[pptp-server] I don't understand anything ! :-) New info..any one care to decipher?

George Vieira GeorgeV at citadelcomputer.com.au
Sun Jan 14 16:07:31 CST 2001


My suggestion which helped on other problems on my firewall was to add

ipchains -A INPUT -j DENY -l
ipchains -A OUTPUT -j DENY -l

to the end and watch the /var/log/messages (or whatever file) logs for
errors and protocol rejects. I found that this helps monitoring firewall
packet drops and sometimes it's not right and you'll see it straight away..

thanks,
George Vieira


-----Original Message-----
From: Jason Osborne [mailto:rage at sohonetworks.cc]
Sent: Sunday, January 14, 2001 9:36 PM
To: George Vieira; pptp-server at lists.schulte.org
Subject: RE: [pptp-server] I don't understand anything ! :-) New
info..anyone care to decipher?


	Ok, I have been playing with the VPN trying to figure out exactly
what is
wrong with it. This is unfortunately an extensive email, but, maybe we can
all come to a conclusion for ISDN users. For those of you who don't want to
read all this, here is a simple breakdown of the problem. This error is
reported when connecting to the isdn server. You must understand that the
configs are literal setup the same way on both systems.

pppd[19652]: Connect: ppp1 <--> /dev/pts/1
pppd[19652]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x20a0000> <auth
chap 81> <magic 0x49ad0472> <pcomp> <accomp>]
pppd[19652]: Timeout 0x8050394:0x8078480 in 3 seconds.
#### The above two lines were repeated and addition nine times ####
pptpd[19651]: CTRL: Received PPTP Control Message (type: 12)
pptpd[19651]: CTRL: Made a CALL DISCONNECT RPLY packet
pptpd[19651]: CTRL: Received CALL CLR request (closing call)
pptpd[19651]: CTRL: I wrote 148 bytes to the client.
pptpd[19651]: CTRL: Sent packet to client
pppd[19652]: Modem hangup
pppd[19652]: Untimeout 0x8050394:0x8078480.
pppd[19652]: Connection terminated.

	I have also noticed that the VPN client (in win98) is reporting the
error
650. According to http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt this
means:

7.2.3. Error 650: The Remote Access server is not responding.
	Possible causes:
	- There is a problem with packets getting through
	Possible solutions:
	- Check firewalls between you and server.
	Make sure all can pass protocol 47 (GRE) and tcp port 1723.
According to this prognosis, is the firewall for the office an issue. I have
included the firewall script from the office toward the bottom of this
email. If anyone can help it would be much appreciated. I bet you will
answer more than just my question. In advance, thanks for all your help.

Here is the setup.
----------------------------------------------------------------------------
----------------------------------------
Location: Home
Connection: DSL
Kernel: Linux-2.2.17
PPP Daemon: PPPd-2.3.11
PopTop Server: PPTPd-1.1.2
Patches: ppp_mppe_compressed_data_fix.diff,
ppp-2.3.11-openssl-0.9.5-mppe.patch., and if_ppp_2.2.17.diff
PopTop Config files and logs: Attached below.
Ethernet:
 - eth0: ethernet connected to LAN. ip: 192.168.0.1 a.k.a. meridian.soholan
 - eth1: ethernet connected to dsl. ip: 4.40.159.70 a.k.a.
meridian.sohonetworks.cc
Other boxes, hubs, etc.:
 - Windows NT 4.0 Terminal Server which is setup as PDC containing user list
and promotes WINS services
 - Linux System is setup with Samba which logs into the NT4 PDC. Samba does
not promote any services on the network except general file sharing.
 - 8 Windows 98SE boxes setup to login to domain.
 - 10/100 Linksys DualSpeed Hub.
 - ipchains firewall has been setup on the linux box forwarding packets to
and from the lan to the dsl.
 - All systems can access file shares and internet from the lan. In other
words, everything works perfectly.
Routes w/o VPN:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
4.40.159.68     *               255.255.255.252 U     0      0        0 eth1
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         4.40.159.69     0.0.0.0         UG    0      0        0 eth1
----------------------------------------------------------------------------
----------------------------------------
Location: Office
Connection: ISDN
Kernel: Linux-2.2.17
PPP Daemon: PPPd-2.3.11
PopTop Server: PPTPd-1.1.2
Patches: ppp_mppe_compressed_data_fix.diff,
ppp-2.3.11-openssl-0.9.5-mppe.patch., and if_ppp_2.2.17.diff
PopTop Config files and logs: Attached below.
Ethernet: eth0 - ethernet connected to lan. ip: 192.168.0.1 a.k.a.
server.legacycarpets
Modem:    ppp0 - 3com ISDN Terminal Adpater which connects to a dual line
(128kb) ISDN connection. ip: dynamic a.k.a.
lcarpet.dynip.com
Other boxes, hubs, etc.:
 - Linux system is setup with Samba acting as a domain login server for
win9x boxes and promotes file shares and acts as a WINS server.
 - 4 Windows 98SE boxes setup to authenticate through samba.
 - 10baseT Linksys Hub.
 - ipchains firewall has been setup on the linux box forwarding packets to
and from the lan to the ISDN.
 - All systems can access file shares and internet from the lan. Works
great!
Routes w/o VPN:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
204.181.200.7   *               255.255.255.255 UH    0      0        0 ppp0
192.168.0.1     *               255.255.255.255 UH    0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         204.181.200.7   0.0.0.0         UG    0      0        0 ppp0
----------------------------------------------------------------------------
-----------------------------------------

---- HOME ERROR LOGS ---- (The below logs for the home vpn show that the vpn
works perfectly fine allowing me on the network)
==> /var/log/messages <==
pptpd[8163]: CTRL: Client 192.168.0.3 control connection started
pptpd[8163]: CTRL: Starting call (launching pppd, opening GRE)
pppd[8164]: pppd 2.3.11 started by root, uid 0
pppd[8164]: Using interface ppp0
pppd[8164]: Connect: ppp0 <--> /dev/pts/1
pptpd[8163]: Buffering out-of-order packet; got 1 after 4294967295
pptpd[8163]: Packet reorder timeout waiting for 0
pptpd[8163]: Buffering out-of-order packet; got 2 after 0
pppd[8164]: MSCHAP-v2 peer authentication succeeded for soholan\\rage
pppd[8164]: found interface eth0 for proxy arp
pppd[8164]: local  IP address 192.168.0.201
pppd[8164]: remote IP address 192.168.0.227
pppd[8164]: MPPE 40 bit, stateless compression enabled
pppd[8164]: LCP terminated by peer
pppd[8164]: Modem hangup
pppd[8164]: Connection terminated.
pppd[8164]: Connect time 3.6 minutes.
pppd[8164]: Sent 512 bytes, received 2247 bytes.
pppd[8164]: Exit.
pptpd[8163]: GRE: read error: Bad file descriptor
pptpd[8163]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
pptpd[8163]: CTRL: Client 192.168.0.3 control connection finished

==> /var/log/pptpd.log <==
pptpd[8185]: MGR: Launching /usr/sbin/pptpctrl to handle client
pptpd[8185]: CTRL: local address = 192.168.0.200
pptpd[8185]: CTRL: remote address = 192.168.0.226
pptpd[8185]: CTRL: pppd speed = 115200
pptpd[8185]: CTRL: pppd options file = /etc/ppp/options.pptp
pptpd[8185]: CTRL: Client 192.168.0.3 control connection started
pptpd[8185]: CTRL: Received PPTP Control Message (type: 1)
pptpd[8185]: CTRL: Made a START CTRL CONN RPLY packet
pptpd[8185]: CTRL: I wrote 156 bytes to the client.
pptpd[8185]: CTRL: Sent packet to client
pptpd[8185]: CTRL: Received PPTP Control Message (type: 7)
pptpd[8185]: CTRL: 0 min_bps, 0 max_bps, 32 window size
pptpd[8185]: CTRL: Made a OUT CALL RPLY packet
pptpd[8185]: CTRL: Starting call (launching pppd, opening GRE)
pptpd[8185]: CTRL: pty_fd = 5
pptpd[8185]: CTRL: tty_fd = 6
pptpd[8186]: CTRL (PPPD Launcher): Connection speed = 115200
pptpd[8185]: CTRL: I wrote 32 bytes to the client.
pptpd[8185]: CTRL: Sent packet to client
pptpd[8186]: CTRL (PPPD Launcher): local address = 192.168.0.200
pptpd[8186]: CTRL (PPPD Launcher): remote address = 192.168.0.226
pptpd[8186]: CTRL (PPPD Launcher): ipx network = 00001000
pppd[8186]: pppd 2.3.11 started by root, uid 0
pppd[8186]: Using interface ppp0
pppd[8186]: Connect: ppp0 <--> /dev/pts/1
pppd[8186]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap
81> <magic 0x896db843> <pcomp> <accomp>]
pptpd[8185]: Buffering out-of-order packet; got 1 after 4294967295
pppd[8186]: Timeout 0x805085c:0x80790c0 in 3 seconds.
pptpd[8185]: Packet reorder timeout waiting for 0
pptpd[8185]: Buffering out-of-order packet; got 2 after 0
pppd[8186]: rcvd [LCP ConfReq id=0x1 <magic 0xd94b31f> <pcomp> <accomp>]
pppd[8186]: lcp_reqci: returning CONFACK.
pppd[8186]: sent [LCP ConfAck id=0x1 <magic 0xd94b31f> <pcomp> <accomp>]
pppd[8186]: rcvd [LCP ConfAck id=0x1 <mru 1450> <asyncmap 0x0> <auth chap
81> <magic 0x896db843> <pcomp> <accomp>]
pppd[8186]: Untimeout 0x805085c:0x80790c0.
pppd[8186]: sent [CHAP Challenge id=0x1 <4cb7dcb764c559505c697171b2eb2b1c>,
name = "meridian"]
pppd[8186]: Timeout 0x8056284:0x80793a0 in 3 seconds.
pppd[8186]: rcvd [CHAP Response id=0x1
<cb70f75460a5b3879d9716c3773e0f8e0000000000000000ff4ed9e7cf07a670480fb01c3ac
030334f54f59b98e7027604>, name = "soholan\\rage"]
pppd[8186]: Untimeout 0x8056284:0x80793a0.
pppd[8186]: ChapReceiveResponse: rcvd type MS-CHAP-V2
pppd[8186]: sent [CHAP Success id=0x1
"S=7B69617F523DB2A4D89C25AA3169B74F930C473C"]
pppd[8186]: sent [IPCP ConfReq id=0x1 <addr 192.168.0.200> <compress VJ 0f
01>]
pppd[8186]: Timeout 0x805085c:0x8079320 in 3 seconds.
pppd[8186]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <mppe 1
0 0 60> <bsd v1 15>]
pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds.
pppd[8186]: MSCHAP-v2 peer authentication succeeded for soholan\\rage
pppd[8186]: rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>
<ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
pppd[8186]: ipcp: returning Configure-NAK
pppd[8186]: sent [IPCP ConfNak id=0x1 <addr 192.168.0.226> <ms-dns1
192.168.0.2> <ms-wins 192.168.0.2> <ms-dns3 192.168.0.2> <ms-wins
192.168.0.2>]
pppd[8186]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 1> <lzs 0 1 4>]
pppd[8186]: sent [CCP ConfRej id=0x1 <lzs 0 1 4>]
pppd[8186]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.0.200> <compress VJ 0f
01>]
pppd[8186]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1
15>]
pppd[8186]: Untimeout 0x805085c:0x8079440.
pppd[8186]: sent [CCP ConfReq id=0x2 <mppe 1 0 0 60>]
pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds.
pppd[8186]: rcvd [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr
192.168.0.226> <ms-dns1 192.168.0.2> <ms-wins 192.168.0.2> <ms-dns3
192.168.0.2> <ms-wins 192.168.0.2>]
pppd[8186]: ipcp: returning Configure-ACK
pppd[8186]: sent [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr
192.168.0.226> <ms-dns1 192.168.0.2> <ms-wins 192.168.0.2> <ms-dns3
192.168.0.2> <ms-wins 192.168.0.2>]
pppd[8186]: Untimeout 0x805085c:0x8079320.
pppd[8186]: ipcp: up
pppd[8186]: found interface eth0 for proxy arp
pppd[8186]: local  IP address 192.168.0.200
pppd[8186]: remote IP address 192.168.0.226
pppd[8186]: Script /etc/ppp/ip-up started (pid 8187)
pppd[8186]: rcvd [CCP ConfReq id=0x2 <mppe 1 0 0 1>]
pppd[8186]: sent [CCP ConfNak id=0x2 <mppe 1 0 0 60>]
pppd[8186]: rcvd [CCP ConfNak id=0x2 <mppe 1 0 0 20>]
pppd[8186]: Untimeout 0x805085c:0x8079440.
pppd[8186]: sent [CCP ConfReq id=0x3 <mppe 1 0 0 20>]
pppd[8186]: Timeout 0x805085c:0x8079440 in 3 seconds.
pppd[8186]: rcvd [CCP ConfReq id=0x3 <mppe 1 0 0 20>]
pppd[8186]: sent [CCP ConfAck id=0x3 <mppe 1 0 0 20>]
pppd[8186]: rcvd [CCP ConfAck id=0x3 <mppe 1 0 0 20>]
pppd[8186]: Untimeout 0x805085c:0x8079440.
pppd[8186]: MPPE 40 bit, stateless compression enabled
Sat Jan 13 22:33:14 CST 2001: ip-up  External Device: ppp0 TTY: /dev/pts/1
Speed: 115200 Local IP: 192.168.0.200 Remote IP: 192.168.0.226
Sat Jan 13 22:33:14 CST 2001: ip-up  Firewall rules set for
ppp0:192.168.0.226
pppd[8186]: Script /etc/ppp/ip-up finished (pid 8187), status = 0x0
pptpd[8185]: CTRL: Received PPTP Control Message (type: 5)
pptpd[8185]: CTRL: Made a ECHO RPLY packet
pptpd[8185]: CTRL: I wrote 20 bytes to the client.
pptpd[8185]: CTRL: Sent packet to client
pppd[8186]: rcvd [LCP TermReq id=0x2]
pppd[8186]: LCP terminated by peer
pppd[8186]: ipcp: down
pppd[8186]: Untimeout 0x805a0bc:0x0.
pppd[8186]: Script /etc/ppp/ip-down started (pid 8196)
pppd[8186]: Timeout 0x805085c:0x80790c0 in 3 seconds.
pppd[8186]: sent [LCP TermAck id=0x2]
pptpd[8185]: CTRL: Received PPTP Control Message (type: 12)
pptpd[8185]: CTRL: Made a CALL DISCONNECT RPLY packet
pptpd[8185]: CTRL: Received CALL CLR request (closing call)
pptpd[8185]: CTRL: I wrote 148 bytes to the client.
pptpd[8185]: CTRL: Sent packet to client
pppd[8186]: Modem hangup
pppd[8186]: Untimeout 0x805085c:0x80790c0.
pppd[8186]: Connection terminated.
pppd[8186]: Sent 511 bytes, received 929 bytes.
pppd[8186]: Waiting for 1 child processes...
pppd[8186]:   script /etc/ppp/ip-down, pid 8196
pppd[8186]: Script /etc/ppp/ip-down finished (pid 8196), status = 0x200
pppd[8186]: Exit.
pptpd[8185]: GRE: read error: Bad file descriptor
pptpd[8185]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
pptpd[8185]: CTRL: Client 192.168.0.3 control connection finished
pptpd[8185]: CTRL: Exiting now

---- OFFICE ERROR LOGS ---- (As you can see here
==> /var/log/messages <==
pptpd[19625]: CTRL: Client 4.40.159.70 control connection started
pptpd[19625]: CTRL: Starting call (launching pppd, opening GRE)
pppd[19626]: pppd 2.3.11 started by root, uid 0
kernel: ppp_ioctl: set dbg flags to 70000
kernel: ppp_ioctl: set flags to 70000
pppd[19626]: Using interface ppp1
pppd[19626]: Connect: ppp1 <--> /dev/pts/1
kernel: ppp_tty_ioctl: set xasyncmap
kernel: ppp_tty_ioctl: set xmit asyncmap ffffffff
kernel: ppp_ioctl: set flags to 70000
kernel: ppp_ioctl: set mru to 5dc
kernel: ppp_tty_ioctl: set rcv asyncmap ffffffff
kernel: ppp: channel ppp1 closing.
pppd[19626]: Modem hangup
pppd[19626]: Connection terminated.
pppd[19626]: Exit.
pptpd[19625]: GRE: read error: Bad file descriptor
pptpd[19625]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
pptpd[19625]: CTRL: Client 4.40.159.70 control connection finished

==> /var/log/pptpd.log <==
pptpd[19651]: MGR: Launching /usr/sbin/pptpctrl to handle client
pptpd[19651]: CTRL: local address = 192.168.0.201
pptpd[19651]: CTRL: remote address = 192.168.0.227
pptpd[19651]: CTRL: pppd speed = 115200
pptpd[19651]: CTRL: pppd options file = /etc/ppp/options.vpn
pptpd[19651]: CTRL: Client 4.40.159.70 control connection started
pptpd[19651]: CTRL: Received PPTP Control Message (type: 1)
pptpd[19651]: CTRL: Made a START CTRL CONN RPLY packet
pptpd[19651]: CTRL: I wrote 156 bytes to the client.
pptpd[19651]: CTRL: Sent packet to client
pptpd[19651]: CTRL: Received PPTP Control Message (type: 7)
pptpd[19651]: CTRL: 0 min_bps, 0 max_bps, 32 window size
pptpd[19651]: CTRL: Made a OUT CALL RPLY packet
pptpd[19651]: CTRL: Starting call (launching pppd, opening GRE)
pptpd[19651]: CTRL: pty_fd = 6
pptpd[19651]: CTRL: tty_fd = 7
pptpd[19652]: CTRL (PPPD Launcher): Connection speed = 115200
pptpd[19652]: CTRL (PPPD Launcher): local address = 192.168.0.201
pptpd[19652]: CTRL (PPPD Launcher): remote address = 192.168.0.227
pptpd[19652]: CTRL (PPPD Launcher): ipx network = 00001001
pptpd[19651]: CTRL: I wrote 32 bytes to the client.
pptpd[19651]: CTRL: Sent packet to client
pppd[19652]: pppd 2.3.11 started by root, uid 0
pppd[19652]: Using interface ppp1
pppd[19652]: Connect: ppp1 <--> /dev/pts/1
pppd[19652]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x20a0000> <auth
chap 81> <magic 0x49ad0472> <pcomp> <accomp>]
pppd[19652]: Timeout 0x8050394:0x8078480 in 3 seconds.
#### The above two lines were repeated and addition nine times ####
pptpd[19651]: CTRL: Received PPTP Control Message (type: 12)
pptpd[19651]: CTRL: Made a CALL DISCONNECT RPLY packet
pptpd[19651]: CTRL: Received CALL CLR request (closing call)
pptpd[19651]: CTRL: I wrote 148 bytes to the client.
pptpd[19651]: CTRL: Sent packet to client
pppd[19652]: Modem hangup
pppd[19652]: Untimeout 0x8050394:0x8078480.
pppd[19652]: Connection terminated.
pppd[19652]: Exit.
pptpd[19651]: GRE: read error: Bad file descriptor
pptpd[19651]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
pptpd[19651]: CTRL: Client 4.40.159.70 control connection finished
pptpd[19651]: CTRL: Exiting now
pptpd[2275]: MGR: Reaped child 19651

---- HOME VPN FILES ----
==> /etc/pptpd.conf <==
# PoPToP configuration file

# TAG: speed
speed 115200

# TAG: option
option /etc/ppp/options.pptp

# TAG: debug
debug

# TAG: localip
localip 192.168.0.200-225

# TAG: remoteip
remoteip 192.168.0.226-251

# TAG: ipxnets
ipxnets 00001000-00001FFF

# TAG: listen
#listen 192.168.0.1

# TAG: pidfile
pidfile /var/run/pptpd.pid

==> /etc/ppp/options <==
lock
tail: /etc/ppp/options.vpn: No such file or directory

==> /etc/ppp/chap-secrets <==
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
"soholan\\rage"         *       "ro0tm4h-"              *
"soholan\\margie"       *       "m00t1lda"              *
"soholan\\andy"         *       "ambermarie"            *

#PoPToP configuration file /etc/pptpd.conf
speed 115200
localip 192.168.0.200-225
remoteip 192.168.0.226-251

==> /etc/ppp/ip-up <==
#!/bin/sh

INTERNAL_DEV="eth0"
INTERNAL_NET="192.168.0.0/24"
INTERNAL_IP=$4
EXTERNAL_DEV=$1
EXTERNAL_NET="192.168.0.0/24"
EXTERNAL_IP=$5
HW_ADDRESS="00:10:5A:1C:0B:8B"

case $2
        in
        /dev/pts/*)
                /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i
$INTERNAL_DEV
                /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i
$EXTERNAL_DEV
                /sbin/ipchains --insert input  -i $EXTERNAL_DEV -s
$INTERNAL_NET  -j ACCEPT
                /sbin/ipchains --insert output -i $EXTERNAL_DEV -d
$INTERNAL_NET  -j ACCEPT

                # Logging
                echo
                date > /var/run/ppp.up
                echo "Connection started on " $2 >> /var/run/ppp.up
                echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up
                echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up
                /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >>
/var/run/ppp.up

                echo "$(date): ip-up  External Device: $1 TTY: $2 Speed: $3
Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log
                echo "$(date): ip-up  Firewall rules set for
$EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log
                ;;
esac


==> /etc/ppp/ip-down <==
#!/bin/sh

INTERNAL_DEV="eth0"
INTERNAL_NET="192.168.0.0/24"
INTERNAL_IP=$4
EXTERNAL_DEV=$1
EXTERNAL_NET="192.168.0.0/24
EXTERNAL_IP=$5
HW_ADDRESS="00:10:5A:1C:0B:8B"

case $2
        in
        /dev/pts/*)
                /sbin/ipchains --delete forward -j MASQ -s $EXTERNAL_IP -i
$INTERNAL_DEV
                /sbin/ipchains --delete forward -j MASQ -d $EXTERNAL_IP -i
$EXTERNAL_DEV
                /sbin/ipchains --delete input -i $EXTERNAL_DEV -s
$INTERNAL_NET -j ACCEPT
                /sbin/ipchains --delete output -i $EXTERNAL_DEV -d
$INTERNAL_NET -j ACCEPT

                # Logging
                echo "$(date): ip-down  External Device: $1 TTY: $2 Speed:
$3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log
                echo "$(date): ip-down  Firewall rules removed for
$EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log

                echo
                date > /var/run/ppp.up
                echo "Connection closed on " $2 >> /var/run/ppp.up
                echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up
                echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up
                arp --delete $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up
                ;;
esac


==> /etc/rc.d/init.d/firewall <==
#!/bin/sh
# IPchains Firewalling Script File
# Generated by IPchains Firewalling Webmin Module
# Copyright (C) 1999-2000 by Tim Niemueller, GPL
# http://www.niemueller.de/webmin/modules/ipchains/
# Created on 22/May/2000 09:02
#

# Source function library.
. /etc/rc.d/init.d/functions

# Check that networking is up.
#if [ ${NETWORKING} = "no" ]
#then
#        exit 0
#fi

echo "1" > /proc/sys/net/ipv4/ip_forward

case "$1" in
  start)

# This gets rid of old stuff
/sbin/ipchains -F
/sbin/ipchains -X

# Input ipchain rules
/sbin/ipchains -P input DENY
/sbin/ipchains -A input -j ACCEPT -i lo
/sbin/ipchains -A input -j ACCEPT -i eth0
/sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i eth1
/sbin/ipchains -A input -j ACCEPT -p udp -i eth1
/sbin/ipchains -A input -j DENY -l -i eth1 -s 192.168.0.0/16
/sbin/ipchains -A input -j DENY -p tcp -i eth1 -s 0/0 1024:65535 -d 0/0 139
/sbin/ipchains -A input -j DENY -p udp -i eth1 -s 0/0 1024:65535 -d 0/0 139
/sbin/ipchains -A input -j ACCEPT -i eth1
/sbin/ipchains -A input -j ACCEPT -p TCP -d 0.0.0.0/0 1723
/sbin/ipchains -A input -j ACCEPT -p 47

# Output ipchains rules
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -A output -j ACCEPT -p TCP -s 0.0.0.0/0 1723
/sbin/ipchains -A output -j ACCEPT -p 47

# Forward ipchain rules
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24  -d 0.0.0.0/0  -t 0x01 0x02 -j
MASQ
/sbin/ipchains -A forward -s 0.0.0.0/0  -d 192.168.0.0/24  -t 0x01 0x02 -j
MASQ
;;

 stop)
/sbin/ipchains -F
/sbin/ipchains -X
echo "0" > /proc/sys/net/ipv4/ip_forward
;;

 restart)
$0 stop
$0 start
;;

 status)
/sbin/ipchains -L -v
;;

 *)
echo "Usage: firewall {start|stop|restart|status}"
exit 1

esac
exit 0

==> /etc/modules.conf <==
alias eth0 3c59x
alias eth1 ne2k-pci
alias parport_lowlevel parport_pc
alias usb-controller usb-uhci
alias char-major-108 off
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate

---- OFFICE CONFIG FILES ----
==> /etc/pptpd.conf <==
# PoPToP configuration file

# TAG: speed
speed 115200

# TAG: option
option /etc/ppp/options.vpn

# TAG: debug
debug

# TAG: localip
localip 192.168.0.200-225

# TAG: remoteip
remoteip 192.168.0.226-251

# TAG: ipxnets
ipxnets 00001000-00001FFF

# TAG: listen
#listen 192.168.0.1

# TAG: pidfile
pidfile /var/run/pptpd.pid

==> /etc/ppp/options <==
lock
modem
crtscts
asyncmap 20A0000
noipdefault
defaultroute
debug
user lcarpet
noauth
nodetach

==> /etc/ppp/options.vpn <==
lock
asyncmap 20A0000
debug
kdebug 7
name server
auth
mru 1450
mtu 1450
require-chap
+chap
proxyarp
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless

==> /etc/ppp/chap-secrets <==
# Secrets for authentication using CHAP
# client        server  secret          IP addresses


"rage"          server  "ro0tm4h"       "192.168.0.210"
"tony"          *       "bogie"         *
"ernie"         *       "boney"         *
"chris"         *       "0414"          *
"terry"         *       "automan1"      *
"darin"         *       "dito66"

speed 115200
debug
localip 192.168.0.200-225
remoteip 192.168.1.226-251

# Dialup Info
iwells  *       automan1

==> /etc/ppp/ip-up <==
#!/bin/sh

INTERNAL_DEV="eth0"
INTERNAL_NET="192.168.0.0/24"
INTERNAL_IP=$4
EXTERNAL_DEV=$1
EXTERNAL_NET="192.168.0.0/24"
EXTERNAL_IP=$5
HW_ADDRESS="52:54:05:F0:25:90"

case $2
        in
        /dev/pts/*)
                /sbin/ipchains --insert forward -j MASQ -s $EXTERNAL_IP -i
$INTERNAL_DEV
                /sbin/ipchains --insert forward -j MASQ -d $EXTERNAL_IP -i
$EXTERNAL_DEV
                /sbin/ipchains --insert input  -i $EXTERNAL_DEV -s
$INTERNAL_NET  -j ACCEPT
                /sbin/ipchains --insert output -i $EXTERNAL_DEV -d
$INTERNAL_NET  -j ACCEPT

                # Logging
                echo
                date > /var/run/ppp.up
                echo "Connection started on " $2 >> /var/run/ppp.up
                echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up
                echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up
                /sbin/arp --set $EXTERNAL_IP $HW_ADDRESS pub >>
/var/run/ppp.up

                echo "$(date): ip-up  External Device: $1 TTY: $2 Speed: $3
Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log
                echo "$(date): ip-up  Firewall rules set for
$EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log
                ;;
esac


==> /etc/ppp/ip-down <==
#!/bin/sh

INTERNAL_DEV="eth0"
INTERNAL_NET="192.168.0.0/24"
INTERNAL_IP=$4
EXTERNAL_DEV=$1
EXTERNAL_NET="192.168.0.0/24
EXTERNAL_IP=$5
HW_ADDRESS="52:54:05:F0:25:90"

case $2
        in
        /dev/pts/*)
                /sbin/ipchains --delete forward -j MASQ -s $EXTERNAL_IP -i
$INTERNAL_DEV
                /sbin/ipchains --delete forward -j MASQ -d $EXTERNAL_IP -i
$EXTERNAL_DEV
                /sbin/ipchains --delete input -i $EXTERNAL_DEV -s
$INTERNAL_NET -j ACCEPT
                /sbin/ipchains --delete output -i $EXTERNAL_DEV -d
$INTERNAL_NET -j ACCEPT

                # Logging
                echo "$(date): ip-down  External Device: $1 TTY: $2 Speed:
$3 Local IP: $4 Remote IP: $5" >> /var/log/pptpd.log
                echo "$(date): ip-down  Firewall rules removed for
$EXTERNAL_DEV:$EXTERNAL_IP" >> /var/log/pptpd.log

                echo
                date > /var/run/ppp.up
                echo "Connection closed on " $2 >> /var/run/ppp.up
                echo "Client IP Address = " $EXTERNAL_IP >> /var/run/ppp.up
                echo "Server IP Address = " $INTERNAL_IP >> /var/run/ppp.up
                arp --delete $EXTERNAL_IP $HW_ADDRESS pub >> /var/run/ppp.up
                ;;
esac


==> /etc/rc.d/init.d/firewall <==
#!/bin/sh
# IPchains Firewalling Script File
# Generated by IPchains Firewalling Webmin Module
# Copyright (C) 1999-2000 by Tim Niemueller, GPL
# http://www.niemueller.de/webmin/modules/ipchains/
# Created on 22/May/2000 09:02
#

# Source function library.
. /etc/rc.d/init.d/functions

# Check that networking is up.
#if [ ${NETWORKING} = "no" ]
#then
#        exit 0
#fi

echo "1" > /proc/sys/net/ipv4/ip_forward

case "$1" in
  start)

# This gets rid of old stuff
/sbin/ipchains -F
/sbin/ipchains -X

# Input ipchain rules
/sbin/ipchains -P input DENY
/sbin/ipchains -A input -j ACCEPT -i lo
/sbin/ipchains -A input -j ACCEPT -i eth0
/sbin/ipchains -A input -j ACCEPT -p tcp ! -y -i ppp0
/sbin/ipchains -A input -j ACCEPT -p udp -i ppp0
/sbin/ipchains -A input -j DENY -l -i ppp0 -s 192.168.0.0/16
/sbin/ipchains -A input -j DENY -p tcp -i ppp0 -s 0/0 1024:65535 -d 0/0 139
/sbin/ipchains -A input -j DENY -p udp -i ppp0 -s 0/0 1024:65535 -d 0/0 139
/sbin/ipchains -A input -j ACCEPT -i ppp0
/sbin/ipchains -A input -j ACCEPT -p TCP -d 0.0.0.0/0 1723
/sbin/ipchains -A input -j ACCEPT -p 47

# Output ipchains rules
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -A output -j ACCEPT -p TCP -s 0.0.0.0/0 1723
/sbin/ipchains -A output -j ACCEPT -p 47

# Forward ipchain rules
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24  -d 0.0.0.0/0  -t 0x01 0x02 -j
MASQ
/sbin/ipchains -A forward -s 0.0.0.0/0  -d 192.168.0.0/24  -t 0x01 0x02 -j
MASQ
;;

 stop)
/sbin/ipchains -F
/sbin/ipchains -X
;;

 restart)
$0 stop
$0 start
;;

 status)
/sbin/ipchains -L -v
;;

 *)
echo "Usage: firewall {start|stop|restart|status}"
exit 1

esac
exit 0

==> /etc/modules.conf <==
alias eth0 ne2k-pci
alias parport_lowlevel parport_pc
alias usb-controller usb-uhci
alias char-major-108 off
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate



More information about the pptp-server mailing list