From raul at hotelsearch.com Tue Jan 2 09:07:53 2001 From: raul at hotelsearch.com (Raul Benito) Date: Tue, 02 Jan 2001 16:07:53 +0100 Subject: [pptp-server] Problems with forwarding GRE with Zolryx prestige 624R Message-ID: <3A51EEC9.34BE511D@hotelsearch.com> I have a problem forwarding GRE with ADSL connected to that router. In theory it's straight forward. But I try it and it dosn't work with a diul-up conecction. I don't know if it's the ADSL router who is droping the GRE packets, or it's any router in the packet path. Is there any tool like traceroute for GRE channels to know how is dropping the packets? or has anyone make this kind of router works? Thanks. Raul From GeorgeV at citadelcomputer.com.au Tue Jan 2 15:33:48 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 3 Jan 2001 08:33:48 +1100 Subject: [pptp-server] Problems with forwarding GRE with Zolryx presti ge 624R Message-ID: <200FAA488DE0D41194F10010B597610D012430@JUPITER> you could try tcpdump and either watch by port address or IP... thanks, George Vieira -----Original Message----- From: Raul Benito [mailto:raul at hotelsearch.com] Sent: Wednesday, January 03, 2001 2:08 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Problems with forwarding GRE with Zolryx prestige 624R I have a problem forwarding GRE with ADSL connected to that router. In theory it's straight forward. But I try it and it dosn't work with a diul-up conecction. I don't know if it's the ADSL router who is droping the GRE packets, or it's any router in the packet path. Is there any tool like traceroute for GRE channels to know how is dropping the packets? or has anyone make this kind of router works? Thanks. Raul _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From anesthes at cisdi.com Tue Jan 2 21:06:23 2001 From: anesthes at cisdi.com (Joey Coco) Date: Tue, 2 Jan 2001 22:06:23 -0500 (EST) Subject: [pptp-server] Poptop w/ static IP. Message-ID: Anyone have any idea how to get poptop/pppd to give out static IP's based on hostname?? I tried having the remote end assign the IP, but the poptop server will either give out a dynamic IP, or make one up.. -- Joe From GeorgeV at citadelcomputer.com.au Tue Jan 2 21:26:03 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 3 Jan 2001 14:26:03 +1100 Subject: [pptp-server] Poptop w/ static IP. Message-ID: <200FAA488DE0D41194F10010B597610D9573@JUPITER> How did you do it? Did you leave out the remote IPs in the /etc/pptpd.conf and place a * in place of the IP in /etc/ppp/chap-secrets eg. georgev * password * this will give the server no choice but allow the remote machine to assign itself it's own IP.. Maybe even add ipcp-accept-remote in the /etc/ppp/options.pptpd file.. should work coz I did get it working.. thanks, George Vieira -----Original Message----- From: Joey Coco [mailto:anesthes at cisdi.com] Sent: Wednesday, January 03, 2001 2:06 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Poptop w/ static IP. Anyone have any idea how to get poptop/pppd to give out static IP's based on hostname?? I tried having the remote end assign the IP, but the poptop server will either give out a dynamic IP, or make one up.. -- Joe _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From vgill at linus.yi.org Tue Jan 2 21:42:45 2001 From: vgill at linus.yi.org (Gill, Vern) Date: Tue, 2 Jan 2001 19:42:45 -0800 Subject: [pptp-server] Poptop w/ static IP. Message-ID: <8D043DEA73DFD411958A00A0C90AB7607B76@pptp.gillnet.org> Maybe you could try; username hostname password ip E.G. jcoco wkstn-1 secret xxx.xxx.xxx.xxx That SHOULD work.... -----Original Message----- From: George Vieira [mailto:GeorgeV at citadelcomputer.com.au] Sent: Tuesday, January 02, 2001 7:26 PM To: Joey Coco Cc: pptp-server at lists.schulte.org Subject: RE: [pptp-server] Poptop w/ static IP. How did you do it? Did you leave out the remote IPs in the /etc/pptpd.conf and place a * in place of the IP in /etc/ppp/chap-secrets eg. georgev * password * this will give the server no choice but allow the remote machine to assign itself it's own IP.. Maybe even add ipcp-accept-remote in the /etc/ppp/options.pptpd file.. should work coz I did get it working.. thanks, George Vieira -----Original Message----- From: Joey Coco [mailto:anesthes at cisdi.com] Sent: Wednesday, January 03, 2001 2:06 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Poptop w/ static IP. Anyone have any idea how to get poptop/pppd to give out static IP's based on hostname?? I tried having the remote end assign the IP, but the poptop server will either give out a dynamic IP, or make one up.. -- Joe _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From GeorgeV at citadelcomputer.com.au Tue Jan 2 22:26:55 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 3 Jan 2001 15:26:55 +1100 Subject: [pptp-server] Poptop w/ static IP. Message-ID: <200FAA488DE0D41194F10010B597610D9587@JUPITER> Oops yeah sorry, I'm used to using * as a workstation.. Another thing you can do is register the machine on a WINS server if there's one available. This way you can ping/telnet/map the machine on the PPTP tunnel by name as it registers itself to the WINS server and that way you don't need to know the IP address. I think samba can work as a WINS server but I don't know how to configure it. thanks, George Vieira -----Original Message----- From: Gill, Vern [mailto:vgill at linus.yi.org] Sent: Wednesday, January 03, 2001 2:43 PM To: pptp-server at lists.schulte.org Cc: Joey Coco Subject: RE: [pptp-server] Poptop w/ static IP. Maybe you could try; username hostname password ip E.G. jcoco wkstn-1 secret xxx.xxx.xxx.xxx That SHOULD work.... -----Original Message----- From: George Vieira [mailto:GeorgeV at citadelcomputer.com.au] Sent: Tuesday, January 02, 2001 7:26 PM To: Joey Coco Cc: pptp-server at lists.schulte.org Subject: RE: [pptp-server] Poptop w/ static IP. How did you do it? Did you leave out the remote IPs in the /etc/pptpd.conf and place a * in place of the IP in /etc/ppp/chap-secrets eg. georgev * password * this will give the server no choice but allow the remote machine to assign itself it's own IP.. Maybe even add ipcp-accept-remote in the /etc/ppp/options.pptpd file.. should work coz I did get it working.. thanks, George Vieira -----Original Message----- From: Joey Coco [mailto:anesthes at cisdi.com] Sent: Wednesday, January 03, 2001 2:06 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Poptop w/ static IP. Anyone have any idea how to get poptop/pppd to give out static IP's based on hostname?? I tried having the remote end assign the IP, but the poptop server will either give out a dynamic IP, or make one up.. -- Joe _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From phil at vibrationresearch.com Tue Jan 2 22:56:43 2001 From: phil at vibrationresearch.com (Philip Van Baren) Date: Tue, 2 Jan 2001 23:56:43 -0500 Subject: [pptp-server] Poptop w/ static IP. In-Reply-To: Message-ID: <000001c07541$91157340$56108318@bud> 4.2 How can I assign IP addresses based on user names? Configure PoPToP with the command: ./configure --with-pppd-ip-alloc Then build and install PoPToP as usual. List the IP addresses as the last parameter on each chap-secrets line. For example: tom * toms-pw 192.168.1.40 dick * dicks-pw 192.168.1.41 harry * harrys-pw 192.168.1.42 Will give tom the IP 192.168.1.40, dick .41, and harry .42. For more details, read: http://www.vibres.com/pptpd/pptpd-FAQ.txt http://www.vibres.com/pptpd/example.html > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Joey Coco > Sent: Tuesday, January 02, 2001 10:06 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Poptop w/ static IP. > > > > Anyone have any idea how to get poptop/pppd to give out static IP's based > on hostname?? > > I tried having the remote end assign the IP, but the poptop server will > either give out a dynamic IP, or make one up.. > > -- Joe > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From drjchris at yahoo.com Wed Jan 3 09:24:31 2001 From: drjchris at yahoo.com (Chris Carella) Date: Wed, 3 Jan 2001 07:24:31 -0800 (PST) Subject: [pptp-server] [pSAMBA Wins Server Message-ID: <20010103152431.70612.qmail@web9702.mail.yahoo.com> I have things set up and running perfectly and Samba is my WINS server... The only problem I am having is this... when machines on the local network come up for the first time, they broadcast themselves to the WINS server, and name resolution works fine... but if I then reboot the Samba server, it will show the machines in the browse list, but won't do resolution right... the only way to make reslution work again, is to reboot all the machines on the network.. not a very efficient thing when a network has over 15 computers... is there a way to fix this? Can I give SAMBA a list of static IP's for name resolution? Thanks Chris __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ From vgill at linus.yi.org Wed Jan 3 10:27:34 2001 From: vgill at linus.yi.org (Gill, Vern) Date: Wed, 3 Jan 2001 08:27:34 -0800 Subject: [pptp-server] Poptop w/ static IP. Message-ID: <8D043DEA73DFD411958A00A0C90AB7607B78@pptp.gillnet.org> That won't assign based on hostname, but on username. He want based on hostname... Need the Workstation field filled in for that, regardless of password or username. -----Original Message----- From: Philip Van Baren [mailto:phil at vibrationresearch.com] Sent: Tuesday, January 02, 2001 8:57 PM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] Poptop w/ static IP. 4.2 How can I assign IP addresses based on user names? Configure PoPToP with the command: ./configure --with-pppd-ip-alloc Then build and install PoPToP as usual. List the IP addresses as the last parameter on each chap-secrets line. For example: tom * toms-pw 192.168.1.40 dick * dicks-pw 192.168.1.41 harry * harrys-pw 192.168.1.42 Will give tom the IP 192.168.1.40, dick .41, and harry .42. For more details, read: http://www.vibres.com/pptpd/pptpd-FAQ.txt http://www.vibres.com/pptpd/example.html > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Joey Coco > Sent: Tuesday, January 02, 2001 10:06 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Poptop w/ static IP. > > > > Anyone have any idea how to get poptop/pppd to give out static IP's based > on hostname?? > > I tried having the remote end assign the IP, but the poptop server will > either give out a dynamic IP, or make one up.. > > -- Joe > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From Steve at SteveCowles.com Wed Jan 3 12:31:51 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 3 Jan 2001 12:31:51 -0600 Subject: [pptp-server] [pSAMBA Wins Server Message-ID: <90769AF04F76D41186C700A0C90AFC3EE5E7@defiant.infohiiway.com> > -----Original Message----- > From: Chris Carella [mailto:drjchris at yahoo.com] > Sent: Wednesday, January 03, 2001 9:25 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] [pSAMBA Wins Server > > > I have things set up and running perfectly and Samba is my WINS > server... The only problem I am having is this... when machines > on the local network come up for the first time, they broadcast > themselves to the WINS server, and name resolution works fine... > but if I then reboot the Samba server, it will show the machines > in the browse list, but won't do resolution right... the only > way to make reslution work again, is to reboot all the machines > on the network.. not a very efficient thing when a network has > over 15 computers... is there a way to fix this? Can I give > SAMBA a list of static IP's for name resolution? > > Thanks > Chris There is no need to reboot. All of your clients will eventually send a renewal (keep alive) to the WINS server. If you can't wait for the renewal process, then I would read about the "nbtstat" command line options. Specifically the -RR option. Type "nbtstat /?" at a DOS or Command prompt. Steve Cowles From giulioo at pobox.com Wed Jan 3 13:36:40 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Wed, 03 Jan 2001 20:36:40 +0100 Subject: [pptp-server] [pSAMBA Wins Server In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE5E7@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EE5E7@defiant.infohiiway.com> Message-ID: <20010103193728.AD74F1658C@i3.golden.dom> On Wed, 3 Jan 2001 12:31:51 -0600, you wrote: >> in the browse list, but won't do resolution right... the only >> way to make reslution work again, is to reboot all the machines >> on the network.. not a very efficient thing when a network has >There is no need to reboot. All of your clients will eventually send a >renewal (keep alive) to the WINS server. If you can't wait for the renewal Actually I have the same problem, even if it's unrelated to pptp. The win9x's seem to never refresh or to do it just once; or maybe it's samba that does not understand the way win9x machines refresh. I set up the samba "wins hook" to log all the wins stuff and this clearly shows in the log. I tried nbtstat -RR but it does not send a refresh, it seems it just purges the local win9x cache, so that the samba wins db is unaffected. Do your win9x clients regularly refresh with samba? -- giulioo at pobox.com From djm at wiz.net.au Wed Jan 3 14:46:04 2001 From: djm at wiz.net.au (David Moylan) Date: Thu, 4 Jan 2001 07:46:04 +1100 Subject: [pptp-server] [pSAMBA Wins Server References: <20010103152431.70612.qmail@web9702.mail.yahoo.com> Message-ID: <002401c075c6$31829630$1464a8c0@dmoylan> > in the browse list, but won't do resolution right... the only > way to make reslution work again, is to reboot all the machines > on the network.. not a very efficient thing when a network has > over 15 computers... is there a way to fix this? Can I give > SAMBA a list of static IP's for name resolution? you need to make samba cause an election on startup. ensure you have these lines in your smb.conf local master=yes os level=65 preferred master=yes this will help for local LAN machines, but not over a WAN do you have multiple LANs connected? or just individual machines connecting in? this is all caused because nmbd erases the "browse.dat" file when it starts. i wonder if there is a command to prevent this from occuring. i haven't gone looking for it myself. cheers, Wiz!! From bcearth at enpia.net Wed Jan 3 22:58:47 2001 From: bcearth at enpia.net (=?ks_c_5601-1987?B?wMy787Dm?=) Date: Thu, 4 Jan 2001 13:58:47 +0900 Subject: [pptp-server] =?ks_c_5601-1987?B?wMy787Dm?= Message-ID: <005601c0760b$05cfdbc0$2efea8c0@enpia.net> Hello, I have read PoPToP-RedHat-HOWTO at http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt. But i have 2.2.14.-5.0 kernel, therfore I don't know how do i install ppp with MSCHAPv2/MPPE Please, Inform me how do i support MPPE for PPTP server bye -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Wed Jan 3 23:44:44 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 4 Jan 2001 16:44:44 +1100 Subject: [pptp-server] ??? Message-ID: <200FAA488DE0D41194F10010B597610D960F@JUPITER> You should upgrade to 2.2.17 or 18 anyway as there is a major exploit for kernels < 2.2.17... It's not that hard to upgrade the kernel, just download the source and away you go.. thanks, George Vieira -----Original Message----- From: bcearth at enpia.net [mailto:bcearth at enpia.net] Sent: Thursday, January 04, 2001 3:59 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] ??? Hello, I have read PoPToP-RedHat-HOWTO at http://poptop.lineo.com/releases/PoPToP- RedHat-HOWTO.txt . But i have 2.2.14.-5.0 kernel, therfore I don't know how do i install ppp with MSCHAPv2/MPPE Please, Inform me how do i support MPPE for PPTP server bye From amith.varghese at tallan.com Thu Jan 4 00:41:41 2001 From: amith.varghese at tallan.com (Varghese, Amith) Date: Thu, 4 Jan 2001 01:41:41 -0500 Subject: [pptp-server] poptop and win2k client... Message-ID: <7917C9BA5323D3118091009027856EA901D9581A@exchange.tallan.com> I'm having some problems getting my VPN set up with poptop. sometimes i can connect and sometimes i can't. here is my information: I'm running poptop on a red hat 6.1 machine with the kernel version 2.2.18. I'm running poptop version 1.1.2 and pppd version 2.3.11. My internal IP of the VPN server is 192.168.4.244 and i have a network mask of 255.255.254.0 (to reach the 192.168.5.x subnet does not require me to go through a router). The pool of available address that i have to give out to clients is 192.168.5.230-240. I followed the configuration details in http://www.vibrationresearch.com/pptpd/example.html and got everything up and running. However, when I try to connect from my ISP (outside the network), I can only connect intermittently. At the bottom of my message is my debug log. When I try to connect (and when it fails) I get errors that can be found in debug log #1. However if I keep trying, eventually I will connect. However, then I start getting errors in debug log #2. Once I do connect, however, I can not ping anything except for the IP that the VPN server gave me. I'm not sure if this has anything to do with the fact that my VPN server is on a different subnet then my client IP pool. Also, one of the other things about my setup is that the public IP address that I connect to from my ISP is actually an address that a PIX firewall NATs to my internal machine (the PIX allows everything through- including GRE and any needed PPTP control packets). I am attaching all of my relevant configuration files. Any help would be appreciated. Thanks Amith ############################################################################ ########## route on VPN server Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.4.244 * 255.255.255.255 UH 0 0 eth0 192.168.4.0 * 255.255.254.0 U 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 lo default 192.168.4.1 0.0.0.0 UG 0 0 eth0 ############################################################################ ########## /etc/conf.modules alias tty-ldisc-3 ppp_async alias char-major-108 off alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate ############################################################################ ########## /etc/pptpd.conf debug localip 192.168.4.244 remoteip 192.168.5.230-240 ############################################################################ ########## /etc/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses vpnclient1 gateway secret 192.168.5.230 vpnclient2 gateway secret 192.168.5.231 vpnclient3 gateway secret 192.168.5.232 vpnclient4 gateway secret 192.168.5.233 vpnclient5 gateway secret 192.168.5.234 vpnclient6 gateway secret 192.168.5.235 vpnclient7 gateway secret 192.168.5.236 vpnclient8 gateway secret 192.168.5.237 vpnclient9 gateway secret 192.168.5.238 vpnclient10 gateway secret 192.168.5.239 vpnclient11 gateway secret 192.168.5.240 ############################################################################ ########## /etc/ppp/options debug name gateway mtu 1450 mru 1450 auth require-chap +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ms-dns 192.168.2.251 ms-dns 192.168.2.252 ms-wins 192.168.2.251 ms-wins 192.168.2.252 proxyarp 192.168.4.244: ############################################################################ ########## route print on w2k client after connecting to vpn. I removed my public IP address of the pptp server =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x1000003 ...00 b0 d0 59 ea 2e ...... 3Com EtherLink PCI 0x1000004 ...00 10 a4 c2 eb c7 ...... Xircom CardBus Ethernet 10/100 Adapter 0xe000005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface 0xf000006 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.5.230 192.168.5.230 1 0.0.0.0 0.0.0.0 216.67.70.108 216.67.70.108 2 255.255.255.255 216.67.70.108 216.67.70.108 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.4.244 255.255.255.255 192.168.5.230 192.168.5.230 1 192.168.5.230 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.5.255 255.255.255.255 192.168.5.230 192.168.5.230 1 216.67.11.1 255.255.255.255 216.67.70.108 216.67.70.108 1 216.67.70.108 255.255.255.255 127.0.0.1 127.0.0.1 1 216.67.70.255 255.255.255.255 216.67.70.108 216.67.70.108 1 224.0.0.0 224.0.0.0 192.168.5.230 192.168.5.230 1 224.0.0.0 224.0.0.0 216.67.70.108 216.67.70.108 1 255.255.255.255 255.255.255.255 192.168.5.230 1000003 1 Default Gateway: 192.168.5.230 =========================================================================== Persistent Routes: None ############################################################################ ########## Debug Log #1 Jan 4 02:04:42 localhost kernel: PPP line discipline registered. Jan 4 02:04:42 localhost kernel: PPP MPPE compression module registered Jan 4 02:04:42 localhost kernel: PPP BSD Compression module registered Jan 4 02:04:42 localhost kernel: PPP Deflate Compression module registered Jan 4 02:04:59 localhost PAM_pwdb[603]: (login) session opened for user root by LOGIN(uid=0) Jan 4 02:05:27 localhost pptpd[626]: CTRL: Client 216.67.70.108 control connection started Jan 4 02:05:29 localhost pptpd[626]: CTRL: Starting call (launching pppd, opening GRE) Jan 4 02:05:29 localhost kernel: registered device ppp0 Jan 4 02:05:29 localhost pppd[627]: pppd 2.3.11 started by root, uid 0 Jan 4 02:05:29 localhost pppd[627]: Using interface ppp0 Jan 4 02:05:29 localhost pppd[627]: Connect: ppp0 <--> /dev/pts/0 Jan 4 02:05:29 localhost pptpd[626]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jan 4 02:05:29 localhost pppd[627]: MSCHAP-v2 peer authentication succeeded for vpnclient1 Jan 4 02:05:29 localhost pppd[627]: found interface eth0 for proxy arp Jan 4 02:05:29 localhost pppd[627]: local IP address 192.168.4.244 Jan 4 02:05:29 localhost pppd[627]: remote IP address 192.168.5.230 Jan 4 02:05:35 localhost pppd[627]: MPPE 128 bit, stateless compression enabled Jan 4 02:05:36 localhost pppd[627]: MPPE 128 bit, stateless compression enabled Jan 4 02:05:50 localhost pptpd[626]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jan 4 02:05:50 localhost pppd[627]: LCP terminated by peer (C!~.^@ /dev/pts/0 Jan 4 02:20:41 localhost pptpd[639]: Buffering out-of-order packet; got 1 after 4294967295 Jan 4 02:20:41 localhost pptpd[639]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jan 4 02:20:41 localhost pppd[640]: MSCHAP-v2 peer authentication succeeded for vpnclient1 Jan 4 02:20:41 localhost pptpd[639]: Buffering out-of-order packet; got 9 after 7 Jan 4 02:20:41 localhost pppd[640]: found interface eth0 for proxy arp Jan 4 02:20:41 localhost pppd[640]: local IP address 192.168.4.244 Jan 4 02:20:41 localhost pppd[640]: remote IP address 192.168.5.230 Jan 4 02:20:48 localhost pppd[640]: MPPE 128 bit, stateless compression enabled Jan 4 02:20:49 localhost pppd[640]: Unsupported protocol 0x3017 received Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0x409b received Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0xf243 received Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0xa04d received Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0xecc8 received Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0x6590 received Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0x11a2 received Jan 4 02:20:52 localhost pppd[640]: MPPE 128 bit, stateless compression enabled Jan 4 02:22:00 localhost pptpd[639]: Buffering out-of-order packet; got 103 after 101 Jan 4 02:23:18 localhost pptpd[639]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jan 4 02:23:18 localhost pppd[640]: LCP terminated by peer (^]M-(w[^@ Message-ID: <015d01c0762b$04d4f370$a07fa8c0@asitatech.ie> Just curious what are the major exploits/vulnerabilities that exist in kernels < 2.2.17 or where I can get info on this? Regards, Jarlath. ----- Original Message ----- From: "George Vieira" To: "???" ; Sent: Thursday, January 04, 2001 5:44 AM Subject: RE: [pptp-server] ??? > You should upgrade to 2.2.17 or 18 anyway as there is a major exploit for > kernels < 2.2.17... > > It's not that hard to upgrade the kernel, just download the source and away > you go.. > > > > thanks, > George Vieira > > > > -----Original Message----- > From: bcearth at enpia.net [mailto:bcearth at enpia.net] > Sent: Thursday, January 04, 2001 3:59 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] ??? > > > > Hello, > > I have read PoPToP-RedHat-HOWTO at http://poptop.lineo.com/releases/PoPToP- > RedHat-HOWTO.txt > . > But i have 2.2.14.-5.0 kernel, therfore I don't know how do i install ppp > with MSCHAPv2/MPPE > > > > Please, Inform me how do i support MPPE for PPTP server > > bye > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From matthew.keay at Phones4u.co.uk Thu Jan 4 04:09:36 2001 From: matthew.keay at Phones4u.co.uk (matthew.keay at Phones4u.co.uk) Date: Thu, 4 Jan 2001 10:09:36 -0000 Subject: [pptp-server] PPTP server authentication Message-ID: <74326A051EAFD411AE8600508B3029A395B60F@WASHINGTON> Is there any way using the pptp server i can use the logins on the linux box? Or use encrypted passwords? There is no way i could use /etc/ppp/chap-secrets in the standard manner. :-\ Regards Matthew Keay -------------- next part -------------- An HTML attachment was scrubbed... URL: From djm at wiz.net.au Thu Jan 4 05:12:19 2001 From: djm at wiz.net.au (David Moylan) Date: Thu, 4 Jan 2001 22:12:19 +1100 Subject: [pptp-server] poptop and win2k client... References: <7917C9BA5323D3118091009027856EA901D9581A@exchange.tallan.com> Message-ID: <005401c0763f$35a92a70$1464a8c0@dmoylan> i would be getting the GRE patched version of traceroute and tracing from the client to the server. the PIX firewall may not be letting GRE through. having NAT upstream doesn't help things at all either. cheers, Wiz!! ----- Original Message ----- From: "Varghese, Amith" To: Sent: Thursday, January 04, 2001 5:41 PM Subject: [pptp-server] poptop and win2k client... > I'm having some problems getting my VPN set up with poptop. sometimes i can > connect and sometimes i can't. here is my information: > > I'm running poptop on a red hat 6.1 machine with the kernel version 2.2.18. > I'm running poptop version 1.1.2 and pppd version 2.3.11. My internal IP of > the VPN server is 192.168.4.244 and i have a network mask of 255.255.254.0 > (to reach the 192.168.5.x subnet does not require me to go through a > router). The pool of available address that i have to give out to clients > is 192.168.5.230-240. I followed the configuration details in > http://www.vibrationresearch.com/pptpd/example.html and got everything up > and running. However, when I try to connect from my ISP (outside the > network), I can only connect intermittently. At the bottom of my message is > my debug log. When I try to connect (and when it fails) I get errors that > can be found in debug log #1. However if I keep trying, eventually I will > connect. However, then I start getting errors in debug log #2. Once I do > connect, however, I can not ping anything except for the IP that the VPN > server gave me. I'm not sure if this has anything to do with the fact that > my VPN server is on a different subnet then my client IP pool. Also, one of > the other things about my setup is that the public IP address that I connect > to from my ISP is actually an address that a PIX firewall NATs to my > internal machine (the PIX allows everything through- including GRE and any > needed PPTP control packets). I am attaching all of my relevant > configuration files. Any help would be appreciated. > > Thanks > Amith > > ############################################################################ > ########## > route on VPN server > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 192.168.4.244 * 255.255.255.255 UH 0 0 eth0 > 192.168.4.0 * 255.255.254.0 U 0 0 > eth0 > 127.0.0.0 * 255.0.0.0 U 0 0 > lo > default 192.168.4.1 0.0.0.0 UG 0 0 > eth0 > > > ############################################################################ > ########## > /etc/conf.modules > > alias tty-ldisc-3 ppp_async > alias char-major-108 off > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > > > ############################################################################ > ########## > /etc/pptpd.conf > > debug > localip 192.168.4.244 > remoteip 192.168.5.230-240 > > ############################################################################ > ########## > /etc/chap-secrets > > # Secrets for authentication using CHAP > # client server secret IP addresses > vpnclient1 gateway secret 192.168.5.230 > vpnclient2 gateway secret 192.168.5.231 > vpnclient3 gateway secret 192.168.5.232 > vpnclient4 gateway secret 192.168.5.233 > vpnclient5 gateway secret 192.168.5.234 > vpnclient6 gateway secret 192.168.5.235 > vpnclient7 gateway secret 192.168.5.236 > vpnclient8 gateway secret 192.168.5.237 > vpnclient9 gateway secret 192.168.5.238 > vpnclient10 gateway secret 192.168.5.239 > vpnclient11 gateway secret 192.168.5.240 > > > ############################################################################ > ########## > /etc/ppp/options > > debug > name gateway > mtu 1450 > mru 1450 > auth > require-chap > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > ms-dns 192.168.2.251 > ms-dns 192.168.2.252 > ms-wins 192.168.2.251 > ms-wins 192.168.2.252 > proxyarp > 192.168.4.244: > > > ############################################################################ > ########## > route print on w2k client after connecting to vpn. I removed my public IP > address of the pptp server > > =========================================================================== > Interface List > 0x1 ........................... MS TCP Loopback interface > 0x1000003 ...00 b0 d0 59 ea 2e ...... 3Com EtherLink PCI > 0x1000004 ...00 10 a4 c2 eb c7 ...... Xircom CardBus Ethernet 10/100 Adapter > 0xe000005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface > 0xf000006 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface > =========================================================================== > =========================================================================== > Active Routes: > Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 192.168.5.230 192.168.5.230 1 > 0.0.0.0 0.0.0.0 216.67.70.108 216.67.70.108 2 > 255.255.255.255 216.67.70.108 216.67.70.108 > 1 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 192.168.4.244 255.255.255.255 192.168.5.230 192.168.5.230 1 > 192.168.5.230 255.255.255.255 127.0.0.1 127.0.0.1 1 > 192.168.5.255 255.255.255.255 192.168.5.230 192.168.5.230 1 > 216.67.11.1 255.255.255.255 216.67.70.108 216.67.70.108 1 > 216.67.70.108 255.255.255.255 127.0.0.1 127.0.0.1 1 > 216.67.70.255 255.255.255.255 216.67.70.108 216.67.70.108 1 > 224.0.0.0 224.0.0.0 192.168.5.230 192.168.5.230 1 > 224.0.0.0 224.0.0.0 216.67.70.108 216.67.70.108 1 > 255.255.255.255 255.255.255.255 192.168.5.230 1000003 1 > Default Gateway: 192.168.5.230 > =========================================================================== > Persistent Routes: > None > > > ############################################################################ > ########## > Debug Log #1 > > Jan 4 02:04:42 localhost kernel: PPP line discipline registered. > Jan 4 02:04:42 localhost kernel: PPP MPPE compression module registered > Jan 4 02:04:42 localhost kernel: PPP BSD Compression module registered > Jan 4 02:04:42 localhost kernel: PPP Deflate Compression module registered > Jan 4 02:04:59 localhost PAM_pwdb[603]: (login) session opened for user > root by LOGIN(uid=0) > Jan 4 02:05:27 localhost pptpd[626]: CTRL: Client 216.67.70.108 control > connection started > Jan 4 02:05:29 localhost pptpd[626]: CTRL: Starting call (launching pppd, > opening GRE) > Jan 4 02:05:29 localhost kernel: registered device ppp0 > Jan 4 02:05:29 localhost pppd[627]: pppd 2.3.11 started by root, uid 0 > Jan 4 02:05:29 localhost pppd[627]: Using interface ppp0 > Jan 4 02:05:29 localhost pppd[627]: Connect: ppp0 <--> /dev/pts/0 > Jan 4 02:05:29 localhost pptpd[626]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jan 4 02:05:29 localhost pppd[627]: MSCHAP-v2 peer authentication succeeded > for vpnclient1 > Jan 4 02:05:29 localhost pppd[627]: found interface eth0 for proxy arp > Jan 4 02:05:29 localhost pppd[627]: local IP address 192.168.4.244 > Jan 4 02:05:29 localhost pppd[627]: remote IP address 192.168.5.230 > Jan 4 02:05:35 localhost pppd[627]: MPPE 128 bit, stateless compression > enabled > Jan 4 02:05:36 localhost pppd[627]: MPPE 128 bit, stateless compression > enabled > Jan 4 02:05:50 localhost pptpd[626]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jan 4 02:05:50 localhost pppd[627]: LCP terminated by peer > (C!~.^@ Jan 4 02:05:50 localhost pppd[627]: Modem hangup > Jan 4 02:05:50 localhost pppd[627]: Connection terminated. > Jan 4 02:05:50 localhost pppd[627]: Connect time 0.4 minutes. > Jan 4 02:05:50 localhost pppd[627]: Sent 867 bytes, received 9984 bytes. > Jan 4 02:05:50 localhost pppd[627]: Exit. > Jan 4 02:05:50 localhost pptpd[626]: GRE: read error: Bad file descriptor > Jan 4 02:05:50 localhost pptpd[626]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Jan 4 02:05:50 localhost pptpd[626]: CTRL: Client 216.67.70.108 control > connection finished > > > ############################################################################ > ########## > Debug Log #2 > > Jan 4 02:20:40 localhost pptpd[639]: CTRL: Client 216.67.70.108 control > connection started > Jan 4 02:20:40 localhost pptpd[639]: CTRL: Starting call (launching pppd, > opening GRE) > Jan 4 02:20:40 localhost pppd[640]: pppd 2.3.11 started by root, uid 0 > Jan 4 02:20:40 localhost pppd[640]: Using interface ppp0 > Jan 4 02:20:40 localhost pppd[640]: Connect: ppp0 <--> /dev/pts/0 > Jan 4 02:20:41 localhost pptpd[639]: Buffering out-of-order packet; got 1 > after 4294967295 > Jan 4 02:20:41 localhost pptpd[639]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jan 4 02:20:41 localhost pppd[640]: MSCHAP-v2 peer authentication succeeded > for vpnclient1 > Jan 4 02:20:41 localhost pptpd[639]: Buffering out-of-order packet; got 9 > after 7 > Jan 4 02:20:41 localhost pppd[640]: found interface eth0 for proxy arp > Jan 4 02:20:41 localhost pppd[640]: local IP address 192.168.4.244 > Jan 4 02:20:41 localhost pppd[640]: remote IP address 192.168.5.230 > Jan 4 02:20:48 localhost pppd[640]: MPPE 128 bit, stateless compression > enabled > Jan 4 02:20:49 localhost pppd[640]: Unsupported protocol 0x3017 received > Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0x409b received > Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0xf243 received > Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0xa04d received > Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0xecc8 received > Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0x6590 received > Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0x11a2 received > Jan 4 02:20:52 localhost pppd[640]: MPPE 128 bit, stateless compression > enabled > Jan 4 02:22:00 localhost pptpd[639]: Buffering out-of-order packet; got 103 > after 101 > Jan 4 02:23:18 localhost pptpd[639]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jan 4 02:23:18 localhost pppd[640]: LCP terminated by peer > (^]M-(w[^@ Jan 4 02:23:18 localhost pppd[640]: Modem hangup > Jan 4 02:23:18 localhost pppd[640]: Connection terminated. > Jan 4 02:23:18 localhost pppd[640]: Connect time 2.7 minutes. > Jan 4 02:23:18 localhost pppd[640]: Sent 1743 bytes, received 13495 bytes. > Jan 4 02:23:18 localhost pppd[640]: Exit. > Jan 4 02:23:18 localhost pptpd[639]: GRE: read error: Bad file descriptor > Jan 4 02:23:18 localhost pptpd[639]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Jan 4 02:23:18 localhost pptpd[639]: CTRL: Client 216.67.70.108 control > connection finished > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From neale at lowendale.com.au Thu Jan 4 05:33:29 2001 From: neale at lowendale.com.au (Neale Banks) Date: Thu, 4 Jan 2001 22:33:29 +1100 (EST) Subject: [pptp-server] ??? In-Reply-To: <015d01c0762b$04d4f370$a07fa8c0@asitatech.ie> Message-ID: Perhaps that should be kernels < 2.2.16? See: http://www.linux.org.uk/VRSION/relnotes.2216.html http://www.linux.org.uk/VRSION/relnotes.2217.html HTH, Neale. On Thu, 4 Jan 2001, Jarlath Burke wrote: > Just curious what are the major exploits/vulnerabilities that exist in > kernels < 2.2.17 or where I can get info on this? > Regards, > Jarlath. > > ----- Original Message ----- > From: "George Vieira" > To: "???" ; > Sent: Thursday, January 04, 2001 5:44 AM > Subject: RE: [pptp-server] ??? > > > > You should upgrade to 2.2.17 or 18 anyway as there is a major exploit for > > kernels < 2.2.17... > > > > It's not that hard to upgrade the kernel, just download the source and > away > > you go.. > > > > > > > > thanks, > > George Vieira From jburke at asitatech.ie Thu Jan 4 05:25:35 2001 From: jburke at asitatech.ie (Jarlath Burke) Date: Thu, 4 Jan 2001 11:25:35 -0000 Subject: [pptp-server] ??? References: Message-ID: <018e01c07641$0eaf86b0$a07fa8c0@asitatech.ie> Thanks Neale, I agree, perhaps it should be < 2.2.16 BTW, the correct URL's are http://www.linux.org.uk/VERSION/relnotes.2216.html http://www.linux.org.uk/VERSION/relnotes.2217.html Jarlath ----- Original Message ----- From: "Neale Banks" To: "Jarlath Burke" Cc: Sent: Thursday, January 04, 2001 11:33 AM Subject: Re: [pptp-server] ??? > > Perhaps that should be kernels < 2.2.16? See: > > http://www.linux.org.uk/VRSION/relnotes.2216.html > http://www.linux.org.uk/VRSION/relnotes.2217.html > > HTH, > Neale. > > On Thu, 4 Jan 2001, Jarlath Burke wrote: > > > Just curious what are the major exploits/vulnerabilities that exist in > > kernels < 2.2.17 or where I can get info on this? > > Regards, > > Jarlath. > > > > ----- Original Message ----- > > From: "George Vieira" > > To: "???" ; > > Sent: Thursday, January 04, 2001 5:44 AM > > Subject: RE: [pptp-server] ??? > > > > > > > You should upgrade to 2.2.17 or 18 anyway as there is a major exploit for > > > kernels < 2.2.17... > > > > > > It's not that hard to upgrade the kernel, just download the source and > > away > > > you go.. > > > > > > > > > > > > thanks, > > > George Vieira > From amith.varghese at tallan.com Thu Jan 4 10:11:17 2001 From: amith.varghese at tallan.com (Varghese, Amith) Date: Thu, 4 Jan 2001 11:11:17 -0500 Subject: [pptp-server] poptop and win2k client... Message-ID: <7917C9BA5323D3118091009027856EA901D95826@exchange.tallan.com> Jerry: Thanks for your help. All of my comments will be shown by ++ next to the text -----Original Message----- From: Jerry Vonau Sent: Thursday, January 04, 2001 10:13 AM To: Varghese, Amith Subject: Re: [pptp-server] poptop and win2k client... Amith: >> I'll deal with the local access issues, I'm not total sure about the other issues. I'm having some problems getting my VPN set up with poptop. sometimes i can connect and sometimes i can't. here is my information: I'm running poptop on a red hat 6.1 machine with the kernel version 2.2.18. I'm running poptop version 1.1.2 and pppd version 2.3.11. My internal IP of the VPN server is 192.168.4.244 and i have a network mask of 255.255.254.0 (to reach the 192.168.5.x subnet does not require me to go through a router). >> How does it reach it, muti-networks on the same wire?? >> Can you ping 192.168.5.x from the pptp server? >> If you can't, add a route for it ++ From the pptp server I can ping addresses on 192.168.5.x. ++ In fact if I do a traceroute to 192.168.5.221, I get ++ 1 192.168.5.221 (192.168.5.221) 0.664ms 0.319ms 0.293ms ++ I know its strange, but thats the way our IT has set it up. ++ The default gateway of the anything on 192.168.4.x and 192.168.5.x ++ is 192.168.4.1 The pool of available address that i have to give out to clients is 192.168.5.230-240. I followed the configuration details in http://www.vibrationresearch.com/pptpd/example.html and got everything up and running. However, when I try to connect from my ISP (outside the network), I can only connect intermittently. At the bottom of my message is my debug log. When I try to connect (and when it fails) I get errors that can be found in debug log #1. However if I keep trying, eventually I will connect. However, then I start getting errors in debug log #2. Once I do connect, however, I can not ping anything except for the IP that the VPN server gave me. I'm not sure if this has anything to do with the fact that my VPN server is on a different subnet then my client IP pool. >> yes, may be an ipchains and/or arp issue >> What are your ipchain rules? >> Most problems are caused by them. >> proxyarp works but only for the local lan. 192.168.4.x >> Could you do a arp -an >> Could you do a cat /proc/sys/net/ipv4/conf/eth0/proxy_arp >> Could you do a cat /proc/sys/net/ipv4/conf/all/proxy_arp >> and tell me the output >> A small drawing of your layout can help to understand your network. >>eth0=192.168.4.244 goes to PIX firewall ?? >>eth1=192.168.5.x goes to LAN ?? ++ /sbin/ipchains -P forward DENY ++ /sbin/ipchains -P output DENY ++ /sbin/ipchains -P input DENY ++ ++ /sbin/ipchains -A input -i eth0 -s 192.168.1.0/255.255.252.0 -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -s 192.168.4.0/255.255.254.0 -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -p TCP -d 0.0.0.0/0 22 -j ACCEPT ++ /sbin/ipchains -A input -i lo -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -p TCP ! -y -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -s 172.16.0.0/255.255.0.0 -j ACCEPT ++ /sbin/ipchains -A output -i eth0 -s 192.168.1.0/255.255.252.0 -d 0.0.0.0/0 -j ACCEPT ++ /sbin/ipchains -A output -i eth0 -s 192.168.4.0/255.255.254.0 -d 0.0.0.0/0 -j ACCEPT ++ /sbin/ipchains -A output -i lo -j ACCEPT ++ /sbin/ipchains -A forward -i eth0 -s 192.168.5.230/255.255.255.240 -j MASQ ++ ++ # VPN stuff ++ /sbin/ipchains -A input -i eth0 -p udp -d 192.168.4.244/255.255.255.255 500 -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -p 50 -d 192.168.4.244/255.255.255.255 -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -p tcp -d 192.168.4.244/255.255.255.255 1723 -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -p 47 -d 192.168.4.244/255.255.255.255 -j ACCEPT ++ arp -an ++ ? (192.168.4.247) at 00:B0:D0:59:EA:2E [ether] on eth0 ++ why is 4.247 here and not 4.244? That seems strange ++ cat /proc/sys/net/ipv4/conf/eth0/proxy_arp ++ 0 ++ cat /proc/sys/net/ipv4/conf/all/proxy_arp ++ 0 ++ 192.168.4.244 is the pptp server and goes to the gateway which is 192.168.4.1. ++ To reach a machine on 192.168.5.x from the 4.x network it doesn't have to goto ++ the router. The gateway machine is a cisco router. I don't know offhand what ++ ----------------- -------------- ---------------------- ++ | 192.168.4.244 | ---- | 192.168.4.1 | -------- | Internal IP of PIX | ++ ----------------- -------------- ---------------------- ++ pptp server router ++ there is a DMZ zone on the pix (don't know what the IP is either) ++ and then there is an outside address of the pix which is connected to the internet Also, one of the other things about my setup is that the public IP address that I connect to from my ISP is actually an address that a PIX firewall NATs to my internal machine (the PIX allows everything through- including GRE and any needed PPTP control packets). I am attaching all of my relevant configuration files. Any help would be appreciated. ++ Please let me know if there is any additional information you need Thanks Amith >>Jerry Vonau From amith.varghese at tallan.com Thu Jan 4 10:16:21 2001 From: amith.varghese at tallan.com (Varghese, Amith) Date: Thu, 4 Jan 2001 11:16:21 -0500 Subject: [pptp-server] poptop and win2k client... Message-ID: <7917C9BA5323D3118091009027856EA901D95827@exchange.tallan.com> Is there a version for win2k? i have cygwin and i managed to get traceroute to compile on the win2k machine (by fudging some of the code). However it doesn't seem to work at all. any ideas? thanks amith -----Original Message----- From: David Moylan Sent: Thursday, January 04, 2001 6:12 AM To: Varghese, Amith; pptp-server at lists.schulte.org Subject: Re: [pptp-server] poptop and win2k client... i would be getting the GRE patched version of traceroute and tracing from the client to the server. the PIX firewall may not be letting GRE through. having NAT upstream doesn't help things at all either. cheers, Wiz!! ----- Original Message ----- From: "Varghese, Amith" To: Sent: Thursday, January 04, 2001 5:41 PM Subject: [pptp-server] poptop and win2k client... > I'm having some problems getting my VPN set up with poptop. sometimes i can > connect and sometimes i can't. here is my information: > > I'm running poptop on a red hat 6.1 machine with the kernel version 2.2.18. > I'm running poptop version 1.1.2 and pppd version 2.3.11. My internal IP of > the VPN server is 192.168.4.244 and i have a network mask of 255.255.254.0 > (to reach the 192.168.5.x subnet does not require me to go through a > router). The pool of available address that i have to give out to clients > is 192.168.5.230-240. I followed the configuration details in > http://www.vibrationresearch.com/pptpd/example.html and got everything up > and running. However, when I try to connect from my ISP (outside the > network), I can only connect intermittently. At the bottom of my message is > my debug log. When I try to connect (and when it fails) I get errors that > can be found in debug log #1. However if I keep trying, eventually I will > connect. However, then I start getting errors in debug log #2. Once I do > connect, however, I can not ping anything except for the IP that the VPN > server gave me. I'm not sure if this has anything to do with the fact that > my VPN server is on a different subnet then my client IP pool. Also, one of > the other things about my setup is that the public IP address that I connect > to from my ISP is actually an address that a PIX firewall NATs to my > internal machine (the PIX allows everything through- including GRE and any > needed PPTP control packets). I am attaching all of my relevant > configuration files. Any help would be appreciated. > > Thanks > Amith > > ############################################################################ > ########## > route on VPN server > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 192.168.4.244 * 255.255.255.255 UH 0 0 eth0 > 192.168.4.0 * 255.255.254.0 U 0 0 > eth0 > 127.0.0.0 * 255.0.0.0 U 0 0 > lo > default 192.168.4.1 0.0.0.0 UG 0 0 > eth0 > > > ############################################################################ > ########## > /etc/conf.modules > > alias tty-ldisc-3 ppp_async > alias char-major-108 off > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > > > ############################################################################ > ########## > /etc/pptpd.conf > > debug > localip 192.168.4.244 > remoteip 192.168.5.230-240 > > ############################################################################ > ########## > /etc/chap-secrets > > # Secrets for authentication using CHAP > # client server secret IP addresses > vpnclient1 gateway secret 192.168.5.230 > vpnclient2 gateway secret 192.168.5.231 > vpnclient3 gateway secret 192.168.5.232 > vpnclient4 gateway secret 192.168.5.233 > vpnclient5 gateway secret 192.168.5.234 > vpnclient6 gateway secret 192.168.5.235 > vpnclient7 gateway secret 192.168.5.236 > vpnclient8 gateway secret 192.168.5.237 > vpnclient9 gateway secret 192.168.5.238 > vpnclient10 gateway secret 192.168.5.239 > vpnclient11 gateway secret 192.168.5.240 > > > ############################################################################ > ########## > /etc/ppp/options > > debug > name gateway > mtu 1450 > mru 1450 > auth > require-chap > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > ms-dns 192.168.2.251 > ms-dns 192.168.2.252 > ms-wins 192.168.2.251 > ms-wins 192.168.2.252 > proxyarp > 192.168.4.244: > > > ############################################################################ > ########## > route print on w2k client after connecting to vpn. I removed my public IP > address of the pptp server > > =========================================================================== > Interface List > 0x1 ........................... MS TCP Loopback interface > 0x1000003 ...00 b0 d0 59 ea 2e ...... 3Com EtherLink PCI > 0x1000004 ...00 10 a4 c2 eb c7 ...... Xircom CardBus Ethernet 10/100 Adapter > 0xe000005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface > 0xf000006 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface > =========================================================================== > =========================================================================== > Active Routes: > Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 192.168.5.230 192.168.5.230 1 > 0.0.0.0 0.0.0.0 216.67.70.108 216.67.70.108 2 > 255.255.255.255 216.67.70.108 216.67.70.108 > 1 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 192.168.4.244 255.255.255.255 192.168.5.230 192.168.5.230 1 > 192.168.5.230 255.255.255.255 127.0.0.1 127.0.0.1 1 > 192.168.5.255 255.255.255.255 192.168.5.230 192.168.5.230 1 > 216.67.11.1 255.255.255.255 216.67.70.108 216.67.70.108 1 > 216.67.70.108 255.255.255.255 127.0.0.1 127.0.0.1 1 > 216.67.70.255 255.255.255.255 216.67.70.108 216.67.70.108 1 > 224.0.0.0 224.0.0.0 192.168.5.230 192.168.5.230 1 > 224.0.0.0 224.0.0.0 216.67.70.108 216.67.70.108 1 > 255.255.255.255 255.255.255.255 192.168.5.230 1000003 1 > Default Gateway: 192.168.5.230 > =========================================================================== > Persistent Routes: > None > > > ############################################################################ > ########## > Debug Log #1 > > Jan 4 02:04:42 localhost kernel: PPP line discipline registered. > Jan 4 02:04:42 localhost kernel: PPP MPPE compression module registered > Jan 4 02:04:42 localhost kernel: PPP BSD Compression module registered > Jan 4 02:04:42 localhost kernel: PPP Deflate Compression module registered > Jan 4 02:04:59 localhost PAM_pwdb[603]: (login) session opened for user > root by LOGIN(uid=0) > Jan 4 02:05:27 localhost pptpd[626]: CTRL: Client 216.67.70.108 control > connection started > Jan 4 02:05:29 localhost pptpd[626]: CTRL: Starting call (launching pppd, > opening GRE) > Jan 4 02:05:29 localhost kernel: registered device ppp0 > Jan 4 02:05:29 localhost pppd[627]: pppd 2.3.11 started by root, uid 0 > Jan 4 02:05:29 localhost pppd[627]: Using interface ppp0 > Jan 4 02:05:29 localhost pppd[627]: Connect: ppp0 <--> /dev/pts/0 > Jan 4 02:05:29 localhost pptpd[626]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jan 4 02:05:29 localhost pppd[627]: MSCHAP-v2 peer authentication succeeded > for vpnclient1 > Jan 4 02:05:29 localhost pppd[627]: found interface eth0 for proxy arp > Jan 4 02:05:29 localhost pppd[627]: local IP address 192.168.4.244 > Jan 4 02:05:29 localhost pppd[627]: remote IP address 192.168.5.230 > Jan 4 02:05:35 localhost pppd[627]: MPPE 128 bit, stateless compression > enabled > Jan 4 02:05:36 localhost pppd[627]: MPPE 128 bit, stateless compression > enabled > Jan 4 02:05:50 localhost pptpd[626]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jan 4 02:05:50 localhost pppd[627]: LCP terminated by peer > (C!~.^@ Jan 4 02:05:50 localhost pppd[627]: Modem hangup > Jan 4 02:05:50 localhost pppd[627]: Connection terminated. > Jan 4 02:05:50 localhost pppd[627]: Connect time 0.4 minutes. > Jan 4 02:05:50 localhost pppd[627]: Sent 867 bytes, received 9984 bytes. > Jan 4 02:05:50 localhost pppd[627]: Exit. > Jan 4 02:05:50 localhost pptpd[626]: GRE: read error: Bad file descriptor > Jan 4 02:05:50 localhost pptpd[626]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Jan 4 02:05:50 localhost pptpd[626]: CTRL: Client 216.67.70.108 control > connection finished > > > ############################################################################ > ########## > Debug Log #2 > > Jan 4 02:20:40 localhost pptpd[639]: CTRL: Client 216.67.70.108 control > connection started > Jan 4 02:20:40 localhost pptpd[639]: CTRL: Starting call (launching pppd, > opening GRE) > Jan 4 02:20:40 localhost pppd[640]: pppd 2.3.11 started by root, uid 0 > Jan 4 02:20:40 localhost pppd[640]: Using interface ppp0 > Jan 4 02:20:40 localhost pppd[640]: Connect: ppp0 <--> /dev/pts/0 > Jan 4 02:20:41 localhost pptpd[639]: Buffering out-of-order packet; got 1 > after 4294967295 > Jan 4 02:20:41 localhost pptpd[639]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jan 4 02:20:41 localhost pppd[640]: MSCHAP-v2 peer authentication succeeded > for vpnclient1 > Jan 4 02:20:41 localhost pptpd[639]: Buffering out-of-order packet; got 9 > after 7 > Jan 4 02:20:41 localhost pppd[640]: found interface eth0 for proxy arp > Jan 4 02:20:41 localhost pppd[640]: local IP address 192.168.4.244 > Jan 4 02:20:41 localhost pppd[640]: remote IP address 192.168.5.230 > Jan 4 02:20:48 localhost pppd[640]: MPPE 128 bit, stateless compression > enabled > Jan 4 02:20:49 localhost pppd[640]: Unsupported protocol 0x3017 received > Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0x409b received > Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0xf243 received > Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0xa04d received > Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0xecc8 received > Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0x6590 received > Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0x11a2 received > Jan 4 02:20:52 localhost pppd[640]: MPPE 128 bit, stateless compression > enabled > Jan 4 02:22:00 localhost pptpd[639]: Buffering out-of-order packet; got 103 > after 101 > Jan 4 02:23:18 localhost pptpd[639]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jan 4 02:23:18 localhost pppd[640]: LCP terminated by peer > (^]M-(w[^@ Jan 4 02:23:18 localhost pppd[640]: Modem hangup > Jan 4 02:23:18 localhost pppd[640]: Connection terminated. > Jan 4 02:23:18 localhost pppd[640]: Connect time 2.7 minutes. > Jan 4 02:23:18 localhost pppd[640]: Sent 1743 bytes, received 13495 bytes. > Jan 4 02:23:18 localhost pppd[640]: Exit. > Jan 4 02:23:18 localhost pptpd[639]: GRE: read error: Bad file descriptor > Jan 4 02:23:18 localhost pptpd[639]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Jan 4 02:23:18 localhost pptpd[639]: CTRL: Client 216.67.70.108 control > connection finished > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From blowy at pi.be Thu Jan 4 17:00:58 2001 From: blowy at pi.be (blowy) Date: Fri, 5 Jan 2001 00:00:58 +0100 Subject: Fw: [pptp-server] ipx multiple connections Message-ID: <000701c076a2$33a4ed00$0301000a@roma> Anybody ? ----- Original Message ----- From: "blowy" To: Sent: Monday, December 11, 2000 7:04 PM Subject: [pptp-server] ipx multiple connections > Hello, > > I can't get pptpd working to accept multiple pptp ipx connections. I read > the previous messages on the list, but couldn't find an answer. Is there > anybody with the same problems or anyone who fixed it ? > > > Thanks, > blowy > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From amith.varghese at tallan.com Thu Jan 4 20:48:27 2001 From: amith.varghese at tallan.com (Varghese, Amith) Date: Thu, 4 Jan 2001 21:48:27 -0500 Subject: [pptp-server] poptop and win2k client... Message-ID: <7917C9BA5323D3118091009027856EA901D9582D@exchange.tallan.com> Jerry: comments are denoted by %% Thanks Amith -----Original Message----- From: Jerry Vonau Sent: Thursday, January 04, 2001 9:18 PM To: Varghese, Amith Subject: Re: [pptp-server] poptop and win2k client... Amith: ##So let me get this straight only 1 nic right?? %%Yes only one ethernet card >> How does it reach it, muti-networks on the same wire?? ## OK the 255.255.254.0 joins the to 192.168.4-5. together ##that is how the 2 sets of addresses talk to each other I think. %%Yest this is correct >> Can you ping 192.168.5.x from the pptp server? >> If you can't, add a route for it ++ From the pptp server I can ping addresses on 192.168.5.x. ++ In fact if I do a traceroute to 192.168.5.221, I get ++ 1 192.168.5.221 (192.168.5.221) 0.664ms 0.319ms 0.293ms ++ I know its strange, but thats the way our IT has set it up. ++ The default gateway of the anything on 192.168.4.x and 192.168.5.x ++ is 192.168.4.1 The pool of available address that i have to give out to clients is 192.168.5.230-240. I followed the configuration details in http://www.vibrationresearch.com/pptpd/example.html and got everything up and running. However, when I try to connect from my ISP (outside the network), I can only connect intermittently. At the bottom of my message is my debug log. When I try to connect (and when it fails) I get errors that can be found in debug log #1. However if I keep trying, eventually I will connect. However, then I start getting errors in debug log #2. Once I do connect, however, I can not ping anything except for the IP that the VPN server gave me. ## see ipchains below I'm not sure if this has anything to do with the fact that my VPN server is on a different subnet then my client IP pool. >> yes, may be an ipchains and/or arp issue >> What are your ipchain rules? >> Most problems are caused by them. >> proxyarp works but only for the local lan. 192.168.4.x ## incorrect it should with the subnet mask that you have >> Could you do a arp -an >> Could you do a cat /proc/sys/net/ipv4/conf/eth0/proxy_arp >> Could you do a cat /proc/sys/net/ipv4/conf/all/proxy_arp >> and tell me the output >> A small drawing of your layout can help to understand your network. >>eth0=192.168.4.244 goes to PIX firewall ?? >>eth1=192.168.5.x goes to LAN ?? ++ /sbin/ipchains -P forward DENY ++ /sbin/ipchains -P output DENY ++ /sbin/ipchains -P input DENY ++ ++ /sbin/ipchains -A input -i eth0 -s 192.168.1.0/255.255.252.0 -j ACCEPT ## do you use this for ipsec?? %% I do not use IPSEC since my outside address is NATed. %% but i have holes open for it. I guess i should really %% close them. If you are referring to why i have %% 192.168.1.0 in the above rule it is because 192.168.1.x %% is another subnet on our network. however this network %% can only be reached by going to the 192.168.4.1 router. ++ /sbin/ipchains -A input -i eth0 -s 192.168.4.0/255.255.254.0 -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -p TCP -d 0.0.0.0/0 22 -j ACCEPT ## what is this for ssh?? ## I think you need a matching output rule. %% I don't think I need an output rule because I allow anything %% out that comes from the 192.168.4.x network (including the %% ssh machine which is 192.168.4.244. I use ssh on the outside %% address and it seems to work ++ /sbin/ipchains -A input -i lo -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -p TCP ! -y -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -s 172.16.0.0/255.255.0.0 -j ACCEPT ++ /sbin/ipchains -A output -i eth0 -s 192.168.1.0/255.255.252.0 -d 0.0.0.0/0 -j ACCEPT ## do you use this for ipsec?? %% the 172.16.0.0 rule is for a vpn that we have set up on another pix %% - fun stuff right :). Its a vpn to our production environment. That %% vpn is using the PIX firewall (hardware on both ends) and is completely %% transparent to the PPTP server ++ /sbin/ipchains -A output -i eth0 -s 192.168.4.0/255.255.254.0 -d 0.0.0.0/0 -j ACCEPT ++ /sbin/ipchains -A output -i lo -j ACCEPT ##add: ##sbin/ipchains -A forward -i eth0 -s 192.168.4.0/255.255.254.0 -j ACCEPT ##sbin/ipchains -A forward -i ppp+ -s 192.168.4.0/255.255.254.0 -j ACCEPT ##you need this to forward the ppp connections, must load before any masq statements. %% The other two statements make complete sense. I don't see %% why i left them out. thank you for pointing that out. ++ /sbin/ipchains -A forward -i eth0 -s 192.168.5.230/255.255.255.240 -j MASQ ## Why the different netmask?? ## What are you trying to masq?? %% i will remove the MASQ statement... that was left over from an old %% test. ++ ++ # VPN stuff ++ /sbin/ipchains -A input -i eth0 -p udp -d 192.168.4.244/255.255.255.255 500 -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -p 50 -d 192.168.4.244/255.255.255.255 -j ACCEPT ##are you doing ipsec stuff?? %% again i'm not using ipsec, i'll take it out ++ /sbin/ipchains -A input -i eth0 -p tcp -d 192.168.4.244/255.255.255.255 1723 -j ACCEPT ++ /sbin/ipchains -A input -i eth0 -p 47 -d 192.168.4.244/255.255.255.255 -j ACCEPT ++ arp -an ++ ? (192.168.4.247) at 00:B0:D0:59:EA:2E [ether] on eth0 ++ why is 4.247 here and not 4.244? That seems strange ## You should not see your stuff just other machines. ## arp runs a cache it expires after a while. ##ping a few hosts on the 4and5 networks and rerun the arp -na ##you should see the ip's of the pinged hosts ++ cat /proc/sys/net/ipv4/conf/eth0/proxy_arp ++ 0 ++ cat /proc/sys/net/ipv4/conf/all/proxy_arp ++ 0 ++ 192.168.4.244 is the pptp server and goes to the gateway which is 192.168.4.1. ++ To reach a machine on 192.168.5.x from the 4.x network it doesn't have to goto ++ the router. The gateway machine is a cisco router. I don't know offhand what ++ ----------------- -------------- ---------------------- ++ | 192.168.4.244 | ---- | 192.168.4.1 | -------- | Internal IP of PIX | ++ ----------------- -------------- ---------------------- ++ pptp server router ++ there is a DMZ zone on the pix (don't know what the IP is either) ++ and then there is an outside address of the pix which is connected to the internet Also, one of the other things about my setup is that the public IP address that I connect to from my ISP is actually an address that a PIX firewall NATs to my internal machine (the PIX allows everything through- including GRE and any needed PPTP control packets). I am attaching all of my relevant configuration files. Any help would be appreciated. ++ Please let me know if there is any additional information you need ## Eth0 is the only nic right?? %% yes ##Jerry Vonau From djm at wiz.net.au Fri Jan 5 05:17:13 2001 From: djm at wiz.net.au (David Moylan) Date: Fri, 5 Jan 2001 22:17:13 +1100 Subject: [pptp-server] poptop and win2k client... References: <7917C9BA5323D3118091009027856EA901D95827@exchange.tallan.com> Message-ID: <001601c07709$0f918560$1464a8c0@dmoylan> no idea. i don't use PPTP under win2k (as a server) and therefore can't assist. i was referring to tracing from the linux box back to the clients cheers, Wiz!! ----- Original Message ----- From: "Varghese, Amith" To: "'David Moylan'" ; Sent: Friday, January 05, 2001 3:16 AM Subject: RE: [pptp-server] poptop and win2k client... > Is there a version for win2k? i have cygwin and i managed to get traceroute > to compile on the win2k machine (by fudging some of the code). However it > doesn't seem to work at all. any ideas? > > thanks > amith > > -----Original Message----- > From: David Moylan > Sent: Thursday, January 04, 2001 6:12 AM > To: Varghese, Amith; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] poptop and win2k client... > > > i would be getting the GRE patched version of traceroute > and tracing from the client to the server. > > the PIX firewall may not be letting GRE through. > > having NAT upstream doesn't help things at all either. > > cheers, Wiz!! > > ----- Original Message ----- > From: "Varghese, Amith" > To: > Sent: Thursday, January 04, 2001 5:41 PM > Subject: [pptp-server] poptop and win2k client... > > > > I'm having some problems getting my VPN set up with poptop. sometimes i > can > > connect and sometimes i can't. here is my information: > > > > I'm running poptop on a red hat 6.1 machine with the kernel version > 2.2.18. > > I'm running poptop version 1.1.2 and pppd version 2.3.11. My internal IP > of > > the VPN server is 192.168.4.244 and i have a network mask of 255.255.254.0 > > (to reach the 192.168.5.x subnet does not require me to go through a > > router). The pool of available address that i have to give out to clients > > is 192.168.5.230-240. I followed the configuration details in > > http://www.vibrationresearch.com/pptpd/example.html and got everything up > > and running. However, when I try to connect from my ISP (outside the > > network), I can only connect intermittently. At the bottom of my message > is > > my debug log. When I try to connect (and when it fails) I get errors that > > can be found in debug log #1. However if I keep trying, eventually I will > > connect. However, then I start getting errors in debug log #2. Once I do > > connect, however, I can not ping anything except for the IP that the VPN > > server gave me. I'm not sure if this has anything to do with the fact > that > > my VPN server is on a different subnet then my client IP pool. Also, one > of > > the other things about my setup is that the public IP address that I > connect > > to from my ISP is actually an address that a PIX firewall NATs to my > > internal machine (the PIX allows everything through- including GRE and any > > needed PPTP control packets). I am attaching all of my relevant > > configuration files. Any help would be appreciated. > > > > Thanks > > Amith > > > > > ############################################################################ > > ########## > > route on VPN server > > > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use Iface > > 192.168.4.244 * 255.255.255.255 UH 0 0 eth0 > > 192.168.4.0 * 255.255.254.0 U 0 0 > > eth0 > > 127.0.0.0 * 255.0.0.0 U 0 0 > > lo > > default 192.168.4.1 0.0.0.0 UG 0 0 > > eth0 > > > > > > > ############################################################################ > > ########## > > /etc/conf.modules > > > > alias tty-ldisc-3 ppp_async > > alias char-major-108 off > > alias ppp-compress-18 ppp_mppe > > alias ppp-compress-21 bsd_comp > > alias ppp-compress-24 ppp_deflate > > alias ppp-compress-26 ppp_deflate > > > > > > > ############################################################################ > > ########## > > /etc/pptpd.conf > > > > debug > > localip 192.168.4.244 > > remoteip 192.168.5.230-240 > > > > > ############################################################################ > > ########## > > /etc/chap-secrets > > > > # Secrets for authentication using CHAP > > # client server secret IP addresses > > vpnclient1 gateway secret 192.168.5.230 > > vpnclient2 gateway secret 192.168.5.231 > > vpnclient3 gateway secret 192.168.5.232 > > vpnclient4 gateway secret 192.168.5.233 > > vpnclient5 gateway secret 192.168.5.234 > > vpnclient6 gateway secret 192.168.5.235 > > vpnclient7 gateway secret 192.168.5.236 > > vpnclient8 gateway secret 192.168.5.237 > > vpnclient9 gateway secret 192.168.5.238 > > vpnclient10 gateway secret 192.168.5.239 > > vpnclient11 gateway secret 192.168.5.240 > > > > > > > ############################################################################ > > ########## > > /etc/ppp/options > > > > debug > > name gateway > > mtu 1450 > > mru 1450 > > auth > > require-chap > > +chap > > +chapms > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > ms-dns 192.168.2.251 > > ms-dns 192.168.2.252 > > ms-wins 192.168.2.251 > > ms-wins 192.168.2.252 > > proxyarp > > 192.168.4.244: > > > > > > > ############################################################################ > > ########## > > route print on w2k client after connecting to vpn. I removed my public IP > > address of the pptp server > > > > > =========================================================================== > > Interface List > > 0x1 ........................... MS TCP Loopback interface > > 0x1000003 ...00 b0 d0 59 ea 2e ...... 3Com EtherLink PCI > > 0x1000004 ...00 10 a4 c2 eb c7 ...... Xircom CardBus Ethernet 10/100 > Adapter > > 0xe000005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface > > 0xf000006 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface > > > =========================================================================== > > > =========================================================================== > > Active Routes: > > Network Destination Netmask Gateway Interface > Metric > > 0.0.0.0 0.0.0.0 192.168.5.230 192.168.5.230 > 1 > > 0.0.0.0 0.0.0.0 216.67.70.108 216.67.70.108 > 2 > > 255.255.255.255 216.67.70.108 216.67.70.108 > > 1 > > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 > 1 > > 192.168.4.244 255.255.255.255 192.168.5.230 192.168.5.230 > 1 > > 192.168.5.230 255.255.255.255 127.0.0.1 127.0.0.1 > 1 > > 192.168.5.255 255.255.255.255 192.168.5.230 192.168.5.230 > 1 > > 216.67.11.1 255.255.255.255 216.67.70.108 216.67.70.108 > 1 > > 216.67.70.108 255.255.255.255 127.0.0.1 127.0.0.1 > 1 > > 216.67.70.255 255.255.255.255 216.67.70.108 216.67.70.108 > 1 > > 224.0.0.0 224.0.0.0 192.168.5.230 192.168.5.230 > 1 > > 224.0.0.0 224.0.0.0 216.67.70.108 216.67.70.108 > 1 > > 255.255.255.255 255.255.255.255 192.168.5.230 1000003 > 1 > > Default Gateway: 192.168.5.230 > > > =========================================================================== > > Persistent Routes: > > None > > > > > > > ############################################################################ > > ########## > > Debug Log #1 > > > > Jan 4 02:04:42 localhost kernel: PPP line discipline registered. > > Jan 4 02:04:42 localhost kernel: PPP MPPE compression module registered > > Jan 4 02:04:42 localhost kernel: PPP BSD Compression module registered > > Jan 4 02:04:42 localhost kernel: PPP Deflate Compression module > registered > > Jan 4 02:04:59 localhost PAM_pwdb[603]: (login) session opened for user > > root by LOGIN(uid=0) > > Jan 4 02:05:27 localhost pptpd[626]: CTRL: Client 216.67.70.108 control > > connection started > > Jan 4 02:05:29 localhost pptpd[626]: CTRL: Starting call (launching pppd, > > opening GRE) > > Jan 4 02:05:29 localhost kernel: registered device ppp0 > > Jan 4 02:05:29 localhost pppd[627]: pppd 2.3.11 started by root, uid 0 > > Jan 4 02:05:29 localhost pppd[627]: Using interface ppp0 > > Jan 4 02:05:29 localhost pppd[627]: Connect: ppp0 <--> /dev/pts/0 > > Jan 4 02:05:29 localhost pptpd[626]: CTRL: Ignored a SET LINK INFO packet > > with real ACCMs! > > Jan 4 02:05:29 localhost pppd[627]: MSCHAP-v2 peer authentication > succeeded > > for vpnclient1 > > Jan 4 02:05:29 localhost pppd[627]: found interface eth0 for proxy arp > > Jan 4 02:05:29 localhost pppd[627]: local IP address 192.168.4.244 > > Jan 4 02:05:29 localhost pppd[627]: remote IP address 192.168.5.230 > > Jan 4 02:05:35 localhost pppd[627]: MPPE 128 bit, stateless compression > > enabled > > Jan 4 02:05:36 localhost pppd[627]: MPPE 128 bit, stateless compression > > enabled > > Jan 4 02:05:50 localhost pptpd[626]: CTRL: Ignored a SET LINK INFO packet > > with real ACCMs! > > Jan 4 02:05:50 localhost pppd[627]: LCP terminated by peer > > (C!~.^@ > Jan 4 02:05:50 localhost pppd[627]: Modem hangup > > Jan 4 02:05:50 localhost pppd[627]: Connection terminated. > > Jan 4 02:05:50 localhost pppd[627]: Connect time 0.4 minutes. > > Jan 4 02:05:50 localhost pppd[627]: Sent 867 bytes, received 9984 bytes. > > Jan 4 02:05:50 localhost pppd[627]: Exit. > > Jan 4 02:05:50 localhost pptpd[626]: GRE: read error: Bad file descriptor > > Jan 4 02:05:50 localhost pptpd[626]: CTRL: PTY read or GRE write failed > > (pty,gre)=(-1,-1) > > Jan 4 02:05:50 localhost pptpd[626]: CTRL: Client 216.67.70.108 control > > connection finished > > > > > > > ############################################################################ > > ########## > > Debug Log #2 > > > > Jan 4 02:20:40 localhost pptpd[639]: CTRL: Client 216.67.70.108 control > > connection started > > Jan 4 02:20:40 localhost pptpd[639]: CTRL: Starting call (launching pppd, > > opening GRE) > > Jan 4 02:20:40 localhost pppd[640]: pppd 2.3.11 started by root, uid 0 > > Jan 4 02:20:40 localhost pppd[640]: Using interface ppp0 > > Jan 4 02:20:40 localhost pppd[640]: Connect: ppp0 <--> /dev/pts/0 > > Jan 4 02:20:41 localhost pptpd[639]: Buffering out-of-order packet; got 1 > > after 4294967295 > > Jan 4 02:20:41 localhost pptpd[639]: CTRL: Ignored a SET LINK INFO packet > > with real ACCMs! > > Jan 4 02:20:41 localhost pppd[640]: MSCHAP-v2 peer authentication > succeeded > > for vpnclient1 > > Jan 4 02:20:41 localhost pptpd[639]: Buffering out-of-order packet; got 9 > > after 7 > > Jan 4 02:20:41 localhost pppd[640]: found interface eth0 for proxy arp > > Jan 4 02:20:41 localhost pppd[640]: local IP address 192.168.4.244 > > Jan 4 02:20:41 localhost pppd[640]: remote IP address 192.168.5.230 > > Jan 4 02:20:48 localhost pppd[640]: MPPE 128 bit, stateless compression > > enabled > > Jan 4 02:20:49 localhost pppd[640]: Unsupported protocol 0x3017 received > > Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0x409b received > > Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0xf243 received > > Jan 4 02:20:50 localhost pppd[640]: Unsupported protocol 0xa04d received > > Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0xecc8 received > > Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0x6590 received > > Jan 4 02:20:51 localhost pppd[640]: Unsupported protocol 0x11a2 received > > Jan 4 02:20:52 localhost pppd[640]: MPPE 128 bit, stateless compression > > enabled > > Jan 4 02:22:00 localhost pptpd[639]: Buffering out-of-order packet; got > 103 > > after 101 > > Jan 4 02:23:18 localhost pptpd[639]: CTRL: Ignored a SET LINK INFO packet > > with real ACCMs! > > Jan 4 02:23:18 localhost pppd[640]: LCP terminated by peer > > (^]M-(w[^@ > Jan 4 02:23:18 localhost pppd[640]: Modem hangup > > Jan 4 02:23:18 localhost pppd[640]: Connection terminated. > > Jan 4 02:23:18 localhost pppd[640]: Connect time 2.7 minutes. > > Jan 4 02:23:18 localhost pppd[640]: Sent 1743 bytes, received 13495 > bytes. > > Jan 4 02:23:18 localhost pppd[640]: Exit. > > Jan 4 02:23:18 localhost pptpd[639]: GRE: read error: Bad file descriptor > > Jan 4 02:23:18 localhost pptpd[639]: CTRL: PTY read or GRE write failed > > (pty,gre)=(-1,-1) > > Jan 4 02:23:18 localhost pptpd[639]: CTRL: Client 216.67.70.108 control > > connection finished > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From Michael.Kranz at suse.de Fri Jan 5 07:35:31 2001 From: Michael.Kranz at suse.de (Michael Kranz) Date: Fri, 05 Jan 2001 14:35:31 +0100 Subject: [pptp-server] Failing encrypted PPTPD connections Message-ID: <3A55CDA3.F65B33E0@suse.de> Hi, we're facing serious problems connecting Win2K-clients over encrypted PPTPD with our Linux boxes. We've seen similar entries in your mailing-list. As we need a solution quickly and as we probably have to evaluate possible alternatives, we need an answer to the following question: Is it definitely so, that a lost GRE-packet over an _encrypted_ VPN connection makes the tunnel inoperable? Or do you know of a patch or an intermediate solution? Follows the problem description in detail: (1) The PC is a Win2K box with 128-Bit Patch, the PPTPD server is running SuSE 7.0, PPPD 2.3.11 and PPTPD 1.1.2. (2) Configuration (see attached protocol): at 12:07 the direct analog connection is established between: PC <--> Cisco An automatic forwarding establishes the VPN tunnel to our firewall, which runs the PPTPD: PC <--> Cisco <--> Firewall <--> Target The connection has as IPs 172.20.70.3 (PC) 172.20.0.250 (Firewall / Interface to Target) 172.31.254.254 (Firewall / Interface to Cisco-Transfernet) 172.20.0.X (Target) (3) The connection is working. At 12:09 the client starts a webinterface to mailserver (172.20.0.3); during the login process no response comes back, s. attachment near 12:09:47, where you'll see the out-of-order packets. From this time on, the tunnel is dead, despite the fact, that packets continue to be exchanged, until the connection is ended by the user at 12:32. Many thanks in advance Michael -- -- --------------------------------------------------------------- SuSE Linux Solutions AG Mail: Michael.Kranz at suse.de Geschaeftsstelle Rhein/Ruhr Phone: 02241 / 929 17-26 Marie-Curie-Str. 11-17 Fax: 02241 / 314 599 D-53757 St. Augustin --------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: messages.1.gz Type: application/octet-stream Size: 11558 bytes Desc: not available URL: From phil at vibrationresearch.com Fri Jan 5 09:54:32 2001 From: phil at vibrationresearch.com (Philip Van Baren) Date: Fri, 5 Jan 2001 10:54:32 -0500 Subject: [pptp-server] Failing encrypted PPTPD connections In-Reply-To: <3A55CDA3.F65B33E0@suse.de> Message-ID: <000801c0772f$cb8da5c0$4500a8c0@vibrationresearch.com> This is a bug in the ppp_mppe module, for which a fix has been posted. From toma at rulez.org Fri Jan 5 10:50:48 2001 From: toma at rulez.org (Tamas SZERB) Date: Fri, 5 Jan 2001 17:50:48 +0100 (CET) Subject: [pptp-server] the UW7 port of the pptpd Message-ID: is located at: http://alabama.rulez.org/~toma/sco/pptp/ -- VWOL Tamas SZERB GPG public key: http://alabama.rulez.org/~toma/gpgkey-toma.asc From brentd at cicada-semi.com Fri Jan 5 11:51:17 2001 From: brentd at cicada-semi.com (Brent DiNicola) Date: Fri, 5 Jan 2001 11:51:17 -0600 Subject: [pptp-server] Win95/Win98 (First Edition) Message-ID: Ok, Here is the deal, I have researched and looked and cannot figure out how to get the Win95 or Win98 (First Edition) to do 128-bit encryption. I know that there used to be a MS link to download that but it's been defunct for almost a year now. Does Anyone out there have 128-bit encryption working for either of these, if so.. how. I have to use 128-bit encryption, we don't allow lower encryption. Anything that can point me in the right direction would be helpfull, most importantly if someone has the old 128-bit encryption for these two that would be super. I know it works, if you have it installed, I know MS doesn't have it for these two anymore, so I just need to know how it was done by people out there, and if possible what they did it with. Thanks for any help ahead of time! Brent From palliett at accurcast.com Fri Jan 5 14:57:15 2001 From: palliett at accurcast.com (Peter Alliett) Date: Fri, 5 Jan 2001 15:57:15 -0500 Subject: [pptp-server] NetWare 5 IP Connectivity Message-ID: Has anyone been able to connect to a NetWare 5 box running pure IP, I am able to ping the box through my VPN but I can not see the tree. Secondly does PopTop support IPX/SPX connections. Thanks, Peter From harvey at info-objects.com Sat Jan 6 02:20:25 2001 From: harvey at info-objects.com (Harvey Bath) Date: Sat, 6 Jan 2001 00:20:25 -0800 Subject: [pptp-server] I want to sign off this mailing list. References: Message-ID: <000a01c077b9$85d02640$0b0a0a0a@titu> Hi! I will really appreicate if somebody let me know how I can sign off this mailing list.. Harvey From palliett at accurcast.com Sat Jan 6 10:12:54 2001 From: palliett at accurcast.com (Peter Alliett) Date: Sat, 6 Jan 2001 11:12:54 -0500 Subject: [pptp-server] Accessing NW5 box through PopTop Message-ID: I got it to work. If anyone cares to know how it requires loading slpda on the server and setting the clients service location to static and putting in the IP address of the NW5 box. Peter From jkreger at avidsolutionsinc.com Sat Jan 6 11:13:19 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Sat, 6 Jan 2001 12:13:19 -0500 Subject: [pptp-server] Linux 2.4/pppd 2.4 Message-ID: <6B8A85826C35D31193BD0090278589C81DEF93@CIC-EXCHANGE> Anybody working on porting the patch to pppd 2.4 and to linux 2.4? From vgill at technologist.com Sat Jan 6 17:30:14 2001 From: vgill at technologist.com (Gill, Vern) Date: Sat, 6 Jan 2001 15:30:14 -0800 Subject: [pptp-server] Client Script Message-ID: <8D043DEA73DFD411958A00A0C90AB7607B89@pptp.gillnet.org> I remember someone posting a client connect script that they were using with the linux client. Can that be posted again? Alos, does it handle the route statements? Thanks. From GeorgeV at citadelcomputer.com.au Sun Jan 7 02:05:17 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sun, 7 Jan 2001 19:05:17 +1100 Subject: [pptp-server] Client Script Message-ID: <200FAA488DE0D41194F10010B597610D96B9@JUPITER> I have a start up script for RedHat and a manual script. Don't want to paste the whole thing to everybody on the list so if anybody wants either please ask.. thanks, George Vieira -----Original Message----- From: Gill, Vern [mailto:vgill at technologist.com] Sent: Sunday, January 07, 2001 10:30 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] Client Script I remember someone posting a client connect script that they were using with the linux client. Can that be posted again? Alos, does it handle the route statements? Thanks. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From jason at sohonetworks.cc Sun Jan 7 09:04:35 2001 From: jason at sohonetworks.cc (Jason Osborne) Date: Sun, 7 Jan 2001 09:04:35 -0600 Subject: [pptp-server] Poptop won't allow connections Message-ID: Ok, I'm running the latest versions of PopTop and PPPd along with Linux 2.2.17. Found some faq somewhere. Set it up on my server and it works fine. I have PopTop on ppp0 and then eth0 is lan and eth1 is dsl. My friend thought that the vpn stuff was cool so he asked me to install poptop. Ok, here is the problem. When he is connected with his isdn (ppp0), for some reason PopTop fails but when I try connecting without the isdn dialup connected, PopTop uses ppp0 and connects fine. Why would PopTop fail when its pushed to ppp1+ if it works fine on ppp0? The log is included. Let me know if ya need to see one of the configs. Oct 25 10:10:01 legacycarpets pptpd[15277]: MGR: Launching /usr/sbin/pptpctrl to handle client Oct 25 10:10:01 legacycarpets pptpd[15277]: CTRL: local address = 192.168.0.50 Oct 25 10:10:01 legacycarpets pptpd[15277]: CTRL: remote address = 192.168.1.50 Oct 25 10:10:01 legacycarpets pptpd[15277]: CTRL: pppd speed = 115200 Oct 25 10:10:01 legacycarpets pptpd[15277]: CTRL: pppd options file = /etc/ppp/options.vpn Oct 25 10:10:01 legacycarpets pptpd[15277]: CTRL: Client 4.40.159.70 control connection started Oct 25 10:10:01 legacycarpets pptpd[15277]: CTRL: Received PPTP Control Message (type: 1) Oct 25 10:10:01 legacycarpets pptpd[15277]: CTRL: Made a START CTRL CONN RPLY packet Oct 25 10:10:01 legacycarpets pptpd[15277]: CTRL: I wrote 156 bytes to the client. Oct 25 10:10:01 legacycarpets pptpd[15277]: CTRL: Sent packet to client Oct 25 10:10:04 legacycarpets pptpd[15277]: CTRL: Received PPTP Control Message (type: 7) Oct 25 10:10:04 legacycarpets pptpd[15277]: CTRL: Set parameters to 0 maxbps, 16 window size Oct 25 10:10:04 legacycarpets pptpd[15277]: CTRL: Made a OUT CALL RPLY packet Oct 25 10:10:04 legacycarpets pptpd[15277]: CTRL: Starting call (launching pppd, opening GRE) Oct 25 10:10:04 legacycarpets pptpd[15277]: CTRL: pty_fd = 6 Oct 25 10:10:04 legacycarpets pptpd[15277]: CTRL: tty_fd = 7 Oct 25 10:10:04 legacycarpets pptpd[15290]: CTRL (PPPD Launcher): Connection speed = 115200 Oct 25 10:10:04 legacycarpets pptpd[15290]: CTRL (PPPD Launcher): local address = 192.168.0.50 Oct 25 10:10:04 legacycarpets pptpd[15290]: CTRL (PPPD Launcher): remote address = 192.168.1.50 Oct 25 10:10:04 legacycarpets pptpd[15277]: CTRL: I wrote 32 bytes to the client. Oct 25 10:10:04 legacycarpets pptpd[15277]: CTRL: Sent packet to client Oct 25 10:10:04 legacycarpets pppd[15290]: pppd 2.3.10 started by root, uid 0 Oct 25 10:10:04 legacycarpets pppd[15290]: Using interface ppp1 Oct 25 10:10:04 legacycarpets pppd[15290]: Connect: ppp1 <--> /dev/pts/3 Oct 25 10:10:04 legacycarpets pppd[15290]: sent [LCP ConfReq id=0x1 ] Oct 25 10:10:04 legacycarpets pppd[15290]: rcvd [LCP ConfReq id=0x1 ] Oct 25 10:10:04 legacycarpets pppd[15290]: sent [LCP ConfAck id=0x1 ] Oct 25 10:10:05 legacycarpets pppd[15290]: rcvd [LCP ConfAck id=0x1 ] Oct 25 10:10:05 legacycarpets pppd[15290]: sent [CHAP Challenge id=0x1 , name = "server"] Oct 25 10:10:05 legacycarpets pppd[15290]: rcvd [CHAP Response id=0x1 <60af5cae9da6328bea5b20500e1eaa32>, name = "rage"] Oct 25 10:10:05 legacycarpets pppd[15290]: sent [CHAP Success id=0x1 "Welcome to server."] Oct 25 10:10:05 legacycarpets pppd[15290]: sent [IPCP ConfReq id=0x1 ] Oct 25 10:10:05 legacycarpets pppd[15290]: sent [CCP ConfReq id=0x1 ] Oct 25 10:10:05 legacycarpets pppd[15290]: CHAP peer authentication succeeded for rage Oct 25 10:10:05 legacycarpets pppd[15290]: rcvd [IPCP ConfReq id=0x1 ] Oct 25 10:10:05 legacycarpets pppd[15290]: sent [IPCP ConfNak id=0x1 ] Oct 25 10:10:05 legacycarpets pppd[15290]: rcvd [CCP ConfReq id=0x1 < 12 06 01 00 00 01> < 11 05 00 01 04>] Oct 25 10:10:05 legacycarpets pppd[15290]: sent [CCP ConfRej id=0x1 < 12 06 01 00 00 01> < 11 05 00 01 04>] Oct 25 10:10:05 legacycarpets pppd[15290]: rcvd [IPCP ConfAck id=0x1 ] Oct 25 10:10:05 legacycarpets pppd[15290]: rcvd [CCP ConfRej id=0x1 ] Oct 25 10:10:05 legacycarpets pppd[15290]: sent [CCP ConfReq id=0x2] Oct 25 10:10:06 legacycarpets pppd[15290]: rcvd [IPCP ConfReq id=0x2 ] Oct 25 10:10:06 legacycarpets pppd[15290]: sent [IPCP ConfAck id=0x2 ] Oct 25 10:10:06 legacycarpets pppd[15290]: Could not determine local IP address Oct 25 10:10:06 legacycarpets pppd[15290]: sent [IPCP TermReq id=0x2 "Could not determine local IP address"] Oct 25 10:10:06 legacycarpets pppd[15290]: rcvd [CCP ConfAck id=0x2] Oct 25 10:10:06 legacycarpets pppd[15290]: rcvd [IPCP TermAck id=0x2] Oct 25 10:10:06 legacycarpets pppd[15290]: sent [LCP TermReq id=0x2 "No network protocols running"] Oct 25 10:10:06 legacycarpets pppd[15290]: rcvd [LCP TermAck id=0x2] Oct 25 10:10:06 legacycarpets pppd[15290]: Connection terminated. Oct 25 10:10:06 legacycarpets pppd[15290]: Connect time 0.1 minutes. Oct 25 10:10:06 legacycarpets pppd[15290]: Sent 460 bytes, received 403 bytes. Oct 25 10:10:06 legacycarpets pppd[15290]: Exit. Oct 25 10:10:06 legacycarpets pptpd[15277]: GRE: read(fd=6,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/output error Oct 25 10:10:06 legacycarpets pptpd[15277]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) Oct 25 10:10:06 legacycarpets pptpd[15277]: CTRL: Client 4.40.159.70 control connection finished Oct 25 10:10:06 legacycarpets pptpd[15277]: CTRL: Exiting now Oct 25 10:10:06 legacycarpets pptpd[15265]: MGR: Reaped child 15277 Oct 25 10:12:02 legacycarpets pptpd[15311]: MGR: Launching /usr/sbin/pptpctrl to handle client Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: local address = 192.168.0.51 Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: remote address = 192.168.1.51 Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: pppd speed = 115200 Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: pppd options file = /etc/ppp/options.vpn Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: Client 4.40.159.70 control connection started Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: Received PPTP Control Message (type: 1) Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: Made a START CTRL CONN RPLY packet Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: I wrote 156 bytes to the client. Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: Sent packet to client Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: Received PPTP Control Message (type: 7) Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: Set parameters to 0 maxbps, 16 window size Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: Made a OUT CALL RPLY packet Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: Starting call (launching pppd, opening GRE) Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: pty_fd = 6 Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: tty_fd = 7 Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: I wrote 32 bytes to the client. Oct 25 10:12:02 legacycarpets pptpd[15311]: CTRL: Sent packet to client Oct 25 10:12:02 legacycarpets pptpd[15312]: CTRL (PPPD Launcher): Connection speed = 115200 Oct 25 10:12:02 legacycarpets pptpd[15312]: CTRL (PPPD Launcher): local address = 192.168.0.51 Oct 25 10:12:02 legacycarpets pptpd[15312]: CTRL (PPPD Launcher): remote address = 192.168.1.51 Oct 25 10:12:03 legacycarpets pppd[15312]: pppd 2.3.10 started by root, uid 0 Oct 25 10:12:03 legacycarpets pppd[15312]: Using interface ppp1 Oct 25 10:12:03 legacycarpets pppd[15312]: Connect: ppp1 <--> /dev/pts/3 Oct 25 10:12:03 legacycarpets pppd[15312]: sent [LCP ConfReq id=0x1 ] Oct 25 10:12:03 legacycarpets pppd[15312]: rcvd [LCP ConfReq id=0x1 ] Oct 25 10:12:03 legacycarpets pppd[15312]: sent [LCP ConfAck id=0x1 ] Oct 25 10:12:03 legacycarpets pppd[15312]: rcvd [LCP ConfAck id=0x1 ] Oct 25 10:12:03 legacycarpets pppd[15312]: sent [CHAP Challenge id=0x1 , name = "server"] Oct 25 10:12:03 legacycarpets pppd[15312]: rcvd [CHAP Response id=0x1 , name = "rage"] Oct 25 10:12:03 legacycarpets pppd[15312]: sent [CHAP Success id=0x1 "Welcome to server."] Oct 25 10:12:03 legacycarpets pppd[15312]: sent [IPCP ConfReq id=0x1 ] Oct 25 10:12:03 legacycarpets pppd[15312]: sent [CCP ConfReq id=0x1 ] Oct 25 10:12:03 legacycarpets pppd[15312]: CHAP peer authentication succeeded for rage Oct 25 10:12:06 legacycarpets pppd[15312]: sent [IPCP ConfReq id=0x1 ] Oct 25 10:12:06 legacycarpets pppd[15312]: sent [CCP ConfReq id=0x1 ] Oct 25 10:12:08 legacycarpets pppd[15312]: rcvd [CHAP Response id=0x1 , name = "rage"] Oct 25 10:12:08 legacycarpets pppd[15312]: sent [CHAP Success id=0x1 "Welcome to server."] Oct 25 10:12:09 legacycarpets pppd[15312]: rcvd [IPCP ConfReq id=0x1 ] Oct 25 10:12:09 legacycarpets pppd[15312]: sent [IPCP ConfNak id=0x1 ] Oct 25 10:12:09 legacycarpets pppd[15312]: rcvd [CCP ConfReq id=0x1 < 12 06 01 00 00 01> < 11 05 00 01 04>] Oct 25 10:12:09 legacycarpets pppd[15312]: sent [CCP ConfRej id=0x1 < 12 06 01 00 00 01> < 11 05 00 01 04>] Oct 25 10:12:09 legacycarpets pppd[15312]: rcvd [IPCP ConfReq id=0x2 ] Oct 25 10:12:09 legacycarpets pppd[15312]: sent [IPCP ConfAck id=0x2 ] Oct 25 10:12:09 legacycarpets pppd[15312]: rcvd [CCP ConfReq id=0x2] Oct 25 10:12:09 legacycarpets pppd[15312]: sent [CCP ConfAck id=0x2] Oct 25 10:12:09 legacycarpets pppd[15312]: sent [IPCP ConfReq id=0x1 ] Oct 25 10:12:09 legacycarpets pppd[15312]: sent [CCP ConfReq id=0x1 ] Oct 25 10:12:10 legacycarpets pppd[15312]: rcvd [IPCP ConfAck id=0x1 ] Oct 25 10:12:10 legacycarpets pppd[15312]: Could not determine local IP address Oct 25 10:12:10 legacycarpets pppd[15312]: sent [IPCP TermReq id=0x2 "Could not determine local IP address"] Oct 25 10:12:10 legacycarpets pppd[15312]: rcvd [CCP ConfRej id=0x1 ] Oct 25 10:12:10 legacycarpets pppd[15312]: sent [CCP ConfReq id=0x2] Oct 25 10:12:10 legacycarpets pppd[15312]: rcvd [IPCP TermAck id=0x2] Oct 25 10:12:10 legacycarpets pppd[15312]: sent [LCP TermReq id=0x2 "No network protocols running"] Oct 25 10:12:10 legacycarpets pppd[15312]: rcvd [CCP ConfAck id=0x2] Oct 25 10:12:10 legacycarpets pppd[15312]: rcvd [CCP TermReq id=0x3] Oct 25 10:12:10 legacycarpets pppd[15312]: rcvd [LCP TermReq id=0x2] Oct 25 10:12:10 legacycarpets pppd[15312]: sent [LCP TermAck id=0x2] Oct 25 10:12:10 legacycarpets pppd[15312]: rcvd [LCP TermAck id=0x2] Oct 25 10:12:10 legacycarpets pppd[15312]: Connection terminated. Oct 25 10:12:10 legacycarpets pppd[15312]: Connect time 0.2 minutes. Oct 25 10:12:10 legacycarpets pppd[15312]: Sent 680 bytes, received 441 bytes. Oct 25 10:12:10 legacycarpets pppd[15312]: Exit. Oct 25 10:12:10 legacycarpets pptpd[15311]: GRE: read(fd=6,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/output error Oct 25 10:12:10 legacycarpets pptpd[15311]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) Oct 25 10:12:10 legacycarpets pptpd[15311]: CTRL: Client 4.40.159.70 control connection finished Oct 25 10:12:10 legacycarpets pptpd[15311]: CTRL: Exiting now Oct 25 10:12:10 legacycarpets pptpd[15265]: MGR: Reaped child 15311 Oct 25 10:12:23 legacycarpets named[524]: USAGE 972486743 972400343 CPU=0.17u/0.01s CHILDCPU=0u/0s Oct 25 10:12:23 legacycarpets named[524]: NSTATS 972486743 972400343 Oct 25 10:12:23 legacycarpets named[524]: XSTATS 972486743 972400343 RR=1 RNXD=0 RFwdR=0 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=1 SAns=0 SFwdQ=0 SDupQ=638 SErr=1 RQ=0 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=0 SFwdR=0 SFail=0 SFErr=0 SNaAns=0 SNXD=0 -- Jason Osborne Data and Telecom Network Solutions Your total Internetworking solutions provider! 3847 Timberglen Rd., STE 4013 Dallas, TX 75287 Phone: 972-307-0676 Mobile: 214-284-3337 Web: http://www.sohonetworks.cc E-mail: sales at sohonetworks.cc From scott.venier at compaq.com Sun Jan 7 13:24:23 2001 From: scott.venier at compaq.com (Scott Venier) Date: Sun, 7 Jan 2001 14:24:23 -0500 (EST) Subject: [pptp-server] Client Script In-Reply-To: <200FAA488DE0D41194F10010B597610D96B9@JUPITER> Message-ID: I've actually taken over maintaining the linux client and I've got a script to start, stop, and configure it. Check out http://www.scooter.cx/alpha/pptp.html Does anybody know anything about who's maintaing the mppe patches to pppd? Scott On Sun, 7 Jan 2001, George Vieira wrote: > I have a start up script for RedHat and a manual script. > Don't want to paste the whole thing to everybody on the list so if anybody > wants either please ask.. > > > thanks, > George Vieira > > > -----Original Message----- > From: Gill, Vern [mailto:vgill at technologist.com] > Sent: Sunday, January 07, 2001 10:30 AM > To: 'pptp-server at lists.schulte.org' > Subject: [pptp-server] Client Script > > > I remember someone posting a client connect script that they were using > with the linux client. Can that be posted again? > Alos, does it handle the route statements? > Thanks. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From GeorgeV at citadelcomputer.com.au Sun Jan 7 15:27:24 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 8 Jan 2001 08:27:24 +1100 Subject: [pptp-server] Win95/Win98 (First Edition) Message-ID: <200FAA488DE0D41194F10010B597610D96BB@JUPITER> If you searched the Microshaft Knowledge Base (search for VPN or something) it mentions about upgrading to DUN1.3 etc..etc.. I think it also mentioned about not being able to use 128bit encryption.. They are developing it but it's not an urgency.. yeah right. thanks, George Vieira -----Original Message----- From: Brent DiNicola [mailto:brentd at cicada-semi.com] Sent: Saturday, January 06, 2001 4:51 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Win95/Win98 (First Edition) Ok, Here is the deal, I have researched and looked and cannot figure out how to get the Win95 or Win98 (First Edition) to do 128-bit encryption. I know that there used to be a MS link to download that but it's been defunct for almost a year now. Does Anyone out there have 128-bit encryption working for either of these, if so.. how. I have to use 128-bit encryption, we don't allow lower encryption. Anything that can point me in the right direction would be helpfull, most importantly if someone has the old 128-bit encryption for these two that would be super. I know it works, if you have it installed, I know MS doesn't have it for these two anymore, so I just need to know how it was done by people out there, and if possible what they did it with. Thanks for any help ahead of time! Brent _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From SNguyen at pdit.com Mon Jan 8 14:24:28 2001 From: SNguyen at pdit.com (SNguyen at pdit.com) Date: Mon, 8 Jan 2001 12:24:28 -0800 Subject: [pptp-server] PPTPD under Debian Message-ID: Hello, Anyone here got it to work under Debian? I can't get it to work. It uses pptpd instead of pppd. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From neale at lowendale.com.au Mon Jan 8 16:28:06 2001 From: neale at lowendale.com.au (Neale Banks) Date: Tue, 9 Jan 2001 09:28:06 +1100 (EST) Subject: [pptp-server] PPTPD under Debian In-Reply-To: Message-ID: On Mon, 8 Jan 2001 SNguyen at pdit.com wrote: > Anyone here got it to work under Debian? I can't get it to work. It uses > pptpd instead of pppd. Thanks. I did once get it to work, with earlier versions (of everything ;-) and not too much pain. Could you be more explicit about the problems/challenges you are facing? Regards, Neale. From SNguyen at pdit.com Mon Jan 8 22:05:39 2001 From: SNguyen at pdit.com (SNguyen at pdit.com) Date: Mon, 8 Jan 2001 20:05:39 -0800 Subject: [pptp-server] PPTPD under Debian Message-ID: > > Anyone here got it to work under Debian? I can't get it to > work. It uses > > pptpd instead of pppd. Thanks. > > I did once get it to work, with earlier versions (of > everything ;-) and > not too much pain. > > Could you be more explicit about the problems/challenges you > are facing? Hi Neale, Thanks for helping. I have a fresh install debian 2.2 with debian package poptop "pptpd 1.0.0-4". It is dual home and networking aspect of either interfaces are working fine. Eth0 has public ip and eth1 has private ip. After configuring /etc/ppp/options, /etc/ppp/chap-secrets, /etc/pptpd.conf and finally Windows VPN client program, I get this: "Disconnected. Error 619: The specified port is not connected." I notice there's /etc/ppp/options and /etc/ppp/pptpd-options in Debian. Which one should I use? I don't know which one to use so I configured both. Here's my /etc/ppp/options: ms-dns 10.10.10.20 ms-wins 10.10.10.20 auth require-chap proxyarp noipx ...and here's my /etc/ppp/pptpd-options: debug name dragon auth +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ms-dns 10.10.10.20 ms-wins 10.10.10.20 nodefaultroute proxyarp lock logfile /etc/ppp/pptpd.log ...and my /etc/pptpd.conf: debug speed 115200 option /etc/ppp/pptpd-options localip 10.10.10.209 remoteip 10.10.19.201-254 ...and finally my /etc/ppp/chap-secrets: # client server secret IP addresses NTDOMAIN\\testaccount NTPDC testaccountpasswordhere * # the "testaccount" would be my domain password ...that's it. The above info in chap-secrets is not an actual account it is just modified text to represent the actual info. At the windows 2K Pro VPN client program, I chosed PPTP instead of Automatic and put "testaccount" for login, "testaccountpasswordhere" for password, and "NTDOMAIN" for domain field respectively. "NTPDC" is mapped to an IP address in /etc/hosts. Any ideas to what I did wrong? Anything I put in the above files are not really needed? Thanks in advance. Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmantz at nacopvc.com Tue Jan 9 10:04:14 2001 From: rmantz at nacopvc.com (Rob Mantz) Date: Tue, 9 Jan 2001 09:04:14 -0700 Subject: [pptp-server] Unsubscribe. In-Reply-To: <000a01c077b9$85d02640$0b0a0a0a@titu> Message-ID: <000a01c07a55$d0101e60$0101a8c0@IT> Unsubscribe me from the mail list. The mail list has been helpful. Thanks, Rob From phil at vibrationresearch.com Tue Jan 9 10:18:24 2001 From: phil at vibrationresearch.com (Philip Van Baren) Date: Tue, 9 Jan 2001 11:18:24 -0500 Subject: [pptp-server] PPTPD under Debian In-Reply-To: Message-ID: <001801c07a57$caa29550$4500a8c0@vibrationresearch.com> > I notice there's /etc/ppp/options and /etc/ppp/pptpd-options in Debian. > Which one should I use? The one being used is /etc/ppp/pptpd-options, as configured using the "option" parameter in /etc/pptpd.conf > ...and here's my /etc/ppp/pptpd-options: > debug > name dragon > auth > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > ms-dns 10.10.10.20 > ms-wins 10.10.10.20 > nodefaultroute > proxyarp > lock > logfile /etc/ppp/pptpd.log > ...and my /etc/pptpd.conf: > debug > speed 115200 > option /etc/ppp/pptpd-options > localip 10.10.10.209 > remoteip 10.10.19.201-254 > ...and finally my /etc/ppp/chap-secrets: > # client server secret IP addresses > NTDOMAIN\\testaccount NTPDC testaccountpasswordhere * the server parameter (second parameter on the line) in /etc/ppp/chap-secrets "NTPDC" must match the name option's value in /etc/ppp/pptpd-options. In your case, the pptpd-options file specifies "name dragon", so your chap-secrets should be: # client server secret IP addresses NTDOMAIN\\testaccount dragon testaccountpasswordhere * From mseymour at infogenic.net Tue Jan 9 12:29:55 2001 From: mseymour at infogenic.net (Micah Seymour) Date: Tue, 9 Jan 2001 12:29:55 -0600 (CST) Subject: [pptp-server] Setting speed to something other than 115200 In-Reply-To: <001801c07a57$caa29550$4500a8c0@vibrationresearch.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey all, Can the speed be set to something other than 115200? I'm running poptop on a RedHat 6.2 box. I can only get about 15Kb a second of throughput. I remember reading somewhere that the speed could be set to standard serial speeds, but other settings do not seem to work. Most of my users connect via cable modems (don't tell @home), so I'd think they'd get a faster connection. I have tried to up the speed to 230,400 and various other standard serial speeds, but pppd reports an error and I get the same throughput as before. Any clues? TIA, Micah - -- The box said use Windows 95 or better so I installed Linux. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjpbWLEACgkQ64IMy2MlSzX5+QCdHX3/DIZNliqSlWHMR/BAzQ1B sDMAoMpzBEE1NVPFOHYq0/GlmrLTX6Zy =5v2R -----END PGP SIGNATURE----- From cyeo at horizon.sk.ca Tue Jan 9 13:46:03 2001 From: cyeo at horizon.sk.ca (Chris Yeo) Date: Tue, 9 Jan 2001 13:46:03 -0600 Subject: [pptp-server] Problem with Netmasks Message-ID: <03FAD7796512D411BE0E00A0CC5A64100D3B23@pluto.internal.horizon.sk.ca> Hi, I have a problem that I can't seem to get working. I have done some looking through the last year of archives and also searching through the faq's that I could find and I am coming up with nothing... I need to be able to hand the 'clients' back a different netmask than what is currently given back. I have seen other people asking about this but no responses. I am running the system on Linux 2.2.17, PPTP 1.0, pppd 2.3.11. Thanks! Chris Yeo Network Specialist Horizon Computer Solutions From phil at vibrationresearch.com Tue Jan 9 13:55:56 2001 From: phil at vibrationresearch.com (Philip Van Baren) Date: Tue, 9 Jan 2001 14:55:56 -0500 Subject: [pptp-server] Setting speed to something other than 115200 In-Reply-To: Message-ID: <002101c07a76$2e3552b0$4500a8c0@vibrationresearch.com> The speed setting in poptop is meaningless, and does not affect throughput. That is just a leftover of pppd, which normally would set the speed of the port to which it is connected. Since poptop doesn't connect using a serial port, it doesn't need to set the speed. Which version of poptop are you using? Two possible causes of throughput problems are dropped packets and out-of-order packets. If the problems are being caused by out-of-order packets, using pptpd-1.1.2 may help. > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Micah Seymour > Sent: Tuesday, January 09, 2001 1:30 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Setting speed to something other than 115200 > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey all, > > Can the speed be set to something other than 115200? I'm running poptop > on a RedHat 6.2 box. I can only get about 15Kb a second of throughput. I > remember reading somewhere that the speed could be set to standard serial > speeds, but other settings do not seem to work. Most of my users connect > via cable modems (don't tell @home), so I'd think they'd get a faster > connection. > > I have tried to up the speed to 230,400 and various other standard serial > speeds, but pppd reports an error and I get the same throughput > as before. > > Any clues? > > TIA, > Micah > > - -- > The box said use Windows 95 or better so I installed Linux. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.4 (GNU/Linux) > Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/ > > iEYEARECAAYFAjpbWLEACgkQ64IMy2MlSzX5+QCdHX3/DIZNliqSlWHMR/BAzQ1B > sDMAoMpzBEE1NVPFOHYq0/GlmrLTX6Zy > =5v2R > -----END PGP SIGNATURE----- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From walterm at Gliatech.com Tue Jan 9 14:14:25 2001 From: walterm at Gliatech.com (Michael Walter) Date: Tue, 9 Jan 2001 15:14:25 -0500 Subject: [pptp-server] Quality of Service-Linux Message-ID: Has anyone had any luck implementing quality of service on the poptop service. I would like to limit the available bandwith for the entire poptop service rather than on a per user basis(Although per user is ok if necessary). The research I have done tends toward this not yet being possible in linux, but I wanted to see if anyone else had any experience before I gave up on it entirely. Thanks, Michael J. Walter rhce mcdba mcse+i a+ Network Administrator Gliatech, Inc. 23420 Commerce Park Rd. Beachwood, Ohio 44122 Tel: (216) 831-3200 Email: walterm at gliatech.com From kelly.black at testquest.com Tue Jan 9 14:47:03 2001 From: kelly.black at testquest.com (Kelly Black) Date: Tue, 9 Jan 2001 14:47:03 -0600 Subject: [pptp-server] Problem with Netmasks In-Reply-To: <03FAD7796512D411BE0E00A0CC5A64100D3B23@pluto.internal.horizon.sk.ca>; from cyeo@horizon.sk.ca on Tue, Jan 09, 2001 at 01:46:03PM -0600 References: <03FAD7796512D411BE0E00A0CC5A64100D3B23@pluto.internal.horizon.sk.ca> Message-ID: <20010109144703.E21291@testquest.com> Chris, Did you try to add the line: netmask 255.255.255.0 to the file /etc/ppp/options (or whatever file you used in the file /etc/pptpd.conf)? Kelly Black On Tue, Jan 09, 2001 at 01:46:03PM -0600, Chris Yeo wrote: > Hi, > > I have a problem that I can't seem to get working. > > I have done some looking through the last year of archives and also > searching through the faq's that I could find and I am coming up with > nothing... > > I need to be able to hand the 'clients' back a different netmask than what > is currently given back. I have seen other people asking about this but no > responses. > > I am running the system on Linux 2.2.17, PPTP 1.0, pppd 2.3.11. > > Thanks! > > Chris Yeo > Network Specialist > Horizon Computer Solutions > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From webmaster at hofen-online.de Tue Jan 9 15:41:50 2001 From: webmaster at hofen-online.de (Webmaster) Date: Tue, 9 Jan 2001 22:41:50 +0100 Subject: [pptp-server] Setting speed to something other than 115200 References: Message-ID: <003601c07a85$3efbc3e0$1870a8c0@hofenonline.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Micah ! I'm running poptop on a RedHat 6.1 machine. The line with the speed-option is commented out. While using poptop in my LAN, windows shows me a speed of 10.000.000. Im using 10M cards. I remember a text in a config file, that there are some problems with some ppp-daemons. Maybe it could help to download a new pppd-sourcecode, compile an install it. I hope I was able to help you. Best regards Kai - ----- Original Message ----- From: Micah Seymour To: Sent: Tuesday, January 09, 2001 7:29 PM Subject: [pptp-server] Setting speed to something other than 115200 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey all, > > Can the speed be set to something other than 115200? I'm running > poptop on a RedHat 6.2 box. I can only get about 15Kb a second of > throughput. I remember reading somewhere that the speed could be > set to standard serial speeds, but other settings do not seem to > work. Most of my users connect via cable modems (don't tell > @home), so I'd think they'd get a faster connection. > > I have tried to up the speed to 230,400 and various other standard > serial speeds, but pppd reports an error and I get the same > throughput as before. > > Any clues? > > TIA, > Micah > > - -- > The box said use Windows 95 or better so I installed Linux. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.4 (GNU/Linux) > Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/ > > iEYEARECAAYFAjpbWLEACgkQ64IMy2MlSzX5+QCdHX3/DIZNliqSlWHMR/BAzQ1B > sDMAoMpzBEE1NVPFOHYq0/GlmrLTX6Zy > =5v2R > -----END PGP SIGNATURE----- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOlt3jcm9Wsv+TfPzEQLuIACgnu6dppbl1OVq/vq2mT6U9QXMlCkAoJLo JHLpCw0kB9IjmWJ3M+IATdvU =WmQ4 -----END PGP SIGNATURE----- From GeorgeV at citadelcomputer.com.au Tue Jan 9 15:53:36 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 10 Jan 2001 08:53:36 +1100 Subject: [pptp-server] Quality of Service-Linux Message-ID: <200FAA488DE0D41194F10010B597610D9865@JUPITER> Usually network admins have to use hardware such as a CISCO router with bandwidth control. You have two options that I know of if you want a software solution: 1. Use the bandwidth shaper that comes with linux to limit bandwidth. 1a. side effects to this: this effects the bandwidth of the whole device eg. ETH0 limited to 64Kb/s and not on the protocol. Don't think it works with non physical devices...eg PPP0 2. Use ET/BWMGR software bw manager (http://www.etinc.com/bwmgrfaq.htm) 2a. side effects to this: Get ready to pay for it. Works on a small selected amount of NICs. thanks, George Vieira -----Original Message----- From: Michael Walter [mailto:walterm at Gliatech.com] Sent: Wednesday, January 10, 2001 7:14 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] Quality of Service-Linux Has anyone had any luck implementing quality of service on the poptop service. I would like to limit the available bandwith for the entire poptop service rather than on a per user basis(Although per user is ok if necessary). The research I have done tends toward this not yet being possible in linux, but I wanted to see if anyone else had any experience before I gave up on it entirely. Thanks, Michael J. Walter rhce mcdba mcse+i a+ Network Administrator Gliatech, Inc. 23420 Commerce Park Rd. Beachwood, Ohio 44122 Tel: (216) 831-3200 Email: walterm at gliatech.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From bcearth at enpia.net Tue Jan 9 19:06:55 2001 From: bcearth at enpia.net (=?ks_c_5601-1987?B?wMy787Dm?=) Date: Wed, 10 Jan 2001 10:06:55 +0900 Subject: [pptp-server] WIN CE client for PPTP server Message-ID: <002001c07aa1$cc9ae340$2efea8c0@enpia.net> I have some questions 1. Does PPTP Server(the kernel version 2.2.17) support WIN CE client ? 2. Can MS Virtual Private Networking Adapter is installed in WIN CE ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From SNguyen at pdit.com Tue Jan 9 21:23:20 2001 From: SNguyen at pdit.com (SNguyen at pdit.com) Date: Tue, 9 Jan 2001 19:23:20 -0800 Subject: [pptp-server] RE: PPTPD under Debian Message-ID: > Message: 5 > From: "Philip Van Baren" > To: > Subject: RE: [pptp-server] PPTPD under Debian > Date: Tue, 9 Jan 2001 11:18:24 -0500 > > > I notice there's /etc/ppp/options and > /etc/ppp/pptpd-options in Debian. > > Which one should I use? > > The one being used is /etc/ppp/pptpd-options, as configured using the > "option" parameter in /etc/pptpd.conf > > > ...and here's my /etc/ppp/pptpd-options: > > debug > > name dragon > > auth > > +chapms > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > ms-dns 10.10.10.20 > > ms-wins 10.10.10.20 > > nodefaultroute > > proxyarp > > lock > > logfile /etc/ppp/pptpd.log > > ...and my /etc/pptpd.conf: > > debug > > speed 115200 > > option /etc/ppp/pptpd-options > > localip 10.10.10.209 > > remoteip 10.10.19.201-254 > > ...and finally my /etc/ppp/chap-secrets: > > # client server secret IP addresses > > NTDOMAIN\\testaccount NTPDC testaccountpasswordhere > * > > > the server parameter (second parameter on the line) in > /etc/ppp/chap-secrets > "NTPDC" must match the name option's value in > /etc/ppp/pptpd-options. In > your case, the pptpd-options file specifies "name dragon", so your > chap-secrets should be: > > # client server secret IP addresses > NTDOMAIN\\testaccount dragon testaccountpasswordhere * Hi Philip, I actually had "dragon" under "server" column in my real chap-secrets, but it still doesn't work and got that 619 error. Ipchains is not even configured...so it's open to either interface. Any thing else I should check? Thanks. Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: From adam at morrison-ind.com Wed Jan 10 09:30:36 2001 From: adam at morrison-ind.com (Adam Tauno Williams) Date: Wed, 10 Jan 2001 10:30:36 -0500 (EST) Subject: [pptp-server] Error 619 from WinY2k Message-ID: <979140636.3a5c801c458cc@barracuda> I've got a client using WinY2K (5.00.2195 SP1), when he tries to connect he gets and error "619", the server see's him attempt to connect and spits out something like: Jan 10 10:16:58 firewall pptpd[20611]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Jan 10 10:16:58 firewall pptpd[20611]: CTRL: local address = 192.168.1.3 Jan 10 10:16:58 firewall pptpd[20611]: CTRL: remote address = 192.168.1.21 Jan 10 10:16:58 firewall pptpd[20611]: CTRL: pppd speed = 115200 Jan 10 10:16:58 firewall pptpd[20611]: CTRL: Client 206.150.184.187 control connection started Jan 10 10:16:58 firewall pptpd[20611]: CTRL: Received PPTP Control Message (type: 1) Jan 10 10:16:58 firewall pptpd[20611]: CTRL: Made a START CTRL CONN RPLY packet Jan 10 10:16:58 firewall pptpd[20611]: CTRL: I wrote 156 bytes to the client. Jan 10 10:16:58 firewall pptpd[20611]: CTRL: Sent packet to client Jan 10 10:16:58 firewall pptpd[20611]: CTRL: Received PPTP Control Message (type: 7) Jan 10 10:16:58 firewall pptpd[20611]: CTRL: Set parameters to 1525 maxbps, 64 window size Jan 10 10:16:58 firewall pptpd[20611]: CTRL: Made a OUT CALL RPLY packet Jan 10 10:18:46 firewall pptpd[20626]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Jan 10 10:18:46 firewall pptpd[20626]: CTRL: local address = 192.168.1.3 Jan 10 10:18:46 firewall pptpd[20626]: CTRL: remote address = 192.168.1.20 Jan 10 10:18:46 firewall pptpd[20626]: CTRL: pppd speed = 115200 Jan 10 10:18:46 firewall pptpd[20626]: CTRL: Client 206.150.184.187 control connection started Jan 10 10:18:46 firewall pptpd[20626]: CTRL: Received PPTP Control Message (type: 1) Jan 10 10:18:46 firewall pptpd[20626]: CTRL: Made a START CTRL CONN RPLY packet Jan 10 10:18:46 firewall pptpd[20626]: CTRL: I wrote 156 bytes to the client. Jan 10 10:18:46 firewall pptpd[20626]: CTRL: Sent packet to client Jan 10 10:18:46 firewall pptpd[20626]: CTRL: Received PPTP Control Message (type: 7) Jan 10 10:18:46 firewall pptpd[20626]: CTRL: Set parameters to 1525 maxbps, 64 window size Jan 10 10:18:46 firewall pptpd[20626]: CTRL: Made a OUT CALL RPLY packet Jan 10 10:18:46 firewall pptpd[20626]: CTRL: Starting call (launching pppd, opening GRE) Jan 10 10:18:46 firewall pptpd[20626]: CTRL: pty_fd = 4 Jan 10 10:18:46 firewall pptpd[20626]: CTRL: tty_fd = 5 Jan 10 10:18:46 firewall pptpd[20627]: CTRL (PPPD Launcher): Connection speed = 115200 Jan 10 10:18:46 firewall pptpd[20627]: CTRL (PPPD Launcher): local address = 192.168.1.3 Jan 10 10:18:46 firewall pptpd[20627]: CTRL (PPPD Launcher): remote address = 192.168.1.20 Jan 10 10:18:46 firewall pptpd[20626]: CTRL: I wrote 32 bytes to the client. Jan 10 10:18:46 firewall pptpd[20626]: CTRL: Sent packet to client Jan 10 10:18:46 firewall pptpd[20626]: CTRL: Received PPTP Control Message (type: 15) Jan 10 10:18:46 firewall pptpd[20626]: CTRL: Got a SET LINK INFO packet with standard ACCMs Jan 10 10:18:47 firewall pptpd[20626]: GRE: Discarding duplicate packet Jan 10 10:18:47 firewall pppd[20627]: LDAP Routine done. Jan 10 10:18:47 firewall pppd[20627]: pppd 2.3.10 started by root, uid 0 Jan 10 10:18:47 firewall pppd[20627]: Using interface ppp1 Jan 10 10:18:47 firewall pppd[20627]: Connect: ppp1 <--> /dev/pts/3 Jan 10 10:18:47 firewall pppd[20627]: LDAP Routine done. Jan 10 10:18:47 firewall pppd[20627]: LDAP Routine done. Jan 10 10:18:47 firewall pptpd[20626]: GRE: Bad checksum from pppd. Jan 10 10:19:17 firewall pptpd[13569]: MGR: Reaped child 20626 Jan 10 10:19:17 firewall pptpd[20626]: GRE: read(fd=4,buffer=804d8a0,len=8196) from PTY failed: status = -1 error = Input/output error Jan 10 10:19:17 firewall pptpd[20626]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 10 10:19:17 firewall pptpd[20626]: CTRL: Client 206.150.184.187 control connection finished Jan 10 10:19:17 firewall pptpd[20626]: CTRL: Exiting now Jan 10 10:19:17 firewall pppd[20627]: LCP: timeout sending Config-Requests Jan 10 10:19:17 firewall pppd[20627]: Connection terminated. Jan 10 10:19:17 firewall pppd[20627]: Exit. Systems and Network Administrator Morrison Industries 1825 Monroe Ave NW. Grand Rapids, MI. 49505 From giulioo at pobox.com Wed Jan 10 09:58:27 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Wed, 10 Jan 2001 16:58:27 +0100 Subject: [pptp-server] pptp-client maxes out cpu connecting to pptpd Message-ID: <20010110155958.B9B0D165A8@i3.golden.dom> Problem: pptp-client maxes out cpu if the pptpd server uses its real ip as "localip" (I'm doing tests of pptp-linux<->pptpd connection on the local lan). Setup (server and client have identical software installed): linux 2.2.16-22, ppp-2.3.11 (mppe), pptpd 1.1.2. I tried pptp 1.0.2 available here http://cag.lcs.mit.edu/~cananian/Projects/PPTP/ and even the one with some more patches available here http://www.scooter.cx/alpha/pptp.html The pptpd server works ok with win9x clients. I connect with pptp name mppe-128 mppe-stateless lock noauth Server has the following parameters: localip === lock proxyarp auth +chapms-v2 mppe-128 mppe-stateless ms-wins ip.address ms-wins same.ip.address require-mppe require-mppe-stateless ipparam pptp === If I try to connect to the server with the linux pptp client, I get a successful connection (mppe, 128), but the pptp client process uses 99% cpu. After just a few seconds 5518 ttyp0 S 0:00 pptp: call manager for 192.168.1.10 5519 ttyp0 R 0:14 pptp: GRE-to-PPP gateway on /dev/ttyp6 5520 ttyp6 S 0:00 /usr/sbin/pppd /dev/ttyp6 38400 name mppe-128 5519 keeps using 99% cpu Moreover, I cannot ping the server. Is this known problem/is there a solution? If I change the pptpd "localip" parameter, setting a different ip then the problem goes away and I can ping both the real server ip and the pptpd one. ie: server eth0 is 192.168.1.1 client eth0 is 192.168.1.2 if "localip" is 192.168.1.1 I have the problem, if "localip" is 192.168.1.3 all is ok. Thanks. -- giulioo at pobox.com From rcd at amherst.com Wed Jan 10 14:51:57 2001 From: rcd at amherst.com (Robert Dege) Date: Wed, 10 Jan 2001 15:51:57 -0500 Subject: [pptp-server] GRE: bad file descriptor References: <200012201415.PAA11517@svulst.multima.se> <001901c06b52$51629780$1e7511ac@datorteket.lan> Message-ID: <3A5CCB6D.6B44A52D@comptekamherst.com> I'm getting a GRE: bad file descriptor error. Here's what happens: My Win98 VPN makes a connection to the PPTP server. It then sits there saying that it's verifying username & password. During this time (according to the syslogs) it's sending & receiving a bunch of apckets in 3 second intervals. Win98 finally disconnects, & I get a GRE:bad file descriptor error. But it doesn't say what file. I'm assuming that it is the chap-secrets file. Can anyone help here? I've included the entire log of the session. The middle part (longest part) is the repetitive 3 second send & recieves. Is there any way to see if chap is being checked & if it's successful?? -Rob Jan 10 15:33:20 quark pptpd[14779]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Jan 10 15:33:20 quark pptpd[14779]: CTRL: pppd options file = /etc/ppp/options.pptp Jan 10 15:33:20 quark pptpd[14779]: CTRL: Client 12.19.228.57 control connection started Jan 10 15:33:20 quark pptpd[14779]: CTRL: Received PPTP Control Message (type: 1) Jan 10 15:33:20 quark pptpd[14779]: CTRL: Made a START CTRL CONN RPLY packet Jan 10 15:33:20 quark pptpd[14779]: CTRL: I wrote 156 bytes to the client. Jan 10 15:33:20 quark pptpd[14779]: CTRL: Sent packet to client Jan 10 15:33:20 quark pptpd[14779]: CTRL: Received PPTP Control Message (type: 7) Jan 10 15:33:20 quark pptpd[14779]: CTRL: 0 min_bps, 0 max_bps, 32 window size Jan 10 15:33:20 quark pptpd[14779]: CTRL: Made a OUT CALL RPLY packet Jan 10 15:33:20 quark pptpd[14779]: CTRL: Starting call (launching pppd, opening GRE) Jan 10 15:33:20 quark pptpd[14779]: CTRL: pty_fd = 5 Jan 10 15:33:20 quark pptpd[14779]: CTRL: tty_fd = 6 Jan 10 15:33:20 quark pptpd[14779]: CTRL: I wrote 32 bytes to the client. Jan 10 15:33:20 quark pptpd[14779]: CTRL: Sent packet to client Jan 10 15:33:20 quark pptpd[14780]: CTRL (PPPD Launcher): Connection speed = 115200 Jan 10 15:33:20 quark pppd[14780]: pppd 2.3.11 started by root, uid 0 Jan 10 15:33:20 quark pppd[14780]: Using interface ppp0 Jan 10 15:33:20 quark pppd[14780]: Connect: ppp0 <--> /dev/pts/3 Jan 10 15:33:20 quark pppd[14780]: sent [LCP ConfReq id=0x1 ] Jan 10 15:33:20 quark pppd[14780]: Timeout 0x80503d4:0x80784c0 in 15 seconds. Jan 10 15:33:20 quark pptpd[14779]: Buffering out-of-order packet; got 1 after 4294967295 Jan 10 15:33:23 quark pptpd[14779]: Packet reorder timeout waiting for 0 Jan 10 15:33:23 quark pptpd[14779]: Buffering out-of-order packet; got 2 after 0 Jan 10 15:33:23 quark pppd[14780]: rcvd [LCP ConfReq id=0x1 ] Jan 10 15:33:23 quark pppd[14780]: lcp_reqci: returning CONFACK. Jan 10 15:33:23 quark pppd[14780]: sent [LCP ConfAck id=0x1 ] Jan 10 15:33:23 quark pppd[14780]: rcvd [LCP ConfReq id=0x2 ] Jan 10 15:33:23 quark pppd[14780]: lcp_reqci: returning CONFACK. Jan 10 15:33:23 quark pppd[14780]: sent [LCP ConfAck id=0x1 ] Jan 10 15:33:23 quark pppd[14780]: rcvd [LCP ConfReq id=0x2 ] Jan 10 15:33:23 quark pppd[14780]: lcp_reqci: returning CONFACK. Jan 10 15:33:23 quark pppd[14780]: sent [LCP ConfAck id=0x2 ] Jan 10 15:33:26 quark pppd[14780]: rcvd [LCP ConfReq id=0x3 ] Jan 10 15:33:26 quark pppd[14780]: lcp_reqci: returning CONFACK. Jan 10 15:33:26 quark pppd[14780]: sent [LCP ConfAck id=0x3 ] Jan 10 15:33:29 quark pppd[14780]: rcvd [LCP ConfReq id=0x4 ] Jan 10 15:33:29 quark pppd[14780]: lcp_reqci: returning CONFACK. Jan 10 15:33:29 quark pppd[14780]: sent [LCP ConfAck id=0x4 ] Jan 10 15:33:32 quark pppd[14780]: rcvd [LCP ConfReq id=0x5 ] Jan 10 15:33:32 quark pppd[14780]: lcp_reqci: returning CONFACK. Jan 10 15:33:32 quark pppd[14780]: sent [LCP ConfAck id=0x5 ] Jan 10 15:33:35 quark pppd[14780]: sent [LCP ConfReq id=0x1 ] Jan 10 15:33:35 quark pppd[14780]: Timeout 0x80503d4:0x80784c0 in 15 seconds. Jan 10 15:33:35 quark pppd[14780]: rcvd [LCP ConfReq id=0x6 ] Jan 10 15:33:35 quark pppd[14780]: lcp_reqci: returning CONFACK. Jan 10 15:33:35 quark pppd[14780]: sent [LCP ConfAck id=0x6 ] Jan 10 15:33:38 quark pppd[14780]: rcvd [LCP ConfReq id=0x7 ] Jan 10 15:33:38 quark pppd[14780]: lcp_reqci: returning CONFACK. Jan 10 15:33:38 quark pppd[14780]: sent [LCP ConfAck id=0x7 ] Jan 10 15:33:41 quark pppd[14780]: rcvd [LCP ConfReq id=0x8 ] Jan 10 15:33:41 quark pppd[14780]: lcp_reqci: returning CONFACK. Jan 10 15:33:41 quark pppd[14780]: sent [LCP ConfAck id=0x8 ] Jan 10 15:33:44 quark pppd[14780]: rcvd [LCP ConfReq id=0x9 ] Jan 10 15:33:44 quark pppd[14780]: lcp_reqci: returning CONFACK. Jan 10 15:33:44 quark pppd[14780]: sent [LCP ConfAck id=0x9 ] Jan 10 15:33:47 quark pppd[14780]: rcvd [LCP ConfReq id=0xa ] Jan 10 15:33:47 quark pppd[14780]: lcp_reqci: returning CONFACK. Jan 10 15:33:47 quark pppd[14780]: sent [LCP ConfAck id=0xa ] Jan 10 15:33:50 quark pppd[14780]: sent [LCP ConfReq id=0x1 ] Jan 10 15:33:50 quark pppd[14780]: Timeout 0x80503d4:0x80784c0 in 15 seconds. Jan 10 15:34:05 quark pppd[14780]: sent [LCP ConfReq id=0x1 ] Jan 10 15:34:05 quark pppd[14780]: Timeout 0x80503d4:0x80784c0 in 15 seconds. Jan 10 15:34:13 quark pptpd[14779]: CTRL: Received PPTP Control Message (type: 12) Jan 10 15:34:13 quark pptpd[14779]: CTRL: Made a CALL DISCONNECT RPLY packet Jan 10 15:34:13 quark pptpd[14779]: CTRL: Received CALL CLR request (closing call) Jan 10 15:34:13 quark pptpd[14779]: CTRL: I wrote 148 bytes to the client. Jan 10 15:34:13 quark pptpd[14779]: CTRL: Sent packet to client Jan 10 15:34:13 quark pppd[14780]: Modem hangup Jan 10 15:34:13 quark pppd[14780]: Untimeout 0x80503d4:0x80784c0. Jan 10 15:34:13 quark pppd[14780]: Connection terminated. Jan 10 15:34:13 quark pppd[14780]: Exit. Jan 10 15:34:18 quark pptpd[14779]: GRE: read error: Bad file descriptor Jan 10 15:34:18 quark pptpd[14779]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Jan 10 15:34:18 quark pptpd[14779]: CTRL: Client 12.19.228.57 control connection finished Jan 10 15:34:18 quark pptpd[14779]: CTRL: Exiting now Jan 10 15:34:18 quark pptpd[14667]: MGR: Reaped child 14779 From ed at ammocomp.com Thu Jan 11 08:05:31 2001 From: ed at ammocomp.com (Ed LaBonte) Date: Thu, 11 Jan 2001 09:05:31 -0500 Subject: [pptp-server] (no subject) Message-ID: <000201c07bd7$901bcce0$670d00bd@acsed> Hello I have been trying everything to get the microsoft encyption working on my redhat 6.2 box with no results. I know this has been addressed before but it seems that I run into a new issue with everything I try. I have unencrypted VPN working from the windows clients. Could someone please help? Ed LaBonte Field Services Manager Ammonoosuc Computer Services 116 Mount Eustis Road Littleton New Hampshire 03561 603-444-3937 From natecars at real-time.com Thu Jan 11 10:21:07 2001 From: natecars at real-time.com (Nate Carlson) Date: Thu, 11 Jan 2001 10:21:07 -0600 (CST) Subject: [pptp-server] (no subject) In-Reply-To: <000201c07bd7$901bcce0$670d00bd@acsed> Message-ID: On Thu, 11 Jan 2001, Ed LaBonte wrote: > I have been trying everything to get the microsoft encyption working on my > redhat 6.2 box with no results. I know this has been addressed before but > it seems that I run into a new issue with everything I try. I have > unencrypted VPN working from the windows clients. Could someone please > help? Ed, You need to compile your kernel (or ppp module) and ppp daemon with Encryption support. Check out Section 4.0 of the following FAQ: http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt That explains the necessary steps. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From boris at microtrader.com Thu Jan 11 12:25:17 2001 From: boris at microtrader.com (Boris Reisig) Date: Thu, 11 Jan 2001 12:25:17 -0600 Subject: [pptp-server] Max PPPD Speed? Message-ID: <002301c07bfb$d99062e0$6401a8c0@esmith.microtrader.com> What is the maximum speed I can set in pppd's option file? Is it 115200? I thought it could go faster? Any input would be appreciated. Also I saw that in the pptp-client, It sets the pppd to 38400. That seems pretty low. Anyway to fix that? -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcd at arrakis.es Thu Jan 11 16:35:09 2001 From: jcd at arrakis.es (Javier Cuevas) Date: Thu, 11 Jan 2001 23:35:09 +0100 Subject: [pptp-server] I don't understand anything ! :-) Message-ID: <3A5E351D.8BB70390@arrakis.es> Hello, I already configured a network like this: First Case diagram: Computer A /---------\ Computer B |----------| / \ |------------| | Linux | / Intranet \ | Win98 | | Server |--eth0(192.168.25.5)---/ 192.168.25.0 \------(192.168.25.3)-| vpn client | | (pptpd) | \ / | DUN 1.3 | |----------| \ / |----------- | \ \-----------/ / \ / \ / \-----------------------------------------------------------/ Tunnel established Ok (with mppe and mschap-v2) Second Case diagram: Computer A /---------\ Computer B |----------| / \ |------------| | Linux | ISDN line / Internet \ phone line | Win98 | | Server |--ppp0(194.143.220.184)---/ \---(194.143.193.61)ppp-| vpn client | | (pptpd) | \ / | DUN 1.3 | |----------| \ / |----------- | \ \-----------/ / \ / \ / \--------------------------/error /-------------------------------/ Tunnel fails. Client try to connect but fails... :-???? why? - Computer's software : On Computer A: - Linux RedHat 7.0 - kernel 2.2.16 - pppd 2.3.11 - pptpd 1.0.1 - patch for mppe and mschap-v2 On Computer B: - Microsoft Windows 98 - DUN 1.3 - Fisrt case description: ======================= The two computers are at the same local ethernet network (net 192.168.25.0/24). Ok ? I sucessfully configured the Linux pptpd server on Computer A and also the Win98 Vpn client. And I can successfully make the tunnel with compresion an encryption. I add a ISDN card to the Linux Computer to connect the intranet to Intenet with ipchains and masquerading. I sucessfully configured de ISDN card to connect to my ISP. Now the server can Access to Internet( great! ;-) Now I want to connect to my pptp server from internet. Ok. I change my pptpd configurations file to attach the server to the new ppp0 internet interface (with a fixed ip). I use my Laptop to connect to internet via modem. My Laptop is not connected to my Intranet. I configure the w98 Vpn client as I do in Computer B. I try to connect to my pptp server and I can't. It fails :-(. Why?. I log all traffic on interfaces eth0 and ppp0 with ipchains to view what's happend. I Paste the portions of log's in both cases. - First Case log's lines (connection made from intranet): -----------------------8<----------8<----------8<----------8<----------8<----------8< Jan 11 18:51:13 firewall pptpd[11196]: CTRL: Client 192.168.25.3 control connection started Jan 11 18:51:13 firewall kernel: Packet log: output ACCEPT eth0 PROTO=6 192.168.25.5:1723 192.168.25.3:1107 L=196 S=0x00 I=308 F=0x0000 T=64 (#2) Jan 11 18:51:13 firewall kernel: Packet log: input ACCEPT eth0 PROTO=6 192.168.25.3:1107 192.168.25.5:1723 L=208 S=0x00 I=56325 F=0x4000 T=128 (#2) Jan 11 18:51:13 firewall kernel: Packet log: output ACCEPT eth0 PROTO=6 192.168.25.5:1723 192.168.25.3:1107 L=40 S=0x00 I=309 F=0x0000 T=64 (#2) Jan 11 18:51:13 firewall pptpd[11196]: CTRL: Starting call (launching pppd, opening GRE) Jan 11 18:51:13 firewall kernel: Packet log: output ACCEPT eth0 PROTO=6 192.168.25.5:1723 192.168.25.3:1107 L=72 S=0x00 I=310 F=0x0000 T=64 (#2) Jan 11 18:51:13 firewall pppd[11197]: pppd 2.3.11 started by root, uid 0 Jan 11 18:51:13 firewall pppd[11197]: Using interface ppp1 Jan 11 18:51:13 firewall pppd[11197]: Connect: ppp1 <--> /dev/pts/4 Jan 11 18:51:13 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=50 S=0x00 I=56581 F=0x0000 T=128 (#2) Jan 11 18:51:13 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=61 S=0x00 I=311 F=0x0000 T=64 (#2) Jan 11 18:51:13 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=32 S=0x00 I=312 F=0x0000 T=64 (#2) Jan 11 18:51:13 firewall kernel: Packet log: input ACCEPT eth0 PROTO=6 192.168.25.3:1107 192.168.25.5:1723 L=40 S=0x00 I=56837 F=0x4000 T=128 (#2) Jan 11 18:51:13 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=50 S=0x00 I=313 F=0x0000 T=64 (#2) Jan 11 18:51:13 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=65 S=0x00 I=57093 F=0x0000 T=128 (#2) Jan 11 18:51:13 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=32 S=0x00 I=314 F=0x0000 T=64 (#2) Jan 11 18:51:13 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=58 S=0x00 I=315 F=0x0000 T=64 (#2) Jan 11 18:51:13 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=105 S=0x00 I=57349 F=0x0000 T=128 (#2) Jan 11 18:51:13 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=32 S=0x00 I=316 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=80 S=0x00 I=317 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=50 S=0x00 I=318 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=78 S=0x00 I=57605 F=0x0000 T=128 (#2) Jan 11 18:51:14 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=32 S=0x00 I=319 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=50 S=0x00 I=57861 F=0x0000 T=128 (#2) Jan 11 18:51:14 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=32 S=0x00 I=320 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall kernel: PPP BSD Compression module registered Jan 11 18:51:14 firewall kernel: PPP MPPE compression module registered Jan 11 18:51:14 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=55 S=0x00 I=321 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=67 S=0x00 I=58117 F=0x0000 T=128 (#2) Jan 11 18:51:14 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=32 S=0x00 I=322 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall pppd[11197]: MSCHAP-v2 peer authentication succeeded for PROYECTOS\\web Jan 11 18:51:14 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=50 S=0x00 I=323 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=66 S=0x00 I=58373 F=0x0000 T=128 (#2) Jan 11 18:51:14 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=32 S=0x00 I=324 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=56 S=0x00 I=325 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=66 S=0x00 I=58629 F=0x0000 T=128 (#2) Jan 11 18:51:14 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=32 S=0x00 I=326 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall pppd[11197]: found interface eth0 for proxy arp Jan 11 18:51:14 firewall pppd[11197]: local IP address 192.168.25.30 Jan 11 18:51:14 firewall pppd[11197]: remote IP address 192.168.25.231 Jan 11 18:51:14 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=62 S=0x00 I=327 F=0x0000 T=64 (#2) Jan 11 18:51:14 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=32 S=0x00 I=58885 F=0x0000 T=128 (#2) Jan 11 18:51:15 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=61 S=0x00 I=59397 F=0x0000 T=128 (#2) Jan 11 18:51:15 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=32 S=0x00 I=328 F=0x0000 T=64 (#2) Jan 11 18:51:17 firewall kernel: Packet log: input ACCEPT eth0 PROTO=17 192.168.25.1:1025 192.168.25.255:2071 L=104 S=0x00 I=33051 F=0x0000 T=64 (#2) Jan 11 18:51:18 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=61 S=0x00 I=59909 F=0x0000 T=128 (#2) Jan 11 18:51:18 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=32 S=0x00 I=329 F=0x0000 T=64 (#2) Jan 11 18:51:19 firewall kernel: Packet log: input ACCEPT eth0 PROTO=47 192.168.25.3:65535 192.168.25.5:65535 L=40 S=0x00 I=60165 F=0x0000 T=128 (#2) Jan 11 18:51:19 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=32 S=0x00 I=330 F=0x0000 T=64 (#2) Jan 11 18:51:19 firewall pppd[11197]: LCP terminated by peer Jan 11 18:51:19 firewall kernel: Packet log: output ACCEPT eth0 PROTO=47 192.168.25.5:65535 192.168.25.3:65535 L=40 S=0x00 I=331 F=0x0000 T=64 (#2) Jan 11 18:51:19 firewall kernel: Packet log: input ACCEPT eth0 PROTO=6 192.168.25.3:1107 192.168.25.5:1723 L=56 S=0x00 I=60421 F=0x4000 T=128 (#2) Jan 11 18:51:19 firewall pptpd[11196]: CTRL: Error with select(), quitting Jan 11 18:51:19 firewall pptpd[11196]: CTRL: Client 192.168.25.3 control connection finished Jan 11 18:51:19 firewall kernel: Packet log: output ACCEPT eth0 PROTO=6 192.168.25.5:1723 192.168.25.3:1107 L=188 S=0x00 I=332 F=0x0000 T=64 (#2) Jan 11 18:51:19 firewall kernel: Packet log: output ACCEPT eth0 PROTO=6 192.168.25.5:1723 192.168.25.3:1107 L=40 S=0x00 I=333 F=0x0000 T=64 (#2) Jan 11 18:51:19 firewall kernel: Packet log: input ACCEPT eth0 PROTO=6 192.168.25.3:1107 192.168.25.5:1723 L=40 S=0x00 I=60677 F=0x4000 T=128 (#2) Jan 11 18:51:19 firewall kernel: Packet log: output ACCEPT eth0 PROTO=6 192.168.25.5:1723 192.168.25.3:1107 L=40 S=0x00 I=334 F=0x0000 T=64 (#2) Jan 11 18:51:19 firewall pppd[11197]: Modem hangup Jan 11 18:51:19 firewall pppd[11197]: Connection terminated. Jan 11 18:51:19 firewall pppd[11197]: Connect time 0.1 minutes. Jan 11 18:51:19 firewall pppd[11197]: Sent 381 bytes, received 577 bytes. Jan 11 18:51:19 firewall pppd[11197]: Exit. -----------------------8<----------8<----------8<----------8<----------8<----------8< - Second Case log's lines (connection made from Internet): -----------------------8<----------8<----------8<----------8<----------8<----------8< Jan 11 18:43:32 firewall pptpd[9443]: CTRL: Client 194.143.193.61 control connection started Jan 11 18:43:32 firewall kernel: Packet log: input ACCEPT ppp0 PROTO=6 194.143.193.61:1105 194.143.220.184:1723 L=196 S=0x00 I=50949 F=0x4000 T=127 (#2) Jan 11 18:43:32 firewall kernel: Packet log: output ACCEPT ppp0 PROTO=6 194.143.220.184:1723 194.143.193.61:1105 L=40 S=0x00 I=294 F=0x0000 T=64 (#2) Jan 11 18:43:32 firewall kernel: Packet log: output ACCEPT ppp0 PROTO=6 194.143.220.184:1723 194.143.193.61:1105 L=196 S=0x00 I=295 F=0x0000 T=64 (#2) Jan 11 18:43:32 firewall kernel: Packet log: input ACCEPT ppp0 PROTO=6 194.143.193.61:1105 194.143.220.184:1723 L=208 S=0x00 I=51205 F=0x4000 T=127 (#2) Jan 11 18:43:32 firewall pptpd[9443]: CTRL: Starting call (launching pppd, opening GRE) Jan 11 18:43:32 firewall kernel: Packet log: output ACCEPT ppp0 PROTO=6 194.143.220.184:1723 194.143.193.61:1105 L=72 S=0x00 I=296 F=0x0000 T=64 (#2) Jan 11 18:43:32 firewall pppd[9444]: pppd 2.3.11 started by root, uid 0 Jan 11 18:43:32 firewall pppd[9444]: Using interface ppp1 Jan 11 18:43:32 firewall pppd[9444]: Connect: ppp1 <--> /dev/pts/4 Jan 11 18:43:32 firewall kernel: Packet log: output ACCEPT ppp0 PROTO=47 194.143.220.184:65535 194.143.193.61:65535 L=61 S=0x00 I=297 F=0x0000 T=64 (#2) Jan 11 18:43:32 firewall kernel: Packet log: input ACCEPT ppp0 PROTO=6 194.143.193.61:1105 194.143.220.184:1723 L=40 S=0x00 I=51461 F=0x4000 T=127 (#2) Jan 11 18:43:33 firewall kernel: Packet log: input ACCEPT ppp0 PROTO=47 194.143.193.61:65535 194.143.220.184:65535 L=32 S=0x00 I=51717 F=0x0000 T=127 (#2) Jan 11 18:43:35 firewall kernel: Packet log: output ACCEPT ppp0 PROTO=47 194.143.220.184:65535 194.143.193.61:65535 L=61 S=0x00 I=298 F=0x0000 T=64 (#2) Jan 11 18:43:35 firewall kernel: Packet log: input ACCEPT ppp0 PROTO=6 194.143.193.61:1105 194.143.220.184:1723 L=56 S=0x00 I=51973 F=0x4000 T=127 (#2) Jan 11 18:43:35 firewall kernel: Packet log: output ACCEPT ppp0 PROTO=6 194.143.220.184:1723 194.143.193.61:1105 L=188 S=0x00 I=299 F=0x0000 T=64 (#2) Jan 11 18:43:35 firewall pppd[9444]: Modem hangup Jan 11 18:43:35 firewall pppd[9444]: Connection terminated. Jan 11 18:43:35 firewall pppd[9444]: Exit. Jan 11 18:43:35 firewall pptpd[9443]: CTRL: Error with select(), quitting Jan 11 18:43:35 firewall pptpd[9443]: CTRL: Client 194.143.193.61 control connection finished -----------------------8<----------8<----------8<----------8<----------8<----------8< How we can see, some packets are lost. Why? What's the problem? Can anybody help me. Thanks. Javier Cuevas. jcd at arrakis.es From jcd at arrakis.es Thu Jan 11 18:06:14 2001 From: jcd at arrakis.es (Javier Cuevas) Date: Fri, 12 Jan 2001 01:06:14 +0100 Subject: [pptp-server] I don't understand anything ! :-) References: <200FAA488DE0D41194F10010B597610D0650F2@JUPITER> Message-ID: <3A5E4A76.89A7F97C@arrakis.es> George Vieira wrote: > Can't answer your problem but my suggestion to anybody is to run pptpd 1.1.2 > as it's more stable and less problems even though it's in devel stages.. > Ok. I will try... > > Where's your logs for both instances..?? > The "clean" logs are: - First case (intranet case ) log`s lines: (all Ok) ======================== pptpd[11196]: CTRL: Client 192.168.25.3 control connection started pptpd[11196]: CTRL: Starting call (launching pppd, opening GRE) pppd[11197]: pppd 2.3.11 started by root, uid 0 pppd[11197]: Using interface ppp1 pppd[11197]: Connect: ppp1 <--> /dev/pts/4 kernel: PPP BSD Compression module registered kernel: PPP MPPE compression module registered pppd[11197]: MSCHAP-v2 peer authentication succeeded for PROYECTOS\\web pppd[11197]: found interface eth0 for proxy arp pppd[11197]: local IP address 192.168.25.30 pppd[11197]: remote IP address 192.168.25.231 pppd[11197]: LCP terminated by peer pptpd[11196]: CTRL: Error with select(), quitting pptpd[11196]: CTRL: Client 192.168.25.3 control connection finished pppd[11197]: Modem hangup pppd[11197]: Connection terminated. pppd[11197]: Connect time 0.1 minutes. pppd[11197]: Sent 381 bytes, received 577 bytes. pppd[11197]: Exit. - Second case (Internet case ) log`s lines: ========================== pptpd[9443]: CTRL: Client 194.143.193.61 control connection started pptpd[9443]: CTRL: Starting call (launching pppd, opening GRE) pppd[9444]: pppd 2.3.11 started by root, uid 0 pppd[9444]: Using interface ppp1 pppd[9444]: Connect: ppp1 <--> /dev/pts/4 pppd[9444]: Modem hangup pppd[9444]: Connection terminated. pppd[9444]: Exit. pptpd[9443]: CTRL: Error with select(), quitting pptpd[9443]: CTRL: Client 194.143.193.61 control connection finished Thanks, Javier Cuevas From GeorgeV at citadelcomputer.com.au Thu Jan 11 18:33:28 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 12 Jan 2001 11:33:28 +1100 Subject: [pptp-server] I don't understand anything ! :-) Message-ID: <200FAA488DE0D41194F10010B597610D065109@JUPITER> Isn't this error the that requires patching the mppe patch as it contains errors/bugs.. thanks, George Vieira -----Original Message----- From: Javier Cuevas [mailto:jcd at arrakis.es] Sent: Friday, January 12, 2001 11:06 AM To: George Vieira; pptp mailing list Subject: Re: [pptp-server] I don't understand anything ! :-) George Vieira wrote: > Can't answer your problem but my suggestion to anybody is to run pptpd 1.1.2 > as it's more stable and less problems even though it's in devel stages.. > Ok. I will try... > > Where's your logs for both instances..?? > The "clean" logs are: - First case (intranet case ) log`s lines: (all Ok) ======================== pptpd[11196]: CTRL: Client 192.168.25.3 control connection started pptpd[11196]: CTRL: Starting call (launching pppd, opening GRE) pppd[11197]: pppd 2.3.11 started by root, uid 0 pppd[11197]: Using interface ppp1 pppd[11197]: Connect: ppp1 <--> /dev/pts/4 kernel: PPP BSD Compression module registered kernel: PPP MPPE compression module registered pppd[11197]: MSCHAP-v2 peer authentication succeeded for PROYECTOS\\web pppd[11197]: found interface eth0 for proxy arp pppd[11197]: local IP address 192.168.25.30 pppd[11197]: remote IP address 192.168.25.231 pppd[11197]: LCP terminated by peer pptpd[11196]: CTRL: Error with select(), quitting pptpd[11196]: CTRL: Client 192.168.25.3 control connection finished pppd[11197]: Modem hangup pppd[11197]: Connection terminated. pppd[11197]: Connect time 0.1 minutes. pppd[11197]: Sent 381 bytes, received 577 bytes. pppd[11197]: Exit. - Second case (Internet case ) log`s lines: ========================== pptpd[9443]: CTRL: Client 194.143.193.61 control connection started pptpd[9443]: CTRL: Starting call (launching pppd, opening GRE) pppd[9444]: pppd 2.3.11 started by root, uid 0 pppd[9444]: Using interface ppp1 pppd[9444]: Connect: ppp1 <--> /dev/pts/4 pppd[9444]: Modem hangup pppd[9444]: Connection terminated. pppd[9444]: Exit. pptpd[9443]: CTRL: Error with select(), quitting pptpd[9443]: CTRL: Client 194.143.193.61 control connection finished Thanks, Javier Cuevas From rage at sohonetworks.cc Thu Jan 11 23:35:03 2001 From: rage at sohonetworks.cc (Jason Osborne) Date: Thu, 11 Jan 2001 23:35:03 -0600 Subject: [pptp-server] I don't understand anything ! :-) In-Reply-To: <200FAA488DE0D41194F10010B597610D065109@JUPITER> Message-ID: Thank you Javier. I have been having this problem for five months and no one ever even notices that I am also trying to do it over a ISDN connection. I think someone who knows a little something should give us an answer in detail since it seems I'm not the only one with this problem. Remember, some people have employers counting on them to implement this shit. I would hate to have to go to a Microsoft solution because the Linux side of things won't give any goddamn support. By the way, thank you George for answer, it is nice to know that someone cares. If you do have any further info, please elaborate. I think both Javier and I will be much appreciative. Maybe even others. Thanks, Jason. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira Sent: Thursday, January 11, 2001 6:33 PM To: Javier Cuevas; pptp mailing list Subject: RE: [pptp-server] I don't understand anything ! :-) Isn't this error the that requires patching the mppe patch as it contains errors/bugs.. thanks, George Vieira -----Original Message----- From: Javier Cuevas [mailto:jcd at arrakis.es] Sent: Friday, January 12, 2001 11:06 AM To: George Vieira; pptp mailing list Subject: Re: [pptp-server] I don't understand anything ! :-) George Vieira wrote: > Can't answer your problem but my suggestion to anybody is to run pptpd 1.1.2 > as it's more stable and less problems even though it's in devel stages.. > Ok. I will try... > > Where's your logs for both instances..?? > The "clean" logs are: - First case (intranet case ) log`s lines: (all Ok) ======================== pptpd[11196]: CTRL: Client 192.168.25.3 control connection started pptpd[11196]: CTRL: Starting call (launching pppd, opening GRE) pppd[11197]: pppd 2.3.11 started by root, uid 0 pppd[11197]: Using interface ppp1 pppd[11197]: Connect: ppp1 <--> /dev/pts/4 kernel: PPP BSD Compression module registered kernel: PPP MPPE compression module registered pppd[11197]: MSCHAP-v2 peer authentication succeeded for PROYECTOS\\web pppd[11197]: found interface eth0 for proxy arp pppd[11197]: local IP address 192.168.25.30 pppd[11197]: remote IP address 192.168.25.231 pppd[11197]: LCP terminated by peer pptpd[11196]: CTRL: Error with select(), quitting pptpd[11196]: CTRL: Client 192.168.25.3 control connection finished pppd[11197]: Modem hangup pppd[11197]: Connection terminated. pppd[11197]: Connect time 0.1 minutes. pppd[11197]: Sent 381 bytes, received 577 bytes. pppd[11197]: Exit. - Second case (Internet case ) log`s lines: ========================== pptpd[9443]: CTRL: Client 194.143.193.61 control connection started pptpd[9443]: CTRL: Starting call (launching pppd, opening GRE) pppd[9444]: pppd 2.3.11 started by root, uid 0 pppd[9444]: Using interface ppp1 pppd[9444]: Connect: ppp1 <--> /dev/pts/4 pppd[9444]: Modem hangup pppd[9444]: Connection terminated. pppd[9444]: Exit. pptpd[9443]: CTRL: Error with select(), quitting pptpd[9443]: CTRL: Client 194.143.193.61 control connection finished Thanks, Javier Cuevas _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From jcd at arrakis.es Fri Jan 12 02:40:48 2001 From: jcd at arrakis.es (Javier Cuevas) Date: Fri, 12 Jan 2001 09:40:48 +0100 Subject: [pptp-server] I don't understand anything ! :-) References: Message-ID: <3A5EC310.889B1E5D@arrakis.es> Jason Osborne wrote: > Thank you Javier. I have been having this problem for five months and no > one ever even notices that I am also trying to do it over a ISDN connection. > Oh ! I'm not alone ;-) I'm not sure to be a good thing ;-) Well, being serius. I think our problem could be in a intermediate router that lost some GRE packets, but I'm not sure... How I can read in some posted messages at this mainling list, some routers can found some problems managing this kind of packets. But really I'm not sure abut this. I you read my first message, you can read a detailed log activity abaut a pptp conexion (you can see the traffic), and we can see that some packets lost when ppp brought up. It's too dificult to me to understand what is happend from this activity logs.... Another idea abaut I was thinking is that ISDN ppp can't manage some kind of packets that pptp and thet tunnel ppp need. What's the real answer ? Thanks, Javier Cuevas From rage at sohonetworks.cc Fri Jan 12 03:27:03 2001 From: rage at sohonetworks.cc (Jason Osborne) Date: Fri, 12 Jan 2001 03:27:03 -0600 Subject: [pptp-server] I don't understand anything ! :-) In-Reply-To: <3A5EC310.889B1E5D@arrakis.es> Message-ID: Ok, here is my setup. I have a system running redhat 7.0, kernel 2.2.17, pppd-2.3.11, and pptpd-1.1.2. I used the following site to setup my system and I have not really changed any of the configuration info. http://www.vibrationresearch.com/pptpd/example.html Anyway, I used the above setup on my home Linux box running through DSL and it works great. I have not had any errors at all. However, with the ISDN connection, I see ppp sending packets, but then it freezes for 30 seconds and then drops the connection. I have included my error log below. As far as whether you are using the right pppd daemon or not is not an issue. What pptpd does is make use of pppd to make a connection whether it be over tcp/ip, ethernet, or serial line (which is ppp or slip. i.e. dialup, isdn). What is does is discipline the line to send packets over it. From what I have seen, the reason the vpn is not working with the 128k isdn line is when the client (win98 box) sends packets to the vpn server, it gets separated when it goes through the two channels of the isdn line. Supposedly, pptpd 1.1.2 is suppose to take the packets and perform a reordering scheme on them. From what I understand, this is implemented in 1.1.2, but also, from what I have seen, it does not work. Other than this possible problem, I do not see any other possibilities or issues related to the use of pptpd over an ISDN line. Looks like this might possibly be something we have on to be implemented into the pptpd software. Wish I could code because I could save my self from going through a lot of bitching. _________ _________ ____________ __________ | Win98 | LAN | Linux | ISDN ( ) ADSL | Win98 | | boxes |=====| Box |========( Internet }========| Laptop | |_______| |_______|++++++++(__________)++++++++|________| a) b) VPN VPN c) a) Win98 boxes are on the 192.168.0.0 subnet. They use the Linux server to access the net and share files through samba. b) Linux box has the ip 192.168.0.1. It runs redhat 7 running on kernel 2.2.17, pppd 2.3.11, and pptpd 1.1.2. The setup came straight from http://www.vibrationresearch.com/pptpd/example.html. ==> /sbin/route <== Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 204.181.200.7 * 255.255.255.255 UH 0 0 0 ppp0 192.168.0.1 * 255.255.255.255 UH 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 204.181.200.7 0.0.0.0 UG 0 0 0 ppp0 ==> /sbin/ifconfig <== eth0 Link encap:Ethernet HWaddr 52:54:05:F0:25:90 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:296319 errors:0 dropped:0 overruns:0 frame:2 TX packets:254796 errors:0 dropped:0 overruns:0 carrier:0 collisions:115 txqueuelen:100 Interrupt:9 Base address:0xfce0 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:91 errors:0 dropped:0 overruns:0 frame:0 TX packets:91 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:204.181.201.153 P-t-P:204.181.200.7 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:4838 errors:0 dropped:0 overruns:0 frame:0 TX packets:4469 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 ==> /var/log/messages <== Jan 11 19:48:56 legacycarpets pptpd[31530]: CTRL: Client 4.40.159.70 control connection started Jan 11 19:48:57 legacycarpets pptpd[31530]: CTRL: Starting call (launching pppd, opening GRE) Jan 11 19:48:57 legacycarpets pppd[31531]: pppd 2.3.11 started by root, uid 0 Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set dbg flags to 70000 Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set flags to 70000 Jan 11 19:48:57 legacycarpets pppd[31531]: Using interface ppp1 Jan 11 19:48:57 legacycarpets pppd[31531]: Connect: ppp1 <--> /dev/pts/1 Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set xasyncmap Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set xmit asyncmap ffffffff Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set flags to 70000 Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set mru to 5dc Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set rcv asyncmap ffffffff Jan 11 19:49:27 legacycarpets kernel: ppp: channel ppp1 closing. Jan 11 19:49:27 legacycarpets pppd[31531]: LCP: timeout sending Config-Requests Jan 11 19:49:27 legacycarpets pppd[31531]: Connection terminated. Jan 11 19:49:27 legacycarpets pppd[31531]: Modem hangup Jan 11 19:49:27 legacycarpets pppd[31531]: Exit. Jan 11 19:49:32 legacycarpets pptpd[31530]: GRE: read error: Bad file descriptor Jan 11 19:49:32 legacycarpets pptpd[31530]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Jan 11 19:49:32 legacycarpets pptpd[31530]: CTRL: Client 4.40.159.70 control connection finished ==> /etc/pptpd.conf <== # PoPToP configuration file # TAG: speed speed 115200 # TAG: option option /etc/ppp/options.vpn # TAG: debug debug # TAG: localip localip 192.168.0.200-225 # TAG: remoteip remoteip 192.168.0.226-251 # TAG: ipxnets ipxnets 00001000-00001FFF # TAG: listen #listen 192.168.0.1 # TAG: pidfile pidfile /var/run/pptpd.pid ==> /etc/ppp/options.vpn <== lock asyncmap 20A0000 debug kdebug 7 name server auth mru 1450 mtu 1450 require-chap +chap proxyarp +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ==> /etc/ppp/ip-up <== #!/bin/sh INTERNAL_DEV="eth0" INTERNAL_NET="192.168.0.0/24" INTERNAL_IP=$4 EXTERNAL_DEV=$1 EXTERNAL_NET="192.168.0.0/24" EXTERNAL_IP=$5 HW_ADDRESS="52:54:05:F0:25:90" case $2 in /dev/pts/*) /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i $INTERNAL_DEV /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i $EXTERNAL_DEV /sbin/ipchains --insert input -i $EXTERNAL_DEV -s $INTERNAL_NET -j ACCEPT /sbin/ipchains --insert output -i $EXTERNAL_DEV -d $INTERNAL_NET -j ACCEPT # Logging echo date > /var/run/ppp.up echo "Connection started on " $2 >> /var/run/ppp.up echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up echo "$(date): ip-up External Device: $1 TTY: $2 Speed: $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log echo "$(date): ip-up Firewall rules set for $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log ;; esac ==> /etc/ppp/chap-secrets <== # Secrets for authentication using CHAP # client server secret IP addresses "rage" * "ditto" * "tony" * "ditto" * "ernie" * "ditto" * "chris" * "ditto" * "terry" * "ditto" * "darin" * "ditto" speed 115200 debug localip 192.168.0.200-225 remoteip 192.168.1.226-251 # Dialup Info iwells * automan1 ==> /etc/modules.conf <== alias eth0 ne2k-pci alias parport_lowlevel parport_pc alias usb-controller usb-uhci alias char-major-108 off alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate ==> /etc/rc.d/init.d/firewall <== # Input ipchain rules /sbin/ipchains -P input DENY /sbin/ipchains -A input -j ACCEPT -i lo /sbin/ipchains -A input -j ACCEPT -i eth0 /sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i ppp0 /sbin/ipchains -A input -j ACCEPT -p udp -i ppp0 /sbin/ipchains -A input -j DENY -l -i ppp0 -s 192.168.0.0/16 /sbin/ipchains -A input -j DENY -p tcp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j DENY -p udp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j ACCEPT -i ppp0 /sbin/ipchains -A input -j ACCEPT -p 47 # Output ipchains rules /sbin/ipchains -P output ACCEPT /sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1503 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1503 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1720 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1720 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1731 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1731 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p 47 # Forward ipchain rules /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j MASQ /sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j MASQ /sbin/ipchains -A forward -p 1723 -s 192.168.0.0/24 -d 0.0.0.0/0 -j ACCEPT ;; stop) /sbin/ipchains -F /sbin/ipchains -X ;; restart) $0 stop $0 start ;; status) /sbin/ipchains -L -v ;; *) echo "Usage: firewall {start|stop|restart|status}" exit 1 esac exit 0 ==> options <== lock modem crtscts asyncmap 20A0000 noipdefault defaultroute debug user lcarpet noauth nodetach -----Original Message----- From: Javier Cuevas [mailto:jcd at arrakis.es] Sent: Friday, January 12, 2001 2:41 AM To: Jason Osborne; pptp mailing list Subject: Re: [pptp-server] I don't understand anything ! :-) Jason Osborne wrote: > Thank you Javier. I have been having this problem for five months and no > one ever even notices that I am also trying to do it over a ISDN connection. > Oh ! I'm not alone ;-) I'm not sure to be a good thing ;-) Well, being serius. I think our problem could be in a intermediate router that lost some GRE packets, but I'm not sure... How I can read in some posted messages at this mainling list, some routers can found some problems managing this kind of packets. But really I'm not sure abut this. I you read my first message, you can read a detailed log activity abaut a pptp conexion (you can see the traffic), and we can see that some packets lost when ppp brought up. It's too dificult to me to understand what is happend from this activity logs.... Another idea abaut I was thinking is that ISDN ppp can't manage some kind of packets that pptp and thet tunnel ppp need. What's the real answer ? Thanks, Javier Cuevas From GeorgeV at citadelcomputer.com.au Fri Jan 12 03:48:00 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 12 Jan 2001 20:48:00 +1100 Subject: [pptp-server] I don't understand anything ! :-) Message-ID: <200FAA488DE0D41194F10010B597610D065179@JUPITER> Sorry I don't have the URL or information but it was mentioned before on this list (surprised the person who sent it hasn't submitted to a reply) that when you patch the kernel for mppe that there was another patch to fix a bug in the original patch to fix errors which from memory (which hasn't been good these days) was what you had... I may be totally wrong and if I gave you some hope when I'm wrong then sorry. I have alot of mailling lists and I prune off ones that either are outdated (eg. hi i'm using 1.0.0 pptpd) or may not suit my needs (eg, hi i'm running pptpd on SCO with a land to air satellite link...yarda..yarda..) I'm sure someone on this list must know which patch I'm talking about and at least reply to these guys if I'm right or wrong so these guys can make a choice and do something. thanks, George Vieira -----Original Message----- From: Javier Cuevas [mailto:jcd at arrakis.es] Sent: Friday, January 12, 2001 7:41 PM To: Jason Osborne; pptp mailing list Subject: Re: [pptp-server] I don't understand anything ! :-) Jason Osborne wrote: > Thank you Javier. I have been having this problem for five months and no > one ever even notices that I am also trying to do it over a ISDN connection. > Oh ! I'm not alone ;-) I'm not sure to be a good thing ;-) Well, being serius. I think our problem could be in a intermediate router that lost some GRE packets, but I'm not sure... How I can read in some posted messages at this mainling list, some routers can found some problems managing this kind of packets. But really I'm not sure abut this. I you read my first message, you can read a detailed log activity abaut a pptp conexion (you can see the traffic), and we can see that some packets lost when ppp brought up. It's too dificult to me to understand what is happend from this activity logs.... Another idea abaut I was thinking is that ISDN ppp can't manage some kind of packets that pptp and thet tunnel ppp need. What's the real answer ? Thanks, Javier Cuevas _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From jcd at arrakis.es Fri Jan 12 04:07:16 2001 From: jcd at arrakis.es (Javier Cuevas) Date: Fri, 12 Jan 2001 11:07:16 +0100 Subject: [pptp-server] I don't understand anything ! :-) References: <200FAA488DE0D41194F10010B597610D065179@JUPITER> Message-ID: <3A5ED754.AD72632F@arrakis.es> > I may be totally wrong and if I gave you some hope when I'm wrong then > sorry. Dont' worry.Ther are no mistakes. I have search again and I found the patch, and I also got the pptpd 1.1.2 as you has recomended... I'm still working on the new versions (pptpd 1.1.2 and new mppe patch)...but the new logs lines aported by new pptpd seems good for finding answers... :-) I will say the resulst of my works... :-) It's great thinking I'm not alone and you are helping me. Thank's a lot Javier Cuevas From GeorgeV at citadelcomputer.com.au Fri Jan 12 04:49:38 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 12 Jan 2001 21:49:38 +1100 Subject: [pptp-server] I don't understand anything ! :-) Message-ID: <200FAA488DE0D41194F10010B597610D06517A@JUPITER> Wow, your setup looks so similar to mine it's scarey... we're probably lost twins or something... The only thing I would have added is in the firewall rules to add a "DENY -l" to the end so you can log all denials and view them in the /var/log/messages logs. Another thing, when I usually have "send config request" problems even using normal dial up.. I try and test using static IPs rather than allocating the users a DHCP IP address. eg. in my /etc/ppp/chap-secrets id' have something like username machinename password 192.168.0.129 username2 machinename2 drowssap 192.168.0.130 and on the client side specify it's known IP etc.. try this if it sounds like an idea to try. thanks, George Vieira -----Original Message----- From: Jason Osborne [mailto:rage at sohonetworks.cc] Sent: Friday, January 12, 2001 8:27 PM To: Javier Cuevas; pptp-server at lists.schulte.org Subject: RE: [pptp-server] I don't understand anything ! :-) Ok, here is my setup. I have a system running redhat 7.0, kernel 2.2.17, pppd-2.3.11, and pptpd-1.1.2. I used the following site to setup my system and I have not really changed any of the configuration info. http://www.vibrationresearch.com/pptpd/example.html Anyway, I used the above setup on my home Linux box running through DSL and it works great. I have not had any errors at all. However, with the ISDN connection, I see ppp sending packets, but then it freezes for 30 seconds and then drops the connection. I have included my error log below. As far as whether you are using the right pppd daemon or not is not an issue. What pptpd does is make use of pppd to make a connection whether it be over tcp/ip, ethernet, or serial line (which is ppp or slip. i.e. dialup, isdn). What is does is discipline the line to send packets over it. From what I have seen, the reason the vpn is not working with the 128k isdn line is when the client (win98 box) sends packets to the vpn server, it gets separated when it goes through the two channels of the isdn line. Supposedly, pptpd 1.1.2 is suppose to take the packets and perform a reordering scheme on them. From what I understand, this is implemented in 1.1.2, but also, from what I have seen, it does not work. Other than this possible problem, I do not see any other possibilities or issues related to the use of pptpd over an ISDN line. Looks like this might possibly be something we have on to be implemented into the pptpd software. Wish I could code because I could save my self from going through a lot of bitching. _________ _________ ____________ __________ | Win98 | LAN | Linux | ISDN ( ) ADSL | Win98 | | boxes |=====| Box |========( Internet }========| Laptop | |_______| |_______|++++++++(__________)++++++++|________| a) b) VPN VPN c) a) Win98 boxes are on the 192.168.0.0 subnet. They use the Linux server to access the net and share files through samba. b) Linux box has the ip 192.168.0.1. It runs redhat 7 running on kernel 2.2.17, pppd 2.3.11, and pptpd 1.1.2. The setup came straight from http://www.vibrationresearch.com/pptpd/example.html. ==> /sbin/route <== Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 204.181.200.7 * 255.255.255.255 UH 0 0 0 ppp0 192.168.0.1 * 255.255.255.255 UH 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 204.181.200.7 0.0.0.0 UG 0 0 0 ppp0 ==> /sbin/ifconfig <== eth0 Link encap:Ethernet HWaddr 52:54:05:F0:25:90 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:296319 errors:0 dropped:0 overruns:0 frame:2 TX packets:254796 errors:0 dropped:0 overruns:0 carrier:0 collisions:115 txqueuelen:100 Interrupt:9 Base address:0xfce0 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:91 errors:0 dropped:0 overruns:0 frame:0 TX packets:91 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:204.181.201.153 P-t-P:204.181.200.7 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:4838 errors:0 dropped:0 overruns:0 frame:0 TX packets:4469 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 ==> /var/log/messages <== Jan 11 19:48:56 legacycarpets pptpd[31530]: CTRL: Client 4.40.159.70 control connection started Jan 11 19:48:57 legacycarpets pptpd[31530]: CTRL: Starting call (launching pppd, opening GRE) Jan 11 19:48:57 legacycarpets pppd[31531]: pppd 2.3.11 started by root, uid 0 Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set dbg flags to 70000 Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set flags to 70000 Jan 11 19:48:57 legacycarpets pppd[31531]: Using interface ppp1 Jan 11 19:48:57 legacycarpets pppd[31531]: Connect: ppp1 <--> /dev/pts/1 Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set xasyncmap Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set xmit asyncmap ffffffff Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set flags to 70000 Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set mru to 5dc Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set rcv asyncmap ffffffff Jan 11 19:49:27 legacycarpets kernel: ppp: channel ppp1 closing. Jan 11 19:49:27 legacycarpets pppd[31531]: LCP: timeout sending Config-Requests Jan 11 19:49:27 legacycarpets pppd[31531]: Connection terminated. Jan 11 19:49:27 legacycarpets pppd[31531]: Modem hangup Jan 11 19:49:27 legacycarpets pppd[31531]: Exit. Jan 11 19:49:32 legacycarpets pptpd[31530]: GRE: read error: Bad file descriptor Jan 11 19:49:32 legacycarpets pptpd[31530]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Jan 11 19:49:32 legacycarpets pptpd[31530]: CTRL: Client 4.40.159.70 control connection finished ==> /etc/pptpd.conf <== # PoPToP configuration file # TAG: speed speed 115200 # TAG: option option /etc/ppp/options.vpn # TAG: debug debug # TAG: localip localip 192.168.0.200-225 # TAG: remoteip remoteip 192.168.0.226-251 # TAG: ipxnets ipxnets 00001000-00001FFF # TAG: listen #listen 192.168.0.1 # TAG: pidfile pidfile /var/run/pptpd.pid ==> /etc/ppp/options.vpn <== lock asyncmap 20A0000 debug kdebug 7 name server auth mru 1450 mtu 1450 require-chap +chap proxyarp +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ==> /etc/ppp/ip-up <== #!/bin/sh INTERNAL_DEV="eth0" INTERNAL_NET="192.168.0.0/24" INTERNAL_IP=$4 EXTERNAL_DEV=$1 EXTERNAL_NET="192.168.0.0/24" EXTERNAL_IP=$5 HW_ADDRESS="52:54:05:F0:25:90" case $2 in /dev/pts/*) /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i $INTERNAL_DEV /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i $EXTERNAL_DEV /sbin/ipchains --insert input -i $EXTERNAL_DEV -s $INTERNAL_NET -j ACCEPT /sbin/ipchains --insert output -i $EXTERNAL_DEV -d $INTERNAL_NET -j ACCEPT # Logging echo date > /var/run/ppp.up echo "Connection started on " $2 >> /var/run/ppp.up echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up echo "$(date): ip-up External Device: $1 TTY: $2 Speed: $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log echo "$(date): ip-up Firewall rules set for $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log ;; esac ==> /etc/ppp/chap-secrets <== # Secrets for authentication using CHAP # client server secret IP addresses "rage" * "ditto" * "tony" * "ditto" * "ernie" * "ditto" * "chris" * "ditto" * "terry" * "ditto" * "darin" * "ditto" speed 115200 debug localip 192.168.0.200-225 remoteip 192.168.1.226-251 # Dialup Info iwells * automan1 ==> /etc/modules.conf <== alias eth0 ne2k-pci alias parport_lowlevel parport_pc alias usb-controller usb-uhci alias char-major-108 off alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate ==> /etc/rc.d/init.d/firewall <== # Input ipchain rules /sbin/ipchains -P input DENY /sbin/ipchains -A input -j ACCEPT -i lo /sbin/ipchains -A input -j ACCEPT -i eth0 /sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i ppp0 /sbin/ipchains -A input -j ACCEPT -p udp -i ppp0 /sbin/ipchains -A input -j DENY -l -i ppp0 -s 192.168.0.0/16 /sbin/ipchains -A input -j DENY -p tcp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j DENY -p udp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j ACCEPT -i ppp0 /sbin/ipchains -A input -j ACCEPT -p 47 # Output ipchains rules /sbin/ipchains -P output ACCEPT /sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1503 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1503 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1720 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1720 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1731 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1731 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p 47 # Forward ipchain rules /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j MASQ /sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j MASQ /sbin/ipchains -A forward -p 1723 -s 192.168.0.0/24 -d 0.0.0.0/0 -j ACCEPT ;; stop) /sbin/ipchains -F /sbin/ipchains -X ;; restart) $0 stop $0 start ;; status) /sbin/ipchains -L -v ;; *) echo "Usage: firewall {start|stop|restart|status}" exit 1 esac exit 0 ==> options <== lock modem crtscts asyncmap 20A0000 noipdefault defaultroute debug user lcarpet noauth nodetach -----Original Message----- From: Javier Cuevas [mailto:jcd at arrakis.es] Sent: Friday, January 12, 2001 2:41 AM To: Jason Osborne; pptp mailing list Subject: Re: [pptp-server] I don't understand anything ! :-) Jason Osborne wrote: > Thank you Javier. I have been having this problem for five months and no > one ever even notices that I am also trying to do it over a ISDN connection. > Oh ! I'm not alone ;-) I'm not sure to be a good thing ;-) Well, being serius. I think our problem could be in a intermediate router that lost some GRE packets, but I'm not sure... How I can read in some posted messages at this mainling list, some routers can found some problems managing this kind of packets. But really I'm not sure abut this. I you read my first message, you can read a detailed log activity abaut a pptp conexion (you can see the traffic), and we can see that some packets lost when ppp brought up. It's too dificult to me to understand what is happend from this activity logs.... Another idea abaut I was thinking is that ISDN ppp can't manage some kind of packets that pptp and thet tunnel ppp need. What's the real answer ? Thanks, Javier Cuevas _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From kathee at ezunx.com Fri Jan 12 10:04:26 2001 From: kathee at ezunx.com (kat) Date: Fri, 12 Jan 2001 11:04:26 -0500 Subject: [pptp-server] compile error -- search archives - no luck Message-ID: Anyone seen this? Kernel 2.2.18 ppp.c:100: warning: static declaration for `ppp_unregister_compressor' follows non-static ppp.c:174: `PPP_VERSION' undeclared here (not in a function) ppp.c: In function `ppp_tty_open': ppp.c:418: `PPP_MAGIC' undeclared (first use in this function) ppp.c:418: (Each undeclared identifier is reported only once ppp.c:418: for each function it appears in.) ppp.c: In function `ppp_tty_close': ppp.c:463: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_read': ppp.c:511: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_write': ppp.c:600: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_ioctl': ppp.c:659: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_poll': ppp.c:817: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_wakeup': ppp.c:845: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_sync_send': ppp.c:869: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_sync_push': ppp.c:922: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_async_send': ppp.c:978: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_push': ppp.c:1004: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_async_encode': ppp.c:1073: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_receive': ppp.c:1207: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_dev_close': ppp.c:1560: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_dev_ioctl': ppp.c:1594: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_ioctl': ppp.c:1642: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_receive_error': ppp.c:2235: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ip': ppp.c:2266: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ipv6': ppp.c:2279: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ipx': ppp.c:2292: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_at': ppp.c:2305: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_vjc_comp': ppp.c:2320: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_vjc_uncomp': ppp.c:2345: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ccp': ppp.c:2360: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_unknown': ppp.c:2371: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_send_frame': ppp.c:2418: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_output_wakeup': ppp.c:2592: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_send_ctrl': ppp.c:2608: `PPP_MAGIC' undeclared (first use in this function) {standard input}: Assembler messages: {standard input}:9: Warning: Ignoring changed section attributes for .modinfo ppp.c: In function `ppp_alloc': ppp.c:2847: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_release': ppp.c:2933: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `cleanup_module': ppp.c:3140: `PPP_MAGIC' undeclared (first use in this function) make[2]: *** [ppp.o] Error 1 make[2]: Leaving directory `/usr/src/linux/drivers/net' make[1]: *** [_modsubdir_net] Error 2 make[1]: Leaving directory `/usr/src/linux/drivers' make: *** [_mod_drivers] Error 2 From drjchris at yahoo.com Fri Jan 12 10:28:12 2001 From: drjchris at yahoo.com (Chris Carella) Date: Fri, 12 Jan 2001 08:28:12 -0800 (PST) Subject: [pptp-server] I don't understand anything ! :-) Message-ID: <20010112162812.9441.qmail@web9706.mail.yahoo.com> Hmm... "I would hate to have to go to a Microsoft solution because the Linux side of things won't give any goddamn support." This seems a bit hostile... remember we are dealing with FREE software... free as in freedom... the people developing PoPToP and answering questions on this mailing list, work very hard to maintain our freedoms as software users... If you would rather use a proprietary solution for support, remember than you are restricted your freedoms, as well as the freedoms of your users... Also if you want to pay for support but still maintain the integrity of freedom, I'm sure LinuxCare, Lineo, VALinux, or RedHat, would be more than happy to give you support for a fee... and that fee would probably be comparable (or cheaper) than using a MS WinNT solution, where you pay by the number of users you have. -Chris Carella- --- Jason Osborne wrote: > Thank you Javier. I have been having this problem for five > months and no > one ever even notices that I am also trying to do it over a > ISDN connection. > I think someone who knows a little something should give us an > answer in > detail since it seems I'm not the only one with this problem. > Remember, some > people have employers counting on them to implement this shit. > I would hate > to have to go to a Microsoft solution because the Linux side > of things won't > give any goddamn support. > > By the way, thank you George for answer, it is nice to know > that someone > cares. If you do have any further info, please elaborate. I > think both > Javier and I will be much appreciative. Maybe even others. > Thanks, Jason. > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > George Vieira > Sent: Thursday, January 11, 2001 6:33 PM > To: Javier Cuevas; pptp mailing list > Subject: RE: [pptp-server] I don't understand anything ! :-) > > > Isn't this error the that requires patching the mppe patch as > it contains > errors/bugs.. > > thanks, > George Vieira > > -----Original Message----- > From: Javier Cuevas [mailto:jcd at arrakis.es] > Sent: Friday, January 12, 2001 11:06 AM > To: George Vieira; pptp mailing list > Subject: Re: [pptp-server] I don't understand anything ! :-) > > > > > George Vieira wrote: > > > Can't answer your problem but my suggestion to anybody is to > run pptpd > 1.1.2 > > as it's more stable and less problems even though it's in > devel stages.. > > > > Ok. I will try... > > > > > Where's your logs for both instances..?? > > > > The "clean" logs are: > > - First case (intranet case ) log`s lines: (all Ok) > ======================== > > pptpd[11196]: CTRL: Client 192.168.25.3 control connection > started > pptpd[11196]: CTRL: Starting call (launching pppd, opening > GRE) > pppd[11197]: pppd 2.3.11 started by root, uid 0 > pppd[11197]: Using interface ppp1 > pppd[11197]: Connect: ppp1 <--> /dev/pts/4 > kernel: PPP BSD Compression module registered > kernel: PPP MPPE compression module registered > pppd[11197]: MSCHAP-v2 peer authentication succeeded for > PROYECTOS\\web > pppd[11197]: found interface eth0 for proxy arp > pppd[11197]: local IP address 192.168.25.30 > pppd[11197]: remote IP address 192.168.25.231 > pppd[11197]: LCP terminated by peer > pptpd[11196]: CTRL: Error with select(), quitting > pptpd[11196]: CTRL: Client 192.168.25.3 control connection > finished > pppd[11197]: Modem hangup > pppd[11197]: Connection terminated. > pppd[11197]: Connect time 0.1 minutes. > pppd[11197]: Sent 381 bytes, received 577 bytes. > pppd[11197]: Exit. > > - Second case (Internet case ) log`s lines: > ========================== > > pptpd[9443]: CTRL: Client 194.143.193.61 control connection > started > pptpd[9443]: CTRL: Starting call (launching pppd, opening GRE) > pppd[9444]: pppd 2.3.11 started by root, uid 0 > pppd[9444]: Using interface ppp1 > pppd[9444]: Connect: ppp1 <--> /dev/pts/4 > pppd[9444]: Modem hangup > pppd[9444]: Connection terminated. > pppd[9444]: Exit. > pptpd[9443]: CTRL: Error with select(), quitting > pptpd[9443]: CTRL: Client 194.143.193.61 control connection > finished > > > Thanks, > Javier Cuevas > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > > __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ From scott.venier at compaq.com Fri Jan 12 10:49:44 2001 From: scott.venier at compaq.com (Scott Venier) Date: Fri, 12 Jan 2001 11:49:44 -0500 (EST) Subject: [pptp-server] compile error -- search archives - no luck In-Reply-To: Message-ID: yup. You need to find a newer set of patches. Try grabbing the ppp-mppe source from http://www.scooter.cx/alpha/pptp.html. That usually builds good modules. Scott On Fri, 12 Jan 2001, kat wrote: > Anyone seen this? Kernel 2.2.18 > > ppp.c:100: warning: static declaration for `ppp_unregister_compressor' follows non-static > ppp.c:174: `PPP_VERSION' undeclared here (not in a function) > ppp.c: In function `ppp_tty_open': > ppp.c:418: `PPP_MAGIC' undeclared (first use in this function) > ppp.c:418: (Each undeclared identifier is reported only once > ppp.c:418: for each function it appears in.) > ppp.c: In function `ppp_tty_close': > ppp.c:463: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_tty_read': > ppp.c:511: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_tty_write': > ppp.c:600: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_tty_ioctl': > ppp.c:659: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_tty_poll': > ppp.c:817: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_tty_wakeup': > ppp.c:845: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_sync_send': > ppp.c:869: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_tty_sync_push': > ppp.c:922: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_async_send': > ppp.c:978: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_tty_push': > ppp.c:1004: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_async_encode': > ppp.c:1073: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_tty_receive': > ppp.c:1207: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_dev_close': > ppp.c:1560: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_dev_ioctl': > ppp.c:1594: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_ioctl': > ppp.c:1642: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_receive_error': > ppp.c:2235: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `rcv_proto_ip': > ppp.c:2266: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `rcv_proto_ipv6': > ppp.c:2279: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `rcv_proto_ipx': > ppp.c:2292: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `rcv_proto_at': > ppp.c:2305: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `rcv_proto_vjc_comp': > ppp.c:2320: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `rcv_proto_vjc_uncomp': > ppp.c:2345: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `rcv_proto_ccp': > ppp.c:2360: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `rcv_proto_unknown': > ppp.c:2371: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_send_frame': > ppp.c:2418: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_output_wakeup': > ppp.c:2592: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_send_ctrl': > ppp.c:2608: `PPP_MAGIC' undeclared (first use in this function) > {standard input}: Assembler messages: > {standard input}:9: Warning: Ignoring changed section attributes for .modinfo > ppp.c: In function `ppp_alloc': > ppp.c:2847: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `ppp_release': > ppp.c:2933: `PPP_MAGIC' undeclared (first use in this function) > ppp.c: In function `cleanup_module': > ppp.c:3140: `PPP_MAGIC' undeclared (first use in this function) > make[2]: *** [ppp.o] Error 1 > make[2]: Leaving directory `/usr/src/linux/drivers/net' > make[1]: *** [_modsubdir_net] Error 2 > make[1]: Leaving directory `/usr/src/linux/drivers' > make: *** [_mod_drivers] Error 2 > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jason at sohonetworks.cc Fri Jan 12 11:27:14 2001 From: jason at sohonetworks.cc (Jason Osborne) Date: Fri, 12 Jan 2001 11:27:14 -0600 Subject: [pptp-server] I don't understand anything ! :-) Message-ID: I apologize for my rude way of answering. It was not justified. I will probably take a look into getting some paid support from Lineo. -----Original Message----- From: Chris Carella [mailto:drjchris at yahoo.com] Sent: Friday, January 12, 2001 10:28 AM To: Jason Osborne; pptp-server at lists.schulte.org Subject: RE: [pptp-server] I don't understand anything ! :-) Hmm... "I would hate to have to go to a Microsoft solution because the Linux side of things won't give any goddamn support." This seems a bit hostile... remember we are dealing with FREE software... free as in freedom... the people developing PoPToP and answering questions on this mailing list, work very hard to maintain our freedoms as software users... If you would rather use a proprietary solution for support, remember than you are restricted your freedoms, as well as the freedoms of your users... Also if you want to pay for support but still maintain the integrity of freedom, I'm sure LinuxCare, Lineo, VALinux, or RedHat, would be more than happy to give you support for a fee... and that fee would probably be comparable (or cheaper) than using a MS WinNT solution, where you pay by the number of users you have. -Chris Carella- --- Jason Osborne wrote: > Thank you Javier. I have been having this problem for five > months and no > one ever even notices that I am also trying to do it over a > ISDN connection. > I think someone who knows a little something should give us an > answer in > detail since it seems I'm not the only one with this problem. > Remember, some > people have employers counting on them to implement this shit. > I would hate > to have to go to a Microsoft solution because the Linux side > of things won't > give any goddamn support. > > By the way, thank you George for answer, it is nice to know > that someone > cares. If you do have any further info, please elaborate. I > think both > Javier and I will be much appreciative. Maybe even others. > Thanks, Jason. > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > George Vieira > Sent: Thursday, January 11, 2001 6:33 PM > To: Javier Cuevas; pptp mailing list > Subject: RE: [pptp-server] I don't understand anything ! :-) > > > Isn't this error the that requires patching the mppe patch as > it contains > errors/bugs.. > > thanks, > George Vieira > > -----Original Message----- > From: Javier Cuevas [mailto:jcd at arrakis.es] > Sent: Friday, January 12, 2001 11:06 AM > To: George Vieira; pptp mailing list > Subject: Re: [pptp-server] I don't understand anything ! :-) > > > > > George Vieira wrote: > > > Can't answer your problem but my suggestion to anybody is to > run pptpd > 1.1.2 > > as it's more stable and less problems even though it's in > devel stages.. > > > > Ok. I will try... > > > > > Where's your logs for both instances..?? > > > > The "clean" logs are: > > - First case (intranet case ) log`s lines: (all Ok) > ======================== > > pptpd[11196]: CTRL: Client 192.168.25.3 control connection > started > pptpd[11196]: CTRL: Starting call (launching pppd, opening > GRE) > pppd[11197]: pppd 2.3.11 started by root, uid 0 > pppd[11197]: Using interface ppp1 > pppd[11197]: Connect: ppp1 <--> /dev/pts/4 > kernel: PPP BSD Compression module registered > kernel: PPP MPPE compression module registered > pppd[11197]: MSCHAP-v2 peer authentication succeeded for > PROYECTOS\\web > pppd[11197]: found interface eth0 for proxy arp > pppd[11197]: local IP address 192.168.25.30 > pppd[11197]: remote IP address 192.168.25.231 > pppd[11197]: LCP terminated by peer > pptpd[11196]: CTRL: Error with select(), quitting > pptpd[11196]: CTRL: Client 192.168.25.3 control connection > finished > pppd[11197]: Modem hangup > pppd[11197]: Connection terminated. > pppd[11197]: Connect time 0.1 minutes. > pppd[11197]: Sent 381 bytes, received 577 bytes. > pppd[11197]: Exit. > > - Second case (Internet case ) log`s lines: > ========================== > > pptpd[9443]: CTRL: Client 194.143.193.61 control connection > started > pptpd[9443]: CTRL: Starting call (launching pppd, opening GRE) > pppd[9444]: pppd 2.3.11 started by root, uid 0 > pppd[9444]: Using interface ppp1 > pppd[9444]: Connect: ppp1 <--> /dev/pts/4 > pppd[9444]: Modem hangup > pppd[9444]: Connection terminated. > pppd[9444]: Exit. > pptpd[9443]: CTRL: Error with select(), quitting > pptpd[9443]: CTRL: Client 194.143.193.61 control connection > finished > > > Thanks, > Javier Cuevas > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > > __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! From rage at sohonetworks.cc Fri Jan 12 11:27:19 2001 From: rage at sohonetworks.cc (Jason Osborne) Date: Fri, 12 Jan 2001 11:27:19 -0600 Subject: [pptp-server] I don't understand anything ! :-) In-Reply-To: Message-ID: George, I just tried specifying ip addresses, but that did not seem to change anything from the logs. Now, when I installed the vpn I grabbed the latest patches (ppp-2.3.11-openssl-0.9.5-mppe.patch.gz, ppp_mppe_compressed_data_fix.diff, and if_ppp_2.2.17.diff) and installed them as specified on http://www.vibrationresearch.com/pptpd/example.html with one exception. When I compiled pptpd, i did not include the option, "--with-ip-alloc" because I wanted users to have individual local ips. Now, I'm not sure if this even has any barring, but if it does, let me know please. Thanks, Jason. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira Sent: Friday, January 12, 2001 4:50 AM To: Jason Osborne; Javier Cuevas; pptp-server at lists.schulte.org Subject: RE: [pptp-server] I don't understand anything ! :-) Wow, your setup looks so similar to mine it's scarey... we're probably lost twins or something... The only thing I would have added is in the firewall rules to add a "DENY -l" to the end so you can log all denials and view them in the /var/log/messages logs. Another thing, when I usually have "send config request" problems even using normal dial up.. I try and test using static IPs rather than allocating the users a DHCP IP address. eg. in my /etc/ppp/chap-secrets id' have something like username machinename password 192.168.0.129 username2 machinename2 drowssap 192.168.0.130 and on the client side specify it's known IP etc.. try this if it sounds like an idea to try. thanks, George Vieira -----Original Message----- From: Jason Osborne [mailto:rage at sohonetworks.cc] Sent: Friday, January 12, 2001 8:27 PM To: Javier Cuevas; pptp-server at lists.schulte.org Subject: RE: [pptp-server] I don't understand anything ! :-) Ok, here is my setup. I have a system running redhat 7.0, kernel 2.2.17, pppd-2.3.11, and pptpd-1.1.2. I used the following site to setup my system and I have not really changed any of the configuration info. http://www.vibrationresearch.com/pptpd/example.html Anyway, I used the above setup on my home Linux box running through DSL and it works great. I have not had any errors at all. However, with the ISDN connection, I see ppp sending packets, but then it freezes for 30 seconds and then drops the connection. I have included my error log below. As far as whether you are using the right pppd daemon or not is not an issue. What pptpd does is make use of pppd to make a connection whether it be over tcp/ip, ethernet, or serial line (which is ppp or slip. i.e. dialup, isdn). What is does is discipline the line to send packets over it. From what I have seen, the reason the vpn is not working with the 128k isdn line is when the client (win98 box) sends packets to the vpn server, it gets separated when it goes through the two channels of the isdn line. Supposedly, pptpd 1.1.2 is suppose to take the packets and perform a reordering scheme on them. From what I understand, this is implemented in 1.1.2, but also, from what I have seen, it does not work. Other than this possible problem, I do not see any other possibilities or issues related to the use of pptpd over an ISDN line. Looks like this might possibly be something we have on to be implemented into the pptpd software. Wish I could code because I could save my self from going through a lot of bitching. _________ _________ ____________ __________ | Win98 | LAN | Linux | ISDN ( ) ADSL | Win98 | | boxes |=====| Box |========( Internet }========| Laptop | |_______| |_______|++++++++(__________)++++++++|________| a) b) VPN VPN c) a) Win98 boxes are on the 192.168.0.0 subnet. They use the Linux server to access the net and share files through samba. b) Linux box has the ip 192.168.0.1. It runs redhat 7 running on kernel 2.2.17, pppd 2.3.11, and pptpd 1.1.2. The setup came straight from http://www.vibrationresearch.com/pptpd/example.html. ==> /sbin/route <== Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 204.181.200.7 * 255.255.255.255 UH 0 0 0 ppp0 192.168.0.1 * 255.255.255.255 UH 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 204.181.200.7 0.0.0.0 UG 0 0 0 ppp0 ==> /sbin/ifconfig <== eth0 Link encap:Ethernet HWaddr 52:54:05:F0:25:90 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:296319 errors:0 dropped:0 overruns:0 frame:2 TX packets:254796 errors:0 dropped:0 overruns:0 carrier:0 collisions:115 txqueuelen:100 Interrupt:9 Base address:0xfce0 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:91 errors:0 dropped:0 overruns:0 frame:0 TX packets:91 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:204.181.201.153 P-t-P:204.181.200.7 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:4838 errors:0 dropped:0 overruns:0 frame:0 TX packets:4469 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 ==> /var/log/messages <== Jan 11 19:48:56 legacycarpets pptpd[31530]: CTRL: Client 4.40.159.70 control connection started Jan 11 19:48:57 legacycarpets pptpd[31530]: CTRL: Starting call (launching pppd, opening GRE) Jan 11 19:48:57 legacycarpets pppd[31531]: pppd 2.3.11 started by root, uid 0 Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set dbg flags to 70000 Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set flags to 70000 Jan 11 19:48:57 legacycarpets pppd[31531]: Using interface ppp1 Jan 11 19:48:57 legacycarpets pppd[31531]: Connect: ppp1 <--> /dev/pts/1 Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set xasyncmap Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set xmit asyncmap ffffffff Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set flags to 70000 Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set mru to 5dc Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set rcv asyncmap ffffffff Jan 11 19:49:27 legacycarpets kernel: ppp: channel ppp1 closing. Jan 11 19:49:27 legacycarpets pppd[31531]: LCP: timeout sending Config-Requests Jan 11 19:49:27 legacycarpets pppd[31531]: Connection terminated. Jan 11 19:49:27 legacycarpets pppd[31531]: Modem hangup Jan 11 19:49:27 legacycarpets pppd[31531]: Exit. Jan 11 19:49:32 legacycarpets pptpd[31530]: GRE: read error: Bad file descriptor Jan 11 19:49:32 legacycarpets pptpd[31530]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Jan 11 19:49:32 legacycarpets pptpd[31530]: CTRL: Client 4.40.159.70 control connection finished ==> /etc/pptpd.conf <== # PoPToP configuration file # TAG: speed speed 115200 # TAG: option option /etc/ppp/options.vpn # TAG: debug debug # TAG: localip localip 192.168.0.200-225 # TAG: remoteip remoteip 192.168.0.226-251 # TAG: ipxnets ipxnets 00001000-00001FFF # TAG: listen #listen 192.168.0.1 # TAG: pidfile pidfile /var/run/pptpd.pid ==> /etc/ppp/options.vpn <== lock asyncmap 20A0000 debug kdebug 7 name server auth mru 1450 mtu 1450 require-chap +chap proxyarp +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ==> /etc/ppp/ip-up <== #!/bin/sh INTERNAL_DEV="eth0" INTERNAL_NET="192.168.0.0/24" INTERNAL_IP=$4 EXTERNAL_DEV=$1 EXTERNAL_NET="192.168.0.0/24" EXTERNAL_IP=$5 HW_ADDRESS="52:54:05:F0:25:90" case $2 in /dev/pts/*) /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i $INTERNAL_DEV /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i $EXTERNAL_DEV /sbin/ipchains --insert input -i $EXTERNAL_DEV -s $INTERNAL_NET -j ACCEPT /sbin/ipchains --insert output -i $EXTERNAL_DEV -d $INTERNAL_NET -j ACCEPT # Logging echo date > /var/run/ppp.up echo "Connection started on " $2 >> /var/run/ppp.up echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up echo "$(date): ip-up External Device: $1 TTY: $2 Speed: $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log echo "$(date): ip-up Firewall rules set for $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log ;; esac ==> /etc/ppp/chap-secrets <== # Secrets for authentication using CHAP # client server secret IP addresses "rage" * "ditto" * "tony" * "ditto" * "ernie" * "ditto" * "chris" * "ditto" * "terry" * "ditto" * "darin" * "ditto" speed 115200 debug localip 192.168.0.200-225 remoteip 192.168.1.226-251 # Dialup Info iwells * automan1 ==> /etc/modules.conf <== alias eth0 ne2k-pci alias parport_lowlevel parport_pc alias usb-controller usb-uhci alias char-major-108 off alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate ==> /etc/rc.d/init.d/firewall <== # Input ipchain rules /sbin/ipchains -P input DENY /sbin/ipchains -A input -j ACCEPT -i lo /sbin/ipchains -A input -j ACCEPT -i eth0 /sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i ppp0 /sbin/ipchains -A input -j ACCEPT -p udp -i ppp0 /sbin/ipchains -A input -j DENY -l -i ppp0 -s 192.168.0.0/16 /sbin/ipchains -A input -j DENY -p tcp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j DENY -p udp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j ACCEPT -i ppp0 /sbin/ipchains -A input -j ACCEPT -p 47 # Output ipchains rules /sbin/ipchains -P output ACCEPT /sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1503 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1503 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1720 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1720 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1731 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1731 -d 0/0 /sbin/ipchains -A output -j ACCEPT -p 47 # Forward ipchain rules /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j MASQ /sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j MASQ /sbin/ipchains -A forward -p 1723 -s 192.168.0.0/24 -d 0.0.0.0/0 -j ACCEPT ;; stop) /sbin/ipchains -F /sbin/ipchains -X ;; restart) $0 stop $0 start ;; status) /sbin/ipchains -L -v ;; *) echo "Usage: firewall {start|stop|restart|status}" exit 1 esac exit 0 ==> options <== lock modem crtscts asyncmap 20A0000 noipdefault defaultroute debug user lcarpet noauth nodetach -----Original Message----- From: Javier Cuevas [mailto:jcd at arrakis.es] Sent: Friday, January 12, 2001 2:41 AM To: Jason Osborne; pptp mailing list Subject: Re: [pptp-server] I don't understand anything ! :-) Jason Osborne wrote: > Thank you Javier. I have been having this problem for five months and no > one ever even notices that I am also trying to do it over a ISDN connection. > Oh ! I'm not alone ;-) I'm not sure to be a good thing ;-) Well, being serius. I think our problem could be in a intermediate router that lost some GRE packets, but I'm not sure... How I can read in some posted messages at this mainling list, some routers can found some problems managing this kind of packets. But really I'm not sure abut this. I you read my first message, you can read a detailed log activity abaut a pptp conexion (you can see the traffic), and we can see that some packets lost when ppp brought up. It's too dificult to me to understand what is happend from this activity logs.... Another idea abaut I was thinking is that ISDN ppp can't manage some kind of packets that pptp and thet tunnel ppp need. What's the real answer ? Thanks, Javier Cuevas _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From austin2 at crlogic.com Fri Jan 12 11:45:47 2001 From: austin2 at crlogic.com (Alvin Austin) Date: Fri, 12 Jan 2001 11:45:47 -0600 Subject: [pptp-server] poptop for Mandrake Linux 7.2 Message-ID: <001c01c07cbf$7f557a80$912a8e8b@Raptor> Does anyone have PoPToP ported to/compiled for Mandrake Linux 7.2 (including the Microsoft encryption MSCHAPv2/MPPE)? Thanks for any info! Alvin From Steve at SteveCowles.com Fri Jan 12 12:31:05 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 12 Jan 2001 12:31:05 -0600 Subject: [pptp-server] compile error -- search archives - no luck Message-ID: <90769AF04F76D41186C700A0C90AFC3EE5F9@defiant.infohiiway.com> > Anyone seen this? Kernel 2.2.18 > > ppp.c:100: warning: static declaration for > `ppp_unregister_compressor' follows non-static > ppp.c:174: `PPP_VERSION' undeclared here (not in a function) > ppp.c: In function `ppp_tty_open': > ppp.c:418: `PPP_MAGIC' undeclared (first use in this function) Did you looked at the FAQ written by Phil Van Baren??? http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt Specifically section 7.4.1 Steve Cowles From dwight at fontanus.com Fri Jan 12 13:15:32 2001 From: dwight at fontanus.com (Dwight Lee) Date: Fri, 12 Jan 2001 14:15:32 -0500 Subject: [pptp-server] Compiling PPP with the MPPE patches In-Reply-To: Message-ID: Hi everyone, I was wondering if any of you could shed some light on a problem I'm having. I'm running RedHat 6.2, with kernel 2.2.16-3, ppp 2.3.11-4, PoPToP 1.0.1. I've managed to get it working without encryption, but trying to follow the steps outlined in http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt leads me to an error when trying to "make modules SUBDIRS=drivers/net" The following is the output from the make. If anyone is familiar with this problem and has an answer, please let me know what I'm doing wrong. Thanks in advance for any help. Dwight Lee Fontanus, Inc. http://www.fontanus.com Phone: 201-239-7770 ext. 101 Fax: 201-239-7771 ----------------------------------------- make[2]: Entering directory `/usr/src/linux-2.2.16/drivers/net' gcc -D__KERNEL__ -I/usr/src/linux-2.2.16/include -Wall -Wstrict-prototypes - O2 -fomit-fram e-pointer -fno-strict-aliasing -pipe -fno-strength-reduce -m486 -malign-loop s=2 -malign-ju mps=2 -malign-functions=2 -DCPU=686 -DMODULE -DEXPORT_SYMTAB -c ppp.c ppp.c:188: warning: static declaration for `ppp_register_compressor' follows non-static ppp.c:189: warning: static declaration for `ppp_unregister_compressor' follows non-static ppp.c: In function `ppp_async_init': ppp.c:443: structure has no member named `tty_pushing' ppp.c: In function `ppp_tty_open': ppp.c:502: `PPP_MAGIC' undeclared (first use in this function) ppp.c:502: (Each undeclared identifier is reported only once ppp.c:502: for each function it appears in.) ppp.c: In function `ppp_tty_close': ppp.c:547: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_read': ppp.c:595: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_write': ppp.c:684: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_ioctl': ppp.c:744: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_poll': ppp.c:947: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_wakeup': ppp.c:976: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_sync_send': ppp.c:1000: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_sync_push': ppp.c:1054: `PPP_MAGIC' undeclared (first use in this function) ppp.c:1062: structure has no member named `tty_pushing' ppp.c:1065: structure has no member named `woke_up' ppp.c:1069: structure has no member named `tty_pushing' ppp.c:1076: structure has no member named `woke_up' ppp.c:1092: structure has no member named `woke_up' ppp.c:1099: structure has no member named `tty_pushing' ppp.c:1109: structure has no member named `tty_pushing' ppp.c: In function `ppp_async_send': ppp.c:1124: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_push': ppp.c:1149: `PPP_MAGIC' undeclared (first use in this function) ppp.c:1150: structure has no member named `tty_pushing' ppp.c:1151: structure has no member named `woke_up' ppp.c:1157: structure has no member named `tty_pushing' ppp.c:1159: structure has no member named `woke_up' ppp.c:1170: structure has no member named `tty_pushing' ppp.c:1172: structure has no member named `woke_up' ppp.c:1180: structure has no member named `tty_pushing' ppp.c:1185: structure has no member named `tty_pushing' ppp.c:1195: structure has no member named `tty_pushing' ppp.c: In function `ppp_async_encode': ppp.c:1214: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_flush_output': ppp.c:1320: structure has no member named `tty_pushing' ppp.c:1329: structure has no member named `tty_pushing' ppp.c: In function `ppp_tty_receive': ppp.c:1358: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_dev_close': ppp.c:1733: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_dev_ioctl': ppp.c:1767: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_ioctl': ppp.c:1815: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_receive_error': ppp.c:2413: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ip': ppp.c:2444: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ipv6': ppp.c:2457: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ipx': ppp.c:2470: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_at': ppp.c:2483: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_vjc_comp': ppp.c:2498: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_vjc_uncomp': ppp.c:2523: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ccp': ppp.c:2538: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_unknown': ppp.c:2549: `PPP_MAGIC' undeclared (first use in this function) ppp.c:2563: too few arguments to function `kill_fasync' ppp.c: In function `ppp_send_frame': ppp.c:2596: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_output_wakeup': ppp.c:2772: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_send_ctrl': ppp.c:2788: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_alloc': ppp.c:3048: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_release': ppp.c:3139: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `cleanup_module': ppp.c:3345: `PPP_MAGIC' undeclared (first use in this function) make[2]: *** [ppp.o] Error 1 make[2]: Leaving directory `/usr/src/linux-2.2.16/drivers/net' make[1]: *** [_modsubdir_net] Error 2 make[1]: Leaving directory `/usr/src/linux-2.2.16/drivers' make: *** [_mod_drivers] Error 2 From giulioo at pobox.com Fri Jan 12 13:27:03 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Fri, 12 Jan 2001 20:27:03 +0100 Subject: [pptp-server] compile error -- search archives - no luck In-Reply-To: References: Message-ID: <20010112192820.9F682164A1@i3.golden.dom> On Fri, 12 Jan 2001 11:04:26 -0500, you wrote: >Anyone seen this? Kernel 2.2.18 >ppp.c:100: warning: static declaration for `ppp_unregister_compressor' follows non-static >ppp.c:174: `PPP_VERSION' undeclared here (not in a function) >ppp.c: In function `ppp_tty_open': >ppp.c:418: `PPP_MAGIC' undeclared (first use in this function) >ppp.c:418: (Each undeclared identifier is reported only once Have you tried this? http://www.vibrationresearch.com/pptpd/if_ppp_2.2.17.diff http://www.vibrationresearch.com/pptpd/example.html -- giulioo at pobox.com From rcd at amherst.com Fri Jan 12 15:03:53 2001 From: rcd at amherst.com (Robert Dege) Date: Fri, 12 Jan 2001 16:03:53 -0500 Subject: [pptp-server] 128 bit connections References: <000701bff969$1c5ca860$50a05c0a@scruch> <000e01c071f7$86718020$1464a8c0@dmoylan> Message-ID: <3A5F7139.8BA1F384@comptekamherst.com> I'm trying to get 128 bit connections to work, but am having trouble. I am connecting using a Win98SE Laptop. I can connect just fine using 40bit. But when I comment that line out & add mppe-128, mpp-stateless, require-mppe, require-mppe-stateless..... I still the client trying to connect at 40 bit. I added the patch from smop.de. I recompiled & installed the pppd, but do I have to re-patch the kernel with the included encryption code? -Rob From GeorgeV at citadelcomputer.com.au Fri Jan 12 18:56:17 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sat, 13 Jan 2001 11:56:17 +1100 Subject: [pptp-server] Compiling PPP with the MPPE patches Message-ID: <200FAA488DE0D41194F10010B597610D065180@JUPITER> Like I've mentioned before on the list, I had this exact problem which not many people could help with and what I did was trashed my kernel source and downloaded kernel 2.2.17 and started from scratch. It all worked with the latest of everything (which you have)... My only suggestion to you is to p$#& off pptpd 1.0.1.. I can't understand how that version is still being used as I've seen that many people still using it but probably don't know that 1.1.2 is better. thanks, George Vieira -----Original Message----- From: Dwight Lee [mailto:dwight at fontanus.com] Sent: Saturday, January 13, 2001 6:16 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Compiling PPP with the MPPE patches Hi everyone, I was wondering if any of you could shed some light on a problem I'm having. I'm running RedHat 6.2, with kernel 2.2.16-3, ppp 2.3.11-4, PoPToP 1.0.1. I've managed to get it working without encryption, but trying to follow the steps outlined in http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt leads me to an error when trying to "make modules SUBDIRS=drivers/net" The following is the output from the make. If anyone is familiar with this problem and has an answer, please let me know what I'm doing wrong. Thanks in advance for any help. Dwight Lee Fontanus, Inc. http://www.fontanus.com Phone: 201-239-7770 ext. 101 Fax: 201-239-7771 ----------------------------------------- make[2]: Entering directory `/usr/src/linux-2.2.16/drivers/net' gcc -D__KERNEL__ -I/usr/src/linux-2.2.16/include -Wall -Wstrict-prototypes - O2 -fomit-fram e-pointer -fno-strict-aliasing -pipe -fno-strength-reduce -m486 -malign-loop s=2 -malign-ju mps=2 -malign-functions=2 -DCPU=686 -DMODULE -DEXPORT_SYMTAB -c ppp.c ppp.c:188: warning: static declaration for `ppp_register_compressor' follows non-static ppp.c:189: warning: static declaration for `ppp_unregister_compressor' follows non-static ppp.c: In function `ppp_async_init': ppp.c:443: structure has no member named `tty_pushing' ppp.c: In function `ppp_tty_open': ppp.c:502: `PPP_MAGIC' undeclared (first use in this function) ppp.c:502: (Each undeclared identifier is reported only once ppp.c:502: for each function it appears in.) ppp.c: In function `ppp_tty_close': ppp.c:547: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_read': ppp.c:595: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_write': ppp.c:684: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_ioctl': ppp.c:744: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_poll': ppp.c:947: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_wakeup': ppp.c:976: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_sync_send': ppp.c:1000: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_sync_push': ppp.c:1054: `PPP_MAGIC' undeclared (first use in this function) ppp.c:1062: structure has no member named `tty_pushing' ppp.c:1065: structure has no member named `woke_up' ppp.c:1069: structure has no member named `tty_pushing' ppp.c:1076: structure has no member named `woke_up' ppp.c:1092: structure has no member named `woke_up' ppp.c:1099: structure has no member named `tty_pushing' ppp.c:1109: structure has no member named `tty_pushing' ppp.c: In function `ppp_async_send': ppp.c:1124: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_push': ppp.c:1149: `PPP_MAGIC' undeclared (first use in this function) ppp.c:1150: structure has no member named `tty_pushing' ppp.c:1151: structure has no member named `woke_up' ppp.c:1157: structure has no member named `tty_pushing' ppp.c:1159: structure has no member named `woke_up' ppp.c:1170: structure has no member named `tty_pushing' ppp.c:1172: structure has no member named `woke_up' ppp.c:1180: structure has no member named `tty_pushing' ppp.c:1185: structure has no member named `tty_pushing' ppp.c:1195: structure has no member named `tty_pushing' ppp.c: In function `ppp_async_encode': ppp.c:1214: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_tty_flush_output': ppp.c:1320: structure has no member named `tty_pushing' ppp.c:1329: structure has no member named `tty_pushing' ppp.c: In function `ppp_tty_receive': ppp.c:1358: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_dev_close': ppp.c:1733: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_dev_ioctl': ppp.c:1767: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_ioctl': ppp.c:1815: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_receive_error': ppp.c:2413: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ip': ppp.c:2444: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ipv6': ppp.c:2457: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ipx': ppp.c:2470: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_at': ppp.c:2483: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_vjc_comp': ppp.c:2498: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_vjc_uncomp': ppp.c:2523: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_ccp': ppp.c:2538: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `rcv_proto_unknown': ppp.c:2549: `PPP_MAGIC' undeclared (first use in this function) ppp.c:2563: too few arguments to function `kill_fasync' ppp.c: In function `ppp_send_frame': ppp.c:2596: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_output_wakeup': ppp.c:2772: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_send_ctrl': ppp.c:2788: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_alloc': ppp.c:3048: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `ppp_release': ppp.c:3139: `PPP_MAGIC' undeclared (first use in this function) ppp.c: In function `cleanup_module': ppp.c:3345: `PPP_MAGIC' undeclared (first use in this function) make[2]: *** [ppp.o] Error 1 make[2]: Leaving directory `/usr/src/linux-2.2.16/drivers/net' make[1]: *** [_modsubdir_net] Error 2 make[1]: Leaving directory `/usr/src/linux-2.2.16/drivers' make: *** [_mod_drivers] Error 2 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From GeorgeV at citadelcomputer.com.au Fri Jan 12 18:56:08 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sat, 13 Jan 2001 11:56:08 +1100 Subject: [pptp-server] 128 bit connections Message-ID: <200FAA488DE0D41194F10010B597610D06517F@JUPITER> Better check up that Win9X does fully support 128bit encryption coz the last I heard it's not supported.... I may be wrong and if so point me out to which versions of the evilware software do support it properly.. As far as I know it's only NT that has proper 128bit support. thanks, George Vieira -----Original Message----- From: Robert Dege [mailto:rcd at amherst.com] Sent: Saturday, January 13, 2001 8:04 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] 128 bit connections I'm trying to get 128 bit connections to work, but am having trouble. I am connecting using a Win98SE Laptop. I can connect just fine using 40bit. But when I comment that line out & add mppe-128, mpp-stateless, require-mppe, require-mppe-stateless..... I still the client trying to connect at 40 bit. I added the patch from smop.de. I recompiled & installed the pppd, but do I have to re-patch the kernel with the included encryption code? -Rob _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From giulioo at pobox.com Sat Jan 13 01:12:11 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Sat, 13 Jan 2001 08:12:11 +0100 Subject: [pptp-server] 128 bit connections In-Reply-To: <200FAA488DE0D41194F10010B597610D06517F@JUPITER> References: <200FAA488DE0D41194F10010B597610D06517F@JUPITER> Message-ID: <20010113071329.74BF715C5F@i3.golden.dom> On Sat, 13 Jan 2001 11:56:08 +1100, you wrote: >Better check up that Win9X does fully support 128bit encryption coz the last >I heard it's not supported.... I may be wrong and if so point me out to >which versions of the evilware software do support it properly.. As far as I I think all versions of win9x, if properly updated, can do 128. I tested win95B (various updates needed), win98 (1 update + vxd), win98se (vxd), winme (out of the box). With all of them pptpd/pppd say: pppd[10926]: MPPE 128 bit, stateless compression enabled pppd[10926]: stateless MPPE enforced -- giulioo at pobox.com From giulioo at pobox.com Sat Jan 13 01:13:44 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Sat, 13 Jan 2001 08:13:44 +0100 Subject: [pptp-server] Compiling PPP with the MPPE patches In-Reply-To: References: Message-ID: <20010113071502.A0CB115C5F@i3.golden.dom> On Fri, 12 Jan 2001 14:15:32 -0500, you wrote: >I've managed to get it working without encryption, but trying to follow the >steps outlined in http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt >leads me to an error when trying to "make modules SUBDIRS=drivers/net" >ppp.c:443: structure has no member named `tty_pushing' >ppp.c: In function `ppp_tty_open': >ppp.c:502: `PPP_MAGIC' undeclared (first use in this function) >ppp.c:502: (Each undeclared identifier is reported only once Have you tried this patch? http://www.vibrationresearch.com/pptpd/if_ppp_2.2.17.diff http://www.vibrationresearch.com/pptpd/example.html -- giulioo at pobox.com From kyleh at insitecom.com Sat Jan 13 11:41:27 2001 From: kyleh at insitecom.com (Kyle Hodgson) Date: Sat, 13 Jan 2001 12:41:27 -0500 Subject: [pptp-server] the dreaded 619 Message-ID: <200101131744.MAA18600@mail.istorm.ca> I installed PoPToP on my Solaris 7/x86 machine last night, and I must say it went rather smoothly. I just can't actually connect to it; I keep getting the dreaded error 619 the specified port is not connected message. Of course I searched for this error and found that there are problems with nat (which I'll learn to fix with my ipf firewall later), so I dialed in to my work machine (Win2k) that's in the same ethernet with the pptpd server. I got the same message. Here is a dump of my pptpd.log, any help would be appreciated... Jan 13 12:36:54 armada pptpd[19073]: CTRL: Client 64.229.11.210 control connection started Jan 13 12:36:54 armada pptpd[19073]: CTRL: Error reading ctrl packet length (bytes_ttl=0): Resource temporarily unavailable Jan 13 12:36:54 armada pptpd[19073]: CTRL: PPTP Control Message type 134511680 not supported. Jan 13 12:36:56 armada pptpd[19073]: CTRL: Starting call (launching pppd, opening GRE) Jan 13 12:36:56 armada pptpd[19073]: CTRL: Allocating pty/tty pair Jan 13 12:36:56 armada pptpd[19073]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/dev/ttyp0) Jan 13 12:36:56 armada pptpd[19074]: CTRL (PPPD Launcher): Failed to launch PPP daemon. Jan 13 12:36:56 armada pptpd[19074]: CTRL: PPPD launch failed! Jan 13 12:36:56 armada pptpd[19073]: GRE: read(fd=4,buffer=804ec40,len=8196) from PTY failed: status = -1 error = I/O error Jan 13 12:36:56 armada pptpd[19073]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 13 12:36:56 armada pptpd[19073]: CTRL: Client 64.229.11.210 control connection finished Jan 13 12:37:56 armada pptpd[19078]: CTRL: Client 64.229.11.210 control connection started Jan 13 12:37:56 armada pptpd[19078]: CTRL: Error reading ctrl packet length (bytes_ttl=0): Resource temporarily unavailable Jan 13 12:37:56 armada pptpd[19078]: CTRL: PPTP Control Message type 134511680 not supported. Jan 13 12:37:59 armada pptpd[19078]: CTRL: Starting call (launching pppd, opening GRE) Jan 13 12:37:59 armada pptpd[19078]: CTRL: Allocating pty/tty pair Jan 13 12:37:59 armada pptpd[19078]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/dev/ttyp0) Jan 13 12:37:59 armada pptpd[19079]: CTRL (PPPD Launcher): Failed to launch PPP daemon. Jan 13 12:37:59 armada pptpd[19079]: CTRL: PPPD launch failed! Jan 13 12:37:59 armada pptpd[19078]: GRE: read(fd=4,buffer=804ec40,len=8196) from PTY failed: status = -1 error = I/O error Jan 13 12:37:59 armada pptpd[19078]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 13 12:37:59 armada pptpd[19078]: CTRL: Client 64.229.11.210 control connection finished Jan 13 12:38:44 armada pptpd[19080]: CTRL: Client 64.229.11.210 control connection started Jan 13 12:38:45 armada pptpd[19080]: CTRL: Error reading ctrl packet length (bytes_ttl=0): Resource temporarily unavailable Jan 13 12:38:45 armada pptpd[19080]: CTRL: PPTP Control Message type 134511680 not supported. Jan 13 12:38:47 armada pptpd[19080]: CTRL: Starting call (launching pppd, opening GRE) Jan 13 12:38:47 armada pptpd[19080]: CTRL: Allocating pty/tty pair Jan 13 12:38:47 armada pptpd[19080]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/dev/ttyp0) Jan 13 12:38:47 armada pptpd[19081]: CTRL (PPPD Launcher): Failed to launch PPP daemon. Jan 13 12:38:47 armada pptpd[19081]: CTRL: PPPD launch failed! Jan 13 12:38:47 armada pptpd[19080]: GRE: read(fd=4,buffer=804ec40,len=8196) from PTY failed: status = -1 error = I/O error Jan 13 12:38:47 armada pptpd[19080]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 13 12:38:47 armada pptpd[19080]: CTRL: Client 64.229.11.210 control connection finished Jan 13 12:41:44 armada named[8666]: client 208.184.4.142#28563: query denied Jan 13 12:41:44 armada last message repeated 2 times Jan 13 12:45:17 armada named[8666]: client 208.184.4.142#39793: query denied those last three lines appeared as I wrote this. Looks like I'm getting probed ;) From kathee at ezunx.com Sat Jan 13 17:23:35 2001 From: kathee at ezunx.com (kat) Date: Sat, 13 Jan 2001 18:23:35 -0500 Subject: [pptp-server] xinetd Message-ID: Hello again, Well things are getting better, however, after upgrading *sigh* -- never upgrade -- and now running xinetd instead of inetd... Is there something that needs o be done differently? I am getting the classic error of pppd input/output error and I am wondering if there is something that xinetd needs to be doing... thanks kat From kathee at ezunx.com Sat Jan 13 19:31:14 2001 From: kathee at ezunx.com (kat) Date: Sat, 13 Jan 2001 20:31:14 -0500 Subject: [pptp-server] xinetd In-Reply-To: Message-ID: as the was once heard on SNL... "Never mind...." -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of kat Sent: Saturday, January 13, 2001 6:24 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] xinetd Hello again, Well things are getting better, however, after upgrading *sigh* -- never upgrade -- and now running xinetd instead of inetd... Is there something that needs o be done differently? I am getting the classic error of pppd input/output error and I am wondering if there is something that xinetd needs to be doing... thanks kat _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From pptp at szczepanek.de Sun Jan 14 02:33:45 2001 From: pptp at szczepanek.de (Torge Szczepanek) Date: Sun, 14 Jan 2001 09:33:45 +0100 Subject: [pptp-server] Max. Number of Clients? Message-ID: <00b801c07e04$b607b020$02ffa8c0@maus.net> Hi! I am planning to use PoPTop as a server for a billing system for student hostels. EVERY client should authenticate itself using a VPN connection to the pptpd. How many client connections are possible using pptpd? About two months ago I found somewhere a page, where some limits where mentioned(Limit of 100 pppds? Limit of Unix ptys?,...) and that it is possible to go beyond these limits. How? What hardware do I need for lets say about 500 or 1000 users? One single processor machine (Athlon 1000)? One SMP machine? More machines? How much memory will I need per 1 user? Encryption is not needed. I like to test this system in the near future with about 500 users. Torge Szczepanek From rage at sohonetworks.cc Sun Jan 14 04:35:45 2001 From: rage at sohonetworks.cc (Jason Osborne) Date: Sun, 14 Jan 2001 04:35:45 -0600 Subject: [pptp-server] I don't understand anything ! :-) New info..anyone care to decipher? In-Reply-To: <200FAA488DE0D41194F10010B597610D06517E@JUPITER> Message-ID: Ok, I have been playing with the VPN trying to figure out exactly what is wrong with it. This is unfortunately an extensive email, but, maybe we can all come to a conclusion for ISDN users. For those of you who don't want to read all this, here is a simple breakdown of the problem. This error is reported when connecting to the isdn server. You must understand that the configs are literal setup the same way on both systems. pppd[19652]: Connect: ppp1 <--> /dev/pts/1 pppd[19652]: sent [LCP ConfReq id=0x1 ] pppd[19652]: Timeout 0x8050394:0x8078480 in 3 seconds. #### The above two lines were repeated and addition nine times #### pptpd[19651]: CTRL: Received PPTP Control Message (type: 12) pptpd[19651]: CTRL: Made a CALL DISCONNECT RPLY packet pptpd[19651]: CTRL: Received CALL CLR request (closing call) pptpd[19651]: CTRL: I wrote 148 bytes to the client. pptpd[19651]: CTRL: Sent packet to client pppd[19652]: Modem hangup pppd[19652]: Untimeout 0x8050394:0x8078480. pppd[19652]: Connection terminated. I have also noticed that the VPN client (in win98) is reporting the error 650. According to http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt this means: 7.2.3. Error 650: The Remote Access server is not responding. Possible causes: - There is a problem with packets getting through Possible solutions: - Check firewalls between you and server. Make sure all can pass protocol 47 (GRE) and tcp port 1723. According to this prognosis, is the firewall for the office an issue. I have included the firewall script from the office toward the bottom of this email. If anyone can help it would be much appreciated. I bet you will answer more than just my question. In advance, thanks for all your help. Here is the setup. ---------------------------------------------------------------------------- ---------------------------------------- Location: Home Connection: DSL Kernel: Linux-2.2.17 PPP Daemon: PPPd-2.3.11 PopTop Server: PPTPd-1.1.2 Patches: ppp_mppe_compressed_data_fix.diff, ppp-2.3.11-openssl-0.9.5-mppe.patch., and if_ppp_2.2.17.diff PopTop Config files and logs: Attached below. Ethernet: - eth0: ethernet connected to LAN. ip: 192.168.0.1 a.k.a. meridian.soholan - eth1: ethernet connected to dsl. ip: 4.40.159.70 a.k.a. meridian.sohonetworks.cc Other boxes, hubs, etc.: - Windows NT 4.0 Terminal Server which is setup as PDC containing user list and promotes WINS services - Linux System is setup with Samba which logs into the NT4 PDC. Samba does not promote any services on the network except general file sharing. - 8 Windows 98SE boxes setup to login to domain. - 10/100 Linksys DualSpeed Hub. - ipchains firewall has been setup on the linux box forwarding packets to and from the lan to the dsl. - All systems can access file shares and internet from the lan. In other words, everything works perfectly. Routes w/o VPN: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 4.40.159.68 * 255.255.255.252 U 0 0 0 eth1 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 4.40.159.69 0.0.0.0 UG 0 0 0 eth1 ---------------------------------------------------------------------------- ---------------------------------------- Location: Office Connection: ISDN Kernel: Linux-2.2.17 PPP Daemon: PPPd-2.3.11 PopTop Server: PPTPd-1.1.2 Patches: ppp_mppe_compressed_data_fix.diff, ppp-2.3.11-openssl-0.9.5-mppe.patch., and if_ppp_2.2.17.diff PopTop Config files and logs: Attached below. Ethernet: eth0 - ethernet connected to lan. ip: 192.168.0.1 a.k.a. server.legacycarpets Modem: ppp0 - 3com ISDN Terminal Adpater which connects to a dual line (128kb) ISDN connection. ip: dynamic a.k.a. lcarpet.dynip.com Other boxes, hubs, etc.: - Linux system is setup with Samba acting as a domain login server for win9x boxes and promotes file shares and acts as a WINS server. - 4 Windows 98SE boxes setup to authenticate through samba. - 10baseT Linksys Hub. - ipchains firewall has been setup on the linux box forwarding packets to and from the lan to the ISDN. - All systems can access file shares and internet from the lan. Works great! Routes w/o VPN: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 204.181.200.7 * 255.255.255.255 UH 0 0 0 ppp0 192.168.0.1 * 255.255.255.255 UH 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 204.181.200.7 0.0.0.0 UG 0 0 0 ppp0 ---------------------------------------------------------------------------- ----------------------------------------- ---- HOME ERROR LOGS ---- (The below logs for the home vpn show that the vpn works perfectly fine allowing me on the network) ==> /var/log/messages <== pptpd[8163]: CTRL: Client 192.168.0.3 control connection started pptpd[8163]: CTRL: Starting call (launching pppd, opening GRE) pppd[8164]: pppd 2.3.11 started by root, uid 0 pppd[8164]: Using interface ppp0 pppd[8164]: Connect: ppp0 <--> /dev/pts/1 pptpd[8163]: Buffering out-of-order packet; got 1 after 4294967295 pptpd[8163]: Packet reorder timeout waiting for 0 pptpd[8163]: Buffering out-of-order packet; got 2 after 0 pppd[8164]: MSCHAP-v2 peer authentication succeeded for soholan\\rage pppd[8164]: found interface eth0 for proxy arp pppd[8164]: local IP address 192.168.0.201 pppd[8164]: remote IP address 192.168.0.227 pppd[8164]: MPPE 40 bit, stateless compression enabled pppd[8164]: LCP terminated by peer pppd[8164]: Modem hangup pppd[8164]: Connection terminated. pppd[8164]: Connect time 3.6 minutes. pppd[8164]: Sent 512 bytes, received 2247 bytes. pppd[8164]: Exit. pptpd[8163]: GRE: read error: Bad file descriptor pptpd[8163]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) pptpd[8163]: CTRL: Client 192.168.0.3 control connection finished ==> /var/log/pptpd.log <== pptpd[8185]: MGR: Launching /usr/sbin/pptpctrl to handle client pptpd[8185]: CTRL: local address = 192.168.0.200 pptpd[8185]: CTRL: remote address = 192.168.0.226 pptpd[8185]: CTRL: pppd speed = 115200 pptpd[8185]: CTRL: pppd options file = /etc/ppp/options.pptp pptpd[8185]: CTRL: Client 192.168.0.3 control connection started pptpd[8185]: CTRL: Received PPTP Control Message (type: 1) pptpd[8185]: CTRL: Made a START CTRL CONN RPLY packet pptpd[8185]: CTRL: I wrote 156 bytes to the client. pptpd[8185]: CTRL: Sent packet to client pptpd[8185]: CTRL: Received PPTP Control Message (type: 7) pptpd[8185]: CTRL: 0 min_bps, 0 max_bps, 32 window size pptpd[8185]: CTRL: Made a OUT CALL RPLY packet pptpd[8185]: CTRL: Starting call (launching pppd, opening GRE) pptpd[8185]: CTRL: pty_fd = 5 pptpd[8185]: CTRL: tty_fd = 6 pptpd[8186]: CTRL (PPPD Launcher): Connection speed = 115200 pptpd[8185]: CTRL: I wrote 32 bytes to the client. pptpd[8185]: CTRL: Sent packet to client pptpd[8186]: CTRL (PPPD Launcher): local address = 192.168.0.200 pptpd[8186]: CTRL (PPPD Launcher): remote address = 192.168.0.226 pptpd[8186]: CTRL (PPPD Launcher): ipx network = 00001000 pppd[8186]: pppd 2.3.11 started by root, uid 0 pppd[8186]: Using interface ppp0 pppd[8186]: Connect: ppp0 <--> /dev/pts/1 pppd[8186]: sent [LCP ConfReq id=0x1 ] pptpd[8185]: Buffering out-of-order packet; got 1 after 4294967295 pppd[8186]: Timeout 0x805085c:0x80790c0 in 3 seconds. pptpd[8185]: Packet reorder timeout waiting for 0 pptpd[8185]: Buffering out-of-order packet; got 2 after 0 pppd[8186]: rcvd [LCP ConfReq id=0x1 ] pppd[8186]: lcp_reqci: returning CONFACK. pppd[8186]: sent [LCP ConfAck id=0x1 ] pppd[8186]: rcvd [LCP ConfAck id=0x1 ] pppd[8186]: Untimeout 0x805085c:0x80790c0. pppd[8186]: sent [CHAP Challenge id=0x1 <4cb7dcb764c559505c697171b2eb2b1c>, name = "meridian"] pppd[8186]: Timeout 0x8056284:0x80793a0 in 3 seconds. pppd[8186]: rcvd [CHAP Response id=0x1 , name = "soholan\\rage"] pppd[8186]: Untimeout 0x8056284:0x80793a0. pppd[8186]: ChapReceiveResponse: rcvd type MS-CHAP-V2 pppd[8186]: sent [CHAP Success id=0x1 "S=7B69617F523DB2A4D89C25AA3169B74F930C473C"] pppd[8186]: sent [IPCP ConfReq id=0x1 ] pppd[8186]: Timeout 0x805085c:0x8079320 in 3 seconds. pppd[8186]: sent [CCP ConfReq id=0x1 ] pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds. pppd[8186]: MSCHAP-v2 peer authentication succeeded for soholan\\rage pppd[8186]: rcvd [IPCP ConfReq id=0x1 ] pppd[8186]: ipcp: returning Configure-NAK pppd[8186]: sent [IPCP ConfNak id=0x1 ] pppd[8186]: rcvd [CCP ConfReq id=0x1 ] pppd[8186]: sent [CCP ConfRej id=0x1 ] pppd[8186]: rcvd [IPCP ConfAck id=0x1 ] pppd[8186]: rcvd [CCP ConfRej id=0x1 ] pppd[8186]: Untimeout 0x805085c:0x8079440. pppd[8186]: sent [CCP ConfReq id=0x2 ] pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds. pppd[8186]: rcvd [IPCP ConfReq id=0x2 ] pppd[8186]: ipcp: returning Configure-ACK pppd[8186]: sent [IPCP ConfAck id=0x2 ] pppd[8186]: Untimeout 0x805085c:0x8079320. pppd[8186]: ipcp: up pppd[8186]: found interface eth0 for proxy arp pppd[8186]: local IP address 192.168.0.200 pppd[8186]: remote IP address 192.168.0.226 pppd[8186]: Script /etc/ppp/ip-up started (pid 8187) pppd[8186]: rcvd [CCP ConfReq id=0x2 ] pppd[8186]: sent [CCP ConfNak id=0x2 ] pppd[8186]: rcvd [CCP ConfNak id=0x2 ] pppd[8186]: Untimeout 0x805085c:0x8079440. pppd[8186]: sent [CCP ConfReq id=0x3 ] pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds. pppd[8186]: rcvd [CCP ConfReq id=0x3 ] pppd[8186]: sent [CCP ConfAck id=0x3 ] pppd[8186]: rcvd [CCP ConfAck id=0x3 ] pppd[8186]: Untimeout 0x805085c:0x8079440. pppd[8186]: MPPE 40 bit, stateless compression enabled Sat Jan 13 22:33:14 CST 2001: ip-up External Device: ppp0 TTY: /dev/pts/1 Speed: 115200 Local IP: 192.168.0.200 Remote IP: 192.168.0.226 Sat Jan 13 22:33:14 CST 2001: ip-up Firewall rules set for ppp0:192.168.0.226 pppd[8186]: Script /etc/ppp/ip-up finished (pid 8187), status = 0x0 pptpd[8185]: CTRL: Received PPTP Control Message (type: 5) pptpd[8185]: CTRL: Made a ECHO RPLY packet pptpd[8185]: CTRL: I wrote 20 bytes to the client. pptpd[8185]: CTRL: Sent packet to client pppd[8186]: rcvd [LCP TermReq id=0x2] pppd[8186]: LCP terminated by peer pppd[8186]: ipcp: down pppd[8186]: Untimeout 0x805a0bc:0x0. pppd[8186]: Script /etc/ppp/ip-down started (pid 8196) pppd[8186]: Timeout 0x805085c:0x80790c0 in 3 seconds. pppd[8186]: sent [LCP TermAck id=0x2] pptpd[8185]: CTRL: Received PPTP Control Message (type: 12) pptpd[8185]: CTRL: Made a CALL DISCONNECT RPLY packet pptpd[8185]: CTRL: Received CALL CLR request (closing call) pptpd[8185]: CTRL: I wrote 148 bytes to the client. pptpd[8185]: CTRL: Sent packet to client pppd[8186]: Modem hangup pppd[8186]: Untimeout 0x805085c:0x80790c0. pppd[8186]: Connection terminated. pppd[8186]: Sent 511 bytes, received 929 bytes. pppd[8186]: Waiting for 1 child processes... pppd[8186]: script /etc/ppp/ip-down, pid 8196 pppd[8186]: Script /etc/ppp/ip-down finished (pid 8196), status = 0x200 pppd[8186]: Exit. pptpd[8185]: GRE: read error: Bad file descriptor pptpd[8185]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) pptpd[8185]: CTRL: Client 192.168.0.3 control connection finished pptpd[8185]: CTRL: Exiting now ---- OFFICE ERROR LOGS ---- (As you can see here ==> /var/log/messages <== pptpd[19625]: CTRL: Client 4.40.159.70 control connection started pptpd[19625]: CTRL: Starting call (launching pppd, opening GRE) pppd[19626]: pppd 2.3.11 started by root, uid 0 kernel: ppp_ioctl: set dbg flags to 70000 kernel: ppp_ioctl: set flags to 70000 pppd[19626]: Using interface ppp1 pppd[19626]: Connect: ppp1 <--> /dev/pts/1 kernel: ppp_tty_ioctl: set xasyncmap kernel: ppp_tty_ioctl: set xmit asyncmap ffffffff kernel: ppp_ioctl: set flags to 70000 kernel: ppp_ioctl: set mru to 5dc kernel: ppp_tty_ioctl: set rcv asyncmap ffffffff kernel: ppp: channel ppp1 closing. pppd[19626]: Modem hangup pppd[19626]: Connection terminated. pppd[19626]: Exit. pptpd[19625]: GRE: read error: Bad file descriptor pptpd[19625]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) pptpd[19625]: CTRL: Client 4.40.159.70 control connection finished ==> /var/log/pptpd.log <== pptpd[19651]: MGR: Launching /usr/sbin/pptpctrl to handle client pptpd[19651]: CTRL: local address = 192.168.0.201 pptpd[19651]: CTRL: remote address = 192.168.0.227 pptpd[19651]: CTRL: pppd speed = 115200 pptpd[19651]: CTRL: pppd options file = /etc/ppp/options.vpn pptpd[19651]: CTRL: Client 4.40.159.70 control connection started pptpd[19651]: CTRL: Received PPTP Control Message (type: 1) pptpd[19651]: CTRL: Made a START CTRL CONN RPLY packet pptpd[19651]: CTRL: I wrote 156 bytes to the client. pptpd[19651]: CTRL: Sent packet to client pptpd[19651]: CTRL: Received PPTP Control Message (type: 7) pptpd[19651]: CTRL: 0 min_bps, 0 max_bps, 32 window size pptpd[19651]: CTRL: Made a OUT CALL RPLY packet pptpd[19651]: CTRL: Starting call (launching pppd, opening GRE) pptpd[19651]: CTRL: pty_fd = 6 pptpd[19651]: CTRL: tty_fd = 7 pptpd[19652]: CTRL (PPPD Launcher): Connection speed = 115200 pptpd[19652]: CTRL (PPPD Launcher): local address = 192.168.0.201 pptpd[19652]: CTRL (PPPD Launcher): remote address = 192.168.0.227 pptpd[19652]: CTRL (PPPD Launcher): ipx network = 00001001 pptpd[19651]: CTRL: I wrote 32 bytes to the client. pptpd[19651]: CTRL: Sent packet to client pppd[19652]: pppd 2.3.11 started by root, uid 0 pppd[19652]: Using interface ppp1 pppd[19652]: Connect: ppp1 <--> /dev/pts/1 pppd[19652]: sent [LCP ConfReq id=0x1 ] pppd[19652]: Timeout 0x8050394:0x8078480 in 3 seconds. #### The above two lines were repeated and addition nine times #### pptpd[19651]: CTRL: Received PPTP Control Message (type: 12) pptpd[19651]: CTRL: Made a CALL DISCONNECT RPLY packet pptpd[19651]: CTRL: Received CALL CLR request (closing call) pptpd[19651]: CTRL: I wrote 148 bytes to the client. pptpd[19651]: CTRL: Sent packet to client pppd[19652]: Modem hangup pppd[19652]: Untimeout 0x8050394:0x8078480. pppd[19652]: Connection terminated. pppd[19652]: Exit. pptpd[19651]: GRE: read error: Bad file descriptor pptpd[19651]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) pptpd[19651]: CTRL: Client 4.40.159.70 control connection finished pptpd[19651]: CTRL: Exiting now pptpd[2275]: MGR: Reaped child 19651 ---- HOME VPN FILES ---- ==> /etc/pptpd.conf <== # PoPToP configuration file # TAG: speed speed 115200 # TAG: option option /etc/ppp/options.pptp # TAG: debug debug # TAG: localip localip 192.168.0.200-225 # TAG: remoteip remoteip 192.168.0.226-251 # TAG: ipxnets ipxnets 00001000-00001FFF # TAG: listen #listen 192.168.0.1 # TAG: pidfile pidfile /var/run/pptpd.pid ==> /etc/ppp/options <== lock tail: /etc/ppp/options.vpn: No such file or directory ==> /etc/ppp/chap-secrets <== # Secrets for authentication using CHAP # client server secret IP addresses "soholan\\rage" * "ro0tm4h-" * "soholan\\margie" * "m00t1lda" * "soholan\\andy" * "ambermarie" * #PoPToP configuration file /etc/pptpd.conf speed 115200 localip 192.168.0.200-225 remoteip 192.168.0.226-251 ==> /etc/ppp/ip-up <== #!/bin/sh INTERNAL_DEV="eth0" INTERNAL_NET="192.168.0.0/24" INTERNAL_IP=$4 EXTERNAL_DEV=$1 EXTERNAL_NET="192.168.0.0/24" EXTERNAL_IP=$5 HW_ADDRESS="00:10:5A:1C:0B:8B" case $2 in /dev/pts/*) /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i $INTERNAL_DEV /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i $EXTERNAL_DEV /sbin/ipchains --insert input -i $EXTERNAL_DEV -s $INTERNAL_NET -j ACCEPT /sbin/ipchains --insert output -i $EXTERNAL_DEV -d $INTERNAL_NET -j ACCEPT # Logging echo date > /var/run/ppp.up echo "Connection started on " $2 >> /var/run/ppp.up echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up echo "$(date): ip-up External Device: $1 TTY: $2 Speed: $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log echo "$(date): ip-up Firewall rules set for $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log ;; esac ==> /etc/ppp/ip-down <== #!/bin/sh INTERNAL_DEV="eth0" INTERNAL_NET="192.168.0.0/24" INTERNAL_IP=$4 EXTERNAL_DEV=$1 EXTERNAL_NET="192.168.0.0/24 EXTERNAL_IP=$5 HW_ADDRESS="00:10:5A:1C:0B:8B" case $2 in /dev/pts/*) /sbin/ipchains --delete forward -j MASQ -s $EXTERNAL_IP -i $INTERNAL_DEV /sbin/ipchains --delete forward -j MASQ -d $EXTERNAL_IP -i $EXTERNAL_DEV /sbin/ipchains --delete input -i $EXTERNAL_DEV -s $INTERNAL_NET -j ACCEPT /sbin/ipchains --delete output -i $EXTERNAL_DEV -d $INTERNAL_NET -j ACCEPT # Logging echo "$(date): ip-down External Device: $1 TTY: $2 Speed: $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log echo "$(date): ip-down Firewall rules removed for $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log echo date > /var/run/ppp.up echo "Connection closed on " $2 >> /var/run/ppp.up echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up arp --delete $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up ;; esac ==> /etc/rc.d/init.d/firewall <== #!/bin/sh # IPchains Firewalling Script File # Generated by IPchains Firewalling Webmin Module # Copyright (C) 1999-2000 by Tim Niemueller, GPL # http://www.niemueller.de/webmin/modules/ipchains/ # Created on 22/May/2000 09:02 # # Source function library. . /etc/rc.d/init.d/functions # Check that networking is up. #if [ ${NETWORKING} = "no" ] #then # exit 0 #fi echo "1" > /proc/sys/net/ipv4/ip_forward case "$1" in start) # This gets rid of old stuff /sbin/ipchains -F /sbin/ipchains -X # Input ipchain rules /sbin/ipchains -P input DENY /sbin/ipchains -A input -j ACCEPT -i lo /sbin/ipchains -A input -j ACCEPT -i eth0 /sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i eth1 /sbin/ipchains -A input -j ACCEPT -p udp -i eth1 /sbin/ipchains -A input -j DENY -l -i eth1 -s 192.168.0.0/16 /sbin/ipchains -A input -j DENY -p tcp -i eth1 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j DENY -p udp -i eth1 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j ACCEPT -i eth1 /sbin/ipchains -A input -j ACCEPT -p TCP -d 0.0.0.0/0 1723 /sbin/ipchains -A input -j ACCEPT -p 47 # Output ipchains rules /sbin/ipchains -P output ACCEPT /sbin/ipchains -A output -j ACCEPT -p TCP -s 0.0.0.0/0 1723 /sbin/ipchains -A output -j ACCEPT -p 47 # Forward ipchain rules /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j MASQ /sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j MASQ ;; stop) /sbin/ipchains -F /sbin/ipchains -X echo "0" > /proc/sys/net/ipv4/ip_forward ;; restart) $0 stop $0 start ;; status) /sbin/ipchains -L -v ;; *) echo "Usage: firewall {start|stop|restart|status}" exit 1 esac exit 0 ==> /etc/modules.conf <== alias eth0 3c59x alias eth1 ne2k-pci alias parport_lowlevel parport_pc alias usb-controller usb-uhci alias char-major-108 off alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate ---- OFFICE CONFIG FILES ---- ==> /etc/pptpd.conf <== # PoPToP configuration file # TAG: speed speed 115200 # TAG: option option /etc/ppp/options.vpn # TAG: debug debug # TAG: localip localip 192.168.0.200-225 # TAG: remoteip remoteip 192.168.0.226-251 # TAG: ipxnets ipxnets 00001000-00001FFF # TAG: listen #listen 192.168.0.1 # TAG: pidfile pidfile /var/run/pptpd.pid ==> /etc/ppp/options <== lock modem crtscts asyncmap 20A0000 noipdefault defaultroute debug user lcarpet noauth nodetach ==> /etc/ppp/options.vpn <== lock asyncmap 20A0000 debug kdebug 7 name server auth mru 1450 mtu 1450 require-chap +chap proxyarp +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ==> /etc/ppp/chap-secrets <== # Secrets for authentication using CHAP # client server secret IP addresses "rage" server "ro0tm4h" "192.168.0.210" "tony" * "bogie" * "ernie" * "boney" * "chris" * "0414" * "terry" * "automan1" * "darin" * "dito66" speed 115200 debug localip 192.168.0.200-225 remoteip 192.168.1.226-251 # Dialup Info iwells * automan1 ==> /etc/ppp/ip-up <== #!/bin/sh INTERNAL_DEV="eth0" INTERNAL_NET="192.168.0.0/24" INTERNAL_IP=$4 EXTERNAL_DEV=$1 EXTERNAL_NET="192.168.0.0/24" EXTERNAL_IP=$5 HW_ADDRESS="52:54:05:F0:25:90" case $2 in /dev/pts/*) /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i $INTERNAL_DEV /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i $EXTERNAL_DEV /sbin/ipchains --insert input -i $EXTERNAL_DEV -s $INTERNAL_NET -j ACCEPT /sbin/ipchains --insert output -i $EXTERNAL_DEV -d $INTERNAL_NET -j ACCEPT # Logging echo date > /var/run/ppp.up echo "Connection started on " $2 >> /var/run/ppp.up echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up echo "$(date): ip-up External Device: $1 TTY: $2 Speed: $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log echo "$(date): ip-up Firewall rules set for $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log ;; esac ==> /etc/ppp/ip-down <== #!/bin/sh INTERNAL_DEV="eth0" INTERNAL_NET="192.168.0.0/24" INTERNAL_IP=$4 EXTERNAL_DEV=$1 EXTERNAL_NET="192.168.0.0/24 EXTERNAL_IP=$5 HW_ADDRESS="52:54:05:F0:25:90" case $2 in /dev/pts/*) /sbin/ipchains --delete forward -j MASQ -s $EXTERNAL_IP -i $INTERNAL_DEV /sbin/ipchains --delete forward -j MASQ -d $EXTERNAL_IP -i $EXTERNAL_DEV /sbin/ipchains --delete input -i $EXTERNAL_DEV -s $INTERNAL_NET -j ACCEPT /sbin/ipchains --delete output -i $EXTERNAL_DEV -d $INTERNAL_NET -j ACCEPT # Logging echo "$(date): ip-down External Device: $1 TTY: $2 Speed: $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log echo "$(date): ip-down Firewall rules removed for $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log echo date > /var/run/ppp.up echo "Connection closed on " $2 >> /var/run/ppp.up echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up arp --delete $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up ;; esac ==> /etc/rc.d/init.d/firewall <== #!/bin/sh # IPchains Firewalling Script File # Generated by IPchains Firewalling Webmin Module # Copyright (C) 1999-2000 by Tim Niemueller, GPL # http://www.niemueller.de/webmin/modules/ipchains/ # Created on 22/May/2000 09:02 # # Source function library. . /etc/rc.d/init.d/functions # Check that networking is up. #if [ ${NETWORKING} = "no" ] #then # exit 0 #fi echo "1" > /proc/sys/net/ipv4/ip_forward case "$1" in start) # This gets rid of old stuff /sbin/ipchains -F /sbin/ipchains -X # Input ipchain rules /sbin/ipchains -P input DENY /sbin/ipchains -A input -j ACCEPT -i lo /sbin/ipchains -A input -j ACCEPT -i eth0 /sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i ppp0 /sbin/ipchains -A input -j ACCEPT -p udp -i ppp0 /sbin/ipchains -A input -j DENY -l -i ppp0 -s 192.168.0.0/16 /sbin/ipchains -A input -j DENY -p tcp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j DENY -p udp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j ACCEPT -i ppp0 /sbin/ipchains -A input -j ACCEPT -p TCP -d 0.0.0.0/0 1723 /sbin/ipchains -A input -j ACCEPT -p 47 # Output ipchains rules /sbin/ipchains -P output ACCEPT /sbin/ipchains -A output -j ACCEPT -p TCP -s 0.0.0.0/0 1723 /sbin/ipchains -A output -j ACCEPT -p 47 # Forward ipchain rules /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j MASQ /sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j MASQ ;; stop) /sbin/ipchains -F /sbin/ipchains -X ;; restart) $0 stop $0 start ;; status) /sbin/ipchains -L -v ;; *) echo "Usage: firewall {start|stop|restart|status}" exit 1 esac exit 0 ==> /etc/modules.conf <== alias eth0 ne2k-pci alias parport_lowlevel parport_pc alias usb-controller usb-uhci alias char-major-108 off alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate From kyleh at insitecom.com Sun Jan 14 07:15:06 2001 From: kyleh at insitecom.com (Kyle Hodgson) Date: Sun, 14 Jan 2001 08:15:06 -0500 Subject: [pptp-server] the dreaded 619 Message-ID: All right, I have fixed this. I now have working: 0 PoPToP on Solaris x86 o Win2k CHAP clients are able to connect, login o routing is working ok, although all my packets now use the default gateway on the remote end. All I need now is a pppd patched to use MSCHAP for authentication. I can't get the diff files to apply, however. Here's a log of me trying with GNU patch: armada/usr/src/ppp-2.3.11/pppd# cp /usr/local/ssl/include/openssl/rc4.h . armada/usr/src/ppp-2.3.11/pppd# cd .. armada/usr/src/ppp-2.3.11# /usr/local/bin/patch < ppp-2.3.11-openssl-norc4-mppe.patch (Stripping trailing CRs from patch.) patching file README.MPPE (Stripping trailing CRs from patch.) can't find file to patch at input line 58 Perhaps you should have used the -p or --strip option? The text leading up to this was: -------------------------- |diff -rupN ppp-2.3.11.orig/include/linux/ppp-comp.h ppp-2.3.11/include/linux/ppp-comp.h |--- ppp-2.3.11.orig/include/linux/ppp-comp.h Thu Jul 22 23:53:29 1999 |+++ ppp-2.3.11/include/linux/ppp-comp.h Wed Sep 22 22:28:01 1999 -------------------------- File to patch: and it want to know what I'm patching. Hmmm... So I look at the README.MPPE that it just created and it's talking about Linux kernel modules. I'll guess they don't work with Solaris. Has anyone gotten past where I am now? Has anyone gotten MSCHAP to work with PoPToP on Solaris? What I do have working: ipfilter cool firewall rules that allow gre cool ipnat rules that allow me to use this transparently at home through my ipf/ipnat/adsl setup ppp at first I was trying with the Solstice PPPD, it sucks. I grabbed the ppp-2.3.11 source, reworked all of the Makefiles, and now it compiles and works. If anyone needs help compiling ppp-2.3.11 on Solaris, let me know. -----Original Message----- From: Kyle Hodgson [mailto:kyleh at insitecom.com] Sent: January 13, 2001 12:41 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] the dreaded 619 I installed PoPToP on my Solaris 7/x86 machine last night, and I must say it went rather smoothly. I just can't actually connect to it; I keep getting the dreaded error 619 the specified port is not connected message. Of course I searched for this error and found that there are problems with nat (which I'll learn to fix with my ipf firewall later), so I dialed in to my work machine (Win2k) that's in the same ethernet with the pptpd server. I got the same message. Here is a dump of my pptpd.log, any help would be appreciated... Jan 13 12:36:54 armada pptpd[19073]: CTRL: Client 64.229.11.210 control connection started Jan 13 12:36:54 armada pptpd[19073]: CTRL: Error reading ctrl packet length (bytes_ttl=0): Resource temporarily unavailable Jan 13 12:36:54 armada pptpd[19073]: CTRL: PPTP Control Message type 134511680 not supported. Jan 13 12:36:56 armada pptpd[19073]: CTRL: Starting call (launching pppd, opening GRE) Jan 13 12:36:56 armada pptpd[19073]: CTRL: Allocating pty/tty pair Jan 13 12:36:56 armada pptpd[19073]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/dev/ttyp0) Jan 13 12:36:56 armada pptpd[19074]: CTRL (PPPD Launcher): Failed to launch PPP daemon. Jan 13 12:36:56 armada pptpd[19074]: CTRL: PPPD launch failed! Jan 13 12:36:56 armada pptpd[19073]: GRE: read(fd=4,buffer=804ec40,len=8196) from PTY failed: status = -1 error = I/O error Jan 13 12:36:56 armada pptpd[19073]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 13 12:36:56 armada pptpd[19073]: CTRL: Client 64.229.11.210 control connection finished Jan 13 12:37:56 armada pptpd[19078]: CTRL: Client 64.229.11.210 control connection started Jan 13 12:37:56 armada pptpd[19078]: CTRL: Error reading ctrl packet length (bytes_ttl=0): Resource temporarily unavailable Jan 13 12:37:56 armada pptpd[19078]: CTRL: PPTP Control Message type 134511680 not supported. Jan 13 12:37:59 armada pptpd[19078]: CTRL: Starting call (launching pppd, opening GRE) Jan 13 12:37:59 armada pptpd[19078]: CTRL: Allocating pty/tty pair Jan 13 12:37:59 armada pptpd[19078]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/dev/ttyp0) Jan 13 12:37:59 armada pptpd[19079]: CTRL (PPPD Launcher): Failed to launch PPP daemon. Jan 13 12:37:59 armada pptpd[19079]: CTRL: PPPD launch failed! Jan 13 12:37:59 armada pptpd[19078]: GRE: read(fd=4,buffer=804ec40,len=8196) from PTY failed: status = -1 error = I/O error Jan 13 12:37:59 armada pptpd[19078]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 13 12:37:59 armada pptpd[19078]: CTRL: Client 64.229.11.210 control connection finished Jan 13 12:38:44 armada pptpd[19080]: CTRL: Client 64.229.11.210 control connection started Jan 13 12:38:45 armada pptpd[19080]: CTRL: Error reading ctrl packet length (bytes_ttl=0): Resource temporarily unavailable Jan 13 12:38:45 armada pptpd[19080]: CTRL: PPTP Control Message type 134511680 not supported. Jan 13 12:38:47 armada pptpd[19080]: CTRL: Starting call (launching pppd, opening GRE) Jan 13 12:38:47 armada pptpd[19080]: CTRL: Allocating pty/tty pair Jan 13 12:38:47 armada pptpd[19080]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/dev/ttyp0) Jan 13 12:38:47 armada pptpd[19081]: CTRL (PPPD Launcher): Failed to launch PPP daemon. Jan 13 12:38:47 armada pptpd[19081]: CTRL: PPPD launch failed! Jan 13 12:38:47 armada pptpd[19080]: GRE: read(fd=4,buffer=804ec40,len=8196) from PTY failed: status = -1 error = I/O error Jan 13 12:38:47 armada pptpd[19080]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 13 12:38:47 armada pptpd[19080]: CTRL: Client 64.229.11.210 control connection finished Jan 13 12:41:44 armada named[8666]: client 208.184.4.142#28563: query denied Jan 13 12:41:44 armada last message repeated 2 times Jan 13 12:45:17 armada named[8666]: client 208.184.4.142#39793: query denied those last three lines appeared as I wrote this. Looks like I'm getting probed ;) _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From kyleh at insitecom.com Sun Jan 14 07:46:47 2001 From: kyleh at insitecom.com (Kyle Hodgson) Date: Sun, 14 Jan 2001 08:46:47 -0500 Subject: [pptp-server] MSCHAP/Solaris pppd Message-ID: Does anyone have sources for ppp-2.3.[8-11] patched with Solaris in mind? Or perhaps a Solaris specific patch file, or a MSCHAP capable x86 pppd binary? Kyle Hodgson my.infotriever.com/kyleh From webmaster at hofen-online.de Sun Jan 14 08:21:19 2001 From: webmaster at hofen-online.de (Webmaster) Date: Sun, 14 Jan 2001 15:21:19 +0100 Subject: [pptp-server] 128 bit connections References: <200FAA488DE0D41194F10010B597610D06517F@JUPITER> <20010113071329.74BF715C5F@i3.golden.dom> Message-ID: <002501c07e35$48b28780$1870a8c0@hofenonline.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ! I'm running a Win98SE german version. It doesn't support 128bit encryption, too. I guess the versions of Win9X which are not us-versions don't support 40bit enc. Maybe there are export restrictions. Kai - ----- Original Message ----- From: Giulio Orsero To: Sent: Saturday, January 13, 2001 8:12 AM Subject: Re: [pptp-server] 128 bit connections > On Sat, 13 Jan 2001 11:56:08 +1100, you wrote: > > >Better check up that Win9X does fully support 128bit encryption > >coz the last I heard it's not supported.... I may be wrong and if > >so point me out to which versions of the evilware software do > >support it properly.. As far as I > > I think all versions of win9x, if properly updated, can do 128. > I tested win95B (various updates needed), win98 (1 update + vxd), > win98se (vxd), winme (out of the box). > > With all of them pptpd/pppd say: > pppd[10926]: MPPE 128 bit, stateless compression enabled > pppd[10926]: stateless MPPE enforced > > -- > giulioo at pobox.com > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOmGnz8m9Wsv+TfPzEQKa7ACdGZlWV10BCNrLD/JE9JBKMdoXlbQAniwe Bm/rUt1U5j1BOelbCEp/jEK9 =lzFY -----END PGP SIGNATURE----- From giulioo at pobox.com Sun Jan 14 08:23:51 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Sun, 14 Jan 2001 15:23:51 +0100 Subject: [pptp-server] 128 bit connections In-Reply-To: <002501c07e35$48b28780$1870a8c0@hofenonline.de> References: <200FAA488DE0D41194F10010B597610D06517F@JUPITER> <20010113071329.74BF715C5F@i3.golden.dom> <002501c07e35$48b28780$1870a8c0@hofenonline.de> Message-ID: <20010114142512.596F31637C@i3.golden.dom> On Sun, 14 Jan 2001 15:21:19 +0100, you wrote: >I'm running a Win98SE german version. It doesn't support 128bit >encryption, too. I guess the versions of Win9X which are not >us-versions don't support 40bit enc. >Maybe there are export restrictions. Yes, but as someone pointed out on this list, you just need to download 128 stuff from ftp servers and manually copy the vxd file in its place and then it will work. I used http://ftpsearch.lycos.com/?form=medium and searched for "dun128". Since non-US winme's can do 128 out of the box, I think there's no problem "upgrading" win9x. -- giulioo at pobox.com From rage at sohonetworks.cc Sun Jan 14 09:27:57 2001 From: rage at sohonetworks.cc (Jason Osborne) Date: Sun, 14 Jan 2001 09:27:57 -0600 Subject: [pptp-server] I don't understand anything ! :-) New info..anyone care to decipher? In-Reply-To: <000401c07e22$3df18480$1464a8c0@dmoylan> Message-ID: First off, there are no routers. The Linux box acts as the router with its firewall. I believe that the firewall could be a likely possibility from what I have read, but I'm not sure why it would be having problems since I made sure I added addition rules to forward 47 and 1723. As far as a GRE traceroute, I am unfamiliar with such a test. If you could, please reply back with the command to perform traceroute on 1723. It would be most appreciated. Finally, I unfortunately cannot get my hands on a copy of windows 2k server at this time. -----Original Message----- From: David Moylan [mailto:djm at wiz.net.au] Sent: Sunday, January 14, 2001 6:05 AM To: Jason Osborne Subject: Re: [pptp-server] I don't understand anything ! :-) New info..anyone care to decipher? what about the routers? what are they? have you done a GRE traceroute or used the pptp ping utilities from the win2000 server cd to see if the routers themselves are blocking out GRE or 1723? cheers, Wiz!! ----- Original Message ----- From: "Jason Osborne" To: "George Vieira" ; Sent: Sunday, January 14, 2001 9:35 PM Subject: RE: [pptp-server] I don't understand anything ! :-) New info..anyone care to decipher? > Ok, I have been playing with the VPN trying to figure out exactly what is > wrong with it. This is unfortunately an extensive email, but, maybe we can > all come to a conclusion for ISDN users. For those of you who don't want to > read all this, here is a simple breakdown of the problem. This error is > reported when connecting to the isdn server. You must understand that the > configs are literal setup the same way on both systems. > > pppd[19652]: Connect: ppp1 <--> /dev/pts/1 > pppd[19652]: sent [LCP ConfReq id=0x1 chap 81> ] > pppd[19652]: Timeout 0x8050394:0x8078480 in 3 seconds. > #### The above two lines were repeated and addition nine times #### > pptpd[19651]: CTRL: Received PPTP Control Message (type: 12) > pptpd[19651]: CTRL: Made a CALL DISCONNECT RPLY packet > pptpd[19651]: CTRL: Received CALL CLR request (closing call) > pptpd[19651]: CTRL: I wrote 148 bytes to the client. > pptpd[19651]: CTRL: Sent packet to client > pppd[19652]: Modem hangup > pppd[19652]: Untimeout 0x8050394:0x8078480. > pppd[19652]: Connection terminated. > > I have also noticed that the VPN client (in win98) is reporting the error > 650. According to http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt this > means: > > 7.2.3. Error 650: The Remote Access server is not responding. > Possible causes: > - There is a problem with packets getting through > Possible solutions: > - Check firewalls between you and server. > Make sure all can pass protocol 47 (GRE) and tcp port 1723. > According to this prognosis, is the firewall for the office an issue. I have > included the firewall script from the office toward the bottom of this > email. If anyone can help it would be much appreciated. I bet you will > answer more than just my question. In advance, thanks for all your help. > > Here is the setup. > -------------------------------------------------------------------------- -- > ---------------------------------------- > Location: Home > Connection: DSL > Kernel: Linux-2.2.17 > PPP Daemon: PPPd-2.3.11 > PopTop Server: PPTPd-1.1.2 > Patches: ppp_mppe_compressed_data_fix.diff, > ppp-2.3.11-openssl-0.9.5-mppe.patch., and if_ppp_2.2.17.diff > PopTop Config files and logs: Attached below. > Ethernet: > - eth0: ethernet connected to LAN. ip: 192.168.0.1 a.k.a. meridian.soholan > - eth1: ethernet connected to dsl. ip: 4.40.159.70 a.k.a. > meridian.sohonetworks.cc > Other boxes, hubs, etc.: > - Windows NT 4.0 Terminal Server which is setup as PDC containing user list > and promotes WINS services > - Linux System is setup with Samba which logs into the NT4 PDC. Samba does > not promote any services on the network except general file sharing. > - 8 Windows 98SE boxes setup to login to domain. > - 10/100 Linksys DualSpeed Hub. > - ipchains firewall has been setup on the linux box forwarding packets to > and from the lan to the dsl. > - All systems can access file shares and internet from the lan. In other > words, everything works perfectly. > Routes w/o VPN: > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 4.40.159.68 * 255.255.255.252 U 0 0 0 eth1 > 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 0 0 lo > default 4.40.159.69 0.0.0.0 UG 0 0 0 eth1 > -------------------------------------------------------------------------- -- > ---------------------------------------- > Location: Office > Connection: ISDN > Kernel: Linux-2.2.17 > PPP Daemon: PPPd-2.3.11 > PopTop Server: PPTPd-1.1.2 > Patches: ppp_mppe_compressed_data_fix.diff, > ppp-2.3.11-openssl-0.9.5-mppe.patch., and if_ppp_2.2.17.diff > PopTop Config files and logs: Attached below. > Ethernet: eth0 - ethernet connected to lan. ip: 192.168.0.1 a.k.a. > server.legacycarpets > Modem: ppp0 - 3com ISDN Terminal Adpater which connects to a dual line > (128kb) ISDN connection. ip: dynamic a.k.a. > lcarpet.dynip.com > Other boxes, hubs, etc.: > - Linux system is setup with Samba acting as a domain login server for > win9x boxes and promotes file shares and acts as a WINS server. > - 4 Windows 98SE boxes setup to authenticate through samba. > - 10baseT Linksys Hub. > - ipchains firewall has been setup on the linux box forwarding packets to > and from the lan to the ISDN. > - All systems can access file shares and internet from the lan. Works > great! > Routes w/o VPN: > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 204.181.200.7 * 255.255.255.255 UH 0 0 0 ppp0 > 192.168.0.1 * 255.255.255.255 UH 0 0 0 eth0 > 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 0 0 lo > default 204.181.200.7 0.0.0.0 UG 0 0 0 ppp0 > -------------------------------------------------------------------------- -- > ----------------------------------------- > > ---- HOME ERROR LOGS ---- (The below logs for the home vpn show that the vpn > works perfectly fine allowing me on the network) > ==> /var/log/messages <== > pptpd[8163]: CTRL: Client 192.168.0.3 control connection started > pptpd[8163]: CTRL: Starting call (launching pppd, opening GRE) > pppd[8164]: pppd 2.3.11 started by root, uid 0 > pppd[8164]: Using interface ppp0 > pppd[8164]: Connect: ppp0 <--> /dev/pts/1 > pptpd[8163]: Buffering out-of-order packet; got 1 after 4294967295 > pptpd[8163]: Packet reorder timeout waiting for 0 > pptpd[8163]: Buffering out-of-order packet; got 2 after 0 > pppd[8164]: MSCHAP-v2 peer authentication succeeded for soholan\\rage > pppd[8164]: found interface eth0 for proxy arp > pppd[8164]: local IP address 192.168.0.201 > pppd[8164]: remote IP address 192.168.0.227 > pppd[8164]: MPPE 40 bit, stateless compression enabled > pppd[8164]: LCP terminated by peer > pppd[8164]: Modem hangup > pppd[8164]: Connection terminated. > pppd[8164]: Connect time 3.6 minutes. > pppd[8164]: Sent 512 bytes, received 2247 bytes. > pppd[8164]: Exit. > pptpd[8163]: GRE: read error: Bad file descriptor > pptpd[8163]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) > pptpd[8163]: CTRL: Client 192.168.0.3 control connection finished > > ==> /var/log/pptpd.log <== > pptpd[8185]: MGR: Launching /usr/sbin/pptpctrl to handle client > pptpd[8185]: CTRL: local address = 192.168.0.200 > pptpd[8185]: CTRL: remote address = 192.168.0.226 > pptpd[8185]: CTRL: pppd speed = 115200 > pptpd[8185]: CTRL: pppd options file = /etc/ppp/options.pptp > pptpd[8185]: CTRL: Client 192.168.0.3 control connection started > pptpd[8185]: CTRL: Received PPTP Control Message (type: 1) > pptpd[8185]: CTRL: Made a START CTRL CONN RPLY packet > pptpd[8185]: CTRL: I wrote 156 bytes to the client. > pptpd[8185]: CTRL: Sent packet to client > pptpd[8185]: CTRL: Received PPTP Control Message (type: 7) > pptpd[8185]: CTRL: 0 min_bps, 0 max_bps, 32 window size > pptpd[8185]: CTRL: Made a OUT CALL RPLY packet > pptpd[8185]: CTRL: Starting call (launching pppd, opening GRE) > pptpd[8185]: CTRL: pty_fd = 5 > pptpd[8185]: CTRL: tty_fd = 6 > pptpd[8186]: CTRL (PPPD Launcher): Connection speed = 115200 > pptpd[8185]: CTRL: I wrote 32 bytes to the client. > pptpd[8185]: CTRL: Sent packet to client > pptpd[8186]: CTRL (PPPD Launcher): local address = 192.168.0.200 > pptpd[8186]: CTRL (PPPD Launcher): remote address = 192.168.0.226 > pptpd[8186]: CTRL (PPPD Launcher): ipx network = 00001000 > pppd[8186]: pppd 2.3.11 started by root, uid 0 > pppd[8186]: Using interface ppp0 > pppd[8186]: Connect: ppp0 <--> /dev/pts/1 > pppd[8186]: sent [LCP ConfReq id=0x1 81> ] > pptpd[8185]: Buffering out-of-order packet; got 1 after 4294967295 > pppd[8186]: Timeout 0x805085c:0x80790c0 in 3 seconds. > pptpd[8185]: Packet reorder timeout waiting for 0 > pptpd[8185]: Buffering out-of-order packet; got 2 after 0 > pppd[8186]: rcvd [LCP ConfReq id=0x1 ] > pppd[8186]: lcp_reqci: returning CONFACK. > pppd[8186]: sent [LCP ConfAck id=0x1 ] > pppd[8186]: rcvd [LCP ConfAck id=0x1 81> ] > pppd[8186]: Untimeout 0x805085c:0x80790c0. > pppd[8186]: sent [CHAP Challenge id=0x1 <4cb7dcb764c559505c697171b2eb2b1c>, > name = "meridian"] > pppd[8186]: Timeout 0x8056284:0x80793a0 in 3 seconds. > pppd[8186]: rcvd [CHAP Response id=0x1 > 030334f54f59b98e7027604>, name = "soholan\\rage"] > pppd[8186]: Untimeout 0x8056284:0x80793a0. > pppd[8186]: ChapReceiveResponse: rcvd type MS-CHAP-V2 > pppd[8186]: sent [CHAP Success id=0x1 > "S=7B69617F523DB2A4D89C25AA3169B74F930C473C"] > pppd[8186]: sent [IPCP ConfReq id=0x1 01>] > pppd[8186]: Timeout 0x805085c:0x8079320 in 3 seconds. > pppd[8186]: sent [CCP ConfReq id=0x1 0 0 60> ] > pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds. > pppd[8186]: MSCHAP-v2 peer authentication succeeded for soholan\\rage > pppd[8186]: rcvd [IPCP ConfReq id=0x1 > ] > pppd[8186]: ipcp: returning Configure-NAK > pppd[8186]: sent [IPCP ConfNak id=0x1 192.168.0.2> 192.168.0.2>] > pppd[8186]: rcvd [CCP ConfReq id=0x1 ] > pppd[8186]: sent [CCP ConfRej id=0x1 ] > pppd[8186]: rcvd [IPCP ConfAck id=0x1 01>] > pppd[8186]: rcvd [CCP ConfRej id=0x1 15>] > pppd[8186]: Untimeout 0x805085c:0x8079440. > pppd[8186]: sent [CCP ConfReq id=0x2 ] > pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds. > pppd[8186]: rcvd [IPCP ConfReq id=0x2 192.168.0.226> 192.168.0.2> ] > pppd[8186]: ipcp: returning Configure-ACK > pppd[8186]: sent [IPCP ConfAck id=0x2 192.168.0.226> 192.168.0.2> ] > pppd[8186]: Untimeout 0x805085c:0x8079320. > pppd[8186]: ipcp: up > pppd[8186]: found interface eth0 for proxy arp > pppd[8186]: local IP address 192.168.0.200 > pppd[8186]: remote IP address 192.168.0.226 > pppd[8186]: Script /etc/ppp/ip-up started (pid 8187) > pppd[8186]: rcvd [CCP ConfReq id=0x2 ] > pppd[8186]: sent [CCP ConfNak id=0x2 ] > pppd[8186]: rcvd [CCP ConfNak id=0x2 ] > pppd[8186]: Untimeout 0x805085c:0x8079440. > pppd[8186]: sent [CCP ConfReq id=0x3 ] > pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds. > pppd[8186]: rcvd [CCP ConfReq id=0x3 ] > pppd[8186]: sent [CCP ConfAck id=0x3 ] > pppd[8186]: rcvd [CCP ConfAck id=0x3 ] > pppd[8186]: Untimeout 0x805085c:0x8079440. > pppd[8186]: MPPE 40 bit, stateless compression enabled > Sat Jan 13 22:33:14 CST 2001: ip-up External Device: ppp0 TTY: /dev/pts/1 > Speed: 115200 Local IP: 192.168.0.200 Remote IP: 192.168.0.226 > Sat Jan 13 22:33:14 CST 2001: ip-up Firewall rules set for > ppp0:192.168.0.226 > pppd[8186]: Script /etc/ppp/ip-up finished (pid 8187), status = 0x0 > pptpd[8185]: CTRL: Received PPTP Control Message (type: 5) > pptpd[8185]: CTRL: Made a ECHO RPLY packet > pptpd[8185]: CTRL: I wrote 20 bytes to the client. > pptpd[8185]: CTRL: Sent packet to client > pppd[8186]: rcvd [LCP TermReq id=0x2] > pppd[8186]: LCP terminated by peer > pppd[8186]: ipcp: down > pppd[8186]: Untimeout 0x805a0bc:0x0. > pppd[8186]: Script /etc/ppp/ip-down started (pid 8196) > pppd[8186]: Timeout 0x805085c:0x80790c0 in 3 seconds. > pppd[8186]: sent [LCP TermAck id=0x2] > pptpd[8185]: CTRL: Received PPTP Control Message (type: 12) > pptpd[8185]: CTRL: Made a CALL DISCONNECT RPLY packet > pptpd[8185]: CTRL: Received CALL CLR request (closing call) > pptpd[8185]: CTRL: I wrote 148 bytes to the client. > pptpd[8185]: CTRL: Sent packet to client > pppd[8186]: Modem hangup > pppd[8186]: Untimeout 0x805085c:0x80790c0. > pppd[8186]: Connection terminated. > pppd[8186]: Sent 511 bytes, received 929 bytes. > pppd[8186]: Waiting for 1 child processes... > pppd[8186]: script /etc/ppp/ip-down, pid 8196 > pppd[8186]: Script /etc/ppp/ip-down finished (pid 8196), status = 0x200 > pppd[8186]: Exit. > pptpd[8185]: GRE: read error: Bad file descriptor > pptpd[8185]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) > pptpd[8185]: CTRL: Client 192.168.0.3 control connection finished > pptpd[8185]: CTRL: Exiting now > > ---- OFFICE ERROR LOGS ---- (As you can see here > ==> /var/log/messages <== > pptpd[19625]: CTRL: Client 4.40.159.70 control connection started > pptpd[19625]: CTRL: Starting call (launching pppd, opening GRE) > pppd[19626]: pppd 2.3.11 started by root, uid 0 > kernel: ppp_ioctl: set dbg flags to 70000 > kernel: ppp_ioctl: set flags to 70000 > pppd[19626]: Using interface ppp1 > pppd[19626]: Connect: ppp1 <--> /dev/pts/1 > kernel: ppp_tty_ioctl: set xasyncmap > kernel: ppp_tty_ioctl: set xmit asyncmap ffffffff > kernel: ppp_ioctl: set flags to 70000 > kernel: ppp_ioctl: set mru to 5dc > kernel: ppp_tty_ioctl: set rcv asyncmap ffffffff > kernel: ppp: channel ppp1 closing. > pppd[19626]: Modem hangup > pppd[19626]: Connection terminated. > pppd[19626]: Exit. > pptpd[19625]: GRE: read error: Bad file descriptor > pptpd[19625]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) > pptpd[19625]: CTRL: Client 4.40.159.70 control connection finished > > ==> /var/log/pptpd.log <== > pptpd[19651]: MGR: Launching /usr/sbin/pptpctrl to handle client > pptpd[19651]: CTRL: local address = 192.168.0.201 > pptpd[19651]: CTRL: remote address = 192.168.0.227 > pptpd[19651]: CTRL: pppd speed = 115200 > pptpd[19651]: CTRL: pppd options file = /etc/ppp/options.vpn > pptpd[19651]: CTRL: Client 4.40.159.70 control connection started > pptpd[19651]: CTRL: Received PPTP Control Message (type: 1) > pptpd[19651]: CTRL: Made a START CTRL CONN RPLY packet > pptpd[19651]: CTRL: I wrote 156 bytes to the client. > pptpd[19651]: CTRL: Sent packet to client > pptpd[19651]: CTRL: Received PPTP Control Message (type: 7) > pptpd[19651]: CTRL: 0 min_bps, 0 max_bps, 32 window size > pptpd[19651]: CTRL: Made a OUT CALL RPLY packet > pptpd[19651]: CTRL: Starting call (launching pppd, opening GRE) > pptpd[19651]: CTRL: pty_fd = 6 > pptpd[19651]: CTRL: tty_fd = 7 > pptpd[19652]: CTRL (PPPD Launcher): Connection speed = 115200 > pptpd[19652]: CTRL (PPPD Launcher): local address = 192.168.0.201 > pptpd[19652]: CTRL (PPPD Launcher): remote address = 192.168.0.227 > pptpd[19652]: CTRL (PPPD Launcher): ipx network = 00001001 > pptpd[19651]: CTRL: I wrote 32 bytes to the client. > pptpd[19651]: CTRL: Sent packet to client > pppd[19652]: pppd 2.3.11 started by root, uid 0 > pppd[19652]: Using interface ppp1 > pppd[19652]: Connect: ppp1 <--> /dev/pts/1 > pppd[19652]: sent [LCP ConfReq id=0x1 chap 81> ] > pppd[19652]: Timeout 0x8050394:0x8078480 in 3 seconds. > #### The above two lines were repeated and addition nine times #### > pptpd[19651]: CTRL: Received PPTP Control Message (type: 12) > pptpd[19651]: CTRL: Made a CALL DISCONNECT RPLY packet > pptpd[19651]: CTRL: Received CALL CLR request (closing call) > pptpd[19651]: CTRL: I wrote 148 bytes to the client. > pptpd[19651]: CTRL: Sent packet to client > pppd[19652]: Modem hangup > pppd[19652]: Untimeout 0x8050394:0x8078480. > pppd[19652]: Connection terminated. > pppd[19652]: Exit. > pptpd[19651]: GRE: read error: Bad file descriptor > pptpd[19651]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) > pptpd[19651]: CTRL: Client 4.40.159.70 control connection finished > pptpd[19651]: CTRL: Exiting now > pptpd[2275]: MGR: Reaped child 19651 > > ---- HOME VPN FILES ---- > ==> /etc/pptpd.conf <== > # PoPToP configuration file > > # TAG: speed > speed 115200 > > # TAG: option > option /etc/ppp/options.pptp > > # TAG: debug > debug > > # TAG: localip > localip 192.168.0.200-225 > > # TAG: remoteip > remoteip 192.168.0.226-251 > > # TAG: ipxnets > ipxnets 00001000-00001FFF > > # TAG: listen > #listen 192.168.0.1 > > # TAG: pidfile > pidfile /var/run/pptpd.pid > > ==> /etc/ppp/options <== > lock > tail: /etc/ppp/options.vpn: No such file or directory > > ==> /etc/ppp/chap-secrets <== > # Secrets for authentication using CHAP > # client server secret IP addresses > "soholan\\rage" * "ro0tm4h-" * > "soholan\\margie" * "m00t1lda" * > "soholan\\andy" * "ambermarie" * > > #PoPToP configuration file /etc/pptpd.conf > speed 115200 > localip 192.168.0.200-225 > remoteip 192.168.0.226-251 > > ==> /etc/ppp/ip-up <== > #!/bin/sh > > INTERNAL_DEV="eth0" > INTERNAL_NET="192.168.0.0/24" > INTERNAL_IP=$4 > EXTERNAL_DEV=$1 > EXTERNAL_NET="192.168.0.0/24" > EXTERNAL_IP=$5 > HW_ADDRESS="00:10:5A:1C:0B:8B" > > case $2 > in > /dev/pts/*) > /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i > $INTERNAL_DEV > /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i > $EXTERNAL_DEV > /sbin/ipchains --insert input -i $EXTERNAL_DEV -s > $INTERNAL_NET -j ACCEPT > /sbin/ipchains --insert output -i $EXTERNAL_DEV -d > $INTERNAL_NET -j ACCEPT > > # Logging > echo > date > /var/run/ppp.up > echo "Connection started on " $2 >> /var/run/ppp.up > echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up > echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up > /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >> > /var/run/ppp.up > > echo "$(date): ip-up External Device: $1 TTY: $2 Speed: $3 > Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log > echo "$(date): ip-up Firewall rules set for > $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log > ;; > esac > > > ==> /etc/ppp/ip-down <== > #!/bin/sh > > INTERNAL_DEV="eth0" > INTERNAL_NET="192.168.0.0/24" > INTERNAL_IP=$4 > EXTERNAL_DEV=$1 > EXTERNAL_NET="192.168.0.0/24 > EXTERNAL_IP=$5 > HW_ADDRESS="00:10:5A:1C:0B:8B" > > case $2 > in > /dev/pts/*) > /sbin/ipchains --delete forward -j MASQ -s $EXTERNAL_IP -i > $INTERNAL_DEV > /sbin/ipchains --delete forward -j MASQ -d $EXTERNAL_IP -i > $EXTERNAL_DEV > /sbin/ipchains --delete input -i $EXTERNAL_DEV -s > $INTERNAL_NET -j ACCEPT > /sbin/ipchains --delete output -i $EXTERNAL_DEV -d > $INTERNAL_NET -j ACCEPT > > # Logging > echo "$(date): ip-down External Device: $1 TTY: $2 Speed: > $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log > echo "$(date): ip-down Firewall rules removed for > $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log > > echo > date > /var/run/ppp.up > echo "Connection closed on " $2 >> /var/run/ppp.up > echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up > echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up > arp --delete $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up > ;; > esac > > > ==> /etc/rc.d/init.d/firewall <== > #!/bin/sh > # IPchains Firewalling Script File > # Generated by IPchains Firewalling Webmin Module > # Copyright (C) 1999-2000 by Tim Niemueller, GPL > # http://www.niemueller.de/webmin/modules/ipchains/ > # Created on 22/May/2000 09:02 > # > > # Source function library. > . /etc/rc.d/init.d/functions > > # Check that networking is up. > #if [ ${NETWORKING} = "no" ] > #then > # exit 0 > #fi > > echo "1" > /proc/sys/net/ipv4/ip_forward > > case "$1" in > start) > > # This gets rid of old stuff > /sbin/ipchains -F > /sbin/ipchains -X > > # Input ipchain rules > /sbin/ipchains -P input DENY > /sbin/ipchains -A input -j ACCEPT -i lo > /sbin/ipchains -A input -j ACCEPT -i eth0 > /sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i eth1 > /sbin/ipchains -A input -j ACCEPT -p udp -i eth1 > /sbin/ipchains -A input -j DENY -l -i eth1 -s 192.168.0.0/16 > /sbin/ipchains -A input -j DENY -p tcp -i eth1 -s 0/0 1024:65535 -d 0/0 139 > /sbin/ipchains -A input -j DENY -p udp -i eth1 -s 0/0 1024:65535 -d 0/0 139 > /sbin/ipchains -A input -j ACCEPT -i eth1 > /sbin/ipchains -A input -j ACCEPT -p TCP -d 0.0.0.0/0 1723 > /sbin/ipchains -A input -j ACCEPT -p 47 > > # Output ipchains rules > /sbin/ipchains -P output ACCEPT > /sbin/ipchains -A output -j ACCEPT -p TCP -s 0.0.0.0/0 1723 > /sbin/ipchains -A output -j ACCEPT -p 47 > > # Forward ipchain rules > /sbin/ipchains -P forward DENY > /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j > MASQ > /sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j > MASQ > ;; > > stop) > /sbin/ipchains -F > /sbin/ipchains -X > echo "0" > /proc/sys/net/ipv4/ip_forward > ;; > > restart) > $0 stop > $0 start > ;; > > status) > /sbin/ipchains -L -v > ;; > > *) > echo "Usage: firewall {start|stop|restart|status}" > exit 1 > > esac > exit 0 > > ==> /etc/modules.conf <== > alias eth0 3c59x > alias eth1 ne2k-pci > alias parport_lowlevel parport_pc > alias usb-controller usb-uhci > alias char-major-108 off > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > > ---- OFFICE CONFIG FILES ---- > ==> /etc/pptpd.conf <== > # PoPToP configuration file > > # TAG: speed > speed 115200 > > # TAG: option > option /etc/ppp/options.vpn > > # TAG: debug > debug > > # TAG: localip > localip 192.168.0.200-225 > > # TAG: remoteip > remoteip 192.168.0.226-251 > > # TAG: ipxnets > ipxnets 00001000-00001FFF > > # TAG: listen > #listen 192.168.0.1 > > # TAG: pidfile > pidfile /var/run/pptpd.pid > > ==> /etc/ppp/options <== > lock > modem > crtscts > asyncmap 20A0000 > noipdefault > defaultroute > debug > user lcarpet > noauth > nodetach > > ==> /etc/ppp/options.vpn <== > lock > asyncmap 20A0000 > debug > kdebug 7 > name server > auth > mru 1450 > mtu 1450 > require-chap > +chap > proxyarp > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > ==> /etc/ppp/chap-secrets <== > # Secrets for authentication using CHAP > # client server secret IP addresses > > > "rage" server "ro0tm4h" "192.168.0.210" > "tony" * "bogie" * > "ernie" * "boney" * > "chris" * "0414" * > "terry" * "automan1" * > "darin" * "dito66" > > speed 115200 > debug > localip 192.168.0.200-225 > remoteip 192.168.1.226-251 > > # Dialup Info > iwells * automan1 > > ==> /etc/ppp/ip-up <== > #!/bin/sh > > INTERNAL_DEV="eth0" > INTERNAL_NET="192.168.0.0/24" > INTERNAL_IP=$4 > EXTERNAL_DEV=$1 > EXTERNAL_NET="192.168.0.0/24" > EXTERNAL_IP=$5 > HW_ADDRESS="52:54:05:F0:25:90" > > case $2 > in > /dev/pts/*) > /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i > $INTERNAL_DEV > /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i > $EXTERNAL_DEV > /sbin/ipchains --insert input -i $EXTERNAL_DEV -s > $INTERNAL_NET -j ACCEPT > /sbin/ipchains --insert output -i $EXTERNAL_DEV -d > $INTERNAL_NET -j ACCEPT > > # Logging > echo > date > /var/run/ppp.up > echo "Connection started on " $2 >> /var/run/ppp.up > echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up > echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up > /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >> > /var/run/ppp.up > > echo "$(date): ip-up External Device: $1 TTY: $2 Speed: $3 > Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log > echo "$(date): ip-up Firewall rules set for > $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log > ;; > esac > > > ==> /etc/ppp/ip-down <== > #!/bin/sh > > INTERNAL_DEV="eth0" > INTERNAL_NET="192.168.0.0/24" > INTERNAL_IP=$4 > EXTERNAL_DEV=$1 > EXTERNAL_NET="192.168.0.0/24 > EXTERNAL_IP=$5 > HW_ADDRESS="52:54:05:F0:25:90" > > case $2 > in > /dev/pts/*) > /sbin/ipchains --delete forward -j MASQ -s $EXTERNAL_IP -i > $INTERNAL_DEV > /sbin/ipchains --delete forward -j MASQ -d $EXTERNAL_IP -i > $EXTERNAL_DEV > /sbin/ipchains --delete input -i $EXTERNAL_DEV -s > $INTERNAL_NET -j ACCEPT > /sbin/ipchains --delete output -i $EXTERNAL_DEV -d > $INTERNAL_NET -j ACCEPT > > # Logging > echo "$(date): ip-down External Device: $1 TTY: $2 Speed: > $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log > echo "$(date): ip-down Firewall rules removed for > $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log > > echo > date > /var/run/ppp.up > echo "Connection closed on " $2 >> /var/run/ppp.up > echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up > echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up > arp --delete $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up > ;; > esac > > > ==> /etc/rc.d/init.d/firewall <== > #!/bin/sh > # IPchains Firewalling Script File > # Generated by IPchains Firewalling Webmin Module > # Copyright (C) 1999-2000 by Tim Niemueller, GPL > # http://www.niemueller.de/webmin/modules/ipchains/ > # Created on 22/May/2000 09:02 > # > > # Source function library. > . /etc/rc.d/init.d/functions > > # Check that networking is up. > #if [ ${NETWORKING} = "no" ] > #then > # exit 0 > #fi > > echo "1" > /proc/sys/net/ipv4/ip_forward > > case "$1" in > start) > > # This gets rid of old stuff > /sbin/ipchains -F > /sbin/ipchains -X > > # Input ipchain rules > /sbin/ipchains -P input DENY > /sbin/ipchains -A input -j ACCEPT -i lo > /sbin/ipchains -A input -j ACCEPT -i eth0 > /sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i ppp0 > /sbin/ipchains -A input -j ACCEPT -p udp -i ppp0 > /sbin/ipchains -A input -j DENY -l -i ppp0 -s 192.168.0.0/16 > /sbin/ipchains -A input -j DENY -p tcp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 > /sbin/ipchains -A input -j DENY -p udp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 > /sbin/ipchains -A input -j ACCEPT -i ppp0 > /sbin/ipchains -A input -j ACCEPT -p TCP -d 0.0.0.0/0 1723 > /sbin/ipchains -A input -j ACCEPT -p 47 > > # Output ipchains rules > /sbin/ipchains -P output ACCEPT > /sbin/ipchains -A output -j ACCEPT -p TCP -s 0.0.0.0/0 1723 > /sbin/ipchains -A output -j ACCEPT -p 47 > > # Forward ipchain rules > /sbin/ipchains -P forward DENY > /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j > MASQ > /sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j > MASQ > ;; > > stop) > /sbin/ipchains -F > /sbin/ipchains -X > ;; > > restart) > $0 stop > $0 start > ;; > > status) > /sbin/ipchains -L -v > ;; > > *) > echo "Usage: firewall {start|stop|restart|status}" > exit 1 > > esac > exit 0 > > ==> /etc/modules.conf <== > alias eth0 ne2k-pci > alias parport_lowlevel parport_pc > alias usb-controller usb-uhci > alias char-major-108 off > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jkreger at avidsolutionsinc.com Sun Jan 14 11:00:29 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Sun, 14 Jan 2001 12:00:29 -0500 Subject: [pptp-server] MSCHAP/Solaris pppd Message-ID: <6B8A85826C35D31193BD0090278589C81DEFA8@CIC-EXCHANGE> right now, i have direct pap auth using smb in mind, plus porting the patches to ppp-2.4.0.... the mschap support is in pppd, any compilation on another platform should work, but MPPE, uses a linux spesific kernel mod. It could be ported if somebody had solaris kernel module programing experence. -----Original Message----- From: Kyle Hodgson [mailto:kyleh at insitecom.com] Sent: Sunday, January 14, 2001 8:47 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] MSCHAP/Solaris pppd Does anyone have sources for ppp-2.3.[8-11] patched with Solaris in mind? Or perhaps a Solaris specific patch file, or a MSCHAP capable x86 pppd binary? Kyle Hodgson my.infotriever.com/kyleh _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From harry at planlos.org Sun Jan 14 11:17:44 2001 From: harry at planlos.org (Harald Kraemer) Date: Sun, 14 Jan 2001 18:17:44 +0100 (MET) Subject: [pptp-server] Wrong netmask Message-ID: Hello, When my Windows 98 client connects to my linux box, it gets the wrong netmask. It should be: 255.255.255.0 But the assigned netmask is: 255.255.0.0 I already tried to add "netmask 255.255.255.0" in the pppd config file, without result. My /etc/pptd.conf: option /etc/ppp/options.pptp debug localip 172.16.0.240-245 remoteip 172.16.0.246-250 netmask 255.255.255.0 And /etc/options.pptp: netmask 255.255.255.0 lock debug auth +chap proxyarp I am using the following the following version: * pptpd-1.0.1 * ppp-2.3.11 * linux-2.2.16 Are there any ideas? This matter makes problem with netbios broadcasts. With the wrong netmask all broadcasts are send to 172.16.255.255 (which is not working) instead of 172.16.0.255. Greetings from a very cold Munich/Germany Harald Kraemer From giulioo at pobox.com Sun Jan 14 11:40:11 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Sun, 14 Jan 2001 18:40:11 +0100 Subject: [pptp-server] Wrong netmask In-Reply-To: References: Message-ID: <20010114174133.75C071637C@i3.golden.dom> On Sun, 14 Jan 2001 18:17:44 +0100 (MET), you wrote: >When my Windows 98 client connects to my linux box, it gets the wrong >netmask. > >It should be: 255.255.255.0 >But the assigned netmask is: 255.255.0.0 AFAIK there's no way you can force the netmask to a win9x client. The pppd option is for the local interface. I searched for this issue in the list archive when I had this problem. We renumbered our lan to make win9x chose 255.255.255.0 :( -- giulioo at pobox.com From yan at cardinalengineering.com Sun Jan 14 12:53:26 2001 From: yan at cardinalengineering.com (yan seiner) Date: Sun, 14 Jan 2001 13:53:26 -0500 Subject: [pptp-server] Error 645 puzzle Message-ID: <3A61F5A6.30809@cardinalengineering.com> I had been using Win95 to connect to my poptop server until recently. I had no need of my laptop for a while. Now when I try to conect, I get: Error 645: The Microsoft Dialup Adapter is in use or not responding properly. This used to work fine. I have uninstalled and reinstalled windows networking - no joy. OK, so I looked at the logs on the server. Seems that my ISDN modem (an Eicon DIVA LAN MODEM) does not like pptp... Here's the snippet from the log: Jan 14 08:09:23 aphrodite pptpd[11946]: CTRL: Client 63.85.246.20 control connection started Jan 14 08:09:23 athena-r IP_NAT NatOut: ip:192.168.129.2 pptp T=2, id:256 peer:256 Jan 14 08:09:23 aphrodite pptpd[11946]: CTRL: Starting call (launching pppd, opening GRE) Jan 14 08:09:23 aphrodite pppd[11947]: pppd 2.3.10 started by root, uid 0 Jan 14 08:09:23 athena-r IP_NAT NatOut: ip:192.168.129.2 pptp T=8, id:0 peer:0 Jan 14 08:09:23 aphrodite pppd[11947]: Using interface ppp0 Jan 14 08:09:23 aphrodite pppd[11947]: Connect: ppp0 <--> /dev/pts/6 Jan 14 08:09:25 aphrodite pppd[11947]: Modem hangup Jan 14 08:09:25 athena-r IP_NAT NatOut: ip:192.168.129.2 pptp T=13, id:0 peer:1024 Jan 14 08:09:25 aphrodite pppd[11947]: Connection terminated. Jan 14 08:09:25 aphrodite pptpd[11946]: CTRL: Error with select(), quitting Jan 14 08:09:25 aphrodite pppd[11947]: Exit. Jan 14 08:09:25 aphrodite pptpd[11946]: CTRL: Client 63.85.246.20 control connection finished Could someone please give me a hand in interpreting this? aphrodite is the pptp server. athena-r is the lan-modem. The lan modem does NAT and the pptp server is behind the NAT. I've been successful in patching ftp, for example to work behind a NATed isdn router. I'm assuming that this is similar - pptpd is reporting the NATed address and not the real address. My setup: real world <-> athena (router w/NAT) <-> aphrodite (firewall w/ pptp server) <-> internal network Thanks, --Yan From harry at planlos.org Sun Jan 14 13:24:27 2001 From: harry at planlos.org (Harald Kraemer) Date: Sun, 14 Jan 2001 20:24:27 +0100 (MET) Subject: [pptp-server] Wrong netmask In-Reply-To: <20010114174133.75C071637C@i3.golden.dom> Message-ID: Hello, > We renumbered our lan to make win9x chose 255.255.255.0 :( In which way did you renumber your lan to make win9x using the netmaske 255.255.255.0 ? In which case is win9x using the 255.255.255.0 netmask? On Sun, 14 Jan 2001, Giulio Orsero wrote: > On Sun, 14 Jan 2001 18:17:44 +0100 (MET), you wrote: > > >When my Windows 98 client connects to my linux box, it gets the wrong > >netmask. > > > >It should be: 255.255.255.0 > >But the assigned netmask is: 255.255.0.0 > AFAIK there's no way you can force the netmask to a win9x client. > The pppd option is for the local interface. > I searched for this issue in the list archive when I had this problem. > > We renumbered our lan to make win9x chose 255.255.255.0 :( > > -- > giulioo at pobox.com > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From giulioo at pobox.com Sun Jan 14 14:21:36 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Sun, 14 Jan 2001 21:21:36 +0100 Subject: [pptp-server] Wrong netmask In-Reply-To: References: <20010114174133.75C071637C@i3.golden.dom> Message-ID: <20010114202259.3FFF61637C@i3.golden.dom> On Sun, 14 Jan 2001 20:24:27 +0100 (MET), you wrote: >Hello, >> We renumbered our lan to make win9x chose 255.255.255.0 :( >In which way did you renumber your lan to make win9x using >the netmaske 255.255.255.0 ? >In which case is win9x using the 255.255.255.0 netmask? It seems win9x follows the old classful way of calculating the netmask based on the ip address. We had 10.x.x.x (but with 255.255.255.0), which is class A, and it used to choose 255.0.0.0 (default netmask for class A). Now we have 192.168.x.x, which is class C, and it chooses 255.255.255.0. You have 172, which should be class B, and so it chooses 255.255.0.0 (default netmask for class B). -- giulioo at pobox.com From yan at cardinalengineering.com Sun Jan 14 15:40:25 2001 From: yan at cardinalengineering.com (yan seiner) Date: Sun, 14 Jan 2001 16:40:25 -0500 Subject: [pptp-server] Error 645 puzzle References: <200101141944.OAA19289@mail.istorm.ca> Message-ID: <3A621CC9.90406@cardinalengineering.com> Thanks for the answer - but it won't work for me. The isdn router I have is so brain damaged that it can't forward ports/protocols without NAT. It's all or nothing - either everything gets natted and forwarded, or everything gets forwarded. No way to simply pick out one protocol to forward.... I need a pptpd/pppd that "know" they're behind NAT, and so give the client a "spoofed" ip with the public IP rather than the internal IP.... As I said, I was successful in patching ftp for this, but pptp/pppd seems a lot more complex.... --Yan Kyle Hodgson wrote: > > I hit this one too with my Solaris ipfilter/ipnat machine. I had to put a rdr > rule in that redirected all proto 47 (GRE) traffic to the correct ip address. > The only difference is that in my situation the client is nat'ed, the server has > a real ip. Here's the ipnat config: > > rdr ppp0 0/32 port 0 -> 192.168.49.2 port 0 gre > > which means redirect on ppp0 all traffic all ports to $client_ip port 0 gre. To > get this to work of course I had to define gre in /etc/protocols: > > gre 47 GRE # Needed by pptp > > I should think a similar nat entry would help you... > > Originally from yan seiner , forwarded by kyleh > > I had been using Win95 to connect to my poptop server until recently. I > had no need of my laptop for a while. Now when I try to conect, I get: > > Error 645: The Microsoft Dialup Adapter is in use or not responding > properly. > > This used to work fine. I have uninstalled and reinstalled windows > networking - no joy. > > OK, so I looked at the logs on the server. Seems that my ISDN modem (an > Eicon DIVA LAN MODEM) does not like pptp... > > Here's the snippet from the log: > > Jan 14 08:09:23 aphrodite pptpd[11946]: CTRL: Client 63.85.246.20 > control connection started > Jan 14 08:09:23 athena-r IP_NAT NatOut: ip:192.168.129.2 pptp T=2, > id:256 peer:256 > Jan 14 08:09:23 aphrodite pptpd[11946]: CTRL: Starting call (launching > pppd, opening GRE) > Jan 14 08:09:23 aphrodite pppd[11947]: pppd 2.3.10 started by root, uid 0 > Jan 14 08:09:23 athena-r IP_NAT NatOut: ip:192.168.129.2 pptp T=8, > id:0 peer:0 > Jan 14 08:09:23 aphrodite pppd[11947]: Using interface ppp0 > Jan 14 08:09:23 aphrodite pppd[11947]: Connect: ppp0 <--> /dev/pts/6 > Jan 14 08:09:25 aphrodite pppd[11947]: Modem hangup > Jan 14 08:09:25 athena-r IP_NAT NatOut: ip:192.168.129.2 pptp T=13, > id:0 peer:1024 > Jan 14 08:09:25 aphrodite pppd[11947]: Connection terminated. > Jan 14 08:09:25 aphrodite pptpd[11946]: CTRL: Error with select(), quitting > Jan 14 08:09:25 aphrodite pppd[11947]: Exit. > Jan 14 08:09:25 aphrodite pptpd[11946]: CTRL: Client 63.85.246.20 > control connection finished > > Could someone please give me a hand in interpreting this? > > aphrodite is the pptp server. athena-r is the lan-modem. > > The lan modem does NAT and the pptp server is behind the NAT. I've been > successful in patching ftp, for example to work behind a NATed isdn > router. I'm assuming that this is similar - pptpd is reporting the > NATed address and not the real address. > > My setup: > > real world <-> athena (router w/NAT) <-> aphrodite (firewall w/ pptp > server) <-> internal network > > Thanks, > > --Yan > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > > > From rage at sohonetworks.cc Sun Jan 14 15:56:37 2001 From: rage at sohonetworks.cc (Jason Osborne) Date: Sun, 14 Jan 2001 15:56:37 -0600 Subject: [pptp-server] I don't understand anything ! :-) New info..anyone care to decipher? In-Reply-To: <018601c07e48$61755b40$0301a8c0@bdfrd1.tx.home.com> Message-ID: George, What patch are you refering to? I have not heard of anything for protocol 47. -----Original Message----- From: george csahanin [mailto:georgec at dyb.com] Sent: Sunday, January 14, 2001 10:38 AM To: Jason Osborne Subject: Re: [pptp-server] I don't understand anything ! :-) New info..anyone care to decipher? Just tried to telnet to you at port 1723, and it does not appear visible right now, time is 1637Z Did you compile in the patch for protocol 47? -GeorgeC ----- Original Message ----- From: Jason Osborne To: David Moylan ; Sent: Sunday, January 14, 2001 9:27 AM Subject: RE: [pptp-server] I don't understand anything ! :-) New info..anyone care to decipher? > First off, there are no routers. The Linux box acts as the router with its > firewall. I believe that the firewall could be a likely possibility from > what I have read, but I'm not sure why it would be having problems since I > made sure I added addition rules to forward 47 and 1723. > As far as a GRE traceroute, I am unfamiliar with such a test. If you could, > please reply back with the command to perform traceroute on 1723. It would > be most appreciated. Finally, I unfortunately cannot get my hands on a copy > of windows 2k server at this time. > From neale at lowendale.com.au Sun Jan 14 16:14:38 2001 From: neale at lowendale.com.au (Neale Banks) Date: Mon, 15 Jan 2001 09:14:38 +1100 (EST) Subject: [pptp-server] Error 645 puzzle In-Reply-To: <3A61F5A6.30809@cardinalengineering.com> Message-ID: On Sun, 14 Jan 2001, yan seiner wrote: > I had been using Win95 to connect to my poptop server until recently. I > had no need of my laptop for a while. Now when I try to conect, I get: > > Error 645: The Microsoft Dialup Adapter is in use or not responding > properly. > > This used to work fine. I have uninstalled and reinstalled windows > networking - no joy. Known problem: see MS Knowledge Base article Q188141 (this is in the archives of this list). The trick is that you need to install VPN support the "correct" way (no I don't know why it will install in a way that doesn't work). > OK, so I looked at the logs on the server. Seems that my ISDN modem (an > Eicon DIVA LAN MODEM) does not like pptp... Judging by the recent traffic here, I won't go so far as to say that all will be well after you fix the 645 :-| HTH, Neale. From GeorgeV at citadelcomputer.com.au Sun Jan 14 16:03:13 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 15 Jan 2001 09:03:13 +1100 Subject: [pptp-server] Max. Number of Clients? Message-ID: <200FAA488DE0D41194F10010B597610D065197@JUPITER> I think the max number of clients was limited to the number of PTS/xx available.. Not sure.. hope that helps.. thanks, George Vieira -----Original Message----- From: Torge Szczepanek [mailto:pptp at szczepanek.de] Sent: Sunday, January 14, 2001 7:34 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Max. Number of Clients? Hi! I am planning to use PoPTop as a server for a billing system for student hostels. EVERY client should authenticate itself using a VPN connection to the pptpd. How many client connections are possible using pptpd? About two months ago I found somewhere a page, where some limits where mentioned(Limit of 100 pppds? Limit of Unix ptys?,...) and that it is possible to go beyond these limits. How? What hardware do I need for lets say about 500 or 1000 users? One single processor machine (Athlon 1000)? One SMP machine? More machines? How much memory will I need per 1 user? Encryption is not needed. I like to test this system in the near future with about 500 users. Torge Szczepanek _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From GeorgeV at citadelcomputer.com.au Sun Jan 14 16:07:31 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 15 Jan 2001 09:07:31 +1100 Subject: [pptp-server] I don't understand anything ! :-) New info..any one care to decipher? Message-ID: <200FAA488DE0D41194F10010B597610D06519D@JUPITER> My suggestion which helped on other problems on my firewall was to add ipchains -A INPUT -j DENY -l ipchains -A OUTPUT -j DENY -l to the end and watch the /var/log/messages (or whatever file) logs for errors and protocol rejects. I found that this helps monitoring firewall packet drops and sometimes it's not right and you'll see it straight away.. thanks, George Vieira -----Original Message----- From: Jason Osborne [mailto:rage at sohonetworks.cc] Sent: Sunday, January 14, 2001 9:36 PM To: George Vieira; pptp-server at lists.schulte.org Subject: RE: [pptp-server] I don't understand anything ! :-) New info..anyone care to decipher? Ok, I have been playing with the VPN trying to figure out exactly what is wrong with it. This is unfortunately an extensive email, but, maybe we can all come to a conclusion for ISDN users. For those of you who don't want to read all this, here is a simple breakdown of the problem. This error is reported when connecting to the isdn server. You must understand that the configs are literal setup the same way on both systems. pppd[19652]: Connect: ppp1 <--> /dev/pts/1 pppd[19652]: sent [LCP ConfReq id=0x1 ] pppd[19652]: Timeout 0x8050394:0x8078480 in 3 seconds. #### The above two lines were repeated and addition nine times #### pptpd[19651]: CTRL: Received PPTP Control Message (type: 12) pptpd[19651]: CTRL: Made a CALL DISCONNECT RPLY packet pptpd[19651]: CTRL: Received CALL CLR request (closing call) pptpd[19651]: CTRL: I wrote 148 bytes to the client. pptpd[19651]: CTRL: Sent packet to client pppd[19652]: Modem hangup pppd[19652]: Untimeout 0x8050394:0x8078480. pppd[19652]: Connection terminated. I have also noticed that the VPN client (in win98) is reporting the error 650. According to http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt this means: 7.2.3. Error 650: The Remote Access server is not responding. Possible causes: - There is a problem with packets getting through Possible solutions: - Check firewalls between you and server. Make sure all can pass protocol 47 (GRE) and tcp port 1723. According to this prognosis, is the firewall for the office an issue. I have included the firewall script from the office toward the bottom of this email. If anyone can help it would be much appreciated. I bet you will answer more than just my question. In advance, thanks for all your help. Here is the setup. ---------------------------------------------------------------------------- ---------------------------------------- Location: Home Connection: DSL Kernel: Linux-2.2.17 PPP Daemon: PPPd-2.3.11 PopTop Server: PPTPd-1.1.2 Patches: ppp_mppe_compressed_data_fix.diff, ppp-2.3.11-openssl-0.9.5-mppe.patch., and if_ppp_2.2.17.diff PopTop Config files and logs: Attached below. Ethernet: - eth0: ethernet connected to LAN. ip: 192.168.0.1 a.k.a. meridian.soholan - eth1: ethernet connected to dsl. ip: 4.40.159.70 a.k.a. meridian.sohonetworks.cc Other boxes, hubs, etc.: - Windows NT 4.0 Terminal Server which is setup as PDC containing user list and promotes WINS services - Linux System is setup with Samba which logs into the NT4 PDC. Samba does not promote any services on the network except general file sharing. - 8 Windows 98SE boxes setup to login to domain. - 10/100 Linksys DualSpeed Hub. - ipchains firewall has been setup on the linux box forwarding packets to and from the lan to the dsl. - All systems can access file shares and internet from the lan. In other words, everything works perfectly. Routes w/o VPN: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 4.40.159.68 * 255.255.255.252 U 0 0 0 eth1 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 4.40.159.69 0.0.0.0 UG 0 0 0 eth1 ---------------------------------------------------------------------------- ---------------------------------------- Location: Office Connection: ISDN Kernel: Linux-2.2.17 PPP Daemon: PPPd-2.3.11 PopTop Server: PPTPd-1.1.2 Patches: ppp_mppe_compressed_data_fix.diff, ppp-2.3.11-openssl-0.9.5-mppe.patch., and if_ppp_2.2.17.diff PopTop Config files and logs: Attached below. Ethernet: eth0 - ethernet connected to lan. ip: 192.168.0.1 a.k.a. server.legacycarpets Modem: ppp0 - 3com ISDN Terminal Adpater which connects to a dual line (128kb) ISDN connection. ip: dynamic a.k.a. lcarpet.dynip.com Other boxes, hubs, etc.: - Linux system is setup with Samba acting as a domain login server for win9x boxes and promotes file shares and acts as a WINS server. - 4 Windows 98SE boxes setup to authenticate through samba. - 10baseT Linksys Hub. - ipchains firewall has been setup on the linux box forwarding packets to and from the lan to the ISDN. - All systems can access file shares and internet from the lan. Works great! Routes w/o VPN: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 204.181.200.7 * 255.255.255.255 UH 0 0 0 ppp0 192.168.0.1 * 255.255.255.255 UH 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 204.181.200.7 0.0.0.0 UG 0 0 0 ppp0 ---------------------------------------------------------------------------- ----------------------------------------- ---- HOME ERROR LOGS ---- (The below logs for the home vpn show that the vpn works perfectly fine allowing me on the network) ==> /var/log/messages <== pptpd[8163]: CTRL: Client 192.168.0.3 control connection started pptpd[8163]: CTRL: Starting call (launching pppd, opening GRE) pppd[8164]: pppd 2.3.11 started by root, uid 0 pppd[8164]: Using interface ppp0 pppd[8164]: Connect: ppp0 <--> /dev/pts/1 pptpd[8163]: Buffering out-of-order packet; got 1 after 4294967295 pptpd[8163]: Packet reorder timeout waiting for 0 pptpd[8163]: Buffering out-of-order packet; got 2 after 0 pppd[8164]: MSCHAP-v2 peer authentication succeeded for soholan\\rage pppd[8164]: found interface eth0 for proxy arp pppd[8164]: local IP address 192.168.0.201 pppd[8164]: remote IP address 192.168.0.227 pppd[8164]: MPPE 40 bit, stateless compression enabled pppd[8164]: LCP terminated by peer pppd[8164]: Modem hangup pppd[8164]: Connection terminated. pppd[8164]: Connect time 3.6 minutes. pppd[8164]: Sent 512 bytes, received 2247 bytes. pppd[8164]: Exit. pptpd[8163]: GRE: read error: Bad file descriptor pptpd[8163]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) pptpd[8163]: CTRL: Client 192.168.0.3 control connection finished ==> /var/log/pptpd.log <== pptpd[8185]: MGR: Launching /usr/sbin/pptpctrl to handle client pptpd[8185]: CTRL: local address = 192.168.0.200 pptpd[8185]: CTRL: remote address = 192.168.0.226 pptpd[8185]: CTRL: pppd speed = 115200 pptpd[8185]: CTRL: pppd options file = /etc/ppp/options.pptp pptpd[8185]: CTRL: Client 192.168.0.3 control connection started pptpd[8185]: CTRL: Received PPTP Control Message (type: 1) pptpd[8185]: CTRL: Made a START CTRL CONN RPLY packet pptpd[8185]: CTRL: I wrote 156 bytes to the client. pptpd[8185]: CTRL: Sent packet to client pptpd[8185]: CTRL: Received PPTP Control Message (type: 7) pptpd[8185]: CTRL: 0 min_bps, 0 max_bps, 32 window size pptpd[8185]: CTRL: Made a OUT CALL RPLY packet pptpd[8185]: CTRL: Starting call (launching pppd, opening GRE) pptpd[8185]: CTRL: pty_fd = 5 pptpd[8185]: CTRL: tty_fd = 6 pptpd[8186]: CTRL (PPPD Launcher): Connection speed = 115200 pptpd[8185]: CTRL: I wrote 32 bytes to the client. pptpd[8185]: CTRL: Sent packet to client pptpd[8186]: CTRL (PPPD Launcher): local address = 192.168.0.200 pptpd[8186]: CTRL (PPPD Launcher): remote address = 192.168.0.226 pptpd[8186]: CTRL (PPPD Launcher): ipx network = 00001000 pppd[8186]: pppd 2.3.11 started by root, uid 0 pppd[8186]: Using interface ppp0 pppd[8186]: Connect: ppp0 <--> /dev/pts/1 pppd[8186]: sent [LCP ConfReq id=0x1 ] pptpd[8185]: Buffering out-of-order packet; got 1 after 4294967295 pppd[8186]: Timeout 0x805085c:0x80790c0 in 3 seconds. pptpd[8185]: Packet reorder timeout waiting for 0 pptpd[8185]: Buffering out-of-order packet; got 2 after 0 pppd[8186]: rcvd [LCP ConfReq id=0x1 ] pppd[8186]: lcp_reqci: returning CONFACK. pppd[8186]: sent [LCP ConfAck id=0x1 ] pppd[8186]: rcvd [LCP ConfAck id=0x1 ] pppd[8186]: Untimeout 0x805085c:0x80790c0. pppd[8186]: sent [CHAP Challenge id=0x1 <4cb7dcb764c559505c697171b2eb2b1c>, name = "meridian"] pppd[8186]: Timeout 0x8056284:0x80793a0 in 3 seconds. pppd[8186]: rcvd [CHAP Response id=0x1 , name = "soholan\\rage"] pppd[8186]: Untimeout 0x8056284:0x80793a0. pppd[8186]: ChapReceiveResponse: rcvd type MS-CHAP-V2 pppd[8186]: sent [CHAP Success id=0x1 "S=7B69617F523DB2A4D89C25AA3169B74F930C473C"] pppd[8186]: sent [IPCP ConfReq id=0x1 ] pppd[8186]: Timeout 0x805085c:0x8079320 in 3 seconds. pppd[8186]: sent [CCP ConfReq id=0x1 ] pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds. pppd[8186]: MSCHAP-v2 peer authentication succeeded for soholan\\rage pppd[8186]: rcvd [IPCP ConfReq id=0x1 ] pppd[8186]: ipcp: returning Configure-NAK pppd[8186]: sent [IPCP ConfNak id=0x1 ] pppd[8186]: rcvd [CCP ConfReq id=0x1 ] pppd[8186]: sent [CCP ConfRej id=0x1 ] pppd[8186]: rcvd [IPCP ConfAck id=0x1 ] pppd[8186]: rcvd [CCP ConfRej id=0x1 ] pppd[8186]: Untimeout 0x805085c:0x8079440. pppd[8186]: sent [CCP ConfReq id=0x2 ] pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds. pppd[8186]: rcvd [IPCP ConfReq id=0x2 ] pppd[8186]: ipcp: returning Configure-ACK pppd[8186]: sent [IPCP ConfAck id=0x2 ] pppd[8186]: Untimeout 0x805085c:0x8079320. pppd[8186]: ipcp: up pppd[8186]: found interface eth0 for proxy arp pppd[8186]: local IP address 192.168.0.200 pppd[8186]: remote IP address 192.168.0.226 pppd[8186]: Script /etc/ppp/ip-up started (pid 8187) pppd[8186]: rcvd [CCP ConfReq id=0x2 ] pppd[8186]: sent [CCP ConfNak id=0x2 ] pppd[8186]: rcvd [CCP ConfNak id=0x2 ] pppd[8186]: Untimeout 0x805085c:0x8079440. pppd[8186]: sent [CCP ConfReq id=0x3 ] pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds. pppd[8186]: rcvd [CCP ConfReq id=0x3 ] pppd[8186]: sent [CCP ConfAck id=0x3 ] pppd[8186]: rcvd [CCP ConfAck id=0x3 ] pppd[8186]: Untimeout 0x805085c:0x8079440. pppd[8186]: MPPE 40 bit, stateless compression enabled Sat Jan 13 22:33:14 CST 2001: ip-up External Device: ppp0 TTY: /dev/pts/1 Speed: 115200 Local IP: 192.168.0.200 Remote IP: 192.168.0.226 Sat Jan 13 22:33:14 CST 2001: ip-up Firewall rules set for ppp0:192.168.0.226 pppd[8186]: Script /etc/ppp/ip-up finished (pid 8187), status = 0x0 pptpd[8185]: CTRL: Received PPTP Control Message (type: 5) pptpd[8185]: CTRL: Made a ECHO RPLY packet pptpd[8185]: CTRL: I wrote 20 bytes to the client. pptpd[8185]: CTRL: Sent packet to client pppd[8186]: rcvd [LCP TermReq id=0x2] pppd[8186]: LCP terminated by peer pppd[8186]: ipcp: down pppd[8186]: Untimeout 0x805a0bc:0x0. pppd[8186]: Script /etc/ppp/ip-down started (pid 8196) pppd[8186]: Timeout 0x805085c:0x80790c0 in 3 seconds. pppd[8186]: sent [LCP TermAck id=0x2] pptpd[8185]: CTRL: Received PPTP Control Message (type: 12) pptpd[8185]: CTRL: Made a CALL DISCONNECT RPLY packet pptpd[8185]: CTRL: Received CALL CLR request (closing call) pptpd[8185]: CTRL: I wrote 148 bytes to the client. pptpd[8185]: CTRL: Sent packet to client pppd[8186]: Modem hangup pppd[8186]: Untimeout 0x805085c:0x80790c0. pppd[8186]: Connection terminated. pppd[8186]: Sent 511 bytes, received 929 bytes. pppd[8186]: Waiting for 1 child processes... pppd[8186]: script /etc/ppp/ip-down, pid 8196 pppd[8186]: Script /etc/ppp/ip-down finished (pid 8196), status = 0x200 pppd[8186]: Exit. pptpd[8185]: GRE: read error: Bad file descriptor pptpd[8185]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) pptpd[8185]: CTRL: Client 192.168.0.3 control connection finished pptpd[8185]: CTRL: Exiting now ---- OFFICE ERROR LOGS ---- (As you can see here ==> /var/log/messages <== pptpd[19625]: CTRL: Client 4.40.159.70 control connection started pptpd[19625]: CTRL: Starting call (launching pppd, opening GRE) pppd[19626]: pppd 2.3.11 started by root, uid 0 kernel: ppp_ioctl: set dbg flags to 70000 kernel: ppp_ioctl: set flags to 70000 pppd[19626]: Using interface ppp1 pppd[19626]: Connect: ppp1 <--> /dev/pts/1 kernel: ppp_tty_ioctl: set xasyncmap kernel: ppp_tty_ioctl: set xmit asyncmap ffffffff kernel: ppp_ioctl: set flags to 70000 kernel: ppp_ioctl: set mru to 5dc kernel: ppp_tty_ioctl: set rcv asyncmap ffffffff kernel: ppp: channel ppp1 closing. pppd[19626]: Modem hangup pppd[19626]: Connection terminated. pppd[19626]: Exit. pptpd[19625]: GRE: read error: Bad file descriptor pptpd[19625]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) pptpd[19625]: CTRL: Client 4.40.159.70 control connection finished ==> /var/log/pptpd.log <== pptpd[19651]: MGR: Launching /usr/sbin/pptpctrl to handle client pptpd[19651]: CTRL: local address = 192.168.0.201 pptpd[19651]: CTRL: remote address = 192.168.0.227 pptpd[19651]: CTRL: pppd speed = 115200 pptpd[19651]: CTRL: pppd options file = /etc/ppp/options.vpn pptpd[19651]: CTRL: Client 4.40.159.70 control connection started pptpd[19651]: CTRL: Received PPTP Control Message (type: 1) pptpd[19651]: CTRL: Made a START CTRL CONN RPLY packet pptpd[19651]: CTRL: I wrote 156 bytes to the client. pptpd[19651]: CTRL: Sent packet to client pptpd[19651]: CTRL: Received PPTP Control Message (type: 7) pptpd[19651]: CTRL: 0 min_bps, 0 max_bps, 32 window size pptpd[19651]: CTRL: Made a OUT CALL RPLY packet pptpd[19651]: CTRL: Starting call (launching pppd, opening GRE) pptpd[19651]: CTRL: pty_fd = 6 pptpd[19651]: CTRL: tty_fd = 7 pptpd[19652]: CTRL (PPPD Launcher): Connection speed = 115200 pptpd[19652]: CTRL (PPPD Launcher): local address = 192.168.0.201 pptpd[19652]: CTRL (PPPD Launcher): remote address = 192.168.0.227 pptpd[19652]: CTRL (PPPD Launcher): ipx network = 00001001 pptpd[19651]: CTRL: I wrote 32 bytes to the client. pptpd[19651]: CTRL: Sent packet to client pppd[19652]: pppd 2.3.11 started by root, uid 0 pppd[19652]: Using interface ppp1 pppd[19652]: Connect: ppp1 <--> /dev/pts/1 pppd[19652]: sent [LCP ConfReq id=0x1 ] pppd[19652]: Timeout 0x8050394:0x8078480 in 3 seconds. #### The above two lines were repeated and addition nine times #### pptpd[19651]: CTRL: Received PPTP Control Message (type: 12) pptpd[19651]: CTRL: Made a CALL DISCONNECT RPLY packet pptpd[19651]: CTRL: Received CALL CLR request (closing call) pptpd[19651]: CTRL: I wrote 148 bytes to the client. pptpd[19651]: CTRL: Sent packet to client pppd[19652]: Modem hangup pppd[19652]: Untimeout 0x8050394:0x8078480. pppd[19652]: Connection terminated. pppd[19652]: Exit. pptpd[19651]: GRE: read error: Bad file descriptor pptpd[19651]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) pptpd[19651]: CTRL: Client 4.40.159.70 control connection finished pptpd[19651]: CTRL: Exiting now pptpd[2275]: MGR: Reaped child 19651 ---- HOME VPN FILES ---- ==> /etc/pptpd.conf <== # PoPToP configuration file # TAG: speed speed 115200 # TAG: option option /etc/ppp/options.pptp # TAG: debug debug # TAG: localip localip 192.168.0.200-225 # TAG: remoteip remoteip 192.168.0.226-251 # TAG: ipxnets ipxnets 00001000-00001FFF # TAG: listen #listen 192.168.0.1 # TAG: pidfile pidfile /var/run/pptpd.pid ==> /etc/ppp/options <== lock tail: /etc/ppp/options.vpn: No such file or directory ==> /etc/ppp/chap-secrets <== # Secrets for authentication using CHAP # client server secret IP addresses "soholan\\rage" * "ro0tm4h-" * "soholan\\margie" * "m00t1lda" * "soholan\\andy" * "ambermarie" * #PoPToP configuration file /etc/pptpd.conf speed 115200 localip 192.168.0.200-225 remoteip 192.168.0.226-251 ==> /etc/ppp/ip-up <== #!/bin/sh INTERNAL_DEV="eth0" INTERNAL_NET="192.168.0.0/24" INTERNAL_IP=$4 EXTERNAL_DEV=$1 EXTERNAL_NET="192.168.0.0/24" EXTERNAL_IP=$5 HW_ADDRESS="00:10:5A:1C:0B:8B" case $2 in /dev/pts/*) /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i $INTERNAL_DEV /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i $EXTERNAL_DEV /sbin/ipchains --insert input -i $EXTERNAL_DEV -s $INTERNAL_NET -j ACCEPT /sbin/ipchains --insert output -i $EXTERNAL_DEV -d $INTERNAL_NET -j ACCEPT # Logging echo date > /var/run/ppp.up echo "Connection started on " $2 >> /var/run/ppp.up echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up echo "$(date): ip-up External Device: $1 TTY: $2 Speed: $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log echo "$(date): ip-up Firewall rules set for $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log ;; esac ==> /etc/ppp/ip-down <== #!/bin/sh INTERNAL_DEV="eth0" INTERNAL_NET="192.168.0.0/24" INTERNAL_IP=$4 EXTERNAL_DEV=$1 EXTERNAL_NET="192.168.0.0/24 EXTERNAL_IP=$5 HW_ADDRESS="00:10:5A:1C:0B:8B" case $2 in /dev/pts/*) /sbin/ipchains --delete forward -j MASQ -s $EXTERNAL_IP -i $INTERNAL_DEV /sbin/ipchains --delete forward -j MASQ -d $EXTERNAL_IP -i $EXTERNAL_DEV /sbin/ipchains --delete input -i $EXTERNAL_DEV -s $INTERNAL_NET -j ACCEPT /sbin/ipchains --delete output -i $EXTERNAL_DEV -d $INTERNAL_NET -j ACCEPT # Logging echo "$(date): ip-down External Device: $1 TTY: $2 Speed: $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log echo "$(date): ip-down Firewall rules removed for $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log echo date > /var/run/ppp.up echo "Connection closed on " $2 >> /var/run/ppp.up echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up arp --delete $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up ;; esac ==> /etc/rc.d/init.d/firewall <== #!/bin/sh # IPchains Firewalling Script File # Generated by IPchains Firewalling Webmin Module # Copyright (C) 1999-2000 by Tim Niemueller, GPL # http://www.niemueller.de/webmin/modules/ipchains/ # Created on 22/May/2000 09:02 # # Source function library. . /etc/rc.d/init.d/functions # Check that networking is up. #if [ ${NETWORKING} = "no" ] #then # exit 0 #fi echo "1" > /proc/sys/net/ipv4/ip_forward case "$1" in start) # This gets rid of old stuff /sbin/ipchains -F /sbin/ipchains -X # Input ipchain rules /sbin/ipchains -P input DENY /sbin/ipchains -A input -j ACCEPT -i lo /sbin/ipchains -A input -j ACCEPT -i eth0 /sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i eth1 /sbin/ipchains -A input -j ACCEPT -p udp -i eth1 /sbin/ipchains -A input -j DENY -l -i eth1 -s 192.168.0.0/16 /sbin/ipchains -A input -j DENY -p tcp -i eth1 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j DENY -p udp -i eth1 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j ACCEPT -i eth1 /sbin/ipchains -A input -j ACCEPT -p TCP -d 0.0.0.0/0 1723 /sbin/ipchains -A input -j ACCEPT -p 47 # Output ipchains rules /sbin/ipchains -P output ACCEPT /sbin/ipchains -A output -j ACCEPT -p TCP -s 0.0.0.0/0 1723 /sbin/ipchains -A output -j ACCEPT -p 47 # Forward ipchain rules /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j MASQ /sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j MASQ ;; stop) /sbin/ipchains -F /sbin/ipchains -X echo "0" > /proc/sys/net/ipv4/ip_forward ;; restart) $0 stop $0 start ;; status) /sbin/ipchains -L -v ;; *) echo "Usage: firewall {start|stop|restart|status}" exit 1 esac exit 0 ==> /etc/modules.conf <== alias eth0 3c59x alias eth1 ne2k-pci alias parport_lowlevel parport_pc alias usb-controller usb-uhci alias char-major-108 off alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate ---- OFFICE CONFIG FILES ---- ==> /etc/pptpd.conf <== # PoPToP configuration file # TAG: speed speed 115200 # TAG: option option /etc/ppp/options.vpn # TAG: debug debug # TAG: localip localip 192.168.0.200-225 # TAG: remoteip remoteip 192.168.0.226-251 # TAG: ipxnets ipxnets 00001000-00001FFF # TAG: listen #listen 192.168.0.1 # TAG: pidfile pidfile /var/run/pptpd.pid ==> /etc/ppp/options <== lock modem crtscts asyncmap 20A0000 noipdefault defaultroute debug user lcarpet noauth nodetach ==> /etc/ppp/options.vpn <== lock asyncmap 20A0000 debug kdebug 7 name server auth mru 1450 mtu 1450 require-chap +chap proxyarp +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ==> /etc/ppp/chap-secrets <== # Secrets for authentication using CHAP # client server secret IP addresses "rage" server "ro0tm4h" "192.168.0.210" "tony" * "bogie" * "ernie" * "boney" * "chris" * "0414" * "terry" * "automan1" * "darin" * "dito66" speed 115200 debug localip 192.168.0.200-225 remoteip 192.168.1.226-251 # Dialup Info iwells * automan1 ==> /etc/ppp/ip-up <== #!/bin/sh INTERNAL_DEV="eth0" INTERNAL_NET="192.168.0.0/24" INTERNAL_IP=$4 EXTERNAL_DEV=$1 EXTERNAL_NET="192.168.0.0/24" EXTERNAL_IP=$5 HW_ADDRESS="52:54:05:F0:25:90" case $2 in /dev/pts/*) /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i $INTERNAL_DEV /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i $EXTERNAL_DEV /sbin/ipchains --insert input -i $EXTERNAL_DEV -s $INTERNAL_NET -j ACCEPT /sbin/ipchains --insert output -i $EXTERNAL_DEV -d $INTERNAL_NET -j ACCEPT # Logging echo date > /var/run/ppp.up echo "Connection started on " $2 >> /var/run/ppp.up echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up echo "$(date): ip-up External Device: $1 TTY: $2 Speed: $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log echo "$(date): ip-up Firewall rules set for $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log ;; esac ==> /etc/ppp/ip-down <== #!/bin/sh INTERNAL_DEV="eth0" INTERNAL_NET="192.168.0.0/24" INTERNAL_IP=$4 EXTERNAL_DEV=$1 EXTERNAL_NET="192.168.0.0/24 EXTERNAL_IP=$5 HW_ADDRESS="52:54:05:F0:25:90" case $2 in /dev/pts/*) /sbin/ipchains --delete forward -j MASQ -s $EXTERNAL_IP -i $INTERNAL_DEV /sbin/ipchains --delete forward -j MASQ -d $EXTERNAL_IP -i $EXTERNAL_DEV /sbin/ipchains --delete input -i $EXTERNAL_DEV -s $INTERNAL_NET -j ACCEPT /sbin/ipchains --delete output -i $EXTERNAL_DEV -d $INTERNAL_NET -j ACCEPT # Logging echo "$(date): ip-down External Device: $1 TTY: $2 Speed: $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log echo "$(date): ip-down Firewall rules removed for $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log echo date > /var/run/ppp.up echo "Connection closed on " $2 >> /var/run/ppp.up echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up arp --delete $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up ;; esac ==> /etc/rc.d/init.d/firewall <== #!/bin/sh # IPchains Firewalling Script File # Generated by IPchains Firewalling Webmin Module # Copyright (C) 1999-2000 by Tim Niemueller, GPL # http://www.niemueller.de/webmin/modules/ipchains/ # Created on 22/May/2000 09:02 # # Source function library. . /etc/rc.d/init.d/functions # Check that networking is up. #if [ ${NETWORKING} = "no" ] #then # exit 0 #fi echo "1" > /proc/sys/net/ipv4/ip_forward case "$1" in start) # This gets rid of old stuff /sbin/ipchains -F /sbin/ipchains -X # Input ipchain rules /sbin/ipchains -P input DENY /sbin/ipchains -A input -j ACCEPT -i lo /sbin/ipchains -A input -j ACCEPT -i eth0 /sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i ppp0 /sbin/ipchains -A input -j ACCEPT -p udp -i ppp0 /sbin/ipchains -A input -j DENY -l -i ppp0 -s 192.168.0.0/16 /sbin/ipchains -A input -j DENY -p tcp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j DENY -p udp -i ppp0 -s 0/0 1024:65535 -d 0/0 139 /sbin/ipchains -A input -j ACCEPT -i ppp0 /sbin/ipchains -A input -j ACCEPT -p TCP -d 0.0.0.0/0 1723 /sbin/ipchains -A input -j ACCEPT -p 47 # Output ipchains rules /sbin/ipchains -P output ACCEPT /sbin/ipchains -A output -j ACCEPT -p TCP -s 0.0.0.0/0 1723 /sbin/ipchains -A output -j ACCEPT -p 47 # Forward ipchain rules /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j MASQ /sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j MASQ ;; stop) /sbin/ipchains -F /sbin/ipchains -X ;; restart) $0 stop $0 start ;; status) /sbin/ipchains -L -v ;; *) echo "Usage: firewall {start|stop|restart|status}" exit 1 esac exit 0 ==> /etc/modules.conf <== alias eth0 ne2k-pci alias parport_lowlevel parport_pc alias usb-controller usb-uhci alias char-major-108 off alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate From con.nikolozakis at securecommerce.com.au Sun Jan 14 17:23:33 2001 From: con.nikolozakis at securecommerce.com.au (Con Nikolozakis) Date: Mon, 15 Jan 2001 10:23:33 +1100 Subject: [pptp-server] ppp mppe linux2.4.0 Message-ID: Hi, I was wondering if it possible to get ppp going with mppe support on linux 2.4.0. Ive currently got. --> linux 2.4.0-test1 --> ppp2.3.8 OR ppp2.3.10 OR ppp2.3.11 seems like ppp_generic.c wants to use ppp2.4.1. Any help would be appreciated. Regards, Con Nikolozakis *********************************************************** Con Nikolozakis Voice: +61 3 8604 2488 Fax: +61 3 9614 2019 Secure Commerce Services Mbl: +61 414 397 145 Email: con at securecommerce.com.au www.securecommerce.com.au *********************************************************** From jkreger at avidsolutionsinc.com Sun Jan 14 17:49:31 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Sun, 14 Jan 2001 18:49:31 -0500 Subject: [pptp-server] ppp mppe linux2.4.0 Message-ID: <6B8A85826C35D31193BD0090278589C81DEFAB@CIC-EXCHANGE> somebody just has to port everything to ppp-2.4.x -----Original Message----- From: Con Nikolozakis To: pptp-server at lists.schulte.org Sent: 1/14/01 6:23 PM Subject: [pptp-server] ppp mppe linux2.4.0 Hi, I was wondering if it possible to get ppp going with mppe support on linux 2.4.0. Ive currently got. --> linux 2.4.0-test1 --> ppp2.3.8 OR ppp2.3.10 OR ppp2.3.11 seems like ppp_generic.c wants to use ppp2.4.1. Any help would be appreciated. Regards, Con Nikolozakis *********************************************************** Con Nikolozakis Voice: +61 3 8604 2488 Fax: +61 3 9614 2019 Secure Commerce Services Mbl: +61 414 397 145 Email: con at securecommerce.com.au www.securecommerce.com.au *********************************************************** _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From jm at jmarks-asc.com Sun Jan 14 22:41:58 2001 From: jm at jmarks-asc.com (Jonathan) Date: Sun, 14 Jan 2001 20:41:58 -0800 Subject: [pptp-server] W2K client error 738: The server did not assign an address. Message-ID: <3A627F95.757AA49E@jmarks-asc.com> Hi, To build a configuration I followed the instructions in http://www.vibres.com/pptp/example.html with the following variations and hic - ups. * I built ppp and the kernel with the openssl mppe patch, the mppe_data_fix patch and the pppsmb.pat. * Had to copy back the PPP_VERSION and PPP_MAGIC #defines back into /usr/src/linux/include/linux/if_ppp.h after the ppp's make kernel did its damage. * I'm using openssl-0.9.6 and needed to copy /usr/src/openssl-0.9.6/crypto/rc4 into /usr/src/linux/drivers /net to get the kernel to compile. The trace I get that causes the client to report the above error is. Jan 14 20:34:48 henry pptpd[1377]: MGR: Manager process started Jan 14 20:35:04 henry pptpd[1379]: CTRL: Client 192.168.0.100 control connection started Jan 14 20:35:04 henry pptpd[1379]: CTRL: Starting call (launching pppd, opening GRE) Jan 14 20:35:04 henry pppd[1380]: pppd 2.3.11 started by root, uid 0 Jan 14 20:35:04 henry pppd[1380]: Using interface ppp0 Jan 14 20:35:04 henry pppd[1380]: Connect: ppp0 <--> /dev/pts/3 Jan 14 20:35:06 henry pptpd[1379]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jan 14 20:35:06 henry pppd[1380]: MSCHAP-v2 peer authentication succeeded for jmarks Jan 14 20:35:06 henry pppd[1380]: MPPE 128 bit, stateless compression enabled Jan 14 20:35:06 henry pptpd[1379]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jan 14 20:35:06 henry pptpd[1379]: GRE: read error: Bad file descriptor Jan 14 20:35:06 henry pptpd[1379]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Jan 14 20:35:06 henry pptpd[1379]: CTRL: Client 192.168.0.100 control connection finished Jan 14 20:35:06 henry pppd[1380]: Modem hangup Jan 14 20:35:06 henry pppd[1380]: Connection terminated. Jan 14 20:35:06 henry pppd[1380]: Connect time 0.1 minutes. Jan 14 20:35:06 henry pppd[1380]: Sent 644 bytes, received 642 bytes. Jan 14 20:35:06 henry pppd[1380]: Exit. /etc/pptp.conf is: debug option /etc/ppp/options.pptp localip 192.168.0.234 remoteip 192.168.0.235-239 /etc/ppp/options.pptp lock debug auth proxyarp name pptp require-chap +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/ppp/chap-secrets is jon * secret1 * jmarks * secret2 * * * &/etc/smbpasswd * Any help will be appreciated Jonathan -- Jonathan Marks, Jonathan Marks and Associates. 3271 Springthorne Crescent, Richmond, BC, V7E-1Z8, Canada. Tel: (604) 274-2277, (604) 418-8825, Fax: (604) 274-8294. http://www.jmarks-asc.com From jvonau at home.com Sun Jan 14 23:29:34 2001 From: jvonau at home.com (Jerry Vonau) Date: Sun, 14 Jan 2001 23:29:34 -0600 Subject: [pptp-server] Wrong netmask References: <20010114174133.75C071637C@i3.golden.dom> <20010114202259.3FFF61637C@i3.golden.dom> Message-ID: <3A628ABD.3CEE5108@home.com> Just a thought: Could you not just let it have the 255.255.0.0 netmask change the options to match, and adjust the chains and routing? ie: /sbin/route add -net 172.16.0.0 netmask 255.255.0.0 dev ethx I don't think there is any thing wrong with having 2 network route on the same interface, Anybody??? /sbin/ipchains -A input -j ACCEPT -i INTIF -s 172.16.0.0/16 -d 172.16.0.0/16 /sbin/ipchains -A output -j ACCEPT -i INTIF -s 172.16.0.0/16 -d 172.16.0.0/16 /sbin/ipchains -A input -j ACCEPT -i ppp+ -s 172.16.0.0/16 -d 172.16.0.0/16 /sbin/ipchains -A output -j ACCEPT -i ppp+ -s 172.16.0.0/16 -d 172.16.0.0/16 sbin/ipchains -A forward -j ACCEPT -i ppp+ -s 172.16.0.0/16 -d 172.16.0.0/16 sbin/ipchains -A forward -j ACCEPT -i INTIF -s 172.16.0.0/16 -d 172.16.0.0/16 wouldn't the /16 netmask include all of the /24 subnets?? If the kernel sees them a 2 different netwoks then maybe: /sbin/ipchains -A input -j ACCEPT -i INTIF -b -s 172.16.0.0/24 -d 172.16.0.0/16 /sbin/ipchains -A output -j ACCEPT -i INTIF -b -s 172.16.0.0/24 -d 172.16.0.0/16 /sbin/ipchains -A input -j ACCEPT -i ppp+ -b -s 172.16.0.0/24 -d 172.16.0.0/16 /sbin/ipchains -A output -j ACCEPT -i ppp+ -b -s 172.16.0.0/24 -d 172.16.0.0/16 /sbin/ipchains -A forward -j ACCEPT -i INTIF -b -s 172.16.0.0/24 -d 172.16.0.0/16 /sbin/ipchains -A forward -j ACCEPT -i ppp+ -b -s 172.16.0.0/16 -d 172.16.0.0/24 Anyone have any thoughts.......... Jerry Vonau From tib at tigerknight.org Mon Jan 15 01:30:24 2001 From: tib at tigerknight.org (Tib) Date: Sun, 14 Jan 2001 23:30:24 -0800 (PST) Subject: [pptp-server] pptpd and pppd Message-ID: Greetings Programs! I'm trying to setup a vpn using the PoPToP software, and it works ok, except for that I can't get pppd to kick into gear. Mind you I've never had to deeal with pppd before and just compiled it into the kernel this time in order to use this software, so could someonoffer some instructions step by step to getting pppd to come up properly for this vpn issue? Thanks Tib From giulioo at pobox.com Mon Jan 15 02:15:34 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Mon, 15 Jan 2001 09:15:34 +0100 Subject: [pptp-server] Wrong netmask In-Reply-To: <3A628ABD.3CEE5108@home.com> References: <20010114174133.75C071637C@i3.golden.dom> <20010114202259.3FFF61637C@i3.golden.dom> <3A628ABD.3CEE5108@home.com> Message-ID: <20010115081616.249711637C@i3.golden.dom> On Sun, 14 Jan 2001 23:29:34 -0600, you wrote: >Could you not just let it have the 255.255.0.0 netmask change the >options to match, >and adjust the chains and routing? Yes, this certainly is the right and definitive solution (didn't look at the firewall rules, I'm speaking about the idea). However, since netbios (what we needed) is often so problematic and we use dhcp and dynamic dns, it was easier for us to change the dhcp server config to use a new subnet. -- giulioo at pobox.com From hutriest at astaga.com Mon Jan 15 06:16:23 2001 From: hutriest at astaga.com (hutriest at astaga.com) Date: 15 Jan 2001 04:16:23 -0800 Subject: [pptp-server] best pptp server Message-ID: <20010115121623.1310.cpmta@c017.sfo.cp.net> An embedded and charset-unspecified text was scrubbed... Name: not available URL: From yan at cardinalengineering.com Mon Jan 15 07:00:01 2001 From: yan at cardinalengineering.com (Yan Seiner) Date: Mon, 15 Jan 2001 08:00:01 -0500 Subject: [pptp-server] Error 645 puzzle References: Message-ID: <3A62F451.3B645C5A@cardinalengineering.com> I did what the KB article said, and now I get a little further. (Go figure; a search for Error 645 turns up some stuff about encrypted passwords - but not that article.) The problem is that GRE packets go out, but nothing comes back. I'm guessing that the client is being given the internal (natted) address, and not the real one. I tried to run pptpctrl via inetd, and give the real IP as the fourth argument, but that does not seem to have made any difference. Either my router is not forwarding incoming GRE (though it claims to support it in client mode) or I'm misreading the pptpctrl man page. --Yan Neale Banks wrote: > > On Sun, 14 Jan 2001, yan seiner wrote: > > > I had been using Win95 to connect to my poptop server until recently. I > > had no need of my laptop for a while. Now when I try to conect, I get: > > > > Error 645: The Microsoft Dialup Adapter is in use or not responding > > properly. > > > > This used to work fine. I have uninstalled and reinstalled windows > > networking - no joy. > > Known problem: see MS Knowledge Base article Q188141 (this is in the > archives of this list). > > The trick is that you need to install VPN support the "correct" way (no I > don't know why it will install in a way that doesn't work). > > > OK, so I looked at the logs on the server. Seems that my ISDN modem (an > > Eicon DIVA LAN MODEM) does not like pptp... > > Judging by the recent traffic here, I won't go so far as to say that all > will be well after you fix the 645 :-| > > HTH, > Neale. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From rcd at amherst.com Mon Jan 15 08:54:56 2001 From: rcd at amherst.com (Robert Dege) Date: Mon, 15 Jan 2001 09:54:56 -0500 Subject: [pptp-server] 128 bit connections References: <200FAA488DE0D41194F10010B597610D06517F@JUPITER> Message-ID: <3A630F40.8135CD38@comptekamherst.com> I got it working ~20 minutes after the email. All it requires was the replacement of the pppmac.vxd file, and a reboot. The only other testing want to do is have pptp quiery for a 128 bit connection first, and then default to 40bit if it's unavailable. But I think Windows attempts maximum encryption upon connection. -Rob > Better check up that Win9X does fully support 128bit encryption coz the last > I heard it's not supported.... I may be wrong and if so point me out to > which versions of the evilware software do support it properly.. As far as I > know it's only NT that has proper 128bit support. > > thanks, > George Vieira > > -----Original Message----- > From: Robert Dege [mailto:rcd at amherst.com] > Sent: Saturday, January 13, 2001 8:04 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] 128 bit connections > > I'm trying to get 128 bit connections to work, but am having trouble. I > am connecting using a Win98SE Laptop. > > I can connect just fine using 40bit. But when I comment that line out & > add mppe-128, mpp-stateless, require-mppe, require-mppe-stateless..... > I still the client trying to connect at 40 bit. > > I added the patch from smop.de. I recompiled & installed the pppd, but > do I have to re-patch the kernel with the included encryption code? > > -Rob > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From rcd at amherst.com Mon Jan 15 12:09:38 2001 From: rcd at amherst.com (Robert Dege) Date: Mon, 15 Jan 2001 13:09:38 -0500 Subject: [pptp-server] ipfwd References: <20010112162812.9441.qmail@web9706.mail.yahoo.com> Message-ID: <3A633CE2.A703C159@comptekamherst.com> Anybody have any luck with ipfwd? I am using version 1.0. Does anybody know if there is a newer version available? I am having no luck, or it is not working correctly, and I need a new version. -Rob From palliett at accurcast.com Mon Jan 15 13:37:01 2001 From: palliett at accurcast.com (Peter Alliett) Date: Mon, 15 Jan 2001 14:37:01 -0500 Subject: [pptp-server] ADSL Connection Message-ID: I have been trying to connect to my poptop vpn server un-successfully from my home adsl connection. Has anyone been successful in getting this to work? If so what is your configuration. I have 1.2 down and 128K up Alcatel home connect adsl modem connecting to a Ascend pipleline 56K centrex circuit. I can use dial-up fine, but I would prefer to use me adsl line. Peter From Steve at SteveCowles.com Mon Jan 15 14:03:30 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 15 Jan 2001 14:03:30 -0600 Subject: [pptp-server] ipfwd Message-ID: <90769AF04F76D41186C700A0C90AFC3EE5FE@defiant.infohiiway.com> > -----Original Message----- > From: Robert Dege [mailto:rcd at amherst.com] > Sent: Monday, January 15, 2001 12:10 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] ipfwd > > Anybody have any luck with ipfwd? > > I am using version 1.0. Does anybody know if there is a newer version > available? > > I am having no luck, or it is not working correctly, and I need a new > version. I'm using ipfwd (version 1.0) and have NOT had any problems at all. In fact, I use ipfwd to forward GRE (protocol 47) to my masq'd PopTop server which is behind my linux based firewall. Are you sure that you have also opened (-j ACCEPT) the protocol you are trying to forward using ipchains first? Makes a big difference! Steve Cowles From dlafraia at mindspring.net Mon Jan 15 14:08:45 2001 From: dlafraia at mindspring.net (Daniel Lafraia) Date: Mon, 15 Jan 2001 15:08:45 -0500 Subject: [pptp-server] pptpd IP filter Message-ID: <006001c07f2e$fb6fb880$3ed945cf@MRHANKEY> Hello, Is there any way to filter requests to pptpd using pptpd's own control? I mean, if I use pptpctrl with inetd I can control that by just using /etc/hosts.allow|deny, but I have no clue how to do that with pptpd itself. Any idea? BTW, is it possible to be done by username? Please reply to dlafraia at mindspring.net - I'm not subscribed to this list. Thank you. Daniel Lafraia From Steve at SteveCowles.com Mon Jan 15 14:16:15 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 15 Jan 2001 14:16:15 -0600 Subject: [pptp-server] ADSL Connection Message-ID: <90769AF04F76D41186C700A0C90AFC3EE5FF@defiant.infohiiway.com> > I have been trying to connect to my poptop vpn server > un-successfully from my home adsl connection. > > Has anyone been successful in getting this to work? Yes > > If so what is your configuration. 768/128k ADSL circuit from Verizon. > > I have 1.2 down and 128K up Alcatel home connect adsl modem > connecting to a Ascend pipleline 56K centrex circuit. Unfortunately, there are as many flavors of xDSL as there are ice cream at Baskin-Robins. My particular setup consists of an ADSL modem from Fujitsu (not router) which then connects to my linux based router/firewall which then forwards the inbound PPTP connection to my masq'd PopTop server running on Redhat6.1. Whew!! > > I can use dial-up fine, but I would prefer to use me adsl line. Sometimes this problem can be as simple as your router "blocking" the inbound GRE protocol along with TCP port 1723. You might want to check. Steve Cowles From djm at wiz.net.au Mon Jan 15 14:19:02 2001 From: djm at wiz.net.au (David Moylan) Date: Tue, 16 Jan 2001 07:19:02 +1100 Subject: [pptp-server] ipfwd References: <20010112162812.9441.qmail@web9706.mail.yahoo.com> <3A633CE2.A703C159@comptekamherst.com> Message-ID: <001201c07f30$66e90980$1464a8c0@dmoylan> i use the (experimental) kernel IP forwarding for most of my "behind the firewall" stuff. i recall a kernel patch to allow GRE to be forwarded as well. i think i used this back in the ~2.2.12 days. i've been trying recently to find these patches again. is it still required? or has this been built into the kernel now (i'm running 2.2.18) i use ipmasqadm to control the forwarding. am i barking up the right tree? or should i really be using ipfwd to handle pptp servers "behind" the firewall? any reference to a site, etc, would be fine cheers, Wiz!! ----- Original Message ----- From: "Robert Dege" To: Sent: Tuesday, January 16, 2001 5:09 AM Subject: [pptp-server] ipfwd > > Anybody have any luck with ipfwd? > > I am using version 1.0. Does anybody know if there is a newer version > available? > > I am having no luck, or it is not working correctly, and I need a new > version. > > -Rob > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From palliett at accurcast.com Mon Jan 15 15:36:55 2001 From: palliett at accurcast.com (Peter Alliett) Date: Mon, 15 Jan 2001 16:36:55 -0500 Subject: [pptp-server] Kernel Patch GRE Masquerade Message-ID: Is there a patch for the 2.2.18 kernel to masq GRE. Thanks, Peter From Steve at SteveCowles.com Mon Jan 15 15:39:24 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 15 Jan 2001 15:39:24 -0600 Subject: [pptp-server] ipfwd Message-ID: <90769AF04F76D41186C700A0C90AFC3EE600@defiant.infohiiway.com> > > i use the (experimental) kernel IP forwarding for most of my > "behind the firewall" stuff. i recall a kernel patch to allow GRE > to be forwarded as well. i think i used this back in the ~2.2.12 > days. > > i've been trying recently to find these patches again. is it still > required? or has this been built into the kernel now (i'm running > 2.2.18) I'm confused at exactly what you are referring to. The VPN MASQ patches or the kernel options required for "ipmasqadm"? If your referring to VPN MASQ patches - try: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html If your referring to ipmasqadm, then insure that you have enabled the following before you compile your kernel. # # Protocol-specific masquerading support will be built as modules. # CONFIG_IP_MASQUERADE_MOD=y CONFIG_IP_MASQUERADE_IPAUTOFW=m CONFIG_IP_MASQUERADE_IPPORTFW=m CONFIG_IP_MASQUERADE_MFW=m CONFIG_IP_MASQUERADE_PPTP=m # DEBUG_IP_MASQUERADE_PPTP is not set CONFIG_IP_MASQUERADE_IPSEC=m CONFIG_IP_MASQUERADE_IPSEC_EXPIRE=30 # CONFIG_IP_MASQUERADE_IPSEC_PAROK is not set # DEBUG_IP_MASQUERADE_IPSEC is not set # CONFIG_IP_MASQUERADE_GENERIC is not set CONFIG_IP_ROUTER=y If I remember right (its been awhile) the PPTP/IPSEC options are enabled once you apply the VPN MASQ patches listed above. i.e. The one from John Hardin's WEB site. > > i use ipmasqadm to control the forwarding. Its my understanding that ipmasqadm only supports "port forwarding" of TCP/UDP packets, not protocol 47 (GRE). Ipfwd, on the other hand, seems to handle protocol 47 (GRE)along with protocol 50 (ipsec/esp) forwarding. > > am i barking up the right tree? or should i really be using > ipfwd to handle pptp servers "behind" the firewall? Your on the right track, but I use both ipmasqadm (TCP/port 1723) and ipfwd (protocol 47) to successfully forward/connect to my masq'd PPTP server behind my linux based firewall. I basically issue the following commands to allow connections to my masq'd PopTop server. ipmasqadm -a -P tcp -L $ext_ip_firewall 1723 -R 192.168.9.3 1723 ipfwd --masq 192.168.9.3 47 & In addition, you must also open (ACCEPT) TCP port 1723 and protocol 47 on the external interface using ipchains. My suggestion is to open up your firewall (temporarily) until you get the port/protocol forwarding working for PPTP. Then tighten down your firewall rules to fit your security policy. Steve Cowles From brett at simplynet.net Mon Jan 15 17:02:14 2001 From: brett at simplynet.net (brett benefield) Date: Mon, 15 Jan 2001 17:02:14 -0600 Subject: [pptp-server] VPN with NT Domain Controller Message-ID: <000a01c07f47$34032200$5850afcf@HYDE> Ok I have looked through way too many postings on the mailing list for vpn with an nt domain controller and I have come to only one conclusion. I am now officially confused. So I have two questions. 1. Can it be done? What I have is, I have a Doctor's office that has an office manager that works from home. So I have to be able to log her in through the domain controller becuase she has to access some databases. 2. What extra programs will I need? I realize I need ppp, pptpd, samba, and then ipchains configured, but I also think I read where I'll need to configure PAM support? Any help or comments would be greatly appreciated. Brett -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajennamo at uncc.edu Mon Jan 15 21:01:46 2001 From: ajennamo at uncc.edu (Andy Ennamorato) Date: Mon, 15 Jan 2001 22:01:46 -0500 (EST) Subject: [pptp-server] Problems logging into PopTop Message-ID: Poptop gurus, I recently setup PopTop 1.1.2 on a Linux RedHat 6.2, Kernel 2.2.14 machine. I have ppp 2.3.11 and use an ADSL connection to access the Internet. The Linux box acts as a firewall/router for a Win98 machine sitting behind it, but I "opened" the firewall to test the VPN/PopTop connection. When I try to connect from the Win98 machine from behind the firewall (going out, then coming back in using the Linux box's external IP address), the Win98 client will say "Username and password verified...", writes approximately 300 bytes, then disconnects. If I try again, after that, it doesn't even make the connection. I believe that I just don't have the right setup with the chap-secrets and the /etc/ppp/options files. When I look at the logs (pptp.log and /var/log/messages), I noticed this error: >Jan 15 18:22:54 yoyodyne pppd[1215]: Peer is not authorized to use remote address 192.168.1.70 >Jan 15 18:22:54 yoyodyne pppd[1215]: sent [IPCP TermReq id=0x3 "Unauthorized remote IP address"] I've searched through the archive and through some of the old messages I've seen go by on the list, but couldn't quite find an answer. Here's a copy of my options file (/etc/ppp/options - is it advisable to use a options.pptp type file instead?): lock debug Here's the /etc/pptpd.conf file: speed 115200 debug localip 192.168.1.80-89 remoteip 192.168.1.70-79 Here's the chap-secrets file: # Secrets for authentication using CHAP # client server secret IP addresses guest * XXXXX * andy * XXXX * "anjoju" * "XXXXX" The last line in the chap-secrets file is for the ADSL connection. Does PopTop use " "'s around the username/secret, or is it fine with just spaces and tabs to delimit the fields? Finally, here are portions of the /var/log and /var/log/pptpd.log files, relevent to the error I'm getting. I've tried following the RedHat-PoPToP.txt file and using the FAQ on http://poptop.lineo.com, but still no luck. Could someone post their chap-secrets/pptpd.conf files, I'm sure I'm missing something stupid. Thanks in advance, Andy Ennamorato ajennamo at uncc.edu pptpd.log: Jan 15 18:22:51 yoyodyne pppd[1215]: pppd 2.3.11 started by root, uid 0 Jan 15 18:22:51 yoyodyne pppd[1215]: Using interface ppp1 Jan 15 18:22:51 yoyodyne pppd[1215]: Connect: ppp1 <--> /dev/pts/1 Jan 15 18:22:51 yoyodyne pppd[1215]: sent [LCP ConfReq id=0x1 ] Jan 15 18:22:54 yoyodyne pppd[1215]: sent [LCP ConfReq id=0x1 ] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [LCP ConfReq id=0x1 ] Jan 15 18:22:54 yoyodyne pppd[1215]: sent [LCP ConfAck id=0x1 ] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [LCP ConfAck id=0x1 ] Jan 15 18:22:54 yoyodyne pppd[1215]: sent [IPCP ConfReq id=0x1 ] Jan 15 18:22:54 yoyodyne pppd[1215]: sent [CCP ConfReq id=0x1 ] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [IPCP ConfReq id=0x1 ] Jan 15 18:22:54 yoyodyne pppd[1215]: sent [IPCP ConfRej id=0x1 ] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [CCP ConfReq id=0x1 < 12 06 01 00 00 01> < 11 05 00 01 04>] Jan 15 18:22:54 yoyodyne pppd[1215]: sent [CCP ConfRej id=0x1 < 12 06 01 00 00 01> < 11 05 00 01 04>] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [IPCP ConfRej id=0x1 ] Jan 15 18:22:54 yoyodyne pppd[1215]: sent [IPCP ConfReq id=0x2 ] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [CCP ConfRej id=0x1 ] Jan 15 18:22:54 yoyodyne pppd[1215]: sent [CCP ConfReq id=0x2] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [IPCP ConfReq id=0x2 ] Jan 15 18:22:54 yoyodyne pppd[1215]: sent [IPCP ConfNak id=0x2 ] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [CCP ConfReq id=0x2] Jan 15 18:22:54 yoyodyne pppd[1215]: sent [CCP ConfAck id=0x2] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [IPCP ConfAck id=0x2 ] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [CCP ConfAck id=0x2] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [IPCP ConfReq id=0x3 ] Jan 15 18:22:54 yoyodyne pppd[1215]: sent [IPCP ConfAck id=0x3 ] Jan 15 18:22:54 yoyodyne pppd[1215]: Peer is not authorized to use remote address 192.168.1.70 Jan 15 18:22:54 yoyodyne pppd[1215]: sent [IPCP TermReq id=0x3 "Unauthorized remote IP address"] Jan 15 18:22:54 yoyodyne pppd[1215]: rcvd [CCP TermReq id=0x3] Jan 15 18:22:54 yoyodyne pppd[1215]: CCP terminated by peer Jan 15 18:22:54 yoyodyne pppd[1215]: sent [CCP TermAck id=0x3] Jan 15 18:22:54 yoyodyne pppd[1215]: Compression disabled by peer. Jan 15 18:22:57 yoyodyne pppd[1215]: sent [IPCP TermReq id=0x4 "Unauthorized remote IP address"] Jan 15 18:23:00 yoyodyne pppd[1215]: sent [LCP TermReq id=0x2 "No network protocols running"] Jan 15 18:23:00 yoyodyne pppd[1215]: rcvd [IPCP TermAck id=0x4] Jan 15 18:23:00 yoyodyne pppd[1215]: rcvd [LCP TermAck id=0x2] Jan 15 18:23:00 yoyodyne pppd[1215]: Connection terminated. Jan 15 18:23:00 yoyodyne pppd[1215]: Connect time 0.1 minutes. Jan 15 18:23:00 yoyodyne pppd[1215]: Sent 389 bytes, received 347 bytes. Jan 15 18:23:00 yoyodyne pppd[1215]: Exit. /var/log/messages: Jan 15 18:21:22 yoyodyne pptpd[1212]: MGR: Manager process started Jan 15 18:22:51 yoyodyne pptpd[1214]: CTRL: Client 192.168.0.2 control connection started Jan 15 18:22:51 yoyodyne pptpd[1214]: CTRL: Starting call (launching pppd, opening GRE) Jan 15 18:22:51 yoyodyne pppd[1215]: pppd 2.3.11 started by root, uid 0 Jan 15 18:22:51 yoyodyne kernel: registered device ppp1 Jan 15 18:22:51 yoyodyne pppd[1215]: Using interface ppp1 Jan 15 18:22:51 yoyodyne pppd[1215]: Connect: ppp1 <--> /dev/pts/1 Jan 15 18:22:51 yoyodyne pptpd[1214]: Buffering out-of-order packet; got 1 after 4294967295 Jan 15 18:22:54 yoyodyne pptpd[1214]: Packet reorder timeout waiting for 0 Jan 15 18:22:54 yoyodyne pptpd[1214]: Buffering out-of-order packet; got 2 after 0 Jan 15 18:22:54 yoyodyne kernel: PPP BSD Compression module registered Jan 15 18:22:54 yoyodyne kernel: PPP Deflate Compression module registered Jan 15 18:22:54 yoyodyne pppd[1215]: Peer is not authorized to use remote address 192.168.1.70 Jan 15 18:22:54 yoyodyne pppd[1215]: CCP terminated by peer Jan 15 18:22:54 yoyodyne pppd[1215]: Compression disabled by peer. Jan 15 18:22:57 yoyodyne pptpd[1214]: Buffering out-of-order packet; got 14 after 12 Jan 15 18:23:00 yoyodyne pptpd[1214]: Packet reorder timeout waiting for 13 Jan 15 18:23:00 yoyodyne pptpd[1214]: Buffering out-of-order packet; got 15 after 13 Jan 15 18:23:00 yoyodyne pppd[1215]: Connection terminated. Jan 15 18:23:00 yoyodyne pppd[1215]: Connect time 0.1 minutes. Jan 15 18:23:00 yoyodyne pppd[1215]: Sent 389 bytes, received 347 bytes. Jan 15 18:23:00 yoyodyne pppd[1215]: Exit. Jan 15 18:23:00 yoyodyne pptpd[1214]: Error reading from pppd: Input/output error Jan 15 18:23:00 yoyodyne pptpd[1214]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4) Jan 15 18:23:00 yoyodyne pptpd[1214]: CTRL: Client 192.168.0.2 control connection finished From tib at tigerknight.org Mon Jan 15 21:14:43 2001 From: tib at tigerknight.org (Tib) Date: Mon, 15 Jan 2001 19:14:43 -0800 (PST) Subject: [pptp-server] error when running pppd Message-ID: Ok, after a bit of running around, I worked it out to this now. when I run 'pppd noauth', I get this error and then it exits: Jan 15 19:10:48 unica pppd[24573]: pppd 2.3.11 started by root, uid 0 Jan 15 19:10:48 unica modprobe: modprobe: Can't locate module tty-ldisc-3 Jan 15 19:10:48 unica pppd[24573]: ioctl(TIOCSETD): Invalid argument(22) Jan 15 19:10:48 unica pppd[24573]: Exit. Make more sense to someone? Tib From GeorgeV at citadelcomputer.com.au Mon Jan 15 21:43:56 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 16 Jan 2001 14:43:56 +1100 Subject: [pptp-server] error when running pppd Message-ID: <200FAA488DE0D41194F10010B597610D06526F@JUPITER> I think your dependencies/modules are not setup correctly.. It's not finding the modules.. When you upgrading the kernel, did you do also: make modules make modules_install ????? thanks, George Vieira -----Original Message----- From: Tib [mailto:tib at tigerknight.org] Sent: Tuesday, January 16, 2001 2:15 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] error when running pppd Ok, after a bit of running around, I worked it out to this now. when I run 'pppd noauth', I get this error and then it exits: Jan 15 19:10:48 unica pppd[24573]: pppd 2.3.11 started by root, uid 0 Jan 15 19:10:48 unica modprobe: modprobe: Can't locate module tty-ldisc-3 Jan 15 19:10:48 unica pppd[24573]: ioctl(TIOCSETD): Invalid argument(22) Jan 15 19:10:48 unica pppd[24573]: Exit. Make more sense to someone? Tib _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From tib at tigerknight.org Mon Jan 15 22:03:48 2001 From: tib at tigerknight.org (Tib) Date: Mon, 15 Jan 2001 20:03:48 -0800 (PST) Subject: [pptp-server] error when running pppd In-Reply-To: <200FAA488DE0D41194F10010B597610D06526F@JUPITER> Message-ID: Yep, it originally started out as an error of 'modprobe can't find modules.dep' or some such, because I forgot to run the make modules_install, but then I went and rebuilt the kernel from a-z again and ran all the make commands, and i still get that error. I'm about to update to pppd 2.4.0 though, we'll see if that helps. Tib On Tue, 16 Jan 2001, George Vieira wrote: > I think your dependencies/modules are not setup correctly.. It's not finding > the modules.. > > When you upgrading the kernel, did you do also: > > make modules > make modules_install > > ????? > > thanks, > George Vieira > > > -----Original Message----- > From: Tib [mailto:tib at tigerknight.org] > Sent: Tuesday, January 16, 2001 2:15 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] error when running pppd > > > Ok, after a bit of running around, I worked it out to this now. when I run > 'pppd noauth', I get this error and then it exits: > > Jan 15 19:10:48 unica pppd[24573]: pppd 2.3.11 started by root, uid 0 > Jan 15 19:10:48 unica modprobe: modprobe: Can't locate module tty-ldisc-3 > Jan 15 19:10:48 unica pppd[24573]: ioctl(TIOCSETD): Invalid argument(22) > Jan 15 19:10:48 unica pppd[24573]: Exit. > > > Make more sense to someone? > > > Tib > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From GeorgeV at citadelcomputer.com.au Mon Jan 15 22:14:15 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 16 Jan 2001 15:14:15 +1100 Subject: [pptp-server] error when running pppd Message-ID: <200FAA488DE0D41194F10010B597610D06527A@JUPITER> you could try: depmod -a but I think you have to be in the correct directory for it to find all modules... thanks, George Vieira -----Original Message----- From: Tib [mailto:tib at tigerknight.org] Sent: Tuesday, January 16, 2001 3:04 PM To: George Vieira Cc: pptp-server at lists.schulte.org Subject: RE: [pptp-server] error when running pppd Yep, it originally started out as an error of 'modprobe can't find modules.dep' or some such, because I forgot to run the make modules_install, but then I went and rebuilt the kernel from a-z again and ran all the make commands, and i still get that error. I'm about to update to pppd 2.4.0 though, we'll see if that helps. Tib On Tue, 16 Jan 2001, George Vieira wrote: > I think your dependencies/modules are not setup correctly.. It's not finding > the modules.. > > When you upgrading the kernel, did you do also: > > make modules > make modules_install > > ????? > > thanks, > George Vieira > > > -----Original Message----- > From: Tib [mailto:tib at tigerknight.org] > Sent: Tuesday, January 16, 2001 2:15 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] error when running pppd > > > Ok, after a bit of running around, I worked it out to this now. when I run > 'pppd noauth', I get this error and then it exits: > > Jan 15 19:10:48 unica pppd[24573]: pppd 2.3.11 started by root, uid 0 > Jan 15 19:10:48 unica modprobe: modprobe: Can't locate module tty-ldisc-3 > Jan 15 19:10:48 unica pppd[24573]: ioctl(TIOCSETD): Invalid argument(22) > Jan 15 19:10:48 unica pppd[24573]: Exit. > > > Make more sense to someone? > > > Tib > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From pptp at szczepanek.de Tue Jan 16 01:06:00 2001 From: pptp at szczepanek.de (Torge Szczepanek) Date: Tue, 16 Jan 2001 08:06:00 +0100 Subject: [pptp-server] ADSL Connection References: Message-ID: <004001c07f8a$c8bcba80$02ffa8c0@maus.net> Hi! > my home adsl connection. > Has anyone been successful in getting this to work? Yes. I am currently using a remote linux server and a local linux router with a masquerading patch. Everything works fine. > If so what is your configuration. > I have 1.2 down and 128K up Alcatel home connect adsl modem connecting to a > Ascend pipleline 56K centrex circuit. 768/128kbit connection using a Siemens ADSL modem and T-DSL from german telekom. Torge Szczepanek From hillarian at kompascyber.com Tue Jan 16 03:50:35 2001 From: hillarian at kompascyber.com (Boy Hutri) Date: Tue, 16 Jan 2001 16:50:35 +0700 Subject: [pptp-server] best choise to pptp server Message-ID: <3a64bfcd.5de0.0@kompascyber.com> I have planning to install a pptp server that could be access by many pptp client with have many platform where the pptp client are many web servers that login to my pptp server under a special program. I have explore some VPN technology like PPTP base on W2k or WinNT and IPsec base on SecureRemote from Check Point. But until now, i don't have any answer to choose a kind pptp server that could access by many platform. May be someone in this forum could give me an advise to answer my problem above. thanx before -hutriest- _____________________________________________________ Get your free E-mail account at http://www.kompas.com _____________________________________________________ From rcd at amherst.com Tue Jan 16 10:07:43 2001 From: rcd at amherst.com (Robert Dege) Date: Tue, 16 Jan 2001 11:07:43 -0500 Subject: [pptp-server] Kernel Patching Message-ID: <3A6471CF.76368B76@comptekamherst.com> There is a kernel patch at this web site: http://bmrc.berkeley.edu/people/chaffee/linux_pptp.html It creates a module to allow Linux IP masquerading to handle PPTP. I implemented this on my firewall to try & fix my problems of GRE packet forwarding. But when I try to make a PPTP connection to my masqueraded server, the module never laods. If I manually insmod it, it remains unused even during the PPTP connection attempt. Does anybody know if this patch is only for masqueraded PPTP Clients instead of a server? His documentation is not quite clear in this area. -Rob From giulioo at pobox.com Tue Jan 16 12:25:32 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Tue, 16 Jan 2001 19:25:32 +0100 Subject: [pptp-server] Kernel Patching In-Reply-To: <3A6471CF.76368B76@comptekamherst.com> References: <3A6471CF.76368B76@comptekamherst.com> Message-ID: <20010116182656.E14441658D@i3.golden.dom> On Tue, 16 Jan 2001 11:07:43 -0500, you wrote: >There is a kernel patch at this web site: >http://bmrc.berkeley.edu/people/chaffee/linux_pptp.html >Does anybody know if this patch is only for masqueraded PPTP Clients >instead of a server? His documentation is not quite clear in this area. That's correct. The patch is for clients behind a linux gateway to access a remote vpn server. To masq an internal server (ie: clients -> Linux gateway -> Linux internal vpn) see http://www.pdos.lcs.mit.edu/~cananian/Projects/IPfwd and ipchains -- giulioo at pobox.com From palliett at accurcast.com Tue Jan 16 15:01:28 2001 From: palliett at accurcast.com (Peter Alliett) Date: Tue, 16 Jan 2001 16:01:28 -0500 Subject: [pptp-server] PPPD-2.3.11 Patch for Kernel 2.2.18 Message-ID: I am trying to patch pppd for mppe to do encryption on Kernel 2.2.18 and it is bombing at making modules. It is complaining about ppp_magic. Anyone get this to compile and work on this Kernel. Peter From Steve at SteveCowles.com Tue Jan 16 18:11:34 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 16 Jan 2001 18:11:34 -0600 Subject: [pptp-server] PPPD-2.3.11 Patch for Kernel 2.2.18 Message-ID: <90769AF04F76D41186C700A0C90AFC3EE603@defiant.infohiiway.com> > -----Original Message----- > From: Peter Alliett [mailto:palliett at accurcast.com] > Sent: Tuesday, January 16, 2001 3:01 PM > To: 'vpn' > Subject: [pptp-server] PPPD-2.3.11 Patch for Kernel 2.2.18 > > > I am trying to patch pppd for mppe to do encryption on Kernel > 2.2.18 and it is bombing at making modules. > > It is complaining about ppp_magic. > > Anyone get this to compile and work on this Kernel. > Have you taken a look at the FAQ written by Phil Van Baren??? http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt Specifically section 7.4.1 Steve Cowles From andre+mailinglists.pptp at ddimension.net Wed Jan 17 08:51:55 2001 From: andre+mailinglists.pptp at ddimension.net (=?iso-8859-1?Q?Andr=E9_Valentin?=) Date: Wed, 17 Jan 2001 15:51:55 +0100 Subject: [pptp-server] MPPE with WinME->no encryption? Message-ID: <000e01c08095$09763c80$0401a8c0@fido.teuto.de> Hi! I 've just tried to setup ppp with mppe encoding, but after I tried to connect with a Windows ME client, I always get those messages about CCP. It seems that windows wants , but the linux-implementation can't handle it. Is there any way to force MS to accept , because Windows want's this and any alternative is throw away by MS. Thanks in advance, Andr? sent [CCP ConfReq id=0x1 ] MSCHAP-v2 peer authentication succeeded for *** rcvd [CCP ConfReq id=0x1 ] sent [CCP ConfNak id=0x1 ] rcvd [CCP ConfRej id=0x1 ] sent [CCP ConfReq id=0x2 ] rcvd [CCP ConfReq id=0x2 ] kernel: compress rejected: opt_len=32,o[0]=12,o[1]=6 ^^^^^ What does this mean. That my kernel can't handle 40 bit encryption? sent [CCP ConfRej id=0x2 ] rcvd [CCP ConfNak id=0x2 ] kernel: compress rejected: opt_len=32,o[0]=12,o[1]=6 sent [CCP ConfReq id=0x3] rcvd [CCP ConfReq id=0x3] sent [CCP ConfAck id=0x3] rcvd [CCP ConfAck id=0x3] Received bad configure-ack: rcvd [CCP TermReq id=0x4] sent [CCP TermAck id=0x4] -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcd at amherst.com Wed Jan 17 16:50:05 2001 From: rcd at amherst.com (Robert Dege) Date: Wed, 17 Jan 2001 17:50:05 -0500 Subject: [pptp-server] interface eth0 References: <20010114174133.75C071637C@i3.golden.dom> <20010114202259.3FFF61637C@i3.golden.dom> <3A628ABD.3CEE5108@home.com> Message-ID: <3A66219D.5B8CC8B@comptekamherst.com> pppd[1666]: found interface eth0 for proxy arp pppd[1666]: local IP address real_IP pppd[1666]: remote IP address 172.28.41.48 >ifconfig eth0 -> 172.28.254.46 eth1 -> real_IP I'm thinking that pptp should be seeing eth0 as 172.28.254.46 instead of real_IP. Also, my PPTP client can only communicate with the PPTP server. If I try to ping any other masqueraded machines inside the firewall, I get no response. I'm trying to fool around with the localip & remoteip in the pptp.conf file, but I'm having no luck. Any suggestions? -Rob From christian.tardif at videotron.ca Wed Jan 17 20:55:28 2001 From: christian.tardif at videotron.ca (Christian Tardif) Date: Wed, 17 Jan 2001 21:55:28 -0500 Subject: [pptp-server] Connexion, but no ping..... Message-ID: <5.0.2.1.2.20010117213717.00ac0b20@pop.videotron.ca> I've been able to set up pptp on my server: pptpd-1.0.1 ppp-2.3.11 with ppp-2.3.110openssl-0.9.5-mppe patch applied SSLeay-0.9.0b I've been able to compile and install everything. For PPP, I decided to include it into the kernel for ease of use. Everything seems to be working correctly. Here are my config files: /etc/pptpd.conf: speed 115200 localip 192.168.1.1 remoteip 192.168.1.2 listen 10.0.0.1 debug /etc/ppp/options: lock name crasseux auth proxyarp require-chap ms-dns 172.16.1.1 domain tardif.com #defaultroute +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/ppp/chap-secrets: # Secrets for authentication using CHAP # client server secret IP addresses billy crasseux bob * My host config is as followed: eth0 Link encap:Ethernet HWaddr 00:50:DA:2A:80:48 inet addr:24.202.188.142 Bcast:255.255.255.255 Mask:255.255.255.0 UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 RX packets:92718 errors:0 dropped:0 overruns:0 frame:0 TX packets:56883 errors:0 dropped:0 overruns:0 carrier:3 collisions:19 eth1 Link encap:Ethernet HWaddr 00:50:04:7F:AA:BA inet addr:172.16.1.1 Bcast:172.16.255.255 Mask:255.255.0.0 EtherTalk Phase 2 addr:1/20 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:87640 errors:0 dropped:0 overruns:0 frame:0 TX packets:140051 errors:0 dropped:0 overruns:0 carrier:0 collisions:25773 When I connect from a Windows2000 Pro, I get this other network device: ppp0 Link encap:Point-to-Point Protocol inet addr:192.168.1.1 P-t-P:192.168.1.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:20 errors:0 dropped:0 overruns:0 frame:0 TX packets:17 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 And the routing table, at this time, is: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 24.202.188.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 24.202.188.1 0.0.0.0 UG 0 0 0 eth0 The problem is that I cannot ping the server from my workstation, nor I can ping the workstation from the pptp server. Forwarding is enabled, as proxyarp is. What am I missing ? I put all my energy in this for days, but I just can make it work..... and it HAS to work. I'm on Mandrake 7.2, with kernel 2.4.0-0.31. Any help would be much appreciated ! Christian Tardif christian.tardif at videotron.ca From Steve at SteveCowles.com Wed Jan 17 23:41:51 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 17 Jan 2001 23:41:51 -0600 Subject: [pptp-server] Connexion, but no ping..... Message-ID: <90769AF04F76D41186C700A0C90AFC3EE607@defiant.infohiiway.com> > > The problem is that I cannot ping the server from my > workstation, nor I can ping the workstation from the > pptp server. Forwarding is enabled, as proxyarp is. > What am I missing ? I put all my energy in this for > days, but I just can make it work..... and it HAS > to work. I'm on Mandrake 7.2, with kernel 2.4.0-0.31. > > Any help would be much appreciated ! Just a thought!!, but if you "indeed" have ip forwarding enabled and you see a message in your logfiles stating something to the effect "found interface eth1 for proxy arp", then its possible that your ipchain rules are NOT accepting and/or forwarding from eth1 to ppp0 and vise-versa. Steve Cowles From sclarke at neptune.tzo.cc Thu Jan 18 01:50:16 2001 From: sclarke at neptune.tzo.cc (Sean Clarke) Date: Wed, 17 Jan 2001 23:50:16 -0800 (PST) Subject: [pptp-server] VPN HELP Message-ID: Ok I have a problem and I dont know what is happening... here is the scenario Windows 2K behind an linux ipchains box poptop is running on this same machine with the cable modem of course. exernal ip 24.66.168.51 Windows 2K box internal ip address.... I have setup the VPN Connection on the windows2k box. On my linux box (poptop server) I have this in my logs Jan 17 23:24:30 neptune pptpd[958]: CTRL: Client 24.66.168.51 control connection started Jan 17 23:24:30 neptune pptpd[958]: CTRL: Starting call (launching pppd, opening GRE) Jan 17 23:24:30 neptune kernel: CSLIP: code copyright 1989 Regents of the University of California Jan 17 23:24:30 neptune kernel: PPP: version 2.3.7 (demand dialling) Jan 17 23:24:30 neptune kernel: PPP line discipline registered. Jan 17 23:24:30 neptune kernel: registered device ppp0 Jan 17 23:24:30 neptune pppd[959]: pppd 2.3.11 started by root, uid 0 Jan 17 23:24:30 neptune pppd[959]: Using interface ppp0 Jan 17 23:24:30 neptune pppd[959]: Connect: ppp0 <--> /dev/pts/1 Jan 17 23:25:01 neptune pppd[959]: LCP: timeout sending Config-Requests Jan 17 23:25:01 neptune pppd[959]: Connection terminated. Jan 17 23:25:01 neptune pppd[959]: Exit. Jan 17 23:25:01 neptune pptpd[958]: GRE: read(fd=5,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output error Jan 17 23:25:01 neptune pptpd[958]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) How or what is causing the LCP: timeout sending Config-Requests? how can i fix this... Thanks Sean Clarke From Steve at SteveCowles.com Thu Jan 18 11:21:05 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Thu, 18 Jan 2001 11:21:05 -0600 Subject: [pptp-server] VPN HELP Message-ID: <90769AF04F76D41186C700A0C90AFC3EE609@defiant.infohiiway.com> > On my linux box (poptop server) I have this in my logs > > Jan 17 23:25:01 neptune pppd[959]: LCP: timeout sending > Config-Requests > Jan 17 23:25:01 neptune pppd[959]: Connection terminated. > Jan 17 23:25:01 neptune pppd[959]: Exit. > Jan 17 23:25:01 neptune > pptpd[958]: GRE: read(fd=5,buffer=804d8c0,len=8196) from PTY > failed: status = -1 error = Input/output error > Jan 17 23:25:01 neptune pptpd[958]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Have you read the PopTop FAQ developed by Phil Van Baren? Checkout: http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt I would think sections 7.3.5 and 7.3.9 apply to your post. Steve Cowles From yan at cardinalengineering.com Thu Jan 18 18:55:42 2001 From: yan at cardinalengineering.com (yan seiner) Date: Thu, 18 Jan 2001 19:55:42 -0500 Subject: [pptp-server] routing and multiple connections Message-ID: <3A67908E.8010501@cardinalengineering.com> I have a (currently) theoretical question: How do I set up routing with pptpd? I have one test pptp client so it always comes in on ppp0, and I can set up the correct routing by hand. But what happens when I get multiple pptp clients? How do I add the entries the routing table for ppp1, 2, ...? And remove them when the connection drops? Soon this will be a real issue; I need to get a handle on it before it hits production and paying clients. BTW, if anyone is interested in 128 bit encryption on win95 OSR1, let me know. I just figured it out :-) thanks, --Yan From ismandya at sains.com.my Thu Jan 18 19:06:10 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Fri, 19 Jan 2001 09:06:10 +0800 Subject: [pptp-server] error 678 Message-ID: <3A679302.BD982BE6@sains.com.my> hi people, i have setup my linux box for pptp server. I am using kernel linux 2.2.17, ppp-2.3.11 and pptp-1.1.2. From my windows client, this is what I got: error 678 "The remote computer did not respond within a reasonable amount of time." can somebody figure it out what is this suppose to mean? Kukulkan From ismandya at sains.com.my Fri Jan 19 00:24:27 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Fri, 19 Jan 2001 14:24:27 +0800 Subject: [pptp-server] error reading from pppd but pppd is in /usr/sbin/pppd Message-ID: <3A67DD9B.5D62495F@sains.com.my> Hi guys, What is this server's problem actually? I have read through the troubleshooting but did n't found the soultions and even read the FAQ. Any expert on this matter?need help. Kukulkan Snip from my linux box running pptpd I am using linux kernel 2.2.17 and pptp-1.1.2, ppp2.3.11 ------------ Jan 19 07:49:08 kgsnt3 pptpd[1669]: Error reading from pppd: Input/output error Jan 19 07:49:08 kgsnt3 pptpd[1669]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Jan 19 07:49:08 kgsnt3 pptpd[1669]: CTRL: Client 161.142.55.214 control connection finished Jan 19 07:49:34 kgsnt3 kernel: CSLIP: code copyright 1989 Regents of the University of California Jan 19 07:49:34 kgsnt3 kernel: PPP: version 2.3.11 (demand dialling) Jan 19 07:49:34 kgsnt3 kernel: PPP line discipline registered. Jan 19 07:49:34 kgsnt3 kernel: registered device ppp0 Jan 19 07:49:34 kgsnt3 pppd[1672]: pppd 2.3.11 started by root, uid 0 Jan 19 07:49:34 kgsnt3 pppd[1672]: Using interface ppp0 Jan 19 07:49:34 kgsnt3 pppd[1672]: Connect: ppp0 <--> /dev/pts/0 Jan 19 07:49:47 kgsnt3 pppd[1672]: Hangup (SIGHUP) Jan 19 07:49:47 kgsnt3 pppd[1672]: Modem hangup Jan 19 07:49:47 kgsnt3 pppd[1672]: Connection terminated. Jan 19 07:49:47 kgsnt3 pppd[1672]: Exit. Jan 19 07:51:05 kgsnt3 pptpd[1676]: CTRL: Client 161.142.55.214 control connection started Jan 19 07:51:05 kgsnt3 pptpd[1676]: CTRL: Starting call (launching pppd, opening GRE) Jan 19 07:51:05 kgsnt3 pptpd[1676]: Error reading from pppd: Input/output error Jan 19 07:51:05 kgsnt3 pptpd[1676]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Jan 19 07:51:05 kgsnt3 pptpd[1676]: CTRL: Client 161.142.55.214 control connection finished Jan 19 07:55:26 kgsnt3 pptpd[1679]: CTRL: Client 161.142.55.99 control connection started Jan 19 07:55:26 kgsnt3 pptpd[1679]: CTRL: Starting call (launching pppd, opening GRE) Jan 19 07:55:26 kgsnt3 pptpd[1679]: Error reading from pppd: Input/output error Jan 19 07:55:26 kgsnt3 pptpd[1679]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Jan 19 07:55:26 kgsnt3 pptpd[1679]: CTRL: Client 161.142.55.99 control connection finished Jan 19 08:00:00 kgsnt3 kernel: PPP: ppp line discipline successfully unregistered From kelly.black at testquest.com Fri Jan 19 04:52:59 2001 From: kelly.black at testquest.com (Kelly Black) Date: Fri, 19 Jan 2001 04:52:59 -0600 Subject: [pptp-server] routing and multiple connections In-Reply-To: <3A67908E.8010501@cardinalengineering.com>; from yan@cardinalengineering.com on Thu, Jan 18, 2001 at 07:55:42PM -0500 References: <3A67908E.8010501@cardinalengineering.com> Message-ID: <20010119045259.B1093@testquest.com> Hmmmm.. how about using: /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw (IP of interface for the wanted network) In a startup script. Kelly Black On Thu, Jan 18, 2001 at 07:55:42PM -0500, yan seiner wrote: > I have a (currently) theoretical question: > > How do I set up routing with pptpd? > > I have one test pptp client so it always comes in on ppp0, and I can set > up the correct routing by hand. But what happens when I get multiple > pptp clients? How do I add the entries the routing table for ppp1, 2, > ...? And remove them when the connection drops? > > Soon this will be a real issue; I need to get a handle on it before it > hits production and paying clients. > > BTW, if anyone is interested in 128 bit encryption on win95 OSR1, let me > know. I just figured it out :-) > > thanks, > > --Yan > From yan at cardinalengineering.com Fri Jan 19 05:06:12 2001 From: yan at cardinalengineering.com (yan seiner) Date: Fri, 19 Jan 2001 06:06:12 -0500 Subject: [pptp-server] routing and multiple connections References: <200FAA488DE0D41194F10010B597610D0654DB@JUPITER> Message-ID: <3A681FA4.202@cardinalengineering.com> I have 4 subnets on my network; the pptp clients will make a fifth. I currenty use vtun to tie the linux clinets together. With the pptp clients, I need a subnet to make my security work correctly - pptp client subnet will be allowed access to some subnets and not others. My network is laid out in a star topology, as I only have a single fixed IP. All clients have random IPs. So to give a pptp client access to, say, the main office and one remote office, but not my home network, and certainly not the main router hub/firewall, I need to add routes manually. As someone else mentioned, I'll look at ip-up and ip-down. That's probably the place to add and remove routes. --Yan George Vieira wrote: > why should you need to route them manually?.. it's all built into the ppd > and the system to route automatically. > > As long as when they connect the PPTPD server and ping them or see them, > then all you have to do is have either default routes on the internal > systems to point to the PPTPD server (only if the pptp client is on a > different network IP and not on the same subnet). > > If it's on the same subnet you will also need to use `proxyarp` so that the > pptpd will respond to network information destined to the pptp clients.. > > I think that's about it... > > Can you explain what's your setup and why you need to route manually? > > > thanks, > George Vieira > > > -----Original Message----- > From: yan seiner [mailto:yan at cardinalengineering.com] > Sent: Friday, January 19, 2001 11:56 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] routing and multiple connections > > > I have a (currently) theoretical question: > > How do I set up routing with pptpd? > > I have one test pptp client so it always comes in on ppp0, and I can set > up the correct routing by hand. But what happens when I get multiple > pptp clients? How do I add the entries the routing table for ppp1, 2, > ....? And remove them when the connection drops? > > Soon this will be a real issue; I need to get a handle on it before it > hits production and paying clients. > > BTW, if anyone is interested in 128 bit encryption on win95 OSR1, let me > know. I just figured it out :-) > > thanks, > > --Yan > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > From Steve at SteveCowles.com Fri Jan 19 14:13:07 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 19 Jan 2001 14:13:07 -0600 Subject: [pptp-server] routing and multiple connections Message-ID: <90769AF04F76D41186C700A0C90AFC3EE60A@defiant.infohiiway.com> > I have 4 subnets on my network; the pptp clients will make a > fifth. I currently use vtun to tie the linux clinets together. > With the pptp clients, I need a subnet to make my security work > correctly - pptp client subnet will be allowed access to some > subnets and not others. > > My network is laid out in a star topology, as I only have a > single fixed IP. All clients have random IPs. > > So to give a pptp client access to, say, the main office and > one remote office, but not my home network, and certainly not > the main router hub/firewall, I need to add routes manually. > > As someone else mentioned, I'll look at ip-up and ip-down. That's > probably the place to add and remove routes. > Personally, I have not setup poptop with a network design such as what you have described. If I was in your shoes though, I would probably take the following approach: Using ip-up/ip-down scripts, limit/grant access a PPTP client has by using ipchains. i.e. If your default policy is set to ACCEPT ipchains -A forward -s $pptp_host -d $restricted_subnet -j REJECT or... If your default policy is set to DENY ipchains -A forward -s $pptp_host -d $valid_subnet -j ACCEPT In other words, take the least path of resistance based on your default policy. Just a thought, another approach could be by interface: ipchains -A input -i ppp+ -j ACCEPT ipchains -A output -i ppp+ -j ACCEPT or... ipchains -A input -i ppp+ -j DENY ipchains -A output -i ppp+ -j DENY Although the following does not specifically apply to PPTP... I also use IPSEC for some of my W2K road warriors. IPSEC's equivalent to ip-up/ip-down allows you to pass variables to a script to be processed after the tunnel is brought up. Obviously my network design and security requirements are different than yours, but this should give you some ideas on how to proceed using PPTP. If I had additional networks to open/restrict, I would place the appropriate commands here. ---- cut/paste from ipsec's updown script ------ uproute() { route add -net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK \ dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP } downroute() { route del -net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK \ dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP } up-client) ipchains -I forward -j ACCEPT -b \ -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; down-client) ipchains -D forward -j ACCEPT -b \ -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK From GeorgeV at citadelcomputer.com.au Fri Jan 19 18:24:57 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sat, 20 Jan 2001 11:24:57 +1100 Subject: [pptp-server] routing and multiple connections Message-ID: <200FAA488DE0D41194F10010B597610D0654E1@JUPITER> You say all clients get random numbers but do you men DHCP numbers? If so, they must be part of a subnet so why not just firewall those subnets from going to other networks? Eg. PPTP1 Client 192.168.0.1------+ | | PPTP2 Client 192.168.0.17-----+ | | /------------+ Linux PPTPD server \------------+ | | NetworkA 192.168.10.0/24--+ NetworkB 192.168.20.0/24--+ # Make PPTP1 not allowed to Network B but OK for Network A /sbin/ichains -A INPUT -s 192.168.0.1 -d 192.168.20.0/24 -j DENY /sbin/ichains -A OUTPUT -s 192.168.20.0/24 -d 192.168.0.1 0.0/24 -j DENY # Make PPTP2 not allowed to Network A but OK for Network B /sbin/ichains -A INPUT -s 192.168.0.1 -d 192.168.10.0/24 -j DENY /sbin/ichains -A OUTPUT -s 192.168.10.0/24 -d 192.168.0.1 0.0/24 -j DENY Something like that.... This is what I did and it works for me, routes are added automatically and then firewall what's not allowed. When you say you add routes manually are you talking about the client side routing to required networks as this is insecure if you want untrusted network to go to selected networks... Firewall is the way... thanks, George Vieira -----Original Message----- From: yan seiner [mailto:yan at cardinalengineering.com] Sent: Friday, January 19, 2001 10:06 PM To: George Vieira; pptp-server at lists.schulte.org Subject: Re: [pptp-server] routing and multiple connections I have 4 subnets on my network; the pptp clients will make a fifth. I currenty use vtun to tie the linux clinets together. With the pptp clients, I need a subnet to make my security work correctly - pptp client subnet will be allowed access to some subnets and not others. My network is laid out in a star topology, as I only have a single fixed IP. All clients have random IPs. So to give a pptp client access to, say, the main office and one remote office, but not my home network, and certainly not the main router hub/firewall, I need to add routes manually. As someone else mentioned, I'll look at ip-up and ip-down. That's probably the place to add and remove routes. --Yan George Vieira wrote: > why should you need to route them manually?.. it's all built into the ppd > and the system to route automatically. > > As long as when they connect the PPTPD server and ping them or see them, > then all you have to do is have either default routes on the internal > systems to point to the PPTPD server (only if the pptp client is on a > different network IP and not on the same subnet). > > If it's on the same subnet you will also need to use `proxyarp` so that the > pptpd will respond to network information destined to the pptp clients.. > > I think that's about it... > > Can you explain what's your setup and why you need to route manually? > > > thanks, > George Vieira > > > -----Original Message----- > From: yan seiner [mailto:yan at cardinalengineering.com] > Sent: Friday, January 19, 2001 11:56 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] routing and multiple connections > > > I have a (currently) theoretical question: > > How do I set up routing with pptpd? > > I have one test pptp client so it always comes in on ppp0, and I can set > up the correct routing by hand. But what happens when I get multiple > pptp clients? How do I add the entries the routing table for ppp1, 2, > ....? And remove them when the connection drops? > > Soon this will be a real issue; I need to get a handle on it before it > hits production and paying clients. > > BTW, if anyone is interested in 128 bit encryption on win95 OSR1, let me > know. I just figured it out :-) > > thanks, > > --Yan > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > From jvonau at home.com Fri Jan 19 21:14:35 2001 From: jvonau at home.com (Jerry Vonau) Date: Fri, 19 Jan 2001 21:14:35 -0600 Subject: [pptp-server] routing and multiple connections References: <90769AF04F76D41186C700A0C90AFC3EE60A@defiant.infohiiway.com> Message-ID: <3A69029B.5440AB64@home.com> Steve: I've been reading the list for a long time, and your one of the people's who words I accept as the gospel truth. I know that you don't just give the answers, but point people to the right place to learn it for themselves. Where would one go to learn more on the subject of routing, other than the man pages and how-tos (they tend to give me a headache) for the average joe?? You have a great insight into the way thinks should work, your posts have help me a great deal. (at least I check the archives first, you have probably ran across it and posted the fix) Where can this information can be found? Can you point the rest of us in the right direction please? Thanks in Advance Jerry Vonau "Cowles, Steve" wrote: > > I have 4 subnets on my network; the pptp clients will make a > > fifth. I currently use vtun to tie the linux clinets together. > > With the pptp clients, I need a subnet to make my security work > > correctly - pptp client subnet will be allowed access to some > > subnets and not others. > > > > My network is laid out in a star topology, as I only have a > > single fixed IP. All clients have random IPs. > > > > So to give a pptp client access to, say, the main office and > > one remote office, but not my home network, and certainly not > > the main router hub/firewall, I need to add routes manually. > > > > As someone else mentioned, I'll look at ip-up and ip-down. That's > > probably the place to add and remove routes. > > > > Personally, I have not setup poptop with a network design such as what you > have described. If I was in your shoes though, I would probably take the > following approach: > > Using ip-up/ip-down scripts, limit/grant access a PPTP client has by using > ipchains. i.e. > > If your default policy is set to ACCEPT > ipchains -A forward -s $pptp_host -d $restricted_subnet -j REJECT > > or... If your default policy is set to DENY > > ipchains -A forward -s $pptp_host -d $valid_subnet -j ACCEPT > > In other words, take the least path of resistance based on your default > policy. > > Just a thought, another approach could be by interface: > > ipchains -A input -i ppp+ -j ACCEPT > ipchains -A output -i ppp+ -j ACCEPT > > or... > > ipchains -A input -i ppp+ -j DENY > ipchains -A output -i ppp+ -j DENY > > Although the following does not specifically apply to PPTP... I also use > IPSEC for some of my W2K road warriors. IPSEC's equivalent to ip-up/ip-down > allows you to pass variables to a script to be processed after the tunnel is > brought up. Obviously my network design and security requirements are > different than yours, but this should give you some ideas on how to proceed > using PPTP. If I had additional networks to open/restrict, I would place the > appropriate commands here. > > ---- cut/paste from ipsec's updown script ------ > uproute() { > route add -net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK \ > dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP > } > downroute() { > route del -net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK \ > dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP > } > > up-client) > ipchains -I forward -j ACCEPT -b \ > -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ > -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK > ;; > down-client) > ipchains -D forward -j ACCEPT -b \ > -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ > -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jburford at xsilogy.com Sat Jan 20 13:49:59 2001 From: jburford at xsilogy.com (Jon Burford) Date: Sat, 20 Jan 2001 11:49:59 -0800 Subject: [pptp-server] LCP terminated by peer w/ encryption enabled (MPPE patches applied to pppd) Message-ID: <001001c0831a$2c3d3110$9900010a@jburford2000> I have obtained and installed the pptpd-1.0.1-1 rpm and have tried both ppp-2.3.10 and ppp-2.3.11 (patched with the MPPE patches) on a freshly installed Red Hat 6.2 box. When I connect from win2000 and win98 clients WITHOUT encryption, everything works fine. When I specify ONLY mppe-128 in options.pptp, I get (on win2000) "Error 742: The remote computer does not support the required data encryption type". This makes sense to me, so I try mppe-40. When I specify ONLY mppe-40 in options.pptp, I get (on win2000) "Error 619: The specified port is not connected". So it looks like the pppd patch has worked to some extent (with mppe-128 win2000 says "encryption not supported" and with mppe-40 win2000 says "port is not connected"). As recommended by the pppd man page, I decided to put all mppe specifiers in my options.pptp, and I still get "port not connected" with a corresponding "LCP terminated by peer" in syslog. My /etc/pptpd.conf looks like this: option /etc/ppp/options.pptp debug localip 10.1.0.103 remoteip 10.3.0.29 pidfile /var/run/pptpd.pid My /etc/ppp/options.pptpd looks like this: lock debug auth proxyarp +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless I started up pptpd and attempt to connect from both win2000 and win98 clients and I get the same output in syslog: Jan 20 11:18:17 localhost pptpd[8113]: MGR: No free connection slots or IPs - no more clients can connect! Jan 20 11:18:17 localhost pptpd[8358]: CTRL: Client 10.1.0.153 control connection started Jan 20 11:18:19 localhost pptpd[8358]: CTRL: Starting call (launching pppd, opening GRE) Jan 20 11:18:19 localhost modprobe: modprobe: Can't locate module char-major-108 Jan 20 11:18:19 localhost pppd[8359]: pppd 2.3.10 started by root, uid 0 Jan 20 11:18:19 localhost pppd[8359]: Using interface ppp0 Jan 20 11:18:19 localhost pppd[8359]: Connect: ppp0 <--> /dev/pts/2 Jan 20 11:18:19 localhost pptpd[8358]: GRE: Discarding duplicate packet Jan 20 11:18:21 localhost pptpd[8358]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jan 20 11:18:21 localhost pppd[8359]: MSCHAP-v2 peer authentication succeeded for jburford Jan 20 11:18:21 localhost modprobe: modprobe: Can't locate module ppp-compress-18 Jan 20 11:18:21 localhost pppd[8359]: Cannot determine ethernet address for proxy ARP Jan 20 11:18:21 localhost pppd[8359]: local IP address 10.1.0.103 Jan 20 11:18:21 localhost pppd[8359]: remote IP address 10.3.0.29 Jan 20 11:18:27 localhost pptpd[8358]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jan 20 11:18:27 localhost pppd[8359]: LCP terminated by peer (^@M-^[rx^@ References: <001001c0831a$2c3d3110$9900010a@jburford2000> Message-ID: <20010120205533.60F7815C5F@i3.golden.dom> On Sat, 20 Jan 2001 11:49:59 -0800, you wrote: >installed Red Hat 6.2 box. When I connect from win2000 and win98 clients >WITHOUT encryption, everything works fine. When I specify ONLY mppe-128 in >options.pptp, I get (on win2000) "Error 742: The remote computer does not >support the required data encryption type". This makes sense to me, so I >try mppe-40. When I specify ONLY mppe-40 in options.pptp, I get (on >win2000) "Error 619: The specified port is not connected". So it looks like >Jan 20 11:18:19 localhost modprobe: modprobe: Can't locate module >char-major-108 >Jan 20 11:18:21 localhost modprobe: modprobe: Can't locate module >ppp-compress-18 >Having read through the RedHat and generic FAQ, I am a little confused. It >does not seem to me that there is a ppp_mppe module anymore since the mppe >patches for pppd appear to obsolete the module. The patches patch pppd, which then patches the kernel. So you do use the ppp_mppe module $ lsmod|grep ppp ppp_deflate 40484 0 (autoclean) ppp_mppe 13584 0 (autoclean) ppp 20012 0 (autoclean) [ppp_deflate ppp_mppe bsd_comp] slhc 4328 0 (autoclean) [ppp] > termination because of the modprobe errors >(char-major and compress-18)? I am able to turn off compression on win2000 alias ppp-compress-18 ppp_mppe <=== alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate #alias char-major-108 ppp_generic this is for kernel 2.4.x alias char-major-108 off <=== >not module-related. However, whatever I try, I am unable to get any windows >box to connect when encryption is enabled. I was also unable to search the I think this is because it cannot load ppp_mppe since your modules.conf lacks the alias. -- giulioo at pobox.com From jburford at xsilogy.com Sat Jan 20 16:46:04 2001 From: jburford at xsilogy.com (Jon Burford) Date: Sat, 20 Jan 2001 14:46:04 -0800 Subject: [pptp-server] LCP terminated by peer w/ encryption enabled (MPPE patches applied to pppd) References: <001001c0831a$2c3d3110$9900010a@jburford2000> <20010120205533.60F7815C5F@i3.golden.dom> Message-ID: <007701c08332$c54c2880$9900010a@jburford2000> Yep, the kernel module WAS necessary. I missed some of the docs, but there was a little manual config required when using openssl-0.9.6 that was not documented. Things are working with 2.2.14 w/ mppe-40 (stateless) now, but I got this error when I tried a patched 2.4.0 kernel with ppp-2.3.10: GRE: bad checksum from pppd Is there a known incompatibility between kernel 2.4.0 and ppp-2.3.10? I also noticed that mppe-128 does not seem to be supported by default on win2000. Does anyone know what is required for this? Also, did anyone notice that the ppp-2.3.11 patch does not apply cleanly with patch -p1? Because of this, I used the ppp-2.3.10 patch. Cheers! Jon ----- Original Message ----- From: "Giulio Orsero" To: Sent: Saturday, January 20, 2001 12:53 PM Subject: Re: [pptp-server] LCP terminated by peer w/ encryption enabled (MPPE patches applied to pppd) > On Sat, 20 Jan 2001 11:49:59 -0800, you wrote: > > >installed Red Hat 6.2 box. When I connect from win2000 and win98 clients > >WITHOUT encryption, everything works fine. When I specify ONLY mppe-128 in > >options.pptp, I get (on win2000) "Error 742: The remote computer does not > >support the required data encryption type". This makes sense to me, so I > >try mppe-40. When I specify ONLY mppe-40 in options.pptp, I get (on > >win2000) "Error 619: The specified port is not connected". So it looks like > > >Jan 20 11:18:19 localhost modprobe: modprobe: Can't locate module > >char-major-108 > >Jan 20 11:18:21 localhost modprobe: modprobe: Can't locate module > >ppp-compress-18 > > >Having read through the RedHat and generic FAQ, I am a little confused. It > >does not seem to me that there is a ppp_mppe module anymore since the mppe > >patches for pppd appear to obsolete the module. > The patches patch pppd, which then patches the kernel. So you do use the > ppp_mppe module > $ lsmod|grep ppp > ppp_deflate 40484 0 (autoclean) > ppp_mppe 13584 0 (autoclean) > ppp 20012 0 (autoclean) [ppp_deflate ppp_mppe bsd_comp] > slhc 4328 0 (autoclean) [ppp] > > > > termination because of the modprobe errors > >(char-major and compress-18)? I am able to turn off compression on win2000 > > alias ppp-compress-18 ppp_mppe <=== > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > #alias char-major-108 ppp_generic this is for kernel 2.4.x > alias char-major-108 off <=== > > >not module-related. However, whatever I try, I am unable to get any windows > >box to connect when encryption is enabled. I was also unable to search the > I think this is because it cannot load ppp_mppe since your modules.conf > lacks the alias. > > -- > giulioo at pobox.com > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From giulioo at pobox.com Sun Jan 21 07:09:36 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Sun, 21 Jan 2001 14:09:36 +0100 Subject: [pptp-server] LCP terminated by peer w/ encryption enabled (MPPE patches applied to pppd) In-Reply-To: <007701c08332$c54c2880$9900010a@jburford2000> References: <001001c0831a$2c3d3110$9900010a@jburford2000> <20010120205533.60F7815C5F@i3.golden.dom> <007701c08332$c54c2880$9900010a@jburford2000> Message-ID: <20010121131114.A552115C5F@i3.golden.dom> On Sat, 20 Jan 2001 14:46:04 -0800, you wrote: >documented. Things are working with 2.2.14 w/ mppe-40 (stateless) now, but >I got this error when I tried a patched 2.4.0 kernel with ppp-2.3.10: >GRE: bad checksum from pppd >Is there a known incompatibility between kernel 2.4.0 and ppp-2.3.10? I think you need ppp-2.4.x and mppe patches for ppp-2.4.x (I think they don't exist right now). Never tried myself. >I also noticed that mppe-128 does not seem to be supported by default on >win2000. Does anyone know what is required for this? From mward at gwtr.com Sun Jan 21 19:28:32 2001 From: mward at gwtr.com (Michael Ward) Date: Sun, 21 Jan 2001 18:28:32 -0700 Subject: [pptp-server] Can't Ping a Thing Message-ID: Hey all - I installed redhat linux 7 last week for the first time. Until now I've only known windows. I'm the IT Manager for a company in Golden, CO and want to do vpn on a linux box instead of microsoft. I have searched archives of this mailing list and found several suggestions for fixing the problem I'm having.... Call me a little slow, but it ain't workin'! (more accurately, I'm not workin' it.) I've got pptp setup and working (I can connect with win98 clients) and have not setup encryption yet in an effort to keep it simple while I try to get basic functionality. I have setup Samba and have it running (though I'm not sure if it's required, different sources have pointed me in different directions). Samba is aware of my WINS server on my internal network (how cool is that? I bow down to Samba) I just read the ipchains how to. I've tried specifically allowing forwarding with a rule pulled from the PoPToP faq. The Problem (note capital P): I can not see (browse nor ping) from a connected win98 client *anything* on my network. I have a connection but can't play. Where's the fun? Questions: 1. What is the total equation to make this whole deal work (clients should be able to browse to resources on internal servers)? i.e. Is it pptpd + samba + ipchains? If these three are configured correctly am I set? Is there another piece of the puzzle? I've read about and tried messing around with default routes/routing tables to no avail. What's the skinny on the 'ideal setup', the basics that have to be there? 2. *If* I leave ipchains with *no rules* set up at all, the default policy (confirmed with ./ipchains -L) for all rules is ACCEPT. Should my box be forwarding all packets in this scenario? It doesn't, nor can I get it to forward packets to the private network by using rules pulled from the poptop faq. 3. Any specifics in implementing the 'ideal setup' are greatly appreciated. Anyone feeling really generous is invited to give my dumb ass a call. I'm sure I could learn a great deal in a few minutes of brain picking. Thank you all for your help (couldn't have gotten this far in a week without it). Michael Ward mward at gwtr.com (303) 215-1100 (m-f 9-5 mst) From klumpba at hotmail.com Mon Jan 22 20:08:13 2001 From: klumpba at hotmail.com (Brian Klump) Date: Mon, 22 Jan 2001 20:08:13 Subject: [pptp-server] Strange Behaviour Message-ID: Hi all... I've been running PoPToP for about 6 months now. It's installed on a RH 6.3 box and I'm using version 1.1.2. It's residing on a private network behind a Linux firewall/gateway/maw machine. Everything has been working great lately...however, all of a sudden Windows2000 clients seem to have problems connecting. I constantly get error 619, even when I'm connected directly to the internet using my cable modem at home. Also error 789 is showing up on some machines. Everything is still working great for people with Win98 boxes though. I was just wondering if anyone else has experienced similar problems...none of the network configurations were changed on the machines that we're aware of, including the W2K boxes. I have a hard time believing that this would just mystically happen, but I can't seem to find the real problem (and hence the solution). any help would be greatly appreciated! -Brian _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com From ismandya at sains.com.my Tue Jan 23 02:25:18 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Tue, 23 Jan 2001 16:25:18 +0800 Subject: [pptp-server] LCP timeout- I AM NOT BEHIND ANY FIREWALL Message-ID: <3A6D3FEE.36797D50@sains.com.my> hi people, this is such a big problem. I have been with this problems since last week, and I decided to post this problem to the list. When I tried to connect, my winblows gave me "error 645 Dial-Up Networking could not complete the connection to the server. Check your configuration and try the connection again.". ANY EXPERT?? This is my configuration: PPTP client: win98 se using dialup of course PPTP server using two NIC eth0 is with internet IP address: 202.18*.XXX.XXX eth1 is 10.1.8.77 and the pptpd is starting as /sbin/pptpd -d /etc/ppp/options.pptp debug name kgsnt3 auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/ppp/chap-secrets billy * secret 10.1.8.78 and this is my log: Jan 22 15:18:08 kgsnt3 pptpd[779]: CTRL: Starting call (launching pppd, opening GRE) Jan 22 15:18:08 kgsnt3 kernel: CSLIP: code copyright 1989 Regents of the University of California Jan 22 15:18:08 kgsnt3 kernel: PPP: version 2.3.11 (demand dialling) Jan 22 15:18:08 kgsnt3 kernel: PPP line discipline registered. Jan 22 15:18:08 kgsnt3 kernel: registered device ppp0 Jan 22 15:18:08 kgsnt3 pppd[780]: pppd 2.3.11 started by root, uid 0 Jan 22 15:18:08 kgsnt3 pppd[780]: Using interface ppp0 Jan 22 15:18:08 kgsnt3 pppd[780]: Connect: ppp0 <--> /dev/pts/1 Jan 22 15:18:38 kgsnt3 pppd[780]: LCP: timeout sending Config-Requests Jan 22 15:18:38 kgsnt3 pppd[780]: Connection terminated. Jan 22 15:18:38 kgsnt3 pppd[780]: Exit. Jan 22 15:18:38 kgsnt3 pptpd[779]: Error reading from pppd: Input/output error Jan 22 15:18:38 kgsnt3 pptpd[779]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) From vvvw at mail.ru Tue Jan 23 06:56:59 2001 From: vvvw at mail.ru (Vovka V. Viatkine) Date: Tue, 23 Jan 2001 15:56:59 +0300 Subject: [pptp-server] (no subject) Message-ID: <000c01c0853b$fab98200$c301a8c0@incomsvyaz.ru> hello .. I'm trying to connect to PPTP server thru NAT. But receive Error 650 on windows client with any kind of NAT. Must i turn smthing on on server side ? Vladimir -------------- next part -------------- An HTML attachment was scrubbed... URL: From chuddles at coin.org Tue Jan 23 09:39:16 2001 From: chuddles at coin.org (chuddles at coin.org) Date: Tue, 23 Jan 2001 09:39:16 -0600 (CST) Subject: [pptp-server] Can't Ping a Thing In-Reply-To: References: Message-ID: <980264356.3a6da5a4b4ac2@c104343-a.clmba1.mo.home.com> I've see a few questions come across this list lately similar to this one, where the client can't ping (telnet, ftp, etc) anything on the server's LAN. I'm experiencing this myself and am still waiting for someone to give a good answer here on the list. Are you guys still having this problem? Are people responding to you privately? Could one of the PPTP gurus maybe give a quick summary (or point to one on the Net) of the internals that happen when a client connects to the server, such as what proxyarp does, how a packet gets from a client to a host on the server LAN, etc. I know I need to read up on how PPP works, but a 'crash-course' on it would be awesome. This is such a great product for a simple yet effective VPN. Thanks, Chris Quoting Michael Ward : > Hey all - > I installed redhat linux 7 last week for the first time. Until now I've > only known windows. I'm the IT Manager for a company in Golden, CO and > want > to do vpn on a linux box instead of microsoft. > > I have searched archives of this mailing list and found several > suggestions > for fixing the problem I'm having.... Call me a little slow, but it > ain't > workin'! (more accurately, I'm not workin' it.) > > I've got pptp setup and working (I can connect with win98 clients) and > have > not setup encryption yet in an effort to keep it simple while I try to > get > basic functionality. > > I have setup Samba and have it running (though I'm not sure if it's > required, different sources have pointed me in different directions). > Samba > is aware of my WINS server on my internal network (how cool is that? I > bow > down to Samba) > > I just read the ipchains how to. I've tried specifically allowing > forwarding with a rule pulled from the PoPToP faq. > > The Problem (note capital P): I can not see (browse nor ping) from a > connected win98 client *anything* on my network. I have a connection > but > can't play. Where's the fun? > > Questions: > 1. What is the total equation to make this whole deal work (clients > should > be able to browse to resources on internal servers)? i.e. Is it pptpd + > samba + ipchains? If these three are configured correctly am I set? Is > there another piece of the puzzle? I've read about and tried messing > around > with default routes/routing tables to no avail. What's the skinny on > the > 'ideal setup', the basics that have to be there? > > 2. *If* I leave ipchains with *no rules* set up at all, the default > policy > (confirmed with ./ipchains -L) for all rules is ACCEPT. Should my box > be > forwarding all packets in this scenario? It doesn't, nor can I get it > to > forward packets to the private network by using rules pulled from the > poptop > faq. > > 3. Any specifics in implementing the 'ideal setup' are greatly > appreciated. > > Anyone feeling really generous is invited to give my dumb ass a call. > I'm > sure I could learn a great deal in a few minutes of brain picking. > > Thank you all for your help (couldn't have gotten this far in a week > without > it). > > Michael Ward > mward at gwtr.com > (303) 215-1100 (m-f 9-5 mst) > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From beto at wavemail.com.br Tue Jan 23 11:21:43 2001 From: beto at wavemail.com.br (Angilberto Muniz Sb) Date: Tue, 23 Jan 2001 13:21:43 -0400 Subject: [pptp-server] Can't Ping a Thing References: <980264356.3a6da5a4b4ac2@c104343-a.clmba1.mo.home.com> Message-ID: <007601c08560$f7970c80$4a31f2c8@wavetelecom.com.br> I would guess that you have created a win98 dialup entry end let win98 adjust it by itself -- as default, win98 sets up a default gateway directed to the link. Try 'unclick' the "use the remote gateway" options on the Propriety section of the VPN dialup entry... Berto. ----- Original Message ----- From: To: Sent: Tuesday, January 23, 2001 11:39 AM Subject: Re: [pptp-server] Can't Ping a Thing > I've see a few questions come across this list lately similar to this one, > where the client can't ping (telnet, ftp, etc) anything on the server's LAN. > I'm experiencing this myself and am still waiting for someone to give a good > answer here on the list. Are you guys still having this problem? Are people > responding to you privately? > > Could one of the PPTP gurus maybe give a quick summary (or point to one on the > Net) of the internals that happen when a client connects to the server, such > as what proxyarp does, how a packet gets from a client to a host on the server > LAN, etc. I know I need to read up on how PPP works, but a 'crash-course' on > it would be awesome. This is such a great product for a simple yet effective > VPN. > > Thanks, > Chris > > > Quoting Michael Ward : > > > Hey all - > > I installed redhat linux 7 last week for the first time. Until now I've > > only known windows. I'm the IT Manager for a company in Golden, CO and > > want > > to do vpn on a linux box instead of microsoft. > > > > I have searched archives of this mailing list and found several > > suggestions > > for fixing the problem I'm having.... Call me a little slow, but it > > ain't > > workin'! (more accurately, I'm not workin' it.) > > > > I've got pptp setup and working (I can connect with win98 clients) and > > have > > not setup encryption yet in an effort to keep it simple while I try to > > get > > basic functionality. > > > > I have setup Samba and have it running (though I'm not sure if it's > > required, different sources have pointed me in different directions). > > Samba > > is aware of my WINS server on my internal network (how cool is that? I > > bow > > down to Samba) > > > > I just read the ipchains how to. I've tried specifically allowing > > forwarding with a rule pulled from the PoPToP faq. > > > > The Problem (note capital P): I can not see (browse nor ping) from a > > connected win98 client *anything* on my network. I have a connection > > but > > can't play. Where's the fun? > > > > Questions: > > 1. What is the total equation to make this whole deal work (clients > > should > > be able to browse to resources on internal servers)? i.e. Is it pptpd + > > samba + ipchains? If these three are configured correctly am I set? Is > > there another piece of the puzzle? I've read about and tried messing > > around > > with default routes/routing tables to no avail. What's the skinny on > > the > > 'ideal setup', the basics that have to be there? > > > > 2. *If* I leave ipchains with *no rules* set up at all, the default > > policy > > (confirmed with ./ipchains -L) for all rules is ACCEPT. Should my box > > be > > forwarding all packets in this scenario? It doesn't, nor can I get it > > to > > forward packets to the private network by using rules pulled from the > > poptop > > faq. > > > > 3. Any specifics in implementing the 'ideal setup' are greatly > > appreciated. > > > > Anyone feeling really generous is invited to give my dumb ass a call. > > I'm > > sure I could learn a great deal in a few minutes of brain picking. > > > > Thank you all for your help (couldn't have gotten this far in a week > > without > > it). > > > > Michael Ward > > mward at gwtr.com > > (303) 215-1100 (m-f 9-5 mst) > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From sclarke at neptune.tzo.cc Tue Jan 23 11:48:20 2001 From: sclarke at neptune.tzo.cc (Sean Clarke) Date: Tue, 23 Jan 2001 09:48:20 -0800 (PST) Subject: [pptp-server] LCP timeout- I AM NOT BEHIND ANY FIREWALL In-Reply-To: <3A6D3FEE.36797D50@sains.com.my> Message-ID: apply the proper patch for you kernel and recompile and it will work. I was stumped on this for quite sometime myself. On Tue, 23 Jan 2001, Ismandy Ali wrote: > hi people, > this is such a big problem. I have been with this problems since > last week, and I decided to post this problem to the list. When I tried > to connect, my winblows gave me "error 645 Dial-Up Networking could > not complete the connection to the server. > Check your configuration and try the connection again.". ANY EXPERT?? > > This is my configuration: > > PPTP client: > win98 se using dialup of course > > PPTP server > using two NIC > eth0 is with internet IP address: 202.18*.XXX.XXX > eth1 is 10.1.8.77 > and the pptpd is starting as /sbin/pptpd -d > > /etc/ppp/options.pptp > debug > name kgsnt3 > auth > require-chap > proxyarp > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > /etc/ppp/chap-secrets > billy * secret 10.1.8.78 > > and this is my log: > Jan 22 15:18:08 kgsnt3 pptpd[779]: CTRL: Starting call (launching pppd, > opening GRE) > Jan 22 15:18:08 kgsnt3 kernel: CSLIP: code copyright 1989 Regents of the > > University of California > Jan 22 15:18:08 kgsnt3 kernel: PPP: version 2.3.11 (demand dialling) > Jan 22 15:18:08 kgsnt3 kernel: PPP line discipline registered. > Jan 22 15:18:08 kgsnt3 kernel: registered device ppp0 > Jan 22 15:18:08 kgsnt3 pppd[780]: pppd 2.3.11 started by root, uid 0 > Jan 22 15:18:08 kgsnt3 pppd[780]: Using interface ppp0 > Jan 22 15:18:08 kgsnt3 pppd[780]: Connect: ppp0 <--> /dev/pts/1 > Jan 22 15:18:38 kgsnt3 pppd[780]: LCP: timeout sending Config-Requests > Jan 22 15:18:38 kgsnt3 pppd[780]: Connection terminated. > Jan 22 15:18:38 kgsnt3 pppd[780]: Exit. > Jan 22 15:18:38 kgsnt3 pptpd[779]: Error reading from pppd: Input/output > error > Jan 22 15:18:38 kgsnt3 pptpd[779]: CTRL: GRE read or PTY write failed > (gre,pty)=(6,5) > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From chuddles at coin.org Tue Jan 23 12:05:46 2001 From: chuddles at coin.org (chuddles at coin.org) Date: Tue, 23 Jan 2001 12:05:46 -0600 (CST) Subject: [pptp-server] Can't Ping a Thing In-Reply-To: <007601c08560$f7970c80$4a31f2c8@wavetelecom.com.br> References: <980264356.3a6da5a4b4ac2@c104343-a.clmba1.mo.home.com> <007601c08560$f7970c80$4a31f2c8@wavetelecom.com.br> Message-ID: <980273146.3a6dc7fa1fbf0@c104343-a.clmba1.mo.home.com> Yeah, I noticed that having that enabled makes it the first default route (thus stopping flat any connections to the internet via the default route that goes out the ethernet port). My setup is: Win98 client <-> Linux/IPchains <-> Internet <-> Linux PPTP server <-> NT I can get a good PPTP connection, but it's that pesky 'ping' that won't work from Win98 client to NT .... It's supposed to work, right? Thanks, Chris Quoting Angilberto Muniz Sb : > I would guess that you have created a win98 dialup entry end let win98 > adjust it by itself -- as default, win98 sets up a default gateway > directed > to the link. > Try 'unclick' the "use the remote gateway" options on the Propriety > section > of the VPN dialup entry... > > Berto. > > ----- Original Message ----- > From: > To: > Sent: Tuesday, January 23, 2001 11:39 AM > Subject: Re: [pptp-server] Can't Ping a Thing > > > > I've see a few questions come across this list lately similar to this > one, > > where the client can't ping (telnet, ftp, etc) anything on the > server's > LAN. > > I'm experiencing this myself and am still waiting for someone to give > a > good > > answer here on the list. Are you guys still having this problem? Are > people > > responding to you privately? > > > > Could one of the PPTP gurus maybe give a quick summary (or point to > one on > the > > Net) of the internals that happen when a client connects to the > server, > such > > as what proxyarp does, how a packet gets from a client to a host on > the > server > > LAN, etc. I know I need to read up on how PPP works, but a > 'crash-course' > on > > it would be awesome. This is such a great product for a simple yet > effective > > VPN. > > > > Thanks, > > Chris > > > > > > Quoting Michael Ward : > > > > > Hey all - > > > I installed redhat linux 7 last week for the first time. Until now > I've > > > only known windows. I'm the IT Manager for a company in Golden, CO > and > > > want > > > to do vpn on a linux box instead of microsoft. > > > > > > I have searched archives of this mailing list and found several > > > suggestions > > > for fixing the problem I'm having.... Call me a little slow, but it > > > ain't > > > workin'! (more accurately, I'm not workin' it.) > > > > > > I've got pptp setup and working (I can connect with win98 clients) > and > > > have > > > not setup encryption yet in an effort to keep it simple while I try > to > > > get > > > basic functionality. > > > > > > I have setup Samba and have it running (though I'm not sure if it's > > > required, different sources have pointed me in different > directions). > > > Samba > > > is aware of my WINS server on my internal network (how cool is that? > I > > > bow > > > down to Samba) > > > > > > I just read the ipchains how to. I've tried specifically allowing > > > forwarding with a rule pulled from the PoPToP faq. > > > > > > The Problem (note capital P): I can not see (browse nor ping) from a > > > connected win98 client *anything* on my network. I have a > connection > > > but > > > can't play. Where's the fun? > > > > > > Questions: > > > 1. What is the total equation to make this whole deal work (clients > > > should > > > be able to browse to resources on internal servers)? i.e. Is it > pptpd + > > > samba + ipchains? If these three are configured correctly am I set? > Is > > > there another piece of the puzzle? I've read about and tried > messing > > > around > > > with default routes/routing tables to no avail. What's the skinny > on > > > the > > > 'ideal setup', the basics that have to be there? > > > > > > 2. *If* I leave ipchains with *no rules* set up at all, the default > > > policy > > > (confirmed with ./ipchains -L) for all rules is ACCEPT. Should my > box > > > be > > > forwarding all packets in this scenario? It doesn't, nor can I get > it > > > to > > > forward packets to the private network by using rules pulled from > the > > > poptop > > > faq. > > > > > > 3. Any specifics in implementing the 'ideal setup' are greatly > > > appreciated. > > > > > > Anyone feeling really generous is invited to give my dumb ass a > call. > > > I'm > > > sure I could learn a great deal in a few minutes of brain picking. > > > > > > Thank you all for your help (couldn't have gotten this far in a week > > > without > > > it). > > > > > > Michael Ward > > > mward at gwtr.com > > > (303) 215-1100 (m-f 9-5 mst) > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From vlast at eetc.com Tue Jan 23 12:32:50 2001 From: vlast at eetc.com (Vlad Strezhnev) Date: Tue, 23 Jan 2001 12:32:50 -0600 Subject: [pptp-server] Strange Behaviour Message-ID: <3A6D79F2.10733.139C2F@localhost> I start receiving error 619 when I upgraded to IE 5.5. And it is not only on W2K. The NT vpn client , which used to connect to PoPToP much faster and smoother then W2K and W98 start having the same problem. (There are something on the Microsoft Upgrade page about IE5.5 "enhancements" in Internet Connection Wizard..?) BTW the the removal of the IE5.5 from the upgraded workstation does not help. It all might be a coincidence but then again it might not... On 22 Jan 2001, at 20:08, Brian Klump wrote: > Hi all... > I've been running PoPToP for about 6 months now. It's installed on a RH > 6.3 box and I'm using version 1.1.2. It's residing on a private network > behind a Linux firewall/gateway/maw machine. Everything has been working > great lately...however, all of a sudden Windows2000 clients seem to have > problems connecting. I constantly get error 619, even when I'm connected > directly to the internet using my cable modem at home. Also error 789 is > showing up on some machines. Everything is still working great for people > with Win98 boxes though. I was just wondering if anyone else has > experienced similar problems...none of the network configurations were > changed on the machines that we're aware of, including the W2K boxes. I > have a hard time believing that this would just mystically happen, but I > can't seem to find the real problem (and hence the solution). any help > would be greatly appreciated! > > -Brian > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! ------- End of forwarded message ------- VLAD STREZHNEV System Engineer, IndiVisual Learning, Inc. 23 Empire Drive St. Paul, MN 55103 Ph: 888-249-2086 Fx: 651-602-3119 From vlast at eetc.com Tue Jan 23 13:09:20 2001 From: vlast at eetc.com (Vlad Strezhnev) Date: Tue, 23 Jan 2001 13:09:20 -0600 Subject: [pptp-server] Strange Behaviour Message-ID: <3A6D8280.25863.35079D@localhost> Forgot to mention that in my case it is DSL through Cisco 675 modem/router (with NAT and DHCP enabled) > constantly get error 619, even when I'm connected > directly to the internet using my cable modem at home. VLAD STREZHNEV System Engineer, IndiVisual Learning, Inc. 23 Empire Drive St. Paul, MN 55103 Ph: 888-249-2086 Fx: 651-602-3119 From gkopp at gregkopp.com Tue Jan 23 13:10:44 2001 From: gkopp at gregkopp.com (Greg Kopp) Date: Tue, 23 Jan 2001 14:10:44 -0500 Subject: [pptp-server] Newbie Help with PPTP and win2k client Message-ID: I have a win2k client setup to make a PPTP connection to PoPToP v. 1.0.1 with PPP version 2.3.11 on a redhat 7.0 installation. When I try and make a connection, it fails "The PPP link protocol has been terminated." Here is and exerpt my /var/log/messages file. Can someone help this newbie debug it? Sep 17 12:51:59 paris pptpd[8163]: CTRL: Client 207.206.15.108 control connection started Sep 17 12:51:59 paris pptpd[8163]: CTRL: Starting call (launching pppd, opening GRE) Sep 17 12:51:59 paris kernel: CSLIP: code copyright 1989 Regents of the University of California Sep 17 12:51:59 paris kernel: PPP: version 2.3.7 (demand dialling) Sep 17 12:51:59 paris kernel: PPP line discipline registered. Sep 17 12:51:59 paris insmod: Note: /etc/modules.conf is more recent than /lib/modules/2.2.16-22/modules.dep Sep 17 12:51:59 paris kernel: registered device ppp0 Sep 17 12:51:59 paris pppd[8164]: pppd 2.3.11 started by root, uid 0 Sep 17 12:51:59 paris pppd[8164]: Using interface ppp0 Sep 17 12:51:59 paris pppd[8164]: Connect: ppp0 <--> /dev/pts/2 Sep 17 12:51:59 paris pptpd[8163]: GRE: Discarding duplicate packet Sep 17 12:52:01 paris pppd[8164]: peer refused to authenticate: terminating link Sep 17 12:52:01 paris pptpd[8163]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Sep 17 12:52:01 paris pptpd[8163]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Sep 17 12:52:01 paris pptpd[8163]: CTRL: Error with select(), quitting Sep 17 12:52:01 paris pptpd[8163]: CTRL: Client 207.206.15.108 control connection finished Sep 17 12:52:01 paris pppd[8164]: Connection terminated. Sep 17 12:52:01 paris pppd[8164]: tcflush failed: Input/output error Sep 17 12:52:01 paris pppd[8164]: Exit. Here's a tcpdump of the interface: [root at paris /root]# tcpdump -i eth1 -n proto 47 or port 1723 Kernel filter, protocol ALL, datagram packet socket tcpdump: listening on eth1 12:51:59.708073 < 207.206.15.108.1250 > 207.206.15.134.1723: S 3978705535:3978705535(0) win 16384 (DF) 12:51:59.708768 < 207.206.15.108.1250 > 207.206.15.134.1723: . 3978705536:3978705536(0) ack 2538281226 win 17520 (DF) 12:51:59.709013 < 207.206.15.108.1250 > 207.206.15.134.1723: P 0:156(156) ack 1 win 17520 (DF) 12:51:59.728378 < 207.206.15.108.1250 > 207.206.15.134.1723: P 156:324(168) ack 157 win 17364 (DF) 12:51:59.755097 < 207.206.15.108.1250 > 207.206.15.134.1723: P 324:348(24) ack 189 win 17332 (DF) 12:51:59.761680 < gre-proto-0x880B (gre encap) 12:51:59.901262 < gre-proto-0x880B (gre encap) 12:51:59.903728 < gre-proto-0x880B (gre encap) 12:52:01.773344 < gre-proto-0x880B (gre encap) 12:52:01.778422 < gre-proto-0x880B (gre encap) 12:52:01.781168 < 207.206.15.108.1250 > 207.206.15.134.1723: P 348:372(24) ack 189 win 17332 (DF) 12:52:01.784329 < gre-proto-0x880B (gre encap) 12:52:01.785509 < gre-proto-0x880B (gre encap) 12:52:01.785592 < gre-proto-0x880B (gre encap) 12:52:01.785683 < gre-proto-0x880B (gre encap) 12:52:01.790427 < gre-proto-0x880B (gre encap) 12:52:01.795926 < 207.206.15.108.1250 > 207.206.15.134.1723: P 372:396(24) ack 189 win 17332 (DF) 12:52:01.816616 < 207.206.15.108.1250 > 207.206.15.134.1723: P 396:412(16) ack 189 win 17332 (DF) 12:52:01.872274 < 207.206.15.108.1250 > 207.206.15.134.1723: P 412:428(16) ack 337 win 17184 (DF) From gkopp at gregkopp.com Tue Jan 23 13:12:33 2001 From: gkopp at gregkopp.com (Greg Kopp) Date: Tue, 23 Jan 2001 14:12:33 -0500 Subject: [pptp-server] Can Listen IP be on one iface and LAN be on another Message-ID: Can I install two ethernet cards in a PoPToP server, one connected to the internet (eth1) listening for connections, and the other connected to my LAN (eth0). So that when a connection is established on eth1, it is establishing a VPN to eth0? Greg From Steve at SteveCowles.com Tue Jan 23 17:24:32 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 23 Jan 2001 17:24:32 -0600 Subject: [pptp-server] Can't Ping a Thing Message-ID: <90769AF04F76D41186C700A0C90AFC3EE610@defiant.infohiiway.com> > -----Original Message----- > From: chuddles at coin.org [mailto:chuddles at coin.org] > Sent: Tuesday, January 23, 2001 9:39 AM > To: 'pptp-server at lists.schulte.org' > Subject: Re: [pptp-server] Can't Ping a Thing > > > I've see a few questions come across this list lately similar > to this one, where the client can't ping (telnet, ftp, etc) > anything on the server's LAN. I'm experiencing this myself and > am still waiting for someone to give a good answer here on the > list. Are you guys still having this problem? Are people > responding to you privately? > > Could one of the PPTP gurus maybe give a quick summary (or > point to one on the Net) of the internals that happen when > a client connects to the server, such as what proxyarp does, > how a packet gets from a client to a host on the server > LAN, etc. I know I need to read up on how PPP works, but a > 'crash-course' on it would be awesome. This is such a great > product for a simple yet effective > VPN. > > Thanks, > Chris > In order for any remote PPTP client to be able to ping any desktop PC or server on your LAN (really vice-versa)... your PPTP server's LAN Ethernet interface *MUST* be known as the proxy arp for your PPTP connection. If you do not see the following entry in your /var/log/messages file after you establish your PPTP VPN, you can forget about ever going any further then your PPTP server from the remote PPTP client. (see below) Jan 17 17:45:03 voyager pppd[14500]: found interface eth0 for proxy arp Without going into the OSI network model and how a TCP connection is actually established, a proxyarp tells your PPTP servers interface (eth0 in this case) to answer arp requests on behalf of your PPTP client from other Desktop/Servers on your LAN. ----------------------------------------------------- Lets say that you have the following LAN design: 192.168.1.0/24 - Network address 192.168.1.1-254 - Addressable IP's for the above network address. 192.168.1.255 - Broadcast Address for the above LAN address. Your PPTP servers IP address is: 192.168.1.1 = eth0 You also have a server on the LAN that has an address of: 192.168.1.100 You then establish a PPTP connection into your PPTP server from a remote site and are given the following IP addresses: local IP = 192.168.1.20 (ppp0) remote IP = 192.168.1.200 Then, from the remote PPTP client, you try and ping the server at 192.168.1.100.. What basically happens is: 1) The remote PPTP client encapsulates an ICMP echo-request packet (ping) with a destination address of 192.168.1.100 and forwards this across the VPN. 2) Your PPTP server receives this encapsulated packet at 192.168.1.20 (ppp0) and then de-encapsulates it so that it can be properly routed using TCP/IP. 3) Based on your PPTP servers TCP/IP routing tables (netmask), it determines that 192.168.1.100 can be reached through the eth0 interface and forwards the packet from ppp0 to eth0. Now, one of two things can happen: If your PPTP servers TCP/IP stack already contains an "arp" entry (MAC address) for 192.168.1.100... 4) Your PPTP servers TCP/IP stack will then route this packet to 192.168.1.100 (really its MAC address) via eth0. If your PPTP servers TCP/IP stack does NOT contain an "arp" entry (MAC address) for 192.168.1.100... 4a) It will first issue an arp request (on eth0) asking "Who has 192.168.1.100" 4b) If all is well, 192.168.1.100 will respond to the arp request generated in step 4a by saying... "192.168.1.100 can be reached at this MAC address" 4c) After receiving the arp reply from 192.168.1.100, your PPTP servers TCP/IP stack will then route this packet to 192.168.1.100 (really its MAC address) via eth0. Whew!!! The ICMP echo-request (ping) has made it from 192.168.1.200 to 192.168.1.100. Now, 192.168.1.100 must reply to the ICMP echo-request by sending an ICMP echo-reply back to 192.168.1.200. Basically, the same steps occur as listed above, but only in reverse. Again, for the reply, one of two things can happen for step 1: If the server at 192.168.1.100 TCP/IP stack already contains an "arp" entry (MAC address) for 192.168.1.200 (the PPTP client)... 1) It will send the ICMP echo-reply packet directly to the PPTP servers eth0 interface (192.168.1.1). If the server at 192.168.1.100 TCP/IP stack does not contain an "arp" entry (MAC address) for 192.168.1.200 (the PPTP client)... This is where the proxy arp comes in. 1a) It will first issue an arp request asking "Who has 192.168.1.200" 1b) Since the PPTP servers eth0 interface is acting as a proxy for arp requests on behalf of the PPTP client, it will respond to the arp request generated in step 1a by saying... "192.168.1.200 can be reached through 192.168.1.1 MAC address" 1c) After receiving the arp reply from 192.168.1.1, the server at 192.168.1.100 TCP/IP stack will then route this packet to 192.168.1.1 (really its MAC address) 2) Once the PPTP server has received the packet from 192.168.1.100... it determines that 192.168.1.200 can be reached through the ppp0 interface (based on the routing tables) and forwards the packet from eth0 to ppp0. 3) Now the PPTP server encapsulates this packet and forwards (routes) it on to 192.168.1.200 (the PPTP client) 4) The remote PPTP client receives this encapsulated packet and then de-encapsulates it so that it can then be routed using TCP/IP. Thus completes our rather long journey. Obviously, an arp request does NOT say or contain data that says "I can be reached at" This was my choice of words that hopefully helped some of you understand basic TCPIP/PPP at a 30,000 foot level. Also note, that your PPTP server is in essence, a router. i.e. It is routing packets of data from ppp0 to eth0 and vice-versa. Thus, you will need to insure that your ipchain "forward" rules allow data that is received in ppp0 or eth0 to be forwarded (routed). Thats another topic, but is also critical in getting "pings" to work if eth0 is properly acting as a proxyarp. Steve Cowles From chuddles at coin.org Tue Jan 23 18:37:11 2001 From: chuddles at coin.org (chuddles at coin.org) Date: Tue, 23 Jan 2001 18:37:11 -0600 (CST) Subject: [pptp-server] Can't Ping a Thing In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE610@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EE610@defiant.infohiiway.com> Message-ID: <980296631.3a6e23b7cd15e@c104343-a.clmba1.mo.home.com> Thanks very much, Steve! I think this is quality material that should go straight to the FAQ. Thanks for taking the time to write it out for us all. I'll be looking at arp tables and LAN IP traffic to see if I can get it to behave this way, as well as checking out the ipchains rules again. -Chris Quoting "Cowles, Steve" : > > -----Original Message----- > > From: chuddles at coin.org [mailto:chuddles at coin.org] > > Sent: Tuesday, January 23, 2001 9:39 AM > > To: 'pptp-server at lists.schulte.org' > > Subject: Re: [pptp-server] Can't Ping a Thing > > > > > > I've see a few questions come across this list lately similar > > to this one, where the client can't ping (telnet, ftp, etc) > > anything on the server's LAN. I'm experiencing this myself and > > am still waiting for someone to give a good answer here on the > > list. Are you guys still having this problem? Are people > > responding to you privately? > > > > Could one of the PPTP gurus maybe give a quick summary (or > > point to one on the Net) of the internals that happen when > > a client connects to the server, such as what proxyarp does, > > how a packet gets from a client to a host on the server > > LAN, etc. I know I need to read up on how PPP works, but a > > 'crash-course' on it would be awesome. This is such a great > > product for a simple yet effective > > VPN. > > > > Thanks, > > Chris > > > > In order for any remote PPTP client to be able to ping any desktop PC or > server on your LAN (really vice-versa)... your PPTP server's LAN > Ethernet > interface *MUST* be known as the proxy arp for your PPTP connection. > If you do not see the following entry in your /var/log/messages > file after you establish your PPTP VPN, you can forget about ever going > any > further then your PPTP server from the remote PPTP client. (see below) > > Jan 17 17:45:03 voyager pppd[14500]: found interface eth0 for proxy arp > > Without going into the OSI network model and how a TCP connection is > actually established, a proxyarp tells your PPTP servers interface (eth0 > in > this case) to answer arp requests on behalf of your PPTP client from > other > Desktop/Servers on your LAN. > > ----------------------------------------------------- > Lets say that you have the following LAN design: > 192.168.1.0/24 - Network address > 192.168.1.1-254 - Addressable IP's for the above network address. > 192.168.1.255 - Broadcast Address for the above LAN address. > > Your PPTP servers IP address is: > 192.168.1.1 = eth0 > > You also have a server on the LAN that has an address of: > 192.168.1.100 > > You then establish a PPTP connection into your PPTP server from a remote > site and are given the following IP addresses: > local IP = 192.168.1.20 (ppp0) > remote IP = 192.168.1.200 > > Then, from the remote PPTP client, you try and ping the server at > 192.168.1.100.. > > What basically happens is: > 1) The remote PPTP client encapsulates an ICMP echo-request packet > (ping) > with a destination address of 192.168.1.100 and forwards this across the > VPN. > > 2) Your PPTP server receives this encapsulated packet at 192.168.1.20 > (ppp0) > and then de-encapsulates it so that it can be properly routed using > TCP/IP. > > 3) Based on your PPTP servers TCP/IP routing tables (netmask), it > determines > that 192.168.1.100 can be reached through the eth0 interface and > forwards > the packet from ppp0 to eth0. > > Now, one of two things can happen: > > If your PPTP servers TCP/IP stack already contains an "arp" entry (MAC > address) for 192.168.1.100... > > 4) Your PPTP servers TCP/IP stack will then route this packet to > 192.168.1.100 (really its MAC address) via eth0. > > If your PPTP servers TCP/IP stack does NOT contain an "arp" entry (MAC > address) for 192.168.1.100... > > 4a) It will first issue an arp request (on eth0) asking "Who has > 192.168.1.100" > 4b) If all is well, 192.168.1.100 will respond to the arp request > generated > in step 4a by saying... "192.168.1.100 can be reached at this MAC > address" > 4c) After receiving the arp reply from 192.168.1.100, your PPTP servers > TCP/IP stack will then route this packet to 192.168.1.100 (really its > MAC > address) via eth0. > > Whew!!! The ICMP echo-request (ping) has made it from 192.168.1.200 to > 192.168.1.100. Now, 192.168.1.100 must reply to the ICMP echo-request by > sending an ICMP echo-reply back to 192.168.1.200. Basically, the same > steps > occur as listed above, but only in reverse. > > Again, for the reply, one of two things can happen for step 1: > > If the server at 192.168.1.100 TCP/IP stack already contains an "arp" > entry > (MAC address) for 192.168.1.200 (the PPTP client)... > > 1) It will send the ICMP echo-reply packet directly to the PPTP servers > eth0 > interface (192.168.1.1). > > If the server at 192.168.1.100 TCP/IP stack does not contain an "arp" > entry > (MAC address) for 192.168.1.200 (the PPTP client)... This is where the > proxy > arp comes in. > > 1a) It will first issue an arp request asking "Who has 192.168.1.200" > 1b) Since the PPTP servers eth0 interface is acting as a proxy for arp > requests on behalf of the PPTP client, it will respond to the arp > request > generated in step 1a by saying... "192.168.1.200 can be reached through > 192.168.1.1 MAC address" > 1c) After receiving the arp reply from 192.168.1.1, the server at > 192.168.1.100 TCP/IP stack will then route this packet to 192.168.1.1 > (really its MAC address) > > 2) Once the PPTP server has received the packet from 192.168.1.100... it > determines that 192.168.1.200 can be reached through the ppp0 interface > (based on the routing tables) and forwards the packet from eth0 to ppp0. > > 3) Now the PPTP server encapsulates this packet and forwards (routes) it > on > to 192.168.1.200 (the PPTP client) > > 4) The remote PPTP client receives this encapsulated packet and then > de-encapsulates it so that it can then be routed using TCP/IP. > > Thus completes our rather long journey. > > Obviously, an arp request does NOT say or contain data that says "I can > be > reached at" This was my choice of words that hopefully helped some of > you > understand basic TCPIP/PPP at a 30,000 foot level. Also note, that your > PPTP > server is in essence, a router. i.e. It is routing packets of data from > ppp0 > to eth0 and vice-versa. Thus, you will need to insure that your ipchain > "forward" rules allow data that is received in ppp0 or eth0 to be > forwarded > (routed). Thats another topic, but is also critical in getting "pings" > to > work if eth0 is properly acting as a proxyarp. > > Steve Cowles > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From Steve at SteveCowles.com Tue Jan 23 23:40:34 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 23 Jan 2001 23:40:34 -0600 Subject: [pptp-server] Can Listen IP be on one iface and LAN be on ano ther Message-ID: <90769AF04F76D41186C700A0C90AFC3EE611@defiant.infohiiway.com> > -----Original Message----- > From: Greg Kopp [mailto:gkopp at gregkopp.com] > Sent: Tuesday, January 23, 2001 1:13 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Can Listen IP be on one iface and LAN be on > another > > > Can I install two ethernet cards in a PoPToP server, one > connected to the internet (eth1) listening for connections, > and the other connected to my LAN (eth0). So that when a > connection is established on eth1, it is establishing a VPN > to eth0? > The configuration you described (two Ethernet cards) is very common. So, the answer to your question is... YES. The key to your success will be proper ipchain rules. If your not very strong with entering ipchain rules, I would suggest that you download and install "seawall" at http://seawall.sourceforge.net The nice thing about seawall is that you edit a very well documented configuration file that describes your network architecture. Then based on a single configuration file, seawall will issue the appropriate ipchain commands. In fact, seawall's configuration file specifically addresses PPTP servers (even PopTop), PPTP clients behind a linux based firewall along with IPSEC. FWIW: I use seawall on my linux based firewall. Steve Cowles From mario.schmidt at prosolis.de Wed Jan 24 02:41:22 2001 From: mario.schmidt at prosolis.de (mario.schmidt at prosolis.de) Date: Wed, 24 Jan 2001 09:41:22 +0100 Subject: [pptp-server] Thanks to all Message-ID: Hi everybody, what i wanted to say is only: PPTP Server and Client do work for me very good. I want to thank everybody who developed this cool thing of Software and all of you on this mailinglist for the tips i have used to make all working. bye Mario Schmidt From warlock at incom-svyaz.ru Wed Jan 24 05:14:14 2001 From: warlock at incom-svyaz.ru (Vladimir Viatkine) Date: Wed, 24 Jan 2001 14:14:14 +0300 Subject: [pptp-server] Strange Behaviour References: Message-ID: <007d01c085f6$cb9eb9c0$c301a8c0@incomsvyaz.ru> > Forgot to mention that in my case it is DSL through Cisco 675 modem/router > (with NAT and DHCP enabled) i think it's because of NAT. I'm trying to connect thru NAT on Ascend Pipeline NAT and receive error messages too. When i'm trying to connect from the real ip it works well.. Who knows how to fix this problem ? From fwenk at siconline.ch Wed Jan 24 11:55:39 2001 From: fwenk at siconline.ch (Fabian Wenk) Date: Wed, 24 Jan 2001 18:55:39 +0100 Subject: [pptp-server] multiple connections with FreeBSD 3.3 Message-ID: Hello, i have a box running FreeBSD 3.3 with ipfw and poptop 1.0.0, this box is behind a NAT box with a redirect. Connecting with the first VPN client does work just fine. If i try to connect with a second client it gives me the following errors: in /var/log/messages: Jan 23 17:01:52 redboxone ppp[9315]: tun1: Error: iface_inAdd: ioctl(SIOCAIFADDR): 172.19.16.225: File exists Jan 23 17:01:52 redboxone ppp[9315]: tun1: Error: ipcp_InterfaceUp: unable to set ip address Jan 23 17:01:53 redboxone pptpd[9314]: GRE: read(fd=5,buffer=804d000,len=8196) from PTY failed: status = 0 error = No error Jan 23 17:01:53 redboxone pptpd[9314]: CTRL: PTY read or GRE write failed (pty,gre)=(5,4) 172.19.16.225 - 172.19.16.238 is the range for remoteip in /var/log/ppp.log: Jan 23 17:01:52 redboxone ppp[9315]: tun1: IPCP: myaddr 172.19.16.225 hisaddr = 172.19.16.241 Jan 23 17:01:52 redboxone ppp[9315]: tun1: Error: iface_inAdd: ioctl(SIOCAIFADDR): 172.19.16.225: File exists Jan 23 17:01:52 redboxone ppp[9315]: tun1: Error: ipcp_InterfaceUp: unable to set ip address it looks like ppp or pptp are using the first ip address of the range again. pptpd.conf: speed 115200 debug localip 172.19.16.225-238 remoteip 172.19.16.241-254 listen 172.19.1.32 /etc/ppp/ppp.conf: default: set log Phase Chat LCP IPCP CCP tun command set speed 115200 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK \\ dATDT\\T TIMEOUT 40 CONNECT" set timeout 120 pptp: set timeout 0 set ifaddr 172.19.16.225/0 172.19.16.241/0 255.255.255.0 enable proxy does anybody see the problem with this config? thanks for any help bye Fabian From rdavis at professo.net Wed Jan 24 13:37:11 2001 From: rdavis at professo.net (Richard Davis) Date: Wed, 24 Jan 2001 14:37:11 -0500 Subject: [pptp-server] (no subject) Message-ID: <3A6F2EE7.E9D152F4@professo.net> It seems that I am connecting fine on 1723, but I suspect that the GRE isn't working so well. I am getting an LCP: Config requests timed out. Anyway, when I try a traceroute -G (with the GRE patch) to my router, I get nada. When I go to other boxes on the same subnet, the traceroute goes. So my question is, do I have to configure my Cisco router to handle GRE? If so, does anyone know where I can find docs on this? Thanks, Richard Davis From mward at gwtr.com Wed Jan 24 13:01:14 2001 From: mward at gwtr.com (Michael Ward) Date: Wed, 24 Jan 2001 12:01:14 -0700 Subject: [pptp-server] Can't Ping a Thing Message-ID: Good news to report - Thanks to all the help from this group I now can ping (and therefore have access to) resources on my private network from remotely connected pptp clients. I've seen that other folks are having the same trouble so I'm going to tell you what is in place to make my connection work. It's basically a compilation of replies from contributors to this list. I will not be detailed, being a beginner with all this, but I think it will be helpful for other beginners. 1. I've got the ppptp daemon running (per how-to at poptop.lineo.com, including pptpd.conf and chap-secrets) 2. Win98 client configured - tcp/ip properties are set to let server assign ip address 3. ipforwarding enabled in linux kernel (it was enabled by default on my redhat 7.0 box) To check if IP_FORWARDING is currently enabled, type (as root): cat /proc/sys/net/ipv4/ip_forward If it returns 0, then IP_FORWARDING is disabled. To enable IP_FORWARDING (without re-booting), type (as root): echo "1" >/proc/sys/net/ipv4/ip_forward To ensure that IP_FORWARDING will be enabled at system boot-up, edit: /etc/sysconfig/network and ensure that the FORWARD_IPV4 variable is set to "yes". 4. PPTP server's LAN Ethernet interface *MUST* be known as the proxy arp check /var/log/messaging for a proxyarp entry. check /etc/ppp/options add proxyarp if missing (see Steve Cowles post, 1/23/01) 5. IPChains - I have *No* rules setup in my ipchains and my connection works perfectly. This is because, in the absence rules, the built-in chains (input, output & forward) use their respective 'policy' to decide the fate of any packet. The default policy for all chains is ACCEPT, therefore all packets are accepted. This is obviously not a secure state to leave your server in. I personally like to get new services like pptp running without complication, then add things like encryption and ipchains one at a time to ease resolution of problems that may occur. 6. Samba - While trying to figure out how to fix my lack of ping problem it was suggested to me that Samba would help me out. It turns out that Samba is not required at all for pptp clients to access resources on my private network 7. Default route - This also is not required In my configuration clients are assigned addresses from the same subnet as my private network. BTW - If anyone cares to know, here's what was wrong with my setup that prevented me from pinging private network resources from a connected pptp client (if I was the type to get embarrassed this would do it).... I had initially configured my win98 client to use a particular IP address, instead of letting the server assign it. I guess I was thinking I'd know exactly what IP address I should be able to ping when it connected. This was before I understood that an address would be assigned from the pptpd.conf file. The first 'localip' address available (per my pptpd.conf file) was the exact same ip address that I had statically assigned to my remote win98 client (see where we're going here?) so.... As I followed through on the many suggestions I received from this list, it turned into a process of elimination. i.e. ipforwarding was indeed enabled on my box, proxyarp was in my /etc/ppp/options file. So as I went through suggestions I eliminated them as the potential problem UNTIL - I checked /var/log/messages and saw that both ends of my tunnel had the same ip address. I reconfigured my win98 client to let the server assign an address and that was it. Lesson learned. ************************** Michael Ward Global Water Technologies, Inc. email: mward at gwtr.com (303) 215-1100 ************************** -----Original Message----- From: Jerry Vonau [mailto:jvonau at home.com] Sent: Tuesday, January 23, 2001 5:44 PM To: Michael Ward Subject: Re: [pptp-server] Can't Ping a Thing Hows the battle going?? Jerry Jerry Vonau wrote: > Michael: > check /var/log/messaging for a proxyarp entry. > check /etc/ppp/options add proxyarp if missing. > Are you using the same network addressing on the > remote client as on the lan? How about some snips? > > Jerry Vonau > > Michael Ward wrote: > > > Hey all - > > I installed redhat linux 7 last week for the first time. Until now I've > > only known windows. I'm the IT Manager for a company in Golden, CO and want > > to do vpn on a linux box instead of microsoft. > > > > I have searched archives of this mailing list and found several suggestions > > for fixing the problem I'm having.... Call me a little slow, but it ain't > > workin'! (more accurately, I'm not workin' it.) > > > > I've got pptp setup and working (I can connect with win98 clients) and have > > not setup encryption yet in an effort to keep it simple while I try to get > > basic functionality. > > > > I have setup Samba and have it running (though I'm not sure if it's > > required, different sources have pointed me in different directions). Samba > > is aware of my WINS server on my internal network (how cool is that? I bow > > down to Samba) > > > > I just read the ipchains how to. I've tried specifically allowing > > forwarding with a rule pulled from the PoPToP faq. > > > > The Problem (note capital P): I can not see (browse nor ping) from a > > connected win98 client *anything* on my network. I have a connection but > > can't play. Where's the fun? > > > > Questions: > > 1. What is the total equation to make this whole deal work (clients should > > be able to browse to resources on internal servers)? i.e. Is it pptpd + > > samba + ipchains? If these three are configured correctly am I set? Is > > there another piece of the puzzle? I've read about and tried messing around > > with default routes/routing tables to no avail. What's the skinny on the > > 'ideal setup', the basics that have to be there? > > > > 2. *If* I leave ipchains with *no rules* set up at all, the default policy > > (confirmed with ./ipchains -L) for all rules is ACCEPT. Should my box be > > forwarding all packets in this scenario? It doesn't, nor can I get it to > > forward packets to the private network by using rules pulled from the poptop > > faq. > > > > 3. Any specifics in implementing the 'ideal setup' are greatly appreciated. > > > > Anyone feeling really generous is invited to give my dumb ass a call. I'm > > sure I could learn a great deal in a few minutes of brain picking. > > > > Thank you all for your help (couldn't have gotten this far in a week without > > it). > > > > Michael Ward > > mward at gwtr.com > > (303) 215-1100 (m-f 9-5 mst) > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! From danielcraig at paradise.net.nz Wed Jan 24 16:14:28 2001 From: danielcraig at paradise.net.nz (Daniel Craig) Date: Thu, 25 Jan 2001 11:14:28 +1300 Subject: [pptp-server] (no subject) Message-ID: Hi all I have a problem. I have a pptpd running on my firewall. My firewall is masquerading the internal network (subnet 192.168.1.0/24) the gateway is eth0=192.168.1.1 the ip for the external interface is eth1=192.168.0.1: this is connected to an ADSL modem(which has a static ip) with DHCP and NAT enabled(DHCP so that eth1 can pick connect to the modem, Nat is translating port 47 and 1723 to 192.168.0.1. My problem is when logging in from the outside. I can login fine. But I can't get any traffic back, I can't ping machines on the local net and I can't ping from the local net to the VPN client. Can anyone help? Do you need me to give more info about the my setup? Does anyone have experience with this kind of setup? Kind Regards Daniel Craig From danielcraig at paradise.net.nz Wed Jan 24 16:27:56 2001 From: danielcraig at paradise.net.nz (Daniel Craig) Date: Thu, 25 Jan 2001 11:27:56 +1300 Subject: [pptp-server] (no subject) Message-ID: Anyone know how to let protocol 47 through a ADSL router (NAT)? Kind Regards Daniel Craig From seaboy at haedong.re.kr Wed Jan 24 17:06:09 2001 From: seaboy at haedong.re.kr (=?ks_c_5601-1987?B?wMzD4bDm?=) Date: Thu, 25 Jan 2001 08:06:09 +0900 Subject: [pptp-server] [ cancel ] Message-ID: <000e01c0865a$43b18560$77ede0d3@leenb> hello. I want to delete my email address in the lists. thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From anance at syssrc.com Wed Jan 24 18:31:00 2001 From: anance at syssrc.com (Alexander Nance) Date: Wed, 24 Jan 2001 19:31:00 -0500 Subject: [pptp-server] (no subject) Message-ID: the main thing that you have to do is make sure that you are masquerading the internal network as well. The other gotcha is that you are not blocking the 192 network in another part of your script. That is a common thing to do when you are trying to prevent spoofing but you have to allow it. >>> "Daniel Craig" 01/24/01 05:14PM >>> Hi all I have a problem. I have a pptpd running on my firewall. My firewall is masquerading the internal network (subnet 192.168.1.0/24) the gateway is eth0=192.168.1.1 the ip for the external interface is eth1=192.168.0.1: this is connected to an ADSL modem(which has a static ip) with DHCP and NAT enabled(DHCP so that eth1 can pick connect to the modem, Nat is translating port 47 and 1723 to 192.168.0.1. My problem is when logging in from the outside. I can login fine. But I can't get any traffic back, I can't ping machines on the local net and I can't ping from the local net to the VPN client. Can anyone help? Do you need me to give more info about the my setup? Does anyone have experience with this kind of setup? Kind Regards Daniel Craig _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From richard at blauvelt.com Wed Jan 24 20:05:34 2001 From: richard at blauvelt.com (Richard E Blauvelt) Date: Wed, 24 Jan 2001 18:05:34 -0800 Subject: [pptp-server] [ cancel ] In-Reply-To: <000e01c0865a$43b18560$77ede0d3@leenb> Message-ID: <5.0.2.1.0.20010124180111.0382dec0@blauvelt.com> Hi =?ks_c_5601-1987?B?wMzD4bDm?=, Try going to this address, then follow the instructions: http://lists.schulte.org/mailman/listinfo/pptp-server Or, you could send your request (make sure the subject is "unsubscribe") to: mailto:pptp-server-request at lists.schulte.org?subject=unsubscribe Good luck, Richard At 03:06 PM 1/24/01, you wrote: >hello. >I want to delete my email address in the lists. >thank you From jason at sohonetworks.cc Thu Jan 25 12:36:02 2001 From: jason at sohonetworks.cc (Jason Osborne) Date: Thu, 25 Jan 2001 12:36:02 -0600 Subject: [pptp-server] Problem Solved: Could not determine local IP address. Message-ID: Hello, I just thought I would post of the results on this error for those of you running poptop on ISDN. I have finally solved my problem with the help of the comp.protocols.ppp newsgroup. The problem that was causing the error, "Could not determine local IP address", was caused by an option in my isdn's options file. The option giving me this error was "noipdefault". After researching the this option, it appears that it, in some way, affects the pptpd connection causing it to ask the client connection for the local ip address. Of course, it doesn't have a clue so pptpd errors out. When the option is removed, the client excepts pptpd default ip address (or list) and connects successfully. I have attached my ISDN and VPN option files for those who are interested. If you are having a similar problem with ISDN and it is ppp related, I advise you check out the newsgroup. They're really terrific. Finally, thanks to those who provided some insight into the problem. Specifically, George Vieira, Javier Cuevas, and Jerry Vonau. And special thanks to the guy who gave me the answer over at comp.protocols.ppp, James Carlson. Please let me know if you have any questions. Thanks again, Jason. Short snippet from James' email... So, back to the original problem, there's a "noipdefault" somewhere in the configuration being read for this PPTP session, and this must be removed because the peer system doesn't know the local IP address, and simply (and bogusly) acks 0.0.0.0. ==> From the pppd man page <== noipdefault Disables the default behaviour when no local IP address is specified, which is to determine (if possi?ble) the local IP address from the hostname. With this option, the peer will have to supply the local IP address during IPCP negotiation (unless it specified explicitly on the command line or in an options file). ==> /etc/ppp/options <== lock modem crtscts asyncmap 20A0000 defaultroute debug user lcarpet #### noipdefault #### Remove this to fix problem. noauth nodetach ==> /etc/ppp/options.vpn <== lock debug name server auth mru 1450 mtu 1450 require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless -- Jason Osborne Data and Telecom Network Solutions Your total Internetworking solutions provider! 3847 Timberglen Rd., STE 4013 Dallas, TX 75287 Phone: 972-307-0676 Mobile: 214-284-3337 Web: http://www.sohonetworks.cc E-mail: sales at sohonetworks.cc From vlast at eetc.com Thu Jan 25 11:14:31 2001 From: vlast at eetc.com (Vlad Strezhnev) Date: Thu, 25 Jan 2001 11:14:31 -0600 Subject: [pptp-server] Strange Behaviour In-Reply-To: <20010123202101.39951.qmail@web11202.mail.yahoo.com> Message-ID: <3A700A97.8645.A0F1898@localhost> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2781 bytes Desc: not available URL: From ethan21 at teleline.es Thu Jan 25 18:39:26 2001 From: ethan21 at teleline.es (Ethan) Date: Fri, 26 Jan 2001 00:39:26 -0000 Subject: [pptp-server] Dynamic VPN Message-ID: <000901c08730$707a0a00$c0f4fea9@user> Hi to all! I've found a site that may help some of you that are trying to implement a VPN with a dynamic assigned IP. The idea is quite simply, the VPN server post his current IP addres on a free site, and the clients look at in on a site using an user & pass. See at: http://home.domaindlx.com/webresources Regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: From vgill at technologist.com Thu Jan 25 19:40:12 2001 From: vgill at technologist.com (Gill, Vern) Date: Thu, 25 Jan 2001 17:40:12 -0800 Subject: [pptp-server] Dynamic VPN Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C07@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> I would reccommend a free Dynamic DNS service instead. yi.org, or dns2go are freee, and have scripts available for linux, among others. This way, when your box connects/is connected, you can access the VPN using your dynamic DNS name. ? I.E. ethan.yi.org ethan.dns2go.com ? Works much better than having to go find out the address, then try to connect... ? Share and enjoy -----Original Message----- From: Ethan [mailto:ethan21 at teleline.es] Sent: Thursday, January 25, 2001 4:39 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Dynamic VPN Hi to all! ? I've found a site that may help some of you that are trying to implement a VPN with a dynamic assigned IP. ? The idea is quite simply, the VPN server post his current IP addres on a free site, and the clients look at in on a site using an user & pass. ? See at: http://home.domaindlx.com/webresources ? Regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: From john at snake.supranet.net Thu Jan 25 23:16:57 2001 From: john at snake.supranet.net (John Heyer) Date: Thu, 25 Jan 2001 23:16:57 -0600 (CST) Subject: [pptp-server] multiple connections with FreeBSD 3.3 In-Reply-To: Message-ID: Hi - please check out my FreeBSD/PPTPd page at http://heyer.supranet.net/pptp under "PPP Configuration". All you need to do is change your "set ifaddr" line to do ranges of IP address and you should be good to go. -- Johh Heyer - john at personal.supranet.net - http://heyer.supranet.net "Me fail English? That's unpossible!" -- Ralph Wiggam From seth at calculon.northrops.com Fri Jan 26 01:48:23 2001 From: seth at calculon.northrops.com (Seth Northrop) Date: Thu, 25 Jan 2001 23:48:23 -0800 (PST) Subject: [pptp-server] Small VPN... Message-ID: Hi. I'm very new to PoPToP, and, didn't find the answer to my question within the various pieces of documention on the site. My apologies if this has been asked before.. I want to build a fairly simplistic VPN. Currently a very simplistic view of an architecture looks like: -- Mail Server Intranet |- Web Server DB Internet |- Firewall <--- File Server -- DNS Internal LAN Ideally, we want to allow remote users with both static AND/OR dynamic ip addresses (dialup/DSL/Cable etc.) into the internal network securely so that we can allow SMTP relaying to only occur from an internal interface / SMTP server, along with giving users access to our corporate intranet and/or fileserver(s). Currently we are doing port forwarding from the firewall and POP authenticated relay restrictions on the external mail server. Neither seem as clean as a VPN solution. And, absent serving file directories via apache, we have no good means to provide access to samba shares to remote users. Clients are mostly Windows 95/98/2000 with the potential that windows ME could pop into the picture. There are also a few linux clients that could gain access. This is not a heavily remotely used network. I wouldn't expect more than a couple of people at any given point remotely accessing the network.. and, of those they will not be pushing a large amount of data. The question is whether PoPToP is appropriate for this configuration; particularly as it pertains to routing IP traffic through the tunnel->internal corporate net from dynamic (unknown) remote IPs. If not, what other software/hardware options are there? Thanks for any input you can share! Seth From iron_maiden at engineer.com Fri Jan 26 09:46:48 2001 From: iron_maiden at engineer.com (Lillian Kulhanek) Date: Fri, 26 Jan 2001 10:46:48 -0500 (EST) Subject: [pptp-server] port forwarding Message-ID: <385691364.980524008521.JavaMail.root@web589-mc> Hi gang, I'm stumped with this one, and haven't found much documentation to help. I have a masqueraded network, and would like to place my pptp server behind the firewall, and have all requests to port 1723 forwarded to the internal pptp server . I can't get to this stage. Port forwarding is not working for me. I've simplified the problem-solving to the point of trying to port forward telnet from one computer in the same network to the other. For example, ipmasqadm portfw -a -P tcp -L 192.168.2.221 23 -R 192.168.2.2 23 I don't see any connection attempts in the logs of any of the machines involved. If you have any idea I'd love to hear it. System is linux 2.2.17 with vpn masquerade patch installed with no errors. Thanks in advance!!! ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup From Steve at SteveCowles.com Fri Jan 26 10:42:36 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 26 Jan 2001 10:42:36 -0600 Subject: [pptp-server] port forwarding Message-ID: <90769AF04F76D41186C700A0C90AFC3EE616@defiant.infohiiway.com> > -----Original Message----- > From: Lillian Kulhanek > > Hi gang, > I'm stumped with this one, and haven't found much > documentation to help. > > I have a masqueraded network, and would like to place my pptp > server behind the firewall, and have all requests to port 1723 > forwarded to the internal pptp server . I can't get to this > stage. Port forwarding is not working for me. > > I've simplified the problem-solving to the point of trying to > port forward telnet from one computer in the same network to > the other. > For example, > > ipmasqadm portfw -a -P tcp -L 192.168.2.221 23 -R 192.168.2.2 23 > > I don't see any connection attempts in the logs of any of the > machines involved. If you have any idea I'd love to hear it. In addition to ipmasqadm; you will also need to ACCEPT tcp port 23 on your firewalls external interface using ipchains. With regards to running a masq'd PPTP server: 1) Your firewalls kernel will need to be patched to handle masqueraded PPTP connections. Checkout: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html 2) In addition to port forwarding tcp port 1723 (from the firewall), PPTP requires that you also protocol forward (not port forward) GRE packets. i.e. protocol 47. I use ipfwd to accomplish this. example: ipfwd --masq 192.168.2.2 47 & FWIW: Once your firewall is properly patched and port/protocol forwarding is setup... your firewalls log files will show the following entry when a PPTP client establishes a PPTP tunnel to a masq'd PPTP server. The x.x.x.x is the public IP address of my laptop using my dialup account. 192.168.9.3 is the ip address of my "masq'd" linux server running PopTop. Jan 26 00:02:33 firewall kernel: ip_masq_gre(): creating GRE masq for 192.168.9.3 -> x.x.x.x CID=8000 MCID=4BA0 Steve Cowles From Steve at SteveCowles.com Fri Jan 26 13:27:45 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 26 Jan 2001 13:27:45 -0600 Subject: [pptp-server] Small VPN... Message-ID: <90769AF04F76D41186C700A0C90AFC3EE618@defiant.infohiiway.com> > -----Original Message----- > From: Seth Northrop > > Hi. I'm very new to PoPToP, and, didn't find the answer to > my question within the various pieces of documention on the > site. My apologies if this has been asked before.. > > I want to build a fairly simplistic VPN. > > Currently a very simplistic view of an architecture looks like: > > -- Mail Server Intranet > |- Web Server DB > Internet |- Firewall <--- File Server > -- DNS Internal LAN I could not determine what type of firewall you are using from your post. i.e. linux based or third party. I'm assuming its linux based. Either way, a PPTP tunnel will require that protocol 47 (GRE) and TCP port 1723 be ACCEPTED on the firewalls external interface. In addition, based on where you insert your PPTP server into your network architecture, i.e. running on the firewall itself or behind it masq'd will dictate whether or not you have to also deal with port forwarding issues like patching your kernel and using ipmasqadm/ipfwd. Checkout the following site for more information: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html > Ideally, we want to allow remote users with both static > AND/OR dynamic ip addresses (dialup/DSL/Cable etc.) into > the internal network securely so that we can allow SMTP > relaying to only occur from an internal interface / > SMTP server, along with giving users access to our corporate > intranet and/or fileserver(s). Not an uncommon requirement when implementing a VPN solution. Obviously, your ipchain input rules will have to grant access to protocol 47 and TCP port 1723 from all public IP addresses. i.e. -s 0.0.0.0/0 > Currently we are doing port forwarding from the firewall and > POP authenticated relay restrictions on the external mail > server. Neither seem as clean as a VPN solution. And, absent > serving file directories via apache, we have no good means to > provide access to samba shares to remote users. If you do not have a WINS server running on your internal LAN, install one. It will help the remote PPTP clients deal Microsoft Networking related file/print sharing issues. > Clients are mostly Windows 95/98/2000 with the potential that > windows ME could pop into the picture. There are also a few > linux clients that could gain access. I have tried all of the above OS's with PopTop. The only problem I encountered had to do with implementing 128bit encryption on WIN9x clients, not on my PopTop server. NT/W2K clients worked without a problem. > This is not a heavily remotely used network. I wouldn't > expect more than a couple of people at any given point remotely > accessing the network.. and, of those they will not be pushing > a large amount of data. > > The question is whether PoPToP is appropriate for this > configuration; particularly as it pertains to routing IP > traffic through the tunnel->internal corporate net from dynamic > (unknown) remote IPs. If not, what other software/hardware > options are there? Based on your post, PopTop seems like a good match to me... Steve Cowles From Lillian.Kulhanek at energy.on.ca Fri Jan 26 14:19:34 2001 From: Lillian.Kulhanek at energy.on.ca (Lillian Kulhanek) Date: Fri, 26 Jan 2001 15:19:34 -0500 Subject: [pptp-server] RE: pptp-server digest, Vol 1 #103 - 8 msgs In-Reply-To: <200101261801.MAA40468@poontang.schulte.org> Message-ID: <000f01c087d5$4d67b580$2c02a8c0@Lillian.energy.on.ca> OK stupid me, I had to explicitly tell the masq'ed server what the gateway was, with a route statement. (I saw this on a prior post on the masq list. http://home.indyramp.com/lists/masq for future reference if anyone needs it). eg. route add -host 192.168.2.2 gw 192.168.2.1 In my defense, things still weren't working, so I told my non-PHB, who was helping me, to do a tcpdump, and sure enough, nothing forwarding, when he realized he had entered an incorrect portfw statement. Bit of a comedy of errors happening here. Sorry for the bandwidth. --__--__-- Message: 8 From: "Cowles, Steve" To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] port forwarding Date: Fri, 26 Jan 2001 10:42:36 -0600 > -----Original Message----- > From: Lillian Kulhanek > > Hi gang, > I'm stumped with this one, and haven't found much > documentation to help. > > I have a masqueraded network, and would like to place my pptp > server behind the firewall, and have all requests to port 1723 > forwarded to the internal pptp server . I can't get to this > stage. Port forwarding is not working for me. > > I've simplified the problem-solving to the point of trying to > port forward telnet from one computer in the same network to > the other. > For example, > > ipmasqadm portfw -a -P tcp -L 192.168.2.221 23 -R 192.168.2.2 23 > > I don't see any connection attempts in the logs of any of the > machines involved. If you have any idea I'd love to hear it. In addition to ipmasqadm; you will also need to ACCEPT tcp port 23 on your firewalls external interface using ipchains. With regards to running a masq'd PPTP server: 1) Your firewalls kernel will need to be patched to handle masqueraded PPTP connections. Checkout: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html 2) In addition to port forwarding tcp port 1723 (from the firewall), PPTP requires that you also protocol forward (not port forward) GRE packets. i.e. protocol 47. I use ipfwd to accomplish this. example: ipfwd --masq 192.168.2.2 47 & FWIW: Once your firewall is properly patched and port/protocol forwarding is setup... your firewalls log files will show the following entry when a PPTP client establishes a PPTP tunnel to a masq'd PPTP server. The x.x.x.x is the public IP address of my laptop using my dialup account. 192.168.9.3 is the ip address of my "masq'd" linux server running PopTop. Jan 26 00:02:33 firewall kernel: ip_masq_gre(): creating GRE masq for 192.168.9.3 -> x.x.x.x CID=8000 MCID=4BA0 Steve Cowles From vlast at eetc.com Sat Jan 27 15:36:38 2001 From: vlast at eetc.com (Vlad Strezhnev) Date: Sat, 27 Jan 2001 15:36:38 -0600 Subject: [pptp-server] DSL connection with Cisco 675 and NAT Message-ID: <3A72EB06.6828.5692EC@localhost> Release Notes for CBOS 2.2.0 for Cisco 675 DSL modem/router states that it supports wildcard static NAT entries. Here is my *positive* experience proving that it is valid for pptp- based VPNs, at least in "W2K client - Linux server" and "Linux client - Linux server" cases. After Qwest DSL was installed I was able to connect from home to my corporate PoPToP (behind Linux firewall) with out-of-the box Cisco 675 configuration and W2K workstation. However it was possible only after multiple retries because of infamous 619 (port not connected) errors. Strangely, this problem was becoming worse until recently the connection became impossible at all - constant 619 errors. Was it due to my consequent W2K security updates or not - is an open question. May be not. After all stopped working, I tried to connect with Linux pptp client and also failed with "connection timed out error". (But then again, it might be because Linux pptp client does not have those "security issues" that were being fixed in Windows "Internet Connection Wizard".) My monitoring of pptp connections on CBOS terminal revealed that in its shipped configuration NAT was mapping GRE to router's internal gateway address 10.0.0.1. After I added one static NAT entry: set nat entry add 10.0.0.2 0 47 write rebout the problem was solved. (Okay, okay, I did made the notorious mistake and initially entered set nat entry add 10.0.0.2 47 gre which was a shame, because from the days of ipchains configuration I knew very well that "47" is not a portnum but a protocolname. Apparently CBOS was so "surprised" with this wrong entry that it still keeps it in its NVRAM alongside the right one and refuses all my attempts to delete it.) Anyway, everything works now both from Linux and W2K. When pptp connection is active CBOS terminal correctly shows GRE mapping to 10.0.0.2. Moreover, when I experimented with Linux box (IP 10.0.0.2) which also has VMware and virtual W2K (IP 10.0.0.3), I was able to alternatively connect with W2K pptp client. In that case CBOS "show nat" command displayed both static NAT entry for 10.0.0.2 and dynamic NAT entry for 10.0.0.3. Happy end. From jason at sohonetworks.cc Sat Jan 27 18:58:00 2001 From: jason at sohonetworks.cc (Jason Osborne) Date: Sat, 27 Jan 2001 18:58:00 -0600 Subject: [pptp-server] Quick, Easy Question Message-ID: I was wondering exactly what the ms-dns setting did. Is this related to a regular DNS server or does this having something to do with WINS? Thanks, Jason. From djm at wiz.net.au Sat Jan 27 21:30:50 2001 From: djm at wiz.net.au (David Moylan) Date: Sun, 28 Jan 2001 14:30:50 +1100 Subject: [pptp-server] Quick, Easy Question References: Message-ID: <001901c088da$b69e9c70$1464a8c0@dmoylan> ms-dns is the microsoft extension to PPP which allows the handing down of normal DNS server addresses to a PPP client. the original PPP protocol did not handle this. microsoft also (as a separate option) have the ms-wins extension to handle the issuing of wins server addresses as well. cheers, Wiz!! ----- Original Message ----- From: "Jason Osborne" To: "Pptp-List (submission)" Sent: Sunday, January 28, 2001 11:58 AM Subject: [pptp-server] Quick, Easy Question > I was wondering exactly what the ms-dns setting did. Is this related to a > regular DNS server or does this having something to do with WINS? Thanks, > Jason. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jason at sohonetworks.cc Sat Jan 27 21:46:45 2001 From: jason at sohonetworks.cc (Jason Osborne) Date: Sat, 27 Jan 2001 21:46:45 -0600 Subject: [pptp-server] Quick, Easy Question In-Reply-To: <001901c088da$b69e9c70$1464a8c0@dmoylan> Message-ID: First off, thanks for clearing that up. One more question though. Can you specify more than one of each? -----Original Message----- From: David Moylan [mailto:djm at wiz.net.au] Sent: Saturday, January 27, 2001 9:31 PM To: Jason Osborne; Pptp-List (submission) Subject: Re: [pptp-server] Quick, Easy Question ms-dns is the microsoft extension to PPP which allows the handing down of normal DNS server addresses to a PPP client. the original PPP protocol did not handle this. microsoft also (as a separate option) have the ms-wins extension to handle the issuing of wins server addresses as well. cheers, Wiz!! ----- Original Message ----- From: "Jason Osborne" To: "Pptp-List (submission)" Sent: Sunday, January 28, 2001 11:58 AM Subject: [pptp-server] Quick, Easy Question > I was wondering exactly what the ms-dns setting did. Is this related to a > regular DNS server or does this having something to do with WINS? Thanks, > Jason. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From djm at wiz.net.au Sat Jan 27 21:50:41 2001 From: djm at wiz.net.au (David Moylan) Date: Sun, 28 Jan 2001 14:50:41 +1100 Subject: [pptp-server] Quick, Easy Question References: Message-ID: <002801c088dd$7c1fc260$1464a8c0@dmoylan> absolutely. in fact, it's a must for ms-wins if you have a win9x machine connecting up. just repeat the line ms-dns 1.2.3.4 ms-dns 4.5.6.7 cheers, Wiz!! ----- Original Message ----- From: "Jason Osborne" To: "David Moylan" ; "Pptp-List (submission)" Sent: Sunday, January 28, 2001 2:46 PM Subject: RE: [pptp-server] Quick, Easy Question > First off, thanks for clearing that up. One more question though. Can you > specify more than one of each? > > -----Original Message----- > From: David Moylan [mailto:djm at wiz.net.au] > Sent: Saturday, January 27, 2001 9:31 PM > To: Jason Osborne; Pptp-List (submission) > Subject: Re: [pptp-server] Quick, Easy Question > > > ms-dns is the microsoft extension to PPP which allows the > handing down of normal DNS server addresses to a PPP client. > > the original PPP protocol did not handle this. > > microsoft also (as a separate option) have the ms-wins > extension to handle the issuing of wins server addresses as well. > > cheers, Wiz!! > > ----- Original Message ----- > From: "Jason Osborne" > To: "Pptp-List (submission)" > Sent: Sunday, January 28, 2001 11:58 AM > Subject: [pptp-server] Quick, Easy Question > > > > I was wondering exactly what the ms-dns setting did. Is this related to a > > regular DNS server or does this having something to do with WINS? Thanks, > > Jason. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > From Steve at SteveCowles.com Sat Jan 27 22:16:26 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sat, 27 Jan 2001 22:16:26 -0600 Subject: [pptp-server] Quick, Easy Question Message-ID: <90769AF04F76D41186C700A0C90AFC3EE623@defiant.infohiiway.com> From mikem99 at qwest.net Sun Jan 28 22:51:17 2001 From: mikem99 at qwest.net (Mike Millner) Date: Sun, 28 Jan 2001 21:51:17 -0700 Subject: [pptp-server] win2k client --->NAT---->PPTP Server Message-ID: <004201c089af$1dc44ce0$0201050a@millnerm> Hello, this is my first post to this list. I'm having a problem getting the PPTP connection to work. If I give the laptop a public address it makes the PPTP connection just fine. Here is my setup: win2k laptop Redhat 6.1 kernel 10.5.1.2 -------------------------> 2.2.12-20 ----------------------------------------------->PPTP endpoint eth0 63.x.x.x (public) eth1 10.5.1.1 Nat is working fine. The win2k machine can browse web sites, ftp, telnet just fine. When I try to connect the PPTP connection I get: connecting, verifying user name and password, then "The specified port is not connected". I've been reading a lot and it seems that I need to allow port 1723 and protocol 47. These two lines have NAT working fine: /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 10.5.1.0/24 -j MASQ This Linux box has ipchains, ipmasqadm, and ipfwd installed. I'm pretty sure I have everything installed that I need. I just don't know the syntax for the port forwarding and the protocol allowing. These are some of the things I've tried: /usr/sbin/ipmasqadm portfw -a -P tcp -L 63.x.x.x 1723 -R 10.5.1.1 1723 /sbin/ipchains -A input -p TCP -i eth0 --dport 1723 -j ACCEPT /sbin/ipchains -A input -p 47 -i eth0 -j ACCEPT /usr/local/sbin/ipfwd --masq 10.5.1.1 47 & I believe I'm real close. After staring at all day and changing things I'm asking for some help from a fresh pair of eyes. Thanks, Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From jvonau at home.com Sun Jan 28 23:41:31 2001 From: jvonau at home.com (Jerry Vonau) Date: Sun, 28 Jan 2001 23:41:31 -0600 Subject: [pptp-server] win2k client --->NAT---->PPTP Server References: <004201c089af$1dc44ce0$0201050a@millnerm> Message-ID: <3A75028B.F7E2C970@home.com> Mike: Is the laptop behind the linux box or is the server behind it? Your setup looks like it is masq/portforwarding a server. I don't think you need to portforward a client, but you may need to patch your kernel. How about a little more background? see: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html Jerry Vonau Mike Millner wrote: > Hello, this is my first post to this list. I'm having a problem > getting the PPTP connection to work. If I give the laptop a public > address it makes the PPTP connection just fine. Here is my > setup: win2k laptop Redhat 6.1 > kernel10.5.1.2 -------------------------> > 2.2.12-20 > ----------------------------------------------->PPTP > endpoint eth0 63.x.x.x > (public) eth1 > 10.5.1.1 Nat is working fine. The win2k machine can browse web sites, > ftp, telnet just fine. When I try to connect the PPTP connection I > get: connecting, verifying user name and password, then "The specified > port is not connected". I've been reading a lot and it seems that I > need to allow port 1723 and protocol 47. These two lines have NAT > working fine:/sbin/ipchains -P forward DENY > /sbin/ipchains -A forward -s 10.5.1.0/24 -j MASQ This Linux box has > ipchains, ipmasqadm, and ipfwd installed. I'm pretty sure I have > everything installed that I need. I just don't know the syntax for the > port forwarding and the protocol allowing. These are some of the > things I've tried: /usr/sbin/ipmasqadm portfw -a -P tcp -L 63.x.x.x > 1723 -R 10.5.1.1 1723 /sbin/ipchains -A input -p TCP -i eth0 --dport > 1723 -j ACCEPT > /sbin/ipchains -A input -p 47 -i eth0 -j ACCEPT /usr/local/sbin/ipfwd > --masq 10.5.1.1 47 & I believe I'm real close. After staring at all > day and changing things I'm asking for some help from a fresh pair of > eyes. Thanks,Mike From mikem99 at qwest.net Sun Jan 28 23:55:17 2001 From: mikem99 at qwest.net (Mike Millner) Date: Sun, 28 Jan 2001 22:55:17 -0700 Subject: [pptp-server] win2k client --->NAT---->PPTP Server References: <004201c089af$1dc44ce0$0201050a@millnerm> <3A75028B.F7E2C970@home.com> Message-ID: <005c01c089b8$0ea86a80$0201050a@millnerm> The laptop is behind the linix box. The PPTP server is out on the net. Thanks, Mike ----- Original Message ----- From: "Jerry Vonau" To: "Mike Millner" Cc: Sent: Sunday, January 28, 2001 10:41 PM Subject: Re: [pptp-server] win2k client --->NAT---->PPTP Server > Mike: > > Is the laptop behind the linux box or is the server behind it? > Your setup looks like it is masq/portforwarding a server. > I don't think you need to portforward a client, but you may need to > patch > your kernel. How about a little more background? > > see: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html > > Jerry Vonau > > Mike Millner wrote: > > > Hello, this is my first post to this list. I'm having a problem > > getting the PPTP connection to work. If I give the laptop a public > > address it makes the PPTP connection just fine. Here is my > > setup: win2k laptop Redhat 6.1 > > kernel10.5.1.2 -------------------------> > > 2.2.12-20 > > ----------------------------------------------->PPTP > > endpoint eth0 63.x.x.x > > (public) eth1 > > 10.5.1.1 Nat is working fine. The win2k machine can browse web sites, > > ftp, telnet just fine. When I try to connect the PPTP connection I > > get: connecting, verifying user name and password, then "The specified > > port is not connected". I've been reading a lot and it seems that I > > need to allow port 1723 and protocol 47. These two lines have NAT > > working fine:/sbin/ipchains -P forward DENY > > /sbin/ipchains -A forward -s 10.5.1.0/24 -j MASQ This Linux box has > > ipchains, ipmasqadm, and ipfwd installed. I'm pretty sure I have > > everything installed that I need. I just don't know the syntax for the > > port forwarding and the protocol allowing. These are some of the > > things I've tried: /usr/sbin/ipmasqadm portfw -a -P tcp -L 63.x.x.x > > 1723 -R 10.5.1.1 1723 /sbin/ipchains -A input -p TCP -i eth0 --dport > > 1723 -j ACCEPT > > /sbin/ipchains -A input -p 47 -i eth0 -j ACCEPT /usr/local/sbin/ipfwd > > --masq 10.5.1.1 47 & I believe I'm real close. After staring at all > > day and changing things I'm asking for some help from a fresh pair of > > eyes. Thanks,Mike > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From Steve at SteveCowles.com Mon Jan 29 07:58:27 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 29 Jan 2001 07:58:27 -0600 Subject: [pptp-server] win2k client --->NAT---->PPTP Server Message-ID: <90769AF04F76D41186C700A0C90AFC3EE62F@defiant.infohiiway.com> Mike, Since your laptop is behind your RH6.1 based firewall... You will need to patch your firewalls kernel to support masqueraded PPTP connections. i.e. module ip_masq_pptp.o. Checkout the link that Jerry Vonau mentioned in his reply to your post. You will be able to get the necessary patches there. Also, since you are trying to establish an outbound PPTP connection, not running a masq'd PPTP server... you will NOT need to use ipmasqadm/ipfwd in this case. These commands are only required if your running a masqueraded PPTP server and you are having to deal with inbound PPTP connections through your firewall. FWIW: If/when you properly patch your firewalls kernel and then establish an outbound PPTP connection from behind your firewall... you will see the following entries generated in your firewalls logfiles. Jan 22 13:09:11 firewall kernel: ip_masq_pptp_tcp(): OUT_CALL_REQUEST 192.168.9.21 -> xx.xx.xx.xx CID=C000 MCID=F997 Jan 22 13:09:11 firewall kernel: ip_demasq_pptp_tcp(): OUT_CALL_REPLY 192.168.9.21 -> xx.xx.xx.xx CID=C000 MCID=F997 Jan 22 13:11:53 firewall kernel: ip_masq_pptp_tcp(): CALL_DISCONNECT_NOTIFY 192.168.9.21 -> xx.xx.xx.xx CID=C000 MCID=F997 NOTE: The 192.168.9.21 is my W2k box behind my firewall, xx.xx.xx.xx is the ip address of the remote PPTP server. Steve Cowles > -----Original Message----- > From: Mike Millner [mailto:mikem99 at qwest.net] > Sent: Sunday, January 28, 2001 11:55 PM > To: Jerry Vonau > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] win2k client --->NAT---->PPTP Server > > > The laptop is behind the linix box. The PPTP server is out on > the net. > > Thanks, > Mike > ----- Original Message ----- > From: "Jerry Vonau" > To: "Mike Millner" > Cc: > Sent: Sunday, January 28, 2001 10:41 PM > Subject: Re: [pptp-server] win2k client --->NAT---->PPTP Server > > > > Mike: > > > > Is the laptop behind the linux box or is the server behind it? > > Your setup looks like it is masq/portforwarding a server. > > I don't think you need to portforward a client, but you may need to > > patch > > your kernel. How about a little more background? > > > > see: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html > > > > Jerry Vonau > > From chepati at yahoo.com Mon Jan 29 11:42:22 2001 From: chepati at yahoo.com (IvanK.) Date: Mon, 29 Jan 2001 12:42:22 -0500 Subject: [pptp-server] Kernel 2.4.0? Message-ID: <01012912422200.01094@levski> Hi, I've been running poptop 1.1.1 for quite some time on 2.2.14 and I am happy with it. However, I am contemplating upgrading to 2.4.0 and I am wondering if poptop is known to work with the new kernel. Is the installation procedure the same? Thanks, IvanK. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From mike at seattleserver.com Mon Jan 29 12:30:01 2001 From: mike at seattleserver.com (Mike McQuade) Date: Mon, 29 Jan 2001 10:30:01 -0800 Subject: [pptp-server] Kernel 2.4.0? In-Reply-To: <01012912422200.01094@levski> Message-ID: I just got it going with 2.4.1pre-10. I built PPP into the kernel (along with all the PPP extras), then I made a /dev/ppp device: # mknod /dev/ppp c 108 0 # chmod 600 /dev/ppp I had to add a rule to IPTABLES to open port 1723. That was it, basic poptop up and running. Mike -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of IvanK. Sent: Monday, January 29, 2001 9:42 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Kernel 2.4.0? Hi, I've been running poptop 1.1.1 for quite some time on 2.2.14 and I am happy with it. However, I am contemplating upgrading to 2.4.0 and I am wondering if poptop is known to work with the new kernel. Is the installation procedure the same? Thanks, IvanK. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From ismandya at sains.com.my Mon Jan 29 22:13:22 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Tue, 30 Jan 2001 12:13:22 +0800 Subject: [pptp-server] http://www.vibres.com/pptpd/example.html Message-ID: <3A763F62.B95D876E@sains.com.my> An HTML attachment was scrubbed... URL: From jason at sohonetworks.cc Mon Jan 29 23:43:42 2001 From: jason at sohonetworks.cc (Jason Osborne) Date: Mon, 29 Jan 2001 23:43:42 -0600 Subject: [pptp-server] Quick question about client side encryption Message-ID: I was wondering if there is a way to allow clients without encryption to login to the vpn. I noticed that some 98 first edition clients cause the server to report unsupported protocols when they login. I checked first off to make sure I had mppe-stateless added to my options file. It was. To fix the problem, I commented out all the encryption lines in the pptpd's options and it worked fine. I also checked the client system's VPN Dialup connection and the only two boxes checked were Logon to Network and enable software compression. What would i need to do to setup the connection so that it could fasilate windows 98 first edition with no encryption and win98 se with 128 and then 40? Is this even possible? Thanks, Jason. From rage at sohonetworks.cc Mon Jan 29 23:49:53 2001 From: rage at sohonetworks.cc (Jason Osborne) Date: Mon, 29 Jan 2001 23:49:53 -0600 Subject: [pptp-server] http://www.vibres.com/pptpd/example.html In-Reply-To: <3A763F62.B95D876E@sains.com.my> Message-ID: Have you checked to make sure that the cisco router isn't blocking GRE packets? 7.3.9. Get "Sent [LCP ConfReq id=0x1 " "...last message repeated 9 times" "LCP: timeout sending Config-Requests" errors in your log file This typically means the GRE data link is not making it from your client to your server, typically because of firewalls. Remember that pptpd requires both a control connection (TCP port 1723) and a data connection (GRE protocol = TCP/IP protocol 47). Check all of the firewalls between your two machines to make sure they are allowing both types of traffic to pass in both directions. Also, what type of connection do you have to the internet. I have ISDN and was having the same problem and it turned out to not be my firewall, but something else. Also, turn all on the debugging you can and post up a session so we can take a look at it. Thanks, Jason. A link you might find usefully: http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Ismandy Ali Sent: Monday, January 29, 2001 10:13 PM To: phil at vibrationresearch.com; pptp-server at lists.schulte.org Subject: [pptp-server] http://www.vibres.com/pptpd/example.html Hi there, I have followed the exampled inside the http://www.vibres.com/pptpd/example.html, of course with some parameter changes. but still I got the same problem. "LCP: timeout sending Config-Requests ". I have browse every postings inside the mailing-list I thought that maybe I did something wrong during any of the steps. so I decided to delete all the files, reinstall all the applications/patches and rebuild the kernel - twice. I have been doing this since last two weeks(this week makes it three weeks), but I did n't get any positive outcome . I am not behind any firewall, the least is our router configured not to "SMURF". Attached is my /etc/ppp/options and cisco router configuration. I have my windows 's box VPN updated. i am using linux redhat 6.2 and kernel 2.2.17. debug name kgsnt3 mru 1450 mtu 1450 auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless 202.184.155.1: smurf configuration on cisco router: Filter from internet tcp port 137 tcp port netbios-ns tcp port 139 udp service netbios-dgm udp service 139 udp service 138 icmp service unreachable (deny to network address) icmp service echo (deny to network address) _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! -------------- next part -------------- An HTML attachment was scrubbed... URL: From jvonau at home.com Tue Jan 30 00:21:08 2001 From: jvonau at home.com (Jerry Vonau) Date: Tue, 30 Jan 2001 00:21:08 -0600 Subject: [pptp-server] Quick question about client side encryption References: Message-ID: <3A765D54.4E83FB2B@home.com> Jason: What is in your current /etc/ppp/option.vpn file? Need a quick look, may not be the same as your earlier post. Mine works with like that no problems. I think all you need is "require encrypted passwords" on the client. Please don't post in html Jerry Vonau Jason Osborne wrote: > I was wondering if there is a way to allow clients without encryption to > login to the vpn. I noticed that some 98 first edition clients cause the > server to report unsupported protocols when they login. > I checked first off to make sure I had mppe-stateless added to my options > file. It was. To fix the problem, I commented out all the encryption lines > in the pptpd's options and it worked fine. I also checked the client > system's VPN Dialup connection and the only two boxes checked were Logon to > Network and enable software compression. What would i need to do to setup > the connection so that it could fasilate windows 98 first edition with no > encryption and win98 se with 128 and then 40? Is this even possible? Thanks, > Jason. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From ismandya at sains.com.my Tue Jan 30 00:19:53 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Tue, 30 Jan 2001 14:19:53 +0800 Subject: [pptp-server] http://www.vibres.com/pptpd/example.html References: Message-ID: <3A765D09.34F22164@sains.com.my> An HTML attachment was scrubbed... URL: From jason at sohonetworks.cc Tue Jan 30 00:48:41 2001 From: jason at sohonetworks.cc (Jason Osborne) Date: Tue, 30 Jan 2001 00:48:41 -0600 Subject: [pptp-server] Quick question about client side encryption In-Reply-To: <3A765D54.4E83FB2B@home.com> Message-ID: Sure, no problem. I have included both options files here. I have left the mppe stuff commented out. Pay no attention to that. Did this earlier to allow Windows 98 First Edition to connect without Unsupported Protocol errors. ==> vpn.options <== lock debug name server auth mru 1450 mtu 1450 require-chap proxyarp #+chap #+chapms #+chapms-v2 #mppe-128 #mppe-40 #mppe-stateless ms-wins 192.168.0.1 ms-wins 192.168.0.1 ms-dns 192.168.0.1 ms-dns 209.30.0.9 ms-dns 209.30.0.100 ==> options <== (isdn options file) lock -----Original Message----- From: Jerry Vonau [mailto:jvonau at home.com] Sent: Tuesday, January 30, 2001 12:21 AM To: Jason Osborne; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Quick question about client side encryption Jason: What is in your current /etc/ppp/option.vpn file? Need a quick look, may not be the same as your earlier post. Mine works with like that no problems. I think all you need is "require encrypted passwords" on the client. Please don't post in html Jerry Vonau Jason Osborne wrote: > I was wondering if there is a way to allow clients without encryption to > login to the vpn. I noticed that some 98 first edition clients cause the > server to report unsupported protocols when they login. > I checked first off to make sure I had mppe-stateless added to my options > file. It was. To fix the problem, I commented out all the encryption lines > in the pptpd's options and it worked fine. I also checked the client > system's VPN Dialup connection and the only two boxes checked were Logon to > Network and enable software compression. What would i need to do to setup > the connection so that it could fasilate windows 98 first edition with no > encryption and win98 se with 128 and then 40? Is this even possible? Thanks, > Jason. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From anesthes at cisdi.com Tue Jan 30 06:06:52 2001 From: anesthes at cisdi.com (Joey Coco) Date: Tue, 30 Jan 2001 07:06:52 -0500 (EST) Subject: [pptp-server] Problems when going to 2.4.0 Message-ID: Hello, I've went to 2.4.0 on one of my box's to test it and it appears poptop stopped working. I used the same .config file from my 2.2.17 sources, and then even tried compiling in everything as resident code, not modules. I get an error 629: lost connection on win98 second edition, and the following logs on the Linux side. I'm using pppd-2.3.11, and then OpenSSL patches. Is there a 2.4.0 specific patch I forgot about?? : demo:/var/log# tail messages Jan 30 21:50:00 demo -- MARK -- Jan 30 22:10:00 demo -- MARK -- Jan 30 22:22:20 demo in.telnetd[610]: connect from root at 216.20.16.60 Jan 30 22:22:23 demo login[611]: `anesthes' logged in on `ttyp0' from `cisdi.com' Jan 30 22:22:29 demo su[618]: + ttyp0 anesthes-root Jan 30 22:23:37 demo pptpd[626]: CTRL: Client 216.20.16.61 control connection started Jan 30 22:23:37 demo pptpd[626]: CTRL: Starting call (launching pppd, opening GRE) Jan 30 22:23:37 demo pppd[627]: pppd 2.3.11 started by anesthes, uid 0 Jan 30 22:23:37 demo pppd[627]: Exit. Jan 30 22:23:37 demo pptpd[626]: CTRL: Client 216.20.16.61 control connection finished demo:/var/log# demo:/var/log# tail syslog Jan 30 11:48:18 demo pptpd[304]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 30 11:48:24 demo pppd[307]: ioctl(TIOCSETD): Invalid argument(22) Jan 30 11:48:24 demo pptpd[306]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY failed: status = -1 error = Input/output error Jan 30 11:48:24 demo pptpd[306]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 30 11:48:58 demo pppd[311]: ioctl(TIOCSETD): Invalid argument(22) Jan 30 11:48:58 demo pptpd[310]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY failed: status = -1 error = Input/output error Jan 30 11:48:58 demo pptpd[310]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 30 22:23:37 demo pppd[627]: ioctl(TIOCSETD): Invalid argument(22) Jan 30 22:23:37 demo pptpd[626]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY failed: status = -1 error = Input/output error Jan 30 22:23:37 demo pptpd[626]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) demo:/var/log# demo:/var/log# tail debug Jan 30 22:23:37 demo pptpd[626]: CTRL: Made a OUT CALL RPLY packet Jan 30 22:23:37 demo pptpd[626]: CTRL: pty_fd = 4 Jan 30 22:23:37 demo pptpd[626]: CTRL: tty_fd = 5 Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): Connection speed = 115200Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): local address = 10.200.1.254 Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): remote address = 10.200.1.1 Jan 30 22:23:37 demo pptpd[626]: CTRL: I wrote 32 bytes to the client. Jan 30 22:23:37 demo pptpd[626]: CTRL: Sent packet to client Jan 30 22:23:37 demo pptpd[147]: MGR: Reaped child 626 Jan 30 22:23:37 demo pptpd[626]: CTRL: Exiting now demo:/var/log# demo:/var/log# uname -a Linux demo 2.4.0 #10 Tue Jan 30 11:19:07 EST 2001 i586 unknown demo:/var/log# pppd --version pppd version 2.3.11 Oddly enough, when I build my kernel I get no modules at all, and I would think that I would at least get a bsd_comp.o module.. a make modules_install absolutely freaks out with depmod. So I may have more than one problem. Any help would be greatly appreciated... -- Joe From rcd at amherst.com Tue Jan 30 09:10:05 2001 From: rcd at amherst.com (Robert Dege) Date: Tue, 30 Jan 2001 10:10:05 -0500 Subject: [pptp-server] Re: http://www.vibres.com/pptpd/example.html Message-ID: <3A76D94D.4142D6C3@comptekamherst.com> I remember getting this error as well. Of course, I was behind a firewall at the time. It ended up being that the IP protocol was being blocked between the PPTP server & Client. The server was sending out the packets, but they never made it past the firewall. I did a tcpdump & was able to watch the incoming & outgoing packets: /usr/sbin/tcpdump -i eth0 port 1723 /usr/sbin/tcpdump -i eth0 proto 47 -Rob ============================= Jan 23 16:23:29 kgsnt3 pptpd[3083]: MGR: Launching /usr/sbin/pptpctrl to handle client Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: pppd speed = 115200 Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: Client 161.142.230.54 control connection started Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: Received PPTP Control Message (type: 1) Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: Made a START CTRL CONN RPLY packet Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: I wrote 156 bytes to the client. Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: Sent packet to client Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: Received PPTP Control Message (type: 7) Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: 0 min_bps, 0 max_bps, 32 window size Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: Made a OUT CALL RPLY packet Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: Starting call (launching pppd, opening GRE) Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: pty_fd = 4 Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: tty_fd = 5 Jan 23 16:23:29 kgsnt3 pptpd[3084]: CTRL (PPPD Launcher): Connection speed = 115200 Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: I wrote 32 bytes to the client. Jan 23 16:23:29 kgsnt3 pptpd[3083]: CTRL: Sent packet to client Jan 23 16:23:29 kgsnt3 pppd[3084]: pppd 2.3.11 started by root, uid 0 Jan 23 16:23:29 kgsnt3 pppd[3084]: Using interface ppp0 Jan 23 16:23:29 kgsnt3 pppd[3084]: Connect: ppp0 <--> /dev/pts/0 Jan 23 16:23:29 kgsnt3 pppd[3084]: sent [LCP ConfReq id=0x1 ] Jan 23 16:23:29 kgsnt3 pppd[3084]: Timeout 0x80503d4:0x80784c0 in 3 seconds. Jan 23 16:23:32 kgsnt3 pppd[3084]: sent [LCP ConfReq id=0x1 ] ....."last message repeated 9 times" From jkreger at avidsolutionsinc.com Tue Jan 30 14:29:27 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Tue, 30 Jan 2001 15:29:27 -0500 Subject: [pptp-server] Problems when going to 2.4.0 Message-ID: <6B8A85826C35D31193BD0090278589C81DEFCB@CIC-EXCHANGE> You are supposto be running pppd 2.4.0 with kernel 2.4 -----Original Message----- From: Joey Coco To: pptp-server at lists.schulte.org Sent: 1/30/01 7:06 AM Subject: [pptp-server] Problems when going to 2.4.0 Hello, I've went to 2.4.0 on one of my box's to test it and it appears poptop stopped working. I used the same .config file from my 2.2.17 sources, and then even tried compiling in everything as resident code, not modules. I get an error 629: lost connection on win98 second edition, and the following logs on the Linux side. I'm using pppd-2.3.11, and then OpenSSL patches. Is there a 2.4.0 specific patch I forgot about?? : demo:/var/log# tail messages Jan 30 21:50:00 demo -- MARK -- Jan 30 22:10:00 demo -- MARK -- Jan 30 22:22:20 demo in.telnetd[610]: connect from root at 216.20.16.60 Jan 30 22:22:23 demo login[611]: `anesthes' logged in on `ttyp0' from `cisdi.com' Jan 30 22:22:29 demo su[618]: + ttyp0 anesthes-root Jan 30 22:23:37 demo pptpd[626]: CTRL: Client 216.20.16.61 control connection started Jan 30 22:23:37 demo pptpd[626]: CTRL: Starting call (launching pppd, opening GRE) Jan 30 22:23:37 demo pppd[627]: pppd 2.3.11 started by anesthes, uid 0 Jan 30 22:23:37 demo pppd[627]: Exit. Jan 30 22:23:37 demo pptpd[626]: CTRL: Client 216.20.16.61 control connection finished demo:/var/log# demo:/var/log# tail syslog Jan 30 11:48:18 demo pptpd[304]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 30 11:48:24 demo pppd[307]: ioctl(TIOCSETD): Invalid argument(22) Jan 30 11:48:24 demo pptpd[306]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY failed: status = -1 error = Input/output error Jan 30 11:48:24 demo pptpd[306]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 30 11:48:58 demo pppd[311]: ioctl(TIOCSETD): Invalid argument(22) Jan 30 11:48:58 demo pptpd[310]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY failed: status = -1 error = Input/output error Jan 30 11:48:58 demo pptpd[310]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jan 30 22:23:37 demo pppd[627]: ioctl(TIOCSETD): Invalid argument(22) Jan 30 22:23:37 demo pptpd[626]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY failed: status = -1 error = Input/output error Jan 30 22:23:37 demo pptpd[626]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) demo:/var/log# demo:/var/log# tail debug Jan 30 22:23:37 demo pptpd[626]: CTRL: Made a OUT CALL RPLY packet Jan 30 22:23:37 demo pptpd[626]: CTRL: pty_fd = 4 Jan 30 22:23:37 demo pptpd[626]: CTRL: tty_fd = 5 Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): Connection speed = 115200Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): local address = 10.200.1.254 Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): remote address = 10.200.1.1 Jan 30 22:23:37 demo pptpd[626]: CTRL: I wrote 32 bytes to the client. Jan 30 22:23:37 demo pptpd[626]: CTRL: Sent packet to client Jan 30 22:23:37 demo pptpd[147]: MGR: Reaped child 626 Jan 30 22:23:37 demo pptpd[626]: CTRL: Exiting now demo:/var/log# demo:/var/log# uname -a Linux demo 2.4.0 #10 Tue Jan 30 11:19:07 EST 2001 i586 unknown demo:/var/log# pppd --version pppd version 2.3.11 Oddly enough, when I build my kernel I get no modules at all, and I would think that I would at least get a bsd_comp.o module.. a make modules_install absolutely freaks out with depmod. So I may have more than one problem. Any help would be greatly appreciated... -- Joe _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From rcd at amherst.com Tue Jan 30 15:16:53 2001 From: rcd at amherst.com (Robert Dege) Date: Tue, 30 Jan 2001 16:16:53 -0500 Subject: [pptp-server] Searchable Domains Message-ID: <3A772F45.99F269@comptekamherst.com> Is it possible to setup a default search domain in the pptp options file for a client that connects? -Rob From Lillian.Kulhanek at energy.on.ca Tue Jan 30 16:40:21 2001 From: Lillian.Kulhanek at energy.on.ca (Lillian Kulhanek) Date: Tue, 30 Jan 2001 17:40:21 -0500 Subject: [pptp-server] Samba not needed on pptp server - was Re: Can't Ping a Thing In-Reply-To: <200101221801.MAA23058@poontang.schulte.org> Message-ID: <000a01c08b0d$a15df920$2c02a8c0@Lillian.energy.on.ca> You don't need Samba on the pptp server itself to get pptp to work. I'm not even sure if it's good practice to have both running on the same machine, though at the moment I can't think of why not. (I agree with you that Samba is pretty cool. Have you looked at rsync - same author). -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of pptp-server-request at lists.schulte.org Sent: January 22, 2001 1:01 PM To: pptp-server at lists.schulte.org Subject: pptp-server digest, Vol 1 #98 - 1 msg Message: 1 From: Michael Ward To: "'pptp-server at lists.schulte.org'" Date: Sun, 21 Jan 2001 18:28:32 -0700 Subject: [pptp-server] Can't Ping a Thing Hey all - I installed redhat linux 7 last week for the first time. Until now I've only known windows. I'm the IT Manager for a company in Golden, CO and want to do vpn on a linux box instead of microsoft. I have searched archives of this mailing list and found several suggestions for fixing the problem I'm having.... Call me a little slow, but it ain't workin'! (more accurately, I'm not workin' it.) I've got pptp setup and working (I can connect with win98 clients) and have not setup encryption yet in an effort to keep it simple while I try to get basic functionality. I have setup Samba and have it running (though I'm not sure if it's required, different sources have pointed me in different directions). Samba is aware of my WINS server on my internal network (how cool is that? I bow down to Samba) I just read the ipchains how to. I've tried specifically allowing forwarding with a rule pulled from the PoPToP faq. The Problem (note capital P): I can not see (browse nor ping) from a connected win98 client *anything* on my network. I have a connection but can't play. Where's the fun? Questions: 1. What is the total equation to make this whole deal work (clients should be able to browse to resources on internal servers)? i.e. Is it pptpd + samba + ipchains? If these three are configured correctly am I set? Is there another piece of the puzzle? I've read about and tried messing around with default routes/routing tables to no avail. What's the skinny on the 'ideal setup', the basics that have to be there? 2. *If* I leave ipchains with *no rules* set up at all, the default policy (confirmed with ./ipchains -L) for all rules is ACCEPT. Should my box be forwarding all packets in this scenario? It doesn't, nor can I get it to forward packets to the private network by using rules pulled from the poptop faq. 3. Any specifics in implementing the 'ideal setup' are greatly appreciated. Anyone feeling really generous is invited to give my dumb ass a call. I'm sure I could learn a great deal in a few minutes of brain picking. Thank you all for your help (couldn't have gotten this far in a week without it). Michael Ward mward at gwtr.com (303) 215-1100 (m-f 9-5 mst) --__--__-- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! End of pptp-server Digest From rcd at amherst.com Tue Jan 30 17:06:19 2001 From: rcd at amherst.com (Robert Dege) Date: Tue, 30 Jan 2001 18:06:19 -0500 Subject: [pptp-server] Outside Access Message-ID: <3A7748EB.A77A627B@comptekamherst.com> Just curious if this is regular or not. I have a machine that connects to the internet. Can access everything just fine. I then make a PPTP connection. *BOOM* I no longer have outside internet access until after I disconnect from the PPTP server. The PPTP server has internet access (as well as the rest of the internal network through a remote firewall). The PPTP server is NOT behind a firewall. The DNS server that I serve the client upon connection acknowledges the existence of outside IPs. Is this supposed to happen, or is something FOOBAR in my setup? -Rob From anesthes at cisdi.com Tue Jan 30 15:41:01 2001 From: anesthes at cisdi.com (Joey Coco) Date: Tue, 30 Jan 2001 16:41:01 -0500 (EST) Subject: [pptp-server] Problems when going to 2.4.0 In-Reply-To: <6B8A85826C35D31193BD0090278589C81DEFCB@CIC-EXCHANGE> Message-ID: Hello, Okie we've got 2.4.0 pppd now.. Is there an MPPE patch for it?? -- Joe On Tue, 30 Jan 2001, Justin Kreger wrote: > > You are supposto be running pppd 2.4.0 with kernel 2.4 > -----Original Message----- > From: Joey Coco > To: pptp-server at lists.schulte.org > Sent: 1/30/01 7:06 AM > Subject: [pptp-server] Problems when going to 2.4.0 > > > Hello, > > I've went to 2.4.0 on one of my box's to test it and it appears poptop > stopped working. > > I used the same .config file from my 2.2.17 sources, and then even tried > compiling in everything as resident code, not modules. > > I get an error 629: lost connection on win98 second edition, and the > following logs on the Linux side. > > I'm using pppd-2.3.11, and then OpenSSL patches. Is there a 2.4.0 > specific patch I forgot about?? : > > demo:/var/log# tail messages > Jan 30 21:50:00 demo -- MARK -- > Jan 30 22:10:00 demo -- MARK -- > Jan 30 22:22:20 demo in.telnetd[610]: connect from root at 216.20.16.60 > Jan 30 22:22:23 demo login[611]: `anesthes' logged in on `ttyp0' from > `cisdi.com' > Jan 30 22:22:29 demo su[618]: + ttyp0 anesthes-root > Jan 30 22:23:37 demo pptpd[626]: CTRL: Client 216.20.16.61 control > connection started > Jan 30 22:23:37 demo pptpd[626]: CTRL: Starting call (launching pppd, > opening GRE) > Jan 30 22:23:37 demo pppd[627]: pppd 2.3.11 started by anesthes, uid 0 > Jan 30 22:23:37 demo pppd[627]: Exit. > Jan 30 22:23:37 demo pptpd[626]: CTRL: Client 216.20.16.61 control > connection finished > demo:/var/log# > > demo:/var/log# tail syslog > Jan 30 11:48:18 demo pptpd[304]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jan 30 11:48:24 demo pppd[307]: ioctl(TIOCSETD): Invalid argument(22) > Jan 30 11:48:24 demo > pptpd[306]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY > failed: status = -1 error = Input/output error > Jan 30 11:48:24 demo pptpd[306]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jan 30 11:48:58 demo pppd[311]: ioctl(TIOCSETD): Invalid argument(22) > Jan 30 11:48:58 demo > pptpd[310]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY > failed: status = -1 error = Input/output error > Jan 30 11:48:58 demo pptpd[310]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jan 30 22:23:37 demo pppd[627]: ioctl(TIOCSETD): Invalid argument(22) > Jan 30 22:23:37 demo > pptpd[626]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY > failed: status = -1 error = Input/output error > Jan 30 22:23:37 demo pptpd[626]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > demo:/var/log# > > demo:/var/log# tail debug > Jan 30 22:23:37 demo pptpd[626]: CTRL: Made a OUT CALL RPLY packet > Jan 30 22:23:37 demo pptpd[626]: CTRL: pty_fd = 4 > Jan 30 22:23:37 demo pptpd[626]: CTRL: tty_fd = 5 > Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): Connection speed > = > 115200Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): local > address > = 10.200.1.254 > Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): remote address = > 10.200.1.1 > Jan 30 22:23:37 demo pptpd[626]: CTRL: I wrote 32 bytes to the client. > Jan 30 22:23:37 demo pptpd[626]: CTRL: Sent packet to client > Jan 30 22:23:37 demo pptpd[147]: MGR: Reaped child 626 > Jan 30 22:23:37 demo pptpd[626]: CTRL: Exiting now > demo:/var/log# > > demo:/var/log# uname -a > Linux demo 2.4.0 #10 Tue Jan 30 11:19:07 EST 2001 i586 unknown > demo:/var/log# pppd --version > pppd version 2.3.11 > > Oddly enough, when I build my kernel I get no modules at all, and I > would > think that I would at least get a bsd_comp.o module.. a make > modules_install absolutely freaks out with depmod. So I may have more > than one problem. > > Any help would be greatly appreciated... > > -- Joe > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ / "I'd like to think that everything is beautiful, and I'd like to think / \ that everything is fair. I'd like to think that everything is plentiful,\ / and i'd like to think that every body cares. We'd like to thank you.." / \ \ / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n / \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n c. From jvonau at home.com Tue Jan 30 18:17:47 2001 From: jvonau at home.com (Jerry Vonau) Date: Tue, 30 Jan 2001 18:17:47 -0600 Subject: [pptp-server] Outside Access References: <3A7748EB.A77A627B@comptekamherst.com> Message-ID: <3A7759AB.173C86CE@home.com> Robert: Who's access gets foobarred the client or server? Turn off "use default gateway on remote" if it is on the client. check the /etc/ppp/options file on the server for "defaultroute". Are you using a dialup? Need to know before I say what to change. Jerry Vonau Robert Dege wrote: > Just curious if this is regular or not. I have a machine that connects > to the internet. Can access everything just fine. I then make a PPTP > connection. *BOOM* I no longer have outside internet access until > after I disconnect from the PPTP server. > > The PPTP server has internet access (as well as the rest of the internal > network through a remote firewall). The PPTP server is NOT behind a > firewall. The DNS server that I serve the client upon connection > acknowledges the existence of outside IPs. > > Is this supposed to happen, or is something FOOBAR in my setup? > > -Rob > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From sclarke at neptune.tzo.cc Tue Jan 30 18:35:11 2001 From: sclarke at neptune.tzo.cc (Sean Clarke) Date: Tue, 30 Jan 2001 16:35:11 -0800 (PST) Subject: [pptp-server] Outside Access In-Reply-To: <3A7748EB.A77A627B@comptekamherst.com> Message-ID: remove the check from your connecting machine that says use default gateway on remote computer. That fixed it for me. On Tue, 30 Jan 2001, Robert Dege wrote: > > Just curious if this is regular or not. I have a machine that connects > to the internet. Can access everything just fine. I then make a PPTP > connection. *BOOM* I no longer have outside internet access until > after I disconnect from the PPTP server. > > The PPTP server has internet access (as well as the rest of the internal > network through a remote firewall). The PPTP server is NOT behind a > firewall. The DNS server that I serve the client upon connection > acknowledges the existence of outside IPs. > > Is this supposed to happen, or is something FOOBAR in my setup? > > -Rob > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From GeorgeV at citadelcomputer.com.au Tue Jan 30 18:38:31 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 31 Jan 2001 11:38:31 +1100 Subject: [pptp-server] Outside Access Message-ID: <200FAA488DE0D41194F10010B597610D080A5B@JUPITER> make sure you turn of the "Use remote default gateway" or something like that.. This is a windows machien right? thanks, George Vieira -----Original Message----- From: Robert Dege [mailto:rcd at amherst.com] Sent: Wednesday, January 31, 2001 10:06 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Outside Access Just curious if this is regular or not. I have a machine that connects to the internet. Can access everything just fine. I then make a PPTP connection. *BOOM* I no longer have outside internet access until after I disconnect from the PPTP server. The PPTP server has internet access (as well as the rest of the internal network through a remote firewall). The PPTP server is NOT behind a firewall. The DNS server that I serve the client upon connection acknowledges the existence of outside IPs. Is this supposed to happen, or is something FOOBAR in my setup? -Rob _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From GeorgeV at citadelcomputer.com.au Tue Jan 30 18:42:21 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 31 Jan 2001 11:42:21 +1100 Subject: [pptp-server] Samba not needed on pptp server - was Re: Can't Ping a Thing Message-ID: <200FAA488DE0D41194F10010B597610D080A5C@JUPITER> If the samba machine is on the PPTPD server then you do need it to browse for network neighbourhood to work but Samba MUST be the master browser for the domain/workgroup. Isn't IP forwarding still required for pinging to work on internel clients? Can you ping the PPTP server at least? thanks, George Vieira -----Original Message----- From: Lillian Kulhanek [mailto:Lillian.Kulhanek at energy.on.ca] Sent: Wednesday, January 31, 2001 9:40 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Samba not needed on pptp server - was Re: Can't Ping a Thing You don't need Samba on the pptp server itself to get pptp to work. I'm not even sure if it's good practice to have both running on the same machine, though at the moment I can't think of why not. (I agree with you that Samba is pretty cool. Have you looked at rsync - same author). -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of pptp-server-request at lists.schulte.org Sent: January 22, 2001 1:01 PM To: pptp-server at lists.schulte.org Subject: pptp-server digest, Vol 1 #98 - 1 msg Message: 1 From: Michael Ward To: "'pptp-server at lists.schulte.org'" Date: Sun, 21 Jan 2001 18:28:32 -0700 Subject: [pptp-server] Can't Ping a Thing Hey all - I installed redhat linux 7 last week for the first time. Until now I've only known windows. I'm the IT Manager for a company in Golden, CO and want to do vpn on a linux box instead of microsoft. I have searched archives of this mailing list and found several suggestions for fixing the problem I'm having.... Call me a little slow, but it ain't workin'! (more accurately, I'm not workin' it.) I've got pptp setup and working (I can connect with win98 clients) and have not setup encryption yet in an effort to keep it simple while I try to get basic functionality. I have setup Samba and have it running (though I'm not sure if it's required, different sources have pointed me in different directions). Samba is aware of my WINS server on my internal network (how cool is that? I bow down to Samba) I just read the ipchains how to. I've tried specifically allowing forwarding with a rule pulled from the PoPToP faq. The Problem (note capital P): I can not see (browse nor ping) from a connected win98 client *anything* on my network. I have a connection but can't play. Where's the fun? Questions: 1. What is the total equation to make this whole deal work (clients should be able to browse to resources on internal servers)? i.e. Is it pptpd + samba + ipchains? If these three are configured correctly am I set? Is there another piece of the puzzle? I've read about and tried messing around with default routes/routing tables to no avail. What's the skinny on the 'ideal setup', the basics that have to be there? 2. *If* I leave ipchains with *no rules* set up at all, the default policy (confirmed with ./ipchains -L) for all rules is ACCEPT. Should my box be forwarding all packets in this scenario? It doesn't, nor can I get it to forward packets to the private network by using rules pulled from the poptop faq. 3. Any specifics in implementing the 'ideal setup' are greatly appreciated. Anyone feeling really generous is invited to give my dumb ass a call. I'm sure I could learn a great deal in a few minutes of brain picking. Thank you all for your help (couldn't have gotten this far in a week without it). Michael Ward mward at gwtr.com (303) 215-1100 (m-f 9-5 mst) --__--__-- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! End of pptp-server Digest _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From ismandya at sains.com.my Tue Jan 30 18:55:03 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Wed, 31 Jan 2001 08:55:03 +0800 Subject: [pptp-server] http://www.vibres.com/pptpd/example.html References: Message-ID: <3A776267.7431F2C4@sains.com.my> Hi people, Need help. The following is the output from my unsuccesfful "LCP: timeout sending Config-Requests" problem. Inside the FAQ and as most everybody know, this problem is the result of the filtering of the firewall in front of the pptp server. I have contacted the administrator of the responsible networks, but they replied to me that that do not implement any form of firewall. Any tcpdump experts? [root at kgsnt3 log]# 08:50:19.578827 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: S 2688831:2688831(0) win 8192 (DF) 08:50:19.578860 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: S 1099368846:1099368846(0) ack 2688832 win 32696 (DF) 08:50:20.178507 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: . 1:1(0) ack 1 win 8576 (DF) 08:50:20.222345 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: P 1:157(156) ack 1 win 8576 (DF) 08:50:20.222386 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: . 1:1(0) ack 157 win 32540 (DF) 08:50:20.222662 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: P 1:157(156) ack 157 win 32696 (DF) 08:50:20.989570 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: P 157:325(168) ack 157 win 8420 (DF) 08:50:20.991593 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: P 157:189(32) ack 325 win 32696 (DF) 08:50:21.100517 > gre-proto-0x880B (gre encap) 08:50:21.782312 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: . 325:325(0) ack 189 win 8388 (DF) 08:50:24.101706 > gre-proto-0x880B (gre encap) 08:50:27.111721 > gre-proto-0x880B (gre encap) 08:50:30.121709 > gre-proto-0x880B (gre encap) 08:50:33.131739 > gre-proto-0x880B (gre encap) 08:50:36.141723 > gre-proto-0x880B (gre encap) 08:50:39.151677 > gre-proto-0x880B (gre encap) 08:50:42.161727 > gre-proto-0x880B (gre encap) 08:50:45.171691 > gre-proto-0x880B (gre encap) 08:50:48.181723 > gre-proto-0x880B (gre encap) 08:50:51.192280 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: F 189:189(0) ack 325 win 32696 (DF) 08:50:51.344126 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: P 325:341(16) ack 189 win 8388 (DF) 08:50:51.344169 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: R 1099369035:1099369035(0) win 0 08:50:51.459463 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: F 341:341(0) ack 190 win 8388 (DF) 08:50:51.459480 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: R 1099369036:1099369036(0) win 0 Jason Osborne wrote: > Have you checked to make sure that the cisco router isn't blocking > GRE packets? > > 7.3.9. Get "Sent [LCP ConfReq id=0x1 > > " > "...last message repeated 9 times" > "LCP: timeout sending Config-Requests" > errors in your log file > > This typically means the GRE data link is not making it from > your > client to your server, typically because of firewalls. > Remember > that pptpd requires both a control connection (TCP port > 1723) and > a data connection (GRE protocol = TCP/IP protocol 47). > Check all > of the firewalls between your two machines to make sure they > are > allowing both types of traffic to pass in both directions. > > Also, what type of connection do you have to the internet. I have ISDN > and was having the same problem and it turned out to not be my > firewall, but something else. Also, turn all on the debugging you can > and post up a session so we can take a look at it. Thanks, Jason.A > link you might find usefully: > http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > Ismandy Ali > Sent: Monday, January 29, 2001 10:13 PM > To: phil at vibrationresearch.com; > pptp-server at lists.schulte.org > Subject: [pptp-server] > http://www.vibres.com/pptpd/example.html > > Hi there, > > I have followed the exampled inside the > http://www.vibres.com/pptpd/example.html, of course with > some parameter changes. but still I got the same problem. > "LCP: timeout sending Config-Requests ". > > I have browse every postings inside the mailing-list > > I thought that maybe I did something wrong during any of > the steps. so I decided to delete all the files, reinstall > all the applications/patches and rebuild the kernel - twice. > > I have been doing this since last two weeks(this week > makes it three weeks), but I did n't get any positive > outcome . I am not behind any firewall, the least is our > router configured not to "SMURF". Attached is my > /etc/ppp/options and cisco router configuration. I have my > windows 's box VPN updated. > > i am using linux redhat 6.2 and kernel 2.2.17. > > debug > name kgsnt3 > mru 1450 > mtu 1450 > auth > require-chap > proxyarp > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > 202.184.155.1: > > smurf configuration on cisco router: > Filter from internet > tcp port 137 > tcp port netbios-ns > tcp port 139 > udp service netbios-dgm > udp service 139 > udp service 138 > icmp service unreachable (deny to network address) > icmp service echo (deny to network address) > _______________________________________________ pptp-server > maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server List > services provided by www.schulteconsulting.com! > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jvonau at home.com Tue Jan 30 20:03:57 2001 From: jvonau at home.com (Jerry Vonau) Date: Tue, 30 Jan 2001 20:03:57 -0600 Subject: [pptp-server] Can't Ping a Thing References: Message-ID: <3A77728D.3AB0958C@home.com> Michael: If you a wins server on the network then use it, add: ms-wins xxx.xxx.xxx.xxx to your options file for the vpn. Michael Ward wrote: > Good news to report - > > Thanks to all the help from this group I now can ping (and therefore have > access to) resources on my private network from remotely connected pptp > clients. > > I've seen that other folks are having the same trouble so I'm going to tell > you what is in place to make my connection work. It's basically a > compilation of replies from contributors to this list. I will not be > detailed, being a beginner with all this, but I think it will be helpful for > other beginners. > > 1. I've got the ppptp daemon running (per how-to at poptop.lineo.com, > including pptpd.conf and chap-secrets) > 2. Win98 client configured - tcp/ip properties are set to let server assign > ip address > 3. ipforwarding enabled in linux kernel (it was enabled by default on my > redhat 7.0 box) > To check if IP_FORWARDING is currently enabled, type (as root): > cat /proc/sys/net/ipv4/ip_forward > If it returns 0, then IP_FORWARDING is disabled. > To enable IP_FORWARDING (without re-booting), type (as root): > echo "1" >/proc/sys/net/ipv4/ip_forward > To ensure that IP_FORWARDING will be enabled at system boot-up, > edit: > /etc/sysconfig/network > and ensure that the FORWARD_IPV4 variable is set to "yes". > 4. PPTP server's LAN Ethernet interface *MUST* be known as the proxy arp > check /var/log/messaging for a proxyarp entry. > check /etc/ppp/options add proxyarp if missing > (see Steve Cowles post, 1/23/01) > 5. IPChains - I have *No* rules setup in my ipchains and my connection works > perfectly. This is because, in the absence rules, the built-in chains > (input, output & forward) use their respective 'policy' to decide the fate > of any packet. The default policy for all chains is ACCEPT, therefore all > packets are accepted. This is obviously not a secure state to leave your > server in. I personally like to get new services like pptp running without > complication, then add things like encryption and ipchains one at a time to > ease resolution of problems that may occur. > 6. Samba - While trying to figure out how to fix my lack of ping problem it > was suggested to me that Samba would help me out. It turns out that Samba > is not required at all for pptp clients to access resources on my private > network > 7. Default route - This also is not required > > In my configuration clients are assigned addresses from the same subnet as > my private network. > > BTW - If anyone cares to know, here's what was wrong with my setup that > prevented me from pinging private network resources from a connected pptp > client (if I was the type to get embarrassed this would do it).... > > I had initially configured my win98 client to use a particular IP address, > instead of letting the server assign it. I guess I was thinking I'd know > exactly what IP address I should be able to ping when it connected. This > was before I understood that an address would be assigned from the > pptpd.conf file. The first 'localip' address available (per my pptpd.conf > file) was the exact same ip address that I had statically assigned to my > remote win98 client (see where we're going here?) so.... > > As I followed through on the many suggestions I received from this list, it > turned into a process of elimination. i.e. ipforwarding was indeed enabled > on my box, proxyarp was in my /etc/ppp/options file. So as I went through > suggestions I eliminated them as the potential problem UNTIL - I checked > /var/log/messages and saw that both ends of my tunnel had the same ip > address. I reconfigured my win98 client to let the server assign an address > and that was it. Lesson learned. > > ************************** > Michael Ward > Global Water Technologies, Inc. > email: mward at gwtr.com > (303) 215-1100 > ************************** > > -----Original Message----- > From: Jerry Vonau [mailto:jvonau at home.com] > Sent: Tuesday, January 23, 2001 5:44 PM > To: Michael Ward > Subject: Re: [pptp-server] Can't Ping a Thing > > Hows the battle going?? > > Jerry > > Jerry Vonau wrote: > > > Michael: > > check /var/log/messaging for a proxyarp entry. > > check /etc/ppp/options add proxyarp if missing. > > Are you using the same network addressing on the > > remote client as on the lan? How about some snips? > > > > Jerry Vonau > > > > Michael Ward wrote: > > > > > Hey all - > > > I installed redhat linux 7 last week for the first time. Until now I've > > > only known windows. I'm the IT Manager for a company in Golden, CO and > want > > > to do vpn on a linux box instead of microsoft. > > > > > > I have searched archives of this mailing list and found several > suggestions > > > for fixing the problem I'm having.... Call me a little slow, but it > ain't > > > workin'! (more accurately, I'm not workin' it.) > > > > > > I've got pptp setup and working (I can connect with win98 clients) and > have > > > not setup encryption yet in an effort to keep it simple while I try to > get > > > basic functionality. > > > > > > I have setup Samba and have it running (though I'm not sure if it's > > > required, different sources have pointed me in different directions). > Samba > > > is aware of my WINS server on my internal network (how cool is that? I > bow > > > down to Samba) > > > > > > I just read the ipchains how to. I've tried specifically allowing > > > forwarding with a rule pulled from the PoPToP faq. > > > > > > The Problem (note capital P): I can not see (browse nor ping) from a > > > connected win98 client *anything* on my network. I have a connection > but > > > can't play. Where's the fun? > > > > > > Questions: > > > 1. What is the total equation to make this whole deal work (clients > should > > > be able to browse to resources on internal servers)? i.e. Is it pptpd + > > > samba + ipchains? If these three are configured correctly am I set? Is > > > there another piece of the puzzle? I've read about and tried messing > around > > > with default routes/routing tables to no avail. What's the skinny on > the > > > 'ideal setup', the basics that have to be there? > > > > > > 2. *If* I leave ipchains with *no rules* set up at all, the default > policy > > > (confirmed with ./ipchains -L) for all rules is ACCEPT. Should my box > be > > > forwarding all packets in this scenario? It doesn't, nor can I get it > to > > > forward packets to the private network by using rules pulled from the > poptop > > > faq. > > > > > > 3. Any specifics in implementing the 'ideal setup' are greatly > appreciated. > > > > > > Anyone feeling really generous is invited to give my dumb ass a call. > I'm > > > sure I could learn a great deal in a few minutes of brain picking. > > > > > > Thank you all for your help (couldn't have gotten this far in a week > without > > > it). > > > > > > Michael Ward > > > mward at gwtr.com > > > (303) 215-1100 (m-f 9-5 mst) > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jkreger at avidsolutionsinc.com Wed Jan 31 04:19:11 2001 From: jkreger at avidsolutionsinc.com (Justin Kreger) Date: Wed, 31 Jan 2001 05:19:11 -0500 Subject: [pptp-server] Problems when going to 2.4.0 Message-ID: <6B8A85826C35D31193BD0090278589C81DEFCD@CIC-EXCHANGE> Nope, not at this point... I was thinking of starting one sometime this week or next week... -LW -----Original Message----- From: Joey Coco To: Justin Kreger Cc: 'pptp-server at lists.schulte.org ' Sent: 1/30/01 4:41 PM Subject: RE: [pptp-server] Problems when going to 2.4.0 Hello, Okie we've got 2.4.0 pppd now.. Is there an MPPE patch for it?? -- Joe On Tue, 30 Jan 2001, Justin Kreger wrote: > > You are supposto be running pppd 2.4.0 with kernel 2.4 > -----Original Message----- > From: Joey Coco > To: pptp-server at lists.schulte.org > Sent: 1/30/01 7:06 AM > Subject: [pptp-server] Problems when going to 2.4.0 > > > Hello, > > I've went to 2.4.0 on one of my box's to test it and it appears poptop > stopped working. > > I used the same .config file from my 2.2.17 sources, and then even tried > compiling in everything as resident code, not modules. > > I get an error 629: lost connection on win98 second edition, and the > following logs on the Linux side. > > I'm using pppd-2.3.11, and then OpenSSL patches. Is there a 2.4.0 > specific patch I forgot about?? : > > demo:/var/log# tail messages > Jan 30 21:50:00 demo -- MARK -- > Jan 30 22:10:00 demo -- MARK -- > Jan 30 22:22:20 demo in.telnetd[610]: connect from root at 216.20.16.60 > Jan 30 22:22:23 demo login[611]: `anesthes' logged in on `ttyp0' from > `cisdi.com' > Jan 30 22:22:29 demo su[618]: + ttyp0 anesthes-root > Jan 30 22:23:37 demo pptpd[626]: CTRL: Client 216.20.16.61 control > connection started > Jan 30 22:23:37 demo pptpd[626]: CTRL: Starting call (launching pppd, > opening GRE) > Jan 30 22:23:37 demo pppd[627]: pppd 2.3.11 started by anesthes, uid 0 > Jan 30 22:23:37 demo pppd[627]: Exit. > Jan 30 22:23:37 demo pptpd[626]: CTRL: Client 216.20.16.61 control > connection finished > demo:/var/log# > > demo:/var/log# tail syslog > Jan 30 11:48:18 demo pptpd[304]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jan 30 11:48:24 demo pppd[307]: ioctl(TIOCSETD): Invalid argument(22) > Jan 30 11:48:24 demo > pptpd[306]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY > failed: status = -1 error = Input/output error > Jan 30 11:48:24 demo pptpd[306]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jan 30 11:48:58 demo pppd[311]: ioctl(TIOCSETD): Invalid argument(22) > Jan 30 11:48:58 demo > pptpd[310]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY > failed: status = -1 error = Input/output error > Jan 30 11:48:58 demo pptpd[310]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jan 30 22:23:37 demo pppd[627]: ioctl(TIOCSETD): Invalid argument(22) > Jan 30 22:23:37 demo > pptpd[626]: GRE: read(fd=4,buffer=804d780,len=8196) from PTY > failed: status = -1 error = Input/output error > Jan 30 22:23:37 demo pptpd[626]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > demo:/var/log# > > demo:/var/log# tail debug > Jan 30 22:23:37 demo pptpd[626]: CTRL: Made a OUT CALL RPLY packet > Jan 30 22:23:37 demo pptpd[626]: CTRL: pty_fd = 4 > Jan 30 22:23:37 demo pptpd[626]: CTRL: tty_fd = 5 > Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): Connection speed > = > 115200Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): local > address > = 10.200.1.254 > Jan 30 22:23:37 demo pptpd[627]: CTRL (PPPD Launcher): remote address = > 10.200.1.1 > Jan 30 22:23:37 demo pptpd[626]: CTRL: I wrote 32 bytes to the client. > Jan 30 22:23:37 demo pptpd[626]: CTRL: Sent packet to client > Jan 30 22:23:37 demo pptpd[147]: MGR: Reaped child 626 > Jan 30 22:23:37 demo pptpd[626]: CTRL: Exiting now > demo:/var/log# > > demo:/var/log# uname -a > Linux demo 2.4.0 #10 Tue Jan 30 11:19:07 EST 2001 i586 unknown > demo:/var/log# pppd --version > pppd version 2.3.11 > > Oddly enough, when I build my kernel I get no modules at all, and I > would > think that I would at least get a bsd_comp.o module.. a make > modules_install absolutely freaks out with depmod. So I may have more > than one problem. > > Any help would be greatly appreciated... > > -- Joe > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ /\ / "I'd like to think that everything is beautiful, and I'd like to think / \ that everything is fair. I'd like to think that everything is plentiful,\ / and i'd like to think that every body cares. We'd like to thank you.." / \ \ / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n / \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ \/ C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n c. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From rcd at amherst.com Wed Jan 31 09:17:12 2001 From: rcd at amherst.com (Robert Dege) Date: Wed, 31 Jan 2001 10:17:12 -0500 Subject: [pptp-server] Outside Access References: Message-ID: <3A782C77.68450043@comptekamherst.com> Thanks for the overwhelming responses. It worked like a charm. Damn that hidden option! -Rob > remove the check from your connecting machine that says use default > gateway on remote computer. > > That fixed it for me. > > On Tue, 30 Jan 2001, Robert Dege wrote: > > > > > Just curious if this is regular or not. I have a machine that connects > > to the internet. Can access everything just fine. I then make a PPTP > > connection. *BOOM* I no longer have outside internet access until > > after I disconnect from the PPTP server. > > > > The PPTP server has internet access (as well as the rest of the internal > > network through a remote firewall). The PPTP server is NOT behind a > > firewall. The DNS server that I serve the client upon connection > > acknowledges the existence of outside IPs. > > > > Is this supposed to happen, or is something FOOBAR in my setup? From vgill at technologist.com Wed Jan 31 20:51:18 2001 From: vgill at technologist.com (Gill, Vern) Date: Wed, 31 Jan 2001 18:51:18 -0800 Subject: [pptp-server] kernel and ppp 2.4 Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C17@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Anyone here got this working yet? I need the following patches; ms-domain strip smbpasswd require mppe mppe mppe-stateless and maybe also ldap Anyone got this working, or know HOW to get it working? I would really like to move to kernel-2.4/ppp-2.4/netfilter, but without these patches working, I can't... I have already contacted the author of the smbpasswd patch to see of he has ported, or plans to, but I have not received any responses as of yet. Thanks From ajennamo at uncc.edu Wed Jan 31 22:45:16 2001 From: ajennamo at uncc.edu (Andy Ennamorato) Date: Wed, 31 Jan 2001 23:45:16 -0500 (EST) Subject: [pptp-server] Problems logging into PopTop. Message-ID: Howdy... After having installed a couple weeks ago, I'm still struggling to have a machine connect to my PoPTop server. I'm using RedHat 6.2, kernel 2.2.14 and PopTop 1.1.2 and pppd 2.3.11. The poptop software IS running on the firewall, and every time I've tested, I've enabled all packets (i.e. IPCHAINS -P INPUT ACCEPT, OUTPUT ACCEPT) so that "shouldn't" be blocking anything. I've attempted to connect in two different ways - the first time, from a Win98 machine behind the firewall (using the 192.168.x.x IP class). When I connect to the internal interface (in this case, eth1), the Win98 box connects temporarily - it seems to authenticate - but then immediately drops the connection. Here's a snippet of the log file when this happens (I can post the complete log if needed): ... (pptpd.log) ... Jan 25 18:47:15 yoyodyne pptpd[19937]: CTRL (PPPD Launcher): local address = 192.168.1.80 Jan 25 18:47:15 yoyodyne pptpd[19937]: CTRL (PPPD Launcher): remote address = 192.168.1.70 Jan 25 18:47:15 yoyodyne pptpd[19936]: CTRL: I wrote 32 bytes to the client. Jan 25 18:47:15 yoyodyne pptpd[19936]: CTRL: Sent packet to client Jan 25 18:47:16 yoyodyne pppd[19937]: pppd 2.3.11 started by root, uid 0 Jan 25 18:47:16 yoyodyne pppd[19937]: Using interface ppp1 Jan 25 18:47:16 yoyodyne pppd[19937]: Connect: ppp1 <--> /dev/pts/1 Jan 25 18:47:16 yoyodyne pptpd[19936]: Buffering out-of-order packet; got 1 after 4294967295 Jan 25 18:47:16 yoyodyne pptpd[19936]: Packet reorder timeout waiting for 0 Jan 25 18:47:16 yoyodyne pptpd[19936]: Buffering out-of-order packet; got 2 after 0 Jan 25 18:47:16 yoyodyne pppd[19937]: Peer is not authorized to use remote address 192.168.1.70 Jan 25 18:47:16 yoyodyne pppd[19937]: CCP terminated by peer Jan 25 18:47:16 yoyodyne pppd[19937]: Compression disabled by peer. Jan 25 18:47:16 yoyodyne pppd[19937]: Connection terminated. Jan 25 18:47:16 yoyodyne pppd[19937]: Connect time 0.0 minutes. Jan 25 18:47:16 yoyodyne pppd[19937]: Sent 334 bytes, received 346 bytes. Jan 25 18:47:16 yoyodyne pppd[19937]: Exit. Jan 25 18:47:16 yoyodyne pptpd[19936]: Error reading from pppd: Input/output error Jan 25 18:47:16 yoyodyne pptpd[19936]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4) Jan 25 18:47:16 yoyodyne pptpd[19936]: CTRL: Client 192.168.0.2 control connection finished Recently, I tried to have someone connect from a Windows ME machine, and something similar happens on the client side. They were able to connect/authenticate, but again, the connection is immediately disconnected. Here's the log for that: ... pptpd.log ... Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Client 216.67.54.235 control connection started Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Received PPTP Control Message (type: 1) Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Made a START CTRL CONN RPLY packet Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: I wrote 156 bytes to the client. Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Sent packet to client Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Received PPTP Control Message (type: 7) Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Made a OUT CALL RPLY packet Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Starting call (launching pppd, opening GRE) Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: pty_fd = 4 Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: tty_fd = 5 Jan 25 19:02:33 yoyodyne pptpd[19976]: CTRL (PPPD Launcher): Connection speed = 115200 Jan 25 19:02:33 yoyodyne pptpd[19976]: CTRL (PPPD Launcher): local address = 192.168.1.80 Jan 25 19:02:33 yoyodyne pptpd[19976]: CTRL (PPPD Launcher): remote address = 192.168.1.70 Jan 25 19:02:33 yoyodyne pppd[19976]: pppd 2.3.11 started by root, uid 0 Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: I wrote 32 bytes to the client. Jan 25 19:02:33 yoyodyne pptpd[19975]: CTRL: Sent packet to client Jan 25 19:02:33 yoyodyne pppd[19976]: Using interface ppp1 Jan 25 19:02:33 yoyodyne pppd[19976]: Connect: ppp1 <--> /dev/pts/1 Jan 25 19:03:03 yoyodyne pppd[19976]: LCP: timeout sending Config-Requests Jan 25 19:03:03 yoyodyne pppd[19976]: Connection terminated. Jan 25 19:03:03 yoyodyne pppd[19976]: Exit. Jan 25 19:03:03 yoyodyne pptpd[19975]: Error reading from pppd: Input/output error Jan 25 19:03:03 yoyodyne pptpd[19975]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4) Jan 25 19:03:03 yoyodyne pptpd[19975]: CTRL: Client 216.67.54.235 control connection finished Jan 25 19:03:03 yoyodyne pptpd[19975]: CTRL: Exiting now Jan 25 19:03:03 yoyodyne pptpd[19925]: MGR: Reaped child 19975 Here's a copy of my options.pptpd file: lock debug proxyarp auth +chap Here's chap-secrets: # Secrets for authentication using CHAP # client server secret IP addresses noauth guest * xxxxx * andy * xxxx * "anjoju" * "xxxxx" Here's my pptpd.conf: speed 115200 /etc/ppp/options.pptp debug localip 192.168.1.80-89 remoteip 192.168.1.70-79 Additionally, here's the /var/log/messages file from the client connection attempt from "inside" my massive 2 computer LAN: Jan 25 18:47:15 yoyodyne pptpd[19936]: CTRL: Client 192.168.0.2 control connection started Jan 25 18:47:15 yoyodyne pptpd[19936]: CTRL: Starting call (launching pppd, opening GRE) Jan 25 18:47:16 yoyodyne pppd[19937]: pppd 2.3.11 started by root, uid 0 Jan 25 18:47:16 yoyodyne kernel: registered device ppp1 Jan 25 18:47:16 yoyodyne pppd[19937]: Using interface ppp1 Jan 25 18:47:16 yoyodyne pppd[19937]: Connect: ppp1 <--> /dev/pts/1 Jan 25 18:47:16 yoyodyne pptpd[19936]: Buffering out-of-order packet; got 1 after 4294967295 Jan 25 18:47:16 yoyodyne pptpd[19936]: Packet reorder timeout waiting for 0 Jan 25 18:47:16 yoyodyne pptpd[19936]: Buffering out-of-order packet; got 2 after 0 Jan 25 18:47:16 yoyodyne kernel: PPP BSD Compression module registered Jan 25 18:47:16 yoyodyne kernel: PPP Deflate Compression module registered Jan 25 18:47:16 yoyodyne pppd[19937]: Peer is not authorized to use remote address 192.168.1.70 Jan 25 18:47:16 yoyodyne pppd[19937]: CCP terminated by peer Jan 25 18:47:16 yoyodyne pppd[19937]: Compression disabled by peer. Jan 25 18:47:16 yoyodyne pppd[19937]: Connection terminated. Jan 25 18:47:16 yoyodyne pppd[19937]: Connect time 0.0 minutes. Jan 25 18:47:16 yoyodyne pppd[19937]: Sent 334 bytes, received 346 bytes. Jan 25 18:47:16 yoyodyne pppd[19937]: Exit. Jan 25 18:47:16 yoyodyne pptpd[19936]: Error reading from pppd: Input/output error Jan 25 18:47:16 yoyodyne pptpd[19936]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4) Jan 25 18:47:16 yoyodyne pptpd[19936]: CTRL: Client 192.168.0.2 control connection finished Does anyone have any ideas on what to try? I'm working on this as a senior project, and need to get this "home" configuration running before I try to implement it on our campus' network. Thanks to those that have already given me suggestions... Andy Ennamorato NCO CLT Help Desk aennam at us.ibm.com http://w3.ibm.com/help