Antwort: RE: [pptp-server] pptp connection with encryption and kernel 2.4. 0

robert berzerke at swbell.net
Tue Mar 27 12:09:39 CST 2001 

On Tuesday 27 March 2001 11:21, werner.hofer at igs.at wrote:
> After I made an alias on my eth0 interface (192.168.1.1) proxyarp should
> work since i can find an entry in the arp table for my pptp client. Thanks
> for your advise Steve.
>
> But still I can´t get a ping through the pptp tunnel. I even can´t ping the
> Server´s end of the tunnel.

Is this both with and without encryption, or just with encryption?

>
> I did the iptables entries mentioned at the pptp-howto below and I do have
> the entries in my modules.conf. Even my module ppp_mppe loads without any
> error.

Did you change the constants in the script to values appropriate for your 
network configuration?  Also, the sample script in the howto does not allow 
pings anyway.  Use the bigger sample script at http://home.swbell/berzerke 
which does allow for pinging only from the server on the external interface.  
The rules are easy to adjust for a pptpd interface.  Just copy the ping 
section, paste right below the existing ping section, and change all $EXTINT 
to ppp+  (or optionally ppp0, but the + covers all possible ppp interfaces).  
It won't respond to incoming pings, although it will log them.

> I can watch traffic with tcpdump on both the ip protocol 47 and the port
> 1723 at the external Interface eth1.
>
> I´m very clueless at the moment. What else can it be?
>
> Werner
> ----- Weitergeleitet von Werner Hofer/igs am 27.03.2001 18:08 -----
>
> |--------+----------------------------------->
> |
> |        |          werner.hofer at igs.at      |
> |        |          Gesendet von:            |
> |        |          pptp-server-admin at lists.s|
> |        |          chulte.org               |
> |        |
> |        |
> |        |          27.03.2001 18:39         |
> |
> |--------+----------------------------------->
> |
>   >------------------------------------------------------------------------
>   >-----------------------------------|
>   >
>   |       An:     "Cowles, Steve" <Steve at SteveCowles.com>,
>   | pptp-server at lists.schulte.org                      | Kopie:            
>   |                                                                        
>   |          | Thema:  Antwort: RE: [pptp-server] pptp connection with
>   | encryption and kernel 2.4. 0                |
>   |
>   >------------------------------------------------------------------------
>   >-----------------------------------|
>
> Dear Steve!
>
> When I turn on encryption it´s even impossible to ping the PPTP-servers ip
> adress at the ppp0 interface .
> The ip-address of the eth0 interface (192.168.0.1) and the ip-address of
> the ppp0 interface (192.168.1.x) are not in the same network - should I be
> able to ping the ppp0 Interface?
> Or is even this impossible if I don´t fix the proxyarp problem.
> What do you think, does this clearly indicate a problem with the MPPE
> encryption?
>
> thanks
> Werner
>
>
>
>                     "Cowles,
>
>                     Steve"               An:     "'werner.hofer at igs.at'"
> <werner.hofer at igs.at>, pptp-server at lists.schulte.org
>                     <Steve at SteveC        Kopie:
>
>                     owles.com>           Thema:  RE: [pptp-server] pptp
> connection with encryption and kernel 2.4. 0
>
>                     27.03.2001
>
>                     17:11
>
> > -----Original Message-----
> > From: werner.hofer at igs.at [mailto:werner.hofer at igs.at]
> > Sent: Tuesday, March 27, 2001 6:25 AM
> > To: pptp-server at lists.schulte.org
> > Subject: [pptp-server] pptp connection with encryption and
> > kernel 2.4.0
> >
> >
> > Hi!
> >
> > On my positiv list:
> >
> > pptp 2.4.0 runs with kernel 2.4.0 suse 7.1 "kernel" patch
> > linux-2.4.0-openssl-0.9.6-mppe.patch.gz is installed
> > ppp is compiled as module
> >
> > pppd is patched with ppp-2.4.0-openssl-0.9.6-mppe.patch
> >
> > without encryption everything runs fine.
> >
> > On my negativ list:
> >
> > when I turn on encryption my win2000 system connects, but i
> > can´t get a ping through to the other side.
> >
> > I have read the howto on:
> > http://home.swbell.net/berzerke/2.4_kernel_PPTPD-HOWTO.txt
> > at 5.13 it is mentioned to compile ppp as module - but since
> > i have done this - what else can it be?
> >
> > the only error message i can find in /var/log/messages is:
> > cannot determine ethernet address for proxy ARP
> > I turned it on with
> > echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
> > but still i do have this error message.
> > Since without any encryption I get this message too but
> > pinging ... works.
> >
> > Does anybody have a clue?
> >
> > Thanks in advance
> >  Werner
>
> You really need to fix the proxyarp problem first. Without it, you will
> only
> be able to "ping" your PPTP server, nothing past it. The proxy arp errors
> can usually be fixed by assigning IP addresses in pptpd.conf (local/remote)
> that are within the network address range of the PPTP servers LAN interface
> (like eth0 or eth1). If thats not an option, then consider using ip
> aliasing
> to bind the network addresses to what is specified in your pptpd.conf to
> your PPTP servers LAN interface. Checkout the kernel source documentation
> directory /usr/src/linux/Documentation/networking/alias.txt for info on ip
> aliasing.
>
> Also, since "ping" works without encryption, then I would think there is a
> problem with your MPPE patch implementation. i.e. The encapsulated GRE
> packet cannot be de-encapsulated and handed off to the TCP/IP stack to be
> routed.
>
> Do you have module ppp_mppe.o and does /etc/modules.conf contain:
> alias ppp-compress-18 ppp_mppe
> alias ppp-compress-21 bsd_comp
> alias ppp-compress-24 ppp_deflate
> alias ppp-compress-26 ppp_deflate
>
> Steve Cowles
>
>
>
>
> ____________________________________________________
> IGS Systemmanagement
> Dr. Weginger GesmbH
> Dorfplatz 5 - Piberbach
> A-4531 Kematen/Krems
> phone: +43 7228 6451 0       home: http://www.igs.at
> fax: +43 7228 6451 30        eMail: igs at igs.at
> hotline:
> fax: +43 7228 6451 20        eMail: hotline at igs.at
> ____________________________________________________
>
> NEWSFLASH___________________________________________
>
> - Erfolgreich mit der IGS e-commerce-Lösung!
> - Änderung in den §§ 131 und 132 Abs.3 BAO bzgl.
>   "Zurverfügungstellung von Datenträgern an
>   Betriebsprüfer"!
>   näheres unter http://www.igs.at/archiv/news.html
>
> NEWSFLASH___________________________________________
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>
>
>
> ____________________________________________________
> IGS Systemmanagement
> Dr. Weginger GesmbH
> Dorfplatz 5 - Piberbach
> A-4531 Kematen/Krems
> phone: +43 7228 6451 0       home: http://www.igs.at
> fax: +43 7228 6451 30        eMail: igs at igs.at
> hotline:
> fax: +43 7228 6451 20        eMail: hotline at igs.at
> ____________________________________________________
>
> NEWSFLASH___________________________________________
>
> - Erfolgreich mit der IGS e-commerce-Lösung!
> - Änderung in den §§ 131 und 132 Abs.3 BAO bzgl.
>   "Zurverfügungstellung von Datenträgern an
>   Betriebsprüfer"!
>   näheres unter http://www.igs.at/archiv/news.html
>
> NEWSFLASH___________________________________________
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list