Antwort: RE: [pptp-server] pptp connection with encryption and kernel 2.4. 0

werner.hofer at igs.at werner.hofer at igs.at
Tue Mar 27 10:39:25 CST 2001


Dear Steve!

When I turn on encryption it´s even impossible to ping the PPTP-servers ip
adress at the ppp0 interface .
The ip-address of the eth0 interface (192.168.0.1) and the ip-address of
the ppp0 interface (192.168.1.x) are not in the same network - should I be
able to ping the ppp0 Interface?
Or is even this impossible if I don´t fix the proxyarp problem.
What do you think, does this clearly indicate a problem with the MPPE
encryption?

thanks
Werner


                                                                                                                                              
                    "Cowles,                                                                                                                  
                    Steve"               An:     "'werner.hofer at igs.at'" <werner.hofer at igs.at>, pptp-server at lists.schulte.org                 
                    <Steve at SteveC        Kopie:                                                                                               
                    owles.com>           Thema:  RE: [pptp-server] pptp connection with encryption and kernel 2.4. 0                          
                                                                                                                                              
                    27.03.2001                                                                                                                
                    17:11                                                                                                                     
                                                                                                                                              
                                                                                                                                              



> -----Original Message-----
> From: werner.hofer at igs.at [mailto:werner.hofer at igs.at]
> Sent: Tuesday, March 27, 2001 6:25 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] pptp connection with encryption and
> kernel 2.4.0
>
>
> Hi!
>
> On my positiv list:
>
> pptp 2.4.0 runs with kernel 2.4.0 suse 7.1 "kernel" patch
> linux-2.4.0-openssl-0.9.6-mppe.patch.gz is installed
> ppp is compiled as module
>
> pppd is patched with ppp-2.4.0-openssl-0.9.6-mppe.patch
>
> without encryption everything runs fine.
>
> On my negativ list:
>
> when I turn on encryption my win2000 system connects, but i
> can´t get a ping through to the other side.
>
> I have read the howto on:
> http://home.swbell.net/berzerke/2.4_kernel_PPTPD-HOWTO.txt
> at 5.13 it is mentioned to compile ppp as module - but since
> i have done this - what else can it be?
>
> the only error message i can find in /var/log/messages is:
> cannot determine ethernet address for proxy ARP
> I turned it on with
> echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
> but still i do have this error message.
> Since without any encryption I get this message too but
> pinging ... works.
>
> Does anybody have a clue?
>
> Thanks in advance
>  Werner

You really need to fix the proxyarp problem first. Without it, you will
only
be able to "ping" your PPTP server, nothing past it. The proxy arp errors
can usually be fixed by assigning IP addresses in pptpd.conf (local/remote)
that are within the network address range of the PPTP servers LAN interface
(like eth0 or eth1). If thats not an option, then consider using ip
aliasing
to bind the network addresses to what is specified in your pptpd.conf to
your PPTP servers LAN interface. Checkout the kernel source documentation
directory /usr/src/linux/Documentation/networking/alias.txt for info on ip
aliasing.

Also, since "ping" works without encryption, then I would think there is a
problem with your MPPE patch implementation. i.e. The encapsulated GRE
packet cannot be de-encapsulated and handed off to the TCP/IP stack to be
routed.

Do you have module ppp_mppe.o and does /etc/modules.conf contain:
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate

Steve Cowles




____________________________________________________
IGS Systemmanagement
Dr. Weginger GesmbH
Dorfplatz 5 - Piberbach
A-4531 Kematen/Krems
phone: +43 7228 6451 0       home: http://www.igs.at
fax: +43 7228 6451 30        eMail: igs at igs.at
hotline:
fax: +43 7228 6451 20        eMail: hotline at igs.at
____________________________________________________

NEWSFLASH___________________________________________

- Erfolgreich mit der IGS e-commerce-Lösung!
- Änderung in den §§ 131 und 132 Abs.3 BAO bzgl.
  "Zurverfügungstellung von Datenträgern an
  Betriebsprüfer"!
  näheres unter http://www.igs.at/archiv/news.html

NEWSFLASH___________________________________________




More information about the pptp-server mailing list