From PW at WIL-DEV.COM Sun Jun 3 01:48:30 2001 From: PW at WIL-DEV.COM (Wilson Development) Date: Sun, 3 Jun 2001 02:48:30 -0400 Subject: [pptp-server] Sharing a PPTP VPN connection between ICS clients of a Windows 98 SE box References: <002601c0e664$7c8e6a00$90428d18@hama1.on.home.com> Message-ID: <000d01c0ebf9$33740740$90428d18@hama1.on.home.com> Hi, Anyone have any luck on getting a win98se box to share a single PPTP VPN connection with its clients? I'm looking to have the Windows98se ICS box connect to a PPTP daemon on a RH Linux box. Then have the Window98se ICS clients be able to access the RH Linux box. I.E.. Have the Windows98 ICS Box route the traffic. Note:tried using two VPN connections from behind the Windows98se ICS box; but ICS can't differentiate between the two VPN tunnels (get duplicate or out of order packet messages on the Linux box) Thanks for any help that can be provided Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at earthling.2y.net Sun Jun 3 10:41:12 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sun, 3 Jun 2001 11:41:12 -0400 (EDT) Subject: [pptp-server] Sharing a PPTP VPN connection between ICS clients of a Windows 98 SE box In-Reply-To: <000d01c0ebf9$33740740$90428d18@hama1.on.home.com> Message-ID: In all honesty... you need a real OS routing packets. I have in the past run tunnels inside of tunnels on nt4 and win2k for testing purposes. If you have NT, you can install stealhead (Routing and Remote Access Services), and maybe achive what you need... This is not the first time this question has come up.... maybe searching through the archives can reveal something. On the subject of two tunnels, the RFC spec for pptp is designed so multiple tunnels from the same ip are possible, but ms's impmentation dosent seem to allow it... and pptpd is not compliant to the spec in that area from what I am aware of. Have you tried tunneling into the linux box from the box running ICS and see if you could somehow route traffic with static routes? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Sun, 3 Jun 2001, Wilson Development wrote: > Hi, > > Anyone have any luck on getting a win98se box to share a single PPTP VPN connection with its clients? > > I'm looking to have the Windows98se ICS box connect to a PPTP daemon on a RH Linux box. Then have the Window98se ICS clients be able to access the RH Linux box. I.E.. Have the Windows98 ICS Box route the traffic. > > Note:tried using two VPN connections from behind the Windows98se ICS box; but ICS can't differentiate between the two VPN tunnels (get duplicate or out of order packet messages on the Linux box) > > Thanks for any help that can be provided > > Paul > > From GeorgeV at citadelcomputer.com.au Mon Jun 4 17:21:54 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 5 Jun 2001 08:21:54 +1000 Subject: [pptp-server] Connecting remote sites w/Samba Message-ID: <200FAA488DE0D41194F10010B597610D01250B@JUPITER> I have this working already, both VPN connection are running master browsers and they don't have to be in the same domain.... but it's better. Use the "remote browse sync" and/or "remote announce" command under smb.conf aaah.. not sure what else I used but I thik that was all that's needed. thanks, George Vieira -----Original Message----- From: Peter Alliett [mailto:palliett at accurcast.com] Sent: Friday, June 01, 2001 5:09 AM To: vpn (E-mail) Subject: [pptp-server] Connecting remote sites w/Samba This question probably does not apply to this maillist but I will ask anyway. I have 2 sites connected remotely via pptp linux client, now they want to be able to browse the network via Network Neighborhood. I can't seem to get this to work. I tried using samba but I could not get it to work. Has anyone had success with this or is it even possible. Thanks, Peter _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Mon Jun 4 16:48:26 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Mon, 4 Jun 2001 17:48:26 -0400 (EDT) Subject: [pptp-server] Connecting remote sites w/Samba In-Reply-To: <200FAA488DE0D41194F10010B597610D01250B@JUPITER> Message-ID: made one of them the only wins server? or made both of them wins servers? I did do it once where the box at the remote office, the linux router was a member of the other office's domain, and was a wins server. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 5 Jun 2001, George Vieira wrote: > I have this working already, both VPN connection are running master browsers > and they don't have to be in the same domain.... but it's better. > > Use the "remote browse sync" and/or "remote announce" command under smb.conf > > aaah.. not sure what else I used but I thik that was all that's needed. > > > thanks, > George Vieira > > > -----Original Message----- > From: Peter Alliett [mailto:palliett at accurcast.com] > Sent: Friday, June 01, 2001 5:09 AM > To: vpn (E-mail) > Subject: [pptp-server] Connecting remote sites w/Samba > > > This question probably does not apply to this maillist but I will ask > anyway. > > I have 2 sites connected remotely via pptp linux client, now they want to be > able to browse the network via Network Neighborhood. I can't seem to get > this to work. I tried using samba but I could not get it to work. > > Has anyone had success with this or is it even possible. > > Thanks, > > Peter > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From GeorgeV at citadelcomputer.com.au Mon Jun 4 17:42:01 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 5 Jun 2001 08:42:01 +1000 Subject: [pptp-server] Connecting remote sites w/Samba Message-ID: <200FAA488DE0D41194F10010B597610D01250E@JUPITER> I actually had 2 WINS servers, the main one was an NT server and the remote one was the PPTP linux box. The remote clients had the linux box as a primary WINS and the secondary as the NT (to make it quicker for local machines). The local main site had the settings reversed. thanks, George Vieira -----Original Message----- From: Justin Kreger [mailto:lists at earthling.2y.net] Sent: Tuesday, June 05, 2001 7:48 AM To: George Vieira Cc: 'Peter Alliett'; vpn (E-mail) Subject: RE: [pptp-server] Connecting remote sites w/Samba made one of them the only wins server? or made both of them wins servers? I did do it once where the box at the remote office, the linux router was a member of the other office's domain, and was a wins server. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 5 Jun 2001, George Vieira wrote: > I have this working already, both VPN connection are running master browsers > and they don't have to be in the same domain.... but it's better. > > Use the "remote browse sync" and/or "remote announce" command under smb.conf > > aaah.. not sure what else I used but I thik that was all that's needed. > > > thanks, > George Vieira > > > -----Original Message----- > From: Peter Alliett [mailto:palliett at accurcast.com] > Sent: Friday, June 01, 2001 5:09 AM > To: vpn (E-mail) > Subject: [pptp-server] Connecting remote sites w/Samba > > > This question probably does not apply to this maillist but I will ask > anyway. > > I have 2 sites connected remotely via pptp linux client, now they want to be > able to browse the network via Network Neighborhood. I can't seem to get > this to work. I tried using samba but I could not get it to work. > > Has anyone had success with this or is it even possible. > > Thanks, > > Peter > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From mduran at bamo.com Mon Jun 4 18:40:41 2001 From: mduran at bamo.com (mduran at bamo.com) Date: Mon, 04 Jun 2001 23:40:41 GMT Subject: [pptp-server] WIN98 BlackMagic Message-ID: <20010604234041.13815.qmail@mail.bamo.com> Hello, We recently established a VPN server which is running Linux. My WIN98 machine can log-on via the VPN DialUp adapter without any problems. Once I'm on the intneral network, I can ping various machines including our file server with which is running Linux with Samba. My problem is that when I try to map a drive to the fileserver with a UNC path (\\pcname\fileservername) Windows returns the message; "the computer or sharename could not be found. Make sure you typed it in correctly and try again" . I've double checked the name and I know it is typed in correctly. I must be a Windows thing, only I can't figure out the MS black magic of networking. I have installed the latest Win98 VPN adapter(s), running 128 bit security, the VPN server is doing port forwarding; everything checks out server side. Why won't Win98 allow me to map a drive on the internal network?... any help, recommdations, tips or otherwise will br GREATLY APPRECIATED!! Thank you, -Michael From GeorgeV at citadelcomputer.com.au Mon Jun 4 19:36:29 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 5 Jun 2001 10:36:29 +1000 Subject: [pptp-server] WIN98 BlackMagic Message-ID: <200FAA488DE0D41194F10010B597610D01251B@JUPITER> If you try the IP instead of the name it should work. If you use WINS on your samba box and get your dial up to load the WINS server using: ms-wins ip.ad.dr.es in your pptpd options file. This should help resolve the machines name to IP. thanks, George Vieira -----Original Message----- From: mduran at bamo.com [mailto:mduran at bamo.com] Sent: Tuesday, June 05, 2001 9:41 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] WIN98 BlackMagic Hello, We recently established a VPN server which is running Linux. My WIN98 machine can log-on via the VPN DialUp adapter without any problems. Once I'm on the intneral network, I can ping various machines including our file server with which is running Linux with Samba. My problem is that when I try to map a drive to the fileserver with a UNC path (\\pcname\fileservername) Windows returns the message; "the computer or sharename could not be found. Make sure you typed it in correctly and try again" . I've double checked the name and I know it is typed in correctly. I must be a Windows thing, only I can't figure out the MS black magic of networking. I have installed the latest Win98 VPN adapter(s), running 128 bit security, the VPN server is doing port forwarding; everything checks out server side. Why won't Win98 allow me to map a drive on the internal network?... any help, recommdations, tips or otherwise will br GREATLY APPRECIATED!! Thank you, -Michael _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Tue Jun 5 05:34:26 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 5 Jun 2001 06:34:26 -0400 (EDT) Subject: [pptp-server] Delivery Status: Account suspended: johnoel@hawaii.com (fwd) Message-ID: I'm really getting tired of this message... and postfix is not co-operating in rejecting it :( I get something like this every time I post to the listserv... :( Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net ---------- Forwarded message ---------- Date: 5 Jun 2001 00:28:14 +0100 From: Postmaster To: Justin Kreger Subject: Delivery Status: Account suspended: johnoel at hawaii.com One or more of the listed recipients in your message cannot receive e-mail because their account is currently suspended. Details are below: To: johnoel at hawaii.com (Account suspended) From: lists at earthling.2y.net Subject: Please Verify - Your Free Store Will Be Turned Off On June 15th Date Rejected: 6/5/2001 12:28:14 AM From jvonau at home.com Tue Jun 5 07:35:22 2001 From: jvonau at home.com (Jerry Vonau) Date: Tue, 05 Jun 2001 07:35:22 -0500 Subject: [pptp-server] Delivery Status: Account suspended: johnoel@hawaii.com (fwd) References: Message-ID: <3B1CD20A.8594C2EA@home.com> Your not alone....... I have the same thing here too starting to p*ss me off Jerry Vonau Justin Kreger wrote: > I'm really getting tired of this message... and postfix is not > co-operating in rejecting it :( I get something like this every time I > post to the listserv... :( > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > ---------- Forwarded message ---------- > Date: 5 Jun 2001 00:28:14 +0100 > From: Postmaster > To: Justin Kreger > Subject: Delivery Status: Account suspended: johnoel at hawaii.com > > One or more of the listed recipients in your message cannot > receive e-mail because their account is currently suspended. > Details are below: > > To: johnoel at hawaii.com (Account suspended) > From: lists at earthling.2y.net > Subject: Please Verify - Your Free Store Will Be Turned Off On June 15th > > Date Rejected: 6/5/2001 12:28:14 AM > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From Steve at SteveCowles.com Tue Jun 5 07:54:45 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 5 Jun 2001 07:54:45 -0500 Subject: [pptp-server] Delivery Status: Account suspended: johnoel@haw aii.com (fwd) Message-ID: <90769AF04F76D41186C700A0C90AFC3EE7BD@defiant.infohiiway.com> I'm glad to see someone else has confirmed what I suspected. I got the same bounced e-mail the last time I posted to the PoPToP list. :-( In fact, the last time I received this DSN, I could not find any reference in my e-mail logfiles. i.e. My reply was NOT CC'd or BCC'd to this account at my end. Also, the headers of the DSN do not seem to reveal any clues as to why this is happening. grr!!! FWIW: I have also CC'd mailman-owner at lists.schulte.org Steve Cowles -------------------------------------------------------------- One or more of the listed recipients in your message cannot receive e-mail because their account is currently suspended. Details are below: To: johnoel at hawaii.com (Account suspended) From: Steve at stevecowles.com Subject: Date Rejected: 5/30/2001 03:12:32 PM > -----Original Message----- > From: Justin Kreger [mailto:lists at earthling.2y.net] > Sent: Tuesday, June 05, 2001 5:34 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Delivery Status: Account suspended: > johnoel at hawaii.com (fwd) > > > I'm really getting tired of this message... and postfix is not > co-operating in rejecting it :( I get something like this > every time I post to the listserv... :( > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > ---------- Forwarded message ---------- > Date: 5 Jun 2001 00:28:14 +0100 > From: Postmaster > To: Justin Kreger > Subject: Delivery Status: Account suspended: johnoel at hawaii.com > > One or more of the listed recipients in your message cannot > receive e-mail because their account is currently suspended. > Details are below: > > To: johnoel at hawaii.com (Account suspended) > From: lists at earthling.2y.net > Subject: Please Verify - Your Free Store Will Be Turned Off > On June 15th > > Date Rejected: 6/5/2001 12:28:14 AM > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From charlieb at e-smith.com Tue Jun 5 10:07:11 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 5 Jun 2001 11:07:11 -0400 (EDT) Subject: [pptp-server] Delivery Status: Account suspended: johnoel@hawaii.com (fwd) In-Reply-To: Message-ID: On Tue, 5 Jun 2001, Justin Kreger wrote: > I'm really getting tired of this message... and postfix is not > co-operating in rejecting it :( I get something like this every time I > post to the listserv... :( Are you sure that it is when you post to the listserv? I get such mail from time to time as well. What it looks like to me is that someone has collected addresses from this list, and is using those addresses as from addresses while sending spam (check the Subject headers) to johnoel at hawaii.com. The mail server at loadmail.com sends insifficient information it its bounce message to allow any better diagnosis. I sent mail to postmaster at smtp-in.load.com asking for further details - it bounced. I sent mail to postmaster at loadmail.com and have had no response. > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > ---------- Forwarded message ---------- > Date: 5 Jun 2001 00:28:14 +0100 > From: Postmaster > To: Justin Kreger > Subject: Delivery Status: Account suspended: johnoel at hawaii.com > > One or more of the listed recipients in your message cannot > receive e-mail because their account is currently suspended. > Details are below: > > To: johnoel at hawaii.com (Account suspended) > From: lists at earthling.2y.net > Subject: Please Verify - Your Free Store Will Be Turned Off On June 15th > > Date Rejected: 6/5/2001 12:28:14 AM > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From christopher at schulte.org Tue Jun 5 11:03:18 2001 From: christopher at schulte.org (Christopher Schulte) Date: Tue, 05 Jun 2001 11:03:18 -0500 Subject: [pptp-server] Delivery Status: Account suspended: johnoel@haw aii.com (fwd) In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE7BD@defiant.infohiiway.co m> Message-ID: <5.1.0.14.0.20010605105923.0279de60@pop.schulte.org> FWIW: I have removed johnoel at hawaii.com from the list. My list server is running the most up-to-date version of the mailing list software, and my MTA is just one revision off of current. The remote MTA should be sending these failures to the mailing list-admin address for automatic processing, not the actual sender, IMHO. If it's just one or two sites that are misbehaving, I can always remove the bad addresses (like I did for johnoel at hawaii.com) but other than that, I may be at a loss. :/ At 07:54 AM 6/5/2001 -0500, Cowles, Steve wrote: >I'm glad to see someone else has confirmed what I suspected. I got the same >bounced e-mail the last time I posted to the PoPToP list. :-( In fact, the >last time I received this DSN, I could not find any reference in my e-mail >logfiles. i.e. My reply was NOT CC'd or BCC'd to this account at my end. >Also, the headers of the DSN do not seem to reveal any clues as to why this >is happening. grr!!! > >FWIW: I have also CC'd mailman-owner at lists.schulte.org > >Steve Cowles >-------------------------------------------------------------- >One or more of the listed recipients in your message cannot >receive e-mail because their account is currently suspended. >Details are below: > >To: johnoel at hawaii.com (Account suspended) >From: Steve at stevecowles.com >Subject: > >Date Rejected: 5/30/2001 03:12:32 PM > > > > -----Original Message----- > > From: Justin Kreger [mailto:lists at earthling.2y.net] > > Sent: Tuesday, June 05, 2001 5:34 AM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] Delivery Status: Account suspended: > > johnoel at hawaii.com (fwd) > > > > > > I'm really getting tired of this message... and postfix is not > > co-operating in rejecting it :( I get something like this > > every time I post to the listserv... :( > > > > Justin Kreger, MCP MCSE CCNA > > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > > > > ---------- Forwarded message ---------- > > Date: 5 Jun 2001 00:28:14 +0100 > > From: Postmaster > > To: Justin Kreger > > Subject: Delivery Status: Account suspended: johnoel at hawaii.com > > > > One or more of the listed recipients in your message cannot > > receive e-mail because their account is currently suspended. > > Details are below: > > > > To: johnoel at hawaii.com (Account suspended) > > From: lists at earthling.2y.net > > Subject: Please Verify - Your Free Store Will Be Turned Off > > On June 15th > > > > Date Rejected: 6/5/2001 12:28:14 AM > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > From Steve at SteveCowles.com Tue Jun 5 11:14:53 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 5 Jun 2001 11:14:53 -0500 Subject: [pptp-server] Delivery Status: Account suspended: johnoel@haw aii.com (fwd) Message-ID: <90769AF04F76D41186C700A0C90AFC3EE7BE@defiant.infohiiway.com> Thanks Christopher, I'd be willing to bet that the MTA that generated the DSN is replying to "both" the list and the original sender for some unknown reason. Steve Cowles > -----Original Message----- > From: Christopher Schulte [mailto:christopher at schulte.org] > Sent: Tuesday, June 05, 2001 11:03 AM > To: Cowles, Steve; 'Justin Kreger'; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Delivery Status: Account suspended: > johnoel at haw aii.com (fwd) > > > FWIW: I have removed johnoel at hawaii.com from the list. > > My list server is running the most up-to-date version of the > mailing list software, and my MTA is just one revision off of > current. > > The remote MTA should be sending these failures to the > mailing list-admin address for automatic processing, not > the actual sender, IMHO. > > If it's just one or two sites that are misbehaving, I can > always remove the bad addresses (like I did for > johnoel at hawaii.com) but other than that, I may be at a loss. :/ > > At 07:54 AM 6/5/2001 -0500, Cowles, Steve wrote: > >I'm glad to see someone else has confirmed what I suspected. > >I got the same bounced e-mail the last time I posted to the > >PoPToP list. :-( In fact, the last time I received this DSN, > >I could not find any reference in my e-mail logfiles. i.e. My > >reply was NOT CC'd or BCC'd to this account at my end. > >Also, the headers of the DSN do not seem to reveal any clues > >as to why this is happening. grr!!! > > > >FWIW: I have also CC'd mailman-owner at lists.schulte.org > > > >Steve Cowles From child at child.net.au Tue Jun 5 12:14:35 2001 From: child at child.net.au (Child) Date: Wed, 06 Jun 2001 03:14:35 +1000 Subject: [pptp-server] speed problems/packetloss Message-ID: <5.0.2.1.0.20010606031215.00a349f0@mx.child.net.au> dear all I use poptop to setup a VPN between a WIn98 box and a linux server for voice over IP calling when a call is paced directly from the win98 box (using dialpad.com) the call audio is fine when a call is placed from the NT box next to the VPN server the call is fine but when I call is placed from the Win98 box VIA the VPN itself (56K modem link) the incoming audio stream is ok but outgoing isnt .... anyone tell me why? From JaminC at adapt-tele.com Tue Jun 5 12:10:05 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Tue, 5 Jun 2001 12:10:05 -0500 Subject: [pptp-server] WIN98 BlackMagic Message-ID: George Vieira [mailto:GeorgeV at citadelcomputer.com.au] wrote: > If you try the IP instead of the name it should work. If you > use WINS on your samba box and get your dial up to load the > WINS server using: > > ms-wins ip.ad.dr.es > > in your pptpd options file. This should help resolve the > machines name to IP. Don't you mean the ppp options file (normally /etc/ppp/options) Jamin W. Collins From doug.koobs at dimensionnetworks.com Tue Jun 5 13:03:37 2001 From: doug.koobs at dimensionnetworks.com (Douglas W Koobs) Date: Tue, 5 Jun 2001 14:03:37 -0400 Subject: [pptp-server] chapms-strip-domain patch Message-ID: I applied the patch to strip MS domains from the user name. However, in my ignorance of many things Linux, I am not sure how to invoke it. 2 questions: Will the patch work ok with ppp-2.4.0? How do you invoke it? I tried invoking at the command line: pptpd -d -chapms-strip-domain and that didn't work, got message "config file not found". Thanks!!! Douglas W Koobs MCSE Network Engineer Dimension Networks, Inc -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1756 bytes Desc: not available URL: From doug.koobs at dimensionnetworks.com Tue Jun 5 13:11:55 2001 From: doug.koobs at dimensionnetworks.com (Douglas W Koobs) Date: Tue, 5 Jun 2001 14:11:55 -0400 Subject: [pptp-server] FW: chapms-strip-domain patch Message-ID: Silly me, its an option to pppd, not to pptpd... added a line /etc/ppp/options, as follows: chapms-strip-domain and it works!!! thanks again, Doug > -----Original Message----- > From: Douglas W Koobs [mailto:doug.koobs at dimensionnetworks.com] > Sent: Tuesday, June 05, 2001 2:04 PM > To: pptp-server at lists.schulte.org > Subject: chapms-strip-domain patch > > I applied the patch to strip MS domains from the user name. However, in my > ignorance of many things Linux, I am not sure how to invoke it. > > 2 questions: > > Will the patch work ok with ppp-2.4.0? > > How do you invoke it? I tried invoking at the command line: > pptpd -d -chapms-strip-domain > and that didn't work, got message "config file not found". > > Thanks!!! > > Douglas W Koobs MCSE > Network Engineer > Dimension Networks, Inc > -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2184 bytes Desc: not available URL: From GeorgeV at citadelcomputer.com.au Tue Jun 5 16:45:50 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 6 Jun 2001 07:45:50 +1000 Subject: [pptp-server] WIN98 BlackMagic Message-ID: <200FAA488DE0D41194F10010B597610D012528@JUPITER> OK.. even though you can ping but have you checked what IP you are pinging as? Can you telnet to a Unix machine other than the PPTPD server and finger yourself to see what IP the LAN think you are as an IP?? The reason is that I want to make sure your not appearing as a masqueraded IP, that's all. Another setup you can do is route the 2 networks rather than proxyarp them together.. that will keep the complications local and makes things a bit easier especially if they are both Linux pptp servers (adding routes via /etc/ppp/ip-up.local is easy) reply to pptp-server at lists.schulte.org for the list. thanks, George Vieira -----Original Message----- From: mduran at bamo.com [mailto:mduran at bamo.com] Sent: Wednesday, June 06, 2001 3:28 AM To: George Vieira Subject: RE: [pptp-server] WIN98 BlackMagic George, Thank you for your response. I'm replying directly to you email address as I don't know how to reply to the list... My samba box isn't running WINS. I have a separate NT server box that is. When I get logged onto my remote LAN via PPTP, I can ping it, telnet, so almost everything to it, except map a !@#$#% drive letter to it. I haven't tried including the WINS ip address into the pptpd options file however. I will today. I tried the IP address as you suggested but I get the same Windows error message. Thanks again, Michael >-----Original Message----- >From: George Vieira [mailto:GeorgeV at citadelcomputer.com.au] >Sent: Monday, June 04, 2001 5:36 PM >To: 'mduran at bamo.com'; pptp-server at lists.schulte.org >Subject: RE: [pptp-server] WIN98 BlackMagic > > >If you try the IP instead of the name it should work. If you use WINS on >your samba box and get your dial up to load the WINS server using: > >ms-wins ip.ad.dr.es > >in your pptpd options file. This should help resolve the machines name to >IP. > > >thanks, >George Vieira > > >-----Original Message----- >From: mduran at bamo.com [mailto:mduran at bamo.com] >Sent: Tuesday, June 05, 2001 9:41 AM >To: pptp-server at lists.schulte.org >Subject: [pptp-server] WIN98 BlackMagic > > > >Hello, >We recently established a VPN server which is running Linux. My WIN98 >machine can log-on via the VPN DialUp adapter without any problems. Once >I'm on the intneral network, I can ping various machines including our file >server with which is running Linux with Samba. My problem is that when I >try to map a drive to the fileserver with a UNC path >(\\pcname\fileservername) Windows returns the message; "the computer or >sharename could not be found. Make sure you typed it in correctly and try >again" . I've double checked the name and I know it is typed in correctly. > I must be a Windows thing, only I can't figure out the MS black magic of >networking. > >I have installed the latest Win98 VPN adapter(s), running 128 bit security, >the VPN server is doing port forwarding; everything checks out server side. > >Why won't Win98 allow me to map a drive on the internal network?... >any help, recommdations, tips or otherwise will br GREATLY APPRECIATED!! > >Thank you, >-Michael > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Tue Jun 5 17:04:34 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 5 Jun 2001 18:04:34 -0400 (EDT) Subject: [pptp-server] Delivery Status: Account suspended: johnoel@haw aii.com (fwd) In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE7BE@defiant.infohiiway.com> Message-ID: It is probilly just replying to the from field... I wonder what MTA it is.... i bet exchange... but i'm too lazy to check. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 5 Jun 2001, Cowles, Steve wrote: > Thanks Christopher, > > I'd be willing to bet that the MTA that generated the DSN is replying to > "both" the list and the original sender for some unknown reason. > > Steve Cowles > > > -----Original Message----- > > From: Christopher Schulte [mailto:christopher at schulte.org] > > Sent: Tuesday, June 05, 2001 11:03 AM > > To: Cowles, Steve; 'Justin Kreger'; pptp-server at lists.schulte.org > > Subject: RE: [pptp-server] Delivery Status: Account suspended: > > johnoel at haw aii.com (fwd) > > > > > > FWIW: I have removed johnoel at hawaii.com from the list. > > > > My list server is running the most up-to-date version of the > > mailing list software, and my MTA is just one revision off of > > current. > > > > The remote MTA should be sending these failures to the > > mailing list-admin address for automatic processing, not > > the actual sender, IMHO. > > > > If it's just one or two sites that are misbehaving, I can > > always remove the bad addresses (like I did for > > johnoel at hawaii.com) but other than that, I may be at a loss. :/ > > > > At 07:54 AM 6/5/2001 -0500, Cowles, Steve wrote: > > >I'm glad to see someone else has confirmed what I suspected. > > >I got the same bounced e-mail the last time I posted to the > > >PoPToP list. :-( In fact, the last time I received this DSN, > > >I could not find any reference in my e-mail logfiles. i.e. My > > >reply was NOT CC'd or BCC'd to this account at my end. > > >Also, the headers of the DSN do not seem to reveal any clues > > >as to why this is happening. grr!!! > > > > > >FWIW: I have also CC'd mailman-owner at lists.schulte.org > > > > > >Steve Cowles > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Tue Jun 5 17:06:52 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 5 Jun 2001 18:06:52 -0400 (EDT) Subject: [pptp-server] speed problems/packetloss In-Reply-To: <5.0.2.1.0.20010606031215.00a349f0@mx.child.net.au> Message-ID: It's got to do with your ppp packet size. Try lowering your MTU and MRU, if they are allready lowered, then it may be MPPE causing problems. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 6 Jun 2001, Child wrote: > dear all > > I use poptop to setup a VPN between a WIn98 box and a linux server > for voice over IP calling > when a call is paced directly from the win98 box (using dialpad.com) the > call audio is fine > when a call is placed from the NT box next to the VPN server the call is fine > but when I call is placed from the Win98 box VIA the VPN itself (56K modem > link) the incoming audio stream is ok but outgoing isnt .... > > anyone tell me why? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From mduran at bamo.com Wed Jun 6 12:34:20 2001 From: mduran at bamo.com (mduran at bamo.com) Date: Wed, 6 Jun 2001 10:34:20 -0700 Subject: [pptp-server] WIN98 BlackMagic Message-ID: Hello, RE: the options file- The /etc/ppp/options file does contain the IP of my WINS server (NT4 server); ms-wins 192.168.1.2 RE: The client IP address- A 'route print' and a 'winipcfg' reports a valid IP address given by the WINS server, the correct subnet, etc. It all checks out fine. I can telnet into the WINS server, no problem, as well as the Linux VPN server. I can ping all other clients, plus printers, inside the network. The other Unix boxen see me as one of the internal IPs. RE: lmhost file- I included the ip address of the samba file server I wish to map a drive to (192.168.1.200) followed by its name 'pc01' in my lmhost.sam file. This machine has a share called "server" . My lmhost file looks like this; 192.168.1.200 pc01 When I try to map a drive as \\192.168.1.200\server I get the same error message "the computer or sharename could not be found. Make sure you typed it in correctly and try again". The same when trying \\pc01\server . I found a post (http://lists.schulte.org/pipermail/pptp-server/1999-July/005473.html) from July 99 where this person suggests the only way to browse the network, let alone just map a drive to the samba box, is to configure the samba box as a WINS server. This may be my next step. Thank you, -Michael From doug.koobs at dimensionnetworks.com Wed Jun 6 13:13:57 2001 From: doug.koobs at dimensionnetworks.com (Douglas W Koobs) Date: Wed, 6 Jun 2001 14:13:57 -0400 Subject: [pptp-server] linux-2.4.4-openssl-0.9.6a-mppe.patch.gz Message-ID: Just found this patch at http://mirror.binarix.com. Is this patch inclusive, so that I do not need to apply the 2.4.0-openssl kernel patch? Or do I have to apply the 2.4.0 first, and then the 2.4.4? Thanks, Douglas W Koobs Network Engineer Dimension Networks, Inc -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1628 bytes Desc: not available URL: From Steve at SteveCowles.com Wed Jun 6 14:11:46 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 6 Jun 2001 14:11:46 -0500 Subject: [pptp-server] WIN98 BlackMagic Message-ID: <90769AF04F76D41186C700A0C90AFC3EE7C0@defiant.infohiiway.com> > -----Original Message----- > From: mduran at bamo.com [mailto:mduran at bamo.com] > Sent: Wednesday, June 06, 2001 12:34 PM > To: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] WIN98 BlackMagic > > > Hello, > > RE: the options file- > The /etc/ppp/options file does contain the IP of my WINS server (NT4 > server); ms-wins 192.168.1.2 I know... dumb question, but are you sure the WINS service is running on this NT box?? Also, the linux box running Samba - is it configured to register with the WINS server at 192.168.1.2. i.e. in smb.conf: wins server = 192.168.1.2 remote announce = 192.168.1.255 How about the workgroup/domain registration?? Is the linux box running Samba registering its workgroup/domain association properly with the WINS server. FWIW: Every SMB client on your LAN should be registering with the WINS server. With regards to the Win98 client establishing the PPTP VPN - is its workgroup and/or domain set to match that of your LAN. This system should also register with the WINS server. Finally, have you checked the WINS server's database to see if all of these systems (including your WIN 98 box) have a registration entry????? > > RE: The client IP address- > A 'route print' and a 'winipcfg' reports a valid IP address > given by the WINS server, the correct subnet, etc. It all > checks out fine. I can telnet into the WINS server, no problem, > as well as the Linux VPN server. I can ping all other clients, > plus printers, inside the network. The other Unix boxen see me > as one of the internal IPs. Based on the above - it looks as though you have TCP/IP, PPTP/PPP and routing setup properly. > > RE: lmhost file- > I included the ip address of the samba file server I wish to > map a drive to (192.168.1.200) followed by its name 'pc01' in > my lmhost.sam file. This machine has a share called "server". > My lmhost file looks like this; > 192.168.1.200 pc01 If your WINS server (and all the client registrations) are properly setup and running, you should NOT have to edit the LMHOSTS file. This would be an adminsitration nightmare.... > > When I try to map a drive as \\192.168.1.200\server I get the > same error message "the computer or sharename could not be > found. Make sure you typed it in correctly and try again". > The same when trying \\pc01\server . This is odd. Another dumb question - are you sure Samba is running on this box? If so, what is the "hosts allow" parameter set to in smb.conf?? Also, have you checked the samba log files to see it your SMB request (from the WIN 98 PPTP client) is being rejected? > > I found a post > (http://lists.schulte.org/pipermail/pptp-server/1999-July/005473.html) > from July 99 where this person suggests the only way to browse the > network, let alone just map a drive to the samba box, is to configure > the samba box as a WINS server. This may be my next step. FWIW: I have never agreed with the "ole saying" that you "must" run WINS on the Samba server. I run WINS on my NT server, not on my Samba server. My Samba server is configured to register with the WINS server running on the NT box. I also run PoPToP on my linux box and connect into my LAN using PPTP from my WIN 98 laptop. I have had no problems at all in browsing any PC/Server (including Samba) on the internal LAN. In fact, I have many of my customers setup in the same way. i.e. WINS running an a NT server and Poptop running on linux. If for some reason this works... please let me know. I would be interested in understanding "WHY" Steve Cowles From sp at iphh.net Wed Jun 6 15:11:12 2001 From: sp at iphh.net (Sascha E. Pollok) Date: Wed, 6 Jun 2001 22:11:12 +0200 (CEST) Subject: [pptp-server] pptpd with TunnelBuilder Message-ID: Folks, let's see if this list is working. We have successfully established a connection between pptpd and TunnelBuilder. We have applied the mppe pppd patches to pppd and kernel 2.2.0. Looks like the patches available are not working on some newer 2.2.x kernel. Here are two questions: 1) Are there any newer mppe patches available that anyone knows of? 2) When we are switching encryption from None to MPPE in TunnelBuilder's setup, the connection comes up, gets established but absolutely no data flows. We are unable to ping regardless of the ping's direction. Both (pptpd and tunnelbuilder) show that they have negotiated MPPE-40 stateless. Anyone, please? Thank you! Sascha From mduran at bamo.com Wed Jun 6 16:54:57 2001 From: mduran at bamo.com (mduran at bamo.com) Date: Wed, 6 Jun 2001 14:54:57 -0700 Subject: [pptp-server] WIN98 BlackMagic In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE7C0@defiant.infohiiway.com> Message-ID: Thank you all for your respone. Its much appreaciated. I don't understand what pleasure MS gets out of making there own networking soooo complicated.... RE: The WINS server- I'm sure the WINS is running on the NT server. I went back to the office (as in real phyical building) to verify this by typing; ipconfig /all It returns the Windows NT IP Config.......(blah, blah, blah.) It lists its own IP address as 192.168.1.2 to it's ethernet adapter (3com) And it also shows the Primary WINS server as 192.168.1.2. RE: The linux box running Samba and it config to register the WINS server at the required ip and stated so in the smb.conf? Yes. However, I don't have the 'remote announce = 000.000.000.000' line. What would that do? RE: "Is the linux box running Samba registering its workgroup/domain association properly with the WINS server?" Yes. And all SMB clients are registering with the WINS server without any problems (just like it should be). RE: "Finally, have you checked the WINS server's database to see if all of these systems (including your WIN 98 box) have a registration entry?" Not yet. Where on NT can this be verified? RE: "Based on the above - it looks as though you have TCP/IP, PPTP/PPP and routing setup properly." I beleive so. RE: "This is odd. Another dumb question - are you sure Samba is running on this box?" Yes, I'm sure. RE: "if so, what is the "hosts allow" parameter set to in smb.conf?? Also, have you checked the samba log files to see it your SMB request (from the WIN 98 PPTP client) is being rejected?" My "host allow = " line contains one of my IP addresses, but not the one I've been testing with. If I can get in, ping inside the LAN, doesn't the "host allow =" beomce a mute point? Steve, I may need more of your help.... Thanks, -MD >-----Original Message----- >From: Cowles, Steve [mailto:Steve at SteveCowles.com] >Sent: Wednesday, June 06, 2001 12:12 PM >To: 'mduran at bamo.com'; pptp-server at lists.schulte.org >Subject: RE: [pptp-server] WIN98 BlackMagic > > >> -----Original Message----- >> From: mduran at bamo.com [mailto:mduran at bamo.com] >> Sent: Wednesday, June 06, 2001 12:34 PM >> To: pptp-server at lists.schulte.org >> Subject: RE: [pptp-server] WIN98 BlackMagic >> >> >> Hello, >> >> RE: the options file- >> The /etc/ppp/options file does contain the IP of my WINS server (NT4 >> server); ms-wins 192.168.1.2 > >I know... dumb question, but are you sure the WINS service is running on >this NT box?? > >Also, the linux box running Samba - is it configured to register with the >WINS server at 192.168.1.2. i.e. in smb.conf: > > wins server = 192.168.1.2 > remote announce = 192.168.1.255 > >How about the workgroup/domain registration?? Is the linux box >running Samba >registering its workgroup/domain association properly with the WINS server. >FWIW: Every SMB client on your LAN should be registering with the WINS >server. > >With regards to the Win98 client establishing the PPTP VPN - is its >workgroup and/or domain set to match that of your LAN. This system should >also register with the WINS server. > >Finally, have you checked the WINS server's database to see if all of these >systems (including your WIN 98 box) have a registration entry????? > >> >> RE: The client IP address- >> A 'route print' and a 'winipcfg' reports a valid IP address >> given by the WINS server, the correct subnet, etc. It all >> checks out fine. I can telnet into the WINS server, no problem, >> as well as the Linux VPN server. I can ping all other clients, >> plus printers, inside the network. The other Unix boxen see me >> as one of the internal IPs. > >Based on the above - it looks as though you have TCP/IP, PPTP/PPP and >routing setup properly. > >> >> RE: lmhost file- >> I included the ip address of the samba file server I wish to >> map a drive to (192.168.1.200) followed by its name 'pc01' in >> my lmhost.sam file. This machine has a share called "server". >> My lmhost file looks like this; >> 192.168.1.200 pc01 > >If your WINS server (and all the client registrations) are properly setup >and running, you should NOT have to edit the LMHOSTS file. This would be an >adminsitration nightmare.... > >> >> When I try to map a drive as \\192.168.1.200\server I get the >> same error message "the computer or sharename could not be >> found. Make sure you typed it in correctly and try again". >> The same when trying \\pc01\server . > >This is odd. Another dumb question - are you sure Samba is running on this >box? If so, what is the "hosts allow" parameter set to in smb.conf?? Also, >have you checked the samba log files to see it your SMB request (from the >WIN 98 PPTP client) is being rejected? > >> >> I found a post >> (http://lists.schulte.org/pipermail/pptp-server/1999-July/005473.html) >> from July 99 where this person suggests the only way to browse the >> network, let alone just map a drive to the samba box, is to configure >> the samba box as a WINS server. This may be my next step. > >FWIW: I have never agreed with the "ole saying" that you "must" run WINS on >the Samba server. > >I run WINS on my NT server, not on my Samba server. My Samba server is >configured to register with the WINS server running on the NT box. I also >run PoPToP on my linux box and connect into my LAN using PPTP from >my WIN 98 >laptop. I have had no problems at all in browsing any PC/Server (including >Samba) on the internal LAN. In fact, I have many of my customers >setup in the same way. i.e. WINS running an a NT server and Poptop running >on linux. > >If for some reason this works... please let me know. I would be interested >in understanding "WHY" > >Steve Cowles > From GeorgeV at citadelcomputer.com.au Wed Jun 6 17:34:45 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 7 Jun 2001 08:34:45 +1000 Subject: [pptp-server] pptpd with TunnelBuilder Message-ID: <200FAA488DE0D41194F10010B597610D012554@JUPITER> What does the pptpd servers log show? Have you tried tcpdump to monitor pings? Can you provide some configuration files (dumb question). thanks, George Vieira -----Original Message----- From: Sascha E. Pollok [mailto:sp at iphh.net] Sent: Thursday, June 07, 2001 6:11 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] pptpd with TunnelBuilder Folks, let's see if this list is working. We have successfully established a connection between pptpd and TunnelBuilder. We have applied the mppe pppd patches to pppd and kernel 2.2.0. Looks like the patches available are not working on some newer 2.2.x kernel. Here are two questions: 1) Are there any newer mppe patches available that anyone knows of? 2) When we are switching encryption from None to MPPE in TunnelBuilder's setup, the connection comes up, gets established but absolutely no data flows. We are unable to ping regardless of the ping's direction. Both (pptpd and tunnelbuilder) show that they have negotiated MPPE-40 stateless. Anyone, please? Thank you! Sascha _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From GeorgeV at citadelcomputer.com.au Wed Jun 6 17:33:02 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 7 Jun 2001 08:33:02 +1000 Subject: [pptp-server] WIN98 BlackMagic Message-ID: <200FAA488DE0D41194F10010B597610D012553@JUPITER> I agree with Steve, I run my NT server as a WINS server and works OK. The only need on the linux box was the master browser so I can see all LAN machines via the tunnel as broadcasts don't route. 1 other thing I did which helped some problem was to add my VPN machines IP to the remote announce as it broke for some reason (possibly no longe rthe master browser?? who knows). in your samba logs, you wil find log.{machinename} which will show logs with samba communicating to your PC and any actions done. There is also log.nmb and log.smb and the log.nmb will be interesting as this is the NetBIOS log file. It's a bit weird that not even browsing via IP works. I have every machine on the same workgroup, my password and login are the same from LAN and VPN and all is OK.. this should work for the problem user. I think it's time to get a trimmed down /etc/smb.conf file. thanks, George Vieira -----Original Message----- From: Cowles, Steve [mailto:Steve at SteveCowles.com] Sent: Thursday, June 07, 2001 5:12 AM To: 'mduran at bamo.com'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] WIN98 BlackMagic > -----Original Message----- > From: mduran at bamo.com [mailto:mduran at bamo.com] > Sent: Wednesday, June 06, 2001 12:34 PM > To: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] WIN98 BlackMagic > > > Hello, > > RE: the options file- > The /etc/ppp/options file does contain the IP of my WINS server (NT4 > server); ms-wins 192.168.1.2 I know... dumb question, but are you sure the WINS service is running on this NT box?? Also, the linux box running Samba - is it configured to register with the WINS server at 192.168.1.2. i.e. in smb.conf: wins server = 192.168.1.2 remote announce = 192.168.1.255 How about the workgroup/domain registration?? Is the linux box running Samba registering its workgroup/domain association properly with the WINS server. FWIW: Every SMB client on your LAN should be registering with the WINS server. With regards to the Win98 client establishing the PPTP VPN - is its workgroup and/or domain set to match that of your LAN. This system should also register with the WINS server. Finally, have you checked the WINS server's database to see if all of these systems (including your WIN 98 box) have a registration entry????? > > RE: The client IP address- > A 'route print' and a 'winipcfg' reports a valid IP address > given by the WINS server, the correct subnet, etc. It all > checks out fine. I can telnet into the WINS server, no problem, > as well as the Linux VPN server. I can ping all other clients, > plus printers, inside the network. The other Unix boxen see me > as one of the internal IPs. Based on the above - it looks as though you have TCP/IP, PPTP/PPP and routing setup properly. > > RE: lmhost file- > I included the ip address of the samba file server I wish to > map a drive to (192.168.1.200) followed by its name 'pc01' in > my lmhost.sam file. This machine has a share called "server". > My lmhost file looks like this; > 192.168.1.200 pc01 If your WINS server (and all the client registrations) are properly setup and running, you should NOT have to edit the LMHOSTS file. This would be an adminsitration nightmare.... > > When I try to map a drive as \\192.168.1.200\server I get the > same error message "the computer or sharename could not be > found. Make sure you typed it in correctly and try again". > The same when trying \\pc01\server . This is odd. Another dumb question - are you sure Samba is running on this box? If so, what is the "hosts allow" parameter set to in smb.conf?? Also, have you checked the samba log files to see it your SMB request (from the WIN 98 PPTP client) is being rejected? > > I found a post > (http://lists.schulte.org/pipermail/pptp-server/1999-July/005473.html) > from July 99 where this person suggests the only way to browse the > network, let alone just map a drive to the samba box, is to configure > the samba box as a WINS server. This may be my next step. FWIW: I have never agreed with the "ole saying" that you "must" run WINS on the Samba server. I run WINS on my NT server, not on my Samba server. My Samba server is configured to register with the WINS server running on the NT box. I also run PoPToP on my linux box and connect into my LAN using PPTP from my WIN 98 laptop. I have had no problems at all in browsing any PC/Server (including Samba) on the internal LAN. In fact, I have many of my customers setup in the same way. i.e. WINS running an a NT server and Poptop running on linux. If for some reason this works... please let me know. I would be interested in understanding "WHY" Steve Cowles _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From Steve at SteveCowles.com Wed Jun 6 19:09:07 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 6 Jun 2001 19:09:07 -0500 Subject: [pptp-server] WIN98 BlackMagic Message-ID: <90769AF04F76D41186C700A0C90AFC3EE7C1@defiant.infohiiway.com> > -----Original Message----- > From: mduran at bamo.com [mailto:mduran at bamo.com] > Sent: Wednesday, June 06, 2001 4:55 PM > To: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] WIN98 BlackMagic > > > > > Thank you all for your respone. Its much appreaciated. I > don't understand what pleasure MS gets out of making there > own networking soooo complicated.... > > > RE: The WINS server- > I'm sure the WINS is running on the NT server. I went back > to the office (as in real phyical building) to verify this by > typing; ipconfig /all It returns the Windows NT IP Config... > ....(blah, blah, blah.) It lists its own IP address as 192.168.1.2 > to it's ethernet adapter (3com) > And it also shows the Primary WINS server as 192.168.1.2. The above does NOT verify that you have the WINS service installed and running on this NT box. The above only verifies that MS networking component is configured to register with a WINS server at this IP address. In this case, the same IP address. Again... have you verified that the WINS service is running on this box. i.e. Control Panel->Services. you should see a service called "Windows Internet Name Service" in a "started" state. > > RE: The linux box running Samba and it config to register the > WINS server at the required ip and stated so in the smb.conf? > Yes. However, I don't have the 'remote announce = > 000.000.000.000' line. What would that do? The above tells Samba what address to broadcast at. Although, Samba can usually figure this out. > > RE: "Is the linux box running Samba registering its > workgroup/domain association properly with the WINS > server?" > Yes. And all SMB clients are registering with the WINS > server without any problems (just like it should be). This is great, but means nothing if the WINS service is NOT running on your NT box. If WINS is not running, then MS networking defaults to using broadcasts to build the Master Browser list. This can be verified by looking at the output from ipconfig or winipcfg and looking at the Netbios Node Type setting. FWIW: Broadcasts do NOT span routers. i.e. Your PPTP server is a router. From charlieb at e-smith.com Wed Jun 6 19:44:30 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 6 Jun 2001 20:44:30 -0400 (EDT) Subject: [pptp-server] WIN98 BlackMagic In-Reply-To: Message-ID: On Wed, 6 Jun 2001 mduran at bamo.com wrote: > Thank you all for your respone. Its much appreaciated. I don't understand > what pleasure MS gets out of making there own networking soooo > complicated.... "Never attribute to maliciousness what can be adequately explained by incompetence." Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From jpej at geo-rede.com.br Wed Jun 6 19:52:37 2001 From: jpej at geo-rede.com.br (=?iso-8859-1?q?Jos=E9=20de=20Paula=20Eufr=E1sio=20J=FAnior?=) Date: Wed, 6 Jun 2001 21:52:37 -0300 Subject: [pptp-server] chapasswd - a tool for admin chap-secrets files Message-ID: <01060621523700.00241@echobase> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! I just finished this program, it's in very early stage, and it's a very bad piece of code, but I'm counting in your help to improve the program. URL: http://sourceforge.net/projects/chapasswd Thx! []s Junior - -- ############################################################ Jos? de Paula Eufr?sio J?nior - coredump SysAdmin Geo-rede Wireless Internet jpej at geo-rede.com.br | ICQ 1142954 (coredump) PGP Key at: http://www.geo-rede.com.br/users/jpej/coredump.public.key ############################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7HtBaXGlWVic5pKMRApQJAJoDFMQtCQGQVZLbrXsP23zrPYF3bgCeLBNP PW56ggFLJQPp2Z8h3U1DoiI= =G3Zo -----END PGP SIGNATURE----- From louis at onramp.ca Wed Jun 6 22:09:15 2001 From: louis at onramp.ca (Louis de Bourbon) Date: Wed, 6 Jun 2001 23:09:15 -0400 Subject: [pptp-server] pptp connection acting like one armed bandit Message-ID: When attempting pptp connection I get: "Error 778: It was not possible to verify the identity of the server" About 1 out of every 3-8 times on attempting to reconnect I do eventually get connected properly and I am able to ping hosts etc on the private LAN and the VPN is perfect. I set up the Linux pptp server (2.4.5 RH7.1) in-house behind a Linux firewall (2.2.19 RH 6.2) and it tested perfect with outside (ie Inet connected) Win2K client (128bit support installed). When I moved the server to customer site behind identical firewall I started getting the 778 errors. I had to set up hosts and lmhosts on the same Win2K client so name resolution was ok. I have tried fiddling with ./ppp/options but most changes lead to the same result. If anyone can figure this one out its worth a beer or many! pptpd version is 1.1.2 ./ppp/options.pptp ****************** name * lock mtu 1490 mru 1490 proxyarp auth debug +chap +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 3 deflate 0 mppe-40 mppe-128 mppe-stateless When its not happy ****************** Jun 6 22:47:26 localhost pptpd[5326]: CTRL: Client 204.225.93.61 control connection st arted Jun 6 22:47:26 localhost pptpd[5326]: CTRL: Starting call (launching pppd, opening GRE ) Jun 6 22:47:26 localhost pppd[5327]: pppd 2.4.0 started by root, uid 0 Jun 6 22:47:26 localhost pppd[5327]: Using interface ppp0 Jun 6 22:47:26 localhost pppd[5327]: Connect: ppp0 <--> /dev/pts/0 Jun 6 22:47:29 localhost pptpd[5326]: CTRL: Ignored a SET LINK INFO packet with real A CCMs! Jun 6 22:47:29 localhost pptpd[5326]: Buffering out-of-order packet; got 4 after 2 Jun 6 22:47:29 localhost pptpd[5326]: Buffering out-of-order packet; got 5 after 2 Jun 6 22:47:29 localhost pppd[5327]: MSCHAP-v2 peer authentication succeeded for hld Jun 6 22:47:31 localhost pptpd[5326]: CTRL: Ignored a SET LINK INFO packet with real A CCMs! Jun 6 22:47:31 localhost pppd[5327]: LCP terminated by peer (@^R^Tl^@ /dev/pts/0 Jun 6 22:43:25 localhost pptpd[5245]: Buffering out-of-order packet; got 9 after 7 Jun 6 22:43:25 localhost pptpd[5245]: CTRL: Ignored a SET LINK INFO packet with real A CCMs! Jun 6 22:43:28 localhost kernel: PPP BSD Compression module registered Jun 6 22:43:28 localhost kernel: PPP MPPE compression module registered Jun 6 22:43:28 localhost pppd[5246]: MSCHAP-v2 peer authentication succeeded for hld Jun 6 22:43:32 localhost pptpd[5245]: CTRL: Ignored a SET LINK INFO packet with real A CCMs! Jun 6 22:43:32 localhost pppd[5246]: Modem hangup Jun 6 22:43:32 localhost pppd[5246]: Connection terminated. Jun 6 22:43:32 localhost pppd[5246]: Connect time 0.2 minutes. Jun 6 22:43:32 localhost pppd[5246]: Sent 58 bytes, received 0 bytes. Jun 6 22:43:32 localhost pppd[5246]: Exit. Jun 6 22:43:32 localhost pptpd[5245]: GRE: read error: Bad file descriptor Jun 6 22:43:32 localhost pptpd[5245]: CTRL: PTY read or GRE write failed (pty,gre)=(-1 ,-1) Jun 6 22:43:32 localhost pptpd[5245]: CTRL: Client 204.225.93.61 control connection fi nished Jun 6 22:43:33 localhost pptpd[5277]: CTRL: Client 204.225.93.61 control connection st arted Jun 6 22:43:33 localhost pptpd[5277]: CTRL: Starting call (launching pppd, opening GRE ) Jun 6 22:43:33 localhost pppd[5278]: pppd 2.4.0 started by root, uid 0 Jun 6 22:43:33 localhost pppd[5278]: Using interface ppp0 Jun 6 22:43:33 localhost pppd[5278]: Connect: ppp0 <--> /dev/pts/0 Jun 6 22:43:38 localhost pptpd[5277]: CTRL: Ignored a SET LINK INFO packet with real A CCMs! Jun 6 22:43:38 localhost pptpd[5277]: Buffering out-of-order packet; got 7 after 5 Jun 6 22:43:41 localhost pptpd[5277]: CTRL: Ignored a SET LINK INFO packet with real A CCMs! Jun 6 22:43:41 localhost pptpd[5277]: Buffering out-of-order packet; got 9 after 7 Jun 6 22:43:41 localhost pptpd[5277]: CTRL: Ignored a SET LINK INFO packet with real A CCMs! Jun 6 22:43:41 localhost pppd[5278]: MSCHAP-v2 peer authentication succeeded for hld Jun 6 22:43:41 localhost pptpd[5277]: Buffering out-of-order packet; got 15 after 12 Jun 6 22:43:44 localhost pptpd[5277]: Buffering out-of-order packet; got 21 after 19 Jun 6 22:43:44 localhost pptpd[5277]: Packet reorder timeout waiting for 20 Jun 6 22:43:44 localhost pptpd[5277]: Buffering out-of-order packet; got 22 after 20 Jun 6 22:43:44 localhost pppd[5278]: found interface eth0 for proxy arp Jun 6 22:43:44 localhost pppd[5278]: local IP address 10.10.10.249 Jun 6 22:43:44 localhost pppd[5278]: remote IP address 10.10.10.200 Jun 6 22:43:44 localhost pptpd[5277]: Buffering out-of-order packet; got 26 after 24 Jun 6 22:43:50 localhost pptpd[5277]: Buffering out-of-order packet; got 38 after 34 Jun 6 22:43:50 localhost pptpd[5277]: Buffering out-of-order packet; got 37 after 34 Jun 6 22:43:50 localhost pptpd[5277]: Buffering out-of-order packet; got 39 after 34 Jun 6 22:43:50 localhost pptpd[5277]: Gave up waiting for 2 lost packets beginning wit h 35 Jun 6 22:43:50 localhost pptpd[5277]: Buffering out-of-order packet; got 42 after 39 Jun 6 22:43:50 localhost pptpd[5277]: Buffering out-of-order packet; got 41 after 39 Jun 6 22:43:50 localhost pptpd[5277]: Discarding out-of-order packet 35, already have 39 Jun 6 22:43:50 localhost pptpd[5277]: Discarding out-of-order packet 36, already have 39 Jun 6 22:43:51 localhost pptpd[5277]: Buffering out-of-order packet; got 44 after 42 Jun 6 22:43:51 localhost pppd[5278]: MPPE 128 bit, stateless compression enabled Jun 6 22:43:53 localhost pptpd[5277]: Buffering out-of-order packet; got 52 after 50 Jun 6 22:46:15 localhost pptpd[5277]: CTRL: Ignored a SET LINK INFO packet with real A CCMs! Jun 6 22:46:15 localhost pppd[5278]: LCP terminated by peer (^]^LbM-2^@ I've got a gateway/router style firewall based on a 2.4 kernel. I'm using IPTables (somewhat reluctantly) and need to push pptp traffic through to the NAT'd server. Anyone got any good iptables based scripts to do that? What I have currently keeps timing out: #Allow pptpd connections (port 1723) /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ --sport $PUBLICPORTS --dport 1723 -j ACCEPT /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT /sbin/iptables -A INPUT -i ppp+ \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT /sbin/iptables -A OUTPUT -o ppp+ \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT echo "PPTP clients allowed" # Allow inbound pptpd connections to PoPToP - forward to pptp server /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP --dport 1723 --sport $PUBLIC PORTS -j DNAT --to $POPTOPSERVER /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p 47 -j DNAT --to $POPTOPSERVER /sbin/iptables -A FORWARD -p TCP --dport 1723 --sport 1723 -j ACCEPT /sbin/iptables -A FORWARD -p 47 -j ACCEPT echo "PPTPD Server connections allowed" I'm pretty sure that there are some parts missing. Any help will be appreciated. Chris Tooley From berzerke at swbell.net Wed Jun 6 21:52:14 2001 From: berzerke at swbell.net (robert) Date: Wed, 06 Jun 2001 21:52:14 -0500 Subject: [pptp-server] linux-2.4.4-openssl-0.9.6a-mppe.patch.gz In-Reply-To: References: Message-ID: <01060621521401.11468@linux> Not having tested it personally, I can't tell for sure, but it appears to be all inclusive. You shouldn't neet to apply 2.4.0 first. On Wednesday 06 June 2001 13:13, Douglas W Koobs wrote: > Just found this patch at http://mirror.binarix.com. > > Is this patch inclusive, so that I do not need to apply the 2.4.0-openssl > kernel patch? Or do I have to apply the 2.4.0 first, and then the 2.4.4? > Thanks, > > Douglas W Koobs > Network Engineer > Dimension Networks, Inc From tomer at ans.co.il Thu Jun 7 01:21:57 2001 From: tomer at ans.co.il (Tomer Okavi) Date: Thu, 7 Jun 2001 08:21:57 +0200 Subject: [pptp-server] pptp through adsl (packetlose) Message-ID: Hey all. I have 2 machines connected to the net with a pptp based ADSL connection. both machine work well, both MTU and MRU for their Internet connection (ppp0) is 1452. I'm using pptpd 1.1.2, kernel 2.4.4,ppp 2.4.0, iptables 1.2.2 on both machine's I'm connecting to box A from a win2k behind box B, everything works fine . my only problem is that I have LOTS of "Gave up waiting for 1 lost packets ....." From lists at earthling.2y.net Thu Jun 7 05:49:40 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 7 Jun 2001 06:49:40 -0400 (EDT) Subject: [pptp-server] pptp through adsl (packetlose) In-Reply-To: Message-ID: Its going to be your dsl provider and the phone lines at the two sites... odds are ( i have seen this lots at some sites, and none at others) that the dsl line is going down for a few seconds, and then comming back up. There is not much you can do... but check your connections for currosion, and call the phone company/dsl provider. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 7 Jun 2001, Tomer Okavi wrote: > > > Hey all. > > I have 2 machines connected to the net with a pptp based ADSL connection. > both machine work well, both MTU and MRU for their Internet connection > (ppp0) is 1452. > > I'm using pptpd 1.1.2, kernel 2.4.4,ppp 2.4.0, iptables 1.2.2 on both > machine's > > I'm connecting to box A from a win2k behind box B, everything works fine . > > my only problem is that I have LOTS of "Gave up waiting for 1 lost packets > ....." > > >From what I could find it sure looks like a MTU/MRU problem.(for the pptpd > server) > tried messing around with these values from 1500->700 with NO real > improvement. > > any recommendations? > > Thanks > > Tomer Okavi. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Thu Jun 7 05:54:31 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 7 Jun 2001 06:54:31 -0400 (EDT) Subject: [pptp-server] Pushing pptpd through... In-Reply-To: <86256A64.00138249.00@amoa.org> Message-ID: Are you setup to allow established, and related connections? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 6 Jun 2001 ctooley at amoa.org wrote: > > > > > I've got a gateway/router style firewall based on a 2.4 kernel. I'm using > IPTables (somewhat reluctantly) and need to push pptp traffic through to the > NAT'd server. Anyone got any good iptables based scripts to do that? What I > have currently keeps timing out: > > #Allow pptpd connections (port 1723) > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ > --sport $PUBLICPORTS --dport 1723 -j ACCEPT > /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT > /sbin/iptables -A INPUT -i ppp+ \ > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > /sbin/iptables -A OUTPUT -o ppp+ \ > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > echo "PPTP clients allowed" > > # Allow inbound pptpd connections to PoPToP - forward to pptp server > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP --dport 1723 --sport > $PUBLIC > PORTS -j DNAT --to $POPTOPSERVER > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p 47 -j DNAT --to $POPTOPSERVER > /sbin/iptables -A FORWARD -p TCP --dport 1723 --sport 1723 -j ACCEPT > /sbin/iptables -A FORWARD -p 47 -j ACCEPT > echo "PPTPD Server connections allowed" > > I'm pretty sure that there are some parts missing. Any help will be > appreciated. > > Chris Tooley > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From ctooley at amoa.org Thu Jun 7 07:53:04 2001 From: ctooley at amoa.org (ctooley at amoa.org) Date: Thu, 7 Jun 2001 07:53:04 -0500 Subject: [pptp-server] Pushing pptpd through... Message-ID: <86256A64.0046C740.00@amoa.org> If it's not here then I'm not doing it. How do I do that? Chris Justin Kreger on 06/07/2001 05:54:31 AM To: Chris Tooley/AMOA at AMOA cc: pptp-server at lists.schulte.org Subject Re: [pptp-server] Pushing pptpd through... : Are you setup to allow established, and related connections? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 6 Jun 2001 ctooley at amoa.org wrote: > > > > > I've got a gateway/router style firewall based on a 2.4 kernel. I'm using > IPTables (somewhat reluctantly) and need to push pptp traffic through to the > NAT'd server. Anyone got any good iptables based scripts to do that? What I > have currently keeps timing out: > > #Allow pptpd connections (port 1723) > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ > --sport $PUBLICPORTS --dport 1723 -j ACCEPT > /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT > /sbin/iptables -A INPUT -i ppp+ \ > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > /sbin/iptables -A OUTPUT -o ppp+ \ > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > echo "PPTP clients allowed" > > # Allow inbound pptpd connections to PoPToP - forward to pptp server > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP --dport 1723 --sport > $PUBLIC > PORTS -j DNAT --to $POPTOPSERVER > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p 47 -j DNAT --to $POPTOPSERVER > /sbin/iptables -A FORWARD -p TCP --dport 1723 --sport 1723 -j ACCEPT > /sbin/iptables -A FORWARD -p 47 -j ACCEPT > echo "PPTPD Server connections allowed" > > I'm pretty sure that there are some parts missing. Any help will be > appreciated. > > Chris Tooley > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From JaminC at adapt-tele.com Thu Jun 7 10:30:35 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Thu, 7 Jun 2001 10:30:35 -0500 Subject: [pptp-server] WIN98 BlackMagic Message-ID: I've been following the discussions regarding the inability to browse/map over a PoPToP connection. I recently experienced a similiar situation that may be of some help. I had one user that could not access any system via SMB over the PoPToP connection. Over the course of a few days and several hours of diagnosis I finally had the user bring the system in. I found that the system could browse when physically connected to the LAN. Now, I know what your thinking, something was mucked up with the pptpd configuration, but this was not the case. Remember this was the only user having a problem. So, I isolated the system on another segment of my LAN and began testing communication when connected to the PoPToP server. I found that all traffic except SMB worked perfectly, just as it had from the user remote location. I rapidly exhausted what I viewed as possible causes. Then on a whim, I removed the "Client for Microsoft Networks" from the Network Configuration. Rebooted, of course. Reinstalled "Client for Microsoft Networks", and rebooted again. Then tested the connection again. To my surprise SMB browsing now worked just fine. I'm not saying that this problem is common or that this will solve your current problem. However, I was getting the same errors and likewise was unable to access any SMB system (even by ip) but was able to resolve names to ip and such. So, it may be worth a try. Jamin W. Collins From mduran at bamo.com Thu Jun 7 12:26:13 2001 From: mduran at bamo.com (mduran at bamo.com) Date: Thu, 7 Jun 2001 10:26:13 -0700 Subject: [pptp-server] WIN98 Black Magic Message-ID: from George Vieira: >>1 other thing I did which helped some problem was to add my VPN machines IP to the remote announce as it broke for some reason (possibly no longe rthe master browser?? who knows).<< I'll try this. from Steve Cowles: >> >>Again... have you verified that the WINS service is running on this box. i.e. Control Panel->Services. you should see a service called "Windows Internet Name Service" in a "started" state.<< I'll verify this too, today. from Jamin W. Collins: >> >>So, I isolated the system on another segment of my LAN and began testing communication when connected to the PoPToP server. I found that all traffic except SMB worked perfectly, just as it had from the user remote location. I rapidly exhausted what I viewed as possible causes. Then on a whim, I removed the "Client for Microsoft Networks" from the Network Configuration. Rebooted, of course. Reinstalled "Client for Microsoft Networks", and rebooted again. Then tested the connection again. To my surprise SMB browsing now worked just fine. I'm not saying that this problem is common or that this will solve your current problem. However, I was getting the same errors and likewise was unable to access any SMB system (even by ip) but was able to resolve names to ip and such. So, it may be worth a try<< then I'll try this as well. -Michael From GeorgeV at citadelcomputer.com.au Thu Jun 7 15:44:48 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 8 Jun 2001 06:44:48 +1000 Subject: [pptp-server] WIN98 BlackMagic Message-ID: <200FAA488DE0D41194F10010B597610D01256B@JUPITER> Actually I get this all the time with my clients who use a different tunnel software and connect to a unix system which wants to print to their printer share. a net view \\ip.add.re.ss\ didn't come up with anything. This was a symtom that SMB on windows was screwed. Doing just that, remove , reboot, add, reboot fixed the problem. you could probably try net viewing your own IP..?? never know.? thanks, George Vieira -----Original Message----- From: Jamin Collins [mailto:JaminC at adapt-tele.com] Sent: Friday, June 08, 2001 1:31 AM To: 'mduran at bamo.com'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] WIN98 BlackMagic I've been following the discussions regarding the inability to browse/map over a PoPToP connection. I recently experienced a similiar situation that may be of some help. I had one user that could not access any system via SMB over the PoPToP connection. Over the course of a few days and several hours of diagnosis I finally had the user bring the system in. I found that the system could browse when physically connected to the LAN. Now, I know what your thinking, something was mucked up with the pptpd configuration, but this was not the case. Remember this was the only user having a problem. So, I isolated the system on another segment of my LAN and began testing communication when connected to the PoPToP server. I found that all traffic except SMB worked perfectly, just as it had from the user remote location. I rapidly exhausted what I viewed as possible causes. Then on a whim, I removed the "Client for Microsoft Networks" from the Network Configuration. Rebooted, of course. Reinstalled "Client for Microsoft Networks", and rebooted again. Then tested the connection again. To my surprise SMB browsing now worked just fine. I'm not saying that this problem is common or that this will solve your current problem. However, I was getting the same errors and likewise was unable to access any SMB system (even by ip) but was able to resolve names to ip and such. So, it may be worth a try. Jamin W. Collins _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Thu Jun 7 16:44:30 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 7 Jun 2001 17:44:30 -0400 (EDT) Subject: [pptp-server] Pushing pptpd through... In-Reply-To: <86256A64.0046C740.00@amoa.org> Message-ID: /sbin/iptables -A chainnamehere -m state -p all --state ESTABLISHED,RELATED -j ACCEPT Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 7 Jun 2001 ctooley at amoa.org wrote: > > > > > If it's not here then I'm not doing it. How do I do that? > > Chris > > > > > > > > Justin Kreger on 06/07/2001 05:54:31 AM > > > > To: Chris Tooley/AMOA at AMOA > > cc: pptp-server at lists.schulte.org > > > > Subject Re: [pptp-server] Pushing pptpd through... > : > > > > > > > > > > Are you setup to allow established, and related connections? > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > On Wed, 6 Jun 2001 ctooley at amoa.org wrote: > > > > > > > > > > > I've got a gateway/router style firewall based on a 2.4 kernel. I'm using > > IPTables (somewhat reluctantly) and need to push pptp traffic through to the > > NAT'd server. Anyone got any good iptables based scripts to do that? What I > > have currently keeps timing out: > > > > #Allow pptpd connections (port 1723) > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ > > --sport $PUBLICPORTS --dport 1723 -j ACCEPT > > /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > > /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > > /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT > > /sbin/iptables -A INPUT -i ppp+ \ > > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > > /sbin/iptables -A OUTPUT -o ppp+ \ > > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > > echo "PPTP clients allowed" > > > > # Allow inbound pptpd connections to PoPToP - forward to pptp server > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP --dport 1723 --sport > > $PUBLIC > > PORTS -j DNAT --to $POPTOPSERVER > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p 47 -j DNAT --to > $POPTOPSERVER > > /sbin/iptables -A FORWARD -p TCP --dport 1723 --sport 1723 -j ACCEPT > > /sbin/iptables -A FORWARD -p 47 -j ACCEPT > > echo "PPTPD Server connections allowed" > > > > I'm pretty sure that there are some parts missing. Any help will be > > appreciated. > > > > Chris Tooley > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From SStone at taos.com Thu Jun 7 18:00:18 2001 From: SStone at taos.com (Scott Stone) Date: Thu, 7 Jun 2001 16:00:18 -0700 Subject: [pptp-server] Pushing pptpd through... Message-ID: <21DEAE09F017D111969700A0C9840752059DA847@espresso.taos.com> how is this different than telling iptables to allow tcp in the !-syn state (ie, not a SYN packet)? isn't that what established/related does? ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Justin Kreger [mailto:lists at earthling.2y.net] Sent: Thursday, June 07, 2001 2:45 PM To: ctooley at amoa.org Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Pushing pptpd through... /sbin/iptables -A chainnamehere -m state -p all --state ESTABLISHED,RELATED -j ACCEPT Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 7 Jun 2001 ctooley at amoa.org wrote: > > > > > If it's not here then I'm not doing it. How do I do that? > > Chris > > > > > > > > Justin Kreger on 06/07/2001 05:54:31 AM > > > > To: Chris Tooley/AMOA at AMOA > > cc: pptp-server at lists.schulte.org > > > > Subject Re: [pptp-server] Pushing pptpd through... > : > > > > > > > > > > Are you setup to allow established, and related connections? > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > On Wed, 6 Jun 2001 ctooley at amoa.org wrote: > > > > > > > > > > > I've got a gateway/router style firewall based on a 2.4 kernel. I'm using > > IPTables (somewhat reluctantly) and need to push pptp traffic through to the > > NAT'd server. Anyone got any good iptables based scripts to do that? What I > > have currently keeps timing out: > > > > #Allow pptpd connections (port 1723) > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ > > --sport $PUBLICPORTS --dport 1723 -j ACCEPT > > /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > > /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > > /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT > > /sbin/iptables -A INPUT -i ppp+ \ > > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > > /sbin/iptables -A OUTPUT -o ppp+ \ > > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > > echo "PPTP clients allowed" > > > > # Allow inbound pptpd connections to PoPToP - forward to pptp server > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP --dport 1723 --sport > > $PUBLIC > > PORTS -j DNAT --to $POPTOPSERVER > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p 47 -j DNAT --to > $POPTOPSERVER > > /sbin/iptables -A FORWARD -p TCP --dport 1723 --sport 1723 -j ACCEPT > > /sbin/iptables -A FORWARD -p 47 -j ACCEPT > > echo "PPTPD Server connections allowed" > > > > I'm pretty sure that there are some parts missing. Any help will be > > appreciated. > > > > Chris Tooley > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From mduran at bamo.com Thu Jun 7 18:38:37 2001 From: mduran at bamo.com (mduran at bamo.com) Date: Thu, 07 Jun 2001 23:38:37 GMT Subject: [pptp-server] WIN98 Black Magic? Message-ID: <20010607233837.31851.qmail@mail.bamo.com> Hello All, I brought my Win98 laptop into the physical office LAN. Powered-up the laptop, logged onto the domain, and am able to map away...as well as browse the LAN network, no problems. As if I never changed anything. So, I think this may discount the idea the my Win98 SMB network settings were all !!??#$#@!!-up. I suppose I'll try to make a physical-inside mini-LAN to see if I can get on via the VPN DUN...If that works then what?....Have the DSL line replaced (LOL). I'll keep everyone posted... Thank you, -Michael From tcanich at geosc.psu.edu Thu Jun 7 19:00:28 2001 From: tcanich at geosc.psu.edu (Tom Canich) Date: Thu, 7 Jun 2001 20:00:28 -0400 (EDT) Subject: [pptp-server] Server may ping client, client unable to ping server In-Reply-To: <20010607233837.31851.qmail@mail.bamo.com> Message-ID: Hi, I'm running pptpd on a linux box with iptables. Iptables is currently set with default allow and masquerades for my internal LAN. We are trying to connect a remote client running windows 98 to the LAN, but to no avail, The client connects and receives a remote and local IP address. I can ping the client's IP from the server, but the client is unable to send any traffic back to the LAN. We initially had iptables configured to be more stringent, but loosened it up, thinking perhaps that was causing all the trouble. Unfortunately this has not solved anything. The windows 98 computer has all of the latest updates (as of 8:00 EST today :) ). Any thoughts? tom From mduran at bamo.com Thu Jun 7 19:17:47 2001 From: mduran at bamo.com (mduran at bamo.com) Date: Fri, 08 Jun 2001 00:17:47 GMT Subject: [pptp-server] WIN98 Black Magic? In-Reply-To: <200FAA488DE0D41194F10010B597610D012573@JUPITER> References: <200FAA488DE0D41194F10010B597610D012573@JUPITER> Message-ID: <20010608001747.960.qmail@mail.bamo.com> Hi George, Yes, I have a Linux firewall/router at the phyiscal LAN. The VPN is 'under' this box. And I guess I haven't given much attention to the firewall/router box because it's letting me through to the VPN to the inside LAN, when I'm remote. Maybe the firewall is where the trouble is happening...(Dohhh!!) Maybe the firewall is bit too tight. I'll verify. Thank you, -Michael George Vieira writes: > when you went on the LAN and tested it.. did you consider that the browsing > is working because your going through the LAN and not the VPN? > > Have you got any firewall protection from outside that may not be allowing > SMB goign through or something totally missed? > > > thanks, > George Vieira > > > -----Original Message----- > From: mduran at bamo.com [mailto:mduran at bamo.com] > Sent: Friday, June 08, 2001 9:39 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] WIN98 Black Magic? > > > > > > Hello All, > I brought my Win98 laptop into the physical office LAN. Powered-up the > laptop, logged onto the domain, and am able to map away...as well as browse > the LAN network, no problems. As if I never changed anything. So, I think > this may discount the idea the my Win98 SMB network settings were all > !!??#$#@!!-up. > > I suppose I'll try to make a physical-inside mini-LAN to see if I can get > on via the VPN DUN...If that works then what?....Have the DSL line replaced > (LOL). > > I'll keep everyone posted... > > Thank you, > -Michael > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From ctooley at amoa.org Thu Jun 7 21:23:37 2001 From: ctooley at amoa.org (ctooley at amoa.org) Date: Thu, 7 Jun 2001 19:23:37 -0700 Subject: [pptp-server] PoPToP Website Message-ID: <86256A65.000D26BB.00@amoa.org> I may be starting to get annoying about this subject, but I am still curious what the status of getting some updated and slightly more relevant information the website is? Hint: I would be interested in helping do the updates. Chris Tooley From JaminC at adapt-tele.com Thu Jun 7 22:11:28 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Thu, 7 Jun 2001 22:11:28 -0500 Subject: [pptp-server] WIN98 Black Magic? Message-ID: mduran at bamo.com [mailto:mduran at bamo.com] wrote: > I brought my Win98 laptop into the physical office LAN. > Powered-up the laptop, logged onto the domain, and am > able to map away...as well as browse the LAN network, > no problems. As if I never changed anything. So, I > think this may discount the idea the my Win98 SMB > network settings were all !!??#$#@!!-up. Not necessarily, this is exactly the problem that I encountered with my problematic machine that I posted about earlier. The system worked fine when connected to the physical LAN but no when connected to the VPN. No other machine connecting to the VPN had any problem, so I knew the VPN was not the problem. It turned out to the be the Client on the Win 98 machine that was as you put it "all !!??#$#@!!-up". Jamin W. Collins From JaminC at adapt-tele.com Thu Jun 7 22:13:58 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Thu, 7 Jun 2001 22:13:58 -0500 Subject: [pptp-server] Server may ping client, client unable to ping s erver Message-ID: Tom Canich [mailto:tcanich at geosc.psu.edu] > The client connects and receives a remote and local IP address. I can > ping the client's IP from the server, but the client is > unable to send any traffic back to the LAN. A few things will help us help you better: - IP's for the systems in question - routing tables from both systems Jamin W. Collins From Carl.Andrews at crackerbarrel.com Thu Jun 7 22:17:02 2001 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu, 7 Jun 2001 22:17:02 -0500 Subject: [pptp-server] Server may ping client, client unable to ping s erver Message-ID: I had the same problem. When I accessed the server's VPN and ON THE SERVER type ifconfig, the PPP adapter was given an "local network" and a "remote network" ip address. I had to modify pptpd.conf,options.pptp and ipchains to allow access for the "new" network Add to the /etc/pptpd.conf debug option /etc/ppp/options.pptp localip 192.168.1.80-89 remoteip 192.168.0.80-89 #/etc/ppp/options.pptp proxyarp +chap auth debug lock defaultroute ms-dns 216.206.101.2 then add access for 192.168.0.80-90 for ipchains Hope this helps! -----Original Message----- From: Tom Canich To: pptp-server at lists.schulte.org Sent: 6/7/01 7:00 PM Subject: [pptp-server] Server may ping client, client unable to ping server Hi, I'm running pptpd on a linux box with iptables. Iptables is currently set with default allow and masquerades for my internal LAN. We are trying to connect a remote client running windows 98 to the LAN, but to no avail, The client connects and receives a remote and local IP address. I can ping the client's IP from the server, but the client is unable to send any traffic back to the LAN. We initially had iptables configured to be more stringent, but loosened it up, thinking perhaps that was causing all the trouble. Unfortunately this has not solved anything. The windows 98 computer has all of the latest updates (as of 8:00 EST today :) ). Any thoughts? tom _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Thu Jun 7 22:57:58 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 8 Jun 2001 13:57:58 +1000 Subject: [pptp-server] Server may ping client, client unable to ping s erver Message-ID: <200FAA488DE0D41194F10010B597610D01257B@JUPITER> How about some config files and log messages. I'm sorry but I failed my mind reading class ;-) Joke. thanks, George Vieira -----Original Message----- From: Jamin Collins [mailto:JaminC at adapt-tele.com] Sent: Friday, June 08, 2001 1:14 PM To: 'Tom Canich'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Server may ping client, client unable to ping s erver Tom Canich [mailto:tcanich at geosc.psu.edu] > The client connects and receives a remote and local IP address. I can > ping the client's IP from the server, but the client is > unable to send any traffic back to the LAN. A few things will help us help you better: - IP's for the systems in question - routing tables from both systems Jamin W. Collins _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From stefan_tomanek at web.de Fri Jun 8 01:15:56 2001 From: stefan_tomanek at web.de (Stefan Tomanek) Date: Fri, 8 Jun 2001 08:15:56 +0200 Subject: [pptp-server] Trouble using mppe-128 Message-ID: <20010608081556.C1410@pico.ruhr.de> I am trying to use pptp with 128bit encryption, and applied the corresponding patches to pppd as well as to the kernel. The ppp_mppe module is loaded, and if I only activate mppe-40, I can connect flawlessly. But if I try to use 128bit encryption and put mppe-128 in the pptpd-option file of client and server, strange things happen: These are the options on the server: auth deflate 0 nobsdcomp +chapms-v2 mppe-40 mppe-128 mppe-stateless debug ### Now I try to connect using the pptp linuxclient (I applied the same patches to the client): /usr/local/sbin/pptp 212.23.134.13 user stefan mppe-128 mppe-stateless The log on the server shows the following: Jun 8 08:12:11 kabel2 pppd[18526]: sent [CHAP Success id=0x1 "Welcome to kabel2 ."] Jun 8 08:12:11 kabel2 pppd[18526]: sent [IPCP ConfReq id=0x1 ] Jun 8 08:12:11 kabel2 pppd[18526]: sent [CCP ConfReq id=0x1 ] Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [IPCP ConfReq id=0x1 ] Jun 8 08:12:11 kabel2 pppd[18526]: sent [IPCP ConfNak id=0x1 ] Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x1 ] Jun 8 08:12:11 kabel2 pppd[18526]: sent [CCP ConfRej id=0x1 ] Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [IPCP ConfAck id=0x1 ] Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [CCP ConfNak id=0x1 ] Jun 8 08:12:11 kabel2 pppd[18526]: sent [CCP ConfReq id=0x2] Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [IPCP ConfReq id=0x2 ] Jun 8 08:12:11 kabel2 pppd[18526]: sent [IPCP ConfAck id=0x2 ] Jun 8 08:12:11 kabel2 pppd[18526]: Script /etc/ppp/ip-up started (pid 18528) Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x2] Jun 8 08:12:11 kabel2 pppd[18526]: sent [CCP ConfAck id=0x2] Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [CCP ConfAck id=0x2] Jun 8 08:12:11 kabel2 pppd[18526]: Script /etc/ppp/ip-up finished (pid 18528), status = 0x0 Jun 8 08:12:14 kabel2 pppd[18526]: sent [CCP ConfReq id=0x2] Jun 8 08:12:14 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x3 ] Jun 8 08:12:14 kabel2 pppd[18526]: sent [CCP ConfRej id=0x3 ] Jun 8 08:12:14 kabel2 pppd[18526]: rcvd [CCP ConfAck id=0x2] Jun 8 08:12:14 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x4] Jun 8 08:12:14 kabel2 pppd[18526]: sent [CCP ConfAck id=0x4] Jun 8 08:12:17 kabel2 pppd[18526]: sent [CCP ConfReq id=0x2] Jun 8 08:12:17 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x5 ] Jun 8 08:12:17 kabel2 pppd[18526]: sent [CCP ConfRej id=0x5 ] Jun 8 08:12:17 kabel2 pppd[18526]: rcvd [CCP ConfAck id=0x2] Jun 8 08:12:17 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x6] So in fact, no encryption is enabled and server and client continue to negotiate abount . How can I get it working? What is the differenz between , and ? Thank for your help. -- /stefan_tomanek at web.de | ICQ:1177934 | PGP:finger stefan at localhost.ruhr.de / / Spielen unter Linux: http://spiele.freepage.de/linux-zocker/ / / "Wer Header f?lscht oder verf?lschte Header in Umlauf bringt / / wird mit Scorefile nicht unter -500 Punkten bestraft." / From lists at earthling.2y.net Fri Jun 8 05:08:03 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 8 Jun 2001 06:08:03 -0400 (EDT) Subject: [pptp-server] Pushing pptpd through. In-Reply-To: <21DEAE09F017D111969700A0C9840752059DA847@espresso.taos.com> Message-ID: related would be like opening ftp-data when you request a file from a ftp server.... established.... *shrug* I dunno.... I need coffee... The IPTable's man file lays it out pritty well. I think there is also inital and something else for the state tracking system. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 7 Jun 2001, Scott Stone wrote: > > > > how is this different than telling iptables to allow tcp in the !-syn state > (ie, not a SYN packet)? isn't that what established/related does? > > ----------------------------------------------------- > Scott M. Stone > Senior Technical Consultant - UNIX and Networking > Taos, the Sysadmin Company - Santa Clara, CA > > > -----Original Message----- > From: Justin Kreger [mailto:lists at earthling.2y.net] > Sent: Thursday, June 07, 2001 2:45 PM > To: ctooley at amoa.org > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Pushing pptpd through... > > > > > /sbin/iptables -A chainnamehere -m state -p all --state ESTABLISHED,RELATED > -j ACCEPT > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > On Thu, 7 Jun 2001 ctooley at amoa.org wrote: > > > > > > > > > > > If it's not here then I'm not doing it. How do I do that? > > > > Chris > > > > > > > > > > > > > > > > Justin Kreger on 06/07/2001 05:54:31 AM > > > > > > > > To: Chris Tooley/AMOA at AMOA > > > > cc: pptp-server at lists.schulte.org > > > > > > > > Subject Re: [pptp-server] Pushing pptpd through... > > : > > > > > > > > > > > > > > > > > > > > Are you setup to allow established, and related connections? > > > > Justin Kreger, MCP MCSE CCNA > > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > > > > On Wed, 6 Jun 2001 ctooley at amoa.org wrote: > > > > > > > > > > > > > > > > > I've got a gateway/router style firewall based on a 2.4 kernel. I'm > using > > > IPTables (somewhat reluctantly) and need to push pptp traffic through to > the > > > NAT'd server. Anyone got any good iptables based scripts to do that? > What I > > > have currently keeps timing out: > > > > > > #Allow pptpd connections (port 1723) > > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ > > > --sport $PUBLICPORTS --dport 1723 -j ACCEPT > > > /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > > > /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > > > /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT > > > /sbin/iptables -A INPUT -i ppp+ \ > > > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > > > /sbin/iptables -A OUTPUT -o ppp+ \ > > > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > > > echo "PPTP clients allowed" > > > > > > # Allow inbound pptpd connections to PoPToP - forward to pptp server > > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP --dport 1723 > --sport > > > $PUBLIC > > > PORTS -j DNAT --to $POPTOPSERVER > > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p 47 -j DNAT --to > > $POPTOPSERVER > > > /sbin/iptables -A FORWARD -p TCP --dport 1723 --sport 1723 -j ACCEPT > > > /sbin/iptables -A FORWARD -p 47 -j ACCEPT > > > echo "PPTPD Server connections allowed" > > > > > > I'm pretty sure that there are some parts missing. Any help will be > > > appreciated. > > > > > > Chris Tooley > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Fri Jun 8 05:27:27 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 8 Jun 2001 06:27:27 -0400 (EDT) Subject: [pptp-server] Server may ping client, client unable to ping s erver In-Reply-To: <200FAA488DE0D41194F10010B597610D01257B@JUPITER> Message-ID: I bet it's proxyarp... or running a subnet on the ppp interfaces that is not the same as with the lan. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Fri, 8 Jun 2001, George Vieira wrote: > > > How about some config files and log messages. I'm sorry but I failed my mind > reading class ;-) Joke. > > > thanks, > George Vieira > > > -----Original Message----- > From: Jamin Collins [mailto:JaminC at adapt-tele.com] > Sent: Friday, June 08, 2001 1:14 PM > To: 'Tom Canich'; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Server may ping client, client unable to ping > s erver > > > > > Tom Canich [mailto:tcanich at geosc.psu.edu] > > The client connects and receives a remote and local IP address. I can > > ping the client's IP from the server, but the client is > > unable to send any traffic back to the LAN. > > A few things will help us help you better: > - IP's for the systems in question > - routing tables from both systems > > Jamin W. Collins > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Fri Jun 8 05:30:46 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 8 Jun 2001 06:30:46 -0400 (EDT) Subject: [pptp-server] Trouble using mppe-128 In-Reply-To: <20010608081556.C1410@pico.ruhr.de> Message-ID: try putting the encrption stuff into /etc/ppp/options, also, are you using chapms-v2 on the client? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Fri, 8 Jun 2001, Stefan Tomanek wrote: > > > I am trying to use pptp with 128bit encryption, and applied the > corresponding patches to pppd as well as to the kernel. > The ppp_mppe module is loaded, and if I only activate mppe-40, I can > connect flawlessly. > But if I try to use 128bit encryption and put mppe-128 in the > pptpd-option file of client and server, strange things happen: > These are the options on the server: > auth > deflate 0 > nobsdcomp > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > debug > ### > > Now I try to connect using the pptp linuxclient (I applied the same > patches to the client): > /usr/local/sbin/pptp 212.23.134.13 user stefan mppe-128 mppe-stateless > > The log on the server shows the following: > > Jun 8 08:12:11 kabel2 pppd[18526]: sent [CHAP Success id=0x1 "Welcome > to kabel2 > ."] > Jun 8 08:12:11 kabel2 pppd[18526]: sent [IPCP ConfReq id=0x1 192.168.192. > 253> ] > Jun 8 08:12:11 kabel2 pppd[18526]: sent [CCP ConfReq id=0x1 60>] > Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [IPCP ConfReq id=0x1 212.23.134.1 > 34> ] > Jun 8 08:12:11 kabel2 pppd[18526]: sent [IPCP ConfNak id=0x1 192.168.192. > 192>] > Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x1 40>] > Jun 8 08:12:11 kabel2 pppd[18526]: sent [CCP ConfRej id=0x1 40>] > Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [IPCP ConfAck id=0x1 192.168.192. > 253> ] > Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [CCP ConfNak id=0x1 40>] > Jun 8 08:12:11 kabel2 pppd[18526]: sent [CCP ConfReq id=0x2] > Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [IPCP ConfReq id=0x2 192.168.192. > 192> ] > Jun 8 08:12:11 kabel2 pppd[18526]: sent [IPCP ConfAck id=0x2 192.168.192. > 192> ] > Jun 8 08:12:11 kabel2 pppd[18526]: Script /etc/ppp/ip-up started (pid > 18528) > Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x2] > Jun 8 08:12:11 kabel2 pppd[18526]: sent [CCP ConfAck id=0x2] > Jun 8 08:12:11 kabel2 pppd[18526]: rcvd [CCP ConfAck id=0x2] > Jun 8 08:12:11 kabel2 pppd[18526]: Script /etc/ppp/ip-up finished (pid > 18528), > status = 0x0 > Jun 8 08:12:14 kabel2 pppd[18526]: sent [CCP ConfReq id=0x2] > Jun 8 08:12:14 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x3 40>] > Jun 8 08:12:14 kabel2 pppd[18526]: sent [CCP ConfRej id=0x3 40>] > Jun 8 08:12:14 kabel2 pppd[18526]: rcvd [CCP ConfAck id=0x2] > Jun 8 08:12:14 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x4] > Jun 8 08:12:14 kabel2 pppd[18526]: sent [CCP ConfAck id=0x4] > Jun 8 08:12:17 kabel2 pppd[18526]: sent [CCP ConfReq id=0x2] > Jun 8 08:12:17 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x5 40>] > Jun 8 08:12:17 kabel2 pppd[18526]: sent [CCP ConfRej id=0x5 40>] > Jun 8 08:12:17 kabel2 pppd[18526]: rcvd [CCP ConfAck id=0x2] > Jun 8 08:12:17 kabel2 pppd[18526]: rcvd [CCP ConfReq id=0x6] > > So in fact, no encryption is enabled and server and client continue to > negotiate abount . > How can I get it working? > What is the differenz between , and ? > > Thank for your help. > -- > /stefan_tomanek at web.de | ICQ:1177934 | PGP:finger stefan at localhost.ruhr.de / > / Spielen unter Linux: http://spiele.freepage.de/linux-zocker/ / > / "Wer Header f?lscht oder verf?lschte Header in Umlauf bringt / > / wird mit Scorefile nicht unter -500 Punkten bestraft." / > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From stefan_tomanek at web.de Fri Jun 8 08:23:49 2001 From: stefan_tomanek at web.de (Stefan Tomanek) Date: Fri, 8 Jun 2001 15:23:49 +0200 Subject: [pptp-server] Trouble using mppe-128 In-Reply-To: ; from lists@earthling.2y.net on Fri, Jun 08, 2001 at 06:30:46AM -0400 References: <20010608081556.C1410@pico.ruhr.de> Message-ID: <20010608152349.E1410@pico.ruhr.de> Dies schrieb Justin Kreger (lists at earthling.2y.net): > try putting the encrption stuff into /etc/ppp/options, also, are you using > chapms-v2 on the client? The client is capable of chapms-v2, und i've disabled PAP and CHAP on the server, but it still doesn't work. Can anyone mail me a working configuration for both client and server? -- /stefan_tomanek at web.de | ICQ:1177934 | PGP:finger stefan at localhost.ruhr.de / / Spielen unter Linux: http://spiele.freepage.de/linux-zocker/ / / "Wer Header f?lscht oder verf?lschte Header in Umlauf bringt / / wird mit Scorefile nicht unter -500 Punkten bestraft." / From tcanich at geosc.psu.edu Fri Jun 8 09:34:36 2001 From: tcanich at geosc.psu.edu (Tom Canich) Date: Fri, 8 Jun 2001 10:34:36 -0400 (EDT) Subject: [pptp-server] Server may ping client, client unable to ping s erver In-Reply-To: Message-ID: On Fri, 8 Jun 2001, Justin Kreger wrote: > I bet it's proxyarp... or running a subnet on the ppp interfaces that is > not the same as with the lan. On the LAN i am using 10.0.0.x for all adressing (there are only 3 nodes). The PPP interface can have an IP from 10.0.0.4-10 for both local and remote. Do these need to be different ranges? (grabbing at straws now). ProxtArp intrigues me. I have it added to the config file, but it there more i need to do.../me looks for man page! thanks, tom > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > On Fri, 8 Jun 2001, George Vieira wrote: > > > > > > > How about some config files and log messages. I'm sorry but I failed my mind > > reading class ;-) Joke. > > > > > > thanks, > > George Vieira > > > > > > -----Original Message----- > > From: Jamin Collins [mailto:JaminC at adapt-tele.com] > > Sent: Friday, June 08, 2001 1:14 PM > > To: 'Tom Canich'; pptp-server at lists.schulte.org > > Subject: RE: [pptp-server] Server may ping client, client unable to ping > > s erver > > > > > > > > > > Tom Canich [mailto:tcanich at geosc.psu.edu] > > > The client connects and receives a remote and local IP address. I can > > > ping the client's IP from the server, but the client is > > > unable to send any traffic back to the LAN. > > > > A few things will help us help you better: > > - IP's for the systems in question > > - routing tables from both systems > > > > Jamin W. Collins > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > From JaminC at adapt-tele.com Fri Jun 8 10:40:21 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 8 Jun 2001 10:40:21 -0500 Subject: [pptp-server] Server may ping client, client unable to ping Message-ID: Tom Canich [mailto:tcanich at geosc.psu.edu] wrote: > On the LAN i am using 10.0.0.x for all adressing (there are > only 3 nodes). The PPP interface can have an IP from > 10.0.0.4-10 for both local and remote. Do these need to be > different ranges? (grabbing at straws now). AFAIK, you only need one local ip. However, this ip needs to be different than the remote ip's. I believe you can also get away with only one remote ip, but I've never tried it. > ProxtArp intrigues me. I have it added to the config file, > but it there more i need to do.../me looks for man page! I have the debug option in my /etc/ppp/options file and when a connection is made, I get a decent amount of information in my log regarding the connection including the local and remote ip's and the proxyarp settings. You might want to give this a shot to see what's happening. Jamin W. Collins From mond at maxwell.sil.at Fri Jun 8 10:46:51 2001 From: mond at maxwell.sil.at (franz schaefer) Date: Fri, 8 Jun 2001 17:46:51 +0200 Subject: [pptp-server] zyxel prestige 310 pptp to poptop Message-ID: <20010608174651.A7552@maxwell.sil.at> hi there! i a setup where i would want to conenct with a zyxel prestige 310 to the poptop server. everything works fine (even thought the zyxel do not negotiate any encryption... where windoze me does..). i can send ping over the tunnels (even large ones..) but i can not use tcp over that tunnel. i do not have any firewall rules neither on the linux nor on the zyxel. kernel 2.4.4 with linux-2.4.0-openssl-0.9.6-mppe.patch pptpd-1.1.1 ppp-2.4.1 with ppp-2.4.1-openssl-0.9.6-mppe-patch zyxel prestige 310 any ideas? anyone ever used a zyxel prestige 310 to pptp to a linux box? which versions of software did you use in that case? thanks in advance for your help. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ . Franz Schaefer .. +43/676/3195231 +43/1/4933256/73 ... schaefer at maxwell.sil.at ... From Steve at SteveCowles.com Fri Jun 8 11:07:26 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 8 Jun 2001 11:07:26 -0500 Subject: [pptp-server] Server may ping client, client unable to ping s erver Message-ID: <90769AF04F76D41186C700A0C90AFC3EE7C4@defiant.infohiiway.com> > -----Original Message----- > From: Tom Canich [mailto:tcanich at geosc.psu.edu] > Sent: Friday, June 08, 2001 9:35 AM > To: Justin Kreger > Cc: George Vieira; 'Jamin Collins'; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Server may ping client, client > unable to ping server > > On Fri, 8 Jun 2001, Justin Kreger wrote: > > > I bet it's proxyarp... or running a subnet on the ppp > > interfaces that is not the same as with the lan. > > On the LAN i am using 10.0.0.x for all adressing (there are > only 3 nodes). The PPP interface can have an IP from > 10.0.0.4-10 for both local and remote. Do these need to be > different ranges? (grabbing at straws now). I always configure the ppp interface (local) to have the same address as the ethernet interface of the PPTP server (not a range). Although its not a requirement to be successful. Also, the remote address range should be configured to have an unused IP range within the same network address of the LAN if the proxyarp function is going to be successful in determining which interface will answer arp requests on behalf of the PPTP client. > > ProxtArp intrigues me. I have it added to the config file, > but it there more i need to do.../me looks for man page! > When you connect to your PPTP server - do you see an entry in the log files that states that "found interface ethx for proxy arp" ??? Also, checkout the following link for a description of how important the proxyarp statement is with regards to VPN's. http://www.infohiiway.com/pptp/proxyarp.html Steve Cowles From mond at maxwell.sil.at Fri Jun 8 11:09:49 2001 From: mond at maxwell.sil.at (franz schaefer) Date: Fri, 8 Jun 2001 18:09:49 +0200 Subject: [pptp-server] zyxel prestige 310 pptp to poptop more info Message-ID: <20010608180949.A8629@maxwell.sil.at> ok. now i tried it with older versions of the software: kernel 2.2.19 (no patches applied) pptpd-1.0.1 ppp-2.3.11 (no patches applied) the effects are absolutly identical with the ones i found with the 2.4.4 kernel. ping works like it should but tcp connections never work.. # tcpdump -ni ppp0 tcpdump: listening on ppp0 18:04:42.200932 10.22.22.102.1025 > 192.168.99.66.19: S 2862510754:2862510754(0) win 32640 (DF) [tos 0x10] 18:04:42.205018 192.168.99.66.19 > 10.22.22.102.1025: S 2861392536:2861392536(0) ack 2862510755 win 3792 (DF) 18:04:42.205055 10.22.22.102.1025 > 192.168.99.66.19: . ack 1 win 32640 (DF) [tos 0x10] 18:05:50.929980 10.22.22.102.1024 > 192.168.99.66.19: FP 2342200939:2342200943(4) ack 2361938752 win 32640 (DF) [tos 0x10] and the connections stops here... while a ping works just like ist should: 18:06:53.049990 10.22.22.102 > 192.168.99.66: icmp: echo request 18:06:53.053219 192.168.99.66 > 10.22.22.102: icmp: echo reply (DF) 18:06:54.049999 10.22.22.102 > 192.168.99.66: icmp: echo request 18:06:54.053273 192.168.99.66 > 10.22.22.102: icmp: echo reply (DF) greetings mond. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ . Franz Schaefer .. +43/676/3195231 +43/1/4933256/73 ... schaefer at maxwell.sil.at ... From tcanich at geosc.psu.edu Fri Jun 8 13:35:06 2001 From: tcanich at geosc.psu.edu (Tom Canich) Date: Fri, 8 Jun 2001 14:35:06 -0400 (EDT) Subject: RESOLVED: RE: [pptp-server] Server may ping client, client unable to ping s erver In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE7C4@defiant.infohiiway.com> Message-ID: The problem: Client can connect, but cannot send any traffic to the Network, Server can ping client, Solution: The RemoteIP and LocalIP tags were both set to the same range and the same address was being used for both. By changing localip to 10.0.0.4-5 and RemoteIP to 10.0.0.6-7 the client was able to connect and send ping traffic to the Lan. Thanks to all who replied! tom > I always configure the ppp interface (local) to have the same address as the > ethernet interface of the PPTP server (not a range). Although its not a > requirement to be successful. Also, the remote address range should be > configured to have an unused IP range within the same network address of the > LAN if the proxyarp function is going to be successful in determining which > interface will answer arp requests on behalf of the PPTP client. From nick at taxlawyer.co.nz Fri Jun 8 21:16:37 2001 From: nick at taxlawyer.co.nz (Nick Rout) Date: Sat, 09 Jun 2001 14:16:37 +1200 Subject: [pptp-server] pptpd problems getting connected Message-ID: <4253718880.992096196@[192.168.2.1]> I am having problems with pptpd on a linux firewall box. I am pretty sure I have dealt with gre and port 1723 correctly. here is a log. on the windows 98 end I get an error 650. after the attempt pppd is left running (according to ps) and needs to be killed. It has a pid one higher than the pid for pptpd shown in the logs. I have had pptpd going previously and my options are all the same as on the other machine it ran on. can anyone give me any pointers please? Jun 9 13:56:40 gateway pptpd[23832]: CTRL: Client 203.97.104.225 control connection started Jun 9 13:56:40 gateway pptpd[23832]: CTRL: Starting call (launching pppd, opening GRE) Jun 9 13:57:14 gateway pptpd[23832]: CTRL: Error with select(), quitting Jun 9 13:57:14 gateway pptpd[23832]: CTRL: Client 203.97.104.225 control connection finished From berzerke at swbell.net Fri Jun 8 23:21:26 2001 From: berzerke at swbell.net (robert) Date: Fri, 08 Jun 2001 23:21:26 -0500 Subject: [pptp-server] pptpd problems getting connected In-Reply-To: <4253718880.992096196@[192.168.2.1]> References: <4253718880.992096196@[192.168.2.1]> Message-ID: <01060823212603.23337@linux> Error 650 is a sure sign of firewall problems. These can be extremely tricky. "Nat" is probably one of the hardest parts to get right. What firewall are you using and what are the rule? On Friday 08 June 2001 21:16, Nick Rout wrote: > I am having problems with pptpd on a linux firewall box. I am pretty sure I > have dealt with gre and port 1723 correctly. here is a log. on the windows > 98 end I get an error 650. after the attempt pppd is left running > (according to ps) and needs to be killed. It has a pid one higher than the > pid for pptpd shown in the logs. > > I have had pptpd going previously and my options are all the same as on the > other machine it ran on. can anyone give me any pointers please? > > Jun 9 13:56:40 gateway pptpd[23832]: CTRL: Client 203.97.104.225 control > connection started > Jun 9 13:56:40 gateway pptpd[23832]: CTRL: Starting call (launching pppd, > opening GRE) > Jun 9 13:57:14 gateway pptpd[23832]: CTRL: Error with select(), quitting > Jun 9 13:57:14 gateway pptpd[23832]: CTRL: Client 203.97.104.225 control > connection finished > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From nick at taxlawyer.co.nz Sat Jun 9 00:02:47 2001 From: nick at taxlawyer.co.nz (Nick Rout) Date: Sat, 09 Jun 2001 17:02:47 +1200 Subject: [pptp-server] pptpd problems getting connected In-Reply-To: <01060823212603.23337@linux> Message-ID: <4263689510.992106167@[192.168.2.1]> Its a ipchains on kernel 2.2.17. Theres a long list of rules. In the input and output chains i have the following: ipchains -A input -j ACCEPT -i $EXTIF -p 47 -s $UNIV -d $EXTIP ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s $UNIV -d $EXTIP 1723 ipchains -A input -j ACCEPT -i $EXTIF -p udp -s $UNIV -d $EXTIP 1723 ipchains -A output -j ACCEPT -i $EXTIF -p 47 -s $EXTIP -d $UNIV ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s $EXTIP 1723 -d $UNIV ipchains -A output -j ACCEPT -i $EXTIF -p udp -s $EXTIP 1723 -d $UNIV where:- $EXTIF = ppp0 $EXTIP = my public ip address (ie the address of ppp0) $UNIV = 0.0.0.0/0 (I think the udp on port 1723 is superfluous and i'll remove it sometimerealsoonnow.) (there are no forwarding rules as the poptop daemon is on the firewall) --On Friday, 8 June 2001 23:21 -0500 robert wrote: > Error 650 is a sure sign of firewall problems. These can be extremely > tricky. "Nat" is probably one of the hardest parts to get right. What > firewall are you using and what are the rule? > > On Friday 08 June 2001 21:16, Nick Rout wrote: >> I am having problems with pptpd on a linux firewall box. I am pretty >> sure I have dealt with gre and port 1723 correctly. here is a log. on >> the windows 98 end I get an error 650. after the attempt pppd is left >> running (according to ps) and needs to be killed. It has a pid one >> higher than the pid for pptpd shown in the logs. >> >> I have had pptpd going previously and my options are all the same as on >> the other machine it ran on. can anyone give me any pointers please? >> >> Jun 9 13:56:40 gateway pptpd[23832]: CTRL: Client 203.97.104.225 control >> connection started >> Jun 9 13:56:40 gateway pptpd[23832]: CTRL: Starting call (launching >> pppd, opening GRE) >> Jun 9 13:57:14 gateway pptpd[23832]: CTRL: Error with select(), quitting >> Jun 9 13:57:14 gateway pptpd[23832]: CTRL: Client 203.97.104.225 control >> connection finished >> >> >> _______________________________________________ >> pptp-server maillist - pptp-server at lists.schulte.org >> http://lists.schulte.org/mailman/listinfo/pptp-server >> List services provided by www.schulteconsulting.com! From jay-mccanta at home.com Sat Jun 9 03:37:31 2001 From: jay-mccanta at home.com (Jay T. McCanta) Date: Sat, 9 Jun 2001 01:37:31 -0700 Subject: [pptp-server] source locations for pppd and mppe Message-ID: <002401c0f0bf$6c9bbf20$f7ffa8c0@jayathome> I am having a hard time finding the sources for pppd and the mppe patch. The FAQ location is not working (http://smop.de). The mailing list archive seems to have patches to the mppe patch. Help. Jay capitol hill travel From berzerke at swbell.net Sat Jun 9 09:39:29 2001 From: berzerke at swbell.net (robert) Date: Sat, 09 Jun 2001 09:39:29 -0500 Subject: [pptp-server] pptpd problems getting connected In-Reply-To: <4263689510.992106167@[192.168.2.1]> References: <4263689510.992106167@[192.168.2.1]> Message-ID: <01060909392900.04479@linux> There are some sample rules for ipchains. Search the list archives. I use iptables, so I can't help you much. The biggest problem is NAT. Is either end NAT'd? On Saturday 09 June 2001 00:02, Nick Rout wrote: > Its a ipchains on kernel 2.2.17. Theres a long list of rules. In the input > and output chains i have the following: > > ipchains -A input -j ACCEPT -i $EXTIF -p 47 -s $UNIV -d $EXTIP > ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s $UNIV -d $EXTIP 1723 > ipchains -A input -j ACCEPT -i $EXTIF -p udp -s $UNIV -d $EXTIP 1723 > > ipchains -A output -j ACCEPT -i $EXTIF -p 47 -s $EXTIP -d $UNIV > ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s $EXTIP 1723 -d $UNIV > ipchains -A output -j ACCEPT -i $EXTIF -p udp -s $EXTIP 1723 -d $UNIV > > where:- > $EXTIF = ppp0 > $EXTIP = my public ip address (ie the address of ppp0) > $UNIV = 0.0.0.0/0 > > > (I think the udp on port 1723 is superfluous and i'll remove it > sometimerealsoonnow.) > (there are no forwarding rules as the poptop daemon is on the firewall) > > --On Friday, 8 June 2001 23:21 -0500 robert wrote: > > Error 650 is a sure sign of firewall problems. These can be extremely > > tricky. "Nat" is probably one of the hardest parts to get right. What > > firewall are you using and what are the rule? > > > > On Friday 08 June 2001 21:16, Nick Rout wrote: > >> I am having problems with pptpd on a linux firewall box. I am pretty > >> sure I have dealt with gre and port 1723 correctly. here is a log. on > >> the windows 98 end I get an error 650. after the attempt pppd is left > >> running (according to ps) and needs to be killed. It has a pid one > >> higher than the pid for pptpd shown in the logs. > >> > >> I have had pptpd going previously and my options are all the same as on > >> the other machine it ran on. can anyone give me any pointers please? > >> > >> Jun 9 13:56:40 gateway pptpd[23832]: CTRL: Client 203.97.104.225 > >> control connection started > >> Jun 9 13:56:40 gateway pptpd[23832]: CTRL: Starting call (launching > >> pppd, opening GRE) > >> Jun 9 13:57:14 gateway pptpd[23832]: CTRL: Error with select(), > >> quitting Jun 9 13:57:14 gateway pptpd[23832]: CTRL: Client > >> 203.97.104.225 control connection finished > >> > >> > >> _______________________________________________ > >> pptp-server maillist - pptp-server at lists.schulte.org > >> http://lists.schulte.org/mailman/listinfo/pptp-server > >> List services provided by www.schulteconsulting.com! From patrick.keys at forest.tele2.co.uk Sat Jun 9 13:05:25 2001 From: patrick.keys at forest.tele2.co.uk (Patrick Keys) Date: Sat, 9 Jun 2001 19:05:25 +0100 Subject: [pptp-server] Windows 2000 browse and PPTP Message-ID: Hello I have been trying for ages to make a Linux pptpd server running samba 2.2.0 supply a browse list for the computers on my office network when accessing from home. Samba is configured as a WINS server and the remote clients are configured to use it. Most of the office computers use it as well - unfortunately it takes longer than you might imagine to make such network changes! Anyway, I have been able to access office computers from home using \\computer-name\share. I have now managed to obtain a list of remote workgroups and NT domains - our office network consists of both. I managed to do this by setting the workgroup of my home PC to match one of the workgroups in the office, in this case, the workgroup that the samba server resides in. Unfortunately, this is where the problem lies. My home computer is also connected to a network and normally resides in a different workgroup. I don't particularly want to change the workgroup of my PC each time I connect to the office (windows insists on a reboot), so the obvious question is whether there is any way of changing this on a per-connection basis... I have played with the logon domain option in the VPN connection box, but this doesn't help (it probably shouldn't, anyway). Does anyone know of a way to do this? It's probably an annoying windows problem, but it would be very useful to sort this problem out once and for all. Many thanks for any suggestions Patrick From JaminC at adapt-tele.com Sat Jun 9 13:33:09 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Sat, 9 Jun 2001 13:33:09 -0500 Subject: [pptp-server] Windows 2000 browse and PPTP Message-ID: Patrick Keys [mailto:patrick.keys at forest.tele2.co.uk] wrote: > Anyway, I have been able to access office computers from home using > \\computer-name\share. I have now managed to obtain a list of remote > workgroups and NT domains - our office network consists of > both. I managed to do this by setting the workgroup of my home PC to > match one of the workgroups in the office, in this case, the > workgroup that the samba server resides in. > > Unfortunately, this is where the problem lies. My home computer is > also connected to a network and normally resides in a different > workgroup. I don't particularly want to change the workgroup of my > PC each time I connect to the office (windows insists on a reboot), > so the obvious question is whether there is any way of changing this > on a per-connection basis... Nope. Fact of life with windows networking. You MIGHT be able to get a listing of the other network by going to "Entire Network". However this is touchy at best. Jamin W. Collins From nick at taxlawyer.co.nz Sat Jun 9 15:57:59 2001 From: nick at taxlawyer.co.nz (Nick Rout) Date: Sun, 10 Jun 2001 08:57:59 +1200 Subject: [pptp-server] pptpd problems getting connected In-Reply-To: <01060909392900.04479@linux> Message-ID: <26034224.992163479@[192.168.1.210]> I have a connection now. yahoo! I rebooted the friewall. I think all those ppp sessions lying around were unhelpful. Also ifconfig showed an extraneous ppp1 which would not go away, even though it was "down" and unconnected to anything. Anyway, now I can connect, in as much as I have ppp from win98 thru to the firewall box, but the firewall is still blocking packets so I need to work on that. This is significant progress! Thanks for your help! --On Saturday, 9 June 2001 09:39 -0500 robert wrote: > There are some sample rules for ipchains. Search the list archives. I > use iptables, so I can't help you much. The biggest problem is NAT. Is > either end NAT'd? > > On Saturday 09 June 2001 00:02, Nick Rout wrote: >> Its a ipchains on kernel 2.2.17. Theres a long list of rules. In the >> input and output chains i have the following: >> >> ipchains -A input -j ACCEPT -i $EXTIF -p 47 -s $UNIV -d $EXTIP >> ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s $UNIV -d $EXTIP 1723 >> ipchains -A input -j ACCEPT -i $EXTIF -p udp -s $UNIV -d $EXTIP 1723 >> >> ipchains -A output -j ACCEPT -i $EXTIF -p 47 -s $EXTIP -d $UNIV >> ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s $EXTIP 1723 -d $UNIV >> ipchains -A output -j ACCEPT -i $EXTIF -p udp -s $EXTIP 1723 -d $UNIV >> >> where:- >> $EXTIF = ppp0 >> $EXTIP = my public ip address (ie the address of ppp0) >> $UNIV = 0.0.0.0/0 >> >> >> (I think the udp on port 1723 is superfluous and i'll remove it >> sometimerealsoonnow.) >> (there are no forwarding rules as the poptop daemon is on the firewall) >> >> --On Friday, 8 June 2001 23:21 -0500 robert wrote: >> > Error 650 is a sure sign of firewall problems. These can be extremely >> > tricky. "Nat" is probably one of the hardest parts to get right. What >> > firewall are you using and what are the rule? >> > >> > On Friday 08 June 2001 21:16, Nick Rout wrote: >> >> I am having problems with pptpd on a linux firewall box. I am pretty >> >> sure I have dealt with gre and port 1723 correctly. here is a log. on >> >> the windows 98 end I get an error 650. after the attempt pppd is left >> >> running (according to ps) and needs to be killed. It has a pid one >> >> higher than the pid for pptpd shown in the logs. >> >> >> >> I have had pptpd going previously and my options are all the same as >> >> on the other machine it ran on. can anyone give me any pointers >> >> please? >> >> >> >> Jun 9 13:56:40 gateway pptpd[23832]: CTRL: Client 203.97.104.225 >> >> control connection started >> >> Jun 9 13:56:40 gateway pptpd[23832]: CTRL: Starting call (launching >> >> pppd, opening GRE) >> >> Jun 9 13:57:14 gateway pptpd[23832]: CTRL: Error with select(), >> >> quitting Jun 9 13:57:14 gateway pptpd[23832]: CTRL: Client >> >> 203.97.104.225 control connection finished >> >> >> >> >> >> _______________________________________________ >> >> pptp-server maillist - pptp-server at lists.schulte.org >> >> http://lists.schulte.org/mailman/listinfo/pptp-server >> >> List services provided by www.schulteconsulting.com! From Steve at SteveCowles.com Sat Jun 9 16:25:19 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sat, 9 Jun 2001 16:25:19 -0500 Subject: [pptp-server] Windows 2000 browse and PPTP Message-ID: <90769AF04F76D41186C700A0C90AFC3EE7C8@defiant.infohiiway.com> > -----Original Message----- > From: Patrick Keys [mailto:patrick.keys at forest.tele2.co.uk] > Sent: Saturday, June 09, 2001 1:05 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Windows 2000 browse and PPTP > > Hello > > I have been trying for ages to make a Linux pptpd server > running samba 2.2.0 supply a browse list for the computers > on my office network when accessing from home. Samba is > configured as a WINS server and the remote clients are > configured to use it. Most of the office computers use it > as well - unfortunately it takes longer than you might > imagine to make such network changes! > > Anyway, I have been able to access office computers from home using > \\computer-name\share. I have now managed to obtain a list of remote > workgroups and NT domains - our office network consists of > both. I managed to do this by setting the workgroup of my home > PC to match one of the workgroups in the office, in this case, the > workgroup that the samba server resides in. > > Unfortunately, this is where the problem lies. My home > computer is also connected to a network and normally resides > in a different workgroup. I don't particularly want to change > the workgroup of my PC each time I connect to the office > (windows insists on a reboot), so the obvious question is > whether there is any way of changing this on a per-connection > basis... I have played with the logon domain option in the VPN > connection box, but this doesn't help (it probably shouldn't, > anyway). Does anyone know of a way to do this? It's probably an > annoying windows problem, but it would be very useful to sort > this problem out once and for all. First of all - Microsoft never intended for a "single" workstation to be a member of multiple workgroups/domains. Thats really the function of the Domain Controllers. i.e. Trust Relationships. Some corporations security policies do not allow you to browse the servers in other workgroup/domains. Anyway, In a perfect world... (according to Microsoft): 1) You should have one WINS server per LAN. 2) Each client on the local LAN will register its workgroup/domain registration with the local WINS server on that LAN. 3) Each WINS server is then configured to do "push/pull" replication of its database (registrations) among the other WINS servers. Usually in a star configuration. Unfortunately, the above perfect world is based on using MS WINS servers. Samba WINS has similar functionality (remote browse sync), but is unable to replicate with MS based WINS servers. :-( FWIW: One nice feature of implementing multiple WINS servers is it keeps the rather "chatty" browser related traffic from spanning across WAN's that link remote offices/buildings together. Especially offices that are linked by VPN's. Microsoft networking can (if not properly setup) kill bandwidth across these links. i.e. Using one WINS server for multiple LANS linked by VPN's, Frame Relay circuits, etc... Another nice feature of using multiple WINS... your PPTP clients can register with one WINS server and browse all the other workgroup/domains that have replicated with that WINS server. Security permitting of course. Thank goodness W2K is now using Active Directory (not WINS) that is based on DNS. Much better implementation. Steve Cowles From lists at earthling.2y.net Sat Jun 9 16:53:31 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 9 Jun 2001 17:53:31 -0400 (EDT) Subject: [pptp-server] Windows 2000 browse and PPTP In-Reply-To: Message-ID: Try remote announce in samba..... Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Sat, 9 Jun 2001, Patrick Keys wrote: > > > Hello > > I have been trying for ages to make a Linux pptpd server running samba 2.2.0 > supply a browse list for the computers on my office network when accessing > from home. Samba is configured as a WINS server and the remote clients are > configured to use it. Most of the office computers use it as well - > unfortunately it takes longer than you might imagine to make such network > changes! > > Anyway, I have been able to access office computers from home using > \\computer-name\share. I have now managed to obtain a list of remote > workgroups and NT domains - our office network consists of both. I managed > to do this by setting the workgroup of my home PC to match one of the > workgroups in the office, in this case, the workgroup that the samba server > resides in. > > Unfortunately, this is where the problem lies. My home computer is also > connected to a network and normally resides in a different workgroup. I > don't particularly want to change the workgroup of my PC each time I connect > to the office (windows insists on a reboot), so the obvious question is > whether there is any way of changing this on a per-connection basis... I > have played with the logon domain option in the VPN connection box, but this > doesn't help (it probably shouldn't, anyway). Does anyone know of a way to > do this? It's probably an annoying windows problem, but it would be very > useful to sort this problem out once and for all. > > Many thanks for any suggestions > > Patrick > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From ismandya at sains.com.my Sat Jun 9 22:33:39 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Sun, 10 Jun 2001 11:33:39 +0800 Subject: [pptp-server] protocol unreachable? Message-ID: <7745C48BD0B.AAAFE8@mail.sarawaknet.gov.my> Hi guys, need help again. After configuring my linux box, I get the protocol unreachable error. is this error is caused by the incorrect setup or something misconfigured at the router? Help, I am almost making my pptp server running just like yours!. need advice .. ... 9 202.xx.xx.2 (202.xx.xx.2) 30.265 ms 31.668 ms 28.091 ms 10 * 202.xx.xx.34 (202.xx.xx.34) 29.390 ms 27.184 ms 11 202.xx.xx.37 (202.xx.xx.37) 42.596 ms !P 40.230 ms !P 26.899 ms !P From lists at earthling.2y.net Sun Jun 10 08:19:46 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sun, 10 Jun 2001 09:19:46 -0400 (EDT) Subject: [pptp-server] protocol unreachable? In-Reply-To: <7745C48BD0B.AAAFE8@mail.sarawaknet.gov.my> Message-ID: trace from a client box (linux) using the tracerotue that somebody patched to do GRE packets, and then see if there is a router blocking them. You may be dealing with a firewall. Have you looked into that being a possibiliy? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Sun, 10 Jun 2001, Ismandy Ali wrote: > > > Hi guys, > need help again. After configuring my linux box, I get the protocol > unreachable error. is this error is caused by the incorrect setup or > something misconfigured at the router? Help, I am almost making my pptp > server running just like yours!. > > need advice > > .. > ... > > 9 202.xx.xx.2 (202.xx.xx.2) 30.265 ms 31.668 ms 28.091 ms > 10 * 202.xx.xx.34 (202.xx.xx.34) 29.390 ms 27.184 ms > 11 202.xx.xx.37 (202.xx.xx.37) 42.596 ms !P 40.230 ms !P 26.899 ms !P > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From john at ecsc.co.uk Sun Jun 10 15:08:23 2001 From: john at ecsc.co.uk (John Leach) Date: 10 Jun 2001 21:08:23 +0100 Subject: [pptp-server] a *bizarre* situation Message-ID: <992203703.1830.0.camel@murdock> Ok, now this has me doing some serious swede scratching.... This is over a local lan, with no firewalls or routers in between, just a switch. I have a Win2k client (actually 2, one advanced server, another pro SP2) connecting to pptpd v1.1.2, pppd 2.4.0 (with the relevant patches to make mppe work), on Linux kernel 2.4.3 again with the relevant patches. I connect un-encrypted, everything works fine, things work superbly in fact. I connect using encryption, and everything *seems* to work fine. auths, connects, sets up the tunnel... but the win2k box doesn't seem to actually *see* the packets it receives. But it definately does get them. A simple ping test from the win2k box to the other end of the ppp connection results in an outgoing icmp request which the linux server receives ok, which then replies with an icmp reply, which arrives at the other end of the tunnel fine too, but the win2k box doesn't see it. I know the packets are being received as I've used WinEthereal and have captured them. I've tried this with TCP connections too, win2k just doesn't see the ack packets even tho they actually get received. To be truthful I'm faffing around with an rpm I made last month of this lot, which I've tested before and has been confirmed to work, I *should* be recompiling from source manually and re-testing, but I'd really like to know what is going on. There are *no* packet filters of any kind active on either win2k box or the linux box. I wanted to test via the linux pptp client but I can't seem to make it use mppe, it always defaults to cleartext. This has me stumped. I first thought data was being corrupted somewhere, but ethereal should pick up on that (I beleive it checks the crcs). I can see the incoming gre packets, and the resulting un-encapsulated packets, but win2k never seems to actually use them. ARGH! John Leach. MCP, CCNA, BOFH, EGO. From john at ecsc.co.uk Sun Jun 10 16:45:22 2001 From: john at ecsc.co.uk (John Leach) Date: 10 Jun 2001 22:45:22 +0100 Subject: [pptp-server] a *bizarre* situation In-Reply-To: <992203703.1830.0.camel@murdock> References: <992203703.1830.0.camel@murdock> Message-ID: <992209522.1828.1.camel@murdock> ok an update, to rule the suspicious rpms I made out of the equation I compiled everything from source... Now I'm using ppp 2.4.1 patched accordingly, Kernel 2.4.3-ac14 patched with the kernel ppp mppe patch (the 2.4.4 patch ran fine), and pptpd v1.1.2 Then, as recommended by Robert I used the win2k configs from his website http://home.swbell.net/berzerke. But still to no avail. I've used pptp quite a lot and can usually get it working from scratch in less than half an hour! I've had win2k working with it fine, with and without encryption (fully tested by dumping the passing packets to ensure they *were* encrypted). I'm going nuts now, I'm sure I can't be missing something simple, the vpn tunnel is doing its job! the packets go from A to B, and arrive safely but win2k does not seem to recognise them as the replies it expects. I repeat, I've sniffed the packets actually arrive fine, after being decrypted and passing along the network interface, but they aren't being acknowledged by some other part of win2k, arrrrgh. If this *is* something simple, I'm going to look very relieved and very stupid, I'll push myself to admit this publically if I do figure out its me being silly. John Leach. > Ok, now this has me doing some serious swede scratching.... > > This is over a local lan, with no firewalls or routers in between, just > a switch. > > I have a Win2k client (actually 2, one advanced server, another pro SP2) > connecting to pptpd v1.1.2, pppd 2.4.0 (with the relevant patches to > make mppe work), on Linux kernel 2.4.3 again with the relevant patches. > > I connect un-encrypted, everything works fine, things work superbly in > fact. > > I connect using encryption, and everything *seems* to work fine. auths, > connects, sets up the tunnel... but the win2k box doesn't seem to > actually *see* the packets it receives. But it definately does get > them. > > A simple ping test from the win2k box to the other end of the ppp > connection results in an outgoing icmp request which the linux server > receives ok, which then replies with an icmp reply, which arrives at the > other end of the tunnel fine too, but the win2k box doesn't see it. > > I know the packets are being received as I've used WinEthereal and have > captured them. I've tried this with TCP connections too, win2k just > doesn't see the ack packets even tho they actually get received. > > To be truthful I'm faffing around with an rpm I made last month of this > lot, which I've tested before and has been confirmed to work, I *should* > be recompiling from source manually and re-testing, but I'd really like > to know what is going on. > > There are *no* packet filters of any kind active on either win2k box or > the linux box. I wanted to test via the linux pptp client but I can't > seem to make it use mppe, it always defaults to cleartext. > > This has me stumped. I first thought data was being corrupted > somewhere, but ethereal should pick up on that (I beleive it checks the > crcs). I can see the incoming gre packets, and the resulting > un-encapsulated packets, but win2k never seems to actually use them. > > ARGH! > > John Leach. MCP, CCNA, BOFH, EGO. > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jay-mccanta at home.com Sun Jun 10 21:49:47 2001 From: jay-mccanta at home.com (Jay T. McCanta) Date: Sun, 10 Jun 2001 19:49:47 -0700 Subject: [pptp-server] one way tunnel? Message-ID: <001301c0f221$51227870$f11e0041@jayathome> I have a windows 2k SP2 box and a windows 98SE box making connections to a Linux box running 2.2.19 kernel with pptpd v1.0.1 and pppd v 2.3.11 with the mppe patches. This same box is a firewall and Samba server. From jay-mccanta at home.com Sun Jun 10 22:24:12 2001 From: jay-mccanta at home.com (Jay T. McCanta) Date: Sun, 10 Jun 2001 20:24:12 -0700 Subject: [pptp-server] one way tunnel on w2k not w98 (this time w/text and feeling) Message-ID: <004301c0f225$fc6c94a0$f11e0041@jayathome> I have a windows 2k SP2 box and a windows 98SE box making connections to a Linux box running 2.2.19 kernel with pptpd v1.0.1 and pppd v 2.3.11 with the mppe patches. This same box is a firewall and Samba server. From the windows 98 box, I can browse, map and generally windows my way around the network. I am using an lmhosts file because my network is tiny and it was easier than setting up wins. I see it using 128 bit encryption and everything works both directions. The win2k box is another matter. I can't browse, etc. but the thing that has me curious is that from my pptp/firewall/samba server, I cannot ping the win2k client. I can't make any connections to the client from the server. The client can telnet and ftp and do general tcp stuff. However, from the server, I cannot ping/telnet/ftp to the client, and yes, the client has telnet and ftp daemons running (at least while I was testing). The most common error I get is "no route to host". I have looked at How to on the PoPToP website and at http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt I believe I am doing everything right - the windows98 box would imply that. What weird w2k thing is stalking me? I appreciate an extra set of eyes or two looking at this. /etc/ppp/options: lock debug name * auth +chap +chapms +chapms-v2 mppe-128 mppe-40 mppe-stateless proxyarp ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.101 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 206.63.251.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 206.63.251.1 0.0.0.0 UG 0 0 0 eth0 Thanks. From lists at earthling.2y.net Sun Jun 10 23:09:54 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Mon, 11 Jun 2001 00:09:54 -0400 (EDT) Subject: [pptp-server] one way tunnel on w2k not w98 (this time w/text and feeling) In-Reply-To: <004301c0f225$fc6c94a0$f11e0041@jayathome> Message-ID: try removing chapms, and just leaving v2.... in all honesty... this is becomming alarming.... what ver of win2k is your box? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Sun, 10 Jun 2001, Jay T. McCanta wrote: > > > I have a windows 2k SP2 box and a windows 98SE box making connections to a > Linux box running 2.2.19 kernel with pptpd v1.0.1 and pppd v 2.3.11 with the > mppe patches. This same box is a firewall and Samba server. From the > windows 98 box, I can browse, map and generally windows my way around the > network. I am using an lmhosts file because my network is tiny and it was > easier than setting up wins. I see it using 128 bit encryption and > everything works both directions. > > The win2k box is another matter. I can't browse, etc. but the thing that has > me curious is that from my pptp/firewall/samba server, I cannot ping the > win2k client. I can't make any connections to the client from the server. > The client can telnet and ftp and do general tcp stuff. However, from the > server, I cannot ping/telnet/ftp to the client, and yes, the client has > telnet and ftp daemons running (at least while I was testing). The most > common error I get is "no route to host". I have looked at How to on the > PoPToP website and at > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt I believe I am > doing everything right - the windows98 box would imply that. What weird w2k > thing is stalking me? > > I appreciate an extra set of eyes or two looking at this. > > /etc/ppp/options: > lock > debug > name * > auth > +chap > +chapms > +chapms-v2 > mppe-128 > mppe-40 > mppe-stateless > proxyarp > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > deflate 0 > > > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window > irtt Iface > 192.168.0.101 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 206.63.251.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 206.63.251.1 0.0.0.0 UG 0 0 0 eth0 > > Thanks. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jay-mccanta at home.com Mon Jun 11 00:35:52 2001 From: jay-mccanta at home.com (Jay T. McCanta) Date: Sun, 10 Jun 2001 22:35:52 -0700 Subject: [pptp-server] one way tunnel on w2k not w98 (this time w/text and feeling) References: Message-ID: <001001c0f238$793041f0$f11e0041@jayathome> Sorry it didn't do the trick. I did notice that when I ping the receive icon in the system tray lights, but the send doesn't. Looks likes its getting the pings, but doesn't recognise them and rely. Data flows if a connection is initiated from the W2k side, but no connection can be initiated from the linux side. Likewise, broadcasts seem to be dropped. The packets get here (the rec'd counts increment proportional and in time with activity), however, win2k is dropping them like [insert silly hyperbole/simile]. Some details... Windows 2000 Professional SP2 (Winver -> 5.0 Build 2195 SP2). Here's the syslog messages - Jun 10 22:04:47 mail pptpd[16171]: MGR: Manager process started Jun 10 22:07:15 mail pptpd[16185]: CTRL: Client 65.0.30.241 control connection started Jun 10 22:07:15 mail pptpd[16185]: CTRL: Starting call (launching pppd, opening GRE) Jun 10 22:07:15 mail pppd[16186]: pppd 2.3.11 started by root, uid 0 Jun 10 22:07:15 mail pppd[16186]: Using interface ppp0 Jun 10 22:07:15 mail pppd[16186]: Connect: ppp0 <--> /dev/ttyp2 Jun 10 22:07:17 mail pppd[16186]: MSCHAP-v2 peer authentication succeeded for [edited] Jun 10 22:07:17 mail pppd[16186]: found interface eth1 for proxy arp Jun 10 22:07:17 mail pppd[16186]: local IP address 192.168.0.1 Jun 10 22:07:17 mail pppd[16186]: remote IP address 192.168.0.102 Jun 10 22:07:17 mail pppd[16186]: MPPE 128 bit, stateless compression enabled TCPdump of PING remoteip 22:15:17.547852 192.168.0.1 > 192.168.0.102: icmp: echo request 22:15:18.544802 192.168.0.1 > 192.168.0.102: icmp: echo request 22:15:19.544809 192.168.0.1 > 192.168.0.102: icmp: echo request 22:15:20.544824 192.168.0.1 > 192.168.0.102: icmp: echo request and telnet... 22:16:10.340020 192.168.0.1.1735 > 192.168.0.102.telnet: S 3534849771:3534849771 (0) win 32120 (DF) [tos 0x10] 22:16:13.335363 192.168.0.1.1735 > 192.168.0.102.telnet: S 3534849771:3534849771 (0) win 32120 (DF) [tos 0x10] 22:16:19.335419 192.168.0.1.1735 > 192.168.0.102.telnet: S 3534849771:3534849771 (0) win 32120 (DF) [tos 0x10] 22:16:31.335549 192.168.0.1.1735 > 192.168.0.102.telnet: S 3534849771:3534849771 (0) win 32120 (DF) [tos 0x10] ----- Original Message ----- From: "Justin Kreger" To: "Jay T. McCanta" Cc: Sent: Sunday, June 10, 2001 9:09 PM Subject: Re: [pptp-server] one way tunnel on w2k not w98 (this time w/text and feeling) > try removing chapms, and just leaving v2.... > > in all honesty... this is becomming alarming.... what ver of win2k is your > box? > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > On Sun, 10 Jun 2001, Jay T. McCanta wrote: > > > > > > > I have a windows 2k SP2 box and a windows 98SE box making connections to a > > Linux box running 2.2.19 kernel with pptpd v1.0.1 and pppd v 2.3.11 with the > > mppe patches. This same box is a firewall and Samba server. From the > > windows 98 box, I can browse, map and generally windows my way around the > > network. I am using an lmhosts file because my network is tiny and it was > > easier than setting up wins. I see it using 128 bit encryption and > > everything works both directions. > > > > The win2k box is another matter. I can't browse, etc. but the thing that has > > me curious is that from my pptp/firewall/samba server, I cannot ping the > > win2k client. I can't make any connections to the client from the server. > > The client can telnet and ftp and do general tcp stuff. However, from the > > server, I cannot ping/telnet/ftp to the client, and yes, the client has > > telnet and ftp daemons running (at least while I was testing). The most > > common error I get is "no route to host". I have looked at How to on the > > PoPToP website and at > > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt I believe I am > > doing everything right - the windows98 box would imply that. What weird w2k > > thing is stalking me? > > > > I appreciate an extra set of eyes or two looking at this. > > > > /etc/ppp/options: > > lock > > debug > > name * > > auth > > +chap > > +chapms > > +chapms-v2 > > mppe-128 > > mppe-40 > > mppe-stateless > > proxyarp > > ipcp-accept-local > > ipcp-accept-remote > > lcp-echo-failure 3 > > lcp-echo-interval 5 > > deflate 0 > > > > > > Kernel IP routing table > > Destination Gateway Genmask Flags MSS Window > > irtt Iface > > 192.168.0.101 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > > 206.63.251.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > > 0.0.0.0 206.63.251.1 0.0.0.0 UG 0 0 0 eth0 > > > > Thanks. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > From lists at earthling.2y.net Mon Jun 11 04:57:22 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Mon, 11 Jun 2001 05:57:22 -0400 (EDT) Subject: [pptp-server] one way tunnel on w2k not w98 (this time w/text and feeling) In-Reply-To: <001001c0f238$793041f0$f11e0041@jayathome> Message-ID: are you using rras? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Sun, 10 Jun 2001, Jay T. McCanta wrote: > > > Sorry it didn't do the trick. I did notice that when I ping the receive > icon in the system tray lights, but the send doesn't. Looks likes its > getting the pings, but doesn't recognise them and rely. Data flows if a > connection is initiated from the W2k side, but no connection can be > initiated from the linux side. Likewise, broadcasts seem to be dropped. > The packets get here (the rec'd counts increment proportional and in time > with activity), however, win2k is dropping them like [insert silly > hyperbole/simile]. > > Some details... > > Windows 2000 Professional SP2 (Winver -> 5.0 Build 2195 SP2). > Here's the syslog messages - > Jun 10 22:04:47 mail pptpd[16171]: MGR: Manager process started > Jun 10 22:07:15 mail pptpd[16185]: CTRL: Client 65.0.30.241 control > connection started > Jun 10 22:07:15 mail pptpd[16185]: CTRL: Starting call (launching pppd, > opening GRE) > Jun 10 22:07:15 mail pppd[16186]: pppd 2.3.11 started by root, uid 0 > Jun 10 22:07:15 mail pppd[16186]: Using interface ppp0 > Jun 10 22:07:15 mail pppd[16186]: Connect: ppp0 <--> /dev/ttyp2 > Jun 10 22:07:17 mail pppd[16186]: MSCHAP-v2 peer authentication succeeded > for [edited] > Jun 10 22:07:17 mail pppd[16186]: found interface eth1 for proxy arp > Jun 10 22:07:17 mail pppd[16186]: local IP address 192.168.0.1 > Jun 10 22:07:17 mail pppd[16186]: remote IP address 192.168.0.102 > Jun 10 22:07:17 mail pppd[16186]: MPPE 128 bit, stateless compression > enabled > > TCPdump of PING remoteip > 22:15:17.547852 192.168.0.1 > 192.168.0.102: icmp: echo request > 22:15:18.544802 192.168.0.1 > 192.168.0.102: icmp: echo request > 22:15:19.544809 192.168.0.1 > 192.168.0.102: icmp: echo request > 22:15:20.544824 192.168.0.1 > 192.168.0.102: icmp: echo request > and telnet... > 22:16:10.340020 192.168.0.1.1735 > 192.168.0.102.telnet: S > 3534849771:3534849771 > (0) win 32120 (DF) [tos 0x10] > 22:16:13.335363 192.168.0.1.1735 > 192.168.0.102.telnet: S > 3534849771:3534849771 > (0) win 32120 (DF) [tos 0x10] > 22:16:19.335419 192.168.0.1.1735 > 192.168.0.102.telnet: S > 3534849771:3534849771 > (0) win 32120 (DF) [tos 0x10] > 22:16:31.335549 192.168.0.1.1735 > 192.168.0.102.telnet: S > 3534849771:3534849771 > (0) win 32120 (DF) [tos 0x10] > > ----- Original Message ----- > From: "Justin Kreger" > To: "Jay T. McCanta" > Cc: > Sent: Sunday, June 10, 2001 9:09 PM > Subject: Re: [pptp-server] one way tunnel on w2k not w98 (this time w/text > and feeling) > > > > try removing chapms, and just leaving v2.... > > > > in all honesty... this is becomming alarming.... what ver of win2k is your > > box? > > > > Justin Kreger, MCP MCSE CCNA > > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > > > > On Sun, 10 Jun 2001, Jay T. McCanta wrote: > > > > > > > > > > > I have a windows 2k SP2 box and a windows 98SE box making connections to > a > > > Linux box running 2.2.19 kernel with pptpd v1.0.1 and pppd v 2.3.11 with > the > > > mppe patches. This same box is a firewall and Samba server. From the > > > windows 98 box, I can browse, map and generally windows my way around > the > > > network. I am using an lmhosts file because my network is tiny and it > was > > > easier than setting up wins. I see it using 128 bit encryption and > > > everything works both directions. > > > > > > The win2k box is another matter. I can't browse, etc. but the thing that > has > > > me curious is that from my pptp/firewall/samba server, I cannot ping the > > > win2k client. I can't make any connections to the client from the > server. > > > The client can telnet and ftp and do general tcp stuff. However, from > the > > > server, I cannot ping/telnet/ftp to the client, and yes, the client has > > > telnet and ftp daemons running (at least while I was testing). The most > > > common error I get is "no route to host". I have looked at How to on > the > > > PoPToP website and at > > > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt I believe I > am > > > doing everything right - the windows98 box would imply that. What weird > w2k > > > thing is stalking me? > > > > > > I appreciate an extra set of eyes or two looking at this. > > > > > > /etc/ppp/options: > > > lock > > > debug > > > name * > > > auth > > > +chap > > > +chapms > > > +chapms-v2 > > > mppe-128 > > > mppe-40 > > > mppe-stateless > > > proxyarp > > > ipcp-accept-local > > > ipcp-accept-remote > > > lcp-echo-failure 3 > > > lcp-echo-interval 5 > > > deflate 0 > > > > > > > > > Kernel IP routing table > > > Destination Gateway Genmask Flags MSS > Window > > > irtt Iface > > > 192.168.0.101 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > > > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > > > 206.63.251.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > > > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 > lo > > > 0.0.0.0 206.63.251.1 0.0.0.0 UG 0 0 0 > eth0 > > > > > > Thanks. > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From john at ecsc.co.uk Mon Jun 11 14:09:36 2001 From: john at ecsc.co.uk (John Leach) Date: 11 Jun 2001 20:09:36 +0100 Subject: [pptp-server] a *bizarre* situation In-Reply-To: <992203703.1830.0.camel@murdock> References: <992203703.1830.0.camel@murdock> Message-ID: <992286581.843.0.camel@murdock> On 10 Jun 2001 21:08:23 +0100, John Leach wrote: Ok, further information... tested with win98 and the encrypted traffic works fine, so I'm assuming it is the win2k settings until I've tested things further (maybe like made sure win98 is using 128bit mppe rather than 40bit) I have tested many different configuration combinations, including raw copies of win2k examples from the pptp site and others but still to no avail. I have even tried a config from my rpm which I confirmed to work a month ago or so, I'm still a bit lost about why its suddenly not working, and why its not working in such a bizarre way, does anyone know why this happens technically? I'll get back more info as soon as I finish fiddling around with other quite bizarre slightly unrelated problems... :) John Leach. > > Ok, now this has me doing some serious swede scratching.... > > This is over a local lan, with no firewalls or routers in between, just > a switch. > > I have a Win2k client (actually 2, one advanced server, another pro SP2) > connecting to pptpd v1.1.2, pppd 2.4.0 (with the relevant patches to > make mppe work), on Linux kernel 2.4.3 again with the relevant patches. > > I connect un-encrypted, everything works fine, things work superbly in > fact. > > I connect using encryption, and everything *seems* to work fine. auths, > connects, sets up the tunnel... but the win2k box doesn't seem to > actually *see* the packets it receives. But it definately does get > them. > > A simple ping test from the win2k box to the other end of the ppp > connection results in an outgoing icmp request which the linux server > receives ok, which then replies with an icmp reply, which arrives at the > other end of the tunnel fine too, but the win2k box doesn't see it. > > I know the packets are being received as I've used WinEthereal and have > captured them. I've tried this with TCP connections too, win2k just > doesn't see the ack packets even tho they actually get received. > > To be truthful I'm faffing around with an rpm I made last month of this > lot, which I've tested before and has been confirmed to work, I *should* > be recompiling from source manually and re-testing, but I'd really like > to know what is going on. > > There are *no* packet filters of any kind active on either win2k box or > the linux box. I wanted to test via the linux pptp client but I can't > seem to make it use mppe, it always defaults to cleartext. > > This has me stumped. I first thought data was being corrupted > somewhere, but ethereal should pick up on that (I beleive it checks the > crcs). I can see the incoming gre packets, and the resulting > un-encapsulated packets, but win2k never seems to actually use them. > > ARGH! > > John Leach. MCP, CCNA, BOFH, EGO. > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From mduran at bamo.com Mon Jun 11 17:04:42 2001 From: mduran at bamo.com (mduran at bamo.com) Date: Mon, 11 Jun 2001 15:04:42 -0700 Subject: [pptp-server] WIN98 Black Magic: BINGO Message-ID: Success!, finally. Adding in the simple 'remote announce = 192.168.1.225' line within the smb.conf seemed to do the trick! Browsing away in the LAN through NN (I still despise MS/Windows though) on via PoPToP. I would like to thank; Steve Cowles/George Vieira/Jerry Vonau/Jamin Collins and all the others who contributed your suggestions and ideas!; I'd also like to thank the http://poptop.lineo.com site and this mail list/archive...and of course Brian Strand (The guru) who took on the project with me at BaMo; all have been a tremendous help to me! Long Live GNU. Thank you, Michael Duran From berzerke at swbell.net Mon Jun 11 17:13:43 2001 From: berzerke at swbell.net (robert) Date: Mon, 11 Jun 2001 17:13:43 -0500 Subject: [pptp-server] one way tunnel on w2k not w98 (this time w/text and feeling) In-Reply-To: <004301c0f225$fc6c94a0$f11e0041@jayathome> References: <004301c0f225$fc6c94a0$f11e0041@jayathome> Message-ID: <01061117134300.32539@linux> First, use pptpd 1.1.2 instead of 1.0.1 Second, try adding a mtu and mru in the options file. From the howto: mtu 1490 mru 1490 On Sunday 10 June 2001 22:24, Jay T. McCanta wrote: > I have a windows 2k SP2 box and a windows 98SE box making connections to a > Linux box running 2.2.19 kernel with pptpd v1.0.1 and pppd v 2.3.11 with > the mppe patches. This same box is a firewall and Samba server. From the > windows 98 box, I can browse, map and generally windows my way around the > network. I am using an lmhosts file because my network is tiny and it was > easier than setting up wins. I see it using 128 bit encryption and > everything works both directions. > > The win2k box is another matter. I can't browse, etc. but the thing that > has me curious is that from my pptp/firewall/samba server, I cannot ping > the win2k client. I can't make any connections to the client from the > server. The client can telnet and ftp and do general tcp stuff. However, > from the server, I cannot ping/telnet/ftp to the client, and yes, the > client has telnet and ftp daemons running (at least while I was testing). > The most common error I get is "no route to host". I have looked at How to > on the PoPToP website and at > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt I believe I am > doing everything right - the windows98 box would imply that. What weird > w2k thing is stalking me? > > I appreciate an extra set of eyes or two looking at this. > > /etc/ppp/options: > lock > debug > name * > auth > +chap > +chapms > +chapms-v2 > mppe-128 > mppe-40 > mppe-stateless > proxyarp > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > deflate 0 > > > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window > irtt Iface > 192.168.0.101 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 206.63.251.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 206.63.251.1 0.0.0.0 UG 0 0 0 > eth0 > > Thanks. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jvonau at home.com Mon Jun 11 18:24:03 2001 From: jvonau at home.com (Jerry Vonau) Date: Mon, 11 Jun 2001 18:24:03 -0500 Subject: [pptp-server] one way tunnel on w2k not w98 (this time w/text andfeeling) References: <004301c0f225$fc6c94a0$f11e0041@jayathome> <01061117134300.32539@linux> Message-ID: <3B255313.1B754C73@home.com> Hey All: Just a thought, doesn't win2k have packet filtering? Maybe it's turned on.... See: http://www.microsoft.com/TechNet/isa/isadocs/CMT_H_PacketOptions.htm# Ran in to a situation where I could not ping a win2k box on the internet, but it was connect to me when I ran a netstat..... Jerry Vonau robert wrote: > First, use pptpd 1.1.2 instead of 1.0.1 > > Second, try adding a mtu and mru in the options file. From the howto: > mtu 1490 > mru 1490 > > On Sunday 10 June 2001 22:24, Jay T. McCanta wrote: > > I have a windows 2k SP2 box and a windows 98SE box making connections to a > > Linux box running 2.2.19 kernel with pptpd v1.0.1 and pppd v 2.3.11 with > > the mppe patches. This same box is a firewall and Samba server. From the > > windows 98 box, I can browse, map and generally windows my way around the > > network. I am using an lmhosts file because my network is tiny and it was > > easier than setting up wins. I see it using 128 bit encryption and > > everything works both directions. > > > > The win2k box is another matter. I can't browse, etc. but the thing that > > has me curious is that from my pptp/firewall/samba server, I cannot ping > > the win2k client. I can't make any connections to the client from the > > server. The client can telnet and ftp and do general tcp stuff. However, > > from the server, I cannot ping/telnet/ftp to the client, and yes, the > > client has telnet and ftp daemons running (at least while I was testing). > > The most common error I get is "no route to host". I have looked at How to > > on the PoPToP website and at > > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt I believe I am > > doing everything right - the windows98 box would imply that. What weird > > w2k thing is stalking me? > > > > I appreciate an extra set of eyes or two looking at this. > > > > /etc/ppp/options: > > lock > > debug > > name * > > auth > > +chap > > +chapms > > +chapms-v2 > > mppe-128 > > mppe-40 > > mppe-stateless > > proxyarp > > ipcp-accept-local > > ipcp-accept-remote > > lcp-echo-failure 3 > > lcp-echo-interval 5 > > deflate 0 > > > > > > Kernel IP routing table > > Destination Gateway Genmask Flags MSS Window > > irtt Iface > > 192.168.0.101 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > > 206.63.251.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > > 0.0.0.0 206.63.251.1 0.0.0.0 UG 0 0 0 > > eth0 > > > > Thanks. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Mon Jun 11 17:48:56 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Mon, 11 Jun 2001 18:48:56 -0400 (EDT) Subject: [pptp-server] one way tunnel on w2k not w98 (this time w/text andfeeling) In-Reply-To: <3B255313.1B754C73@home.com> Message-ID: I have experenced this with a Win2k server... packet filtering was off, but it still did it. I could ping it for the first few seconds after it connected, then I could not, but the f-ed up thing is, A computer behind the win2k server (it was helping rotue between two subnets using pptp) could ping the private ip of the tunnel server, and everything else on the other end that It was permitted to ping. I could not ping the workstations, or the servers from my the lan with the server. funkey huh? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Mon, 11 Jun 2001, Jerry Vonau wrote: > > > Hey All: > > Just a thought, doesn't win2k have packet filtering? > Maybe it's turned on.... > See: > http://www.microsoft.com/TechNet/isa/isadocs/CMT_H_PacketOptions.htm# > > Ran in to a situation where I could not ping a win2k box on the internet, > but it was connect to me when I ran a netstat..... > > Jerry Vonau > > robert wrote: > > > First, use pptpd 1.1.2 instead of 1.0.1 > > > > Second, try adding a mtu and mru in the options file. From the howto: > > mtu 1490 > > mru 1490 > > > > On Sunday 10 June 2001 22:24, Jay T. McCanta wrote: > > > I have a windows 2k SP2 box and a windows 98SE box making connections to a > > > Linux box running 2.2.19 kernel with pptpd v1.0.1 and pppd v 2.3.11 with > > > the mppe patches. This same box is a firewall and Samba server. From the > > > windows 98 box, I can browse, map and generally windows my way around the > > > network. I am using an lmhosts file because my network is tiny and it was > > > easier than setting up wins. I see it using 128 bit encryption and > > > everything works both directions. > > > > > > The win2k box is another matter. I can't browse, etc. but the thing that > > > has me curious is that from my pptp/firewall/samba server, I cannot ping > > > the win2k client. I can't make any connections to the client from the > > > server. The client can telnet and ftp and do general tcp stuff. However, > > > from the server, I cannot ping/telnet/ftp to the client, and yes, the > > > client has telnet and ftp daemons running (at least while I was testing). > > > The most common error I get is "no route to host". I have looked at How to > > > on the PoPToP website and at > > > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt I believe I am > > > doing everything right - the windows98 box would imply that. What weird > > > w2k thing is stalking me? > > > > > > I appreciate an extra set of eyes or two looking at this. > > > > > > /etc/ppp/options: > > > lock > > > debug > > > name * > > > auth > > > +chap > > > +chapms > > > +chapms-v2 > > > mppe-128 > > > mppe-40 > > > mppe-stateless > > > proxyarp > > > ipcp-accept-local > > > ipcp-accept-remote > > > lcp-echo-failure 3 > > > lcp-echo-interval 5 > > > deflate 0 > > > > > > > > > Kernel IP routing table > > > Destination Gateway Genmask Flags MSS Window > > > irtt Iface > > > 192.168.0.101 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > > > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > > > 206.63.251.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > > > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > > > 0.0.0.0 206.63.251.1 0.0.0.0 UG 0 0 0 > > > eth0 > > > > > > Thanks. > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From pjm at edgecumbecollege.school.nz Mon Jun 11 19:54:22 2001 From: pjm at edgecumbecollege.school.nz (Paul Mills) Date: Tue, 12 Jun 2001 12:54:22 +1200 Subject: [pptp-server] Subnet mask Question Message-ID: <3B25683E.B63ABF8B@edgecumbecollege.school.nz> Is it possible to change the subnet mask from 255.255.255.0 to 255.255.0.0 on the incomming connections? And ifso where and how? (Linux Mandrake 6.1 with kernal 2.2.14, latest stable of pptpd) Thanks Paul From poptop at omnitracs.com.mx Mon Jun 11 19:57:54 2001 From: poptop at omnitracs.com.mx (poptop at omnitracs.com.mx) Date: Mon, 11 Jun 2001 19:57:54 -0500 (CDT) Subject: [pptp-server] DUN 1.4 for W95/W98/W98SE Have anyone tried it in production? Message-ID: <992307474.3b256912e30de@omnitracs.com.mx> Hey people, Have anyone tried this patch in a production enviroment? I just found it on MIcrosoft Site, it ensures 128 bit encryption! The url is: http://support.microsoft.com/support/kb/articles/Q285/1/89.ASP Best Regards Sergio Dominguez CCNA ------------------------------------------------- This mail sent through IMP: omnitracs.com.mx From anesthes at cisdi.com Mon Jun 11 20:10:23 2001 From: anesthes at cisdi.com (Joey Coco) Date: Mon, 11 Jun 2001 20:10:23 -0500 (EST) Subject: [pptp-server] Subnet mask Question In-Reply-To: <3B25683E.B63ABF8B@edgecumbecollege.school.nz> Message-ID: Hi, There is a netmask option for pppd you can put in your options file. Unfortunately, it doesn't set the other side (or at least, as i've tested with Win2k/98). It does however set the poptop side. netmask n Set the interface netmask to n, a 32 bit netmask in "decimal dot" notation (e.g. 255.255.255.0). If this option is given, the value specified is ORed with the default netmask. -- Joe On Tue, 12 Jun 2001, Paul Mills wrote: > > > Is it possible to change the subnet mask from 255.255.255.0 to > 255.255.0.0 on the incomming connections? And ifso where and how? > (Linux Mandrake 6.1 with kernal 2.2.14, latest stable of pptpd) > > Thanks > Paul > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _____________________________________________________________________________ "I will never engage myself in a corperation backed by a religion, making tax free profits while standing behind the protection of a execution symbol. I will never allow myself to be lured by the perversion of priesthood. I will never sit and watch my brothers starve in poverty living on the steps of a so-called house of god, nor will I ever call someone my father who is not closer than a stranger.." ----------------------------------------------------------------------------- http://members.cisdi.com/~anesthes/ AIM:imd3fc0n IRC:irc.epix.net #mac defcon From jrstarrett at home.com Mon Jun 11 23:45:45 2001 From: jrstarrett at home.com (Jason Starrett) Date: Mon, 11 Jun 2001 21:45:45 -0700 Subject: [pptp-server] RE: pptp-server -- confirmation of subscription -- request 923504 In-Reply-To: <200106120442.f5C4gNjT012359@poontang.schulte.org> Message-ID: <000001c0f2fa$8b94bb60$0100010a@jasons2000> Jason Starrett jrstarrett at home.com -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of pptp-server-request at lists.schulte.org Sent: Monday, June 11, 2001 9:42 PM To: jrstarrett at home.com Subject: pptp-server -- confirmation of subscription -- request 923504 pptp-server -- confirmation of subscription -- request 923504 We have received a request from 24.56.9.145 for subscription of your email address, , to the pptp-server at lists.schulte.org mailing list. To confirm the request, please send a message to pptp-server-request at lists.schulte.org, and either: - maintain the subject line as is (the reply's additional "Re:" is ok), - or include the following line - and only the following line - in the message body: confirm 923504 (Simply sending a 'reply' to this message should work from most email interfaces, since that usually leaves the subject line in the right form.) If you do not wish to subscribe to this list, please simply disregard this message. Send questions to pptp-server-admin at lists.schulte.org. From jay-mccanta at home.com Tue Jun 12 02:17:09 2001 From: jay-mccanta at home.com (Jay T. McCanta) Date: Tue, 12 Jun 2001 00:17:09 -0700 Subject: [pptp-server] Browsing and Net View/mapping not working with W2k but yes w/ w98se (long) References: Message-ID: <000701c0f30f$b1c37690$f11e0041@jayathome> Ok, we've made major steps here, and I am so grateful, but I'm not done. Remember that my Windows98 client works - browsing and name resolution for the entire internal network. The trouble is with my Windows2000 pileof code. Thanks to all who helped me get my tunnel to work. The current trouble is I have NO name resolution nor browseing capabilities with the W2k client. I can ping/telnet/ftp over the 128-bit encrypted tunnel (-: but no ms-net kind of stuff. As a test, I poked a hole in my firewall so that the Win2k box could see the Linux samba server on the real internet. I was able to Net View services and map to them. I added the IP address to LMHOSTS (or as ms calls it -- \winnt\system32\drivers\etc\lmhosts). However, trying to use the tunnel addresses fail. I only have four nodes, so I thought I'd forego WINS and use the LMHOSTS file. Still no luck. ---------------------------------------------------------------------------- ------------- On the Linux box - 2.2.19 kernel PoPToP v1.1.2 with mppe patches pppd v2.3.11 with mppe patches samba v2.0.7 setup - [global] workgroup = CHT netbios name = SERVER interfaces = eth1 eth0 ppp* security = SHARE map to guest = Bad User debug level = 8 shared mem size = 5242880 socket options = TCP_NODELAY IPTOS_THROUGHPUT SO_RCVBUF=8192 preferred master = Yes wins support = Yes remote announce = 192.168.0.102/CHT 192.168.0.101/CHT oplocks = No /etc/ppp/options lock debug name server auth +chapms-v2 mppe-128 mppe-40 mppe-stateless proxyarp ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 65 deflate 0 ms-wins 192.168.0.1 mtu 1400 mru 1400 Here is the connection log info... Jun 11 23:13:14 mail pptpd[2804]: CTRL: Client 65.0.30.241 control connection started Jun 11 23:13:14 mail pptpd[2804]: CTRL: Starting call (launching pppd, opening GRE) Jun 11 23:13:14 mail pppd[2805]: pppd 2.3.11 started by root, uid 0 Jun 11 23:13:14 mail pppd[2805]: Using interface ppp0 Jun 11 23:13:14 mail pppd[2805]: Connect: ppp0 <--> /dev/ttyp0 Jun 11 23:13:15 mail pppd[2805]: MSCHAP-v2 peer authentication succeeded for mccantaj Jun 11 23:13:15 mail pppd[2805]: MPPE 128 bit, stateless compression enabled Jun 11 23:13:15 mail pppd[2805]: found interface eth1 for proxy arp Jun 11 23:13:15 mail pppd[2805]: local IP address [external ip address] Jun 11 23:13:15 mail pppd[2805]: remote IP address 192.168.0.102 My ipchains are a working (I believe because Windows 98 works and all DENY's are logged and there are no logs) The log.smb and log.nmb files are at the end of the message... ---------------------------------------------------------------------------- ----------- On the Windows 2K side... ---------------------------------------------------------------------------- ----------- Connection details... Server Type PPP Transports TCP/IP Authentication MS CHAP V2 Encryption MPPE 128 Compression (none) PPP nultilink framing Off Server IP Address [external ip address] Client IP Address 192.168.0.102 IPCONFIG /ALL yields: Windows 2000 IP Configuration Host Name . . . . . . . . . . . . : jayathome Primary DNS Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : sttln1.wa.home.com Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : sttln1.wa.home.com Description . . . . . . . . . . . : Realtek RTL8139(A)-based PCI Fast Et hernet Adapter Physical Address. . . . . . . . . : 00-50-BA-89-BD-7A DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 65.0.30.241 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 65.0.30.1 DNS Servers . . . . . . . . . . . : 24.0.224.33 24.0.224.34 PPP adapter Capitol Hill Travel: Connection-specific DNS Suffix . : cht.private Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface Physical Address. . . . . . . . . : 00-53-45-00-00-00 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.102 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : Primary WINS Server . . . . . . . : 192.168.0.1 Secondary WINS Server . . . . . . : 192.168.0.1 I have the registry fix to enable clear passwords (required by samba) for NT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\para meters] "enableplaintextpassword"=dword:00000001 "enablesecuritysignature"=dword:00000001 "requiresecuritysignature"=dword:00000000 "OtherDomains"=hex(7):00,00 LMHOSTS file: [external ip address] EXTNAME #PRE 192.168.0.1 SERVER #PRE 192.168.0.2 ROD #PRE 192.168.0.3 RANDY #PRE 192.168.0.4 BRIAN #PRE 192.168.0.5 SHELLY #PRE 192.168.0.6 GAIL #PRE nbtstats -c Yields - Local Area Connection: Node IpAddress: [65.0.30.241] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host Address Life [sec] ------------------------------------------------------------ EXTNAME <03> UNIQUE [external ip address] -1 EXTNAME <00> UNIQUE [external ip address] -1 EXTNAME <20> UNIQUE [external ip address] -1 \Device\NetBT_Tcpip_{241206F4-D1AF-443E-9F50-B88B545AFBD5}: Node IpAddress: [192.168.0.102] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host Address Life [sec] ------------------------------------------------------------ GAIL <03> UNIQUE 192.168.0.6 -1 GAIL <00> UNIQUE 192.168.0.6 -1 GAIL <20> UNIQUE 192.168.0.6 -1 RANDY <03> UNIQUE 192.168.0.3 -1 RANDY <00> UNIQUE 192.168.0.3 -1 RANDY <20> UNIQUE 192.168.0.3 -1 BRIAN <03> UNIQUE 192.168.0.4 -1 BRIAN <00> UNIQUE 192.168.0.4 -1 BRIAN <20> UNIQUE 192.168.0.4 -1 SERVER <03> UNIQUE 192.168.0.1 -1 SERVER <00> UNIQUE 192.168.0.1 -1 SERVER <20> UNIQUE 192.168.0.1 -1 SHELLY <03> UNIQUE 192.168.0.5 -1 SHELLY <00> UNIQUE 192.168.0.5 -1 SHELLY <20> UNIQUE 192.168.0.5 -1 ROD <03> UNIQUE 192.168.0.2 -1 ROD <00> UNIQUE 192.168.0.2 -1 ROD <20> UNIQUE 192.168.0.2 -1 the log.smb and log.nmb files from the Linux box follow and are the last things in this message. log.smb--------------------------------------------------------------------- -------- [2001/06/11 23:02:11, 1] smbd/server.c:main(641) smbd version 2.0.7 started. Copyright Andrew Tridgell 1992-1998 doing parameter shared mem size = 5242880 doing parameter socket options = TCP_NODELAY IPTOS_THROUGHPUT SO_RCVBUF=8192 doing parameter preferred master = Yes doing parameter domain master = Yes doing parameter wins support = Yes doing parameter remote announce = 192.168.0.102/CHT 192.168.0.101/CHT doing parameter oplocks = No [2001/06/11 23:02:11, 2] param/loadparm.c:do_section(2481) Processing section "[DATADIR]" doing parameter path = /usr/shared/datadir doing parameter writeable = Yes doing parameter guest ok = Yes [2001/06/11 23:02:11, 2] param/loadparm.c:do_section(2481) Processing section "[CDRIVE]" doing parameter path = / doing parameter writeable = Yes doing parameter guest ok = Yes [2001/06/11 23:02:11, 2] param/loadparm.c:do_section(2481) Processing section "[JTMDATA]" doing parameter path = /usr/shared doing parameter writeable = Yes doing parameter guest only = Yes doing parameter guest ok = Yes [2001/06/11 23:02:11, 2] param/loadparm.c:do_section(2481) Processing section "[NEC]" doing parameter path = /usr/tmp doing parameter guest ok = Yes doing parameter printable = Yes [2001/06/11 23:02:11, 3] param/loadparm.c:lp_load(2805) pm_process() returned Yes [2001/06/11 23:02:11, 7] param/loadparm.c:lp_servicenumber(2897) lp_servicenumber: couldn't find homes [2001/06/11 23:02:11, 3] param/loadparm.c:lp_add_ipc(1594) adding IPC service [2001/06/11 23:02:11, 7] param/loadparm.c:lp_servicenumber(2897) lp_servicenumber: couldn't find printers [2001/06/11 23:02:11, 7] param/loadparm.c:lp_servicenumber(2897) lp_servicenumber: couldn't find printers [2001/06/11 23:02:11, 6] param/loadparm.c:lp_file_list_changed(1883) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Mon Jun 11 21:56:40 2001 [2001/06/11 23:02:11, 2] lib/interface.c:add_interface(83) added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0 [2001/06/11 23:02:11, 2] lib/interface.c:add_interface(83) added interface ip=[external ip address] bcast=[external net].255 nmask=255.255.255.0 [2001/06/11 23:02:11, 3] lib/interface.c:add_interface(63) not adding duplicate interface [external ip address] [2001/06/11 23:02:11, 5] lib/hash.c:hash_table_init(72) Hash size = 521. [2001/06/11 23:02:11, 1] smbd/files.c:file_init(216) file_init: Information only: requested 10000 open files, 1014 are available. [2001/06/11 23:02:11, 6] lib/charset.c:codepage_initialise(339) codepage_initialise: client code page = 850 [2001/06/11 23:02:11, 5] lib/charset.c:load_client_codepage(196) load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) [2001/06/11 23:02:11, 5] lib/util_unistr.c:load_unicode_map(418) load_unicode_map: loading unicode map for codepage 850. [2001/06/11 23:02:11, 7] lib/util_sid.c:string_to_sid(302) string_to_sid: converted SID S-1-5-32 ok [2001/06/11 23:02:11, 7] lib/util_sid.c:string_to_sid(302) string_to_sid: converted SID S-1-1 ok [2001/06/11 23:02:11, 7] lib/util_sid.c:string_to_sid(302) string_to_sid: converted SID S-1-1-0 ok [2001/06/11 23:02:11, 7] lib/util_sid.c:string_to_sid(302) string_to_sid: converted SID S-1-3 ok [2001/06/11 23:02:11, 7] lib/util_sid.c:string_to_sid(302) string_to_sid: converted SID S-1-3-0 ok [2001/06/11 23:02:11, 7] lib/util_sid.c:string_to_sid(302) string_to_sid: converted SID S-1-5 ok [2001/06/11 23:02:11, 7] lib/util_sid.c:string_to_sid(302) string_to_sid: converted SID S-1-5-21-1227795584-2593546468-3801029264 ok [2001/06/11 23:02:11, 3] smbd/server.c:main(704) loaded services [2001/06/11 23:02:11, 3] smbd/server.c:main(712) Becoming a daemon. [2001/06/11 23:02:11, 8] lib/util.c:fcntl_lock(2672) fcntl_lock 5 6 0 1 1 [2001/06/11 23:02:11, 8] lib/util.c:fcntl_lock(2763) Lock call successful [2001/06/11 23:02:11, 3] lib/util_sock.c:open_socket_in(875) bind succeeded on port 139 [2001/06/11 23:02:11, 2] smbd/server.c:open_sockets(181) waiting for a connection [2001/06/11 23:02:14, 4] locking/shmem_sysv.c:sysv_shm_open(547) Trying sysv shmem open of size 5242880 [2001/06/11 23:02:14, 5] locking/shmem_sysv.c:shm_initialize(424) shm_initialize : initializing shmem size 5242880 [2001/06/11 23:02:14, 6] locking/shmem_sysv.c:shm_alloc(253) shm_alloc : allocated 52 bytes at offset 48 [2001/06/11 23:02:14, 3] locking/shmem_sysv.c:sysv_shm_open(707) Initialised IPC area of size 5242880 [2001/06/11 23:02:14, 6] param/loadparm.c:lp_file_list_changed(1883) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_ time: Mon Jun 11 21:56:40 2001 [2001/06/11 23:02:14, 2] smbd/server.c:main(746) Changed root to / [2001/06/11 23:02:14, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2001/06/11 23:02:14, 3] lib/util_sock.c:open_socket_in(875) bind succeeded on port 0 [2001/06/11 23:02:14, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 2723, global_oplock_port = 1092 [2001/06/11 23:02:14, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [2001/06/11 23:02:14, 3] smbd/process.c:timeout_processing(856) end of file from client [2001/06/11 23:02:14, 2] smbd/server.c:exit_server(408) Closing connections [2001/06/11 23:02:14, 4] locking/shmem_sysv.c:sysv_shm_open(547) Trying sysv shmem open of size 5242880 [2001/06/11 23:02:14, 6] param/loadparm.c:lp_file_list_changed(1883) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_ time: Mon Jun 11 21:56:40 2001 [2001/06/11 23:02:14, 2] smbd/server.c:main(746) Changed root to / [2001/06/11 23:02:14, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2001/06/11 23:02:14, 3] lib/util_sock.c:open_socket_in(875) bind succeeded on port 0 [2001/06/11 23:02:14, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 2724, global_oplock_port = 1093 [2001/06/11 23:02:14, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [2001/06/11 23:02:14, 3] smbd/server.c:exit_server(435) Server exit (normal exit) [2001/06/11 23:02:15, 3] smbd/process.c:timeout_processing(856) end of file from client [2001/06/11 23:02:15, 2] smbd/server.c:exit_server(408) Closing connections [2001/06/11 23:02:15, 3] smbd/server.c:exit_server(435) Server exit (normal exit) [2001/06/11 23:02:21, 4] locking/shmem_sysv.c:sysv_shm_open(547) Trying sysv shmem open of size 5242880 [2001/06/11 23:02:21, 5] locking/shmem_sysv.c:shm_initialize(424) shm_initialize : initializing shmem size 5242880 [2001/06/11 23:02:21, 6] locking/shmem_sysv.c:shm_alloc(253) shm_alloc : allocated 52 bytes at offset 48 [2001/06/11 23:02:21, 3] locking/shmem_sysv.c:sysv_shm_open(707) Initialised IPC area of size 5242880 [2001/06/11 23:02:21, 6] param/loadparm.c:lp_file_list_changed(1883) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Mon Jun 11 21:56:40 2001 [2001/06/11 23:02:21, 2] smbd/server.c:main(746) Changed root to / [2001/06/11 23:02:21, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2001/06/11 23:02:21, 3] lib/util_sock.c:open_socket_in(875) bind succeeded on port 0 [2001/06/11 23:02:21, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 2731, global_oplock_port = 1094 [2001/06/11 23:02:21, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [2001/06/11 23:02:21, 3] smbd/process.c:timeout_processing(856) end of file from client [2001/06/11 23:02:21, 2] smbd/server.c:exit_server(408) Closing connections [2001/06/11 23:02:21, 4] locking/shmem_sysv.c:sysv_shm_open(547) Trying sysv shmem open of size 5242880 [2001/06/11 23:02:21, 6] param/loadparm.c:lp_file_list_changed(1883) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Mon Jun 11 21:56:40 2001 [2001/06/11 23:02:21, 2] smbd/server.c:main(746) Changed root to / [2001/06/11 23:02:21, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2001/06/11 23:02:21, 3] lib/util_sock.c:open_socket_in(875) bind succeeded on port 0 [2001/06/11 23:02:21, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 2732, global_oplock_port = 1095 [2001/06/11 23:02:21, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [2001/06/11 23:02:21, 3] smbd/server.c:exit_server(435) Server exit (normal exit) [2001/06/11 23:02:21, 3] smbd/process.c:timeout_processing(856) end of file from client [2001/06/11 23:02:21, 2] smbd/server.c:exit_server(408) Closing connections [2001/06/11 23:02:21, 3] smbd/server.c:exit_server(435) Server exit (normal exit) [2001/06/11 23:02:44, 4] locking/shmem_sysv.c:sysv_shm_open(547) Trying sysv shmem open of size 5242880 [2001/06/11 23:02:44, 5] locking/shmem_sysv.c:shm_initialize(424) shm_initialize : initializing shmem size 5242880 [2001/06/11 23:02:44, 6] locking/shmem_sysv.c:shm_alloc(253) shm_alloc : allocated 52 bytes at offset 48 [2001/06/11 23:02:44, 3] locking/shmem_sysv.c:sysv_shm_open(707) Initialised IPC area of size 5242880 [2001/06/11 23:02:44, 6] param/loadparm.c:lp_file_list_changed(1883) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Mon Jun 11 21:56:40 2001 [2001/06/11 23:02:44, 2] smbd/server.c:main(746) Changed root to / [2001/06/11 23:02:44, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2001/06/11 23:02:44, 3] lib/util_sock.c:open_socket_in(875) bind succeeded on port 0 [2001/06/11 23:02:44, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 2744, global_oplock_port = 1096 [2001/06/11 23:02:44, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [2001/06/11 23:02:45, 3] smbd/process.c:timeout_processing(856) end of file from client [2001/06/11 23:02:45, 2] smbd/server.c:exit_server(408) Closing connections [2001/06/11 23:02:45, 4] locking/shmem_sysv.c:sysv_shm_open(547) Trying sysv shmem open of size 5242880 [2001/06/11 23:02:45, 6] param/loadparm.c:lp_file_list_changed(1883) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Mon Jun 11 21:56:40 2001 [2001/06/11 23:02:45, 2] smbd/server.c:main(746) Changed root to / [2001/06/11 23:02:45, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2001/06/11 23:02:45, 3] lib/util_sock.c:open_socket_in(875) bind succeeded on port 0 [2001/06/11 23:02:45, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 2748, global_oplock_port = 1097 [2001/06/11 23:02:45, 4] lib/time.c:TimeInit(110) Serverzone is 25200 [2001/06/11 23:02:45, 3] smbd/server.c:exit_server(435) Server exit (normal exit) [2001/06/11 23:02:45, 3] smbd/process.c:timeout_processing(856) end of file from client [2001/06/11 23:02:45, 2] smbd/server.c:exit_server(408) Closing connections [2001/06/11 23:02:45, 3] smbd/server.c:exit_server(435) Server exit (normal exit) log.nmb--------------------------------------------------------------------- ------------ [ this file is way too big to post, but here are the last 300 lines ] [2001/06/12 00:10:04, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for CHT on subnet UNICAST_SUBNET: found. [2001/06/12 00:10:04, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for CHT on subnet UNICAST_SUBNET: found. [2001/06/12 00:10:14, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for CHT on subnet 192.168.0.1: found. [2001/06/12 00:10:14, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for CHT on subnet [external ip address]: found. [2001/06/12 00:10:14, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) dump_workgroups() dump workgroup on subnet 192.168.0.1: netmask= 255.255.255.0: CHT(1) current master browser = SERVER SERVER 40049a03 (Samba 2.0.7) MAIL 40009a03 (Samba 2.0.7) GAIL 40402003 () [2001/06/12 00:10:14, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) dump_workgroups() dump workgroup on subnet [external ip address]: netmask= 255.255.255.0: CHT(1) current master browser = SERVER SERVER 40049a03 (Samba 2.0.7) MAIL 40009a03 (Samba 2.0.7) [2001/06/12 00:10:14, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= [external ip address]: CHT(1) current master browser = UNKNOWN SERVER 40019a03 (Samba 2.0.7) MAIL 40009a03 (Samba 2.0.7) [2001/06/12 00:10:14, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for CHT on subnet UNICAST_SUBNET: found. [2001/06/12 00:10:14, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for CHT on subnet UNICAST_SUBNET: found. [2001/06/12 00:10:24, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for CHT on subnet 192.168.0.1: found. [2001/06/12 00:10:24, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for CHT on subnet [external ip address]: found. [2001/06/12 00:10:24, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) dump_workgroups() dump workgroup on subnet 192.168.0.1: netmask= 255.255.255.0: CHT(1) current master browser = SERVER SERVER 40049a03 (Samba 2.0.7) MAIL 40009a03 (Samba 2.0.7) GAIL 40402003 () [2001/06/12 00:10:24, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) dump_workgroups() dump workgroup on subnet [external ip address]: netmask= 255.255.255.0: CHT(1) current master browser = SERVER SERVER 40049a03 (Samba 2.0.7) MAIL 40009a03 (Samba 2.0.7) [2001/06/12 00:10:24, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(292) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= [external ip address]: CHT(1) current master browser = UNKNOWN SERVER 40019a03 (Samba 2.0.7) MAIL 40009a03 (Samba 2.0.7) [2001/06/12 00:10:24, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for CHT on subnet UNICAST_SUBNET: found. [2001/06/12 00:10:24, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164) find_workgroup_on_subnet: workgroup search for CHT on subnet UNICAST_SUBNET: found. From tvap at email.com Tue Jun 12 02:54:40 2001 From: tvap at email.com (TVAP) Date: Tue, 12 Jun 2001 13:24:40 +0530 Subject: [pptp-server] UNSUBSRIBE Message-ID: <200106121324400930.00073A31@giasbg01.vsnl.net.in> PLEASE HELP ME UNSUBSCRIBE THIS LIST tvap at email.com From tvap at email.com Tue Jun 12 02:55:32 2001 From: tvap at email.com (TVAP) Date: Tue, 12 Jun 2001 13:25:32 +0530 Subject: [pptp-server] PLEASE HELP !!!! In-Reply-To: <86256A65.000D26BB.00@amoa.org> References: <86256A65.000D26BB.00@amoa.org> Message-ID: <200106121325320340.00080303@giasbg01.vsnl.net.in> PLEASE HELP ME UNSUBSCRIBE THIS LIST tvap at email.com From bgarcia at optize.es Tue Jun 12 04:17:00 2001 From: bgarcia at optize.es (=?iso-8859-1?Q?Benjam=EDn_Garc=EDa?=) Date: Tue, 12 Jun 2001 11:17:00 +0200 Subject: [pptp-server] UNSUBSRIBE References: <200106121324400930.00073A31@giasbg01.vsnl.net.in> Message-ID: <005501c0f320$6fca3600$4b01a8c0@optize.es> PLEASE HELP ME UNSUBSCRIBE THIS LIST From lists at earthling.2y.net Tue Jun 12 04:02:59 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 12 Jun 2001 05:02:59 -0400 (EDT) Subject: [pptp-server] UNSUBSRIBE In-Reply-To: <005501c0f320$6fca3600$4b01a8c0@optize.es> Message-ID: goto lists.schulte.org/mailman/listinfo/pptp-server Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 12 Jun 2001, [iso-8859-1] Benjam?n Garc?a wrote: > > > PLEASE HELP ME UNSUBSCRIBE THIS LIST > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Tue Jun 12 04:06:55 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 12 Jun 2001 05:06:55 -0400 (EDT) Subject: [pptp-server] Subnet mask Question In-Reply-To: Message-ID: Windows likes to make assumptions. In most cases, it will just assume a 8 bit mask for 10.x.x.x, 16 bits for 172.16-32.x.x, and 24 bits for 192.168.x.x Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Mon, 11 Jun 2001, Joey Coco wrote: > > > > Hi, > > There is a netmask option for pppd you can put in your options > file. Unfortunately, it doesn't set the other side (or at least, as i've > tested with Win2k/98). It does however set the poptop side. > > netmask n > Set the interface netmask to n, a 32 bit netmask in > "decimal dot" notation (e.g. 255.255.255.0). If > this option is given, the value specified is ORed > with the default netmask. > > -- Joe > > > On Tue, 12 Jun 2001, Paul Mills wrote: > > > > > > > Is it possible to change the subnet mask from 255.255.255.0 to > > 255.255.0.0 on the incomming connections? And ifso where and how? > > (Linux Mandrake 6.1 with kernal 2.2.14, latest stable of pptpd) > > > > Thanks > > Paul > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > _____________________________________________________________________________ > "I will never engage myself in a corperation backed by a religion, making > tax free profits while standing behind the protection of a execution symbol. > I will never allow myself to be lured by the perversion of priesthood. > I will never sit and watch my brothers starve in poverty living on the steps > of a so-called house of god, nor will I ever call someone my father who is > not closer than a stranger.." > ----------------------------------------------------------------------------- > http://members.cisdi.com/~anesthes/ AIM:imd3fc0n IRC:irc.epix.net #mac defcon > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Tue Jun 12 04:03:20 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 12 Jun 2001 05:03:20 -0400 (EDT) Subject: [pptp-server] UNSUBSRIBE In-Reply-To: <200106121324400930.00073A31@giasbg01.vsnl.net.in> Message-ID: goto http://lists.schulte.org/mailman/listinfo/pptp-server Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 12 Jun 2001, TVAP wrote: > > > PLEASE HELP ME UNSUBSCRIBE THIS LIST > tvap at email.com > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From mattgav at tempo.com.au Tue Jun 12 05:04:07 2001 From: mattgav at tempo.com.au (Matthew Gavin) Date: Tue, 12 Jun 2001 20:04:07 +1000 Subject: [pptp-server] UNSUBSRIBE In-Reply-To: <005501c0f320$6fca3600$4b01a8c0@optize.es> Message-ID: Try clicking the link below... It's worth a try!!! -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Benjam?n Garc?a Sent: Tuesday, 12 June 2001 7:17 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] UNSUBSRIBE PLEASE HELP ME UNSUBSCRIBE THIS LIST _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From jgraumann at norsat.com Tue Jun 12 10:38:37 2001 From: jgraumann at norsat.com (John Graumann) Date: Tue, 12 Jun 2001 10:38:37 -0500 Subject: [pptp-server] Maximum number of simultaneous connections Message-ID: What is the maximum number of clients that can be connected at once ? Would this be a limitation of PoPToP, or a limitation of the maximum number of interfaces in Linux (and if so, what would that be) ? A certain application we are working on requires that a large number clients be allowed to connect at once. Is there a hard limit, or is it hardware (memory) dependant ? Thanks, John Graumann jgraumann at norsat.com From charlieb at e-smith.com Tue Jun 12 13:08:45 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 12 Jun 2001 14:08:45 -0400 (EDT) Subject: [pptp-server] Subnet mask Question In-Reply-To: Message-ID: On Tue, 12 Jun 2001, Justin Kreger wrote: > Windows likes to make assumptions. In most cases, it will just assume a 8 > bit mask for 10.x.x.x, 16 bits for 172.16-32.x.x, and 24 bits for > 192.168.x.x How dare it!!! GGrrrr!!!!!!!!! Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From dholmes at bigpond.net.au Tue Jun 12 19:22:09 2001 From: dholmes at bigpond.net.au (Dougal Holmes) Date: Wed, 13 Jun 2001 10:22:09 +1000 Subject: [pptp-server] Windows ME and PPTP Message-ID: <001301c0f39e$e284a4e0$1103a8c0@mel.watsonwyatt.com.au> Anyone got Windows ME and PPTP working with PoPToP ? Screen shots of the configuration would be helpfull :-) -- Dougal Holmes (at home) mailto://dholmes at bigpond.net.au From jay-mccanta at home.com Wed Jun 13 00:35:09 2001 From: jay-mccanta at home.com (Jay T. McCanta) Date: Tue, 12 Jun 2001 22:35:09 -0700 Subject: [pptp-server] Browsing and Net View/mapping not working with W2k but yes w/ w98se (long) Message-ID: <001101c0f3ca$9c257de0$f11e0041@cht.private> Using tcpdump -s 0 -i ppp0 on the linux box, I see ZERO traffic when I do a NET VIEW \\192.168.0.1 According to MS, that should side step name resolutions. Of course, I get error 53 on the W2K box. If I ping, I see the traffic in my tcpdump. I see some name broadcasting over the line as well, but ZERO traffic when I do the net view with either and address or a name. I have tried it with "Use remote default gateway" checked and unchecked. Does this ring a bell somewhere? Jay From jay-mccanta at home.com Wed Jun 13 00:58:42 2001 From: jay-mccanta at home.com (Jay T. McCanta) Date: Tue, 12 Jun 2001 22:58:42 -0700 Subject: [pptp-server] Browsing and Net View/mapping not working with W2k but yes w/ w98se (long) References: <001101c0f3ca$9c257de0$f11e0041@cht.private> Message-ID: <000a01c0f3cd$e6aa4e60$f11e0041@cht.private> One more piece of info. smbclient from linux host to windows2000 host works. and the traffic shows up in the tcpdump. ----- Original Message ----- From: "Jay T. McCanta" To: Sent: Tuesday, June 12, 2001 10:35 PM Subject: RE: [pptp-server] Browsing and Net View/mapping not working with W2k but yes w/ w98se (long) > > > Using tcpdump -s 0 -i ppp0 on the linux box, I see ZERO traffic when I do a > NET VIEW \\192.168.0.1 According to MS, that should side step name > resolutions. Of course, I get error 53 on the W2K box. If I ping, I see > the traffic in my tcpdump. I see some name broadcasting over the line as > well, but ZERO traffic when I do the net view with either and address or a > name. I have tried it with "Use remote default gateway" checked and > unchecked. Does this ring a bell somewhere? > > Jay > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jay-mccanta at home.com Wed Jun 13 01:38:02 2001 From: jay-mccanta at home.com (Jay T. McCanta) Date: Tue, 12 Jun 2001 23:38:02 -0700 Subject: [pptp-server] MEA CULPA!!! Browsing and Net View/mapping not working with W2k but yes w/ w98se (long) References: <001101c0f3ca$9c257de0$f11e0041@cht.private> <000a01c0f3cd$e6aa4e60$f11e0041@cht.private> Message-ID: <001601c0f3d3$6500bc90$f11e0041@cht.private> Mea culpa, mea culpa, mea culpa. In being so focused on the Linux issued, I overlooked the ZoneAlarm firewall on the Windows2000 box. Added the PPTP to the local networks and voila all kinds of good things. I humbly apologize for any time wasted on this part of the problem. Much appreciation again, to those who helped with getting the tunnel going. Flog self, wear hair-shirt, repeat. Jay ----- Original Message ----- From: "Jay T. McCanta" To: "Jay T. McCanta" ; Sent: Tuesday, June 12, 2001 10:58 PM Subject: Re: [pptp-server] Browsing and Net View/mapping not working with W2k but yes w/ w98se (long) > > > One more piece of info. smbclient from linux host to windows2000 host > works. and the traffic shows up in the tcpdump. > > > ----- Original Message ----- > From: "Jay T. McCanta" > To: > Sent: Tuesday, June 12, 2001 10:35 PM > Subject: RE: [pptp-server] Browsing and Net View/mapping not working with > W2k but yes w/ w98se (long) > > > > > > > > Using tcpdump -s 0 -i ppp0 on the linux box, I see ZERO traffic when I do > a > > NET VIEW \\192.168.0.1 According to MS, that should side step name > > resolutions. Of course, I get error 53 on the W2K box. If I ping, I see > > the traffic in my tcpdump. I see some name broadcasting over the line as > > well, but ZERO traffic when I do the net view with either and address or a > > name. I have tried it with "Use remote default gateway" checked and > > unchecked. Does this ring a bell somewhere? > > > > Jay > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jacquesb at intersekt.co.za Wed Jun 13 06:13:34 2001 From: jacquesb at intersekt.co.za (Jacques Botha) Date: Wed, 13 Jun 2001 13:13:34 +0200 Subject: [pptp-server] Newbie pptp setup Message-ID: <3B274ADE.9070801@intersekt.co.za> I really don't get this, read through all the howto's, saw all the ipchains to do, and only got pptp in the end Now I don't really understand this, so if there is someone out there patient enough to help me here, it would be most apreciated. I'm trying to make your basic little vpn between and isp dial-up, and the local office network with a PoPToP linux server in the office. The linux server has a leasedline connection to the internet, and a seccond nic to the lan. It is also the firewall. 1) What, and How do I need to setup on my linux server ? I gather it is PoPToP, but what does the configuration file need to look like ? 2) Can I configure it to run through xinetd ? How ? 3) What does the remote client authenticate against on the linux machine ? How do I set this up ? 4) How will the remote client be able to browse the lan ? Do I need samba on the firewall machine ? Thanks a lot Jacques Botha From berzerke at swbell.net Wed Jun 13 12:20:07 2001 From: berzerke at swbell.net (robert) Date: Wed, 13 Jun 2001 12:20:07 -0500 Subject: [pptp-server] Newbie pptp setup In-Reply-To: <3B274ADE.9070801@intersekt.co.za> References: <3B274ADE.9070801@intersekt.co.za> Message-ID: <01061312200700.10514@linux> There is no substitute for trying. Pick a howto closest to your system and go from there. On Wednesday 13 June 2001 06:13, Jacques Botha wrote: > I really don't get this, read through all the howto's, saw all the > ipchains to do, and only got pptp in the end > > Now I don't really understand this, so if there is someone out there > patient enough to help me here, it would be most apreciated. > > I'm trying to make your basic little vpn between and isp dial-up, and > the local office network with a PoPToP linux server in the office. > > The linux server has a leasedline connection to the internet, and a > seccond nic to the lan. It is also the firewall. > > 1) What, and How do I need to setup on my linux server ? I gather it is > PoPToP, but what does the configuration file need to look like ? > > 2) Can I configure it to run through xinetd ? How ? > > 3) What does the remote client authenticate against on the linux machine > ? How do I set this up ? > > 4) How will the remote client be able to browse the lan ? Do I need > samba on the firewall machine ? > > Thanks a lot > > Jacques Botha > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From sean at cyberfarer.com Wed Jun 13 12:47:48 2001 From: sean at cyberfarer.com (Sean) Date: Wed, 13 Jun 2001 13:47:48 -0400 Subject: [pptp-server] Password? Message-ID: <00aa01c0f430$f669a4a0$8bb8fea9@200mmx> Greetings, I am able to connect from a win98 client to a linux pptp server. Trouble is, it reports that it cannot find a password to validate the user. My chap-secrets file looks like this: username servername password This is all I need right? I am not, at this point, using any encryption. Any thoughts? Thanks you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mcw at telesynthesis.com Wed Jun 13 14:45:18 2001 From: mcw at telesynthesis.com (Michael C. Watz) Date: Wed, 13 Jun 2001 13:45:18 -0600 Subject: [pptp-server] Trying to apply ppp_mppe_compressed_data_fix.diff Message-ID: <3B27C2CE.ABF0D952@telesynthesis.com> I am currently trying to get encryption working on my Linux PPTP server. I have gone through the PoPToP-RedHat-HOWTO.txt and currently have got the PPTP connection working without encryption. Here is my question: the instructions for patching the ppp deaemon are for ppp-2.3.11. I'm working with ppp-2.4.1. I've downloaded the MSCHAP/MPPE patch ppp-2.4.1-openssl-0.9.6-mppe-patch and the mppe compressed data patch ppp_mppe_compressed_data_fix.diff. I have no problem applying the ppp-openssl patch, but when I get to the mppe compressed data fix it appears to be looking for the file ppp_mppe.c, which I don't find anywhere. Is this something which should be obvious to me? Is there no need to apply the ppp_mppe_compressed..... patch with the newer version of pppd? Should I have done something else first? Details: RedHat 6.2 pptpd-1.0.1-1 ppp-2.4.1 ppp-2.4.1-openssl-0.9.6-mppe-patch ppp_mppe_compressed_data_fix.diff Thanks, -Michael C. Watz- From berzerke at swbell.net Wed Jun 13 15:13:31 2001 From: berzerke at swbell.net (robert) Date: Wed, 13 Jun 2001 15:13:31 -0500 Subject: [pptp-server] Trying to apply ppp_mppe_compressed_data_fix.diff In-Reply-To: <3B27C2CE.ABF0D952@telesynthesis.com> References: <3B27C2CE.ABF0D952@telesynthesis.com> Message-ID: <01061315133102.17281@linux> Two suggestions: First, use pptpd v1.1.2. Yes, I know it's labeled as development, but so far, all reports are it's stable and easier to use than 1.0.1. Second, the ppp-2.4.x patches are for 2.4 kernels, not 2.2 kernels. Unless you want to upgrade your kernel (and a few other things), stick with ppp 2.3.x. On Wednesday 13 June 2001 14:45, Michael C. Watz wrote: > I am currently trying to get encryption working on my Linux PPTP > server. I have gone through the PoPToP-RedHat-HOWTO.txt and currently > have got the PPTP connection working without encryption. > > Here is my question: the instructions for patching the ppp deaemon are > for ppp-2.3.11. I'm working with ppp-2.4.1. I've downloaded the > MSCHAP/MPPE patch ppp-2.4.1-openssl-0.9.6-mppe-patch and the mppe > compressed data patch ppp_mppe_compressed_data_fix.diff. I have no > problem applying the ppp-openssl patch, but when I get to the mppe > compressed data fix it appears to be looking for the file ppp_mppe.c, > which I don't find anywhere. > > Is this something which should be obvious to me? Is there no need to > apply the ppp_mppe_compressed..... patch with the newer version of > pppd? Should I have done something else first? > > Details: > RedHat 6.2 > pptpd-1.0.1-1 > ppp-2.4.1 > ppp-2.4.1-openssl-0.9.6-mppe-patch > ppp_mppe_compressed_data_fix.diff > > Thanks, > > -Michael C. Watz- From teastep at seattlefirewall.dyndns.org Wed Jun 13 15:13:44 2001 From: teastep at seattlefirewall.dyndns.org (Tom Eastep) Date: Wed, 13 Jun 2001 13:13:44 -0700 Subject: [pptp-server] Trying to apply ppp_mppe_compressed_data_fix.diff In-Reply-To: <3B27C2CE.ABF0D952@telesynthesis.com> References: <3B27C2CE.ABF0D952@telesynthesis.com> Message-ID: <01061313134400.01109@ursa.seattlefirewall.dyndns.org> On Wednesday 13 June 2001 12:45, you wrote: > I am currently trying to get encryption working on my Linux PPTP > server. I have gone through the PoPToP-RedHat-HOWTO.txt and currently > have got the PPTP connection working without encryption. > > Here is my question: the instructions for patching the ppp deaemon are > for ppp-2.3.11. I'm working with ppp-2.4.1. I've downloaded the > MSCHAP/MPPE patch ppp-2.4.1-openssl-0.9.6-mppe-patch and the mppe > compressed data patch ppp_mppe_compressed_data_fix.diff. I have no > problem applying the ppp-openssl patch, but when I get to the mppe > compressed data fix it appears to be looking for the file ppp_mppe.c, > which I don't find anywhere. > ppp_mppe.c is created in your kernel source tree when you apply linux-2.4.0-openssl-0.9.6-mppe.patch. -Tom -- Tom Eastep \ tom at seattlefirewall.dyndns.org ICQ #60745924 \ http://seattlefirewall.dyndns.org Shoreline, Washington \__________________________________________ From lists at earthling.2y.net Wed Jun 13 16:35:25 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 13 Jun 2001 17:35:25 -0400 (EDT) Subject: [pptp-server] Maximum number of simultaneous connections In-Reply-To: Message-ID: I would assume this is limited only by Linux. You could check the ppp driver to see how many instances it can support. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 12 Jun 2001, John Graumann wrote: > > > What is the maximum number of clients that can be connected at once ? Would > this be a limitation of PoPToP, or a limitation of the maximum number of > interfaces in Linux (and if so, what would that be) ? > > A certain application we are working on requires that a large number clients > be allowed to connect at once. Is there a hard limit, or is it hardware > (memory) dependant ? > > Thanks, > John Graumann > > jgraumann at norsat.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Wed Jun 13 16:35:59 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 13 Jun 2001 17:35:59 -0400 (EDT) Subject: [pptp-server] Subnet mask Question In-Reply-To: Message-ID: Thats what ya get for it being windoze... Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 12 Jun 2001, Charlie Brady wrote: > > > > On Tue, 12 Jun 2001, Justin Kreger wrote: > > > Windows likes to make assumptions. In most cases, it will just assume a 8 > > bit mask for 10.x.x.x, 16 bits for 172.16-32.x.x, and 24 bits for > > 192.168.x.x > > How dare it!!! GGrrrr!!!!!!!!! > > Charlie Brady charlieb at e-smith.com > http://www.e-smith.org (development) http://www.e-smith.com (corporate) > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Wed Jun 13 16:37:26 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 13 Jun 2001 17:37:26 -0400 (EDT) Subject: [pptp-server] Browsing and Net View/mapping not working with W2k but yes w/ w98se (long) In-Reply-To: <000a01c0f3cd$e6aa4e60$f11e0041@cht.private> Message-ID: whats in your ppp options file? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 12 Jun 2001, Jay T. McCanta wrote: > > > One more piece of info. smbclient from linux host to windows2000 host > works. and the traffic shows up in the tcpdump. > > > ----- Original Message ----- > From: "Jay T. McCanta" > To: > Sent: Tuesday, June 12, 2001 10:35 PM > Subject: RE: [pptp-server] Browsing and Net View/mapping not working with > W2k but yes w/ w98se (long) > > > > > > > > Using tcpdump -s 0 -i ppp0 on the linux box, I see ZERO traffic when I do > a > > NET VIEW \\192.168.0.1 According to MS, that should side step name > > resolutions. Of course, I get error 53 on the W2K box. If I ping, I see > > the traffic in my tcpdump. I see some name broadcasting over the line as > > well, but ZERO traffic when I do the net view with either and address or a > > name. I have tried it with "Use remote default gateway" checked and > > unchecked. Does this ring a bell somewhere? > > > > Jay > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From awdavis at waretec.com Wed Jun 13 20:52:18 2001 From: awdavis at waretec.com (Andrew W. Davis) Date: Wed, 13 Jun 2001 20:52:18 -0500 Subject: [pptp-server] Maximum number of simultaneous connections In-Reply-To: ; from lists@earthling.2y.net on Wed, Jun 13, 2001 at 05:35:25PM -0400 References: Message-ID: <20010613205218.A31274@falcon.waretec.com> Someone here on the list actually figgured this once in another thread. The amount of the connections is limited but I believe it was above the 5000 mark. Hope this helps, Andrew On Tue, 12 Jun 2001, John Graumann wrote: > > > > > > > What is the maximum number of clients that can be connected at once ? Would > > this be a limitation of PoPToP, or a limitation of the maximum number of > > interfaces in Linux (and if so, what would that be) ? > > > > A certain application we are working on requires that a large number clients > > be allowed to connect at once. Is there a hard limit, or is it hardware > > (memory) dependant ? > > > > Thanks, > > John Graumann > > > > jgraumann at norsat.com > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From max at mail.opt.pf Wed Jun 13 21:24:55 2001 From: max at mail.opt.pf (FAIVRE Max) Date: Wed, 13 Jun 2001 16:24:55 -1000 Subject: [pptp-server] Unsuscribing Message-ID: <005a01c0f479$338135e0$3b0715ac@faivmax1> Could you please unsuscribe me from your mailing list ? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From neale at lowendale.com.au Wed Jun 13 22:57:32 2001 From: neale at lowendale.com.au (Neale Banks) Date: Thu, 14 Jun 2001 13:57:32 +1000 (EST) Subject: [pptp-server] Maximum number of simultaneous connections In-Reply-To: <20010613205218.A31274@falcon.waretec.com> Message-ID: On Wed, 13 Jun 2001, Andrew W. Davis wrote: > Someone here on the list actually figgured this once in another thread. The > amount of the connections is limited but I believe it was above the 5000 mark. That'll most likely be memory limitations. However, there are other practical limitations, as exemplified in this snippet from linux-2.2.19-orig/net/core/dev.c: ========================================================================= /* * Passed a format string - eg "lt%d" it will try and find a suitable * id. Not efficient for many devices, not called a lot.. */ int dev_alloc_name(struct device *dev, const char *name) { int i; /* * If you need over 100 please also fix the algorithm... */ for(i=0;i<100;i++) { sprintf(dev->name,name,i); if(dev_get(dev->name)==NULL) return i; } return -ENFILE; /* Over 100 of the things .. bail out! */ } ========================================================================= FWIW, it has the same <=100 limitation in linux-2.4.5. Regards, Neale. From ismandya at sains.com.my Wed Jun 13 22:45:41 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Thu, 14 Jun 2001 11:45:41 +0800 Subject: [pptp-server] stubborn local ip assign Message-ID: <3B283365.ADC87A7A@sains.com.my> Allo guys, I just get my windogs client to connect to my linux box. Great!.Thanks to those help me. But I do still have some problem here. Inside my /etc/pptpd.conf I have assigned the local IP for my pppd connection, but it is so stubborn to follow the rule. I have insert an IP at the end of my /etc/ppp/options.pptp(see below). BUT, IF I TAKE THIS IP AWAY FROM THE /etc/ppp/options.pptp, my windows will give me error 720. Below are my configs file. I have compile my poptop1.1.1 to use IP alloc --------------- with this connection, my local IP shall be 192.168.1.1(it should be 192.168.1.11) and the remote ip is 192.168.1.21 [root at kgsnt3 kukulkan]# cat /etc/pptpd.conf debug speed 115200 option /etc/ppp/options.pptp localip 192.168.1.11 remoteip 192.168.1.21 [root at kgsnt3 ppp]# cat /etc/ppp/options.pptp debug name kgsnt3 mru 1450 mtu 1450 auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless #require-mppe #require-mppe-stateless 192.168.1.1: <-- If I take this out, the whole thing would n't work! -------------- next part -------------- An HTML attachment was scrubbed... URL: From awdavis at waretec.com Thu Jun 14 02:26:13 2001 From: awdavis at waretec.com (Andrew W. Davis) Date: Thu, 14 Jun 2001 02:26:13 -0500 Subject: [pptp-server] Maximum number of simultaneous connections In-Reply-To: ; from neale@lowendale.com.au on Thu, Jun 14, 2001 at 01:57:32PM +1000 References: <20010613205218.A31274@falcon.waretec.com> Message-ID: <20010614022613.A31466@falcon.waretec.com> On Thu, Jun 14, 2001 at 01:57:32PM +1000, Neale Banks wrote: > > That'll most likely be memory limitations. > Actually if I rember correctly, the main limitations on a large scale were Unix98 PTY and Kernel. Thanks, Andrew P.S. - Justin...when does the code start?? ;) From lists at earthling.2y.net Thu Jun 14 06:31:19 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 14 Jun 2001 07:31:19 -0400 (EDT) Subject: [pptp-server] Maximum number of simultaneous connections In-Reply-To: <20010614022613.A31466@falcon.waretec.com> Message-ID: what code? the auth code? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 14 Jun 2001, Andrew W. Davis wrote: > > > On Thu, Jun 14, 2001 at 01:57:32PM +1000, Neale Banks wrote: > > > > That'll most likely be memory limitations. > > > > Actually if I rember correctly, the main limitations on a large scale were > Unix98 PTY and Kernel. > > Thanks, > Andrew > > P.S. - Justin...when does the code start?? ;) > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From GeorgeV at citadelcomputer.com.au Thu Jun 14 20:23:33 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 15 Jun 2001 11:23:33 +1000 Subject: [pptp-server] howto for ppp-mppe 2.4.x? Message-ID: <200FAA488DE0D41194F10010B597610D0125FD@JUPITER> Hi Y'all, I'm doing my first (virgin) install of PPTPD on a 2.4.4 kernel. Upgrading to 2.4.5 for PPTPD unless someone says "NO". Following the links mentioned blow leads to a dead/closed ftp server (ftp.binarix.com and linuxcare.com.au which is weird...???) Has anybody got all the good links to all the necessary files for PPTPD and it patches... poptop.lineo.com isn't updated as far as I can see.... thanks, George. > -----Original Message----- > From: Santtu Hyrkk? [SMTP:santtu.hyrkko at hut.fi] > Sent: Monday, February 26, 2001 3:03 AM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] howto for ppp-mppe 2.4.x? > > "C. Thomas" writes: > > > If anyone has successfully gotten ppp-mppe encryption > > support under kernel 2.4.x working, could you please > > post a short "howto" for my (and others') benefit? > > Sure, > > Get the following patches from ftp://ftp.binarix.com/pub/ppp-mppe/ > > linux-2.4.0-openssl-0.9.6-mppe.patch > ppp-2.4.0-openssl-0.9.6-mppe.patch > > Get ppp-2.4.0.tar.gz from ftp://linuxcare.com.au/pub/ppp > Get linux kernel from the usual places. > > Apply linux-xxx.patch to kernel and compile. In configuration, select > all the PPP stuff as modules. Apply ppp-xxx.patch to ppp-2.4.0, > compile, install. Boot new kernel. > > Add following lines to /etc/ppp/options > > mppe-40 > mppe-128 > mppe-stateless > > Put "alias ppp-compress-18 ppp_mppe" to modutils configuration if you > want to have mppe module loaded automatically. > > -- > Santtu Hyrkk? > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From berzerke at swbell.net Thu Jun 14 21:44:23 2001 From: berzerke at swbell.net (robert) Date: Thu, 14 Jun 2001 21:44:23 -0500 Subject: [pptp-server] howto for ppp-mppe 2.4.x? In-Reply-To: <200FAA488DE0D41194F10010B597610D0125FD@JUPITER> References: <200FAA488DE0D41194F10010B597610D0125FD@JUPITER> Message-ID: <01061421442300.22239@linux> http://mirror.binarix.com/ppp-mppe/ is the new site for the patches. As for ppp source, I can't connect either. Could be just a temporary outage. I can send you ppp-2.4.0 if you can't wait or find it elsewhere. Also, there is a 2.4 kernel howto at http://home.swbell.net/berzerke, although I need to do a little updating. However, I live in Houston, and with the floods, I've been busy elsewhere. On Thursday 14 June 2001 20:23, George Vieira wrote: > Hi Y'all, > > I'm doing my first (virgin) install of PPTPD on a 2.4.4 kernel. Upgrading > to 2.4.5 for PPTPD unless someone says "NO". > > Following the links mentioned blow leads to a dead/closed ftp server > (ftp.binarix.com and linuxcare.com.au which is weird...???) > > Has anybody got all the good links to all the necessary files for PPTPD and > it patches... > > poptop.lineo.com isn't updated as far as I can see.... > > thanks, > > George. > > > -----Original Message----- > > From: Santtu Hyrkk? [SMTP:santtu.hyrkko at hut.fi] > > Sent: Monday, February 26, 2001 3:03 AM > > To: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] howto for ppp-mppe 2.4.x? > > > > "C. Thomas" writes: > > > If anyone has successfully gotten ppp-mppe encryption > > > support under kernel 2.4.x working, could you please > > > post a short "howto" for my (and others') benefit? > > > > Sure, > > > > Get the following patches from ftp://ftp.binarix.com/pub/ppp-mppe/ > > > > linux-2.4.0-openssl-0.9.6-mppe.patch > > ppp-2.4.0-openssl-0.9.6-mppe.patch > > > > Get ppp-2.4.0.tar.gz from ftp://linuxcare.com.au/pub/ppp > > Get linux kernel from the usual places. > > > > Apply linux-xxx.patch to kernel and compile. In configuration, select > > all the PPP stuff as modules. Apply ppp-xxx.patch to ppp-2.4.0, > > compile, install. Boot new kernel. > > > > Add following lines to /etc/ppp/options > > > > mppe-40 > > mppe-128 > > mppe-stateless > > > > Put "alias ppp-compress-18 ppp_mppe" to modutils configuration if you > > want to have mppe module loaded automatically. > > > > -- > > Santtu Hyrkk? > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From mjo at pbj.dk Fri Jun 15 03:47:03 2001 From: mjo at pbj.dk (Mikael Johnsen) Date: Fri, 15 Jun 2001 10:47:03 +0200 Subject: [pptp-server] Graphic interface Message-ID: <1DA605F7E2EAD411B7A9009027DDD2C303E428@PBJ-EXCHG> Hi Guys Thanks to you, my VPN is working perfect But I do have one question, how can I see those users, who are log on via VPN, is there some kind of graphic interface/program I can use Another question, I'm also using ipchains as a firewall, I miss some statistics in graphs or so, which program can I use Med venlig hilsen / Best regards Mikael Johnsen Systemadministrator / System Administrator PBJ Consult A/S Phone: +45 43 62 74 00 Roholmsvej 10 G Fax: +45 43 62 74 24 DK-2620 Albertslund Email: mailto:mjo at pbj.dk Homepage: www.pbj.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: From serpent1984 at dingoblue.net.au Fri Jun 15 16:10:06 2001 From: serpent1984 at dingoblue.net.au (Serpent) Date: Sat, 16 Jun 2001 07:10:06 +1000 Subject: [pptp-server] Web Hosting References: Message-ID: <000e01c0f5df$8e0e7c40$076e8ec6@home> Hi, this might seem a bit wierd but heh i've got a server at an isp and i'm offering web hosting deals $15 per month, subdomain, all the features, fast connection Thanx.. From mjo at pbj.dk Fri Jun 15 04:26:44 2001 From: mjo at pbj.dk (Mikael Johnsen) Date: Fri, 15 Jun 2001 11:26:44 +0200 Subject: [pptp-server] New questions - Sorry Message-ID: <1DA605F7E2EAD411B7A9009027DDD2C303E429@PBJ-EXCHG> Hi Guys Thanks to you, my VPN is working perfect But I do have one question, how can I see those users, who are log on via VPN, is there some kind of graphic interface/program I can use Another question, I'm also using ipchains as a firewall, I miss some statistics in graphs or so, which program can I use Med venlig hilsen / Best regards Mikael Johnsen Systemadministrator / System Administrator PBJ Consult A/S Phone: +45 43 62 74 00 Roholmsvej 10 G Fax: +45 43 62 74 24 DK-2620 Albertslund Email: mailto:mjo at pbj.dk Homepage: www.pbj.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at earthling.2y.net Fri Jun 15 05:30:47 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 15 Jun 2001 06:30:47 -0400 (EDT) Subject: [pptp-server] Web Hosting In-Reply-To: <000e01c0f5df$8e0e7c40$076e8ec6@home> Message-ID: Ok..... Ya think it's time to get the list closed(where only members can post)? Or get somebody's account pulled for spamming? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Sat, 16 Jun 2001, Serpent wrote: > > > Hi, this might seem a bit wierd but heh > > i've got a server at an isp and i'm offering web hosting deals > > $15 per month, subdomain, all the features, fast connection > > Thanx.. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From JaminC at adapt-tele.com Fri Jun 15 07:04:19 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 15 Jun 2001 07:04:19 -0500 Subject: [pptp-server] Web Hosting Message-ID: Justin Kreger [mailto:lists at earthling.2y.net] wrote: > Ok..... Ya think it's time to get the list closed(where only > members can post)? Or get somebody's account pulled for spamming? I'm voting both of the above. Jamin W. Collins From abonnet at idsmicronet.com Fri Jun 15 18:25:22 2001 From: abonnet at idsmicronet.com (antoine BONNET) Date: Fri, 15 Jun 2001 20:25:22 -0300 Subject: [pptp-server] pptp through LRP Message-ID: <000e01c0f5f2$734b7670$17000a0a@antoine> hi everybody, does anyone know howto redirect pptp (protocol 47) with a LRP. i know i can use ipfwd but i can't integrate it in my LRP. Is another way to do... excuse my bad english... thanks and a+ on the web -------------- next part -------------- An HTML attachment was scrubbed... URL: From JaminC at adapt-tele.com Fri Jun 15 19:54:50 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 15 Jun 2001 19:54:50 -0500 Subject: [pptp-server] Empty Postings Message-ID: Anyone else been getting empty posts from this list lately? Jamin W. Collins From lists at earthling.2y.net Fri Jun 15 20:27:32 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 15 Jun 2001 21:27:32 -0400 (EDT) Subject: [pptp-server] Empty Postings In-Reply-To: Message-ID: yeah... I am... Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Fri, 15 Jun 2001, Jamin Collins wrote: > > > Anyone else been getting empty posts from this list lately? > > Jamin W. Collins > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jvonau at home.com Fri Jun 15 20:30:32 2001 From: jvonau at home.com (Jerry Vonau) Date: Fri, 15 Jun 2001 20:30:32 -0500 Subject: [pptp-server] Empty Postings References: Message-ID: <3B2AB6B8.D771AE17@home.com> your not alone.......... Jamin Collins wrote: > Anyone else been getting empty posts from this list lately? > > Jamin W. Collins > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From max at mail.opt.pf Sat Jun 16 04:59:15 2001 From: max at mail.opt.pf (FAIVRE Max) Date: Fri, 15 Jun 2001 23:59:15 -1000 Subject: [pptp-server] UNSUSCRIBE Message-ID: <005801c0f64b$00c403c0$3b0715ac@faivmax1> -------------- next part -------------- An HTML attachment was scrubbed... URL: From serpent1984 at dingoblue.net.au Sat Jun 16 18:16:24 2001 From: serpent1984 at dingoblue.net.au (Serpent) Date: Sun, 17 Jun 2001 09:16:24 +1000 Subject: [pptp-server] UNSUSCRIBE References: <005801c0f64b$00c403c0$3b0715ac@faivmax1> Message-ID: <001101c0f6ba$5d7b8560$f8f78ec6@home> ----- Original Message ----- From: "FAIVRE Max" To: Sent: Saturday, June 16, 2001 7:59 PM Subject: [pptp-server] UNSUSCRIBE > From nicolas.lienard at free.fr Sat Jun 16 06:16:32 2001 From: nicolas.lienard at free.fr (nicolas.lienard at free.fr) Date: Sat, 16 Jun 2001 13:16:32 +0200 (MEST) Subject: [pptp-server] UNSUSCRIBE Message-ID: <992690192.3b2b40108fcde@imp.free.fr> From nesarasys at vsnl.com Sat Jun 16 10:54:06 2001 From: nesarasys at vsnl.com (nesara Systems) Date: Sat, 16 Jun 2001 21:24:06 +0530 Subject: [pptp-server] PLEASE HELP ME Message-ID: <000a01c0f67c$9373eec0$2901a8c0@tvap> PLEASE HELP ME UNSUBSCRIBE THIS LIST I am sending a mail to every one since a month! Please help! tvap at email.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From tvap at email.com Sat Jun 16 11:02:12 2001 From: tvap at email.com (TVAP) Date: Sat, 16 Jun 2001 21:32:12 +0530 Subject: [pptp-server] PLEASE HELP !!!! References: <86256A65.000D26BB.00@amoa.org> <200106121325320340.00080303@giasbg01.vsnl.net.in> Message-ID: <200106162132120490.00787D38@giasbg01.vsnl.net.in> PLEASE HELP ME UNSUBSCRIBE THIS LIST tvap at email.com From worm at cfl.rr.com Sat Jun 16 12:14:26 2001 From: worm at cfl.rr.com (Brett Van Wormer) Date: Sat, 16 Jun 2001 13:14:26 -0400 Subject: [pptp-server] Unsuscribing References: <005a01c0f479$338135e0$3b0715ac@faivmax1> Message-ID: <00cb01c0f687$cc1dd960$94842141@cfl.rr.com> ----- Original Message ----- From: "FAIVRE Max" To: Sent: Wednesday, June 13, 2001 10:24 PM Subject: [pptp-server] Unsuscribing > From JaminC at adapt-tele.com Sat Jun 16 13:38:28 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Sat, 16 Jun 2001 13:38:28 -0500 Subject: [pptp-server] PLEASE HELP !!!! Message-ID: TVAP [mailto:tvap at email.com] wrote: > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! When will people learn to read the footer of the messages for things like this? Go to the site listed at the bottom of every message and follow the frikken instructions. Simple, simple, simple. Jamin W. Collins From lists at earthling.2y.net Sat Jun 16 13:15:30 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 16 Jun 2001 14:15:30 -0400 (EDT) Subject: [pptp-server] PLEASE HELP !!!! In-Reply-To: Message-ID: I'm wondering if somebody is just adding people to the list for some stupid reason.... Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Sat, 16 Jun 2001, Jamin Collins wrote: > > > TVAP [mailto:tvap at email.com] wrote: > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > When will people learn to read the footer of the messages for things like > this? Go to the site listed at the bottom of every message and follow the > frikken instructions. Simple, simple, simple. > > Jamin W. Collins > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From berzerke at swbell.net Sat Jun 16 19:44:50 2001 From: berzerke at swbell.net (robert) Date: Sat, 16 Jun 2001 19:44:50 -0500 Subject: [pptp-server] PLEASE HELP !!!! In-Reply-To: References: Message-ID: <01061619445002.06264@linux> It has been done in the past (with other lists), mostly as a practical joke or just to annoy people. However, since most lists nowadays require confirmation, that should be the source of the problem. On Saturday 16 June 2001 13:15, Justin Kreger wrote: > I'm wondering if somebody is just adding people to the list for some > stupid reason.... > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > On Sat, 16 Jun 2001, Jamin Collins wrote: > > TVAP [mailto:tvap at email.com] wrote: > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > When will people learn to read the footer of the messages for things like > > this? Go to the site listed at the bottom of every message and follow the > > frikken instructions. Simple, simple, simple. > > > > Jamin W. Collins > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From pptp at szczepanek.de Sun Jun 17 02:15:23 2001 From: pptp at szczepanek.de (Torge Szczepanek) Date: Sun, 17 Jun 2001 09:15:23 +0200 Subject: [pptp-server] Maximum number of simultaneous connections References: Message-ID: <3B2C590B.9000402@szczepanek.de> Neale Banks wrote: > That'll most likely be memory limitations. > > However, there are other practical limitations, as exemplified in this > snippet from linux-2.2.19-orig/net/core/dev.c: > * If you need over 100 please also fix the algorithm... > FWIW, it has the same <=100 limitation in linux-2.4.5. Okay. But how to break this limitation of 100 ppp devices? Simply increasing the number in the for loop may not be enough, as it is written in the kernel. Any suggenstions? -- Torge Szczepanek From child at child.net.au Mon Jun 18 00:24:18 2001 From: child at child.net.au (Child) Date: Sun, 17 Jun 2001 22:24:18 -0700 Subject: [pptp-server] VPN connection dying Message-ID: <5.0.0.25.0.20010617222309.00a78bf0@mx.child.net.au> dear all I get a VPN from my win98 box everything works for for a few minutes then traffic stops why???? even trying to bring the connect back up fails what am I doing wrong thanks From lehucher at avancenet.com Sun Jun 17 11:08:38 2001 From: lehucher at avancenet.com (J.B. Lehucher) Date: Sun, 17 Jun 2001 18:08:38 +0200 Subject: [pptp-server] Help VPN !! Message-ID: <3B2CD606.E5DBBAA2@avancenet.com> Hi, I'm running on debian 2.2.18 pre 21 I try to establish a PPTP VPN between a linux PoPToP server and a Netopia R910 client Both Internet links are DSL and work well Daemon.log Jun 17 16:18:28 equibox pptpd[26063]: MGR: Launching /usr/sbin/pptpctrl to handle client Jun 17 16:18:28 equibox pptpd[26063]: CTRL: local address = 192.168.0.129 Jun 17 16:18:28 equibox pptpd[26063]: CTRL: remote address = 192.168.0.132 Jun 17 16:18:28 equibox pptpd[26063]: CTRL: pppd speed = 115200 Jun 17 16:18:28 equibox pptpd[26063]: CTRL: pppd options file = /etc/ppp/options.pptpd Jun 17 16:18:28 equibox pptpd[26063]: CTRL: Client 193.251.57.183 control connection started Jun 17 16:18:28 equibox pptpd[26063]: CTRL: Received PPTP Control Message (type: 1) Jun 17 16:18:28 equibox pptpd[26063]: CTRL: Made a START CTRL CONN RPLY packet Jun 17 16:18:28 equibox pptpd[26063]: CTRL: I wrote 156 bytes to the client. Jun 17 16:18:28 equibox pptpd[26063]: CTRL: Sent packet to client Jun 17 16:18:28 equibox pptpd[26063]: CTRL: Received PPTP Control Message (type: 7) Jun 17 16:18:28 equibox pptpd[26063]: CTRL: Set parameters to 152 maxbps, 16 window size Jun 17 16:18:28 equibox pptpd[26063]: CTRL: Made a OUT CALL RPLY packet Jun 17 16:18:28 equibox pptpd[26063]: CTRL: Starting call (launching pppd, opening GRE) Jun 17 16:18:28 equibox pptpd[26063]: CTRL: pty_fd = 5 Jun 17 16:18:28 equibox pptpd[26063]: CTRL: tty_fd = 6 Jun 17 16:18:28 equibox pptpd[26064]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 17 16:18:28 equibox pptpd[26064]: CTRL (PPPD Launcher): local address = 192.168.0.129 Jun 17 16:18:28 equibox pptpd[26064]: CTRL (PPPD Launcher): remote address = 192.168.0.132 Jun 17 16:18:28 equibox pptpd[26063]: CTRL: I wrote 32 bytes to the client. Jun 17 16:18:28 equibox pptpd[26063]: CTRL: Sent packet to client Jun 17 16:18:28 equibox pptpd[26063]: CTRL: Received PPTP Control Message (type: 15) Jun 17 16:18:28 equibox pptpd[26063]: CTRL: Got a SET LINK INFO packet with standard ACCMs Jun 17 16:18:28 equibox pptpd[26063]: GRE: Discarding duplicate packet Jun 17 16:18:35 equibox pptpd[26063]: CTRL: Received PPTP Control Message (type: 5) Jun 17 16:18:35 equibox pptpd[26063]: CTRL: Made a ECHO RPLY packet Jun 17 16:18:35 equibox pptpd[26063]: CTRL: I wrote 20 bytes to the client. Jun 17 16:18:35 equibox pptpd[26063]: CTRL: Sent packet to client Jun 17 16:18:58 equibox pptpd[26042]: MGR: Reaped child 26063 Jun 17 16:18:58 equibox pptpd[26063]: CTRL: Received PPTP Control Message (type: 12) Jun 17 16:18:58 equibox pptpd[26063]: CTRL: Made a CALL DISCONNECT RPLY packet Jun 17 16:18:58 equibox pptpd[26063]: CTRL: Received CALL CLR request (closing call) Jun 17 16:18:58 equibox pptpd[26063]: CTRL: I wrote 148 bytes to the client. Jun 17 16:18:58 equibox pptpd[26063]: CTRL: Sent packet to client Jun 17 16:18:58 equibox pptpd[26063]: CTRL: Error with select(), quitting Jun 17 16:18:58 equibox pptpd[26063]: CTRL: Client 193.251.57.183 control connection finished Jun 17 16:18:58 equibox pptpd[26063]: CTRL: Exiting now Options.pptp lock debug auth +chap proxyarp And the log : Pptp.conf speed 115200 option /etc/ppp/options.pptpd debug localip 192.168.0.128-130 remoteip 192.168.0.131-159 The connection starts well but finally stop from a client initiative through a Type 12 request I wonder if it could be due to the encryption mppe that should be mandatory for the netopia R910 and which is not installed on PoPToP server ? None of my tests with Windows 2000 client behind the Netopia router where successfull. I am not sure about these issues : - remote and local addresses for client and serveur (including mask, should the subnet between them be the same C class ?) - pptpd options configuration So, should I install the patches for a PPP encryption protocol ? Thank in advance jbl -------------- next part -------------- An HTML attachment was scrubbed... URL: From neale at lowendale.com.au Sun Jun 17 19:38:45 2001 From: neale at lowendale.com.au (Neale Banks) Date: Mon, 18 Jun 2001 10:38:45 +1000 (EST) Subject: [pptp-server] Maximum number of simultaneous connections In-Reply-To: <3B2C590B.9000402@szczepanek.de> Message-ID: On Sun, 17 Jun 2001, Torge Szczepanek wrote: > Neale Banks wrote: > > > That'll most likely be memory limitations. > > > > However, there are other practical limitations, as exemplified in this > > snippet from linux-2.2.19-orig/net/core/dev.c: > > * If you need over 100 please also fix the algorithm... > > > > FWIW, it has the same <=100 limitation in linux-2.4.5. > > Okay. But how to break this limitation of 100 ppp devices? Simply > increasing the number in the for loop may not be enough, as it is > written in the kernel. Any suggenstions? I didn't read anything sinister into it, just that the existing strategy of a serial serach for the first available free dev# works ok for a small number[1] of devices but doesn't scale for larger numbers devices (i.e. increasing the (somewhat arbitrary) limit of 100 would probably "work" but not perform acceptably). Think of a file system in need of a block for a file - if each time we needed a block it was to sequentially search all the blocks on disk (or even just an index thereof) performance would be most likely *horrible*. File systems don't do it this way - they maintain a "free list". I'd guess that for >>100 devices a free list of some kind could be a Good Thing (the nature of such free list being left as an "exercise for the reader" ;-). HTH, Neale. [1] the existing kernel code obviously implies that suitable values of small are < 100. From johnf at inodes.org Sun Jun 17 19:53:22 2001 From: johnf at inodes.org (John Ferlito) Date: Mon, 18 Jun 2001 10:53:22 +1000 Subject: [pptp-server] Logging onto a Domain Controller Message-ID: <20010618105322.B11293@inodes.org> I'm sure this has come up before but can;t find it in the aarchives. Setup as follows PDC Linux/PPTPD VPN Laptop 192.168.0.80 <----> 192.168.0.1<--------------->192.168.0.90 Now the laptop is using 192.168.0.80 as a wins server. But I can;t seem to get it to log on to the domain. I've tried a few things but haven't really gotten anymore. Is it actually possible for this to work or a broadcast packets involved when it comes to PDC's and you can;t do it? -- John Ferlito Senior Engineer - Bulletproof Networks ph: +61 (0) 410 519 382 http://www.bulletproof.net.au/ From GeorgeV at citadelcomputer.com.au Sun Jun 17 21:46:45 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 18 Jun 2001 12:46:45 +1000 Subject: [pptp-server] Logging onto a Domain Controller Message-ID: <200FAA488DE0D41194F10010B597610D012618@JUPITER> If your running WIndows NT you can click on the "Log in using Dialup Networking" at the login prompt and just select the PPTP dial up link... have you tried that? > -----Original Message----- > From: John Ferlito [SMTP:johnf at inodes.org] > Sent: Monday, June 18, 2001 10:53 AM > To: PPTP LIST > Subject: [pptp-server] Logging onto a Domain Controller > > > > I'm sure this has come up before but can;t find it in the > aarchives. > > Setup as follows > > PDC Linux/PPTPD VPN Laptop > 192.168.0.80 <----> 192.168.0.1<--------------->192.168.0.90 > > Now the laptop is using 192.168.0.80 as a wins server. But I can;t seem > to get it to log on to the domain. I've tried a few things but haven't > really gotten anymore. Is it actually possible for this to work or a > broadcast packets involved when it comes to PDC's and you can;t do it? > > > -- > John Ferlito > Senior Engineer - Bulletproof Networks > ph: +61 (0) 410 519 382 > http://www.bulletproof.net.au/ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From tvap at email.com Mon Jun 18 00:34:30 2001 From: tvap at email.com (TVAP) Date: Mon, 18 Jun 2001 11:04:30 +0530 Subject: [pptp-server] Pl. Help members! Help me Unsubscribe Message-ID: <200106181104300030.0023AEED@giasbg01.vsnl.net.in> Dear Members, I do not know who the admin of this list server is! He must be sleeping or gone to Space on a Russian holiday! Please wake up the admin and make him understand that list membership is not a one way trip! I do not want to get in this list. My mail box is having problems with this list. I am sending this mail to all members to check if anyone knows who the admin is and when is he returning to earth! Thanks for bearing this anguished mail. - tvap at email.com From GeorgeV at citadelcomputer.com.au Mon Jun 18 02:14:26 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 18 Jun 2001 17:14:26 +1000 Subject: [pptp-server] 2.4.5 and mppe patches. Message-ID: <200FAA488DE0D41194F10010B597610D012622@JUPITER> Hi all, I'm trying to find a well documented site for these 2.4 kernel installs of pptpd. I'm at the mppe patch level and the site at http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt it only shows 1 patch and that's it... is there suppose to be more? I'm getting Jun 18 17:06:33 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 18 17:06:34 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Can somebody who has successfully configured mppe help me out or point to a well doco'd site. someone REALLY has to update poptop.lineo.com , it's starting to annoy me.. ;-) thanks, George Vieira Network Engineer Citadel Computer Systems P/L From worm at cfl.rr.com Mon Jun 18 05:03:53 2001 From: worm at cfl.rr.com (Brett Van Wormer) Date: Mon, 18 Jun 2001 06:03:53 -0400 Subject: [pptp-server] Unsubscribe!!!!!!! References: Message-ID: <001b01c0f7dd$fd4710e0$3f162341@cfl.rr.com> From lists at earthling.2y.net Mon Jun 18 05:14:52 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Mon, 18 Jun 2001 06:14:52 -0400 (EDT) Subject: [pptp-server] Pl. Help members! Help me Unsubscribe In-Reply-To: <200106181104300030.0023AEED@giasbg01.vsnl.net.in> Message-ID: click the link at the bottom of one of the emails, have the webpage email you your password, you can then unsubscribe Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Mon, 18 Jun 2001, TVAP wrote: > > > Dear Members, > > I do not know who the admin of this list server is! He must be sleeping or gone to Space on a Russian holiday! > > Please wake up the admin and make him understand that list membership is not a one way trip! I do not want to get in this list. My mail box is having problems with this list. > > I am sending this mail to all members to check if anyone knows who the admin is and when is he returning to earth! > > Thanks for bearing this anguished mail. > > - tvap at email.com > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From berzerke at swbell.net Mon Jun 18 09:06:01 2001 From: berzerke at swbell.net (robert) Date: Mon, 18 Jun 2001 09:06:01 -0500 Subject: [pptp-server] 2.4.5 and mppe patches. In-Reply-To: <200FAA488DE0D41194F10010B597610D012622@JUPITER> References: <200FAA488DE0D41194F10010B597610D012622@JUPITER> Message-ID: <01061809060101.03962@linux> Actually it does show 2. However, one is for the kernel, and the other is for pppd. You did patch pppd right?? On Monday 18 June 2001 02:14, George Vieira wrote: > Hi all, > > I'm trying to find a well documented site for these 2.4 kernel installs of > pptpd. > > I'm at the mppe patch level and the site at > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt it only shows 1 > patch and that's it... is there suppose to be more? > > I'm getting > Jun 18 17:06:33 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 18 17:06:34 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > > Can somebody who has successfully configured mppe help me out or point to a > well doco'd site. > > someone REALLY has to update poptop.lineo.com , it's starting to annoy me.. > ;-) > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From JSchmitt at interstarinc.com Mon Jun 18 09:32:29 2001 From: JSchmitt at interstarinc.com (Jean-Luc Schmitt) Date: Mon, 18 Jun 2001 10:32:29 -0400 Subject: [pptp-server] PPTP and Windows network browsing. Message-ID: <7EDA5140F315D311B3E8006094B90AEA8DDA1F@mail.interstarinc.com> Hi all, I'm using poptop and I'm very satisfy with, I experience no real problem I'm just wondering how to do, to see the network neighborhood in windows (W2K) the only way I can browse a computer is using \\computername\c$ Is there a solution ? using Samba ? Thanks Jean-Luc From john at snake.supranet.net Mon Jun 18 10:45:07 2001 From: john at snake.supranet.net (John Heyer) Date: Mon, 18 Jun 2001 10:45:07 -0500 (CDT) Subject: [pptp-server] PPTP and Windows network browsing. In-Reply-To: <7EDA5140F315D311B3E8006094B90AEA8DDA1F@mail.interstarinc.com> Message-ID: The FAQ has instructions, but it's written for an NT, not 2000 environment (http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt) You may be stuck having to do hosts files. Samba would probably be the way to go. Something like this in your smb.conf file may do the trick: local master = yes browse list = yes remote announce = 192.168.0.255 -- Johh Heyer - john at personal.supranet.net - http://heyer.supranet.net "Me fail English? That's unpossible!" -- Ralph Wiggam From GeorgeV at citadelcomputer.com.au Mon Jun 18 17:17:46 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 19 Jun 2001 08:17:46 +1000 Subject: [pptp-server] 2.4.5 and mppe patches. Message-ID: <200FAA488DE0D41194F10010B597610D01262A@JUPITER> OK.. but I've done the 2 instructions which patched OK and just to check, I ran them again which gave me these errors (of course)... [root at firewall linux-2.4]# patch -p1 < /root/pptp/linux-2.4.4-openssl-0.9.6a-mppe.patch patching file drivers/net/Makefile Reversed (or previously applied) patch detected! Assume -R? [n] (CTRL-C)... [root at firewall ppp-2.4.1]# patch -p1 < /root/pptp/ppp-2.4.1-openssl-0.9.6-mppe-patch The next patch would create the file README.MPPE, which already exists! Assume -R? [n] (CTRL-C)... So the patches are already existing... but I don't get compress-18 working... Is there anything suppose to be in /lib/modules/2.4.5/modules.dep which mentions mppe.o??? There's nothing in there and as a cheat I put the full path of ppp_mppe.o in there and tried reconnecting... I then got this message... Jun 19 08:12:59 firewall pppd[1585]: Connect: ppp0 <--> /dev/pts/1 Jun 19 08:13:00 firewall pptpd[1584]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jun 19 08:13:03 firewall insmod: /usr/src/linux-2.4.5/drivers/net/ppp_mppe.o: couldn't find the kernel version the module was compiled for Jun 19 08:13:03 firewall insmod: /usr/src/linux-2.4.5/drivers/net/ppp_mppe.o: insmod ppp-compress-18 failed Jun 19 08:13:03 firewall pppd[1585]: MSCHAP-v2 peer authentication succeeded for georgev Jun 19 08:13:03 firewall insmod: /usr/src/linux-2.4.5/drivers/net/ppp_mppe.o: couldn't find the kernel version the module was compiled for Now this looks more like it and the error probably explains why it's now not working.. I'm running pppd version 2.4.1 NOT 2.4.0 which the patches still worked fine. But the kernel version is 2.4.5 NOT 2.4.4 as the name of the patches I managed to download. All patches were applied quite fine without errors so I assumed (bad thing to do really) that this should work OK.. any ideas? files downloaded were (ONLY latest patch versions and patches which were mentioned in the web site to install were used): -rw-r--r-- 1 root root 98897 Jun 18 03:12 linux-2.4.4-openssl-0.9.6a-mppe.patch -rw-r--r-- 1 root root 26534489 Jun 18 03:12 linux-2.4.5.tar.gz -rw-r--r-- 1 root root 266 Jun 18 03:12 mppe-chapv1-fix.diff -rw-r--r-- 1 root root 838 Jun 18 03:12 mppe_stateless.patch -rw-r--r-- 1 root root 36068 Jun 18 03:12 ppp-2.4.0-openssl-0.9.6-mppe.patch -rw-r--r-- 1 root root 507 Jun 18 03:12 ppp-2.4.1-MSCHAPv2-fix.patch -rw-r--r-- 1 root root 136956 Jun 18 03:12 ppp-2.4.1-openssl-0.9.6-mppe-patch -rw-r--r-- 1 root root 536746 Jun 18 03:46 ppp-2.4.1.tar.gz -rw-r--r-- 1 root root 335 Jun 18 03:46 ppp_mppe_compressed_data_fix.diff -rw-r--r-- 1 root root 14132 Jun 18 03:46 ppp-mppe.patch -rw-r--r-- 1 root root 115418 Jun 18 03:12 pptpd-1.1.2.tar.gz Hope this problem was verbose enough.. I emaild it using --very-verbose-problem switch ;-)) Slowly starting to get desperate as my FW is really having bad sector problems now.. -----Original Message----- From: robert [mailto:berzerke at swbell.net] Sent: Tuesday, June 19, 2001 12:06 AM To: George Vieira; PPTP List (E-mail) Subject: Re: [pptp-server] 2.4.5 and mppe patches. Actually it does show 2. However, one is for the kernel, and the other is for pppd. You did patch pppd right?? On Monday 18 June 2001 02:14, George Vieira wrote: > Hi all, > > I'm trying to find a well documented site for these 2.4 kernel installs of > pptpd. > > I'm at the mppe patch level and the site at > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt it only shows 1 > patch and that's it... is there suppose to be more? > > I'm getting > Jun 18 17:06:33 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 18 17:06:34 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > > Can somebody who has successfully configured mppe help me out or point to a > well doco'd site. > > someone REALLY has to update poptop.lineo.com , it's starting to annoy me.. > ;-) > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From hamish at roshtech.com.au Mon Jun 18 18:01:45 2001 From: hamish at roshtech.com.au (David Youngberry) Date: Tue, 19 Jun 2001 09:01:45 +1000 Subject: FW: [pptp-server] Unsubscribe!!!!!!! Message-ID: <1001DE0C9CD8D311A9F200001CB5C51668696D@server2000.roshtech.com.au> -----Original Message----- From: Brett Van Wormer [mailto:worm at cfl.rr.com] Sent: Monday, June 18, 2001 8:04 PM Cc: pptp-server at lists.schulte.org Subject: [pptp-server] Unsubscribe!!!!!!! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From christopher at schulte.org Mon Jun 18 22:29:05 2001 From: christopher at schulte.org (Christopher Schulte) Date: Mon, 18 Jun 2001 22:29:05 -0500 Subject: [pptp-server] ADMINISTRIVIA: recent 'UNSUBSCRIBE ME' messages Message-ID: <5.1.0.14.0.20010618221508.0289f7f8@pop.schulte.org> I appreciate the annoyance these messages bring to the mailing list. Unfortunately, there's not a lot I can do about it. People tend to type without thinking. Sad, but true. Unless we move to a moderated type list structure, these messages must be accepted as a part of life. I've gone through recent messages and removed as many as I could see. Several were replying with different 'from:' addresses, thus making it even harder for them to get off. Of course, all they'd have to do is look at the headers of their email and see exactly where it was being delivered to. I've also changed the last line of the messages sigs to: --- To unsubscribe, go to the url just above this line. -- in hopes that this will grab more attention than a simple URL. All subscriptions must be acknowledged via an email message. Nobody should be able to add anyone without their consent. Of course myself and the list admin can, but neither of us would add addresses w/o permission. If you see further messages such as this, forward them to pptp-server-admin at lists.schulte.org and mailman-owner at lists.schulte.org. One of us should be able to yank them off w/o any more unnecessary messages to the list. -- Christopher Schulte Finger for PGP key, or for UNIX impaired: http://noc.schulte.org/cgi-bin/noc/finger.cgi From berzerke at swbell.net Tue Jun 19 08:49:23 2001 From: berzerke at swbell.net (robert) Date: Tue, 19 Jun 2001 08:49:23 -0500 Subject: [pptp-server] 2.4.5 and mppe patches. In-Reply-To: <200FAA488DE0D41194F10010B597610D01262A@JUPITER> References: <200FAA488DE0D41194F10010B597610D01262A@JUPITER> Message-ID: <01061908492300.14521@linux> You really shouldn't try editing modules.dep by hand. Edit /etc/modules.conf file instead. Directions are in the howto. The patches are probably applied ok. On Monday 18 June 2001 17:17, George Vieira wrote: > OK.. but I've done the 2 instructions which patched OK and just to check, I > ran them again which gave me these errors (of course)... > > [root at firewall linux-2.4]# patch -p1 < > /root/pptp/linux-2.4.4-openssl-0.9.6a-mppe.patch > patching file drivers/net/Makefile > Reversed (or previously applied) patch detected! Assume -R? [n] > (CTRL-C)... > > [root at firewall ppp-2.4.1]# patch -p1 < > /root/pptp/ppp-2.4.1-openssl-0.9.6-mppe-patch > The next patch would create the file README.MPPE, > which already exists! Assume -R? [n] (CTRL-C)... > > So the patches are already existing... but I don't get compress-18 > working... > > Is there anything suppose to be in /lib/modules/2.4.5/modules.dep which > mentions mppe.o??? > > There's nothing in there and as a cheat I put the full path of ppp_mppe.o > in there and tried reconnecting... I then got this message... > > Jun 19 08:12:59 firewall pppd[1585]: Connect: ppp0 <--> /dev/pts/1 > Jun 19 08:13:00 firewall pptpd[1584]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jun 19 08:13:03 firewall insmod: > /usr/src/linux-2.4.5/drivers/net/ppp_mppe.o: couldn't find the kernel > version the module was compiled for > Jun 19 08:13:03 firewall insmod: > /usr/src/linux-2.4.5/drivers/net/ppp_mppe.o: insmod ppp-compress-18 failed > Jun 19 08:13:03 firewall pppd[1585]: MSCHAP-v2 peer authentication > succeeded for georgev > Jun 19 08:13:03 firewall insmod: > /usr/src/linux-2.4.5/drivers/net/ppp_mppe.o: couldn't find the kernel > version the module was compiled for > > Now this looks more like it and the error probably explains why it's now > not working.. I'm running pppd version 2.4.1 NOT 2.4.0 which the patches > still worked fine. But the kernel version is 2.4.5 NOT 2.4.4 as the name of > the patches I managed to download. > All patches were applied quite fine without errors so I assumed (bad thing > to do really) that this should work OK.. > > > any ideas? > > files downloaded were (ONLY latest patch versions and patches which were > mentioned in the web site to install were used): > -rw-r--r-- 1 root root 98897 Jun 18 03:12 > linux-2.4.4-openssl-0.9.6a-mppe.patch > -rw-r--r-- 1 root root 26534489 Jun 18 03:12 linux-2.4.5.tar.gz > -rw-r--r-- 1 root root 266 Jun 18 03:12 > mppe-chapv1-fix.diff -rw-r--r-- 1 root root 838 Jun 18 > 03:12 mppe_stateless.patch -rw-r--r-- 1 root root 36068 Jun > 18 03:12 > ppp-2.4.0-openssl-0.9.6-mppe.patch > -rw-r--r-- 1 root root 507 Jun 18 03:12 > ppp-2.4.1-MSCHAPv2-fix.patch > -rw-r--r-- 1 root root 136956 Jun 18 03:12 > ppp-2.4.1-openssl-0.9.6-mppe-patch > -rw-r--r-- 1 root root 536746 Jun 18 03:46 ppp-2.4.1.tar.gz > -rw-r--r-- 1 root root 335 Jun 18 03:46 > ppp_mppe_compressed_data_fix.diff > -rw-r--r-- 1 root root 14132 Jun 18 03:46 ppp-mppe.patch > -rw-r--r-- 1 root root 115418 Jun 18 03:12 pptpd-1.1.2.tar.gz > > Hope this problem was verbose enough.. I emaild it using > --very-verbose-problem switch ;-)) > > Slowly starting to get desperate as my FW is really having bad sector > problems now.. > > -----Original Message----- > From: robert [mailto:berzerke at swbell.net] > Sent: Tuesday, June 19, 2001 12:06 AM > To: George Vieira; PPTP List (E-mail) > Subject: Re: [pptp-server] 2.4.5 and mppe patches. > > > > > Actually it does show 2. However, one is for the kernel, and the other is > for pppd. You did patch pppd right?? > > On Monday 18 June 2001 02:14, George Vieira wrote: > > Hi all, > > > > I'm trying to find a well documented site for these 2.4 kernel installs > > of pptpd. > > > > I'm at the mppe patch level and the site at > > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt it only shows > > 1 patch and that's it... is there suppose to be more? > > > > I'm getting > > Jun 18 17:06:33 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 18 17:06:34 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > > > Can somebody who has successfully configured mppe help me out or point to > > a > > > well doco'd site. > > > > someone REALLY has to update poptop.lineo.com , it's starting to annoy > > me.. > > > ;-) > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From tvap at onebox.com Tue Jun 19 08:52:02 2001 From: tvap at onebox.com (TVAP) Date: Tue, 19 Jun 2001 19:22:02 +0530 Subject: [pptp-server] Pl. Help members! Help me Unsubscribe Message-ID: <200106191922020910.00A6F4F9@giasbg01.vsnl.net.in> Dear Members, I do not know who the admin of this list server is! He must be sleeping or gone to Space on a Russian holiday! Please wake up the admin and make him understand that list membership is not a one way trip! I do not want to get in this list. My mail box is having problems with this list. I am sending this mail to all members to check if anyone knows who the admin is and when is he returning to earth! Thanks for bearing this anguished mail. - tvap at email.com From tvap at onebox.com Tue Jun 19 08:53:03 2001 From: tvap at onebox.com (TVAP) Date: Tue, 19 Jun 2001 19:23:03 +0530 Subject: [pptp-server] Pl. Help members! Help me Unsubscribe Message-ID: <200106191923030160.00A7E067@giasbg01.vsnl.net.in> Dear Members, I do not know who the admin of this list server is! He must be sleeping or gone to Space on a Russian holiday! Please wake up the admin and make him understand that list membership is not a one way trip! I do not want to get in this list. My mail box is having problems with this list. I am sending this mail to all members to check if anyone knows who the admin is and when is he returning to earth! Thanks for bearing this anguished mail. - tvap at email.com From gustin at echostar.ca Tue Jun 19 10:03:58 2001 From: gustin at echostar.ca (Gustin Johnson) Date: Tue, 19 Jun 2001 08:03:58 -0700 (MST) Subject: [pptp-server] PPTP and Windows network browsing. In-Reply-To: <7EDA5140F315D311B3E8006094B90AEA8DDA1F@mail.interstarinc.com> References: <7EDA5140F315D311B3E8006094B90AEA8DDA1F@mail.interstarinc.com> Message-ID: <992963038.3b2f69de65190@ssl.echostar.ca> In my smb.conf on the samba server I set it to be the primary wins server (wins support = yes in smb.conf). For the internal LAN the DHCP assigns the samba box as the primary wins server. In /ppp/options I set the ms-wins ip to point to the samba server's ip. We also disabled netbeui on all client computers. Windows 9x and win2k clients all are now able to browse the network both when they are local (physically connected to the LAN) and remotely via pptp. Also note that in your smb.comf you have to set a valid samba user as the guest account (guest account = someuser). This username is what is used for browsing so make sure that it has sufficient permissions for doing so, just don't give it admin access. Local master and prefered master both set to yes. Hope this helps, __ Gustin Quoting Jean-Luc Schmitt : > > > Hi all, > > I'm using poptop and I'm very satisfy with, I experience no > real problem > I'm just wondering how to do, to see the network neighborhood > in windows > (W2K) > the only way I can browse a computer is using > \\computername\c$ > Is there a solution ? using Samba ? > > Thanks > > Jean-Luc > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > ------------------------------------------------- Secure Webmail sent through: ssl.echostar.ca From glaze at nos4-a2.com Tue Jun 19 15:31:53 2001 From: glaze at nos4-a2.com (Doyle Glaze) Date: Tue, 19 Jun 2001 15:31:53 -0500 (CDT) Subject: [pptp-server] Unsuscribe Message-ID: <992982713.3b2fb6b9a206f@dglaze.yi.org> From GeorgeV at citadelcomputer.com.au Tue Jun 19 17:47:17 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 20 Jun 2001 08:47:17 +1000 Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid ppp_mppe.o Message-ID: <200FAA488DE0D41194F10010B597610D17256E@JUPITER> OK.. I got my network card problems fixed but my ppp-compress-18 still won't work even after blowing away my kernel again and redoing the patches (2 only). If I turn off data encryption it works but not encryted and I get the following /var/log/messages logs. Has anybody tried using pppd 2.4.1 and kernel 2.4.5 with pptp patches? The damn file exists in /lib/modules/2.4.5/drivers.net/ppp_mppe.o but won't see it. Jun 20 08:43:09 firewall pppd[950]: pppd 2.4.1 started by root, uid 0 Jun 20 08:43:09 firewall pppd[950]: Using interface ppp0 Jun 20 08:43:09 firewall pppd[950]: Connect: ppp0 <--> /dev/pts/1 Jun 20 08:43:10 firewall pptpd[949]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:13 firewall pppd[950]: MSCHAP-v2 peer authentication succeeded for georgev Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:14 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:14 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:16 firewall pppd[950]: found interface eth0 for proxy arp Jun 20 08:43:16 firewall pppd[950]: local IP address 10.10.0.121 Jun 20 08:43:16 firewall pppd[950]: remote IP address 10.10.0.251 Jun 20 08:43:17 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:17 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:21 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:21 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:25 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:25 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:29 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:29 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:33 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:33 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:37 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:37 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:41 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:41 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:46 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:46 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:47 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:47 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:50 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:50 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:54 firewall modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.5/modules.dep Jun 20 08:43:54 firewall modprobe: modprobe: Can't locate module ppp-compress-18 Jun 20 08:43:56 firewall pppd[950]: Modem hangup Jun 20 08:43:56 firewall pppd[950]: Connection terminated. Jun 20 08:43:56 firewall pppd[950]: Connect time 0.8 minutes. Jun 20 08:43:56 firewall pppd[950]: Sent 289 bytes, received 275 bytes. Jun 20 08:43:56 firewall pptpd[949]: GRE: read error: Bad file descriptor Jun 20 08:43:56 firewall pptpd[949]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Jun 20 08:43:56 firewall pptpd[949]: CTRL: Client 10.10.0.69 control connection finished Jun 20 08:43:56 firewall pppd[950]: Exit. thanks, George Vieira Network Engineer Citadel Computer Systems P/L From dholmes at bigpond.net.au Tue Jun 19 18:24:59 2001 From: dholmes at bigpond.net.au (Dougal Holmes) Date: Wed, 20 Jun 2001 09:24:59 +1000 Subject: [pptp-server] PPTP and Windows network browsing. References: <7EDA5140F315D311B3E8006094B90AEA8DDA1F@mail.interstarinc.com> <992963038.3b2f69de65190@ssl.echostar.ca> Message-ID: <000c01c0f917$0f3e0260$1103a8c0@mel.watsonwyatt.com.au> It works just as well if you have an internal WINS server (on an NT domain controller preferably) and you use /ppp/options to set the ms-wins ip to point to the internal WINS server (assuming you have not restricted access via ipchains). Disabling netbeui and ipx is a must. -- Dougal Holmes (at home) mailto://dholmes at bigpond.net.au ----- Original Message ----- From: "Gustin Johnson" To: "Jean-Luc Schmitt" Cc: Sent: Wednesday, June 20, 2001 1:03 AM Subject: Re: [pptp-server] PPTP and Windows network browsing. > > > In my smb.conf on the samba server I set it to be the primary wins > server (wins support = yes in smb.conf). For the internal LAN the > DHCP assigns the samba box as the primary wins server. > In /ppp/options I set the ms-wins ip to point to the samba server's > ip. We also disabled netbeui on all client computers. > > Windows 9x and win2k clients all are now able to browse the network > both when they are local (physically connected to the LAN) and > remotely via pptp. > > Also note that in your smb.comf you have to set a valid samba user as > the guest account (guest account = someuser). This username is what > is used for browsing so make sure that it has sufficient permissions > for doing so, just don't give it admin access. Local master and > prefered master both set to yes. > > Hope this helps, > __ > Gustin > > > Quoting Jean-Luc Schmitt : > > > > > > > Hi all, > > > > I'm using poptop and I'm very satisfy with, I experience no > > real problem > > I'm just wondering how to do, to see the network neighborhood > > in windows > > (W2K) > > the only way I can browse a computer is using > > \\computername\c$ > > Is there a solution ? using Samba ? > > > > Thanks > > > > Jean-Luc > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > > ------------------------------------------------- > Secure Webmail sent through: ssl.echostar.ca > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From roger at tornado.com.tw Tue Jun 19 20:24:47 2001 From: roger at tornado.com.tw (=?big5?B?cm9nZXKtSqnJpcE=?=) Date: Wed, 20 Jun 2001 09:24:47 +0800 Subject: [pptp-server] unsubcribe Message-ID: unsubcribe From rverghes at engmail.uwaterloo.ca Tue Jun 19 22:39:08 2001 From: rverghes at engmail.uwaterloo.ca (Rohan Verghese) Date: Tue, 19 Jun 2001 23:39:08 -0400 Subject: [pptp-server] Help: Could not determine local IP address Message-ID: Hi, I'm trying to set up this program and connect to it with win2k. I keep getting the error "Could not determine local IP address". I believe this is related to my settings for localip and remoteip. I do not really understand what these two sets of numbers are. If someone could offer a simple explanation, I would greatly appreciate it. Thanks, Rohan Verghese From GeorgeV at citadelcomputer.com.au Tue Jun 19 23:50:32 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 20 Jun 2001 14:50:32 +1000 Subject: [pptp-server] Help: Could not determine local IP address Message-ID: <200FAA488DE0D41194F10010B597610D17257F@JUPITER> Can you supply what is in your /etc/pptpd.conf and /etc/ppp/options files. And, my mind reading technique hasn't been it's best lately.. ;-) -----Original Message----- From: Rohan Verghese [mailto:rverghes at engmail.uwaterloo.ca] Sent: Wednesday, June 20, 2001 1:39 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Help: Could not determine local IP address Hi, I'm trying to set up this program and connect to it with win2k. I keep getting the error "Could not determine local IP address". I believe this is related to my settings for localip and remoteip. I do not really understand what these two sets of numbers are. If someone could offer a simple explanation, I would greatly appreciate it. Thanks, Rohan Verghese _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Wed Jun 20 00:32:03 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 20 Jun 2001 15:32:03 +1000 Subject: [pptp-server] Help: Could not determine local IP address (Uns ubscribe) Message-ID: <200FAA488DE0D41194F10010B597610D172582@JUPITER> Why don't you wake up and read the bloody page at the bottom! ------------ To change your subscription (set options like digest and delivery modes, get a reminder of your password, or UNSUBSCRIBE from pptp-server), enter your subscription email address: ------------ Oh look the word unsibscribe is there.. -----Original Message----- From: Jason Tonkin [mailto:Jtonkin at linz.govt.nz] Sent: Wednesday, June 20, 2001 3:24 PM To: George Vieira; 'Rohan Verghese'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Help: Could not determine local IP address (Unsubscribe) Unsubscribe List adminstrator, please "wake up" and unsubscribe me from the pptp-server list The link http://lists.schulte.org/mailman/listinfo/pptp-server mentions nothing about unsubscribing regards Jason From ismandya at sains.com.my Wed Jun 20 00:52:21 2001 From: ismandya at sains.com.my (Kukulkan) Date: Wed, 20 Jun 2001 13:52:21 +0800 Subject: [pptp-server] Help: Could not determine local IP address References: Message-ID: <3B303A14.ACFBBC55@sains.com.my> I used to get this kind of problem. I managed to get it solved when I consider these questions: i) how is the routing table between the two? ii) hows the ip fwding between the NIC? rgds, Rohan Verghese wrote: > Hi, > > I'm trying to set up this program and connect to it with win2k. I keep > getting the error "Could not determine local IP address". I believe this is > related to my settings for localip and remoteip. > > I do not really understand what these two sets of numbers are. If someone > could offer a simple explanation, I would greatly appreciate it. > > Thanks, > > Rohan Verghese > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From ismandya at sains.com.my Wed Jun 20 01:19:48 2001 From: ismandya at sains.com.my (Kukulkan) Date: Wed, 20 Jun 2001 14:19:48 +0800 Subject: [pptp-server] Help: Could not determine local IP address (Unsubscribe) References: <200FAA488DE0D41194F10010B597610D172582@JUPITER> Message-ID: <3B304084.5367425D@sains.com.my> *kewl* man! George Vieira wrote: > Why don't you wake up and read the bloody page at the bottom! > > ------------ > To change your subscription (set options like digest and delivery modes, get > a reminder of your password, or UNSUBSCRIBE from pptp-server), enter your > subscription email address: > ------------ > > Oh look the word unsibscribe is there.. > > -----Original Message----- > From: Jason Tonkin [mailto:Jtonkin at linz.govt.nz] > Sent: Wednesday, June 20, 2001 3:24 PM > To: George Vieira; 'Rohan Verghese'; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Help: Could not determine local IP address > (Unsubscribe) > > Unsubscribe > > List adminstrator, please "wake up" and unsubscribe me from the pptp-server > list > > The link http://lists.schulte.org/mailman/listinfo/pptp-server mentions > nothing about unsubscribing > > regards > > Jason > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From awdavis at waretec.com Wed Jun 20 02:11:40 2001 From: awdavis at waretec.com (Andrew W. Davis) Date: Wed, 20 Jun 2001 02:11:40 -0500 Subject: [pptp-server] crazy unsubscribe people... In-Reply-To: <3B304084.5367425D@sains.com.my>; from ismandya@sains.com.my on Wed, Jun 20, 2001 at 02:19:48PM +0800 References: <200FAA488DE0D41194F10010B597610D172582@JUPITER> <3B304084.5367425D@sains.com.my> Message-ID: <20010620021140.B8732@falcon.waretec.com> I know this is a little off the list material, but I don't know why you would ever want to unsubscribe from this list. there's always more to learn, and the only reason I can think of is that people get in over their head! much thanks from me to those that keep the interesting threads alive btw... thanks in advance for the knowledge inhancement, Andrew From Josh.Howlett at bristol.ac.uk Wed Jun 20 02:38:58 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Wed, 20 Jun 2001 08:38:58 +0100 (BST) Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid ppp_mppe.o In-Reply-To: <200FAA488DE0D41194F10010B597610D17256E@JUPITER> Message-ID: Try adding: alias ppp-compress-18 ppp_mppe to /etc/modules.conf josh. --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- On Wed, 20 Jun 2001, George Vieira wrote: > > > OK.. I got my network card problems fixed but my ppp-compress-18 still won't > work even after blowing away my kernel again and redoing the patches (2 > only). > > If I turn off data encryption it works but not encryted and I get the > following /var/log/messages logs. Has anybody tried using pppd 2.4.1 and > kernel 2.4.5 with pptp patches? > > The damn file exists in /lib/modules/2.4.5/drivers.net/ppp_mppe.o but won't > see it. > > > Jun 20 08:43:09 firewall pppd[950]: pppd 2.4.1 started by root, uid 0 > Jun 20 08:43:09 firewall pppd[950]: Using interface ppp0 > Jun 20 08:43:09 firewall pppd[950]: Connect: ppp0 <--> /dev/pts/1 > Jun 20 08:43:10 firewall pptpd[949]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:13 firewall pppd[950]: MSCHAP-v2 peer authentication succeeded > for georgev > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:14 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:14 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:16 firewall pppd[950]: found interface eth0 for proxy arp > Jun 20 08:43:16 firewall pppd[950]: local IP address 10.10.0.121 > Jun 20 08:43:16 firewall pppd[950]: remote IP address 10.10.0.251 > Jun 20 08:43:17 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:17 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:21 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:21 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:25 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:25 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:29 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:29 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:33 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:33 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:37 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:37 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:41 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:41 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:46 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:46 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:47 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:47 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:50 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:50 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:54 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:54 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:56 firewall pppd[950]: Modem hangup > Jun 20 08:43:56 firewall pppd[950]: Connection terminated. > Jun 20 08:43:56 firewall pppd[950]: Connect time 0.8 minutes. > Jun 20 08:43:56 firewall pppd[950]: Sent 289 bytes, received 275 bytes. > Jun 20 08:43:56 firewall pptpd[949]: GRE: read error: Bad file descriptor > Jun 20 08:43:56 firewall pptpd[949]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Jun 20 08:43:56 firewall pptpd[949]: CTRL: Client 10.10.0.69 control > connection finished > Jun 20 08:43:56 firewall pppd[950]: Exit. > > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From awdavis at waretec.com Wed Jun 20 02:50:45 2001 From: awdavis at waretec.com (Andrew W. Davis) Date: Wed, 20 Jun 2001 02:50:45 -0500 Subject: [pptp-server] crazy unsubscribe people... (Unsubscribe) In-Reply-To: ; from Jtonkin@linz.govt.nz on Wed, Jun 20, 2001 at 07:36:02PM +1200 References: Message-ID: <20010620025045.A8840@falcon.waretec.com> humm...let's review that page shall we? a little ways down the page is this text: To change your subscription (set options like digest and delivery modes, get a reminder of your password, or **!!**unsubscribe**!!** from pptp-server), enter your subscription email address: ok now...read real careful...wait? does that say something about unsubscribing?? by God it does!! granted I added the asterisks and exclamation points, but if YOU would just "wake up", I'm sure you would have caught this at least the first few times right? we're not cluttering your mailbox, you're cluttering ours... l8s, sKEY-p On Wed, Jun 20, 2001 at 07:36:02PM +1200, Jason Tonkin wrote: > Unsubscribe > > List adminstrator, please "wake up" and unsubscribe me from the pptp-server > list The link http://lists.schulte.org/mailman/listinfo/pptp-server mentions > nothing about unsubscribing > > regards > > Jason From mattgav at tempo.com.au Wed Jun 20 02:48:51 2001 From: mattgav at tempo.com.au (Matthew Gavin) Date: Wed, 20 Jun 2001 17:48:51 +1000 Subject: [pptp-server] crazy unsubscribe people... In-Reply-To: <20010620021140.B8732@falcon.waretec.com> Message-ID: I'll second that! Matt -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Andrew W. Davis Sent: Wednesday, 20 June 2001 5:12 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] crazy unsubscribe people... I know this is a little off the list material, but I don't know why you would ever want to unsubscribe from this list. there's always more to learn, and the only reason I can think of is that people get in over their head! much thanks from me to those that keep the interesting threads alive btw... thanks in advance for the knowledge inhancement, Andrew _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From ismandya at sains.com.my Wed Jun 20 03:15:06 2001 From: ismandya at sains.com.my (Kukulkan) Date: Wed, 20 Jun 2001 16:15:06 +0800 Subject: [pptp-server] security issues Message-ID: <3B305B8A.9F085019@sains.com.my> Hi guys, have you guys heard of the PPTP hacked/cracked on PPTP windows NT. does it also work on PPTP on LINUX? does not make much different between the two right? Anybody have try to hacked yourself? http://209.143.242.119/cgi-bin/search/search.cgi?searchvalue=pptp&type=archives rgds, From nick at nexnix.co.uk Wed Jun 20 02:58:10 2001 From: nick at nexnix.co.uk (Nick Kay) Date: Wed, 20 Jun 2001 08:58:10 +0100 Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid ppp_mppe.o Message-ID: <3.0.32.20010620085809.01219c54@netserver.nexnix.co.uk> At 08:38 20/06/01 +0100, you wrote: > > >Try adding: > >alias ppp-compress-18 ppp_mppe > >to /etc/modules.conf > And run "depmod -a" to fix this:- >> Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >--------------------------------------- > >On Wed, 20 Jun 2001, George Vieira wrote: > >> >> >> OK.. I got my network card problems fixed but my ppp-compress-18 still won't >> work even after blowing away my kernel again and redoing the patches (2 >> only). >> >> If I turn off data encryption it works but not encryted and I get the >> following /var/log/messages logs. Has anybody tried using pppd 2.4.1 and >> kernel 2.4.5 with pptp patches? >> >> The damn file exists in /lib/modules/2.4.5/drivers.net/ppp_mppe.o but won't >> see it. >> >> >> Jun 20 08:43:09 firewall pppd[950]: pppd 2.4.1 started by root, uid 0 >> Jun 20 08:43:09 firewall pppd[950]: Using interface ppp0 >> Jun 20 08:43:09 firewall pppd[950]: Connect: ppp0 <--> /dev/pts/1 >> Jun 20 08:43:10 firewall pptpd[949]: CTRL: Ignored a SET LINK INFO packet >> with real ACCMs! >> Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:13 firewall pppd[950]: MSCHAP-v2 peer authentication succeeded >> for georgev >> Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:14 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:14 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:16 firewall pppd[950]: found interface eth0 for proxy arp >> Jun 20 08:43:16 firewall pppd[950]: local IP address 10.10.0.121 >> Jun 20 08:43:16 firewall pppd[950]: remote IP address 10.10.0.251 >> Jun 20 08:43:17 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:17 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:21 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:21 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:25 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:25 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:29 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:29 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:33 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:33 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:37 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:37 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:41 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:41 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:46 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:46 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:47 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:47 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:50 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:50 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:54 firewall modprobe: Note: /etc/modules.conf is more recent >> than /lib/modules/2.4.5/modules.dep >> Jun 20 08:43:54 firewall modprobe: modprobe: Can't locate module >> ppp-compress-18 >> Jun 20 08:43:56 firewall pppd[950]: Modem hangup >> Jun 20 08:43:56 firewall pppd[950]: Connection terminated. >> Jun 20 08:43:56 firewall pppd[950]: Connect time 0.8 minutes. >> Jun 20 08:43:56 firewall pppd[950]: Sent 289 bytes, received 275 bytes. >> Jun 20 08:43:56 firewall pptpd[949]: GRE: read error: Bad file descriptor >> Jun 20 08:43:56 firewall pptpd[949]: CTRL: PTY read or GRE write failed >> (pty,gre)=(-1,-1) >> Jun 20 08:43:56 firewall pptpd[949]: CTRL: Client 10.10.0.69 control >> connection finished >> Jun 20 08:43:56 firewall pppd[950]: Exit. >> >> >> thanks, >> George Vieira >> Network Engineer >> Citadel Computer Systems P/L >> _______________________________________________ >> pptp-server maillist - pptp-server at lists.schulte.org >> http://lists.schulte.org/mailman/listinfo/pptp-server >> --- To unsubscribe, go to the url just above this line. -- >> >> > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- > > From GeorgeV at citadelcomputer.com.au Wed Jun 20 04:41:52 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 20 Jun 2001 19:41:52 +1000 Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o Message-ID: <200FAA488DE0D41194F10010B597610D172588@JUPITER> Thanks, it's already in there. alias char-major-108 ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflat It's not listed in /lib/modules/2.4.5/modules.dep .I would like to know if anybody has it there in their modules.dep file. Also if anybody is running 2.4.5 kernel.. I'd like to know.. thanks, George. -----Original Message----- From: Josh Howlett [mailto:Josh.Howlett at bristol.ac.uk] Sent: Wednesday, June 20, 2001 5:39 PM To: George Vieira Cc: PPTP List (E-mail) Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid ppp_mppe.o Try adding: alias ppp-compress-18 ppp_mppe to /etc/modules.conf josh. --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- On Wed, 20 Jun 2001, George Vieira wrote: > > > OK.. I got my network card problems fixed but my ppp-compress-18 still won't > work even after blowing away my kernel again and redoing the patches (2 > only). > > If I turn off data encryption it works but not encryted and I get the > following /var/log/messages logs. Has anybody tried using pppd 2.4.1 and > kernel 2.4.5 with pptp patches? > > The damn file exists in /lib/modules/2.4.5/drivers.net/ppp_mppe.o but won't > see it. > > > Jun 20 08:43:09 firewall pppd[950]: pppd 2.4.1 started by root, uid 0 > Jun 20 08:43:09 firewall pppd[950]: Using interface ppp0 > Jun 20 08:43:09 firewall pppd[950]: Connect: ppp0 <--> /dev/pts/1 > Jun 20 08:43:10 firewall pptpd[949]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:13 firewall pppd[950]: MSCHAP-v2 peer authentication succeeded > for georgev > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:14 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:14 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:16 firewall pppd[950]: found interface eth0 for proxy arp > Jun 20 08:43:16 firewall pppd[950]: local IP address 10.10.0.121 > Jun 20 08:43:16 firewall pppd[950]: remote IP address 10.10.0.251 > Jun 20 08:43:17 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:17 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:21 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:21 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:25 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:25 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:29 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:29 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:33 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:33 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:37 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:37 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:41 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:41 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:46 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:46 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:47 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:47 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:50 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:50 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:54 firewall modprobe: Note: /etc/modules.conf is more recent > than /lib/modules/2.4.5/modules.dep > Jun 20 08:43:54 firewall modprobe: modprobe: Can't locate module > ppp-compress-18 > Jun 20 08:43:56 firewall pppd[950]: Modem hangup > Jun 20 08:43:56 firewall pppd[950]: Connection terminated. > Jun 20 08:43:56 firewall pppd[950]: Connect time 0.8 minutes. > Jun 20 08:43:56 firewall pppd[950]: Sent 289 bytes, received 275 bytes. > Jun 20 08:43:56 firewall pptpd[949]: GRE: read error: Bad file descriptor > Jun 20 08:43:56 firewall pptpd[949]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Jun 20 08:43:56 firewall pptpd[949]: CTRL: Client 10.10.0.69 control > connection finished > Jun 20 08:43:56 firewall pppd[950]: Exit. > > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From GeorgeV at citadelcomputer.com.au Wed Jun 20 04:47:39 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 20 Jun 2001 19:47:39 +1000 Subject: [pptp-server] crazy unsubscribe people... (Unsubscribe) Message-ID: <200FAA488DE0D41194F10010B597610D17258A@JUPITER> I must admit, it is a little distracting the text on the page.. People are always looking for simpile to read pages coz' every tom,DICK and harry is over looking the page too easily.. something like: Subscribe: Place email here | | Submit Unsubscribe: Place email here | | Submit Of course there's the security side but that's easy fixed.. the service emails the recipient with a "reply in subject with UNSUBSCRIBE 23432 to be removed" and the number is unique to the user... simple simon... -----Original Message----- From: Andrew W. Davis [mailto:awdavis at waretec.com] Sent: Wednesday, June 20, 2001 5:51 PM To: Jason Tonkin Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] crazy unsubscribe people... (Unsubscribe) humm...let's review that page shall we? a little ways down the page is this text: To change your subscription (set options like digest and delivery modes, get a reminder of your password, or **!!**unsubscribe**!!** from pptp-server), enter your subscription email address: ok now...read real careful...wait? does that say something about unsubscribing?? by God it does!! granted I added the asterisks and exclamation points, but if YOU would just "wake up", I'm sure you would have caught this at least the first few times right? we're not cluttering your mailbox, you're cluttering ours... l8s, sKEY-p On Wed, Jun 20, 2001 at 07:36:02PM +1200, Jason Tonkin wrote: > Unsubscribe > > List adminstrator, please "wake up" and unsubscribe me from the pptp-server > list The link http://lists.schulte.org/mailman/listinfo/pptp-server mentions > nothing about unsubscribing > > regards > > Jason _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From kimquang.vo at ost.eltele.no Wed Jun 20 05:31:17 2001 From: kimquang.vo at ost.eltele.no (Kim Quang Vo) Date: Wed, 20 Jun 2001 12:31:17 +0200 Subject: [pptp-server] Unsubcribe Message-ID: From dewey at hyltown.com Wed Jun 20 06:47:25 2001 From: dewey at hyltown.com (Dewey Hylton) Date: Wed, 20 Jun 2001 07:47:25 -0400 (EDT) Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid ppp_mppe.o In-Reply-To: Message-ID: Perhaps I'm missing something a bit over my head, but it looks as if he edited the modules.conf file by hand and the system is complaining about it being newer than modules.dep ... I think the problem may possibly be solved by booting that kernel and typing 'depmod -a' as root. I certainly hope it's that simple. On Wed, 20 Jun 2001, Josh Howlett wrote: > > > Try adding: > > alias ppp-compress-18 ppp_mppe > > to /etc/modules.conf > > josh. > > --------------------------------------- > Josh Howlett, Network Supervisor, > Networking & Digital Communications, > Information Systems & Computing, > University of Bristol, U.K. > 0117 928 7850 | josh.howlett at bris.ac.uk > --------------------------------------- > > On Wed, 20 Jun 2001, George Vieira wrote: > > > > > > > OK.. I got my network card problems fixed but my ppp-compress-18 still won't > > work even after blowing away my kernel again and redoing the patches (2 > > only). > > > > If I turn off data encryption it works but not encryted and I get the > > following /var/log/messages logs. Has anybody tried using pppd 2.4.1 and > > kernel 2.4.5 with pptp patches? > > > > The damn file exists in /lib/modules/2.4.5/drivers.net/ppp_mppe.o but won't > > see it. > > > > > > Jun 20 08:43:09 firewall pppd[950]: pppd 2.4.1 started by root, uid 0 > > Jun 20 08:43:09 firewall pppd[950]: Using interface ppp0 > > Jun 20 08:43:09 firewall pppd[950]: Connect: ppp0 <--> /dev/pts/1 > > Jun 20 08:43:10 firewall pptpd[949]: CTRL: Ignored a SET LINK INFO packet > > with real ACCMs! > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:13 firewall pppd[950]: MSCHAP-v2 peer authentication succeeded > > for georgev > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:14 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:14 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:16 firewall pppd[950]: found interface eth0 for proxy arp > > Jun 20 08:43:16 firewall pppd[950]: local IP address 10.10.0.121 > > Jun 20 08:43:16 firewall pppd[950]: remote IP address 10.10.0.251 > > Jun 20 08:43:17 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:17 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:21 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:21 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:25 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:25 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:29 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:29 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:33 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:33 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:37 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:37 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:41 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:41 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:46 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:46 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:47 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:47 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:50 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:50 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:54 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:54 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:56 firewall pppd[950]: Modem hangup > > Jun 20 08:43:56 firewall pppd[950]: Connection terminated. > > Jun 20 08:43:56 firewall pppd[950]: Connect time 0.8 minutes. > > Jun 20 08:43:56 firewall pppd[950]: Sent 289 bytes, received 275 bytes. > > Jun 20 08:43:56 firewall pptpd[949]: GRE: read error: Bad file descriptor > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: PTY read or GRE write failed > > (pty,gre)=(-1,-1) > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: Client 10.10.0.69 control > > connection finished > > Jun 20 08:43:56 firewall pppd[950]: Exit. > > > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From dewey at hyltown.com Wed Jun 20 06:50:39 2001 From: dewey at hyltown.com (Dewey Hylton) Date: Wed, 20 Jun 2001 07:50:39 -0400 (EDT) Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o In-Reply-To: <200FAA488DE0D41194F10010B597610D172588@JUPITER> Message-ID: Yup, a few of the previous posts actually had the answer you're looking for: as root, type 'depmod -a' and your dependency file will be rewritten from your modules.conf file. And to answer another of your questions, I am in fact running 2.4.5 with no apparent problems. I am probably not using it to the extent that others are, but it does seem to work fine for a simple wan-->lan vpn. On Wed, 20 Jun 2001, George Vieira wrote: > > > Thanks, it's already in there. > > alias char-major-108 ppp_generic > alias tty-ldisc-3 ppp_async > alias tty-ldisc-14 ppp_synctty > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflat > > It's not listed in /lib/modules/2.4.5/modules.dep .I would like to know if > anybody has it there in their modules.dep file. > > Also if anybody is running 2.4.5 kernel.. I'd like to know.. > > thanks, > George. > -----Original Message----- > From: Josh Howlett [mailto:Josh.Howlett at bristol.ac.uk] > Sent: Wednesday, June 20, 2001 5:39 PM > To: George Vieira > Cc: PPTP List (E-mail) > Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid > ppp_mppe.o > > > Try adding: > > alias ppp-compress-18 ppp_mppe > > to /etc/modules.conf > > josh. > > --------------------------------------- > Josh Howlett, Network Supervisor, > Networking & Digital Communications, > Information Systems & Computing, > University of Bristol, U.K. > 0117 928 7850 | josh.howlett at bris.ac.uk > --------------------------------------- > > On Wed, 20 Jun 2001, George Vieira wrote: > > > > > > > OK.. I got my network card problems fixed but my ppp-compress-18 still > won't > > work even after blowing away my kernel again and redoing the patches (2 > > only). > > > > If I turn off data encryption it works but not encryted and I get the > > following /var/log/messages logs. Has anybody tried using pppd 2.4.1 and > > kernel 2.4.5 with pptp patches? > > > > The damn file exists in /lib/modules/2.4.5/drivers.net/ppp_mppe.o but > won't > > see it. > > > > > > Jun 20 08:43:09 firewall pppd[950]: pppd 2.4.1 started by root, uid 0 > > Jun 20 08:43:09 firewall pppd[950]: Using interface ppp0 > > Jun 20 08:43:09 firewall pppd[950]: Connect: ppp0 <--> /dev/pts/1 > > Jun 20 08:43:10 firewall pptpd[949]: CTRL: Ignored a SET LINK INFO packet > > with real ACCMs! > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:13 firewall pppd[950]: MSCHAP-v2 peer authentication > succeeded > > for georgev > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:14 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:14 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:16 firewall pppd[950]: found interface eth0 for proxy arp > > Jun 20 08:43:16 firewall pppd[950]: local IP address 10.10.0.121 > > Jun 20 08:43:16 firewall pppd[950]: remote IP address 10.10.0.251 > > Jun 20 08:43:17 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:17 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:21 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:21 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:25 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:25 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:29 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:29 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:33 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:33 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:37 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:37 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:41 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:41 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:46 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:46 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:47 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:47 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:50 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:50 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:54 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:54 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:56 firewall pppd[950]: Modem hangup > > Jun 20 08:43:56 firewall pppd[950]: Connection terminated. > > Jun 20 08:43:56 firewall pppd[950]: Connect time 0.8 minutes. > > Jun 20 08:43:56 firewall pppd[950]: Sent 289 bytes, received 275 bytes. > > Jun 20 08:43:56 firewall pptpd[949]: GRE: read error: Bad file descriptor > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: PTY read or GRE write failed > > (pty,gre)=(-1,-1) > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: Client 10.10.0.69 control > > connection finished > > Jun 20 08:43:56 firewall pppd[950]: Exit. > > > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From dewey at hyltown.com Wed Jun 20 07:33:31 2001 From: dewey at hyltown.com (Dewey Hylton) Date: Wed, 20 Jun 2001 08:33:31 -0400 (EDT) Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid ppp_mppe.o (Unsubscribe) (fwd) Message-ID: Ok, this little fokker isn't sending the messages himself - he's got an autoresponder doing this for him. My attempt to contact him failed (see below) so perhaps it'd be easier for the admin to just remove him. I'll send a second message and change the subject line, hoping to get him to read the friggin mail. ---------- Forwarded message ---------- Date: Wed, 20 Jun 2001 08:28:23 -0400 (EDT) From: Dewey Hylton To: Jason Tonkin Subject: RE: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid ppp_mppe.o (Unsubscribe) Looks as if you have an auto-reply function turned on, no doubt because you are sick of handling the emails yourself. But you're not even sending the replies to the list - you're sending them to individuals on the list who post. You are pissing a bunch of people off by doing this. Wake up. Take a look at a letter from the list. Read the bottom, where it details how to unsubscribe. Please 'wake up' and do this yourself. On Thu, 21 Jun 2001, Jason Tonkin wrote: > Unsubscribe > > List adminstrator, please "wake up" and unsubscribe me from the pptp-server list > > The link http://lists.schulte.org/mailman/listinfo/pptp-server mentions nothing about unsubscribing > > regards > > Jason > From JaminC at adapt-tele.com Wed Jun 20 07:46:17 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Wed, 20 Jun 2001 07:46:17 -0500 Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o (Unsubscribe) (fwd) Message-ID: > On Thu, 21 Jun 2001, Jason Tonkin wrote: > > > Unsubscribe > > > > List adminstrator, please "wake up" and unsubscribe me from > the pptp-server list > > > > The link > http://lists.schulte.org/mailman/listinfo/pptp-server > mentions nothing about unsubscribing I wonder what this means then: To change your subscription (set options like digest and delivery modes, get a reminder of your password, or unsubscribe from pptp-server), enter your subscription email address: ^^^^^^^^^^^ Some people really need help. Jamin W. Collins From gbelsey at amadorgroup.com Wed Jun 20 08:09:35 2001 From: gbelsey at amadorgroup.com (Gord Belsey) Date: Wed, 20 Jun 2001 07:09:35 -0600 Subject: [pptp-server] crazy unsubscribe people... In-Reply-To: <20010620021140.B8732@falcon.waretec.com> Message-ID: <003801c0f98a$40ce2a30$280111ac@amadorinc.com> I know it's extra noise, but I just can't bite my tongue any longer.......all these unsubscribe requests come with the instructions attached LOL.... As to why they're leaving, well, they don't read the mails from the list, obviously, because if they read it, we'd never know they were leaving!!! So, if they don't read it, they'll never know the value in the list... In the long run, it's they're loss, but we still have to put up with *some* silly unsubscribe messages, I guess. I *HOPE* we don't get anymore second requests for unsubscribe help.....these are the people who need to be peppered with public humiliation....all they have to do is read their own first request to figure it all out. my 2 cents Gord -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Andrew W. Davis Sent: Wednesday, June 20, 2001 1:12 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] crazy unsubscribe people... I know this is a little off the list material, but I don't know why you would ever want to unsubscribe from this list. there's always more to learn, and the only reason I can think of is that people get in over their head! much thanks from me to those that keep the interesting threads alive btw... thanks in advance for the knowledge inhancement, Andrew _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From berzerke at swbell.net Wed Jun 20 09:39:54 2001 From: berzerke at swbell.net (robert) Date: Wed, 20 Jun 2001 09:39:54 -0500 Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o In-Reply-To: <200FAA488DE0D41194F10010B597610D172588@JUPITER> References: <200FAA488DE0D41194F10010B597610D172588@JUPITER> Message-ID: <01062009395400.28381@linux> FYI, I have mppe in my 2.4.5 kernel modules.dep file. By chance, when you did a kernel rebuild, you did type "make dep" FIRST right? On Wednesday 20 June 2001 04:41, George Vieira wrote: > Thanks, it's already in there. > > alias char-major-108 ppp_generic > alias tty-ldisc-3 ppp_async > alias tty-ldisc-14 ppp_synctty > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflat > > It's not listed in /lib/modules/2.4.5/modules.dep .I would like to know if > anybody has it there in their modules.dep file. > > Also if anybody is running 2.4.5 kernel.. I'd like to know.. > > thanks, > George. > -----Original Message----- > From: Josh Howlett [mailto:Josh.Howlett at bristol.ac.uk] > Sent: Wednesday, June 20, 2001 5:39 PM > To: George Vieira > Cc: PPTP List (E-mail) > Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid > ppp_mppe.o > > > Try adding: > > alias ppp-compress-18 ppp_mppe > > to /etc/modules.conf > > josh. > > --------------------------------------- > Josh Howlett, Network Supervisor, > Networking & Digital Communications, > Information Systems & Computing, > University of Bristol, U.K. > 0117 928 7850 | josh.howlett at bris.ac.uk > --------------------------------------- > > On Wed, 20 Jun 2001, George Vieira wrote: > > OK.. I got my network card problems fixed but my ppp-compress-18 still > > won't > > > work even after blowing away my kernel again and redoing the patches (2 > > only). > > > > If I turn off data encryption it works but not encryted and I get the > > following /var/log/messages logs. Has anybody tried using pppd 2.4.1 and > > kernel 2.4.5 with pptp patches? > > > > The damn file exists in /lib/modules/2.4.5/drivers.net/ppp_mppe.o but > > won't > > > see it. > > > > > > Jun 20 08:43:09 firewall pppd[950]: pppd 2.4.1 started by root, uid 0 > > Jun 20 08:43:09 firewall pppd[950]: Using interface ppp0 > > Jun 20 08:43:09 firewall pppd[950]: Connect: ppp0 <--> /dev/pts/1 > > Jun 20 08:43:10 firewall pptpd[949]: CTRL: Ignored a SET LINK INFO packet > > with real ACCMs! > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:13 firewall pppd[950]: MSCHAP-v2 peer authentication > > succeeded > > > for georgev > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:14 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:14 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:16 firewall pppd[950]: found interface eth0 for proxy arp > > Jun 20 08:43:16 firewall pppd[950]: local IP address 10.10.0.121 > > Jun 20 08:43:16 firewall pppd[950]: remote IP address 10.10.0.251 > > Jun 20 08:43:17 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:17 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:21 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:21 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:25 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:25 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:29 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:29 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:33 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:33 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:37 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:37 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:41 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:41 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:46 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:46 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:47 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:47 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:50 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:50 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:54 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:54 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:56 firewall pppd[950]: Modem hangup > > Jun 20 08:43:56 firewall pppd[950]: Connection terminated. > > Jun 20 08:43:56 firewall pppd[950]: Connect time 0.8 minutes. > > Jun 20 08:43:56 firewall pppd[950]: Sent 289 bytes, received 275 bytes. > > Jun 20 08:43:56 firewall pptpd[949]: GRE: read error: Bad file descriptor > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: PTY read or GRE write failed > > (pty,gre)=(-1,-1) > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: Client 10.10.0.69 control > > connection finished > > Jun 20 08:43:56 firewall pppd[950]: Exit. > > > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From pstarzew at gbp.com Wed Jun 20 11:40:43 2001 From: pstarzew at gbp.com (Pete Starzewski) Date: Wed, 20 Jun 2001 11:40:43 -0500 Subject: [pptp-server] Unsupported Protocol with a stubborn 98 machine Message-ID: <4.3.2.7.1.20010620113622.00bfcdd0@mail06.gbp.com> Hi all, I have one particullary stubborn Win98 machine that connects but can't get any traffic accross. Evertime packets get sent an error pops up in the log.. Jun 20 10:43:53 viper pppd[8960]: Unsupported protocol 0x1fd0 received the hex number changes for each packet. Anyone have any ideas? I have been running poptop for over a month and set up dozens of clients from 95-W2K so far without a hitch. Pete Pete Starzewski Network Systems Engineer Green Bay Packaging Inc. From SStone at taos.com Wed Jun 20 12:09:16 2001 From: SStone at taos.com (Scott Stone) Date: Wed, 20 Jun 2001 10:09:16 -0700 Subject: [pptp-server] crazy unsubscribe people... Message-ID: <21DEAE09F017D111969700A0C9840752059DA8DB@espresso.taos.com> nevermind the fact that it doesn't seem to think that I subscribed to the list with this email address, and as such refuses to let me unsubscribe to it. I sent an email to pptp-server-request at lists.schulte.org, and pptp-server-admin, neither bounced, but neither got me unsubscribed either. So here I still am, too lazy to pursue it further, so I guess I'll just keep reading the list :) ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Andrew W. Davis [mailto:awdavis at waretec.com] Sent: Wednesday, June 20, 2001 12:12 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] crazy unsubscribe people... I know this is a little off the list material, but I don't know why you would ever want to unsubscribe from this list. there's always more to learn, and the only reason I can think of is that people get in over their head! much thanks from me to those that keep the interesting threads alive btw... thanks in advance for the knowledge inhancement, Andrew _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From rcd at amherst.com Wed Jun 20 12:12:48 2001 From: rcd at amherst.com (Robert Dege) Date: Wed, 20 Jun 2001 13:12:48 -0400 Subject: [pptp-server] Unsupported Protocol with a stubborn 98 machine References: <4.3.2.7.1.20010620113622.00bfcdd0@mail06.gbp.com> Message-ID: <3B30D990.7040705@amherst.com> Win98 should be patched in order for it to correctly work with MS-CHAP http://www.microsoft.com/windows98/downloads/corporate.asp There is a DUN update & a VPN update that you should install for it to work correctly. I believe that the VPN update upgrades the OS to use MSCHAPv2, since the first one was so bad. -Rob Pete Starzewski wrote: > > > Hi all, > > I have one particullary stubborn Win98 machine that connects but can't > get any traffic accross. Evertime packets get sent an error pops up in > the log.. > > Jun 20 10:43:53 viper pppd[8960]: Unsupported protocol 0x1fd0 received > > the hex number changes for each packet. > > Anyone have any ideas? I have been running poptop for over a month and > set up dozens of clients from 95-W2K so far without a hitch. > > Pete > > > Pete Starzewski > Network Systems Engineer > Green Bay Packaging Inc. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From charlieb at e-smith.com Wed Jun 20 12:29:12 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 20 Jun 2001 13:29:12 -0400 (EDT) Subject: [pptp-server] crazy unsubscribe people... In-Reply-To: <21DEAE09F017D111969700A0C9840752059DA8DB@espresso.taos.com> Message-ID: On Wed, 20 Jun 2001, Scott Stone wrote: > nevermind the fact that it doesn't seem to think that I subscribed to the > list with this email address It is probably right. > and as such refuses to let me unsubscribe to > it. I sent an email to pptp-server-request at lists.schulte.org, and > pptp-server-admin, neither bounced, but neither got me unsubscribed either. > So here I still am, too lazy to pursue it further, so I guess I'll just keep > reading the list :) > > ----------------------------------------------------- > Scott M. Stone > Senior Technical Consultant - UNIX and Networking > Taos, the Sysadmin Company - Santa Clara, CA As a Senior Technical Consultant, you undoubtedly know how to read email headers and determine the address being delivered to, so I bore you with details about doing that. Perhaps your indecision about SStone at taos.com v sstone at taos.com has something to do with your problems .... -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From SStone at taos.com Wed Jun 20 14:07:12 2001 From: SStone at taos.com (Scott Stone) Date: Wed, 20 Jun 2001 12:07:12 -0700 Subject: [pptp-server] crazy unsubscribe people... Message-ID: <21DEAE09F017D111969700A0C9840752059DA8E5@espresso.taos.com> the headers say that it's going to sstone at taos.com (yeah, I checked that). the SStone at taos.com thing seems to have introduced itself when I moved into the branch proper and started using the Outlook system instead of having the mail forwarded to my mailserver at home - but I attempted the unsub. before moving into the building, so that doesn't really explain it... ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Charlie Brady [mailto:charlieb at e-smith.com] Sent: Wednesday, June 20, 2001 10:29 AM To: Scott Stone Cc: pptp-server at lists.schulte.org Subject: RE: [pptp-server] crazy unsubscribe people... On Wed, 20 Jun 2001, Scott Stone wrote: > nevermind the fact that it doesn't seem to think that I subscribed to the > list with this email address It is probably right. > and as such refuses to let me unsubscribe to > it. I sent an email to pptp-server-request at lists.schulte.org, and > pptp-server-admin, neither bounced, but neither got me unsubscribed either. > So here I still am, too lazy to pursue it further, so I guess I'll just keep > reading the list :) > > ----------------------------------------------------- > Scott M. Stone > Senior Technical Consultant - UNIX and Networking > Taos, the Sysadmin Company - Santa Clara, CA As a Senior Technical Consultant, you undoubtedly know how to read email headers and determine the address being delivered to, so I bore you with details about doing that. Perhaps your indecision about SStone at taos.com v sstone at taos.com has something to do with your problems .... -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Wed Jun 20 15:39:04 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 20 Jun 2001 16:39:04 -0400 (EDT) Subject: [pptp-server] crazy unsubscribe people... In-Reply-To: <21DEAE09F017D111969700A0C9840752059DA8E5@espresso.taos.com> Message-ID: On Wed, 20 Jun 2001, Scott Stone wrote: > the headers say that it's going to sstone at taos.com. And what happens when you fill in sstone at taos.com in the box next to Edit Options on the form http://lists.schulte.org/mailman/listinfo/pptp-server? You should see a form which allows you to unsubscribe yourself, if you provide a password. There will also be a button which will send you your password if you happen to have forgotten it. If you have trouble, pptp-server-admin at lists.schulte.org is the person to bother, not this list. I trust that we won't hear from you again. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From SStone at taos.com Wed Jun 20 15:42:21 2001 From: SStone at taos.com (Scott Stone) Date: Wed, 20 Jun 2001 13:42:21 -0700 Subject: [pptp-server] crazy unsubscribe people... Message-ID: <21DEAE09F017D111969700A0C9840752059DA8ED@espresso.taos.com> that's the form I tried, and as my original email said, I tried pptp-server-admin... HOWEVER, I wasn't the original person complaining about not being able to unsubscribe. I was pointing out that I tried it once, it didn't work, and then I decided that it wasn't something I wanted to do anyway, so I didn't pursue it further and I left myself subscribed to it. If I *did* unsubscribe, it would just be to change my subscription address to a different email address... since I do read this list fairly regularly. What's with the hostility? sheesh, I mention one attempt to unsubscribe, and suddenly you jump on me with little or no provocation.. ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Charlie Brady [mailto:charlieb at e-smith.com] Sent: Wednesday, June 20, 2001 1:39 PM To: Scott Stone Cc: pptp-server at lists.schulte.org Subject: RE: [pptp-server] crazy unsubscribe people... On Wed, 20 Jun 2001, Scott Stone wrote: > the headers say that it's going to sstone at taos.com. And what happens when you fill in sstone at taos.com in the box next to Edit Options on the form http://lists.schulte.org/mailman/listinfo/pptp-server? You should see a form which allows you to unsubscribe yourself, if you provide a password. There will also be a button which will send you your password if you happen to have forgotten it. If you have trouble, pptp-server-admin at lists.schulte.org is the person to bother, not this list. I trust that we won't hear from you again. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From charlieb at e-smith.com Wed Jun 20 16:28:48 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 20 Jun 2001 17:28:48 -0400 (EDT) Subject: [pptp-server] crazy unsubscribe people... In-Reply-To: <21DEAE09F017D111969700A0C9840752059DA8ED@espresso.taos.com> Message-ID: On Wed, 20 Jun 2001, Scott Stone wrote: > that's the form I tried The form works for me. I've unsubscribed and subscribed successfully. > HOWEVER, I wasn't the original person complaining about not being able to > unsubscribe. No, you were one of many. You also said "it didn't work" without further detail, and you should know better than that. > What's with the hostility? No hostility intended. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From JaminC at adapt-tele.com Wed Jun 20 16:39:52 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Wed, 20 Jun 2001 16:39:52 -0500 Subject: [pptp-server] crazy unsubscribe people... Message-ID: Scott Stone [mailto:SStone at taos.com] wrote: > What's with the hostility? sheesh, I mention one attempt to > unsubscribe, and suddenly you jump on me with little or no > provocation.. I would have to say a bit of bad timing. There appears to be at least one individual that can't seem to master the art of unsubscribing but seems to know how to setup an autoresponder. There has also been a flood of people appearently unable to unsubscribe lately. Jamin W. Collins From pstarzew at gbp.com Wed Jun 20 16:56:40 2001 From: pstarzew at gbp.com (Pete Starzewski) Date: Wed, 20 Jun 2001 16:56:40 -0500 Subject: [pptp-server] Unsupported Protocol with a stubborn 98 machine In-Reply-To: <3B30D990.7040705@amherst.com> References: <4.3.2.7.1.20010620113622.00bfcdd0@mail06.gbp.com> Message-ID: <4.3.2.7.1.20010620165536.00c33ba0@mail06.gbp.com> That took care of it! Thanks, Pete At 01:12 PM 6/20/01 -0400, you wrote: >Win98 should be patched in order for it to correctly work with MS-CHAP > >http://www.microsoft.com/windows98/downloads/corporate.asp > >There is a DUN update & a VPN update that you should install for it to >work correctly. I believe that the VPN update upgrades the OS to use >MSCHAPv2, since the first one was so bad. > >-Rob > >Pete Starzewski wrote: > >> >>Hi all, >>I have one particullary stubborn Win98 machine that connects but can't >>get any traffic accross. Evertime packets get sent an error pops up in >>the log.. >>Jun 20 10:43:53 viper pppd[8960]: Unsupported protocol 0x1fd0 received >>the hex number changes for each packet. >>Anyone have any ideas? I have been running poptop for over a month and >>set up dozens of clients from 95-W2K so far without a hitch. >>Pete >> >>Pete Starzewski >>Network Systems Engineer >>Green Bay Packaging Inc. >>_______________________________________________ >>pptp-server maillist - pptp-server at lists.schulte.org >>http://lists.schulte.org/mailman/listinfo/pptp-server >>--- To unsubscribe, go to the url just above this line. -- > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- From lists at earthling.2y.net Wed Jun 20 16:55:39 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 20 Jun 2001 17:55:39 -0400 (EDT) Subject: [pptp-server] the pptp client Message-ID: For all those who don't read slashdot and did not see the mention about opensource.compaq.com, here seems to be compaq's version of sourceforge, with pptp-client. http://opensource.compaq.com/sourceforge/project/?group_id=8 Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net From SStone at taos.com Wed Jun 20 18:03:25 2001 From: SStone at taos.com (Scott Stone) Date: Wed, 20 Jun 2001 16:03:25 -0700 Subject: [pptp-server] crazy unsubscribe people... Message-ID: <21DEAE09F017D111969700A0C9840752059DA8EE@espresso.taos.com> hm, turns out it looks like it was a password issue all along, oh well. I'm on a bunch of lists, doesn't surprise me that I lost the pw to one of them :) But, as I said, I'm not leaving the list anyway :) As for my original mail, I believe I *did* say that I tried the form, tried sending email to the admin, etc. Or at least I thought I did... hrm. ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Charlie Brady [mailto:charlieb at e-smith.com] Sent: Wednesday, June 20, 2001 2:29 PM To: Scott Stone Cc: pptp-server at lists.schulte.org Subject: RE: [pptp-server] crazy unsubscribe people... On Wed, 20 Jun 2001, Scott Stone wrote: > that's the form I tried The form works for me. I've unsubscribed and subscribed successfully. > HOWEVER, I wasn't the original person complaining about not being able to > unsubscribe. No, you were one of many. You also said "it didn't work" without further detail, and you should know better than that. > What's with the hostility? No hostility intended. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From len at access.ghy.com Wed Jun 20 18:31:54 2001 From: len at access.ghy.com (Len Goldenstein) Date: Wed, 20 Jun 2001 18:31:54 -0500 (CDT) Subject: [pptp-server] K back to regular business please In-Reply-To: <21DEAE09F017D111969700A0C9840752059DA8EE@espresso.taos.com> Message-ID: OK now that everyone knows how to unsubscribe, could we please get back on topic? Everyone would appreciate it. Thanks Len From djolivier at bigfoot.com Wed Jun 20 19:14:06 2001 From: djolivier at bigfoot.com (Douglas J. Olivier) Date: Wed, 20 Jun 2001 17:14:06 -0700 Subject: [pptp-server] the pptp client References: Message-ID: <3B313C4E.319AF2C4@bigfoot.com> Just as I was getting ready to implement the linux client. Thanks for the link. Justin Kreger wrote: > > For all those who don't read slashdot and did not see the mention about > opensource.compaq.com, here seems to be compaq's version of sourceforge, > with pptp-client. > > http://opensource.compaq.com/sourceforge/project/?group_id=8 > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From jason at rhubarb.arl.qwestip.net Wed Jun 20 20:59:09 2001 From: jason at rhubarb.arl.qwestip.net (Jason Duerstock) Date: Wed, 20 Jun 2001 21:59:09 -0400 (EDT) Subject: [pptp-server] pppd + MPPE + PPPoATM In-Reply-To: Message-ID: Is it possible to get both of these patches together and integrated into the 'official' pppd distribution? Are there encryption export concerns with the MPPE patch? What's the best way to get this coordinated? Thanks Jason From GeorgeV at citadelcomputer.com.au Wed Jun 20 21:16:19 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 21 Jun 2001 12:16:19 +1000 Subject: [pptp-server] RE: MPPE Solved !!!NOT AAARGGH!!!... don't know how but SOLVED t hat matters... Message-ID: <200FAA488DE0D41194F10010B597610D172597@JUPITER> AArgh... second time connection fails now... Damn this thing... I'm getting failed to register PPP device... I guess that's a bad thing right.. ;-) Jun 21 12:14:38 firewall pppd[1137]: pppd 2.4.1 started by root, uid 0 Jun 21 12:14:38 firewall pppd[1137]: Using interface ppp0 Jun 21 12:14:38 firewall pppd[1137]: Connect: ppp0 <--> /dev/pts/1 Jun 21 12:14:38 firewall pptpd[1136]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jun 21 12:14:39 firewall kernel: CSLIP: code copyright 1989 Regents of the University of California Jun 21 12:14:39 firewall kernel: PPP generic driver version 2.4.1 Jun 21 12:14:39 firewall kernel: failed to register PPP device (-16) Jun 21 12:14:39 firewall kernel: PPP MPPE compression module registered Jun 21 12:14:39 firewall pppd[1137]: MSCHAP-v2 peer authentication succeeded for georgev Jun 21 12:14:42 firewall pppd[1137]: found interface eth0 for proxy arp Jun 21 12:14:42 firewall pppd[1137]: local IP address 10.10.0.254 Jun 21 12:14:42 firewall pppd[1137]: remote IP address 10.10.0.97 Jun 21 12:14:42 firewall pppd[1137]: Modem hangup Jun 21 12:14:42 firewall pppd[1137]: Connection terminated. Jun 21 12:14:42 firewall pppd[1137]: Connect time 0.1 minutes. Jun 21 12:14:42 firewall pppd[1137]: Sent 179 bytes, received 231 bytes. Jun 21 12:14:42 firewall pptpd[1136]: GRE: read error: Bad file descriptor Jun 21 12:14:42 firewall pptpd[1136]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Jun 21 12:14:42 firewall pptpd[1136]: CTRL: Client 10.10.0.69 control connection finished -----Original Message----- From: George Vieira Sent: Thursday, June 21, 2001 12:03 PM To: PPTP List (E-mail) Subject: MPPE Solved... don't know how but SOLVED that matters... I have no idea what happened but I did it again thrid time around and it worked. Jun 21 12:01:03 firewall pppd[29891]: Connect: ppp0 <--> /dev/pts/2 Jun 21 12:01:03 firewall pptpd[29890]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jun 21 12:01:07 firewall kernel: CSLIP: code copyright 1989 Regents of the University of California Jun 21 12:01:07 firewall kernel: PPP generic driver version 2.4.1 Jun 21 12:01:07 firewall kernel: failed to register PPP device (-16) Jun 21 12:01:07 firewall kernel: PPP MPPE compression module registered Jun 21 12:01:07 firewall pppd[29891]: MSCHAP-v2 peer authentication succeeded for georgev Jun 21 12:01:10 firewall pppd[29891]: found interface eth0 for proxy arp Jun 21 12:01:10 firewall pppd[29891]: local IP address 10.10.0.121 Jun 21 12:01:10 firewall pppd[29891]: remote IP address 10.10.0.97 Locally anyway but it's a start. So Kernel 2.4.5 and PPD 2.4.1 work fine.!!! thanks to those who tried suggesting a solution (even though half were already tried).... thanks, George Vieira Network Engineer Citadel Computer Systems P/L From GeorgeV at citadelcomputer.com.au Wed Jun 20 21:03:09 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 21 Jun 2001 12:03:09 +1000 Subject: [pptp-server] MPPE Solved... don't know how but SOLVED that matters... Message-ID: <200FAA488DE0D41194F10010B597610D172596@JUPITER> I have no idea what happened but I did it again thrid time around and it worked. Jun 21 12:01:03 firewall pppd[29891]: Connect: ppp0 <--> /dev/pts/2 Jun 21 12:01:03 firewall pptpd[29890]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jun 21 12:01:07 firewall kernel: CSLIP: code copyright 1989 Regents of the University of California Jun 21 12:01:07 firewall kernel: PPP generic driver version 2.4.1 Jun 21 12:01:07 firewall kernel: failed to register PPP device (-16) Jun 21 12:01:07 firewall kernel: PPP MPPE compression module registered Jun 21 12:01:07 firewall pppd[29891]: MSCHAP-v2 peer authentication succeeded for georgev Jun 21 12:01:10 firewall pppd[29891]: found interface eth0 for proxy arp Jun 21 12:01:10 firewall pppd[29891]: local IP address 10.10.0.121 Jun 21 12:01:10 firewall pppd[29891]: remote IP address 10.10.0.97 Locally anyway but it's a start. So Kernel 2.4.5 and PPD 2.4.1 work fine.!!! thanks to those who tried suggesting a solution (even though half were already tried).... thanks, George Vieira Network Engineer Citadel Computer Systems P/L From charlieb at e-smith.com Wed Jun 20 21:24:08 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 20 Jun 2001 22:24:08 -0400 (EDT) Subject: [pptp-server] RE: MPPE Solved !!!NOT AAARGGH!!!... don't know how but SOLVED t hat matters... In-Reply-To: <200FAA488DE0D41194F10010B597610D172597@JUPITER> Message-ID: On Thu, 21 Jun 2001, George Vieira wrote: > AArgh... second time connection fails now... Damn this thing... > I'm getting failed to register PPP device... I guess that's a bad thing > right.. ;-) I've seen that before using kernel modules compiled with gcc and not kgcc on RedHat 7.0. So it could be a compiler bug. Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From GeorgeV at citadelcomputer.com.au Wed Jun 20 22:58:35 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 21 Jun 2001 13:58:35 +1000 Subject: [pptp-server] RE: MPPE Solved !!!NOT AAARGGH!!!... don't kno w how but SOLVED t hat matters... Message-ID: <200FAA488DE0D41194F10010B597610D172599@JUPITER> Well looking at the MAKE command issued.. this doesn't tell me it's gcc but cc. How do we force to use kgcc? cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o tty.o tty.c cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o cbcp.o cbcp.c cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o mppe.o mppe.c cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o sha1 -----Original Message----- From: Charlie Brady [mailto:charlieb at e-smith.com] Sent: Thursday, June 21, 2001 12:24 PM To: George Vieira Cc: 'PPTP List (E-mail)' Subject: Re: [pptp-server] RE: MPPE Solved !!!NOT AAARGGH!!!... don't know how but SOLVED t hat matters... On Thu, 21 Jun 2001, George Vieira wrote: > AArgh... second time connection fails now... Damn this thing... > I'm getting failed to register PPP device... I guess that's a bad thing > right.. ;-) I've seen that before using kernel modules compiled with gcc and not kgcc on RedHat 7.0. So it could be a compiler bug. Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From rverghes at engmail.uwaterloo.ca Wed Jun 20 23:27:42 2001 From: rverghes at engmail.uwaterloo.ca (Rohan Verghese) Date: Thu, 21 Jun 2001 00:27:42 -0400 Subject: [pptp-server] Poptop and DirectPlay Message-ID: Heya, Thanks for the help in setting this up. On to more fun questions. Has anyone tried running a multiplayer DirectPlay game (Icewind Dale is the one we're attempting) over the VPN? Can multiple people connect to the VPN if they have the same external ip? Example, I have two friends behind another firewall/router. Is there any way to allow both of them to connect? Is there a way to minimize the connection overhead involved in the VPN? I don't really care about security or encryption, just minimum latency. Thanks, Rohan Verghese rverghes at engmail.uwaterloo.ca From waynes at ostalink.com.au Thu Jun 21 01:03:46 2001 From: waynes at ostalink.com.au (waynes at ostalink.com.au) Date: Thu, 21 Jun 2001 16:03:46 +1000 Subject: [pptp-server] RE: MPPE Solved !!!NOT AAARGGH!!!... don't know how but SOLVED t hat matters... References: <200FAA488DE0D41194F10010B597610D172599@JUPITER> Message-ID: <000701c0fa17$f263ea40$0a01a8c0@ourplace.com> Dear George: Go to the global Makefile, the one at the top of the source tree and modify it to use kgcc instead of gcc. The entries to change are:- HOSTCC = kgcc & CC = $(CROSS_COMPILE)kgcc Regards Wayne Sheehan ----- Original Message ----- From: "George Vieira" To: "'Charlie Brady'" Cc: "PPTP List (E-mail)" Sent: Thursday, June 21, 2001 1:58 PM Subject: RE: [pptp-server] RE: MPPE Solved !!!NOT AAARGGH!!!... don't know how but SOLVED t hat matters... > > > Well looking at the MAKE command issued.. this doesn't tell me it's gcc but > cc. > How do we force to use kgcc? > > cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE > -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 > -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o tty.o tty.c > cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE > -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 > -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o cbcp.o cbcp.c > cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE > -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 > -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o mppe.o mppe.c > cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE > -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 > -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o sha1 > > > -----Original Message----- > From: Charlie Brady [mailto:charlieb at e-smith.com] > Sent: Thursday, June 21, 2001 12:24 PM > To: George Vieira > Cc: 'PPTP List (E-mail)' > Subject: Re: [pptp-server] RE: MPPE Solved !!!NOT AAARGGH!!!... don't > know how but SOLVED t hat matters... > > > > > > On Thu, 21 Jun 2001, George Vieira wrote: > > > AArgh... second time connection fails now... Damn this thing... > > I'm getting failed to register PPP device... I guess that's a bad thing > > right.. ;-) > > I've seen that before using kernel modules compiled with gcc and not kgcc > on RedHat 7.0. So it could be a compiler bug. > > Charlie Brady charlieb at e-smith.com > http://www.e-smith.org (development) http://www.e-smith.com (corporate) > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Thu Jun 21 01:28:42 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 21 Jun 2001 16:28:42 +1000 Subject: [pptp-server] RE: MPPE Solved !!!FIXED.... I tried it 10 time s now. hee hee ;-)!!!... don't know how but SOLVED t hat matters... Message-ID: <200FAA488DE0D41194F10010B597610D1725A0@JUPITER> thanks all, I put those kgcc settings in and just recompiled it and installed it.. reboot (to be safe) and it started fine about 10 times now.. Internet test is next.. Thanks all..again......... -----Original Message----- From: waynes at ostalink.com.au [mailto:waynes at ostalink.com.au] Sent: Thursday, June 21, 2001 4:04 PM To: George Vieira Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] RE: MPPE Solved !!!NOT AAARGGH!!!... don't know how but SOLVED t hat matters... Dear George: Go to the global Makefile, the one at the top of the source tree and modify it to use kgcc instead of gcc. The entries to change are:- HOSTCC = kgcc & CC = $(CROSS_COMPILE)kgcc Regards Wayne Sheehan ----- Original Message ----- From: "George Vieira" To: "'Charlie Brady'" Cc: "PPTP List (E-mail)" Sent: Thursday, June 21, 2001 1:58 PM Subject: RE: [pptp-server] RE: MPPE Solved !!!NOT AAARGGH!!!... don't know how but SOLVED t hat matters... > > > Well looking at the MAKE command issued.. this doesn't tell me it's gcc but > cc. > How do we force to use kgcc? > > cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE > -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 > -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o tty.o tty.c > cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE > -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 > -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o cbcp.o cbcp.c > cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE > -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 > -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o mppe.o mppe.c > cc -O2 -pipe -Wall -g -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE > -DHAVE_MULTILINK -DHAVE_MMAP -I../include -DCHAPMS=1 -DUSE_CRYPT=1 > -DHAVE_CRYPT_H=1 -DMPPE=1 -DHAS_SHADOW -DPLUGIN -c -o sha1 > > > -----Original Message----- > From: Charlie Brady [mailto:charlieb at e-smith.com] > Sent: Thursday, June 21, 2001 12:24 PM > To: George Vieira > Cc: 'PPTP List (E-mail)' > Subject: Re: [pptp-server] RE: MPPE Solved !!!NOT AAARGGH!!!... don't > know how but SOLVED t hat matters... > > > > > > On Thu, 21 Jun 2001, George Vieira wrote: > > > AArgh... second time connection fails now... Damn this thing... > > I'm getting failed to register PPP device... I guess that's a bad thing > > right.. ;-) > > I've seen that before using kernel modules compiled with gcc and not kgcc > on RedHat 7.0. So it could be a compiler bug. > > Charlie Brady charlieb at e-smith.com > http://www.e-smith.org (development) http://www.e-smith.com (corporate) > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From lists at earthling.2y.net Thu Jun 21 05:31:46 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 21 Jun 2001 06:31:46 -0400 (EDT) Subject: [pptp-server] pppd + MPPE + PPPoATM In-Reply-To: Message-ID: Export concerns are not a problem. It's made in .au, plus if it were made in the US, aslong as the source code is free, you can distribute a binary form around the world with no problems. Thats why openssh and openssl is now in redhat. As for PPPoATM, I have never heard of it. Sorry. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Wed, 20 Jun 2001, Jason Duerstock wrote: > > > Is it possible to get both of these patches together and integrated into > the 'official' pppd distribution? Are there encryption export concerns > with the MPPE patch? What's the best way to get this coordinated? > > Thanks > > Jason > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From pstarzew at gbp.com Thu Jun 21 07:43:58 2001 From: pstarzew at gbp.com (Pete Starzewski) Date: Thu, 21 Jun 2001 07:43:58 -0500 Subject: [pptp-server] Poptop and DirectPlay In-Reply-To: Message-ID: <4.3.2.7.1.20010621074213.00c10b30@mail06.gbp.com> From what I understand of GRE, the answer is no. Since GRE doesn't use a port like tcp or udp, there can only be one connection per ip address. I could be wrong on this since I work with GRE very little. Pete At 12:27 AM 6/21/01 -0400, you wrote: >Heya, > >Thanks for the help in setting this up. On to more fun questions. > >Has anyone tried running a multiplayer DirectPlay game (Icewind Dale is the >one we're attempting) over the VPN? > >Can multiple people connect to the VPN if they have the same external ip? >Example, I have two friends behind another firewall/router. Is there any >way to allow both of them to connect? > >Is there a way to minimize the connection overhead involved in the VPN? I >don't really care about security or encryption, just minimum latency. > >Thanks, > >Rohan Verghese >rverghes at engmail.uwaterloo.ca > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- From davek at tao-group.com Thu Jun 21 11:01:08 2001 From: davek at tao-group.com (David Kerrawn) Date: Thu, 21 Jun 2001 17:01:08 +0100 Subject: [pptp-server] Win 95/98 128 bit Encryption Message-ID: <005e01c0fa6b$62468f90$816410ac@tao.co.uk> For those wanting 128-bit encryption in Win98SE to connect to PPTP you might want to try: http://support.microsoft.com/support/kb/articles/Q285/1/89.ASP The files referenced on this page contain the updated pppmac.vxd file. It works for me. Cheers Davek. From JaminC at adapt-tele.com Thu Jun 21 17:40:35 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Thu, 21 Jun 2001 17:40:35 -0500 Subject: [pptp-server] PoPToP Strip MS Domain Patch for PPP v2.4 + Message-ID: I know this is a stupid question as I should be able to find this, but I appear to be having difficulty. Does anyone know where I can find the Strip MS-Domain patch for the 2.4 series PPP package? Jamin W. Collins From JaminC at adapt-tele.com Thu Jun 21 18:24:23 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Thu, 21 Jun 2001 18:24:23 -0500 Subject: [pptp-server] PoPToP Strip MS Domain Patch for PPP v2.4 + Message-ID: Nevermind.... I was stupid, the old patch works. Jamin > -----Original Message----- > From: Jamin Collins [mailto:JaminC at adapt-tele.com] > Sent: Thursday, June 21, 2001 5:41 PM > To: 'pptp-server at lists.schulte.org' > Subject: [pptp-server] PoPToP Strip MS Domain Patch for PPP v2.4 + > > > > > I know this is a stupid question as I should be able to find > this, but I > appear to be having difficulty. Does anyone know where I can > find the Strip > MS-Domain patch for the 2.4 series PPP package? > > Jamin W. Collins > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From johnf at inodes.org Thu Jun 21 21:46:19 2001 From: johnf at inodes.org (John Ferlito) Date: Fri, 22 Jun 2001 12:46:19 +1000 Subject: [pptp-server] Logging onto a Domain Controller Message-ID: <20010622124619.G32334@inodes.org> Does the kernel mppe support only work as a module or can you compile it into the kernel? I had a quick look at the code and couldn;t see any appropriate hooks and it looks like module only? Has anyone sucesfully compiled it in? -- John Ferlito Senior Engineer - Bulletproof Networks ph: +61 (0) 410 519 382 http://www.bulletproof.net.au/ From Josh.Howlett at bristol.ac.uk Fri Jun 22 05:14:35 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Fri, 22 Jun 2001 11:14:35 +0100 (BST) Subject: [pptp-server] PPTP masquerade Message-ID: Hi all, Has anyone managed to masquerade PPTP clients and got them to talk to pptpd? I'm working on the following set-up: PPTP client-\ | PPTP client---Masq--(ip)--PPTP server | PPTP client-/ It works fine for a single PPTP client, but if a second attempts to connect to the same server I get this: Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Client 137.222.12.160 control connection started Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Starting call (launching pppd, opening GRE) Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 1, already have 216 Jun 22 10:52:58 cypri pppd[23387]: pppd 2.4.0 started by root, uid 0 Jun 22 10:52:58 cypri pppd[23387]: Using interface ppp1 Jun 22 10:52:58 cypri pppd[23387]: Connect: ppp1 <--> /dev/pts/2 Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; got 1 after 4294967295 Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 2, already have 216 Jun 22 10:52:58 cypri pptpd[23386]: Packet reorder timeout waiting for 0 Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; got 2 after 0 Jun 22 10:52:58 cypri pptpd[23386]: Missing 12 consecutive packets; got 217 after 2 Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 3, already have 217 Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 3, already have 217 Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 4, already have 217 Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 4, already have 217 Jun 22 10:53:01 cypri pptpd[23327]: Discarding out-of-order packet 5, already have 217 I've read (and followed) the VPN masquerade HOWTO, and it says that this set-up is possible assuming the server allow multiple control channels to the same IP address. Does poptop allow this? Or could I being doing something else wrong? thanks, josh. --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From lists at earthling.2y.net Fri Jun 22 05:33:29 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 22 Jun 2001 06:33:29 -0400 (EDT) Subject: [pptp-server] PPTP masquerade In-Reply-To: Message-ID: You cannot do that, It won't work. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Fri, 22 Jun 2001, Josh Howlett wrote: > > > Hi all, > > Has anyone managed to masquerade PPTP clients and got them to talk to > pptpd? I'm working on the following set-up: > > PPTP client-\ > | > PPTP client---Masq--(ip)--PPTP server > | > PPTP client-/ > > It works fine for a single PPTP client, but if a second attempts to > connect to the same server I get this: > > Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Client 137.222.12.160 control > connection started > Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Starting call (launching pppd, > opening GRE) > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 1, > already have 216 > Jun 22 10:52:58 cypri pppd[23387]: pppd 2.4.0 started by root, uid 0 > Jun 22 10:52:58 cypri pppd[23387]: Using interface ppp1 > Jun 22 10:52:58 cypri pppd[23387]: Connect: ppp1 <--> /dev/pts/2 > Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; got 1 > after 4294967295 > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 2, > already have 216 > Jun 22 10:52:58 cypri pptpd[23386]: Packet reorder timeout waiting for 0 > Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; got 2 > after 0 > Jun 22 10:52:58 cypri pptpd[23386]: Missing 12 consecutive packets; got > 217 after 2 > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 3, > already have 217 > Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 3, > already have 217 > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 4, > already have 217 > Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 4, > already have 217 > Jun 22 10:53:01 cypri pptpd[23327]: Discarding out-of-order packet 5, > already have 217 > > I've read (and followed) the VPN masquerade HOWTO, and it says that this > set-up is possible assuming the server allow multiple control channels > to the same IP address. > > Does poptop allow this? Or could I being doing something else wrong? > > thanks, josh. > > --------------------------------------- > Josh Howlett, Network Supervisor, > Networking & Digital Communications, > Information Systems & Computing, > University of Bristol, U.K. > 0117 928 7850 | josh.howlett at bris.ac.uk > --------------------------------------- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From Josh.Howlett at bristol.ac.uk Fri Jun 22 07:11:46 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Fri, 22 Jun 2001 13:11:46 +0100 (BST) Subject: [pptp-server] PPTP masquerade In-Reply-To: Message-ID: Is this a limitation/feature of poptop? I've read of ppl doing it with Windows PPTP server. thx, josh. On Fri, 22 Jun 2001, Justin Kreger wrote: > You cannot do that, It won't work. > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net > > > On Fri, 22 Jun 2001, Josh Howlett wrote: > > > > > > > Hi all, > > > > Has anyone managed to masquerade PPTP clients and got them to talk to > > pptpd? I'm working on the following set-up: > > > > PPTP client-\ > > | > > PPTP client---Masq--(ip)--PPTP server > > | > > PPTP client-/ > > > > It works fine for a single PPTP client, but if a second attempts to > > connect to the same server I get this: > > > > Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Client 137.222.12.160 control > > connection started > > Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Starting call (launching pppd, > > opening GRE) > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 1, > > already have 216 > > Jun 22 10:52:58 cypri pppd[23387]: pppd 2.4.0 started by root, uid 0 > > Jun 22 10:52:58 cypri pppd[23387]: Using interface ppp1 > > Jun 22 10:52:58 cypri pppd[23387]: Connect: ppp1 <--> /dev/pts/2 > > Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; got 1 > > after 4294967295 > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 2, > > already have 216 > > Jun 22 10:52:58 cypri pptpd[23386]: Packet reorder timeout waiting for 0 > > Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; got 2 > > after 0 > > Jun 22 10:52:58 cypri pptpd[23386]: Missing 12 consecutive packets; got > > 217 after 2 > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 3, > > already have 217 > > Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 3, > > already have 217 > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 4, > > already have 217 > > Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 4, > > already have 217 > > Jun 22 10:53:01 cypri pptpd[23327]: Discarding out-of-order packet 5, > > already have 217 > > > > I've read (and followed) the VPN masquerade HOWTO, and it says that this > > set-up is possible assuming the server allow multiple control channels > > to the same IP address. > > > > Does poptop allow this? Or could I being doing something else wrong? > > > > thanks, josh. > > > > --------------------------------------- > > Josh Howlett, Network Supervisor, > > Networking & Digital Communications, > > Information Systems & Computing, > > University of Bristol, U.K. > > 0117 928 7850 | josh.howlett at bris.ac.uk > > --------------------------------------- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > From JaminC at adapt-tele.com Fri Jun 22 07:53:30 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 07:53:30 -0500 Subject: [pptp-server] PPTP masquerade Message-ID: Josh Howlett [mailto:Josh.Howlett at bristol.ac.uk] wrote: > Is this a limitation/feature of poptop? I've read of ppl > doing it with Windows PPTP server. Yes and no. IIRC, the specification either limits the number of connections, or doesn't say. But as for where the limitation actually lies in this case, yes TMK PoPToP is your limiter. If you want to do something like this (multiple people behind one public IP) I suggest two alternatives. 1) Use a VPN client to make the connection and route the other clients through it (this could be on the public IP box or another). 2) use FreeS/WAN to provide the same style of connection (actually, this is more what FreeS/WAN was designed for). Jamin W. Collins From berzerke at swbell.net Fri Jun 22 08:46:05 2001 From: berzerke at swbell.net (robert) Date: Fri, 22 Jun 2001 08:46:05 -0500 Subject: [pptp-server] PPTP masquerade In-Reply-To: References: Message-ID: <01062208460500.03161@linux> The PPTP RFC specifies in section 3.1.3 that there may only be one control channel connection between two systems. This should mean that you can only masquerade one PPTP session at a time with a given remote server, but in practice the MS implementation of PPTP does not enforce this, at least not as of NT 4.0 Service Pack 4. If the PPTP server you're trying to connect to only permits one connection at a time, it's following the protocol rules properly. Note that this does not affect a masqueraded server, only multiple masqueraded clients attempting to contact the same remote server. On Friday 22 June 2001 07:11, Josh Howlett wrote: > Is this a limitation/feature of poptop? I've read of ppl doing it with > Windows PPTP server. > > thx, josh. > > On Fri, 22 Jun 2001, Justin Kreger wrote: > > You cannot do that, It won't work. > > > > Justin Kreger, MCP MCSE CCNA > > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net > > > > On Fri, 22 Jun 2001, Josh Howlett wrote: > > > Hi all, > > > > > > Has anyone managed to masquerade PPTP clients and got them to talk to > > > pptpd? I'm working on the following set-up: > > > > > > PPTP client-\ > > > > > > PPTP client---Masq--(ip)--PPTP server > > > > > > PPTP client-/ > > > > > > It works fine for a single PPTP client, but if a second attempts to > > > connect to the same server I get this: > > > > > > Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Client 137.222.12.160 control > > > connection started > > > Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Starting call (launching > > > pppd, opening GRE) > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 1, > > > already have 216 > > > Jun 22 10:52:58 cypri pppd[23387]: pppd 2.4.0 started by root, uid 0 > > > Jun 22 10:52:58 cypri pppd[23387]: Using interface ppp1 > > > Jun 22 10:52:58 cypri pppd[23387]: Connect: ppp1 <--> /dev/pts/2 > > > Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; got > > > 1 after 4294967295 > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 2, > > > already have 216 > > > Jun 22 10:52:58 cypri pptpd[23386]: Packet reorder timeout waiting for > > > 0 Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; > > > got 2 after 0 > > > Jun 22 10:52:58 cypri pptpd[23386]: Missing 12 consecutive packets; got > > > 217 after 2 > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 3, > > > already have 217 > > > Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 3, > > > already have 217 > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 4, > > > already have 217 > > > Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 4, > > > already have 217 > > > Jun 22 10:53:01 cypri pptpd[23327]: Discarding out-of-order packet 5, > > > already have 217 > > > > > > I've read (and followed) the VPN masquerade HOWTO, and it says that > > > this set-up is possible assuming the server allow multiple control > > > channels to the same IP address. > > > > > > Does poptop allow this? Or could I being doing something else wrong? > > > > > > thanks, josh. > > > > > > --------------------------------------- > > > Josh Howlett, Network Supervisor, > > > Networking & Digital Communications, > > > Information Systems & Computing, > > > University of Bristol, U.K. > > > 0117 928 7850 | josh.howlett at bris.ac.uk > > > --------------------------------------- > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From berzerke at swbell.net Fri Jun 22 08:48:47 2001 From: berzerke at swbell.net (robert) Date: Fri, 22 Jun 2001 08:48:47 -0500 Subject: [pptp-server] Logging onto a Domain Controller In-Reply-To: <20010622124619.G32334@inodes.org> References: <20010622124619.G32334@inodes.org> Message-ID: <01062208484701.03161@linux> Keep in mind that for reasons unknown to me, some things only work as modules, and do not work if compiled in. For instance, I had a NIC card driver I compiled in and the card would never work. Recompiled it as a modules and it worked fine (making no other changes). On Thursday 21 June 2001 21:46, John Ferlito wrote: > Does the kernel mppe support only work as a module or can you > compile it into the kernel? I had a quick look at the code and couldn;t > see any appropriate hooks and it looks like module only? Has anyone > sucesfully compiled it in. From Josh.Howlett at bristol.ac.uk Fri Jun 22 08:54:40 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Fri, 22 Jun 2001 14:54:40 +0100 (BST) Subject: [pptp-server] PPTP masquerade In-Reply-To: <01062208460500.03161@linux> Message-ID: Would it be feasible to modify the behaviour of poptop so that it behaved like MS RAS? This would be really really useful. tia, josh. On Fri, 22 Jun 2001, robert wrote: > The PPTP RFC specifies in section 3.1.3 that there may only be one > control channel connection between two systems. This should mean that > you can only masquerade one PPTP session at a time with a given remote > server, but in practice the MS implementation of PPTP does not enforce > this, at least not as of NT 4.0 Service Pack 4. If the PPTP server > you're trying to connect to only permits one connection at a time, > it's following the protocol rules properly. Note that this does not > affect a masqueraded server, only multiple masqueraded clients > attempting to contact the same remote server. > > On Friday 22 June 2001 07:11, Josh Howlett wrote: > > Is this a limitation/feature of poptop? I've read of ppl doing it with > > Windows PPTP server. > > > > thx, josh. > > > > On Fri, 22 Jun 2001, Justin Kreger wrote: > > > You cannot do that, It won't work. > > > > > > Justin Kreger, MCP MCSE CCNA > > > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net > > > > > > On Fri, 22 Jun 2001, Josh Howlett wrote: > > > > Hi all, > > > > > > > > Has anyone managed to masquerade PPTP clients and got them to talk to > > > > pptpd? I'm working on the following set-up: > > > > > > > > PPTP client-\ > > > > > > > > PPTP client---Masq--(ip)--PPTP server > > > > > > > > PPTP client-/ > > > > > > > > It works fine for a single PPTP client, but if a second attempts to > > > > connect to the same server I get this: > > > > > > > > Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Client 137.222.12.160 control > > > > connection started > > > > Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Starting call (launching > > > > pppd, opening GRE) > > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 1, > > > > already have 216 > > > > Jun 22 10:52:58 cypri pppd[23387]: pppd 2.4.0 started by root, uid 0 > > > > Jun 22 10:52:58 cypri pppd[23387]: Using interface ppp1 > > > > Jun 22 10:52:58 cypri pppd[23387]: Connect: ppp1 <--> /dev/pts/2 > > > > Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; got > > > > 1 after 4294967295 > > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 2, > > > > already have 216 > > > > Jun 22 10:52:58 cypri pptpd[23386]: Packet reorder timeout waiting for > > > > 0 Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; > > > > got 2 after 0 > > > > Jun 22 10:52:58 cypri pptpd[23386]: Missing 12 consecutive packets; got > > > > 217 after 2 > > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 3, > > > > already have 217 > > > > Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 3, > > > > already have 217 > > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 4, > > > > already have 217 > > > > Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 4, > > > > already have 217 > > > > Jun 22 10:53:01 cypri pptpd[23327]: Discarding out-of-order packet 5, > > > > already have 217 > > > > > > > > I've read (and followed) the VPN masquerade HOWTO, and it says that > > > > this set-up is possible assuming the server allow multiple control > > > > channels to the same IP address. > > > > > > > > Does poptop allow this? Or could I being doing something else wrong? > > > > > > > > thanks, josh. > > > > > > > > --------------------------------------- > > > > Josh Howlett, Network Supervisor, > > > > Networking & Digital Communications, > > > > Information Systems & Computing, > > > > University of Bristol, U.K. > > > > 0117 928 7850 | josh.howlett at bris.ac.uk > > > > --------------------------------------- > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > From JaminC at adapt-tele.com Fri Jun 22 09:09:38 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 09:09:38 -0500 Subject: [pptp-server] PPTP masquerade Message-ID: robert [mailto:berzerke at swbell.net] wrote: > The PPTP RFC specifies in section 3.1.3 that there may only be one > control channel connection between two systems. This should mean > that you can only masquerade one PPTP session at a time with a > given remote server, but in practice the MS implementation of PPTP > does not enforce this, at least not as of NT 4.0 Service Pack 4. > If the PPTP server you're trying to connect to only permits one > connection at a time, it's following the protocol rules properly. > Note that this does not affect a masqueraded server, only multiple > masqueraded clients attempting to contact the same remote server. It is rather funny to point out that Microsoft helped to draft this RFC and yet they don't even abide by it in their own implimentation. Jamin W. Collins From dewey at hyltown.com Fri Jun 22 09:19:07 2001 From: dewey at hyltown.com (Dewey Hylton) Date: Fri, 22 Jun 2001 10:19:07 -0400 (EDT) Subject: [pptp-server] PPTP masquerade In-Reply-To: <01062208460500.03161@linux> Message-ID: And then only multiple clients masqueraded behind the same box. On Fri, 22 Jun 2001, robert wrote: > > > The PPTP RFC specifies in section 3.1.3 that there may only be one > control channel connection between two systems. This should mean that > you can only masquerade one PPTP session at a time with a given remote > server, but in practice the MS implementation of PPTP does not enforce > this, at least not as of NT 4.0 Service Pack 4. If the PPTP server > you're trying to connect to only permits one connection at a time, > it's following the protocol rules properly. Note that this does not > affect a masqueraded server, only multiple masqueraded clients > attempting to contact the same remote server. > > On Friday 22 June 2001 07:11, Josh Howlett wrote: > > Is this a limitation/feature of poptop? I've read of ppl doing it with > > Windows PPTP server. > > > > thx, josh. > > > > On Fri, 22 Jun 2001, Justin Kreger wrote: > > > You cannot do that, It won't work. > > > > > > Justin Kreger, MCP MCSE CCNA > > > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net > > > > > > On Fri, 22 Jun 2001, Josh Howlett wrote: > > > > Hi all, > > > > > > > > Has anyone managed to masquerade PPTP clients and got them to talk to > > > > pptpd? I'm working on the following set-up: > > > > > > > > PPTP client-\ > > > > > > > > PPTP client---Masq--(ip)--PPTP server > > > > > > > > PPTP client-/ > > > > > > > > It works fine for a single PPTP client, but if a second attempts to > > > > connect to the same server I get this: > > > > > > > > Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Client 137.222.12.160 control > > > > connection started > > > > Jun 22 10:52:58 cypri pptpd[23386]: CTRL: Starting call (launching > > > > pppd, opening GRE) > > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 1, > > > > already have 216 > > > > Jun 22 10:52:58 cypri pppd[23387]: pppd 2.4.0 started by root, uid 0 > > > > Jun 22 10:52:58 cypri pppd[23387]: Using interface ppp1 > > > > Jun 22 10:52:58 cypri pppd[23387]: Connect: ppp1 <--> /dev/pts/2 > > > > Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; got > > > > 1 after 4294967295 > > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 2, > > > > already have 216 > > > > Jun 22 10:52:58 cypri pptpd[23386]: Packet reorder timeout waiting for > > > > 0 Jun 22 10:52:58 cypri pptpd[23386]: Buffering out-of-order packet; > > > > got 2 after 0 > > > > Jun 22 10:52:58 cypri pptpd[23386]: Missing 12 consecutive packets; got > > > > 217 after 2 > > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 3, > > > > already have 217 > > > > Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 3, > > > > already have 217 > > > > Jun 22 10:52:58 cypri pptpd[23327]: Discarding out-of-order packet 4, > > > > already have 217 > > > > Jun 22 10:52:58 cypri pptpd[23386]: Discarding out-of-order packet 4, > > > > already have 217 > > > > Jun 22 10:53:01 cypri pptpd[23327]: Discarding out-of-order packet 5, > > > > already have 217 > > > > > > > > I've read (and followed) the VPN masquerade HOWTO, and it says that > > > > this set-up is possible assuming the server allow multiple control > > > > channels to the same IP address. > > > > > > > > Does poptop allow this? Or could I being doing something else wrong? > > > > > > > > thanks, josh. > > > > > > > > --------------------------------------- > > > > Josh Howlett, Network Supervisor, > > > > Networking & Digital Communications, > > > > Information Systems & Computing, > > > > University of Bristol, U.K. > > > > 0117 928 7850 | josh.howlett at bris.ac.uk > > > > --------------------------------------- > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From charlieb at e-smith.com Fri Jun 22 11:16:35 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 22 Jun 2001 12:16:35 -0400 (EDT) Subject: [pptp-server] PPTP masquerade In-Reply-To: Message-ID: On Fri, 22 Jun 2001, Jamin Collins wrote: > It is rather funny to point out that Microsoft helped to draft this RFC and > yet they don't even abide by it in their own implimentation. The same thing happened with DHCP. I don't recall anyone accusing Microsoft of being consistent, finnicky about standards, careful about reliability, careful about interoperability, etc. Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From allanc at caldera.com Fri Jun 22 11:50:50 2001 From: allanc at caldera.com (Allan Clark) Date: Fri, 22 Jun 2001 12:50:50 -0400 Subject: [pptp-server] PPTP masquerade && MS non-compliance References: Message-ID: <3B33776A.33E1F032@caldera.com> OK, we've all seen the Microsoft Halloween papers... "enrich and extend... to preserve our client base.." etc. I think we can kill the way this thread is going before we start. We were back somewhere around "multiple connections between two boxes, one of which is masquerading for the actual PPTP clients" -- and whether this is a good thing for poptop and the masquerading folks to consider. There's a heavy precident in the industry for "that's what the spec says, but we're emulating the non-compliance of those guys". I think we should consider supporting this, **AND** draft an ammendment or revision to the RFC. Allan Charlie Brady wrote: > > On Fri, 22 Jun 2001, Jamin Collins wrote: > > > It is rather funny to point out that Microsoft helped to draft this RFC and > > yet they don't even abide by it in their own implimentation. > > The same thing happened with DHCP. I don't recall anyone accusing > Microsoft of being consistent, finnicky about standards, careful about > reliability, careful about interoperability, etc. From vlast at eetc.com Fri Jun 22 12:13:01 2001 From: vlast at eetc.com (Vladimir Strezhnev) Date: Fri, 22 Jun 2001 12:13:01 -0500 Subject: [pptp-server] PPTP masquerade In-Reply-To: References: Message-ID: <01062212130101.04048@ivl-devel.eetc.com> What are the general guidelines for such a routing? >If you want to do something > like this (multiple people behind one public IP) I suggest two > alternatives. 1) Use a VPN client to make the connection and route the > other clients through it (this could be on the public IP box or another). From JaminC at adapt-tele.com Fri Jun 22 12:19:26 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 12:19:26 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: Allan Clark [mailto:allanc at caldera.com] wrote: > We were back somewhere around "multiple connections between two boxes, > one of which is masquerading for the actual PPTP clients" -- > and whether this is a good thing for poptop and the masquerading folks > to consider. > > There's a heavy precident in the industry for "that's what the spec > says, but we're emulating the non-compliance of those guys". > I think we should consider supporting this, **AND** draft an > ammendment or revision to the RFC. I'm not so sure that is a good route to begin walking down. Just because there is a precedent to not follow the RFC because X other company doesn't isn't a good way to do things. This is equivelant to the whole peer pressure question "if everyone else jumped off a bridge would you?". We need to consider not just whether someone else did something, but whether it is the right thing to do. For me, it's simple, it's not the right thing to do. From JaminC at adapt-tele.com Fri Jun 22 12:32:49 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 12:32:49 -0500 Subject: [pptp-server] PPTP masquerade Message-ID: Vladimir Strezhnev [mailto:vlast at eetc.com] wrote: > What are the general guidelines for such a routing? > > > If you want to do somethinglike this (multiple people > > behind one public IP) I suggest two alternatives. > > 1) Use a VPN client to make the connection and route the > > other clients through it (this could be on the public IP > > box or another). This all depends on what your OS options are. You will need an OS or software package capable of handling the routing for you. By default, NT can do this for you, 98 will need addition software to do something like this, and of course Linux can handle this. Once the OS determination has been made, you will need to establish the VPN connection on the box. Then you would update the boxes routing tables to include rules for traffic that is destined for the remote network. Finally, you would update the routing rules on each required workstation so that traffice destined for the remote network was sent to the VPN box you have just created. Provided that you have forwarding or masqing configured on this VPN box with the right rules your traffic should route to the remote network. This is a quick overview of the requirements. More detail can be provided if needed. Jamin W. Collins > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From ctooley at amoa.org Fri Jun 22 12:39:48 2001 From: ctooley at amoa.org (ctooley at amoa.org) Date: Fri, 22 Jun 2001 12:39:48 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: <86256A73.0061079D.00@amoa.org> That's correct, but I don't think there is anyway that (especially a PPTP server) a project can ignore MS non-compliance to the RFC if the server is to be used in the real world. Unfortunately in the real world I have to be able to use it in conjunction with MS non-compliant software. Otherwise I'd use something like ssh tunnelling that is easier to make transparent on non-MS platforms. Chris Jamin Collins on 06/22/2001 12:19:26 PM To: "'Allan Clark'" cc: PPTP LIST (bcc: Chris Tooley/AMOA) Subject RE: [pptp-server] PPTP masquerade && MS : non-compliance Allan Clark [mailto:allanc at caldera.com] wrote: > We were back somewhere around "multiple connections between two boxes, > one of which is masquerading for the actual PPTP clients" -- > and whether this is a good thing for poptop and the masquerading folks > to consider. > > There's a heavy precident in the industry for "that's what the spec > says, but we're emulating the non-compliance of those guys". > I think we should consider supporting this, **AND** draft an > ammendment or revision to the RFC. I'm not so sure that is a good route to begin walking down. Just because there is a precedent to not follow the RFC because X other company doesn't isn't a good way to do things. This is equivelant to the whole peer pressure question "if everyone else jumped off a bridge would you?". We need to consider not just whether someone else did something, but whether it is the right thing to do. For me, it's simple, it's not the right thing to do. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Fri Jun 22 12:42:42 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 22 Jun 2001 13:42:42 -0400 (EDT) Subject: [pptp-server] PPTP masquerade && MS non-compliance In-Reply-To: <3B33776A.33E1F032@caldera.com> Message-ID: On Fri, 22 Jun 2001, Allan Clark wrote: > There's a heavy precident in the industry for "that's what the spec > says, but we're emulating the non-compliance of those guys". I think we > should consider supporting this, **AND** draft an ammendment or revision > to the RFC. Sounds good to me. Speaking of standards compliance, a few months ago (22nd April) I posted a patch to correct what I have determined to be non-compliance with RFC 3078 when MPPE is used in statefull mode. There has been little feedback. Has anyone looked at the code, verified the problem and ratified the solution? If so, I'd advise that the patch, or something similar, is rolled into the canonical patches. You'll find my earlier posting in the archives, with subject "Patch: making stateful MPPE comply with draft-ietf-pppext-mppe-05.txt". -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From charlieb at e-smith.com Fri Jun 22 12:49:03 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 22 Jun 2001 13:49:03 -0400 (EDT) Subject: [pptp-server] PPTP masquerade && MS non-compliance In-Reply-To: Message-ID: On Fri, 22 Jun 2001, Jamin Collins wrote: > We need to consider not just whether someone else did something, but whether > it is the right thing to do. For me, it's simple, it's not the right thing > to do. Perhaps you could explain. Supporting multiple concurrent masqueraded connections to the same destination would add value to the users. Can it be done? Can it be done reliably? -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From JaminC at adapt-tele.com Fri Jun 22 13:18:06 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 13:18:06 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: Charlie Brady [mailto:charlieb at e-smith.com] wrote: > > We need to consider not just whether someone else did something, > > but whether it is the right thing to do. For me, it's simple, > > it's not the right thing to do. > > Perhaps you could explain. Supporting multiple concurrent masqueraded > connections to the same destination would add value to the > users. Can it be done? Can it be done reliably? First, what are good reasons to have multiple connections to the same destination? Second, each connection has overhead associated with it, on both ends. Thus, two client machines routed through a single VPN connection to a remote network has a better through put to overhead ratio than both clients making their own connections. As such it is better for the users to stick with the current capabilities and look into routing these two systems through a single connection. Could multiple connections be done? Certainly (MS has already done exactly this). Can it be done reliably? I would say yes. But the true question is: Should we do this? Until this is decided the others are irrelevant. Jamin W. Collins From JaminC at adapt-tele.com Fri Jun 22 12:46:39 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 12:46:39 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: ctooley at amoa.org [mailto:ctooley at amoa.org] wrote: > That's correct, but I don't think there is anyway that > (especially a PPTP server) a project can ignore MS > non-compliance to the RFC if the server is to be used > in the real world. Unfortunately in the real world I > have to be able to use it in conjunction with MS > non-compliant software. Otherwise I'd use something > like ssh tunnelling that is easier to make transparent > on non-MS platforms. Last I checked, this was the "real world" (or at least it appears to be) and I'm using PoPToP quite happily without worrying about MS's non-compliance to their own RFC. There really isn't any reason to want to make multiple VPN connections from the behind the same Masq server to the same destination. Doing so is a waste of bandwidth and there are many better ways to go about providing the same functionality. Jamin W. Collins From JaminC at adapt-tele.com Fri Jun 22 13:49:20 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 13:49:20 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: Charlie Brady [mailto:charlieb at e-smith.com] wrote: > The masquerading server does not have the authentication > information to create a server to remote server route, nor > should it create such a route for all its masqueraded > clients, as multiple clients probably don't have > authorization to send or receive packets from that remote server. I never said that it should, I simply stated that a single machine should make the connection and control the routing of any additional connections. You're assuming that I was talking about the Masq'ing server. I never said that this had to be the machine to make the connection. In one of my other posts, I listed it as one of the possible means of doing this, not as the only way. > It seems reasonable to me for the masquerading server to step > back out of the way and allow each client to individually > negotiate authentication and authorization with the remote > server - as long as it can be done reliably and (moderately) > securely. Sure this is inefficient, and there are other > ways to VPN site to site, but that is not the model that we are > considering here. There are multiple ways not only to connect site to site, but do do what we are talking. You appear to be concerned with unauthorized access, this can be controlled via many different mechanisms (many of which are more secure than individual VPN connections from individual workstations). Jamin W. Collins From JaminC at adapt-tele.com Fri Jun 22 13:56:14 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 13:56:14 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: Allan Clark [mailto:allanc at caldera.com] wrote: > You don't explain the reason for your judgment. > > When making this "simply not right" judgment, are you working on Logic > ("It's not right because ") or on > faithful compliance ("It's not right because the RFC says so"). Both. Some simplified reasoning: Logic indicates that multiple connections from one IP to one IP is less efficient than one connection routing traffic for multiple clients. Also, RFC's are there for a reason. > Blind faith on a spec that seems to have necessitated non-compliance > should be reviewed. The RFC is a guideline which should be > followed as best possible. Exactly, it is possible to follow this spec exactly and still attain what is being requested. Just because some organizations or people have not complied with it is not a viable reason that we should not. > Even Military services change rules; the RFC might indeed be wrong. What does the Military have to do with the discussion of PPTP and the RFC. > We've shown a point where it could be incorrect. RFCs often fail to > concretely describe protocols until a few iterations and clarifications. And, I've provided a few different ways that using the existing configuration the desired results can be achieved. > This is why I suggest "fix and amend": if it's wrong, build a reference > source product, and amend the RFC to concretely describe the better > way. Agreed, but only if it's wrong and the change is absolutely necessary to achieve the goal. Jamin W. Collins From charlieb at e-smith.com Fri Jun 22 13:38:29 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 22 Jun 2001 14:38:29 -0400 (EDT) Subject: [pptp-server] PPTP masquerade && MS non-compliance In-Reply-To: Message-ID: On Fri, 22 Jun 2001, Jamin Collins wrote: > First, what are good reasons to have multiple connections to the same > destination? Second, each connection has overhead associated with it, on > both ends. Thus, two client machines routed through a single VPN connection > to a remote network has a better through put to overhead ratio than both > clients making their own connections. As such it is better for the users to > stick with the current capabilities and look into routing these two systems > through a single connection. This discussion started with questions about PPTP masquerade. In a masqueraded situation, multiple masqueraded clients can independently attempt to contact a remote server without any knowledge of each other. The masquerading server does not have the authentication information to create a server to remote server route, nor should it create such a route for all its masqueraded clients, as multiple clients probably don't have authorization to send or receive packets from that remote server. It seems reasonable to me for the masquerading server to step back out of the way and allow each client to individually negotiate authentication and authorization with the remote server - as long as it can be done reliably and (moderately) securely. Sure this is inefficient, and there are other ways to VPN site to site, but that is not the model that we are considering here. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From allanc at caldera.com Fri Jun 22 13:41:58 2001 From: allanc at caldera.com (Allan Clark) Date: Fri, 22 Jun 2001 14:41:58 -0400 Subject: [pptp-server] PPTP masquerade && MS non-compliance References: Message-ID: <3B339176.2FF0B1F4@caldera.com> Jamin Collins wrote: > > Allan Clark [mailto:allanc at caldera.com] wrote: > > We were back somewhere around "multiple connections between two boxes, > > one of which is masquerading for the actual PPTP clients" -- > > and whether this is a good thing for poptop and the masquerading folks > > to consider. > > > > There's a heavy precident in the industry for "that's what the spec > > says, but we're emulating the non-compliance of those guys". > > I think we should consider supporting this, **AND** draft an > > ammendment or revision to the RFC. > > I'm not so sure that is a good route to begin walking down. Just because > there is a precedent to not follow the RFC because X other company doesn't > isn't a good way to do things. This is equivelant to the whole peer > pressure question "if everyone else jumped off a bridge would you?". > > We need to consider not just whether someone else did something, but whether > it is the right thing to do. For me, it's simple, it's not the right thing > to do. You don't explain the reason for your judgment. When making this "simply not right" judgment, are you working on Logic ("It's not right because ") or on faithful compliance ("It's not right because the RFC says so"). Blind faith on a spec that seems to have necessitated non-compliance should be reviewed. The RFC is a guideline which should be followed as best possible. Even Military services change rules; the RFC might indeed be wrong. We've shown a point where it could be incorrect. RFCs often fail to concretely describe protocols until a few iterations and clarifications. This is why I suggest "fix and amend": if it's wrong, build a reference source product, and amend the RFC to concretely describe the better way. Allan From charlieb at e-smith.com Fri Jun 22 14:16:44 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 22 Jun 2001 15:16:44 -0400 (EDT) Subject: [pptp-server] PPTP masquerade && MS non-compliance In-Reply-To: Message-ID: On Fri, 22 Jun 2001, Jamin Collins wrote: > Charlie Brady [mailto:charlieb at e-smith.com] wrote: > > The masquerading server does not have the authentication > > information to create a server to remote server route, nor > > should it create such a route for all its masqueraded > > clients, as multiple clients probably don't have > > authorization to send or receive packets from that remote server. > > I never said that it should, I simply stated that a single machine should > make the connection and control the routing of any additional connections. The same argument would apply to any other machine doing the routing. That machine cannot control the authorization of additional connections. > are talking. You appear to be concerned with unauthorized access, this can > be controlled via many different mechanisms (many of which are more secure > than individual VPN connections from individual workstations). I'm unaware of any extended authorization mechanisms which are supported by the PPTP protocol. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From allanc at caldera.com Fri Jun 22 14:20:17 2001 From: allanc at caldera.com (Allan Clark) Date: Fri, 22 Jun 2001 15:20:17 -0400 Subject: [pptp-server] PPTP masquerade && MS non-compliance References: Message-ID: <3B339A71.1F15938F@caldera.com> Jamin; You're shifting the overhead from the RAM to the CPU Jamin Collins wrote: > Charlie Brady [mailto:charlieb at e-smith.com] wrote: > > > We need to consider not just whether someone else did something, > > > but whether it is the right thing to do. For me, it's simple, > > > it's not the right thing to do. > > > > Perhaps you could explain. Supporting multiple concurrent masqueraded > > connections to the same destination would add value to the > > users. Can it be done? Can it be done reliably? > > First, what are good reasons to have multiple connections to the same > destination? Second, each connection has overhead associated with it, on > both ends. Thus, two client machines routed through a single VPN connection > to a remote network has a better through put to overhead ratio than both > clients making their own connections. Your solution requires the interposing box, the masquerade box, to actually interpret and aggregate the state-changes of each hidden connection into its single control channel, which itself could be aggregated by another system down the line. This requires the masquerade system to understand the full state-machine for the PPTP connection/disconnection/exception-handling. That's quite a bit to put into a proxying system that normally proxies at a lower OSI layer than what you're suggesting. You're converting the IP Masquerade from the symplicity of a routing bridge to the complexiting of a boundary gateway (unpacks and re-packs packets, may convert format). The engineering effort to make this happen would be incredible. Don't forget that it costs processor cycles to unpack, interpret, and rebuild packets. You're shifting the overhead from the RAM to the CPU. Allan From ctooley at amoa.org Fri Jun 22 14:31:54 2001 From: ctooley at amoa.org (ctooley at amoa.org) Date: Fri, 22 Jun 2001 14:31:54 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: <86256A73.006B4AEB.00@amoa.org> Jamin Collins on 06/22/2001 01:18:06 PM To: "'Charlie Brady'" cc: PPTP LIST (bcc: Chris Tooley/AMOA) Subject RE: [pptp-server] PPTP masquerade && MS : non-compliance Charlie Brady [mailto:charlieb at e-smith.com] wrote: > > We need to consider not just whether someone else did something, > > but whether it is the right thing to do. For me, it's simple, > > it's not the right thing to do. > > Perhaps you could explain. Supporting multiple concurrent masqueraded > connections to the same destination would add value to the > users. Can it be done? Can it be done reliably? First, what are good reasons to have multiple connections to the same destination? Second, each connection has overhead associated with it, on both ends. Thus, two client machines routed through a single VPN connection to a remote network has a better through put to overhead ratio than both clients making their own connections. As such it is better for the users to stick with the current capabilities and look into routing these two systems through a single connection. Could multiple connections be done? Certainly (MS has already done exactly this). Can it be done reliably? I would say yes. But the true question is: Should we do this? Until this is decided the others are irrelevant. If I can use more than one connection I can have better throughput accounting for departments. Is it a waste of overhead? Yes. Does it give me the statistics that my management wants to see? Yes. Does my management care whether it's "the right thing to do"? No, it can be done the way they want to do it and that's the way I get to impliment it. If that means proprietary software that is non-compliant that isn't really something they are overly concerned about. If that is software that is GPL'd, all the better. Chris Tooley From JaminC at adapt-tele.com Fri Jun 22 14:34:47 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 14:34:47 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: Allan Clark [mailto:allanc at caldera.com] wrote: > The engineering effort to make this happen would be incredible. > > Don't forget that it costs processor cycles to unpack, interpret, and > rebuild packets. You're shifting the overhead from the RAM > to the CPU. And everything that is needed already exists with either ipchains or iptables. Jamin W. Collins From JaminC at adapt-tele.com Fri Jun 22 15:04:58 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 15:04:58 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: Charlie Brady [mailto:charlieb at e-smith.com] wrote: > The same argument would apply to any other machine doing the > routing. That machine cannot control the authorization of > additional connections. Since when can a machine not control whether or not a connection is authorized? > I'm unaware of any extended authorization mechanisms which > are supported by the PPTP protocol. It doesn't need to be PPTP that controls the authentication. The machine that would be controlling the routing would control whether the connection was allowed or not. Jamin W. Collins From JaminC at adapt-tele.com Fri Jun 22 15:11:02 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 15:11:02 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: Please try to trim the whitespace next time. ctooley at amoa.org [mailto:ctooley at amoa.org] wrote: > If I can use more than one connection I can have better > throughput accounting for departments. Are you talking about client side (those connecting) or server side (that being connected to) monitoring? If you are talking about client side, it can still be done, just a matter of where you collect your data. As for the server side, I would have to think about that one for a bit. Jamin W. Collins From len at ghy.com Fri Jun 22 15:28:43 2001 From: len at ghy.com (Leonard L. Goldenstein) Date: Fri, 22 Jun 2001 15:28:43 -0500 Subject: [pptp-server] PPTP masquerade - Possible Solution In-Reply-To: Message-ID: I've encountered the same problem with trying to masq multiple clients to a single vpn server. One solution I found is that if you have the ability to bring up multiple ip's on your vpn server, you can alias the single interface to listen on several ip's. Then your VPN clients connect to vpn-addr1.server.com, vpn-addr2.server.com etc.. Of course this has the major drawback of requiring one ip address per masq'ed client...but it works if you have the ip's to spare. ----------------------------------------------------- Leonard L. Goldenstein Information Services Consultant Geo. H. Young & Co. Ltd. 809 - 167 Lombard Ave. Winnipeg, MB R3B 3H8 Phone: (204) 947-6851 Fax: (204) 947-3306 len at ghy.com http://www.ghy.com > --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Fri Jun 22 15:51:22 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 22 Jun 2001 16:51:22 -0400 (EDT) Subject: [pptp-server] PPTP masquerade && MS non-compliance In-Reply-To: Message-ID: On Fri, 22 Jun 2001, Jamin Collins wrote: > Charlie Brady [mailto:charlieb at e-smith.com] wrote: > > The same argument would apply to any other machine doing the > > routing. That machine cannot control the authorization of > > additional connections. > > Since when can a machine not control whether or not a connection is > authorized? The remote PPTP server does not delegate to some intermediate machine which clients can connect to it through a multiplexed connection. That intermediate machine can indeed control whether or not a connection is authorized, but only by its (the intermediate machine's) policies, not by the policies of the remote PPTP server. > > I'm unaware of any extended authorization mechanisms which > > are supported by the PPTP protocol. > > It doesn't need to be PPTP that controls the authentication. The machine > that would be controlling the routing would control whether the connection > was allowed or not. But the remote PPTP server has not delegated those authentication/authorization functions to the machine controlling the routing. If you have a solution to the problem which does not violate the existing RFC, by all means go ahead and implement it. I don't think it is possible, nor desirable, and I agree with Allan that bending and then changing the rules seems to be a desirable thing to do. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From gustin at echostar.ca Fri Jun 22 15:55:28 2001 From: gustin at echostar.ca (Gustin Johnson) Date: Fri, 22 Jun 2001 13:55:28 -0700 (MST) Subject: [pptp-server] PPTP masquerade && MS non-compliance In-Reply-To: References: Message-ID: <993243328.3b33b0c075e4f@ssl.echostar.ca> Could the accounting not be acomplished by ipchains/iptables on the Masquerading machine? A quick search through linuxdoc.org and google provided many links to explore this possability further. What is the demand for changing the RFC? For the scenario listed a more elegant solution is ipsec, but that has been suggested already. Cheers, __ Gustin ------------------------------------------------- Secure Webmail sent through: ssl.echostar.ca From JaminC at adapt-tele.com Fri Jun 22 16:10:45 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 16:10:45 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: Charlie Brady [mailto:charlieb at e-smith.com] wrote: > If you have a solution to the problem which does not violate > the existing RFC, by all means go ahead and implement it. I > don't think it is possible, nor desirable, and I agree with > Allan that bending and then changing the rules seems to be > a desirable thing to do. I already have implimented solutions like this on numerous occasions. That is why I see no need to "follow Microsoft" by allowing for multiple connections to one server from the same IP. Jamin W. Collins From JaminC at adapt-tele.com Fri Jun 22 16:11:40 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 22 Jun 2001 16:11:40 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: Gustin Johnson [mailto:gustin at echostar.ca] wrote: > Could the accounting not be acomplished by ipchains/iptables on the > Masquerading machine? Yes it could. Jamin W. Collins From ctooley at amoa.org Fri Jun 22 18:43:44 2001 From: ctooley at amoa.org (ctooley at amoa.org) Date: Fri, 22 Jun 2001 18:43:44 -0500 Subject: [pptp-server] PPTP masquerade && MS non-compliance Message-ID: <86256A73.00825971.00@amoa.org> After all this discussion, it appears that there is some interest in the functionality. Would having a configuration option to allow such a thing (if the default was to deny it) break any major function of the software? Chris Tooley PS The whitespace problem is brought on by the mail client which I unfortunately do not have the time nor desire to fix as we are replacing it and fixing it is a huge hassle. Jamin Collins on 06/22/2001 02:11:40 PM To: "'Gustin Johnson'" , Jamin Collins cc: Chris Tooley/AMOA at AMOA, PPTP LIST Subject RE: [pptp-server] PPTP masquerade && MS : non-compliance Gustin Johnson [mailto:gustin at echostar.ca] wrote: > Could the accounting not be acomplished by ipchains/iptables on the > Masquerading machine? Yes it could. Jamin W. Collins _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From child at child.net.au Sat Jun 23 14:15:53 2001 From: child at child.net.au (Child) Date: Sat, 23 Jun 2001 12:15:53 -0700 Subject: [pptp-server] VPN connection dying Message-ID: <5.0.0.25.0.20010623121530.00a079c0@mx.child.net.au> dear all I get a VPN from my win98 box running pptpd under freebsd everything works for for a few minutes then traffic stops what am I doing wrong thanks From GeorgeV at citadelcomputer.com.au Sat Jun 23 03:52:36 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sat, 23 Jun 2001 18:52:36 +1000 Subject: [pptp-server] VPN connection dying Message-ID: <200FAA488DE0D41194F10010B597610D1725B4@JUPITER> 2 things your doing wrong.... 1. Not enough information. 2. Your running windows.... Can you provide more info on what setup your have kernel version of pptpd etc..etc.. As usual we are no mind readers and can't help with a "it doesn't work, what's wrong with my setup" type of question... ;-) -----Original Message----- From: Child [mailto:child at child.net.au] Sent: Sunday, June 24, 2001 5:16 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] VPN connection dying dear all I get a VPN from my win98 box running pptpd under freebsd everything works for for a few minutes then traffic stops what am I doing wrong thanks _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From spinout at yakbox.shacknet.nu Sat Jun 23 15:09:28 2001 From: spinout at yakbox.shacknet.nu (spinout) Date: Sun, 24 Jun 2001 04:09:28 +0800 Subject: [pptp-server] pptp-1.0.2 & win2k server Message-ID: Hi Can anyone advise if pptp-1.0.2 client is compatible with win2k server? I've tested it recently and found it fails to authenticate and exits after LCP times out. I searched the mailing lists and found a message indicating that teastep at evergo.net created a callid.patch but the link is stale. if someone has a copy of the patch please forward it. Thanks in advance. Cheers Craig -- --------------------------------------------------------------------------- Cheers Craig From child at child.net.au Mon Jun 25 08:58:30 2001 From: child at child.net.au (Child) Date: Mon, 25 Jun 2001 06:58:30 -0700 Subject: [pptp-server] Fwd: RE: VPN connection dying Message-ID: <5.0.0.25.0.20010625065815.026c0020@mx.child.net.au> >At 07:47 PM 6/24/01 +1000, you wrote: >OK.. you said NAT's and that could be a bad thing. I need config files and >log errors etc.. > >try these for size: > > >for security reasons I have removed the first 2 IP numbers of all IP's >involved > > >/etc/pptpd.conf (if it exists). > >localip XX.162.195.36 >remoteip XX.162.195.166 >speed 115200 > >/etc/ppp/options (or /etc/ppp/options.pptpxxxx if it exists too) > >debug >name sand >auth >require-chap >proxyarp >mru 796 >mtu 796 > >cat /var/log/messages (if it's the same as linux logs.. but whatever you can >get..) >Jun 24 05:20:20 sand pptpd[12705]: MGR: No free connection slots or IPs - >no more clients can connect! >Jun 24 05:20:21 sand pppd[65535]: pppd 2.3.5 started by child, uid 0 >Jun 24 05:20:21 sand pppd[65535]: Connect: ppp0 <--> /dev/ttyp1 >Jun 24 05:20:22 sand pppd[65535]: CHAP peer authentication succeeded for >child >Jun 24 05:20:24 sand pppd[65535]: local IP address XX.162.195.36 >Jun 24 05:20:24 sand pppd[65535]: remote IP address XX.162.195.166 >Jun 24 05:20:24 sand pppd[65535]: Compression disabled by peer. > > >at this point the VPN stopped getting data was transmitting fine but not >getting any replies >(tcp dump/show) showed me this so I disconnected it > >Jun 24 05:31:22 sand pppd[65535]: Modem hangup, connected for 11 minutes >Jun 24 05:31:22 sand pppd[65535]: Connection terminated, connected for 11 >minutes >Jun 24 05:31:27 sand pptpd[65534]: GRE: read error: Bad file descriptor >Jun 24 05:31:27 sand pptpd[65534]: CTRL: PTY read or GRE write failed >(pty,gre)=(-1,-1) > >BTW compression disabled by peer how can I get compression if at all? I >dont think with win98 I can.,....... > >thanks > >-----Original Message----- >From: Child [mailto:child at child.net.au] >Sent: Sunday, June 24, 2001 4:55 PM >To: George Vieira >Subject: RE: [pptp-server] VPN connection dying > > >At 06:52 PM 6/23/01 +1000, you wrote: > >2 things your doing wrong.... > >1. Not enough information. > >2. Your running windows.... > > >ok heres the down >VPN client win98 >pptpd devel version >pppd 2.3 patch level 5 >kerenl buiid custom based on FREEBSD 4.2RELEASE > >what more infomationn do you need? >I have tried assigning REAL ip's to my VPN end client and a 192.168.XXX >that the vpn servr nat's >both give me the same error > > >Can you provide more info on what setup your have kernel version of pptpd > >etc..etc.. > > > >As usual we are no mind readers and can't help with a "it doesn't work, > >what's wrong with my setup" type of question... ;-) > > > >-----Original Message----- > >From: Child [mailto:child at child.net.au] > >Sent: Sunday, June 24, 2001 5:16 AM > >To: pptp-server at lists.schulte.org > >Subject: [pptp-server] VPN connection dying > > > > > > > > > >dear all > > > >I get a VPN from my win98 box running pptpd under freebsd > > > >everything works for for a few minutes then traffic stops > > > >what am I doing wrong > > > >thanks > > > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >--- To unsubscribe, go to the url just above this line. -- From schuering at inity.de Sun Jun 24 17:46:22 2001 From: schuering at inity.de (Grischa Schuering) Date: Mon, 25 Jun 2001 00:46:22 +0200 Subject: [pptp-server] Connect Win2K Client to Linux 2.4 Netfilter Firewall via PPTP Message-ID: Hi, I configured a debian Linux Firewall using the 2.4.5 Kernel with iptables at my office. Now I would like to connect from the internet with my Win 2K laptop the Windows servers behind the firewall. How can I manage it. I read something about the pptp server on Linux and connect to it with the pptp feature of win2k ?? Does it work this way ? Do I have to install any other software or patch on the linux box? Do you have any sample configs? I would be very glad if someone could givve me a hint .. Thanks, Grischa Schuering From Josh.Howlett at bristol.ac.uk Mon Jun 25 02:45:35 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Mon, 25 Jun 2001 08:45:35 +0100 (BST) Subject: [pptp-server] PPTP masquerade && MS non-compliance In-Reply-To: Message-ID: On Fri, 22 Jun 2001, Jamin Collins wrote: > Charlie Brady [mailto:charlieb at e-smith.com] wrote: > > Perhaps you could explain. Supporting multiple concurrent masqueraded > > connections to the same destination would add value to the > > users. Can it be done? Can it be done reliably? > > First, what are good reasons to have multiple connections to the same > destination? Second, each connection has overhead associated with it, on > both ends. Thus, two client machines routed through a single VPN connection > to a remote network has a better through put to overhead ratio than both > clients making their own connections. As such it is better for the users to > stick with the current capabilities and look into routing these two systems > through a single connection. In my application of PPTP, there is no way of knowing _a priori_ what PPTP server clients will want to start a session with. I also expect to be using dozens (at least) of PPTP servers, with client connecting at any one of dozens of possible locations; consequently, any scheme that relies upon VPN tunnels between masquerading box scales very poorly (I've tried...). > Could multiple connections be done? Certainly (MS has already done exactly > this). Can it be done reliably? I would say yes. But the true question > is: Should we do this? Until this is decided the others are irrelevant. The answer is obvious: if it's useful to people, it should be implemented. I don't believe anything is gained by following a specification to the letter simply for the sake of it. If this can't (or won't) be implemented in poptop, I'll either have to change to MS RAS or (more likely) IPSec. cheers, josh. From stefan_tomanek at web.de Mon Jun 25 06:00:06 2001 From: stefan_tomanek at web.de (Stefan Tomanek) Date: Mon, 25 Jun 2001 13:00:06 +0200 Subject: [pptp-server] Still trouble using mppe-128 Message-ID: <20010625130006.D21115@pico.ruhr.de> I've tracked down my problem to a few lines in the CTCP-dialog: These lines represent the view of the client: rcvd [CCP ConfReq id=0x1 ] The Server tries to use mppe with a parameter of 60 (whatever that means) sent [CCP ConfNak id=0x1 ] The Client refuses and wants mppe 40 [which should be 128bit as i found out] rcvd [CCP ConfRej id=0x1 ] This is being rejected from the server, but why? What does "", "" or "" exactly mean? I looked through the sourcecode, but irrespective of my small knowledge of C I coulnd not find these Number, probably because of their different notation in source (Hex,Oct,Bin?). Please help, I am getting depressive about it :) -- /stefan_tomanek at web.de | ICQ:1177934 | PGP:finger stefan at localhost.ruhr.de / / Spielen unter Linux: http://spiele.freepage.de/linux-zocker/ / / "Wer Header f?lscht oder verf?lschte Header in Umlauf bringt / / wird mit Scorefile nicht unter -500 Punkten bestraft." / From plabonte at atreus-systems.com Mon Jun 25 07:40:21 2001 From: plabonte at atreus-systems.com (Phil Labonte) Date: Mon, 25 Jun 2001 08:40:21 -0400 Subject: [pptp-server] How do I specify the client to use a particular DNS server and al so a DNS suffix? Message-ID: <1B5C7FA9D60DD511ABEF00508BFDEFDC0D7F24@EXCHANGE> Hello all, What config file or how to I get the PPTP server to send out the following information: WINS server DNS server DNS suffix Is there a config file that we can use or edit? I know I can set these on the client directly but I need the server to send out these parameters... Can it be done? I am very green with this so please be kind.... :) Phil From JaminC at adapt-tele.com Mon Jun 25 08:17:05 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Mon, 25 Jun 2001 08:17:05 -0500 Subject: [pptp-server] How do I specify the client to use a particular DNS server and al so a DNS suffix? Message-ID: Phil Labonte [mailto:plabonte at atreus-systems.com] wrote: > What config file or how to I get the PPTP server to send out > the following > information: > > WINS server ms-wins > DNS server ms-dns > DNS suffix netmask > > Is there a config file that we can use or edit? I know I can > set these on the client directly but I need the server to > send out these parameters... > Can it be done? Yep. Personally, as I only use pptp on my machine, I put the configurations in "/etc/ppp/options" so it effects all ppp style connections. However, I believe this can also be put in the pptpd.conf file (I could be wrong on this). Jamin W. Collins From ctooley at amoa.org Mon Jun 25 09:09:44 2001 From: ctooley at amoa.org (ctooley at amoa.org) Date: Mon, 25 Jun 2001 09:09:44 -0500 Subject: [pptp-server] How do I specify the client to use a particular DNS server and al so a DNS suffix? Message-ID: <86256A76.004DCC34.00@amoa.org> Or it can be specified in a device specific options file (ie. options.pptd or options.stty0 etc) so that one version of ppp can control multiple types of traffic. I have one machine that accepts dialins and is also a pptp server. Global options go in "options", PPTP options go in options.pptp and dialin options go in options.stty0. Chris Tooley Jamin Collins on 06/25/2001 08:17:05 AM To: "'Phil Labonte'" , "'pptp-server at lists.schulte.org'" cc: (bcc: Chris Tooley/AMOA) Subject RE: [pptp-server] How do I specify the client : to use a particular DNS server and al so a DNS suffix? Phil Labonte [mailto:plabonte at atreus-systems.com] wrote: > What config file or how to I get the PPTP server to send out > the following > information: > > WINS server ms-wins > DNS server ms-dns > DNS suffix netmask > > Is there a config file that we can use or edit? I know I can > set these on the client directly but I need the server to > send out these parameters... > Can it be done? Yep. Personally, as I only use pptp on my machine, I put the configurations in "/etc/ppp/options" so it effects all ppp style connections. However, I believe this can also be put in the pptpd.conf file (I could be wrong on this). Jamin W. Collins _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From plabonte at atreus-systems.com Mon Jun 25 09:07:42 2001 From: plabonte at atreus-systems.com (Phil Labonte) Date: Mon, 25 Jun 2001 10:07:42 -0400 Subject: [pptp-server] How do I specify the client to use a particular DNS server and al so a DNS suffix? Message-ID: <1B5C7FA9D60DD511ABEF00508BFDEFDC0D7F28@EXCHANGE> Dumb question but where can I get more information on what the options are for the pptp.conf and options? Phil -----Original Message----- From: Jamin Collins [mailto:JaminC at adapt-tele.com] Sent: June 25, 2001 9:17 AM To: 'Phil Labonte'; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] How do I specify the client to use a particular DNS server and al so a DNS suffix? Phil Labonte [mailto:plabonte at atreus-systems.com] wrote: > What config file or how to I get the PPTP server to send out > the following > information: > > WINS server ms-wins > DNS server ms-dns > DNS suffix netmask > > Is there a config file that we can use or edit? I know I can > set these on the client directly but I need the server to > send out these parameters... > Can it be done? Yep. Personally, as I only use pptp on my machine, I put the configurations in "/etc/ppp/options" so it effects all ppp style connections. However, I believe this can also be put in the pptpd.conf file (I could be wrong on this). Jamin W. Collins _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Mon Jun 25 09:48:30 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 25 Jun 2001 10:48:30 -0400 (EDT) Subject: [pptp-server] How do I specify the client to use a particular DNS server and al so a DNS suffix? In-Reply-To: <1B5C7FA9D60DD511ABEF00508BFDEFDC0D7F28@EXCHANGE> Message-ID: On Mon, 25 Jun 2001, Phil Labonte wrote: > Dumb question but where can I get more information on what the options are > for the pptp.conf and options? In the documentation distributed with the pptpd code. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From schuering at inity.de Mon Jun 25 09:44:45 2001 From: schuering at inity.de (Grischa Schuering) Date: Mon, 25 Jun 2001 16:44:45 +0200 Subject: [pptp-server] Connect Win2K Client to Linux 2.4 Netfilter Firewall via PPTP Message-ID: Hi, I configured a debian Linux Firewall using the 2.4.5 Kernel with iptables at my office. Now I would like to connect from the internet with my Win 2K laptop the Windows servers behind the firewall. How can I manage it. I read something about the pptp server on Linux and connect to it with the pptp feature of win2k ?? Does it work this way ? Do I have to install any other software or patch on the linux box? Do you have any sample configs? I would be very glad if someone could givve me a hint .. Thanks, Grischa Schuering From DLech at csicorp-us.com Mon Jun 25 10:30:16 2001 From: DLech at csicorp-us.com (Lech, Dan) Date: Mon, 25 Jun 2001 11:30:16 -0400 Subject: [pptp-server] Making this thing useful Message-ID: <08E29497F5FFD311B9450050041E02BA099E5F@iserver07.csicorp-us.com> Alright, I am running RedHat 7.1 and PoPToP v1.0.1 I have one NIC installed with a real world IP and another installed on our private network. I followed all the instructions and I can get my win98 machine to authenticate on the VPN, but I can't do anything with it. I can ping the internal nic on the PoPToP server but I can't make a connection to any of the machines on the network. I know I am missing some fundamental concept but I can't figure out what. Also, this machine is not used for anything else (i.e. proxy, firewall, etc) Below are my config files: # pptpd.conf speed 115200 localip 192.168.1.12 remoteip 192.168.2.234-238,192.168.2.245 # options debug name vpnsrv01 auth require-chap proxyarp Any advice would be helpfull, Dan From berzerke at swbell.net Mon Jun 25 14:43:57 2001 From: berzerke at swbell.net (robert) Date: Mon, 25 Jun 2001 14:43:57 -0500 Subject: [pptp-server] Making this thing useful In-Reply-To: <08E29497F5FFD311B9450050041E02BA099E5F@iserver07.csicorp-us.com> References: <08E29497F5FFD311B9450050041E02BA099E5F@iserver07.csicorp-us.com> Message-ID: <01062514435701.25363@linux> See the howto at http://home.swbell.net/berzerke . Your options file looks like its missing quite a few options, and you didn't even talk about what firewall rules, if any, could be getting in the way. On Monday 25 June 2001 10:30, Lech, Dan wrote: > Alright, > I am running RedHat 7.1 and PoPToP v1.0.1 I have one NIC installed with a > real world IP and another installed on our private network. I followed all > the instructions and I can get my win98 machine to authenticate on the VPN, > but I can't do anything with it. I can ping the internal nic on the PoPToP > server but I can't make a connection to any of the machines on the network. > I know I am missing some fundamental concept but I can't figure out what. > Also, this machine is not used for anything else (i.e. proxy, firewall, > etc) > > Below are my config files: > > # pptpd.conf > speed 115200 > localip 192.168.1.12 > remoteip 192.168.2.234-238,192.168.2.245 > > # options > debug > name vpnsrv01 > auth > require-chap > proxyarp > > Any advice would be helpfull, > Dan From ctooley at amoa.org Mon Jun 25 15:06:12 2001 From: ctooley at amoa.org (ctooley at amoa.org) Date: Mon, 25 Jun 2001 15:06:12 -0500 Subject: [pptp-server] Making this thing useful Message-ID: <86256A76.006E6EB8.00@amoa.org> robert on 06/25/2001 02:43:57 PM To: "Lech, Dan" , "'pptp-server at lists.schulte.org'" cc: (bcc: Chris Tooley/AMOA) Subject Re: [pptp-server] Making this thing useful : See the howto at http://home.swbell.net/berzerke . Your options file looks like its missing quite a few options, and you didn't even talk about what firewall rules, if any, could be getting in the way. On Monday 25 June 2001 10:30, Lech, Dan wrote: > Alright, > I am running RedHat 7.1 and PoPToP v1.0.1 I have one NIC installed with a > real world IP and another installed on our private network. I followed all > the instructions and I can get my win98 machine to authenticate on the VPN, > but I can't do anything with it. I can ping the internal nic on the PoPToP > server but I can't make a connection to any of the machines on the network. > I know I am missing some fundamental concept but I can't figure out what. > Also, this machine is not used for anything else (i.e. proxy, firewall, > etc) > > Below are my config files: > > # pptpd.conf > speed 115200 > localip 192.168.1.12 > remoteip 192.168.2.234-238,192.168.2.245 > > # options > debug > name vpnsrv01 > auth > require-chap > proxyarp > > Any advice would be helpfull, > Dan _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- You may also need to echo "1" to /proc/sys/net/ipv4/ip_forward to get ip forwarding to work. Chris Tooley From gustin at echostar.ca Tue Jun 26 01:47:51 2001 From: gustin at echostar.ca (Gustin @ Echostar) Date: Tue, 26 Jun 2001 00:47:51 -0600 (MDT) Subject: [pptp-server] Making this thing useful In-Reply-To: <86256A76.006E6EB8.00@amoa.org> Message-ID: I had the same problem. For us the problem probably was the firewall rules. The VPN bridging rules for ipchains *must* be before the ipmasq rule. I assume that you are running a 2.2.x kernel and are thus also using ipchains. This also presumes that the VPN box is also doing ipmasq for the internal lan. I found the solution in a search of google. Also info from the logs is very handy. For instance on another machine on your lan, do you see connection attempts or nothing at all? One symptom of the problem I described earlier is that connection attempts were made but there was no route back to the tunneled machine, connections thus failing. So if the solution suggested does not help you, far more information is needed so that we may be able to assist. Cheers, __ Gustin On Mon, 25 Jun 2001 ctooley at amoa.org wrote: > Date: Mon, 25 Jun 2001 15:06:12 -0500 > From: ctooley at amoa.org > To: "Lech, Dan" > Cc: "'pptp-server at lists.schulte.org'" > Subject: Re: [pptp-server] Making this thing useful > > > > > > > > > > robert on 06/25/2001 02:43:57 PM > > > > To: "Lech, Dan" , > "'pptp-server at lists.schulte.org'" > > > cc: (bcc: Chris Tooley/AMOA) > > > > Subject Re: [pptp-server] Making this thing useful > : > > > > > > > > > > See the howto at http://home.swbell.net/berzerke . Your options file looks > like its missing quite a few options, and you didn't even talk about what > firewall rules, if any, could be getting in the way. > > On Monday 25 June 2001 10:30, Lech, Dan wrote: > > Alright, > > I am running RedHat 7.1 and PoPToP v1.0.1 I have one NIC installed with a > > real world IP and another installed on our private network. I followed all > > the instructions and I can get my win98 machine to authenticate on the VPN, > > but I can't do anything with it. I can ping the internal nic on the PoPToP > > server but I can't make a connection to any of the machines on the network. > > I know I am missing some fundamental concept but I can't figure out what. > > Also, this machine is not used for anything else (i.e. proxy, firewall, > > etc) > > > > Below are my config files: > > > > # pptpd.conf > > speed 115200 > > localip 192.168.1.12 > > remoteip 192.168.2.234-238,192.168.2.245 > > > > # options > > debug > > name vpnsrv01 > > auth > > require-chap > > proxyarp > > > > Any advice would be helpfull, > > Dan > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > > You may also need to echo "1" to /proc/sys/net/ipv4/ip_forward to get ip > forwarding to work. > > Chris Tooley > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > -- <*==================-< gustin at echostar.ca >-==================*> From lists at earthling.2y.net Tue Jun 26 16:18:44 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 26 Jun 2001 17:18:44 -0400 (EDT) Subject: [pptp-server] Connect Win2K Client to Linux 2.4 Netfilter Firewall via PPTP In-Reply-To: Message-ID: Just allow it to pass GRE and port 1723 Example of my setup with one of my NT servers /sbin/iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -p all -j DNAT --to-destination 192.168.254.8 /sbin/iptables -t nat -A POSTROUTING -o eth1 -s 192.168.254.8 -j SNAT --to-source xxx.xxx.xxx.xxx #Simple Protections for Aristotle #It is, To drop everything, and permit only mail stuff for the time being. /sbin/iptables -X aristotle /sbin/iptables -N aristotle /sbin/iptables -A aristotle -p TCP -d 192.168.254.8 --dport 110 -j ACCEPT /sbin/iptables -A aristotle -p TCP -d 192.168.254.8 --dport 25 -j ACCEPT /sbin/iptables -A aristotle -p TCP -d 192.168.254.8 --dport 1723 -j ACCEPT /sbin/iptables -A aristotle -p 47 -d 192.168.254.8 -j ACCEPT /sbin/iptables -A aristotle -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A aristotle -j DROP /sbin/iptables -A FORWARD -d 192.168.254.8 -j aristotle Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Mon, 25 Jun 2001, Grischa Schuering wrote: > > > Hi, > > I configured a debian Linux Firewall using the 2.4.5 Kernel with > iptables at my office. > Now I would like to connect from the internet with my Win 2K laptop the > Windows servers behind the firewall. How can I manage it. > I read something about the pptp server on Linux and connect to it with > the pptp feature of win2k ?? > Does it work this way ? > Do I have to install any other software or patch on the linux box? > Do you have any sample configs? > > I would be very glad if someone could givve me a hint .. > Thanks, > > Grischa Schuering > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From linux at inside-gmbh.com Wed Jun 27 04:22:32 2001 From: linux at inside-gmbh.com (Martin Tettke) Date: Wed, 27 Jun 2001 11:22:32 +0200 Subject: [pptp-server] RADIUS authentication ? Message-ID: <200106271122320016.97773A7F@mail.inside-gmbh.com> Hi ! We've got a PoPToP VPN-Server up and running so far, with many supplied patches (MSCHAP, require-chap, strip-domain, ...) It's working fine ;) (inspite of microsoft browsing stuff, but have not spend much time on it yet) Now we would like to try to do the authentication not out of a textfile but against a radius- or AAA-server. Has anyone ever tried this, is this possible with pptpd ? Can anyone help me ? Thanx, marte From Josh.Howlett at bristol.ac.uk Wed Jun 27 05:00:57 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Wed, 27 Jun 2001 11:00:57 +0100 (BST) Subject: [pptp-server] RADIUS authentication ? In-Reply-To: <200106271122320016.97773A7F@mail.inside-gmbh.com> Message-ID: You could use PAP authentication and the radius PAM module. josh. On Wed, 27 Jun 2001, Martin Tettke wrote: > > > Hi ! > > We've got a PoPToP VPN-Server up and running so far, with > many supplied patches (MSCHAP, require-chap, strip-domain, ...) > It's working fine ;) (inspite of microsoft browsing stuff, but have not > spend much time on it yet) > > Now we would like to try to do the authentication not out of a textfile > but against a radius- or AAA-server. > Has anyone ever tried this, is this possible with pptpd ? > > Can anyone help me ? > > Thanx, > > marte > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From linux at inside-gmbh.com Wed Jun 27 05:14:23 2001 From: linux at inside-gmbh.com (Martin Tettke) Date: Wed, 27 Jun 2001 12:14:23 +0200 Subject: [pptp-server] RADIUS authentication ? In-Reply-To: References: Message-ID: <200106271214230844.97A6B614@mail.inside-gmbh.com> On 27.06.01 at 11:00 Josh Howlett wrote: >You could use PAP authentication and the radius PAM module. > afaik PAP does not work with MPPE - and PAP sends passwords not encrypted through the net. Is this correct ? If so, and only CHAP works with MPPE, we need CHAP... Any suggestions ? marte From Josh.Howlett at bristol.ac.uk Wed Jun 27 05:19:27 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Wed, 27 Jun 2001 11:19:27 +0100 (BST) Subject: [pptp-server] RADIUS authentication ? In-Reply-To: <200106271214230844.97A6B614@mail.inside-gmbh.com> Message-ID: On Wed, 27 Jun 2001, Martin Tettke wrote: > On 27.06.01 at 11:00 Josh Howlett wrote: > > >You could use PAP authentication and the radius PAM module. > > > afaik PAP does not work with MPPE - and PAP sends passwords > not encrypted through the net. Is this correct ? Yes. > If so, and only CHAP works with MPPE, we need CHAP... > > Any suggestions ? We had the same problem; as far as i kwow, if you want RADIUS you need to use PAP. josh. From GeorgeV at citadelcomputer.com.au Wed Jun 27 17:56:17 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 28 Jun 2001 08:56:17 +1000 Subject: [pptp-server] MPPE died Message-ID: <200FAA488DE0D41194F10010B597610D172606@JUPITER> Hey y'all, Anybody having troubles where MPPE is registered in "lsmod" but not firing up anymore when connections come in? It was working until last night and it seems to keep dying? Kernel 2.4.5, pppd 2.4.1 thanks, George Vieira Network Engineer Citadel Computer Systems P/L From david_luyer at pacific.net.au Wed Jun 27 20:58:40 2001 From: david_luyer at pacific.net.au (David Luyer) Date: Thu, 28 Jun 2001 11:58:40 +1000 Subject: [pptp-server] RADIUS authentication ? In-Reply-To: Message from Josh Howlett of "Wed, 27 Jun 2001 11:00:57 +0100." References: Message-ID: <200106280158.f5S1weYO031417@typhaon.pacific.net.au> > You could use PAP authentication and the radius PAM module. If you want accounting and IP allocation to be done by RADIUS that won't help; do a web search for 'portslave' instead. If you do some work with the patches to pppd in it, then you can get a pppd that does PAP and CHAP authentication via RADIUS as well as accounting (start and stop records). David. > josh. > > On Wed, 27 Jun 2001, Martin Tettke wrote: > > > > We've got a PoPToP VPN-Server up and running so far, with > > many supplied patches (MSCHAP, require-chap, strip-domain, ...) > > It's working fine ;) (inspite of microsoft browsing stuff, but have not > > spend much time on it yet) > > > > Now we would like to try to do the authentication not out of a textfile > > but against a radius- or AAA-server. > > Has anyone ever tried this, is this possible with pptpd ? -- David Luyer Phone: +61 3 9674 7525 Engineering Projects Manager P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 2983 http://www.pacific.net.au/ NASDAQ: PCNTF From terry at strictlybusinesssystems.net Thu Jun 28 16:23:28 2001 From: terry at strictlybusinesssystems.net (Terry Orgill) Date: Thu, 28 Jun 2001 14:23:28 -0700 Subject: [pptp-server] basic vpn Message-ID: <002801c10018$9a21b540$2101a8c0@strictlybusinesssystems.net> I am trying to set up a little basic wan stuff that should be a snap, it just doesn't work. What I want my customers to be able to do, is connect to the home office through their ISP, and print from the linux server to their remote pc. They can already set up a text session this way using ssh, but what about printing? I have PoPToP running on the linux machine, and have configured a dialup session using the win98 vpn adapter. The win98 machine successfully connects and logs in to pptpd, but I cannot use smbclient or nmblookup to see the pc, so I don't know how I would be able to set up printing. I am not concerned about encryption right now, I just want to be able to use samba to print from a linux server to a remote pc connected through an ISP. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at earthling.2y.net Thu Jun 28 18:00:47 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 28 Jun 2001 19:00:47 -0400 (EDT) Subject: [pptp-server] RADIUS authentication ? In-Reply-To: <200106280158.f5S1weYO031417@typhaon.pacific.net.au> Message-ID: There is a MPPE/MSCHAPv2 extention to the radius spec, but as far as I can tell, It's not implmented. Microsoft's Internet Authentication Service (a radius server), wont play chap with cisco routers. *shrug* Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Thu, 28 Jun 2001, David Luyer wrote: > > > > > You could use PAP authentication and the radius PAM module. > > If you want accounting and IP allocation to be done by RADIUS that won't help; > do a web search for 'portslave' instead. If you do some work with the patches > to pppd in it, then you can get a pppd that does PAP and CHAP authentication > via RADIUS as well as accounting (start and stop records). > > David. > > > josh. > > > > On Wed, 27 Jun 2001, Martin Tettke wrote: > > > > > > We've got a PoPToP VPN-Server up and running so far, with > > > many supplied patches (MSCHAP, require-chap, strip-domain, ...) > > > It's working fine ;) (inspite of microsoft browsing stuff, but have not > > > spend much time on it yet) > > > > > > Now we would like to try to do the authentication not out of a textfile > > > but against a radius- or AAA-server. > > > Has anyone ever tried this, is this possible with pptpd ? > -- > David Luyer Phone: +61 3 9674 7525 > Engineering Projects Manager P A C I F I C Fax: +61 3 9699 8693 > Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 2983 > http://www.pacific.net.au/ NASDAQ: PCNTF > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From lists at earthling.2y.net Thu Jun 28 18:19:16 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 28 Jun 2001 19:19:16 -0400 (EDT) Subject: [pptp-server] MPPE died In-Reply-To: <200FAA488DE0D41194F10010B597610D172606@JUPITER> Message-ID: Could be something in the module api that has changed between kernel revisions..... It would have been nice if MPPE was in the kernel tree so it was ported. Only thing I can recommend is somebody rip open the ppp_mppe.c and add LOTS of debugging in... try and figure out what it's doing when dying. Best bets, mppe_initialize_key or mppe_comp_init has a problem... I would start there. BTW, It's showing up as a module for you? I upgraded a 2.2 to 2.4 box, and it was compiled in...... This box that I have to go test 2.4 on it, will be running 2.4.5 and pppd 2.4.1, I will let you know how it goes tommarrow afternoon. ( I did cat the system map, and it is compiled in from what I can tell). Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Thu, 28 Jun 2001, George Vieira wrote: > > > Hey y'all, > > Anybody having troubles where MPPE is registered in "lsmod" but not firing > up anymore when connections come in? It was working until last night and it > seems to keep dying? > > Kernel 2.4.5, pppd 2.4.1 > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From GeorgeV at citadelcomputer.com.au Thu Jun 28 19:24:59 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 29 Jun 2001 10:24:59 +1000 Subject: [pptp-server] MPPE died Message-ID: <200FAA488DE0D41194F10010B597610D172628@JUPITER> [root at firewall /boot]# cat System.map |grep mppe c01a2210 t mppe_synchronize_key c01a2260 t mppe_initialize_key c01a22e0 t mppe_change_key c01a2410 t mppe_comp_free c01a2420 t mppe_comp_alloc c01a2500 t mppe_comp_init c01a25d0 t mppe_decomp_init c01a26b0 t mppe_comp_reset c01a2700 t mppe_update_count c01a2770 t mppe_compress c01a2850 t mppe_comp_stats c01a28a0 t mppe_decompress c01a2a10 t mppe_incomp c02da900 D ppp_mppe I guess it is.. Maybe it was just a glitch (every Network Admins hopes). Well, the patching and stuff is killing me. PPPD should now have implemented the domain strip and mppe and all that... someone's gotta get it done to make it easier for n00bs (newbies). thanks, George Vieira Network Engineer Citadel Computer Systems P/L -----Original Message----- From: Justin Kreger [mailto:lists at earthling.2y.net] Sent: Friday, June 29, 2001 9:30 AM To: George Vieira Cc: PPTP List (E-mail) Subject: RE: [pptp-server] MPPE died Weird...... go into /boot cat System.map-2.4.5|grep mppe and see if it is compiled in. pptpd isent even in the kernel, but I bet we could try submitting ppp_mppe to linus...... Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Fri, 29 Jun 2001, George Vieira wrote: > Great thanks for that. Not restarting anything or rebooting as such but the > thing has started to work now??? Real weird. > > I tried all sorts to get encryption to work and it wouldn't do it.. even > using linux as a pptp client wouldn't register the MPPE at connection. > After that day I happen to connect and it started!!! ARGH!.. damn it.. > > 1 thing I noticed that I "rmmod ppp_mppe" and it pops back in within seconds > and yet reconnecting didn't work... later that day it starts to work > again... hmm...?? > > > Hopefully one day pptpd will be shipped on these newer kernels.. yeah yeah > hint hint.. > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > > > -----Original Message----- > From: Justin Kreger [mailto:lists at earthling.2y.net] > Sent: Friday, June 29, 2001 9:19 AM > To: George Vieira > Cc: PPTP List (E-mail) > Subject: Re: [pptp-server] MPPE died > > > Could be something in the module api that has changed between kernel > revisions..... It would have been nice if MPPE was in the kernel tree so > it was ported. Only thing I can recommend is somebody rip open the > ppp_mppe.c and add LOTS of debugging in... try and figure out what it's > doing when dying. > > > Best bets, mppe_initialize_key or mppe_comp_init has a problem... I would > start there. > > BTW, It's showing up as a module for you? I upgraded a 2.2 to 2.4 box, > and it was compiled in...... This box that I have to go test 2.4 on it, > will be running 2.4.5 and pppd 2.4.1, I will let you know how it goes > tommarrow afternoon. ( I did cat the system map, and it is compiled in > from what I can tell). > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net > > > On Thu, 28 Jun 2001, George Vieira wrote: > > > > > > > Hey y'all, > > > > Anybody having troubles where MPPE is registered in "lsmod" but not firing > > up anymore when connections come in? It was working until last night and > it > > seems to keep dying? > > > > Kernel 2.4.5, pppd 2.4.1 > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > From GeorgeV at citadelcomputer.com.au Thu Jun 28 19:14:36 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 29 Jun 2001 10:14:36 +1000 Subject: [pptp-server] MPPE died Message-ID: <200FAA488DE0D41194F10010B597610D172626@JUPITER> Great thanks for that. Not restarting anything or rebooting as such but the thing has started to work now??? Real weird. I tried all sorts to get encryption to work and it wouldn't do it.. even using linux as a pptp client wouldn't register the MPPE at connection. After that day I happen to connect and it started!!! ARGH!.. damn it.. 1 thing I noticed that I "rmmod ppp_mppe" and it pops back in within seconds and yet reconnecting didn't work... later that day it starts to work again... hmm...?? Hopefully one day pptpd will be shipped on these newer kernels.. yeah yeah hint hint.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L -----Original Message----- From: Justin Kreger [mailto:lists at earthling.2y.net] Sent: Friday, June 29, 2001 9:19 AM To: George Vieira Cc: PPTP List (E-mail) Subject: Re: [pptp-server] MPPE died Could be something in the module api that has changed between kernel revisions..... It would have been nice if MPPE was in the kernel tree so it was ported. Only thing I can recommend is somebody rip open the ppp_mppe.c and add LOTS of debugging in... try and figure out what it's doing when dying. Best bets, mppe_initialize_key or mppe_comp_init has a problem... I would start there. BTW, It's showing up as a module for you? I upgraded a 2.2 to 2.4 box, and it was compiled in...... This box that I have to go test 2.4 on it, will be running 2.4.5 and pppd 2.4.1, I will let you know how it goes tommarrow afternoon. ( I did cat the system map, and it is compiled in from what I can tell). Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Thu, 28 Jun 2001, George Vieira wrote: > > > Hey y'all, > > Anybody having troubles where MPPE is registered in "lsmod" but not firing > up anymore when connections come in? It was working until last night and it > seems to keep dying? > > Kernel 2.4.5, pppd 2.4.1 > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From lists at earthling.2y.net Thu Jun 28 18:30:03 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 28 Jun 2001 19:30:03 -0400 (EDT) Subject: [pptp-server] MPPE died In-Reply-To: <200FAA488DE0D41194F10010B597610D172626@JUPITER> Message-ID: Weird...... go into /boot cat System.map-2.4.5|grep mppe and see if it is compiled in. pptpd isent even in the kernel, but I bet we could try submitting ppp_mppe to linus...... Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Fri, 29 Jun 2001, George Vieira wrote: > Great thanks for that. Not restarting anything or rebooting as such but the > thing has started to work now??? Real weird. > > I tried all sorts to get encryption to work and it wouldn't do it.. even > using linux as a pptp client wouldn't register the MPPE at connection. > After that day I happen to connect and it started!!! ARGH!.. damn it.. > > 1 thing I noticed that I "rmmod ppp_mppe" and it pops back in within seconds > and yet reconnecting didn't work... later that day it starts to work > again... hmm...?? > > > Hopefully one day pptpd will be shipped on these newer kernels.. yeah yeah > hint hint.. > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > > > -----Original Message----- > From: Justin Kreger [mailto:lists at earthling.2y.net] > Sent: Friday, June 29, 2001 9:19 AM > To: George Vieira > Cc: PPTP List (E-mail) > Subject: Re: [pptp-server] MPPE died > > > Could be something in the module api that has changed between kernel > revisions..... It would have been nice if MPPE was in the kernel tree so > it was ported. Only thing I can recommend is somebody rip open the > ppp_mppe.c and add LOTS of debugging in... try and figure out what it's > doing when dying. > > > Best bets, mppe_initialize_key or mppe_comp_init has a problem... I would > start there. > > BTW, It's showing up as a module for you? I upgraded a 2.2 to 2.4 box, > and it was compiled in...... This box that I have to go test 2.4 on it, > will be running 2.4.5 and pppd 2.4.1, I will let you know how it goes > tommarrow afternoon. ( I did cat the system map, and it is compiled in > from what I can tell). > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net > > > On Thu, 28 Jun 2001, George Vieira wrote: > > > > > > > Hey y'all, > > > > Anybody having troubles where MPPE is registered in "lsmod" but not firing > > up anymore when connections come in? It was working until last night and > it > > seems to keep dying? > > > > Kernel 2.4.5, pppd 2.4.1 > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > From mickh at kincrome.com.au Fri Jun 29 02:12:29 2001 From: mickh at kincrome.com.au (Michael Hayes) Date: Fri, 29 Jun 2001 17:12:29 +1000 Subject: [pptp-server] Poptop Help Message-ID: Hi, I am having a slight problem with poptop, I have it setup, I can connect fine and ping the ppp interface. My problems start when I can't ping anything else on the network. My setup is poptop 1.1.2 with kernel 2.4.5 all mppe and ppp patches installed, win2k client reports connection at 128bit. It seems to allocate an ip for both client and server according to win2k but no pings work. I'm not sure if my iptables script if blocking something ? Does anyone have an example of what ports / protocols I have to allow for poptop. Thanks in advance. Mick From Josh.Howlett at bristol.ac.uk Fri Jun 29 02:31:58 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Fri, 29 Jun 2001 08:31:58 +0100 (BST) Subject: [pptp-server] Poptop Help In-Reply-To: Message-ID: Have you added "proxyarp" into your options? josh. --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- On Fri, 29 Jun 2001, Michael Hayes wrote: > > > Hi, > > I am having a slight problem with poptop, I have it setup, I can > connect fine and ping the ppp interface. My problems start when I > can't ping anything else on the network. My setup is poptop 1.1.2 > with kernel 2.4.5 all mppe and ppp patches installed, win2k client > reports connection at 128bit. It seems to allocate an ip for both > client and server according to win2k but no pings work. I'm not sure > if my iptables script if blocking something ? Does anyone have an > example of what ports / protocols I have to allow for poptop. > > Thanks in advance. > > Mick > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From lists at earthling.2y.net Fri Jun 29 13:05:13 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 29 Jun 2001 14:05:13 -0400 (EDT) Subject: [pptp-server] MPPE died In-Reply-To: <200FAA488DE0D41194F10010B597610D172626@JUPITER> Message-ID: mppe compiled in, but is nowhere in sight when running. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Fri, 29 Jun 2001, George Vieira wrote: > > > Great thanks for that. Not restarting anything or rebooting as such but the > thing has started to work now??? Real weird. > > I tried all sorts to get encryption to work and it wouldn't do it.. even > using linux as a pptp client wouldn't register the MPPE at connection. > After that day I happen to connect and it started!!! ARGH!.. damn it.. > > 1 thing I noticed that I "rmmod ppp_mppe" and it pops back in within seconds > and yet reconnecting didn't work... later that day it starts to work > again... hmm...?? > > > Hopefully one day pptpd will be shipped on these newer kernels.. yeah yeah > hint hint.. > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > > > -----Original Message----- > From: Justin Kreger [mailto:lists at earthling.2y.net] > Sent: Friday, June 29, 2001 9:19 AM > To: George Vieira > Cc: PPTP List (E-mail) > Subject: Re: [pptp-server] MPPE died > > > Could be something in the module api that has changed between kernel > revisions..... It would have been nice if MPPE was in the kernel tree so > it was ported. Only thing I can recommend is somebody rip open the > ppp_mppe.c and add LOTS of debugging in... try and figure out what it's > doing when dying. > > > Best bets, mppe_initialize_key or mppe_comp_init has a problem... I would > start there. > > BTW, It's showing up as a module for you? I upgraded a 2.2 to 2.4 box, > and it was compiled in...... This box that I have to go test 2.4 on it, > will be running 2.4.5 and pppd 2.4.1, I will let you know how it goes > tommarrow afternoon. ( I did cat the system map, and it is compiled in > from what I can tell). > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net > > > On Thu, 28 Jun 2001, George Vieira wrote: > > > > > > > Hey y'all, > > > > Anybody having troubles where MPPE is registered in "lsmod" but not firing > > up anymore when connections come in? It was working until last night and > it > > seems to keep dying? > > > > Kernel 2.4.5, pppd 2.4.1 > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From lists at earthling.2y.net Fri Jun 29 14:02:30 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 29 Jun 2001 15:02:30 -0400 (EDT) Subject: [pptp-server] MPPE died In-Reply-To: <200FAA488DE0D41194F10010B597610D172626@JUPITER> Message-ID: Ok, I'M VERY MAD! [root at secure net]# depmod -e ppp_mppe_mod.o depmod: *** Unresolved symbols in ppp_mppe_mod.o depmod: kmalloc depmod: ppp_register_compressor depmod: kfree depmod: ppp_unregister_compressor depmod: printk I had to manually build the module on the box, it was going into the kernel, but not working, so I got the module built, and it seems to work, but who did the porting to 2.4?!?!?! Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net From lists at earthling.2y.net Fri Jun 29 14:17:00 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 29 Jun 2001 15:17:00 -0400 (EDT) Subject: [pptp-server] MPPE died In-Reply-To: Message-ID: My module wont even work... whats going on.... Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Fri, 29 Jun 2001, Justin Kreger wrote: > > > Ok, I'M VERY MAD! > > [root at secure net]# depmod -e ppp_mppe_mod.o > depmod: *** Unresolved symbols in ppp_mppe_mod.o > depmod: kmalloc > depmod: ppp_register_compressor > depmod: kfree > depmod: ppp_unregister_compressor > depmod: printk > > > > I had to manually build the module on the box, it was going into the > kernel, but not working, so I got the module built, and it seems to work, > but who did the porting to 2.4?!?!?! > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From JaminC at adapt-tele.com Fri Jun 29 15:19:42 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 29 Jun 2001 15:19:42 -0500 Subject: [pptp-server] MPPE died Message-ID: I've got it working under 2.4 just fine. Jamin W. Collins > -----Original Message----- > From: Justin Kreger [mailto:lists at earthling.2y.net] > Sent: Friday, June 29, 2001 2:03 PM > To: George Vieira > Cc: PPTP List (E-mail) > Subject: RE: [pptp-server] MPPE died > > > > > Ok, I'M VERY MAD! > > [root at secure net]# depmod -e ppp_mppe_mod.o > depmod: *** Unresolved symbols in ppp_mppe_mod.o > depmod: kmalloc > depmod: ppp_register_compressor > depmod: kfree > depmod: ppp_unregister_compressor > depmod: printk > > > > I had to manually build the module on the box, it was going into the > kernel, but not working, so I got the module built, and it > seems to work, > but who did the porting to 2.4?!?!?! > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From ctooley at amoa.org Fri Jun 29 16:19:02 2001 From: ctooley at amoa.org (Chris Tooley) Date: 29 Jun 2001 16:19:02 -0500 Subject: [pptp-server] Re: ppp with ms-chap patches under kernel 2.2.19 In-Reply-To: <48B16EE1E2838A0986256A7A006D068A.006D070486256A7A@amoa.org> References: <48B16EE1E2838A0986256A7A006D068A.006D070486256A7A@amoa.org> Message-ID: <993849542.9109.0.camel@itspec.amoa.org> Yes, unfortunately there are some manual patches that have to be applied to the source files before it will compile correctly. The mailing archves mention these. Please post the list as it helps to mention these occasionally to get them know to new people. Chris Tooley On 29 Jun 2001 14:50:52 -0500, Nelson Vieira wrote: > > > Hi there, I noticed you posted a message to the pptp-server mailing list > regarding a problem you were having compiling ppp-2.3.11 with the MS-CHAP > patches under kernel 2.2.19. Have you been successful? I am having the same > problems. > > Thanks! > > From teastep at seattlefirewall.dyndns.org Fri Jun 29 16:52:56 2001 From: teastep at seattlefirewall.dyndns.org (Tom Eastep) Date: Fri, 29 Jun 2001 14:52:56 -0700 Subject: [pptp-server] MPPE died In-Reply-To: References: Message-ID: <01062914525602.01051@ursa.seattlefirewall.dyndns.org> On Friday 29 June 2001 01:19 pm, Jamin Collins wrote: > I've got it working under 2.4 just fine. > Nod -- has worked fine here too for several months. Although, there was a kernel ppp problem that was causing outbound traffic to be send en clair even when mppe 128 had been negotiated; that seems to be corrected in current 2.4 kernels.. -Tom -- Tom Eastep \ tom at seattlefirewall.dyndns.org ICQ #60745924 \ http://seattlefirewall.dyndns.org Shoreline, Washington \__________________________________________ From lists at earthling.2y.net Fri Jun 29 17:17:08 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 29 Jun 2001 18:17:08 -0400 (EDT) Subject: [pptp-server] MPPE died In-Reply-To: <01062914525602.01051@ursa.seattlefirewall.dyndns.org> Message-ID: The customer's box is in 2.2.17 right now, but it's not working in 2.4.5 with the patches from mirrors.binarix.com/ppp-mppe It's compiled in, but the driver just dosen't initlize, its in the System.map, but if I cat /proc/ksyms|grep mppe, it isen't there. It's like there are two personalities to the kernel. Plus, I logged into another customer's box, erased /usr/src/linux/drivers/net/ppp_mppe.o, and got ahold of the compiler call to compile ppp_mppe as a module, I did that on the 2.4 box, I got it to load, but PPP connections seem to not work, plus the module is missing dependences.... What a mystery..... Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Fri, 29 Jun 2001, Tom Eastep wrote: > > > On Friday 29 June 2001 01:19 pm, Jamin Collins wrote: > > I've got it working under 2.4 just fine. > > > > Nod -- has worked fine here too for several months. Although, there was a > kernel ppp problem that was causing outbound traffic to be send en clair even > when mppe 128 had been negotiated; that seems to be corrected in current 2.4 > kernels.. > > -Tom > -- > Tom Eastep \ tom at seattlefirewall.dyndns.org > ICQ #60745924 \ http://seattlefirewall.dyndns.org > Shoreline, Washington \__________________________________________ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From teastep at seattlefirewall.dyndns.org Fri Jun 29 18:31:40 2001 From: teastep at seattlefirewall.dyndns.org (Tom Eastep) Date: Fri, 29 Jun 2001 16:31:40 -0700 Subject: [pptp-server] MPPE died In-Reply-To: References: Message-ID: <01062916314004.01051@ursa.seattlefirewall.dyndns.org> On Friday 29 June 2001 03:17 pm, Justin Kreger wrote: > The customer's box is in 2.2.17 right now, but it's not working in > 2.4.5 with the patches from mirrors.binarix.com/ppp-mppe It's compiled > in, but the driver just dosen't initlize, its in the System.map, but if I > cat /proc/ksyms|grep mppe, it isen't there. I've found that many features that aren't in Linus's official source tree work better when compiled as a module. I use the patch: ppp-2.4.0-openssl-0.9.6-mppe.patch from mirror.binarix.com/ppp-mppe and load ppp_mppe.o as a module. Works fine. -Tom -- Tom Eastep \ tom at seattlefirewall.dyndns.org ICQ #60745924 \ http://seattlefirewall.dyndns.org Shoreline, Washington \__________________________________________ From JaminC at adapt-tele.com Fri Jun 29 18:48:53 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 29 Jun 2001 18:48:53 -0500 Subject: [pptp-server] MPPE died Message-ID: Tom Eastep [mailto:teastep at seattlefirewall.dyndns.org] wrote: > I've found that many features that aren't in Linus's official > source tree work better when compiled as a module. I can't say that I've tried anything other than as a module. However, it does seem that we module users are working and those compiling it into the kernel are not. Could one or two of you try it as a module and see if that fixes things? Jamin W. Collins From lists at earthling.2y.net Fri Jun 29 18:53:18 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 29 Jun 2001 19:53:18 -0400 (EDT) Subject: [pptp-server] MPPE died In-Reply-To: Message-ID: the problem is, that it automaticly compiled in on the box...... and when I manually build the module, it was missing dependencies in the kernel. I may try compleatly modularizing ppp.... the box is like a P3 700 so.... it should run ok with a modularized ppp stack... it only has three or four users at any given time. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Fri, 29 Jun 2001, Jamin Collins wrote: > > > Tom Eastep [mailto:teastep at seattlefirewall.dyndns.org] wrote: > > I've found that many features that aren't in Linus's official > > source tree work better when compiled as a module. > I can't say that I've tried anything other than as a module. However, it > does seem that we module users are working and those compiling it into the > kernel are not. Could one or two of you try it as a module and see if that > fixes things? > > Jamin W. Collins > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From teastep at seattlefirewall.dyndns.org Fri Jun 29 20:19:24 2001 From: teastep at seattlefirewall.dyndns.org (Tom Eastep) Date: Fri, 29 Jun 2001 18:19:24 -0700 Subject: [pptp-server] MPPE died In-Reply-To: References: Message-ID: <01062918192406.01051@ursa.seattlefirewall.dyndns.org> On Friday 29 June 2001 04:53 pm, Justin Kreger wrote: > the problem is, that it automaticly compiled in on the box...... and when > I manually build the module, it was missing dependencies in the kernel. I > may try compleatly modularizing ppp.... the box is like a P3 700 so.... it > should run ok with a modularized ppp stack... it only has three or four > users at any given time. > Being a module or not has nothing to do with the user capacity or performance... Modules can be replaced dynamically (at a cost) while "compiled in" functions can only be replaced by rebuilding/rebooting. Modules aren't available at cold load (but initrd allows them to be made available early in cold load however). Because it is much quicker and easier to test new versions of a module, most function providers test the modular version of their code much more fully that the inbuilt version. -Tom -- Tom Eastep \ tom at seattlefirewall.dyndns.org ICQ #60745924 \ http://seattlefirewall.dyndns.org Shoreline, Washington \__________________________________________ From lists at earthling.2y.net Fri Jun 29 19:38:12 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 29 Jun 2001 20:38:12 -0400 (EDT) Subject: [pptp-server] MPPE died In-Reply-To: <01062918192406.01051@ursa.seattlefirewall.dyndns.org> Message-ID: You can replace a compiled in function with new code in a module... how do you think mods like heroin and cocain work......... As for modularized for functionallity vs monolithic for speed, it is an old debate, and not worth the time and effort, I just wish to figure out why the evil ppp_mppe code wants to be compiled in, instead of being a module like it used to be when i build vpn servers using 2.2.x. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Fri, 29 Jun 2001, Tom Eastep wrote: > On Friday 29 June 2001 04:53 pm, Justin Kreger wrote: > > the problem is, that it automaticly compiled in on the box...... and when > > I manually build the module, it was missing dependencies in the kernel. I > > may try compleatly modularizing ppp.... the box is like a P3 700 so.... it > > should run ok with a modularized ppp stack... it only has three or four > > users at any given time. > > > > Being a module or not has nothing to do with the user capacity or > performance... > > Modules can be replaced dynamically (at a cost) while "compiled in" functions > can only be replaced by rebuilding/rebooting. Modules aren't available at > cold load (but initrd allows them to be made available early in cold load > however). > > Because it is much quicker and easier to test new versions of a module, most > function providers test the modular version of their code much more fully > that the inbuilt version. > > -Tom > -- > Tom Eastep \ tom at seattlefirewall.dyndns.org > ICQ #60745924 \ http://seattlefirewall.dyndns.org > Shoreline, Washington \__________________________________________ > From teastep at seattlefirewall.dyndns.org Fri Jun 29 20:44:28 2001 From: teastep at seattlefirewall.dyndns.org (Tom Eastep) Date: Fri, 29 Jun 2001 18:44:28 -0700 Subject: [pptp-server] MPPE died In-Reply-To: References: Message-ID: <01062918442807.01051@ursa.seattlefirewall.dyndns.org> On Friday 29 June 2001 05:38 pm, Justin Kreger wrote: > You can replace a compiled in function with new code in a module... how do > you think mods like heroin and cocain work......... > > As for modularized for functionallity vs monolithic for speed, it is an > old debate, and not worth the time and effort, I just wish to figure out > why the evil ppp_mppe code wants to be compiled in, instead of being a > module like it used to be when i build vpn servers using 2.2.x. > Well, mine is working and yours isn't -- there is a lot to be said for the former. -Tom -- Tom Eastep \ tom at seattlefirewall.dyndns.org ICQ #60745924 \ http://seattlefirewall.dyndns.org Shoreline, Washington \__________________________________________ From JaminC at adapt-tele.com Sat Jun 30 08:50:04 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Sat, 30 Jun 2001 08:50:04 -0500 Subject: [pptp-server] MPPE died Message-ID: Justin Kreger [mailto:lists at earthling.2y.net] wrote: > You can replace a compiled in function with new code in a > module... how do you think mods like heroin and cocain > work......... > > As for modularized for functionallity vs monolithic for > speed, it is an old debate, and not worth the time and > effort, I just wish to figure out why the evil ppp_mppe > code wants to be compiled in, instead of being a module > like it used to be when i build vpn servers using 2.2.x. I could give you a complete list of the ppp modules on my side if it will help you determine which ones to move out of the kernel. I believe my ppp stuff is all modules, nothing compiled into the kernel (btw, this was the default on my system I changed nothing but appling patches). Jamin W. Collins From lists at earthling.2y.net Sat Jun 30 09:12:13 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 30 Jun 2001 10:12:13 -0400 (EDT) Subject: [pptp-server] MPPE died In-Reply-To: Message-ID: I got it to work, I just modularized ppp entierlly it seems ppp_mppe is tied into ppp_generic's compile What jerk did this should be hurt..... Anyway.... Aslong as I don't have to start upgrading all our customers to 2.4, I will be happy. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Sat, 30 Jun 2001, Jamin Collins wrote: > > > Justin Kreger [mailto:lists at earthling.2y.net] wrote: > > You can replace a compiled in function with new code in a > > module... how do you think mods like heroin and cocain > > work......... > > > > As for modularized for functionallity vs monolithic for > > speed, it is an old debate, and not worth the time and > > effort, I just wish to figure out why the evil ppp_mppe > > code wants to be compiled in, instead of being a module > > like it used to be when i build vpn servers using 2.2.x. > > I could give you a complete list of the ppp modules on my side if it will > help you determine which ones to move out of the kernel. I believe my ppp > stuff is all modules, nothing compiled into the kernel (btw, this was the > default on my system I changed nothing but appling patches). > > Jamin W. Collins > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From JaminC at adapt-tele.com Sat Jun 30 10:39:07 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Sat, 30 Jun 2001 10:39:07 -0500 Subject: [pptp-server] MPPE died Message-ID: Justin Kreger [mailto:lists at earthling.2y.net] wrote: > I got it to work, I just modularized ppp entierlly > > it seems ppp_mppe is tied into ppp_generic's compile > > What jerk did this should be hurt..... > > Anyway.... Aslong as I don't have to start upgrading all our > customers to 2.4, I will be happy. I take it you're not a fan of modules? Jamin W. Collins From lists at earthling.2y.net Sat Jun 30 10:23:39 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 30 Jun 2001 11:23:39 -0400 (EDT) Subject: [pptp-server] MPPE died In-Reply-To: Message-ID: I wouldn't say that I'm not a fan, but over my years of experence, I have lost critical drivers that were compiled as modules due to lets say the power going offline at the wrong time, or an idiot hitting the power button on a box. I'm much more willing to rebuild the entire kernel, or a chunk of it in other to fix something, than have to find out a box is having trouble at an odd hour due to a missing or currupted module. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Sat, 30 Jun 2001, Jamin Collins wrote: > Justin Kreger [mailto:lists at earthling.2y.net] wrote: > > I got it to work, I just modularized ppp entierlly > > > > it seems ppp_mppe is tied into ppp_generic's compile > > > > What jerk did this should be hurt..... > > > > Anyway.... Aslong as I don't have to start upgrading all our > > customers to 2.4, I will be happy. > > I take it you're not a fan of modules? > > Jamin W. Collins > From berzerke at swbell.net Sat Jun 30 19:57:49 2001 From: berzerke at swbell.net (robert) Date: Sat, 30 Jun 2001 19:57:49 -0500 Subject: [pptp-server] MPPE died In-Reply-To: References: Message-ID: <01063019574900.18408@linux> I too have found some things just don't work compiled in, but work fine as modules. I have the SIS NIC driver that refuses to work when compiled in, but works just fine as a module. And this is in the official tree! I wish I could explain why. On Friday 29 June 2001 18:48, Jamin Collins wrote: > Tom Eastep [mailto:teastep at seattlefirewall.dyndns.org] wrote: > > I've found that many features that aren't in Linus's official > > source tree work better when compiled as a module. > > I can't say that I've tried anything other than as a module. However, it > does seem that we module users are working and those compiling it into the > kernel are not. Could one or two of you try it as a module and see if that > fixes things? > > Jamin W. Collins From GeorgeV at citadelcomputer.com.au Sat Jun 30 19:59:27 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sun, 1 Jul 2001 10:59:27 +1000 Subject: [pptp-server] MPPE died Message-ID: <200FAA488DE0D41194F10010B597610D172636@JUPITER> Whooo.. what a thread building... I used that same patch and had these problems.. I compiled after compiled after scheading the source three and re "tar xvfz" the source and started again and then it suddenly worked. I find that half of these "unresolved symbol" compile errors are when other things/modules are required to add into the kernel and aren't and so you get these errors. I added a few other things and compile again and it all worked.. But now this MPPE has started to creep up. I wonder if it's really encrypting, haven't tcpdumped it yet to see.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L -----Original Message----- From: Tom Eastep [mailto:teastep at seattlefirewall.dyndns.org] Sent: Saturday, June 30, 2001 9:32 AM To: Justin Kreger Cc: Jamin Collins; George Vieira; PPTP List (E-mail) Subject: Re: [pptp-server] MPPE died On Friday 29 June 2001 03:17 pm, Justin Kreger wrote: > The customer's box is in 2.2.17 right now, but it's not working in > 2.4.5 with the patches from mirrors.binarix.com/ppp-mppe It's compiled > in, but the driver just dosen't initlize, its in the System.map, but if I > cat /proc/ksyms|grep mppe, it isen't there. I've found that many features that aren't in Linus's official source tree work better when compiled as a module. I use the patch: ppp-2.4.0-openssl-0.9.6-mppe.patch from mirror.binarix.com/ppp-mppe and load ppp_mppe.o as a module. Works fine. -Tom -- Tom Eastep \ tom at seattlefirewall.dyndns.org ICQ #60745924 \ http://seattlefirewall.dyndns.org Shoreline, Washington \__________________________________________ From lists at earthling.2y.net Sat Jun 30 22:32:25 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 30 Jun 2001 23:32:25 -0400 (EDT) Subject: [pptp-server] MPPE died In-Reply-To: <01063019574900.18408@linux> Message-ID: I have seen the same with certian clones of the DEC Tulip chipset.... but then again.... some of those cards (they are most of the very cheap 10/100 cards.... tipiclly they are everything at best buy, except the 3com stuff, and maybe a linksys on an odd day.) won't with even the most recent drivers anyway... its weird.... i finally went and got another 3com Vortex for that project. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Sat, 30 Jun 2001, robert wrote: > > > I too have found some things just don't work compiled in, but work fine as > modules. I have the SIS NIC driver that refuses to work when compiled in, > but works just fine as a module. And this is in the official tree! I wish I > could explain why. > > On Friday 29 June 2001 18:48, Jamin Collins wrote: > > Tom Eastep [mailto:teastep at seattlefirewall.dyndns.org] wrote: > > > I've found that many features that aren't in Linus's official > > > source tree work better when compiled as a module. > > > > I can't say that I've tried anything other than as a module. However, it > > does seem that we module users are working and those compiling it into the > > kernel are not. Could one or two of you try it as a module and see if that > > fixes things? > > > > Jamin W. Collins > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- >