific.net.au> > Hi > > What dose the following message means, in pptp log file > > "Ignored a SET LINK INFO packet with real ACCMs" It means that you have a client using WIN2K :-) Or, to be more precise, it means that the PPTP server ignored a packet of type "SET LINK INFO" with real ACCM values. ACCMs are used to specify character mappings due to unusable characters over links. Which is all relatively unlikely given that the GRE is travelling over an IP link, perhaps you could use it to make all +'s be escaped and prevent + + + A T H 0 disconnects... but it's not implemented in the current pptpd. While you might think that it's a complete waste given that the pppd underneath has its own ACCMs, well, you might be right actually :-) It's just like the flow control which isn't implemented in pptpd since it's a fundamentally flawed algorithm and all the protocols inside the pptpd tunnel will have flow control algorithms of their own anyway. Read rfc2637 and look for some of the obvious errors people on this list e-mailed the authors about, such as section 3.1.2 which suggests in its ascii art diagram that a start ctl connection request should be used to stop a control connection (oops)... the authors of the draft ignored all input and went forward to produce an RFC which matched neither sanity nor existing implementations. David. -- David Luyer Phone: +61 3 9674 7525 Senior Network Engineer P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 2983 http://www.pacific.net.au/ NASDAQ: PCNTF From aaa at netman.dk Wed Feb 14 07:43:24 2001 From: aaa at netman.dk (Alaa AlAmood) Date: Wed, 14 Feb 2001 14:43:24 +0100 Subject: [pptp-server] Ignored a SET LINK INFO References: <3A8A7DB4.5030901@netman.dk> <200102141318.f1EDIfs13583@typhaon.pacific.net.au> Message-ID: <3A8A8B7C.2050601@netman.dk> Thnak you very much Alaa David Luyer wrote: >> Hi >> >> What dose the following message means, in pptp log file >> >> "Ignored a SET LINK INFO packet with real ACCMs" > > > It means that you have a client using WIN2K :-) > > Or, to be more precise, it means that the PPTP server ignored a packet of type > "SET LINK INFO" with real ACCM values. ACCMs are used to specify character > mappings due to unusable characters over links. Which is all relatively > unlikely given that the GRE is travelling over an IP link, perhaps you could > use it to make all +'s be escaped and prevent + + + A T H 0 disconnects... > but it's not implemented in the current pptpd. While you might think that > it's a complete waste given that the pppd underneath has its own ACCMs, well, > you might be right actually :-) It's just like the flow control which isn't > implemented in pptpd since it's a fundamentally flawed algorithm and all the > protocols inside the pptpd tunnel will have flow control algorithms of their > own anyway. > > Read rfc2637 and look for some of the obvious errors people on this list > e-mailed the authors about, such as section 3.1.2 which suggests in its > ascii art diagram that a start ctl connection request should be used to > stop a control connection (oops)... the authors of the draft ignored all > input and went forward to produce an RFC which matched neither sanity nor > existing implementations. > > David. -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaa at netman.dk Wed Feb 14 08:43:42 2001 From: aaa at netman.dk (Alaa AlAmood) Date: Wed, 14 Feb 2001 15:43:42 +0100 Subject: [pptp-server] password expirations Message-ID: <3A8A999E.6020307@netman.dk> Hi Is it possible in some how to have password expiration, using pptpd server and windows clients thnaks Alaa From len at ghy.com Wed Feb 14 09:48:11 2001 From: len at ghy.com (Leonard L. Goldenstein) Date: Wed, 14 Feb 2001 09:48:11 -0600 Subject: [pptp-server] Windows ME Success? In-Reply-To: <3A8A999E.6020307@netman.dk> Message-ID: Hi, I haven't seen much mentioned on the list about Windows ME client support? Anyone had any success using Windows ME as a client? I had one user today try to connect to PPTP 1.1.2 from Windows ME. The setup on the client end seemed to be consistent with the Windows 98SE client setup. The user was able to authenticate but the connection was quickly terminate with Windows ME claiming that the server did not support the required encryption protocol. Funny thing is that the server said the user connected at 128bit encryption. Well, all I know is that everything works fine with Windows 98 clients. Anyone got tips for Windows ME clients? Thanks a bunch. ----------------------------------------------------- Leonard L. Goldenstein Information Services Consultant Geo. H. Young & Co. Ltd. 809 - 167 Lombard Ave. Winnipeg, MB R3B 3H8 Phone: (204) 947-6851 Fax: (204) 947-3306 len at ghy.com http://www.ghy.com From vgill at technologist.com Wed Feb 14 09:56:38 2001 From: vgill at technologist.com (Gill, Vern) Date: Wed, 14 Feb 2001 07:56:38 -0800 Subject: [pptp-server] password expirations Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C84@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Easiest way I can think of to do this would be to use the smbpasswd patch, and have samba expire your p/ws Any other thoughts? -----Original Message----- From: Alaa AlAmood [mailto:aaa at netman.dk] Sent: Wednesday, February 14, 2001 6:44 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] password expirations Hi Is it possible in some how to have password expiration, using pptpd server and windows clients thnaks Alaa _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From khaight at firespout.com Wed Feb 14 10:14:28 2001 From: khaight at firespout.com (Kris Haight) Date: Wed, 14 Feb 2001 11:14:28 -0500 Subject: [pptp-server] More PPP Compiling Errors Message-ID: <37E1E2BB9C28D311AB390008C707D2A60BAD0FBD@nycexis01.mi8.com> Hello- I'm having severe diffulties trying to compile the modules for PPP. I've tried all the patches and all the suggetions given on this mailing list, but none seem to work. I am running RedHat 6.2, with kernel 2.2.17 (was at 2.2.16, but changed thinking it would help). I've tried all the patches and what not and nothing seems to work. Anyone with any ideas or help would be greatly appreciated. Here is what I get when I try to compile the modules: make[2]: Entering directory `/usr/src/linux-2.2.17/drivers/net' cc -D__KERNEL__ -I/usr/src/linux-2.2.17/include -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno- strict-aliasing -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DC PU=686 -DMODULE -DMODVERSIONS -include /usr/src/linux-2.2.17/include/linux/modversions.h -DEXPORT_SYMT AB -c ppp.c ppp.c:174: `PPP_VERSION' undeclared here (not in a function) ppp.c: In function `xmit_trylock': ppp.c:189: structure has no member named `state' ppp.c: In function `xmit_unlock': ppp.c:197: structure has no member named `state' ppp.c: In function `ppp_async_init': ppp.c:356: structure has no member named `state' ppp.c: In function `ppp_tty_open': ppp.c:418: `PPP_MAGIC' undeclared (first use in this function) ppp.c:418: (Each undeclared identifier is reported only once ppp.c:418: for each function it appears in.) ppp.c: In function `ppp_tty_close': ppp.c:463: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_read': ppp.c:511: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_write': ppp.c:600: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_ioctl': ppp.c:659: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_poll': ppp.c:817: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_wakeup': ppp.c:845: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_sync_send': ppp.c:869: `PPP_MAGIC' undeclared (first use in this function) ppp.c:871: structure has no member named `state' ppp.c: In function `ppp_tty_sync_push': ppp.c:922: `PPP_MAGIC' undeclared (first use in this function) ppp.c:924: structure has no member named `state' ppp.c:929: structure has no member named `state' ppp.c:935: structure has no member named `state' ppp.c:935: structure has no member named `state' ppp.c:952: structure has no member named `state' ppp.c:957: structure has no member named `state' ppp.c:960: structure has no member named `state' ppp.c: In function `ppp_async_send': ppp.c:978: `PPP_MAGIC' undeclared (first use in this function) ppp.c:982: structure has no member named `state' ppp.c: In function `ppp_tty_push': ppp.c:1004: `PPP_MAGIC' undeclared (first use in this function) ppp.c:1006: structure has no member named `state' ppp.c:1011: structure has no member named `state' ppp.c:1017: structure has no member named `state' ppp.c:1017: structure has no member named `state' ppp.c:1031: structure has no member named `state' ppp.c:1046: structure has no member named `state' ppp.c:1051: structure has no member named `state' ppp.c: In function `ppp_async_encode': ppp.c:1073: `PPP_MAGIC' undeclared (first use in this function) ppp.c:1156: structure has no member named `state' ppp.c: In function `ppp_tty_flush_output': ppp.c:1178: structure has no member named `state' ppp.c: In function `ppp_tty_receive': ppp.c:1207: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_dev_close': ppp.c:1560: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_dev_ioctl': ppp.c:1594: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_ioctl': ppp.c:1642: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_receive_error': ppp.c:2235: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ip': ppp.c:2266: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ipv6': ppp.c:2279: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ipx': ppp.c:2292: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_at': ppp.c:2305: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_vjc_comp': ppp.c:2320: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_vjc_uncomp': ppp.c:2345: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ccp': ppp.c:2360: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_unknown': ppp.c:2371: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_send_frame': ppp.c:2418: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_output_wakeup': ppp.c:2592: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_send_ctrl': ppp.c:2608: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_alloc': ppp.c:2847: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_release': ppp.c:2933: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `cleanup_module': ppp.c:3140: `PPP_MAGIC' undeclared (first use in this function) make[2]: *** [ppp.o] Error 1 make[2]: Leaving directory `/usr/src/linux-2.2.17/drivers/net' make[1]: *** [_modsubdir_net] Error 2 make[1]: Leaving directory `/usr/src/linux-2.2.17/drivers' make: *** [_mod_drivers] Error 2 Thanks -- Kris From vgill at technologist.com Wed Feb 14 10:27:47 2001 From: vgill at technologist.com (Gill, Vern) Date: Wed, 14 Feb 2001 08:27:47 -0800 Subject: [pptp-server] Windows ME Success? Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C85@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> My ME connected no problem "out of the box" so to speak. No special settings were made on ME. Got it working at no, 40 and 128 bit encryption. No erroneous disconnects, ever... -----Original Message----- From: Leonard L. Goldenstein [mailto:len at ghy.com] Sent: Wednesday, February 14, 2001 7:48 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Windows ME Success? Hi, I haven't seen much mentioned on the list about Windows ME client support? Anyone had any success using Windows ME as a client? I had one user today try to connect to PPTP 1.1.2 from Windows ME. The setup on the client end seemed to be consistent with the Windows 98SE client setup. The user was able to authenticate but the connection was quickly terminate with Windows ME claiming that the server did not support the required encryption protocol. Funny thing is that the server said the user connected at 128bit encryption. Well, all I know is that everything works fine with Windows 98 clients. Anyone got tips for Windows ME clients? Thanks a bunch. ----------------------------------------------------- Leonard L. Goldenstein Information Services Consultant Geo. H. Young & Co. Ltd. 809 - 167 Lombard Ave. Winnipeg, MB R3B 3H8 Phone: (204) 947-6851 Fax: (204) 947-3306 len at ghy.com http://www.ghy.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From kelly.black at testquest.com Wed Feb 14 10:32:10 2001 From: kelly.black at testquest.com (Kelly Black) Date: Wed, 14 Feb 2001 10:32:10 -0600 Subject: [pptp-server] Windows ME Success? In-Reply-To: ; from len@ghy.com on Wed, Feb 14, 2001 at 09:48:11AM -0600 References: <3A8A999E.6020307@netman.dk> Message-ID: <20010214103210.C18419@testquest.com> I have had no problems connecting with my wifes ME install. Worked and connected fine... Kelly Black On Wed, Feb 14, 2001 at 09:48:11AM -0600, Leonard L. Goldenstein wrote: > Hi, > I haven't seen much mentioned on the list about Windows ME client support? > Anyone had any success using Windows ME as a client? > > I had one user today try to connect to PPTP 1.1.2 from Windows ME. The > setup on the client end seemed to be consistent with the Windows 98SE client > setup. The user was able to authenticate but the connection was quickly > terminate with Windows ME claiming that the server did not support the > required encryption protocol. Funny thing is that the server said the user > connected at 128bit encryption. > > Well, all I know is that everything works fine with Windows 98 clients. > Anyone got tips for Windows ME clients? > > Thanks a bunch. > > ----------------------------------------------------- > Leonard L. Goldenstein > Information Services Consultant > > Geo. H. Young & Co. Ltd. > 809 - 167 Lombard Ave. > Winnipeg, MB R3B 3H8 > Phone: (204) 947-6851 > Fax: (204) 947-3306 > > len at ghy.com > http://www.ghy.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From rcd at amherst.com Wed Feb 14 10:53:13 2001 From: rcd at amherst.com (Robert Dege) Date: Wed, 14 Feb 2001 11:53:13 -0500 Subject: [pptp-server] Windows ME Success? References: Message-ID: <3A8AB7F9.56D8B407@comptekamherst.com> I used a WinME machine as a PPTP Client. Had no problems from what I could tell. I was able to telnet, ping, and load web pages. I was also using an ISA (not Winmodem) at 28.8. Perhaps you should check the ISP, or the method of internet access. -Rob > Hi, > I haven't seen much mentioned on the list about Windows ME client support? > Anyone had any success using Windows ME as a client? > > I had one user today try to connect to PPTP 1.1.2 from Windows ME. The > setup on the client end seemed to be consistent with the Windows 98SE client > setup. The user was able to authenticate but the connection was quickly > terminate with Windows ME claiming that the server did not support the > required encryption protocol. Funny thing is that the server said the user > connected at 128bit encryption. > > Well, all I know is that everything works fine with Windows 98 clients. > Anyone got tips for Windows ME clients? > > Thanks a bunch. > > ----------------------------------------------------- > Leonard L. Goldenstein > Information Services Consultant > > Geo. H. Young & Co. Ltd. > 809 - 167 Lombard Ave. > Winnipeg, MB R3B 3H8 > Phone: (204) 947-6851 > Fax: (204) 947-3306 > > len at ghy.com > http://www.ghy.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jdonahue at agiletech.com Wed Feb 14 11:13:19 2001 From: jdonahue at agiletech.com (jdonahue at agiletech.com) Date: Wed, 14 Feb 2001 12:13:19 -0500 Subject: [pptp-server] Error While compiling modules Message-ID: An HTML attachment was scrubbed... URL: From giulioo at pobox.com Wed Feb 14 11:11:45 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Wed, 14 Feb 2001 18:11:45 +0100 Subject: [pptp-server] More PPP Compiling Errors In-Reply-To: <37E1E2BB9C28D311AB390008C707D2A60BAD0FBD@nycexis01.mi8.com> References: <37E1E2BB9C28D311AB390008C707D2A60BAD0FBD@nycexis01.mi8.com> Message-ID: <20010214171711.BA2531637F@i3.golden.dom> On Wed, 14 Feb 2001 11:14:28 -0500, you wrote: >ppp.c:174: `PPP_VERSION' undeclared here (not in a function) >ppp.c: In function `ppp_tty_close': >ppp.c:463: `PPP_MAGIC' undeclared (first use in this function) Usually these errors are solved by applying: http://www.vibrationresearch.com/pptpd/if_ppp_2.2.17.diff which defines PPP_VERSION and PPP_MAGIC -- giulioo at pobox.com From giulioo at pobox.com Wed Feb 14 11:17:35 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Wed, 14 Feb 2001 18:17:35 +0100 Subject: [pptp-server] Error While compiling modules In-Reply-To: References: Message-ID: <20010214172301.3C75315C5C@i3.golden.dom> On Wed, 14 Feb 2001 12:13:19 -0500, you wrote: >make modules SUBDIRS=drivers/net >In file included from /usr/src/linux/include/linux/sched.h:20, > from ppp.c:54: >/usr/src/linux/include/linux/smp.h:77: warning: `smp_num_cpus' redefined >/usr/src/linux/include/linux/modules/i386_ksyms.ver:28: warning: this is the location of the previous definition >/usr/src/linux/include/linux/smp.h:83: warning: `smp_call_function' redefined I don't know why you get the above warnings, maybe some problems with include files and links. >ppp.c:188: warning: static declaration for `ppp_register_compressor_R9682e733' follows non-static >ppp.c:189: warning: static declaration for `ppp_unregister_compressor_Ra1b928df' follows non-static This is normal. >ppp.c:2563: too few arguments to function `kill_fasync_R__ver_kill_fasync' >make[1]: *** [ppp.o] Error 1 >make[1]: Leaving directory `/usr/src/linux-2.2.16/drivers/net' Edit ppp.c, look for the line containing kill_fasync change that line to be kill_fasync (ppp->tty->fasync, SIGIO, POLL_IN); that is, add POLL_IN. -- giulioo at pobox.com From walterm at Gliatech.com Wed Feb 14 11:32:22 2001 From: walterm at Gliatech.com (Michael Walter) Date: Wed, 14 Feb 2001 12:32:22 -0500 Subject: [pptp-server] Windows ME Success? Message-ID: I have run into this issue on win2k before. I haven't dug into why this solution sometimes works, but it has several times. Basically, go into internet explorer, under tools->internet options->security. Set all the zones to their defaults. On WinME it might take a reboot. Thanks, Michael J. Walter rhce mcdba mcse+i a+ Network Administrator Gliatech, Inc. 23420 Commerce Park Rd. Beachwood, Ohio 44122 Tel: (216) 831-3200 Email: walterm at gliatech.com -----Original Message----- From: Leonard L. Goldenstein [mailto:len at ghy.com] Sent: Wednesday, February 14, 2001 10:48 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Windows ME Success? Hi, I haven't seen much mentioned on the list about Windows ME client support? Anyone had any success using Windows ME as a client? I had one user today try to connect to PPTP 1.1.2 from Windows ME. The setup on the client end seemed to be consistent with the Windows 98SE client setup. The user was able to authenticate but the connection was quickly terminate with Windows ME claiming that the server did not support the required encryption protocol. Funny thing is that the server said the user connected at 128bit encryption. Well, all I know is that everything works fine with Windows 98 clients. Anyone got tips for Windows ME clients? Thanks a bunch. ----------------------------------------------------- Leonard L. Goldenstein Information Services Consultant Geo. H. Young & Co. Ltd. 809 - 167 Lombard Ave. Winnipeg, MB R3B 3H8 Phone: (204) 947-6851 Fax: (204) 947-3306 len at ghy.com http://www.ghy.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From khaight at firespout.com Wed Feb 14 12:29:56 2001 From: khaight at firespout.com (Kris Haight) Date: Wed, 14 Feb 2001 13:29:56 -0500 Subject: [pptp-server] More PPP Compiling Errors Message-ID: <37E1E2BB9C28D311AB390008C707D2A60BAD0FC0@nycexis01.mi8.com> I've done that... unless I've installed that patch incorrectly. Tell me how to install it correctly and I will tryt ut Thanks -- kris -----Original Message----- From: Giulio Orsero [mailto:giulioo at pobox.com] Sent: Wednesday, February 14, 2001 12:12 PM To: 'pptp-server at lists.schulte.org' Subject: Re: [pptp-server] More PPP Compiling Errors On Wed, 14 Feb 2001 11:14:28 -0500, you wrote: >ppp.c:174: `PPP_VERSION' undeclared here (not in a function) >ppp.c: In function `ppp_tty_close': >ppp.c:463: `PPP_MAGIC' undeclared (first use in this function) Usually these errors are solved by applying: http://www.vibrationresearch.com/pptpd/if_ppp_2.2.17.diff which defines PPP_VERSION and PPP_MAGIC -- giulioo at pobox.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From clawz at vcn.bc.ca Tue Feb 13 20:52:16 2001 From: clawz at vcn.bc.ca (Clement Law) Date: Wed, 14 Feb 2001 10:52:16 +0800 Subject: [pptp-server] Working under Redhat V7.0 with Kernel V2.2.17-14 Message-ID: <01021410524900.15453@cr132773-d> This is for Redhat V7.0 with Kernel V2.2.17-14 I'm also assuming that you are using a 686 computer, if not, change all 686 to 386. The Kernel updates and other updates can be downloaded from www.redhat.com Needed Files/Packages (* = Must Have!) *cpp-2.96-69.i386.rpm (Updated from www.redhat.com) dev86-0.15.0-5.i386.rpm (Optional, for "make bzImage") *gcc-2.96-69.i386.rpm (Updated from www.redhat.com) *kgcc-1.1.2-40.i386.rpm (Updated from www.redhat.com) *glibc-devel-2.2-12.i386.rpm (Updated from www.redhat.com) ncurses-devel-5.2-2.i386.rpm (Optional, for "make menuconfig") (Updated from www.redhat.com) openssl-devel-0.9.5a-14.i386.rpm (No clue, might not need it) *kernel-headers-2.4.0-0.26.i386.rpm *kernel-source-2.2.17-14.i386.rpm (Updated from www.redhat.com) *binutils-2.10.0.18-1.i386.rpm *make-3.79.1-5.i386.rpm *patch-2.5.4-4.i386.rpm *ppp-2.3.11-7.src.rpm (Has more patches inside) or *ppp-2.3.11.tar.gz *ppp-2.3.11-openssl-0.9.5-mppe.patch.gz *ppp_mppe_compressed_data_fix.diff *if_ppp_2.2.17.diff I used the pptpd-1.0.1-1.i386.rpm, I bet this setup will still work for other pptpd version. -=( For ppp-2.3.11.tar.gz no ppp-2.3.11-7.src.rpm )=- ---------------------START--------------------------- 1) Install all the RPM Packages listed above with the *. 2) Move this following files to /usr/src ppp-2.3.11.tar.gz ppp-2.3.11-openssl-0.9.5-mppe.patch.gz ppp_mppe_compressed_data_fix.diff if_ppp_2.2.17.diff 3) Type this in console or make a batch file cd /usr/src tar xzf ppp-2.3.11.tar.gz cd ppp-2.3.11 patch -p1 < ../ppp-2.3.11-openssl-0.9.5-mppe.patch cd linux patch < ../../ppp_mppe_compressed_data_fix.diff cd .. ./configure make kernel make all make install 4) Load up /usr/src/ppp-2.3.11/pppd/lcp.c (This step is optional, I didn't do it) Goto line 1541 Change: LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd CBCP")); To: LCPDEBUG(("lcp_reqci: rcvd CBCP")); 5) Type this in console cd /usr/src/linux patch -p1 < ../if_ppp_2.2.17.diff cp configs/kernel-2.2.17-i686.config .config make oldconfig make dep clean 6) Load up /usr/src/linux/drivers/net/ppp.c Search for "kill" Change: kill_fasync (ppp->tty->fasync, SIGIO); To: kill_fasync (ppp->tty->fasync, SIGIO, POLL_IN); 7) Load up /usr/src/linux/include/linux/module.h (Just to bypass some error) Goto line 145 Change: extern unsigned long get_module_symbol(char *, char *); To: /* extern unsigned long get_module_symbol(char *, char *); */ 8) Type this in console cd /usr/src/linux make modules SUBDIRS=drivers/net Note: It'll end up with an error, suppose to anyway. cd drivers/net cp bsd_comp.o ppp_deflate.o ppp_mppe.o /lib/modules/2.2.17-14/net 9) Do your little config stuff, pptpd.conf and so on. /etc/modules.conf alias char-major-108 off alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate /etc/pptpd.conf (My setup) debug option /etc/ppp/options.pptp localip 172.16.89.127 remoteip 172.16.89.128 /etc/ppp/options.pptp debug mru 1450 mtu 1450 auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless 10) Pray that you did it right and hopefully it works. =) -----------------------END--------------------------- -=( For ppp-2.3.11-7.src.rpm no ppp-2.3.11.tar.gz )=- ---------------------START--------------------------- 1) Install all the RPM Packages listed above with the * including ppp-2.3.11-7.src.rpm. 2) Move this following files to /usr/src ppp-2.3.11-openssl-0.9.5-mppe.patch.gz ppp_mppe_compressed_data_fix.diff if_ppp_2.2.17.diff 3) Move files from /usr/src/redhat/SOURCES to /usr/src ppp-2.3.11.tar.gz ppp-2.3.11-make.patch ppp-2.3.11-pam_session.patch ppp-2.3.11-reap.patch ppp-2.3.6-sample.patch ppp-2.3.9-wtmp.patch 3) Type this in console or make a batch file cd /usr/src tar xzf ppp-2.3.11.tar.gz cd ppp-2.3.11 patch -p1 < ../ppp-2.3.11-make.patch patch -p1 < ../ppp-2.3.6-sample.patch patch -p1 < ../ppp-2.3.9-wtmp.patch patch -p1 < ../ppp-2.3.11-reap.patch patch -p1 < ../ppp-2.3.11-pam_session.patch patch -p1 < ../ppp-2.3.11-openssl-0.9.5-mppe.patch cd linux patch < ../../ppp_mppe_compressed_data_fix.diff cd .. ./configure make kernel make all make install 4) Load up /usr/src/ppp-2.3.11/pppd/lcp.c (This step is optional, I didn't do it) Goto line 1541 Change: LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd CBCP")); To: LCPDEBUG(("lcp_reqci: rcvd CBCP")); 5) Type this in console cd /usr/src/linux patch -p1 < ../if_ppp_2.2.17.diff cp configs/kernel-2.2.17-i686.config .config make oldconfig make dep clean 6) Load up /usr/src/linux/drivers/net/ppp.c Search for "kill" Change: kill_fasync (ppp->tty->fasync, SIGIO); To: kill_fasync (ppp->tty->fasync, SIGIO, POLL_IN); 7) Load up /usr/src/linux/include/linux/module.h (Just to bypass some error) Goto line 145 Change: extern unsigned long get_module_symbol(char *, char *); To: /* extern unsigned long get_module_symbol(char *, char *); */ 8) Type this in console cd /usr/src/linux make modules SUBDIRS=drivers/net Note: It'll end up with an error, suppose to anyway. cd drivers/net cp bsd_comp.o ppp_deflate.o ppp_mppe.o /lib/modules/2.2.17-14/net 9) Do your little config stuff, pptpd.conf and so on. /etc/modules.conf alias char-major-108 off alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate /etc/pptpd.conf (My setup) debug option /etc/ppp/options.pptp localip 172.16.89.127 remoteip 172.16.89.128 /etc/ppp/options.pptp debug mru 1450 mtu 1450 auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless 10) Pray that you did it right and hopefully it works. =) -----------------------END--------------------------- Special thanks to George Vieira for helping me. I got mine working like this, should work for other RH7 users with Kernel 2.2.17-14. From jdonahue at agiletech.com Wed Feb 14 13:26:40 2001 From: jdonahue at agiletech.com (jdonahue at agiletech.com) Date: Wed, 14 Feb 2001 14:26:40 -0500 Subject: [pptp-server] Error While compiling modules Message-ID: An HTML attachment was scrubbed... URL: From jdonahue at agiletech.com Wed Feb 14 13:32:12 2001 From: jdonahue at agiletech.com (jdonahue at agiletech.com) Date: Wed, 14 Feb 2001 14:32:12 -0500 Subject: [pptp-server] Error While compiling modules Message-ID: An HTML attachment was scrubbed... URL: From nhouben at garagesoftware.nl Wed Feb 14 15:47:06 2001 From: nhouben at garagesoftware.nl (Nico Houben) Date: Wed, 14 Feb 2001 22:47:06 +0100 Subject: [pptp-server] pptp-server + WIN2K behind IP_MASQ_PPTP Message-ID: <002301c096cf$acfecbb0$6564a8c0@nico> Hello everybody, I've got two servers 1 somewhere on the internet using pptp-server and 1 somewhere using IP_MASQ for my windows machines (the VPN patch is applied). I've got a problem connecting using WIN2K behind a linux-masq server with the IP_MASQ_PPTP module ! Win 98 works fine ! When I connect using WIN2K I receive an 734 error or an 778 error I really don't know what to do... I tried everything I found in the documentation .... Does anybody know this error or can give me some input ? Thanx Nico Houben -------------- next part -------------- An HTML attachment was scrubbed... URL: From sdetree at yahoo.fr Wed Feb 14 17:31:07 2001 From: sdetree at yahoo.fr (=?iso-8859-1?q?detree=20samuel?=) Date: Thu, 15 Feb 2001 00:31:07 +0100 (CET) Subject: [pptp-server] Connect linux pptp client to nt pptp server Message-ID: <20010214233107.73187.qmail@web10305.mail.yahoo.com> Hi, I am trying to establish a pptp connection between my linux station and a Win-NT server, The Windows NT server is SP-6 , and works fine with another Windows systems client, What I have : RedHat 7.0 (2.2.16) PPTP-linux v1.0.2 PPP v2.3.11 I have 2 problems : - When I start the client processus, the connection is being made during 1 minute only ! In fact, ifconfig shows the link to be up, and after a little time, the connection down! In the log file, I can see a good established connection, then a succed authentification, then a started script, and after a while the connection down at this stage! - the IP address of the server (NT) is correct, but not that on the client WAN adapter! The system takes the IP address of the adpater on the network and not the IP address of the VPN. Where I must specify and force the IP address of the client (which file?)? This seems similar to problems others have been reporting to this mailing list, but I never saw any resolution. Has anyone gotten this to work? Samuel ___________________________________________________________ Do You Yahoo!? -- Pour dialoguer en direct avec vos amis, Yahoo! Messenger : http://fr.messenger.yahoo.com From yag at tonesoft.com Wed Feb 14 17:53:10 2001 From: yag at tonesoft.com (Yegor Gorshkov) Date: Wed, 14 Feb 2001 15:53:10 -0800 Subject: [pptp-server] select() error under Solaris? Message-ID: <3A8B1A66.1090400@tonesoft.com> Do anyone have a solution yet? Thank you Y From detree at esigetel.fr Wed Feb 14 17:12:41 2001 From: detree at esigetel.fr (Samuel DETREE) Date: Thu, 15 Feb 2001 00:12:41 +0100 Subject: [pptp-server] Connect linux pptp client to nt pptp server Message-ID: <002001c096e2$a8e61480$67b03ed4@oemcomputer> Hi, I am trying to establish a pptp connection between my linux station and a Win-NT server, The Windows NT server is SP-6 , and works fine with another Windows systems client, What I have : RedHat 7.0 (2.2.16) PPTP-linux v1.0.2 PPP v2.3.11 I have 2 problems : - When I start the client processus, the connection is being made during 1 minute only ! In fact, ifconfig shows the link to be up, and after a little time, the connection down! In the log file, I can see a good established connection, then a succed authentification, then a started script, and after a while the connection down at this stage! - the IP address of the server (NT) is correct, but not that on the client WAN adapter! The system takes the IP address of the adpater on the network and not the IP address of the VPN. Where I must specify and force the IP address of the client (which file?)? This seems similar to problems others have been reporting to this mailing list, but I never saw any resolution. Has anyone gotten this to work? Samuel -------------- next part -------------- An HTML attachment was scrubbed... URL: From taso at esands.com Wed Feb 14 19:06:07 2001 From: taso at esands.com (Taso Hatzi) Date: Thu, 15 Feb 2001 12:06:07 +1100 Subject: [pptp-server] unsubscribe pptp-server taso@esands.com Message-ID: <3A8B2B7F.ED9F3208@esands.com> unsubscribe pptp-server taso at esands.com From msuencks at marcant.de Wed Feb 14 21:49:08 2001 From: msuencks at marcant.de (Matthias Suencksen) Date: Thu, 15 Feb 2001 04:49:08 +0100 Subject: [pptp-server] connection dropping after 20-30 minutes - buggy windows client ? [patch] Message-ID: Hello. After some extensive debugging I have found the reason for problems with clients going away after some time. It seems that at least windows98 and windows98se mess up the GRE packet header with some packets they send. "Some" packets means for example after sending 10,000 to 20,000 packets of valid data. Or maybe a router along the way corrupts the data - which sounds less probable to me. The corruption that occurs looks like there are 16 bits of data inserted in various places. The wrong data consists of bytes like "0000", "005e" or "00bd". [ According to MSDN, 0x00bd is a Win32 API error: ERROR_INVALID_STACKSEG :-) .. just speculating .. ] After removing these two bytes the offending GRE frames look valid but through this insertion other data in the header is moved to different (wrong) places. Nameley the ACK and GRE sequence number and the MPPE coherence-count can get corrupted. I've made two patches - one against 1.0.1 ( to rule out problems which may have been introduced in 1.1.2 ) and one against the MPPE module. You find them here: http://www.marcant.net/users/ms/pptp.html They add a layer of robustness especially to the MPPE module. At least our problems where fixed with them .. -- Matthias Suencksen -- Out-of-order Execution (Feature von modernen Microprozessoren) From rtlinux at lycos.co.kr Wed Feb 14 21:51:35 2001 From: rtlinux at lycos.co.kr (ÃÖ´ë¼ö) Date: Thu, 15 Feb 2001 12:51:35 +0900 (KST) Subject: [pptp-server] MS clients cannot connect to PoPToP through ISP, because of filtered GRE packet Message-ID: <200102150351.VAA77519@poontang.schulte.org> Hi I am appreciated NewGroup members' help. Thanks to members faver. I find out that ISP filters pptp packets (protocol# 47 GRE) pass from remote user(MS clients) to PoPToP Server. > I have a pptp-server running that has no problems with MS windows clients over local LAN connecting, > but when my MS windows client attempts to connect to pptp-server through dialing-up isp. > > MS pptp client <------------local lan---------------> Linux PoPToP server (connection OK) > (problem) MS pptt client <---dialing---> (through)ISP <------------internet------------> Linux PoPToP server ( connected (like below message)but disconnected immediately) (casue) filterd protocol #47(pptp packet) Our ISP(located in SOUTH KOREA) filters GRE packets. I would like to know how GRE packets can pass through ISP. and...also Do you know that other country ISPs filter out GRE packets (except tcp/udp/icmp/...) Any help appreciated. ------------------------------------------------------------------------- Just for You - ???? ???? ?? ? ???? ?? ??? / ?? ???? ??? / ? ??? ???? Lycos Korea Inc. http://www.lycos.co.kr ------------------------------------------------------------------------- From dschoi at superstar.co.kr Wed Feb 14 21:55:09 2001 From: dschoi at superstar.co.kr (DaeSooChoi) Date: Thu, 15 Feb 2001 12:55:09 +0900 Subject: [pptp-server] MS clients cannot connect to PoPToP through ISP, because of filtered GRE packet Message-ID: Hi I am appreciated NewGroup members' help. Thanks to members faver. I find out that ISP filters pptp packets (protocol# 47 GRE) pass from remote user(MS clients) to PoPToP Server. > I have a pptp-server running that has no problems with MS windows clients over local LAN connecting, > but when my MS windows client attempts to connect to pptp-server through dialing-up isp. > > MS pptp client <------------local lan---------------> Linux PoPToP server (connection OK) > (problem) MS pptt client <---dialing---> (through)ISP <------------internet------------> Linux PoPToP server ( connected (like below message)but disconnected immediately) (casue) filterd protocol #47(pptp packet) Our ISP(located in SOUTH KOREA) filters GRE packets. I would like to know how GRE packets can pass through ISP. and...also Do you know that other country ISPs filter out GRE packets (except tcp/udp/icmp/...) Any help appreciated. From scott.venier at compaq.com Wed Feb 14 22:51:12 2001 From: scott.venier at compaq.com (Scott Venier) Date: Wed, 14 Feb 2001 23:51:12 -0500 (EST) Subject: [pptp-server] Connect linux pptp client to nt pptp server In-Reply-To: <20010214233107.73187.qmail@web10305.mail.yahoo.com> Message-ID: I'd suggest trying the client and configuration scripts at http://www.scooter.cx/alpha/pptp.html (the configuration script is part of the pptp-linux package. I and many other people use the packages there on a daily basis. I'm writing this mail over a tunnel from that package right now, in fact. Scott On Wed, 14 Feb 2001, detree samuel wrote: > Hi, > > I am trying to establish a pptp connection between my > linux station and a Win-NT server, > > The Windows NT server is SP-6 , and works fine with > another Windows systems client, > > What I have : > RedHat 7.0 (2.2.16) > PPTP-linux v1.0.2 > PPP v2.3.11 > > > I have 2 problems : > > - When I start the client processus, the connection > is being made during 1 minute only ! > In fact, ifconfig shows the link to be up, and > after a little time, the connection down! > In the log file, I can see a good established > connection, then a succed authentification, then a > started script, and after a while the > connection down at this stage! > > - the IP address of the server (NT) is correct, but > not that on the client WAN adapter! > The system takes the IP address of the adpater > on the network and not the IP address of the VPN. > Where I must specify and force the IP address > of the client (which file?)? > > > This seems similar to problems others have been > reporting to this mailing list, but I never saw any > resolution. > Has anyone gotten this to work? > > Samuel > > ___________________________________________________________ > Do You Yahoo!? -- Pour dialoguer en direct avec vos amis, > Yahoo! Messenger : http://fr.messenger.yahoo.com > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From hjw at superstar.co.kr Wed Feb 14 21:39:01 2001 From: hjw at superstar.co.kr (=?ks_c_5601-1987?B?x8/BpL/s?=) Date: Thu, 15 Feb 2001 12:39:01 +0900 Subject: [pptp-server] can't connection pptp server !!! Message-ID: <000701c09711$3b9da800$2e3befcb@superstar.co.kr> hi !!! pptp client : windows 98 pptp server : linux kerner version 2.2.14 test bed pptp Client : win98 pptpserver Linux 203.239.59.212 ------- eth0 203.23.59.210 eth1 203.239.59.96/27 RedHat-PoPToP HOWTO I don't know that , so i did not - 9. Edit /etc/inittab and comment out the reference to pptpd. We will use the pptpd daemon. [init Q] # rereads /etc/inittab - 4.2 Adding fixed IP addresses based on userid - 4.3 Adding packet reordering pptp server is - #ipchains -L Chain input(polocy ACCEPT): Chain forward(polocy ACCEPT): Chain output(polocy ACCEPT): - echo 1 > /proc/sys/net/ipv4/ip_forward pptp Client - perfect setting Q1. Why??? pptp Client ------->direct<------- pptp server : succeed but pptp Client ---modem--->IPS----->pptp server : Failed Client side errors Error 629: You have disconnected from the computer you dialed..... Error 650: The Remote Access server is not responding. - run the pptpd daemon [pptpd -d] ==> Is's OK!!! - /etc/services ==>pptp 1723/tcp pptp - /etc/protocols ==> pptp 47 pptp - /etc/inetd.conf ==> pptpcrl stream tcp nowait root /usr/sbin/tcp /ur/local/sbin/pptpctrl 1 1 1 1 1 1 pptpctrl what's the matter ?.?; Q2. what's mean /etc/pptpd.conf localip, remoteip ==> what's mean?? how that setting ?? thank so much!! *^^* have a nice day!!! -------------- next part -------------- An HTML attachment was scrubbed... URL: From awdavis at qicserv.net Thu Feb 15 01:01:41 2001 From: awdavis at qicserv.net (Andrew W. Davis) Date: Thu, 15 Feb 2001 01:01:41 -0600 Subject: [pptp-server] I've tried EVERYTHING --> error listing Message-ID: <3A8B7ED4.16561D97@qicserv.net> ok...here is the errors I get when trying to compile the ppp module under the 2.2.17 kernel with 2.4 headers: ppp.c:188: warning: static declaration for `ppp_register_compressor' follows non-static ppp.c:189: warning: static declaration for `ppp_unregister_compressor' follows non-static ppp.c: In function `ppp_async_init': ppp.c:443: structure has no member named `tty_pushing' ppp.c: In function `ppp_tty_sync_push': ppp.c:1062: structure has no member named `tty_pushing' ppp.c:1065: structure has no member named `woke_up' ppp.c:1069: structure has no member named `tty_pushing' ppp.c:1076: structure has no member named `woke_up' ppp.c:1092: structure has no member named `woke_up' ppp.c:1099: structure has no member named `tty_pushing' ppp.c:1109: structure has no member named `tty_pushing' ppp.c: In function `ppp_tty_push': ppp.c:1150: structure has no member named `tty_pushing' ppp.c:1151: structure has no member named `woke_up' ppp.c:1157: structure has no member named `tty_pushing' ppp.c:1159: structure has no member named `woke_up' ppp.c:1170: structure has no member named `tty_pushing' ppp.c:1172: structure has no member named `woke_up' ppp.c:1180: structure has no member named `tty_pushing' ppp.c:1185: structure has no member named `tty_pushing' ppp.c:1195: structure has no member named `tty_pushing' ppp.c: In function `ppp_tty_flush_output': ppp.c:1320: structure has no member named `tty_pushing' ppp.c:1329: structure has no member named `tty_pushing' {standard input}: Assembler messages: {standard input}:9: Warning: Ignoring changed section attributes for .modinfo ppp.c: In function `rcv_proto_unknown': ppp.c:2563: too few arguments to function `kill_fasync' make[1]: *** [ppp.o] Error 1 make[1]: Leaving directory `/usr/src/linux-2.2.17/drivers/net' make: *** [_mod_drivers/net] Error 2 Hope this helps somebody help me with my problem. I'm using the RPM of 2.2.17, but I've also tried the clean source wth the same results. Thanks in advance for the help, Andrew From giulioo at pobox.com Wed Feb 14 14:01:28 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Wed, 14 Feb 2001 21:01:28 +0100 Subject: [pptp-server] Error While compiling modules In-Reply-To: References: Message-ID: <20010214200354.1E50515C5C@i3.golden.dom> On Wed, 14 Feb 2001 14:32:12 -0500, you wrote: >My mistake, the following is not a ppp.c error...not sure what it is...is z85230.c needed for poptop? No, just disable that feature: CONFIG_HOSTESS_SV11 This is a network card for low speed synchronous serial links, at up to 256Kbps. It supports both PPP and Cisco HDLC. At this point, the driver can only be compiled as a module. -- giulioo at pobox.com From aaa at netman.dk Thu Feb 15 02:51:44 2001 From: aaa at netman.dk (Alaa AlAmood) Date: Thu, 15 Feb 2001 09:51:44 +0100 Subject: [pptp-server] password expirations References: <8D043DEA73DFD411958A00A0C90AB7607C84@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Message-ID: <3A8B98A0.2000209@netman.dk> Hi Could you tail me in more detail, how can I do that Thanks Alaa Gill, Vern wrote: > Easiest way I can think of to do this would be to use the smbpasswd > patch, and have samba expire your p/ws > > Any other thoughts? > > -----Original Message----- > From: Alaa AlAmood [mailto:aaa at netman.dk] > Sent: Wednesday, February 14, 2001 6:44 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] password expirations > > > Hi > Is it possible in some how to have password expiration, using pptpd > server and windows clients > > thnaks > Alaa > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > > From clawz at vcn.bc.ca Wed Feb 14 11:14:44 2001 From: clawz at vcn.bc.ca (Clement Law) Date: Thu, 15 Feb 2001 01:14:44 +0800 Subject: [pptp-server] Compiling of PPP-2.3.11 Message-ID: <01021501182200.02691@cr132773-d> I installed all the patches and so on, and I get the following errors/warnings. gcc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE -I../include -DDEBUGALL -DCHAPMS=1 -DUSE_CRYPT= 1 -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DUSE_PAM -DPLUGIN -c -o md5.o md5.c md5.c: In function `MD5Final': md5.c:197: warning: implicit declaration of function `memcpy' gcc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE -I../include -DDEBUGALL -DCHAPMS=1 -DUSE_CRYPT=1 -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DUSE_PAM -DPLUGIN -c -o sha1dgst.o sha1dgst.c sha1dgst.c: In function `GetNewKeyFromSHA': sha1dgst.c:419: warning: implicit declaration of function `memcpy' gcc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE -I../include -DDEBUGALL -DCHAPMS=1 -DUSE_CRYPT=1 -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DUSE_PAM -DPLUGIN -c -o extra_crypto.o extra_crypto.c extra_crypto.c: In function `DesEncrypt': extra_crypto.c:141: warning: implicit declaration of function `setkey' extra_crypto.c:144: warning: implicit declaration of function `encrypt' gcc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE -I../include -DDEBUGALL -DCHAPMS=1 -DUSE_CRYPT=1 -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DUSE_PAM -DPLUGIN -c -o chap_ms.o chap_ms.c chap_ms.c: In function `ChapMS_v2_Auth': chap_ms.c:328: warning: implicit declaration of function `stpcpy' chap_ms.c:328: warning: assignment makes pointer from integer without a cast All these implicit declaration of function warnings, are they normal? From Daniel.Brorsson at era.ericsson.se Thu Feb 15 05:52:51 2001 From: Daniel.Brorsson at era.ericsson.se (Daniel Brorsson (ERA)) Date: Thu, 15 Feb 2001 12:52:51 +0100 Subject: [pptp-server] dialup over ethernetcard Message-ID: Hello I have a small problem here. I have one laptop with win98se with vpn support installed with a pcmcia ethernet card and one linux server with pptp 1.01 installed. How do i get the laptop to use the vpn connection. If i start a browser or dial up with the vpn connection there is an accurat handshake an connection is establised... but then ? no more packets are sent with the vpn connection, but my browser still works I?ll guess it?s using the ethernetcard directly outside the vpn. Is it me that a complete fool ? how do i get the laptop to communicate over the vpn connection and then over my ethernet card. // Daniel From giulioo at pobox.com Thu Feb 15 05:53:41 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Thu, 15 Feb 2001 12:53:41 +0100 Subject: [pptp-server] I've tried EVERYTHING --> error listing In-Reply-To: <3A8B7ED4.16561D97@qicserv.net> References: <3A8B7ED4.16561D97@qicserv.net> Message-ID: <20010215115911.0EE3815C5C@i3.golden.dom> On Thu, 15 Feb 2001 01:01:41 -0600, you wrote: >ok...here is the errors I get when trying to compile the ppp module >under the 2.2.17 kernel with 2.4 headers: You should compile kernel modules with the appropriate kernel headers. kernel headers-2.4 in rh7 are meant for compiling applications. >ppp.c:1062: structure has no member named `tty_pushing' >ppp.c:1065: structure has no member named `woke_up' See http://www.vibrationresearch.com/pptpd/example.html in particular http://www.vibrationresearch.com/pptpd/if_ppp_2.2.17.diff >{standard input}:9: Warning: Ignoring changed section attributes for >.modinfo >ppp.c: In function `rcv_proto_unknown': >ppp.c:2563: too few arguments to function `kill_fasync' >make[1]: *** [ppp.o] Error 1 You didn't read yesterday's emails about similar problems http://lists.schulte.org/pipermail/pptp-server/2001-February/004594.html -- giulioo at pobox.com From detree at esigetel.fr Thu Feb 15 09:12:32 2001 From: detree at esigetel.fr (samuel DETREE) Date: Thu, 15 Feb 2001 16:12:32 +0100 Subject: [pptp-server] Connect linux pptp client to nt pptp server References: Message-ID: <3A8BF1E0.A3F757AE@esigetel.fr> ok, it's better now with this script, The connection in now up, but without authentification! If find to resovle this, but I fail. My configuration: NT server Linux client x.y.4.11 ----------------------------- x.y.4.12 name : eillel domain:CHANTEURS USER accepted:VPN I added "auth" in the /etc/ppp/options" file, and the file /etc/ppp/chap-secret" is similar to: Client Server Secret IP Address CHANTEURS\\VPN eiffel vpn eiffel CHANTEURS\\VPN vpn Could someone help me ? samuel Scott Venier wrote: > I'd suggest trying the client and configuration scripts at > http://www.scooter.cx/alpha/pptp.html (the configuration script is > part of the pptp-linux package. I and many other people use the packages > there on a daily basis. I'm writing this mail over a tunnel from that > package right now, in fact. > > Scott > > On Wed, 14 Feb 2001, detree samuel wrote: > > > Hi, > > > > I am trying to establish a pptp connection between my > > linux station and a Win-NT server, > > > > The Windows NT server is SP-6 , and works fine with > > another Windows systems client, > > > > What I have : > > RedHat 7.0 (2.2.16) > > PPTP-linux v1.0.2 > > PPP v2.3.11 > > > > > > I have 2 problems : > > > > - When I start the client processus, the connection > > is being made during 1 minute only ! > > In fact, ifconfig shows the link to be up, and > > after a little time, the connection down! > > In the log file, I can see a good established > > connection, then a succed authentification, then a > > started script, and after a while the > > connection down at this stage! > > > > - the IP address of the server (NT) is correct, but > > not that on the client WAN adapter! > > The system takes the IP address of the adpater > > on the network and not the IP address of the VPN. > > Where I must specify and force the IP address > > of the client (which file?)? > > > > > > This seems similar to problems others have been > > reporting to this mailing list, but I never saw any > > resolution. > > Has anyone gotten this to work? > > > > Samuel > > > > ___________________________________________________________ > > Do You Yahoo!? -- Pour dialoguer en direct avec vos amis, > > Yahoo! Messenger : http://fr.messenger.yahoo.com > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From vgill at technologist.com Thu Feb 15 09:45:04 2001 From: vgill at technologist.com (Gill, Vern) Date: Thu, 15 Feb 2001 07:45:04 -0800 Subject: [pptp-server] password expirations Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C98@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> You would need to set up samba, and have that perform the password expiry functionality. You should take a look at www.samba.org, or www.samba-tng.org. Then, apply the patch that allows pptp, or more specifically pppd to use samba password database for chap logins. I will not go into detail about how to setup samba, nor will I tell you where to get the patch that will allow pppd to use smbpasswd for chap logins. I do not know what your configuration is, and therefore I could not hope to guess what patches you would need. I do not take responsibility for anything you do with this information. If you are using ppp-2.4.0, you can use the following; http://linus.yi.org/smbpw-mppe-stripdom-requiremppe.diff.bz2 I didn't write any of this stuff, I only combined them into a single diff. This patch combines the following functions; mppe for ppp use smb passwd file strip ms domain require mppe require mppe-stateless To use this patch, you need the following; /etc/modules.conf alias ppp-compress-18 ppp_mppe /etc/ppp/chap-secrets * * &/home/samba/smbpasswd * /etc/ppp/options.pptpd chapms-strip-domain require-mppe require-mppe-stateless This should be applied to a pristine ppp-2.4.0 source tree. The top of the patch has the instructions for applying... Again, I did NOT create these patches, I only combined them into one. Enjoy... From aaa at netman.dk Thu Feb 15 10:08:21 2001 From: aaa at netman.dk (Alaa AlAmood) Date: Thu, 15 Feb 2001 17:08:21 +0100 Subject: [pptp-server] password expirations References: <8D043DEA73DFD411958A00A0C90AB7607C98@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Message-ID: <3A8BFEF4.AF289B93@netman.dk> I using ppp-2.3.11 and I have samba installed, I have done the installation of pptp and I applyed all the nessesory paches, I have used smbpasswd as the following /etc/ppp/chap-secrets * * &/home/samba/smbpasswd * it seems that every thinks work very well, but I don't no how to let samba expiring the password, I have looked around to find some thinks to help me to solve this problem without any seccus I tried to look at www.samba.org I could not found the procedure to let samba to expireing the password, do you have that procedure(how to expire users password), I appreciate you help thanks Alaa "Gill, Vern" wrote: > You would need to set up samba, and have that perform the password > expiry functionality. You should take a look at www.samba.org, or > www.samba-tng.org. > Then, apply the patch that allows pptp, or more specifically pppd to use > samba password database for chap logins. I will not go into detail about > how to setup samba, nor will I tell you where to get the patch that will > allow pppd to use smbpasswd for chap logins. I do not know what your > configuration is, and therefore I could not hope to guess what patches > you would need. I do not take responsibility for anything you do with > this information. > > If you are using ppp-2.4.0, you can use the following; > > http://linus.yi.org/smbpw-mppe-stripdom-requiremppe.diff.bz2 > > I didn't write any of this stuff, I only combined them into a single > diff. > > This patch combines the following functions; > mppe for ppp > use smb passwd file > strip ms domain > require mppe > require mppe-stateless > > To use this patch, you need the following; > /etc/modules.conf > alias ppp-compress-18 ppp_mppe > > /etc/ppp/chap-secrets > * * &/home/samba/smbpasswd * > > /etc/ppp/options.pptpd > chapms-strip-domain > require-mppe > require-mppe-stateless > > This should be applied to a pristine ppp-2.4.0 source tree. The top of > the patch has the instructions for applying... > > Again, I did NOT create these patches, I only combined them into one. > > Enjoy... From jdonahue at agiletech.com Thu Feb 15 10:50:25 2001 From: jdonahue at agiletech.com (jdonahue at agiletech.com) Date: Thu, 15 Feb 2001 11:50:25 -0500 Subject: [pptp-server] Now I'm Really confused! Message-ID: I followed all the steps in the mail titled "Working under Redhat V7.0 with Kernel V2.2.17-14" and got all the way through, only error was when compiling modules...but that was expected. Now I launch "pptpd -d" no prob....I insmod ppp_mppe...that works... But when I "require Encryption" and try to connect it errors out, and at the server console I get "unrecognized option +mschap" if I remove that, it says unrecognized option for +mschap-v2, then for mppe-40, and so on...and is I don't have those lines, then the client side says "server does not support encryption" What did I do wrong? From clawz at vcn.bc.ca Wed Feb 14 19:20:20 2001 From: clawz at vcn.bc.ca (Clement Law) Date: Thu, 15 Feb 2001 09:20:20 +0800 Subject: [pptp-server] Now I'm Really confused! In-Reply-To: References: Message-ID: <01021509211400.04263@cr132773-d> That would only mean that you didn't compile your PPP make all make install in ur ppp-2.3.11 directory On Fri, 16 Feb 2001, you wrote: > I followed all the steps in the mail titled "Working under Redhat V7.0 with > Kernel V2.2.17-14" > > and got all the way through, only error was when compiling modules...but > that was expected. > > Now I launch "pptpd -d" no prob....I insmod ppp_mppe...that works... > > But when I "require Encryption" and try to connect it errors out, and at > the server console I get "unrecognized option +mschap" if I remove that, it > says unrecognized option for +mschap-v2, then for mppe-40, and so on...and > is I don't have those lines, then the client side says "server does not > support encryption" > > What did I do wrong? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From giulioo at pobox.com Thu Feb 15 11:20:13 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Thu, 15 Feb 2001 18:20:13 +0100 Subject: [pptp-server] Now I'm Really confused! In-Reply-To: References: Message-ID: <20010215172541.D288F15C5C@i3.golden.dom> On Thu, 15 Feb 2001 11:50:25 -0500, you wrote: >says unrecognized option for +mschap-v2, then for mppe-40, and so on...and Try with +chapms-v2 instead of +mschap-v2 For mppe-40 to work you need a pppd patched with the encryption patch (openssl) and then installed in place of the old one. -- giulioo at pobox.com From jdonahue at agiletech.com Thu Feb 15 12:11:55 2001 From: jdonahue at agiletech.com (jdonahue at agiletech.com) Date: Thu, 15 Feb 2001 13:11:55 -0500 Subject: [pptp-server] Now I'm Really confused! Message-ID: An HTML attachment was scrubbed... URL: From jdonahue at agiletech.com Thu Feb 15 12:48:25 2001 From: jdonahue at agiletech.com (jdonahue at agiletech.com) Date: Thu, 15 Feb 2001 13:48:25 -0500 Subject: [pptp-server] Now I'm Really confused! Message-ID: An HTML attachment was scrubbed... URL: From giulioo at pobox.com Thu Feb 15 13:06:30 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Thu, 15 Feb 2001 20:06:30 +0100 Subject: [pptp-server] Now I'm Really confused! In-Reply-To: References: Message-ID: <20010215190858.77595163A2@i3.golden.dom> On Thu, 15 Feb 2001 13:48:25 -0500, you wrote: Please don't post html. >Feb 15 12:40:19 SSTVPN1 pppd[892]: No CHAP secret found for authenticating sstcorp1\\donahuej >Feb 15 12:40:19 SSTVPN1 pppd[892]: MSCHAP-v2 peer authentication failed for remote host sstcorp1\\donahuej >Feb 15 12:40:19 SSTVPN1 pppd[892]: Connection terminated. >Feb 15 12:40:19 SSTVPN1 pppd[892]: Exit. >Feb 15 12:40:19 SSTVPN1 pptpd[891]: GRE: read(fd=5,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output error >Feb 15 12:40:19 SSTVPN1 pptpd[891]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) >Feb 15 12:40:19 SSTVPN1 pptpd[891]: CTRL: Client 192.168.1.35 control connection finished >my chap-secrets looks like this: ># Secrets for authentication using CHAP ># client server secret IP addresses >testuser * testing * >and i used testuser/testing as my username/password on a win98 MS VPN connection....I'm almost there what am I missing??? Either you used donahuej as the username or the log you show is not related to yout login (but to someone else). However, note that unless you use the following patch http://themm.net/strip-MSdomain-patch.diff you need to use \\YOUR_WORKGROUP\your_username * password in chap-secrets (you have to match what you see in the log) -- giulioo at pobox.com From vu at sivell.com Thu Feb 15 13:16:17 2001 From: vu at sivell.com (Vu Pham) Date: Thu, 15 Feb 2001 13:16:17 -0600 Subject: [pptp-server] Now I'm Really confused! References: Message-ID: <005401c09783$c5adde30$0afda8c0@sivell.com> ----- Original Message ----- From: To: Sent: Thursday, February 15, 2001 10:50 AM Subject: [pptp-server] Now I'm Really confused! > I followed all the steps in the mail titled "Working under Redhat V7.0 with > Kernel V2.2.17-14" > > and got all the way through, only error was when compiling modules...but > that was expected. > > Now I launch "pptpd -d" no prob....I insmod ppp_mppe...that works... > > But when I "require Encryption" and try to connect it errors out, and at > the server console I get "unrecognized option +mschap" if I remove that, it > says unrecognized option for +mschap-v2, then for mppe-40, and so on...and > is I don't have those lines, then the client side says "server does not > support encryption" > > What did I do wrong? I am using kernel 2.4.1, ppp2.4.0b4. I did get that error before. I think I did something wrong, but I didn't know where, but my pppd does not understand those options. I even used strings to find inside pppd, and my pppd binary did not contains mppe-40, mppe-128 .... So I changed the Makefile in the pppd directory, commented out the two lines ifdef MPPE and endif , so that the line CFLAGS += -DMPPE=1 becomes active, and recompiled again. This time my pppd binary did understand those options. Vu From jdonahue at agiletech.com Thu Feb 15 14:03:21 2001 From: jdonahue at agiletech.com (jdonahue at agiletech.com) Date: Thu, 15 Feb 2001 15:03:21 -0500 Subject: [pptp-server] Now I'm Really confused! Message-ID: Actually I got it working (figured out the workgroup thing) but I didn't know there was a patch to get rid of that...THANK YOU EVERYBODY...I have encryption now!!! The next test is, can I do it again? :) Again, thank you everyone who helped.... Giulio Orsero To: pptp-server at lists.schulte.org Sent by: cc: pptp-server-admin at lists.s Subject: Re: [pptp-server] Now I'm Really confused! chulte.org 02/15/01 02:06 PM On Thu, 15 Feb 2001 13:48:25 -0500, you wrote: Please don't post html. >Feb 15 12:40:19 SSTVPN1 pppd[892]: No CHAP secret found for authenticating sstcorp1\\donahuej >Feb 15 12:40:19 SSTVPN1 pppd[892]: MSCHAP-v2 peer authentication failed for remote host sstcorp1\\donahuej >Feb 15 12:40:19 SSTVPN1 pppd[892]: Connection terminated. >Feb 15 12:40:19 SSTVPN1 pppd[892]: Exit. >Feb 15 12:40:19 SSTVPN1 pptpd[891]: GRE: read(fd=5,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output error >Feb 15 12:40:19 SSTVPN1 pptpd[891]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) >Feb 15 12:40:19 SSTVPN1 pptpd[891]: CTRL: Client 192.168.1.35 control connection finished >my chap-secrets looks like this: ># Secrets for authentication using CHAP ># client server secret IP addresses >testuser * testing * >and i used testuser/testing as my username/password on a win98 MS VPN connection....I'm almost there what am I missing??? Either you used donahuej as the username or the log you show is not related to yout login (but to someone else). However, note that unless you use the following patch http://themm.net/strip-MSdomain-patch.diff you need to use \\YOUR_WORKGROUP\your_username * password in chap-secrets (you have to match what you see in the log) -- giulioo at pobox.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From vgill at technologist.com Thu Feb 15 14:10:52 2001 From: vgill at technologist.com (Gill, Vern) Date: Thu, 15 Feb 2001 12:10:52 -0800 Subject: [pptp-server] Now I'm Really confused! Message-ID: <8D043DEA73DFD411958A00A0C90AB7607CA0@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> For anyone using ppp-2.4.x, you can use this patch; http://linus.yi.org/linux/smbpw-mppe-stripdom-requiremppe.diff.bz2 -----Original Message----- From: Vu Pham [mailto:vu at sivell.com] Sent: Thursday, February 15, 2001 11:16 AM To: jdonahue at agiletech.com; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Now I'm Really confused! ----- Original Message ----- From: To: Sent: Thursday, February 15, 2001 10:50 AM Subject: [pptp-server] Now I'm Really confused! > I followed all the steps in the mail titled "Working under Redhat V7.0 with > Kernel V2.2.17-14" > > and got all the way through, only error was when compiling modules...but > that was expected. > > Now I launch "pptpd -d" no prob....I insmod ppp_mppe...that works... > > But when I "require Encryption" and try to connect it errors out, and at > the server console I get "unrecognized option +mschap" if I remove that, it > says unrecognized option for +mschap-v2, then for mppe-40, and so on...and > is I don't have those lines, then the client side says "server does not > support encryption" > > What did I do wrong? I am using kernel 2.4.1, ppp2.4.0b4. I did get that error before. I think I did something wrong, but I didn't know where, but my pppd does not understand those options. I even used strings to find inside pppd, and my pppd binary did not contains mppe-40, mppe-128 .... So I changed the Makefile in the pppd directory, commented out the two lines ifdef MPPE and endif , so that the line CFLAGS += -DMPPE=1 becomes active, and recompiled again. This time my pppd binary did understand those options. Vu _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From clawz at vcn.bc.ca Wed Feb 14 23:02:04 2001 From: clawz at vcn.bc.ca (Clement Law) Date: Thu, 15 Feb 2001 13:02:04 +0800 Subject: [pptp-server] Help on Win98SE with 128-bit Encryption Message-ID: <01021513130400.02642@cr132773-d> My 40-bit encryption works, just that when I install the patch, it messes up everything. Everything works fine when I'm using 40-bit, can share files and use the net and so on. Please help. Thanx This is what I get in /var/log/message when I didn't install that msdun128.exe thing Feb 15 12:30:33 cr132773-d pptpd[1089]: MGR: No free connection slots or IPs - no more clients can connect! Feb 15 12:30:33 cr132773-d pptpd[1603]: CTRL: Client xx.xxx.xxx.xx control connection started Feb 15 12:30:33 cr132773-d pptpd[1603]: CTRL: Starting call (launching pppd, opening GRE) Feb 15 12:30:33 cr132773-d kernel: CSLIP: code copyright 1989 Regents of the University of California Feb 15 12:30:33 cr132773-d kernel: PPP: version 2.3.7 (demand dialling) Feb 15 12:30:33 cr132773-d kernel: PPP line discipline registered. Feb 15 12:30:33 cr132773-d kernel: registered device ppp0 Feb 15 12:30:33 cr132773-d pppd[1604]: pppd 2.3.11 started by root, uid 0 Feb 15 12:30:33 cr132773-d pppd[1604]: Using interface ppp0 Feb 15 12:30:33 cr132773-d pppd[1604]: Connect: ppp0 <--> /dev/pts/1 Feb 15 12:30:33 cr132773-d kernel: PPP BSD Compression module registered Feb 15 12:30:33 cr132773-d kernel: PPP MPPE compression module registered Feb 15 12:30:33 cr132773-d kernel: PPP Deflate Compression module registered Feb 15 12:30:33 cr132773-d pppd[1604]: MSCHAP-v2 peer authentication succeeded for SomeDude Feb 15 12:30:33 cr132773-d pppd[1604]: Cannot determine ethernet address for proxy ARP Feb 15 12:30:33 cr132773-d pppd[1604]: local IP address 172.16.89.127 Feb 15 12:30:33 cr132773-d pppd[1604]: remote IP address 172.16.89.128 Feb 15 12:30:33 cr132773-d pppd[1604]: MPPE 40 bit, stateless compression enabled Feb 15 12:30:33 cr132773-d pppd[1604]: stateless MPPE enforced Feb 15 12:30:46 cr132773-d pppd[1604]: LCP terminated by peer Feb 15 12:30:46 cr132773-d pptpd[1603]: CTRL: Error with select(), quitting Feb 15 12:30:46 cr132773-d pptpd[1603]: CTRL: Client xx.xxx.xxx.xx control connection finished Feb 15 12:30:46 cr132773-d pppd[1604]: Modem hangup Feb 15 12:30:46 cr132773-d pppd[1604]: Connection terminated. Feb 15 12:30:46 cr132773-d pppd[1604]: Connect time 0.3 minutes. Feb 15 12:30:46 cr132773-d pppd[1604]: Sent 513 bytes, received 3317 bytes. Feb 15 12:30:46 cr132773-d pppd[1604]: Exit. and this is what I get when installing that MSDUN128.exe, that 128-bit patch thing. Feb 14 19:20:58 cr132773-d pptpd[5692]: MGR: No free connection slots or IPs - no more clients can connect! Feb 14 19:20:58 cr132773-d pptpd[5855]: CTRL: Client xx.xxx.xxx.xx control connection started Feb 14 19:20:58 cr132773-d pptpd[5855]: CTRL: Starting call (launching pppd, opening GRE) Feb 14 19:20:58 cr132773-d pppd[5856]: pppd 2.3.11 started by root, uid 0 Feb 14 19:20:58 cr132773-d pppd[5856]: Using interface ppp1 Feb 14 19:20:58 cr132773-d pppd[5856]: Connect: ppp1 <--> /dev/pts/1 Feb 14 19:20:58 cr132773-d kernel: PPP BSD Compression module registered Feb 14 19:20:58 cr132773-d kernel: PPP MPPE compression module registered Feb 14 19:20:58 cr132773-d kernel: PPP Deflate Compression module registered Feb 14 19:20:58 cr132773-d pppd[5856]: MSCHAP-v2 peer authentication succeeded for SomeDude Feb 14 19:20:58 cr132773-d pppd[5856]: Received bad configure-ack: Feb 14 19:20:58 cr132773-d pppd[5856]: Cannot determine ethernet address for proxy ARP Feb 14 19:20:58 cr132773-d pppd[5856]: local IP address 172.16.89.127 Feb 14 19:20:58 cr132773-d pppd[5856]: remote IP address 172.16.89.128 Feb 14 19:20:59 cr132773-d pppd[5856]: LCP terminated by peer Feb 14 19:20:59 cr132773-d pptpd[5855]: CTRL: Error with select(), quitting Feb 14 19:20:59 cr132773-d pptpd[5855]: CTRL: Client xx.xxx.xxx.xx control connection finished Feb 14 19:20:59 cr132773-d pppd[5856]: Modem hangup Feb 14 19:20:59 cr132773-d pppd[5856]: Connection terminated. Feb 14 19:20:59 cr132773-d pppd[5856]: Connect time 0.1 minutes. Feb 14 19:20:59 cr132773-d pppd[5856]: Sent 483 bytes, received 513 bytes. Feb 14 19:20:59 cr132773-d pppd[5856]: Exit. From giulioo at pobox.com Wed Feb 14 12:47:15 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Wed, 14 Feb 2001 19:47:15 +0100 Subject: [pptp-server] More PPP Compiling Errors In-Reply-To: <37E1E2BB9C28D311AB390008C707D2A60BAD0FC0@nycexis01.mi8.com> References: <37E1E2BB9C28D311AB390008C707D2A60BAD0FC0@nycexis01.mi8.com> Message-ID: <20010214184940.6C3901639A@i3.golden.dom> On Wed, 14 Feb 2001 13:29:56 -0500, you wrote: > >I've done that... unless I've installed that patch incorrectly. Tell me how >to install it correctly and I will tryt ut If the patch is applied you should get the same output: [from the top dir of your kernel source] $ grep PPP_MAGIC include/linux/if_ppp.h #define PPP_MAGIC 0x5002 $ grep PPP_VERSION include/linux/if_ppp.h #define PPP_VERSION "2.3.11" $ -- giulioo at pobox.com From vu at sivell.com Thu Feb 15 20:43:30 2001 From: vu at sivell.com (Vu Pham) Date: Thu, 15 Feb 2001 20:43:30 -0600 Subject: [pptp-server] dialup over ethernetcard References: Message-ID: <007001c097c2$3fc15ba0$c802a8c0@khoapham> ----- Original Message ----- From: "Daniel Brorsson (ERA)" To: Sent: Thursday, February 15, 2001 5:52 AM Subject: [pptp-server] dialup over ethernetcard > Hello > > I have a small problem here. > > I have one laptop with win98se with vpn support installed with a pcmcia ethernet card and one linux server with pptp 1.01 installed. > > How do i get the laptop to use the vpn connection. > > If i start a browser or dial up with the vpn connection there is an accurat handshake an connection is establised... but then ? > no more packets are sent with the vpn connection, but my browser still works I?ll guess it?s using the ethernetcard directly outside the vpn. Is it me that a complete fool ? how do i get the laptop to communicate over the vpn connection and then over my ethernet card. > The routing table decide which device to use. After having the vpn connection, you will have a device ppp0 on Win. And the routing table will add the route to the internal network address that the vpn uses to go thru this ppp0 device. If you don't choose "Default gateway at the remote site" or something similar that in the Property of the Dialup networking, then the default gateway is still the one you have before the vpn connection is established. The routing table says some like ( make it simply ): if go to 192.168.253.0/24 ( assuming this is the vpn network ) go thru ppp0 else go thru default gateway of the network card. When you access to a machine inside the vpn ( assuming in the same LAN with the vpn server ) then the packet will go thru the ppp0 . If you access the Internet, then the packet will go thru the nic card. Vu From awdavis at qicserv.net Thu Feb 15 22:50:36 2001 From: awdavis at qicserv.net (Andrew W. Davis) Date: Thu, 15 Feb 2001 22:50:36 -0600 Subject: [pptp-server] Everything works but... Message-ID: <3A8CB19B.23128FFA@qicserv.net> Everything works! (cue heavenly voices) The only problem I'm having now is that all the ppp modules don't automatically load on boot like I need them to. In fact, the ppp module doesn't even load. Can anyone direct me at some docs on getting modules to load on boot? Thanks again for all your help people. What really did the trick was going in an manually changing the if_pppvar.h and if_ppp.h files since the patch for the 2.2.17 kernel didn't work didn't go automatically. Andrew From terrys at maths.uwa.edu.au Fri Feb 16 01:34:54 2001 From: terrys at maths.uwa.edu.au (Terry Stillone) Date: Fri, 16 Feb 2001 15:34:54 +0800 Subject: [pptp-server] Problems with PPTP on Digital Unix 4.0d Message-ID: <001301c097ea$f5272a60$0a00a8c0@hue> PPTP compiled fine on our Digital UNIX Alpha but won't run successfully [using a Windows client]. We tested the same source and configuration on a Redhat Linux system and that operated fine. Details of Alpha setup: OS: Digital Unix 4.0d PPP: Version 2.3.11 PPTP: Version 1.01 Network: Switched 10baseT - no firewalls Compiler: GCC 2.7.2.3 Has anyone got PPTP to run on a Digital Unix system ? After analysing the results of tcpdump scans and placing debug in the pptpcrtl code it appears that the problem is with the GRE socket [gre_fd]. The socket can send GRE packets out but the select system call is not recognising that there are packets available to read on the gre socket. Tcpdump scanning on the Alpha showed that it was observing GRE packets from the client but the select call on the GRE raw socket was not acknowledging that they were available to be read. Many Thanks, Terry -------------- next part -------------- An HTML attachment was scrubbed... URL: From david_luyer at pacific.net.au Fri Feb 16 05:41:11 2001 From: david_luyer at pacific.net.au (David Luyer) Date: Fri, 16 Feb 2001 22:41:11 +1100 Subject: [pptp-server] Problems with PPTP on Digital Unix 4.0d In-Reply-To: Message from "Terry Stillone" of "Fri, 16 Feb 2001 15:34:54 +0800." <001301c097ea$f5272a60$0a00a8c0@hue> References: <001301c097ea$f5272a60$0a00a8c0@hue> Message-ID: <200102161141.f1GBfBY10724@typhaon.pacific.net.au> > Tcpdump scanning on the Alpha showed that it was observing GRE packets > from the client but the select call on the GRE raw socket was not > acknowledging that they were available to be read. I seem to remember coming to a similar conclusion once before; a solution would be to write something which uses bpf to capture GRE packets (ie, effectively tcpdump for GRE packets...). I'd expect it wouldn't be too hard. Or just install Linux on the Alpha :-) David. -- David Luyer Phone: +61 3 9674 7525 Senior Network Engineer P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 2983 http://www.pacific.net.au/ NASDAQ: PCNTF From khaight at firespout.com Fri Feb 16 06:37:02 2001 From: khaight at firespout.com (Kris Haight) Date: Fri, 16 Feb 2001 07:37:02 -0500 Subject: [pptp-server] More PPP Compiling Errors Message-ID: <37E1E2BB9C28D311AB390008C707D2A60BAD0FC6@nycexis01.mi8.com> Okay.. I've gotten past the PPP_MAGIC problems, but now the ppp_mppe.o module will not compile withe the rest? Any ideas would be greatly appreciated =) -- Kris -----Original Message----- From: Giulio Orsero [mailto:giulioo at pobox.com] Sent: Wednesday, February 14, 2001 1:47 PM To: Kris Haight Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] More PPP Compiling Errors On Wed, 14 Feb 2001 13:29:56 -0500, you wrote: > >I've done that... unless I've installed that patch incorrectly. Tell me how >to install it correctly and I will tryt ut If the patch is applied you should get the same output: [from the top dir of your kernel source] $ grep PPP_MAGIC include/linux/if_ppp.h #define PPP_MAGIC 0x5002 $ grep PPP_VERSION include/linux/if_ppp.h #define PPP_VERSION "2.3.11" $ -- giulioo at pobox.com From giulioo at pobox.com Fri Feb 16 07:18:12 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Fri, 16 Feb 2001 14:18:12 +0100 Subject: [pptp-server] More PPP Compiling Errors In-Reply-To: <37E1E2BB9C28D311AB390008C707D2A60BAD0FC6@nycexis01.mi8.com> References: <37E1E2BB9C28D311AB390008C707D2A60BAD0FC6@nycexis01.mi8.com> Message-ID: <20010216132042.71E08163A6@i3.golden.dom> On Fri, 16 Feb 2001 07:37:02 -0500, you wrote: >Okay.. I've gotten past the PPP_MAGIC problems, but now the ppp_mppe.o >module will not compile withe the rest? >Any ideas would be greatly appreciated =) show the error. -- giulioo at pobox.com From khaight at firespout.com Fri Feb 16 07:34:15 2001 From: khaight at firespout.com (Kris Haight) Date: Fri, 16 Feb 2001 08:34:15 -0500 Subject: [pptp-server] More PPP Compiling Errors Message-ID: <37E1E2BB9C28D311AB390008C707D2A60BAD0FC7@nycexis01.mi8.com> Nevermind I figgured it out. Its 8am here.. I need more coffee. I should have RTFMA, or in this case Read the F**kin FAQ. it had the answer in it. =) Its important to work with a *FRESH* kernel source and ppp. I had to remove everything and start over and it worked without a flaw Now lets see if this puppy wants to work =) Thanks Again everyone for your help!!!! -----Original Message----- From: Giulio Orsero [mailto:giulioo at pobox.com] Sent: Friday, February 16, 2001 8:18 AM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] More PPP Compiling Errors On Fri, 16 Feb 2001 07:37:02 -0500, you wrote: >Okay.. I've gotten past the PPP_MAGIC problems, but now the ppp_mppe.o >module will not compile withe the rest? >Any ideas would be greatly appreciated =) show the error. -- giulioo at pobox.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From khaight at firespout.com Fri Feb 16 08:57:24 2001 From: khaight at firespout.com (Kris Haight) Date: Fri, 16 Feb 2001 09:57:24 -0500 Subject: [pptp-server] A few more questions Message-ID: <37E1E2BB9C28D311AB390008C707D2A60BAD0FC8@nycexis01.mi8.com> Hello All- Well.. I think I have the server up and going, and I've (I think) sucessfully got the enycrption peice working Now my question is how do I know if my data connection is using data encryption? (If this is at all possible with PoPToe), or if my login is secure? I'm using a Windows 2000 client to test this btw. Thanks yet again? :) -- Kris From gord at amador.ca Fri Feb 16 09:13:04 2001 From: gord at amador.ca (Gord Belsey) Date: Fri, 16 Feb 2001 08:13:04 -0700 Subject: [pptp-server] Duplicate mail from the list Message-ID: <002c01c0982a$f5d1ce30$280111ac@amadorinc.com> Is it just me, or is someone else getting duplicates from this list? It started at about 9am on Tuesday. All mails from the list are duplicates Gord Belsey From shorta at axcomp.com Fri Feb 16 10:08:07 2001 From: shorta at axcomp.com (Allan Short) Date: Fri, 16 Feb 2001 10:08:07 -0600 Subject: [pptp-server] PoPToP 1.0.0 - RH6 - WebRamp 315i Message-ID: Hi all, Has anyone out there had any success getting a webramp and poptop to work together? After finally finding the solution to why it wouldn't authenticate to the server (Webramps apparently only use PAP?). I have been able to get it connected now and both sides show the successful connection. However, I can't ping across my tunnel from behind the webramp, and vice versa. I have a computer with Win2K Professional loaded on it, and it has no problems connecting to the VPN server and communicating to anything behind it. Does anyone have any ideas what to try? Thanks, Al From giulioo at pobox.com Fri Feb 16 10:36:07 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Fri, 16 Feb 2001 17:36:07 +0100 Subject: [pptp-server] A few more questions In-Reply-To: <37E1E2BB9C28D311AB390008C707D2A60BAD0FC8@nycexis01.mi8.com> References: <37E1E2BB9C28D311AB390008C707D2A60BAD0FC8@nycexis01.mi8.com> Message-ID: <20010216164141.ADCFE163AC@i3.golden.dom> On Fri, 16 Feb 2001 09:57:24 -0500, you wrote: >Now my question is how do I know if my data connection is using data >encryption? (If this is at all possible with PoPToe), or if my login is >secure? >I'm using a Windows 2000 client to test this btw. On the server look at the logs: pppd[16309]: MPPE 128 bit, stateless compression enabled means 128bit and so on. On the client look at the properties of the tray icon. You can force encryption on the client, using appropriate check box in win, or on the server pppd[16309]: MPPE 128 bit, stateless compression enabled pppd[16309]: stateless MPPE enforced using appropriate patch: http://themm.net/require-mppe.diff -- giulioo at pobox.com From khaight at firespout.com Fri Feb 16 11:05:48 2001 From: khaight at firespout.com (Kris Haight) Date: Fri, 16 Feb 2001 12:05:48 -0500 Subject: [pptp-server] A few more questions Message-ID: <37E1E2BB9C28D311AB390008C707D2A60BAD0FC9@nycexis01.mi8.com> I'm going to add to this one. I've got the encryption to work, and I can see it. However I can only get the encyrption to work when I use pptpctrl, and the arguements do not work. If I say in the inetd.conf: pptpctrl 0 0 0 0 0 0 Windows responds back and says "The Server could not assign an IP address" if I say: pptpctrl 0 1 /etc/ppp/options.pptpd 0 0 0 0 I get the same thing. However, if I do something like: pptpctrl 0 1 /etc/ppp/options.pptpd 1 115200 1 192.168.0.12 1 192.168.0.210 0 *.12 being the vpn server itself and *.210 being the Ip from the range I want it to use to assign ips. This works. BUT I would like to use more than 1 IP address on my server =) Is there any way to get the pptpctrl to read the ppptd.conf file? This is the ONLY way I can get encryption to work properly. Thanks -- Kris My Log file looks something at the bottom of this email. -----Original Message----- From: Kris Haight [mailto:khaight at firespout.com] Sent: Friday, February 16, 2001 9:57 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] A few more questions Hello All- Well.. I think I have the server up and going, and I've (I think) sucessfully got the enycrption peice working Now my question is how do I know if my data connection is using data encryption? (If this is at all possible with PoPToe), or if my login is secure? I'm using a Windows 2000 client to test this btw. Thanks yet again? :) -- Kris _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! --- From Log File --- Feb 16 12:10:15 voon pptpd[1679]: CTRL: Client 165.247.4.52 control connection started Feb 16 12:10:15 voon pptpd[1679]: CTRL: Starting call (launching pppd, opening GRE) Feb 16 12:10:15 voon pppd[1680]: pppd 2.3.11 started by root, uid 0 Feb 16 12:10:15 voon pppd[1680]: Using interface ppp0 Feb 16 12:10:15 voon pppd[1680]: Connect: ppp0 <--> /dev/pts/1 Feb 16 12:10:15 voon pppd[1680]: sent [LCP ConfReq id=0x1 ] Feb 16 12:10:15 voon pppd[1680]: Timeout 0x80503d4:0x80784c0 in 3 seconds. Feb 16 12:10:15 voon pptpd[1679]: GRE: Discarding duplicate packet Feb 16 12:10:15 voon pppd[1680]: rcvd [LCP ConfAck id=0x1 ] Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x1 < 0d 03 06> < 11 04 06 4e> < 13 17 01 02 3b 94 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 00 1b>] Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 13 Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 17 Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 19 Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFREJ. Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 11 04 06 4e> < 13 17 01 02 3b 94 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 00 1b>] Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x2 ] Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFACK. Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfAck id=0x2 ] Feb 16 12:10:17 voon pppd[1680]: Untimeout 0x80503d4:0x80784c0. Feb 16 12:10:17 voon pppd[1680]: sent [CHAP Challenge id=0x1 , name = "pptpd"] Feb 16 12:10:17 voon pppd[1680]: Timeout 0x8055b40:0x80787a0 in 3 seconds. Feb 16 12:10:17 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x3 31 54 71 b9 4d 53 52 41 53 56 35 2e 30 30] Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x2 0c 03 00 12 31 54 71 b9 4d 53 52 41 53 56 35 2e 30 30] Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x4 31 54 71 b9 4d 53 52 41 53 2d 31 2d 49 52 41 5a 55] Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x3 0c 04 00 15 31 54 71 b9 4d 53 52 41 53 2d 31 2d 49 52 41 5a 55] Feb 16 12:10:18 voon pppd[1680]: rcvd [CHAP Response id=0x1 , name = "vpn"] Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x8055b40:0x80787a0. Feb 16 12:10:18 voon pppd[1680]: ChapReceiveResponse: rcvd type CHAP-DIGEST-MD5 Feb 16 12:10:18 voon pppd[1680]: sent [CHAP Success id=0x1 "Welcome to voon.firespout.net."] Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x1 ] Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x1 ] Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. Feb 16 12:10:18 voon pppd[1680]: CHAP peer authentication succeeded for vpn Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfReq id=0x5 ] Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfRej id=0x5 ] Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x6 ] Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x6 ] Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfRej id=0x1 ] Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x2 ] Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfRej id=0x1 ] Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x2] Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP TermReq id=0x7"1Tq\37777777671\000<\37777777715t\000\000\002\37777777734"] Feb 16 12:10:18 voon pppd[1680]: sent [CCP TermAck id=0x7] Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x8 ] Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x8 ] Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfAck id=0x2 ] Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP TermReq id=0x9 "1Tq\37777777671\000<\37777777715t\000\000\002\37777777742"] Feb 16 12:10:18 voon pppd[1680]: sent [IPCP TermAck id=0x9] Feb 16 12:10:18 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Feb 16 12:10:18 voon pptpd[1679]: CTRL: Error with select(), quitting Feb 16 12:10:18 voon pppd[1680]: Modem hangup Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. Feb 16 12:10:18 voon pppd[1680]: Connection terminated. Feb 16 12:10:18 voon pppd[1680]: Connect time 0.1 minutes. Feb 16 12:10:18 voon pppd[1680]: Sent 577 bytes, received 524 bytes. Feb 16 12:10:18 voon pppd[1680]: Exit. Feb 16 12:10:19 voon pptpd[1679]: CTRL: Client 165.247.4.52 control connection finished From Anance at syssrc.com Fri Feb 16 12:02:04 2001 From: Anance at syssrc.com (Alexander Nance) Date: Fri, 16 Feb 2001 13:02:04 -0500 Subject: [pptp-server] Cable Modem Problem Message-ID: a lot of residential providers including the @Home services are starting to implement this blocking to cut down bandwidth. It is in my subscriber agreement. >>> "george csahanin" 02/14/01 02:13AM >>> Anyone ever heard of AT&T suddenly not passing port 1723 to your cable modem? Really looks like that was what happenned to me today. Worked fine, was able to watch inside the house while travelling, then port 1723 no longer was "visible" Recompiled pptp and pptpd for port 1722, and while still not working for another reason, both sides saw each other... -George C _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From musolino at pegasus.montclair.edu Fri Feb 16 15:09:54 2001 From: musolino at pegasus.montclair.edu (Trivial-pursuit) Date: Fri, 16 Feb 2001 16:09:54 -0500 (EST) Subject: [pptp-server] Unresolved Symbols Message-ID: I have been working at getting pptp working, and have read multiple lists and docs and got to this point: insmod ppp_mppe.o ppp_mppe.o: unresolved symbol __floatsidf ppp_mppe.o: unresolved symbol __adddf3 I have done this from /lib/modules/2.2.18/net/ and from /usr/src/linux/drivers/net PPP: PPP-2.4.0 Poptop: pptp-1.0.1 kernel: linux-2.2.18 cpu: TI UltraSparc IIi sparc64-linux-gcc.egcs64 --version: egcs-2.92.11 ppp-2.4.0-openssl-0.9.6-mppe.patch.gz installed all the rc4 files are in /usr/src/linux/drivers/net Any clues? From scott.venier at compaq.com Fri Feb 16 17:44:09 2001 From: scott.venier at compaq.com (Scott Venier) Date: Fri, 16 Feb 2001 18:44:09 -0500 (EST) Subject: [pptp-server] Unresolved Symbols In-Reply-To: Message-ID: Find the line in the mppe source that has floats in it and turn them into ints. It'll break the statistics, but the kernel is supposed to be doing floating point math anyway. Scott On Fri, 16 Feb 2001, Trivial-pursuit wrote: > > I have been working at getting pptp working, and have read multiple > lists > and docs and got to this point: > > insmod ppp_mppe.o > ppp_mppe.o: unresolved symbol __floatsidf > ppp_mppe.o: unresolved symbol __adddf3 > > I have done this > from /lib/modules/2.2.18/net/ > and > from /usr/src/linux/drivers/net > > PPP: PPP-2.4.0 > Poptop: pptp-1.0.1 > kernel: linux-2.2.18 > cpu: TI UltraSparc IIi > sparc64-linux-gcc.egcs64 --version: egcs-2.92.11 > ppp-2.4.0-openssl-0.9.6-mppe.patch.gz installed > all the rc4 files are in /usr/src/linux/drivers/net > > Any clues? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From schulz at videotron.ca Fri Feb 16 22:25:54 2001 From: schulz at videotron.ca (schulz) Date: Fri, 16 Feb 2001 23:25:54 -0500 Subject: [pptp-server] client pptp-linux-1.0.2 + pppd-mppe-2.3.11 CLP ProtRej problem Message-ID: <3A8DFD52.83B9AFC7@videotron.ca> I think I have set up pptp and pppd following the directions by http://jefe.org/Newschool/Projects/PPTP/newHOWTO-PoPToP.html#3.0, http://neurosis.hungry.com/~ben/software/pptp.html and http://personal.rdu.bellsouth.net/rdu/t/a/tayljl/linux-pptp-client/linux-pptp-client-setup.html. In the log I see a connection established and try a simple ping into the target network. Instead I receive a LCP ProtRej. Here's the setup as seen by 'ip addr' and 'ip route': (Note that the assigned addresses are part of the target network) 1: lo: mtu 3924 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:60:67:33:b6:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.100.100/24 brd 192.168.100.255 scope global eth0 11: ppp0: mtu 1492 qdisc pfifo_fast qlen 10 link/ppp inet 'my assigned address' peer 'remote tunnel address'/32 scope global ppp0 'remote tunnel address' dev ppp0 proto kernel scope link src 'my assigned address' 'vpn server' via 192.168.100.103 dev eth0 192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.100 'remote network'/24 via 'remote tunnel address' dev ppp0 127.0.0.0/8 dev lo scope link default via 192.168.100.103 dev eth0 But what happens is (e.g. simple ping, kdebug 7 output): Feb 16 22:10:26 minou kernel: ppp: write frame, count = 88 Feb 16 22:10:26 minou kernel: FF 03 00 21 45 00 00 54 ...!E..T Feb 16 22:10:26 minou kernel: B2 6B 00 00 40 01 A7 FB .k.. at ... ... Feb 16 22:10:26 minou kernel: 08 00 82 E6 1A 03 00 00 ........ Feb 16 22:10:26 minou kernel: A2 EB 8D 3A 38 ED 07 00 ...:8... Feb 16 22:10:26 minou kernel: 08 09 0A 0B 0C 0D 0E 0F ........ Feb 16 22:10:26 minou kernel: 10 11 12 13 14 15 16 17 ........ Feb 16 22:10:26 minou kernel: 18 19 1A 1B 1C 1D 1E 1F ........ Feb 16 22:10:26 minou kernel: 20 21 22 23 24 25 26 27 !"#$%&' Feb 16 22:10:26 minou kernel: 28 29 2A 2B 2C 2D 2E 2F ()*+,-./ Feb 16 22:10:26 minou kernel: 30 31 32 33 34 35 36 37 01234567 ... Feb 16 22:10:30 minou pppd[786]: rcvd [LCP ProtRej id=0x7 c2 a3 d3 f5 38 d3 99 7 a ab c3 31 67 2e 20 8a 34 60 1c fc a9 56 88 ed 0b 0d d1 94 37 be df 9f dd c6 9c 2e a0 c9 d7 96 12 b5 25 c7 7d 48 6f ef 4d e3 5a e4 46 5e 9b ca 91 c8 41 f6 53 e2 9e 1c 11 bf 14 80 21 08 26 5b 77 a5 cf b1 ee b9 Feb 16 22:10:30 minou pppd[786]: Protocol-Reject for unsupported protocol 0xc2a3 What's going on here? Here are few more snippets from the preceding protocol exchange log: ... Feb 16 22:10:17 minou kernel: ppp_proto_ccp rcvd=1 code=1 flags=f071043 Feb 16 22:10:17 minou kernel: ppp_proto_ccp rcvd=1 code=2 flags=f071043 Feb 16 22:10:17 minou kernel: ppp0: decomp running Feb 16 22:10:17 minou pppd[786]: rcvd [IPCP ConfAck id=0x2 ] Feb 16 22:10:17 minou pppd[786]: ipcp: up Feb 16 22:10:17 minou kernel: ppp_ioctl: set flags to f07304b Feb 16 22:10:17 minou kernel: ppp: set np 0 to 0 Feb 16 22:10:17 minou pppd[786]: Cannot determine ethernet address for proxy ARP Feb 16 22:10:17 minou pppd[786]: local IP address x.x.x.x Feb 16 22:10:17 minou pppd[786]: remote IP address x.x.x.y Feb 16 22:10:17 minou pppd[786]: Script /etc/ppp/ip-up started (pid 788) Feb 16 22:10:17 minou pppd[786]: rcvd [CCP ConfReq id=0x6 ] Feb 16 22:10:17 minou pppd[786]: sent [CCP ConfAck id=0x6 ] Feb 16 22:10:17 minou kernel: ppp_proto_ccp rcvd=0 code=2 flags=f07204b Feb 16 22:10:17 minou kernel: ppp0: comp running Feb 16 22:10:17 minou pppd[786]: Untimeout 0x805096c:0x8079a20. Feb 16 22:10:17 minou kernel: ppp_ioctl: set flags to f0730cb Feb 16 22:10:17 minou pppd[786]: MPPE 128 bit, non-stateless compression enabled Feb 16 22:10:17 minou pppd[786]: Script /etc/ppp/ip-up finished (pid 788), status = 0x0 ... From alex at milton.king.net.nz Sat Feb 17 01:19:13 2001 From: alex at milton.king.net.nz (Alex King) Date: Sat, 17 Feb 2001 20:19:13 +1300 Subject: [pptp-server] 2.4 woes In-Reply-To: <20010215000058.A19565@milton.king.net.nz>; from alex@milton.king.net.nz on Thu, Feb 15, 2001 at 12:00:58AM +1300 References: <20010215000058.A19565@milton.king.net.nz> Message-ID: <20010217201913.A5815@milton.king.net.nz> Thanks to those who replied, I'm 90% there now. I thought I'd post an interim status report on my efforts. Basically, my target was a Debian potato system with Kernel 2.4 and pptpd working with ms-chap and ms enccyption. This is what I did to get it going: Grabbed modutils (2.4.102) sources from woody and compiled and installed. Grabbed kernel linux-2.4.1.tar.bz2 grabbed ftp://ftp.binarix.com/pub/ppp-mppe/linux-2.4.0-openssl-0.9.6-mppe.patch.gz Patched built and installed kernel Grabbed ppp (2.4.0f-1) sources from woody, and unpacked thru to the sources.make stage. (ie completed the patching for debian) Grabbed http://linus.yi.org/linux/smbpw-mppe-stripdom-requiremppe.diff.bz2 and used it to patch the ppp sources. Only one hunk failed and had to be manually applied. Compiled and installed ppp package. Installed the pptpd (1.0.0-4) package from potato. Tested against a Win98 client; it can do ms-chap and ms encryption and basically works. ...Only I didn't do it like that, here are the issues I encountered... 1. checking passwords against /etc/smbpasswd still doesn't seem to work although I beleive I have it set up correctly. 2. tried to work it with a kernel with everything compiled in - mppe encryption doesn't seem to work compiled in to the kernel. I checked the System.map of the compiled kernel - the mppe functions actually appear in the kernel - but it wasn't working. As soon as I compiled a modular kernel with ppp_async and ppp_mppe as modules and modprobed them, it started working - yet nothing else was changed. My conclusion is - and I'd like to hear others' experience with this - even though it compiles into a kernel mppe doesnt work compiled in. 3. Documentation is incomplete and trailing the bleeding edge - the archives of this list were the best source of documentation. I'm willing to write up my experiences more fully - if anyone is interested let me know and I'll post them on a web page. Also I think by far the best way to advance pptpd and make it simpler for people to use would be to integrate some of these kernel/pppd patches with the upstream sources. What is preventing this happening? Anyone know? Alex On Thu, Feb 15, 2001 at 12:00:58AM +1300, Alex King wrote: > I'm having this basic problem using pptp with linux 2.4.1: it doesn't > work. (syslog included below:) > > After a little research tonight (reading the list archive) I realise > one of my problems at least is likely to be my using pppd 2.3.11 (vs > 2.4.0 which I should have). > > I selected a 2.4 kernel before considering the pptp issues because it > supports my ide controler natively (an HPT366 on an ABIT MB), I would > need to find a patch to use 2.2. > > My basic question is is it going to be easier to downgrade the kernel > or do people have 2.4.1/ppp 2.4.0/pptpd working well now? > > Secondly, I'm just trying with standard kernel/pppd at the moment, no > encryption. When I go to using encryption, can I build all the needed > drivers in to the kernel, or do they need to be modules? I prefer to > have my kernels setup without modules if possible. > > Finally, I'm using standard debian packages, I'd be interested in > other debian users' experiences, and to know if there are debian > packages floating around for mschap/mppe enabled kernel/pppd. > > Here is my present configuration: > > Win98 Internet Nokia Linux Router Private > Client --- --- DSL Box --- PPTP Box --- network > > The nokia pinholes (reverse masquerades) the tcp control conection and > proto 47 (if I have it set up correctly). > > Here is the extract from the logs: > > Feb 14 13:44:38 server pptpd[6635]: CTRL: Client 202.36.170.118 > control connection started > Feb 14 13:44:39 server pptpd[6635]: CTRL: Starting call (launching > pppd, opening GRE) > Feb 14 13:44:39 server pppd[6636]: pppd 2.3.11 started by root, uid 0 > Feb 14 13:44:39 server pppd[6636]: ioctl(PPPIOCGFLAGS): Invalid > argument > Feb 14 13:44:39 server pppd[6636]: tcsetattr: Invalid argument > Feb 14 13:44:39 server pppd[6636]: Exit. > Feb 14 13:44:39 server pptpd[6635]: GRE: > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error > = Input/output error > Feb 14 13:44:39 server pptpd[6635]: CTRL: PTY read or GRE write > failed (pty,gre) =(5,6) > Feb 14 13:44:39 server pptpd[6635]: CTRL: Client 202.36.170.118 > control connection finished > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From berto at fatamorgana.com Sat Feb 17 08:50:44 2001 From: berto at fatamorgana.com (Roberto Arcomano) Date: Sat, 17 Feb 2001 15:50:44 +0100 Subject: [pptp-server] Ok with pppd 2.3.8, problems with pppd 2.3.11 Message-ID: <3A8E8FC4.7056CCCC@fatamorgana.com> Hi all, I have a little problem with my pptpd Linux client connecting with a NT server. If I use: RedHat 6.2, Kernel 2.2.16, pppd 2.3.8 (patched) all is ok but when I try with RedHat 7.0, Kernel 2.4.0, pppd 2.3.11 (patched) I receive a problem like this (from my syslog): Feb 17 15:03:09 berto modprobe: modprobe: Can't locate module ppp1 Feb 17 15:03:14 berto (unknown)[3303]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection established. Feb 17 15:03:14 berto pppd[1195]: rcvd [LCP EchoReq id=0xc1 magic=0xdb534b83 78 00 18 04] Feb 17 15:03:14 berto pppd[1195]: sent [LCP EchoRep id=0xc1 magic=0x705d2e85 15 03 2f 01] Feb 17 15:03:15 berto (unknown)[3303]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. Feb 17 15:03:15 berto pppd[3305]: pppd 2.3.11 started by root, uid 0 Feb 17 15:03:15 berto pppd[3305]: Using interface ppp1 Feb 17 15:03:15 berto pppd[3305]: Connect: ppp1 <--> /dev/ttya0 Feb 17 15:03:15 berto pppd[3305]: sent [LCP ConfReq id=0x1 ] Feb 17 15:03:15 berto pppd[3305]: Timeout 0x805085c:0x80790c0 in 3 seconds. Feb 17 15:03:17 berto pppd[3305]: rcvd [LCP ConfAck id=0x1 ] Feb 17 15:03:18 berto pppd[3305]: rcvd [LCP ConfReq id=0x1 ] Feb 17 15:03:18 berto pppd[3305]: lcp_reqci: returning CONFACK. Feb 17 15:03:18 berto pppd[3305]: sent [LCP ConfAck id=0x1 ] Feb 17 15:03:18 berto pppd[3305]: Untimeout 0x805085c:0x80790c0. Feb 17 15:03:18 berto pppd[3305]: sent [PAP AuthReq id=0x1 user="mylogin" password=] Feb 17 15:03:18 berto pppd[3305]: Timeout 0x8055888:0x8079360 in 3 seconds. Feb 17 15:03:19 berto pppd[3305]: rcvd [PAP AuthAck id=0x1 ""] Feb 17 15:03:19 berto pppd[3305]: sent [IPCP ConfReq id=0x1 ] Feb 17 15:03:19 berto pppd[3305]: Timeout 0x805085c:0x8079320 in 3 seconds. Feb 17 15:03:19 berto pppd[3305]: sent [CCP ConfReq id=0x1 ] Feb 17 15:03:19 berto pppd[3305]: Timeout 0x805085c:0x8079440 in 3 seconds. Feb 17 15:03:19 berto pppd[3305]: rcvd [IPCP ConfReq id=0x1 ] Feb 17 15:03:19 berto pppd[3305]: ipcp: returning Configure-ACK Feb 17 15:03:19 berto pppd[3305]: sent [IPCP ConfAck id=0x1 ] Feb 17 15:03:19 berto pppd[3305]: rcvd [CCP ConfReq id=0x1 ] Feb 17 15:03:19 berto pppd[3305]: sent [CCP ConfAck id=0x1 ] Feb 17 15:03:19 berto pppd[3305]: rcvd [IPCP ConfNak id=0x1 ] Feb 17 15:03:19 berto pppd[3305]: Untimeout 0x805085c:0x8079320. Feb 17 15:03:19 berto pppd[3305]: sent [IPCP ConfReq id=0x2 ] Feb 17 15:03:19 berto pppd[3305]: Timeout 0x805085c:0x8079320 in 3 seconds. Feb 17 15:03:19 berto pppd[3305]: rcvd [CCP ConfAck id=0x1 ] Feb 17 15:03:19 berto pppd[3305]: Untimeout 0x805085c:0x8079440. Feb 17 15:03:19 berto pppd[3305]: Deflate (15) compression enabled Feb 17 15:03:19 berto pppd[3305]: rcvd [IPCP ConfAck id=0x2 ] Feb 17 15:03:19 berto pppd[3305]: Untimeout 0x805085c:0x8079320. Feb 17 15:03:19 berto pppd[3305]: ipcp: up Feb 17 15:03:19 berto pppd[3305]: Peer is not authorized to use remote address 212.31.242.99 Feb 17 15:03:19 berto pppd[3305]: ipcp: down Feb 17 15:03:19 berto pppd[3305]: sent [IPCP TermReq id=0x3 "Unauthorized remote IP address"] Feb 17 15:03:19 berto pppd[3305]: Timeout 0x805085c:0x8079320 in 3 seconds. Feb 17 15:03:19 berto pppd[3305]: rcvd [IPCP TermAck id=0x3] Feb 17 15:03:19 berto pppd[3305]: Untimeout 0x805085c:0x8079320. Feb 17 15:03:19 berto pppd[3305]: sent [LCP TermReq id=0x2 "No network protocols running"] Feb 17 15:03:19 berto pppd[3305]: Timeout 0x805085c:0x80790c0 in 3 seconds. Feb 17 15:03:19 berto pppd[3305]: rcvd [LCP TermAck id=0x2] Feb 17 15:03:19 berto pppd[3305]: Untimeout 0x805085c:0x80790c0. Feb 17 15:03:19 berto pppd[3305]: Connection terminated. Feb 17 15:03:19 berto pppd[3305]: Connect time 0.1 minutes. Feb 17 15:03:19 berto pppd[3305]: Sent 156 bytes, received 72 bytes. Feb 17 15:03:20 berto pppd[3305]: Exit. In my /var/log/messages I can see : Peer is not authorized to use remote address 212.31.242.99 I don't know why, I patched my pppd 2.3.11 with 2 patches available..... I need to patch my 2.4.0 kernel? I tried it but then I cannot compile it cause source tell me there is a problem in pppoe module. I saw that when I typed "make kernel" in pppd.2.3.11 patched I view that it cannot overwrite 3-4 source files cause they are older than original ones. I have to write them anyway? Maybe it could be useful to know I connect to Netsystem (new Italian Sat ISP) server to authenticate myself. Thank you Roberto Arcomano From santtu.hyrkko at hut.fi Sat Feb 17 10:56:57 2001 From: santtu.hyrkko at hut.fi (Santtu =?iso-8859-1?q?Hyrkk=F6?=) Date: 17 Feb 2001 18:56:57 +0200 Subject: [pptp-server] client pptp-linux-1.0.2 + pppd-mppe-2.3.11 CLP ProtRej problem In-Reply-To: <3A8DFD52.83B9AFC7@videotron.ca> References: <3A8DFD52.83B9AFC7@videotron.ca> Message-ID: <87y9v52qp2.fsf@ab62d3hel.dial.kolumbus.fi> schulz writes: > Feb 16 22:10:30 minou pppd[786]: Protocol-Reject for unsupported > protocol 0xc2a3 Is this protocol number always the same? -- Santtu Hyrkk? From cwood at wencor.com Sat Feb 17 11:24:06 2001 From: cwood at wencor.com (Chris Wood) Date: Sat, 17 Feb 2001 10:24:06 -0700 (MST) Subject: [pptp-server] Error 619 with W2k Message-ID: I have been running PoPToP for about a year and am finally frustrated enough with one thing that I am in search of help. I have about 5 users connecting to the PoPToP server using mostly Win98 and one user using W2k. All of these machine work perfectly, except for my own home machine which is also a W2k machine. When I originally setup PoPToP it worked great. Now, it will fail to connect about 90% of the time. Every now and then it will connect just fine. Once it fails to connect though, it won't connect at all if I keep retrying or even if I wait 20 minutes. Something has to have changed with my home machine, but I cannot figure out what it is. I used my home machine for testing when I installed the PoPToP software, so I'm baffled why it won't play nice now. My setup: DSL connection via NAT, Windows 2000 with all of the latest updates. PoPToP server is a Debian box with full patches for all the encryption security options for PoPToP. Server is not on the same ISP as my DSL. I've wondered if it is related to timeouts or anything. Even rebooting my pc, rebooting the Server or rebooting my DSL router doesn't fix it. What is most frustrating is that it DOES work sometimes. Does anyone have any ideas? I'm going to be adding another 10 users to this setup, and suspect I may run into this... it also makes it much harder to work from home. Can anyone suggest what to look at? --log-- Feb 17 04:09:10 gateway pppd[7345]: pppd 2.3.11 started by root, uid 0 Feb 17 04:09:10 gateway pppd[7345]: Using interface ppp0 Feb 17 04:09:10 gateway pppd[7345]: Connect: ppp0 <--> /dev/pts/1 Feb 17 04:09:40 gateway pppd[7345]: LCP: timeout sending Config-Requests Feb 17 04:09:40 gateway pppd[7345]: Connection terminated. Feb 17 04:09:40 gateway pppd[7345]: Exit. -- -=-=-=-=-=- Chris Wood Kitco, Inc. Dixie Aerospace 801-489-2097 Wencor West, Inc. Durham Aircraft Serv. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From cwood at wencor.com Sat Feb 17 12:20:46 2001 From: cwood at wencor.com (Chris Wood) Date: Sat, 17 Feb 2001 11:20:46 -0700 (Mountain Standard Time) Subject: [pptp-server] Error 619 with W2k In-Reply-To: Message-ID: On Sat, 17 Feb 2001, Chris Wood wrote: > --log-- > > Feb 17 04:09:10 gateway pppd[7345]: pppd 2.3.11 started by root, uid 0 > Feb 17 04:09:10 gateway pppd[7345]: Using interface ppp0 > Feb 17 04:09:10 gateway pppd[7345]: Connect: ppp0 <--> /dev/pts/1 > Feb 17 04:09:40 gateway pppd[7345]: LCP: timeout sending Config-Requests > Feb 17 04:09:40 gateway pppd[7345]: Connection terminated. > Feb 17 04:09:40 gateway pppd[7345]: Exit. > > > Feb 17 04:05:52 gateway -- MARK -- Feb 17 04:09:10 gateway pppd[7345]: pppd 2.3.11 started by root, uid 0 Feb 17 04:09:10 gateway pppd[7345]: Using interface ppp0 Feb 17 04:09:10 gateway pppd[7345]: Connect: ppp0 <--> /dev/pts/1 Feb 17 04:09:40 gateway pppd[7345]: LCP: timeout sending Config-Requests Feb 17 04:09:40 gateway pppd[7345]: Connection terminated. Feb 17 04:09:40 gateway pppd[7345]: Exit. Feb 17 04:18:49 gateway pppd[7366]: pppd 2.3.11 started by root, uid 0 Feb 17 04:18:49 gateway pppd[7366]: Using interface ppp0 Feb 17 04:18:49 gateway pppd[7366]: Connect: ppp0 <--> /dev/pts/1 Feb 17 04:18:51 gateway pppd[7366]: MSCHAP-v2 peer authentication succeeded for cwood Feb 17 04:18:52 gateway pppd[7366]: found interface eth1 for proxy arp Feb 17 04:18:52 gateway pppd[7366]: local IP address 172.16.59.234 Feb 17 04:18:52 gateway pppd[7366]: remote IP address 172.16.59.239 Feb 17 04:18:58 gateway pppd[7366]: MPPE 128 bit, stateless compression enabled Feb 17 04:18:58 gateway pppd[7366]: MPPE 128 bit, stateless compression enabled A few minutes after I sent the email, I tried connected and succeeded. Here's a snip of the log with the succeeded connection. -- ----- Chris Wood cwood at xmission.com ------------------ From martin.schulz at myrealbox.com Sat Feb 17 15:10:35 2001 From: martin.schulz at myrealbox.com (Schulz) Date: Sat, 17 Feb 2001 16:10:35 -0500 Subject: [pptp-server] client pptp-linux-1.0.2 + pppd-mppe-2.3.11 CLP ProtRej problem Message-ID: <01C098FC.2C71A600.martin.schulz@myrealbox.com> No, it's random. I was wondering whether non-stateless encryption was my problem, but I wouldn't even know how to change that. Martin -----Original Message----- From: Santtu Hyrkko [SMTP:santtu.hyrkko at hut.fi] Sent: February 17, 2001 11:57 AM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] client pptp-linux-1.0.2 + pppd-mppe-2.3.11 CLP ProtRej problem schulz writes: > Feb 16 22:10:30 minou pppd[786]: Protocol-Reject for unsupported > protocol 0xc2a3 Is this protocol number always the same? -- Santtu Hyrkko _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From jvonau at home.com Sat Feb 17 15:27:01 2001 From: jvonau at home.com (Jerry Vonau) Date: Sat, 17 Feb 2001 15:27:01 -0600 Subject: [pptp-server] client pptp-linux-1.0.2 + pppd-mppe-2.3.11 CLP ProtRej problem References: <01C098FC.2C71A600.martin.schulz@myrealbox.com> Message-ID: <3A8EECA5.E210DAF4@home.com> Schulz: add to the options file for the vpn: mppe-stateless What else do you have in the options file? Jerry Vonau Schulz wrote: > No, it's random. > I was wondering whether non-stateless encryption was my problem, but I wouldn't even know how to change that. > > Martin > > -----Original Message----- > From: Santtu Hyrkko [SMTP:santtu.hyrkko at hut.fi] > Sent: February 17, 2001 11:57 AM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] client pptp-linux-1.0.2 + pppd-mppe-2.3.11 CLP ProtRej problem > > schulz writes: > > > Feb 16 22:10:30 minou pppd[786]: Protocol-Reject for unsupported > > protocol 0xc2a3 > > Is this protocol number always the same? > > -- > Santtu Hyrkko > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From neale at lowendale.com.au Sat Feb 17 21:25:18 2001 From: neale at lowendale.com.au (Neale Banks) Date: Sun, 18 Feb 2001 14:25:18 +1100 (EST) Subject: [pptp-server] Ok with pppd 2.3.8, problems with pppd 2.3.11 In-Reply-To: <3A8E8FC4.7056CCCC@fatamorgana.com> Message-ID: On Sat, 17 Feb 2001, Roberto Arcomano wrote: > Hi all, > I have a little problem with my pptpd Linux client connecting with a NT > server. > If I use: > RedHat 6.2, Kernel 2.2.16, pppd 2.3.8 (patched) all is ok > but when I try with > RedHat 7.0, Kernel 2.4.0, pppd 2.3.11 (patched) I receive a problem like > this (from my syslog): [...] > Feb 17 15:03:19 berto pppd[3305]: Peer is not authorized to use remote > address 212.31.242.99 > Feb 17 15:03:19 berto pppd[3305]: ipcp: down > Feb 17 15:03:19 berto pppd[3305]: sent [IPCP TermReq id=0x3 > "Unauthorized remote IP address"] [...] > > In my /var/log/messages I can see : Peer is not authorized to use remote > address 212.31.242.99 This message can appear if you aren't passing "noauth" to the ppp that's calling out (otherwise ppp will require the pptp server to authenticate itself). IIRC, also check (no)ipdefault. > I don't know why, I patched my pppd 2.3.11 with 2 patches available..... > > I need to patch my 2.4.0 kernel? I tried it but then I cannot compile it > cause source tell me there is a problem in pppoe module. > I saw that when I typed "make kernel" in pppd.2.3.11 patched I view that > it cannot overwrite 3-4 source files cause they are older than original > ones. I have to write them anyway? Urghh... this suggests to me that when you solve the first problem you may meet a new one :-( Regards, Neale. From alex at milton.king.net.nz Sat Feb 17 21:41:03 2001 From: alex at milton.king.net.nz (Alex King) Date: Sun, 18 Feb 2001 16:41:03 +1300 Subject: [pptp-server] Error 619 with W2k In-Reply-To: ; from cwood@wencor.com on Sat, Feb 17, 2001 at 11:20:46AM -0700 References: Message-ID: <20010218164103.B480@milton.king.net.nz> Try turning debug on in your ppp options. Try sshing to your server before you open the pptp connection and running tcpdump to see what packets are flowing (or not). Is one of the providers blocking GRE packets? On Sat, Feb 17, 2001 at 11:20:46AM -0700, Chris Wood wrote: > > Feb 17 04:05:52 gateway -- MARK -- > Feb 17 04:09:10 gateway pppd[7345]: pppd 2.3.11 started by root, uid 0 > Feb 17 04:09:10 gateway pppd[7345]: Using interface ppp0 > Feb 17 04:09:10 gateway pppd[7345]: Connect: ppp0 <--> /dev/pts/1 > Feb 17 04:09:40 gateway pppd[7345]: LCP: timeout sending Config-Requests > Feb 17 04:09:40 gateway pppd[7345]: Connection terminated. > Feb 17 04:09:40 gateway pppd[7345]: Exit. > Feb 17 04:18:49 gateway pppd[7366]: pppd 2.3.11 started by root, uid 0 > Feb 17 04:18:49 gateway pppd[7366]: Using interface ppp0 > Feb 17 04:18:49 gateway pppd[7366]: Connect: ppp0 <--> /dev/pts/1 > Feb 17 04:18:51 gateway pppd[7366]: MSCHAP-v2 peer authentication > succeeded for cwood > Feb 17 04:18:52 gateway pppd[7366]: found interface eth1 for proxy arp > Feb 17 04:18:52 gateway pppd[7366]: local IP address 172.16.59.234 > Feb 17 04:18:52 gateway pppd[7366]: remote IP address 172.16.59.239 > Feb 17 04:18:58 gateway pppd[7366]: MPPE 128 bit, stateless compression > enabled > Feb 17 04:18:58 gateway pppd[7366]: MPPE 128 bit, stateless compression > enabled > > A few minutes after I sent the email, I tried connected and > succeeded. Here's a snip of the log with the succeeded connection. > > -- > > ----- > Chris Wood > cwood at xmission.com > ------------------ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From berzerke at swbell.net Sun Feb 18 02:20:07 2001 From: berzerke at swbell.net (robert) Date: Sun, 18 Feb 2001 02:20:07 -0600 Subject: [pptp-server] Howto for 2.4 kernels Message-ID: <01021802200709.11968@linux> I've put together the first draft (version 0.1) of a HOWTO for pptpd and linux kernels 2.4. It can be found at http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt now and hopefully soon at http://poptop.lineo.com. I welcome comments, suggestions, and criticisms. From strohmeyerd at hotmail.com Sun Feb 18 08:55:39 2001 From: strohmeyerd at hotmail.com (David Strohmeyer) Date: Sun, 18 Feb 2001 07:55:39 -0700 Subject: [pptp-server] Connection problems with a 645 error. Message-ID: All I have been using this set up for about 6 months. Everything has be running fine. Last night this started. Every time some tries to connect this is the sequence that starts and then after a few minutes you will get a 645 error( on the windows client). Any ideas on what happened?? I have enclosed a connection session that fails. thanks David Strohmeyer Using interface ppp0 Connect: ppp0 <--> /dev/pts/0 sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077660 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077660 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077660 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077660 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077660 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077660 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077660 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077660 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077660 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077660 in 3 seconds. Modem hangup Untimeout 0x8050164:0x8077660. Connection terminated. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com From berzerke at swbell.net Sun Feb 18 12:52:45 2001 From: berzerke at swbell.net (robert) Date: Sun, 18 Feb 2001 12:52:45 -0600 Subject: [pptp-server] PPTPD Howto for 2.4 kernels Message-ID: <01021812522801.31759@linux> The second draft (version 0.2) of a HOWTO for pptpd and linux kernels 2.4 is "complete". ?It can be found at http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt?now and hopefully soon at http://poptop.lineo.com. ?I welcome comments, suggestions, and criticisms. From marte at xmn-berlin.de Mon Feb 19 02:14:12 2001 From: marte at xmn-berlin.de (Martin Tettke) Date: Mon, 19 Feb 2001 09:14:12 +0100 Subject: [pptp-server] Fixed IPs using PoPToP Message-ID: <200102190914120306.23F5E0A6@orion.xmn-berlin.de> Hi ! Is there any possibility to establish a static username <=> IP mapping ? We have about 20 user using the VPN-Server; they should all have different permisions on our firewall, which is only possible, if they all have an own IP. Any suggestions ? Excuse my bad english ... Martin From linux at inside-gmbh.com Mon Feb 19 02:38:24 2001 From: linux at inside-gmbh.com (Martin Tettke) Date: Mon, 19 Feb 2001 09:38:24 +0100 Subject: [pptp-server] Fixed IPs using PoPToP References: <200102190914120306.23F5E0A6@orion.xmn-berlin.de> Message-ID: <200102190938240056.240C078C@mail.inside-gmbh.com> Hi ! Is there any possibility to establish a static username <=> IP mapping ? We have about 20 user using the VPN-Server; they should all have different permisions on our firewall, which is only possible, if they all have an own IP. Any suggestions ? Excuse my bad english ... Martin From SEJ at pallas.dk Mon Feb 19 02:45:00 2001 From: SEJ at pallas.dk (=?iso-8859-1?Q?Svend_Erik_H=2E_J=F8rgensen?=) Date: Mon, 19 Feb 2001 09:45:00 +0100 Subject: [pptp-server] Fixed IPs using PoPToP Message-ID: From cwood at wencor.com Mon Feb 19 11:52:38 2001 From: cwood at wencor.com (Chris Wood) Date: Mon, 19 Feb 2001 10:52:38 -0700 (Mountain Standard Time) Subject: [pptp-server] Debian pptp package? Message-ID: I noticed that Debian has the pptp package now. Does anyone know what level of encryption it uses? I know some of the patches I applied were to ppp itself. Life would be simpler if I could use the Debian package and dselect, since last time I ran dselect it updated my ppp which broke my pptp setup. -- -=-=-=-=-=- Chris Wood Kitco, Inc. Dixie Aerospace 801-489-2097 Wencor West, Inc. Durham Aircraft Serv. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From admin at pmcipa.com Mon Feb 19 12:45:07 2001 From: admin at pmcipa.com (Eric Robinson) Date: Mon, 19 Feb 2001 10:45:07 -0800 Subject: [pptp-server] Brain-dead List Instructions Message-ID: <21B377B36413D311861C0004ACB8854A08D091@www.pmcipa.com> I would like to unsubscribe from this list. According to the instructions at http://lists.schulte.org/mailman/listinfo/pptp-server: "You can unsubscribe from this list at any time. Just open a web browser and point it at http://lists.schulte.org/mailman/listinfo/pptp-server." This is utterly useless information. Check it out and you'll see what I mean. Someone please tell me how to unsubscribe from this list. My apologies for the intrusion. Thanks, --Eric From kenny at digitalrebel.org Mon Feb 19 12:44:52 2001 From: kenny at digitalrebel.org (Kenneth E. Lussier) Date: Mon, 19 Feb 2001 13:44:52 -0500 Subject: [pptp-server] Brain-dead List Instructions References: <21B377B36413D311861C0004ACB8854A08D091@www.pmcipa.com> Message-ID: <3A9169A4.8C33A2E2@digitalrebel.org> Why is this brain-dead and useless? If you read the page, you will see at the bottom: "To change your subscription (set options like digest and delivery modes, get a reminder of your password, or unsubscribe from pptp-server), enter your subscription email address:" FYI, Kenny Eric Robinson wrote: > > I would like to unsubscribe from this list. According to the instructions at > http://lists.schulte.org/mailman/listinfo/pptp-server: > > "You can unsubscribe from this list at any time. Just open a web browser > and point it at http://lists.schulte.org/mailman/listinfo/pptp-server." > > This is utterly useless information. Check it out and you'll see what I > mean. > > Someone please tell me how to unsubscribe from this list. > > My apologies for the intrusion. > > Thanks, > > --Eric > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From christopher at schulte.org Mon Feb 19 12:56:46 2001 From: christopher at schulte.org (Christopher Schulte) Date: Mon, 19 Feb 2001 12:56:46 -0600 Subject: [pptp-server] HOW TO UNSUBSCRIBE FROM THIS LIST Message-ID: <5.0.2.1.2.20010219124213.02ae44b0@pop.schulte.org> This is a general message to anyone who wants to unsubscribe from this list. It's very very very easy, providing you can follow a few simple instructions. Open the following page in your web browser: http://lists.schulte.org/mailman/listinfo/pptp-server At bottom of page, where it says 'edit options', enter your email address and hit the 'edit options' button. Then enter your password and hit unsubscribe. That's it. Is that too difficult? I don't think so. HINT: Remember to enter the email address you **subscribed to the list** with. HINT2: You may need to have your password emailed to you from the options page. admin at pmcipa.com wrote: >I would like to unsubscribe from this list. According to the instructions >at http://lists.schulte.org/mailman/listinfo/pptp-server: "You can >unsubscribe from this list at any time. Just open a web browser and point >it at http://lists.schulte.org/mailman/listinfo/pptp-server." This is >utterly useless information. Check it out and you'll see what I mean. >Someone please tell me how to unsubscribe from this list. My apologies for >the intrusion. Thanks, --Eric -- Christopher Schulte 'now you know, this is what it feels like' - NIN From admin at pmcipa.com Mon Feb 19 13:08:39 2001 From: admin at pmcipa.com (Eric Robinson) Date: Mon, 19 Feb 2001 11:08:39 -0800 Subject: [pptp-server] Brain-dead List Instructions Message-ID: <21B377B36413D311861C0004ACB8854A08D096@www.pmcipa.com> Thanks for the info. I didn't see that section at the bottom of the page. That was stupid on my part; you'll get no argument from me. However, when no one replied to my first request for information more than a week ago, I decided to get a little uppity in my most recent message. It was a play on human nature. I gambled that sometimes folks who will not take a moment to answer a straightforward question will jump at the chance to demonstrate someone else's stupidity. Looks like I was right. :-) --Eric -----Original Message----- From: Kenneth E. Lussier [mailto:kenny at digitalrebel.org] Sent: Monday, February 19, 2001 10:45 AM To: Eric Robinson Cc: 'pptp-server at lists.schulte.org' Subject: Re: [pptp-server] Brain-dead List Instructions Why is this brain-dead and useless? If you read the page, you will see at the bottom: "To change your subscription (set options like digest and delivery modes, get a reminder of your password, or unsubscribe from pptp-server), enter your subscription email address:" FYI, Kenny Eric Robinson wrote: > > I would like to unsubscribe from this list. According to the instructions at > http://lists.schulte.org/mailman/listinfo/pptp-server: > > "You can unsubscribe from this list at any time. Just open a web browser > and point it at http://lists.schulte.org/mailman/listinfo/pptp-server." > > This is utterly useless information. Check it out and you'll see what I > mean. > > Someone please tell me how to unsubscribe from this list. > > My apologies for the intrusion. > > Thanks, > > --Eric > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From admin at pmcipa.com Mon Feb 19 13:20:34 2001 From: admin at pmcipa.com (Eric Robinson) Date: Mon, 19 Feb 2001 11:20:34 -0800 Subject: [pptp-server] Brain-dead List Instructions Message-ID: <21B377B36413D311861C0004ACB8854A08D097@www.pmcipa.com> Like I said in message to the list a moment ago, it was stupid of me not to read the bottom of the page more carefully. On the other hand, wouldn't it be better for the instructions to read, "...see the instructions below" rather than, "...just point your browser" to the page you're already reading? Bye now... -----Original Message----- From: Jamin Collins [mailto:JaminC at adapt-tele.com] Sent: Monday, February 19, 2001 11:04 AM To: 'Eric Robinson'; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] Brain-dead List Instructions Really? Did you bother to read the entire page? "To change your subscription (set options like digest and delivery modes, get a reminder of your password, or unsubscribe from pptp-server), enter your subscription email address:" You will find the above quote at the very bottom of the page. I could be wrong, but it does appear to be what you are looking for. Jamin W. Collins -----Original Message----- From: Eric Robinson [mailto:admin at pmcipa.com] Sent: Monday, February 19, 2001 12:45 PM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] Brain-dead List Instructions I would like to unsubscribe from this list. According to the instructions at http://lists.schulte.org/mailman/listinfo/pptp-server: "You can unsubscribe from this list at any time. Just open a web browser and point it at http://lists.schulte.org/mailman/listinfo/pptp-server." This is utterly useless information. Check it out and you'll see what I mean. Someone please tell me how to unsubscribe from this list. My apologies for the intrusion. Thanks, --Eric _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From JaminC at adapt-tele.com Mon Feb 19 13:04:16 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Mon, 19 Feb 2001 13:04:16 -0600 Subject: [pptp-server] Brain-dead List Instructions Message-ID: Really? Did you bother to read the entire page? "To change your subscription (set options like digest and delivery modes, get a reminder of your password, or unsubscribe from pptp-server), enter your subscription email address:" You will find the above quote at the very bottom of the page. I could be wrong, but it does appear to be what you are looking for. Jamin W. Collins -----Original Message----- From: Eric Robinson [mailto:admin at pmcipa.com] Sent: Monday, February 19, 2001 12:45 PM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] Brain-dead List Instructions I would like to unsubscribe from this list. According to the instructions at http://lists.schulte.org/mailman/listinfo/pptp-server: "You can unsubscribe from this list at any time. Just open a web browser and point it at http://lists.schulte.org/mailman/listinfo/pptp-server." This is utterly useless information. Check it out and you'll see what I mean. Someone please tell me how to unsubscribe from this list. My apologies for the intrusion. Thanks, --Eric _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From giulioo at pobox.com Mon Feb 19 14:31:11 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Mon, 19 Feb 2001 21:31:11 +0100 Subject: [pptp-server] Fixed IPs using PoPToP In-Reply-To: References: Message-ID: <20010219203129.1C801163D6@i3.golden.dom> On Mon, 19 Feb 2001 09:45:00 +0100, you wrote: >4.2 How can I assign IP addresses based on user names? > Configure PoPToP with the command: > ./configure --with-pppd-ip-alloc > > Then build and install PoPToP as usual. List the IP addresses as > the last parameter on each chap-secrets line. For example: > > tom * toms-pw 192.168.1.40 > dick * dicks-pw 192.168.1.41 > harry * harrys-pw 192.168.1.42 Will the above assign tom 192.168.1.40, or just allow tom to use 192.168.1.40? I made a quick test, and I had to specify the ip in the dial-up networking properties, because pppd would not assign me the ip associated to my login automatically. pppd docs seem to suggest that field is for the ip the user is "allowed" to use; is there some pptpd magic that should "assign" the ip? -- giulioo at pobox.com From Steve at SteveCowles.com Mon Feb 19 16:30:22 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 19 Feb 2001 16:30:22 -0600 Subject: [pptp-server] Fixed IPs using PoPToP Message-ID: <90769AF04F76D41186C700A0C90AFC3EE66E@defiant.infohiiway.com> > -----Original Message----- > From: Giulio Orsero [mailto:giulioo at pobox.com] > Sent: Monday, February 19, 2001 2:31 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Fixed IPs using PoPToP > > > On Mon, 19 Feb 2001 09:45:00 +0100, you wrote: > > > 4.2 How can I assign IP addresses based on user names? > > Configure PoPToP with the command: > > ./configure --with-pppd-ip-alloc > > > > Then build and install PoPToP as usual. List the IP > > addresses as the last parameter on each chap-secrets > > line. For example: > > > > tom * toms-pw 192.168.1.40 > > dick * dicks-pw 192.168.1.41 > > harry * harrys-pw 192.168.1.42 > > Will the above assign tom 192.168.1.40, or just allow tom to use > 192.168.1.40? > > I made a quick test, and I had to specify the ip in the dial-up > networking properties, because pppd would not assign me the ip > associated to my login automatically. pppd docs seem to suggest > that field is for the ip the user is "allowed" to use; is there > some pptpd magic that should "assign" the ip? The only "magic" I'm aware of is to only specify the localip in /etc/pptpd.conf. I commented the remoteip line. (see below) At least the following worked for me. FYI: 192.168.9.3 is also the ip address of my PPTP servers eth0 interface. I am also using pptp-1.1.2 Steve Cowles ####### /etc/pptpd.conf ######## localip 192.168.9.3 # remoteip 192.168.9.100-105 ###### /etc/ppp/chap-secrets ######### # Secrets for authentication using CHAP # client server secret IP addresses scowles voyager password 192.168.9.107 pcowles voyager password 192.168.9.108 ###### /etc/ppp/options ######### lock auth mru 1450 mtu 1450 name voyager domain mydomain.com ms-dns 192.168.9.3 ms-dns 192.168.9.2 ms-wins 192.168.9.2 require-chap +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp I'm using W2K as the PPTP client and changing the username/password on each connect. PPTP client's TCP/IP settings are configured to: Obtain an IP address automatically ########## /var/log/messages ############### Feb 19 16:14:29 voyager pppd[30016]: MSCHAP-v2 peer authentication succeeded for scowles Feb 19 16:14:29 voyager pppd[30016]: found interface eth0 for proxy arp Feb 19 16:14:29 voyager pppd[30016]: local IP address 192.168.9.3 Feb 19 16:14:29 voyager pppd[30016]: remote IP address 192.168.9.107 ########## /var/log/messages ############### Feb 19 16:15:07 voyager pppd[30045]: MSCHAP-v2 peer authentication succeeded for pcowles Feb 19 16:15:07 voyager pppd[30045]: found interface eth0 for proxy arp Feb 19 16:15:07 voyager pppd[30045]: local IP address 192.168.9.3 Feb 19 16:15:07 voyager pppd[30045]: remote IP address 192.168.9.108 ########## /var/log/messages ############### Feb 19 16:28:55 voyager pppd[32008]: MSCHAP-v2 peer authentication succeeded for scowles Feb 19 16:28:55 voyager pppd[32008]: found interface eth0 for proxy arp Feb 19 16:28:55 voyager pppd[32008]: local IP address 192.168.9.3 Feb 19 16:28:55 voyager pppd[32008]: remote IP address 192.168.9.107 From neale at lowendale.com.au Mon Feb 19 18:36:07 2001 From: neale at lowendale.com.au (Neale Banks) Date: Tue, 20 Feb 2001 11:36:07 +1100 (EST) Subject: [pptp-server] Debian pptp package? In-Reply-To: Message-ID: On Mon, 19 Feb 2001, Chris Wood wrote: > I noticed that Debian has the pptp package now. Does anyone know what > level of encryption it uses? I know some of the patches I applied were to > ppp itself. Life would be simpler if I could use the Debian package and > dselect, since last time I ran dselect it updated my ppp which broke my > pptp setup. As someone who has dabbled around the edges of these kind of issues, some random thoughts which may help (and apologies if you know this already): * rebuilding a Debian packages from the sources is near-trivial, naturally the package you rebuild can be patched and/or built with different options from the "official" (change the pkg version# by adding an entry at the top of debian/changelog). * obviously the encryption is in ppp itself. In the first instance you might want to patch and rebuild the Debian pppd package as AFAIK there is no encryption at all in the pppd in "main" and no pppd in "non-US". * if the pptp package was built with options that don't suit, grab the source, edit the build options and rebuild. Similarly if you are running say "stable" but want a later version check if it's in "testing" or "unstable" and if so often you can grab those sources and rebuild on and for your platform (one gotcha is if the later package depends on libs that aren't in "stable", but I don't expect that will apply here. * to stop dselect upgrading custom package, just put it on hold ("="). One caution: going down these paths means you re generally stepping outside the safety net of the security updates that appear for "stable" - this is not a problem so long as you keep vigilant about the security alerts that are appearing. HTH, Neale. From dschoi at superstar.co.kr Mon Feb 19 23:41:13 2001 From: dschoi at superstar.co.kr (DaeSooChoi) Date: Tue, 20 Feb 2001 14:41:13 +0900 Subject: [pptp-server] After pptp established, I cannot capture GRE packet. Message-ID: Hi. I don't understand my PPTP connection. My ISP filters pptp packets (protocol# 47 GRE) pass from remote user(MS clients) to PoPToP Server like below. W98se client <--- dial-up ---> (through)ISP <------------internet------------> Linux PoPToP server filterd protocol #47(pptp packet) so I make up small test-bed like below without filtering any packet. W98se VPN client <---- dial-up ----------> W2K RAS server <--------local network -----> Linux PoPToP server first connect <----dial-up-connection --> second connect <------------------pptp connection through RAS server------------------------------>A (pptp connection established successfully) But I cannot understand encrypted turnelling process because of un-encrypted packet captured. I captered some packet pass through W98se client to Linux PoPToP server. I think that first some packet is tcp packet because this is PPTP control connection packet. also after connection, any other packets are GRE(protopol # 47) packet perfectly because turneling is established. but my captured packet is not. Almost packets are non-GRE packet as soon as turnelling is established. I cannot understand this situation. I would like to understand how GRE packets can pass through turnelling. and another question here in PoPToP server log file (/var/log/pptpd.log) when pptp connection is created, log file display below "Feb 20 10:54:20 kikio pppd[2502]: MPPE 40 bit, stateless compression enabled" I would like to know how to upgrade MPPE 56bit or 128bit. and related problem. Any help appreciated. From giulioo at pobox.com Tue Feb 20 03:45:43 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Tue, 20 Feb 2001 10:45:43 +0100 Subject: [pptp-server] Fixed IPs using PoPToP In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE66E@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EE66E@defiant.infohiiway.com> Message-ID: <20010220094603.8438E163A2@i3.golden.dom> On Mon, 19 Feb 2001 16:30:22 -0600, you wrote: >At least the following worked for me. FYI: 192.168.9.3 is also the ip >address of my PPTP servers eth0 interface. I am also using pptp-1.1.2 >###### /etc/ppp/chap-secrets ######### ># Secrets for authentication using CHAP ># client server secret IP addresses >scowles voyager password 192.168.9.107 Ok, my bad :) I had a misconfigured chap-secrets, because I just added the ip at the end and forget to take out the *, so that the ip was the 5th field tom * secret * ip.address instead of tom * secret ip.address Now it's working for me too. Thanks. -- giulioo at pobox.com From toma at rulez.org Tue Feb 20 09:28:25 2001 From: toma at rulez.org (Tamas SZERB) Date: Tue, 20 Feb 2001 16:28:25 +0100 (CET) Subject: [pptp-server] Debian pptp package? In-Reply-To: Message-ID: On Mon, 19 Feb 2001, Chris Wood wrote: > > I noticed that Debian has the pptp package now. Does anyone know what > level of encryption it uses? I know some of the patches I applied were to > ppp itself. Life would be simpler if I could use the Debian package and > dselect, since last time I ran dselect it updated my ppp which broke my > pptp setup. no, it has no mppe patch to the pppd -- the ppp makes the encryption itself. but you can download the debian source package eg. with the ``apt-get source pptp'' command, and you'll need some other packages such as fakeroot and debhelper, and the you can ``fakeroot debian/rules binary'' use to create the package from the unpacked source tree. at last, you need: ``echo pppd hold|dpkg --set-selection'' to not upgrade the this modified pppd (now with mppe encryption) - but be careful and keep tracking the bugs and security exploits, and etc. -- VWOL Tamas SZERB GPG public key: http://alabama.rulez.org/~toma/gpgkey-toma.asc From ralphw at cnet.com Tue Feb 20 10:04:05 2001 From: ralphw at cnet.com (Ralph Winslow) Date: Tue, 20 Feb 2001 11:04:05 -0500 (EST) Subject: [pptp-server] Debian pptp package? In-Reply-To: Message-ID: On Tue, 20 Feb 2001, Tamas SZERB wrote: On my libranet distribution, I get root at rjw# apt-get source pptp Reading Package Lists... Done Building Dependency Tree... Done E: Unable to find a source package for pptp Mayhap this is because I'm mainly potato? In any case, thanks for the info for when it HAS arrived in my local dist. > Date: Tue, 20 Feb 2001 16:28:25 +0100 (CET) > From: Tamas SZERB > To: Chris Wood > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Debian pptp package? > > On Mon, 19 Feb 2001, Chris Wood wrote: > > > > > I noticed that Debian has the pptp package now. Does anyone know what > > level of encryption it uses? I know some of the patches I applied were to > > ppp itself. Life would be simpler if I could use the Debian package and > > dselect, since last time I ran dselect it updated my ppp which broke my > > pptp setup. > > no, it has no mppe patch to the pppd -- the ppp makes the encryption > itself. > > but you can download the debian source package eg. with the ``apt-get > source pptp'' command, and you'll need some other packages such as > fakeroot and debhelper, and the you can ``fakeroot debian/rules binary'' > use to create the package from the unpacked source tree. > > at last, you need: > > ``echo pppd hold|dpkg --set-selection'' to not upgrade the this modified > pppd (now with mppe encryption) - but be careful and keep tracking the > bugs and security exploits, and etc. > > -- > VWOL > Tamas SZERB > GPG public key: http://alabama.rulez.org/~toma/gpgkey-toma.asc > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > ---- Ralph Winslow Operations/Support/Tools (908)575-8567 x276 From toma at rulez.org Tue Feb 20 10:30:11 2001 From: toma at rulez.org (Tamas SZERB) Date: Tue, 20 Feb 2001 17:30:11 +0100 (CET) Subject: [pptp-server] Debian pptp package? In-Reply-To: Message-ID: On Tue, 20 Feb 2001, Ralph Winslow wrote: > On Tue, 20 Feb 2001, Tamas SZERB wrote: > > On my libranet distribution, I get > > root at rjw# apt-get source pptp > Reading Package Lists... Done > Building Dependency Tree... Done > E: Unable to find a source package for pptp use that: deb-src http://ftp.at.debian.org/debian/ unstable main non-free contrib deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free and sorry, i wanted to write apt-get source pppd because the pppd DOES the encryption not the pptpd. you need apply the mppe to the pppd > > Mayhap this is because I'm mainly potato? In any case, thanks for the info > for when it HAS arrived in my local dist. > > > Date: Tue, 20 Feb 2001 16:28:25 +0100 (CET) > > From: Tamas SZERB > > To: Chris Wood > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] Debian pptp package? > > > > On Mon, 19 Feb 2001, Chris Wood wrote: > > > > > > > > I noticed that Debian has the pptp package now. Does anyone know what > > > level of encryption it uses? I know some of the patches I applied were to > > > ppp itself. Life would be simpler if I could use the Debian package and > > > dselect, since last time I ran dselect it updated my ppp which broke my > > > pptp setup. > > > > no, it has no mppe patch to the pppd -- the ppp makes the encryption > > itself. > > > > but you can download the debian source package eg. with the ``apt-get > > source pptp'' command, and you'll need some other packages such as > > fakeroot and debhelper, and the you can ``fakeroot debian/rules binary'' > > use to create the package from the unpacked source tree. > > > > at last, you need: > > > > ``echo pppd hold|dpkg --set-selection'' to not upgrade the this modified > > pppd (now with mppe encryption) - but be careful and keep tracking the > > bugs and security exploits, and etc. > > > > -- > > VWOL > > Tamas SZERB > > GPG public key: http://alabama.rulez.org/~toma/gpgkey-toma.asc > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > ---- > Ralph Winslow Operations/Support/Tools > (908)575-8567 x276 > -- VWOL Tamas SZERB GPG public key: http://alabama.rulez.org/~toma/gpgkey-toma.asc From ralphw at cnet.com Tue Feb 20 10:57:46 2001 From: ralphw at cnet.com (Ralph Winslow) Date: Tue, 20 Feb 2001 11:57:46 -0500 (EST) Subject: [pptp-server] Debian pptp package? In-Reply-To: Message-ID: On Tue, 20 Feb 2001, Tamas SZERB wrote: I added "deb-src http://ftp.at.debian.org/debian/ unstable main non-free contrib deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free" to /etc/apt/sources.list and after the apt-get update, saw Ign http://ftp.at.debian.org unstable/main Release Get:12 http://ftp.at.debian.org unstable/non-free Sources [30.6kB] Ign http://ftp.at.debian.org unstable/non-free Release Get:13 http://ftp.at.debian.org unstable/contrib Sources [17.0kB] Ign http://ftp.at.debian.org unstable/contrib Release Fetched 576kB in 3m26s (2790B/s) Reading Package Lists... Done Building Dependency Tree... Done Press any key to continue [: to enter more ex commands]: :!apt-get source pptp Reading Package Lists... Done Building Dependency Tree... Done E: Unable to find a source package for pptp apt-get source pptp: exited with status 100 :!apt-get source pppd Reading Package Lists... Done Building Dependency Tree... Done E: Unable to find a source package for pppd apt-get source pppd: exited with status 100 > Date: Tue, 20 Feb 2001 17:30:11 +0100 (CET) > From: Tamas SZERB > To: Ralph Winslow > Cc: Chris Wood , pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Debian pptp package? > > On Tue, 20 Feb 2001, Ralph Winslow wrote: > > > On Tue, 20 Feb 2001, Tamas SZERB wrote: > > > > On my libranet distribution, I get > > > > root at rjw# apt-get source pptp > > Reading Package Lists... Done > > Building Dependency Tree... Done > > E: Unable to find a source package for pptp > > use that: > > deb-src http://ftp.at.debian.org/debian/ unstable main non-free contrib > deb-src http://non-us.debian.org/debian-non-US unstable/non-US main > contrib non-free > > and sorry, i wanted to write apt-get source pppd because the pppd DOES the > encryption not the pptpd. you need apply the mppe to the pppd > > > > > Mayhap this is because I'm mainly potato? In any case, thanks for the info > > for when it HAS arrived in my local dist. > > > > > Date: Tue, 20 Feb 2001 16:28:25 +0100 (CET) > > > From: Tamas SZERB > > > To: Chris Wood > > > Cc: pptp-server at lists.schulte.org > > > Subject: Re: [pptp-server] Debian pptp package? > > > > > > On Mon, 19 Feb 2001, Chris Wood wrote: > > > > > > > > > > > I noticed that Debian has the pptp package now. Does anyone know what > > > > level of encryption it uses? I know some of the patches I applied were to > > > > ppp itself. Life would be simpler if I could use the Debian package and > > > > dselect, since last time I ran dselect it updated my ppp which broke my > > > > pptp setup. > > > > > > no, it has no mppe patch to the pppd -- the ppp makes the encryption > > > itself. > > > > > > but you can download the debian source package eg. with the ``apt-get > > > source pptp'' command, and you'll need some other packages such as > > > fakeroot and debhelper, and the you can ``fakeroot debian/rules binary'' > > > use to create the package from the unpacked source tree. > > > > > > at last, you need: > > > > > > ``echo pppd hold|dpkg --set-selection'' to not upgrade the this modified > > > pppd (now with mppe encryption) - but be careful and keep tracking the > > > bugs and security exploits, and etc. > > > > > > -- > > > VWOL > > > Tamas SZERB > > > GPG public key: http://alabama.rulez.org/~toma/gpgkey-toma.asc > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > ---- > > Ralph Winslow Operations/Support/Tools > > (908)575-8567 x276 > > > > -- > VWOL > Tamas SZERB > GPG public key: http://alabama.rulez.org/~toma/gpgkey-toma.asc > > ---- Ralph Winslow Operations/Support/Tools (908)575-8567 x276 From toma at rulez.org Tue Feb 20 12:17:00 2001 From: toma at rulez.org (Tamas SZERB) Date: Tue, 20 Feb 2001 19:17:00 +0100 (CET) Subject: [pptp-server] Debian pptp package? In-Reply-To: Message-ID: On Tue, 20 Feb 2001, Ralph Winslow wrote: then please find a good deb-src mirror near of you, and sake of god, apt-get source ppp ^^^ and for further info please use a common debian user forum. > On Tue, 20 Feb 2001, Tamas SZERB wrote: > > I added "deb-src http://ftp.at.debian.org/debian/ unstable main > non-free contrib > deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib > non-free" to /etc/apt/sources.list and after the apt-get update, saw > > Ign http://ftp.at.debian.org unstable/main Release > Get:12 http://ftp.at.debian.org unstable/non-free Sources [30.6kB] > Ign http://ftp.at.debian.org unstable/non-free Release > Get:13 http://ftp.at.debian.org unstable/contrib Sources [17.0kB] > Ign http://ftp.at.debian.org unstable/contrib Release > Fetched 576kB in 3m26s (2790B/s) > Reading Package Lists... Done > Building Dependency Tree... Done > Press any key to continue [: to enter more ex commands]: > :!apt-get source pptp > Reading Package Lists... Done > Building Dependency Tree... Done > E: Unable to find a source package for pptp > apt-get source pptp: exited with status 100 > :!apt-get source pppd > Reading Package Lists... Done > Building Dependency Tree... Done > E: Unable to find a source package for pppd > apt-get source pppd: exited with status 100 > > > Date: Tue, 20 Feb 2001 17:30:11 +0100 (CET) > > From: Tamas SZERB > > To: Ralph Winslow > > Cc: Chris Wood , pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] Debian pptp package? > > > > On Tue, 20 Feb 2001, Ralph Winslow wrote: > > > > > On Tue, 20 Feb 2001, Tamas SZERB wrote: > > > > > > On my libranet distribution, I get > > > > > > root at rjw# apt-get source pptp > > > Reading Package Lists... Done > > > Building Dependency Tree... Done > > > E: Unable to find a source package for pptp > > > > use that: > > > > deb-src http://ftp.at.debian.org/debian/ unstable main non-free contrib > > deb-src http://non-us.debian.org/debian-non-US unstable/non-US main > contrib non-free > > > > and sorry, i wanted to write apt-get source pppd because the pppd DOES the > > encryption not the pptpd. you need apply the mppe to the pppd > > > > > > > > Mayhap this is because I'm mainly potato? In any case, thanks for the info > > > for when it HAS arrived in my local dist. > > > > > > > Date: Tue, 20 Feb 2001 16:28:25 +0100 (CET) > > > > From: Tamas SZERB > > > > To: Chris Wood > > > > Cc: pptp-server at lists.schulte.org > > > > Subject: Re: [pptp-server] Debian pptp package? > > > > > > > > On Mon, 19 Feb 2001, Chris Wood wrote: > > > > > > > > > > > > > > I noticed that Debian has the pptp package now. Does anyone know what > > > > > level of encryption it uses? I know some of the patches I applied were to > > > > > ppp itself. Life would be simpler if I could use the Debian package and > > > > > dselect, since last time I ran dselect it updated my ppp which broke my > > > > > pptp setup. > > > > > > > > no, it has no mppe patch to the pppd -- the ppp makes the encryption > > > > itself. > > > > > > > > but you can download the debian source package eg. with the ``apt-get > > > > source pptp'' command, and you'll need some other packages such as > > > > fakeroot and debhelper, and the you can ``fakeroot debian/rules binary'' > > > > use to create the package from the unpacked source tree. > > > > > > > > at last, you need: > > > > > > > > ``echo pppd hold|dpkg --set-selection'' to not upgrade the this modified > > > > pppd (now with mppe encryption) - but be careful and keep tracking the > > > > bugs and security exploits, and etc. > > > > > > > > -- > > > > VWOL > > > > Tamas SZERB > > > > GPG public key: http://alabama.rulez.org/~toma/gpgkey-toma.asc > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > ---- > > > Ralph Winslow Operations/Support/Tools > > > (908)575-8567 x276 > > > > > > > -- > > VWOL > > Tamas SZERB > > GPG public key: http://alabama.rulez.org/~toma/gpgkey-toma.asc > > > > > > ---- > Ralph Winslow Operations/Support/Tools > (908)575-8567 x276 > -- VWOL Tamas SZERB GPG public key: http://alabama.rulez.org/~toma/gpgkey-toma.asc From mknappe at tyrolean.at Tue Feb 20 13:14:55 2001 From: mknappe at tyrolean.at (Michael Knappe) Date: Tue, 20 Feb 2001 20:14:55 +0100 Subject: [pptp-server] Maybe a simple problem, but I cant find out Message-ID: <001501c09b71$6a6138a0$9b04640a@tyrolean.at> Hi, I use pptpd version 1.0.0, pppd 2.3.11. Authentification seems to work, but it seems as if I dont get an ip adress. It tries for about 20 times and then it gives up. The problem stays the same no matter if I try it with Windows NT 4.0 or W2K. What am I doing wrong ?? Thank you, Michael This is my /etc/ppp/options.ppp0: lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name xxxx proxyarp This is /etc/pptpd.conf: speed 115200 option /etc/ppp/options.ppp0 debug localip 192.168.1.1 remoteip 192.168.1.2 I am using SuSE 7.0, Kernel Version 2.2.17. This is my messages file: Feb 20 20:53:51 inn16l kernel: PPP MPPE compression module registered Feb 20 20:53:51 inn16l pptpd[1291]: MGR: Manager process started Feb 20 20:53:55 inn16l pptpd[1291]: MGR: No free connection slots or IPs - no more clients can connect! Feb 20 20:53:55 inn16l pptpd[1292]: MGR: Launching /usr/sbin/pptpctrl to handle client Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: local address = 192.168.1.1 Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: remote address = 192.168.1.2 Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: pppd speed = 115200 Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: pppd options file = /etc/ppp/options.ppp0 Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: Client 10.100.5.127 control connection started Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: Received PPTP Control Message (type: 1) Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: Made a START CTRL CONN RPLY packet Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: I wrote 156 bytes to the client. Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: Sent packet to client Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: Received PPTP Control Message (type: 7) Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: Set parameters to 152 maxbps, 3 window size Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: Made a OUT CALL RPLY packet Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: Starting call (launching pppd, opening GRE) Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: pty_fd = 5 Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: tty_fd = 6 Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: I wrote 32 bytes to the client. Feb 20 20:53:55 inn16l pptpd[1293]: CTRL (PPPD Launcher): Connection speed = 115200 Feb 20 20:53:55 inn16l pptpd[1293]: CTRL (PPPD Launcher): local address = 192.168.1.1 Feb 20 20:53:55 inn16l pptpd[1293]: CTRL (PPPD Launcher): remote address = 192.168.1.2 Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: Sent packet to client Feb 20 20:53:55 inn16l pppd[1293]: pppd 2.3.11 started by root, uid 0 Feb 20 20:53:55 inn16l pppd[1293]: Using interface ppp0 Feb 20 20:53:55 inn16l pppd[1293]: Connect: ppp0 <--> /dev/pts/2 Feb 20 20:53:55 inn16l pppd[1293]: sent [LCP ConfReq id=0x1 ] Feb 20 20:53:55 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a580 in 3 seconds. Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: Received PPTP Control Message (type: 15) Feb 20 20:53:55 inn16l pptpd[1292]: CTRL: Got a SET LINK INFO packet with standard ACCMs Feb 20 20:53:55 inn16l pppd[1293]: rcvd [LCP ConfReq id=0x0 ] Feb 20 20:53:55 inn16l pppd[1293]: lcp_reqci: returning CONFACK. Feb 20 20:53:55 inn16l pppd[1293]: sent [LCP ConfAck id=0x0 ] Feb 20 20:53:58 inn16l pppd[1293]: sent [LCP ConfReq id=0x1 ] Feb 20 20:53:58 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a580 in 3 seconds. Feb 20 20:53:58 inn16l pppd[1293]: rcvd [LCP ConfNak id=0x1 ] Feb 20 20:53:58 inn16l pppd[1293]: Untimeout 0x8050ba0:0x807a580. Feb 20 20:53:58 inn16l pppd[1293]: sent [LCP ConfReq id=0x2 Feb 20 20:53:58 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a580 in 3 seconds. Feb 20 20:53:58 inn16l pppd[1293]: rcvd [LCP ConfAck id=0x2 Feb 20 20:53:58 inn16l pppd[1293]: Untimeout 0x8050ba0:0x807a580. Feb 20 20:53:58 inn16l pppd[1293]: sent [LCP EchoReq id=0x0 magic=0x320a16ac] Feb 20 20:53:58 inn16l pppd[1293]: Timeout 0x8053870:0x807a580 in 30 seconds. Feb 20 20:53:58 inn16l pppd[1293]: cbcp_lowerup Feb 20 20:53:58 inn16l pppd[1293]: want: 2 Feb 20 20:53:58 inn16l pppd[1293]: sent [CHAP Challenge id=0x1 <486f2ccaf52181bd>, name = "inn16l"] Feb 20 20:53:58 inn16l pppd[1293]: Timeout 0x8056b10:0x807a860 in 3 seconds. Feb 20 20:53:58 inn16l pptpd[1292]: CTRL: Received PPTP Control Message (type: 15) Feb 20 20:53:58 inn16l pptpd[1292]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Feb 20 20:53:58 inn16l pppd[1293]: rcvd [LCP EchoRep id=0x0 magic=0xb4a] Feb 20 20:53:58 inn16l pppd[1293]: rcvd [CHAP Response id=0x1 <1dafa2c3c4a63cd5e788f60be72362458043d20a72e110d57684622e341ab07b388496b62eb 0d5158 Feb 20 20:53:58 inn16l pppd[1293]: Untimeout 0x8056b10:0x807a860. Feb 20 20:53:58 inn16l pppd[1293]: ChapReceiveResponse: rcvd type MS-CHAP-V1 Feb 20 20:53:58 inn16l pppd[1293]: sent [CHAP Success id=0x1 "Welcome to inn16l."] Feb 20 20:53:58 inn16l pppd[1293]: cbcp_open Feb 20 20:53:58 inn16l pppd[1293]: sent [IPCP ConfReq id=0x1 ] Feb 20 20:53:58 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a7e0 in 3 seconds. Feb 20 20:53:58 inn16l pppd[1293]: sent [CCP ConfReq id=0x1 ] Feb 20 20:53:58 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a900 in 3 seconds. Feb 20 20:53:58 inn16l pppd[1293]: MSCHAP peer authentication succeeded for root Feb 20 20:54:01 inn16l pppd[1293]: sent [IPCP ConfReq id=0x1 ] Feb 20 20:54:01 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a7e0 in 3 seconds. Feb 20 20:54:01 inn16l pppd[1293]: sent [CCP ConfReq id=0x1 ] Feb 20 20:54:01 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a900 in 3 seconds. Feb 20 20:54:04 inn16l pppd[1293]: sent [IPCP ConfReq id=0x1 ] Feb 20 20:54:04 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a7e0 in 3 seconds. Feb 20 20:54:04 inn16l pppd[1293]: sent [CCP ConfReq id=0x1 ] Feb 20 20:54:04 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a900 in 3 seconds. Feb 20 20:54:07 inn16l pppd[1293]: sent [IPCP ConfReq id=0x1 ] Feb 20 20:54:07 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a7e0 in 3 seconds. Feb 20 20:54:07 inn16l pppd[1293]: sent [CCP ConfReq id=0x1 ] Feb 20 20:54:07 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a900 in 3 seconds. Feb 20 20:54:10 inn16l pppd[1293]: sent [IPCP ConfReq id=0x1 ] Feb 20 20:54:10 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a7e0 in 3 seconds. Feb 20 20:54:10 inn16l pppd[1293]: sent [CCP ConfReq id=0x1 ] Feb 20 20:54:10 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a900 in 3 seconds. Feb 20 20:54:13 inn16l pppd[1293]: sent [IPCP ConfReq id=0x1 ] Feb 20 20:54:13 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a7e0 in 3 seconds. Feb 20 20:54:13 inn16l pppd[1293]: sent [CCP ConfReq id=0x1 ] Feb 20 20:54:13 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a900 in 3 seconds. Feb 20 20:54:16 inn16l pppd[1293]: sent [IPCP ConfReq id=0x1 ] Feb 20 20:54:16 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a7e0 in 3 seconds. Feb 20 20:54:16 inn16l pppd[1293]: sent [CCP ConfReq id=0x1 ] Feb 20 20:54:16 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a900 in 3 seconds. Feb 20 20:54:19 inn16l pppd[1293]: sent [IPCP ConfReq id=0x1 ] Feb 20 20:54:19 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a7e0 in 3 seconds. Feb 20 20:54:19 inn16l pppd[1293]: sent [CCP ConfReq id=0x1 ] Feb 20 20:54:19 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a900 in 3 seconds. Feb 20 20:54:22 inn16l pppd[1293]: sent [IPCP ConfReq id=0x1 ] Feb 20 20:54:22 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a7e0 in 3 seconds. Feb 20 20:54:22 inn16l pppd[1293]: sent [CCP ConfReq id=0x1 ] Feb 20 20:54:22 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a900 in 3 seconds. Feb 20 20:54:25 inn16l pppd[1293]: sent [IPCP ConfReq id=0x1 ] Feb 20 20:54:25 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a7e0 in 3 seconds. Feb 20 20:54:25 inn16l pppd[1293]: sent [CCP ConfReq id=0x1 ] Feb 20 20:54:25 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a900 in 3 seconds. Feb 20 20:54:28 inn16l pppd[1293]: sent [LCP EchoReq id=0x1 magic=0x320a16ac] Feb 20 20:54:28 inn16l pppd[1293]: Timeout 0x8053870:0x807a580 in 30 seconds. Feb 20 20:54:28 inn16l pppd[1293]: rcvd [LCP EchoRep id=0x1 magic=0xb4a] Feb 20 20:54:28 inn16l pppd[1293]: IPCP: timeout sending Config-Requests Feb 20 20:54:28 inn16l pppd[1293]: Untimeout 0x8053870:0x807a580. Feb 20 20:54:28 inn16l pppd[1293]: cbcp_lowerdown Feb 20 20:54:28 inn16l pppd[1293]: Untimeout 0x8050ba0:0x807a900. Feb 20 20:54:28 inn16l pppd[1293]: sent [LCP TermReq id=0x3 "No network protocols running"] Feb 20 20:54:28 inn16l pppd[1293]: Timeout 0x8050ba0:0x807a580 in 3 seconds. Feb 20 20:54:28 inn16l pptpd[1292]: CTRL: Received PPTP Control Message (type: 15) Feb 20 20:54:28 inn16l pptpd[1292]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Feb 20 20:54:28 inn16l pppd[1293]: rcvd [LCP TermAck id=0x3] Feb 20 20:54:28 inn16l pppd[1293]: Untimeout 0x8050ba0:0x807a580. Feb 20 20:54:28 inn16l pppd[1293]: Connection terminated. Feb 20 20:54:28 inn16l pppd[1293]: Connect time 0.6 minutes. Feb 20 20:54:28 inn16l pppd[1293]: Sent 1111 bytes, received 240 bytes. Feb 20 20:54:28 inn16l pppd[1293]: Exit. Feb 20 20:54:28 inn16l pptpd[1292]: GRE: read(fd=5,buffer=804dac0,len=8196) from PTY failed: status = -1 error = Input/output error Feb 20 20:54:28 inn16l pptpd[1292]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Feb 20 20:54:28 inn16l pptpd[1292]: CTRL: Client 10.100.5.127 control connection finished Feb 20 20:54:28 inn16l pptpd[1292]: CTRL: Exiting now From musolino at pegasus.montclair.edu Tue Feb 20 16:07:53 2001 From: musolino at pegasus.montclair.edu (Trivial-pursuit) Date: Tue, 20 Feb 2001 17:07:53 -0500 Subject: [pptp-server] Unresolved Symbols In-Reply-To: ; from Scott Venier on Fri, Feb 16, 2001 at 06:44:09PM -0500 References: Message-ID: <20010220170753.A19627@pegasus.montclair.edu> The problem with this is that there are no floats or doubles for that matter declared in the ppp_mppe.c source. There are some buried pretty deep in some of the included libraries, but Im not going to break those since i dont know what else might need them. I do see this when i strace the insmod of the ppp_mppe.o module . . . mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7001a000 _llseek(0x3, 0, 0, 0xefffe6c8, 0) = 0 read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\1\0+\0\0\0\1\0\0\0\0"..., 8192) = 8192 _llseek(0x3, 0, 0x4000, 0xefffe388, 0) = 0 read(3, "cted %d\n\0\0\0\0\0\0\0\0<7>ERROR: not an"..., 8192) = 5944 _llseek(0x3, 0, 0, 0xefffe388, 0) = 0r . . . _llseek(0x3, 0, 0x5738, 0xefffe388, 0) = 0 _llseek(0x3, 0, 0x5738, 0xefffe388, 0) = 0 _llseek(0x3, 0, 0x5738, 0xefffe388, 0) = 0 _llseek(0x3, 0, 0x5738, 0xefffe388, 0) = 0 write(2, "/lib/modules/2.2.18/net/ppp_mppe"..., 36/lib/modules/2.2.18/net/ppp_mppe.o: ) = 36 write(2, "unresolved symbol __floatsidf", 29unresolved symbol __floatsidf) = 29 write(2, "\n", 1 ) = 1 write(2, "/lib/modules/2.2.18/net/ppp_mppe"..., 36/lib/modules/2.2.18/net/ppp_mppe.o: ) = 36 write(2, "unresolved symbol __adddf3", 26unresolved symbol __adddf3) = 26 write(2, "\n", 1 ) = 1 Peter * Scott Venier (scott.venier at compaq.com) [010216 18:44]: > Find the line in the mppe source that has floats in it and turn them into > ints. It'll break the statistics, but the kernel is supposed to be doing > floating point math anyway. > > Scott > > On Fri, 16 Feb 2001, Trivial-pursuit wrote: > > > > > I have been working at getting pptp working, and have read multiple > > lists > > and docs and got to this point: > > > > insmod ppp_mppe.o > > ppp_mppe.o: unresolved symbol __floatsidf > > ppp_mppe.o: unresolved symbol __adddf3 > > > > I have done this > > from /lib/modules/2.2.18/net/ > > and > > from /usr/src/linux/drivers/net > > > > PPP: PPP-2.4.0 > > Poptop: pptp-1.0.1 > > kernel: linux-2.2.18 > > cpu: TI UltraSparc IIi > > sparc64-linux-gcc.egcs64 --version: egcs-2.92.11 > > ppp-2.4.0-openssl-0.9.6-mppe.patch.gz installed > > all the rc4 files are in /usr/src/linux/drivers/net > > > > Any clues? > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > -- 000000000 0000000000000 000 \\ 000 000 \\ 000 000 \\ 000 000 ASCII\\ 000 000 \\ART 000 000 \\ 000 000 \\000 0000000000000 000000000 JUST SAY NO Peter Musolino musolino at pegasus.montclair.edu musolinop at alpha.montclair.edu ICQ#6785102 (L)-AIM piter50 From rex at col.com.ph Wed Feb 21 04:42:49 2001 From: rex at col.com.ph (rex at col.com.ph) Date: Wed, 21 Feb 2001 18:42:49 +0800 (PHT) Subject: [pptp-server] (no subject) Message-ID: <1764.202.72.78.179.982752169.squirrel@mail.col.com.ph> anyone has an idea on this problem??? ideas are appreciated... Feb 21 18:46:47 admin pptp[23315]: log[pptp_conn_close:pptp_ctrl.c:275]: Closing PPTP connection Feb 21 18:55:55 admin pptp[23366]: log [pptp_dispatch_ctrl_packet:pptp_ctrl.c:538 ]: Client connection established. Feb 21 18:56:00 admin pptp[23366]: log [pptp_dispatch_ctrl_packet:pptp_ctrl.c:645 ]: Outgoing call established (call ID 0, peer's call ID 0). Feb 21 18:56:00 admin pppd[23368]: pppd 2.3.11 started by root, uid 0 Feb 21 18:56:00 admin pppd[23368]: Using interface ppp0 Feb 21 18:56:00 admin pppd[23368]: Connect: ppp0 <--> /dev/pts/1 warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order Feb 21 18:56:12 admin pppd[23368]: local IP address 192.168.0.1 Feb 21 18:56:12 admin pppd[23368]: remote IP address 202.174.129.4 Feb 21 18:56:13 admin pppd[23368]: IPCP terminated by peer (Unauthorized remote IP address) Feb 21 18:56:16 admin pppd[23368]: LCP terminated by peer (No network protocols running) Feb 21 18:56:19 admin pppd[23368]: Connection terminated. Feb 21 18:56:19 admin pppd[23368]: Connect time 0.3 minutes. Feb 21 18:56:19 admin pppd[23368]: Sent 2797038 bytes, received 391 bytes. Feb 21 18:56:20 admin pppd[23368]: Exit. Feb 21 18:56:20 admin pptp[23366]: log[pptp_conn_close:pptp_ctrl.c:275]: Closing PPTP connection From khaight at firespout.com Wed Feb 21 07:58:00 2001 From: khaight at firespout.com (Kris Haight) Date: Wed, 21 Feb 2001 08:58:00 -0500 Subject: [pptp-server] A few more questions Message-ID: <37E1E2BB9C28D311AB390008C707D2A60BAD0FCA@nycexis01.mi8.com> Okay one more question and I should be up and running. ----- I've got the encryption to work, and I can see it. However I can only get the encyrption to work when I use pptpctrl, and the arguements do not work. If I say in the inetd.conf: pptpctrl 0 0 0 0 0 0 Windows responds back and says "The Server could not assign an IP address" if I say: pptpctrl 0 1 /etc/ppp/options.pptpd 0 0 0 0 I get the same thing. However, if I do something like: pptpctrl 0 1 /etc/ppp/options.pptpd 1 115200 1 192.168.0.12 1 192.168.0.210 0 *.12 being the vpn server itself and *.210 being the Ip from the range I want it to use to assign ips. This works. BUT I would like to use more than 1 IP address on my server =) Is there any way to get the pptpctrl to read the ppptd.conf file? This is the ONLY way I can get encryption to work properly. Thanks -- Kris My Log file looks something at the bottom of this email. -----Original Message----- From: Kris Haight [mailto:khaight at firespout.com] Sent: Friday, February 16, 2001 9:57 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] A few more questions Hello All- Well.. I think I have the server up and going, and I've (I think) sucessfully got the enycrption peice working Now my question is how do I know if my data connection is using data encryption? (If this is at all possible with PoPToe), or if my login is secure? I'm using a Windows 2000 client to test this btw. Thanks yet again? :) -- Kris _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! --- From Log File --- Feb 16 12:10:15 voon pptpd[1679]: CTRL: Client 165.247.4.52 control connection started Feb 16 12:10:15 voon pptpd[1679]: CTRL: Starting call (launching pppd, opening GRE) Feb 16 12:10:15 voon pppd[1680]: pppd 2.3.11 started by root, uid 0 Feb 16 12:10:15 voon pppd[1680]: Using interface ppp0 Feb 16 12:10:15 voon pppd[1680]: Connect: ppp0 <--> /dev/pts/1 Feb 16 12:10:15 voon pppd[1680]: sent [LCP ConfReq id=0x1 ] Feb 16 12:10:15 voon pppd[1680]: Timeout 0x80503d4:0x80784c0 in 3 seconds. Feb 16 12:10:15 voon pptpd[1679]: GRE: Discarding duplicate packet Feb 16 12:10:15 voon pppd[1680]: rcvd [LCP ConfAck id=0x1 ] Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x1 < 0d 03 06> < 11 04 06 4e> < 13 17 01 02 3b 94 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 00 1b>] Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 13 Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 17 Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 19 Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFREJ. Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 11 04 06 4e> < 13 17 01 02 3b 94 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 00 1b>] Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x2 ] Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFACK. Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfAck id=0x2 ] Feb 16 12:10:17 voon pppd[1680]: Untimeout 0x80503d4:0x80784c0. Feb 16 12:10:17 voon pppd[1680]: sent [CHAP Challenge id=0x1 , name = "pptpd"] Feb 16 12:10:17 voon pppd[1680]: Timeout 0x8055b40:0x80787a0 in 3 seconds. Feb 16 12:10:17 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x3 31 54 71 b9 4d 53 52 41 53 56 35 2e 30 30] Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x2 0c 03 00 12 31 54 71 b9 4d 53 52 41 53 56 35 2e 30 30] Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x4 31 54 71 b9 4d 53 52 41 53 2d 31 2d 49 52 41 5a 55] Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x3 0c 04 00 15 31 54 71 b9 4d 53 52 41 53 2d 31 2d 49 52 41 5a 55] Feb 16 12:10:18 voon pppd[1680]: rcvd [CHAP Response id=0x1 , name = "vpn"] Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x8055b40:0x80787a0. Feb 16 12:10:18 voon pppd[1680]: ChapReceiveResponse: rcvd type CHAP-DIGEST-MD5 Feb 16 12:10:18 voon pppd[1680]: sent [CHAP Success id=0x1 "Welcome to voon.firespout.net."] Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x1 ] Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x1 ] Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. Feb 16 12:10:18 voon pppd[1680]: CHAP peer authentication succeeded for vpn Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfReq id=0x5 ] Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfRej id=0x5 ] Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x6 ] Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x6 ] Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfRej id=0x1 ] Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x2 ] Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfRej id=0x1 ] Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x2] Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP TermReq id=0x7"1Tq\37777777671\000<\37777777715t\000\000\002\37777777734"] Feb 16 12:10:18 voon pppd[1680]: sent [CCP TermAck id=0x7] Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x8 ] Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x8 ] Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfAck id=0x2 ] Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP TermReq id=0x9 "1Tq\37777777671\000<\37777777715t\000\000\002\37777777742"] Feb 16 12:10:18 voon pppd[1680]: sent [IPCP TermAck id=0x9] Feb 16 12:10:18 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Feb 16 12:10:18 voon pptpd[1679]: CTRL: Error with select(), quitting Feb 16 12:10:18 voon pppd[1680]: Modem hangup Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. Feb 16 12:10:18 voon pppd[1680]: Connection terminated. Feb 16 12:10:18 voon pppd[1680]: Connect time 0.1 minutes. Feb 16 12:10:18 voon pppd[1680]: Sent 577 bytes, received 524 bytes. Feb 16 12:10:18 voon pppd[1680]: Exit. Feb 16 12:10:19 voon pptpd[1679]: CTRL: Client 165.247.4.52 control connection finished From khaight at firespout.com Wed Feb 21 09:31:14 2001 From: khaight at firespout.com (Kris Haight) Date: Wed, 21 Feb 2001 10:31:14 -0500 Subject: [pptp-server] A few more questions Message-ID: <37E1E2BB9C28D311AB390008C707D2A60BAD0FCB@nycexis01.mi8.com> Something like this: #### pptpd.conf ##### debug localip 192.168.0.12 remoteip 192.168.0.210-225 listen 192.168.2.3 -----Original Message----- From: robert [mailto:berzerke at swbell.net] Sent: Wednesday, February 21, 2001 10:31 AM To: Kris Haight Subject: Re: [pptp-server] A few more questions What does you /etc/pptpd.conf look like? On Wednesday 21 February 2001 07:58, you wrote: > Okay one more question and I should be up and running. > > ----- > > I've got the encryption to work, and I can see it. However I can only get > the encyrption to work when I use pptpctrl, and the arguements do not work. > If I say in the inetd.conf: > > pptpctrl 0 0 0 0 0 0 > > Windows responds back and says "The Server could not assign an IP address" > > if I say: > > pptpctrl 0 1 /etc/ppp/options.pptpd 0 0 0 0 > > I get the same thing. > > However, if I do something like: > > pptpctrl 0 1 /etc/ppp/options.pptpd 1 115200 1 192.168.0.12 1 192.168.0.210 > 0 > > *.12 being the vpn server itself > and *.210 being the Ip from the range I want it to use to assign ips. > > This works. BUT I would like to use more than 1 IP address on my server =) > > Is there any way to get the pptpctrl to read the ppptd.conf file? This is > the ONLY way I can get encryption to work properly. > > Thanks > > -- Kris > > My Log file looks something at the bottom of this email. > > -----Original Message----- > From: Kris Haight [mailto:khaight at firespout.com] > Sent: Friday, February 16, 2001 9:57 AM > To: 'pptp-server at lists.schulte.org' > Subject: [pptp-server] A few more questions > > > > Hello All- > > Well.. I think I have the server up and going, and I've (I think) > sucessfully got the enycrption peice working > > Now my question is how do I know if my data connection is using data > encryption? (If this is at all possible with PoPToe), or if my login is > secure? > > I'm using a Windows 2000 client to test this btw. > > Thanks yet again? :) > > -- Kris > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > --- From Log File --- > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > connection started > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Starting call (launching pppd, > opening GRE) > Feb 16 12:10:15 voon pppd[1680]: pppd 2.3.11 started by root, uid 0 > Feb 16 12:10:15 voon pppd[1680]: Using interface ppp0 > Feb 16 12:10:15 voon pppd[1680]: Connect: ppp0 <--> /dev/pts/1 > Feb 16 12:10:15 voon pppd[1680]: sent [LCP ConfReq id=0x1 > ] > Feb 16 12:10:15 voon pppd[1680]: Timeout 0x80503d4:0x80784c0 in 3 seconds. > Feb 16 12:10:15 voon pptpd[1679]: GRE: Discarding duplicate packet > Feb 16 12:10:15 voon pppd[1680]: rcvd [LCP ConfAck id=0x1 > ] > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x1 0x315471b9> < 0d 03 06> < 11 04 06 4e> < 13 17 01 02 3b 94 > 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 00 1b>] > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 13 > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 17 > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 19 > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFREJ. > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 11 > 04 06 4e> < 13 17 01 02 3b 94 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 > 00 1b>] > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x2 0x315471b9> ] > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFACK. > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfAck id=0x2 0x315471b9> ] > Feb 16 12:10:17 voon pppd[1680]: Untimeout 0x80503d4:0x80784c0. > Feb 16 12:10:17 voon pppd[1680]: sent [CHAP Challenge id=0x1 > , name = "pptpd"] > Feb 16 12:10:17 voon pppd[1680]: Timeout 0x8055b40:0x80787a0 in 3 seconds. > Feb 16 12:10:17 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet with > real ACCMs! > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x3 31 54 71 b9 4d > 53 52 41 53 56 35 2e 30 30] > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x2 0c 03 00 12 31 54 > 71 b9 4d 53 52 41 53 56 35 2e 30 30] > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x4 31 54 71 b9 4d > 53 52 41 53 2d 31 2d 49 52 41 5a 55] > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x3 0c 04 00 15 31 54 > 71 b9 4d 53 52 41 53 2d 31 2d 49 52 41 5a 55] > Feb 16 12:10:18 voon pppd[1680]: rcvd [CHAP Response id=0x1 > , name = "vpn"] > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x8055b40:0x80787a0. > Feb 16 12:10:18 voon pppd[1680]: ChapReceiveResponse: rcvd type > CHAP-DIGEST-MD5 > Feb 16 12:10:18 voon pppd[1680]: sent [CHAP Success id=0x1 "Welcome to > voon.firespout.net."] > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x1 192.168.0.12> ] > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x1 > ] > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > Feb 16 12:10:18 voon pppd[1680]: CHAP peer authentication succeeded for vpn > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfReq id=0x5 ] > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfRej id=0x5 ] > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x6 > ] > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x6 > ] > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfRej id=0x1 01>] > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x2 192.168.0.12>] > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfRej id=0x1 > ] > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x2] > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP TermReq > id=0x7"1Tq\37777777671\000<\37777777715t\000\000\002\37777777734"] > Feb 16 12:10:18 voon pppd[1680]: sent [CCP TermAck id=0x7] > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x8 ] > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x8 ] > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfAck id=0x2 192.168.0.12>] > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP TermReq id=0x9 > "1Tq\37777777671\000<\37777777715t\000\000\002\37777777742"] > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP TermAck id=0x9] > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet with > real ACCMs! > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Error with select(), quitting > Feb 16 12:10:18 voon pppd[1680]: Modem hangup > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > Feb 16 12:10:18 voon pppd[1680]: Connection terminated. > Feb 16 12:10:18 voon pppd[1680]: Connect time 0.1 minutes. > Feb 16 12:10:18 voon pppd[1680]: Sent 577 bytes, received 524 bytes. > Feb 16 12:10:18 voon pppd[1680]: Exit. > Feb 16 12:10:19 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > connection finished > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From dlandgre at bpinet.com Wed Feb 21 10:07:07 2001 From: dlandgre at bpinet.com (David LANDGREN) Date: Wed, 21 Feb 2001 17:07:07 +0100 Subject: [pptp-server] Internal DNS server blues Message-ID: Hello list, I believe I have all the kinks ironed out of my setup pptp 1.0.1 on OpenBSD 2.7. The only remaining problem I have is negotiating the addresses of my internal DNS servers. In fact, the negotiation works quite fine. Here's how /etc/ppp/options contains ms-dns 192.168.0.8 ms-dns 192.168.0.18 ms-wins 192.168.0.1 and /etc/ppp/ppp.conf contains pptp: set log phase chat connect lcp ipcp tun command # lqm set login set timeout 0 set speed 115200 set ifaddr 192.168.3.0 192.168.3.128-192.168.3.143 255.255.255.255 set server /tmp/pptploop%d "" 0177 set dns 192.168.0.8 192.168.0.18 All is well and good, however... The clients initially dial up via modem, and the connection to the initial ISP negotiates two public DNS servers, 194.x.y.z whatever. On successfully connecting to the ISP, the client then connects through MS VPN to my private network. At this point things get rather bizarre. What happens is the addresses of my two internal DNS servers, rather than replacing the two public addresses, get tacked onto the end. So when I run winipcfg on the ppp interface on the client, I get four separate DNS addresses, my two coming after the first two. What this means is that the client is unable to resolve the name of anything inside my network. What I really want to do is to wipe out the initial DNS addresses that were given during the initial dial-up and replace them with my internal addresses. Because in any event, if my internal DNS servers can't resolve an address (because its an outside machine), they will forward the request onto those two public DNS servers anyway. Does anyone have this setup ? Thanks, David From cwood at wencor.com Wed Feb 21 13:08:56 2001 From: cwood at wencor.com (Chris Wood) Date: Wed, 21 Feb 2001 12:08:56 -0700 (Mountain Standard Time) Subject: [pptp-server] A few more questions In-Reply-To: <37E1E2BB9C28D311AB390008C707D2A60BAD0FCB@nycexis01.mi8.com> Message-ID: Doesn't the localip have to be a range with the same number of IPs as the remoteip? localip 192.168.0.12-27 remoteip 192.168.0.210-225 On Wed, 21 Feb 2001, Kris Haight wrote: > > Something like this: > > #### pptpd.conf ##### > > debug > localip 192.168.0.12 > remoteip 192.168.0.210-225 > listen 192.168.2.3 > > > > -----Original Message----- > From: robert [mailto:berzerke at swbell.net] > Sent: Wednesday, February 21, 2001 10:31 AM > To: Kris Haight > Subject: Re: [pptp-server] A few more questions > > > What does you /etc/pptpd.conf look like? > > On Wednesday 21 February 2001 07:58, you wrote: > > Okay one more question and I should be up and running. > > > > ----- > > > > I've got the encryption to work, and I can see it. However I can only get > > the encyrption to work when I use pptpctrl, and the arguements do not > work. > > If I say in the inetd.conf: > > > > pptpctrl 0 0 0 0 0 0 > > > > Windows responds back and says "The Server could not assign an IP address" > > > > if I say: > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 0 0 0 0 > > > > I get the same thing. > > > > However, if I do something like: > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 1 115200 1 192.168.0.12 1 > 192.168.0.210 > > 0 > > > > *.12 being the vpn server itself > > and *.210 being the Ip from the range I want it to use to assign ips. > > > > This works. BUT I would like to use more than 1 IP address on my server =) > > > > Is there any way to get the pptpctrl to read the ppptd.conf file? This is > > the ONLY way I can get encryption to work properly. > > > > Thanks > > > > -- Kris > > > > My Log file looks something at the bottom of this email. > > > > -----Original Message----- > > From: Kris Haight [mailto:khaight at firespout.com] > > Sent: Friday, February 16, 2001 9:57 AM > > To: 'pptp-server at lists.schulte.org' > > Subject: [pptp-server] A few more questions > > > > > > > > Hello All- > > > > Well.. I think I have the server up and going, and I've (I think) > > sucessfully got the enycrption peice working > > > > Now my question is how do I know if my data connection is using data > > encryption? (If this is at all possible with PoPToe), or if my login is > > secure? > > > > I'm using a Windows 2000 client to test this btw. > > > > Thanks yet again? :) > > > > -- Kris > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > --- From Log File --- > > > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > connection started > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Starting call (launching pppd, > > opening GRE) > > Feb 16 12:10:15 voon pppd[1680]: pppd 2.3.11 started by root, uid 0 > > Feb 16 12:10:15 voon pppd[1680]: Using interface ppp0 > > Feb 16 12:10:15 voon pppd[1680]: Connect: ppp0 <--> /dev/pts/1 > > Feb 16 12:10:15 voon pppd[1680]: sent [LCP ConfReq id=0x1 > > ] > > Feb 16 12:10:15 voon pppd[1680]: Timeout 0x80503d4:0x80784c0 in 3 seconds. > > Feb 16 12:10:15 voon pptpd[1679]: GRE: Discarding duplicate packet > > Feb 16 12:10:15 voon pppd[1680]: rcvd [LCP ConfAck id=0x1 > > ] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x1 > 0x315471b9> < 0d 03 06> < 11 04 06 4e> < 13 17 01 02 3b > 94 > > 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 00 1b>] > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 13 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 17 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 19 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFREJ. > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 11 > > 04 06 4e> < 13 17 01 02 3b 94 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 > > 00 1b>] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x2 > 0x315471b9> ] > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFACK. > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfAck id=0x2 > 0x315471b9> ] > > Feb 16 12:10:17 voon pppd[1680]: Untimeout 0x80503d4:0x80784c0. > > Feb 16 12:10:17 voon pppd[1680]: sent [CHAP Challenge id=0x1 > > , name = "pptpd"] > > Feb 16 12:10:17 voon pppd[1680]: Timeout 0x8055b40:0x80787a0 in 3 seconds. > > Feb 16 12:10:17 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > with > > real ACCMs! > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x3 31 54 71 b9 4d > > 53 52 41 53 56 35 2e 30 30] > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x2 0c 03 00 12 31 > 54 > > 71 b9 4d 53 52 41 53 56 35 2e 30 30] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x4 31 54 71 b9 4d > > 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x3 0c 04 00 15 31 > 54 > > 71 b9 4d 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CHAP Response id=0x1 > > , name = "vpn"] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x8055b40:0x80787a0. > > Feb 16 12:10:18 voon pppd[1680]: ChapReceiveResponse: rcvd type > > CHAP-DIGEST-MD5 > > Feb 16 12:10:18 voon pppd[1680]: sent [CHAP Success id=0x1 "Welcome to > > voon.firespout.net."] > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x1 > 192.168.0.12> ] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x1 > > ] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: CHAP peer authentication succeeded for > vpn > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfReq id=0x5 ] > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfRej id=0x5 ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x6 > > ] > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x6 > > ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfRej id=0x1 > 01>] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x2 > 192.168.0.12>] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfRej id=0x1 > > ] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x2] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP TermReq > > id=0x7"1Tq\37777777671\000<\37777777715t\000\000\002\37777777734"] > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP TermAck id=0x7] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x8 ] > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x8 ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfAck id=0x2 > 192.168.0.12>] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP TermReq id=0x9 > > "1Tq\37777777671\000<\37777777715t\000\000\002\37777777742"] > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP TermAck id=0x9] > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > with > > real ACCMs! > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Error with select(), quitting > > Feb 16 12:10:18 voon pppd[1680]: Modem hangup > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > Feb 16 12:10:18 voon pppd[1680]: Connection terminated. > > Feb 16 12:10:18 voon pppd[1680]: Connect time 0.1 minutes. > > Feb 16 12:10:18 voon pppd[1680]: Sent 577 bytes, received 524 bytes. > > Feb 16 12:10:18 voon pppd[1680]: Exit. > > Feb 16 12:10:19 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > connection finished > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > -- -=-=-=-=-=- Chris Wood Kitco, Inc. Dixie Aerospace 801-489-2097 Wencor West, Inc. Durham Aircraft Serv. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From khaight at firespout.com Wed Feb 21 13:09:11 2001 From: khaight at firespout.com (Kris Haight) Date: Wed, 21 Feb 2001 14:09:11 -0500 Subject: [pptp-server] A few more questions Message-ID: <37E1E2BB9C28D311AB390008C707D2A60BAD0FCE@nycexis01.mi8.com> That I wasnt unsure of. So I left it the way it is. Anyone care to correct me? -----Original Message----- From: Chris Wood [mailto:cwood at wencor.com] Sent: Wednesday, February 21, 2001 2:09 PM To: Kris Haight Cc: 'robert'; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] A few more questions Doesn't the localip have to be a range with the same number of IPs as the remoteip? localip 192.168.0.12-27 remoteip 192.168.0.210-225 On Wed, 21 Feb 2001, Kris Haight wrote: > > Something like this: > > #### pptpd.conf ##### > > debug > localip 192.168.0.12 > remoteip 192.168.0.210-225 > listen 192.168.2.3 > > > > -----Original Message----- > From: robert [mailto:berzerke at swbell.net] > Sent: Wednesday, February 21, 2001 10:31 AM > To: Kris Haight > Subject: Re: [pptp-server] A few more questions > > > What does you /etc/pptpd.conf look like? > > On Wednesday 21 February 2001 07:58, you wrote: > > Okay one more question and I should be up and running. > > > > ----- > > > > I've got the encryption to work, and I can see it. However I can only get > > the encyrption to work when I use pptpctrl, and the arguements do not > work. > > If I say in the inetd.conf: > > > > pptpctrl 0 0 0 0 0 0 > > > > Windows responds back and says "The Server could not assign an IP address" > > > > if I say: > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 0 0 0 0 > > > > I get the same thing. > > > > However, if I do something like: > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 1 115200 1 192.168.0.12 1 > 192.168.0.210 > > 0 > > > > *.12 being the vpn server itself > > and *.210 being the Ip from the range I want it to use to assign ips. > > > > This works. BUT I would like to use more than 1 IP address on my server =) > > > > Is there any way to get the pptpctrl to read the ppptd.conf file? This is > > the ONLY way I can get encryption to work properly. > > > > Thanks > > > > -- Kris > > > > My Log file looks something at the bottom of this email. > > > > -----Original Message----- > > From: Kris Haight [mailto:khaight at firespout.com] > > Sent: Friday, February 16, 2001 9:57 AM > > To: 'pptp-server at lists.schulte.org' > > Subject: [pptp-server] A few more questions > > > > > > > > Hello All- > > > > Well.. I think I have the server up and going, and I've (I think) > > sucessfully got the enycrption peice working > > > > Now my question is how do I know if my data connection is using data > > encryption? (If this is at all possible with PoPToe), or if my login is > > secure? > > > > I'm using a Windows 2000 client to test this btw. > > > > Thanks yet again? :) > > > > -- Kris > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > --- From Log File --- > > > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > connection started > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Starting call (launching pppd, > > opening GRE) > > Feb 16 12:10:15 voon pppd[1680]: pppd 2.3.11 started by root, uid 0 > > Feb 16 12:10:15 voon pppd[1680]: Using interface ppp0 > > Feb 16 12:10:15 voon pppd[1680]: Connect: ppp0 <--> /dev/pts/1 > > Feb 16 12:10:15 voon pppd[1680]: sent [LCP ConfReq id=0x1 > > ] > > Feb 16 12:10:15 voon pppd[1680]: Timeout 0x80503d4:0x80784c0 in 3 seconds. > > Feb 16 12:10:15 voon pptpd[1679]: GRE: Discarding duplicate packet > > Feb 16 12:10:15 voon pppd[1680]: rcvd [LCP ConfAck id=0x1 > > ] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x1 > 0x315471b9> < 0d 03 06> < 11 04 06 4e> < 13 17 01 02 3b > 94 > > 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 00 1b>] > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 13 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 17 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 19 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFREJ. > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 11 > > 04 06 4e> < 13 17 01 02 3b 94 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 > > 00 1b>] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x2 > 0x315471b9> ] > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFACK. > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfAck id=0x2 > 0x315471b9> ] > > Feb 16 12:10:17 voon pppd[1680]: Untimeout 0x80503d4:0x80784c0. > > Feb 16 12:10:17 voon pppd[1680]: sent [CHAP Challenge id=0x1 > > , name = "pptpd"] > > Feb 16 12:10:17 voon pppd[1680]: Timeout 0x8055b40:0x80787a0 in 3 seconds. > > Feb 16 12:10:17 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > with > > real ACCMs! > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x3 31 54 71 b9 4d > > 53 52 41 53 56 35 2e 30 30] > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x2 0c 03 00 12 31 > 54 > > 71 b9 4d 53 52 41 53 56 35 2e 30 30] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x4 31 54 71 b9 4d > > 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x3 0c 04 00 15 31 > 54 > > 71 b9 4d 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CHAP Response id=0x1 > > , name = "vpn"] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x8055b40:0x80787a0. > > Feb 16 12:10:18 voon pppd[1680]: ChapReceiveResponse: rcvd type > > CHAP-DIGEST-MD5 > > Feb 16 12:10:18 voon pppd[1680]: sent [CHAP Success id=0x1 "Welcome to > > voon.firespout.net."] > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x1 > 192.168.0.12> ] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x1 > > ] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: CHAP peer authentication succeeded for > vpn > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfReq id=0x5 ] > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfRej id=0x5 ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x6 > > ] > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x6 > > ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfRej id=0x1 > 01>] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x2 > 192.168.0.12>] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfRej id=0x1 > > ] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x2] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP TermReq > > id=0x7"1Tq\37777777671\000<\37777777715t\000\000\002\37777777734"] > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP TermAck id=0x7] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x8 ] > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x8 ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfAck id=0x2 > 192.168.0.12>] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP TermReq id=0x9 > > "1Tq\37777777671\000<\37777777715t\000\000\002\37777777742"] > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP TermAck id=0x9] > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > with > > real ACCMs! > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Error with select(), quitting > > Feb 16 12:10:18 voon pppd[1680]: Modem hangup > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > Feb 16 12:10:18 voon pppd[1680]: Connection terminated. > > Feb 16 12:10:18 voon pppd[1680]: Connect time 0.1 minutes. > > Feb 16 12:10:18 voon pppd[1680]: Sent 577 bytes, received 524 bytes. > > Feb 16 12:10:18 voon pppd[1680]: Exit. > > Feb 16 12:10:19 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > connection finished > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > -- -=-=-=-=-=- Chris Wood Kitco, Inc. Dixie Aerospace 801-489-2097 Wencor West, Inc. Durham Aircraft Serv. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From jward at cem.msu.edu Wed Feb 21 13:44:07 2001 From: jward at cem.msu.edu (Joe Ward) Date: Wed, 21 Feb 2001 14:44:07 -0500 Subject: [pptp-server] A few more questions In-Reply-To: <37E1E2BB9C28D311AB390008C707D2A60BAD0FCE@nycexis01.mi8.com > Message-ID: <5.0.2.1.2.20010221144336.00a94cb8@pop3.norton.antivirus> According the the comments in the pptpd.conf file: # IMPORTANT RESTRICTIONS: # # 1. No spaces are permitted between commas or within addresses. # # 2. If you give more IP addresses than MAX_CONNECTIONS, it will # start at the beginning of the list and go until it gets # MAX_CONNECTIONS IPs. Others will be ignored. # # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, # you must type 234-238 if you mean this. # # 4. If you give a single localIP, that's ok - all local IPs will # be set to the given one. You MUST still give at least one remote # IP for each simultaneous client. it appears you can give a single local IP that all your Remotes will have. but you must give enought remote IP's to handle all your connections. -Joe At 2/21/2001 02:09 PM, you wrote: >That I wasnt unsure of. So I left it the way it is. > >Anyone care to correct me? > >-----Original Message----- >From: Chris Wood [mailto:cwood at wencor.com] >Sent: Wednesday, February 21, 2001 2:09 PM >To: Kris Haight >Cc: 'robert'; 'pptp-server at lists.schulte.org' >Subject: RE: [pptp-server] A few more questions > > > >Doesn't the localip have to be a range with the same number of IPs as the >remoteip? > >localip 192.168.0.12-27 >remoteip 192.168.0.210-225 > >On Wed, 21 Feb 2001, Kris Haight wrote: > > > > > Something like this: > > > > #### pptpd.conf ##### > > > > debug > > localip 192.168.0.12 > > remoteip 192.168.0.210-225 > > listen 192.168.2.3 > > > > > > > > -----Original Message----- > > From: robert [mailto:berzerke at swbell.net] > > Sent: Wednesday, February 21, 2001 10:31 AM > > To: Kris Haight > > Subject: Re: [pptp-server] A few more questions > > > > > > What does you /etc/pptpd.conf look like? > > > > On Wednesday 21 February 2001 07:58, you wrote: > > > Okay one more question and I should be up and running. > > > > > > ----- > > > > > > I've got the encryption to work, and I can see it. However I can only >get > > > the encyrption to work when I use pptpctrl, and the arguements do not > > work. > > > If I say in the inetd.conf: > > > > > > pptpctrl 0 0 0 0 0 0 > > > > > > Windows responds back and says "The Server could not assign an IP >address" > > > > > > if I say: > > > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 0 0 0 0 > > > > > > I get the same thing. > > > > > > However, if I do something like: > > > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 1 115200 1 192.168.0.12 1 > > 192.168.0.210 > > > 0 > > > > > > *.12 being the vpn server itself > > > and *.210 being the Ip from the range I want it to use to assign ips. > > > > > > This works. BUT I would like to use more than 1 IP address on my server >=) > > > > > > Is there any way to get the pptpctrl to read the ppptd.conf file? This >is > > > the ONLY way I can get encryption to work properly. > > > > > > Thanks > > > > > > -- Kris > > > > > > My Log file looks something at the bottom of this email. > > > > > > -----Original Message----- > > > From: Kris Haight [mailto:khaight at firespout.com] > > > Sent: Friday, February 16, 2001 9:57 AM > > > To: 'pptp-server at lists.schulte.org' > > > Subject: [pptp-server] A few more questions > > > > > > > > > > > > Hello All- > > > > > > Well.. I think I have the server up and going, and I've (I think) > > > sucessfully got the enycrption peice working > > > > > > Now my question is how do I know if my data connection is using data > > > encryption? (If this is at all possible with PoPToe), or if my login is > > > secure? > > > > > > I'm using a Windows 2000 client to test this btw. > > > > > > Thanks yet again? :) > > > > > > -- Kris > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > --- From Log File --- > > > > > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > > connection started > > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Starting call (launching pppd, > > > opening GRE) > > > Feb 16 12:10:15 voon pppd[1680]: pppd 2.3.11 started by root, uid 0 > > > Feb 16 12:10:15 voon pppd[1680]: Using interface ppp0 > > > Feb 16 12:10:15 voon pppd[1680]: Connect: ppp0 <--> /dev/pts/1 > > > Feb 16 12:10:15 voon pppd[1680]: sent [LCP ConfReq id=0x1 > > > ] > > > Feb 16 12:10:15 voon pppd[1680]: Timeout 0x80503d4:0x80784c0 in 3 >seconds. > > > Feb 16 12:10:15 voon pptpd[1679]: GRE: Discarding duplicate packet > > > Feb 16 12:10:15 voon pppd[1680]: rcvd [LCP ConfAck id=0x1 > > > ] > > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x1 > > 0x315471b9> < 0d 03 06> < 11 04 06 4e> < 13 17 01 02 3b > > 94 > > > 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 00 1b>] > > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 13 > > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 17 > > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 19 > > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFREJ. > > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfRej id=0x1 < 0d 03 06> < >11 > > > 04 06 4e> < 13 17 01 02 3b 94 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 >00 > > > 00 1b>] > > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x2 > > 0x315471b9> ] > > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFACK. > > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfAck id=0x2 > > 0x315471b9> ] > > > Feb 16 12:10:17 voon pppd[1680]: Untimeout 0x80503d4:0x80784c0. > > > Feb 16 12:10:17 voon pppd[1680]: sent [CHAP Challenge id=0x1 > > > , name = "pptpd"] > > > Feb 16 12:10:17 voon pppd[1680]: Timeout 0x8055b40:0x80787a0 in 3 >seconds. > > > Feb 16 12:10:17 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > > with > > > real ACCMs! > > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x3 31 54 71 b9 >4d > > > 53 52 41 53 56 35 2e 30 30] > > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x2 0c 03 00 12 31 > > 54 > > > 71 b9 4d 53 52 41 53 56 35 2e 30 30] > > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x4 31 54 71 b9 >4d > > > 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x3 0c 04 00 15 31 > > 54 > > > 71 b9 4d 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CHAP Response id=0x1 > > > , name = "vpn"] > > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x8055b40:0x80787a0. > > > Feb 16 12:10:18 voon pppd[1680]: ChapReceiveResponse: rcvd type > > > CHAP-DIGEST-MD5 > > > Feb 16 12:10:18 voon pppd[1680]: sent [CHAP Success id=0x1 "Welcome to > > > voon.firespout.net."] > > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x1 > > 192.168.0.12> ] > > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 >seconds. > > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x1 > > > ] > > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 >seconds. > > > Feb 16 12:10:18 voon pppd[1680]: CHAP peer authentication succeeded for > > vpn > > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfReq id=0x5 1>] > > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfRej id=0x5 1>] > > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x6 0.0.0.0> > > > ] > > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x6 0.0.0.0> > > > ] > > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfRej id=0x1 0f > > > 01>] > > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x2 > > 192.168.0.12>] > > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 >seconds. > > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfRej id=0x1 > > > ] > > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x2] > > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 >seconds. > > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP TermReq > > > id=0x7"1Tq\37777777671\000<\37777777715t\000\000\002\37777777734"] > > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP TermAck id=0x7] > > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x8 0.0.0.0>] > > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x8 0.0.0.0>] > > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfAck id=0x2 > > 192.168.0.12>] > > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP TermReq id=0x9 > > > "1Tq\37777777671\000<\37777777715t\000\000\002\37777777742"] > > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP TermAck id=0x9] > > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > > with > > > real ACCMs! > > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Error with select(), quitting > > > Feb 16 12:10:18 voon pppd[1680]: Modem hangup > > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > > Feb 16 12:10:18 voon pppd[1680]: Connection terminated. > > > Feb 16 12:10:18 voon pppd[1680]: Connect time 0.1 minutes. > > > Feb 16 12:10:18 voon pppd[1680]: Sent 577 bytes, received 524 bytes. > > > Feb 16 12:10:18 voon pppd[1680]: Exit. > > > Feb 16 12:10:19 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > > connection finished > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > >-- > >-=-=-=-=-=- >Chris Wood Kitco, Inc. Dixie Aerospace >801-489-2097 Wencor West, Inc. Durham Aircraft Serv. >-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! From walterm at Gliatech.com Wed Feb 21 13:56:49 2001 From: walterm at Gliatech.com (Michael Walter) Date: Wed, 21 Feb 2001 14:56:49 -0500 Subject: [pptp-server] A few more questions Message-ID: That is incorrect. My current implementation, live for almost two years now, uses a single ip for the remoteip and 30 ip's for the local ip. Thanks, Michael J. Walter rhce mcdba mcse+i a+ Network Administrator Gliatech, Inc. 23420 Commerce Park Rd. Beachwood, Ohio 44122 Tel: (216) 831-3200 Email: walterm at gliatech.com -----Original Message----- From: Kris Haight [mailto:khaight at firespout.com] Sent: Wednesday, February 21, 2001 2:09 PM To: 'Chris Wood'; Kris Haight Cc: 'robert'; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] A few more questions That I wasnt unsure of. So I left it the way it is. Anyone care to correct me? -----Original Message----- From: Chris Wood [mailto:cwood at wencor.com] Sent: Wednesday, February 21, 2001 2:09 PM To: Kris Haight Cc: 'robert'; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] A few more questions Doesn't the localip have to be a range with the same number of IPs as the remoteip? localip 192.168.0.12-27 remoteip 192.168.0.210-225 On Wed, 21 Feb 2001, Kris Haight wrote: > > Something like this: > > #### pptpd.conf ##### > > debug > localip 192.168.0.12 > remoteip 192.168.0.210-225 > listen 192.168.2.3 > > > > -----Original Message----- > From: robert [mailto:berzerke at swbell.net] > Sent: Wednesday, February 21, 2001 10:31 AM > To: Kris Haight > Subject: Re: [pptp-server] A few more questions > > > What does you /etc/pptpd.conf look like? > > On Wednesday 21 February 2001 07:58, you wrote: > > Okay one more question and I should be up and running. > > > > ----- > > > > I've got the encryption to work, and I can see it. However I can only get > > the encyrption to work when I use pptpctrl, and the arguements do not > work. > > If I say in the inetd.conf: > > > > pptpctrl 0 0 0 0 0 0 > > > > Windows responds back and says "The Server could not assign an IP address" > > > > if I say: > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 0 0 0 0 > > > > I get the same thing. > > > > However, if I do something like: > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 1 115200 1 192.168.0.12 1 > 192.168.0.210 > > 0 > > > > *.12 being the vpn server itself > > and *.210 being the Ip from the range I want it to use to assign ips. > > > > This works. BUT I would like to use more than 1 IP address on my server =) > > > > Is there any way to get the pptpctrl to read the ppptd.conf file? This is > > the ONLY way I can get encryption to work properly. > > > > Thanks > > > > -- Kris > > > > My Log file looks something at the bottom of this email. > > > > -----Original Message----- > > From: Kris Haight [mailto:khaight at firespout.com] > > Sent: Friday, February 16, 2001 9:57 AM > > To: 'pptp-server at lists.schulte.org' > > Subject: [pptp-server] A few more questions > > > > > > > > Hello All- > > > > Well.. I think I have the server up and going, and I've (I think) > > sucessfully got the enycrption peice working > > > > Now my question is how do I know if my data connection is using data > > encryption? (If this is at all possible with PoPToe), or if my login is > > secure? > > > > I'm using a Windows 2000 client to test this btw. > > > > Thanks yet again? :) > > > > -- Kris > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > --- From Log File --- > > > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > connection started > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Starting call (launching pppd, > > opening GRE) > > Feb 16 12:10:15 voon pppd[1680]: pppd 2.3.11 started by root, uid 0 > > Feb 16 12:10:15 voon pppd[1680]: Using interface ppp0 > > Feb 16 12:10:15 voon pppd[1680]: Connect: ppp0 <--> /dev/pts/1 > > Feb 16 12:10:15 voon pppd[1680]: sent [LCP ConfReq id=0x1 > > ] > > Feb 16 12:10:15 voon pppd[1680]: Timeout 0x80503d4:0x80784c0 in 3 seconds. > > Feb 16 12:10:15 voon pptpd[1679]: GRE: Discarding duplicate packet > > Feb 16 12:10:15 voon pppd[1680]: rcvd [LCP ConfAck id=0x1 > > ] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x1 > 0x315471b9> < 0d 03 06> < 11 04 06 4e> < 13 17 01 02 3b > 94 > > 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 00 1b>] > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 13 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 17 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 19 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFREJ. > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 11 > > 04 06 4e> < 13 17 01 02 3b 94 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 > > 00 1b>] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x2 > 0x315471b9> ] > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFACK. > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfAck id=0x2 > 0x315471b9> ] > > Feb 16 12:10:17 voon pppd[1680]: Untimeout 0x80503d4:0x80784c0. > > Feb 16 12:10:17 voon pppd[1680]: sent [CHAP Challenge id=0x1 > > , name = "pptpd"] > > Feb 16 12:10:17 voon pppd[1680]: Timeout 0x8055b40:0x80787a0 in 3 seconds. > > Feb 16 12:10:17 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > with > > real ACCMs! > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x3 31 54 71 b9 4d > > 53 52 41 53 56 35 2e 30 30] > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x2 0c 03 00 12 31 > 54 > > 71 b9 4d 53 52 41 53 56 35 2e 30 30] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x4 31 54 71 b9 4d > > 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x3 0c 04 00 15 31 > 54 > > 71 b9 4d 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CHAP Response id=0x1 > > , name = "vpn"] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x8055b40:0x80787a0. > > Feb 16 12:10:18 voon pppd[1680]: ChapReceiveResponse: rcvd type > > CHAP-DIGEST-MD5 > > Feb 16 12:10:18 voon pppd[1680]: sent [CHAP Success id=0x1 "Welcome to > > voon.firespout.net."] > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x1 > 192.168.0.12> ] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x1 > > ] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: CHAP peer authentication succeeded for > vpn > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfReq id=0x5 ] > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfRej id=0x5 ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x6 > > ] > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x6 > > ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfRej id=0x1 > 01>] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x2 > 192.168.0.12>] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfRej id=0x1 > > ] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x2] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP TermReq > > id=0x7"1Tq\37777777671\000<\37777777715t\000\000\002\37777777734"] > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP TermAck id=0x7] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x8 ] > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x8 ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfAck id=0x2 > 192.168.0.12>] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP TermReq id=0x9 > > "1Tq\37777777671\000<\37777777715t\000\000\002\37777777742"] > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP TermAck id=0x9] > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > with > > real ACCMs! > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Error with select(), quitting > > Feb 16 12:10:18 voon pppd[1680]: Modem hangup > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > Feb 16 12:10:18 voon pppd[1680]: Connection terminated. > > Feb 16 12:10:18 voon pppd[1680]: Connect time 0.1 minutes. > > Feb 16 12:10:18 voon pppd[1680]: Sent 577 bytes, received 524 bytes. > > Feb 16 12:10:18 voon pppd[1680]: Exit. > > Feb 16 12:10:19 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > connection finished > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > -- -=-=-=-=-=- Chris Wood Kitco, Inc. Dixie Aerospace 801-489-2097 Wencor West, Inc. Durham Aircraft Serv. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From walterm at Gliatech.com Wed Feb 21 14:00:03 2001 From: walterm at Gliatech.com (Michael Walter) Date: Wed, 21 Feb 2001 15:00:03 -0500 Subject: [pptp-server] A few more questions Message-ID: err reverse that, it looks a lot like this: localip 192.0.0.121 remoteip 192.0.0.201-245 listen XXX.XXX.XXX.XXX Thanks, Michael J. Walter rhce mcdba mcse+i a+ Network Administrator Gliatech, Inc. 23420 Commerce Park Rd. Beachwood, Ohio 44122 Tel: (216) 831-3200 Email: walterm at gliatech.com -----Original Message----- From: Michael Walter Sent: Wednesday, February 21, 2001 2:57 PM To: 'Kris Haight' Cc: 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] A few more questions That is incorrect. My current implementation, live for almost two years now, uses a single ip for the remoteip and 30 ip's for the local ip. Thanks, Michael J. Walter rhce mcdba mcse+i a+ Network Administrator Gliatech, Inc. 23420 Commerce Park Rd. Beachwood, Ohio 44122 Tel: (216) 831-3200 Email: walterm at gliatech.com -----Original Message----- From: Kris Haight [mailto:khaight at firespout.com] Sent: Wednesday, February 21, 2001 2:09 PM To: 'Chris Wood'; Kris Haight Cc: 'robert'; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] A few more questions That I wasnt unsure of. So I left it the way it is. Anyone care to correct me? -----Original Message----- From: Chris Wood [mailto:cwood at wencor.com] Sent: Wednesday, February 21, 2001 2:09 PM To: Kris Haight Cc: 'robert'; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] A few more questions Doesn't the localip have to be a range with the same number of IPs as the remoteip? localip 192.168.0.12-27 remoteip 192.168.0.210-225 On Wed, 21 Feb 2001, Kris Haight wrote: > > Something like this: > > #### pptpd.conf ##### > > debug > localip 192.168.0.12 > remoteip 192.168.0.210-225 > listen 192.168.2.3 > > > > -----Original Message----- > From: robert [mailto:berzerke at swbell.net] > Sent: Wednesday, February 21, 2001 10:31 AM > To: Kris Haight > Subject: Re: [pptp-server] A few more questions > > > What does you /etc/pptpd.conf look like? > > On Wednesday 21 February 2001 07:58, you wrote: > > Okay one more question and I should be up and running. > > > > ----- > > > > I've got the encryption to work, and I can see it. However I can only get > > the encyrption to work when I use pptpctrl, and the arguements do not > work. > > If I say in the inetd.conf: > > > > pptpctrl 0 0 0 0 0 0 > > > > Windows responds back and says "The Server could not assign an IP address" > > > > if I say: > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 0 0 0 0 > > > > I get the same thing. > > > > However, if I do something like: > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 1 115200 1 192.168.0.12 1 > 192.168.0.210 > > 0 > > > > *.12 being the vpn server itself > > and *.210 being the Ip from the range I want it to use to assign ips. > > > > This works. BUT I would like to use more than 1 IP address on my server =) > > > > Is there any way to get the pptpctrl to read the ppptd.conf file? This is > > the ONLY way I can get encryption to work properly. > > > > Thanks > > > > -- Kris > > > > My Log file looks something at the bottom of this email. > > > > -----Original Message----- > > From: Kris Haight [mailto:khaight at firespout.com] > > Sent: Friday, February 16, 2001 9:57 AM > > To: 'pptp-server at lists.schulte.org' > > Subject: [pptp-server] A few more questions > > > > > > > > Hello All- > > > > Well.. I think I have the server up and going, and I've (I think) > > sucessfully got the enycrption peice working > > > > Now my question is how do I know if my data connection is using data > > encryption? (If this is at all possible with PoPToe), or if my login is > > secure? > > > > I'm using a Windows 2000 client to test this btw. > > > > Thanks yet again? :) > > > > -- Kris > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > --- From Log File --- > > > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > connection started > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Starting call (launching pppd, > > opening GRE) > > Feb 16 12:10:15 voon pppd[1680]: pppd 2.3.11 started by root, uid 0 > > Feb 16 12:10:15 voon pppd[1680]: Using interface ppp0 > > Feb 16 12:10:15 voon pppd[1680]: Connect: ppp0 <--> /dev/pts/1 > > Feb 16 12:10:15 voon pppd[1680]: sent [LCP ConfReq id=0x1 > > ] > > Feb 16 12:10:15 voon pppd[1680]: Timeout 0x80503d4:0x80784c0 in 3 seconds. > > Feb 16 12:10:15 voon pptpd[1679]: GRE: Discarding duplicate packet > > Feb 16 12:10:15 voon pppd[1680]: rcvd [LCP ConfAck id=0x1 > > ] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x1 > 0x315471b9> < 0d 03 06> < 11 04 06 4e> < 13 17 01 02 3b > 94 > > 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 00 1b>] > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 13 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 17 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 19 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFREJ. > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 11 > > 04 06 4e> < 13 17 01 02 3b 94 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 > > 00 1b>] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x2 > 0x315471b9> ] > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFACK. > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfAck id=0x2 > 0x315471b9> ] > > Feb 16 12:10:17 voon pppd[1680]: Untimeout 0x80503d4:0x80784c0. > > Feb 16 12:10:17 voon pppd[1680]: sent [CHAP Challenge id=0x1 > > , name = "pptpd"] > > Feb 16 12:10:17 voon pppd[1680]: Timeout 0x8055b40:0x80787a0 in 3 seconds. > > Feb 16 12:10:17 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > with > > real ACCMs! > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x3 31 54 71 b9 4d > > 53 52 41 53 56 35 2e 30 30] > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x2 0c 03 00 12 31 > 54 > > 71 b9 4d 53 52 41 53 56 35 2e 30 30] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x4 31 54 71 b9 4d > > 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x3 0c 04 00 15 31 > 54 > > 71 b9 4d 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CHAP Response id=0x1 > > , name = "vpn"] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x8055b40:0x80787a0. > > Feb 16 12:10:18 voon pppd[1680]: ChapReceiveResponse: rcvd type > > CHAP-DIGEST-MD5 > > Feb 16 12:10:18 voon pppd[1680]: sent [CHAP Success id=0x1 "Welcome to > > voon.firespout.net."] > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x1 > 192.168.0.12> ] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x1 > > ] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: CHAP peer authentication succeeded for > vpn > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfReq id=0x5 ] > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfRej id=0x5 ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x6 > > ] > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x6 > > ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfRej id=0x1 > 01>] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x2 > 192.168.0.12>] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfRej id=0x1 > > ] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x2] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP TermReq > > id=0x7"1Tq\37777777671\000<\37777777715t\000\000\002\37777777734"] > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP TermAck id=0x7] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x8 ] > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x8 ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfAck id=0x2 > 192.168.0.12>] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP TermReq id=0x9 > > "1Tq\37777777671\000<\37777777715t\000\000\002\37777777742"] > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP TermAck id=0x9] > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > with > > real ACCMs! > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Error with select(), quitting > > Feb 16 12:10:18 voon pppd[1680]: Modem hangup > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > Feb 16 12:10:18 voon pppd[1680]: Connection terminated. > > Feb 16 12:10:18 voon pppd[1680]: Connect time 0.1 minutes. > > Feb 16 12:10:18 voon pppd[1680]: Sent 577 bytes, received 524 bytes. > > Feb 16 12:10:18 voon pppd[1680]: Exit. > > Feb 16 12:10:19 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > connection finished > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > -- -=-=-=-=-=- Chris Wood Kitco, Inc. Dixie Aerospace 801-489-2097 Wencor West, Inc. Durham Aircraft Serv. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From GeorgeV at citadelcomputer.com.au Wed Feb 21 15:39:13 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 22 Feb 2001 08:39:13 +1100 Subject: [pptp-server] A few more questions Message-ID: <200FAA488DE0D41194F10010B597610D08162B@JUPITER> You can make it whatever you want, it just makes it harder to IPchains the rules... pain in the butt really. The local and remote IPs can be different as long as both ends know this.. Take ADSL for instance, my provider is on 172.x.x.x and my IP is 61.x.x.x or similar... yet it works... thanks, George Vieira -----Original Message----- From: Kris Haight [mailto:khaight at firespout.com] Sent: Thursday, February 22, 2001 6:09 AM To: 'Chris Wood'; Kris Haight Cc: 'robert'; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] A few more questions That I wasnt unsure of. So I left it the way it is. Anyone care to correct me? -----Original Message----- From: Chris Wood [mailto:cwood at wencor.com] Sent: Wednesday, February 21, 2001 2:09 PM To: Kris Haight Cc: 'robert'; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] A few more questions Doesn't the localip have to be a range with the same number of IPs as the remoteip? localip 192.168.0.12-27 remoteip 192.168.0.210-225 On Wed, 21 Feb 2001, Kris Haight wrote: > > Something like this: > > #### pptpd.conf ##### > > debug > localip 192.168.0.12 > remoteip 192.168.0.210-225 > listen 192.168.2.3 > > > > -----Original Message----- > From: robert [mailto:berzerke at swbell.net] > Sent: Wednesday, February 21, 2001 10:31 AM > To: Kris Haight > Subject: Re: [pptp-server] A few more questions > > > What does you /etc/pptpd.conf look like? > > On Wednesday 21 February 2001 07:58, you wrote: > > Okay one more question and I should be up and running. > > > > ----- > > > > I've got the encryption to work, and I can see it. However I can only get > > the encyrption to work when I use pptpctrl, and the arguements do not > work. > > If I say in the inetd.conf: > > > > pptpctrl 0 0 0 0 0 0 > > > > Windows responds back and says "The Server could not assign an IP address" > > > > if I say: > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 0 0 0 0 > > > > I get the same thing. > > > > However, if I do something like: > > > > pptpctrl 0 1 /etc/ppp/options.pptpd 1 115200 1 192.168.0.12 1 > 192.168.0.210 > > 0 > > > > *.12 being the vpn server itself > > and *.210 being the Ip from the range I want it to use to assign ips. > > > > This works. BUT I would like to use more than 1 IP address on my server =) > > > > Is there any way to get the pptpctrl to read the ppptd.conf file? This is > > the ONLY way I can get encryption to work properly. > > > > Thanks > > > > -- Kris > > > > My Log file looks something at the bottom of this email. > > > > -----Original Message----- > > From: Kris Haight [mailto:khaight at firespout.com] > > Sent: Friday, February 16, 2001 9:57 AM > > To: 'pptp-server at lists.schulte.org' > > Subject: [pptp-server] A few more questions > > > > > > > > Hello All- > > > > Well.. I think I have the server up and going, and I've (I think) > > sucessfully got the enycrption peice working > > > > Now my question is how do I know if my data connection is using data > > encryption? (If this is at all possible with PoPToe), or if my login is > > secure? > > > > I'm using a Windows 2000 client to test this btw. > > > > Thanks yet again? :) > > > > -- Kris > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > --- From Log File --- > > > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > connection started > > Feb 16 12:10:15 voon pptpd[1679]: CTRL: Starting call (launching pppd, > > opening GRE) > > Feb 16 12:10:15 voon pppd[1680]: pppd 2.3.11 started by root, uid 0 > > Feb 16 12:10:15 voon pppd[1680]: Using interface ppp0 > > Feb 16 12:10:15 voon pppd[1680]: Connect: ppp0 <--> /dev/pts/1 > > Feb 16 12:10:15 voon pppd[1680]: sent [LCP ConfReq id=0x1 > > ] > > Feb 16 12:10:15 voon pppd[1680]: Timeout 0x80503d4:0x80784c0 in 3 seconds. > > Feb 16 12:10:15 voon pptpd[1679]: GRE: Discarding duplicate packet > > Feb 16 12:10:15 voon pppd[1680]: rcvd [LCP ConfAck id=0x1 > > ] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x1 > 0x315471b9> < 0d 03 06> < 11 04 06 4e> < 13 17 01 02 3b > 94 > > 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 00 1b>] > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 13 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 17 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: rcvd unknown option 19 > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFREJ. > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 11 > > 04 06 4e> < 13 17 01 02 3b 94 05 82 39 4d 35 8a fb a7 76 50 bf 5c 33 00 00 > > 00 1b>] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP ConfReq id=0x2 > 0x315471b9> ] > > Feb 16 12:10:17 voon pppd[1680]: lcp_reqci: returning CONFACK. > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP ConfAck id=0x2 > 0x315471b9> ] > > Feb 16 12:10:17 voon pppd[1680]: Untimeout 0x80503d4:0x80784c0. > > Feb 16 12:10:17 voon pppd[1680]: sent [CHAP Challenge id=0x1 > > , name = "pptpd"] > > Feb 16 12:10:17 voon pppd[1680]: Timeout 0x8055b40:0x80787a0 in 3 seconds. > > Feb 16 12:10:17 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > with > > real ACCMs! > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x3 31 54 71 b9 4d > > 53 52 41 53 56 35 2e 30 30] > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x2 0c 03 00 12 31 > 54 > > 71 b9 4d 53 52 41 53 56 35 2e 30 30] > > Feb 16 12:10:17 voon pppd[1680]: rcvd [LCP code=0xc id=0x4 31 54 71 b9 4d > > 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > Feb 16 12:10:17 voon pppd[1680]: sent [LCP CodeRej id=0x3 0c 04 00 15 31 > 54 > > 71 b9 4d 53 52 41 53 2d 31 2d 49 52 41 5a 55] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CHAP Response id=0x1 > > , name = "vpn"] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x8055b40:0x80787a0. > > Feb 16 12:10:18 voon pppd[1680]: ChapReceiveResponse: rcvd type > > CHAP-DIGEST-MD5 > > Feb 16 12:10:18 voon pppd[1680]: sent [CHAP Success id=0x1 "Welcome to > > voon.firespout.net."] > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x1 > 192.168.0.12> ] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x1 > > ] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: CHAP peer authentication succeeded for > vpn > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfReq id=0x5 ] > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfRej id=0x5 ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x6 > > ] > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x6 > > ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfRej id=0x1 > 01>] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfReq id=0x2 > 192.168.0.12>] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078720 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP ConfRej id=0x1 > > ] > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP ConfReq id=0x2] > > Feb 16 12:10:18 voon pppd[1680]: Timeout 0x80503d4:0x8078840 in 3 seconds. > > Feb 16 12:10:18 voon pppd[1680]: rcvd [CCP TermReq > > id=0x7"1Tq\37777777671\000<\37777777715t\000\000\002\37777777734"] > > Feb 16 12:10:18 voon pppd[1680]: sent [CCP TermAck id=0x7] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfReq id=0x8 ] > > Feb 16 12:10:18 voon pppd[1680]: ipcp: returning Configure-REJ > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP ConfRej id=0x8 ] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP ConfAck id=0x2 > 192.168.0.12>] > > Feb 16 12:10:18 voon pppd[1680]: rcvd [IPCP TermReq id=0x9 > > "1Tq\37777777671\000<\37777777715t\000\000\002\37777777742"] > > Feb 16 12:10:18 voon pppd[1680]: sent [IPCP TermAck id=0x9] > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Ignored a SET LINK INFO packet > with > > real ACCMs! > > Feb 16 12:10:18 voon pptpd[1679]: CTRL: Error with select(), quitting > > Feb 16 12:10:18 voon pppd[1680]: Modem hangup > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078720. > > Feb 16 12:10:18 voon pppd[1680]: Untimeout 0x80503d4:0x8078840. > > Feb 16 12:10:18 voon pppd[1680]: Connection terminated. > > Feb 16 12:10:18 voon pppd[1680]: Connect time 0.1 minutes. > > Feb 16 12:10:18 voon pppd[1680]: Sent 577 bytes, received 524 bytes. > > Feb 16 12:10:18 voon pppd[1680]: Exit. > > Feb 16 12:10:19 voon pptpd[1679]: CTRL: Client 165.247.4.52 control > > connection finished > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > -- -=-=-=-=-=- Chris Wood Kitco, Inc. Dixie Aerospace 801-489-2097 Wencor West, Inc. Durham Aircraft Serv. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From jeffb at swiftview.com Wed Feb 21 15:47:24 2001 From: jeffb at swiftview.com (Jeff Brandt) Date: Wed, 21 Feb 2001 13:47:24 -0800 Subject: [pptp-server] Linux 2.4.1, Finally Works! Solution Included Here... Message-ID: <3A94376C.69EE67BB@swiftview.com> Well I was futzing around with getting the openssl patches to work with 2.4.1. I was able to get everything working, except I couldn't seem to receive data on the client side. So I think I found the problem. In linux/drivers/net/ppp_mppe.c if (seq != state->ccount) { if (state->debug) { printk(KERN_DEBUG "mppe_decompress%d: bad seq # %d, expected %d\n", state->unit, seq, state->ccount); } while(state->ccount != seq) { mppe_update_count(state); } /* * Packets with bad sequence numbers can still be decrypted * successfully when stateless compression is in use. */ if (!state->stateless) { mppe_update_count(state); // return DECOMP_ERROR; } } You want to comment out the line that is commented out above. After this change my link worked in both directions.. -- Jeff Brandt Network Administrator SwiftView, Inc. http://www.swiftview.com mailto:jeffb at swiftview.com From Steve at SteveCowles.com Wed Feb 21 16:58:10 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 21 Feb 2001 16:58:10 -0600 Subject: [pptp-server] A few more questions Message-ID: <90769AF04F76D41186C700A0C90AFC3EE672@defiant.infohiiway.com> > -----Original Message----- > From: Michael Walter [mailto:walterm at gliatech.com] > Sent: Wednesday, February 21, 2001 2:00 PM > To: 'Kris Haight' > Cc: 'pptp-server at lists.schulte.org' > Subject: RE: [pptp-server] A few more questions > > > err reverse that, it looks a lot like this: > > localip 192.0.0.121 > remoteip 192.0.0.201-245 > listen XXX.XXX.XXX.XXX > I'm glad you corrected your last post. I was about to respond with... huh!! FWIW: I have found no reason to specify multiple "localip" addresses for each VPN. In fact, I have my "localip" set to the same address as the eth0 device of the PopTop server. Maybe someone can enlighten me on "why" I would want to specify multiple IP's for the local side. Anyway, to validate the above - perfrom a traceroute to a VPN client from a desktop client on your private LAN and notice which ip address answered the arp request. With linux, its always the ethernet interface's ip address that is listed as the proxyarp when the VPN connection started, NOT the localip address specified in /etc/pptpd.conf. ------------------------------ To illustrate, I changed the "localip" to a different IP address other than what is bound to eth0... From Steve at SteveCowles.com Wed Feb 21 17:02:01 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 21 Feb 2001 17:02:01 -0600 Subject: [pptp-server] Internal DNS server blues Message-ID: <90769AF04F76D41186C700A0C90AFC3EE673@defiant.infohiiway.com> > -----Original Message----- > From: David LANDGREN [mailto:dlandgre at bpinet.com] > Sent: Wednesday, February 21, 2001 10:07 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Internal DNS server blues > > > All is well and good, however... > > The clients initially dial up via modem, and the connection > to the initial ISP negotiates two public DNS servers, > 194.x.y.z whatever. On successfully connecting to the ISP, > the client then connects through MS VPN to my private network. > At this point things get rather bizarre. > What happens is the addresses of my two internal DNS servers, > rather than replacing the two public addresses, get tacked > onto the end. So when I run winipcfg on the ppp interface on > the client, I get four separate DNS addresses, my two coming > after the first two. This is not as bizarre as it may seem. This is normal TCP/IP -> Resolver Lib interaction. i.e. DNS servers are global settings, not per connection profile. I agree though, I would like to see Microsoft change the "order" of the DNS servers shown when using "winipcfg" after a VPN connection is established and then revert back when the VPN is terminated. Based on my results though, I think Microsoft is changing the order internally. Unfortunately, my Win98Me based laptop does not have nslookup, so a can't really verify what server is actually being queried after the VPN is established. i.e. nslookup -debug www.mydomain.com > > What this means is that the client is unable to resolve the > name of anything inside my network. What I really want to do > is to wipe out the initial DNS addresses that were given > during the initial dial-up and replace them with my internal > addresses. Because in any event, if my internal DNS servers > can't resolve an address (because its an outside machine), > they will forward the request onto those two public DNS > servers anyway. > > Does anyone have this setup ? I have the exact same setup. I run internal DNS servers which return private addresses for ftp,www,mail, etc... on my local network and then forward all other requests for everything else outside. I'm not seeing the same results as you. So I don't know if I can offer any pointers except to verify that what you are describing in your post... should work as you have stated. (see below) In fact, my VPN connection would be allmost useless if my internal DNS servers did not return the private ip addresses. NOTE: For the purpose of this post, I have changed my real domain name to "mydomain.com" and also substituted xx.xx.xx.xx for the public ip address. Also, my firewall is configured to NOT answer ICMP echo-requests (ping's) on the external interface, so the request timeouts shown are normal but name resolution is working. ---------------------- The following ping is after establishing a dialup connection to my ISP from my Win98Me laptop. I have not yet established my VPN. Name resolution is now pointing to my ISP's name servers. C:\WINDOWS>ping www.mydomain.com Pinging www.mydomain.com [xx.xx.xx.xx] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for xx.xx.xx.xx: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\WINDOWS> Now I have established a VPN into my local network which is running PopTop. Please note: At this time, when I run "winipcfg", I now have 4 DNS servers listed. My ISP's are still listed first, then my internal ones. Again, based on my results, I think Microsoft is changing the search order internally. The internal IP address is now properly returned for the same FQDN. C:\WINDOWS>ping www.mydomain.com Pinging www.mydomain.com [192.168.9.3] with 32 bytes of data: Reply from 192.168.9.3: bytes=32 time=234ms TTL=255 Reply from 192.168.9.3: bytes=32 time=206ms TTL=255 Reply from 192.168.9.3: bytes=32 time=206ms TTL=255 Reply from 192.168.9.3: bytes=32 time=219ms TTL=255 Ping statistics for 192.168.9.3: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 206ms, Maximum = 234ms, Average = 216ms C:\WINDOWS> I just checked my configuration on my Win98Me client. In both the dialup profile and the pptp profile, I am specifying absolutley nothing. i.e. DNS servers entries are blank. They are being assigned by either my ISP's DHCP servers or through /etc/ppp/options after the VPN is extablished. Good luck Steve Cowles From rex at col.com.ph Wed Feb 21 20:36:48 2001 From: rex at col.com.ph (rex at col.com.ph) Date: Thu, 22 Feb 2001 10:36:48 +0800 (PHT) Subject: [pptp-server] (no subject) In-Reply-To: <200FAA488DE0D41194F10010B597610D08162A@JUPITER> References: <200FAA488DE0D41194F10010B597610D08162A@JUPITER> Message-ID: <2903.202.72.78.189.982809408.squirrel@mail.col.com.ph> Thank you gentlemen for your informative replies i appreciate it so much, actually am not running the pptpd server, i am connecting to the speedcast.com pptp server which is based on WinNT my local ip address is 202.72.78.187 when i tried to connect to the pptp server (NT based) i got the same error as what i have shown in the previous message. thanks, Rex Cortez > If your talking about the Remote IP address then it's possible that the > pptpd server is not allocating the remote IP properly or the remote machine > is assigning itself an IP and the pptpd doesn't accept it. > > > thanks, > George Vieira > > > -----Original Message----- > From: rex at col.com.ph [mailto:rex at col.com.ph] > Sent: Wednesday, February 21, 2001 9:43 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] (no subject) > > > anyone has an idea on this problem??? ideas are appreciated... > > > > Feb 21 18:46:47 admin pptp[23315]: log[pptp_conn_close:pptp_ctrl.c:275]: > Closing > PPTP connection > Feb 21 18:55:55 admin pptp[23366]: log > [pptp_dispatch_ctrl_packet:pptp_ctrl.c:538 > ]: Client connection established. > Feb 21 18:56:00 admin pptp[23366]: log > [pptp_dispatch_ctrl_packet:pptp_ctrl.c:645 > ]: Outgoing call established (call ID 0, peer's call ID 0). > Feb 21 18:56:00 admin pppd[23368]: pppd 2.3.11 started by root, uid 0 > Feb 21 18:56:00 admin pppd[23368]: Using interface ppp0 > Feb 21 18:56:00 admin pppd[23368]: Connect: ppp0 <--> /dev/pts/1 > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > Feb 21 18:56:12 admin pppd[23368]: local IP address 192.168.0.1 > Feb 21 18:56:12 admin pppd[23368]: remote IP address 202.174.129.4 > Feb 21 18:56:13 admin pppd[23368]: IPCP terminated by peer (Unauthorized > remote > IP address) > Feb 21 18:56:16 admin pppd[23368]: LCP terminated by peer (No network > protocols > running) > Feb 21 18:56:19 admin pppd[23368]: Connection terminated. > Feb 21 18:56:19 admin pppd[23368]: Connect time 0.3 minutes. > Feb 21 18:56:19 admin pppd[23368]: Sent 2797038 bytes, received 391 bytes. > Feb 21 18:56:20 admin pppd[23368]: Exit. > Feb 21 18:56:20 admin pptp[23366]: log[pptp_conn_close:pptp_ctrl.c:275]: > Closing > PPTP connection > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From GeorgeV at citadelcomputer.com.au Wed Feb 21 21:16:29 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 22 Feb 2001 14:16:29 +1100 Subject: [pptp-server] (no subject) Message-ID: <200FAA488DE0D41194F10010B597610D08168A@JUPITER> OK so the client is Linux.. then try ipcp-accept-remote in your options file.. thanks, George Vieira -----Original Message----- From: rex at col.com.ph [mailto:rex at col.com.ph] Sent: Thursday, February 22, 2001 1:37 PM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] (no subject) Thank you gentlemen for your informative replies i appreciate it so much, actually am not running the pptpd server, i am connecting to the speedcast.com pptp server which is based on WinNT my local ip address is 202.72.78.187 when i tried to connect to the pptp server (NT based) i got the same error as what i have shown in the previous message. thanks, Rex Cortez > If your talking about the Remote IP address then it's possible that the > pptpd server is not allocating the remote IP properly or the remote machine > is assigning itself an IP and the pptpd doesn't accept it. > > > thanks, > George Vieira > > > -----Original Message----- > From: rex at col.com.ph [mailto:rex at col.com.ph] > Sent: Wednesday, February 21, 2001 9:43 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] (no subject) > > > anyone has an idea on this problem??? ideas are appreciated... > > > > Feb 21 18:46:47 admin pptp[23315]: log[pptp_conn_close:pptp_ctrl.c:275]: > Closing > PPTP connection > Feb 21 18:55:55 admin pptp[23366]: log > [pptp_dispatch_ctrl_packet:pptp_ctrl.c:538 > ]: Client connection established. > Feb 21 18:56:00 admin pptp[23366]: log > [pptp_dispatch_ctrl_packet:pptp_ctrl.c:645 > ]: Outgoing call established (call ID 0, peer's call ID 0). > Feb 21 18:56:00 admin pppd[23368]: pppd 2.3.11 started by root, uid 0 > Feb 21 18:56:00 admin pppd[23368]: Using interface ppp0 > Feb 21 18:56:00 admin pppd[23368]: Connect: ppp0 <--> /dev/pts/1 > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > Feb 21 18:56:12 admin pppd[23368]: local IP address 192.168.0.1 > Feb 21 18:56:12 admin pppd[23368]: remote IP address 202.174.129.4 > Feb 21 18:56:13 admin pppd[23368]: IPCP terminated by peer (Unauthorized > remote > IP address) > Feb 21 18:56:16 admin pppd[23368]: LCP terminated by peer (No network > protocols > running) > Feb 21 18:56:19 admin pppd[23368]: Connection terminated. > Feb 21 18:56:19 admin pppd[23368]: Connect time 0.3 minutes. > Feb 21 18:56:19 admin pppd[23368]: Sent 2797038 bytes, received 391 bytes. > Feb 21 18:56:20 admin pppd[23368]: Exit. > Feb 21 18:56:20 admin pptp[23366]: log[pptp_conn_close:pptp_ctrl.c:275]: > Closing > PPTP connection > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From GeorgeV at citadelcomputer.com.au Wed Feb 21 22:22:44 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 22 Feb 2001 15:22:44 +1100 Subject: [pptp-server] (no subject) Message-ID: <200FAA488DE0D41194F10010B597610D08169B@JUPITER> Actually it's noipdefault which is most likely the needed option.. thanks, George Vieira -----Original Message----- From: George Vieira Sent: Thursday, February 22, 2001 2:16 PM To: rex at col.com.ph; pptp-server at lists.schulte.org Subject: RE: [pptp-server] (no subject) OK so the client is Linux.. then try ipcp-accept-remote in your options file.. thanks, George Vieira -----Original Message----- From: rex at col.com.ph [mailto:rex at col.com.ph] Sent: Thursday, February 22, 2001 1:37 PM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] (no subject) Thank you gentlemen for your informative replies i appreciate it so much, actually am not running the pptpd server, i am connecting to the speedcast.com pptp server which is based on WinNT my local ip address is 202.72.78.187 when i tried to connect to the pptp server (NT based) i got the same error as what i have shown in the previous message. thanks, Rex Cortez > If your talking about the Remote IP address then it's possible that the > pptpd server is not allocating the remote IP properly or the remote machine > is assigning itself an IP and the pptpd doesn't accept it. > > > thanks, > George Vieira > > > -----Original Message----- > From: rex at col.com.ph [mailto:rex at col.com.ph] > Sent: Wednesday, February 21, 2001 9:43 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] (no subject) > > > anyone has an idea on this problem??? ideas are appreciated... > > > > Feb 21 18:46:47 admin pptp[23315]: log[pptp_conn_close:pptp_ctrl.c:275]: > Closing > PPTP connection > Feb 21 18:55:55 admin pptp[23366]: log > [pptp_dispatch_ctrl_packet:pptp_ctrl.c:538 > ]: Client connection established. > Feb 21 18:56:00 admin pptp[23366]: log > [pptp_dispatch_ctrl_packet:pptp_ctrl.c:645 > ]: Outgoing call established (call ID 0, peer's call ID 0). > Feb 21 18:56:00 admin pppd[23368]: pppd 2.3.11 started by root, uid 0 > Feb 21 18:56:00 admin pppd[23368]: Using interface ppp0 > Feb 21 18:56:00 admin pppd[23368]: Connect: ppp0 <--> /dev/pts/1 > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > warn[decaps_gre:pptp_gre.c:248]: discarding out-of-order > Feb 21 18:56:12 admin pppd[23368]: local IP address 192.168.0.1 > Feb 21 18:56:12 admin pppd[23368]: remote IP address 202.174.129.4 > Feb 21 18:56:13 admin pppd[23368]: IPCP terminated by peer (Unauthorized > remote > IP address) > Feb 21 18:56:16 admin pppd[23368]: LCP terminated by peer (No network > protocols > running) > Feb 21 18:56:19 admin pppd[23368]: Connection terminated. > Feb 21 18:56:19 admin pppd[23368]: Connect time 0.3 minutes. > Feb 21 18:56:19 admin pppd[23368]: Sent 2797038 bytes, received 391 bytes. > Feb 21 18:56:20 admin pppd[23368]: Exit. > Feb 21 18:56:20 admin pptp[23366]: log[pptp_conn_close:pptp_ctrl.c:275]: > Closing > PPTP connection > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From dreadboy at hotmail.com Thu Feb 22 06:01:34 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Thu, 22 Feb 2001 05:01:34 -0700 Subject: [pptp-server] Netmask woes... Last thing I'm sure. Message-ID: OK. Here goes. I'm able to log in from anywhere with any SMB username/password combo, strip off the MS domain crap, and authenticate perfectly from Win95A, 95B, 98, 98SE, NT4, and 2000. Cool. However, my client's IP address always shows a netmask of 255.255.255.0 which is correct. My LAN is a private subnet 192.168.0.x (I've used Class "C" even though these are for a Class "B" network, no matter either way.) Now, after the client connected, I could never, ever see any Windoze machines, including my Linux Samba server with WINS, DNS, remote announce, blah, blah, blah, blah, blah. This is because when I check the ppp0 interface with "ifconfig" the ppp0 interface always shows a netmask of 255.255.255.255. Of course this is quite futile if you want to view any of the 253 computers on your Class C network. =( I can run "ifconfig ppp0 netmask 255.255.255.0" and force the netmask, but this seems to make no difference after connection. I still can not see even the samba server trying WINS, BCAST, or LMHOSTS. I assume this is because I am stuck with that 255.255.255.255 netmasking door in my face. I am running PoPToP 1.0.1 with ppp 2.3.11 and kernel 2.2.17. I have an NT server at 192.168.0.1. (Netmask 255.255.255.0) I have a Linux SMB server at 192.168.0.2 with two network cards for gateway usage, etc. 192.168.0.2 is eth0 and my other IP is eth1. My ipchains script is almost perfect for forwarding, blockage, etc. I can see neither of these machines, or any other nodes for that matter. I can connect remotely from other Windoze machines. I read through the man pages for pppd and found the "netmask" option which is supposed to be placed in /etc/ppp/options. However, when I add "netmask 255.255.255.0" into the options file, it definitely isn't rejected by pptpd or pppd, but still 255.255.255.255 comes up on the ppp0 interface. In the pppd man pages it states that "some O/Ses won't allow anything but" What?! I've read several threads on the mailing list of people having success with RedHat Linux. What am I doing wrong? I have RedHat 6.2 (Originally kernel 2.2.14-5.0, now is 2.2.17 with GRE and ppp-2.3.11 with all of the MS patches which seem to be working fine.) Argghhh!!! How does one get by this? I'm sure it's the last step to enabling MS clients to access our VPN. Who's got the quick answer for this one? _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From dreadboy at hotmail.com Thu Feb 22 06:01:34 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Thu, 22 Feb 2001 05:01:34 -0700 Subject: [pptp-server] Netmask woes... Last thing I'm sure. Message-ID: OK. Here goes. I'm able to log in from anywhere with any SMB username/password combo, strip off the MS domain crap, and authenticate perfectly from Win95A, 95B, 98, 98SE, NT4, and 2000. Cool. However, my client's IP address always shows a netmask of 255.255.255.0 which is correct. My LAN is a private subnet 192.168.0.x (I've used Class "C" even though these are for a Class "B" network, no matter either way.) Now, after the client connected, I could never, ever see any Windoze machines, including my Linux Samba server with WINS, DNS, remote announce, blah, blah, blah, blah, blah. This is because when I check the ppp0 interface with "ifconfig" the ppp0 interface always shows a netmask of 255.255.255.255. Of course this is quite futile if you want to view any of the 253 computers on your Class C network. =( I can run "ifconfig ppp0 netmask 255.255.255.0" and force the netmask, but this seems to make no difference after connection. I still can not see even the samba server trying WINS, BCAST, or LMHOSTS. I assume this is because I am stuck with that 255.255.255.255 netmasking door in my face. I am running PoPToP 1.0.1 with ppp 2.3.11 and kernel 2.2.17. I have an NT server at 192.168.0.1. (Netmask 255.255.255.0) I have a Linux SMB server at 192.168.0.2 with two network cards for gateway usage, etc. 192.168.0.2 is eth0 and my other IP is eth1. My ipchains script is almost perfect for forwarding, blockage, etc. I can see neither of these machines, or any other nodes for that matter. I can connect remotely from other Windoze machines. I read through the man pages for pppd and found the "netmask" option which is supposed to be placed in /etc/ppp/options. However, when I add "netmask 255.255.255.0" into the options file, it definitely isn't rejected by pptpd or pppd, but still 255.255.255.255 comes up on the ppp0 interface. In the pppd man pages it states that "some O/Ses won't allow anything but" What?! I've read several threads on the mailing list of people having success with RedHat Linux. What am I doing wrong? I have RedHat 6.2 (Originally kernel 2.2.14-5.0, now is 2.2.17 with GRE and ppp-2.3.11 with all of the MS patches which seem to be working fine.) Argghhh!!! How does one get by this? I'm sure it's the last step to enabling MS clients to access our VPN. Who's got the quick answer for this one? _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From dreadboy at hotmail.com Thu Feb 22 06:01:34 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Thu, 22 Feb 2001 05:01:34 -0700 Subject: [pptp-server] Netmask woes... Last thing I'm sure. Message-ID: OK. Here goes. I'm able to log in from anywhere with any SMB username/password combo, strip off the MS domain crap, and authenticate perfectly from Win95A, 95B, 98, 98SE, NT4, and 2000. Cool. However, my client's IP address always shows a netmask of 255.255.255.0 which is correct. My LAN is a private subnet 192.168.0.x (I've used Class "C" even though these are for a Class "B" network, no matter either way.) Now, after the client connected, I could never, ever see any Windoze machines, including my Linux Samba server with WINS, DNS, remote announce, blah, blah, blah, blah, blah. This is because when I check the ppp0 interface with "ifconfig" the ppp0 interface always shows a netmask of 255.255.255.255. Of course this is quite futile if you want to view any of the 253 computers on your Class C network. =( I can run "ifconfig ppp0 netmask 255.255.255.0" and force the netmask, but this seems to make no difference after connection. I still can not see even the samba server trying WINS, BCAST, or LMHOSTS. I assume this is because I am stuck with that 255.255.255.255 netmasking door in my face. I am running PoPToP 1.0.1 with ppp 2.3.11 and kernel 2.2.17. I have an NT server at 192.168.0.1. (Netmask 255.255.255.0) I have a Linux SMB server at 192.168.0.2 with two network cards for gateway usage, etc. 192.168.0.2 is eth0 and my other IP is eth1. My ipchains script is almost perfect for forwarding, blockage, etc. I can see neither of these machines, or any other nodes for that matter. I can connect remotely from other Windoze machines. I read through the man pages for pppd and found the "netmask" option which is supposed to be placed in /etc/ppp/options. However, when I add "netmask 255.255.255.0" into the options file, it definitely isn't rejected by pptpd or pppd, but still 255.255.255.255 comes up on the ppp0 interface. In the pppd man pages it states that "some O/Ses won't allow anything but" What?! I've read several threads on the mailing list of people having success with RedHat Linux. What am I doing wrong? I have RedHat 6.2 (Originally kernel 2.2.14-5.0, now is 2.2.17 with GRE and ppp-2.3.11 with all of the MS patches which seem to be working fine.) Argghhh!!! How does one get by this? I'm sure it's the last step to enabling MS clients to access our VPN. Who's got the quick answer for this one? _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From tim at digitalbrain.com Thu Feb 22 09:59:56 2001 From: tim at digitalbrain.com (Tim Small) Date: Thu, 22 Feb 2001 15:59:56 +0000 Subject: [pptp-server] MRU/MTU on PPTP connection? Message-ID: <3A95377C.9080206@digitalbrain.com> Hi, I just wondered if anyone had any experience of performance-tuning pppd options with PoPToP (for use with MPPE in particular). In particular, I should think that the MRU, and MTU values should probably be a bit less than the underlying TCP/IP connection MTU (e.g. 1500 for ethernet, 1400 ish for ATM type ADSL), to allow for PPP packet overhead. I also assume that you should specify "asyncmap 0". The Windows98 SE box I'm using seems to default its MTU to 248 bytes (!). I think this is the MS default for dial up networking connections. If the PPTP is running over a dialup networking connection which hasn't been tweaked, I would guess that this should be lowered a bit (either that or put up to the 1500 byte full-whack)? Any ideas anyone? Cheers, Tim. p.s. Does anyone know of a ping (or other similar utility) for Linux which supports the manual-MTU-discovery of the Windows "ping -l xx -f"? From tim at digitalbrain.com Thu Feb 22 09:59:56 2001 From: tim at digitalbrain.com (Tim Small) Date: Thu, 22 Feb 2001 15:59:56 +0000 Subject: [pptp-server] MRU/MTU on PPTP connection? Message-ID: <3A95377C.9080206@digitalbrain.com> Hi, I just wondered if anyone had any experience of performance-tuning pppd options with PoPToP (for use with MPPE in particular). In particular, I should think that the MRU, and MTU values should probably be a bit less than the underlying TCP/IP connection MTU (e.g. 1500 for ethernet, 1400 ish for ATM type ADSL), to allow for PPP packet overhead. I also assume that you should specify "asyncmap 0". The Windows98 SE box I'm using seems to default its MTU to 248 bytes (!). I think this is the MS default for dial up networking connections. If the PPTP is running over a dialup networking connection which hasn't been tweaked, I would guess that this should be lowered a bit (either that or put up to the 1500 byte full-whack)? Any ideas anyone? Cheers, Tim. p.s. Does anyone know of a ping (or other similar utility) for Linux which supports the manual-MTU-discovery of the Windows "ping -l xx -f"? From giulioo at pobox.com Thu Feb 22 11:48:11 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Thu, 22 Feb 2001 18:48:11 +0100 Subject: [pptp-server] Netmask woes... Last thing I'm sure. In-Reply-To: References: Message-ID: <20010222174836.7FEBD164D0@i3.golden.dom> On Thu, 22 Feb 2001 05:01:34 -0700, you wrote: >However, my client's IP address always shows a netmask of 255.255.255.0 >Now, after the client connected, I could never, ever see any Windoze >machines, including my Linux Samba server with WINS, DNS, remote announce, >This is because when I check the ppp0 interface with "ifconfig" the ppp0 >interface always shows a netmask of 255.255.255.255. Of course this is I think the problem is another one; the netmask that counts is the one you see on the win9x pc doing run->winipcfg, the ppp0 netmask is not the problem. >I can see neither of these machines, or any other nodes for that matter. >I can connect remotely from other Windoze machines. So you can ping the machine through vpn, but cannot use netbios? If you do "find computer" using the ip address, do you find it? -- giulioo at pobox.com From dreadboy at hotmail.com Thu Feb 22 12:02:06 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Thu, 22 Feb 2001 11:02:06 -0700 Subject: [pptp-server] Netmask woes... Continue on.... Message-ID: Hold on, I'm assuming you only read a piece of what I was trying to relay. The SMB, WINS, DHCP, Apache, FTP, ipchains, and DNS functions work perfectly on my server. I replaced an NT 4 server completely with its functions. Any Windoze/SMB node that receives a 192.168.0.x address with a netmask of 255.255.255.0 is seen by the LAN. The problem ain't with that side of things from what I know. Are you trying to say that the 255.255.255.255 netmask shown by ppp0 is valid, and it should correspond to any class of network? What if I had a Class "A" network "10.x.x.x" how does ppp0 know what the netmask is? Class "B" "192.168.x.x", etc. Are you saying that the netmask shown in ppp0's configuration just automatically matches to whatever the internal LAN's netmask is? If this is true, please elaborate, because I'm stumped. Thx. >However, my client's IP address always shows a netmask of 255.255.255.0 >Now, after the client connected, I could never, ever see any Windoze >machines, including my Linux Samba server with WINS, DNS, remote announce, >This is because when I check the ppp0 interface with "ifconfig" the ppp0 >interface always shows a netmask of 255.255.255.255. Of course this is I think the problem is another one; the netmask that counts is the one you see on the win9x pc doing run->winipcfg, the ppp0 netmask is not the problem. >I can see neither of these machines, or any other nodes for that matter. >I can connect remotely from other Windoze machines. So you can ping the machine through vpn, but cannot use netbios? If you do "find computer" using the ip address, do you find it? -- giulioo at pobox.com _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From cwood at wencor.com Thu Feb 22 12:29:03 2001 From: cwood at wencor.com (Chris Wood) Date: Thu, 22 Feb 2001 11:29:03 -0700 (Mountain Standard Time) Subject: [pptp-server] Netmask woes... Last thing I'm sure. In-Reply-To: Message-ID: Can you search for the servers by IP and find them? Or map network drive \\192.160.0.2\SHARENAME? On Thu, 22 Feb 2001, Dread Boy wrote: > OK. Here goes. I'm able to log in from anywhere with any SMB > username/password combo, strip off the MS domain crap, and authenticate > perfectly from Win95A, 95B, 98, 98SE, NT4, and 2000. Cool. > > However, my client's IP address always shows a netmask of 255.255.255.0 > which is correct. My LAN is a private subnet 192.168.0.x (I've used Class > "C" even though these are for a Class "B" network, no matter either way.) > > Now, after the client connected, I could never, ever see any Windoze > machines, including my Linux Samba server with WINS, DNS, remote announce, > blah, blah, blah, blah, blah. > > This is because when I check the ppp0 interface with "ifconfig" the ppp0 > interface always shows a netmask of 255.255.255.255. Of course this is > quite futile if you want to view any of the 253 computers on your Class C > network. =( > > I can run "ifconfig ppp0 netmask 255.255.255.0" and force the netmask, but > this seems to make no difference after connection. I still can not see even > the samba server trying WINS, BCAST, or LMHOSTS. > > I assume this is because I am stuck with that 255.255.255.255 netmasking > door in my face. > > I am running PoPToP 1.0.1 with ppp 2.3.11 and kernel 2.2.17. > > I have an NT server at 192.168.0.1. (Netmask 255.255.255.0) > > I have a Linux SMB server at 192.168.0.2 with two network cards for gateway > usage, etc. 192.168.0.2 is eth0 and my other IP is eth1. My ipchains > script is almost perfect for forwarding, blockage, etc. > > I can see neither of these machines, or any other nodes for that matter. > > I can connect remotely from other Windoze machines. > > I read through the man pages for pppd and found the "netmask" option which > is supposed to be placed in /etc/ppp/options. However, when I add "netmask > 255.255.255.0" into the options file, it definitely isn't rejected by pptpd > or pppd, but still 255.255.255.255 comes up on the ppp0 interface. In the > pppd man pages it states that "some O/Ses won't allow anything but" > > What?! I've read several threads on the mailing list of people having > success with RedHat Linux. What am I doing wrong? I have RedHat 6.2 > (Originally kernel 2.2.14-5.0, now is 2.2.17 with GRE and ppp-2.3.11 with > all of the MS patches which seem to be working fine.) > > Argghhh!!! > > How does one get by this? I'm sure it's the last step to enabling MS > clients to access our VPN. > > Who's got the quick answer for this one? > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > -- -=-=-=-=-=- Chris Wood Kitco, Inc. Dixie Aerospace 801-489-2097 Wencor West, Inc. Durham Aircraft Serv. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From dreadboy at hotmail.com Thu Feb 22 12:27:49 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Thu, 22 Feb 2001 11:27:49 -0700 Subject: [pptp-server] Netmask woes... No, that ain't it. Message-ID: No. Not at all. Can't see a thing, no "NET VIEW", no \\192.168.x.x server or its share, etc. So close, yet so far away.... Can you search for the servers by IP and find them? Or map network drive \\192.160.0.2\SHARENAME? On Thu, 22 Feb 2001, Dread Boy wrote: >OK. Here goes. I'm able to log in from anywhere with any SMB >username/password combo, strip off the MS domain crap, and authenticate >perfectly from Win95A, 95B, 98, 98SE, NT4, and 2000. Cool. > >However, my client's IP address always shows a netmask of 255.255.255.0 >which is correct. My LAN is a private subnet 192.168.0.x (I've used Class >"C" even though these are for a Class "B" network, no matter either way.) > >Now, after the client connected, I could never, ever see any Windoze >machines, including my Linux Samba server with WINS, DNS, remote announce, >blah, blah, blah, blah, blah. > >This is because when I check the ppp0 interface with "ifconfig" the ppp0 >interface always shows a netmask of 255.255.255.255. Of course this is >quite futile if you want to view any of the 253 computers on your Class C >network. =( > >I can run "ifconfig ppp0 netmask 255.255.255.0" and force the netmask, but >this seems to make no difference after connection. I still can not see >even the samba server trying WINS, BCAST, or LMHOSTS. > >I assume this is because I am stuck with that 255.255.255.255 netmasking >door in my face. > >I am running PoPToP 1.0.1 with ppp 2.3.11 and kernel 2.2.17. > >I have an NT server at 192.168.0.1. (Netmask 255.255.255.0) > >I have a Linux SMB server at 192.168.0.2 with two network cards for gateway >usage, etc. 192.168.0.2 is eth0 and my other IP is eth1. My ipchains >script is almost perfect for forwarding, blockage, etc. > >I can see neither of these machines, or any other nodes for that matter. > >I can connect remotely from other Windoze machines. > >I read through the man pages for pppd and found the "netmask" option which >is supposed to be placed in /etc/ppp/options. However, when I add "netmask >255.255.255.0" into the options file, it definitely isn't rejected by pptpd >or pppd, but still 255.255.255.255 comes up on the ppp0 interface. In the >pppd man pages it states that "some O/Ses won't allow anything but" > >What?! I've read several threads on the mailing list of people having >success with RedHat Linux. What am I doing wrong? I have RedHat 6.2 >(Originally kernel 2.2.14-5.0, now is 2.2.17 with GRE and ppp-2.3.11 with >all of the MS patches which seem to be working fine.) > >Argghhh!!! > >How does one get by this? I'm sure it's the last step to enabling MS >clients to access our VPN. > >Who's got the quick answer for this one? >_________________________________________________________________________ >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! > -- -=-=-=-=-=- Chris Wood Kitco, Inc. Dixie Aerospace 801-489-2097 Wencor West, Inc. Durham Aircraft Serv. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From Steve at SteveCowles.com Thu Feb 22 12:52:36 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Thu, 22 Feb 2001 12:52:36 -0600 Subject: [pptp-server] Netmask woes... Last thing I'm sure. Message-ID: <90769AF04F76D41186C700A0C90AFC3EE678@defiant.infohiiway.com> > -----Original Message----- > From: Dread Boy [mailto:dreadboy at hotmail.com] > Sent: Thursday, February 22, 2001 6:02 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Netmask woes... Last thing I'm sure. > > > OK. Here goes. I'm able to log in from anywhere with any SMB > username/password combo, strip off the MS domain crap, and > authenticate perfectly from Win95A, 95B, 98, 98SE, NT4, and > 2000. Cool. > > However, my client's IP address always shows a netmask of > 255.255.255.0 which is correct. My LAN is a private subnet > 192.168.0.x (I've used Class "C" even though these are for a > Class "B" network, no matter either way.) > > Now, after the client connected, I could never, ever see any > Windoze machines, including my Linux Samba server with WINS, > DNS, remote announce, blah, blah, blah, blah, blah. > > This is because when I check the ppp0 interface with "ifconfig" > the ppp0 interface always shows a netmask of 255.255.255.255. > Of course this is quite futile if you want to view any of the > 253 computers on your Class C network. =( No its not futile. In fact, its correct! Your ppp* devices *should* show a 32 bit mask as you have stated. This is normal when you have a ppp virtual device that has another device (eth*) answer arp requests on behalf of the remote pptp clients ip address. i.e. proxyarp > > I can run "ifconfig ppp0 netmask 255.255.255.0" and force the > netmask, but this seems to make no difference after connection. > I still can not see even the samba server trying WINS, BCAST, > or LMHOSTS. > > I assume this is because I am stuck with that 255.255.255.255 > netmasking door in my face. As you have stated, changing the netmask will not help. In fact, this would probably cause problems for the next ppp connection. i.e. concurrent ppp connections. Leave the netmask alone for the ppp devices. It's correct! > > I am running PoPToP 1.0.1 with ppp 2.3.11 and kernel 2.2.17. > > I have an NT server at 192.168.0.1. (Netmask 255.255.255.0) > > I have a Linux SMB server at 192.168.0.2 with two network cards > for gateway usage, etc. 192.168.0.2 is eth0 and my other IP is > eth1. My ipchains script is almost perfect for forwarding, > blockage, etc. > > I can see neither of these machines, or any other nodes for > that matter. > > I can connect remotely from other Windoze machines. > > I read through the man pages for pppd and found the "netmask" > option which is supposed to be placed in /etc/ppp/options. > However, when I add "netmask 255.255.255.0" into the options > file, it definitely isn't rejected by pptpd or pppd, but still > 255.255.255.255 comes up on the ppp0 interface. In the pppd > man pages it states that "some O/Ses won't allow anything but" > > What?! I've read several threads on the mailing list of > people having success with RedHat Linux. What am I doing wrong? > I have RedHat 6.2 (Originally kernel 2.2.14-5.0, now is 2.2.17 > with GRE and ppp-2.3.11 with all of the MS patches which seem > to be working fine.) > > Argghhh!!! > > How does one get by this? I'm sure it's the last step to enabling > MS clients to access our VPN. > > Who's got the quick answer for this one? Based on the content of your post (you have explained the problem well, but I see no relevant config data), there is no simple answer. If I could suggest - you need to resolve the layer 3 (protocol) issues between the PPTP client and your LAN *FIRST*, then deal with MS Networking, which requires Layer 3 to be functional since netbios is encapsulated within a TCP/IP packet. A simple test would be to (from the remote PPTP client): 1) ping the remote ip address of the PPTP server's ppp* ip address, this is not the eth0 device. If you get a reply, then... 2) ping the eth0 ip address of the PPTP server. If you get a reply, then... 3) ping another server on the same LAN as the pptp server. If you get a reply, then layer 3 is functional. If you do not get a reply to any of the above, then the following are possible culprits: * The eth* device on the PPTP server is not being set to "proxyarp" for the ppp* devices. * IP_FORWARDING is not enabled on the PPTP server. * ipchain rules are not allowing forwarding from device eth* to ppp* and vice-versa Once you resolve the above issues, MS Networking should start working if your WINS server is functional and other clients have registered with it. If you know it is, then I would check to be sure there is not an ipchain rule on the PPTP server that is blocking ports 137:139 from being passed to the PPTP client. Steve Cowles From giulioo at pobox.com Thu Feb 22 12:53:05 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Thu, 22 Feb 2001 19:53:05 +0100 Subject: [pptp-server] Netmask woes... Continue on.... In-Reply-To: References: Message-ID: <20010222185330.9F38D1639D@i3.golden.dom> On Thu, 22 Feb 2001 11:02:06 -0700, you wrote: >Hold on, I'm assuming you only read a piece of what I was trying to relay. >The SMB, WINS, DHCP, Apache, FTP, ipchains, and DNS functions work perfectly >on my server. You said "...Now, after the client connected, I could never, ever see any Windoze machines, including my Linux Samba server with WINS, DNS, remote announce, blah, blah, blah, blah, blah..." and then talked about netmask problem. I understand "never, ever" as a negation, but English is not my language :-); I thought your vpn client could not see the samba server and you thought this was due to the netmask you see in ppp0. I said I thought this was not the case. >Are you trying to say that the 255.255.255.255 netmask shown by ppp0 is >valid, and it should correspond to any class of network? I'm saying that ppp0 is used as a tunnel for the real connection, so that the netmask that has effect on windows networking is the one you see in the win9x pc's doing winipcfg. >What if I had a Class "A" network "10.x.x.x" how does ppp0 know what the >netmask is? Class "B" "192.168.x.x", etc. As I said, I think the netmask that counts is the one used by win9x clients and the win9x clients choose the netmask using "classful reasoning", you cannot change that. If the win9x clients gets a 10.x.x.x it will use 255.0.0.0, if it gets 192.168.x.x it will use 255.255.255.0 and so for B. >Are you saying that the netmask shown in ppp0's configuration just >automatically matches to whatever the internal LAN's netmask is? Don't know, I never worried about the ppp0 netmask, it gets set to 255.255.255.255 on my system too. -- giulioo at pobox.com From jward at cem.msu.edu Thu Feb 22 14:38:30 2001 From: jward at cem.msu.edu (Joe Ward) Date: Thu, 22 Feb 2001 15:38:30 -0500 Subject: [pptp-server] Trinity Firewall question Message-ID: <5.0.2.1.2.20010222153458.00adafb0@pop3.norton.antivirus> I'm looking to utilize the TrinityOS firewall ruleset for IPCHAINS. Right now I have a not so secure firewall setup that works with PPTPd but I will obviously need to make the necessary adjustments to the trinity script for the poptop server. anyone document these changes? I'm asking cause while I was installing poptop a couple of weeks ago I trying using the rules in package and it seemed to break everything. I couldn't get out on my masq server or in on the vpn. Just want to minimize the messing around I will have to do. -Joe From rcd at amherst.com Thu Feb 22 16:17:32 2001 From: rcd at amherst.com (Robert Dege) Date: Thu, 22 Feb 2001 17:17:32 -0500 Subject: [pptp-server] Netmask woes... Last thing I'm sure. References: <90769AF04F76D41186C700A0C90AFC3EE678@defiant.infohiiway.com> Message-ID: <3A958FFC.60002@amherst.com> > A simple test would be to (from the remote PPTP client): > > 1) ping the remote ip address of the PPTP server's ppp* ip address, this is > not the eth0 device. If you get a reply, then... > 2) ping the eth0 ip address of the PPTP server. If you get a reply, then... > 3) ping another server on the same LAN as the pptp server. If you get a > reply, then layer 3 is functional. > > If you do not get a reply to any of the above, then the following are > possible culprits: > * The eth* device on the PPTP server is not being set > to "proxyarp" for the ppp* devices. > * IP_FORWARDING is not enabled on the PPTP server. > * ipchain rules are not allowing forwarding from device > eth* to ppp* and vice-versa > > > Once you resolve the above issues, MS Networking should start working if > your WINS server is functional and other clients have registered with it. If > you know it is, then I would check to be sure there is not an ipchain rule > on the PPTP server that is blocking ports 137:139 from being passed to the > PPTP client. > > Steve Cowles I too am having similar problems as .... Dread Boy. I posted earlier about it, but became so frustrated with NetBios that I decided to take a little vacation from that project :) Anyways, my question. We are converting to DHCP, so pinging machines is not as easy since there is not an easy way to resolve NetBios name to IP. I was able to pass the 3 Steve Cowles tests with flying colors, but still suffer the fate of Net Hood failure. Does it matter if I have Network firewalling (ipchains) disabled in my kernel? I assumed that NOT having it installed would be the equivalent as having ACCEPT for forwards, inputs & outputs. -Rob From hjw at superstar.co.kr Thu Feb 22 18:56:06 2001 From: hjw at superstar.co.kr (=?ks_c_5601-1987?B?x8/BpL/s?=) Date: Fri, 23 Feb 2001 09:56:06 +0900 Subject: [pptp-server] a route table problem Message-ID: <008301c09d33$683d13a0$2e3befcb@superstar.co.kr> 203.239.59.130 ==> hostname is kikio rouing table before ipsec act ----------------------------------------------------------------------------------- Destination Gateway Genmask Flags Metric Ref Use Iface 203.239.59.97 * 255.255.255.255 UH 0 0 0 eth1 203.239.59.130 * 255.255.255.255 UH 0 0 0 eth0 203.239.59.64 FLB-500 255.255.255.224 UG 0 0 0 eth0 203.239.59.96 * 255.255.255.224 U 0 0 0 eth1 203.239.59.128 * 255.255.255.224 U 0 0 0 eth0 203.239.59.128 * 255.255.255.224 U 0 0 0 ipsec0 203.239.59.160 linux1 255.255.255.224 UG 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo ipsec auto --up conn_test -------------------------------------------------------------------------- Destination Gateway Genmask Flags Metric Ref Use Iface 203.239.59.97 * 255.255.255.255 UH 0 0 0 eth1 203.239.59.130 * 255.255.255.255 UH 0 0 0 eth0 203.239.59.64 FLB-500 255.255.255.224 UG 0 0 0 eth0 203.239.59.96 * 255.255.255.224 U 0 0 0 eth1 203.239.59.128 * 255.255.255.224 U 0 0 0 eth0 203.239.59.128 * 255.255.255.224 U 0 0 0 ipsec0 203.239.59.160 linux1 255.255.255.224 UG 0 0 0 ipsec0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo ipsec auto --down conn_test -------------------------------------------------------------------------- Destination Gateway Genmask Flags Metric Ref Use Iface 203.239.59.97 * 255.255.255.255 UH 0 0 0 eth1 203.239.59.130 * 255.255.255.255 UH 0 0 0 eth0 203.239.59.64 FLB-500 255.255.255.224 UG 0 0 0 eth0 203.239.59.96 * 255.255.255.224 U 0 0 0 eth1 203.239.59.128 * 255.255.255.224 U 0 0 0 eth0 203.239.59.128 * 255.255.255.224 U 0 0 0 ipsec0 203.239.59.160 linux1 255.255.255.224 UG 0 0 0 ipsec0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo -------------------------------------------------------------------------- when ipsec auto --down, 203.23.59.160 ipsec interface is not unrouted. so between linux1's 203.23.59.160 subnet and kikio's subnet 203.23.59.96 can not ping , telnet and ftp etc... question1 i don't know that <203.239.59.160 linux1 255.255.255.224 UG 0 0 0 ipsec0 > interface is always unrouted. question2 sometimes route is not removed. @.. at a help me!!! -------------- next part -------------- An HTML attachment was scrubbed... URL: From Steve at SteveCowles.com Thu Feb 22 19:13:47 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Thu, 22 Feb 2001 19:13:47 -0600 Subject: [pptp-server] Netmask woes... Last thing I'm sure. Message-ID: <90769AF04F76D41186C700A0C90AFC3EE67A@defiant.infohiiway.com> > -----Original Message----- > From: Robert Dege [mailto:rcd at amherst.com] > Sent: Thursday, February 22, 2001 4:18 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Netmask woes... Last thing I'm sure. > > I too am having similar problems as .... Dread Boy. I posted earlier > about it, but became so frustrated with NetBios that I decided to > take a little vacation from that project :) I've taken a few of these so called vacations also. :) > > Anyways, my question. We are converting to DHCP, so pinging > machines is not as easy since there is not an easy way to resolve > NetBios name to IP. WINS and DNS really have nothing to do with each other. When your using Network Neighborhood - your using WINS/Netbios. If your using ping - your using the resolver libs. i.e. DNS Although, both WINS/DNS can be configured to play together to resolve the problem you have described with DHCP. For instance, with Windows 2000, its TCP/IP stack has an option to "Register this connections address with DNS". I have actually tried this and it works if my DNS servers zone file has the "allow updates" option enabled. The reverse of this would be (using Samba/WINS) and enable the "wins hook" option. I have not tried this yet, but from what I have read - when a client registers/de-registers with a WINS server, the corresponding DNS zone could be updated/modified through an external program. Of course, if your using Microsoft's DNS/WINS servers, you can make DNS and WINS play together by enabling the "Use WINS Resolution" when you define your DNS zones. I have used this feature with very little problems. In fact, one of my customers has 4500 nodes on their network. Trust me, I was not about to manually add 4500 netbios names to the DNS zones. I enabled this option and was able to use Network Neighborhood and ping DHCP enabled clients by their NetBios name. whew! > I was able to pass the 3 Steve Cowles tests with flying colors, > but still suffer the fate of Net Hood failure. If you passed all three tests, then TCP/IP and the PPTP tunnel are functioning properly and you can move on to resolving your NetBios problems. Maybe you are already aware of the following; in case you not... In order for any remote PPTP client to be able to use Network Neighborhood, you must first have an active WINS server on your LAN. IN addition, all clients and servers on that LAN "must" register with that WINS server. This also includes the PPTP client. In order to get a MS client to register with a WINS server, it must be configured to use a WINS server (instead of broadcasting) for netbios name resolution. This can be accomplished by: 1) Through your DHCP scope. 2) Manually add the IP address(s) of the WINS server in the WINS tab of the MS TCP/IP stack properties. For PPTP clients... the "ms-wins" parameter needs to be specified in your /etc/ppp/options file so the PPTP client knows to query the WINS server. All MS clients "netbios node type" should be set to "hybrid" when they are properly configured to use WINS instead of broadcasting. You can use "winipcfg" of "ipconfig" to verify the netbios node type. Also, on the PPTP client, are the netbios WORKGROUP and/or DOMAIN names set to match what the other clients on the LAN are set to when they register with the WINS server? > > Does it matter if I have Network firewalling (ipchains) disabled > in my kernel? I assumed that NOT having it installed would be the > equivalent as having ACCEPT for forwards, inputs & outputs. Personally, I have never compiled a linux kernel without enabling network firewalling. So I have nothing to reference to. I would think that this would be equivelent to specifing an implied ipchain ACCEPT for the input/output/forward policy chains. Steve Cowles From berzerke at swbell.net Thu Feb 22 21:14:42 2001 From: berzerke at swbell.net (robert) Date: Thu, 22 Feb 2001 21:14:42 -0600 Subject: [pptp-server] Error 650 Message-ID: <0102222114420D.31759@linux> I'm trying to connect to a Linux PPTPD server from a windows 95 machine. I get an Error 650 every time. Three other windows clients (including one that uses the same DSL provider as I do) can connect no problem. This says it is not the server that is the problem. The fact one of the other clients uses the same ISP tells me that ISP filtering is probably not the problem. One of the howto's mentions this could be a firewall problem (not passing GRE packets). However, the client that can't connect is directly connected to the internet (as least during tests). No firewall, no NAT. Therefore, I don't think that is the problem. The setup, BTW, is pptpd 1.1.2, pppd 2.4.0, kernel 2.4.1. Anyone have any ideas? From GeorgeV at citadelcomputer.com.au Thu Feb 22 22:03:55 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 23 Feb 2001 15:03:55 +1100 Subject: [pptp-server] Error 650 Message-ID: <200FAA488DE0D41194F10010B597610D01244E@JUPITER> If it's not the pptpd server, then the versions numbers below that you sent are useless.. What we really need is the Windows version they're using and is there any pptpd server logs that could explain what the error means... It's probably the server asking for MPPE 128 bit authentication or something and it's an old win95 machine.. Check that their using DUN1.3 or some thing similar.. What setup is the window machine got compared to the others that are working... have they tried creating a new DUN connection..? > -----Original Message----- > From: robert [SMTP:berzerke at swbell.net] > Sent: Friday, February 23, 2001 2:15 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Error 650 > > I'm trying to connect to a Linux PPTPD server from a windows 95 machine. > I > get an Error 650 every time. Three other windows clients (including one > that > uses the same DSL provider as I do) can connect no problem. > > This says it is not the server that is the problem. The fact one of the > other clients uses the same ISP tells me that ISP filtering is probably > not > the problem. > > One of the howto's mentions this could be a firewall problem (not passing > GRE > packets). However, the client that can't connect is directly connected to > > the internet (as least during tests). No firewall, no NAT. Therefore, I > don't think that is the problem. > > The setup, BTW, is pptpd 1.1.2, pppd 2.4.0, kernel 2.4.1. > > Anyone have any ideas? > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From kub at cfc.at Fri Feb 23 03:35:31 2001 From: kub at cfc.at (Bjorn Kuiper) Date: Fri, 23 Feb 2001 10:35:31 +0100 Subject: [pptp-server] unable to browse network using WIN NT Client -> LINUX pptpd server Message-ID: <01022310353101.01075@cfc047> Hello, I'm trying now for 2 days in a row to make it all work. The connection is made and i can add any share as a mapped drive to my NT client. But i'm not able to browse the network enviroment on the client. There were about four solutions given to this problem and i tried almost everyone of them. first of all a small description of the current status. i want to connect with my win NT client to a linux pptpd server which is connect to the local network. i can ping every host on the local network and can map any share to a drive. the only problem is to 'browse' through the network. the solutions that are mentioned on this list: - edit your lmhosts and hosts file - make your linux server a master browser - make your linux server a wins server/or any other machine in the network. i edit my lmhosts and hosts file. the hosts file is ofcourse no problem. the lmhosts file has some extra setting, you can specify an DOMain- controller by adding #DOM: behind the machines name and ip. This didn't get the preferred result. it's just makes the DNS server a bit more useless on the localnetwork and spares some bandwith. Then i made the linux machine as master browser (using ofcourse samba). But if i don't change anything in the /etc/ppp/options file nothing happens. No (extra) data is send between the host and server. the only thing wat always happens is that my client tries to send a first query to the name server and get's a respons (btw: it always a fault request. the name asked to resolve is wrong and has always the same error at the end, but everything is typed right in my hosts and lmhosts file). If i change wins-server to my linux pptpd server (now running as master browser) then some data is sent between them, but this ofcourse falls. (there exchanging smb 'requests' and 'negatives') Then i tried something else, i set wins-server to my main DOMAIN- CONTROLLER on the local network. now i CAN SEE every machine on the network while browsing, but i can only access the NT machines that are known as SERVERS and not as WORKSTATIONS. This is probably normal, but i don't want to setup a WINS-server because ,if i'm right, then every machine on the localnetwork has to change his settings to access and report to the local WINS-server!? So my question on the end, Does anybody knows a solution so i can browse the network, without having to change the configuration of all the machines on the local network? Did i somewho missed an option somewhere? Greetings, Bjorn From jkreger at avidsolutionsinc.com Fri Feb 23 06:18:03 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Fri, 23 Feb 2001 07:18:03 -0500 Subject: [pptp-server] a route table problem Message-ID: <6B8A85826C35D31193BD0090278589C81DF019@CIC-EXCHANGE> just write a bash script to check if ipsec is up every 5 minutes, and if its down, pull the route btw, you may want to check your defaults and all in your ipsec.conf file. -----Original Message----- From: ??? To: pptp-server at lists.schulte.org Sent: 2/22/01 7:56 PM Subject: [pptp-server] a route table problem 203.239.59.130 ==> hostname is kikio rouing table before ipsec act ------------------------------------------------------------------------ ----------- Destination Gateway Genmask Flags Metric Ref Use Iface 203.239.59.97 * 255.255.255.255 UH 0 0 0 eth1 203.239.59.130 * 255.255.255.255 UH 0 0 0 eth0 203.239.59.64 FLB-500 255.255.255.224 UG 0 0 0 eth0 203.239.59.96 * 255.255.255.224 U 0 0 0 eth1 203.239.59.128 * 255.255.255.224 U 0 0 0 eth0 203.239.59.128 * 255.255.255.224 U 0 0 0 ipsec0 203.239.59.160 linux1 255.255.255.224 UG 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo ipsec auto --up conn_test ------------------------------------------------------------------------ -- Destination Gateway Genmask Flags Metric Ref Use Iface 203.239.59.97 * 255.255.255.255 UH 0 0 0 eth1 203.239.59.130 * 255.255.255.255 UH 0 0 0 eth0 203.239.59.64 FLB-500 255.255.255.224 UG 0 0 0 eth0 203.239.59.96 * 255.255.255.224 U 0 0 0 eth1 203.239.59.128 * 255.255.255.224 U 0 0 0 eth0 203.239.59.128 * 255.255.255.224 U 0 0 0 ipsec0 203.239.59.160 linux1 255.255.255.224 UG 0 0 0 ipsec0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo ipsec auto --down conn_test ------------------------------------------------------------------------ -- Destination Gateway Genmask Flags Metric Ref Use Iface 203.239.59.97 * 255.255.255.255 UH 0 0 0 eth1 203.239.59.130 * 255.255.255.255 UH 0 0 0 eth0 203.239.59.64 FLB-500 255.255.255.224 UG 0 0 0 eth0 203.239.59.96 * 255.255.255.224 U 0 0 0 eth1 203.239.59.128 * 255.255.255.224 U 0 0 0 eth0 203.239.59.128 * 255.255.255.224 U 0 0 0 ipsec0 203.239.59.160 linux1 255.255.255.224 UG 0 0 0 ipsec0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo ------------------------------------------------------------------------ -- when ipsec auto --down, 203.23.59.160 ipsec interface is not unrouted. so between linux1's 203.23.59.160 subnet and kikio's subnet 203.23.59.96 can not ping , telnet and ftp etc... question1 i don't know that <203.239.59.160 linux1 255.255.255.224 UG 0 0 0 ipsec0 > interface is always unrouted. question2 sometimes route is not removed. @.. at a help me!!! From jkreger at avidsolutionsinc.com Fri Feb 23 06:26:45 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Fri, 23 Feb 2001 07:26:45 -0500 Subject: [pptp-server] pptp probs Message-ID: <6B8A85826C35D31193BD0090278589C81DF01A@CIC-EXCHANGE> I am routing between offices using pptp. We have an office with a satellite internet connection. It has about 800-2800 ms delay depending on conditions. Anyway, We have another office, that connects over a modem, with a linux masquerading firewall. A NT server brings up a PPTP connection on demand, and connects them to our Corperate HQ, It works fine (the server is NT 4). The office with the satellite has win2k server. The connection seems to die after a few minutes of no use. The tunnel stays up, but no traffic comes back. Its like a route problem, like NT server decides to kick traffic back over their satellite, even know its destined for the tunnel. Any ideas? I've tried implmenting RIP to keep the routes updated, but it still dosen't work. -Justin, An Anti-Microsoft MCSE From Steve at SteveCowles.com Fri Feb 23 09:18:18 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 23 Feb 2001 09:18:18 -0600 Subject: [pptp-server] unable to browse network using WIN NT Client -> LINUX pptpd server Message-ID: <90769AF04F76D41186C700A0C90AFC3EE67B@defiant.infohiiway.com> > -----Original Message----- > From: Bjorn Kuiper [mailto:kub at cfc.at] > Sent: Friday, February 23, 2001 3:36 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] unable to browse network using WIN NT Client -> > LINUX pptpd server > > > Hello, > > I'm trying now for 2 days in a row to make it all work. > The connection is made and i can add any share as a mapped > drive to my NT client. But i'm not able to browse the network > enviroment on the client. > > There were about four solutions given to this problem and i > tried almost everyone of them. > > first of all a small description of the current status. i want to > connect with my win NT client to a linux pptpd server which > is connect to the local network. i can ping every host on the > local network and can map any share to a drive. the only problem > is to 'browse' through the network. > > the solutions that are mentioned on this list: > - edit your lmhosts and hosts file > - make your linux server a master browser > - make your linux server a wins server/or any other machine > in the network. > > i edit my lmhosts and hosts file. the hosts file is ofcourse > no problem. the lmhosts file has some extra setting, you can > specify an DOMain controller by adding #DOM: behind > the machines name and ip. > > This didn't get the preferred result. it's just makes the DNS > server a bit more useless on the localnetwork and spares some > bandwith. Your PPTP client should have at least been able to authenticate to the domain controller that you specified with the #DOM: directive. That's about it though. Adding this record would not have fixed browsing. > > Then i made the linux machine as master browser (using > of course samba). > > But if i don't change anything in the /etc/ppp/options file > nothing happens. No (extra) data is send between the host > and server. If I understand the above correctly, then your PPTP client's netbios node type is still set as b-node (broadcast). Broadcast packets (by default) are not routed across the PPTP tunnel. > > the only thing wat always happens is that my client tries to > send a first query to the name server and get's a respons > (btw: it always a fault request. the name asked to resolve is > wrong and has always the same error at the end, but everything > is typed right in my hosts and lmhosts file). > > If i change wins-server to my linux pptpd server (now running > as master browser) then some data is sent between them, but > this of course fails. > > (there exchanging smb 'requests' and 'negatives') > > Then i tried something else, i set wins-server to my > main DOMAIN-CONTROLLER on the local network. now i CAN SEE > every machine on the network while browsing, but i can only > access the NT machines that are known as SERVERS and not as > WORKSTATIONS. This is probably normal, Normal?? Possibly. I would be interested in the error you get when you try to access a workstation. i.e. access denied. Also, was your DOMAIN CONTROLLER running Microsoft WINS server? > but i don't want to setup a WINS-server because, if i'm right, > then every machine on the local network has to change his > settings to access and report to the local WINS-server!? That's correct!!! Although, if you are currently using DHCP to assign ip addresses, you can add WINS server and netbios node type to your DHCP scope so that all systems on your LAN automatically register with the WINS server without having to physically visit each desktop/server to manually change these settings. Especially your PDC/BDC's From admmath at cooptel.qc.ca Fri Feb 23 12:50:56 2001 From: admmath at cooptel.qc.ca (Mathieu Martin) Date: Fri, 23 Feb 2001 13:50:56 -0500 Subject: [pptp-server] Authentication to an NT domain Message-ID: <3A96B110.B3E09F61@cooptel.qc.ca> Hi, I've got PPTP working for a client. Everything works fine, except for the authentication to the NT domain, that sometimes works, sometimes not. When the client connects through PPTP, he gets a dialog box asking for his user,password, domain. He enters the informations, presses ENTER. Then, if he's lucky, it authenticates well and his network drives are aothmagically mounted.. If he's not lucky (most of the time), he gets an error message that looks like this: "There were no server available for authentication". I tried assigning the WINS server via PPTP. The ip of the WINS server then shows in "winipcfg", but I still have the same problem. I noticed that, when I connect to the PPTP server, I can't get an answer for the first ping I do to every ip addresses. I mean: I connect. I ping 1.1.1.1. No answer for the first ping. Normal answers for other ping's. I ping 1.1.1.2. No answer for the first ping. Normal answers for other ping's. Could it be related to my problem? What could be causing that? Thanks! Mathieu Martin admmath at cooptel.qc.ca From rogelio at ats-corp.com Fri Feb 23 13:11:47 2001 From: rogelio at ats-corp.com (Rogelio J. Baucells) Date: Fri, 23 Feb 2001 14:11:47 -0500 Subject: [pptp-server] Unsupported protocol 0x... received Message-ID: <70603A72A37FD411B11600600898FB760392AD@stimpy.ats-corp.com> Hello I just installed a pptpd server in a linux machine running kernel 2.4.1, ppp-2.4 and pptp-1.1.2. I am using Windows 2000 clients and I have no problems with some of them (No high encryption pack installed), with a couple of them (128 bits encryption installed) I can connect but nothing comes thru the link. This is the log file for the last ones. found interface eth0 for proxy arp local IP address X.Y.Z.W remote IP address X1.Y1.Z1.W1 rcvd [CCP ConfAck id=0x2 ] MPPE 40 bit, stateless compression enabled rcvd [proto=0x1f76] bd 23 c9 1c 42 43 29 75 67 9c 1b 79 a6 76 be 6e fa d2 6d 02 15 b3 c6 24 b3 db 38 d2 3a b8 4d df ... Unsupported protocol 0x1f76 received sent [LCP ProtRej id=0x4 1f 76 bd 23 c9 1c 42 43 29 75 67 9c 1b 79 a6 76 be 6e fa d2 6d 02 15 b3 c6 24 b3 db 38 d2 3a b8 ...] rcvd [proto=0xb7c4] fa 6e 9f 38 9b 4c 4d 2b 6b f6 62 b8 80 9c b4 12 a9 6c 49 bb f0 bc 57 42 1f 6e ff 70 f1 3f 5a b7 ... Unsupported protocol 0xb7c4 received and a lot of "Unsupported protocol XXXX received". .... kernel-2.4.1 patched with linux-2.4.0-openssl-0.9.6-mppe.patch ppp-2.4.1 patched with ppp-2.4.0-openssl-0.9.6-mppe.patch -- /etc/ppp/options.pptp lock debug auth ktune +chap +chapms +chapms-v2 mppe-40 mppe-stateless proxyarp -- /etc/pptpd.conf debug option /etc/ppp/options.pptp localip X.Y.Z.W remoteip X.Y.Z.W1-W2 listen X.Y.Z.W3 I tried using CHAP authentication with a computer (with 128 bits encryption) and it worked fine, but if I use MS-CHAP or MS-CHAP v2 I got the errors showed above. How can I force mppe-40 to test if the problem persists? Is there any thing I can do to resolve this problems? Thanks Rogelio J. Baucells ATS From Glenn.Swonk at tais.com Fri Feb 23 13:25:01 2001 From: Glenn.Swonk at tais.com (Glenn.Swonk at tais.com) Date: Fri, 23 Feb 2001 11:25:01 -0800 Subject: [pptp-server] Encrypted passwords in chap-secrets file Message-ID: Can I use encrypted passwords in the /etc/ppp/chap-secrets file? Reading the documentation, it appears that they are only applicable when a linux client is talking to a WinNT system. Is this true? thanks, glenn From rmk at communitytelephone.com Fri Feb 23 15:15:21 2001 From: rmk at communitytelephone.com (Ryan Kremer) Date: Fri, 23 Feb 2001 15:15:21 -0600 Subject: [pptp-server] CTRL: Error with select(), quitting Message-ID: I am receiving the following when I disconnect a PPTP session. This happens every time and kills off the pptpd daemon. Has anyone seen this or know how to fix it. I am running Solaris 2.5 w/ ppp 2.3.8. Thank. --------------------------------- Feb 23 13:36:56 vega pppd[2206]: rcvd [LCP TermReq id=0x3] Feb 23 13:36:56 vega pppd[2206]: LCP terminated by peer Feb 23 13:36:56 vega pppd[2206]: sent [LCP TermAck id=0x3] Feb 23 13:36:56 vega pptpd[2205]: CTRL: Received PPTP Control Message (type: 12) Feb 23 13:36:56 vega pptpd[2205]: CTRL: Made a CALL DISCONNECT RPLY packet Feb 23 13:36:56 vega pptpd[2205]: CTRL: Received CALL CLR request (closing call) Feb 23 13:36:56 vega pppd[2206]: Modem hangup Feb 23 13:36:56 vega pppd[2206]: Modem hangup Feb 23 13:36:56 vega pptpd[2205]: CTRL: I wrote 148 bytes to the client. Feb 23 13:36:56 vega pptpd[2205]: CTRL: Sent packet to client Feb 23 13:36:56 vega pppd[2206]: Connection terminated. Feb 23 13:36:56 vega pppd[2206]: Connection terminated. Feb 23 13:36:56 vega pptpd[2205]: CTRL: Error with select(), quitting Feb 23 13:36:56 vega pptpd[2205]: CTRL: Error with select(), quitting Feb 23 13:36:56 vega pppd[2206]: Connect time 0.2 minutes. Feb 23 13:36:56 vega pptpd[2205]: CTRL: Client x.x.x.x control connection finished Feb 23 13:36:56 vega pppd[2206]: Sent 375 bytes, received 2333 bytes. Feb 23 13:36:56 vega pptpd[2205]: CTRL: Exiting with active call Feb 23 13:36:56 vega pptpd[2205]: CTRL: Asked to free call when no call open, not handled well Feb 23 13:36:56 vega pptpd[2205]: CTRL: Asked to free call when no call open, not handled well Feb 23 13:36:56 vega pptpd[2205]: CTRL: Made a CALL DISCONNECT RPLY packet Feb 23 13:36:56 vega pptpd[2205]: CTRL: I wrote 148 bytes to the client. Feb 23 13:36:56 vega pptpd[2205]: CTRL: Sent packet to client Feb 23 13:36:56 vega pptpd[2205]: CTRL: Made a STOP CTRL REQ packet Feb 23 13:36:56 vega pptpd[2205]: CTRL: I wrote 16 bytes to the client. Feb 23 13:36:56 vega pptpd[2205]: CTRL: Sent packet to client Feb 23 13:36:56 vega pppd[2206]: Exit. Feb 23 13:37:01 vega pptpd[2205]: CTRL: Exiting now ------------------------------------------------ Ryan Kremer rmk at networkwcs.net Phone: (812)456-1224 Fax: (812)461-3363 Cisco Certified Network Professional Cisco Certified Design Associate From berzerke at swbell.net Fri Feb 23 15:26:05 2001 From: berzerke at swbell.net (robert) Date: Fri, 23 Feb 2001 15:26:05 -0600 Subject: [pptp-server] Error 650 Message-ID: <0102231526050G.31759@linux> While trying to find the cause of my error 650 (see previous posts for details), I came across a reference to a GRE enabled version of traceroute. The reference didn't say where to get though. I found the patch (and had to create a new patch to update the docs). I have rpm versions available at my site http://home.swbell.net/berzerke/. Both source and binary rpms are available. Mirroring is permitted and encouraged. Unfortunately, I haven't quite figured out how to properly interpret the results yet, or fix the problem. Doing a traceroute to port 1723 succeeds (4 hops, I'm using the same provider), put with GRE packets, it fails at the fourth (and last) hop. If anyone can tell me what this means, I would appreciate it. The obvious answer: "The last hop doesn't accept/return GRE packets." does work because 3 other pptp clients can connect fine. If GRE packets are blocked, they should not be able to connect either. From dreadboy at hotmail.com Fri Feb 23 16:36:26 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Fri, 23 Feb 2001 15:36:26 -0700 Subject: [pptp-server] Netmask woes... Detailed files Message-ID: Thanks to everyone so far for the help. Still can't see or ping the nodes on the LAN after dialing in. I've listed my configuration files below. /etc/smb.conf /var/lock/samba/browse.dat /var/lock/samba/wins.dat /etc/pptpd.conf /etc/ppp/options /etc/ppp/chap-secrets /etc/rc.d/rc.firewall (ipchains script for gateway/firewall) I do have domainname stripping and SMB authentication using /etc/smbpasswd compiled into ppp-2.3.11 as well using a newly compiled kernel 2.2.17. Again, connecting to the pptpd server is flawless with Win95A, Win95B, Win98, Win98SE, and Win2000. Haven't had a chance to test WinME or NT4 yet. I am using the machine as a gateway between the internal interface (eth0) and the external interface (eth1). --- /etc/smb.conf --- [global] workgroup = WestLogic server string = Linux Samba Server hosts allow = 192.168.0. 127. ;Also tried remming out "hosts allow" statement to allow all IPs security = user password level = 16 username level = 16 encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u username map = /etc/smbusers include = /etc/smb.conf.%m socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0 bind interfaces only = yes ;Also tried remming out "interfaces" and "bind interfaces only" to ;bind to both eth0 and eth1 remote announce = 192.168.0.255 local master = yes browse list = yes os level = 64 domain master = yes preferred master = yes domain logons = yes name resolve order = wins lmhosts bcast ;Also tried: name resolve order = lmhosts wins bcast ;With lmhosts containing IPs mapped to names wins support = yes dns proxy = yes preserve case = yes case sensitive = yes --- /var/lock/samba/browse.dat --- "WESTLOGIC" c0001000 "WL2" "WESTLOGIC" "WL2" 400d9b0b "Linux Samba Server" "WESTLOGIC" "WL1" 40019603 "WestLogic NT Server" "WESTLOGIC" "CRAIG" 40011003 "" "WESTLOGIC" --- /var/lock/samba/wins.dat --- VERSION 1 140101 "C-9999CRAIG#20" 983484683 192.168.0.16 64R "CRAIG#00" 983484683 192.168.0.16 64R "CRAIG#03" 983484683 192.168.0.16 64R "CRAIG#20" 983484683 192.168.0.16 64R "CRAIG#6a" 983484683 192.168.0.16 64R "CRAIG#87" 983484683 192.168.0.16 64R "WESTLOGIC#00" 983484683 255.255.255.255 c4R "WESTLOGIC#1b" 983484124 192.168.0.2 44R "WESTLOGIC#1c" 983484124 192.168.0.2 c4R "WESTLOGIC#1e" 983484563 255.255.255.255 c4R "WL2#00" 983484124 192.168.0.2 46R "WL2#03" 983484124 192.168.0.2 46R "WL2#20" 983484124 192.168.0.2 46R --- /etc/pptpd.conf --- speed 115200 option /etc/ppp/options debug localip 192.168.0.200-215 remoteip 192.168.0.216-231 --- /etc/ppp/options --- debug name wl2 netmask 255.255.255.0 auth proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless chapms-strip-domain require-chap ms-wins 192.168.0.2 --- /etc/ppp/chap-secrets --- # client server secret IP addresses * * &/etc/smbpasswd * --- /etc/rc.d/rc.firewall --- #!/bin/sh echo "Executing Firewall script... (/etc/rc.d/rc.firewall)" # Disable IP forwarding temporarily until script finishes echo "0" > /proc/sys/net/ipv4/ip_forward # Load required ip_masq modules (FTP included here) /sbin/depmod -a /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_irc /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_quake /sbin/modprobe ip_masq_vdolive # Assign external IP variables extif="eth1" extip=`/sbin/ifconfig | grep -A 4 eth1 | awk '/inet/ { print $2 } ' | sed -e s/addr://` # Assign internal IP variables intif="eth0" intnet="192.168.0.0/24" intip=`/sbin/ifconfig | grep -A 4 eth0 | awk '/inet/ { print $2 } ' | sed -e s/addr://` # Assign misc variables any="0.0.0.0/0" echo - Initializing router/gateway on eth0/eth1 echo - Internal IP on eth0: $intip echo - External IP on eth1: $extip echo # Initialize MASQ timeout and standard chains ipchains -M -S 7200 10 60 ipchains -F input ipchains -P input REJECT ipchains -F output ipchains -P output REJECT ipchains -F forward ipchains -P forward DENY # Setup input policy # local interface, local machines, going anywhere is valid ipchains -A input -i $intif -s $intnet -d $any -j ACCEPT # reject IP spoofing where external computer claims to be a local ipchains -A input -i $extif -s $intnet -d $any -l -j REJECT # allow external access via external interface ipchains -A input -i $extif -s $any -d $extip/32 -j ACCEPT # loopback interface is valid ipchains -A input -i lo -s $any -d $any -j ACCEPT # Setup output policy # all outgoing traffic is allowed ipchains -A output -i $intif -s $any -d $intnet -j ACCEPT # prevent traffic for local network from using external interface ipchains -A output -i $extif -s $any -d $intnet -l -j REJECT # prevent traffic from local network from using external interface ipchains -A output -i $extif -s $intnet -d $any -l -j REJECT # anything else can go out ipchains -A output -i $extif -s $extip/32 -d $any -j ACCEPT # loopback interface is valid ipchains -A output -i lo -s $any -d $any -j ACCEPT # Enable IP forwarding echo "1" > /proc/sys/net/ipv4/ip_forward # Setup forwarding policy # Masquerade local net traffic to anywhere ipchains -A forward -i $extif -s $intnet -d $any -j MASQ _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From dreadboy at hotmail.com Fri Feb 23 17:05:04 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Fri, 23 Feb 2001 16:05:04 -0700 Subject: [pptp-server] Netmask woes... ifconfig Message-ID: OK, I have no idea what "arp" is. Even though I've specified it in /etc/ppp/options with the "proxyarp" line. ifconfig reports that when a machines is remotely connected "UP POINTOPOINT RUNNING NOARP MULTICAST". Should the "NOARP" part concern me? Can anyone tell me what the hell it means? Also, on the Win client side after connecting to the pptpd server, "bytes sent" always increase over time, however "bytes received" always indicates around 300 bytes depending on what my username/password was, connection options, etc. I keep refreshing the "Network Neighborhood" to no avail. ppp0 Link encap:Point-to-Point Protocol inet addr:192.168.0.200 P-t-P:192.168.0.216 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1450 Metric:1 RX packets:125 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From dreadboy at hotmail.com Fri Feb 23 17:34:14 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Fri, 23 Feb 2001 16:34:14 -0700 Subject: [pptp-server] Encrypted passwords in chap-secrets file Message-ID: Glenn, you have to compile in two additional patches into ppp when you build it. 1) pppsmb.pat - This patch allows you to authenticate using list from /etc/smbpasswd. 2) strip-MSdomain-patch.diff - This patch strips off the preceeding DOMAINNAME from DOMAINNAME\\username that Windoze clients send, frustratingly enough. Is it imparitive that the DOMAINNAME/WORKGROUP be parsed off before smbpasswd can be used for authentication. Also, you will need libsmbpw.so source. This library is required for SMB authentication. Just download the tarball, untar it, make it, then the remaining instructions on where to put the ".so" file and the link are included. I put them in /usr/lib on my Redhat 6.2 installation. There are links to all of these files in this archive. You just have to dig. Currently, I'm writing a new HOWTO (for dummies) for all this stuff for those of us (like me) who have had much trouble even re-compiling my kernel to support pptpd for so long. One thing though, I can't finish the HOWTO until I get a few more questions answered first. My remote dial-up/connections work from anywhere with every version of Windoze I've tried so far, however I still can not ping or see any machines on the LAN remotely. Until I get these problems solved, I can't finish the "easy pptpd HOWTO for MS Clients". Once I do, however, I will be posting it along with every possible required file on my web site so everyone can grab all of the right files from one location. >From: Glenn.Swonk at tais.com >To: pptp-server at lists.schulte.org >Subject: [pptp-server] Encrypted passwords in chap-secrets file >Date: Fri, 23 Feb 2001 11:25:01 -0800 > >Can I use encrypted passwords in the /etc/ppp/chap-secrets file? > >Reading the documentation, it appears that they are only applicable when >a linux client is talking to a WinNT system. Is this true? > >thanks, >glenn > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From dreadboy at hotmail.com Fri Feb 23 20:31:04 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Fri, 23 Feb 2001 19:31:04 -0700 Subject: [pptp-server] Netmask woes... Could this be the little bugger? Message-ID: Ah-ha! Looking through my /var/log/samba/smb.log file I see there are several repeating messages regarding not being able to pass an IP packet to port 137 on my dial-up interface 192.168.0.216. Does anyone know if this would this have to do with my ipchains rules or possibly my bindings in /etc/smb.conf? (See previous post.) Thx. Dreadly. [2001/02/23 19:17:39, 0] libsmb/nmblib.c:send_udp(755) Packet send failed to 192.168.0.216(137) ERRNO=Operation not permitted [2001/02/23 19:17:39, 0] nmbd/nmbd_packets.c:reply_netbios_packet(965) reply_netbios_packet: send_packet to IP 192.168.0.216 port 137 failed _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From dreadboy at hotmail.com Fri Feb 23 20:36:32 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Fri, 23 Feb 2001 19:36:32 -0700 Subject: [pptp-server] Netmask woes... Could this be the little bugger? (2) Message-ID: Sorry... this should have read /var/log/samba/nmb.log not smb.log >Ah-ha! > >Looking through my /var/log/samba/smb.log file I see there are several > >repeating messages regarding not being able to pass an IP packet to >port >137 on my dial-up interface 192.168.0.216. > >Does anyone know if this would this have to do with my ipchains rules >or >possibly my bindings in /etc/smb.conf? (See previous post.) > >Thx. Dreadly. > >[2001/02/23 19:17:39, 0] libsmb/nmblib.c:send_udp(755) > Packet send failed to 192.168.0.216(137) ERRNO=Operation not >permitted >[2001/02/23 19:17:39, 0] nmbd/nmbd_packets.c:reply_netbios_packet(965) > reply_netbios_packet: send_packet to IP 192.168.0.216 port 137 failed _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From dreadboy at hotmail.com Fri Feb 23 20:41:46 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Fri, 23 Feb 2001 19:41:46 -0700 Subject: [pptp-server] Netmask woes... Could this be the little bugger? (Correction) Message-ID: Sorry... this should have read /var/log/samba/nmb.log not smb.log >Ah-ha! > >Looking through my /var/log/samba/smb.log file I see there are several > >repeating messages regarding not being able to pass an IP packet to >port >137 on my dial-up interface 192.168.0.216. > >Does anyone know if this would this have to do with my ipchains rules >or >possibly my bindings in /etc/smb.conf? (See previous post.) > >Thx. Dreadly. > >[2001/02/23 19:17:39, 0] libsmb/nmblib.c:send_udp(755) > Packet send failed to 192.168.0.216(137) ERRNO=Operation not >permitted >[2001/02/23 19:17:39, 0] nmbd/nmbd_packets.c:reply_netbios_packet(965) > reply_netbios_packet: send_packet to IP 192.168.0.216 port 137 failed _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From ein_bier_bitte at yahoo.de Fri Feb 23 22:38:21 2001 From: ein_bier_bitte at yahoo.de (=?iso-8859-1?q?C.=20Thomas?=) Date: Sat, 24 Feb 2001 05:38:21 +0100 (CET) Subject: [pptp-server] pptpd not encrypting traffic, though it says it is. Message-ID: <20010224043821.5104.qmail@web4701.mail.yahoo.com> It's quite odd! pptpd is set up and working away happily, with no observable problems. The log looks just as one would like, as you can see below: Encryption appears to be enabled, and everyone is happy. However, when I sniff packets coming into ppp0, everything is in plaintext!!! What would make pptpd "lie" about it encrypting stuff when it is really not? Ideas? Feb 23 20:33:57 fire pptpd[22846]: CTRL: Sent packet to client Feb 23 20:33:57 fire pppd[22847]: sent [IPCP ConfReq id=0x1 ] Feb 23 20:33:57 fire pppd[22847]: sent [CCP ConfReq id=0x1 ] Feb 23 20:33:57 fire pppd[22847]: MSCHAP-v2 peer authentication succeeded for ASA\\cthomas Feb 23 20:33:57 fire pppd[22847]: rcvd [IPCP ConfReq id=0x1 ] Feb 23 20:33:57 fire pppd[22847]: sent [IPCP ConfRej id=0x1 ] Feb 23 20:33:57 fire pppd[22847]: rcvd [CCP ConfReq id=0x1 ] Feb 23 20:33:57 fire pppd[22847]: sent [CCP ConfNak id=0x1 ] Feb 23 20:33:57 fire pppd[22847]: rcvd [IPCP ConfRej id=0x1 ] Feb 23 20:33:57 fire pppd[22847]: sent [IPCP ConfReq id=0x2 ] Feb 23 20:33:57 fire pppd[22847]: rcvd [CCP ConfRej id=0x1 ] Feb 23 20:33:57 fire pppd[22847]: sent [CCP ConfReq id=0x2 ] Feb 23 20:33:57 fire pppd[22847]: rcvd [IPCP ConfReq id=0x2 ] Feb 23 20:33:57 fire pppd[22847]: sent [IPCP ConfNak id=0x2 ] Feb 23 20:33:57 fire pppd[22847]: rcvd [CCP ConfReq id=0x2 ] Feb 23 20:33:57 fire pppd[22847]: sent [CCP ConfAck id=0x2 ] Feb 23 20:33:57 fire pppd[22847]: rcvd [IPCP ConfAck id=0x2 ] Feb 23 20:33:57 fire pppd[22847]: rcvd [CCP ConfNak id=0x2 ] Feb 23 20:33:57 fire pppd[22847]: sent [CCP ConfReq id=0x3 ] Feb 23 20:33:57 fire pppd[22847]: rcvd [IPCP ConfReq id=0x3 ] Feb 23 20:33:57 fire pppd[22847]: sent [IPCP ConfAck id=0x3 ] Feb 23 20:33:57 fire pppd[22847]: found interface eth0 for proxy arp Feb 23 20:33:57 fire pppd[22847]: local IP address 192.168.1.221 Feb 23 20:33:57 fire pppd[22847]: remote IP address 192.168.1.231 Feb 23 20:33:57 fire pppd[22847]: Script /etc/ppp/ip-up started (pid 22848) Feb 23 20:33:57 fire pppd[22847]: rcvd [CCP ConfAck id=0x3 ] Feb 23 20:33:57 fire pppd[22847]: MPPE 40 bit, stateless compression enabled __________________________________________________________________ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de From vgill at technologist.com Fri Feb 23 23:17:11 2001 From: vgill at technologist.com (Gill, Vern) Date: Fri, 23 Feb 2001 21:17:11 -0800 Subject: [pptp-server] Encrypted passwords in chap-secrets file Message-ID: <8D043DEA73DFD411958A00A0C90AB7607CE6@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Actually, you do NOT need the strip domain patch. You can use the smbpasswd file for quthenticating with or without that patch. It makes life easier WITH it, but by no means is it REQUIRED. Glenn, if you like, you can get the following patch from my site; http://linus.yi.org/linux/smbpw-mppe-stripdom-requiremppe.diff.bz2 You should also go to http://linus.yi.org/, and click on the tab for the PPP page to read the instructions there. libsmbpw is available there as well... Glenn, you have to compile in two additional patches into ppp when you build it. 1) pppsmb.pat - This patch allows you to authenticate using list from /etc/smbpasswd. 2) strip-MSdomain-patch.diff - This patch strips off the preceeding DOMAINNAME from DOMAINNAME\\username that Windoze clients send, frustratingly enough. Is it imparitive that the DOMAINNAME/WORKGROUP be parsed off before smbpasswd can be used for authentication. Also, you will need libsmbpw.so source. This library is required for SMB authentication. Just download the tarball, untar it, make it, then the remaining instructions on where to put the ".so" file and the link are included. I put them in /usr/lib on my Redhat 6.2 installation. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOpdAsxeamMdwy9TXEQI7CwCghjRPBycpc5bh4sGrVgb6grgBWVAAoKLB qaXBpyMfamy7/GR//YKMOET5 =piMf -----END PGP SIGNATURE----- From Steve at SteveCowles.com Sat Feb 24 00:40:55 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sat, 24 Feb 2001 00:40:55 -0600 Subject: [pptp-server] Netmask woes... Could this be the little bugge r? (Correction) Message-ID: <90769AF04F76D41186C700A0C90AFC3EE67C@defiant.infohiiway.com> > -----Original Message----- > From: Dread Boy [mailto:dreadboy at hotmail.com] > Sent: Friday, February 23, 2001 8:42 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Netmask woes... Could this be the > little bugger? (Correction) > >>> Much stuff deleted.... <<<< Dread Boy, After looking at all of your posts for today and searching my poptop folder for messages from you, I see this thread actually goes back to 2/7/2001. wow! Based on the content of your posts that I have read today... you are still trying to resolve Samba related issues when you really need to be applying your efforts in trying to resolve layer 3 (protocol) issues. I have said this before and I will say it again - "Samba requires layer 3 to be functional before you can expect it to work properly". Resolving layer 3 issues would include: 1) routing 2) TCP/IP 3) PPP (port 1723 and protocol 47) 4) ipchains (input/output/forward chains) In other words, when you can successfully "ping" a client and/or server on the LAN that the PPTP server is connected to (from your PPTP client), then you have successfully resolved your layer 3 issues and can move on to resolving Samba related issues. Until you reach this plateau, forget about Samba. Also, without appearing to be rude - consider replacing your firewall script with seawall. You will save yourself alot of time and frustration because you do not have to learn ipchain syntax structure. Just edit a well documented config file which defines your network topology and then type: seawall start, which will then execute the appropriate ipchain commands based on the config file. Plus, it might actually help you understand what ipchain rules are required for PPTP connections when you write your future howto document. I know it helped me!!! If the above has not yet convinced you on making the switch to seawall; how about these bullets * it's free * it's secure * it's scalable * SUPPORTS POPTOP/PPTP tunnels (hint! hint!) * supports ipsec tunnels * supports port/protocol forwarding to internal "masq'd" servers * DMZ support FWIW: I personally use seawall on my linux firewall and have also implemented seawall at my customer sites which use linux firewalls. So far, Seawall has met/passed every security policy and/or test I have had to design and/or implement against. Think about it! Checkout: http://seawall.sourceforge.net and download version 4 As for your post/question regarding address resolution protocol (arp). I wrote a 30,000 foot overview of "why" ppp/pptp connections require proxyarp's. It is still a work in progress (needs some re-wording and cross-references), but it should help you in your understanding of basic TCP/IP and PPTP. Checkout: http://www.infohiiway.com/pptp/proxyarp.html Steve Cowles From canfieldtim at yahoo.com Sat Feb 24 02:29:33 2001 From: canfieldtim at yahoo.com (Tim Canfield) Date: Sat, 24 Feb 2001 00:29:33 -0800 (PST) Subject: [pptp-server] Internal DNS server blues In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE673@defiant.infohiiway.com> Message-ID: <20010224082933.11741.qmail@web3002.mail.yahoo.com> Has anyone been able to get ms-wins and ms-dns to work with Windows 2000 SP1 as the client. It works on my 98 client, but 2000 seems to ignore those settings. Thanks, Tim --- "Cowles, Steve" wrote: > > -----Original Message----- > > From: David LANDGREN [mailto:dlandgre at bpinet.com] > > Sent: Wednesday, February 21, 2001 10:07 AM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] Internal DNS server blues > > > > > > All is well and good, however... > > > > The clients initially dial up via modem, and the connection > > to the initial ISP negotiates two public DNS servers, > > 194.x.y.z whatever. On successfully connecting to the ISP, > > the client then connects through MS VPN to my private network. > > At this point things get rather bizarre. > > What happens is the addresses of my two internal DNS servers, > > rather than replacing the two public addresses, get tacked > > onto the end. So when I run winipcfg on the ppp interface on > > the client, I get four separate DNS addresses, my two coming > > after the first two. > > This is not as bizarre as it may seem. This is normal TCP/IP -> Resolver Lib > interaction. i.e. DNS servers are global settings, not per connection > profile. > > I agree though, I would like to see Microsoft change the "order" of the DNS > servers shown when using "winipcfg" after a VPN connection is established > and then revert back when the VPN is terminated. Based on my results though, > I think Microsoft is changing the order internally. Unfortunately, my > Win98Me based laptop does not have nslookup, so a can't really verify what > server is actually being queried after the VPN is established. i.e. nslookup > -debug www.mydomain.com > > > > > What this means is that the client is unable to resolve the > > name of anything inside my network. What I really want to do > > is to wipe out the initial DNS addresses that were given > > during the initial dial-up and replace them with my internal > > addresses. Because in any event, if my internal DNS servers > > can't resolve an address (because its an outside machine), > > they will forward the request onto those two public DNS > > servers anyway. > > > > Does anyone have this setup ? > > I have the exact same setup. I run internal DNS servers which return private > addresses for ftp,www,mail, etc... on my local network and then forward all > other requests for everything else outside. > > I'm not seeing the same results as you. So I don't know if I can offer any > pointers except to verify that what you are describing in your post... > should work as you have stated. (see below) In fact, my VPN connection would > be allmost useless if my internal DNS servers did not return the private ip > addresses. > > NOTE: For the purpose of this post, I have changed my real domain name to > "mydomain.com" and also substituted xx.xx.xx.xx for the public ip address. > Also, my firewall is configured to NOT answer ICMP echo-requests (ping's) on > the external interface, so the request timeouts shown are normal but name > resolution is working. > > ---------------------- > The following ping is after establishing a dialup connection to my ISP from > my Win98Me laptop. I have not yet established my VPN. Name resolution is now > pointing to my ISP's name servers. > > C:\WINDOWS>ping www.mydomain.com > > Pinging www.mydomain.com [xx.xx.xx.xx] with 32 bytes of data: > Request timed out. > Request timed out. > Request timed out. > Request timed out. > > Ping statistics for xx.xx.xx.xx: > Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), > Approximate round trip times in milli-seconds: > Minimum = 0ms, Maximum = 0ms, Average = 0ms > > C:\WINDOWS> > > Now I have established a VPN into my local network which is running PopTop. > Please note: At this time, when I run "winipcfg", I now have 4 DNS servers > listed. My ISP's are still listed first, then my internal ones. Again, based > on my results, I think Microsoft is changing the search order internally. > The internal IP address is now properly returned for the same FQDN. > > C:\WINDOWS>ping www.mydomain.com > > Pinging www.mydomain.com [192.168.9.3] with 32 bytes of data: > > Reply from 192.168.9.3: bytes=32 time=234ms TTL=255 > Reply from 192.168.9.3: bytes=32 time=206ms TTL=255 > Reply from 192.168.9.3: bytes=32 time=206ms TTL=255 > Reply from 192.168.9.3: bytes=32 time=219ms TTL=255 > > Ping statistics for 192.168.9.3: > Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), > Approximate round trip times in milli-seconds: > Minimum = 206ms, Maximum = 234ms, Average = 216ms > > C:\WINDOWS> > > I just checked my configuration on my Win98Me client. In both the dialup > profile and the pptp profile, I am specifying absolutley nothing. i.e. DNS > servers entries are blank. They are being assigned by either my ISP's DHCP > servers or through /etc/ppp/options after the VPN is extablished. > > Good luck > Steve Cowles > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ From ajennamo at uncc.edu Sat Feb 24 16:24:44 2001 From: ajennamo at uncc.edu (Andy Ennamorato) Date: Sat, 24 Feb 2001 17:24:44 -0500 (EST) Subject: [pptp-server] Poptop Problems (again...) In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE67C@defiant.infohiiway.com> Message-ID: Couple questions... Background: I'm using pptp 1.0.1 (tried the newer release as well), red hat 6.2, kernel 2.2.14, ppp 2.3.11. i've installed poptop using the directions at http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt. basically, i've followed up to step 4.0 (install poptop, not using encryption, so i don't need to patch ppp/kernel, do i?). when people attempt to log on (i've tried win98 and winME so far), they get authenticated, but the connection immediately drops and windoze prompts them to reconnect. my questions are: what modules need to be loaded when poptop is running? could someone list theirs? (esp. if they aren't using encryption). also, are their any steps i'm missing? whenever i test, i always ACCEPT all packets via IPCHAINS (do i need to exclusively accept port 1723 and protocol 47). i'm stuck...have been working on this for a while (as my senior project), but don't know what to do/where to go next. the thing that puzzles me is that i can connect (i.e. the tunnel is established), but then i immediately get disconnected (usually the error reads: ...pptpd[1165]: Peer not authorized to use the remote address 192.168.1.70 ... ...pptpd[1165]: Error reading from ppd: Input/output error ...pptpd[1165]: CTRL: GRE read or PTY write failed (gre, pty)=(5,4) ... so far, i haven't seen anyone else come across the list with a (gre, pty)=(5,4) error. can anyone tell me what that is or give me any pointers? your help is much appreciated... Andy ajennamo at uncc.edu From jkreger at avidsolutionsinc.com Sat Feb 24 18:45:29 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Sat, 24 Feb 2001 19:45:29 -0500 Subject: [pptp-server] Authentication to an NT domain Message-ID: <6B8A85826C35D31193BD0090278589C81DF020@CIC-EXCHANGE> Do you mean authentication for the connection? or Authentication for servers and all? -----Original Message----- From: Mathieu Martin To: pptp-server at lists.schulte.org Sent: 2/23/01 1:50 PM Subject: [pptp-server] Authentication to an NT domain Hi, I've got PPTP working for a client. Everything works fine, except for the authentication to the NT domain, that sometimes works, sometimes not. When the client connects through PPTP, he gets a dialog box asking for his user,password, domain. He enters the informations, presses ENTER. Then, if he's lucky, it authenticates well and his network drives are aothmagically mounted.. If he's not lucky (most of the time), he gets an error message that looks like this: "There were no server available for authentication". I tried assigning the WINS server via PPTP. The ip of the WINS server then shows in "winipcfg", but I still have the same problem. I noticed that, when I connect to the PPTP server, I can't get an answer for the first ping I do to every ip addresses. I mean: I connect. I ping 1.1.1.1. No answer for the first ping. Normal answers for other ping's. I ping 1.1.1.2. No answer for the first ping. Normal answers for other ping's. Could it be related to my problem? What could be causing that? Thanks! Mathieu Martin admmath at cooptel.qc.ca _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From ein_bier_bitte at yahoo.de Sun Feb 25 00:54:14 2001 From: ein_bier_bitte at yahoo.de (=?iso-8859-1?q?C.=20Thomas?=) Date: Sun, 25 Feb 2001 07:54:14 +0100 (CET) Subject: [pptp-server] howto for ppp-mppe 2.4.x? Message-ID: <20010225065414.20395.qmail@web4704.mail.yahoo.com> If anyone has successfully gotten ppp-mppe encryption support under kernel 2.4.x working, could you please post a short "howto" for my (and others') benefit? Best regards, C. Thomas __________________________________________________________________ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de From santtu.hyrkko at hut.fi Sun Feb 25 10:03:10 2001 From: santtu.hyrkko at hut.fi (Santtu =?iso-8859-1?q?Hyrkk=F6?=) Date: 25 Feb 2001 18:03:10 +0200 Subject: [pptp-server] howto for ppp-mppe 2.4.x? In-Reply-To: <20010225065414.20395.qmail@web4704.mail.yahoo.com> References: <20010225065414.20395.qmail@web4704.mail.yahoo.com> Message-ID: <87pug6lphd.fsf@ab62d3hel.dial.kolumbus.fi> "C. Thomas" writes: > If anyone has successfully gotten ppp-mppe encryption > support under kernel 2.4.x working, could you please > post a short "howto" for my (and others') benefit? Sure, Get the following patches from ftp://ftp.binarix.com/pub/ppp-mppe/ linux-2.4.0-openssl-0.9.6-mppe.patch ppp-2.4.0-openssl-0.9.6-mppe.patch Get ppp-2.4.0.tar.gz from ftp://linuxcare.com.au/pub/ppp Get linux kernel from the usual places. Apply linux-xxx.patch to kernel and compile. In configuration, select all the PPP stuff as modules. Apply ppp-xxx.patch to ppp-2.4.0, compile, install. Boot new kernel. Add following lines to /etc/ppp/options mppe-40 mppe-128 mppe-stateless Put "alias ppp-compress-18 ppp_mppe" to modutils configuration if you want to have mppe module loaded automatically. -- Santtu Hyrkk? From ein_bier_bitte at yahoo.de Sun Feb 25 16:52:10 2001 From: ein_bier_bitte at yahoo.de (=?iso-8859-1?q?C.=20Thomas?=) Date: Sun, 25 Feb 2001 23:52:10 +0100 (CET) Subject: [pptp-server] ppp-mppe under 2.4.x, continued Message-ID: <20010225225210.20543.qmail@web4705.mail.yahoo.com> Thanks to Santuu and robert for posting those mini-howtos on ppp-mppe under kernel 2.4.x - I have run across an interesting little problem after following the instructions set down in those guides. Let me give a little background into my setup: I'm running a patched ppp-2.3.8 under kernel 2.2.18 as the server. I am trying to get my client at home, a ppp-2.4.0 + 2.4.2 kernel debian machine to talk to it. The ppp connection sets up as advertised, and the server's log indicates mppe 128bit is set up, as well as stateless compression. However, when I ping the remote LAN from my client at home, this appears in /var/log/syslog on the client machine: Feb 25 14:25:38 next pppd[1485]: rcvd [Compressed data] 10 50 c0 ef e8 93 17 ab ... Feb 25 14:25:41 next pppd[1485]: rcvd [Compressed data] 10 51 26 a5 de ce 96 8a ... Feb 25 14:25:47 next pppd[1485]: rcvd [Compressed data] 10 52 76 8a 15 82 7a 29 ... /var/log/pptpd.log on the server does not give any indication that anything is wrong. I should mention that Microsoft VPN clients have no problem connecting to this server - and I have set up a linux VPN client with it using a 2.2.18 kernel. Is there any known incompatibility between ppp-mppe 2.3.8 and 2.4.0? Thanks, C. Thomas __________________________________________________________________ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de From GeorgeV at citadelcomputer.com.au Sun Feb 25 17:52:08 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 26 Feb 2001 10:52:08 +1100 Subject: [pptp-server] Poptop Problems (again...) Message-ID: <200FAA488DE0D41194F10010B597610D0817BC@JUPITER> I think your main problem is that the IP assigned is wrong.. I think your pptp client is not setup right or it's not getting it's IP from the server correctly.. I didn't notice anything about the client below. If it's a Windows machine make sure it's DHCP set and if it's *nix or linux then make sure you've got noipdefault in your options file for pptp. thanks, George Vieira -----Original Message----- From: Andy Ennamorato [mailto:ajennamo at uncc.edu] Sent: Sunday, February 25, 2001 9:25 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Poptop Problems (again...) Couple questions... Background: I'm using pptp 1.0.1 (tried the newer release as well), red hat 6.2, kernel 2.2.14, ppp 2.3.11. i've installed poptop using the directions at http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt. basically, i've followed up to step 4.0 (install poptop, not using encryption, so i don't need to patch ppp/kernel, do i?). when people attempt to log on (i've tried win98 and winME so far), they get authenticated, but the connection immediately drops and windoze prompts them to reconnect. my questions are: what modules need to be loaded when poptop is running? could someone list theirs? (esp. if they aren't using encryption). also, are their any steps i'm missing? whenever i test, i always ACCEPT all packets via IPCHAINS (do i need to exclusively accept port 1723 and protocol 47). i'm stuck...have been working on this for a while (as my senior project), but don't know what to do/where to go next. the thing that puzzles me is that i can connect (i.e. the tunnel is established), but then i immediately get disconnected (usually the error reads: ...pptpd[1165]: Peer not authorized to use the remote address 192.168.1.70 ... ...pptpd[1165]: Error reading from ppd: Input/output error ...pptpd[1165]: CTRL: GRE read or PTY write failed (gre, pty)=(5,4) ... so far, i haven't seen anyone else come across the list with a (gre, pty)=(5,4) error. can anyone tell me what that is or give me any pointers? your help is much appreciated... Andy ajennamo at uncc.edu _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From ceverett at ceverett.com Sun Feb 25 18:25:03 2001 From: ceverett at ceverett.com (Christopher L. Everett) Date: Sun, 25 Feb 2001 18:25:03 -0600 Subject: [pptp-server] PPP speed References: <20010225065414.20395.qmail@web4704.mail.yahoo.com> <87pug6lphd.fsf@ab62d3hel.dial.kolumbus.fi> Message-ID: <3A99A25E.28E1A05A@ceverett.com> Hello all: the manual says that the way to set the speed of the PPTP connection is with a line saying speed xxxxxxxx in the /etc/pptpd.conf where xxxxxxxx is the bit rate you want. I'd like to know if there are other factors. I'm using Linux-based PPTP servers on the Internet to let people hook up to Win2K Terminal Servers accross the country, and while the remote control experience in very nice, print performance using the standard MS redirection to the Terminal Server clients is abysmal, like 2 to 4 minutes to print a one page document (looks like 300+ KB are being sent). Even with 144 KBPs or better at both ends, which should handle 350KB in 15-20 seconds max, its really quite poor. When I look at the load pptpd is putting on the firewall (P-133, 64 MB RAM) with top I see that its never more than 4% of capacity, so I don't think that 128 bit encryption is causing a slowdown like the MS support engineer claimed ... I'm pretty sure all this is due to the high quality engineering coming from Redmond, but I'm willing to entertain the possibilty of a tweak to PoPToP helping lots. --Christopher From vu at sivell.com Sun Feb 25 18:26:20 2001 From: vu at sivell.com (Vu Pham) Date: Sun, 25 Feb 2001 18:26:20 -0600 Subject: [pptp-server] + and without + References: <20010225225210.20543.qmail@web4705.mail.yahoo.com> Message-ID: <002501c09f8b$b6939650$c802a8c0@khoapham> Sorry for my stupid question. What is the difference between options mppe-40 and +mppe-40, similar for mppe-128 and +mppe-128. Thanks a lot, Vu From berzerke at swbell.net Sun Feb 25 18:51:41 2001 From: berzerke at swbell.net (robert) Date: Sun, 25 Feb 2001 18:51:41 -0600 Subject: [pptp-server] ppp-mppe under 2.4.x, continued In-Reply-To: <20010225225210.20543.qmail@web4705.mail.yahoo.com> References: <20010225225210.20543.qmail@web4705.mail.yahoo.com> Message-ID: <01022518514100.03056@linux> Yes. Use pppd 2.4 or greater. See also my (work in progress) Howto for the linux 2.4 kernels. I post the newest version to http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt On Sunday 25 February 2001 16:52, C. Thomas wrote: > Thanks to Santuu and robert for posting those > mini-howtos on ppp-mppe under kernel 2.4.x - > > I have run across an interesting little problem after > following the instructions set down in those guides. > > Let me give a little background into my setup: > > I'm running a patched ppp-2.3.8 under kernel 2.2.18 as > the server. I am trying to get my client at home, a > ppp-2.4.0 + 2.4.2 kernel debian machine to talk to it. > > The ppp connection sets up as advertised, and the > server's log indicates mppe 128bit is set up, as well > as stateless compression. > > However, when I ping the remote LAN from my client at > home, this appears in /var/log/syslog on the client > machine: > > Feb 25 14:25:38 next pppd[1485]: rcvd [Compressed > data] 10 50 c0 ef e8 93 17 ab ... > Feb 25 14:25:41 next pppd[1485]: rcvd [Compressed > data] 10 51 26 a5 de ce 96 8a ... > Feb 25 14:25:47 next pppd[1485]: rcvd [Compressed > data] 10 52 76 8a 15 82 7a 29 ... > > /var/log/pptpd.log on the server does not give any > indication that anything is wrong. > > I should mention that Microsoft VPN clients have no > problem connecting to this server - and I have set up > a linux VPN client with it using a 2.2.18 kernel. > > Is there any known incompatibility between ppp-mppe > 2.3.8 and 2.4.0? > > Thanks, > > C. Thomas > > __________________________________________________________________ > Do You Yahoo!? > Gesendet von Yahoo! Mail - http://mail.yahoo.de > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From vgill at technologist.com Sun Feb 25 20:34:08 2001 From: vgill at technologist.com (Gill, Vern) Date: Sun, 25 Feb 2001 18:34:08 -0800 Subject: [pptp-server] Howto for 2.4 kernels Message-ID: <8D043DEA73DFD411958A00A0C90AB7607CEA@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - From your HOWTO; 5.2 Q: I'm connecting at only 40 bits. How do I connect at 128 bits? A: This is probably a client (Windows) problem. The key file for Windows 95/98 is pppmac.vxd, located in c:\windows\system. I suspect this also applies to Windows ME, but I don't have a system to test. There are at least 4 versions of this file. All versions seem to be interchangable. The versions are: 4.10.1903 (Win95), 4.10.1998 (Win98), 4.10.2002 (VPNUPD.EXE) and 4.10.2222 (Win98SE). Version 4.10.2222 has both a 40 bit and 128 bit version. If you find the file on your client, right click and go to properties. If the internal name is something like "PPPMAX (US/Canada Only, Not for Export)", you have the 128 bit version. Anything else is the 40 bit version. The file from WinME is version 4.90.0.3000 If you right click and go to properties, the internal name is "PPPMAC (High Encryption)" Just thought you might like to know... -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOpm/pReamMdwy9TXEQL+5ACffXn0zP4p1BKdchDaxKJTxwn36OEAoLIw qIk4zA1/nRfMkOKGN7XQdxSC =ACNi -----END PGP SIGNATURE----- From stuartg at parallelsolutions.com.au Sun Feb 25 23:57:45 2001 From: stuartg at parallelsolutions.com.au (Stuart Green) Date: Mon, 26 Feb 2001 16:57:45 +1100 Subject: [pptp-server] Unable to install ppp modules Message-ID: <200102260557.f1Q5vi221257@ns1.parallelsolutions.com.au> Hi All, Have a problem installing modules for ppp-2.3.11, I have followed the howto for Redhat Linux and get to the part of installing the modules for ppp and it fails..... after I run make modules SUBDIRS=drivers/net These are the errors ppp.c:3345: 'PPP_MAGIC' undeclared (first use in this function) make[1]: *** [ppp.o] error 1 HELP PLEASE Regards Stuart Green (CompTIA A+) Technical Department Manager,PARALLEL SOLUTIONS. Email : stuartg at parallelsolutions.com.au Web: www.parallelsolutions.com.au From Steve at SteveCowles.com Mon Feb 26 02:17:59 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 26 Feb 2001 02:17:59 -0600 Subject: [pptp-server] Unable to install ppp modules Message-ID: <90769AF04F76D41186C700A0C90AFC3EE67D@defiant.infohiiway.com> > -----Original Message----- > From: Stuart Green [mailto:stuartg at parallelsolutions.com.au] > Sent: Sunday, February 25, 2001 11:58 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Unable to install ppp modules > > > Hi All, > > Have a problem installing modules for ppp-2.3.11, I have > followed the howto for Redhat Linux and get to the part > of installing the modules for ppp and it fails..... > > after I run make modules SUBDIRS=drivers/net > These are the errors > > ppp.c:3345: 'PPP_MAGIC' undeclared (first use in this function) > make[1]: *** [ppp.o] error 1 From kub at cfc.at Mon Feb 26 03:14:30 2001 From: kub at cfc.at (Bjorn Kuiper) Date: Mon, 26 Feb 2001 10:14:30 +0100 Subject: Fwd: RE: [pptp-server] unable to browse network using WIN NT Client -> LINUX pptpd server Message-ID: <01022610143000.00502@cfc047> d0h!, It seems there was an WINS server on the network! together with editing the hosts and lmhosts file and using the option ms-wins in /etc/ppp/options made it work. Thanks for all your help. and some advise for starters. just install a NT wins server! Greetings Bjorn > -----Original Message----- > From: Bjorn Kuiper [mailto:kub at cfc.at] > Sent: Friday, February 23, 2001 3:36 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] unable to browse network using WIN NT Client -> > LINUX pptpd server > > > Hello, > > I'm trying now for 2 days in a row to make it all work. > The connection is made and i can add any share as a mapped > drive to my NT client. But i'm not able to browse the network > enviroment on the client. > > There were about four solutions given to this problem and i > tried almost everyone of them. > > first of all a small description of the current status. i want to > connect with my win NT client to a linux pptpd server which > is connect to the local network. i can ping every host on the > local network and can map any share to a drive. the only problem > is to 'browse' through the network. > > the solutions that are mentioned on this list: > - edit your lmhosts and hosts file > - make your linux server a master browser > - make your linux server a wins server/or any other machine > in the network. > > i edit my lmhosts and hosts file. the hosts file is ofcourse > no problem. the lmhosts file has some extra setting, you can > specify an DOMain controller by adding #DOM: behind > the machines name and ip. > > This didn't get the preferred result. it's just makes the DNS > server a bit more useless on the localnetwork and spares some > bandwith. Your PPTP client should have at least been able to authenticate to the domain controller that you specified with the #DOM: directive. That's about it though. Adding this record would not have fixed browsing. > Then i made the linux machine as master browser (using > of course samba). > > But if i don't change anything in the /etc/ppp/options file > nothing happens. No (extra) data is send between the host > and server. If I understand the above correctly, then your PPTP client's netbios node type is still set as b-node (broadcast). Broadcast packets (by default) are not routed across the PPTP tunnel. > the only thing wat always happens is that my client tries to > send a first query to the name server and get's a respons > (btw: it always a fault request. the name asked to resolve is > wrong and has always the same error at the end, but everything > is typed right in my hosts and lmhosts file). > > If i change wins-server to my linux pptpd server (now running > as master browser) then some data is sent between them, but > this of course fails. > > (there exchanging smb 'requests' and 'negatives') > > Then i tried something else, i set wins-server to my > main DOMAIN-CONTROLLER on the local network. now i CAN SEE > every machine on the network while browsing, but i can only > access the NT machines that are known as SERVERS and not as > WORKSTATIONS. This is probably normal, Normal?? Possibly. I would be interested in the error you get when you try to access a workstation. i.e. access denied. Also, was your DOMAIN CONTROLLER running Microsoft WINS server? > but i don't want to setup a WINS-server because, if i'm right, > then every machine on the local network has to change his > settings to access and report to the local WINS-server!? That's correct!!! Although, if you are currently using DHCP to assign ip addresses, you can add WINS server and netbios node type to your DHCP scope so that all systems on your LAN automatically register with the WINS server without having to physically visit each desktop/server to manually change these settings. Especially your PDC/BDC's >From the man pages: man dhcp-options option netbios-name-servers ip-address [, ip-address...]; The NetBIOS name server (NBNS) option specifies a list of RFC 1001/1002 NBNS name servers listed in order of preference. NetBIOS Name Service is currently more commonly referred to as WINS. WINS servers can be specified using the netbios-name-servers option. option netbios-node-type uint8; The NetBIOS node type option allows NetBIOS over TCP/IP clients which are configurable to be configured as described in RFC 1001/1002. The value is specified as a single octet which identifies the client type. Possible node types are: 1 B-node: Broadcast - no WINS 2 P-node: Peer - WINS only. 4 M-node: Mixed - broadcast, then WINS 8 H-node: Hybrid - WINS, then broadcast > So my question on the end, > Does anybody knows a solution so i can browse the network, without > having to change the configuration of all the machines on the local > network? Did i somewho missed an option somewhere? I'm not aware of any other available options. Mainly because of the inherent nature of netbios, which by default (b-node), uses broadcast packets to build its browser list and eventually designate a master browser through an election process. Using broadcast packets will always work fine when all servers/clients are located on a LAN because these broadcast packets will be answered. But since your PPTP server is in essence, acting as a router, the broadcast packets generated by the remote PPTP client will NOT be routed across the tunnel, so they will never be heard and/or answered. Thus, the reason for implementing a WINS server. If your wanting a second opinion, I have also implemented IPSEC based tunnels in addition to PPTP tunnels. (W2K road warriors) The following link is based on using IPSEC tunnels but describes the same problem, just using a different protocol. Anyway, I thought the author did a very good job at describing the content of your post and reinforcing what I have already stated. "If you do NOT implement a WINS server... your SOL". Checkout: http://jixen.tripod.com/rw-to-domain/win32-to-nt.html Good Luck Steve Cowles ------------------------------------------------------- From rcd at amherst.com Mon Feb 26 11:12:31 2001 From: rcd at amherst.com (Robert Dege) Date: Mon, 26 Feb 2001 12:12:31 -0500 Subject: [pptp-server] Net Neighborhood is misbehavin' Message-ID: <3A9A8E7F.40102@amherst.com> Okay, after rigorous testing, I believe that I am ready to post my question to the listserv with as much detail that I can provide. This is a slightly long read, so go grab yerself a cup of coffee. Problem: PPTP Client can't browse Network Neighborhood Some History on Network ======================= 1 - Using a Class B Network (172.28.x.x) 2 - Network consists of Win95/98/NT 4.0, Linux, Alphas, etc. 3 - No WINS, No DC, everything is Peer-to-Peer 4 - Novell issues DHCP to standard clients, and have NDS File server 5 - I have the PPTP Server setup as a WINS server (smb.conf pasted below). 6 - PPTP client is Win98 & Linux on a laptop. What works ========== 1 - PPTP Works. I can ping, telnet, http://, ftp ANY machine. 2 - When I double-click on Entire Network, I am able to see all the workgroups within the network. 3 - If I logon to Novell Client, I can successfully access any aspect of the Novell tree in Network Neighborhood (no problems detected thus far). 4 - If I do Find Computer, I am able to find a "few" computers. What doesn't work ================= 1 - When I double click on ANY workgroup in "Entire Network", I get \\Workgroup inaccessible. 2 - Almost 80% of the computers I try to find with "Find Computer" are not found. What I've noticed ================= 1 - I can't find any NT machines. 2 - I can access the 1 Win2000 computer. 3 - I have 6 machines pointed at the WINS server (1 NT, 1 95, 4 Linux). NT still can't be seen by the Client. 95 & Linux machines can be seen through "Find Computer". 4 - I have 1 Linux machine in it's own workgroup (points to WINS). I have the other 3 machines in their own Workgroup (also point to WINS). Both Workgroups are also inaccessible through "Entire Network". 5 - Since machines are DHCP, it's very difficult to net view from Windows to a IP address. I can only net view the WINS Name. Here are my Config files: /etc/pptp.conf ============== debug option /etc/ppp/options.pptp localip 172.28.254.46 #I comment this out since I assign IP's statically via PPTP #remoteip 172.28.41.40-49 /etc/ppp/options ================ lock /etc/ppp/options.pptp ===================== debug lock name pptp ms-dns 172.28.254.1 ms-wins 172.28.254.46 172.28.254.46: auth +chap +chapms +chapms-v2 chapms-strip-domain require-chap mppe-128 mppe-40 mppe-stateless require-mppe require-mppe-stateless #Stuff I want to experiment with once PPTP is completely done. #lcp-echo-failure 10 #lcp-echo-timeout 1 #mru 1450 #mtu 1450 #lcp-restart 15 proxyarp /etc/chap-secrets ============= # Secrets for authentication using CHAP # client server secret IP addresses #Use IP within same subnet to debug Nethood problem. #rcd pptp "Rob" 172.28.41.46 rcd pptp "Rob" 172.28.254.10 /etc/smb.conf ============= [global] workgroup = PPTP netbios name = Warf server string = PPTP Server log file = /var/log/samba/samba-log.%m max log size = 100 security = SHARE encrypt passwords = yes socket options = TCP_NODELAY IPTOS_LOWDELAY #Makes Samba the WINS Server wins support = yes name resolve order = wins bcast browse list = yes #To Make Samba the Default Master Server upon Election #Good For When I have to restart the Samba Server local master=yes os level=65 preferred master=yes [homes] browseable = no map archive = yes [test] comment = For testing only, please path = /home/samba read only = no guest ok = yes /sbin/ifconfig ============== eth0 Link encap:Ethernet HWaddr 00:A0:CC:D7:0E:F7 inet addr:172.28.254.46 Bcast:172.28.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1276688 errors:0 dropped:0 overruns:0 frame:0 TX packets:4655 errors:2 dropped:0 overruns:0 carrier:2 collisions:0 txqueuelen:100 Interrupt:5 Base address:0xd800 eth1 Link encap:Ethernet HWaddr 00:A0:CC:D6:86:EA inet addr:128.205.228.57 Bcast:128.205.228.63 Mask:255.255.255.240 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13267 errors:0 dropped:0 overruns:0 frame:0 TX packets:1857 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:10 Base address:0xd400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:58 errors:0 dropped:0 overruns:0 frame:0 TX packets:58 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:172.28.254.46 P-t-P:172.28.254.10 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:18 errors:0 dropped:0 overruns:0 frame:0 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 /sbin/ipchains -nL ================== Chain input (policy ACCEPT): Chain forward (policy ACCEPT): Chain output (policy ACCEPT): #I have no Rules, enabled ipchains for debugging. Finally, My Windows Logon Sequence ================================== 1. Client for Microsoft network Logon Screen User -> rcd Passwd -> Rob 2. Load DUN. 3. Enter in User -> rcd, passwd -> Rob 4. Successful connection. If there is anything that I can answer, or if anyone can point out something that I am missing, please let me know.... no matter how insignificant it may seem. Thanks -Rob From berzerke at swbell.net Mon Feb 26 17:58:44 2001 From: berzerke at swbell.net (robert) Date: Mon, 26 Feb 2001 17:58:44 -0600 Subject: [pptp-server] Net Neighborhood is misbehavin' In-Reply-To: <3A9A8E7F.40102@amherst.com> References: <3A9A8E7F.40102@amherst.com> Message-ID: <01022617584400.21990@linux> In the history section, item 3 and 5 contradict each other. I'll *assume* that is a typo in item 3. One thing that immediately springs to mind is are *ANY* of the clients (or servers) running more than one protocol? If so, this can really screw up the elections. Screwed up elections mean screwed up browsing. The other thing I noticed is from your comments, it looks like you might be running multiple subnets. Correct? On Monday 26 February 2001 11:12, Robert Dege wrote: > Okay, after rigorous testing, I believe that I am ready to post my > question to the listserv with as much detail that I can provide. > This is a slightly long read, so go grab yerself a cup of coffee. > > Problem: PPTP Client can't browse Network Neighborhood > > Some History on Network > ======================= > 1 - Using a Class B Network (172.28.x.x) > 2 - Network consists of Win95/98/NT 4.0, Linux, Alphas, etc. Nice mix. Must be fun supporting all of them :) > 3 - No WINS, No DC, everything is Peer-to-Peer > 4 - Novell issues DHCP to standard clients, and have NDS File server > 5 - I have the PPTP Server setup as a WINS server (smb.conf pasted below). > 6 - PPTP client is Win98 & Linux on a laptop. > > What works > ========== > 1 - PPTP Works. I can ping, telnet, http://, FTP ANY machine. Browsing is often a separate issue from connectivity. This says it is not a connectivity problem. > 2 - When I double-click on Entire Network, I am able to see all the > workgroups within the network. > 3 - If I logon to Novell Client, I can successfully access any aspect of > the Novell tree in Network Neighborhood (no problems detected thus far). Wins is a MS "invention". Everything I've seen says that client for microsoft networks must be used. Can't speak with authority on that though. > 4 - If I do Find Computer, I am able to find a "few" computers. > > > What doesn't work > ================= > 1 - When I double click on ANY workgroup in "Entire Network", I get > \\Workgroup inaccessible. > 2 - Almost 80% of the computers I try to find with "Find Computer" are > not found. > > > What I've noticed > ================= > 1 - I can't find any NT machines. > 2 - I can access the 1 Win2000 computer. > 3 - I have 6 machines pointed at the WINS server (1 NT, 1 95, 4 Linux). > NT still can't be seen by the Client. 95 & Linux machines can be seen > through "Find Computer". Wins tends to work best with ALL machines configured to use Wins. > 4 - I have 1 Linux machine in it's own workgroup (points to WINS). I > have the other 3 machines in their own Workgroup (also point to WINS). > Both Workgroups are also inaccessible through "Entire Network". > 5 - Since machines are DHCP, it's very difficult to net view from > Windows to a IP address. I can only net view the WINS Name. You might try temporarily assigning a few IP addresses. However, if they don't register with Wins, and broadcasts don't pass, you still won't see them. (I don't understand why, I've seen it happen personally.) > > > > Here are my Config files: > > /etc/pptp.conf > ============== > debug > option /etc/ppp/options.pptp > localip 172.28.254.46 > #I comment this out since I assign IP's statically via PPTP > #remoteip 172.28.41.40-49 > > > /etc/ppp/options > ================ > lock > > > /etc/ppp/options.pptp > ===================== > debug > lock > name pptp > ms-dns 172.28.254.1 > ms-wins 172.28.254.46 > 172.28.254.46: > auth Some people have better luck with noauth, but this probably isn't the source of your problem. > > +chap > +chapms > +chapms-v2 > chapms-strip-domain > require-chap > > mppe-128 > mppe-40 > mppe-stateless > require-mppe > require-mppe-stateless > > #Stuff I want to experiment with once PPTP is completely done. > #lcp-echo-failure 10 > #lcp-echo-timeout 1 > #mru 1450 > #mtu 1450 > #lcp-restart 15 > > proxyarp > > > /etc/chap-secrets > ============= > # Secrets for authentication using CHAP > # client server secret IP addresses > #Use IP within same subnet to debug Nethood problem. > #rcd pptp "Rob" 172.28.41.46 > rcd pptp "Rob" 172.28.254.10 > > > /etc/smb.conf > ============= > [global] > workgroup = PPTP > netbios name = Warf > server string = PPTP Server > log file = /var/log/samba/samba-log.%m > max log size = 100 > security = SHARE > encrypt passwords = yes > socket options = TCP_NODELAY IPTOS_LOWDELAY > > #Makes Samba the WINS Server > wins support = yes > name resolve order = wins bcast > browse list = yes > > #To Make Samba the Default Master Server upon Election > #Good For When I have to restart the Samba Server > local master=yes > os level=65 > preferred master=yes > > [homes] > browseable = no > map archive = yes > > [test] > comment = For testing only, please > path = /home/samba > read only = no > guest ok = yes > > > > /sbin/ifconfig > ============== > eth0 Link encap:Ethernet HWaddr 00:A0:CC:D7:0E:F7 > inet addr:172.28.254.46 Bcast:172.28.255.255 Mask:255.255.0.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:1276688 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4655 errors:2 dropped:0 overruns:0 carrier:2 > collisions:0 txqueuelen:100 > Interrupt:5 Base address:0xd800 > > eth1 Link encap:Ethernet HWaddr 00:A0:CC:D6:86:EA > inet addr:128.205.228.57 Bcast:128.205.228.63 > Mask:255.255.255.240 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:13267 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1857 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:10 Base address:0xd400 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:58 errors:0 dropped:0 overruns:0 frame:0 > TX packets:58 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > > ppp0 Link encap:Point-to-Point Protocol > inet addr:172.28.254.46 P-t-P:172.28.254.10 > Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:18 errors:0 dropped:0 overruns:0 frame:0 > TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:10 > > > > /sbin/ipchains -nL > ================== > Chain input (policy ACCEPT): > Chain forward (policy ACCEPT): > Chain output (policy ACCEPT): > #I have no Rules, enabled ipchains for debugging. > > > Finally, My Windows Logon Sequence > ================================== > 1. Client for Microsoft network Logon Screen > User -> rcd > Passwd -> Rob > 2. Load DUN. > 3. Enter in User -> rcd, passwd -> Rob > 4. Successful connection. > > > If there is anything that I can answer, or if anyone can point out > something that I am missing, please let me know.... no matter how > insignificant it may seem. > > > Thanks > > -Rob From tife.chan at adsociety.com Mon Feb 26 20:08:01 2001 From: tife.chan at adsociety.com (Tife Chan) Date: Tue, 27 Feb 2001 10:08:01 +0800 Subject: [pptp-server] PPTP Server Help!!!1 In-Reply-To: <001a01bf633f$31ef0260$0900a8c0@serpent> Message-ID: First of all you need to have a WINS server setup in your network. Then in the ppp options file in the PPTP server, assign that WINS server to client. Regards, Tife -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Serpent Sent: Thursday, January 20, 2000 8:09 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] PPTP Server Help!!!1 Can someone pls help me.. ok.. i got 2 people connecting to my vpn server atm it works fine.. but i want them to be able to see each other in network neighbourhood.. could someone pls help me it's really important :) Thanx.. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rdege at cse.Buffalo.EDU Mon Feb 26 20:40:09 2001 From: rdege at cse.Buffalo.EDU (Robert Dege) Date: Mon, 26 Feb 2001 21:40:09 -0500 (EST) Subject: [pptp-server] Net Neighborhood is misbehavin' In-Reply-To: <01022617584400.21990@linux> Message-ID: > In the history section, item 3 and 5 contradict each other. I'll *assume* > that is a typo in item 3. Step 3 was the setup of the network prior to the inclusion of the PPTP server. Since the PPTP server was installed, a WINS server was added to the network. But only a few machines (6) are pointing to the WINS server.... until this problem is solved. > One thing that immediately springs to mind is are *ANY* of the clients (or > servers) running more than one protocol? If so, this can really screw up the > elections. Screwed up elections mean screwed up browsing. Client for Novell Networks is installed as well as IPX/SPX protocol. Can NetBIOS be directed to run over IPX instead of TCP/IP? > The other thing I noticed is from your comments, it looks like you might be > running multiple subnets. Correct? Our network is a Class B network (255.255.0.0) Our IP addresses range from 172.28.0.0 - 172.28.255.255 -Rob > > On Monday 26 February 2001 11:12, Robert Dege wrote: > > Okay, after rigorous testing, I believe that I am ready to post my > > question to the listserv with as much detail that I can provide. > > This is a slightly long read, so go grab yerself a cup of coffee. > > > > Problem: PPTP Client can't browse Network Neighborhood > > > > Some History on Network > > ======================= > > 1 - Using a Class B Network (172.28.x.x) > > 2 - Network consists of Win95/98/NT 4.0, Linux, Alphas, etc. > Nice mix. Must be fun supporting all of them :) > > 3 - No WINS, No DC, everything is Peer-to-Peer > > 4 - Novell issues DHCP to standard clients, and have NDS File server > > 5 - I have the PPTP Server setup as a WINS server (smb.conf pasted below). > > 6 - PPTP client is Win98 & Linux on a laptop. > > > > What works > > ========== > > 1 - PPTP Works. I can ping, telnet, http://, FTP ANY machine. > Browsing is often a separate issue from connectivity. This says it is not a > connectivity problem. > > > 2 - When I double-click on Entire Network, I am able to see all the > > workgroups within the network. > > 3 - If I logon to Novell Client, I can successfully access any aspect of > > the Novell tree in Network Neighborhood (no problems detected thus far). > Wins is a MS "invention". Everything I've seen says that client for > microsoft networks must be used. Can't speak with authority on that though. > > 4 - If I do Find Computer, I am able to find a "few" computers. > > > > > > What doesn't work > > ================= > > 1 - When I double click on ANY workgroup in "Entire Network", I get > > \\Workgroup inaccessible. > > 2 - Almost 80% of the computers I try to find with "Find Computer" are > > not found. > > > > > > What I've noticed > > ================= > > 1 - I can't find any NT machines. > > 2 - I can access the 1 Win2000 computer. > > 3 - I have 6 machines pointed at the WINS server (1 NT, 1 95, 4 Linux). > > NT still can't be seen by the Client. 95 & Linux machines can be seen > > through "Find Computer". > Wins tends to work best with ALL machines configured to use Wins. > > > 4 - I have 1 Linux machine in it's own workgroup (points to WINS). I > > have the other 3 machines in their own Workgroup (also point to WINS). > > Both Workgroups are also inaccessible through "Entire Network". > > 5 - Since machines are DHCP, it's very difficult to net view from > > Windows to a IP address. I can only net view the WINS Name. > You might try temporarily assigning a few IP addresses. However, if they > don't register with Wins, and broadcasts don't pass, you still won't see > them. (I don't understand why, I've seen it happen personally.) > > > > > > > > > Here are my Config files: > > > > /etc/pptp.conf > > ============== > > debug > > option /etc/ppp/options.pptp > > localip 172.28.254.46 > > #I comment this out since I assign IP's statically via PPTP > > #remoteip 172.28.41.40-49 > > > > > > /etc/ppp/options > > ================ > > lock > > > > > > /etc/ppp/options.pptp > > ===================== > > debug > > lock > > name pptp > > ms-dns 172.28.254.1 > > ms-wins 172.28.254.46 > > 172.28.254.46: > > auth > Some people have better luck with noauth, but this probably isn't the source > of your problem. > > > > > +chap > > +chapms > > +chapms-v2 > > chapms-strip-domain > > require-chap > > > > mppe-128 > > mppe-40 > > mppe-stateless > > require-mppe > > require-mppe-stateless > > > > #Stuff I want to experiment with once PPTP is completely done. > > #lcp-echo-failure 10 > > #lcp-echo-timeout 1 > > #mru 1450 > > #mtu 1450 > > #lcp-restart 15 > > > > proxyarp > > > > > > /etc/chap-secrets > > ============= > > # Secrets for authentication using CHAP > > # client server secret IP addresses > > #Use IP within same subnet to debug Nethood problem. > > #rcd pptp "Rob" 172.28.41.46 > > rcd pptp "Rob" 172.28.254.10 > > > > > > /etc/smb.conf > > ============= > > [global] > > workgroup = PPTP > > netbios name = Warf > > server string = PPTP Server > > log file = /var/log/samba/samba-log.%m > > max log size = 100 > > security = SHARE > > encrypt passwords = yes > > socket options = TCP_NODELAY IPTOS_LOWDELAY > > > > #Makes Samba the WINS Server > > wins support = yes > > name resolve order = wins bcast > > browse list = yes > > > > #To Make Samba the Default Master Server upon Election > > #Good For When I have to restart the Samba Server > > local master=yes > > os level=65 > > preferred master=yes > > > > [homes] > > browseable = no > > map archive = yes > > > > [test] > > comment = For testing only, please > > path = /home/samba > > read only = no > > guest ok = yes > > > > > > > > /sbin/ifconfig > > ============== > > eth0 Link encap:Ethernet HWaddr 00:A0:CC:D7:0E:F7 > > inet addr:172.28.254.46 Bcast:172.28.255.255 Mask:255.255.0.0 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:1276688 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:4655 errors:2 dropped:0 overruns:0 carrier:2 > > collisions:0 txqueuelen:100 > > Interrupt:5 Base address:0xd800 > > > > eth1 Link encap:Ethernet HWaddr 00:A0:CC:D6:86:EA > > inet addr:128.205.228.57 Bcast:128.205.228.63 > > Mask:255.255.255.240 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:13267 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:1857 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:100 > > Interrupt:10 Base address:0xd400 > > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > UP LOOPBACK RUNNING MTU:3924 Metric:1 > > RX packets:58 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:58 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > > > ppp0 Link encap:Point-to-Point Protocol > > inet addr:172.28.254.46 P-t-P:172.28.254.10 > > Mask:255.255.255.255 > > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > > RX packets:18 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:10 > > > > > > > > /sbin/ipchains -nL > > ================== > > Chain input (policy ACCEPT): > > Chain forward (policy ACCEPT): > > Chain output (policy ACCEPT): > > #I have no Rules, enabled ipchains for debugging. > > > > > > Finally, My Windows Logon Sequence > > ================================== > > 1. Client for Microsoft network Logon Screen > > User -> rcd > > Passwd -> Rob > > 2. Load DUN. > > 3. Enter in User -> rcd, passwd -> Rob > > 4. Successful connection. > > > > > > If there is anything that I can answer, or if anyone can point out > > something that I am missing, please let me know.... no matter how > > insignificant it may seem. > > > > > > Thanks > > > > -Rob > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > Dege To be intoxicated is to feel sophisticated but not be able to say it. From berzerke at swbell.net Mon Feb 26 22:02:00 2001 From: berzerke at swbell.net (robert) Date: Mon, 26 Feb 2001 22:02:00 -0600 Subject: [pptp-server] Net Neighborhood is misbehavin' In-Reply-To: References: Message-ID: <01022622020001.21990@linux> On Monday 26 February 2001 20:40, Robert Dege wrote: > > In the history section, item 3 and 5 contradict each other. I'll > > *assume* that is a typo in item 3. > > Step 3 was the setup of the network prior to the inclusion of the PPTP > server. Since the PPTP server was installed, a WINS server was added to > the network. But only a few machines (6) are pointing to the WINS > server.... until this problem is solved. Then the *ONLY* computers you will be able to browse (short of hosts and lmhosts) are those six. > > > One thing that immediately springs to mind is are *ANY* of the clients > > (or servers) running more than one protocol? If so, this can really > > screw up the elections. Screwed up elections mean screwed up browsing. > > Client for Novell Networks is installed as well as IPX/SPX protocol. > Can NetBIOS be directed to run over IPX instead of TCP/IP? Yes, and that is the problem. From the 2.4 Kernel PPTPD Howto: 5.10 Q: Browsing doesn't work. How do I fix it? A: Are *ANY* of the clients running more than one protocol? From the Samba docs: "Every NetBIOS machine take part in a process of electing the LMB [Local Master Browser] (and DMB [Domain Master Browser]) every 15 minutes...The election process is "fought out" so to speak over every NetBIOS network interface. In the case of a Windows 9x machine that has both TCP/IP and IPX installed and has NetBIOS enabled over both protocols the election will be decided over both protocols. As often happens, if the Windows 9x machine is the only one with both protocols then the LMB may be won on the NetBIOS interface over the IPX protocol. Samba will then lose the LMB role as Windows 9x will insist it knows who the LMB is. Samba will then cease to function as an LMB and thus browse list operation on all TCP/IP only machines will fail. > > > The other thing I noticed is from your comments, it looks like you might > > be running multiple subnets. Correct? > > Our network is a Class B network (255.255.0.0) Our IP addresses range > from 172.28.0.0 - 172.28.255.255 > > > -Rob > Your comment: > > /etc/chap-secrets > > #Use IP within same subnet to debug Nethood problem. lead me to believe there were multiple "networks" to deal with. If there's not, then situation is a whole lot simpler. Robert Spotswood From Steve at SteveCowles.com Mon Feb 26 23:58:22 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 26 Feb 2001 23:58:22 -0600 Subject: [pptp-server] Net Neighborhood is misbehavin' Message-ID: <90769AF04F76D41186C700A0C90AFC3EE67E@defiant.infohiiway.com> > -----Original Message----- > From: robert [mailto:berzerke at swbell.net] > Sent: Monday, February 26, 2001 10:02 PM > To: Robert Dege > Cc: pptp-server > Subject: Re: [pptp-server] Net Neighborhood is misbehavin' > > Yes, and that is the problem. From the 2.4 Kernel PPTPD Howto: > > 5.10 Q: Browsing doesn't work. How do I fix it? > > > A: Are *ANY* of the clients running more than one protocol? > From the Samba docs: "Every NetBIOS machine take part in a > process of electing the LMB [Local Master Browser] (and DMB > [Domain Master Browser]) every 15 minutes...The election > process is "fought out" so to speak over every NetBIOS > network interface. In the case of a Windows 9x machine that > has both TCP/IP and IPX installed and has NetBIOS enabled > over both protocols the election will be decided over both > protocols. As often happens, if the Windows 9x machine is > the only one with both protocols then the LMB may be won on > the NetBIOS interface over the IPX protocol. Samba will then > lose the LMB role as Windows 9x will insist it knows who the > LMB is. Samba will then cease to function as an LMB and thus > browse list operation on all TCP/IP only machines will fail. > I could be way off base here (its been a few years) but I seem to remember having a similar problem as described above. To make a long story short, I thought we fixed the problem by changing the binding order of the protocols to give TCP/IP precedence. I just checked the MS site and couldn't find the article I remember reading, but I seem to remember either editing a registry setting or (on NT) goto network->properties->bindings and "move-up/move-down" the protocol binding order. Just a thought! Steve Cowles From gregj at enesbe.com.au Tue Feb 27 16:23:46 2001 From: gregj at enesbe.com.au (Greg Johnstone) Date: Wed, 28 Feb 2001 09:23:46 +1100 Subject: [pptp-server] Downloads and documentation Message-ID: <71A4E1E5284ED41182D900C04F9A7464DB3F@ent01> Greetings, I have been struggling for a few hours trying to download and gunzip your files and documentation. Each time gunzip failed. I then realised the files were not gzipped at all, and removing the .gz extension solved the problem. Regards ============================================== Greg Johnstone Enesbe Sales Pty Ltd Level 12, 530 Little Collins Street Melbourne, VIC 3000 Australia E-mail: gregj at enesbe.com.au Phone: +61 3 9909 7970 Fax: +61 3 9923 6166 Mobile: 041 735 4443 WEB: ============================================ -------------- next part -------------- An HTML attachment was scrubbed... URL: From johnf at inodes.org Tue Feb 27 16:45:20 2001 From: johnf at inodes.org (John Ferlito) Date: Wed, 28 Feb 2001 09:45:20 +1100 Subject: [pptp-server] Encryption and Win2k Message-ID: <20010228094520.Z22707@inodes.org> Has anyone actually gotten this to work. My current setup is a patched 2.4.2 kernel and a patched pppd2.4.0f. Without encryption everthing works fine. Encryption also works fine with 95/98/ME but not with win2k. From what I can work out win2k is paqssig the packets up and down the tunnel. Eg if the win2k box pings the server it gets the ping packet and the win2k box receives it, I can tell since the little light in the tool bar flashes. But the ping program doesn't actually get the icmp packet. It's as if the win2k kernel is dropping it at some stage for some reason. Has anyone had any sucess with this setup? -- John Ferlito Senior Engineer - Bulletproof Networks ph: +61 (0) 410 519 382 http://www.bulletproof.net.au/ From vu at sivell.com Tue Feb 27 19:38:28 2001 From: vu at sivell.com (Vu Pham) Date: Tue, 27 Feb 2001 19:38:28 -0600 Subject: [pptp-server] Encryption and Win2k References: <20010228094520.Z22707@inodes.org> Message-ID: <005601c0a127$2715a3e0$c802a8c0@khoapham> ----- Original Message ----- From: "John Ferlito" To: Sent: Tuesday, February 27, 2001 4:45 PM Subject: [pptp-server] Encryption and Win2k > Has anyone actually gotten this to work. My current setup is a > patched 2.4.2 kernel and a patched pppd2.4.0f. Without encryption > everthing works fine. > > Encryption also works fine with 95/98/ME but not with win2k. > > From what I can work out win2k is paqssig the packets up and > down the tunnel. Eg if the win2k box pings the server it gets the ping > packet and the win2k box receives it, I can tell since the little light > in the tool bar flashes. But the ping program doesn't actually get the > icmp packet. It's as if the win2k kernel is dropping it at some stage > for some reason. > > Has anyone had any sucess with this setup? > Use 128-bit with data encryption. Also don't forget to upgrade your W2k to 128 bit. Vu From dreadboy at hotmail.com Tue Feb 27 21:49:41 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Tue, 27 Feb 2001 20:49:41 -0700 Subject: [pptp-server] ppp forwarding - more questions... Message-ID: Thx Tim! That did work, mostly. I can now see a list of machines on the LAN. However, I could only access the PPTPD server and the remote machines shares, remotely. Any other machines on the network I could neither ping or access their share lists. Any ideas on this one? >From: Tim Canfield >To: Dread Boy >Subject: Re: [pptp-server] Netmask woes... Detailed files >Date: Sat, 24 Feb 2001 01:17:14 -0800 (PST) > >DB, > >One of the things you may be missing is ipchains rules which allow packets >coming from ppp* to be forwarded. You could set these rules up statically, >but >I do it dynamically using the scripts ip-up and ip-down. They are >described in >the pppd man page. > >My ip-up.local contains: > > #!/bin/bash > > > > REALDEVICE=$1 > > > > export PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin > > > > ipchains -A input -i $REALDEVICE -j ACCEPT > > ipchains -A output -i $REALDEVICE -j ACCEPT > > ipchains -A forward -i $REALDEVICE -j ACCEPT > >My ip-down.local contains" > > #!/bin/bash > > > > REALDEVICE=$1 > > > > export PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin > > > > ipchains -D input -i $REALDEVICE -j ACCEPT > > ipchains -D output -i $REALDEVICE -j ACCEPT > > ipchains -D forward -i $REALDEVICE -j ACCEPT > > >If you set the rules up dynamically, you should remove them when the ppp >session is finished, otherwise you will end up with too many ipchains >rules. > >As long as the rest of your firewall is set up correctly, these simple >rules >above shouldn't open up any security holes. If they do, hopefully someone >will >comment. > >Tim _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From Steve at SteveCowles.com Wed Feb 28 00:08:10 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 28 Feb 2001 00:08:10 -0600 Subject: [pptp-server] ppp forwarding - more questions... Message-ID: <90769AF04F76D41186C700A0C90AFC3EE681@defiant.infohiiway.com> > -----Original Message----- > From: Dread Boy [mailto:dreadboy at hotmail.com] > Sent: Tuesday, February 27, 2001 9:50 PM > To: canfieldtim at yahoo.com; pptp-server at lists.schulte.org > Subject: [pptp-server] ppp forwarding - more questions... > > > Thx Tim! That did work, mostly. I can now see a list of > machines on the LAN. However, I could only access the > PPTPD server and the remote machines shares, remotely. > Any other machines on the network I could neither ping or > access their share lists. > > Any ideas on this one? Your almost there! But if you are not able to ping other "machines" on your LAN then you have not resolved your layer 3 protocol issues. i.e. routing TCP/IP, PPTP and PPP. 99% of the time this problem can be traced to your ipchain rules NOT allowing packets of data to be ACCEPT'd and/or FORWARD'd from eth+ to ppp+ devices and vice versa. In addition to what Tim has posted, I find the following ipchain option helpful in resolving problems with rules that I know "should" work. (famous last words!) Anyway, try: ipchains -L -n --line-numbers The line-number option will point out where that rules position is in your input/output/forward chains. i.e. Do you have a DENY rule being processed before your ACCEPT rules? In other words, have you used append (-A) when you should have used insert (-I) when adding rules to your firewall script. Especially in your forward chains. Good luck! Steve Cowles > > > > From: Tim Canfield > > To: Dread Boy > > Subject: Re: [pptp-server] Netmask woes... Detailed files > > Date: Sat, 24 Feb 2001 01:17:14 -0800 (PST) > > > > DB, > > > > One of the things you may be missing is ipchains rules which > > allow packets coming from ppp* to be forwarded. You could > > set these rules up statically, but I do it dynamically using > > the scripts ip-up and ip-down. They are described in the pppd > > man page. > > > > My ip-up.local contains: > > #!/bin/bash > > > > REALDEVICE=$1 > > > > export > > PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin: > > /usr/local/bin > > > > ipchains -A input -i $REALDEVICE -j ACCEPT > > ipchains -A output -i $REALDEVICE -j ACCEPT > > ipchains -A forward -i $REALDEVICE -j ACCEPT > > > > My ip-down.local contains" > > #!/bin/bash > > > > REALDEVICE=$1 > > > > export > > PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin: > > /usr/local/bin > > > > ipchains -D input -i $REALDEVICE -j ACCEPT > > ipchains -D output -i $REALDEVICE -j ACCEPT > > ipchains -D forward -i $REALDEVICE -j ACCEPT > > > > > > If you set the rules up dynamically, you should remove them > > when the ppp session is finished, otherwise you will end up > > with too many ipchains rules. > > > > As long as the rest of your firewall is set up correctly, > > these simple rules above shouldn't open up any security holes. > > If they do, hopefully someone will comment. > > > > Tim From Tony.Alfredsson at LandFocus.se Wed Feb 28 02:26:05 2001 From: Tony.Alfredsson at LandFocus.se (Tony Alfredsson) Date: Wed, 28 Feb 2001 09:26:05 +0100 Subject: [pptp-server] mppe alpha patch Message-ID: Hi, Anyone know about an mppe patch for the ppp/kernel 2.4* that works on the alpha systems? /Tony _______________________________________________________________________ Tony Alfredsson E-mail: tony.alfredsson at landfocus.se LandFocus AB Phone : +46 (0)8 655 32 70 Member of the LandFocus Group Fax : +46 (0)8 655 32 79 ESRI Sweden, LandFocus and GISFocus From jkreger at avidsolutionsinc.com Wed Feb 28 05:46:09 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Wed, 28 Feb 2001 06:46:09 -0500 Subject: [pptp-server] Encryption and Win2k Message-ID: <6B8A85826C35D31193BD0090278589C81DF027@CIC-EXCHANGE> I'm running 2.2.16. I have no problem with win2k clients, but Win2k Routing and Remote Access Servers using Demand-Dial/Presistant connections, connect, but stop routing traffic back. RIPv2 Broadcasts work, but traffic does not return. -----Original Message----- From: Vu Pham To: John Ferlito; pptp-server at lists.schulte.org Sent: 2/27/01 8:38 PM Subject: Re: [pptp-server] Encryption and Win2k ----- Original Message ----- From: "John Ferlito" To: Sent: Tuesday, February 27, 2001 4:45 PM Subject: [pptp-server] Encryption and Win2k > Has anyone actually gotten this to work. My current setup is a > patched 2.4.2 kernel and a patched pppd2.4.0f. Without encryption > everthing works fine. > > Encryption also works fine with 95/98/ME but not with win2k. > > From what I can work out win2k is paqssig the packets up and > down the tunnel. Eg if the win2k box pings the server it gets the ping > packet and the win2k box receives it, I can tell since the little light > in the tool bar flashes. But the ping program doesn't actually get the > icmp packet. It's as if the win2k kernel is dropping it at some stage > for some reason. > > Has anyone had any sucess with this setup? > Use 128-bit with data encryption. Also don't forget to upgrade your W2k to 128 bit. Vu _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From dreadboy at hotmail.com Wed Feb 28 17:07:12 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Wed, 28 Feb 2001 16:07:12 -0700 Subject: [pptp-server] ppp forwarding - more questions... Message-ID: Thx for the advice so far, Steve. I believe you're probably right, although I'm not sure why I CAN see the main server's shares but not the others - all of them, including the server are on eth0 (192.168.0.x) and my connection is coming through ppp0 (albeit on eth1 in real life). Why would I be able to see it but not the others if my ipchains script is messing up eth0-ppp connections? >From: "Cowles, Steve" >To: pptp-server at lists.schulte.org >CC: "'Dread Boy'" >Subject: RE: [pptp-server] ppp forwarding - more questions... >Date: Wed, 28 Feb 2001 00:08:10 -0600 > > > -----Original Message----- > > From: Dread Boy [mailto:dreadboy at hotmail.com] > > Sent: Tuesday, February 27, 2001 9:50 PM > > To: canfieldtim at yahoo.com; pptp-server at lists.schulte.org > > Subject: [pptp-server] ppp forwarding - more questions... > > > > > > Thx Tim! That did work, mostly. I can now see a list of > > machines on the LAN. However, I could only access the > > PPTPD server and the remote machines shares, remotely. > > Any other machines on the network I could neither ping or > > access their share lists. > > > > Any ideas on this one? > >Your almost there! But if you are not able to ping other "machines" on your >LAN then you have not resolved your layer 3 protocol issues. i.e. routing >TCP/IP, PPTP and PPP. 99% of the time this problem can be traced to your >ipchain rules NOT allowing packets of data to be ACCEPT'd and/or FORWARD'd >from eth+ to ppp+ devices and vice versa. > >In addition to what Tim has posted, I find the following ipchain option >helpful in resolving problems with rules that I know "should" work. (famous >last words!) > >Anyway, try: ipchains -L -n --line-numbers > >The line-number option will point out where that rules position is in your >input/output/forward chains. i.e. Do you have a DENY rule being processed >before your ACCEPT rules? In other words, have you used append (-A) when >you >should have used insert (-I) when adding rules to your firewall script. >Especially in your forward chains. > >Good luck! >Steve Cowles > > > > > > > > From: Tim Canfield > > > To: Dread Boy > > > Subject: Re: [pptp-server] Netmask woes... Detailed files > > > Date: Sat, 24 Feb 2001 01:17:14 -0800 (PST) > > > > > > DB, > > > > > > One of the things you may be missing is ipchains rules which > > > allow packets coming from ppp* to be forwarded. You could > > > set these rules up statically, but I do it dynamically using > > > the scripts ip-up and ip-down. They are described in the pppd > > > man page. > > > > > > My ip-up.local contains: > > > #!/bin/bash > > > > > > REALDEVICE=$1 > > > > > > export > > > PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin: > > > /usr/local/bin > > > > > > ipchains -A input -i $REALDEVICE -j ACCEPT > > > ipchains -A output -i $REALDEVICE -j ACCEPT > > > ipchains -A forward -i $REALDEVICE -j ACCEPT > > > > > > My ip-down.local contains" > > > #!/bin/bash > > > > > > REALDEVICE=$1 > > > > > > export > > > PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin: > > > /usr/local/bin > > > > > > ipchains -D input -i $REALDEVICE -j ACCEPT > > > ipchains -D output -i $REALDEVICE -j ACCEPT > > > ipchains -D forward -i $REALDEVICE -j ACCEPT > > > > > > > > > If you set the rules up dynamically, you should remove them > > > when the ppp session is finished, otherwise you will end up > > > with too many ipchains rules. > > > > > > As long as the rest of your firewall is set up correctly, > > > these simple rules above shouldn't open up any security holes. > > > If they do, hopefully someone will comment. > > > > > > Tim >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From jvonau at home.com Wed Feb 28 21:30:15 2001 From: jvonau at home.com (Jerry Vonau) Date: Wed, 28 Feb 2001 21:30:15 -0600 Subject: [pptp-server] ppp forwarding - more questions... References: Message-ID: <3A9DC247.699CEEE5@home.com> Dread Boy: This is what I use in ip-up.local: /sbin/ipchains -I input -i eth1 -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT /sbin/ipchains -I output -i eth1 -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT /sbin/ipchains -I forward -i eth1 -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT /sbin/ipchains -I input -i ppp+ -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT /sbin/ipchains -I output -i ppp+ -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT /sbin/ipchains -I forward -i ppp+ -d 10.0.0.0/8 -s 10.0.0.0/8 -j ACCEPT Make sure that there is an entry in the /var/log/messages, when the link is brought up, that says: Feb 2 20:05:59 vvvvvvv pppd[23097]: found interface eth? for proxy arp If not you won't see jack past the pptp server. The cause is the remote ip that is not in the same range as the local lan that it can use for proxyarp. In pptp.conf are the local and remote ip on the same address range? ie: local 192.168.0.1 remote 192.168.0.111-121 If not the proxyarp will fail and you'll have to add the arp statement in ip-up.local. You have proxyarp in the options file? Jerry Vonau Dread Boy wrote: > Thx for the advice so far, Steve. > > I believe you're probably right, although I'm not sure why I CAN see the > main server's shares but not the others - all of them, including the server > are on eth0 (192.168.0.x) and my connection is coming through ppp0 (albeit > on eth1 in real life). > > Why would I be able to see it but not the others if my ipchains script is > messing up eth0-ppp connections? > > >From: "Cowles, Steve" > >To: pptp-server at lists.schulte.org > >CC: "'Dread Boy'" > >Subject: RE: [pptp-server] ppp forwarding - more questions... > >Date: Wed, 28 Feb 2001 00:08:10 -0600 > > > > > -----Original Message----- > > > From: Dread Boy [mailto:dreadboy at hotmail.com] > > > Sent: Tuesday, February 27, 2001 9:50 PM > > > To: canfieldtim at yahoo.com; pptp-server at lists.schulte.org > > > Subject: [pptp-server] ppp forwarding - more questions... > > > > > > > > > Thx Tim! That did work, mostly. I can now see a list of > > > machines on the LAN. However, I could only access the > > > PPTPD server and the remote machines shares, remotely. > > > Any other machines on the network I could neither ping or > > > access their share lists. > > > > > > Any ideas on this one? > > > >Your almost there! But if you are not able to ping other "machines" on your > >LAN then you have not resolved your layer 3 protocol issues. i.e. routing > >TCP/IP, PPTP and PPP. 99% of the time this problem can be traced to your > >ipchain rules NOT allowing packets of data to be ACCEPT'd and/or FORWARD'd > >from eth+ to ppp+ devices and vice versa. > > > >In addition to what Tim has posted, I find the following ipchain option > >helpful in resolving problems with rules that I know "should" work. (famous > >last words!) > > > >Anyway, try: ipchains -L -n --line-numbers > > > >The line-number option will point out where that rules position is in your > >input/output/forward chains. i.e. Do you have a DENY rule being processed > >before your ACCEPT rules? In other words, have you used append (-A) when > >you > >should have used insert (-I) when adding rules to your firewall script. > >Especially in your forward chains. > > > >Good luck! > >Steve Cowles > > > > > > > > > > > > From: Tim Canfield > > > > To: Dread Boy > > > > Subject: Re: [pptp-server] Netmask woes... Detailed files > > > > Date: Sat, 24 Feb 2001 01:17:14 -0800 (PST) > > > > > > > > DB, > > > > > > > > One of the things you may be missing is ipchains rules which > > > > allow packets coming from ppp* to be forwarded. You could > > > > set these rules up statically, but I do it dynamically using > > > > the scripts ip-up and ip-down. They are described in the pppd > > > > man page. > > > > > > > > My ip-up.local contains: > > > > #!/bin/bash > > > > > > > > REALDEVICE=$1 > > > > > > > > export > > > > PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin: > > > > /usr/local/bin > > > > > > > > ipchains -A input -i $REALDEVICE -j ACCEPT > > > > ipchains -A output -i $REALDEVICE -j ACCEPT > > > > ipchains -A forward -i $REALDEVICE -j ACCEPT > > > > > > > > My ip-down.local contains" > > > > #!/bin/bash > > > > > > > > REALDEVICE=$1 > > > > > > > > export > > > > PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin: > > > > /usr/local/bin > > > > > > > > ipchains -D input -i $REALDEVICE -j ACCEPT > > > > ipchains -D output -i $REALDEVICE -j ACCEPT > > > > ipchains -D forward -i $REALDEVICE -j ACCEPT > > > > > > > > > > > > If you set the rules up dynamically, you should remove them > > > > when the ppp session is finished, otherwise you will end up > > > > with too many ipchains rules. > > > > > > > > As long as the rest of your firewall is set up correctly, > > > > these simple rules above shouldn't open up any security holes. > > > > If they do, hopefully someone will comment. > > > > > > > > Tim > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >List services provided by www.schulteconsulting.com! > > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com!