[pptp-server] I don't understand anything ! :-)
Jason Osborne
rage at sohonetworks.cc
Fri Jan 12 03:27:03 CST 2001
Ok, here is my setup. I have a system running redhat 7.0, kernel 2.2.17,
pppd-2.3.11, and pptpd-1.1.2. I used the following site to setup my system
and I have not really changed any of the configuration info.
http://www.vibrationresearch.com/pptpd/example.html
Anyway, I used the above setup on my home Linux box running through DSL and
it works great. I have not had any errors at all. However, with the ISDN
connection, I see ppp sending packets, but then it freezes for 30 seconds
and then drops the connection. I have included my error log below.
As far as whether you are using the right pppd daemon or not is not an
issue. What pptpd does is make use of pppd to make a connection whether it
be over tcp/ip, ethernet, or serial line (which is ppp or slip. i.e. dialup,
isdn). What is does is discipline the line to send packets over it. From
what I have seen, the reason the vpn is not working with the 128k isdn line
is when the client (win98 box) sends packets to the vpn server, it gets
separated when it goes through the two channels of the isdn line.
Supposedly, pptpd 1.1.2 is suppose to take the packets and perform a
reordering scheme on them. From what I understand, this is implemented in
1.1.2, but also, from what I have seen, it does not work. Other than this
possible problem, I do not see any other possibilities or issues related to
the use of pptpd over an ISDN line.
Looks like this might possibly be something we have on to be implemented
into the pptpd software. Wish I could code because I could save my self from
going through a lot of bitching.
_________ _________ ____________ __________
| Win98 | LAN | Linux | ISDN ( ) ADSL | Win98 |
| boxes |=====| Box |========( Internet }========| Laptop |
|_______| |_______|++++++++(__________)++++++++|________|
a) b) VPN VPN c)
a) Win98 boxes are on the 192.168.0.0 subnet. They use the Linux server to
access the net and share files through samba.
b) Linux box has the ip 192.168.0.1. It runs redhat 7 running on kernel
2.2.17, pppd 2.3.11, and pptpd 1.1.2. The setup came straight from
http://www.vibrationresearch.com/pptpd/example.html.
==> /sbin/route <==
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
204.181.200.7 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.1 * 255.255.255.255 UH 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 204.181.200.7 0.0.0.0 UG 0 0 0 ppp0
==> /sbin/ifconfig <==
eth0 Link encap:Ethernet HWaddr 52:54:05:F0:25:90
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:296319 errors:0 dropped:0 overruns:0 frame:2
TX packets:254796 errors:0 dropped:0 overruns:0 carrier:0
collisions:115 txqueuelen:100
Interrupt:9 Base address:0xfce0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:91 errors:0 dropped:0 overruns:0 frame:0
TX packets:91 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
ppp0 Link encap:Point-to-Point Protocol
inet addr:204.181.201.153 P-t-P:204.181.200.7
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:4838 errors:0 dropped:0 overruns:0 frame:0
TX packets:4469 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
==> /var/log/messages <==
Jan 11 19:48:56 legacycarpets pptpd[31530]: CTRL: Client 4.40.159.70 control
connection started
Jan 11 19:48:57 legacycarpets pptpd[31530]: CTRL: Starting call (launching
pppd, opening GRE)
Jan 11 19:48:57 legacycarpets pppd[31531]: pppd 2.3.11 started by root, uid
0
Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set dbg flags to 70000
Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set flags to 70000
Jan 11 19:48:57 legacycarpets pppd[31531]: Using interface ppp1
Jan 11 19:48:57 legacycarpets pppd[31531]: Connect: ppp1 <--> /dev/pts/1
Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set xasyncmap
Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set xmit asyncmap
ffffffff
Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set flags to 70000
Jan 11 19:48:57 legacycarpets kernel: ppp_ioctl: set mru to 5dc
Jan 11 19:48:57 legacycarpets kernel: ppp_tty_ioctl: set rcv asyncmap
ffffffff
Jan 11 19:49:27 legacycarpets kernel: ppp: channel ppp1 closing.
Jan 11 19:49:27 legacycarpets pppd[31531]: LCP: timeout sending
Config-Requests
Jan 11 19:49:27 legacycarpets pppd[31531]: Connection terminated.
Jan 11 19:49:27 legacycarpets pppd[31531]: Modem hangup
Jan 11 19:49:27 legacycarpets pppd[31531]: Exit.
Jan 11 19:49:32 legacycarpets pptpd[31530]: GRE: read error: Bad file
descriptor
Jan 11 19:49:32 legacycarpets pptpd[31530]: CTRL: PTY read or GRE write
failed (pty,gre)=(-1,-1)
Jan 11 19:49:32 legacycarpets pptpd[31530]: CTRL: Client 4.40.159.70 control
connection finished
==> /etc/pptpd.conf <==
# PoPToP configuration file
# TAG: speed
speed 115200
# TAG: option
option /etc/ppp/options.vpn
# TAG: debug
debug
# TAG: localip
localip 192.168.0.200-225
# TAG: remoteip
remoteip 192.168.0.226-251
# TAG: ipxnets
ipxnets 00001000-00001FFF
# TAG: listen
#listen 192.168.0.1
# TAG: pidfile
pidfile /var/run/pptpd.pid
==> /etc/ppp/options.vpn <==
lock
asyncmap 20A0000
debug
kdebug 7
name server
auth
mru 1450
mtu 1450
require-chap
+chap
proxyarp
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
==> /etc/ppp/ip-up <==
#!/bin/sh
INTERNAL_DEV="eth0"
INTERNAL_NET="192.168.0.0/24"
INTERNAL_IP=$4
EXTERNAL_DEV=$1
EXTERNAL_NET="192.168.0.0/24"
EXTERNAL_IP=$5
HW_ADDRESS="52:54:05:F0:25:90"
case $2
in
/dev/pts/*)
/sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i
$INTERNAL_DEV
/sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i
$EXTERNAL_DEV
/sbin/ipchains --insert input -i $EXTERNAL_DEV -s
$INTERNAL_NET -j ACCEPT
/sbin/ipchains --insert output -i $EXTERNAL_DEV -d
$INTERNAL_NET -j ACCEPT
# Logging
echo
date > /var/run/ppp.up
echo "Connection started on " $2 >> /var/run/ppp.up
echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up
echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up
/sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >>
/var/run/ppp.up
echo "$(date): ip-up External Device: $1 TTY: $2 Speed: $3
Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log
echo "$(date): ip-up Firewall rules set for
$EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log
;;
esac
==> /etc/ppp/chap-secrets <==
# Secrets for authentication using CHAP
# client server secret IP addresses
"rage" * "ditto" *
"tony" * "ditto" *
"ernie" * "ditto" *
"chris" * "ditto" *
"terry" * "ditto" *
"darin" * "ditto"
speed 115200
debug
localip 192.168.0.200-225
remoteip 192.168.1.226-251
# Dialup Info
iwells * automan1
==> /etc/modules.conf <==
alias eth0 ne2k-pci
alias parport_lowlevel parport_pc
alias usb-controller usb-uhci
alias char-major-108 off
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
==> /etc/rc.d/init.d/firewall <==
# Input ipchain rules
/sbin/ipchains -P input DENY
/sbin/ipchains -A input -j ACCEPT -i lo
/sbin/ipchains -A input -j ACCEPT -i eth0
/sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i ppp0
/sbin/ipchains -A input -j ACCEPT -p udp -i ppp0
/sbin/ipchains -A input -j DENY -l -i ppp0 -s 192.168.0.0/16
/sbin/ipchains -A input -j DENY -p tcp -i ppp0 -s 0/0 1024:65535 -d 0/0 139
/sbin/ipchains -A input -j DENY -p udp -i ppp0 -s 0/0 1024:65535 -d 0/0 139
/sbin/ipchains -A input -j ACCEPT -i ppp0
/sbin/ipchains -A input -j ACCEPT -p 47
# Output ipchains rules
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1503 -d 0/0
/sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1503 -d 0/0
/sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1720 -d 0/0
/sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1720 -d 0/0
/sbin/ipchains -A output -j ACCEPT -p tcp -s 192.168.0.0/16 1731 -d 0/0
/sbin/ipchains -A output -j ACCEPT -p udp -s 192.168.0.0/16 1731 -d 0/0
/sbin/ipchains -A output -j ACCEPT -p 47
# Forward ipchain rules
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j
MASQ
/sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j
MASQ
/sbin/ipchains -A forward -p 1723 -s 192.168.0.0/24 -d 0.0.0.0/0 -j ACCEPT
;;
stop)
/sbin/ipchains -F
/sbin/ipchains -X
;;
restart)
$0 stop
$0 start
;;
status)
/sbin/ipchains -L -v
;;
*)
echo "Usage: firewall {start|stop|restart|status}"
exit 1
esac
exit 0
==> options <==
lock
modem
crtscts
asyncmap 20A0000
noipdefault
defaultroute
debug
user lcarpet
noauth
nodetach
-----Original Message-----
From: Javier Cuevas [mailto:jcd at arrakis.es]
Sent: Friday, January 12, 2001 2:41 AM
To: Jason Osborne; pptp mailing list
Subject: Re: [pptp-server] I don't understand anything ! :-)
Jason Osborne wrote:
> Thank you Javier. I have been having this problem for five months
and no
> one ever even notices that I am also trying to do it over a ISDN
connection.
>
Oh ! I'm not alone ;-) I'm not sure to be a good thing ;-)
Well, being serius. I think our problem could be in a intermediate router
that lost
some GRE packets, but I'm not sure... How I can read in some posted messages
at
this mainling list, some routers can found some problems managing this kind
of
packets. But really I'm not sure abut this. I you read my first message, you
can
read a detailed log activity abaut a pptp conexion (you can see the
traffic), and
we can see that some packets lost when ppp brought up.
It's too dificult to me to understand what is happend from this activity
logs....
Another idea abaut I was thinking is that ISDN ppp can't manage some kind
of
packets
that pptp and thet tunnel ppp need.
What's the real answer ?
Thanks,
Javier Cuevas
More information about the pptp-server
mailing list