[pptp-server] I don't understand anything ! :-) New info..anyone care to decipher?
Jason Osborne
rage at sohonetworks.cc
Sun Jan 14 09:27:57 CST 2001
First off, there are no routers. The Linux box acts as the router with its
firewall. I believe that the firewall could be a likely possibility from
what I have read, but I'm not sure why it would be having problems since I
made sure I added addition rules to forward 47 and 1723.
As far as a GRE traceroute, I am unfamiliar with such a test. If you could,
please reply back with the command to perform traceroute on 1723. It would
be most appreciated. Finally, I unfortunately cannot get my hands on a copy
of windows 2k server at this time.
-----Original Message-----
From: David Moylan [mailto:djm at wiz.net.au]
Sent: Sunday, January 14, 2001 6:05 AM
To: Jason Osborne
Subject: Re: [pptp-server] I don't understand anything ! :-) New
info..anyone care to decipher?
what about the routers? what are they?
have you done a GRE traceroute or used the pptp ping utilities
from the win2000 server cd to see if the routers themselves are
blocking out GRE or 1723?
cheers, Wiz!!
----- Original Message -----
From: "Jason Osborne" <rage at sohonetworks.cc>
To: "George Vieira" <GeorgeV at citadelcomputer.com.au>;
<pptp-server at lists.schulte.org>
Sent: Sunday, January 14, 2001 9:35 PM
Subject: RE: [pptp-server] I don't understand anything ! :-) New
info..anyone care to decipher?
> Ok, I have been playing with the VPN trying to figure out exactly what is
> wrong with it. This is unfortunately an extensive email, but, maybe we can
> all come to a conclusion for ISDN users. For those of you who don't want
to
> read all this, here is a simple breakdown of the problem. This error is
> reported when connecting to the isdn server. You must understand that the
> configs are literal setup the same way on both systems.
>
> pppd[19652]: Connect: ppp1 <--> /dev/pts/1
> pppd[19652]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x20a0000>
<auth
> chap 81> <magic 0x49ad0472> <pcomp> <accomp>]
> pppd[19652]: Timeout 0x8050394:0x8078480 in 3 seconds.
> #### The above two lines were repeated and addition nine times ####
> pptpd[19651]: CTRL: Received PPTP Control Message (type: 12)
> pptpd[19651]: CTRL: Made a CALL DISCONNECT RPLY packet
> pptpd[19651]: CTRL: Received CALL CLR request (closing call)
> pptpd[19651]: CTRL: I wrote 148 bytes to the client.
> pptpd[19651]: CTRL: Sent packet to client
> pppd[19652]: Modem hangup
> pppd[19652]: Untimeout 0x8050394:0x8078480.
> pppd[19652]: Connection terminated.
>
> I have also noticed that the VPN client (in win98) is reporting the error
> 650. According to http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt
this
> means:
>
> 7.2.3. Error 650: The Remote Access server is not responding.
> Possible causes:
> - There is a problem with packets getting through
> Possible solutions:
> - Check firewalls between you and server.
> Make sure all can pass protocol 47 (GRE) and tcp port 1723.
> According to this prognosis, is the firewall for the office an issue. I
have
> included the firewall script from the office toward the bottom of this
> email. If anyone can help it would be much appreciated. I bet you will
> answer more than just my question. In advance, thanks for all your help.
>
> Here is the setup.
> --------------------------------------------------------------------------
--
> ----------------------------------------
> Location: Home
> Connection: DSL
> Kernel: Linux-2.2.17
> PPP Daemon: PPPd-2.3.11
> PopTop Server: PPTPd-1.1.2
> Patches: ppp_mppe_compressed_data_fix.diff,
> ppp-2.3.11-openssl-0.9.5-mppe.patch., and if_ppp_2.2.17.diff
> PopTop Config files and logs: Attached below.
> Ethernet:
> - eth0: ethernet connected to LAN. ip: 192.168.0.1 a.k.a.
meridian.soholan
> - eth1: ethernet connected to dsl. ip: 4.40.159.70 a.k.a.
> meridian.sohonetworks.cc
> Other boxes, hubs, etc.:
> - Windows NT 4.0 Terminal Server which is setup as PDC containing user
list
> and promotes WINS services
> - Linux System is setup with Samba which logs into the NT4 PDC. Samba
does
> not promote any services on the network except general file sharing.
> - 8 Windows 98SE boxes setup to login to domain.
> - 10/100 Linksys DualSpeed Hub.
> - ipchains firewall has been setup on the linux box forwarding packets to
> and from the lan to the dsl.
> - All systems can access file shares and internet from the lan. In other
> words, everything works perfectly.
> Routes w/o VPN:
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 4.40.159.68 * 255.255.255.252 U 0 0 0
eth1
> 192.168.0.0 * 255.255.255.0 U 0 0 0
eth0
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
> default 4.40.159.69 0.0.0.0 UG 0 0 0
eth1
> --------------------------------------------------------------------------
--
> ----------------------------------------
> Location: Office
> Connection: ISDN
> Kernel: Linux-2.2.17
> PPP Daemon: PPPd-2.3.11
> PopTop Server: PPTPd-1.1.2
> Patches: ppp_mppe_compressed_data_fix.diff,
> ppp-2.3.11-openssl-0.9.5-mppe.patch., and if_ppp_2.2.17.diff
> PopTop Config files and logs: Attached below.
> Ethernet: eth0 - ethernet connected to lan. ip: 192.168.0.1 a.k.a.
> server.legacycarpets
> Modem: ppp0 - 3com ISDN Terminal Adpater which connects to a dual line
> (128kb) ISDN connection. ip: dynamic a.k.a.
> lcarpet.dynip.com
> Other boxes, hubs, etc.:
> - Linux system is setup with Samba acting as a domain login server for
> win9x boxes and promotes file shares and acts as a WINS server.
> - 4 Windows 98SE boxes setup to authenticate through samba.
> - 10baseT Linksys Hub.
> - ipchains firewall has been setup on the linux box forwarding packets to
> and from the lan to the ISDN.
> - All systems can access file shares and internet from the lan. Works
> great!
> Routes w/o VPN:
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 204.181.200.7 * 255.255.255.255 UH 0 0 0
ppp0
> 192.168.0.1 * 255.255.255.255 UH 0 0 0
eth0
> 192.168.0.0 * 255.255.255.0 U 0 0 0
eth0
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
> default 204.181.200.7 0.0.0.0 UG 0 0 0
ppp0
> --------------------------------------------------------------------------
--
> -----------------------------------------
>
> ---- HOME ERROR LOGS ---- (The below logs for the home vpn show that the
vpn
> works perfectly fine allowing me on the network)
> ==> /var/log/messages <==
> pptpd[8163]: CTRL: Client 192.168.0.3 control connection started
> pptpd[8163]: CTRL: Starting call (launching pppd, opening GRE)
> pppd[8164]: pppd 2.3.11 started by root, uid 0
> pppd[8164]: Using interface ppp0
> pppd[8164]: Connect: ppp0 <--> /dev/pts/1
> pptpd[8163]: Buffering out-of-order packet; got 1 after 4294967295
> pptpd[8163]: Packet reorder timeout waiting for 0
> pptpd[8163]: Buffering out-of-order packet; got 2 after 0
> pppd[8164]: MSCHAP-v2 peer authentication succeeded for soholan\\rage
> pppd[8164]: found interface eth0 for proxy arp
> pppd[8164]: local IP address 192.168.0.201
> pppd[8164]: remote IP address 192.168.0.227
> pppd[8164]: MPPE 40 bit, stateless compression enabled
> pppd[8164]: LCP terminated by peer
> pppd[8164]: Modem hangup
> pppd[8164]: Connection terminated.
> pppd[8164]: Connect time 3.6 minutes.
> pppd[8164]: Sent 512 bytes, received 2247 bytes.
> pppd[8164]: Exit.
> pptpd[8163]: GRE: read error: Bad file descriptor
> pptpd[8163]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
> pptpd[8163]: CTRL: Client 192.168.0.3 control connection finished
>
> ==> /var/log/pptpd.log <==
> pptpd[8185]: MGR: Launching /usr/sbin/pptpctrl to handle client
> pptpd[8185]: CTRL: local address = 192.168.0.200
> pptpd[8185]: CTRL: remote address = 192.168.0.226
> pptpd[8185]: CTRL: pppd speed = 115200
> pptpd[8185]: CTRL: pppd options file = /etc/ppp/options.pptp
> pptpd[8185]: CTRL: Client 192.168.0.3 control connection started
> pptpd[8185]: CTRL: Received PPTP Control Message (type: 1)
> pptpd[8185]: CTRL: Made a START CTRL CONN RPLY packet
> pptpd[8185]: CTRL: I wrote 156 bytes to the client.
> pptpd[8185]: CTRL: Sent packet to client
> pptpd[8185]: CTRL: Received PPTP Control Message (type: 7)
> pptpd[8185]: CTRL: 0 min_bps, 0 max_bps, 32 window size
> pptpd[8185]: CTRL: Made a OUT CALL RPLY packet
> pptpd[8185]: CTRL: Starting call (launching pppd, opening GRE)
> pptpd[8185]: CTRL: pty_fd = 5
> pptpd[8185]: CTRL: tty_fd = 6
> pptpd[8186]: CTRL (PPPD Launcher): Connection speed = 115200
> pptpd[8185]: CTRL: I wrote 32 bytes to the client.
> pptpd[8185]: CTRL: Sent packet to client
> pptpd[8186]: CTRL (PPPD Launcher): local address = 192.168.0.200
> pptpd[8186]: CTRL (PPPD Launcher): remote address = 192.168.0.226
> pptpd[8186]: CTRL (PPPD Launcher): ipx network = 00001000
> pppd[8186]: pppd 2.3.11 started by root, uid 0
> pppd[8186]: Using interface ppp0
> pppd[8186]: Connect: ppp0 <--> /dev/pts/1
> pppd[8186]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap
> 81> <magic 0x896db843> <pcomp> <accomp>]
> pptpd[8185]: Buffering out-of-order packet; got 1 after 4294967295
> pppd[8186]: Timeout 0x805085c:0x80790c0 in 3 seconds.
> pptpd[8185]: Packet reorder timeout waiting for 0
> pptpd[8185]: Buffering out-of-order packet; got 2 after 0
> pppd[8186]: rcvd [LCP ConfReq id=0x1 <magic 0xd94b31f> <pcomp> <accomp>]
> pppd[8186]: lcp_reqci: returning CONFACK.
> pppd[8186]: sent [LCP ConfAck id=0x1 <magic 0xd94b31f> <pcomp> <accomp>]
> pppd[8186]: rcvd [LCP ConfAck id=0x1 <mru 1450> <asyncmap 0x0> <auth chap
> 81> <magic 0x896db843> <pcomp> <accomp>]
> pppd[8186]: Untimeout 0x805085c:0x80790c0.
> pppd[8186]: sent [CHAP Challenge id=0x1
<4cb7dcb764c559505c697171b2eb2b1c>,
> name = "meridian"]
> pppd[8186]: Timeout 0x8056284:0x80793a0 in 3 seconds.
> pppd[8186]: rcvd [CHAP Response id=0x1
>
<cb70f75460a5b3879d9716c3773e0f8e0000000000000000ff4ed9e7cf07a670480fb01c3ac
> 030334f54f59b98e7027604>, name = "soholan\\rage"]
> pppd[8186]: Untimeout 0x8056284:0x80793a0.
> pppd[8186]: ChapReceiveResponse: rcvd type MS-CHAP-V2
> pppd[8186]: sent [CHAP Success id=0x1
> "S=7B69617F523DB2A4D89C25AA3169B74F930C473C"]
> pppd[8186]: sent [IPCP ConfReq id=0x1 <addr 192.168.0.200> <compress VJ 0f
> 01>]
> pppd[8186]: Timeout 0x805085c:0x8079320 in 3 seconds.
> pppd[8186]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <mppe
1
> 0 0 60> <bsd v1 15>]
> pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds.
> pppd[8186]: MSCHAP-v2 peer authentication succeeded for soholan\\rage
> pppd[8186]: rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>
> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
> pppd[8186]: ipcp: returning Configure-NAK
> pppd[8186]: sent [IPCP ConfNak id=0x1 <addr 192.168.0.226> <ms-dns1
> 192.168.0.2> <ms-wins 192.168.0.2> <ms-dns3 192.168.0.2> <ms-wins
> 192.168.0.2>]
> pppd[8186]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 1> <lzs 0 1 4>]
> pppd[8186]: sent [CCP ConfRej id=0x1 <lzs 0 1 4>]
> pppd[8186]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.0.200> <compress VJ 0f
> 01>]
> pppd[8186]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd
v1
> 15>]
> pppd[8186]: Untimeout 0x805085c:0x8079440.
> pppd[8186]: sent [CCP ConfReq id=0x2 <mppe 1 0 0 60>]
> pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds.
> pppd[8186]: rcvd [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr
> 192.168.0.226> <ms-dns1 192.168.0.2> <ms-wins 192.168.0.2> <ms-dns3
> 192.168.0.2> <ms-wins 192.168.0.2>]
> pppd[8186]: ipcp: returning Configure-ACK
> pppd[8186]: sent [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr
> 192.168.0.226> <ms-dns1 192.168.0.2> <ms-wins 192.168.0.2> <ms-dns3
> 192.168.0.2> <ms-wins 192.168.0.2>]
> pppd[8186]: Untimeout 0x805085c:0x8079320.
> pppd[8186]: ipcp: up
> pppd[8186]: found interface eth0 for proxy arp
> pppd[8186]: local IP address 192.168.0.200
> pppd[8186]: remote IP address 192.168.0.226
> pppd[8186]: Script /etc/ppp/ip-up started (pid 8187)
> pppd[8186]: rcvd [CCP ConfReq id=0x2 <mppe 1 0 0 1>]
> pppd[8186]: sent [CCP ConfNak id=0x2 <mppe 1 0 0 60>]
> pppd[8186]: rcvd [CCP ConfNak id=0x2 <mppe 1 0 0 20>]
> pppd[8186]: Untimeout 0x805085c:0x8079440.
> pppd[8186]: sent [CCP ConfReq id=0x3 <mppe 1 0 0 20>]
> pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds.
> pppd[8186]: rcvd [CCP ConfReq id=0x3 <mppe 1 0 0 20>]
> pppd[8186]: sent [CCP ConfAck id=0x3 <mppe 1 0 0 20>]
> pppd[8186]: rcvd [CCP ConfAck id=0x3 <mppe 1 0 0 20>]
> pppd[8186]: Untimeout 0x805085c:0x8079440.
> pppd[8186]: MPPE 40 bit, stateless compression enabled
> Sat Jan 13 22:33:14 CST 2001: ip-up External Device: ppp0 TTY: /dev/pts/1
> Speed: 115200 Local IP: 192.168.0.200 Remote IP: 192.168.0.226
> Sat Jan 13 22:33:14 CST 2001: ip-up Firewall rules set for
> ppp0:192.168.0.226
> pppd[8186]: Script /etc/ppp/ip-up finished (pid 8187), status = 0x0
> pptpd[8185]: CTRL: Received PPTP Control Message (type: 5)
> pptpd[8185]: CTRL: Made a ECHO RPLY packet
> pptpd[8185]: CTRL: I wrote 20 bytes to the client.
> pptpd[8185]: CTRL: Sent packet to client
> pppd[8186]: rcvd [LCP TermReq id=0x2]
> pppd[8186]: LCP terminated by peer
> pppd[8186]: ipcp: down
> pppd[8186]: Untimeout 0x805a0bc:0x0.
> pppd[8186]: Script /etc/ppp/ip-down started (pid 8196)
> pppd[8186]: Timeout 0x805085c:0x80790c0 in 3 seconds.
> pppd[8186]: sent [LCP TermAck id=0x2]
> pptpd[8185]: CTRL: Received PPTP Control Message (type: 12)
> pptpd[8185]: CTRL: Made a CALL DISCONNECT RPLY packet
> pptpd[8185]: CTRL: Received CALL CLR request (closing call)
> pptpd[8185]: CTRL: I wrote 148 bytes to the client.
> pptpd[8185]: CTRL: Sent packet to client
> pppd[8186]: Modem hangup
> pppd[8186]: Untimeout 0x805085c:0x80790c0.
> pppd[8186]: Connection terminated.
> pppd[8186]: Sent 511 bytes, received 929 bytes.
> pppd[8186]: Waiting for 1 child processes...
> pppd[8186]: script /etc/ppp/ip-down, pid 8196
> pppd[8186]: Script /etc/ppp/ip-down finished (pid 8196), status = 0x200
> pppd[8186]: Exit.
> pptpd[8185]: GRE: read error: Bad file descriptor
> pptpd[8185]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
> pptpd[8185]: CTRL: Client 192.168.0.3 control connection finished
> pptpd[8185]: CTRL: Exiting now
>
> ---- OFFICE ERROR LOGS ---- (As you can see here
> ==> /var/log/messages <==
> pptpd[19625]: CTRL: Client 4.40.159.70 control connection started
> pptpd[19625]: CTRL: Starting call (launching pppd, opening GRE)
> pppd[19626]: pppd 2.3.11 started by root, uid 0
> kernel: ppp_ioctl: set dbg flags to 70000
> kernel: ppp_ioctl: set flags to 70000
> pppd[19626]: Using interface ppp1
> pppd[19626]: Connect: ppp1 <--> /dev/pts/1
> kernel: ppp_tty_ioctl: set xasyncmap
> kernel: ppp_tty_ioctl: set xmit asyncmap ffffffff
> kernel: ppp_ioctl: set flags to 70000
> kernel: ppp_ioctl: set mru to 5dc
> kernel: ppp_tty_ioctl: set rcv asyncmap ffffffff
> kernel: ppp: channel ppp1 closing.
> pppd[19626]: Modem hangup
> pppd[19626]: Connection terminated.
> pppd[19626]: Exit.
> pptpd[19625]: GRE: read error: Bad file descriptor
> pptpd[19625]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
> pptpd[19625]: CTRL: Client 4.40.159.70 control connection finished
>
> ==> /var/log/pptpd.log <==
> pptpd[19651]: MGR: Launching /usr/sbin/pptpctrl to handle client
> pptpd[19651]: CTRL: local address = 192.168.0.201
> pptpd[19651]: CTRL: remote address = 192.168.0.227
> pptpd[19651]: CTRL: pppd speed = 115200
> pptpd[19651]: CTRL: pppd options file = /etc/ppp/options.vpn
> pptpd[19651]: CTRL: Client 4.40.159.70 control connection started
> pptpd[19651]: CTRL: Received PPTP Control Message (type: 1)
> pptpd[19651]: CTRL: Made a START CTRL CONN RPLY packet
> pptpd[19651]: CTRL: I wrote 156 bytes to the client.
> pptpd[19651]: CTRL: Sent packet to client
> pptpd[19651]: CTRL: Received PPTP Control Message (type: 7)
> pptpd[19651]: CTRL: 0 min_bps, 0 max_bps, 32 window size
> pptpd[19651]: CTRL: Made a OUT CALL RPLY packet
> pptpd[19651]: CTRL: Starting call (launching pppd, opening GRE)
> pptpd[19651]: CTRL: pty_fd = 6
> pptpd[19651]: CTRL: tty_fd = 7
> pptpd[19652]: CTRL (PPPD Launcher): Connection speed = 115200
> pptpd[19652]: CTRL (PPPD Launcher): local address = 192.168.0.201
> pptpd[19652]: CTRL (PPPD Launcher): remote address = 192.168.0.227
> pptpd[19652]: CTRL (PPPD Launcher): ipx network = 00001001
> pptpd[19651]: CTRL: I wrote 32 bytes to the client.
> pptpd[19651]: CTRL: Sent packet to client
> pppd[19652]: pppd 2.3.11 started by root, uid 0
> pppd[19652]: Using interface ppp1
> pppd[19652]: Connect: ppp1 <--> /dev/pts/1
> pppd[19652]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x20a0000>
<auth
> chap 81> <magic 0x49ad0472> <pcomp> <accomp>]
> pppd[19652]: Timeout 0x8050394:0x8078480 in 3 seconds.
> #### The above two lines were repeated and addition nine times ####
> pptpd[19651]: CTRL: Received PPTP Control Message (type: 12)
> pptpd[19651]: CTRL: Made a CALL DISCONNECT RPLY packet
> pptpd[19651]: CTRL: Received CALL CLR request (closing call)
> pptpd[19651]: CTRL: I wrote 148 bytes to the client.
> pptpd[19651]: CTRL: Sent packet to client
> pppd[19652]: Modem hangup
> pppd[19652]: Untimeout 0x8050394:0x8078480.
> pppd[19652]: Connection terminated.
> pppd[19652]: Exit.
> pptpd[19651]: GRE: read error: Bad file descriptor
> pptpd[19651]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
> pptpd[19651]: CTRL: Client 4.40.159.70 control connection finished
> pptpd[19651]: CTRL: Exiting now
> pptpd[2275]: MGR: Reaped child 19651
>
> ---- HOME VPN FILES ----
> ==> /etc/pptpd.conf <==
> # PoPToP configuration file
>
> # TAG: speed
> speed 115200
>
> # TAG: option
> option /etc/ppp/options.pptp
>
> # TAG: debug
> debug
>
> # TAG: localip
> localip 192.168.0.200-225
>
> # TAG: remoteip
> remoteip 192.168.0.226-251
>
> # TAG: ipxnets
> ipxnets 00001000-00001FFF
>
> # TAG: listen
> #listen 192.168.0.1
>
> # TAG: pidfile
> pidfile /var/run/pptpd.pid
>
> ==> /etc/ppp/options <==
> lock
> tail: /etc/ppp/options.vpn: No such file or directory
>
> ==> /etc/ppp/chap-secrets <==
> # Secrets for authentication using CHAP
> # client server secret IP addresses
> "soholan\\rage" * "ro0tm4h-" *
> "soholan\\margie" * "m00t1lda" *
> "soholan\\andy" * "ambermarie" *
>
> #PoPToP configuration file /etc/pptpd.conf
> speed 115200
> localip 192.168.0.200-225
> remoteip 192.168.0.226-251
>
> ==> /etc/ppp/ip-up <==
> #!/bin/sh
>
> INTERNAL_DEV="eth0"
> INTERNAL_NET="192.168.0.0/24"
> INTERNAL_IP=$4
> EXTERNAL_DEV=$1
> EXTERNAL_NET="192.168.0.0/24"
> EXTERNAL_IP=$5
> HW_ADDRESS="00:10:5A:1C:0B:8B"
>
> case $2
> in
> /dev/pts/*)
> /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i
> $INTERNAL_DEV
> /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i
> $EXTERNAL_DEV
> /sbin/ipchains --insert input -i $EXTERNAL_DEV -s
> $INTERNAL_NET -j ACCEPT
> /sbin/ipchains --insert output -i $EXTERNAL_DEV -d
> $INTERNAL_NET -j ACCEPT
>
> # Logging
> echo
> date > /var/run/ppp.up
> echo "Connection started on " $2 >> /var/run/ppp.up
> echo "Client IP Address = " $EXTERNAL_IP >>
/var/run/ppp.up
> echo "Server IP Address = " $INTERNAL_IP >>
/var/run/ppp.up
> /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >>
> /var/run/ppp.up
>
> echo "$(date): ip-up External Device: $1 TTY: $2 Speed:
$3
> Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log
> echo "$(date): ip-up Firewall rules set for
> $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log
> ;;
> esac
>
>
> ==> /etc/ppp/ip-down <==
> #!/bin/sh
>
> INTERNAL_DEV="eth0"
> INTERNAL_NET="192.168.0.0/24"
> INTERNAL_IP=$4
> EXTERNAL_DEV=$1
> EXTERNAL_NET="192.168.0.0/24
> EXTERNAL_IP=$5
> HW_ADDRESS="00:10:5A:1C:0B:8B"
>
> case $2
> in
> /dev/pts/*)
> /sbin/ipchains --delete forward -j MASQ -s $EXTERNAL_IP -i
> $INTERNAL_DEV
> /sbin/ipchains --delete forward -j MASQ -d $EXTERNAL_IP -i
> $EXTERNAL_DEV
> /sbin/ipchains --delete input -i $EXTERNAL_DEV -s
> $INTERNAL_NET -j ACCEPT
> /sbin/ipchains --delete output -i $EXTERNAL_DEV -d
> $INTERNAL_NET -j ACCEPT
>
> # Logging
> echo "$(date): ip-down External Device: $1 TTY: $2 Speed:
> $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log
> echo "$(date): ip-down Firewall rules removed for
> $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log
>
> echo
> date > /var/run/ppp.up
> echo "Connection closed on " $2 >> /var/run/ppp.up
> echo "Client IP Address = " $EXTERNAL_IP >>
/var/run/ppp.up
> echo "Server IP Address = " $INTERNAL_IP >>
/var/run/ppp.up
> arp --delete $EXTERNAL_IP $HW_ADDRESS pub >>
/var/run/ppp.up
> ;;
> esac
>
>
> ==> /etc/rc.d/init.d/firewall <==
> #!/bin/sh
> # IPchains Firewalling Script File
> # Generated by IPchains Firewalling Webmin Module
> # Copyright (C) 1999-2000 by Tim Niemueller, GPL
> # http://www.niemueller.de/webmin/modules/ipchains/
> # Created on 22/May/2000 09:02
> #
>
> # Source function library.
> . /etc/rc.d/init.d/functions
>
> # Check that networking is up.
> #if [ ${NETWORKING} = "no" ]
> #then
> # exit 0
> #fi
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> case "$1" in
> start)
>
> # This gets rid of old stuff
> /sbin/ipchains -F
> /sbin/ipchains -X
>
> # Input ipchain rules
> /sbin/ipchains -P input DENY
> /sbin/ipchains -A input -j ACCEPT -i lo
> /sbin/ipchains -A input -j ACCEPT -i eth0
> /sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i eth1
> /sbin/ipchains -A input -j ACCEPT -p udp -i eth1
> /sbin/ipchains -A input -j DENY -l -i eth1 -s 192.168.0.0/16
> /sbin/ipchains -A input -j DENY -p tcp -i eth1 -s 0/0 1024:65535 -d 0/0
139
> /sbin/ipchains -A input -j DENY -p udp -i eth1 -s 0/0 1024:65535 -d 0/0
139
> /sbin/ipchains -A input -j ACCEPT -i eth1
> /sbin/ipchains -A input -j ACCEPT -p TCP -d 0.0.0.0/0 1723
> /sbin/ipchains -A input -j ACCEPT -p 47
>
> # Output ipchains rules
> /sbin/ipchains -P output ACCEPT
> /sbin/ipchains -A output -j ACCEPT -p TCP -s 0.0.0.0/0 1723
> /sbin/ipchains -A output -j ACCEPT -p 47
>
> # Forward ipchain rules
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j
> MASQ
> /sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j
> MASQ
> ;;
>
> stop)
> /sbin/ipchains -F
> /sbin/ipchains -X
> echo "0" > /proc/sys/net/ipv4/ip_forward
> ;;
>
> restart)
> $0 stop
> $0 start
> ;;
>
> status)
> /sbin/ipchains -L -v
> ;;
>
> *)
> echo "Usage: firewall {start|stop|restart|status}"
> exit 1
>
> esac
> exit 0
>
> ==> /etc/modules.conf <==
> alias eth0 3c59x
> alias eth1 ne2k-pci
> alias parport_lowlevel parport_pc
> alias usb-controller usb-uhci
> alias char-major-108 off
> alias ppp-compress-18 ppp_mppe
> alias ppp-compress-21 bsd_comp
> alias ppp-compress-24 ppp_deflate
> alias ppp-compress-26 ppp_deflate
>
> ---- OFFICE CONFIG FILES ----
> ==> /etc/pptpd.conf <==
> # PoPToP configuration file
>
> # TAG: speed
> speed 115200
>
> # TAG: option
> option /etc/ppp/options.vpn
>
> # TAG: debug
> debug
>
> # TAG: localip
> localip 192.168.0.200-225
>
> # TAG: remoteip
> remoteip 192.168.0.226-251
>
> # TAG: ipxnets
> ipxnets 00001000-00001FFF
>
> # TAG: listen
> #listen 192.168.0.1
>
> # TAG: pidfile
> pidfile /var/run/pptpd.pid
>
> ==> /etc/ppp/options <==
> lock
> modem
> crtscts
> asyncmap 20A0000
> noipdefault
> defaultroute
> debug
> user lcarpet
> noauth
> nodetach
>
> ==> /etc/ppp/options.vpn <==
> lock
> asyncmap 20A0000
> debug
> kdebug 7
> name server
> auth
> mru 1450
> mtu 1450
> require-chap
> +chap
> proxyarp
> +chapms
> +chapms-v2
> mppe-40
> mppe-128
> mppe-stateless
>
> ==> /etc/ppp/chap-secrets <==
> # Secrets for authentication using CHAP
> # client server secret IP addresses
>
>
> "rage" server "ro0tm4h" "192.168.0.210"
> "tony" * "bogie" *
> "ernie" * "boney" *
> "chris" * "0414" *
> "terry" * "automan1" *
> "darin" * "dito66"
>
> speed 115200
> debug
> localip 192.168.0.200-225
> remoteip 192.168.1.226-251
>
> # Dialup Info
> iwells * automan1
>
> ==> /etc/ppp/ip-up <==
> #!/bin/sh
>
> INTERNAL_DEV="eth0"
> INTERNAL_NET="192.168.0.0/24"
> INTERNAL_IP=$4
> EXTERNAL_DEV=$1
> EXTERNAL_NET="192.168.0.0/24"
> EXTERNAL_IP=$5
> HW_ADDRESS="52:54:05:F0:25:90"
>
> case $2
> in
> /dev/pts/*)
> /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i
> $INTERNAL_DEV
> /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i
> $EXTERNAL_DEV
> /sbin/ipchains --insert input -i $EXTERNAL_DEV -s
> $INTERNAL_NET -j ACCEPT
> /sbin/ipchains --insert output -i $EXTERNAL_DEV -d
> $INTERNAL_NET -j ACCEPT
>
> # Logging
> echo
> date > /var/run/ppp.up
> echo "Connection started on " $2 >> /var/run/ppp.up
> echo "Client IP Address = " $EXTERNAL_IP >>
/var/run/ppp.up
> echo "Server IP Address = " $INTERNAL_IP >>
/var/run/ppp.up
> /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >>
> /var/run/ppp.up
>
> echo "$(date): ip-up External Device: $1 TTY: $2 Speed:
$3
> Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log
> echo "$(date): ip-up Firewall rules set for
> $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log
> ;;
> esac
>
>
> ==> /etc/ppp/ip-down <==
> #!/bin/sh
>
> INTERNAL_DEV="eth0"
> INTERNAL_NET="192.168.0.0/24"
> INTERNAL_IP=$4
> EXTERNAL_DEV=$1
> EXTERNAL_NET="192.168.0.0/24
> EXTERNAL_IP=$5
> HW_ADDRESS="52:54:05:F0:25:90"
>
> case $2
> in
> /dev/pts/*)
> /sbin/ipchains --delete forward -j MASQ -s $EXTERNAL_IP -i
> $INTERNAL_DEV
> /sbin/ipchains --delete forward -j MASQ -d $EXTERNAL_IP -i
> $EXTERNAL_DEV
> /sbin/ipchains --delete input -i $EXTERNAL_DEV -s
> $INTERNAL_NET -j ACCEPT
> /sbin/ipchains --delete output -i $EXTERNAL_DEV -d
> $INTERNAL_NET -j ACCEPT
>
> # Logging
> echo "$(date): ip-down External Device: $1 TTY: $2 Speed:
> $3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log
> echo "$(date): ip-down Firewall rules removed for
> $EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log
>
> echo
> date > /var/run/ppp.up
> echo "Connection closed on " $2 >> /var/run/ppp.up
> echo "Client IP Address = " $EXTERNAL_IP >>
/var/run/ppp.up
> echo "Server IP Address = " $INTERNAL_IP >>
/var/run/ppp.up
> arp --delete $EXTERNAL_IP $HW_ADDRESS pub >>
/var/run/ppp.up
> ;;
> esac
>
>
> ==> /etc/rc.d/init.d/firewall <==
> #!/bin/sh
> # IPchains Firewalling Script File
> # Generated by IPchains Firewalling Webmin Module
> # Copyright (C) 1999-2000 by Tim Niemueller, GPL
> # http://www.niemueller.de/webmin/modules/ipchains/
> # Created on 22/May/2000 09:02
> #
>
> # Source function library.
> . /etc/rc.d/init.d/functions
>
> # Check that networking is up.
> #if [ ${NETWORKING} = "no" ]
> #then
> # exit 0
> #fi
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> case "$1" in
> start)
>
> # This gets rid of old stuff
> /sbin/ipchains -F
> /sbin/ipchains -X
>
> # Input ipchain rules
> /sbin/ipchains -P input DENY
> /sbin/ipchains -A input -j ACCEPT -i lo
> /sbin/ipchains -A input -j ACCEPT -i eth0
> /sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i ppp0
> /sbin/ipchains -A input -j ACCEPT -p udp -i ppp0
> /sbin/ipchains -A input -j DENY -l -i ppp0 -s 192.168.0.0/16
> /sbin/ipchains -A input -j DENY -p tcp -i ppp0 -s 0/0 1024:65535 -d 0/0
139
> /sbin/ipchains -A input -j DENY -p udp -i ppp0 -s 0/0 1024:65535 -d 0/0
139
> /sbin/ipchains -A input -j ACCEPT -i ppp0
> /sbin/ipchains -A input -j ACCEPT -p TCP -d 0.0.0.0/0 1723
> /sbin/ipchains -A input -j ACCEPT -p 47
>
> # Output ipchains rules
> /sbin/ipchains -P output ACCEPT
> /sbin/ipchains -A output -j ACCEPT -p TCP -s 0.0.0.0/0 1723
> /sbin/ipchains -A output -j ACCEPT -p 47
>
> # Forward ipchain rules
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -t 0x01 0x02 -j
> MASQ
> /sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.0.0/24 -t 0x01 0x02 -j
> MASQ
> ;;
>
> stop)
> /sbin/ipchains -F
> /sbin/ipchains -X
> ;;
>
> restart)
> $0 stop
> $0 start
> ;;
>
> status)
> /sbin/ipchains -L -v
> ;;
>
> *)
> echo "Usage: firewall {start|stop|restart|status}"
> exit 1
>
> esac
> exit 0
>
> ==> /etc/modules.conf <==
> alias eth0 ne2k-pci
> alias parport_lowlevel parport_pc
> alias usb-controller usb-uhci
> alias char-major-108 off
> alias ppp-compress-18 ppp_mppe
> alias ppp-compress-21 bsd_comp
> alias ppp-compress-24 ppp_deflate
> alias ppp-compress-26 ppp_deflate
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>
More information about the pptp-server
mailing list