From anesthes at cisdi.com Tue May 1 01:19:17 2001 From: anesthes at cisdi.com (Joey Coco) Date: Tue, 1 May 2001 01:19:17 -0500 (EST) Subject: [pptp-server] Samba 2.2 & nt auth solution? In-Reply-To: <20010430124645.A724@falcon.waretec.com> Message-ID: Hi, I'm using 2.4.x kernel with poptop.. Works fairly well.. Need to turn debugging off on poptop tho, cuz it fills up syslog in a matter of days if you have a bunch of perm call ins.. The tunnels are pretty stable as long as the internet connection is.. Only problem with 2.4.x so far is a vpn-masq patch.. And iptables doesn't behave like ipchains at all.. But its worth learning.. -- Joe On Mon, 30 Apr 2001, Andrew W. Davis wrote: > finally samba 2.2 is here! it should now be possible to authenticate > connecting vpn users against a nt domain controller. if anyone has tried this > yet, please let me know your success/horror stories. I'll be getting into > the thick of things this next week with this project. all input would be > appreciated. It's my understanding that full functionality is only possible > with a 2.4 kernel. I haven't had a huge amount of success with the new kernel, > but has anyone compiled it to work with poptop and running a functional vpn > server w/it? > > all inquerries/replies/input welcome... > > Andrew > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ / "I'd like to think that everything is beautiful, and I'd like to think / \ that everything is fair. I'd like to think that everything is plentiful,\ / and i'd like to think that every body cares. We'd like to thank you.." / \ \ / http://members.cisdi.com/~anesthes/ -=- IM: imd3fc0n / \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ C r e a t i v e I l l u s i o n s S o f t w a r e D e s i g n, I n c. From mjo at pbj.dk Tue May 1 09:09:09 2001 From: mjo at pbj.dk (Mikael Johnsen) Date: Tue, 1 May 2001 16:09:09 +0200 Subject: [pptp-server] WINS Problems Message-ID: <1DA605F7E2EAD411B7A9009027DDD2C35B4A@PBJ-EXCHG> Hi Guys my vpn clients can not access other computers at the LAN through network neighborhood my nt logon scripts is not working either, so they can't get their net shares like they do when they connect on the lan I will send my pptpd.conf as well localip 192.168.10.10 remoteip 192.168.10.70-120 listen 212.242.86.202 and my options file lock debug 9 auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ms-wins 192.168.10.31 ms-dns 192.168.10.10 netmask 255.255.255.0 proxyarp 192.168.10.10: require-chap name vpn netmask 255.255.255.0 chapms-strip-domain #this set up how long the vpn user can be idle without getting thrown out idle 7200 hopefully someone can help me Med venlig hilsen / Best regards Mikael Johnsen Systemadministrator / System Administrator PBJ Consult A/S Phone: +45 43 62 74 00 Roholmsvej 10 G Fax: +45 43 62 74 24 DK-2620 Albertslund Email: mailto:mjo at pbj.dk Homepage: www.pbj.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: From mjo at pbj.dk Tue May 1 14:12:09 2001 From: mjo at pbj.dk (Mikael Johnsen) Date: Tue, 1 May 2001 21:12:09 +0200 Subject: [pptp-server] Connecte til Remote Customers Message-ID: <1DA605F7E2EAD411B7A9009027DDD2C35B4B@PBJ-EXCHG> Hi Guys I have another question How can my vpn clients connect to a remote host on our customers site? vpn client > our network > foreign network > Unix Server I hope this is enough information :-) Med venlig hilsen / Best regards Mikael Johnsen Systemadministrator / System Administrator PBJ Consult A/S Phone: +45 43 62 74 00 Roholmsvej 10 G Fax: +45 43 62 74 24 DK-2620 Albertslund Email: mailto:mjo at pbj.dk Homepage: www.pbj.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: From janc at iplink.net Tue May 1 19:28:20 2001 From: janc at iplink.net (Jan Carlson) Date: Tue, 01 May 2001 20:28:20 -0400 Subject: [pptp-server] RH6.2 pptpd help request Message-ID: <3AEF54A4.4F87426E@iplink.net> So many of you have this working, so I must be missing something simple that you can point out... No smp kernel, no iptables, no 2.4 kernel, just vanilla RH6.2 i386. I am running RH6.2, kernel 2.2.16-3, pptpd-init-1.0.1-1.i386.rpm, ppp-2.3.8 patched per /usr/doc/pptpd-1.0.1/html/HOWTO-PoPToP.txt, and patched ppp and ppp-mppe kernel modules per the same HOWTO. Outside those 2 modules, I am running the stock Red Hat 2.2.16-3 kernel. I always get this in /var/log/messages when I try to connect from a Win98Se machine, even though I do have entries in chap-secrets and pap-secrets. pppd[16478]: The remote system is required to authenticate itself but I pppd[16478]: couldn't find any secret (password) which would let it use an IP address. pptpd[16477]: GRE: read(fd=4,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output error pptpd[16477]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Does something else in this kernel need patching to support the GRE protocol? The PopTop web page suggests the pptpd 1.0.1 rpm as the best working version, but if that's no longer true, please redirect me. I used kernel 2.2.16 only because it seems to be the one this pptpd version used. Otherwise, I have all the RH6.2 update rpms installed. RTFMs that point me to a known-working setup for RH6.2 2.2 kernels would be very welcome. I am all ears... Thanks in advance for any tips! Jan Carlson From dreadboy at hotmail.com Tue May 1 23:47:56 2001 From: dreadboy at hotmail.com (Dread Boy) Date: Tue, 01 May 2001 22:47:56 -0600 Subject: [pptp-server] RH6.2 pptpd help request Message-ID: Check my site, setup for Redhat 6.2 pptpd. http://members.home.net/dont-bug-me/pptpd Grab howto.html. Hope it helps. Dread. =) ----------------------------------------------- So many of you have this working, so I must be missing something simple that you can point out... No smp kernel, no iptables, no 2.4 kernel, just vanilla RH6.2 i386. I am running RH6.2, kernel 2.2.16-3, pptpd-init-1.0.1-1.i386.rpm, ppp-2.3.8 patched per /usr/doc/pptpd-1.0.1/html/HOWTO-PoPToP.txt, and patched ppp and ppp-mppe kernel modules per the same HOWTO. Outside those 2 modules, I am running the stock Red Hat 2.2.16-3 kernel. I always get this in /var/log/messages when I try to connect from a Win98Se machine, even though I do have entries in chap-secrets and pap-secrets. pppd[16478]: The remote system is required to authenticate itself but I pppd[16478]: couldn't find any secret (password) which would let it use an IP address. pptpd[16477]: GRE: read(fd=4,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output error pptpd[16477]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Does something else in this kernel need patching to support the GRE protocol? The PopTop web page suggests the pptpd 1.0.1 rpm as the best working version, but if that's no longer true, please redirect me. I used kernel 2.2.16 only because it seems to be the one this pptpd version used. Otherwise, I have all the RH6.2 update rpms installed. RTFMs that point me to a known-working setup for RH6.2 2.2 kernels would be very welcome. I am all ears... Thanks in advance for any tips! Jan Carlson _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From Frank.vanTol at ctp.com Wed May 2 06:51:04 2001 From: Frank.vanTol at ctp.com (Frank van Tol) Date: Wed, 2 May 2001 13:51:04 +0200 Subject: [pptp-server] auth success, connection still dropped Message-ID: Going from a linux client to Windows server, we keep running into following scenario: AUTH is OK, we get an IPaddress but connection is dropped right after that. Any ideas what's causign this? I've X-out some details. -Frank May 2 11:44:06 towtruck pptp[1024]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:538]: Client connection established. May 2 11:44:07 towtruck pptp[1024]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:645]: Outgoing call established (call ID 0, peer's call ID 986). May 2 11:44:07 towtruck pppd[1026]: pppd 2.4.0 started by root, uid 0 May 2 11:44:07 towtruck pppd[1026]: Using interface ppp0 May 2 11:44:07 towtruck pppd[1026]: Connect: ppp0 <--> /dev/pts/3 May 2 11:44:07 towtruck pppd[1026]: sent [LCP ConfReq id=0x1 ] May 2 11:44:09 towtruck pppd[1026]: rcvd [LCP ConfAck id=0x1 ] May 2 11:44:10 towtruck pppd[1026]: sent [LCP ConfReq id=0x1 ] May 2 11:44:10 towtruck pppd[1026]: rcvd [LCP ConfAck id=0x1 ] May 2 11:44:11 towtruck pppd[1026]: rcvd [LCP ConfReq id=0x1 < 0d 03 06> < 17 04 14 e8>] May 2 11:44:11 towtruck pppd[1026]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 17 04 14 e8>] May 2 11:44:11 towtruck pppd[1026]: rcvd [LCP ConfReq id=0x2 ] May 2 11:44:11 towtruck pppd[1026]: sent [LCP ConfAck id=0x2 ] May 2 11:44:11 towtruck pppd[1026]: sent [LCP EchoReq id=0x0 magic=0x222a4b56] May 2 11:44:11 towtruck pppd[1026]: rcvd [CHAP Challenge id=0x0 <1e136c418425ce464ba6760a3111d076>, name = "XXXXX"] May 2 11:44:11 towtruck pppd[1026]: sent [CHAP Response id=0x0 <762bc3e53d7de51328228db3ecea5f9b00000000000000002cb061bfc0c334f3417380cc0e5 ad9cbfe4f7d1c6456180300>, name = "XXXXXXX"] May 2 11:44:11 towtruck pppd[1026]: rcvd [LCP EchoRep id=0x0 magic=0x786951d7] May 2 11:44:12 towtruck pppd[1026]: rcvd [CHAP Success id=0x0 "S=91D1BA63539D04C96759E125863B762EC7052671"] May 2 11:44:12 towtruck pppd[1026]: Remote message: S=91D1BA63539D04C96759E125863B762EC7052671 May 2 11:44:12 towtruck pppd[1026]: sent [IPCP ConfReq id=0x1 ] May 2 11:44:12 towtruck pppd[1026]: rcvd [CCP ConfReq id=0x4 ] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfReq id=0x1] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfRej id=0x4 ] May 2 11:44:12 towtruck pppd[1026]: rcvd [IPCP ConfReq id=0x5 ] May 2 11:44:12 towtruck pppd[1026]: sent [IPCP ConfAck id=0x5 ] May 2 11:44:12 towtruck pppd[1026]: rcvd [IPCP ConfRej id=0x1 ] May 2 11:44:12 towtruck pppd[1026]: sent [IPCP ConfReq id=0x2 ] May 2 11:44:12 towtruck pppd[1026]: rcvd [CCP ConfNak id=0x1 ] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfReq id=0x2] May 2 11:44:12 towtruck pppd[1026]: rcvd [IPCP ConfNak id=0x2 ] May 2 11:44:12 towtruck pppd[1026]: sent [IPCP ConfReq id=0x3 ] May 2 11:44:12 towtruck pppd[1026]: rcvd [CCP ConfNak id=0x2 ] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfReq id=0x3] May 2 11:44:12 towtruck pppd[1026]: rcvd [IPCP ConfAck id=0x3 ] May 2 11:44:12 towtruck pppd[1026]: Cannot determine ethernet address for proxy ARP May 2 11:44:12 towtruck pppd[1026]: local IP address XXX.XX.117.102 May 2 11:44:12 towtruck pppd[1026]: remote IP address XXX.XX.117.100 May 2 11:44:12 towtruck pppd[1026]: Script /etc/ppp/ip-up started (pid 1028) May 2 11:44:12 towtruck pppd[1026]: rcvd [CCP ConfNak id=0x3 ] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfReq id=0x4] May 2 11:44:12 towtruck pppd[1026]: rcvd [CCP ConfNak id=0x4 ] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfReq id=0x5] May 2 11:44:12 towtruck pppd[1026]: Script /etc/ppp/ip-up finished (pid 1028), status = 0x0 May 2 11:44:12 towtruck pppd[1026]: rcvd [CCP ConfNak id=0x5 ] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfReq id=0x6] May 2 11:44:12 towtruck pppd[1026]: rcvd [CCP ConfNak id=0x6 ] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfReq id=0x7] May 2 11:44:12 towtruck pppd[1026]: rcvd [CCP ConfNak id=0x7 ] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfReq id=0x8] May 2 11:44:12 towtruck pppd[1026]: rcvd [CCP ConfNak id=0x8 ] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfReq id=0x9] May 2 11:44:12 towtruck pppd[1026]: rcvd [CCP ConfNak id=0x9 ] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfReq id=0xa] May 2 11:44:12 towtruck pppd[1026]: rcvd [CCP ConfNak id=0xa ] May 2 11:44:12 towtruck pppd[1026]: sent [CCP ConfReq id=0xb] May 2 11:44:12 towtruck pppd[1026]: rcvd [LCP TermReq id=0x6 "xiQ\37777777727\000<\37777777715t\000\000\002\37777777746"] May 2 11:44:12 towtruck pppd[1026]: LCP terminated by peer (xiQM-W^@ Does anyone have a complete list of what can be put in the options file, and what they do? =============================================== Jeff Prom - Distributed Systems Analyst ReliaStar Financial Corp. (612) 342-7835 E-Mail: Jeff.Prom at ReliaStar.com =============================================== From teastep at seattlefirewall.dyndns.org Wed May 2 08:57:19 2001 From: teastep at seattlefirewall.dyndns.org (Tom Eastep) Date: Wed, 2 May 2001 06:57:19 -0700 Subject: [pptp-server] options file In-Reply-To: <3AF00CD5.5D884949@reliastar.com> References: <3AF00CD5.5D884949@reliastar.com> Message-ID: <01050206571906.12798@wookie.seattlefirewall.dyndns.org> On Wednesday 02 May 2001 06:34, Jeffrey J Prom wrote: > Does anyone have a complete list of what can be put in the options file, > and what they do? > "man pppd"? -Tom -- Tom Eastep \ Alt Email: tom at seattlefirewall.dyndns.org ICQ #60745924 \ Websites: http://seawall.sourceforge.net teastep at evergo.net \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_________________________________________ From darrin at pentslc.com Thu May 3 12:02:03 2001 From: darrin at pentslc.com (Darrin Smith) Date: Thu, 3 May 2001 11:02:03 -0600 Subject: [pptp-server] PPTPD seems to hang on startup Message-ID: <3AF13AAB.16702.2A5C1B@localhost> When I start up pptpd, I get a message saying: "Long config file line ignored." and I have to break to return to the console. Any suggestions? From tradasia at hotmail.com Thu May 3 12:14:43 2001 From: tradasia at hotmail.com (Shah Nawaz Lodhi) Date: Thu, 03 May 2001 23:14:43 +0600 Subject: [pptp-server] Unscribe Message-ID: _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From GeorgeV at citadelcomputer.com.au Thu May 3 17:09:57 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 4 May 2001 08:09:57 +1000 Subject: [pptp-server] PPTPD seems to hang on startup Message-ID: <200FAA488DE0D41194F10010B597610D0D223F@JUPITER> It helps if we has a copy of your config file to see if there is in fact anything wrong with it. thanks, George Vieira -----Original Message----- From: Darrin Smith [mailto:darrin at pentslc.com] Sent: Friday, May 04, 2001 3:02 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] PPTPD seems to hang on startup When I start up pptpd, I get a message saying: "Long config file line ignored." and I have to break to return to the console. Any suggestions? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From kurt.glazemakers at dedigate.com Fri May 4 06:54:58 2001 From: kurt.glazemakers at dedigate.com (Kurt Glazemakers) Date: Fri, 4 May 2001 13:54:58 +0200 Subject: [pptp-server] Proxy arp on multiple interfaces Message-ID: I think I was a little bit to fast with my previous mail. It was just luck that made it working proparly. It seems really to be a problem to have local and remote IP on the same interface. I configured my pptpd.conf file like this: localip 10.20.100.128,10.20.241.128,10.20.209.128 remoteip 10.20.100.200,10.20.241.200,10.20.209.200 but when I make a PPTP connection the following device appears: ppp0 Link encap:Point-to-Point Protocol inet addr:10.20.100.128 P-t-P:10.20.241.200 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1490 Metric:1 RX packets:2099 errors:0 dropped:0 overruns:0 frame:0 TX packets:1291 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 This only can works when the first address (10.20.100.128) is replaced by 10.20.241.128. So we probably need a reprogramming anyway, to check if local and remote IP are in the same subnet. Is this correct ? And were do we have to change it ? Thanks, Kurt -----Original Message----- From: Kurt Glazemakers Sent: maandag 30 april 2001 13:10 To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] Proxy arp on multiple interfaces Yes Jerry, you were completly right. With this option it works really fine. I'v tested it with three accounts, on three interfaces and no problem. He always seams to use the local IP in the same subnet as the remote IP. (The remote IP's I have configured in the chap-secrets file). And I can connect to all the machines behind each interface. Kurt -----Original Message----- From: Jerry Vonau [mailto:jvonau at home.com] Sent: zaterdag 28 april 2001 17:25 To: Kurt Glazemakers Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Proxy arp on multiple interfaces Kurt: If you compile pptp with ./configure --with-pppd-ip-alloc, then ip's will be assigned from the chap-secrects file, based on the user log in name. The proxyarp option should pick up the required internal interface. Then comes the ipchains fun to make it all work right, but should be do-able. Jerry Vonau Kurt Glazemakers wrote: > Hi, > > I want a to use the pptp server as followed: > > internet > | > |eth0 > [.....pptp-server......] > | | | | > |eth1 |eth2 |eth3 |eth4 > 10.0.x.x/24 1.1/24 2.1/24 3.1/24 4.1/24 > > I have 4 pptp-accounts and I want to client A to have a proxy arped > IP-address 10.0.1.1/24 on eth1, client B a proy arped on eth2 > (10.0.2.1/24) , etc ... just depending on the logon and password they > use. > > I'm already aware that this probably needs some reprogramming, unless > someone needed this feature before. Does anyone of you can give me some > tips to start ? I assume you need the change the ipcp.c file, and > somewere add some features to the parse code for the configuration file. > Or is there something else that need to be changed as well ? > > many thanks already in advanced, > > Kurt > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From dhenders at itdepartment.com Fri May 4 09:16:42 2001 From: dhenders at itdepartment.com (Dave Henderson) Date: Fri, 4 May 2001 10:16:42 -0400 Subject: [pptp-server] PPTPD seems to hang on startup Message-ID: <81C9FDB7ACCED2119A43006097C9F5A2437B47@Mail.ITDepartment.com> Darrin, Taking a wild guess here (since you haven't attached your config file)... The config file could be corrupt... There may not be the proper linefeed at the end, either... What I'd suggest is open it up in vi or something and add a couple of linefeeds to the end, just to be sure, then try it again... -----Original Message----- From: Darrin Smith [mailto:darrin at pentslc.com] Sent: May 3, 2001 13:02 To: pptp-server at lists.schulte.org Subject: [pptp-server] PPTPD seems to hang on startup When I start up pptpd, I get a message saying: "Long config file line ignored." and I have to break to return to the console. Any suggestions? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Fri May 4 15:35:14 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 4 May 2001 16:35:14 -0400 (EDT) Subject: [pptp-server] Off Subject: WinME -> WinNT Message-ID: Anybody ever have problems trying to get WinME connect to a WinNT server (PPTP). In this case, we have a Linux Box doing NAT. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu From teastep at seattlefirewall.dyndns.org Sat May 5 11:32:44 2001 From: teastep at seattlefirewall.dyndns.org (Tom Eastep) Date: Sat, 5 May 2001 09:32:44 -0700 Subject: [pptp-server] Off Subject: WinME -> WinNT In-Reply-To: References: Message-ID: <01050509324400.30623@wookie.seattlefirewall.dyndns.org> On Friday 04 May 2001 13:35, Justin Kreger wrote: > Anybody ever have problems trying to get WinME connect to a WinNT server > (PPTP). In this case, we have a Linux Box doing NAT. > By NAT, if you mean that you are using IP Masquerade and you are running a 2.2 kernel on the Linux box then you need to follow the unstructions at http://www.impsec.org/linux/masquerade/ip_masq_vpn.html. To sumarize the information you will find there, on your Linux Box, you need to a) patch the kernel (Link to patch is at the above site) b) Run ipfwd to forward the initial GRE frame to the WinNT server. c) Port forward TCP port 1723 to the WinNT server d) Adjust your firewall rules. -Tom -- Tom Eastep \ Alt Email: tom at seattlefirewall.dyndns.org ICQ #60745924 \ Websites: http://seawall.sourceforge.net teastep at evergo.net \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_________________________________________ From lists at earthling.2y.net Sat May 5 14:29:36 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 5 May 2001 15:29:36 -0400 (EDT) Subject: [pptp-server] Off Subject: WinME -> WinNT In-Reply-To: <01050509324400.30623@wookie.seattlefirewall.dyndns.org> Message-ID: Nope, using 2.4 SNAT and DNAT. It works for Win98 from my home lan (masqueraded). We have a ME box in the Office that it wouldnt talk with on the same lan, plus one of our techs have reported being unable to conect from home on their ME box. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu On Sat, 5 May 2001, Tom Eastep wrote: > On Friday 04 May 2001 13:35, Justin Kreger wrote: > > Anybody ever have problems trying to get WinME connect to a WinNT server > > (PPTP). In this case, we have a Linux Box doing NAT. > > > > By NAT, if you mean that you are using IP Masquerade and you are running a > 2.2 kernel on the Linux box then you need to follow the unstructions at > http://www.impsec.org/linux/masquerade/ip_masq_vpn.html. > > To sumarize the information you will find there, on your Linux Box, you need > to > > a) patch the kernel (Link to patch is at the above site) > b) Run ipfwd to forward the initial GRE frame to the WinNT server. > c) Port forward TCP port 1723 to the WinNT server > d) Adjust your firewall rules. > > -Tom > -- > Tom Eastep \ Alt Email: tom at seattlefirewall.dyndns.org > ICQ #60745924 \ Websites: http://seawall.sourceforge.net > teastep at evergo.net \ http://seattlefirewall.dyndns.org > Shoreline, Washington USA \ http://shorewall.sourceforge.net > \_________________________________________ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From teastep at seattlefirewall.dyndns.org Sat May 5 16:19:23 2001 From: teastep at seattlefirewall.dyndns.org (Tom Eastep) Date: Sat, 5 May 2001 14:19:23 -0700 Subject: [pptp-server] Off Subject: WinME -> WinNT In-Reply-To: References: Message-ID: <01050514192302.01053@wookie.seattlefirewall.dyndns.org> On Saturday 05 May 2001 12:29, Justin Kreger wrote: > Nope, using 2.4 SNAT and DNAT. It works for Win98 from my home lan > (masqueraded). > Haven't tried a server behind a 2.4 firewall -- I just run PoPToP on the firewall box itself. -Tom -- Tom Eastep \ Alt Email: tom at seattlefirewall.dyndns.org ICQ #60745924 \ Websites: http://seawall.sourceforge.net teastep at evergo.net \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_________________________________________ From lists at earthling.2y.net Sat May 5 19:51:35 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 5 May 2001 20:51:35 -0400 (EDT) Subject: [pptp-server] Error 781 Message-ID: Anybody remember how to fix an error 781 (the no valid cert one)? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu From sjcjonker at sjc.nl Sun May 6 06:49:35 2001 From: sjcjonker at sjc.nl (Stijn Jonker) Date: Sun, 6 May 2001 13:49:35 +0200 (CEST) Subject: [pptp-server] Pptp working only without encryption. Message-ID: Hello, I got pptp working like a charm as long as i don't enable encryption. I'm running kernel 2.4.3 and pppd 2.4.0 with the mppe patches. ppp_mppe.o modules loads fine, my w2k laptop can connect over the lan and over dialup. Authentication works fine and such, but when i enable encryption i can't even ping the remote ip from the tunnel. Without encryption it all works without any problems. In encryption mode the log reports ms-chapv2 & mppe 128. And no error msg's. Any suggestions anybody. -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker You just need to be a manager and stamp your little foot, hardware appaears out of thin air, and systems set themselves up! Et Voila got a working server farm from scratch in 2 months ;-) Get my GPG/PGP key by sending me an email with "getkey" as subject. Key fingerprint: 9083 1B03 3699 F345 BE18 5987 1F43 FFA0 BB96 06B7 From patrick.keys at forest.tele2.co.uk Sun May 6 13:41:49 2001 From: patrick.keys at forest.tele2.co.uk (Patrick Keys) Date: Sun, 6 May 2001 19:41:49 +0100 Subject: [pptp-server] Windows Network Browse Message-ID: Hello This is a question that seems to have been asked so many times, but I have yet to find any answers that have made my setup work. The problem is simple: I can't browse the remote network when using pptpd and windows clients. Here is a diagram of my setup: +-------------+ 10.1.5.155 10.1.5.150 +-----------+ | Windows Box |----------------//-----------------| Linux Box | +-------------+ PPTP Link +-----------+ via Internet | 10.1.4.250 +--------------------------------- Office Network (10.1.4.0) The windows box is running Windows 2000 and is using the in-built VPN software. The Linux box is running Samba 2.2.0, the current version of pptpd and the latest version of PPP. The kernel has been patched for PPP. Connections from the windows box to the pptp host are via the internet - both ends have static IP addresses. When the ppp interface is brought up on the Linux box, a route to the 10.1.5.0 network is added, netmask 255.255.255.0. I can ping any host on the office network, the interfaces on the Linux box etc. from the Windows machine. Conversely, I can ping the remote windows 2000 machine from any host on the office network. The office network contains either one or two NT servers for each domain - I am only trying to access one domain at present. It has a PDC and a backup DC. My problem is that I cannot browse the office network or access any office machine by name. I am able to access shares if I supply the IP address of the remote machine, subsequent to supplying a valid username and password. I have tried the following to make it work: - changing the local and remote addresses of the ppp link to 10.1.4.150 and 10.1.4.155 respectively - making the samba server a wins server - making the samba server a wins proxy - making the samba server a preferred master - making the samba server a domain master - supplying a remote announce parameter in samba - kicking the NT machines and Linux box Needless to say, all of my efforts have so far been fruitless. I am not at all keen to use WINS on the office network - we have a large turnover of machines, so it would be very inconvenient and machines would be 'forgotten'. I would also like to avoid using the samba machine as a master browser. LMHOSTS would be extremely inconvenient - we sometimes have to access the office from thousands of miles away on customer machines... they're not usually keen on someone playing with LMHOSTS. I have read that it is possible to do this... I've read hundreds of web pages, e-mails etc. but nothing has got me any closer. Someone must have done this - or am I asking too much? Many thanks in advance for your help Patrick From berzerke at swbell.net Sun May 6 13:50:48 2001 From: berzerke at swbell.net (robert) Date: Sun, 06 May 2001 13:50:48 -0500 Subject: [pptp-server] Pptp working only without encryption. In-Reply-To: References: Message-ID: <01050613504802.02926@linux> W2K clients are really picky about the option file you use. Try the option file in the 2.4 kernel howto at http://home.swbell.net/berzerke On Sunday 06 May 2001 06:49, Stijn Jonker wrote: > Hello, > > I got pptp working like a charm as long as i don't enable encryption. > > I'm running kernel 2.4.3 and pppd 2.4.0 with the mppe patches. ppp_mppe.o > modules loads fine, my w2k laptop can connect over the lan and over > dialup. Authentication works fine and such, but when i enable encryption i > can't even ping the remote ip from the tunnel. Without encryption it all > works without any problems. > > In encryption mode the log reports ms-chapv2 & mppe 128. And no error > msg's. > > Any suggestions anybody. From lists at earthling.2y.net Sun May 6 13:27:35 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sun, 6 May 2001 14:27:35 -0400 (EDT) Subject: [pptp-server] Windows Network Browse In-Reply-To: Message-ID: Ok, first of all, Are you handing out the wins server address via pppd to the pptp clients? second of all, are they all in the same domain/workgroup? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu On Sun, 6 May 2001, Patrick Keys wrote: > Hello > > This is a question that seems to have been asked so many times, but I have > yet to find any answers that have made my setup work. The problem is simple: > I can't browse the remote network when using pptpd and windows clients. Here > is a diagram of my setup: > > > +-------------+ 10.1.5.155 10.1.5.150 +-----------+ > | Windows Box |----------------//-----------------| Linux Box | > +-------------+ PPTP Link +-----------+ > via Internet | 10.1.4.250 > > +--------------------------------- Office Network > > (10.1.4.0) > > The windows box is running Windows 2000 and is using the in-built VPN > software. > > The Linux box is running Samba 2.2.0, the current version of pptpd and the > latest version of PPP. The kernel has been patched for PPP. Connections from > the windows box to the pptp host are via the internet - both ends have > static IP addresses. > > When the ppp interface is brought up on the Linux box, a route to the > 10.1.5.0 network is added, netmask 255.255.255.0. I can ping any host on the > office network, the interfaces on the Linux box etc. from the Windows > machine. Conversely, I can ping the remote windows 2000 machine from any > host on the office network. The office network contains either one or two NT > servers for each domain - I am only trying to access one domain at present. > It has a PDC and a backup DC. > > My problem is that I cannot browse the office network or access any office > machine by name. I am able to access shares if I supply the IP address of > the remote machine, subsequent to supplying a valid username and password. > > I have tried the following to make it work: > > - changing the local and remote addresses of the ppp link to 10.1.4.150 and > 10.1.4.155 respectively > - making the samba server a wins server > - making the samba server a wins proxy > - making the samba server a preferred master > - making the samba server a domain master > - supplying a remote announce parameter in samba > - kicking the NT machines and Linux box > > Needless to say, all of my efforts have so far been fruitless. > > I am not at all keen to use WINS on the office network - we have a large > turnover of machines, so it would be very inconvenient and machines would be > 'forgotten'. I would also like to avoid using the samba machine as a master > browser. LMHOSTS would be extremely inconvenient - we sometimes have to > access the office from thousands of miles away on customer machines... > they're not usually keen on someone playing with LMHOSTS. > > I have read that it is possible to do this... I've read hundreds of web > pages, e-mails etc. but nothing has got me any closer. Someone must have > done this - or am I asking too much? > > Many thanks in advance for your help > > Patrick > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Sun May 6 13:28:37 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sun, 6 May 2001 14:28:37 -0400 (EDT) Subject: [pptp-server] Off Subject: WinME -> WinNT In-Reply-To: <01050514192302.01053@wookie.seattlefirewall.dyndns.org> Message-ID: Now this is funky, Win2k clients also wont talk to the NT4 server... (well, it connects, you get a error 781 or, your authenticated, but then it drops you)... this is getting really annoying. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu On Sat, 5 May 2001, Tom Eastep wrote: > On Saturday 05 May 2001 12:29, Justin Kreger wrote: > > Nope, using 2.4 SNAT and DNAT. It works for Win98 from my home lan > > (masqueraded). > > > > Haven't tried a server behind a 2.4 firewall -- I just run PoPToP on the > firewall box itself. > > -Tom > -- > Tom Eastep \ Alt Email: tom at seattlefirewall.dyndns.org > ICQ #60745924 \ Websites: http://seawall.sourceforge.net > teastep at evergo.net \ http://seattlefirewall.dyndns.org > Shoreline, Washington USA \ http://shorewall.sourceforge.net > \_________________________________________ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From Steve at SteveCowles.com Sun May 6 16:39:27 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sun, 6 May 2001 16:39:27 -0500 Subject: [pptp-server] Off Subject: WinME -> WinNT Message-ID: <90769AF04F76D41186C700A0C90AFC3EE785@defiant.infohiiway.com> > -----Original Message----- > From: Justin Kreger [mailto:lists at earthling.2y.net] > Sent: Sunday, May 06, 2001 1:29 PM > To: Eastep, Tom > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Off Subject: WinME -> WinNT > > > Now this is funky, Win2k clients also wont talk to the NT4 > server... (well, it connects, you get a error 781 or, your > authenticated, but then it drops you)... this is getting > really annoying. > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu Justin, I hope I'm understanding your post correctly, but... I have had no such problems with NT4 (sp6) based PPTP servers. In fact, most of my customers are running NT4 PPTP servers behind a firewall (linux or other). I connect into them all the time to administer them from behind my firewall or as a road warrior with my laptop. FWIW: My desktop is running W2K and my laptop is running WinME. Also, I have seen the problem you mentioned earlier about the "no valid cert" error when using my W2K system. To be honest, this is a really strange error. In fact, I have no idea why this is happening, but I have found that if I logout and then log back in (w2k), then re-establish the VPN, I do not get this error anymore. Odd!!! Steve Cowles From sjcjonker at sjc.nl Sun May 6 17:00:28 2001 From: sjcjonker at sjc.nl (Stijn Jonker) Date: Mon, 7 May 2001 00:00:28 +0200 (CEST) Subject: [pptp-server] Pptp working only without encryption. In-Reply-To: <01050613504802.02926@linux> Message-ID: On Sun, 6 May 2001, robert wrote: Thanks for the reply, I copied and pasted those options, and no success, still the links goes up ok, but no traffic. Is there anything I can do like give an option to the mppe modules to force debugging or such? > W2K clients are really picky about the option file you use. Try the option > file in the 2.4 kernel howto at http://home.swbell.net/berzerke > > On Sunday 06 May 2001 06:49, Stijn Jonker wrote: > > Hello, > > > > I got pptp working like a charm as long as i don't enable encryption. > > > > I'm running kernel 2.4.3 and pppd 2.4.0 with the mppe patches. ppp_mppe.o > > modules loads fine, my w2k laptop can connect over the lan and over > > dialup. Authentication works fine and such, but when i enable encryption i > > can't even ping the remote ip from the tunnel. Without encryption it all > > works without any problems. > > > > In encryption mode the log reports ms-chapv2 & mppe 128. And no error > > msg's. > > > > Any suggestions anybody. > -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker You just need to be a manager and stamp your little foot, hardware appaears out of thin air, and systems set themselves up! Et Voila got a working server farm from scratch in 2 months ;-) Get my GPG/PGP key by sending me an email with "getkey" as subject. Key fingerprint: 9083 1B03 3699 F345 BE18 5987 1F43 FFA0 BB96 06B7 From lists at earthling.2y.net Sun May 6 16:17:04 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sun, 6 May 2001 17:17:04 -0400 (EDT) Subject: [pptp-server] Off Subject: WinME -> WinNT In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE785@defiant.infohiiway.com> Message-ID: Its just weird.... The NT server is not in my relm of control. I have told my boss to try re-installing RRAS, and putting the latest service pack on, I Don't think he has been doing it. *shrug* I would just like to have a tunnel into work that works... because pptp in 98 sucks. *shrug* Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu From GeorgeV at citadelcomputer.com.au Sun May 6 17:14:51 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 7 May 2001 08:14:51 +1000 Subject: [pptp-server] Windows Network Browse Message-ID: <200FAA488DE0D41194F10010B597610D0D22AB@JUPITER> Try this. Use proxyarp on your /etc/ppp/options file for pptp then in samba (not sure on 2.2.0) put the following remote annouce = 10.1.5.255 10.1.5.155 I found this patched my problem at home.. it's not a great idea but it worked for me thanks, George Vieira -----Original Message----- From: Patrick Keys [mailto:patrick.keys at forest.tele2.co.uk] Sent: Monday, May 07, 2001 4:42 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Windows Network Browse Hello This is a question that seems to have been asked so many times, but I have yet to find any answers that have made my setup work. The problem is simple: I can't browse the remote network when using pptpd and windows clients. Here is a diagram of my setup: +-------------+ 10.1.5.155 10.1.5.150 +-----------+ | Windows Box |----------------//-----------------| Linux Box | +-------------+ PPTP Link +-----------+ via Internet | 10.1.4.250 +--------------------------------- Office Network (10.1.4.0) The windows box is running Windows 2000 and is using the in-built VPN software. The Linux box is running Samba 2.2.0, the current version of pptpd and the latest version of PPP. The kernel has been patched for PPP. Connections from the windows box to the pptp host are via the internet - both ends have static IP addresses. When the ppp interface is brought up on the Linux box, a route to the 10.1.5.0 network is added, netmask 255.255.255.0. I can ping any host on the office network, the interfaces on the Linux box etc. from the Windows machine. Conversely, I can ping the remote windows 2000 machine from any host on the office network. The office network contains either one or two NT servers for each domain - I am only trying to access one domain at present. It has a PDC and a backup DC. My problem is that I cannot browse the office network or access any office machine by name. I am able to access shares if I supply the IP address of the remote machine, subsequent to supplying a valid username and password. I have tried the following to make it work: - changing the local and remote addresses of the ppp link to 10.1.4.150 and 10.1.4.155 respectively - making the samba server a wins server - making the samba server a wins proxy - making the samba server a preferred master - making the samba server a domain master - supplying a remote announce parameter in samba - kicking the NT machines and Linux box Needless to say, all of my efforts have so far been fruitless. I am not at all keen to use WINS on the office network - we have a large turnover of machines, so it would be very inconvenient and machines would be 'forgotten'. I would also like to avoid using the samba machine as a master browser. LMHOSTS would be extremely inconvenient - we sometimes have to access the office from thousands of miles away on customer machines... they're not usually keen on someone playing with LMHOSTS. I have read that it is possible to do this... I've read hundreds of web pages, e-mails etc. but nothing has got me any closer. Someone must have done this - or am I asking too much? Many thanks in advance for your help Patrick _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From berzerke at swbell.net Sun May 6 20:05:38 2001 From: berzerke at swbell.net (robert) Date: Sun, 06 May 2001 20:05:38 -0500 Subject: [pptp-server] Off Subject: WinME -> WinNT In-Reply-To: References: Message-ID: <01050620053801.04597@linux> Don't feel bad. W2K only plays well with other W2K boxes. This is by [very bad!] design. On Sunday 06 May 2001 13:28, Justin Kreger wrote: > Now this is funky, Win2k clients also wont talk to the NT4 > server... (well, it connects, you get a error 781 or, your authenticated, > but then it drops you)... this is getting really annoying. > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu > > On Sat, 5 May 2001, Tom Eastep wrote: > > On Saturday 05 May 2001 12:29, Justin Kreger wrote: > > > Nope, using 2.4 SNAT and DNAT. It works for Win98 from my home lan > > > (masqueraded). > > > > Haven't tried a server behind a 2.4 firewall -- I just run PoPToP on the > > firewall box itself. > > > > -Tom > > -- > > Tom Eastep \ Alt Email: tom at seattlefirewall.dyndns.org > > ICQ #60745924 \ Websites: http://seawall.sourceforge.net > > teastep at evergo.net \ http://seattlefirewall.dyndns.org > > Shoreline, Washington USA \ http://shorewall.sourceforge.net > > \_________________________________________ > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From berzerke at swbell.net Sun May 6 20:09:08 2001 From: berzerke at swbell.net (robert) Date: Sun, 06 May 2001 20:09:08 -0500 Subject: [pptp-server] Pptp working only without encryption. In-Reply-To: References: Message-ID: <01050620090802.04597@linux> What does you modules.conf look like? A correct one is in the howto. On Sunday 06 May 2001 17:00, Stijn Jonker wrote: > On Sun, 6 May 2001, robert wrote: > > > Thanks for the reply, > > I copied and pasted those options, and no success, still the links goes up > ok, but no traffic. Is there anything I can do like give an option to the > mppe modules to force debugging or such? > > > W2K clients are really picky about the option file you use. Try the > > option file in the 2.4 kernel howto at http://home.swbell.net/berzerke > > > > On Sunday 06 May 2001 06:49, Stijn Jonker wrote: > > > Hello, > > > > > > I got pptp working like a charm as long as i don't enable encryption. > > > > > > I'm running kernel 2.4.3 and pppd 2.4.0 with the mppe patches. > > > ppp_mppe.o modules loads fine, my w2k laptop can connect over the lan > > > and over dialup. Authentication works fine and such, but when i enable > > > encryption i can't even ping the remote ip from the tunnel. Without > > > encryption it all works without any problems. > > > > > > In encryption mode the log reports ms-chapv2 & mppe 128. And no error > > > msg's. > > > > > > Any suggestions anybody. From dhenders at itdepartment.com Mon May 7 07:35:17 2001 From: dhenders at itdepartment.com (Dave Henderson) Date: Mon, 7 May 2001 08:35:17 -0400 Subject: [pptp-server] Pptp working only without encryption. Message-ID: <81C9FDB7ACCED2119A43006097C9F5A2437B4C@Mail.ITDepartment.com> I've been messing with this stuff last week, and I've found that the option file in that howto doesn't work... however, once I removed the mppe-40 option, the encrypted connection started working like a charm... -----Original Message----- From: robert [mailto:berzerke at swbell.net] Sent: May 6, 2001 14:51 To: Stijn Jonker; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Pptp working only without encryption. W2K clients are really picky about the option file you use. Try the option file in the 2.4 kernel howto at http://home.swbell.net/berzerke On Sunday 06 May 2001 06:49, Stijn Jonker wrote: > Hello, > > I got pptp working like a charm as long as i don't enable encryption. > > I'm running kernel 2.4.3 and pppd 2.4.0 with the mppe patches. ppp_mppe.o > modules loads fine, my w2k laptop can connect over the lan and over > dialup. Authentication works fine and such, but when i enable encryption i > can't even ping the remote ip from the tunnel. Without encryption it all > works without any problems. > > In encryption mode the log reports ms-chapv2 & mppe 128. And no error > msg's. > > Any suggestions anybody. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From ghansen at astaro.de Mon May 7 16:50:21 2001 From: ghansen at astaro.de (Gert R. Hansen) Date: Mon, 7 May 2001 23:50:21 +0200 Subject: AW: [pptp-server] Pptp working only without encryption. Message-ID: <522A69BCBAD4D543B1638679965FBCA9CD4A@exchange.intranet.astaro.de> I am messing also, I can confirm this behavior. The authentication works fine and on the windows side everything looks ok. The pppd tells me 'MPPE 128bit, stateless compression enabled' and LCP Requests and Replys are going through, so there is traffic on the gre data channel. But there is no other traffic going through. I tested it with a 128bit enabled Windows2000 client. I only get this client running, removing [mppe-40] from the options file. Has anybody got poptop running having 40bit and 128bit enabled ? What Clients are you using? Trying more tomorrow kind regards Gert -- Gert Hansen | Product Development | Astaro AG | www.astaro.com | -----Urspr?ngliche Nachricht----- Von: Dave Henderson [mailto:dhenders at itdepartment.com] Gesendet: Montag, 7. Mai 2001 14:35 An: 'robert'; Stijn Jonker; pptp-server at lists.schulte.org Betreff: RE: [pptp-server] Pptp working only without encryption. I've been messing with this stuff last week, and I've found that the option file in that howto doesn't work... however, once I removed the mppe-40 option, the encrypted connection started working like a charm... -----Original Message----- From: robert [mailto:berzerke at swbell.net] Sent: May 6, 2001 14:51 To: Stijn Jonker; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Pptp working only without encryption. W2K clients are really picky about the option file you use. Try the option file in the 2.4 kernel howto at http://home.swbell.net/berzerke On Sunday 06 May 2001 06:49, Stijn Jonker wrote: > Hello, > > I got pptp working like a charm as long as i don't enable encryption. > > I'm running kernel 2.4.3 and pppd 2.4.0 with the mppe patches. ppp_mppe.o > modules loads fine, my w2k laptop can connect over the lan and over > dialup. Authentication works fine and such, but when i enable encryption i > can't even ping the remote ip from the tunnel. Without encryption it all > works without any problems. > > In encryption mode the log reports ms-chapv2 & mppe 128. And no error > msg's. > > Any suggestions anybody. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! -------------- next part -------------- An HTML attachment was scrubbed... URL: From de at kracked.com Mon May 7 19:06:17 2001 From: de at kracked.com (Justin) Date: Mon, 7 May 2001 19:06:17 -0500 Subject: [pptp-server] PPTP Setup problem Message-ID: I'm working on setting up VPN with poptop on my server. I ran through the howto on the website. Then when I try having win2k connect to the server. I ran through the tutorial located at http://poptop.lineo.com/releases/win2k.doc.gz to try to have it connect. (top to bottom of course) It connects, and tries verifying password. Thats where it sits then drops connection. I checked my logfile and heres what it spits out for the session ---------------- May 7 18:58:34 shift pptpd[1888]: CTRL: Client 206.11.239.85 control connection started May 7 18:58:34 shift pptpd[1888]: CTRL: Starting call (launching pppd, opening GRE) May 7 18:58:34 shift pppd[1889]: pppd 2.3.11 started by root, uid 0 May 7 18:58:34 shift pppd[1889]: Using interface ppp0 May 7 18:58:34 shift pppd[1889]: Connect: ppp0 <--> /dev/pts/3 May 7 18:58:34 shift pppd[1889]: sent [LCP ConfReq id=0x1 ] May 7 18:59:01 shift last message repeated 9 times May 7 18:59:04 shift pppd[1889]: LCP: timeout sending Config-Requests May 7 18:59:04 shift pptpd[1888]: GRE: read(fd=4,buffer=804d840,len=8196) from PTY failed: status = -1 error = Input/output error May 7 18:59:04 shift pptpd[1888]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) May 7 18:59:04 shift pptpd[1888]: CTRL: Client 206.11.239.85 control connection finished May 7 18:59:04 shift pppd[1889]: Connection terminated. May 7 18:59:04 shift pppd[1889]: Exit. ---------------- Anyone have any ideas out there or need any more info? If you can message me via icq (4073990) or AIM (trahma81) and help me directly I think it'd be easier, but I'll understand if you'd prefer to reply to email. Thanks in advance for any help.. -Justin From neale at lowendale.com.au Mon May 7 23:06:10 2001 From: neale at lowendale.com.au (Neale Banks) Date: Tue, 8 May 2001 14:06:10 +1000 (EST) Subject: [pptp-server] PPTP Setup problem In-Reply-To: Message-ID: On Mon, 7 May 2001, Justin wrote: > I'm working on setting up VPN with poptop on my server. I ran through the > howto on the website. Then when I try having win2k connect to the server. > I ran through the tutorial located at > http://poptop.lineo.com/releases/win2k.doc.gz to try to have it connect. > (top to bottom of course) It connects, and tries verifying password. Thats > where it sits then drops connection. > > I checked my logfile and heres what it spits out for the session > > ---------------- > May 7 18:58:34 shift pptpd[1888]: CTRL: Client 206.11.239.85 control > connection started > May 7 18:58:34 shift pptpd[1888]: CTRL: Starting call (launching pppd, > opening GRE) > May 7 18:58:34 shift pppd[1889]: pppd 2.3.11 started by root, uid 0 > May 7 18:58:34 shift pppd[1889]: Using interface ppp0 > May 7 18:58:34 shift pppd[1889]: Connect: ppp0 <--> /dev/pts/3 > May 7 18:58:34 shift pppd[1889]: sent [LCP ConfReq id=0x1 > ] > May 7 18:59:01 shift last message repeated 9 times > May 7 18:59:04 shift pppd[1889]: LCP: timeout sending Config-Requests I'd hazard a guess that the GRE path is obstructed somewhere (at least from caller to server, possibly both ways). GRE of course being IP protocol 47 (not to be confused with port #s). HTH, Neale. From dimambro at pacbell.net Mon May 7 21:20:32 2001 From: dimambro at pacbell.net (Brian L. DiMambro) Date: Mon, 07 May 2001 19:20:32 -0700 Subject: [pptp-server] ppp modprobe errors during install Message-ID: <5.0.2.1.0.20010507190849.00ac9e78@postoffice.pacbell.net> Hi All I am having problems getting PoPToP installed on an Alpha DS10 running the generic 2.2.18 kernel. I have followed the HOWTO instructions and have successfully connected with no encryption. I then installed ppp with mppe using a clean distribution of the 22.18 kernel, ppp2.3.11 and the following patches: ppp-2.3.11-openssl-0.9.5a-mppe-alpha.patch ppp_mppe_compressed_data_fix.diff if_ppp_2.2.17.diff The if_ppp_2.2.17.diff patch would not install so I manually updated the /usr/src/linux/include/linux/if_ppp.h and if_pppvar.h files to correct the compile time errors. The compile of ppp completed successfully even though I saw a message about an un-registered compressor when ppp.o was being compiled. I copied the files to /lib/modules/2.2.18/net, registered the new modules per the HOWTO and successfully completed the depmod -a. When I run the modprobe ppp I get the following errors: [root at bubba src]# modprobe ppp /lib/modules/2.2.18/net/ppp.o: unresolved symbol kill_fasync_Rc137a225 /lib/modules/2.2.18/net/ppp.o: unresolved symbol register_netdev_Rc260bc02 /lib/modules/2.2.18/net/ppp.o: unresolved symbol __kfree_skb_R30675fde /lib/modules/2.2.18/net/ppp.o: unresolved symbol netif_rx_Rae7d86d7 /lib/modules/2.2.18/net/ppp.o: unresolved symbol alloc_skb_R16cc3541 /lib/modules/2.2.18/net/ppp.o: unresolved symbol tty_register_ldisc_Rfa9ef03f /lib/modules/2.2.18/net/ppp.o: unresolved symbol skb_under_panic_R9379f1ea /lib/modules/2.2.18/net/ppp.o: unresolved symbol skb_over_panic_Ra8d79ed1 /lib/modules/2.2.18/net/ppp.o: unresolved symbol n_tty_ioctl_Rc9baf0b1 /lib/modules/2.2.18/net/ppp.o: unresolved symbol unregister_netdev_R9c7e9816 /lib/modules/2.2.18/net/ppp.o: unresolved symbol dev_alloc_name_R6c8c29de /lib/modules/2.2.18/net/ppp.o: insmod /lib/modules/2.2.18/net/ppp.o failed /lib/modules/2.2.18/net/ppp.o: insmod ppp failed I also tried the non Alpha mppe patch with the same errors. Any help will be greatly appreciated. Thanks in advance Brian From RLDITTO at BRIGHT.NET Tue May 8 08:05:07 2001 From: RLDITTO at BRIGHT.NET (JOE) Date: Tue, 8 May 2001 09:05:07 -0400 Subject: [pptp-server] pptp setup question Message-ID: <004501c0d7bf$81f02be0$0200a8c0@backdog> hello, I have a client that decided to open up an office in another city. The Setup: office 1: local server is just running peer to peer networking with win98. The office has a wireless internet in our building which we share with other businesses the local isp (across the street) is offering this and they installed a linux box which every business in the building uses. we then have a third party win98 proxy server (sygate). office 2: one person running win98 and is the only one that needs to get to the local server at office 1. solution: install a linux server to replace the win98 proxy server install poptop on the new server. Get isp to let traffic flow to my linux box through the appropriate ports on their linux box(ip forwarding on their end?). problem: I'm really new to this and am trying to broaden my horizons. Is this it? What else do I have to worry about. Also, some of the setup guides talk about ip masqarading do i really need to worry about that with the current setup? or ipsec. what about samba do i need to install this to allow my client to access the win98 server at our office 1 and create a disk share to that server? anybody that can help would be greatly appreciated. -------------- next part -------------- An HTML attachment was scrubbed... URL: From themmaster at digitalme.com Wed May 9 00:22:56 2001 From: themmaster at digitalme.com (Hein-Pieter van Braam) Date: Wed, 9 May 2001 04:22:56 -0100 Subject: [pptp-server] Tunnel in a tunnel? Message-ID: <01050904225600.01064@tmm-wks-01> HI all! I have a problem: here in holland we have an ADSL connection called MXSTREAM (it suxx) anywayz to connect you first have to make a VPN connection to your "router" (or whatever it is) and then complete a logon script on the main site of mxstream. Now there is a small company that uses mxstream and have 2 locations and they want to connect them using a VPN. my question: is it possible to make a VPN connection over that existing VPN connection to that other location through ANOTHER VPN connection? (seeing stars yet ;-) ) thanx people! From walterm at Gliatech.com Tue May 8 15:57:22 2001 From: walterm at Gliatech.com (Michael Walter) Date: Tue, 8 May 2001 16:57:22 -0400 Subject: [pptp-server] Tunnel in a tunnel? Message-ID: AT&T Global Net Service(IPass) requires a vpn(pptp) connection. Our remote international users regularly connect to our networks vpn(pptp) through AT&T's vpn. All this through a modem that rarely gets a better connection than 28.8. From there they connect to a citrix server, which is doing it's own encryption. So it is definitely possible to have pptp tunnels inside other pptp tunnels and even other types of tunnels inside those. I have to admit to at least a little amazement that this works as well as it does though. Thanks, Michael J. Walter rhce mcdba mcse+i a+ Network Administrator Gliatech, Inc. 23420 Commerce Park Rd. Beachwood, Ohio 44122 Tel: (216) 831-3200 Email: walterm at gliatech.com -----Original Message----- From: Hein-Pieter van Braam [mailto:themmaster at digitalme.com] Sent: Wednesday, May 09, 2001 1:23 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Tunnel in a tunnel? HI all! I have a problem: here in holland we have an ADSL connection called MXSTREAM (it suxx) anywayz to connect you first have to make a VPN connection to your "router" (or whatever it is) and then complete a logon script on the main site of mxstream. Now there is a small company that uses mxstream and have 2 locations and they want to connect them using a VPN. my question: is it possible to make a VPN connection over that existing VPN connection to that other location through ANOTHER VPN connection? (seeing stars yet ;-) ) thanx people! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From mattgav at tempo.com.au Tue May 8 18:53:29 2001 From: mattgav at tempo.com.au (Matthew Gavin) Date: Wed, 9 May 2001 09:53:29 +1000 Subject: [pptp-server] Kernel 2.4.2 + Poptop 1.1.2 + PPPD 2.4.0 Config Docs? Message-ID: Hi all, I have been using the Poptop VPN on a Redhat 6.0 Server for about two years now. I finally committed myself to upgrade the web server yesterday to Red Hat 7.1. It is done and working well (except for Poptop). Browsing the mailing list, a lot of you have had success on the newer kernel. I need some good documentation though? I am reading many conflicting ideas and procedures. Have we decided on the best procedure for the following? Kernel 2.4.2 Poptop 1.1.2 PPPD 2.4.0 Regards, Matthew Gavin Systems Administrator Tempo Services Limited +61 2 9844 2282 mattgav at tempo.com.au http://www.tempo.com.au/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris.dos at clarent.com Tue May 8 23:23:36 2001 From: chris.dos at clarent.com (Chris Dos) Date: Tue, 08 May 2001 22:23:36 -0600 Subject: [pptp-server] NAT'ing problem Message-ID: <3AF8C648.1AA92D46@clarent.com> I have two employees behind the same cable modem which is providing NAT for their internal network. The cable modem can NAT one connection to my PopTop PPTP server just fine. But it fails when the second person tries. Both can connect simultaneously to a Windows NT PPTP server. Does anyone know of a reason why PopTp only allows one PPTP connection per NAT'd device that supports multiple PPTP NAT'ing? Chris -- Chris Dos Lead Unix Engineer Clarent Corporation From GeorgeV at citadelcomputer.com.au Tue May 8 23:58:26 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 9 May 2001 14:58:26 +1000 Subject: [pptp-server] NAT'ing problem Message-ID: <200FAA488DE0D41194F10010B597610D012460@JUPITER> Probably because it's working on the IP only and not on a socket? my guess. > -----Original Message----- > From: Chris Dos [SMTP:chris.dos at clarent.com] > Sent: Wednesday, May 09, 2001 2:24 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] NAT'ing problem > > I have two employees behind the same cable modem which is providing NAT > for their internal network. The cable modem can NAT one connection to my > PopTop PPTP server just fine. But it fails when the second person tries. > Both can connect simultaneously to a Windows NT PPTP server. Does anyone > know of a reason why PopTp only allows one PPTP connection per NAT'd > device that supports multiple PPTP NAT'ing? > > Chris > > -- > Chris Dos Lead Unix Engineer > Clarent Corporation > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From toner18 at c4.com Tue May 8 19:23:53 2001 From: toner18 at c4.com (toner18 at c4.com) Date: Tue, 8 May 2001 19:23:53 Subject: [pptp-server] toner supplies Message-ID: <101.303760.458420@c4.com> PLEASE FORWARD TO THE PERSON RESPONSIBLE FOR PURCHASING YOUR LASER PRINTER SUPPLIES **** VORTEX SUPPLIES **** -SPECIALS OF THE DAY ON LASER TONER SUPPLIES AT DISCOUNT PRICES-- LASER PRINTER TONER CARTRIDGES COPIER AND FAX CARTRIDGES WE ARE -->THE<-- PLACE TO BUY YOUR TONER CARTRIDGES BECAUSE YOU SAVE UP TO 30% FROM OFFICE DEPOT'S, QUILL'S OR OFFICE MAX'S EVERY DAY LOW PRICES ORDER BY PHONE:1-888-288-9043 ORDER BY FAX: 1-888-977-1577 CUSTOMER SERVICE: 1-888-248-2015 E-MAIL REMOVAL LINE: 1-888-248-4930 UNIVERSITY AND/OR SCHOOL PURCHASE ORDERS WELCOME. (NO CREDIT APPROVAL REQUIRED) ALL OTHER PURCHASE ORDER REQUESTS REQUIRE CREDIT APPROVAL. PAY BY CHECK (C.O.D), CREDIT CARD OR PURCHASE ORDER (NET 30 DAYS). IF YOUR ORDER IS BY CREDIT CARD PLEASE LEAVE YOUR CREDIT CARD # PLUS EXPIRATION DATE. IF YOUR ORDER IS BY PURCHASE ORDER LEAVE YOUR SHIPPING/BILLING ADDRESSES AND YOUR P.O. NUMBER C.O.D. ORDERS ADD $4.5 TO SHIPPING CHARGES. FOR THOSE OF YOU WHO REQUIRE MORE INFORMATION ABOUT OUR COMPANY INCUDING FEDERAL TAX ID NUMBER, CLOSEST SHIPPING OR CORPORATE ADDRESS IN THE CONTINENTAL U.S. OR FOR CATALOG REQUESTS PLEASE CALL OUR CUSTOMER SERVICE LINE 1-888-248-2015 OUR NEW , LASER PRINTER TONER CARTRIDGE, PRICES ARE AS FOLLOWS: (PLEASE ORDER BY PAGE NUMBER AND/OR ITEM NUMBER) HEWLETT PACKARD: (ON PAGE 2) ITEM #1 LASERJET SERIES 4L,4P (74A)------------------------$44 ITEM #2 LASERJET SERIES 1100 (92A)-------------------------$44 ITEM #3 LASERJET SERIES 2 (95A)-------------------------------$39 ITEM #4 LASERJET SERIES 2P (75A)-----------------------------$54 ITEM #5 LASERJET SERIES 5P,6P,5MP, 6MP (3903A)--$44 ITEM #6 LASERJET SERIES 5SI, 8000 (09A)------------------$95 ITEM #7 LASERJET SERIES 2100 (96A)-------------------------$74 ITEM #8 LASERJET SERIES 8100 (82X)-----------------------$145 ITEM #9 LASERJET SERIES 5L/6L (3906A)------------------$35 ITEM #10 LASERJET SERIES 4V-------------------------------------$95 ITEM #11 LASERJET SERIES 4000 (27X)-------------------------$72 ITEM #12 LASERJET SERIES 3SI/4SI (91A)--------------------$54 ITEM #13 LASERJET SERIES 4, 4M, 5,5M-----------------------$49 ITEM #13A LASERJET SERIES 5000 (29X)---------------------$95 HEWLETT PACKARD FAX (ON PAGE 2) ITEM #14 LASERFAX 500, 700 (FX1)----------$49 ITEM #15 LASERFAX 5000,7000 (FX2)------$54 ITEM #16 LASERFAX (FX3)------------------------$59 ITEM #17 LASERFAX (FX4)------------------------$54 LEXMARK/IBM (ON PAGE 3) OPTRA 4019, 4029 HIGH YIELD---------------$89 OPTRA R, 4039, 4049 HIGH YIELD---------$105 OPTRA E----------------------------------------------------$59 OPTRA N--------------------------------------------------$115 OPTRA S--------------------------------------------------$165 EPSON (ON PAGE 4) ACTION LASER 7000,7500,8000,9000-------$105 ACTION LASER 1000,1500-------------------------$105 CANON PRINTERS (ON PAGE 5) PLEASE CALL FOR MODELS AND UPDATED PRICES FOR CANON PRINTER CARTRIDGES PANASONIC (0N PAGE 7) NEC SERIES 2 MODELS 90 AND 95----------$105 APPLE (0N PAGE 8) LASER WRITER PRO 600 or 16/600------------$49 LASER WRITER SELECT 300,320,360---------$74 LASER WRITER 300 AND 320----------------------$54 LASER WRITER NT, 2NT------------------------------$54 LASER WRITER 12/640--------------------------------$79 CANON FAX (ON PAGE 9) LASERCLASS 4000 (FX3)---------------------------$59 LASERCLASS 5000,6000,7000 (FX2)---------$54 LASERFAX 5000,7000 (FX2)----------------------$54 LASERFAX 8500,9000 (FX4)----------------------$54 CANON COPIERS (PAGE 10) PC 3, 6RE, 7 AND 11 (A30)---------------------$69 PC 300,320,700,720 and 760 (E-40)--------$89 IF YOUR CARTRIDGE IS NOT LISTED CALL CUSTOMER SERVICE AT 1-888-248-2015 90 DAY UNLIMITED WARRANTY INCLUDED ON ALL PRODUCTS. ALL TRADEMARKS AND BRAND NAMES LISTED ABOVE ARE PROPERTY OF THE RESPECTIVE HOLDERS AND USED FOR DESCRIPTIVE PURPOSES ONLY. From mattgav at tempo.com.au Wed May 9 00:58:25 2001 From: mattgav at tempo.com.au (Matthew Gavin) Date: Wed, 9 May 2001 15:58:25 +1000 Subject: [pptp-server] Connect problems... Message-ID: What is happening here? I have followed the HOWTO @ http://home.swbell.net/berzerke? I have the installed: pptpd-1.1.2 ppp-2.4.0 2.4.2-2smp I can connect, I can ping the Poptop server but nothing (Further) internally? and yes I do have the /etc/modules.conf file correct. pptpd[26901]: CTRL: Client 63.12.2.49 control connection started pptpd[26901]: CTRL: Starting call (launching pppd, opening GRE) pppd[26902]: pppd 2.4.0 started by root, uid 0 pppd[26902]: Using interface ppp0 pppd[26902]: Connect: ppp0 <--> /dev/pts/4 kernel: PPP BSD Compression module registered modprobe: Can't locate module ppp-compress-18 kernel: PPP Deflate Compression module registered modprobe: modprobe: Can't locate module ppp-compress-18 pppd[26902]: MSCHAP-v2 peer authentication succeeded for mattgav pppd[26902]: found interface eth0 for proxy arp pppd[26902]: local IP address 203.41.208.130 pppd[26902]: remote IP address 203.41.208.193 Any help much appreciated? Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From josh.howlett at bristol.ac.uk Wed May 9 02:05:32 2001 From: josh.howlett at bristol.ac.uk (Josh Howlett) Date: Wed, 9 May 2001 08:05:32 +0100 Subject: [pptp-server] Connect problems... In-Reply-To: References: Message-ID: 1. Have you added proxyarp to your options file? 2. Does it work okay without encryption ? 3. Can you show us your routing and arp tables? josh. On Wed, 9 May 2001 15:58:25 +1000 Matthew Gavin wrote: > What is happening here? > > I have followed the HOWTO @ http://home.swbell.net/berzerke? > I have the installed: > > pptpd-1.1.2 > ppp-2.4.0 > 2.4.2-2smp > > I can connect, I can ping the Poptop server but nothing (Further) > internally? and yes I do have the /etc/modules.conf file correct. > > pptpd[26901]: CTRL: Client 63.12.2.49 control connection started > pptpd[26901]: CTRL: Starting call (launching pppd, opening GRE) > pppd[26902]: pppd 2.4.0 started by root, uid 0 > pppd[26902]: Using interface ppp0 > pppd[26902]: Connect: ppp0 <--> /dev/pts/4 > kernel: PPP BSD Compression module registered > modprobe: Can't locate module ppp-compress-18 > kernel: PPP Deflate Compression module registered > modprobe: modprobe: Can't locate module ppp-compress-18 > pppd[26902]: MSCHAP-v2 peer authentication succeeded for mattgav > pppd[26902]: found interface eth0 for proxy arp > pppd[26902]: local IP address 203.41.208.130 > pppd[26902]: remote IP address 203.41.208.193 > > Any help much appreciated? > > Matt > -------------------------------------- Josh Howlett, Network Supervisor, Information Systems and Computing, University of Bristol, U.K. josh.howlett at bris.ac.uk | 0117 9287850 From lists at earthling.2y.net Wed May 9 03:51:14 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 9 May 2001 04:51:14 -0400 (EDT) Subject: [pptp-server] NAT'ing problem In-Reply-To: <3AF8C648.1AA92D46@clarent.com> Message-ID: The best solution, is if there is a win2k server on their end, or maybe a linux box if you were bored enouf to set it up, you could route between their network, and your network, thru a single tunnel, giving both access to your network. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu On Tue, 8 May 2001, Chris Dos wrote: > I have two employees behind the same cable modem which is providing NAT for their internal network. The cable modem can NAT one connection to my PopTop PPTP server just fine. But it fails when the second person tries. Both can connect simultaneously to a Windows NT PPTP server. Does anyone know of a reason why PopTp only allows one PPTP connection per NAT'd device that supports multiple PPTP NAT'ing? > > Chris > > -- > Chris Dos Lead Unix Engineer > Clarent Corporation > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jvonau at home.com Wed May 9 05:14:07 2001 From: jvonau at home.com (Jerry Vonau) Date: Wed, 09 May 2001 05:14:07 -0500 Subject: [pptp-server] NAT'ing problem References: <200FAA488DE0D41194F10010B597610D012460@JUPITER> Message-ID: <3AF9186F.5E3DA4A1@home.com> Chris: I think this may apply to your situation, taken from : http://www.ibiblio.org/pub/Linux/docs/HOWTO/VPN-Masquerade-HOWTO section 2.7: The PPTP RFC specifies in section 3.1.3 that there may only be one control channel connection between two systems. This should mean that you can only masquerade one PPTP session at a time with a given remote server, but in practice the MS implementation of PPTP does not enforce this, at least not as of NT 4.0 Service Pack 4. If the PPTP server you're trying to connect to only permits one connection at a time, it's following the protocol rules properly. Note that this does not affect a masqueraded server, only multiple masqueraded clients attempting to contact the same remote server. Hope it helps.. Jerry Vonau > > -----Original Message----- > > From: Chris Dos [SMTP:chris.dos at clarent.com] > > Sent: Wednesday, May 09, 2001 2:24 PM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] NAT'ing problem > > > > I have two employees behind the same cable modem which is providing NAT > > for their internal network. The cable modem can NAT one connection to my > > PopTop PPTP server just fine. But it fails when the second person tries. > > Both can connect simultaneously to a Windows NT PPTP server. Does anyone > > know of a reason why PopTp only allows one PPTP connection per NAT'd > > device that supports multiple PPTP NAT'ing? > > > > Chris > > > > -- > > Chris Dos Lead Unix Engineer > > Clarent Corporation > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From toner19 at c4.com Wed May 9 07:05:25 2001 From: toner19 at c4.com (toner19 at c4.com) Date: Wed, 9 May 2001 07:05:25 Subject: [pptp-server] toner supplies Message-ID: <621.4648.760955@c4.com> PLEASE FORWARD TO THE PERSON RESPONSIBLE FOR PURCHASING YOUR LASER PRINTER SUPPLIES **** VORTEX SUPPLIES **** -SPECIALS OF THE DAY ON LASER TONER SUPPLIES AT DISCOUNT PRICES-- LASER PRINTER TONER CARTRIDGES COPIER AND FAX CARTRIDGES WE ARE -->THE<-- PLACE TO BUY YOUR TONER CARTRIDGES BECAUSE YOU SAVE UP TO 30% FROM OFFICE DEPOT'S, QUILL'S OR OFFICE MAX'S EVERY DAY LOW PRICES ORDER BY PHONE:1-888-288-9043 ORDER BY FAX: 1-888-977-1577 CUSTOMER SERVICE: 1-888-248-2015 E-MAIL REMOVAL LINE: 1-888-248-4930 UNIVERSITY AND/OR SCHOOL PURCHASE ORDERS WELCOME. (NO CREDIT APPROVAL REQUIRED) ALL OTHER PURCHASE ORDER REQUESTS REQUIRE CREDIT APPROVAL. PAY BY CHECK (C.O.D), CREDIT CARD OR PURCHASE ORDER (NET 30 DAYS). IF YOUR ORDER IS BY CREDIT CARD PLEASE LEAVE YOUR CREDIT CARD # PLUS EXPIRATION DATE. IF YOUR ORDER IS BY PURCHASE ORDER LEAVE YOUR SHIPPING/BILLING ADDRESSES AND YOUR P.O. NUMBER C.O.D. ORDERS ADD $4.5 TO SHIPPING CHARGES. FOR THOSE OF YOU WHO REQUIRE MORE INFORMATION ABOUT OUR COMPANY INCUDING FEDERAL TAX ID NUMBER, CLOSEST SHIPPING OR CORPORATE ADDRESS IN THE CONTINENTAL U.S. OR FOR CATALOG REQUESTS PLEASE CALL OUR CUSTOMER SERVICE LINE 1-888-248-2015 OUR NEW , LASER PRINTER TONER CARTRIDGE, PRICES ARE AS FOLLOWS: (PLEASE ORDER BY PAGE NUMBER AND/OR ITEM NUMBER) HEWLETT PACKARD: (ON PAGE 2) ITEM #1 LASERJET SERIES 4L,4P (74A)------------------------$44 ITEM #2 LASERJET SERIES 1100 (92A)-------------------------$44 ITEM #3 LASERJET SERIES 2 (95A)-------------------------------$39 ITEM #4 LASERJET SERIES 2P (75A)-----------------------------$54 ITEM #5 LASERJET SERIES 5P,6P,5MP, 6MP (3903A)--$44 ITEM #6 LASERJET SERIES 5SI, 8000 (09A)------------------$95 ITEM #7 LASERJET SERIES 2100 (96A)-------------------------$74 ITEM #8 LASERJET SERIES 8100 (82X)-----------------------$145 ITEM #9 LASERJET SERIES 5L/6L (3906A)------------------$35 ITEM #10 LASERJET SERIES 4V-------------------------------------$95 ITEM #11 LASERJET SERIES 4000 (27X)-------------------------$72 ITEM #12 LASERJET SERIES 3SI/4SI (91A)--------------------$54 ITEM #13 LASERJET SERIES 4, 4M, 5,5M-----------------------$49 ITEM #13A LASERJET SERIES 5000 (29X)---------------------$95 HEWLETT PACKARD FAX (ON PAGE 2) ITEM #14 LASERFAX 500, 700 (FX1)----------$49 ITEM #15 LASERFAX 5000,7000 (FX2)------$54 ITEM #16 LASERFAX (FX3)------------------------$59 ITEM #17 LASERFAX (FX4)------------------------$54 LEXMARK/IBM (ON PAGE 3) OPTRA 4019, 4029 HIGH YIELD---------------$89 OPTRA R, 4039, 4049 HIGH YIELD---------$105 OPTRA E----------------------------------------------------$59 OPTRA N--------------------------------------------------$115 OPTRA S--------------------------------------------------$165 EPSON (ON PAGE 4) ACTION LASER 7000,7500,8000,9000-------$105 ACTION LASER 1000,1500-------------------------$105 CANON PRINTERS (ON PAGE 5) PLEASE CALL FOR MODELS AND UPDATED PRICES FOR CANON PRINTER CARTRIDGES PANASONIC (0N PAGE 7) NEC SERIES 2 MODELS 90 AND 95----------$105 APPLE (0N PAGE 8) LASER WRITER PRO 600 or 16/600------------$49 LASER WRITER SELECT 300,320,360---------$74 LASER WRITER 300 AND 320----------------------$54 LASER WRITER NT, 2NT------------------------------$54 LASER WRITER 12/640--------------------------------$79 CANON FAX (ON PAGE 9) LASERCLASS 4000 (FX3)---------------------------$59 LASERCLASS 5000,6000,7000 (FX2)---------$54 LASERFAX 5000,7000 (FX2)----------------------$54 LASERFAX 8500,9000 (FX4)----------------------$54 CANON COPIERS (PAGE 10) PC 3, 6RE, 7 AND 11 (A30)---------------------$69 PC 300,320,700,720 and 760 (E-40)--------$89 IF YOUR CARTRIDGE IS NOT LISTED CALL CUSTOMER SERVICE AT 1-888-248-2015 90 DAY UNLIMITED WARRANTY INCLUDED ON ALL PRODUCTS. ALL TRADEMARKS AND BRAND NAMES LISTED ABOVE ARE PROPERTY OF THE RESPECTIVE HOLDERS AND USED FOR DESCRIPTIVE PURPOSES ONLY. From berzerke at swbell.net Wed May 9 09:14:49 2001 From: berzerke at swbell.net (robert) Date: Wed, 09 May 2001 09:14:49 -0500 Subject: [pptp-server] Kernel 2.4.2 + Poptop 1.1.2 + PPPD 2.4.0 Config Docs? In-Reply-To: References: Message-ID: <01050909144901.13820@linux> 2.4 kernel howto is at http://home.swbell.net/berzerke On Tuesday 08 May 2001 18:53, Matthew Gavin wrote: > Hi all, > > I have been using the Poptop VPN on a Redhat 6.0 Server for about two years > now. I finally committed myself to upgrade the web server yesterday to Red > Hat 7.1. It is done and working well (except for Poptop). > > Browsing the mailing list, a lot of you have had success on the newer > kernel. I need some good documentation though? I am reading many > conflicting ideas and procedures. Have we decided on the best procedure for > the following? > > Kernel 2.4.2 > Poptop 1.1.2 > PPPD 2.4.0 > > Regards, > > Matthew Gavin > Systems Administrator > Tempo Services Limited > +61 2 9844 2282 > mattgav at tempo.com.au > http://www.tempo.com.au/ ---------------------------------------- Content-Type: text/html; charset="windows-1252"; name="Attachment: 1" Content-Transfer-Encoding: quoted-printable Content-Description: ---------------------------------------- From berzerke at swbell.net Wed May 9 09:29:05 2001 From: berzerke at swbell.net (robert) Date: Wed, 09 May 2001 09:29:05 -0500 Subject: [pptp-server] Connect problems... In-Reply-To: References: Message-ID: <01050909290502.13820@linux> I have a vague memory of smp problems. However, assuming that is not the issue... The important line in the logs is: > modprobe: Can't locate module ppp-compress-18 This means a required module isn't loading for some reason. First, double check modules.conf. Is there a line in there: alias ppp-compress-18 ppp_mppe Did you make a typo? If that's there, do you actually have the ppp_mppe module? Do a search for the file ppp_mppe.o. The file should be found in the path: /lib/modules//kernel/drivers/net/ppp_mppe.o If the file is missing, that means the kernel patch and/or compile was not sucessful. Go back through the howto again and see what you missed. On Wednesday 09 May 2001 00:58, Matthew Gavin wrote: > What is happening here? > > I have followed the HOWTO @ http://home.swbell.net/berzerke? > I have the installed: > > pptpd-1.1.2 > ppp-2.4.0 > 2.4.2-2smp > > I can connect, I can ping the Poptop server but nothing (Further) > internally? and yes I do have the /etc/modules.conf file correct. > > pptpd[26901]: CTRL: Client 63.12.2.49 control connection started > pptpd[26901]: CTRL: Starting call (launching pppd, opening GRE) > pppd[26902]: pppd 2.4.0 started by root, uid 0 > pppd[26902]: Using interface ppp0 > pppd[26902]: Connect: ppp0 <--> /dev/pts/4 > kernel: PPP BSD Compression module registered > modprobe: Can't locate module ppp-compress-18 > kernel: PPP Deflate Compression module registered > modprobe: modprobe: Can't locate module ppp-compress-18 > pppd[26902]: MSCHAP-v2 peer authentication succeeded for mattgav > pppd[26902]: found interface eth0 for proxy arp > pppd[26902]: local IP address 203.41.208.130 > pppd[26902]: remote IP address 203.41.208.193 > > Any help much appreciated? > > Matt ---------------------------------------- Content-Type: text/html; charset="windows-1252"; name="Attachment: 1" Content-Transfer-Encoding: quoted-printable Content-Description: ---------------------------------------- From kirk at prince-of-darkness.cc Wed May 9 16:37:59 2001 From: kirk at prince-of-darkness.cc (Kirk) Date: Wed, 09 May 2001 14:37:59 -0700 Subject: [pptp-server] Windows 98 / Windows 2000 Problem. Message-ID: <3.0.5.32.20010509143759.007eebe0@death.prince-of-darkness.cc> Hello, Im new to the list. I have been going thru the archives searching for a solution. The problem I've been having is with windows 2000 and 98 working at the same time. I found great examples in the archive and read _many_ posts. The root of the problem is that if I have it setup to work with 2000 (ie commenting out the mppe-40 in the options.pptp file) windows 2000 works fine and so does the beta 2 of windows XP, but then the windows 95/98/ME clients cannot pass data (yes they are using 128bit encryption). If I put back the mppe-40 windows 98/me work but then 2000/xp doesnt work. They all connect fine all the time, just no icmp & tcp traffic for who ever is the odd one out at the time. Im kind of in a catch 22 here. I can send my other configs if they are needed, didnt want to make my first post that long. Thanks in advance. Kirk System, RedHat 7.1 kernel 2.4.3 linux-2.4.0-openssl-0.9.6-mppe.patch ppp-2.4.0 smbpw-mppe-stripdom-requiremppe.diff pptpd-1.1.2 iptables for routing/firewalling ####options.pptp debug #kdebug 9 lock #proxyarp <-- tired this both commented out and not, made no difference name pptpd auth +chap +chapms +chapms-v2 chapms-strip-domain #mppe-40 mppe-128 mppe-stateless require-chap require-mppe require-mppe-stateless ms-wins 10.10.10.41 idle 1800 mtu 1490 mru 1490 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 30 lcp-echo-interval 5 deflate 0 From berzerke at swbell.net Wed May 9 20:03:14 2001 From: berzerke at swbell.net (robert) Date: Wed, 09 May 2001 20:03:14 -0500 Subject: [pptp-server] Windows 98 / Windows 2000 Problem. In-Reply-To: <3.0.5.32.20010509143759.007eebe0@death.prince-of-darkness.cc> References: <3.0.5.32.20010509143759.007eebe0@death.prince-of-darkness.cc> Message-ID: <01050920031400.17032@linux> Try this config. Do not add anything to it or change it (except for the name line and maybe adding a debug line)! name * lock mtu 1490 mru 1490 proxyarp auth +chap +chapms +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-40 mppe-stateless On Wednesday 09 May 2001 16:37, Kirk wrote: > Hello, > > Im new to the list. I have been going thru the archives searching for a > solution. The problem I've been having is with windows 2000 and 98 working > at the same time. I found great examples in the archive and read _many_ > posts. The root of the problem is that if I have it setup to work with > 2000 (ie commenting out the mppe-40 in the options.pptp file) windows 2000 > works fine and so does the beta 2 of windows XP, but then the windows > 95/98/ME clients cannot pass data (yes they are using 128bit encryption). > If I put back the mppe-40 windows 98/me work but then 2000/xp doesnt work. > They all connect fine all the time, just no icmp & tcp traffic for who ever > is the odd one out at the time. Im kind of in a catch 22 here. > > I can send my other configs if they are needed, didnt want to make my first > post that long. > > Thanks in advance. > Kirk > > System, RedHat 7.1 > kernel 2.4.3 > linux-2.4.0-openssl-0.9.6-mppe.patch > ppp-2.4.0 > smbpw-mppe-stripdom-requiremppe.diff > pptpd-1.1.2 > iptables for routing/firewalling > > ####options.pptp > debug > #kdebug 9 > lock > #proxyarp <-- tired this both commented out and not, made no difference > name pptpd > auth > +chap > +chapms > +chapms-v2 > chapms-strip-domain > #mppe-40 > mppe-128 > mppe-stateless > require-chap > require-mppe > require-mppe-stateless > ms-wins 10.10.10.41 > idle 1800 > mtu 1490 > mru 1490 > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 30 > lcp-echo-interval 5 > deflate 0 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From mrj at itz.dk Thu May 10 02:55:57 2001 From: mrj at itz.dk (=?Windows-1252?Q?Mikkel_Rokk=E6r?=) Date: Thu, 10 May 2001 09:55:57 +0200 Subject: [pptp-server] PoPToP Message-ID: <006601c0d926$a8dcc840$3c00a8c0@cadvisor> Hej alle VPN eksperter Jeg har s?t PoPToP v1.01 op p? en RH7.0. Konfigureret /etc/ppp/options med: lock debug auth +chap proxyarp /etc/ppp/chap-secrets med: workgroup\\bruger klientpc passwd p? bruger ip nr. p? klient /etc/pptpd.conf med: option /etc/ppp/options debug localip 192.168.0.234-238,192.168.0.245 remoteip 192.168.0.234-238,192.168.0.245 N?r jeg pr?ver at connecte med wind?sen f?r jeg nedest?ende ud af det): /usr/sbin/pppd: The remote system is required to authenticate itself /usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so. Jeg har pr?vet alle mulige sidespring uden held. Er der nogle derude der kender til netop dette problem ? PS. Er det n?dvendigt at bruge pptpctrl i /etc/Xinet.d/*** ? VH Mikkel -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Tom baggrund.gif Type: image/gif Size: 145 bytes Desc: not available URL: From mrj at itz.dk Thu May 10 04:11:09 2001 From: mrj at itz.dk (=?Windows-1252?Q?Mikkel_Rokk=E6r?=) Date: Thu, 10 May 2001 11:11:09 +0200 Subject: [pptp-server] PoPToP Message-ID: <003e01c0d931$29f01a40$3c00a8c0@cadvisor> On Thu, 10 May 2001 09:55:57 +0200 Mikkel_Rokk?r wrote: > Hej alle VPN eksperter > > Jeg har s?t PoPToP v1.01 op p? en RH7.0. Konfigureret /etc/ppp/options med: > lock > debug > auth > +chap > proxyarp Add "name server". I have tried that! > /etc/ppp/chap-secrets med: > workgroup\\bruger klientpc passwd p? bruger ip nr. p? klient change to "workgroup\\bruger server password ip". I tried that also :-( Can it have something to do with pptpcrtl ? Do i have to installa that ? -------------------------------------- Josh Howlett, Network Supervisor, Information Systems and Computing, University of Bristol, U.K. josh.howlett at bris.ac.uk | 0117 9287850 Venlig Hilsen Mikkel Rokk?r Jensen -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Tom baggrund.gif Type: image/gif Size: 145 bytes Desc: not available URL: From kirk at prince-of-darkness.cc Thu May 10 09:47:53 2001 From: kirk at prince-of-darkness.cc (Kirk) Date: Thu, 10 May 2001 07:47:53 -0700 (PDT) Subject: [pptp-server] Windows 98 / Windows 2000 Problem. In-Reply-To: <01050920031400.17032@linux> Message-ID: Ill give it a shot, I put it on the server already, but alas I dont run windoze at home :-) Does it have something to do with the order in which I wrote the config?? Kirk >On Wed, 9 May 2001, robert wrote: > Try this config. Do not add anything to it or change it (except for the name > line and maybe adding a debug line)! > > name * > lock > mtu 1490 > mru 1490 > proxyarp > auth > +chap > +chapms > +chapms-v2 > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > deflate 0 > mppe-128 > mppe-40 > mppe-stateless > > > On Wednesday 09 May 2001 16:37, Kirk wrote: > > Hello, > > > > Im new to the list. I have been going thru the archives searching for a > > solution. The problem I've been having is with windows 2000 and 98 working > > at the same time. I found great examples in the archive and read _many_ > > posts. The root of the problem is that if I have it setup to work with > > 2000 (ie commenting out the mppe-40 in the options.pptp file) windows 2000 > > works fine and so does the beta 2 of windows XP, but then the windows > > 95/98/ME clients cannot pass data (yes they are using 128bit encryption). > > If I put back the mppe-40 windows 98/me work but then 2000/xp doesnt work. > > They all connect fine all the time, just no icmp & tcp traffic for who ever > > is the odd one out at the time. Im kind of in a catch 22 here. > > > > I can send my other configs if they are needed, didnt want to make my first > > post that long. > > > > Thanks in advance. > > Kirk > > > > System, RedHat 7.1 > > kernel 2.4.3 > > linux-2.4.0-openssl-0.9.6-mppe.patch > > ppp-2.4.0 > > smbpw-mppe-stripdom-requiremppe.diff > > pptpd-1.1.2 > > iptables for routing/firewalling > > > > ####options.pptp > > debug > > #kdebug 9 > > lock > > #proxyarp <-- tired this both commented out and not, made no difference > > name pptpd > > auth > > +chap > > +chapms > > +chapms-v2 > > chapms-strip-domain > > #mppe-40 > > mppe-128 > > mppe-stateless > > require-chap > > require-mppe > > require-mppe-stateless > > ms-wins 10.10.10.41 > > idle 1800 > > mtu 1490 > > mru 1490 > > ipcp-accept-local > > ipcp-accept-remote > > lcp-echo-failure 30 > > lcp-echo-interval 5 > > deflate 0 > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > -- Kirk Whiting *** Gothic Unix Freak, Windoze hater *** http://www.prince-of-darkness.cc From naresh at optimnetworks.com Thu May 10 16:26:22 2001 From: naresh at optimnetworks.com (Naresh) Date: Thu, 10 May 2001 14:26:22 -0700 Subject: [pptp-server] unsubscribe References: <003e01c0d931$29f01a40$3c00a8c0@cadvisor> Message-ID: <005301c0d997$ddb8aa90$f702010a@WOODY> Unsubscribe -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Tom baggrund.gif Type: image/gif Size: 145 bytes Desc: not available URL: From berzerke at swbell.net Thu May 10 21:38:13 2001 From: berzerke at swbell.net (robert) Date: Thu, 10 May 2001 21:38:13 -0500 Subject: [pptp-server] Windows 98 / Windows 2000 Problem. In-Reply-To: <=?utf-8?q?@mta4.rcsntx.swbell.net> References: Message-ID: <0GD5005V0GMFV2@mta4.rcsntx.swbell.net> ?= MIME-Version: 1.0 Message-Id: <01051021381300.18517 at linux> Content-Transfer-Encoding: 8bit On Thursday 10 May 2001 09:47, Kirk wrote: > Ill give it a shot, I put it on the server already, but alas I dont run > windoze at home :-) > > Does it have something to do with the order in which I > wrote the config?? No. Certain config lines "break" things. I think the require lines you have are the breakers. However, once you have a working example, then you can add back one line at a time until it breaks. Then post so others can learn what lines to avoid. > > Kirk > > >On Wed, 9 May 2001, robert wrote: > > > > > > Try this config. Do not add anything to it or change it (except for the > > name line and maybe adding a debug line)! > > > > name * > > lock > > mtu 1490 > > mru 1490 > > proxyarp > > auth > > +chap > > +chapms > > +chapms-v2 > > ipcp-accept-local > > ipcp-accept-remote > > lcp-echo-failure 3 > > lcp-echo-interval 5 > > deflate 0 > > mppe-128 > > mppe-40 > > mppe-stateless > > > > On Wednesday 09 May 2001 16:37, Kirk wrote: > > > Hello, > > > > > > Im new to the list. I have been going thru the archives searching for a > > > solution. The problem I've been having is with windows 2000 and 98 > > > working at the same time. I found great examples in the archive and > > > read _many_ posts. The root of the problem is that if I have it setup > > > to work with 2000 (ie commenting out the mppe-40 in the options.pptp > > > file) windows 2000 works fine and so does the beta 2 of windows XP, but > > > then the windows 95/98/ME clients cannot pass data (yes they are using > > > 128bit encryption). If I put back the mppe-40 windows 98/me work but > > > then 2000/xp doesnt work. They all connect fine all the time, just no > > > icmp & tcp traffic for who ever is the odd one out at the time. Im > > > kind of in a catch 22 here. > > > > > > I can send my other configs if they are needed, didnt want to make my > > > first post that long. > > > > > > Thanks in advance. > > > Kirk > > > > > > System, RedHat 7.1 > > > kernel 2.4.3 > > > linux-2.4.0-openssl-0.9.6-mppe.patch > > > ppp-2.4.0 > > > smbpw-mppe-stripdom-requiremppe.diff > > > pptpd-1.1.2 > > > iptables for routing/firewalling > > > > > > ####options.pptp > > > debug > > > #kdebug 9 > > > lock > > > #proxyarp <-- tired this both commented out and not, made no > > > difference name pptpd > > > auth > > > +chap > > > +chapms > > > +chapms-v2 > > > chapms-strip-domain > > > #mppe-40 > > > mppe-128 > > > mppe-stateless > > > require-chap > > > require-mppe > > > require-mppe-stateless > > > ms-wins 10.10.10.41 > > > idle 1800 > > > mtu 1490 > > > mru 1490 > > > ipcp-accept-local > > > ipcp-accept-remote > > > lcp-echo-failure 30 > > > lcp-echo-interval 5 > > > deflate 0 > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! From dimambro at pacbell.net Thu May 10 18:57:30 2001 From: dimambro at pacbell.net (Brian L. DiMambro) Date: Thu, 10 May 2001 16:57:30 -0700 Subject: [pptp-server] ppp modprobe errors during install ... Help Please .... Message-ID: <5.0.2.1.0.20010510165402.0380e200@postoffice.pacbell.net> Hi All I really could use some help here...... anybody got any ideas on this????? Thanks in advance Brian >Hi All > >I am having problems getting PoPToP installed on an Alpha DS10 running the >generic 2.2.18 kernel. I have followed the HOWTO instructions and have >successfully connected with no encryption. I then installed ppp with mppe >using a clean distribution of the 22.18 kernel, ppp2.3.11 and the >following patches: > >ppp-2.3.11-openssl-0.9.5a-mppe-alpha.patch >ppp_mppe_compressed_data_fix.diff >if_ppp_2.2.17.diff > >The if_ppp_2.2.17.diff patch would not install so I manually updated the >/usr/src/linux/include/linux/if_ppp.h and if_pppvar.h files to correct >the compile time errors. The compile of ppp completed successfully even >though I saw a message about an un-registered compressor when ppp.o was >being compiled. I copied the files to /lib/modules/2.2.18/net, registered >the new modules per the HOWTO and successfully completed the depmod -a. >When I run the modprobe ppp I get the following errors: > >[root at bubba src]# modprobe ppp >/lib/modules/2.2.18/net/ppp.o: unresolved symbol kill_fasync_Rc137a225 >/lib/modules/2.2.18/net/ppp.o: unresolved symbol register_netdev_Rc260bc02 >/lib/modules/2.2.18/net/ppp.o: unresolved symbol __kfree_skb_R30675fde >/lib/modules/2.2.18/net/ppp.o: unresolved symbol netif_rx_Rae7d86d7 >/lib/modules/2.2.18/net/ppp.o: unresolved symbol alloc_skb_R16cc3541 >/lib/modules/2.2.18/net/ppp.o: unresolved symbol tty_register_ldisc_Rfa9ef03f >/lib/modules/2.2.18/net/ppp.o: unresolved symbol skb_under_panic_R9379f1ea >/lib/modules/2.2.18/net/ppp.o: unresolved symbol skb_over_panic_Ra8d79ed1 >/lib/modules/2.2.18/net/ppp.o: unresolved symbol n_tty_ioctl_Rc9baf0b1 >/lib/modules/2.2.18/net/ppp.o: unresolved symbol unregister_netdev_R9c7e9816 >/lib/modules/2.2.18/net/ppp.o: unresolved symbol dev_alloc_name_R6c8c29de >/lib/modules/2.2.18/net/ppp.o: insmod /lib/modules/2.2.18/net/ppp.o failed >/lib/modules/2.2.18/net/ppp.o: insmod ppp failed > >I also tried the non Alpha mppe patch with the same errors. > >Any help will be greatly appreciated. > >Thanks in advance > >Brian From vgill at technologist.com Fri May 11 08:30:49 2001 From: vgill at technologist.com (Gill, Vern) Date: Fri, 11 May 2001 06:30:49 -0700 Subject: [pptp-server] Windows 98 / Windows 2000 Problem. Message-ID: <8D043DEA73DFD411958A00A0C90AB760045B3B@ftp.gillnet.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No, the require statements are not the "breakers". It is something else. The options file he has is identical, excepting ip addresses and system names, to the one I have been using for over a year now. By the way, looks like you also used my combined patch. Cool! Anyway, the options file, which is nearly identical to mine, has worked for 9x/Me/NT/2k for a long time now. Something else is causing the problem. PGP Signed! Why? "If all the personal computers in the world - ~260 million computers - were put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, on average, to break a single message." - - William Crowell, Deputy Director of the National Security Agency, in testimony to the U.S. Congress, March 20, 1997 - -----Original Message----- From: robert [mailto:berzerke at swbell.net] Sent: Thursday, May 10, 2001 7:38 PM To: Kirk Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Windows 98 / Windows 2000 Problem. ?= MIME-Version: 1.0 Message-Id: <01051021381300.18517 at linux> Content-Transfer-Encoding: 8bit On Thursday 10 May 2001 09:47, Kirk wrote: > Ill give it a shot, I put it on the server already, but alas I dont > run windoze at home :-) > > Does it have something to do with the order in which I > wrote the config?? No. Certain config lines "break" things. I think the require lines you have are the breakers. However, once you have a working example, then you can add back one line at a time until it breaks. Then post so others can learn what lines to avoid. > > Kirk > > >On Wed, 9 May 2001, robert wrote: > > > > > > Try this config. Do not add anything to it or change it (except > > for the name line and maybe adding a debug line)! > > > > name * > > lock > > mtu 1490 > > mru 1490 > > proxyarp > > auth > > +chap > > +chapms > > +chapms-v2 > > ipcp-accept-local > > ipcp-accept-remote > > lcp-echo-failure 3 > > lcp-echo-interval 5 > > deflate 0 > > mppe-128 > > mppe-40 > > mppe-stateless > > > > On Wednesday 09 May 2001 16:37, Kirk wrote: > > > Hello, > > > > > > Im new to the list. I have been going thru the archives > > > searching for a solution. The problem I've been having is with > > > windows 2000 and 98 working at the same time. I found great > > > examples in the archive and read _many_ posts. The root of the > > > problem is that if I have it setup to work with 2000 (ie > > > commenting out the mppe-40 in the options.pptp file) windows > > > 2000 works fine and so does the beta 2 of windows XP, but then > > > the windows 95/98/ME clients cannot pass data (yes they are > > > using 128bit encryption). If I put back the mppe-40 windows > > > 98/me work but then 2000/xp doesnt work. They all connect fine > > > all the time, just no icmp & tcp traffic for who ever is the > > > odd one out at the time. Im kind of in a catch 22 here. > > > > > > I can send my other configs if they are needed, didnt want to > > > make my first post that long. > > > > > > Thanks in advance. > > > Kirk > > > > > > System, RedHat 7.1 > > > kernel 2.4.3 > > > linux-2.4.0-openssl-0.9.6-mppe.patch > > > ppp-2.4.0 > > > smbpw-mppe-stripdom-requiremppe.diff > > > pptpd-1.1.2 > > > iptables for routing/firewalling > > > > > > ####options.pptp > > > debug > > > #kdebug 9 > > > lock > > > #proxyarp <-- tired this both commented out and not, made no > > > difference name pptpd > > > auth > > > +chap > > > +chapms > > > +chapms-v2 > > > chapms-strip-domain > > > #mppe-40 > > > mppe-128 > > > mppe-stateless > > > require-chap > > > require-mppe > > > require-mppe-stateless > > > ms-wins 10.10.10.41 > > > idle 1800 > > > mtu 1490 > > > mru 1490 > > > ipcp-accept-local > > > ipcp-accept-remote > > > lcp-echo-failure 30 > > > lcp-echo-interval 5 > > > deflate 0 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOvvpWheamMdwy9TXEQJtawCg339mcEkD/0VEYzQzw7PEfSHItJ4AoKcL OOWaBRXB6MBkQXj2F5XQX8at =Ovb5 -----END PGP SIGNATURE----- From janne at vicetech.se Fri May 11 09:07:37 2001 From: janne at vicetech.se (Jan Karlsson) Date: Fri, 11 May 2001 16:07:37 +0200 Subject: [pptp-server] Nt-Domain Message-ID: <009601c0da23$d33a55a0$1401030a@lomma.vicecomputer.se> Hello .. I.ve read the database in this list and i,m pretty confused about the nt-domain login via poptop.. Has anybody any got suggestion about how to setup the poptop with nt-domain and let the client login to the nt domain when you log in to vpn server. I.ve got the vpn up and running and i can browse the network and se all the servers and so on. Here is my question I will let the NT-PDC to verify the user rights and run the loginscrips for the users when the vpn connection is established. Can this be done and if how ??? Best regards JANNE -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajennamo at uncc.edu Fri May 11 12:17:25 2001 From: ajennamo at uncc.edu (Andy Ennamorato) Date: Fri, 11 May 2001 13:17:25 -0400 (EDT) Subject: [pptp-server] Thanks In-Reply-To: <006601c0d926$a8dcc840$3c00a8c0@cadvisor> Message-ID: Poptoppers, Just wanted to say a quick note of thanks for all the help i've received from this list for the past 8 months+. I was never able to actually get poptop up and working in "production" stages for my university, but that was due to several extraneous reasons. If anyone would like to view my senior project report I wrote concerning VPNs and my attempt to set one up, it's located at http://www.coe.uncc.edu/~ajennamo/SeniorProjectREADME.doc I couldn't have finished this without the great help I received from this list. Thanks again, Andy Ennamorato ajennamo at uncc.edu andrewje at hushmail.com From berzerke at swbell.net Fri May 11 10:24:56 2001 From: berzerke at swbell.net (robert) Date: Fri, 11 May 2001 10:24:56 -0500 Subject: [pptp-server] ppp modprobe errors during install ... Help Please .... In-Reply-To: <5.0.2.1.0.20010510165402.0380e200@postoffice.pacbell.net> References: <5.0.2.1.0.20010510165402.0380e200@postoffice.pacbell.net> Message-ID: <01051110245600.19508@linux> I had similar problems. Finally went with kernel 2.4. Didn't have problems. On Thursday 10 May 2001 18:57, Brian L. DiMambro wrote: > Hi All > > I really could use some help here...... anybody got any ideas on this????? > > Thanks in advance > > Brian > > >Hi All > > > >I am having problems getting PoPToP installed on an Alpha DS10 running the > >generic 2.2.18 kernel. I have followed the HOWTO instructions and have > >successfully connected with no encryption. I then installed ppp with mppe > >using a clean distribution of the 22.18 kernel, ppp2.3.11 and the > >following patches: > > > >ppp-2.3.11-openssl-0.9.5a-mppe-alpha.patch > >ppp_mppe_compressed_data_fix.diff > >if_ppp_2.2.17.diff > > > >The if_ppp_2.2.17.diff patch would not install so I manually updated the > >/usr/src/linux/include/linux/if_ppp.h and if_pppvar.h files to correct > >the compile time errors. The compile of ppp completed successfully even > >though I saw a message about an un-registered compressor when ppp.o was > >being compiled. I copied the files to /lib/modules/2.2.18/net, registered > >the new modules per the HOWTO and successfully completed the depmod -a. > >When I run the modprobe ppp I get the following errors: > > > >[root at bubba src]# modprobe ppp > >/lib/modules/2.2.18/net/ppp.o: unresolved symbol kill_fasync_Rc137a225 > >/lib/modules/2.2.18/net/ppp.o: unresolved symbol register_netdev_Rc260bc02 > >/lib/modules/2.2.18/net/ppp.o: unresolved symbol __kfree_skb_R30675fde > >/lib/modules/2.2.18/net/ppp.o: unresolved symbol netif_rx_Rae7d86d7 > >/lib/modules/2.2.18/net/ppp.o: unresolved symbol alloc_skb_R16cc3541 > >/lib/modules/2.2.18/net/ppp.o: unresolved symbol > > tty_register_ldisc_Rfa9ef03f /lib/modules/2.2.18/net/ppp.o: unresolved > > symbol skb_under_panic_R9379f1ea /lib/modules/2.2.18/net/ppp.o: > > unresolved symbol skb_over_panic_Ra8d79ed1 /lib/modules/2.2.18/net/ppp.o: > > unresolved symbol n_tty_ioctl_Rc9baf0b1 /lib/modules/2.2.18/net/ppp.o: > > unresolved symbol unregister_netdev_R9c7e9816 > > /lib/modules/2.2.18/net/ppp.o: unresolved symbol dev_alloc_name_R6c8c29de > > /lib/modules/2.2.18/net/ppp.o: insmod /lib/modules/2.2.18/net/ppp.o > > failed /lib/modules/2.2.18/net/ppp.o: insmod ppp failed > > > >I also tried the non Alpha mppe patch with the same errors. > > > >Any help will be greatly appreciated. > > > >Thanks in advance > > > >Brian > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From varrianh at computone.com Fri May 11 15:21:51 2001 From: varrianh at computone.com (Varrian Hall) Date: Fri, 11 May 2001 16:21:51 -0400 Subject: [pptp-server] FW: MsChapv2, RFC2759 Message-ID: <95B97DD42B78D31193A8005004D1E05C543122@mustang.computone.com> > -----Original Message----- > From: Varrian Hall > Sent: Monday, April 09, 2001 9:52 AM > To: Varrian Hall > Subject: MsChapv2, RFC2759 > > > > > Hello Everyone, > > My name is Varrian Hall. I am in great need of MSChapv2 assistance. > Presently, my authenticator calculation(20 octets made into 40 hex digits: > "S=40 hex digits") does not equal the 40 Hex digit(excluding "S=") > response. I have written my code based on RFC2759. My > GenerateAuthenticatorResponse( ) function is where the problem lies. > Again, it's based on the GenerateAuthenticatorResponse( ) function in > RFC2759. I'm thinking it must be a new update, because some of the code > in GenerateAuthenticatorResponse( ) is used elsewhere and it is working > fine. The SHA.. functions are in ChallengeHash and it works fine. The > MD4.. functions are in NTPasswordHash, and it works fine. My problem is > in the last SHA_Final function call in GenerateAuthenticatorResponse( ) > that produces the 20 octet result. This result(expanded to 40 octets) > never matches the result sent to me from a Win2K pc. > These results have to match in order for the server/client to be > authenticated. > Could you please help [Varrian Hall] . Any newsgroups or websites you > know of would be greatly appreciated. > thanks, > varrianh at computone.com > Varrian Hall > Computone Corp > 770 625 0000 x1201 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ron at mel.compumod.com.au Fri May 11 23:04:33 2001 From: ron at mel.compumod.com.au (Ron Cresswell) Date: Sat, 12 May 2001 14:04:33 +1000 Subject: [pptp-server] Identifying multiple connections at the server end Message-ID: <3AFCB651.5020402@mel.compumod.com.au> I need to connect multiple subnets together using pptp, which means that I will have several pptp clients, each on different subnets, connecting to my pptp server. Question - when a client connects, can it ask the server for a particular IP address to be assigned to it? The reason I want to be able to do this is that I need to be able to set up routes at the server end back to the clients subnet, so I need to be able to identify each client as it connects somehow and associate each client with that subnet. Perhaps the pap-secrets authentication can be used? If so, how would I go about associating an interface with a particlular client? Any thoughts anyone? Ron -- Dr R W Cresswell CFD & EM Manager Compumod Pty Ltd From lists at earthling.2y.net Sat May 12 07:42:00 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 12 May 2001 08:42:00 -0400 (EDT) Subject: [pptp-server] Nt-Domain In-Reply-To: <009601c0da23$d33a55a0$1401030a@lomma.vicecomputer.se> Message-ID: Ok, first, you cannot do authentication yet off a NT server.... Maybe in a few weeks once I graduate high school I will get off my ass and write the code to do it. The only way I think your client could log into a NT domain, is if they were set to login to one at bootup, and pppd were to pass wins server info to it, so it could find out who the PDC is. If it does not automatiacly log into it... perhaps a ppp message is needed from the server to tell the client "hey, you is your pdc, your user dir, scripts.. etc" Perhaps something could be written at a latter date that sends such a message, if such a message exists, but that would require proxyed authentication to a NT Domain Controler. As for connecting to your servers... Your inital windows login is taken, and used to talk to the servers, it will send your username, and a hash of your password to the server, get a connection number, and work with it from there. One does not need to log into the domain to talk to the servers in the domain. A domain just controls security, and authentication for systems in the domain. I'm really not sure what your wanting to do, run user scripts for authenticated clients? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu On Fri, 11 May 2001, Jan Karlsson wrote: > Hello .. I.ve read the database in this list and i,m pretty confused about the nt-domain login via poptop.. > > Has anybody any got suggestion about how to setup the poptop with nt-domain and let the client login to the nt domain when you log in to vpn server. I.ve got the vpn up and running and i can browse the network and se all the servers and so on. > Here is my question > > I will let the NT-PDC to verify the user rights and run the loginscrips for the users when the vpn connection is established. Can this be done and if how ??? > > > Best regards JANNE > From lists at earthling.2y.net Sat May 12 07:29:09 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 12 May 2001 08:29:09 -0400 (EDT) Subject: [pptp-server] Identifying multiple connections at the server end In-Reply-To: <3AFCB651.5020402@mel.compumod.com.au> Message-ID: First of all, you can use MSChapV2.... second of all, all you need to do is assign ip addresses to the ppp client, and just tell pppd to just allow the client to assign it's own ip address. I did this for linking several offices togeter.... One thing tho, you will need someway of routing traffic from other nets to your net... RIP Works... but not too well from experence. Some days ripd would bcast onto the ppp connections, and others, it would not *shrug* static routing works well, just remember, your main router (if not the box that poptop will be running on) needs to be setup to route the packets for the other networks to the spesific ip for the ppp session, then on the client ends, you need to tell them that all the other subnets can be found across the ppp link. If people keep asking this question, I'm going to make a webpage explaining how to do it. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu On Sat, 12 May 2001, Ron Cresswell wrote: > > I need to connect multiple subnets together using pptp, which means that I will have > several pptp clients, each on different subnets, connecting to my pptp server. > > Question - when a client connects, can it ask the server for a particular IP address to be > assigned to it? > > The reason I want to be able to do this is that I need to be able to set up routes at the > server end back to the clients subnet, so I need to be able to identify each client as it > connects somehow and associate each client with that subnet. > > Perhaps the pap-secrets authentication can be used? If so, how would I go about > associating an interface with a particlular client? > > Any thoughts anyone? > > Ron > > -- > Dr R W Cresswell > CFD & EM Manager > Compumod Pty Ltd > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Sat May 12 07:32:48 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 12 May 2001 08:32:48 -0400 (EDT) Subject: [pptp-server] FW: MsChapv2, RFC2759 In-Reply-To: <95B97DD42B78D31193A8005004D1E05C543122@mustang.computone.com> Message-ID: You may want to go talk to one of the Samba or Samba-TNG people, because MSChapV2 is basiclly.... NTLMv2 over a ppp link, or you could go take a look at the samba code for NTLMv2 authentication...... To be honest, I have never had problems logging win2k boxes onto a Linux ppp connection, being it a tunnel, or a dialup connection using MSChapV2. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu On Fri, 11 May 2001, Varrian Hall wrote: > > > > -----Original Message----- > > From: Varrian Hall > > Sent: Monday, April 09, 2001 9:52 AM > > To: Varrian Hall > > Subject: MsChapv2, RFC2759 > > > > > > > > > > Hello Everyone, > > > > My name is Varrian Hall. I am in great need of MSChapv2 assistance. > > Presently, my authenticator calculation(20 octets made into 40 hex digits: > > "S=40 hex digits") does not equal the 40 Hex digit(excluding "S=") > > response. I have written my code based on RFC2759. My > > GenerateAuthenticatorResponse( ) function is where the problem lies. > > Again, it's based on the GenerateAuthenticatorResponse( ) function in > > RFC2759. I'm thinking it must be a new update, because some of the code > > in GenerateAuthenticatorResponse( ) is used elsewhere and it is working > > fine. The SHA.. functions are in ChallengeHash and it works fine. The > > MD4.. functions are in NTPasswordHash, and it works fine. My problem is > > in the last SHA_Final function call in GenerateAuthenticatorResponse( ) > > that produces the 20 octet result. This result(expanded to 40 octets) > > never matches the result sent to me from a Win2K pc. > > These results have to match in order for the server/client to be > > authenticated. > > Could you please help [Varrian Hall] . Any newsgroups or websites you > > know of would be greatly appreciated. > > > thanks, > > > varrianh at computone.com > > Varrian Hall > > Computone Corp > > 770 625 0000 x1201 > From csy at hjc.edu.sg Sun May 13 11:23:16 2001 From: csy at hjc.edu.sg (Chen Shiyuan) Date: Mon, 14 May 2001 00:23:16 +0800 (SGT) Subject: [pptp-server] PPP-2.3.11 & PoPToP 1.0.1 & Kernel 2.2.19 Message-ID: <989770996.3afeb4f41baa3@home.hjc.edu.sg> Hello everyone! I am currently trying to setup a VPN server on Linux using the following core programs :- PPP 2.3.11 PoPToP 1.0.1 Kernel 2.2.19 All has been working fine so far and I am able to get MS VPN to login to my VPN server. However, after I applied the following patches to my PPP, I am unable to recompile my kernel anymore. I am trying to build a static kernel. ppp-2.3.11-openssl-0.9.5-mppe.patch ppp_mppe_compressed_data_fix.diff This is what I did :- # Apply patches cd ppp-2.3.11 # Use this patch to add security & encryption patch -p1 < ../ppp-2.3.11-openssl-0.9.5-mppe.patch cd linux # Use this patch to fix an MS compression bug patch < ../../ppp_mppe_compressed_data_fix.diff cd .. # Configure ppp ./configure make kernel # Go to Linux kernel source cd /usr/src/linux # Apply ppp patch to kernel patch -p1 < ../if_ppp_2.2.17.diff # Compile the kernel make dep make clean make bzImage When the kernel finished compiling, it died when trying to create the vmlinuz file :- /usr/src/linux/arch/i386/lib/lib.a /usr/src/linux/lib/lib.a /usr/ src/linux/arch/i386/lib/lib.a \ --end-group \ -o vmlinux drivers/net/net.a(Space.o)(.data.init+0x0): undefined reference to `tc90xbc_probe' make: *** [vmlinux] Error 1 Has anyone got Kernel 2.2.19 to work with the above config or know what is causing this problem? Many thanks in advance for any advice. From csy at hjc.edu.sg Sun May 13 12:51:37 2001 From: csy at hjc.edu.sg (Chen Shiyuan) Date: Mon, 14 May 2001 01:51:37 +0800 (SGT) Subject: [pptp-server] Bug with pppsmbnoblank.patch Message-ID: <989776297.3afec9a95ed52@home.hjc.edu.sg> Hello! I was trying to find the patch for the blank username/password bug in the smbpasswd patch file and after searching through the mailing list, finally found a few at :- http://www.hattaway.co.nz/raidpatches But they appeared to have bugs in them. I couldn't get the other two blank_*.diff to work. To get the pppsmbnoblank.patch to work, I have to add an extra valid entry into my chap-secrets file or else I will keep on receiving the following error message :- /usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so. # Secrets for authentication using CHAP # client server secret IP addresses * test &/etc/ppp/smbpasswd * test test abcdef * If I remove away the "test" entry, the above error message will return again. And when I add it in, all goes well except that the log file says :- pptpd: CTRL: Client w.x.y.z control connection started pptpd: CTRL: Starting call (launching pppd, opening GRE) pppd: no secret in samba secret file /etc/ppp/smbpasswd pptpd: GRE: Bad checksum from pppd. pppd: pppd 2.3.11 started by root, uid 0 pppd: Using interface ppp0 pppd: Connect: ppp0 <--> /dev/pts/1 pppd: no secret in samba secret file /etc/ppp/smbpasswd pppd: no secret in samba secret file /etc/ppp/smbpasswd pppd: MSCHAP-v2 peer authentication succeeded for guestuser pppd: Cannot determine ethernet address for proxy ARP pppd: local IP address w.x.y.z pppd: remote IP address w.x.y.z Does anyone have any idea how to solve this problem or know of any known working patch that solves the blank username/password problem? I looked through the mailing list archives and the closest I could find was some acknowledge that it existed plus the above patch and other one posted on the mailing list which is distorted. Many thanks in advance! From GeorgeV at citadelcomputer.com.au Sun May 13 17:41:26 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 14 May 2001 08:41:26 +1000 Subject: [pptp-server] PPP-2.3.11 & PoPToP 1.0.1 & Kernel 2.2.19 Message-ID: <200FAA488DE0D41194F10010B597610D0D2656@JUPITER> I just built one of Friday Night with the same setup.. well. pptp 1.1.2 though.. I always use http://www.vibres.com/pptpd/example.html for me reference and it works. One catch I always recommend is to create then save your /usr/src/linux/.config file before upgrading the kernel. Then when you have that done.. blow away the whole source tree (/usr/src/linux) and then tar xvfz the new kernel.. Once the new fresh kernel is there then copy the .config file back and patch away. When the kernel is ready for compiling use the `make oldconfig` which uses your old setup and asks question on new kernel features. this ALWAYS works for me.. Hopw this helps. thanks, George Vieira -----Original Message----- From: Chen Shiyuan [mailto:csy at hjc.edu.sg] Sent: Monday, May 14, 2001 2:23 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] PPP-2.3.11 & PoPToP 1.0.1 & Kernel 2.2.19 Hello everyone! I am currently trying to setup a VPN server on Linux using the following core programs :- PPP 2.3.11 PoPToP 1.0.1 Kernel 2.2.19 All has been working fine so far and I am able to get MS VPN to login to my VPN server. However, after I applied the following patches to my PPP, I am unable to recompile my kernel anymore. I am trying to build a static kernel. ppp-2.3.11-openssl-0.9.5-mppe.patch ppp_mppe_compressed_data_fix.diff This is what I did :- # Apply patches cd ppp-2.3.11 # Use this patch to add security & encryption patch -p1 < ../ppp-2.3.11-openssl-0.9.5-mppe.patch cd linux # Use this patch to fix an MS compression bug patch < ../../ppp_mppe_compressed_data_fix.diff cd .. # Configure ppp ./configure make kernel # Go to Linux kernel source cd /usr/src/linux # Apply ppp patch to kernel patch -p1 < ../if_ppp_2.2.17.diff # Compile the kernel make dep make clean make bzImage When the kernel finished compiling, it died when trying to create the vmlinuz file :- /usr/src/linux/arch/i386/lib/lib.a /usr/src/linux/lib/lib.a /usr/ src/linux/arch/i386/lib/lib.a \ --end-group \ -o vmlinux drivers/net/net.a(Space.o)(.data.init+0x0): undefined reference to `tc90xbc_probe' make: *** [vmlinux] Error 1 Has anyone got Kernel 2.2.19 to work with the above config or know what is causing this problem? Many thanks in advance for any advice. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From csy at hjc.edu.sg Sun May 13 21:54:39 2001 From: csy at hjc.edu.sg (Chen Shiyuan) Date: Mon, 14 May 2001 10:54:39 +0800 (SGT) Subject: [pptp-server] PPP-2.3.11 & PoPToP 1.0.1 & Kernel 2.2.19 In-Reply-To: <200FAA488DE0D41194F10010B597610D0D2656@JUPITER> References: <200FAA488DE0D41194F10010B597610D0D2656@JUPITER> Message-ID: <989808879.3aff48eff2977@home.hjc.edu.sg> Hello and thanks for your prompt response, I forgot to mention in my earlier email that I am using the stock kernel source 2.2.19.tgz and not using the RPM files. And upon compilation after patching, vmlinuz could not be created with an error message :- > drivers/net/net.a(Space.o)(.data.init+0x0): undefined reference > to > `tc90xbc_probe' > make: *** [vmlinux] Error 1 On Mon, 14 May 2001 08:41:26 +1000, George Vieira wrote : > I just built one of Friday Night with the same setup.. well. pptp > 1.1.2 > though.. > I always use http://www.vibres.com/pptpd/example.html for me > reference and > it works. > > One catch I always recommend is to create then save your > /usr/src/linux/.config file before upgrading the kernel. > Then when you have that done.. blow away the whole source tree > (/usr/src/linux) and then tar xvfz the new kernel.. > > Once the new fresh kernel is there then copy the .config file > back and patch > away. > > When the kernel is ready for compiling use the `make oldconfig` > which uses > your old setup and asks question on new kernel features. > > this ALWAYS works for me.. > > Hopw this helps. > > > thanks, > George Vieira > > > -----Original Message----- > From: Chen Shiyuan [mailto:csy at hjc.edu.sg] > Sent: Monday, May 14, 2001 2:23 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] PPP-2.3.11 & PoPToP 1.0.1 & Kernel > 2.2.19 > > > Hello everyone! > > I am currently trying to setup a VPN server on Linux using the > following > core programs :- > > PPP 2.3.11 > PoPToP 1.0.1 > Kernel 2.2.19 > > All has been working fine so far and I am able to get MS VPN to > login to > my VPN server. > > However, after I applied the following patches to my PPP, I am > unable to > recompile my kernel anymore. I am trying to build a static > kernel. > > ppp-2.3.11-openssl-0.9.5-mppe.patch > ppp_mppe_compressed_data_fix.diff > > This is what I did :- > > # Apply patches > cd ppp-2.3.11 > # Use this patch to add security & encryption > patch -p1 < ../ppp-2.3.11-openssl-0.9.5-mppe.patch > cd linux > # Use this patch to fix an MS compression bug > patch < ../../ppp_mppe_compressed_data_fix.diff > cd .. > # Configure ppp > ./configure > make kernel > # Go to Linux kernel source > cd /usr/src/linux > # Apply ppp patch to kernel > patch -p1 < ../if_ppp_2.2.17.diff > # Compile the kernel > make dep > make clean > make bzImage > > When the kernel finished compiling, it died when trying to create > the > vmlinuz file :- > > /usr/src/linux/arch/i386/lib/lib.a > /usr/src/linux/lib/lib.a /usr/ > src/linux/arch/i386/lib/lib.a \ > --end-group \ > -o vmlinux > drivers/net/net.a(Space.o)(.data.init+0x0): undefined reference > to > `tc90xbc_probe' > make: *** [vmlinux] Error 1 > > Has anyone got Kernel 2.2.19 to work with the above config or > know what > is causing this problem? > > Many thanks in advance for any advice. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From adalle at freenet.carleton.ca Sun May 13 22:58:09 2001 From: adalle at freenet.carleton.ca (Andre Dalle) Date: Sun, 13 May 2001 23:58:09 -0400 Subject: [pptp-server] PoPToP problems under OpenBSD 2.8 Message-ID: <20010513235808.A9402@freenet.carleton.ca> I followed the guide for FreeBSD, recompiled my kernel without GRE, but logins from 98 fail right away. You'll notice my configs are almost identical to the samples at: http://heyer.supranet.net/pptp/ PoPToP version is 1.0.1 compiled with the bsd-ppp and with-ip-alloc options. Here are the pptpd/pppd SYSLOG messages, and my configs. Maybe someone can decode the syslog messages better than myself.. /etc/pptpd.conf: speed 115200 option /etc/ppp/ppp.conf debug localip 10.0.254.200 remoteip 10.0.254.201-210 pidfile /var/run/pptpd.pid /etc/ppp.conf: loop: set timeout 0 set log phase chat connect lcp ipcp command set device localhost:pptp set dial set login # Server (local) IP address, Range for Clients, and Netmask set ifaddr 10.0.254.200 10.0.254.201-10.0.254.210 255.255.255.255 set server /tmp/loop "" 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: load loop enable chap disable pap # Authenticate against /etc/passwd #enable passwdauth enable proxy accept dns # DNS Servers to assign client set dns 10.0.254.1 # NetBIOS/WINS Servers to assign client set nbns 10.0.254.2 set device !/etc/ppp/secure /etc/ppp/ppp.secret: dallea x * dave x * /etc/ppp/secure: #!/bin/sh exec /usr/sbin/ppp -direct loop-in /etc/ppp/options: lock auth #usehostname And finally, the SYSLOG messages: It seems like a lot of messages are duplicated.. I don't know why that is. May 13 17:33:09 waldorf pptpd[18491]: MGR: Manager process started May 13 17:33:09 waldorf pptpd[18491]: MGR: Manager process started May 13 17:33:14 waldorf pptpd[13804]: MGR: Launching /usr/local/sbin/pptpctrl to handle client May 13 17:33:14 waldorf pptpd[13804]: CTRL: pppd speed = 115200 May 13 17:33:14 waldorf pptpd[13804]: CTRL: pppd options file = /etc/ppp/options May 13 17:33:14 waldorf pptpd[13804]: CTRL: Client 24.42.151.183 control connection started May 13 17:33:14 waldorf pptpd[13804]: CTRL: Client 24.42.151.183 control connection started May 13 17:33:14 waldorf pptpd[13804]: CTRL: Received PPTP Control Message (type: 1) May 13 17:33:14 waldorf pptpd[13804]: CTRL: Made a START CTRL CONN RPLY packet May 13 17:33:14 waldorf pptpd[13804]: CTRL: I wrote 156 bytes to the client. May 13 17:33:14 waldorf pptpd[13804]: CTRL: Sent packet to client May 13 17:33:14 waldorf pptpd[13804]: CTRL: Received PPTP Control Message (type: 7) May 13 17:33:14 waldorf pptpd[13804]: CTRL: Set parameters to 0 maxbps, 16 window size May 13 17:33:14 waldorf pptpd[13804]: CTRL: Made a OUT CALL RPLY packet May 13 17:33:14 waldorf pptpd[13804]: CTRL: Starting call (launching pppd, opening GRE) May 13 17:33:14 waldorf pptpd[13804]: CTRL: Starting call (launching pppd, opening GRE) May 13 17:33:14 waldorf pptpd[13804]: CTRL: pty_fd = 6 May 13 17:33:14 waldorf pptpd[13804]: CTRL: tty_fd = 5 May 13 17:33:14 waldorf pptpd[13804]: CTRL: I wrote 32 bytes to the client. May 13 17:33:14 waldorf ppp[27611]: Phase: Using interface: tun0 May 13 17:33:14 waldorf ppp[27611]: Phase: Using interface: tun0 May 13 17:33:14 waldorf pptpd[13804]: CTRL: Sent packet to client May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: Created in closed state May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: Created in closed state May 13 17:33:14 waldorf ppp[27611]: Command: loop: set device localhost:pptp May 13 17:33:14 waldorf ppp[27611]: Command: loop: set device localhost:pptp May 13 17:33:14 waldorf ppp[27611]: Command: loop: set dial May 13 17:33:14 waldorf ppp[27611]: Command: loop: set dial May 13 17:33:14 waldorf ppp[27611]: Command: loop: set login May 13 17:33:14 waldorf ppp[27611]: Command: loop: set login May 13 17:33:14 waldorf ppp[27611]: Command: loop: set ifaddr 10.0.254.200 10.0.254.201-10.0.254.210 255.255.255.255 May 13 17:33:14 waldorf ppp[27611]: Command: loop: set ifaddr 10.0.254.200 10.0.254.201-10.0.254.210 255.255.255.255 May 13 17:33:14 waldorf ppp[27611]: IPCP: Selected IP address 10.0.254.202 May 13 17:33:14 waldorf ppp[27611]: IPCP: Selected IP address 10.0.254.202 May 13 17:33:14 waldorf ppp[27611]: Command: loop: set server /tmp/loop ******** 0177 May 13 17:33:14 waldorf ppp[27611]: Command: loop: set server /tmp/loop ******** 0177 May 13 17:33:14 waldorf ppp[27611]: Phase: Listening at local socket /tmp/loop. May 13 17:33:14 waldorf ppp[27611]: Phase: Listening at local socket /tmp/loop. May 13 17:33:14 waldorf ppp[27611]: Command: pptp: enable chap May 13 17:33:14 waldorf ppp[27611]: Command: pptp: enable chap May 13 17:33:14 waldorf ppp[27611]: Command: pptp: disable pap May 13 17:33:14 waldorf ppp[27611]: Command: pptp: disable pap May 13 17:33:14 waldorf ppp[27611]: Command: pptp: enable proxy May 13 17:33:14 waldorf ppp[27611]: Command: pptp: enable proxy May 13 17:33:14 waldorf ppp[27611]: Command: pptp: accept dns May 13 17:33:14 waldorf ppp[27611]: Command: pptp: accept dns May 13 17:33:14 waldorf ppp[27611]: Command: pptp: set dns 10.0.254.1 May 13 17:33:14 waldorf ppp[27611]: Command: pptp: set dns 10.0.254.1 May 13 17:33:14 waldorf ppp[27611]: Command: pptp: set nbns 10.0.254.2 May 13 17:33:14 waldorf ppp[27611]: Command: pptp: set nbns 10.0.254.2 May 13 17:33:14 waldorf ppp[27611]: Command: pptp: set device !/etc/ppp/secure May 13 17:33:14 waldorf ppp[27611]: Command: pptp: set device !/etc/ppp/secure May 13 17:33:14 waldorf ppp[27611]: Phase: PPP Started (direct mode). May 13 17:33:14 waldorf ppp[27611]: Phase: PPP Started (direct mode). May 13 17:33:14 waldorf ppp[27611]: Phase: bundle: Establish May 13 17:33:14 waldorf ppp[27611]: Phase: bundle: Establish May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: closed -> opening May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: closed -> opening May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: Connected! May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: Connected! May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: opening -> carrier May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: opening -> carrier May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: carrier -> lcp May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: carrier -> lcp May 13 17:33:14 waldorf ppp[27611]: LCP: FSM: Using "deflink" as a transport May 13 17:33:14 waldorf ppp[27611]: LCP: FSM: Using "deflink" as a transport May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: State change Initial --> Closed May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: State change Initial --> Closed May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: State change Closed --> Stopped May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: State change Closed --> Stopped May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: RecvConfigReq(1) state = Stopped May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: RecvConfigReq(1) state = Stopped May 13 17:33:14 waldorf ppp[27611]: LCP: MAGICNUM[6] 0x001e236c May 13 17:33:14 waldorf ppp[27611]: LCP: MAGICNUM[6] 0x001e236c May 13 17:33:14 waldorf ppp[27611]: LCP: PROTOCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: PROTOCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: ACFCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: ACFCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: SendConfigReq(1) state = Stopped May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: SendConfigReq(1) state = Stopped May 13 17:33:14 waldorf ppp[27611]: LCP: ACFCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: ACFCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: PROTOCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: PROTOCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: ACCMAP[6] 0x00000000 May 13 17:33:14 waldorf ppp[27611]: LCP: ACCMAP[6] 0x00000000 May 13 17:33:14 waldorf ppp[27611]: LCP: MRU[4] 1500 May 13 17:33:14 waldorf ppp[27611]: LCP: MRU[4] 1500 May 13 17:33:14 waldorf ppp[27611]: LCP: MAGICNUM[6] 0x6fbdc413 May 13 17:33:14 waldorf ppp[27611]: LCP: MAGICNUM[6] 0x6fbdc413 May 13 17:33:14 waldorf ppp[27611]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) May 13 17:33:14 waldorf ppp[27611]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: SendConfigAck(1) state = Stopped May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: SendConfigAck(1) state = Stopped May 13 17:33:14 waldorf ppp[27611]: LCP: MAGICNUM[6] 0x001e236c May 13 17:33:14 waldorf ppp[27611]: LCP: MAGICNUM[6] 0x001e236c May 13 17:33:14 waldorf ppp[27611]: LCP: PROTOCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: PROTOCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: ACFCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: ACFCOMP[2] May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: LayerStart May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: LayerStart May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: State change Stopped --> Ack-Sent May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: State change Stopped --> Ack-Sent May 13 17:33:14 waldorf pptpd[13804]: GRE: xmit failed from decaps_hdlc: No route to host May 13 17:33:14 waldorf pptpd[13804]: GRE: xmit failed from decaps_hdlc: No route to host May 13 17:33:14 waldorf pptpd[13804]: CTRL: PTY read or GRE write failed (pty,gre)=(6,5) May 13 17:33:14 waldorf pptpd[13804]: CTRL: PTY read or GRE write failed (pty,gre)=(6,5) May 13 17:33:14 waldorf pptpd[13804]: CTRL: Client 24.42.151.183 control connection finished May 13 17:33:14 waldorf pptpd[13804]: CTRL: Client 24.42.151.183 control connection finished May 13 17:33:14 waldorf pptpd[13804]: CTRL: Exiting now May 13 17:33:14 waldorf pptpd[18491]: MGR: Reaped child 13804 May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: read (0): Got zero bytes May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: read (0): Got zero bytes May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: State change Ack-Sent --> Starting May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: State change Ack-Sent --> Starting May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: LayerFinish May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: LayerFinish May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: State change Starting --> Initial May 13 17:33:14 waldorf ppp[27611]: LCP: deflink: State change Starting --> Initial May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: Disconnected! May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: Disconnected! May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: Connect time: 0 secs: 35 octets in, 97 octets out May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: Connect time: 0 secs: 35 octets in, 97 octets out May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: : 1 packets in, 2 packets out May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: : 1 packets in, 2 packets out May 13 17:33:14 waldorf ppp[27611]: Phase: total 132 bytes/sec, peak 0 bytes/sec on Sun May 13 17:33:14 2001 May 13 17:33:14 waldorf ppp[27611]: Phase: total 132 bytes/sec, peak 0 bytes/sec on Sun May 13 17:33:14 2001 May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: lcp -> closed May 13 17:33:14 waldorf ppp[27611]: Phase: deflink: lcp -> closed May 13 17:33:14 waldorf ppp[27611]: Phase: bundle: Dead May 13 17:33:14 waldorf ppp[27611]: Phase: bundle: Dead May 13 17:33:14 waldorf ppp[27611]: Phase: PPP Terminated (normal). May 13 17:33:14 waldorf ppp[27611]: Phase: PPP Terminated (normal). May 13 17:33:14 waldorf ppp[27611]: Phase: Found interface rl1 for 10.0.254.202 May 13 17:33:14 waldorf ppp[27611]: Phase: Found interface rl1 for 10.0.254.202 -- Andre Dalle [adalle at ncf.ca] Systems Administrator, National Capital Freenet [http://www.ncf.ca] From Chad.Thunberg at guardent.com Mon May 14 06:22:29 2001 From: Chad.Thunberg at guardent.com (Chad.Thunberg at guardent.com) Date: Mon, 14 May 2001 07:22:29 -0400 Subject: [pptp-server] pptp client and cisco vpn 3000 Message-ID: <397E0659AA2DD411843500508B64F1CE01ACB920@USBOSMX01> I am working with the compaq pptp client but have ran into a problem that perhaps some one on this list has had experience with even though the product is different from PoPToP; I have ran into a dead end. I setup the client on redhat 7 2.2.19 and dialed in to a win2k box just fine. I took a win2k pro box and connected it to a Cisco vpn 3000 (Altiga) to insure compatibility with MS-CHAPv2 and 128 bit enc. Everything went well. I then tried to connect the pptp client to the Altiga and got the following error on the Altiga: 5129 05/11/2001 16:50:51.960 SEV=5 PPP/2 RPT=8 1.1.1.1 User [someuser] disconnected. Cannot resolve an IP address for remote peer. The log of the session on the linux box only yields: LCP terminated by peer, after exchanging the session key. I know this is probably a Cisco issue but am doing some trolling for some answers or hints. Thanks for your help, -Chad From ralphw at cnet.com Mon May 14 06:56:59 2001 From: ralphw at cnet.com (Ralph Winslow) Date: Mon, 14 May 2001 07:56:59 -0400 (EDT) Subject: [pptp-server] remove and unsubscribe In-Reply-To: <397E0659AA2DD411843500508B64F1CE01ACB920@USBOSMX01> Message-ID: On Mon, 14 May 2001 Chad.Thunberg at guardent.com wrote: > Date: Mon, 14 May 2001 07:22:29 -0400 > From: Chad.Thunberg at guardent.com > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp client and cisco vpn 3000 > > I am working with the compaq pptp client but have ran into a problem that > perhaps some one on this list has had experience with even though the > product is different from PoPToP; I have ran into a dead end. > > I setup the client on redhat 7 2.2.19 and dialed in to a win2k box just > fine. I took a win2k pro box and connected it to a Cisco vpn 3000 (Altiga) > to insure compatibility with MS-CHAPv2 and 128 bit enc. Everything went > well. I then tried to connect the pptp client to the Altiga and got the > following error on the Altiga: > > 5129 05/11/2001 16:50:51.960 SEV=5 PPP/2 RPT=8 1.1.1.1 > User [someuser] disconnected. Cannot resolve an IP address for remote peer. > > The log of the session on the linux box only yields: LCP terminated by peer, > after exchanging the session key. > > I know this is probably a Cisco issue but am doing some trolling for some > answers or hints. > > Thanks for your help, > -Chad > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > ---- Ralph Winslow Operations/Support/Tools (908)575-8567 x276 From robertjan at motioncontainer.nl Mon May 14 08:17:26 2001 From: robertjan at motioncontainer.nl (Robert Jan van Doggenaar) Date: Mon, 14 May 2001 15:17:26 +0200 Subject: [pptp-server] No browsing on NT domain Message-ID: <0137289A2695D3119A7D00805FC7C113500A1D@motionserver01> I've just installed Poptop on a Linux box. I can create a VPN connection, and with my VPN client I can ping my NT server on my local domain. I cannot however browse my local domain, does anyone have a checklist of things that could prevent this. Robert Jan From menion at srci.iwpsd.org Sun May 13 22:41:36 2001 From: menion at srci.iwpsd.org (Joshua M. Schmidlkofer) Date: Mon, 14 May 2001 10:41:36 +0700 Subject: [pptp-server] mppe-128, and compression. Message-ID: <3AFF53F0.1020806@srci.iwpsd.org> I have seen a few messages dealing with M$ <-> Linux VPN data compression. There is no truly clear answer to me. What is the option, or the possibility of data compression? Is it achievable w/o patented code? Anyones input would be appreciated. thanks, Joshua From rsciovante at arsretia.net Mon May 14 12:27:26 2001 From: rsciovante at arsretia.net (Roberto Sciovante Artis.net) Date: Mon, 14 May 2001 19:27:26 +0200 Subject: [pptp-server] (no subject) Message-ID: <000701c0dc9b$24fe6fb0$095ba8c0@bart> Hi everyone Could someone shed some light on the solution to this problem. I'm tring to setup a VPN using PoPTop (pptpd) and pppd! An extract from the log is included below. I am using ppp-2.3.11 and pptp with kernel 2.4.4. I used VPN-HOWTO to configure my system but... Please help me Roberto! This is my messages log file: May 14 19:10:48 firewall2 pptpd[969]: MGR: Manager process started May 14 19:11:19 firewall2 pptpd[971]: MGR: Launching /usr/sbin/pptpctrl to handle client May 14 19:11:19 firewall2 pptpd[971]: CTRL: local address = 192.168.0.234 May 14 19:11:19 firewall2 pptpd[971]: CTRL: remote address = 192.168.1.234 May 14 19:11:19 firewall2 pptpd[971]: CTRL: pppd speed = 115200 May 14 19:11:19 firewall2 pptpd[971]: CTRL: Client 192.168.91.9 control connection started May 14 19:11:19 firewall2 pptpd[971]: CTRL: Received PPTP Control Message (type: 1) May 14 19:11:19 firewall2 pptpd[971]: CTRL: Made a START CTRL CONN RPLY packet May 14 19:11:19 firewall2 pptpd[971]: CTRL: I wrote 156 bytes to the client. May 14 19:11:19 firewall2 pptpd[971]: CTRL: Sent packet to client May 14 19:11:19 firewall2 pptpd[971]: CTRL: Received PPTP Control Message (type: 7) May 14 19:11:19 firewall2 pptpd[971]: CTRL: Set parameters to 152 maxbps, 3 window size May 14 19:11:19 firewall2 pptpd[971]: CTRL: Made a OUT CALL RPLY packet May 14 19:11:19 firewall2 pptpd[971]: CTRL: Starting call (launching pppd, opening GRE) May 14 19:11:19 firewall2 pptpd[971]: CTRL: pty_fd = 4 May 14 19:11:19 firewall2 pptpd[971]: CTRL: tty_fd = 5 May 14 19:11:19 firewall2 pptpd[973]: CTRL (PPPD Launcher): Connection speed = 115200 May 14 19:11:19 firewall2 pptpd[971]: CTRL: I wrote 32 bytes to the client. May 14 19:11:19 firewall2 pptpd[973]: CTRL (PPPD Launcher): local address = 192.168.0.234 May 14 19:11:19 firewall2 pptpd[971]: CTRL: Sent packet to client May 14 19:11:19 firewall2 pptpd[973]: CTRL (PPPD Launcher): remote address = 192.168.1.234 May 14 19:11:19 firewall2 pptpd[971]: CTRL: Received PPTP Control Message (type: 15) May 14 19:11:19 firewall2 pppd[973]: pppd 2.3.11 started by root, uid 0 May 14 19:11:19 firewall2 pptpd[971]: CTRL: Got a SET LINK INFO packet with standard ACCMs May 14 19:11:19 firewall2 pppd[973]: Couldn't attach tty to PPP unit 0: Invalid argument May 14 19:11:19 firewall2 pppd[973]: tcsetattr: Invalid argument May 14 19:11:19 firewall2 pppd[973]: Exit. May 14 19:11:19 firewall2 pptpd[971]: GRE: read(fd=4,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output error May 14 19:11:19 firewall2 pptpd[971]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) May 14 19:11:19 firewall2 pptpd[971]: CTRL: Client 192.168.91.9 control connection finished May 14 19:11:19 firewall2 pptpd[971]: CTRL: Exiting now May 14 19:11:19 firewall2 pptpd[969]: MGR: Reaped child 971 From scott.venier at compaq.com Mon May 14 13:54:16 2001 From: scott.venier at compaq.com (Scott Venier) Date: Mon, 14 May 2001 14:54:16 -0400 (EDT) Subject: [pptp-server] (no subject) In-Reply-To: <000701c0dc9b$24fe6fb0$095ba8c0@bart> Message-ID: On Mon, 14 May 2001, Roberto Sciovante Artis.net wrote: > An extract from the log is included below. I am using ppp-2.3.11 and > pptp with kernel 2.4.4. > There's your problem... you need ppp-2.4.x to work with a 2.4 kernel. Scott From lists at earthling.2y.net Mon May 14 17:56:56 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Mon, 14 May 2001 18:56:56 -0400 (EDT) Subject: [pptp-server] mppe-128, and compression. In-Reply-To: <3AFF53F0.1020806@srci.iwpsd.org> Message-ID: Nobody has bothered to write code to support MPPC, the spec is in the RFC, its based off of VJ-Header Compression if memory serves. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu On Mon, 14 May 2001, Joshua M. Schmidlkofer wrote: > I have seen a few messages dealing with M$ <-> Linux VPN data > compression. There is no truly clear answer to me. What is the > option, or the possibility of data compression? Is it achievable w/o > patented code? > > > Anyones input would be appreciated. > > > thanks, > Joshua > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From berzerke at swbell.net Mon May 14 20:09:41 2001 From: berzerke at swbell.net (robert) Date: Mon, 14 May 2001 20:09:41 -0500 Subject: [pptp-server] No browsing on NT domain In-Reply-To: <0137289A2695D3119A7D00805FC7C113500A1D@motionserver01> References: <0137289A2695D3119A7D00805FC7C113500A1D@motionserver01> Message-ID: <01051420094100.32401@linux> Try the 2.4 kernel howto, section 5.10. http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt On Monday 14 May 2001 08:17, Robert Jan van Doggenaar wrote: > I've just installed Poptop on a Linux box. > > I can create a VPN connection, and with my VPN client I can ping > my NT server on my local domain. > > I cannot however browse my local domain, does anyone have a checklist of > things that could prevent this. > > > Robert Jan > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jpej at geo-rede.com.br Tue May 15 07:57:14 2001 From: jpej at geo-rede.com.br (Jose de Paula E. Junior) Date: Tue, 15 May 2001 09:57:14 -0300 Subject: [pptp-server] Windows sends "\\" in the login - chap-secrets Message-ID: <3B0127AA.7080008@geo-rede.com.br> Hello there.. I'm using poptop in my ISP, and I have 120 clients using the system right now. Poptop is doing fine the job. But, sometimes, the windows clients start to send a \\ before the login, and the client can't connect (no MSCHAP found for authenticating \\client...) Somebody see this happening? Solutions? And about chap-secrets, the pppd can only authenticate using this file? It's really hard to make programs that manipulate the chap-secrets, and my clients want to change passwords and things like this via a web interface or something like that... Thanks Junior Geo-rede Wireless Internet http://www.geo-rede.com.br From dpolak at wetautomotive.com Tue May 15 09:47:40 2001 From: dpolak at wetautomotive.com (Don Polak) Date: Tue, 15 May 2001 10:47:40 -0400 Subject: [pptp-server] SuSE 7.0 and a Mixed Network Message-ID: <8F42D4100C5FD311AA4D0000E889EDA7B97C22@MAIL_WIN> Hello, I am working on implementing PPTP at home and at the office. I have a couple of twists involved in this that I need your help on. First has anyone tried out the PPTP on SuSE? I have almost all the versions, but the newest is 7.0, and BTW I have the international version with 128bit encryption. Second my home location does not have a Windows Server, but an OS/2 Warp Server. Version 5 advanced to be exact. The office has an OS/2 Warp Server v4 SMP Advanced as the File & Print server, and a Windows NT Exchange Server. The users and their passwords are uniform across the platforms between NT and OS/2, and I want the users to access the files on the OS/2 server as if they were on the network, hence the VPN. Is there anyone that could help me on this matter? Is it possible to do this? Your help would be greatly appreciated. Regards, Donald Polak Senior Technical Analyst - Infrastructure W.E.T. Automotive Systems Ltd. 9475 Twin Oaks Drive Windsor, Ontario, N8N5B8 1-519-735-1818 x271 From mikes at hartwellcorp.com Tue May 15 11:51:12 2001 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Tue, 15 May 2001 09:51:12 -0700 Subject: [pptp-server] Windows sends "\\" in the login - chap-secrets Message-ID: <91A5926EFF44D3118B1200104B7276EB6550B9@hart-exchange.hartwellcorp.com> Maybe the "Strip MS-Domain" patch would correct this. -------------------- Michael St. Laurent Hartwell Corporation > -----Original Message----- > From: Jose de Paula E. Junior [mailto:jpej at geo-rede.com.br] > Sent: Tuesday, May 15, 2001 5:57 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Windows sends "\\" in the login - chap-secrets > > > Hello there.. > > I'm using poptop in my ISP, and I have 120 clients using the system > right now. Poptop is doing fine the job. > > But, sometimes, the windows clients start to send a \\ before > the login, > and the client can't connect (no MSCHAP found for authenticating > \\client...) > > Somebody see this happening? Solutions? > > And about chap-secrets, the pppd can only authenticate using > this file? > It's really hard to make programs that manipulate the > chap-secrets, and > my clients want to change passwords and things like this via a web > interface or something like that... > > > Thanks > > Junior > Geo-rede Wireless Internet > http://www.geo-rede.com.br > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From neale at lowendale.com.au Tue May 15 17:24:57 2001 From: neale at lowendale.com.au (Neale Banks) Date: Wed, 16 May 2001 08:24:57 +1000 (EST) Subject: [pptp-server] Windows sends "\\" in the login - chap-secrets In-Reply-To: <3B0127AA.7080008@geo-rede.com.br> Message-ID: On Tue, 15 May 2001, Jose de Paula E. Junior wrote: > I'm using poptop in my ISP, and I have 120 clients using the system > right now. Poptop is doing fine the job. > > But, sometimes, the windows clients start to send a \\ before the login, > and the client can't connect (no MSCHAP found for authenticating > \\client...) > > Somebody see this happening? Solutions? As has been pointed out, this is a known "challenge" and there are patches around to strip this cruft (sorry, don't have a pointer at hand). > And about chap-secrets, the pppd can only authenticate using this file? > It's really hard to make programs that manipulate the chap-secrets, and > my clients want to change passwords and things like this via a web > interface or something like that... With CHAP, the absolute requirement is that the CHAP routines have the plaintext password available - as you've pointed out pppd's out-of-the-box answer to this is the chap-secrets file. It's also a Good Idea to protect these plaintexts from prying eyes ;-) In theory, you should be able to substitute any other mechanism (obviously paying due respect to security) so long as it returns said plaintext password. Whilst conventional PAM is not an answer (AFAIK it returns success or failure rather than the password) it looks to me that it should be possible to write what might be called "Pluggable Chap Modules" - each module having a different back-end access to the plaintext. HTH, Neale. From aglait at diveo.net.ar Wed May 16 10:58:21 2001 From: aglait at diveo.net.ar (Alan Glait) Date: Wed, 16 May 2001 12:58:21 -0300 Subject: [pptp-server] daemon dies under Solaris 7 Message-ID: <373CD9CD766CD4118EC100508BD93455CE600A@diveoexch.diveo.com.ar> Hi, I have a problem running pptpd as a daemon under solaris. I start the daemon, I can connect ok from my win2k box, but when I disconnect, the daemon suddenly dies. I neither can start pptpctrl from the inetd, if anyone did it under solaris inetd, can u please send me the line that u put?. Thanks in advance, Alan. From tim at terminalarrogance.com Wed May 16 11:18:52 2001 From: tim at terminalarrogance.com (Tim Carr) Date: Wed, 16 May 2001 12:18:52 -0400 Subject: [pptp-server] PPPd 2.4 Message-ID: <01051612185202.01474@rosignante> Help - i'm trying to integrate PPTP (using poptop) into a suite of programs. The problem i'm having is that the only patches i've found to update linux PPPd so it has MSCHAPv2 and MPPE support are for OLD versions of PPPd. Please can someone point me to patches for PPP 2.4.0 or 2.4.1 ?? I realize I could use slirp, but that's not possible in my situation :) Thanks, Tim From awdavis at waretec.com Wed May 16 21:45:31 2001 From: awdavis at waretec.com (Andrew W. Davis) Date: Wed, 16 May 2001 21:45:31 -0500 Subject: [pptp-server] poptop for ipsec In-Reply-To: ; from anesthes@cisdi.com on Tue, May 01, 2001 at 01:19:17AM -0500 References: <20010430124645.A724@falcon.waretec.com> Message-ID: <20010516214531.A25545@falcon.waretec.com> so I know the whole deal for vpn clients, but is poptop the best program for linux when implementing box to box ipsec connections? if so, would someone point me to some docs so I can get some schoolin' on the matter. Also...Justin are you out of hell (school) for a while enough to work on some code for NT PDC authentication. I'd be willing to help in any way I can when you get around to it. Thanks all, Andrew From berzerke at swbell.net Wed May 16 22:53:09 2001 From: berzerke at swbell.net (robert) Date: Wed, 16 May 2001 22:53:09 -0500 Subject: [pptp-server] PPPd 2.4 In-Reply-To: <01051612185202.01474@rosignante> References: <01051612185202.01474@rosignante> Message-ID: <01051622530900.02815@linux> Try ftp://ftp.binarix.com/pub/ppp-mppe/ On Wednesday 16 May 2001 11:18, Tim Carr wrote: > Help - i'm trying to integrate PPTP (using poptop) into a suite of > programs. The problem i'm having is that the only patches i've found to > update linux PPPd so it has MSCHAPv2 and MPPE support are for OLD versions > of PPPd. Please can someone point me to patches for PPP 2.4.0 or 2.4.1 ?? > > I realize I could use slirp, but that's not possible in my situation :) > > Thanks, > > Tim From berzerke at swbell.net Wed May 16 22:57:15 2001 From: berzerke at swbell.net (robert) Date: Wed, 16 May 2001 22:57:15 -0500 Subject: [pptp-server] poptop for ipsec In-Reply-To: <20010516214531.A25545@falcon.waretec.com> References: <20010430124645.A724@falcon.waretec.com> <20010516214531.A25545@falcon.waretec.com> Message-ID: <01051622571501.02815@linux> PoPTop and IPSec, while they perform (in theory) much the same functions, they are different protocols. See http://www.xs4all.nl/~freeswan/ for IPSec stuff. On Wednesday 16 May 2001 21:45, Andrew W. Davis wrote: > so I know the whole deal for vpn clients, but is poptop the best program > for linux when implementing box to box ipsec connections? if so, would > someone point me to some docs so I can get some schoolin' on the matter. > > Also...Justin are you out of hell (school) for a while enough to work on > some code for NT PDC authentication. I'd be willing to help in any way I > can when you get around to it. > > Thanks all, > Andrew > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From andrew at tns.com.au Thu May 17 00:20:31 2001 From: andrew at tns.com.au (Andrew Bird) Date: Thu, 17 May 2001 15:20:31 +1000 Subject: [pptp-server] Problems with Win2k client connecting to FreeBSD pptpd server Message-ID: Hi guys, Hopefulle you might be able to help me out. I've trawled the FAQ's and the message archives with no luck, so if you have any brilliant ideas in the mean time they'd be much appreciated. Ok, I have a Win2k SP1 machine which i'm attempting to connect to a FreeBSD 3.4 pptpd server. Configuration at the moment is as follows... /etc/ppp/ppp.conf default: set log Phase Chat LCP IPCP CCP tun command set speed 115200 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK \\ dATDT\\T TIMEOUT 40 CONNECT" set timeout 120 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 add default HISADDR enable dns pptp: enable chap enable mschap accept chap accept mschap enable proxy set dial set login set timeout 0 disable pap deny pap set dns 10.0.0.1 set nbns 10.0.0.1 accept dns /etc/ppp/ppp.secret username password 10.0.200.1 /etc/ppp/options debug name name auth require-chap proxyarp The Win2k machine is configured for server assigned IP address (though I've tried having it statically assigned), and is using CHAP authentication. When I try and connect, I get the following in /var/log/ppp.log (though in the interested of not having a terribly long email, I've cut all the stuff at the top that seems to have worked ok) May 17 14:27:19 bsd ppp[19763]: tun0: CCP: deflink: LayerStart. May 17 14:27:19 bsd ppp[19763]: tun0: CCP: deflink: SendConfigReq(1) state = Closed May 17 14:27:19 bsd ppp[19763]: tun0: CCP: DEFLATE[4] win 15 May 17 14:27:19 bsd ppp[19763]: tun0: CCP: PRED1[2] May 17 14:27:19 bsd ppp[19763]: tun0: CCP: deflink: State change Closed --> Req-Sent May 17 14:27:19 bsd ppp[19763]: tun0: Phase: deflink: lcp -> open May 17 14:27:19 bsd ppp[19763]: tun0: Phase: bundle: Network May 17 14:27:19 bsd ppp[19763]: tun0: IPCP: FSM: Using "deflink" as a transport May 17 14:27:19 bsd ppp[19763]: tun0: IPCP: deflink: State change Initial --> Closed May 17 14:27:19 bsd ppp[19763]: tun0: IPCP: deflink: LayerStart. May 17 14:27:19 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigReq(1) state = Closed May 17 14:27:19 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:19 bsd ppp[19763]: tun0: IPCP: COMPPROTO[6] 16 VJ slots with slot compression May 17 14:27:19 bsd ppp[19763]: tun0: IPCP: PRIDNS[6] 127.0.0.1 May 17 14:27:19 bsd ppp[19763]: tun0: IPCP: SECDNS[6] 203.8.183.1 May 17 14:27:19 bsd ppp[19763]: tun0: IPCP: deflink: State change Closed --> Req-Sent May 17 14:27:21 bsd ppp[19763]: tun0: CCP: deflink: RecvConfigReq(6) state = Req-Sent May 17 14:27:21 bsd ppp[19763]: tun0: CCP: MPPC[6] May 17 14:27:21 bsd ppp[19763]: tun0: CCP: deflink: SendConfigRej(6) state = Req-Sent May 17 14:27:21 bsd ppp[19763]: tun0: CCP: MPPC[6] May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: deflink: RecvConfigReq(7) state = Req-Sent May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: PRIDNS[6] 0.0.0.0 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: PRINBNS[6] 0.0.0.0 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: SECDNS[6] 0.0.0.0 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: SECNBNS[6] 0.0.0.0 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigNak(7) state = Req-Sent May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 10.0.200.1 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: PRIDNS[6] 10.0.0.1 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: PRINBNS[6] 10.0.0.1 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: SECDNS[6] 10.0.0.1 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: SECNBNS[6] 10.0.0.1 May 17 14:27:21 bsd ppp[19763]: tun0: CCP: deflink: RecvConfigRej(1) state = Req-Sent May 17 14:27:21 bsd ppp[19763]: tun0: CCP: DEFLATE[4] win 15 May 17 14:27:21 bsd ppp[19763]: tun0: CCP: PRED1[2] May 17 14:27:21 bsd ppp[19763]: tun0: CCP: deflink: SendConfigReq(2) state = Req-Sent May 17 14:27:21 bsd ppp[19763]: tun0: CCP: [EMPTY] May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: deflink: RecvConfigRej(1) state = Req-Sent May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: COMPPROTO[6] 16 VJ slots with slot compression May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: PRIDNS[6] 127.0.0.1 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: SECDNS[6] 203.8.183.1 May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigReq(2) state = Req-Sent May 17 14:27:21 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:23 bsd ppp[19763]: tun0: CCP: deflink: RecvTerminateReq(8) state =Req-Sent May 17 14:27:23 bsd ppp[19763]: tun0: CCP: deflink: SendTerminateAck(8) state =Req-Sent May 17 14:27:24 bsd ppp[19763]: tun0: CCP: deflink: SendConfigReq(2) state = Req-Sent May 17 14:27:24 bsd ppp[19763]: tun0: CCP: [EMPTY] May 17 14:27:24 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigReq(2) state = Req-Sent May 17 14:27:24 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: deflink: RecvConfigReq(9) state = Req-Sent May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: PRIDNS[6] 0.0.0.0 May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: PRINBNS[6] 0.0.0.0 May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: SECDNS[6] 0.0.0.0 May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: SECNBNS[6] 0.0.0.0 May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigNak(9) state = Req-Sent May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 10.0.200.1 May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: PRIDNS[6] 10.0.0.1 May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: PRINBNS[6] 10.0.0.1 May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: SECDNS[6] 10.0.0.1 May 17 14:27:25 bsd ppp[19763]: tun0: IPCP: SECNBNS[6] 10.0.0.1 May 17 14:27:26 bsd ppp[19763]: tun0: CCP: deflink: RecvTerminateAck(2) state =Req-Sent May 17 14:27:26 bsd ppp[19763]: tun0: IPCP: deflink: RecvConfigRej(2) state = Req-Sent May 17 14:27:26 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:26 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigReq(3) state = Req-Sent May 17 14:27:26 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: deflink: RecvConfigReq(10) state = Req-Sent May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 10.0.200.1 May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: PRIDNS[6] 10.0.0.1 May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: PRINBNS[6] 10.0.0.1 May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: SECDNS[6] 10.0.0.1 May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: SECNBNS[6] 10.0.0.1 May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigAck(10) state = Req-Sent May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 10.0.200.1 May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: PRIDNS[6] 10.0.0.1 May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: PRINBNS[6] 10.0.0.1 May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: SECDNS[6] 10.0.0.1 May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: SECNBNS[6] 10.0.0.1 May 17 14:27:27 bsd ppp[19763]: tun0: IPCP: deflink: State change Req-Sent --> Ack-Sent May 17 14:27:27 bsd ppp[19763]: tun0: CCP: deflink: SendConfigReq(3) state = Req-Sent May 17 14:27:27 bsd ppp[19763]: tun0: CCP: [EMPTY] May 17 14:27:28 bsd ppp[19763]: tun0: IPCP: deflink: RecvConfigRej(3) state = Ack-Sent May 17 14:27:28 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:28 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigReq(4) state = Ack-Sent May 17 14:27:28 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:30 bsd ppp[19763]: tun0: CCP: deflink: RecvTerminateAck(3) state =Req-Sent May 17 14:27:30 bsd ppp[19763]: tun0: CCP: deflink: SendConfigReq(4) state = Req-Sent May 17 14:27:30 bsd ppp[19763]: tun0: CCP: [EMPTY] May 17 14:27:31 bsd ppp[19763]: tun0: IPCP: deflink: RecvConfigRej(4) state = Ack-Sent May 17 14:27:31 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:31 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigReq(5) state = Ack-Sent May 17 14:27:31 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:33 bsd ppp[19763]: tun0: CCP: deflink: SendConfigReq(4) state = Req-Sent May 17 14:27:33 bsd ppp[19763]: tun0: CCP: [EMPTY] May 17 14:27:33 bsd ppp[19763]: tun0: CCP: deflink: RecvTerminateAck(4) state =Req-Sent May 17 14:27:34 bsd ppp[19763]: tun0: IPCP: deflink: RecvConfigRej(5) state = Ack-Sent May 17 14:27:34 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:34 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigReq(6) state = Ack-Sent May 17 14:27:34 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:36 bsd ppp[19763]: tun0: CCP: deflink: RecvTerminateAck(4), dropped (expected 5) May 17 14:27:36 bsd ppp[19763]: tun0: CCP: deflink: LayerFinish. May 17 14:27:36 bsd ppp[19763]: tun0: CCP: deflink: State change Req-Sent --> Stopped May 17 14:27:37 bsd ppp[19763]: tun0: IPCP: deflink: RecvTerminateReq(11) state= Ack-Sent May 17 14:27:37 bsd ppp[19763]: tun0: IPCP: deflink: SendTerminateAck(11) state= Ack-Sent May 17 14:27:37 bsd ppp[19763]: tun0: IPCP: deflink: State change Ack-Sent --> Req-Sent May 17 14:27:38 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigReq(6) state = Req-Sent May 17 14:27:38 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:41 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigReq(6) state = Req-Sent May 17 14:27:41 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:41 bsd ppp[19763]: tun0: IPCP: deflink: RecvTerminateAck(6) state = Req-Sent May 17 14:27:41 bsd ppp[19763]: tun0: LCP: deflink: RecvTerminateReq(12) state = Opened May 17 14:27:41 bsd ppp[19763]: tun0: LCP: deflink: LayerDown May 17 14:27:41 bsd ppp[19763]: tun0: LCP: deflink: SendTerminateAck(12) state = Opened May 17 14:27:41 bsd ppp[19763]: tun0: LCP: deflink: State change Opened --> Stopping May 17 14:27:41 bsd ppp[19763]: tun0: CCP: deflink: State change Stopped --> Closed May 17 14:27:41 bsd ppp[19763]: tun0: CCP: deflink: State change Closed --> Initial May 17 14:27:41 bsd ppp[19763]: tun0: Phase: deflink: open -> lcp May 17 14:27:44 bsd ppp[19763]: tun0: IPCP: deflink: SendConfigReq(7) state = Req-Sent May 17 14:27:44 bsd ppp[19763]: tun0: IPCP: IPADDR[6] 0.0.0.0 May 17 14:27:44 bsd ppp[19763]: tun0: Phase: deflink: read (0): Got zero bytes May 17 14:27:44 bsd ppp[19763]: tun0: LCP: deflink: State change Stopping --> Starting May 17 14:27:44 bsd ppp[19763]: tun0: LCP: deflink: LayerFinish May 17 14:27:44 bsd ppp[19763]: tun0: LCP: deflink: State change Starting --> Initial May 17 14:27:44 bsd ppp[19763]: tun0: IPCP: deflink: State change Req-Sent --> Starting May 17 14:27:44 bsd ppp[19763]: tun0: IPCP: deflink: LayerFinish. May 17 14:27:44 bsd ppp[19763]: tun0: IPCP: Connect time: 25 secs: 0 octets in,0 octets out May 17 14:27:44 bsd ppp[19763]: tun0: IPCP: total 0 bytes/sec, peak 0 bytes/sec on Thu May 17 14:27:44 2001 May 17 14:27:44 bsd ppp[19763]: tun0: IPCP: deflink: State change Starting --> Initial May 17 14:27:44 bsd ppp[19763]: tun0: Phase: bundle: Terminate May 17 14:27:44 bsd ppp[19763]: tun0: Phase: deflink: Disconnected! May 17 14:27:44 bsd ppp[19763]: tun0: Phase: deflink: Connect time: 39 secs: 921 octets in, 1088 octets out May 17 14:27:44 bsd ppp[19763]: tun0: Phase: total 51 bytes/sec, peak 106 bytes/sec on Thu May 17 14:27:44 2001 May 17 14:27:44 bsd ppp[19763]: tun0: Phase: deflink: lcp -> closed May 17 14:27:44 bsd ppp[19763]: tun0: Phase: bundle: Dead May 17 14:27:44 bsd ppp[19763]: tun0: Phase: PPP Terminated (normal). May 17 14:27:44 bsd ppp[19763]: tun0: Phase: Found interface fxp0 for 10.0.200.1 At the end of the day, I can't see what it configured wrong... any help would be MUCH appreciated... :) Thanks in advance, Andrew Bird From lists at earthling.2y.net Thu May 17 03:40:14 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 17 May 2001 04:40:14 -0400 (EDT) Subject: [pptp-server] poptop for ipsec In-Reply-To: <20010516214531.A25545@falcon.waretec.com> Message-ID: What kind of boxes will you be connecting via ipsec? I think win2k <-> win2k likes l2tp, but i bleave you can do ESP IPSec tunnels with win2k and linux. btw, yes, I'm nearly out of hell, only exams now. I'm going to be working on it a little bit tonight, Looks as if we will be linking pppd with LibSMB from samba-tng once I have it all working. As I'm working on it, i may just put the code onto a NFS share, and have it sync to the webserver or soemthing, I will let you guys know once I start getting some code written. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 16 May 2001, Andrew W. Davis wrote: > so I know the whole deal for vpn clients, but is poptop the best program for > linux when implementing box to box ipsec connections? if so, would someone > point me to some docs so I can get some schoolin' on the matter. > > Also...Justin are you out of hell (school) for a while enough to work on some > code for NT PDC authentication. I'd be willing to help in any way I can when > you get around to it. > > Thanks all, > Andrew > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From awdavis at waretec.com Thu May 17 09:19:44 2001 From: awdavis at waretec.com (Andrew W. Davis) Date: Thu, 17 May 2001 09:19:44 -0500 Subject: [pptp-server] poptop for ipsec In-Reply-To: ; from lists@earthling.2y.net on Thu, May 17, 2001 at 04:40:14AM -0400 References: <20010516214531.A25545@falcon.waretec.com> Message-ID: <20010517091944.A26162@falcon.waretec.com> On Thu, May 17, 2001 at 04:40:14AM -0400, Justin Kreger wrote: > What kind of boxes will you be connecting via ipsec? I think win2k <-> > win2k likes l2tp, but i bleave you can do ESP IPSec tunnels with win2k and > linux. > just linux (RH7.0) to linux (RH7.0). It's already been suggested that I take a look at freeswan. I haven't had a chance to yet. Wish I could afford actual hard routers to do this, but it's just personal stuff and I couldn't justify spending that much on it... Thanks all, Andrew From vgill at technologist.com Thu May 17 17:42:11 2001 From: vgill at technologist.com (Gill, Vern) Date: Thu, 17 May 2001 15:42:11 -0700 Subject: [pptp-server] Windows sends "\\" in the login - chap-secrets Message-ID: <8D043DEA73DFD411958A00A0C90AB760045B5B@ftp.gillnet.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On my site, and others, there is a patch for ppp-2.4.x that will strip the domain name, as well as add mppe, require-mppe, and smbpasswd authentication for pppd. Go to http://linus.yi.org, and click the PPP tab at the top. smbpasswd is a great place for passwords, as it allows them to be encrypted on-disk, as well as allowing users to change them via samba. Check it out. PGP Signed! Why? "If all the personal computers in the world - ~260 million computers - were put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, on average, to break a single message." - - William Crowell, Deputy Director of the National Security Agency, in testimony to the U.S. Congress, March 20, 1997 - -----Original Message----- From: Neale Banks [mailto:neale at lowendale.com.au] Sent: Tuesday, May 15, 2001 3:25 PM To: Jose de Paula E. Junior Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Windows sends "\\" in the login - chap-secrets On Tue, 15 May 2001, Jose de Paula E. Junior wrote: > I'm using poptop in my ISP, and I have 120 clients using the system > right now. Poptop is doing fine the job. > > But, sometimes, the windows clients start to send a \\ before the > login, and the client can't connect (no MSCHAP found for > authenticating > \\client...) > > Somebody see this happening? Solutions? As has been pointed out, this is a known "challenge" and there are patches around to strip this cruft (sorry, don't have a pointer at hand). > And about chap-secrets, the pppd can only authenticate using this > file? It's really hard to make programs that manipulate the > chap-secrets, and my clients want to change passwords and things > like this via a web interface or something like that... With CHAP, the absolute requirement is that the CHAP routines have the plaintext password available - as you've pointed out pppd's out-of-the-box answer to this is the chap-secrets file. It's also a Good Idea to protect these plaintexts from prying eyes ;-) In theory, you should be able to substitute any other mechanism (obviously paying due respect to security) so long as it returns said plaintext password. Whilst conventional PAM is not an answer (AFAIK it returns success or failure rather than the password) it looks to me that it should be possible to write what might be called "Pluggable Chap Modules" - each module having a different back-end access to the plaintext. HTH, Neale. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOwRROheamMdwy9TXEQK0rQCggyDul5BYawEZMInA24/V17ZphlIAn3/t a4JEchAz34XxIPXtih68BRdE =RBW7 -----END PGP SIGNATURE----- From lists at earthling.2y.net Thu May 17 18:59:39 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 17 May 2001 19:59:39 -0400 (EDT) Subject: [pptp-server] poptop for ipsec In-Reply-To: <20010517091944.A26162@falcon.waretec.com> Message-ID: I have done it with freeswan for several customers and have no problems. I rather like it. The tunnel is part of IPSec, so you will only need freeswan on both boxes. Just some notes, freeswan has no probs with 2.4.x as far as i can see, but will not work with 2.2.19 from what I have seen. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 17 May 2001, Andrew W. Davis wrote: > On Thu, May 17, 2001 at 04:40:14AM -0400, Justin Kreger wrote: > > What kind of boxes will you be connecting via ipsec? I think win2k <-> > > win2k likes l2tp, but i bleave you can do ESP IPSec tunnels with win2k and > > linux. > > > just linux (RH7.0) to linux (RH7.0). It's already been suggested that I take > a look at freeswan. I haven't had a chance to yet. Wish I could afford > actual hard routers to do this, but it's just personal stuff and I couldn't > justify spending that much on it... > > Thanks all, > Andrew > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From ctooley at amoa.org Fri May 18 08:08:13 2001 From: ctooley at amoa.org (ctooley at amoa.org) Date: Fri, 18 May 2001 08:08:13 -0500 Subject: [pptp-server] Patching kernel 2.2.19 with PPP+MS-CHAP Message-ID: <86256A50.0046F9F7.00@amoa.org> I've got the 2.2.19 kernel downloaded from kernel.org, ppp-2.3.11 with the MS-CHAP patches and when I try to compile the kernel I'm getting a bunch of errors about PPP_MAGIC not being right. I remember something about this from before, but I can't remember what it was for sure. Chris Tooley From harald at scharf.co.at Fri May 18 08:17:56 2001 From: harald at scharf.co.at (Harald Scharf) Date: Fri, 18 May 2001 15:17:56 +0200 Subject: [pptp-server] Big Problems with any poptop Version Message-ID: <3B052104.2080906@scharf.co.at> hello to all, i have some very big problems with any version of PoToP. The access from a single Client seems to be no probelm, but now i have a client, that wants to connect a whole network to the central site, wich runs poptop (1.0.1). Because of cost reasons, the client put a Zyxel Prestige 312 ADSL Router to the other site and put a Windows BDC behind the NAT Router (which supports pptp of course). The connection goes up without any problem, and any stateless protocol seems to pass the VPN without any problems (Ping, DNS Query....). But if want to establish a statefull (TCP) connection, the only thing i get back is the Escape Character, and the connection hangs. The same thing happens on the Routers Character Console. I putted an ethernet sniffer to the network and examined the IP Packets -> They are completely empty. OK, i canceled the Zyxel Router and used the Micro$oft RRAS (Steelhead) Multi Protokoll Router on the BDC. Again, the connection goes up, and (ooh look, the same Configuration) i can send Data over the VPN link (with TCP, ICMP, UDP.... :-), but when i try to transfer a bigger amount of data i get a : not enough space tp encrypt packet : 1504<1504+4 and the connection hangs. I tried several other solutions with non poptop Clients at the Router Side, and it ever failed very hard. (No Connections, Encrypting Problems, Decrypting Problems....) Please Help! Any idea whats happening ? regards Harald Scharf ------------- Again, the Connection From berzerke at swbell.net Fri May 18 10:03:44 2001 From: berzerke at swbell.net (robert) Date: Fri, 18 May 2001 10:03:44 -0500 Subject: [pptp-server] Big Problems with any poptop Version In-Reply-To: <3B052104.2080906@scharf.co.at> References: <3B052104.2080906@scharf.co.at> Message-ID: <01051810034400.09738@linux> If you can connect one client (and transmit fine), you might try having that client act as a "router" and make your default gateway the other end of the VPN connection. On Friday 18 May 2001 08:17, Harald Scharf wrote: > hello to all, > > i have some very big problems with any version of PoToP. > The access from a single Client seems to be no probelm, but now > i have a client, that wants to connect a whole network to the central site, > wich runs poptop (1.0.1). > Because of cost reasons, the client put a Zyxel Prestige 312 ADSL Router > to the other site and put a Windows BDC behind the NAT Router (which > supports pptp of course). > The connection goes up without any problem, and any stateless protocol > seems to pass the VPN without any problems (Ping, DNS Query....). > But if want to establish a statefull (TCP) connection, the only thing i > get back > is the Escape Character, and the connection hangs. The same thing > happens on the Routers Character Console. > > I putted an ethernet sniffer to the network and examined the IP Packets -> > They are completely empty. > > OK, i canceled the Zyxel Router and used the Micro$oft RRAS (Steelhead) > Multi Protokoll Router on the BDC. > Again, the connection goes up, and (ooh look, the same Configuration) > i can send Data over the VPN link (with TCP, ICMP, UDP.... :-), > but when i try to transfer a bigger amount of data i get a : > > not enough space tp encrypt packet : 1504<1504+4 > > and the connection hangs. > > I tried several other solutions with non poptop Clients at the Router > Side, and > it ever failed very hard. (No Connections, Encrypting Problems, > Decrypting Problems....) > > Please Help! > Any idea whats happening ? > > > regards > > Harald Scharf > ------------- > > > Again, the Connection > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Fri May 18 16:58:52 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 18 May 2001 17:58:52 -0400 (EDT) Subject: [pptp-server] Big Problems with any poptop Version In-Reply-To: <01051810034400.09738@linux> Message-ID: Ok, I'm going to write a webpage on how to route between networks with PPTP...... Anyway..... take the MTU and MRU on pppd to something like 736, a packet can't be larger than 1500, both on a ppp link, and ethernet. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Fri, 18 May 2001, robert wrote: > If you can connect one client (and transmit fine), you might try having that > client act as a "router" and make your default gateway the other end of the > VPN connection. > > On Friday 18 May 2001 08:17, Harald Scharf wrote: > > hello to all, > > > > i have some very big problems with any version of PoToP. > > The access from a single Client seems to be no probelm, but now > > i have a client, that wants to connect a whole network to the central site, > > wich runs poptop (1.0.1). > > Because of cost reasons, the client put a Zyxel Prestige 312 ADSL Router > > to the other site and put a Windows BDC behind the NAT Router (which > > supports pptp of course). > > The connection goes up without any problem, and any stateless protocol > > seems to pass the VPN without any problems (Ping, DNS Query....). > > But if want to establish a statefull (TCP) connection, the only thing i > > get back > > is the Escape Character, and the connection hangs. The same thing > > happens on the Routers Character Console. > > > > I putted an ethernet sniffer to the network and examined the IP Packets -> > > They are completely empty. > > > > OK, i canceled the Zyxel Router and used the Micro$oft RRAS (Steelhead) > > Multi Protokoll Router on the BDC. > > Again, the connection goes up, and (ooh look, the same Configuration) > > i can send Data over the VPN link (with TCP, ICMP, UDP.... :-), > > but when i try to transfer a bigger amount of data i get a : > > > > not enough space tp encrypt packet : 1504<1504+4 > > > > and the connection hangs. > > > > I tried several other solutions with non poptop Clients at the Router > > Side, and > > it ever failed very hard. (No Connections, Encrypting Problems, > > Decrypting Problems....) > > > > Please Help! > > Any idea whats happening ? > > > > > > regards > > > > Harald Scharf > > ------------- > > > > > > Again, the Connection > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From j.k.bijl at its.tudelft.nl Fri May 18 18:19:34 2001 From: j.k.bijl at its.tudelft.nl (Joost Bijl) Date: Sat, 19 May 2001 01:19:34 +0200 Subject: [pptp-server] pppd authentication via system passwords? Message-ID: <004e01c0dff1$004ea3c0$a2ca5e91@thor> Hi there, currently i'm working on a project which involves some VPN parts. I can't get it to work for the pppd to authenticate it's users to the local passwd database. There are patches around which will authenticate against a smb server but that's not a real option. i use pppd 2.4.1 and pptpd 1.1.2 (pppd is patched to support mppe as is the kernel) kind regards Joost From charlieb at e-smith.com Fri May 18 18:56:35 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 18 May 2001 19:56:35 -0400 (EDT) Subject: [pptp-server] pppd authentication via system passwords? In-Reply-To: <004e01c0dff1$004ea3c0$a2ca5e91@thor> Message-ID: On Sat, 19 May 2001, Joost Bijl wrote: > currently i'm working on a project which involves some VPN parts. > > I can't get it to work for the pppd to authenticate it's users to the local passwd database. > There are patches around which will authenticate against a smb server but that's not a real option. What you're asking isn't really possible. The Mickysoft PPTP client authenticates using MSCHAPv2, that is, version two of a Microsoft specific version of CHAP. That protocol doesn't send the plaintext version of the password, but instead uses a cryptographic handshake that verifies that the server and client both have a copy of the NT hash of the plaintext password. pppd cannot calculate the NT hash without the plaintext, but it needs it both for authentication (although it can ask samba to do the authentication) and to initialise the keys used in MPPE encryption. This state of events will probably make it impossible for a PopTop server to authenticate against an NT PDC - what you are asking it to do is to become a man-in-the-middle, and the protocols are designed to prevent that. At least, that's my understanding. Correct me if I am wrong. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From neale at lowendale.com.au Fri May 18 19:31:28 2001 From: neale at lowendale.com.au (Neale Banks) Date: Sat, 19 May 2001 10:31:28 +1000 (EST) Subject: [pptp-server] pppd authentication via system passwords? In-Reply-To: <004e01c0dff1$004ea3c0$a2ca5e91@thor> Message-ID: On Sat, 19 May 2001, Joost Bijl wrote: > currently i'm working on a project which involves some VPN parts. > > I can't get it to work for the pppd to authenticate it's users to the local passwd database. > There are patches around which will authenticate against a smb server but that's not a real option. > > i use pppd 2.4.1 and pptpd 1.1.2 (pppd is patched to support mppe as is the kernel) Sounds like you're trying to mix encrypted passwords and CHAP? If so, you're flogging a dead horse - CHAP *requires* access to the unencrypted password (or in the MS-CHAP case, a hash thereof) at both ends. IIRC, MPPE depends on MS-CHAP - so MPPE won't mix with encrypted passwords either. HTH, Neale. From neale at lowendale.com.au Fri May 18 20:17:16 2001 From: neale at lowendale.com.au (Neale Banks) Date: Sat, 19 May 2001 11:17:16 +1000 (EST) Subject: [pptp-server] Patching kernel 2.2.19 with PPP+MS-CHAP In-Reply-To: <86256A50.0046F9F7.00@amoa.org> Message-ID: On Fri, 18 May 2001 ctooley at amoa.org wrote: > I've got the 2.2.19 kernel downloaded from kernel.org, ppp-2.3.11 with the > MS-CHAP patches and when I try to compile the kernel I'm getting a bunch of > errors about PPP_MAGIC not being right. I remember something about this from > before, but I can't remember what it was for sure. Per chance I just stumbled across this one whilst cleaning up: On Wed, 2 Aug 2000, Brian Denheyer wrote: > > Date: Wed, 2 Aug 2000 15:38:18 +0100 (GMT Daylight Time) > From: Brian Denheyer > To: Tom Eastep > Cc: Brian Denheyer , pptp-server at lists.schulte.org > Subject: Re: [pptp-server] kernel fails to build > > Tom Eastep writes: > > Thus spoke Brian Denheyer: > > > > > > > > I tried again to patch and build everything. ppp seems to build ok. > > > The kernel has problems : > > > > > > PPP_MAGIC > > > PPP_VERSION > > > > > > are both undeclared and so cause errors. > > > > > > > Edit /usr/src/linux/include/linux/if_ppp.h and add the following: > > > > #define PPP_MAGIC 0x5002 > > #define PPP_VERSION "2.3.11" > > > > Thanks ! > > Well this immediately begs the question : why isn't this included in > the patch ? Wouldn't this be a problem for _everyone_ who tried to > build ?? > > It turns out that in addition to rc4_skey.c, you also need rc4_locl.h > to be copied into the kernel source tree. > > Everything seems to build now. I still get the strange errors about > "static delcarations following non-static". > > Of course, I don't know if it works yet... > > Brian > HTH, Neale. From GeorgeV at citadelcomputer.com.au Sat May 19 02:26:26 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sat, 19 May 2001 17:26:26 +1000 Subject: [pptp-server] Unsupported protocol errors.. Yet I have mppe-stateless enabled? Message-ID: <200FAA488DE0D41194F10010B597610D11DF58@JUPITER> Anybody have any other URLs which explain other problems with unsupported protocol errors and how to fix them? I've visited the HowTo and FAQs at www.vibres.com and they talk about needing mppe-stateless but I'm still getting theres errors and losing the connection. I've done a few pptpd servers and yet this is my first failure which is weird.. maybe a patch didn't work??? anything I can check? thanks, George Vieira From lists at earthling.2y.net Sat May 19 06:24:46 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 19 May 2001 07:24:46 -0400 (EDT) Subject: [pptp-server] Unsupported protocol errors.. Yet I have mppe-stateless enabled? In-Reply-To: <200FAA488DE0D41194F10010B597610D11DF58@JUPITER> Message-ID: check your pppd options file. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Sat, 19 May 2001, George Vieira wrote: > Anybody have any other URLs which explain other problems with unsupported > protocol errors and how to fix them? > > I've visited the HowTo and FAQs at www.vibres.com and they talk about > needing mppe-stateless but I'm still getting theres errors and losing the > connection. > > I've done a few pptpd servers and yet this is my first failure which is > weird.. maybe a patch didn't work??? anything I can check? > > > thanks, > George Vieira > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Sat May 19 07:16:09 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 19 May 2001 08:16:09 -0400 (EDT) Subject: [pptp-server] Linking Networks Via VPN Tech. Message-ID: I finally made a webpage explaining how to link LANs together using PPTP and IPSec. It's at http://earthling.2y.net/LinkingNets.html On a side note, Can the List Owner/Admin remove johnoel at hawaii.com from the list.... I'm tired of getting stupid reject notices from their mail server. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net From samj at samj.net Sun May 20 07:34:49 2001 From: samj at samj.net (Sam Johnston) Date: Sun, 20 May 2001 22:34:49 +1000 Subject: [pptp-server] Specific subnet via VPN Message-ID: <3B07B9E9.2C25DA98@samj.net> Hi, I want to create a VPN connection to a server and have all traffic destined for that server and ideally the server's local subnet sent over it (say, 1.2.3.4/24 - subnet 1.2.3.0, server 1.2.3.4, netmask 255.255.255.0). I do not want to have *all* traffic sent over the link, just traffic for aforementioned server/subnet. Clients would be 9X/NT/2k. Configuration should be done via PPP only (ie no route scripts). I currently have something like: localip 1.2.3.4 remoteip 1.2.3.5-10 and can connect OK but win98 wants to add the default route anyway (unless I tell it not to in the properties for the connection). The subnet mask (specified in pptpd-options as netmask 255.255.255.0) doesn't seem to be working either. Bonus poitnts for multiple protected subnets (although I'm fairly sure I'm asking a bit much there!). Please CC me as I'm not on the list. Thanks. - samj From lists at earthling.2y.net Sun May 20 07:52:04 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sun, 20 May 2001 08:52:04 -0400 (EDT) Subject: [pptp-server] Specific subnet via VPN In-Reply-To: <3B07B9E9.2C25DA98@samj.net> Message-ID: I would use IPChains or IPTables to block the ip's from perticular things. If you need an example, I can write you one. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Sun, 20 May 2001, Sam Johnston wrote: > Hi, > > I want to create a VPN connection to a server and have all traffic > destined for that server and ideally the server's local subnet sent over > it (say, 1.2.3.4/24 - subnet 1.2.3.0, server 1.2.3.4, netmask > 255.255.255.0). I do not want to have *all* traffic sent over the link, > just traffic for aforementioned server/subnet. Clients would be > 9X/NT/2k. Configuration should be done via PPP only (ie no route > scripts). > > I currently have something like: > > localip 1.2.3.4 > remoteip 1.2.3.5-10 > > and can connect OK but win98 wants to add the default route anyway > (unless I tell it not to in the properties for the connection). The > subnet mask (specified in pptpd-options as netmask 255.255.255.0) > doesn't seem to be working either. > > Bonus poitnts for multiple protected subnets (although I'm fairly sure > I'm asking a bit much there!). > > Please CC me as I'm not on the list. Thanks. > > - samj > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From samj at samj.net Sun May 20 08:12:04 2001 From: samj at samj.net (Sam Johnston) Date: Sun, 20 May 2001 23:12:04 +1000 Subject: [pptp-server] Specific subnet via VPN References: Message-ID: <3B07C2A4.7CABD7F0@samj.net> I see how that would work for restricting access to the server to VPN clients, however that's not really what I'm after - I just want to give people remote access to the server, and ideally its subnet (and for bonus points, subnet*s*) too. I figure that during the connection process an entry needs to appear in the route table that looks something like: Dest Gateway Mask Interface 1.2.3.0 1.2.3.4 255.255.255.0 1.2.3.[5..10] Hopefully PPP is capable of doing this (I suspect it is) and that the Microsoft clients aren't broken (not so sure). - samj Justin Kreger wrote: > > I would use IPChains or IPTables to block the ip's from perticular > things. > > If you need an example, I can write you one. > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > On Sun, 20 May 2001, Sam Johnston wrote: > > > Hi, > > > > I want to create a VPN connection to a server and have all traffic > > destined for that server and ideally the server's local subnet sent over > > it (say, 1.2.3.4/24 - subnet 1.2.3.0, server 1.2.3.4, netmask > > 255.255.255.0). I do not want to have *all* traffic sent over the link, > > just traffic for aforementioned server/subnet. Clients would be > > 9X/NT/2k. Configuration should be done via PPP only (ie no route > > scripts). > > > > I currently have something like: > > > > localip 1.2.3.4 > > remoteip 1.2.3.5-10 > > > > and can connect OK but win98 wants to add the default route anyway > > (unless I tell it not to in the properties for the connection). The > > subnet mask (specified in pptpd-options as netmask 255.255.255.0) > > doesn't seem to be working either. > > > > Bonus poitnts for multiple protected subnets (although I'm fairly sure > > I'm asking a bit much there!). > > > > Please CC me as I'm not on the list. Thanks. > > > > - samj > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > From lists at earthling.2y.net Sun May 20 09:06:20 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sun, 20 May 2001 10:06:20 -0400 (EDT) Subject: [pptp-server] Specific subnet via VPN In-Reply-To: <3B07C2A4.7CABD7F0@samj.net> Message-ID: Do you mean, that you want the clients to be able to access the subnet on an spesific, lets say ethernet interface, and additional subnets? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Sun, 20 May 2001, Sam Johnston wrote: > I see how that would work for restricting access to the server to VPN > clients, however that's not really what I'm after - I just want to give > people remote access to the server, and ideally its subnet (and for > bonus points, subnet*s*) too. > > I figure that during the connection process an entry needs to appear in > the route table that looks something like: > > Dest Gateway Mask Interface > 1.2.3.0 1.2.3.4 255.255.255.0 1.2.3.[5..10] > > Hopefully PPP is capable of doing this (I suspect it is) and that the > Microsoft clients aren't broken (not so sure). > > - samj > > Justin Kreger wrote: > > > > I would use IPChains or IPTables to block the ip's from perticular > > things. > > > > If you need an example, I can write you one. > > > > Justin Kreger, MCP MCSE CCNA > > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > > On Sun, 20 May 2001, Sam Johnston wrote: > > > > > Hi, > > > > > > I want to create a VPN connection to a server and have all traffic > > > destined for that server and ideally the server's local subnet sent over > > > it (say, 1.2.3.4/24 - subnet 1.2.3.0, server 1.2.3.4, netmask > > > 255.255.255.0). I do not want to have *all* traffic sent over the link, > > > just traffic for aforementioned server/subnet. Clients would be > > > 9X/NT/2k. Configuration should be done via PPP only (ie no route > > > scripts). > > > > > > I currently have something like: > > > > > > localip 1.2.3.4 > > > remoteip 1.2.3.5-10 > > > > > > and can connect OK but win98 wants to add the default route anyway > > > (unless I tell it not to in the properties for the connection). The > > > subnet mask (specified in pptpd-options as netmask 255.255.255.0) > > > doesn't seem to be working either. > > > > > > Bonus poitnts for multiple protected subnets (although I'm fairly sure > > > I'm asking a bit much there!). > > > > > > Please CC me as I'm not on the list. Thanks. > > > > > > - samj > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From bd at gre.fr Mon May 21 02:09:50 2001 From: bd at gre.fr (=?iso-8859-1?Q?Beno=EEt_DREBET?=) Date: Mon, 21 May 2001 09:09:50 +0200 Subject: [pptp-server] PPTP using program/database for login and password. Message-ID: Perhaps it's more a problem of PPPD than PPTP, but I want to use a program (something like PPPD sends the login and it replys the password) to authenticate users or a database with login and password. Is there any version/plug/patch for PPPD that can do it and (of course) work with PPTP ? _____________________________________________________ Beno?t DREBET --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.250 / Virus Database: 123 - Release Date: 18/04/01 From markp at nonlinear.com Mon May 21 03:49:36 2001 From: markp at nonlinear.com (Mark Pearson) Date: Mon, 21 May 2001 09:49:36 +0100 Subject: [pptp-server] Common Routing problem, still can't get it working though.... Message-ID: Hello, I know this has been a common question in one flavour or another, but I am having some major problems getting poptop running properly. I am trying to run poptop on a SUSE7.0 machine which has a single NIC, but has an external ip address tunneled through our NAT/Firewall solution. The Problem: I can connect to the VPN across the internet and am given an ip address. I can watch the packets flow into the vpn server as I ping an internal address, but nothing flows back out. I presume that this is a routing issue, and that I have not got ipchains to set to route the correct packets from eth0 to ppp0 and vice versa. Could anybody explain exactly how I should approach this? I am somewhat a newbie to routing and vpn, so any help would be appreciated! Cheers... Mark From doug.koobs at dimensionnetworks.com Mon May 21 13:22:36 2001 From: doug.koobs at dimensionnetworks.com (Douglas W Koobs) Date: Mon, 21 May 2001 14:22:36 -0400 Subject: [pptp-server] Up to date Documentation/How-To for PoPToP Message-ID: Hello Everyone, After cruising around the PoPToP site, I can't seem to find any up-to-date documentation, the most recent HowTo being for RedHat 6.0. Is there a newer HowTo that I am overlooking, or should that one suffice for RH7.1? Thanks, Douglas W Koobs Network Engineer Dimension Networks, Inc. (727) 723-8388 -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2852 bytes Desc: not available URL: From SStone at taos.com Mon May 21 14:09:01 2001 From: SStone at taos.com (Scott Stone) Date: Mon, 21 May 2001 12:09:01 -0700 Subject: [pptp-server] Up to date Documentation/How-To for PoPToP Message-ID: <21DEAE09F017D111969700A0C98407520572A4EB@espresso.taos.com> use same documentation. RH7.1 comes with the correct version of PPPD, BUT, if you need to patch it for encryption, make sure you get pppd 2.4.x and not 2.3.x that the poptop docs talk about. ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA > -----Original Message----- > From: Douglas W Koobs [mailto:doug.koobs at dimensionnetworks.com] > Sent: Monday, May 21, 2001 11:23 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Up to date Documentation/How-To for PoPToP > > Hello Everyone, > > After cruising around the PoPToP site, I can't seem to find any up-to-date > documentation, the most recent HowTo being for RedHat 6.0. Is there a > newer HowTo that I am overlooking, or should that one suffice for RH7.1? > Thanks, > > Douglas W Koobs > Network Engineer > Dimension Networks, Inc. > (727) 723-8388 From berzerke at swbell.net Mon May 21 17:11:20 2001 From: berzerke at swbell.net (robert) Date: Mon, 21 May 2001 17:11:20 -0500 Subject: [pptp-server] Up to date Documentation/How-To for PoPToP In-Reply-To: References: Message-ID: <01052117112000.08945@linux> There is a 2.4 kernel howto at http://home.swbell.net/berzerke There are a few other places with some docs. Search the list archives. On Monday 21 May 2001 13:22, Douglas W Koobs wrote: > Hello Everyone, > > After cruising around the PoPToP site, I can't seem to find any up-to-date > documentation, the most recent HowTo being for RedHat 6.0. Is there a newer > HowTo that I am overlooking, or should that one suffice for RH7.1? Thanks, > > Douglas W Koobs > Network Engineer > Dimension Networks, Inc. > (727) 723-8388 ---------------------------------------- Content-Type: application/ms-tnef; charset="iso-8859-1"; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Description: ---------------------------------------- From SStone at taos.com Mon May 21 19:06:47 2001 From: SStone at taos.com (Scott Stone) Date: Mon, 21 May 2001 17:06:47 -0700 Subject: [pptp-server] Up to date Documentation/How-To for PoPToP Message-ID: <21DEAE09F017D111969700A0C98407520572A4F8@espresso.taos.com> short answer is, "if you have it working on 2.2, upgrade the kernel, download the 2.4 pppd source, patch it for mppe, install it, and you're done". worked for me. ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: robert [mailto:berzerke at swbell.net] Sent: Monday, May 21, 2001 3:11 PM To: Douglas W Koobs; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Up to date Documentation/How-To for PoPToP There is a 2.4 kernel howto at http://home.swbell.net/berzerke There are a few other places with some docs. Search the list archives. On Monday 21 May 2001 13:22, Douglas W Koobs wrote: > Hello Everyone, > > After cruising around the PoPToP site, I can't seem to find any up-to-date > documentation, the most recent HowTo being for RedHat 6.0. Is there a newer > HowTo that I am overlooking, or should that one suffice for RH7.1? Thanks, > > Douglas W Koobs > Network Engineer > Dimension Networks, Inc. > (727) 723-8388 ---------------------------------------- Content-Type: application/ms-tnef; charset="iso-8859-1"; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Description: ---------------------------------------- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Mon May 21 19:55:57 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Mon, 21 May 2001 20:55:57 -0400 (EDT) Subject: [pptp-server] Up to date Documentation/How-To for PoPToP In-Reply-To: <21DEAE09F017D111969700A0C98407520572A4F8@espresso.taos.com> Message-ID: It only takes 45 minutes to get a working poptop server up and running if your experenced. :) Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Mon, 21 May 2001, Scott Stone wrote: > > short answer is, "if you have it working on 2.2, upgrade the kernel, > download the 2.4 pppd source, patch it for mppe, install it, and you're > done". > > worked for me. > > ----------------------------------------------------- > Scott M. Stone > Senior Technical Consultant - UNIX and Networking > Taos, the Sysadmin Company - Santa Clara, CA > > > -----Original Message----- > From: robert [mailto:berzerke at swbell.net] > Sent: Monday, May 21, 2001 3:11 PM > To: Douglas W Koobs; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Up to date Documentation/How-To for PoPToP > > > There is a 2.4 kernel howto at http://home.swbell.net/berzerke There are a > few other places with some docs. Search the list archives. > > On Monday 21 May 2001 13:22, Douglas W Koobs wrote: > > Hello Everyone, > > > > After cruising around the PoPToP site, I can't seem to find any up-to-date > > documentation, the most recent HowTo being for RedHat 6.0. Is there a > newer > > HowTo that I am overlooking, or should that one suffice for RH7.1? Thanks, > > > > Douglas W Koobs > > Network Engineer > > Dimension Networks, Inc. > > (727) 723-8388 > > ---------------------------------------- > Content-Type: application/ms-tnef; charset="iso-8859-1"; name="winmail.dat" > Content-Transfer-Encoding: base64 > Content-Description: > ---------------------------------------- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From vgill at technologist.com Tue May 22 09:29:30 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue, 22 May 2001 07:29:30 -0700 Subject: [pptp-server] PPPd 2.4 Message-ID: <8D043DEA73DFD411958A00A0C90AB760045B6B@ftp.gillnet.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also check my site. I have a combined patch for multiple options. http://linus.yi.org, and click on the PPP tab. PGP Signed! Why? "If all the personal computers in the world - ~260 million computers - were put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, on average, to break a single message." - - William Crowell, Deputy Director of the National Security Agency, in testimony to the U.S. Congress, March 20, 1997 - -----Original Message----- From: robert [mailto:berzerke at swbell.net] Sent: Wednesday, May 16, 2001 8:53 PM To: Tim Carr; pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPPd 2.4 Try ftp://ftp.binarix.com/pub/ppp-mppe/ On Wednesday 16 May 2001 11:18, Tim Carr wrote: > Help - i'm trying to integrate PPTP (using poptop) into a suite of > programs. The problem i'm having is that the only patches i've > found to update linux PPPd so it has MSCHAPv2 and MPPE support are > for OLD versions of PPPd. Please can someone point me to patches > for PPP 2.4.0 or 2.4.1 ?? > > I realize I could use slirp, but that's not possible in my > situation :) > > Thanks, > > Tim _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOwp38BeamMdwy9TXEQJH8gCdE2q+thdYpe+rgjtFE9OX7nhzjW4An0/O BO2qvV7g8fQpr20wlrpbcvwv =oWah -----END PGP SIGNATURE----- From pkrebs at lvu.at Tue May 22 12:05:52 2001 From: pkrebs at lvu.at (Krebs Peter) Date: Tue, 22 May 2001 19:05:52 +0200 Subject: [pptp-server] pptp and ADSL Message-ID: <80F72BA317B7D411AF660000832D7042339CC2@exchange01.intern.lvu.at> Hi, has any one experiences with pptp and ADSL? We use linux pptp and your client uses win2k with a ADSL connection to his ISP. It seams to work but sometimes i get an error: GRE: Discarding out of order packet As we use the tunnel to connect to a AS/400 i get trubles if connection between AS/400 and client dies for a (short) time (1 to 2 sec). With M$ products like Outlook connection to a Exchange Server the tunnel works fine. Can the reason for this be that ADSL uses tunneling. The ADSL provider just say we do not support VPN. -------------- next part -------------- An HTML attachment was scrubbed... URL: From SStone at taos.com Tue May 22 12:39:37 2001 From: SStone at taos.com (Scott Stone) Date: Tue, 22 May 2001 10:39:37 -0700 Subject: [pptp-server] pptp and ADSL Message-ID: <21DEAE09F017D111969700A0C98407520572A502@espresso.taos.com> sounds like this isn't a case of them blocking the VPN ports so much as it is a case of a poor quality ISP that doesn't want to be bothered with concepts that are over their heads :) if you're getting the connection established at all, they're not blocking VPN traffic, at least not any that you need... ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Krebs Peter [mailto:pkrebs at lvu.at] Sent: Tuesday, May 22, 2001 10:06 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] pptp and ADSL Hi, has any one experiences with pptp and ADSL? We use linux pptp and your client uses win2k with a ADSL connection to his ISP. It seams to work but sometimes i get an error: GRE: Discarding out of order packet As we use the tunnel to connect to a AS/400 i get trubles if connection between AS/400 and client dies for a (short) time (1 to 2 sec). With M$ products like Outlook connection to a Exchange Server the tunnel works fine. Can the reason for this be that ADSL uses tunneling. The ADSL provider just say we do not support VPN. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ctresco at economics.mit.edu Tue May 22 12:55:53 2001 From: ctresco at economics.mit.edu (Christopher Tresco) Date: Tue, 22 May 2001 13:55:53 -0400 Subject: [pptp-server] pptp and ADSL In-Reply-To: <21DEAE09F017D111969700A0C98407520572A502@espresso.taos.com> Message-ID: pptp and ADSLGrab the latest development version of poptop, it supports out of order packets.. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Scott Stone Sent: Tuesday, May 22, 2001 1:40 PM To: 'Krebs Peter'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] pptp and ADSL sounds like this isn't a case of them blocking the VPN ports so much as it is a case of a poor quality ISP that doesn't want to be bothered with concepts that are over their heads :) if you're getting the connection established at all, they're not blocking VPN traffic, at least not any that you need... ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Krebs Peter [mailto:pkrebs at lvu.at] Sent: Tuesday, May 22, 2001 10:06 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] pptp and ADSL Hi, has any one experiences with pptp and ADSL? We use linux pptp and your client uses win2k with a ADSL connection to his ISP. It seams to work but sometimes i get an error: GRE: Discarding out of order packet As we use the tunnel to connect to a AS/400 i get trubles if connection between AS/400 and client dies for a (short) time (1 to 2 sec). With M$ products like Outlook connection to a Exchange Server the tunnel works fine. Can the reason for this be that ADSL uses tunneling. The ADSL provider just say we do not support VPN. -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlieb at e-smith.com Tue May 22 13:03:30 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 22 May 2001 14:03:30 -0400 (EDT) Subject: [pptp-server] pptp and ADSL In-Reply-To: <80F72BA317B7D411AF660000832D7042339CC2@exchange01.intern.lvu.at> Message-ID: On Tue, 22 May 2001, Krebs Peter wrote: > It seams to work but sometimes i get an error: > > GRE: Discarding out of order packet IP makes no promises about delivering packets in a defined order. But PPTP cares about packet ordering. [Or at least MPPE encryption does.] ... > Can the reason for this be that ADSL uses tunneling. I wouldn't think so. > The ADSL provider just say we do not support VPN. They don't have to. They support IP, and you run the VPN over IP. PPTP responds badly to dropped packets, which makes it a bad protocol to run over a WAN. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From jward at cem.msu.edu Tue May 22 13:09:31 2001 From: jward at cem.msu.edu (Joe Ward) Date: Tue, 22 May 2001 14:09:31 -0400 Subject: [pptp-server] pptp and ADSL In-Reply-To: <21DEAE09F017D111969700A0C98407520572A502@espresso.taos.com> Message-ID: pptp and ADSLI used to get this error all the time with my cable modem. I set the following in my options.pptp file and that removed almost all instances of the problem mtu 750 mru 750 Also running the latest version of poptop will alllow for packet reordering. this will further improve the problems. -Joe Ward -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Scott Stone Sent: Tuesday, May 22, 2001 1:40 PM To: 'Krebs Peter'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] pptp and ADSL sounds like this isn't a case of them blocking the VPN ports so much as it is a case of a poor quality ISP that doesn't want to be bothered with concepts that are over their heads :) if you're getting the connection established at all, they're not blocking VPN traffic, at least not any that you need... ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Krebs Peter [mailto:pkrebs at lvu.at] Sent: Tuesday, May 22, 2001 10:06 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] pptp and ADSL Hi, has any one experiences with pptp and ADSL? We use linux pptp and your client uses win2k with a ADSL connection to his ISP. It seams to work but sometimes i get an error: GRE: Discarding out of order packet As we use the tunnel to connect to a AS/400 i get trubles if connection between AS/400 and client dies for a (short) time (1 to 2 sec). With M$ products like Outlook connection to a Exchange Server the tunnel works fine. Can the reason for this be that ADSL uses tunneling. The ADSL provider just say we do not support VPN. -------------- next part -------------- An HTML attachment was scrubbed... URL: From www at banan.napri.sk Tue May 22 15:30:37 2001 From: www at banan.napri.sk (Milan Pikula - WWW) Date: Tue, 22 May 2001 22:30:37 +0200 (CEST) Subject: [pptp-server] Announce: wmpptp daemon Message-ID: Hi all, I announce an open-source implementation of PPTP server for Linux. The wmpptpd ( http://project.terminus.sk/wmpptpd/ ) is meant as a supplement to existing PPTP server (and client), as this one talks with Compaq Microcom 4000, handles multiple connections and clients and was NOT tested on Windows (althrough it might work with win). regards, Milan Pikula -- Milan Pikula, WWW. Finger me for Geek Code. http://fornax.elf.stuba.sk/~www, www at fornax.elf.stuba.sk .. dajte mi pevnu linku a pohnem zemegulou .. From john at ecsc.co.uk Mon May 21 18:36:55 2001 From: john at ecsc.co.uk (John Leach) Date: 22 May 2001 00:36:55 +0100 Subject: [pptp-server] pptp, gre, adsl firewllas and nat Message-ID: <990488215.752.3.camel@murdock> Hello, I've been playing with pptpd with much success, but am having troubles getting it to work in one particular scenario. I have 2 linux boxes, connect over the internet via a bridged cable internet connection on one end, and a natted adsl connection complements of the friendly British Telecom. I'm using the linux client, and can connect to both boxes via their local LANs fine, all works great. When I try to connect over the internet things go terribly wrong. The port connects and the gre gets set up, ppp starts and seems to get going, but then I get LCP: ConfigRequest timeout errors (in my syslog). I've found a bit of info on this message re: generic ppp problems. and have tried a few suggested solutions, for example playing with my mru and mtu settings, but to no avail. I'm worried this is caused by the NATing of the adsl router. I've tcpdumped traffic at both ends and observed seemingly normal gre and tcp traffic, so I'm pretty sure the router understands gre. Could gre be being affected by the natting, like ipsec does? (even tho ipsec is only affected because the changes in the packets by the NAT breaks the security measures, and gre has no such security measure I know of). Has anyone else had similar problems? I'm going to try this connection to a 3rd box on a real leased line, using the current boxes as a client one at a time to see if I can rule either of them out. I'll submit more details when I get them. John Leach. From ismandya at sains.com.my Tue May 22 19:16:46 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Wed, 23 May 2001 08:16:46 +0800 Subject: [pptp-server] gre running over ppp or IP? Message-ID: <3B0B016E.7988469F@sains.com.my> Hi all, I know that the pptpd needs port 1723 and protocol 47 to work. I followed the howto from http://www.vibres.com/pptpd/example.html ------------------- ppp-2.3.11.tar.gz Apply ppp-2.3.11-openssl-0.9.5-mppe.patch.gz patch to ppp-2.3.11 Apply ppp_mppe_compressed_data_fix.diff patch to the ppp-2.3.11/linux/ppp_mppe.c file (after the openssl-mppe patch is applied) if_ppp_2.2.17.diff (used to patch the Linux source after ppp-2.3.11 makes it's changes) pptpd-1.1.2.tar.gz kernel linux-2.2.17.tar.gz ---------------------- In our pptpd, correct me if I am wrong, should the GRE is encapsulated and running over IP. But based from the the output captured by my tcpdump, it seems that GRE is not running over IP, instead it is running over PPP(0x880B). So is this the correct way of pptpd works? My pptpd does n't works, and it gives me "LCP: timeout sending Config-Requests" inside my logs file,and from the FAQ, is says that this problem occured due to the filtering on the firewall. I don't think it is be the problem since we does n't implement any form of filtering in our network. Any idea what cause such problem? #tcpdump -i eth0 -n proto 47 or port 1723 17:44:48.199173 < 161.142.45.174.1553 > 161.184.155.230.1723: S 10498228:10498228(0) win 8192 (DF) 17:44:48.199310 > 161.184.155.230.1723 > 161.142.45.174.1553: S 3073208334:3073208334(0) ack 10498229 win 32696 (DF) 17:44:48.483929 < 161.142.45.174.1553 > 161.184.155.230.1723: . 1:1(0) ack 1 win 8576 (DF) 17:44:48.526568 < 161.142.45.174.1553 > 161.184.155.230.1723: P 1:157(156) ack 1 win 8576 (DF) 17:44:48.526611 > 161.184.155.230.1723 > 161.142.45.174.1553: . 1:1(0) ack 157 win 32540 (DF) 17:44:48.526916 > 161.184.155.230.1723 > 161.142.45.174.1553: P 1:157(156) ack 157 win 32696 (DF) 17:44:48.880168 < 161.142.45.174.1553 > 161.184.155.230.1723: P 157:325(168) ack 157 win 8420 (DF) 17:44:48.884505 > 161.184.155.230.1723 > 161.142.45.174.1553: P 157:189(32) ack 325 win 32696 (DF) 17:44:48.889345 > gre-proto-0x880B (gre encap) 17:44:49.298740 < 161.142.45.174.1553 > 161.184.155.230.1723: . 325:325(0) ack 189 win 8388 (DF) 17:44:51.894451 > gre-proto-0x880B (gre encap) 17:44:54.904470 > gre-proto-0x880B (gre encap) 17:44:57.914381 > gre-proto-0x880B (gre encap) 17:45:00.924388 > gre-proto-0x880B (gre encap) 17:45:03.934683 > gre-proto-0x880B (gre encap) p/s: I learn tcpdump from problem, it is fun, and I need people to ask. Not that I am dunnot know, but I am not sure. Kukulkan From SStone at taos.com Tue May 22 19:43:50 2001 From: SStone at taos.com (Scott Stone) Date: Tue, 22 May 2001 17:43:50 -0700 Subject: [pptp-server] gre running over ppp or IP? Message-ID: <21DEAE09F017D111969700A0C98407520572A527@espresso.taos.com> actually you're using IP encapsulated in PPP encapsulated in GRE :) ... GRE is a transport layer protocol (or at least acts like one) which is usually seen in /etc/protocols. ie, GRE is to IP what TCP is to IP. Then again, ICMP is listed in /etc/protocols, too, and it acts like a transport layer protocol, but its RFC specifies network layer. bah! Anyway, GRE transport is used for the tunnel, then a point-to-point link is established through the GRE tunnel, and IP is run over that. ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Ismandy Ali [mailto:ismandya at sains.com.my] Sent: Tuesday, May 22, 2001 5:17 PM To: pptp-server at lists.schulte.org; phil at vibrationresearch.com Subject: [pptp-server] gre running over ppp or IP? Hi all, I know that the pptpd needs port 1723 and protocol 47 to work. I followed the howto from http://www.vibres.com/pptpd/example.html ------------------- ppp-2.3.11.tar.gz Apply ppp-2.3.11-openssl-0.9.5-mppe.patch.gz patch to ppp-2.3.11 Apply ppp_mppe_compressed_data_fix.diff patch to the ppp-2.3.11/linux/ppp_mppe.c file (after the openssl-mppe patch is applied) if_ppp_2.2.17.diff (used to patch the Linux source after ppp-2.3.11 makes it's changes) pptpd-1.1.2.tar.gz kernel linux-2.2.17.tar.gz ---------------------- In our pptpd, correct me if I am wrong, should the GRE is encapsulated and running over IP. But based from the the output captured by my tcpdump, it seems that GRE is not running over IP, instead it is running over PPP(0x880B). So is this the correct way of pptpd works? My pptpd does n't works, and it gives me "LCP: timeout sending Config-Requests" inside my logs file,and from the FAQ, is says that this problem occured due to the filtering on the firewall. I don't think it is be the problem since we does n't implement any form of filtering in our network. Any idea what cause such problem? #tcpdump -i eth0 -n proto 47 or port 1723 17:44:48.199173 < 161.142.45.174.1553 > 161.184.155.230.1723: S 10498228:10498228(0) win 8192 (DF) 17:44:48.199310 > 161.184.155.230.1723 > 161.142.45.174.1553: S 3073208334:3073208334(0) ack 10498229 win 32696 (DF) 17:44:48.483929 < 161.142.45.174.1553 > 161.184.155.230.1723: . 1:1(0) ack 1 win 8576 (DF) 17:44:48.526568 < 161.142.45.174.1553 > 161.184.155.230.1723: P 1:157(156) ack 1 win 8576 (DF) 17:44:48.526611 > 161.184.155.230.1723 > 161.142.45.174.1553: . 1:1(0) ack 157 win 32540 (DF) 17:44:48.526916 > 161.184.155.230.1723 > 161.142.45.174.1553: P 1:157(156) ack 157 win 32696 (DF) 17:44:48.880168 < 161.142.45.174.1553 > 161.184.155.230.1723: P 157:325(168) ack 157 win 8420 (DF) 17:44:48.884505 > 161.184.155.230.1723 > 161.142.45.174.1553: P 157:189(32) ack 325 win 32696 (DF) 17:44:48.889345 > gre-proto-0x880B (gre encap) 17:44:49.298740 < 161.142.45.174.1553 > 161.184.155.230.1723: . 325:325(0) ack 189 win 8388 (DF) 17:44:51.894451 > gre-proto-0x880B (gre encap) 17:44:54.904470 > gre-proto-0x880B (gre encap) 17:44:57.914381 > gre-proto-0x880B (gre encap) 17:45:00.924388 > gre-proto-0x880B (gre encap) 17:45:03.934683 > gre-proto-0x880B (gre encap) p/s: I learn tcpdump from problem, it is fun, and I need people to ask. Not that I am dunnot know, but I am not sure. Kukulkan _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From sage at newdream.net Tue May 22 19:53:03 2001 From: sage at newdream.net (sage weil) Date: Tue, 22 May 2001 17:53:03 -0700 (PDT) Subject: [pptp-server] problems getting basic pptp to work with win2k In-Reply-To: <200105222328.f4MNS2WA089743@poontang.schulte.org> Message-ID: hi all, i'm having a really hard time getting a simple pptp tunnel to work from a win2k client. i don't actually need any encryption.. my only goal is to get around my isps firewall which is blocking incoming tcp connections. even without any of the mppe patches applied tho it still isn't working. i've patched a fresh 2.4.4 kernel with the linux-2.4.0-openssl-0.9.6-mppe.patch.gz patch (which i assume isn't necessary but can't hurt). i'm using ppp-2.4.1 with the ppp-2.4.1-openssl-0.9.6-mppe-patch.gz patch applied. and i'm using pptpd-1.0.1 (also tried 1.1.2). my win2k client is configured with the defaults except encryption isn't required. does anybody have any ideas why this isn't working? it authetnicates but then ppp seems to just disconnect. everything i've read seems to indicate that everything should just work without any problems at this point (and that the sticky part is teh encryption.. which i don't care about!). Win2k reports error 734: The PPP link control protocol was terminated, but i can't figure out why pppd keeps dropping the connection. any suggestions would be much appreciated! thanks-- sage here's what i see in syslog: May 23 00:45:27 kookoo pptpd[193]: MGR: Launching /usr/local/sbin/pptpctrl to handle client May 23 00:45:27 kookoo pptpd[193]: CTRL: pppd options file = /etc/ppp/options.w2k May 23 00:45:27 kookoo pptpd[193]: CTRL: Client 216.246.35.217 control connection started May 23 00:45:27 kookoo pptpd[193]: CTRL: Received PPTP Control Message (type: 1) May 23 00:45:27 kookoo pptpd[193]: CTRL: Made a START CTRL CONN RPLY packet May 23 00:45:27 kookoo pptpd[193]: CTRL: I wrote 156 bytes to the client. May 23 00:45:27 kookoo pptpd[193]: CTRL: Sent packet to client May 23 00:45:27 kookoo pptpd[193]: CTRL: Received PPTP Control Message (type: 7) May 23 00:45:27 kookoo pptpd[193]: CTRL: Set parameters to 1525 maxbps, 64 window size May 23 00:45:27 kookoo pptpd[193]: CTRL: Made a OUT CALL RPLY packet May 23 00:45:27 kookoo pptpd[193]: CTRL: Starting call (launching pppd, opening GRE) May 23 00:45:27 kookoo pptpd[193]: CTRL: pty_fd = 5 May 23 00:45:27 kookoo pptpd[193]: CTRL: tty_fd = 6 May 23 00:45:27 kookoo pptpd[194]: CTRL (PPPD Launcher): Connection speed = 115200 May 23 00:45:27 kookoo pptpd[193]: CTRL: I wrote 32 bytes to the client. May 23 00:45:27 kookoo pptpd[193]: CTRL: Sent packet to client May 23 00:45:27 kookoo pptpd[193]: CTRL: Received PPTP Control Message (type: 15) May 23 00:45:27 kookoo pptpd[193]: CTRL: Got a SET LINK INFO packet with standard ACCMs May 23 00:45:27 kookoo pppd[194]: pppd 2.4.1 started by root, uid 0 May 23 00:45:27 kookoo pppd[194]: using channel 1 May 23 00:45:27 kookoo pppd[194]: Using interface ppp0 May 23 00:45:27 kookoo pppd[194]: Connect: ppp0 <--> /dev/pts/1 May 23 00:45:27 kookoo pppd[194]: sent [LCP ConfReq id=0x1 ] May 23 00:45:27 kookoo pptpd[193]: GRE: Discarding duplicate packet May 23 00:45:27 kookoo pppd[194]: rcvd [LCP ConfNak id=0x1 ] May 23 00:45:27 kookoo pppd[194]: sent [LCP ConfReq id=0x2 ] May 23 00:45:27 kookoo pppd[194]: rcvd [LCP ConfAck id=0x2 ] May 23 00:45:29 kookoo pppd[194]: rcvd [LCP ConfReq id=0x1 < 0d 03 06> ] May 23 00:45:29 kookoo pppd[194]: sent [LCP ConfRej id=0x1 < 0d 03 06> ] May 23 00:45:29 kookoo pppd[194]: rcvd [LCP ConfReq id=0x2 ] May 23 00:45:29 kookoo pppd[194]: sent [LCP ConfAck id=0x2 ] May 23 00:45:29 kookoo pppd[194]: sent [LCP EchoReq id=0x0 magic=0xbfffe735] May 23 00:45:29 kookoo pppd[194]: sent [CHAP Challenge id=0x1 <96dcdc49def3f865f3e52604054e7517>, name = "kookoo"] May 23 00:45:29 kookoo pptpd[193]: CTRL: Received PPTP Control Message (type: 15) May 23 00:45:29 kookoo pptpd[193]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! May 23 00:45:29 kookoo pppd[194]: rcvd [LCP code=0xc id=0x3 17 bf 27 9e 4d 53 52 41 53 56 35 2e 30 30] May 23 00:45:29 kookoo pppd[194]: sent [LCP CodeRej id=0x3 0c 03 00 12 17 bf 27 9e 4d 53 52 41 53 56 35 2e 30 30] May 23 00:45:29 kookoo pppd[194]: rcvd [LCP code=0xc id=0x4 17 bf 27 9e 4d 53 52 41 53 2d 31 2d 4d 45 50 48 49 53 54 4f] May 23 00:45:29 kookoo pppd[194]: sent [LCP CodeRej id=0x4 0c 04 00 18 17 bf 27 9e 4d 53 52 41 53 2d 31 2d 4d 45 50 48 49 53 54 4f] May 23 00:45:29 kookoo pppd[194]: rcvd [LCP EchoRep id=0x0 magic=0x17bf279e] May 23 00:45:29 kookoo pppd[194]: rcvd [CHAP Response id=0x1 <6af83f1b920776df528622f0129d728700000000000000001157322bdcdbc26aa5067bbe1b092229400d4c93749ec9fc00>, name = "sage"] May 23 00:45:29 kookoo pppd[194]: sent [CHAP Success id=0x1 "S=0A76F907F66B23E545A52130A8B1C75E125AA61B"] May 23 00:45:29 kookoo pppd[194]: sent [CCP ConfReq id=0x1 ] May 23 00:45:29 kookoo pppd[194]: sent [LCP TermReq id=0x5 "No network protocols running"] May 23 00:45:29 kookoo pppd[194]: MSCHAP-v2 peer authentication succeeded for sage May 23 00:45:29 kookoo pptpd[193]: CTRL: Received PPTP Control Message (type: 15) May 23 00:45:29 kookoo pptpd[193]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! May 23 00:45:29 kookoo pppd[194]: rcvd [CCP ConfReq id=0x5 ] May 23 00:45:29 kookoo pppd[194]: rcvd [IPCP ConfReq id=0x6 ] May 23 00:45:29 kookoo pppd[194]: rcvd [CCP ConfRej id=0x1 ] May 23 00:45:29 kookoo pppd[194]: rcvd [LCP TermAck id=0x5 "No network protocols running"] May 23 00:45:29 kookoo pppd[194]: Connection terminated. May 23 00:45:29 kookoo pppd[194]: Connect time 0.1 minutes. May 23 00:45:29 kookoo pppd[194]: Sent 7 bytes, received 0 bytes. May 23 00:45:29 kookoo pppd[194]: Exit. May 23 00:45:29 kookoo pptpd[191]: MGR: Reaped child 193 May 23 00:45:29 kookoo pptpd[193]: GRE: read(fd=5,buffer=804daa0,len=8196) from PTY failed: status = -1 error = Input/output error May 23 00:45:29 kookoo pptpd[193]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) May 23 00:45:29 kookoo pptpd[193]: CTRL: Client 216.246.35.217 control connection finished May 23 00:45:29 kookoo pptpd[193]: CTRL: Exiting now /etc/pptpd.conf: option /etc/ppp/options.w2k localip 207.155.127.220 remoteip 207.155.127.221 /etc/ppp/options.w2k: (from the 2.4 kernel pptpd howto) debug name kookoo lock mtu 1490 mru 1490 proxyarp auth +chap +chapms +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 #mppe-128 # tried with and without mppe #mppe-40 #mppe-stateless kdebug 1 From lists at earthling.2y.net Tue May 22 19:49:36 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 22 May 2001 20:49:36 -0400 (EDT) Subject: [pptp-server] gre running over ppp or IP? In-Reply-To: <3B0B016E.7988469F@sains.com.my> Message-ID: The ppp session is inside the gre tunnel, which is encapsulated in IP. As for your request time outs, you may not have pppd setup to be the server, it may think its a client... along with your client. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 23 May 2001, Ismandy Ali wrote: > Hi all, > > I know that the pptpd needs port 1723 and protocol 47 to work. > > I followed the howto from http://www.vibres.com/pptpd/example.html > ------------------- > ppp-2.3.11.tar.gz > Apply ppp-2.3.11-openssl-0.9.5-mppe.patch.gz patch to ppp-2.3.11 > Apply ppp_mppe_compressed_data_fix.diff patch to the > ppp-2.3.11/linux/ppp_mppe.c file (after the openssl-mppe patch is > applied) > if_ppp_2.2.17.diff (used to patch the Linux source after ppp-2.3.11 > makes it's changes) > pptpd-1.1.2.tar.gz > kernel linux-2.2.17.tar.gz > ---------------------- > > In our pptpd, correct me if I am wrong, should the GRE is encapsulated > and running over IP. But based from the the output captured by my > tcpdump, it seems that GRE is not running over IP, instead it is > running over PPP(0x880B). So is this the correct way of pptpd works? > > My pptpd does n't works, and it gives me "LCP: timeout sending > Config-Requests" inside my logs file,and from the FAQ, is says that this > problem occured due to the filtering on the firewall. I don't think it > is be the problem since we does n't implement any form of filtering in > our network. > > Any idea what cause such problem? > > > #tcpdump -i eth0 -n proto 47 or port 1723 > > 17:44:48.199173 < 161.142.45.174.1553 > 161.184.155.230.1723: S > 10498228:10498228(0) win 8192 (DF) > 17:44:48.199310 > 161.184.155.230.1723 > 161.142.45.174.1553: S > 3073208334:3073208334(0) ack 10498229 win 32696 > (DF) > 17:44:48.483929 < 161.142.45.174.1553 > 161.184.155.230.1723: . 1:1(0) > ack 1 win 8576 (DF) > 17:44:48.526568 < 161.142.45.174.1553 > 161.184.155.230.1723: P > 1:157(156) ack 1 win 8576 (DF) > 17:44:48.526611 > 161.184.155.230.1723 > 161.142.45.174.1553: . 1:1(0) > ack 157 win 32540 (DF) > 17:44:48.526916 > 161.184.155.230.1723 > 161.142.45.174.1553: P > 1:157(156) ack 157 win 32696 (DF) > 17:44:48.880168 < 161.142.45.174.1553 > 161.184.155.230.1723: P > 157:325(168) ack 157 win 8420 (DF) > 17:44:48.884505 > 161.184.155.230.1723 > 161.142.45.174.1553: P > 157:189(32) ack 325 win 32696 (DF) > 17:44:48.889345 > gre-proto-0x880B (gre encap) > 17:44:49.298740 < 161.142.45.174.1553 > 161.184.155.230.1723: . > 325:325(0) ack 189 win 8388 (DF) > 17:44:51.894451 > gre-proto-0x880B (gre encap) > 17:44:54.904470 > gre-proto-0x880B (gre encap) > 17:44:57.914381 > gre-proto-0x880B (gre encap) > 17:45:00.924388 > gre-proto-0x880B (gre encap) > 17:45:03.934683 > gre-proto-0x880B (gre encap) > > p/s: I learn tcpdump from problem, it is fun, and I need people to ask. > Not that I am dunnot know, but I am not sure. > > Kukulkan > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Tue May 22 19:54:38 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 22 May 2001 20:54:38 -0400 (EDT) Subject: [pptp-server] pptp and ADSL In-Reply-To: Message-ID: ADSL lines are not the best of technology. I mean, if you have a good high quality phone line, with no water, or anything in the line, it will be just fine, but when there is water in the line, or if the line is downright a Piece of $hit, the adsl connection may be dropped for a few minutes at a time. I have an ipsec tunnel running between two places with DSL. The place with the newer phone line has more problems, goes down so often that I four emails per hour saying that it had to reconnect the ipsec tunnel. DSL is good, but only if your phone line is good. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 22 May 2001, Joe Ward wrote: > pptp and ADSLI used to get this error all the time with my cable modem. > I set the following in my options.pptp file and that removed almost all > instances of the problem > > mtu 750 > mru 750 > > Also running the latest version of poptop will alllow for packet reordering. > this will further improve the problems. > > -Joe Ward > > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Scott Stone > Sent: Tuesday, May 22, 2001 1:40 PM > To: 'Krebs Peter'; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] pptp and ADSL > > > sounds like this isn't a case of them blocking the VPN ports so much as it > is a case of a poor quality ISP that doesn't want to be bothered with > concepts that are over their heads :) if you're getting the connection > established at all, they're not blocking VPN traffic, at least not any that > you need... > > ----------------------------------------------------- > Scott M. Stone > Senior Technical Consultant - UNIX and Networking > Taos, the Sysadmin Company - Santa Clara, CA > > -----Original Message----- > From: Krebs Peter [mailto:pkrebs at lvu.at] > Sent: Tuesday, May 22, 2001 10:06 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp and ADSL > > > Hi, > > has any one experiences with pptp and ADSL? > > We use linux pptp and your client uses win2k with a ADSL connection to > his ISP. > > It seams to work but sometimes i get an error: > > GRE: Discarding out of order packet > > As we use the tunnel to connect to a AS/400 i get trubles if connection > between AS/400 and > client dies for a (short) time (1 to 2 sec). With M$ products like > Outlook connection to a Exchange > Server the tunnel works fine. > > Can the reason for this be that ADSL uses tunneling. > The ADSL provider just say we do not support VPN. > > > > From lists at earthling.2y.net Tue May 22 20:17:08 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 22 May 2001 21:17:08 -0400 (EDT) Subject: [pptp-server] problems getting basic pptp to work with win2k In-Reply-To: Message-ID: > May 23 00:45:29 kookoo pppd[194]: rcvd [CCP ConfReq id=0x5 ] > May 23 00:45:29 kookoo pppd[194]: rcvd [IPCP ConfReq id=0x6 > ] > May 23 00:45:29 kookoo pppd[194]: rcvd [CCP ConfRej id=0x1 ] > May 23 00:45:29 kookoo pppd[194]: rcvd [LCP TermAck id=0x5 "No network > protocols running"] I'f I'm reading this right, the win2k box tried to set the dns and wins servers..... weird.....try checking the protocols used, It's mostlikely on your win2k end. Tip: drop your MTU and MRU below 750 is good, I have 736 set to mine, works quite well. You may also want to try removing ipcp-accept-local... this allows your other end to force connection details that should be set. This maybe why its sending a reply address of 0.0.0.0 to the server's pppd. (btw, according to your log, your server is trying to negotiate bsdcomp, but you only have deflate in there, but set to 0. Deflate is much better than bsdcomp, one downside to both is, winblows only support MPPC. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > /etc/pptpd.conf: > > option /etc/ppp/options.w2k > localip 207.155.127.220 > remoteip 207.155.127.221 > > > /etc/ppp/options.w2k: (from the 2.4 kernel pptpd howto) > > debug > name kookoo > lock > mtu 1490 > mru 1490 > proxyarp > auth > +chap > +chapms > +chapms-v2 > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > deflate 0 > #mppe-128 # tried with and without mppe > #mppe-40 > #mppe-stateless > kdebug 1 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From ismandya at sains.com.my Tue May 22 20:48:23 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Wed, 23 May 2001 09:48:23 +0800 Subject: [pptp-server] gre running over ppp or IP? References: Message-ID: <3B0B16E6.4DDF37E4@sains.com.my> Is this means that tcpdump() is not really aware of the presence of GRE, which makes me does n't get meaningful info when the packets is encountered? This is the output of my /var/log/pptpd.log which occured at the same time with my tcpdump output form my GRE /var/log/pptpd.log May 22 16:47:29 kgsnt3 pppd[601]: sent [LCP ConfReq id=0x1 ] May 22 16:47:29 kgsnt3 pppd[601]: Timeout 0x80503d4:0x80784c0 in 3 seconds. with tcpdump -i eth0 -n proto 47 or port 1723 16:47:29.904470 > gre-proto-0x880B (gre encap) - this once occured 9 times Can I see other people's tcpdump output of a working pptpd server? Justin Kreger wrote: > The ppp session is inside the gre tunnel, which is encapsulated in IP. As > for your request time outs, you may not have pppd setup to be the server, > it may think its a client... along with your client. > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > On Wed, 23 May 2001, Ismandy Ali wrote: > > > Hi all, > > > > I know that the pptpd needs port 1723 and protocol 47 to work. > > > > I followed the howto from http://www.vibres.com/pptpd/example.html > > ------------------- > > ppp-2.3.11.tar.gz > > Apply ppp-2.3.11-openssl-0.9.5-mppe.patch.gz patch to ppp-2.3.11 > > Apply ppp_mppe_compressed_data_fix.diff patch to the > > ppp-2.3.11/linux/ppp_mppe.c file (after the openssl-mppe patch is > > applied) > > if_ppp_2.2.17.diff (used to patch the Linux source after ppp-2.3.11 > > makes it's changes) > > pptpd-1.1.2.tar.gz > > kernel linux-2.2.17.tar.gz > > ---------------------- > > > > In our pptpd, correct me if I am wrong, should the GRE is encapsulated > > and running over IP. But based from the the output captured by my > > tcpdump, it seems that GRE is not running over IP, instead it is > > running over PPP(0x880B). So is this the correct way of pptpd works? > > > > My pptpd does n't works, and it gives me "LCP: timeout sending > > Config-Requests" inside my logs file,and from the FAQ, is says that this > > problem occured due to the filtering on the firewall. I don't think it > > is be the problem since we does n't implement any form of filtering in > > our network. > > > > Any idea what cause such problem? > > > > > > #tcpdump -i eth0 -n proto 47 or port 1723 > > > > 17:44:48.199173 < 161.142.45.174.1553 > 161.184.155.230.1723: S > > 10498228:10498228(0) win 8192 (DF) > > 17:44:48.199310 > 161.184.155.230.1723 > 161.142.45.174.1553: S > > 3073208334:3073208334(0) ack 10498229 win 32696 > > (DF) > > 17:44:48.483929 < 161.142.45.174.1553 > 161.184.155.230.1723: . 1:1(0) > > ack 1 win 8576 (DF) > > 17:44:48.526568 < 161.142.45.174.1553 > 161.184.155.230.1723: P > > 1:157(156) ack 1 win 8576 (DF) > > 17:44:48.526611 > 161.184.155.230.1723 > 161.142.45.174.1553: . 1:1(0) > > ack 157 win 32540 (DF) > > 17:44:48.526916 > 161.184.155.230.1723 > 161.142.45.174.1553: P > > 1:157(156) ack 157 win 32696 (DF) > > 17:44:48.880168 < 161.142.45.174.1553 > 161.184.155.230.1723: P > > 157:325(168) ack 157 win 8420 (DF) > > 17:44:48.884505 > 161.184.155.230.1723 > 161.142.45.174.1553: P > > 157:189(32) ack 325 win 32696 (DF) > > 17:44:48.889345 > gre-proto-0x880B (gre encap) > > 17:44:49.298740 < 161.142.45.174.1553 > 161.184.155.230.1723: . > > 325:325(0) ack 189 win 8388 (DF) > > 17:44:51.894451 > gre-proto-0x880B (gre encap) > > 17:44:54.904470 > gre-proto-0x880B (gre encap) > > 17:44:57.914381 > gre-proto-0x880B (gre encap) > > 17:45:00.924388 > gre-proto-0x880B (gre encap) > > 17:45:03.934683 > gre-proto-0x880B (gre encap) > > > > p/s: I learn tcpdump from problem, it is fun, and I need people to ask. > > Not that I am dunnot know, but I am not sure. > > > > Kukulkan > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > From jvonau at home.com Tue May 22 21:37:06 2001 From: jvonau at home.com (Jerry Vonau) Date: Tue, 22 May 2001 21:37:06 -0500 Subject: [pptp-server] problems getting basic pptp to work with win2k References: Message-ID: <3B0B2252.2E40259C@home.com> Sage: I think win2k does 40 bit out of the box, you may have to add just the mppe-40 line back in (or hack the reg?) in order to get it to connect. You could try removing: ipcp-accept-local ipcp-accept-remote Jerry Vonau sage weil wrote: > hi all, > > i'm having a really hard time getting a simple pptp tunnel to work from a > win2k client. i don't actually need any encryption.. my only goal is to > get around my isps firewall which is blocking incoming tcp connections. > even without any of the mppe patches applied tho it still isn't working. > > i've patched a fresh 2.4.4 kernel with the > linux-2.4.0-openssl-0.9.6-mppe.patch.gz patch (which i assume isn't > necessary but can't hurt). > > i'm using ppp-2.4.1 with the ppp-2.4.1-openssl-0.9.6-mppe-patch.gz patch > applied. > > and i'm using pptpd-1.0.1 (also tried 1.1.2). my win2k client is > configured with the defaults except encryption isn't required. > > does anybody have any ideas why this isn't working? it authetnicates but > then ppp seems to just disconnect. everything i've read seems to > indicate that everything should just work without any problems at this > point (and that the sticky part is teh encryption.. which i don't care > about!). Win2k reports error 734: The PPP link control protocol was > terminated, but i can't figure out why pppd keeps dropping the connection. > > any suggestions would be much appreciated! > > thanks-- > sage > > here's what i see in syslog: > > May 23 00:45:27 kookoo pptpd[193]: MGR: Launching > /usr/local/sbin/pptpctrl to handle client > May 23 00:45:27 kookoo pptpd[193]: CTRL: pppd options file = > /etc/ppp/options.w2k > May 23 00:45:27 kookoo pptpd[193]: CTRL: Client 216.246.35.217 control > connection started > May 23 00:45:27 kookoo pptpd[193]: CTRL: Received PPTP Control Message > (type: 1) > May 23 00:45:27 kookoo pptpd[193]: CTRL: Made a START CTRL CONN RPLY > packet > May 23 00:45:27 kookoo pptpd[193]: CTRL: I wrote 156 bytes to the client. > May 23 00:45:27 kookoo pptpd[193]: CTRL: Sent packet to client > May 23 00:45:27 kookoo pptpd[193]: CTRL: Received PPTP Control Message > (type: 7) > May 23 00:45:27 kookoo pptpd[193]: CTRL: Set parameters to 1525 maxbps, 64 > window size > May 23 00:45:27 kookoo pptpd[193]: CTRL: Made a OUT CALL RPLY packet > May 23 00:45:27 kookoo pptpd[193]: CTRL: Starting call (launching pppd, > opening GRE) > May 23 00:45:27 kookoo pptpd[193]: CTRL: pty_fd = 5 > May 23 00:45:27 kookoo pptpd[193]: CTRL: tty_fd = 6 > May 23 00:45:27 kookoo pptpd[194]: CTRL (PPPD Launcher): Connection speed > = 115200 > May 23 00:45:27 kookoo pptpd[193]: CTRL: I wrote 32 bytes to the client. > May 23 00:45:27 kookoo pptpd[193]: CTRL: Sent packet to client > May 23 00:45:27 kookoo pptpd[193]: CTRL: Received PPTP Control Message > (type: 15) > May 23 00:45:27 kookoo pptpd[193]: CTRL: Got a SET LINK INFO packet with > standard ACCMs > May 23 00:45:27 kookoo pppd[194]: pppd 2.4.1 started by root, uid 0 > May 23 00:45:27 kookoo pppd[194]: using channel 1 > May 23 00:45:27 kookoo pppd[194]: Using interface ppp0 > May 23 00:45:27 kookoo pppd[194]: Connect: ppp0 <--> /dev/pts/1 > May 23 00:45:27 kookoo pppd[194]: sent [LCP ConfReq id=0x1 > ] > May 23 00:45:27 kookoo pptpd[193]: GRE: Discarding duplicate packet > May 23 00:45:27 kookoo pppd[194]: rcvd [LCP ConfNak id=0x1 ] > May 23 00:45:27 kookoo pppd[194]: sent [LCP ConfReq id=0x2 > ] > May 23 00:45:27 kookoo pppd[194]: rcvd [LCP ConfAck id=0x2 > ] > May 23 00:45:29 kookoo pppd[194]: rcvd [LCP ConfReq id=0x1 0x17bf279e> < 0d 03 06> [local:69.af.c9.2f.44.59.42.2c.94.06.96.a7.ff.43.59.d7.00.00.00.06]>] > May 23 00:45:29 kookoo pppd[194]: sent [LCP ConfRej id=0x1 < 0d 03 06> > ] > May 23 00:45:29 kookoo pppd[194]: rcvd [LCP ConfReq id=0x2 0x17bf279e> [local:69.af.c9.2f.44.59.42.2c.94.06.96.a7.ff.43.59.d7.00.00.00.06]>] > May 23 00:45:29 kookoo pppd[194]: sent [LCP ConfAck id=0x2 0x17bf279e> [local:69.af.c9.2f.44.59.42.2c.94.06.96.a7.ff.43.59.d7.00.00.00.06]>] > May 23 00:45:29 kookoo pppd[194]: sent [LCP EchoReq id=0x0 > magic=0xbfffe735] > May 23 00:45:29 kookoo pppd[194]: sent [CHAP Challenge id=0x1 > <96dcdc49def3f865f3e52604054e7517>, name = "kookoo"] > May 23 00:45:29 kookoo pptpd[193]: CTRL: Received PPTP Control Message > (type: 15) > May 23 00:45:29 kookoo pptpd[193]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > May 23 00:45:29 kookoo pppd[194]: rcvd [LCP code=0xc id=0x3 17 bf 27 9e 4d > 53 52 41 53 56 35 2e 30 30] > May 23 00:45:29 kookoo pppd[194]: sent [LCP CodeRej id=0x3 0c 03 00 12 17 > bf 27 9e 4d 53 52 41 53 56 35 2e 30 30] > May 23 00:45:29 kookoo pppd[194]: rcvd [LCP code=0xc id=0x4 17 bf 27 9e 4d > 53 52 41 53 2d 31 2d 4d 45 50 48 49 53 54 4f] > May 23 00:45:29 kookoo pppd[194]: sent [LCP CodeRej id=0x4 0c 04 00 18 17 > bf 27 9e 4d 53 52 41 53 2d 31 2d 4d 45 50 48 49 53 54 4f] > May 23 00:45:29 kookoo pppd[194]: rcvd [LCP EchoRep id=0x0 > magic=0x17bf279e] > May 23 00:45:29 kookoo pppd[194]: rcvd [CHAP Response id=0x1 > <6af83f1b920776df528622f0129d728700000000000000001157322bdcdbc26aa5067bbe1b092229400d4c93749ec9fc00>, > name = "sage"] > May 23 00:45:29 kookoo pppd[194]: sent [CHAP Success id=0x1 > "S=0A76F907F66B23E545A52130A8B1C75E125AA61B"] > May 23 00:45:29 kookoo pppd[194]: sent [CCP ConfReq id=0x1 ] > May 23 00:45:29 kookoo pppd[194]: sent [LCP TermReq id=0x5 "No network > protocols running"] > May 23 00:45:29 kookoo pppd[194]: MSCHAP-v2 peer authentication succeeded > for sage > May 23 00:45:29 kookoo pptpd[193]: CTRL: Received PPTP Control Message > (type: 15) > May 23 00:45:29 kookoo pptpd[193]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > May 23 00:45:29 kookoo pppd[194]: rcvd [CCP ConfReq id=0x5 ] > May 23 00:45:29 kookoo pppd[194]: rcvd [IPCP ConfReq id=0x6 > ] > May 23 00:45:29 kookoo pppd[194]: rcvd [CCP ConfRej id=0x1 ] > May 23 00:45:29 kookoo pppd[194]: rcvd [LCP TermAck id=0x5 "No network > protocols running"] > May 23 00:45:29 kookoo pppd[194]: Connection terminated. > May 23 00:45:29 kookoo pppd[194]: Connect time 0.1 minutes. > May 23 00:45:29 kookoo pppd[194]: Sent 7 bytes, received 0 bytes. > May 23 00:45:29 kookoo pppd[194]: Exit. > May 23 00:45:29 kookoo pptpd[191]: MGR: Reaped child 193 > May 23 00:45:29 kookoo pptpd[193]: GRE: read(fd=5,buffer=804daa0,len=8196) > from PTY failed: status = -1 error = Input/output error > May 23 00:45:29 kookoo pptpd[193]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > May 23 00:45:29 kookoo pptpd[193]: CTRL: Client 216.246.35.217 control > connection finished > May 23 00:45:29 kookoo pptpd[193]: CTRL: Exiting now > > /etc/pptpd.conf: > > option /etc/ppp/options.w2k > localip 207.155.127.220 > remoteip 207.155.127.221 > > /etc/ppp/options.w2k: (from the 2.4 kernel pptpd howto) > > debug > name kookoo > lock > mtu 1490 > mru 1490 > proxyarp > auth > +chap > +chapms > +chapms-v2 > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > deflate 0 > #mppe-128 # tried with and without mppe > #mppe-40 > #mppe-stateless > kdebug 1 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From ctresco at economics.mit.edu Wed May 23 09:24:48 2001 From: ctresco at economics.mit.edu (Christopher Tresco) Date: Wed, 23 May 2001 10:24:48 -0400 Subject: [pptp-server] pptp, gre, adsl firewllas and nat In-Reply-To: <990488215.752.3.camel@murdock> Message-ID: Are you NATing protocol 47?? That is the gre protocol. > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of John Leach > Sent: Monday, May 21, 2001 7:37 PM > To: pptp-server mailing list > Subject: [pptp-server] pptp, gre, adsl firewllas and nat > > > Hello, I've been playing with pptpd with much success, but am having > troubles getting it to work in one particular scenario. > > I have 2 linux boxes, connect over the internet via a bridged cable > internet connection on one end, and a natted adsl connection complements > of the friendly British Telecom. > > I'm using the linux client, and can connect to both boxes via their > local LANs fine, all works great. > > When I try to connect over the internet things go terribly wrong. The > port connects and the gre gets set up, ppp starts and seems to get > going, but then I get LCP: ConfigRequest timeout errors (in my syslog). > > I've found a bit of info on this message re: generic ppp problems. and > have tried a few suggested solutions, for example playing with my mru > and mtu settings, but to no avail. > > I'm worried this is caused by the NATing of the adsl router. I've > tcpdumped traffic at both ends and observed seemingly normal gre and tcp > traffic, so I'm pretty sure the router understands gre. Could gre be > being affected by the natting, like ipsec does? (even tho ipsec is only > affected because the changes in the packets by the NAT breaks the > security measures, and gre has no such security measure I know of). > > Has anyone else had similar problems? I'm going to try this connection > to a 3rd box on a real leased line, using the current boxes as a client > one at a time to see if I can rule either of them out. > > I'll submit more details when I get them. > > John Leach. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > From dolivier at bondedcollections.com Wed May 23 09:56:42 2001 From: dolivier at bondedcollections.com (Doug Olivier) Date: Wed, 23 May 2001 07:56:42 -0700 Subject: [pptp-server] Dual DSL Connections and routing Message-ID: <006701c0e398$944296e0$4d01a8c0@BONDEDCOLLECTIONS.COM> Sorry to cross post to both mailing list but this situation seem to apply to both protocols. The Situation: Remote office with 2 DSL connections provided by the same ISP. This office has been running a vpnd connection to the main facility over 1 DSL connection for over 90 days. Due to an increase in employees and requested Internet browsing, email etc.. We obtained a second DSL line at their site. Objective: Use the original DSL connection for the vpnd link only (15 telnet connections to db server). Use the 2nd DSL connection for Internet only (web, email). Results: When I activated the routing for the second DSL using route add -net 0.0.0.0 netmask 0.0.0.0 gw 999.86.241.1 eth2 and adjusted the ipchains to only allow web, email via eth2 it worked fine. The commands were then added to the startup files. The vpnd link was already up and running at this time. However on a subsequent reboot all access to the internet was lost. When I turned off the eth2 connection and removed the route and ipchains for it I was able to reestablish the vpn link and internet access. My theory is that the first DSL (eth0) is acquiring the default gw via the route add default gw 999.86.241.1 netmask 0.0.0.0 metric 1 Since both DSL routes use the same gateway. Since this is a production box and I have a limited time frame to manipulate it (1-2 hrs. a day) I'm looking for suggestions. My Ideas: Setup 2nd DSL on eth0 and let it have the default route and adjust the firewall rules re that interface. Setup a static route on the 2nd DSL line to point only at our home office IP (i.e. route add -net 999.1.34.221 netmask 255.255.255.255 gw 999.86.241.1 eth2 even though that route gets set when vpnd links up. Does anyone else have any other ideas, advice, words of wisdom on this situation ? Douglas J. Olivier Network Administrator Bonded Collections of Tucson Inc. From john at ecsc.co.uk Wed May 23 12:24:39 2001 From: john at ecsc.co.uk (John Leach) Date: 23 May 2001 18:24:39 +0100 Subject: [pptp-server] pptp, gre, adsl firewllas and nat In-Reply-To: References: Message-ID: <990638680.2100.0.camel@murdock> On 23 May 2001 10:24:48 -0400, Christopher Tresco wrote: > Are you NATing protocol 47?? That is the gre protocol. Yes, I've made sure of this on the BT adsl router by adding it to the forwarded list of protocols. I can't be too sure of the config of the cable side, but it is just bridged directly to my box, so things should be fine. I've also observed gre traffic at both ends using tcpdump, so it's getting thru the routers ok, I'm concerned its being manged in some manner tho. > > > > > -----Original Message----- > > From: pptp-server-admin at lists.schulte.org > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of John Leach > > Sent: Monday, May 21, 2001 7:37 PM > > To: pptp-server mailing list > > Subject: [pptp-server] pptp, gre, adsl firewllas and nat > > > > > > Hello, I've been playing with pptpd with much success, but am having > > troubles getting it to work in one particular scenario. > > > > I have 2 linux boxes, connect over the internet via a bridged cable > > internet connection on one end, and a natted adsl connection complements > > of the friendly British Telecom. > > > > I'm using the linux client, and can connect to both boxes via their > > local LANs fine, all works great. > > > > When I try to connect over the internet things go terribly wrong. The > > port connects and the gre gets set up, ppp starts and seems to get > > going, but then I get LCP: ConfigRequest timeout errors (in my syslog). > > > > I've found a bit of info on this message re: generic ppp problems. and > > have tried a few suggested solutions, for example playing with my mru > > and mtu settings, but to no avail. > > > > I'm worried this is caused by the NATing of the adsl router. I've > > tcpdumped traffic at both ends and observed seemingly normal gre and tcp > > traffic, so I'm pretty sure the router understands gre. Could gre be > > being affected by the natting, like ipsec does? (even tho ipsec is only > > affected because the changes in the packets by the NAT breaks the > > security measures, and gre has no such security measure I know of). > > > > Has anyone else had similar problems? I'm going to try this connection > > to a 3rd box on a real leased line, using the current boxes as a client > > one at a time to see if I can rule either of them out. > > > > I'll submit more details when I get them. > > > > John Leach. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From doug.koobs at dimensionnetworks.com Wed May 23 11:39:57 2001 From: doug.koobs at dimensionnetworks.com (Douglas W Koobs) Date: Wed, 23 May 2001 12:39:57 -0400 Subject: [pptp-server] Timeouafter period of inactivity? Message-ID: Hello, Is there a way to have the PPTP server close out VPN connections after a period of inactivity, say 20 minutes? Thanks, Douglas W Koobs MCSE Network Engineer Dimension Networks, Inc. (727) 723-8388 -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2748 bytes Desc: not available URL: From SStone at taos.com Wed May 23 12:12:23 2001 From: SStone at taos.com (Scott Stone) Date: Wed, 23 May 2001 10:12:23 -0700 Subject: [pptp-server] gre running over ppp or IP? Message-ID: <21DEAE09F017D111969700A0C98407520572A52D@espresso.taos.com> tcpdump is aware of everything from layer 2 packets on up, so yes, it can see GRE. It can dump raw ethernet, too. ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Ismandy Ali [mailto:ismandya at sains.com.my] Sent: Tuesday, May 22, 2001 6:48 PM To: Justin Kreger Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] gre running over ppp or IP? Is this means that tcpdump() is not really aware of the presence of GRE, which makes me does n't get meaningful info when the packets is encountered? This is the output of my /var/log/pptpd.log which occured at the same time with my tcpdump output form my GRE /var/log/pptpd.log May 22 16:47:29 kgsnt3 pppd[601]: sent [LCP ConfReq id=0x1 ] May 22 16:47:29 kgsnt3 pppd[601]: Timeout 0x80503d4:0x80784c0 in 3 seconds. with tcpdump -i eth0 -n proto 47 or port 1723 16:47:29.904470 > gre-proto-0x880B (gre encap) - this once occured 9 times Can I see other people's tcpdump output of a working pptpd server? Justin Kreger wrote: > The ppp session is inside the gre tunnel, which is encapsulated in IP. As > for your request time outs, you may not have pppd setup to be the server, > it may think its a client... along with your client. > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > On Wed, 23 May 2001, Ismandy Ali wrote: > > > Hi all, > > > > I know that the pptpd needs port 1723 and protocol 47 to work. > > > > I followed the howto from http://www.vibres.com/pptpd/example.html > > ------------------- > > ppp-2.3.11.tar.gz > > Apply ppp-2.3.11-openssl-0.9.5-mppe.patch.gz patch to ppp-2.3.11 > > Apply ppp_mppe_compressed_data_fix.diff patch to the > > ppp-2.3.11/linux/ppp_mppe.c file (after the openssl-mppe patch is > > applied) > > if_ppp_2.2.17.diff (used to patch the Linux source after ppp-2.3.11 > > makes it's changes) > > pptpd-1.1.2.tar.gz > > kernel linux-2.2.17.tar.gz > > ---------------------- > > > > In our pptpd, correct me if I am wrong, should the GRE is encapsulated > > and running over IP. But based from the the output captured by my > > tcpdump, it seems that GRE is not running over IP, instead it is > > running over PPP(0x880B). So is this the correct way of pptpd works? > > > > My pptpd does n't works, and it gives me "LCP: timeout sending > > Config-Requests" inside my logs file,and from the FAQ, is says that this > > problem occured due to the filtering on the firewall. I don't think it > > is be the problem since we does n't implement any form of filtering in > > our network. > > > > Any idea what cause such problem? > > > > > > #tcpdump -i eth0 -n proto 47 or port 1723 > > > > 17:44:48.199173 < 161.142.45.174.1553 > 161.184.155.230.1723: S > > 10498228:10498228(0) win 8192 (DF) > > 17:44:48.199310 > 161.184.155.230.1723 > 161.142.45.174.1553: S > > 3073208334:3073208334(0) ack 10498229 win 32696 > > (DF) > > 17:44:48.483929 < 161.142.45.174.1553 > 161.184.155.230.1723: . 1:1(0) > > ack 1 win 8576 (DF) > > 17:44:48.526568 < 161.142.45.174.1553 > 161.184.155.230.1723: P > > 1:157(156) ack 1 win 8576 (DF) > > 17:44:48.526611 > 161.184.155.230.1723 > 161.142.45.174.1553: . 1:1(0) > > ack 157 win 32540 (DF) > > 17:44:48.526916 > 161.184.155.230.1723 > 161.142.45.174.1553: P > > 1:157(156) ack 157 win 32696 (DF) > > 17:44:48.880168 < 161.142.45.174.1553 > 161.184.155.230.1723: P > > 157:325(168) ack 157 win 8420 (DF) > > 17:44:48.884505 > 161.184.155.230.1723 > 161.142.45.174.1553: P > > 157:189(32) ack 325 win 32696 (DF) > > 17:44:48.889345 > gre-proto-0x880B (gre encap) > > 17:44:49.298740 < 161.142.45.174.1553 > 161.184.155.230.1723: . > > 325:325(0) ack 189 win 8388 (DF) > > 17:44:51.894451 > gre-proto-0x880B (gre encap) > > 17:44:54.904470 > gre-proto-0x880B (gre encap) > > 17:44:57.914381 > gre-proto-0x880B (gre encap) > > 17:45:00.924388 > gre-proto-0x880B (gre encap) > > 17:45:03.934683 > gre-proto-0x880B (gre encap) > > > > p/s: I learn tcpdump from problem, it is fun, and I need people to ask. > > Not that I am dunnot know, but I am not sure. > > > > Kukulkan > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Wed May 23 12:55:19 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 23 May 2001 13:55:19 -0400 (EDT) Subject: [pptp-server] Timeouafter period of inactivity? In-Reply-To: Message-ID: in /etc/ppp/options put: idle 1200 be forwarned, the client may generate enouf traffic to keep it connected. Lowering the time might help. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 23 May 2001, Douglas W Koobs wrote: > Hello, > > Is there a way to have the PPTP server close out VPN connections after a > period of inactivity, say 20 minutes? Thanks, > > Douglas W Koobs MCSE > Network Engineer > Dimension Networks, Inc. > (727) 723-8388 > From GeorgeV at citadelcomputer.com.au Wed May 23 17:30:45 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 24 May 2001 08:30:45 +1000 Subject: [pptp-server] Dual DSL Connections and routing Message-ID: <200FAA488DE0D41194F10010B597610D01246E@JUPITER> I think your problem is your network configuration in your system. Is this RedHat linux? If so, check your /etc/sysconfig/network-scripts/ifcfg-eth0 and remove the GATEWAY= settings and put it into ifcfg-eth1 If it doesn't exist then it may appear in /etc/sysconfig/network and the same setting is in there. If it's in the /etc/sysconfig/network file then your problem will be as you said "both devices use the same gateway" then use the /etc/sysconfig/static-routes file and specify the device NOT the gateway..eg. eth1 default dev eth1 not eth0 default eth0 hopefully this will help. Basically make sure on reboot that both ETH devices have default gateways turned off then apply the static route via the device (ETH1, or whateva).. good luck thanks, George Vieira -----Original Message----- From: Doug Olivier [mailto:dolivier at bondedcollections.com] Sent: Thursday, May 24, 2001 12:57 AM To: vpnd; pptp-server Subject: [pptp-server] Dual DSL Connections and routing Sorry to cross post to both mailing list but this situation seem to apply to both protocols. The Situation: Remote office with 2 DSL connections provided by the same ISP. This office has been running a vpnd connection to the main facility over 1 DSL connection for over 90 days. Due to an increase in employees and requested Internet browsing, email etc.. We obtained a second DSL line at their site. Objective: Use the original DSL connection for the vpnd link only (15 telnet connections to db server). Use the 2nd DSL connection for Internet only (web, email). Results: When I activated the routing for the second DSL using route add -net 0.0.0.0 netmask 0.0.0.0 gw 999.86.241.1 eth2 and adjusted the ipchains to only allow web, email via eth2 it worked fine. The commands were then added to the startup files. The vpnd link was already up and running at this time. However on a subsequent reboot all access to the internet was lost. When I turned off the eth2 connection and removed the route and ipchains for it I was able to reestablish the vpn link and internet access. My theory is that the first DSL (eth0) is acquiring the default gw via the route add default gw 999.86.241.1 netmask 0.0.0.0 metric 1 Since both DSL routes use the same gateway. Since this is a production box and I have a limited time frame to manipulate it (1-2 hrs. a day) I'm looking for suggestions. My Ideas: Setup 2nd DSL on eth0 and let it have the default route and adjust the firewall rules re that interface. Setup a static route on the 2nd DSL line to point only at our home office IP (i.e. route add -net 999.1.34.221 netmask 255.255.255.255 gw 999.86.241.1 eth2 even though that route gets set when vpnd links up. Does anyone else have any other ideas, advice, words of wisdom on this situation ? Douglas J. Olivier Network Administrator Bonded Collections of Tucson Inc. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From GeorgeV at citadelcomputer.com.au Wed May 23 17:50:46 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 24 May 2001 08:50:46 +1000 Subject: [pptp-server] gre running over ppp or IP? Message-ID: <200FAA488DE0D41194F10010B597610D012471@JUPITER> As mentioned already "idle 3600" (1 hour)... Everybody please remember this is basically a PPP dial up connection BUT over a VPN link. So you can control it like a dial in user. thanks, George Vieira -----Original Message----- From: Scott Stone [mailto:SStone at taos.com] Sent: Thursday, May 24, 2001 3:12 AM To: 'Ismandy Ali'; Justin Kreger Cc: pptp-server at lists.schulte.org Subject: RE: [pptp-server] gre running over ppp or IP? tcpdump is aware of everything from layer 2 packets on up, so yes, it can see GRE. It can dump raw ethernet, too. ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Ismandy Ali [mailto:ismandya at sains.com.my] Sent: Tuesday, May 22, 2001 6:48 PM To: Justin Kreger Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] gre running over ppp or IP? Is this means that tcpdump() is not really aware of the presence of GRE, which makes me does n't get meaningful info when the packets is encountered? This is the output of my /var/log/pptpd.log which occured at the same time with my tcpdump output form my GRE /var/log/pptpd.log May 22 16:47:29 kgsnt3 pppd[601]: sent [LCP ConfReq id=0x1 ] May 22 16:47:29 kgsnt3 pppd[601]: Timeout 0x80503d4:0x80784c0 in 3 seconds. with tcpdump -i eth0 -n proto 47 or port 1723 16:47:29.904470 > gre-proto-0x880B (gre encap) - this once occured 9 times Can I see other people's tcpdump output of a working pptpd server? Justin Kreger wrote: > The ppp session is inside the gre tunnel, which is encapsulated in IP. As > for your request time outs, you may not have pppd setup to be the server, > it may think its a client... along with your client. > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > On Wed, 23 May 2001, Ismandy Ali wrote: > > > Hi all, > > > > I know that the pptpd needs port 1723 and protocol 47 to work. > > > > I followed the howto from http://www.vibres.com/pptpd/example.html > > ------------------- > > ppp-2.3.11.tar.gz > > Apply ppp-2.3.11-openssl-0.9.5-mppe.patch.gz patch to ppp-2.3.11 > > Apply ppp_mppe_compressed_data_fix.diff patch to the > > ppp-2.3.11/linux/ppp_mppe.c file (after the openssl-mppe patch is > > applied) > > if_ppp_2.2.17.diff (used to patch the Linux source after ppp-2.3.11 > > makes it's changes) > > pptpd-1.1.2.tar.gz > > kernel linux-2.2.17.tar.gz > > ---------------------- > > > > In our pptpd, correct me if I am wrong, should the GRE is encapsulated > > and running over IP. But based from the the output captured by my > > tcpdump, it seems that GRE is not running over IP, instead it is > > running over PPP(0x880B). So is this the correct way of pptpd works? > > > > My pptpd does n't works, and it gives me "LCP: timeout sending > > Config-Requests" inside my logs file,and from the FAQ, is says that this > > problem occured due to the filtering on the firewall. I don't think it > > is be the problem since we does n't implement any form of filtering in > > our network. > > > > Any idea what cause such problem? > > > > > > #tcpdump -i eth0 -n proto 47 or port 1723 > > > > 17:44:48.199173 < 161.142.45.174.1553 > 161.184.155.230.1723: S > > 10498228:10498228(0) win 8192 (DF) > > 17:44:48.199310 > 161.184.155.230.1723 > 161.142.45.174.1553: S > > 3073208334:3073208334(0) ack 10498229 win 32696 > > (DF) > > 17:44:48.483929 < 161.142.45.174.1553 > 161.184.155.230.1723: . 1:1(0) > > ack 1 win 8576 (DF) > > 17:44:48.526568 < 161.142.45.174.1553 > 161.184.155.230.1723: P > > 1:157(156) ack 1 win 8576 (DF) > > 17:44:48.526611 > 161.184.155.230.1723 > 161.142.45.174.1553: . 1:1(0) > > ack 157 win 32540 (DF) > > 17:44:48.526916 > 161.184.155.230.1723 > 161.142.45.174.1553: P > > 1:157(156) ack 157 win 32696 (DF) > > 17:44:48.880168 < 161.142.45.174.1553 > 161.184.155.230.1723: P > > 157:325(168) ack 157 win 8420 (DF) > > 17:44:48.884505 > 161.184.155.230.1723 > 161.142.45.174.1553: P > > 157:189(32) ack 325 win 32696 (DF) > > 17:44:48.889345 > gre-proto-0x880B (gre encap) > > 17:44:49.298740 < 161.142.45.174.1553 > 161.184.155.230.1723: . > > 325:325(0) ack 189 win 8388 (DF) > > 17:44:51.894451 > gre-proto-0x880B (gre encap) > > 17:44:54.904470 > gre-proto-0x880B (gre encap) > > 17:44:57.914381 > gre-proto-0x880B (gre encap) > > 17:45:00.924388 > gre-proto-0x880B (gre encap) > > 17:45:03.934683 > gre-proto-0x880B (gre encap) > > > > p/s: I learn tcpdump from problem, it is fun, and I need people to ask. > > Not that I am dunnot know, but I am not sure. > > > > Kukulkan > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From djolivier at bigfoot.nospam.com Wed May 23 19:04:47 2001 From: djolivier at bigfoot.nospam.com (tytyty) Date: Wed, 23 May 2001 17:04:47 -0700 Subject: [pptp-server] Dual DSL Connections and routing References: <200FAA488DE0D41194F10010B597610D01246E@JUPITER> Message-ID: <3B0C501F.6F1A0E1F@bigfoot.nospam.com> Im not using Redhat but I belive I understand your point, basically I should NOT have a default route, but set individual routes on devices as I was thinking. These are the routes I am going to try: route add -net 999.1.34.221 netmask 255.255.255.255 gw 999.86.241.1 eth0 < only pointing at home office route add -net 0.0.0.0 netmask 0.0.0.0 gw 999.86.241.1 eth2 <- for internet Thank you for your response. George Vieira wrote: > > I think your problem is your network configuration in your system. Is this > RedHat linux? > If so, check your /etc/sysconfig/network-scripts/ifcfg-eth0 and remove the > GATEWAY= settings and put it into ifcfg-eth1 > > If it doesn't exist then it may appear in /etc/sysconfig/network and the > same setting is in there. > > If it's in the /etc/sysconfig/network file then your problem will be as you > said "both devices use the same gateway" then use the > /etc/sysconfig/static-routes file and specify the device NOT the > gateway..eg. > > eth1 default dev eth1 > > not > > eth0 default eth0 > > hopefully this will help. Basically make sure on reboot that both ETH > devices have default gateways turned off then apply the static route via the > device (ETH1, or whateva).. > > good luck > > thanks, > George Vieira > > -----Original Message----- > From: Doug Olivier [mailto:dolivier at bondedcollections.com] > Sent: Thursday, May 24, 2001 12:57 AM > To: vpnd; pptp-server > Subject: [pptp-server] Dual DSL Connections and routing > > Sorry to cross post to both mailing list but this situation seem to apply to > both protocols. > > The Situation: > > Remote office with 2 DSL connections provided by the same ISP. > > This office has been running a vpnd connection to the main facility over 1 > DSL connection for over 90 days. Due to an increase in employees and > requested Internet browsing, email etc.. We obtained a second DSL line at > their site. > > Objective: > > Use the original DSL connection for the vpnd link only (15 telnet > connections to db server). Use the 2nd DSL connection for Internet only > (web, email). > > Results: > > When I activated the routing for the second DSL using > route add -net 0.0.0.0 netmask 0.0.0.0 gw 999.86.241.1 eth2 > and adjusted the ipchains to only allow web, email via eth2 it worked fine. > The commands were then added to the startup files. > The vpnd link was already up and running at this time. > > However on a subsequent reboot all access to the internet was lost. > When I turned off the eth2 connection and removed the route and ipchains for > it I was able to reestablish the vpn link and internet access. > > My theory is that the first DSL (eth0) is acquiring the default gw via the > route add default gw 999.86.241.1 netmask 0.0.0.0 metric 1 > Since both DSL routes use the same gateway. > > Since this is a production box and I have a limited time frame to manipulate > it (1-2 hrs. a day) > I'm looking for suggestions. > > My Ideas: > > Setup 2nd DSL on eth0 and let it have the default route and adjust the > firewall rules re that interface. > Setup a static route on the 2nd DSL line to point only at our home office IP > (i.e. route add -net 999.1.34.221 netmask 255.255.255.255 gw 999.86.241.1 > eth2 even though that route gets set when vpnd links up. > > Does anyone else have any other ideas, advice, words of wisdom on this > situation ? > > Douglas J. Olivier > Network Administrator > Bonded Collections of Tucson Inc. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From GeorgeV at citadelcomputer.com.au Wed May 23 19:28:49 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 24 May 2001 10:28:49 +1000 Subject: [pptp-server] Dual DSL Connections and routing Message-ID: <200FAA488DE0D41194F10010B597610D01247E@JUPITER> not sure about individual routes on devices as you were saying (correct me if I'm wrong) that the problem was the default route was going to the wrong device....???.. argh.. little confused I guess. M..u..stt...dr.r.aaww....d...i.a..graa...m.!! You can setup routes using what you said below in the /etc/ppp/ip-up.local when the devices come online... what distro are you using and do you have /etc/ppp/ip-up.loca files or /etc/ppp/ip-up? thanks, George Vieira -----Original Message----- From: tytyty [mailto:djolivier at bigfoot.nospam.com] Sent: Thursday, May 24, 2001 10:05 AM To: George Vieira Cc: 'Doug Olivier'; vpnd; pptp-server Subject: Re: [pptp-server] Dual DSL Connections and routing Im not using Redhat but I belive I understand your point, basically I should NOT have a default route, but set individual routes on devices as I was thinking. These are the routes I am going to try: route add -net 999.1.34.221 netmask 255.255.255.255 gw 999.86.241.1 eth0 < only pointing at home office route add -net 0.0.0.0 netmask 0.0.0.0 gw 999.86.241.1 eth2 <- for internet Thank you for your response. George Vieira wrote: > > I think your problem is your network configuration in your system. Is this > RedHat linux? > If so, check your /etc/sysconfig/network-scripts/ifcfg-eth0 and remove the > GATEWAY= settings and put it into ifcfg-eth1 > > If it doesn't exist then it may appear in /etc/sysconfig/network and the > same setting is in there. > > If it's in the /etc/sysconfig/network file then your problem will be as you > said "both devices use the same gateway" then use the > /etc/sysconfig/static-routes file and specify the device NOT the > gateway..eg. > > eth1 default dev eth1 > > not > > eth0 default eth0 > > hopefully this will help. Basically make sure on reboot that both ETH > devices have default gateways turned off then apply the static route via the > device (ETH1, or whateva).. > > good luck > > thanks, > George Vieira > > -----Original Message----- > From: Doug Olivier [mailto:dolivier at bondedcollections.com] > Sent: Thursday, May 24, 2001 12:57 AM > To: vpnd; pptp-server > Subject: [pptp-server] Dual DSL Connections and routing > > Sorry to cross post to both mailing list but this situation seem to apply to > both protocols. > > The Situation: > > Remote office with 2 DSL connections provided by the same ISP. > > This office has been running a vpnd connection to the main facility over 1 > DSL connection for over 90 days. Due to an increase in employees and > requested Internet browsing, email etc.. We obtained a second DSL line at > their site. > > Objective: > > Use the original DSL connection for the vpnd link only (15 telnet > connections to db server). Use the 2nd DSL connection for Internet only > (web, email). > > Results: > > When I activated the routing for the second DSL using > route add -net 0.0.0.0 netmask 0.0.0.0 gw 999.86.241.1 eth2 > and adjusted the ipchains to only allow web, email via eth2 it worked fine. > The commands were then added to the startup files. > The vpnd link was already up and running at this time. > > However on a subsequent reboot all access to the internet was lost. > When I turned off the eth2 connection and removed the route and ipchains for > it I was able to reestablish the vpn link and internet access. > > My theory is that the first DSL (eth0) is acquiring the default gw via the > route add default gw 999.86.241.1 netmask 0.0.0.0 metric 1 > Since both DSL routes use the same gateway. > > Since this is a production box and I have a limited time frame to manipulate > it (1-2 hrs. a day) > I'm looking for suggestions. > > My Ideas: > > Setup 2nd DSL on eth0 and let it have the default route and adjust the > firewall rules re that interface. > Setup a static route on the 2nd DSL line to point only at our home office IP > (i.e. route add -net 999.1.34.221 netmask 255.255.255.255 gw 999.86.241.1 > eth2 even though that route gets set when vpnd links up. > > Does anyone else have any other ideas, advice, words of wisdom on this > situation ? > > Douglas J. Olivier > Network Administrator > Bonded Collections of Tucson Inc. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From glivingstone at ajpark.co.nz Wed May 23 22:58:59 2001 From: glivingstone at ajpark.co.nz (Godfrey Livingstone) Date: Thu, 24 May 2001 15:58:59 +1200 Subject: [pptp-server] Bug with pppsmbnoblank.patch solution at last Message-ID: An embedded and charset-unspecified text was scrubbed... Name: not available URL: From GeorgeV at citadelcomputer.com.au Thu May 24 01:16:02 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 24 May 2001 16:16:02 +1000 Subject: [pptp-server] SMBpatches.. Message-ID: <200FAA488DE0D41194F10010B597610D01248E@JUPITER> So after all the "patch which patches the patch which patches the patch" going on, is http://www.hattaway.co.nz/raidpatches/pppsmbnoblank.patch suppose to be the ideal patch for smb? Is there a complete file which has it all to patch PPPD in 1 go? I want to apply the smbpatch but don't want to go through the hassels.. How is it applied? I tried it and it complained...??? thanks, George Vieira From markp at nonlinear.com Thu May 24 04:21:41 2001 From: markp at nonlinear.com (Mark Pearson) Date: Thu, 24 May 2001 10:21:41 +0100 Subject: [pptp-server] Question: Is it possible to use NAT at each end of the connection..? Message-ID: I have poptop working very nicely between a dialup client and a natted server. What i need to know is, can I use a client connection with say a netgear rh348 isdn router to connect into my current server (gnatbox)? Is it just a case of the netgear router allowing GRE through? Any advice/help would be much appreciated :-) From lists at earthling.2y.net Thu May 24 05:33:33 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 24 May 2001 06:33:33 -0400 (EDT) Subject: [pptp-server] Question: Is it possible to use NAT at each end of the connection..? In-Reply-To: Message-ID: Yes, it is possible. My connection works just fine to where I work. Below is a quick little text diagram. Win98-and-Win2k-VirtualMachines at Linux-workstation <--(private lan)--> Linux 2.2 Masquerading firewall on dialup <--(internet)--> Firewall & Linux 2.4 NAT translator <--(private lan)---> NT Server Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 24 May 2001, Mark Pearson wrote: > I have poptop working very nicely between a dialup client and a natted > server. > > What i need to know is, can I use a client connection with say a netgear > rh348 isdn router to connect into my current server (gnatbox)? Is it just a > case of the netgear router allowing GRE through? > > Any advice/help would be much appreciated :-) > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Thu May 24 05:45:37 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 24 May 2001 06:45:37 -0400 (EDT) Subject: [pptp-server] Dual DSL Connections and routing In-Reply-To: <3B0C501F.6F1A0E1F@bigfoot.nospam.com> Message-ID: Setup a default route to the line that is used for the internet... then setup any proxying/firewalling/natting you need on that, then, using ipsec, connect the two offices together using freeswan. In freeswan, tell it the next hop for the ipsec connection on your end with two dsl lines, is to the router on the second dsl line, make sure you have a route allready in place for it, perhaps a backup default route. assuming eth1 and eth2 are external interfaces, eth2 being for employee internet access route -add 0.0.0.0 netmask 0.0.0.0 gw nexthop-ip-on-eth2 metric 1 eth2 route -add 0.0.0.0 netmask 0.0.0.0 gw nexthop-ip-on-eth1 metric 5 eth1 That SHOULD give you some redundancy. You should be able to use ip masquerading, and have it run just fine. If you really wanted to get it to work perfictly, contact the isp, and talk about running a routing protocol on the two lines. Now, setup ipsec to use the gateway's ip on eth1 as the next hop for your end of the tunnel (Freeswan now supports compression). Freeswan will handle the routing from there. One bit of warning with dsl lines, I am working with a customer right now, and they have dsl lines between two locations, and one of the locations seems to have a bad phone line, so it cuts out for minutes at a time. This dose cause problems with ipsec, but it's easy to write a script to check it, and restart the connection. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 23 May 2001, tytyty wrote: > Im not using Redhat but I belive I understand your point, basically I > should NOT have a default route, but set individual routes on devices as > I was thinking. These are the routes I am going to try: > route add -net 999.1.34.221 netmask 255.255.255.255 gw 999.86.241.1 eth0 > < only pointing at home office > route add -net 0.0.0.0 netmask 0.0.0.0 gw 999.86.241.1 eth2 <- for > internet > > Thank you for your response. > > George Vieira wrote: > > > > I think your problem is your network configuration in your system. Is this > > RedHat linux? > > If so, check your /etc/sysconfig/network-scripts/ifcfg-eth0 and remove the > > GATEWAY= settings and put it into ifcfg-eth1 > > > > If it doesn't exist then it may appear in /etc/sysconfig/network and the > > same setting is in there. > > > > If it's in the /etc/sysconfig/network file then your problem will be as you > > said "both devices use the same gateway" then use the > > /etc/sysconfig/static-routes file and specify the device NOT the > > gateway..eg. > > > > eth1 default dev eth1 > > > > not > > > > eth0 default eth0 > > > > hopefully this will help. Basically make sure on reboot that both ETH > > devices have default gateways turned off then apply the static route via the > > device (ETH1, or whateva).. > > > > good luck > > > > thanks, > > George Vieira > > > > -----Original Message----- > > From: Doug Olivier [mailto:dolivier at bondedcollections.com] > > Sent: Thursday, May 24, 2001 12:57 AM > > To: vpnd; pptp-server > > Subject: [pptp-server] Dual DSL Connections and routing > > > > Sorry to cross post to both mailing list but this situation seem to apply to > > both protocols. > > > > The Situation: > > > > Remote office with 2 DSL connections provided by the same ISP. > > > > This office has been running a vpnd connection to the main facility over 1 > > DSL connection for over 90 days. Due to an increase in employees and > > requested Internet browsing, email etc.. We obtained a second DSL line at > > their site. > > > > Objective: > > > > Use the original DSL connection for the vpnd link only (15 telnet > > connections to db server). Use the 2nd DSL connection for Internet only > > (web, email). > > > > Results: > > > > When I activated the routing for the second DSL using > > route add -net 0.0.0.0 netmask 0.0.0.0 gw 999.86.241.1 eth2 > > and adjusted the ipchains to only allow web, email via eth2 it worked fine. > > The commands were then added to the startup files. > > The vpnd link was already up and running at this time. > > > > However on a subsequent reboot all access to the internet was lost. > > When I turned off the eth2 connection and removed the route and ipchains for > > it I was able to reestablish the vpn link and internet access. > > > > My theory is that the first DSL (eth0) is acquiring the default gw via the > > route add default gw 999.86.241.1 netmask 0.0.0.0 metric 1 > > Since both DSL routes use the same gateway. > > > > Since this is a production box and I have a limited time frame to manipulate > > it (1-2 hrs. a day) > > I'm looking for suggestions. > > > > My Ideas: > > > > Setup 2nd DSL on eth0 and let it have the default route and adjust the > > firewall rules re that interface. > > Setup a static route on the 2nd DSL line to point only at our home office IP > > (i.e. route add -net 999.1.34.221 netmask 255.255.255.255 gw 999.86.241.1 > > eth2 even though that route gets set when vpnd links up. > > > > Does anyone else have any other ideas, advice, words of wisdom on this > > situation ? > > > > Douglas J. Olivier > > Network Administrator > > Bonded Collections of Tucson Inc. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From csy at hjc.edu.sg Thu May 24 08:15:54 2001 From: csy at hjc.edu.sg (Chen Shiyuan) Date: Thu, 24 May 2001 21:15:54 +0800 (SGT) Subject: [pptp-server] Re: Bug with pppsmbnoblank.patch solution at last In-Reply-To: References: Message-ID: <990710154.3b0d098a9b3be@home.hjc.edu.sg> Hello! Thanks for your email. Nope, the "easy solution" provided below doesn't solve the problem. Same problems still occur. BTW, has someone incorporated in a fix into the original smbpasswd patch? It seems pretty strange that while this bug is officially "known" and supposedly fixed, the smbpasswd patch which I downloaded from the main site a couple of weeks back still has the blank problem. Thanks! On Thu, 24 May 2001 15:58:59 +1200, Godfrey Livingstone wrote : > HI I wrote the patch that you obtained from hataway.co.nz > also the patch for 2.4 that authenticates against smbpasswd this > applies > as much to 2.2 as to 2.2. > > The patch to use is > > http://www.hattaway.co.nz/raidpatches/pppsmbnoblank.patch > > There appeared to be a problem with the patch but until your post > I was > never able to solve it as it worked on the hattaway servers. > > The easy solution is to have your secrets file look like this > > # Secrets for authentication using CHAP > # client server secret I > P addresses > * * &/etc/ppp/smbpasswd * > > The reason that it does not work for you is that the server test > does not > have an entry in the smbpasswd file so is unable to find a > password. > You are interested in authenticating the client and not the > server in any > case. The way your config file is set up you require a password > for test > to be the same as any user connecting and this can never be the > case > unless all passwords are the same. From jgrant at iescrow.com Thu May 24 13:51:33 2001 From: jgrant at iescrow.com (John Grant) Date: Thu, 24 May 2001 11:51:33 -0700 Subject: [pptp-server] Multiple interfaces on POPTOP server ? Message-ID: I want to set up a VPN server which has interfaces on many networks, so that connections can be made to multiple (separate) networks by remote clients. I have set up a few test accounts that specify username servername secret IPaddress test-1 * passwd1 192.168.1.100 test-2 * passwd2 192.168.2.100 ... you get the idea. Well I can get the authentication and arp -a on the VPN server says: ? (192.168.1.100) at * PERM PUP on eth1 which looks good, but then if I ping 192.168.1.100 from the VPN server I see PING 192.168.1.100 (192.168.1.100) from 192.168.0.2 : 56(84) bytes of data. where is the 192.168.0.2 coming from ? Obviously I'm asking this as the VPN tunnel doesn't seem to work. Any pointers ? P.S. In the syslog I see: May 23 15:22:29 vpnbox pppd[786]: CHAP peer authentication succeeded for vpn-test May 23 15:22:32 vpnbox pppd[786]: found interface eth1 for proxy arp May 23 15:22:32 vpnbox pppd[786]: local IP address 192.168.0.2 May 23 15:22:32 vpnbox pppd[786]: remote IP address 192.168.1.100 How do I get local address to be on the correct network ? From doug.koobs at dimensionnetworks.com Thu May 24 16:02:40 2001 From: doug.koobs at dimensionnetworks.com (Douglas W Koobs) Date: Thu, 24 May 2001 17:02:40 -0400 Subject: [pptp-server] modprobe: Can't locate module ppp-compress-18 Message-ID: Hello, and thanks for all the help. I am beginning to make progress with PoPToP, currently using a WinME client. I can log in as long as "Require Data Encryption" is not selected on the ME client. When I enables, I get a message that the server does not support encryption. In /var/log/messages, I get a line that reads ns1 modprobe: modprobe: Can't locate module ppp-compress-18 modules.conf has the following lines: alias char-major-108 ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate If I try to insmod ppp_mppe I get "no module found by that name" I applied the mppe patches to the kernel source and recompiled, and to the ppp-2.4.1 source before ./configure. Evidently, I missed something. Maybe after patching the kernel source, is there a new option that I am supposed to enable in menuconfig? If so, I missed it. Any other ideas? Thanks again, Douglas W Koobs Network Engineer Dimension Networks, Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 3348 bytes Desc: not available URL: From john at ecsc.co.uk Fri May 25 17:07:50 2001 From: john at ecsc.co.uk (John Leach) Date: 26 May 2001 01:07:50 +0300 Subject: [pptp-server] pptp, gre, adsl firewllas and nat In-Reply-To: <200FAA488DE0D41194F10010B597610D11E0D1@JUPITER> References: <200FAA488DE0D41194F10010B597610D11E0D1@JUPITER> Message-ID: <990828470.863.0.camel@murdock> On 23 May 2001 09:37:13 +1000, George Vieira wrote: > Don't you need a kernel patch for NATed machines? forgot the name.. Really? I didn't know about this... have you any more information? I'll check the website again myself, thanks > > > thanks, > George Vieira > > > -----Original Message----- > From: John Leach [mailto:john at ecsc.co.uk] > Sent: Tuesday, May 22, 2001 9:37 AM > To: pptp-server mailing list > Subject: [pptp-server] pptp, gre, adsl firewllas and nat > > > Hello, I've been playing with pptpd with much success, but am having > troubles getting it to work in one particular scenario. > > I have 2 linux boxes, connect over the internet via a bridged cable > internet connection on one end, and a natted adsl connection complements > of the friendly British Telecom. > > I'm using the linux client, and can connect to both boxes via their > local LANs fine, all works great. > > When I try to connect over the internet things go terribly wrong. The > port connects and the gre gets set up, ppp starts and seems to get > going, but then I get LCP: ConfigRequest timeout errors (in my syslog). > > I've found a bit of info on this message re: generic ppp problems. and > have tried a few suggested solutions, for example playing with my mru > and mtu settings, but to no avail. > > I'm worried this is caused by the NATing of the adsl router. I've > tcpdumped traffic at both ends and observed seemingly normal gre and tcp > traffic, so I'm pretty sure the router understands gre. Could gre be > being affected by the natting, like ipsec does? (even tho ipsec is only > affected because the changes in the packets by the NAT breaks the > security measures, and gre has no such security measure I know of). > > Has anyone else had similar problems? I'm going to try this connection > to a 3rd box on a real leased line, using the current boxes as a client > one at a time to see if I can rule either of them out. > > I'll submit more details when I get them. > > John Leach. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Thu May 24 16:11:17 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 24 May 2001 17:11:17 -0400 (EDT) Subject: [pptp-server] Multiple interfaces on POPTOP server ? In-Reply-To: Message-ID: depends on your config for pppd.... perhaps you need to define a local ip address in pppd. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 24 May 2001, John Grant wrote: > I want to set up a VPN server which has interfaces on many networks, so that > connections can be made to multiple (separate) networks by remote clients. > > I have set up a few test accounts that specify > > username servername secret IPaddress > test-1 * passwd1 192.168.1.100 > test-2 * passwd2 192.168.2.100 > ... > > you get the idea. Well I can get the authentication and arp -a on the VPN > server says: > > ? (192.168.1.100) at * PERM PUP on eth1 > > which looks good, but then if I ping 192.168.1.100 from the VPN server I see > > PING 192.168.1.100 (192.168.1.100) from 192.168.0.2 : 56(84) bytes of data. > > where is the 192.168.0.2 coming from ? Obviously I'm asking this as the > VPN tunnel doesn't seem to work. > > Any pointers ? > > > > P.S. In the syslog I see: > > May 23 15:22:29 vpnbox pppd[786]: CHAP peer authentication succeeded for vpn-test > May 23 15:22:32 vpnbox pppd[786]: found interface eth1 for proxy arp > May 23 15:22:32 vpnbox pppd[786]: local IP address 192.168.0.2 > May 23 15:22:32 vpnbox pppd[786]: remote IP address 192.168.1.100 > > How do I get local address to be on the correct network ? > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From john at ecsc.co.uk Fri May 25 17:13:06 2001 From: john at ecsc.co.uk (John Leach) Date: 26 May 2001 01:13:06 +0300 Subject: [pptp-server] pptp, gre, adsl firewllas and nat In-Reply-To: <3B0B9AE6.6030605@digitalbrain.com> References: <990488215.752.3.camel@murdock> <3B0B9AE6.6030605@digitalbrain.com> Message-ID: <990828786.862.1.camel@murdock> On 23 May 2001 12:11:34 +0100, Tim Small wrote: > I've found CIPE to work quite well in this situation (one end BT ADSL - > NATed through a win98 box because I can't get the Linux Speedtouch USB > driver working stably :-( - the other end a permanently connected host). > Ah, I had the BT flowpoint router, which is set up to NAT by default. I broke into it and snooped around a bit, turned on protocol 47 forwarding just in case. I do see gre traffic at both ends using tcpdump, so I assume all is well on that front. > One thing that might be worth doing is knocking the MTU/MRU down - > probably something around 1400 will do it, not that the NAT boxes should > be choking on GRE fragments, but it is worth a try, and will help > performance, if you do get it working. > I shall try this again, I did fiddle with the mtu/mru but only reduced it if I remember correctly, I'll report results here, thanks. > CIPE encapsulates over UDP, and doesn't have any problem with any > mainstream NAT equipment. I'd prefer CIPE or proper IPSEC myself, but some lusers needs access from their win boxes *sigh* From GeorgeV at citadelcomputer.com.au Thu May 24 16:54:26 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 25 May 2001 07:54:26 +1000 Subject: [pptp-server] Dual DSL Connections and routing Message-ID: <200FAA488DE0D41194F10010B597610D012499@JUPITER> Yes Justin is quite right though if the ISP is going to get involved then you can do many tricks like multipoint PPP and redundancy routing so if one link goes down then the ISP broadcasts your dead link down the other line. PS: Metric is your friend too.. ;-) thanks, George Vieira -----Original Message----- From: Justin Kreger [mailto:lists at earthling.2y.net] Sent: Thursday, May 24, 2001 8:46 PM To: tytyty Cc: George Vieira; 'Doug Olivier'; vpnd; pptp-server Subject: Re: [pptp-server] Dual DSL Connections and routing Setup a default route to the line that is used for the internet... then setup any proxying/firewalling/natting you need on that, then, using ipsec, connect the two offices together using freeswan. In freeswan, tell it the next hop for the ipsec connection on your end with two dsl lines, is to the router on the second dsl line, make sure you have a route allready in place for it, perhaps a backup default route. assuming eth1 and eth2 are external interfaces, eth2 being for employee internet access route -add 0.0.0.0 netmask 0.0.0.0 gw nexthop-ip-on-eth2 metric 1 eth2 route -add 0.0.0.0 netmask 0.0.0.0 gw nexthop-ip-on-eth1 metric 5 eth1 That SHOULD give you some redundancy. You should be able to use ip masquerading, and have it run just fine. If you really wanted to get it to work perfictly, contact the isp, and talk about running a routing protocol on the two lines. Now, setup ipsec to use the gateway's ip on eth1 as the next hop for your end of the tunnel (Freeswan now supports compression). Freeswan will handle the routing from there. One bit of warning with dsl lines, I am working with a customer right now, and they have dsl lines between two locations, and one of the locations seems to have a bad phone line, so it cuts out for minutes at a time. This dose cause problems with ipsec, but it's easy to write a script to check it, and restart the connection. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 23 May 2001, tytyty wrote: > Im not using Redhat but I belive I understand your point, basically I > should NOT have a default route, but set individual routes on devices as > I was thinking. These are the routes I am going to try: > route add -net 999.1.34.221 netmask 255.255.255.255 gw 999.86.241.1 eth0 > < only pointing at home office > route add -net 0.0.0.0 netmask 0.0.0.0 gw 999.86.241.1 eth2 <- for > internet > > Thank you for your response. > > George Vieira wrote: > > > > I think your problem is your network configuration in your system. Is this > > RedHat linux? > > If so, check your /etc/sysconfig/network-scripts/ifcfg-eth0 and remove the > > GATEWAY= settings and put it into ifcfg-eth1 > > > > If it doesn't exist then it may appear in /etc/sysconfig/network and the > > same setting is in there. > > > > If it's in the /etc/sysconfig/network file then your problem will be as you > > said "both devices use the same gateway" then use the > > /etc/sysconfig/static-routes file and specify the device NOT the > > gateway..eg. > > > > eth1 default dev eth1 > > > > not > > > > eth0 default eth0 > > > > hopefully this will help. Basically make sure on reboot that both ETH > > devices have default gateways turned off then apply the static route via the > > device (ETH1, or whateva).. > > > > good luck > > > > thanks, > > George Vieira > > > > -----Original Message----- > > From: Doug Olivier [mailto:dolivier at bondedcollections.com] > > Sent: Thursday, May 24, 2001 12:57 AM > > To: vpnd; pptp-server > > Subject: [pptp-server] Dual DSL Connections and routing > > > > Sorry to cross post to both mailing list but this situation seem to apply to > > both protocols. > > > > The Situation: > > > > Remote office with 2 DSL connections provided by the same ISP. > > > > This office has been running a vpnd connection to the main facility over 1 > > DSL connection for over 90 days. Due to an increase in employees and > > requested Internet browsing, email etc.. We obtained a second DSL line at > > their site. > > > > Objective: > > > > Use the original DSL connection for the vpnd link only (15 telnet > > connections to db server). Use the 2nd DSL connection for Internet only > > (web, email). > > > > Results: > > > > When I activated the routing for the second DSL using > > route add -net 0.0.0.0 netmask 0.0.0.0 gw 999.86.241.1 eth2 > > and adjusted the ipchains to only allow web, email via eth2 it worked fine. > > The commands were then added to the startup files. > > The vpnd link was already up and running at this time. > > > > However on a subsequent reboot all access to the internet was lost. > > When I turned off the eth2 connection and removed the route and ipchains for > > it I was able to reestablish the vpn link and internet access. > > > > My theory is that the first DSL (eth0) is acquiring the default gw via the > > route add default gw 999.86.241.1 netmask 0.0.0.0 metric 1 > > Since both DSL routes use the same gateway. > > > > Since this is a production box and I have a limited time frame to manipulate > > it (1-2 hrs. a day) > > I'm looking for suggestions. > > > > My Ideas: > > > > Setup 2nd DSL on eth0 and let it have the default route and adjust the > > firewall rules re that interface. > > Setup a static route on the 2nd DSL line to point only at our home office IP > > (i.e. route add -net 999.1.34.221 netmask 255.255.255.255 gw 999.86.241.1 > > eth2 even though that route gets set when vpnd links up. > > > > Does anyone else have any other ideas, advice, words of wisdom on this > > situation ? > > > > Douglas J. Olivier > > Network Administrator > > Bonded Collections of Tucson Inc. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From GeorgeV at citadelcomputer.com.au Thu May 24 17:13:51 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 25 May 2001 08:13:51 +1000 Subject: [pptp-server] Multiple interfaces on POPTOP server ? Message-ID: <200FAA488DE0D41194F10010B597610D01249A@JUPITER> I had this scenario before and remembered that pptpd has weird problems with localip setting. Since I was paid for the job and not by the hour the thing I did was a cheap way out... #ifcfg-ppp0 IPADDR="192.168.1.254" # Or whatever you want it's IP to be #ifcfg-ppp1 IPADDR="192.168.2.254" # Or whatever you want it's IP to be if your not running RedHat Linux then just whatever it takes to set the local ip.. Another way also is to specify seperate options files... reall messy though but works... EG. /etc/ppp/options.pptp.client1 192.168.1.254: /etc/ppp/options.pptp.client2 192.168.2.254: Again, this is really not a solution but a temporary fix as it worked for me. thanks, George Vieira -----Original Message----- From: John Grant [mailto:jgrant at iescrow.com] Sent: Friday, May 25, 2001 4:52 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Multiple interfaces on POPTOP server ? I want to set up a VPN server which has interfaces on many networks, so that connections can be made to multiple (separate) networks by remote clients. I have set up a few test accounts that specify username servername secret IPaddress test-1 * passwd1 192.168.1.100 test-2 * passwd2 192.168.2.100 ... you get the idea. Well I can get the authentication and arp -a on the VPN server says: ? (192.168.1.100) at * PERM PUP on eth1 which looks good, but then if I ping 192.168.1.100 from the VPN server I see PING 192.168.1.100 (192.168.1.100) from 192.168.0.2 : 56(84) bytes of data. where is the 192.168.0.2 coming from ? Obviously I'm asking this as the VPN tunnel doesn't seem to work. Any pointers ? P.S. In the syslog I see: May 23 15:22:29 vpnbox pppd[786]: CHAP peer authentication succeeded for vpn-test May 23 15:22:32 vpnbox pppd[786]: found interface eth1 for proxy arp May 23 15:22:32 vpnbox pppd[786]: local IP address 192.168.0.2 May 23 15:22:32 vpnbox pppd[786]: remote IP address 192.168.1.100 How do I get local address to be on the correct network ? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From jvonau at home.com Thu May 24 17:46:06 2001 From: jvonau at home.com (Jerry Vonau) Date: Thu, 24 May 2001 17:46:06 -0500 Subject: [pptp-server] Multiple interfaces on POPTOP server ? References: Message-ID: <3B0D8F2E.8A45E29B@home.com> John: I think if you want your 192.168.2.x 192.168.1.x networks on the link you need to have your eth1 aliased with addresses from those networks. Then proxyarp should pick the correct local ip addresses. Jerry Vonau John Grant wrote: > I want to set up a VPN server which has interfaces on many networks, so that > connections can be made to multiple (separate) networks by remote clients. > > I have set up a few test accounts that specify > > username servername secret IPaddress > test-1 * passwd1 192.168.1.100 > test-2 * passwd2 192.168.2.100 > ... > > you get the idea. Well I can get the authentication and arp -a on the VPN > server says: > > ? (192.168.1.100) at * PERM PUP on eth1 > > which looks good, but then if I ping 192.168.1.100 from the VPN server I see > > PING 192.168.1.100 (192.168.1.100) from 192.168.0.2 : 56(84) bytes of data. > > where is the 192.168.0.2 coming from ? Obviously I'm asking this as the > VPN tunnel doesn't seem to work. > > Any pointers ? > > P.S. In the syslog I see: > > May 23 15:22:29 vpnbox pppd[786]: CHAP peer authentication succeeded for vpn-test > May 23 15:22:32 vpnbox pppd[786]: found interface eth1 for proxy arp > May 23 15:22:32 vpnbox pppd[786]: local IP address 192.168.0.2 > May 23 15:22:32 vpnbox pppd[786]: remote IP address 192.168.1.100 > > How do I get local address to be on the correct network ? > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Thu May 24 17:12:25 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 24 May 2001 18:12:25 -0400 (EDT) Subject: [pptp-server] modprobe: Can't locate module ppp-compress-18 In-Reply-To: Message-ID: Did you do a make dep, then make modules? then a make modules_install Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 24 May 2001, Douglas W Koobs wrote: > Hello, and thanks for all the help. I am beginning to make progress with > PoPToP, currently using a WinME client. I can log in as long as "Require > Data Encryption" is not selected on the ME client. When I enables, I get a > message that the server does not support encryption. In /var/log/messages, I > get a line that reads > > ns1 modprobe: modprobe: Can't locate module ppp-compress-18 > > modules.conf has the following lines: > > alias char-major-108 ppp_generic > alias tty-ldisc-3 ppp_async > alias tty-ldisc-14 ppp_synctty > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > > If I try to > insmod ppp_mppe > > I get "no module found by that name" > > I applied the mppe patches to the kernel source and recompiled, and to the > ppp-2.4.1 source before ./configure. Evidently, I missed something. Maybe > after patching the kernel source, is there a new option that I am supposed > to enable in menuconfig? If so, I missed it. Any other ideas? Thanks again, > > Douglas W Koobs > Network Engineer > Dimension Networks, Inc. > > From lists at earthling.2y.net Thu May 24 17:17:10 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 24 May 2001 18:17:10 -0400 (EDT) Subject: [pptp-server] pptp, gre, adsl firewllas and nat In-Reply-To: <990828470.863.0.camel@murdock> Message-ID: It depends. Some intergrated little NAT/Firewall solutions do need patches, and are not very good. Linux boxes to Masquerade pptp traffic, generally need a patch (linux 2.2), Linux 2.4, I haven't noticed any true genuin need yet... I am told atleast one connection should work just fine. As for Strait NAT in linux, you shouldn't need any patches. Our server where I work is behind a Linux 2.4 firewall with SNAT and DNAT configured for that box, and we have absoloutly no problems with multiple tunnels to it. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On 26 May 2001, John Leach wrote: > On 23 May 2001 09:37:13 +1000, George Vieira wrote: > > > Don't you need a kernel patch for NATed machines? forgot the name.. > > Really? I didn't know about this... have you any more information? > > I'll check the website again myself, thanks > > > > > > > thanks, > > George Vieira > > > > > > -----Original Message----- > > From: John Leach [mailto:john at ecsc.co.uk] > > Sent: Tuesday, May 22, 2001 9:37 AM > > To: pptp-server mailing list > > Subject: [pptp-server] pptp, gre, adsl firewllas and nat > > > > > > Hello, I've been playing with pptpd with much success, but am having > > troubles getting it to work in one particular scenario. > > > > I have 2 linux boxes, connect over the internet via a bridged cable > > internet connection on one end, and a natted adsl connection complements > > of the friendly British Telecom. > > > > I'm using the linux client, and can connect to both boxes via their > > local LANs fine, all works great. > > > > When I try to connect over the internet things go terribly wrong. The > > port connects and the gre gets set up, ppp starts and seems to get > > going, but then I get LCP: ConfigRequest timeout errors (in my syslog). > > > > I've found a bit of info on this message re: generic ppp problems. and > > have tried a few suggested solutions, for example playing with my mru > > and mtu settings, but to no avail. > > > > I'm worried this is caused by the NATing of the adsl router. I've > > tcpdumped traffic at both ends and observed seemingly normal gre and tcp > > traffic, so I'm pretty sure the router understands gre. Could gre be > > being affected by the natting, like ipsec does? (even tho ipsec is only > > affected because the changes in the packets by the NAT breaks the > > security measures, and gre has no such security measure I know of). > > > > Has anyone else had similar problems? I'm going to try this connection > > to a 3rd box on a real leased line, using the current boxes as a client > > one at a time to see if I can rule either of them out. > > > > I'll submit more details when I get them. > > > > John Leach. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From aows18 at hotmail.com Fri May 25 11:40:40 2001 From: aows18 at hotmail.com (Alexander Wallace) Date: Fri, 25 May 2001 11:40:40 -0500 Subject: [pptp-server] Newbie question.... Message-ID: Hi there! I'm new to most of everything in linux... So please be patient.... I want to have a VPN server in my office to serve MS windows clients, mosthly w98.... I have a debian based distri (libranet 1.9.1) with kernel 2.4.2 I downloaded and installed pptpd 1.0.1 and have ppp 2.4.0 but I couldn't get the patch to support MSCHAP/mppe... The links on the HOW-TO don't exist anymore... Can someone point me to the place to get that patch for pppd 2.4.0? Thanks! _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com From lists at earthling.2y.net Fri May 25 12:25:58 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Fri, 25 May 2001 13:25:58 -0400 (EDT) Subject: [pptp-server] Newbie question.... In-Reply-To: Message-ID: The link to the patch is in the archive, within this month it has been mentioned twice. BTW, you will want to use pptpd 1.1.2 because it has packet re-ordering Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Fri, 25 May 2001, Alexander Wallace wrote: > Hi there! I'm new to most of everything in linux... So please be patient.... > > I want to have a VPN server in my office to serve MS windows clients, > mosthly w98.... > > I have a debian based distri (libranet 1.9.1) with kernel 2.4.2 > > I downloaded and installed pptpd 1.0.1 and have ppp 2.4.0 but I couldn't > get the patch to support MSCHAP/mppe... The links on the HOW-TO don't exist > anymore... > > Can someone point me to the place to get that patch for pppd 2.4.0? > > Thanks! > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From ctooley at amoa.org Fri May 25 12:43:19 2001 From: ctooley at amoa.org (ctooley at amoa.org) Date: Fri, 25 May 2001 12:43:19 -0500 Subject: [pptp-server] Newbie question.... Message-ID: <86256A57.00601A6A.00@amoa.org> Any idea what the hold up is updating the website with the correct information? Is it a time problem? Chris Justin Kreger on 05/25/2001 12:25:58 PM To: Alexander Wallace cc: pptp-server at lists.schulte.org(bcc: Chris Tooley/AMOA) Subject Re: [pptp-server] Newbie question.... : The link to the patch is in the archive, within this month it has been mentioned twice. BTW, you will want to use pptpd 1.1.2 because it has packet re-ordering Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Fri, 25 May 2001, Alexander Wallace wrote: > Hi there! I'm new to most of everything in linux... So please be patient.... > > I want to have a VPN server in my office to serve MS windows clients, > mosthly w98.... > > I have a debian based distri (libranet 1.9.1) with kernel 2.4.2 > > I downloaded and installed pptpd 1.0.1 and have ppp 2.4.0 but I couldn't > get the patch to support MSCHAP/mppe... The links on the HOW-TO don't exist > anymore... > > Can someone point me to the place to get that patch for pppd 2.4.0? > > Thanks! > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From aows18 at hotmail.com Fri May 25 13:23:53 2001 From: aows18 at hotmail.com (Alexander Wallace) Date: Fri, 25 May 2001 13:23:53 -0500 Subject: [pptp-server] Newbie question.... Message-ID: Sorry, I just signed up to the list yesterday... I checked the list's messages, but all I could see was related to ppp 2.3.8 but not to 2.4... Will it work the same way? If that's now what you meant, could you email me the link? Thanks! >From: Justin Kreger >To: Alexander Wallace >CC: pptp-server at lists.schulte.org >Subject: Re: [pptp-server] Newbie question.... >Date: Fri, 25 May 2001 13:25:58 -0400 (EDT) > >The link to the patch is in the archive, within this month it has been >mentioned twice. BTW, you will want to use pptpd 1.1.2 because it has >packet re-ordering > >Justin Kreger, MCP MCSE CCNA >jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > >On Fri, 25 May 2001, Alexander Wallace wrote: > > > Hi there! I'm new to most of everything in linux... So please be >patient.... > > > > I want to have a VPN server in my office to serve MS windows clients, > > mosthly w98.... > > > > I have a debian based distri (libranet 1.9.1) with kernel 2.4.2 > > > > I downloaded and installed pptpd 1.0.1 and have ppp 2.4.0 but I >couldn't > > get the patch to support MSCHAP/mppe... The links on the HOW-TO don't >exist > > anymore... > > > > Can someone point me to the place to get that patch for pppd 2.4.0? > > > > Thanks! > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at http://explorer.msn.com > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com From aows18 at hotmail.com Fri May 25 14:30:05 2001 From: aows18 at hotmail.com (Alexander Wallace) Date: Fri, 25 May 2001 14:30:05 -0500 Subject: [pptp-server] (no subject) Message-ID: While I find the patches to support MSCHAP i want to make sure I can connect even if i don't use any ecription, so I'm trying with a w98 client... I commented out all lines related to MSCHAP and MPPE and just use chap... When I try to connect I guet an error on the client: "The computer you are dialing in to cannot establish a dialup networking connection, your server settings might be incorrect, bla bla bla" The pptpd.log shows this: May 9 01:52:23 nomo4 pptpd[625]: CTRL: Client 66.25.195.18 control connection started May 9 01:52:23 nomo4 pptpd[625]: CTRL: Starting call (launching pppd, opening GRE) May 9 01:52:53 nomo4 pptpd[625]: CTRL: Error with select(), quitting May 9 01:52:53 nomo4 pptpd[625]: CTRL: Client 66.25.195.18 control connection finished May 9 01:59:10 nomo4 pptpd[634]: MGR: Max connections reached, extra IP addresses ignored May 9 01:59:10 nomo4 pptpd[635]: MGR: Manager process started May 9 01:59:13 nomo4 pptpd[636]: CTRL: Client 66.25.195.18 control connection started May 9 01:59:13 nomo4 pptpd[636]: CTRL: Starting call (launching pppd, opening GRE) May 9 01:59:43 nomo4 pptpd[636]: CTRL: Error with select(), quitting May 9 01:59:43 nomo4 pptpd[636]: CTRL: Client 66.25.195.18 control connection finished May 9 02:07:55 nomo4 pptpd[1663]: CTRL: Client 66.25.195.18 control connection started May 9 02:07:55 nomo4 pptpd[1663]: CTRL: Starting call (launching pppd, opening GRE) May 9 02:08:25 nomo4 pptpd[1663]: CTRL: Error with select(), quitting May 9 02:08:25 nomo4 pptpd[1663]: CTRL: Client 66.25.195.18 control connection finished What am i doing wrong? Thanks! _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com From kevinanderson at myrealbox.com Fri May 25 14:55:15 2001 From: kevinanderson at myrealbox.com (Kevin Anderson) Date: Fri, 25 May 2001 13:55:15 -0600 Subject: [pptp-server] Routing, I think... Message-ID: <000b01c0e554$9ed051c0$e5cd810a@c022266> I have set up Poptop on a RH 7.1 box I have here. It seems to work ok, as I can connect to it as I expect I should be allowed to connect. However, I cannot access the remote LAN from a WinNT Client. The user can ping any of the IP addresses on the Linux box, (eth0, eth1, and the pptp adapter (ppp0)) but nothing past it. The Linux box is Masqing other clients for internet access, and it is running IPTables. I disabled IPTables, thinking I might have screwed something up in there, but it doesn't seem to help. Any ideas what to start looking at? Kev. From berzerke at swbell.net Fri May 25 22:02:20 2001 From: berzerke at swbell.net (robert) Date: Fri, 25 May 2001 22:02:20 -0500 Subject: [pptp-server] Newbie question.... In-Reply-To: References: Message-ID: <01052522022000.15687@linux> A 2.4 kernel howto is at http://home.swbell.net/berzerke On Friday 25 May 2001 13:23, Alexander Wallace wrote: > Sorry, I just signed up to the list yesterday... I checked the list's > messages, but all I could see was related to ppp 2.3.8 but not to 2.4... > Will it work the same way? If that's now what you meant, could you email > me the link? > > Thanks! > > > From: Justin Kreger > > >To: Alexander Wallace > >CC: pptp-server at lists.schulte.org > >Subject: Re: [pptp-server] Newbie question.... > >Date: Fri, 25 May 2001 13:25:58 -0400 (EDT) > > > >The link to the patch is in the archive, within this month it has been > >mentioned twice. BTW, you will want to use pptpd 1.1.2 because it has > >packet re-ordering > > > >Justin Kreger, MCP MCSE CCNA > >jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > >On Fri, 25 May 2001, Alexander Wallace wrote: > > > Hi there! I'm new to most of everything in linux... So please be > > > >patient.... > > > > > I want to have a VPN server in my office to serve MS windows clients, > > > mosthly w98.... > > > > > > I have a debian based distri (libranet 1.9.1) with kernel 2.4.2 > > > > > > I downloaded and installed pptpd 1.0.1 and have ppp 2.4.0 but I > > > >couldn't > > > > > get the patch to support MSCHAP/mppe... The links on the HOW-TO don't > > > >exist > > > > > anymore... > > > > > > Can someone point me to the place to get that patch for pppd 2.4.0? > > > > > > Thanks! > > > _________________________________________________________________ > > > Get your FREE download of MSN Explorer at http://explorer.msn.com > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >List services provided by www.schulteconsulting.com! > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Sat May 26 08:07:02 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 26 May 2001 09:07:02 -0400 (EDT) Subject: [pptp-server] (no subject) In-Reply-To: Message-ID: Dunno... I think most people use poptop to hand out ip addys. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Fri, 25 May 2001, Alexander Wallace wrote: > While I find the patches to support MSCHAP i want to make sure I can connect > even if i don't use any ecription, so I'm trying with a w98 client... I > commented out all lines related to MSCHAP and MPPE > and just use chap... When I try to connect I guet an error on the client: > "The computer you are dialing in to cannot establish a dialup networking > connection, your server settings might be incorrect, bla bla bla" > > The pptpd.log shows this: > > May 9 01:52:23 nomo4 pptpd[625]: CTRL: Client 66.25.195.18 control > connection started > May 9 01:52:23 nomo4 pptpd[625]: CTRL: Starting call (launching pppd, > opening GRE) > May 9 01:52:53 nomo4 pptpd[625]: CTRL: Error with select(), quitting > May 9 01:52:53 nomo4 pptpd[625]: CTRL: Client 66.25.195.18 control > connection finished > May 9 01:59:10 nomo4 pptpd[634]: MGR: Max connections reached, extra IP > addresses ignored > May 9 01:59:10 nomo4 pptpd[635]: MGR: Manager process started > May 9 01:59:13 nomo4 pptpd[636]: CTRL: Client 66.25.195.18 control > connection started > May 9 01:59:13 nomo4 pptpd[636]: CTRL: Starting call (launching pppd, > opening GRE) > May 9 01:59:43 nomo4 pptpd[636]: CTRL: Error with select(), quitting > May 9 01:59:43 nomo4 pptpd[636]: CTRL: Client 66.25.195.18 control > connection finished > May 9 02:07:55 nomo4 pptpd[1663]: CTRL: Client 66.25.195.18 control > connection started > May 9 02:07:55 nomo4 pptpd[1663]: CTRL: Starting call (launching pppd, > opening GRE) > May 9 02:08:25 nomo4 pptpd[1663]: CTRL: Error with select(), quitting > May 9 02:08:25 nomo4 pptpd[1663]: CTRL: Client 66.25.195.18 control > connection finished > > What am i doing wrong? > > Thanks! > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Sat May 26 08:07:54 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sat, 26 May 2001 09:07:54 -0400 (EDT) Subject: [pptp-server] Routing, I think... In-Reply-To: <000b01c0e554$9ed051c0$e5cd810a@c022266> Message-ID: do you have proxyarp in the pppd options file? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Fri, 25 May 2001, Kevin Anderson wrote: > I have set up Poptop on a RH 7.1 box I have here. > > It seems to work ok, as I can connect to it as I expect I should be allowed > to connect. > > However, I cannot access the remote LAN from a WinNT Client. > > The user can ping any of the IP addresses on the Linux box, (eth0, eth1, and > the pptp adapter (ppp0)) but nothing past it. > > The Linux box is Masqing other clients for internet access, and it is > running IPTables. I disabled IPTables, thinking I might have screwed > something up in there, but it doesn't seem to help. > > Any ideas what to start looking at? > > Kev. > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From PW at WIL-DEV.COM Sat May 26 23:21:22 2001 From: PW at WIL-DEV.COM (Wilson Development) Date: Sun, 27 May 2001 00:21:22 -0400 Subject: [pptp-server] Can a Win98 box, running ICS, share a single PPTP connection with its windows 98se client machines? Message-ID: <002601c0e664$7c8e6a00$90428d18@hama1.on.home.com> Hello, Anyone know if there is a way to have a Win98se box, running ICS, share a single PPTP connection with its windows Win98se client machines? I've been playing with the routing tables (fudging) but have a feeling that it may not be possible. Here's the current hardware/software configuration Local network (main): 1 Windows Win98se machine with a cable modem and ICS (192.168.0.1) 2 additional Windows Win98se machines using DHCP and ICS from the 1st machine (192.168.0.2 & 192.168.0.3) Network: 192.168.0.0 Subnet: 255.255.255.0 Remote Network (secondary): RedHat 7.0 with a cable modem running pptpd 1.0.1, DHCP, IP mask (192.168.1.2) 2 additional Window Win98se machines using the Linux box for DHCP, and NAT (192.168.1.3 & 192.168.1.4) pptpd uses 192.168.1.234 as the local IP address and 235-237 for the remote IP addresses Network: 192.168.1.0 Subnet: 255.255.255.0 What's currently going on (what I was able to get working - but only actually only tested with 2 of the 3 MAIN machines): - 3 PPP accounts created on the Linux box - The 3 machines, from the MAIN network, connect to the PPTP server using MS VPN (obtaining IP addresses in the SECONDARY network). One machine directly and the other two though ICS of the main machine - two Route entries are added to each of the MAIN machine routing tables (using a Subnet of 255.255.255.255 and the other 2 local machine in question as the gateway ) so that they don't have to go though the tunnel to talk to each-other locally when using the remote IP address assigned from the SECONDARY network. This above configuration works; but seems rather ugly.. 3 Separate VPN connections. I know that I could work it with just a single VPN connection , if we were running Linux boxes at both ends. But that is not going to happen.. sigh.. So, can anyone point me in the right direction. Thanks Paul. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pptp at lavalite.de Sun May 27 12:09:18 2001 From: pptp at lavalite.de (Torben Frey) Date: Sun, 27 May 2001 19:09:18 +0200 Subject: [pptp-server] After clicking the VPN-Icon in Win2K I get the "Verifying username and password" - and that's it. Message-ID: <000b01c0e6cf$c43f5ec0$0b58a8c0@lavalap> Hi together, After configuring around the entire day I am down with my nerves. All I wanted to do is connecting my Win2K machine to my Linux server using pptpd. I started a fresh installation this morning, using the new kernel 2.4.5, the mppe-patches (they patched fine without any errors) and pppd 2.4.1., tried the stable and current version of pptpd! After trying many many different option-files I finally got to the , but nothing helped so far. But here I can show you what happens: I start pptpd with the following options in /etc/pptpd.conf: debug option /etc/ppp/options.pptpd localip 192.168.111.134-138 remoteip 192.168.111.234-238 In /etc/ppp/options.pptpd I have: unit 11 debug name yakul lock mtu 1450 mru 1450 proxyarp auth +chap +chapms +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-40 mppe-stateless I am using the unit command for preventing pppd using ppp0 or ppp1 which are usually reserved for my internet connection, but even without, nothing works (I tried without that, same result). MTU/MRU are smaller since I am behind a PPPoE connection. But right now I am testing directly from my home LAN, doesn't work either. In /etc/ppp/chap-secrets I have the following: username yakul "password" * Now, when I click on my VPN-Icon in Win2K, it starts connecting, gets to the "Verifying username and password" - and that's it. Nothing more. After a few seconds I get Error 721, the computer is not responding (sorry, my Win2K is in German). The logfile (using debug in pptpd and pppd, daemon.debug in syslog) results only in this: May 27 18:50:01 yakul pptpd[4699]: MGR: Manager process started May 27 18:50:06 yakul pptpd[4700]: MGR: Launching /usr/local/sbin/pptpctrl to handle client May 27 18:50:06 yakul pptpd[4700]: CTRL: local address = 192.168.111.134 May 27 18:50:06 yakul pptpd[4700]: CTRL: remote address = 192.168.111.234 May 27 18:50:06 yakul pptpd[4700]: CTRL: pppd options file = /etc/ppp/options.pptpd May 27 18:50:06 yakul pptpd[4700]: CTRL: Client 192.168.88.11 control connection started May 27 18:50:06 yakul pptpd[4700]: CTRL: Received PPTP Control Message (type: 1) May 27 18:50:06 yakul pptpd[4700]: CTRL: Made a START CTRL CONN RPLY packet May 27 18:50:06 yakul pptpd[4700]: CTRL: I wrote 156 bytes to the client. May 27 18:50:06 yakul pptpd[4700]: CTRL: Sent packet to client May 27 18:50:06 yakul pptpd[4700]: CTRL: Received PPTP Control Message (type: 7) May 27 18:50:06 yakul pptpd[4700]: CTRL: Set parameters to 1525 maxbps, 64 window size May 27 18:50:06 yakul pptpd[4700]: CTRL: Made a OUT CALL RPLY packet May 27 18:50:06 yakul pptpd[4700]: CTRL: Starting call (launching pppd, opening GRE) May 27 18:50:06 yakul pptpd[4700]: CTRL: pty_fd = 5 May 27 18:50:06 yakul pptpd[4700]: CTRL: tty_fd = 6 May 27 18:50:06 yakul pptpd[4700]: CTRL: I wrote 32 bytes to the client. May 27 18:50:06 yakul pptpd[4700]: CTRL: Sent packet to client May 27 18:50:06 yakul pptpd[4701]: CTRL (PPPD Launcher): Connection speed = 115200 May 27 18:50:06 yakul pptpd[4701]: CTRL (PPPD Launcher): local address = 192.168.111.134 May 27 18:50:06 yakul pptpd[4701]: CTRL (PPPD Launcher): remote address = 192.168.111.234 May 27 18:50:06 yakul pppd[4701]: pppd 2.4.1 started by root, uid 0 May 27 18:50:06 yakul pppd[4701]: Using interface ppp11 May 27 18:50:06 yakul pppd[4701]: not replacing existing default route to ppp0 [192.168.254.1] May 27 18:50:06 yakul pppd[4701]: Cannot determine ethernet address for proxy ARP May 27 18:50:06 yakul pppd[4701]: local IP address 192.168.111.134 May 27 18:50:06 yakul pppd[4701]: remote IP address 192.168.111.234 May 27 18:50:06 yakul pptpd[4700]: CTRL: Received PPTP Control Message (type: 15) May 27 18:50:06 yakul pptpd[4700]: CTRL: Got a SET LINK INFO packet with standard ACCMs May 27 18:50:43 yakul pptpd[4700]: CTRL: Received PPTP Control Message (type: 12) May 27 18:50:43 yakul pptpd[4700]: CTRL: Made a CALL DISCONNECT RPLY packet May 27 18:50:43 yakul pptpd[4700]: CTRL: Received CALL CLR request (closing call) May 27 18:50:43 yakul pptpd[4700]: CTRL: I wrote 148 bytes to the client. May 27 18:50:43 yakul pptpd[4700]: CTRL: Sent packet to client May 27 18:50:43 yakul pptpd[4700]: CTRL: Error with select(), quitting May 27 18:50:43 yakul pptpd[4700]: CTRL: Client 192.168.88.11 control connection finished May 27 18:50:43 yakul pptpd[4700]: CTRL: Exiting now May 27 18:50:43 yakul pptpd[4699]: MGR: Reaped child 4700 This happens, no matter if I use the correct user/password combination. Only deleting all users from chap-secrets gives an earlier error. I tried almost all thinkable combination of options, there is no firewall between me and the server at the moment, I THINK it might be a missing kernel option, but which ones are needed for pptpd? is there a minimal combination? Please help me getting this to run! Thanks a lot, Torben From lists at earthling.2y.net Sun May 27 13:35:24 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sun, 27 May 2001 14:35:24 -0400 (EDT) Subject: [pptp-server] After clicking the VPN-Icon in Win2K I get the "Verifying username and password" - and that's it. In-Reply-To: <000b01c0e6cf$c43f5ec0$0b58a8c0@lavalap> Message-ID: It seems there have been some problems recently with old chapms, try removing +chapms from the config file. Also, lower your MTU and MRU. Plus, feel free to drop mppe-40 Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Sun, 27 May 2001, Torben Frey wrote: > Hi together, > > After configuring around the entire day I am down with my nerves. All I > wanted to do is connecting my Win2K machine to my Linux server using > pptpd. I started a fresh installation this morning, using the new kernel > 2.4.5, the mppe-patches (they patched fine without any errors) and pppd > 2.4.1., tried the stable and current version of pptpd! > > After trying many many different option-files I finally got to the > , but > nothing helped so far. But here I can show you what happens: > > I start pptpd with the following options in /etc/pptpd.conf: > debug > option /etc/ppp/options.pptpd > localip 192.168.111.134-138 > remoteip 192.168.111.234-238 > > In /etc/ppp/options.pptpd I have: > unit 11 > debug > name yakul > lock > mtu 1450 > mru 1450 > proxyarp > auth > +chap > +chapms > +chapms-v2 > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > deflate 0 > mppe-128 > mppe-40 > mppe-stateless > > I am using the unit command for preventing pppd using ppp0 or ppp1 which > are usually reserved for my internet connection, but even without, > nothing works (I tried without that, same result). MTU/MRU are smaller > since I am behind a PPPoE connection. But right now I am testing > directly from my home LAN, doesn't work either. > > In /etc/ppp/chap-secrets I have the following: > username yakul "password" * > > Now, when I click on my VPN-Icon in Win2K, it starts connecting, gets to > the "Verifying username and password" - and that's it. Nothing more. > After a few seconds I get Error 721, the computer is not responding > (sorry, my Win2K is in German). > > The logfile (using debug in pptpd and pppd, daemon.debug in syslog) > results only in this: > May 27 18:50:01 yakul pptpd[4699]: MGR: Manager process started > May 27 18:50:06 yakul pptpd[4700]: MGR: Launching > /usr/local/sbin/pptpctrl to handle client > May 27 18:50:06 yakul pptpd[4700]: CTRL: local address = 192.168.111.134 > May 27 18:50:06 yakul pptpd[4700]: CTRL: remote address = > 192.168.111.234 > May 27 18:50:06 yakul pptpd[4700]: CTRL: pppd options file = > /etc/ppp/options.pptpd > May 27 18:50:06 yakul pptpd[4700]: CTRL: Client 192.168.88.11 control > connection started > May 27 18:50:06 yakul pptpd[4700]: CTRL: Received PPTP Control Message > (type: 1) > May 27 18:50:06 yakul pptpd[4700]: CTRL: Made a START CTRL CONN RPLY > packet > May 27 18:50:06 yakul pptpd[4700]: CTRL: I wrote 156 bytes to the > client. > May 27 18:50:06 yakul pptpd[4700]: CTRL: Sent packet to client > May 27 18:50:06 yakul pptpd[4700]: CTRL: Received PPTP Control Message > (type: 7) > May 27 18:50:06 yakul pptpd[4700]: CTRL: Set parameters to 1525 maxbps, > 64 window size > May 27 18:50:06 yakul pptpd[4700]: CTRL: Made a OUT CALL RPLY packet > May 27 18:50:06 yakul pptpd[4700]: CTRL: Starting call (launching pppd, > opening GRE) > May 27 18:50:06 yakul pptpd[4700]: CTRL: pty_fd = 5 > May 27 18:50:06 yakul pptpd[4700]: CTRL: tty_fd = 6 > May 27 18:50:06 yakul pptpd[4700]: CTRL: I wrote 32 bytes to the client. > May 27 18:50:06 yakul pptpd[4700]: CTRL: Sent packet to client > May 27 18:50:06 yakul pptpd[4701]: CTRL (PPPD Launcher): Connection > speed = 115200 > May 27 18:50:06 yakul pptpd[4701]: CTRL (PPPD Launcher): local address = > 192.168.111.134 > May 27 18:50:06 yakul pptpd[4701]: CTRL (PPPD Launcher): remote address > = 192.168.111.234 > May 27 18:50:06 yakul pppd[4701]: pppd 2.4.1 started by root, uid 0 > May 27 18:50:06 yakul pppd[4701]: Using interface ppp11 > May 27 18:50:06 yakul pppd[4701]: not replacing existing default route > to ppp0 [192.168.254.1] > May 27 18:50:06 yakul pppd[4701]: Cannot determine ethernet address for > proxy ARP > May 27 18:50:06 yakul pppd[4701]: local IP address 192.168.111.134 > May 27 18:50:06 yakul pppd[4701]: remote IP address 192.168.111.234 > May 27 18:50:06 yakul pptpd[4700]: CTRL: Received PPTP Control Message > (type: 15) > May 27 18:50:06 yakul pptpd[4700]: CTRL: Got a SET LINK INFO packet with > standard ACCMs > May 27 18:50:43 yakul pptpd[4700]: CTRL: Received PPTP Control Message > (type: 12) > May 27 18:50:43 yakul pptpd[4700]: CTRL: Made a CALL DISCONNECT RPLY > packet > May 27 18:50:43 yakul pptpd[4700]: CTRL: Received CALL CLR request > (closing call) > May 27 18:50:43 yakul pptpd[4700]: CTRL: I wrote 148 bytes to the > client. > May 27 18:50:43 yakul pptpd[4700]: CTRL: Sent packet to client > May 27 18:50:43 yakul pptpd[4700]: CTRL: Error with select(), quitting > May 27 18:50:43 yakul pptpd[4700]: CTRL: Client 192.168.88.11 control > connection finished > May 27 18:50:43 yakul pptpd[4700]: CTRL: Exiting now > May 27 18:50:43 yakul pptpd[4699]: MGR: Reaped child 4700 > > This happens, no matter if I use the correct user/password combination. > Only deleting all users from chap-secrets gives an earlier error. I > tried almost all thinkable combination of options, there is no firewall > between me and the server at the moment, I THINK it might be a missing > kernel option, but which ones are needed for pptpd? is there a minimal > combination? > > Please help me getting this to run! > Thanks a lot, > Torben > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From benjamin-smith at utulsa.edu Mon May 28 03:38:17 2001 From: benjamin-smith at utulsa.edu (benjamin-smith at utulsa.edu) Date: Mon, 28 May 2001 03:38:17 -0500 (CDT) Subject: [pptp-server] RedHat 7.1 Kernel 2.4.2 Message-ID: <991039097.3b120e79e5ae7@webmail.utulsa.edu> Wellll, After two weekends pulling my hair out, I have a *stock* RedHat 7.1 kernel compiled with pptp modules. I haven't even begun to think about what to do next, but "insmod ppp_mppe" works like a charm. It seems that everyone else just downloaded the tarballs and went at it that way; but I'm stubborn, so I think I'll try to get this to work. (maybe everyone else got to where I've gotten, and ran into some real trouble, I hope not!) I applied the same 2.4 patch from "ftp://ftp.binarix.com/pub/ppp-mppe/" , but instead of following the (lengthy) instructions at "http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt", I just started with a stock (NOT SMP) RedHat configuration (most everything selected, with lots of modules, found under "/usr/src/linux-2.4/configs") and turned off "Set Version Information on all Module Symbols" under "Modules" during kernel config. Before I disabled this, I was getting all sorts of errors when "make modules" got to the drivers/net directory (even on an unpatched version, strange!) I tried SMP one time, because I thought(?) RedHat 7 required this, but the kernel froze on boot; I can't say if that was the problem, because I changed a few things after that. Others have reported that SMP doesn't work, though, so who knows. I'll post later if I finally get everything working and if anyone seems interested. I know that a lot of people hate RedHat, but it's great for a newbie like me. (linuxconf's random errors gradually forced me to edit config files by hand!) I would like to see a pre-patched RPM of PoPToP and a relatively easy to implement HOWTO so that others don't have to go through this kind of crap just to get Micro$oft's lame encryption working. I'm sure there is some sort of bullshit legal reason for that not being possible, though (is encryption still illegal, or is it an RSA patent or something, I thought that expired?) -Ben Smith benjamin-smith at utulsa.edu From kevinanderson at myrealbox.com Mon May 28 10:14:37 2001 From: kevinanderson at myrealbox.com (Kevin Anderson) Date: Mon, 28 May 2001 09:14:37 -0600 Subject: [pptp-server] Routing, I think... References: Message-ID: <005101c0e788$e9a3f9a0$e5cd810a@c022266> In /etc/pptpd.conf Everything is default except for localip 10.129.205.252 remoteip 192.168.1.100-200 I tried using the remote IP using the same subnet as the local, but it didn't help. Plus, it just feels wrong. In /etc/ppp/options.pptp I have... lock debug auth +chap proxyarp idle 120 I'm not too sure what I need here. For now, I just want it all to work. I'll deal with encryption after the fact. (one problem at a time...) My kernel is forwarding IP packets. I don't think IPTables is the source of the problem. I flushed all the tables and tried Poptop without loading any tables. No filtering whatsoever. This eliminates IPTables as a problem source... Thanks. Kev. ----- Original Message ----- From: "Justin Kreger" To: "Kevin Anderson" Cc: Sent: Saturday, May 26, 2001 7:07 AM Subject: Re: [pptp-server] Routing, I think... > do you have proxyarp in the pppd options file? > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > On Fri, 25 May 2001, Kevin Anderson wrote: > > > I have set up Poptop on a RH 7.1 box I have here. > > > > It seems to work ok, as I can connect to it as I expect I should be allowed > > to connect. > > > > However, I cannot access the remote LAN from a WinNT Client. > > > > The user can ping any of the IP addresses on the Linux box, (eth0, eth1, and > > the pptp adapter (ppp0)) but nothing past it. > > > > The Linux box is Masqing other clients for internet access, and it is > > running IPTables. I disabled IPTables, thinking I might have screwed > > something up in there, but it doesn't seem to help. > > > > Any ideas what to start looking at? > > > > Kev. > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > > From lists at earthling.2y.net Mon May 28 10:58:40 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Mon, 28 May 2001 11:58:40 -0400 (EDT) Subject: [pptp-server] Routing, I think... In-Reply-To: <005101c0e788$e9a3f9a0$e5cd810a@c022266> Message-ID: Is that linux box the default gateway for those networks your trying to ping? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Mon, 28 May 2001, Kevin Anderson wrote: > In /etc/pptpd.conf Everything is default except for > > localip 10.129.205.252 > remoteip 192.168.1.100-200 > > I tried using the remote IP using the same subnet as the local, but it > didn't help. Plus, it just feels wrong. > > In /etc/ppp/options.pptp I have... > > lock > debug > auth > +chap > proxyarp > idle 120 > > I'm not too sure what I need here. For now, I just want it all to work. > I'll deal with encryption after the fact. (one problem at a time...) > > My kernel is forwarding IP packets. > I don't think IPTables is the source of the problem. I flushed all the > tables and tried Poptop without loading any tables. No filtering > whatsoever. This eliminates IPTables as a problem source... > > Thanks. > Kev. > > ----- Original Message ----- > From: "Justin Kreger" > To: "Kevin Anderson" > Cc: > Sent: Saturday, May 26, 2001 7:07 AM > Subject: Re: [pptp-server] Routing, I think... > > > > do you have proxyarp in the pppd options file? > > > > Justin Kreger, MCP MCSE CCNA > > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > > > > On Fri, 25 May 2001, Kevin Anderson wrote: > > > > > I have set up Poptop on a RH 7.1 box I have here. > > > > > > It seems to work ok, as I can connect to it as I expect I should be > allowed > > > to connect. > > > > > > However, I cannot access the remote LAN from a WinNT Client. > > > > > > The user can ping any of the IP addresses on the Linux box, (eth0, eth1, > and > > > the pptp adapter (ppp0)) but nothing past it. > > > > > > The Linux box is Masqing other clients for internet access, and it is > > > running IPTables. I disabled IPTables, thinking I might have screwed > > > something up in there, but it doesn't seem to help. > > > > > > Any ideas what to start looking at? > > > > > > Kev. > > > > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From berzerke at swbell.net Mon May 28 14:22:48 2001 From: berzerke at swbell.net (robert) Date: Mon, 28 May 2001 14:22:48 -0500 Subject: [pptp-server] Routing, I think... In-Reply-To: <005101c0e788$e9a3f9a0$e5cd810a@c022266> References: <005101c0e788$e9a3f9a0$e5cd810a@c022266> Message-ID: <01052814224801.10651@linux> Be warned, in Iptables, flushing the tables does NOT reset you default policies. If your defaults are to drop, they will still be drop. On Monday 28 May 2001 10:14, Kevin Anderson wrote: > I don't think IPTables is the source of the problem. I flushed all the > tables and tried Poptop without loading any tables. No filtering > whatsoever. This eliminates IPTables as a problem source... > > Thanks. > Kev. > > ----- Original Message ----- > From: "Justin Kreger" > To: "Kevin Anderson" > Cc: > Sent: Saturday, May 26, 2001 7:07 AM > Subject: Re: [pptp-server] Routing, I think... > > > do you have proxyarp in the pppd options file? > > > > Justin Kreger, MCP MCSE CCNA > > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > > On Fri, 25 May 2001, Kevin Anderson wrote: > > > I have set up Poptop on a RH 7.1 box I have here. > > > > > > It seems to work ok, as I can connect to it as I expect I should be > > allowed > > > > to connect. > > > > > > However, I cannot access the remote LAN from a WinNT Client. > > > > > > The user can ping any of the IP addresses on the Linux box, (eth0, > > > eth1, > > and > > > > the pptp adapter (ppp0)) but nothing past it. > > > > > > The Linux box is Masqing other clients for internet access, and it is > > > running IPTables. I disabled IPTables, thinking I might have screwed > > > something up in there, but it doesn't seem to help. > > > > > > Any ideas what to start looking at? > > > > > > Kev. > > > > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From ismandya at sains.com.my Mon May 28 22:09:56 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Tue, 29 May 2001 11:09:56 +0800 Subject: [pptp-server] how to detect GRE filtering? Message-ID: <3B131304.1C98B27E@sains.com.my> Hi all, Correct me if I am wrong. One way to detect that there is some kind of filtering on port 1723 is using traceroute to the port 1723. So, how to detect that there is some kind of filtering on protocol 47 for GRE? any help is greatly appreciated Kukulkan From sean at cyberfarer.com Mon May 28 23:25:09 2001 From: sean at cyberfarer.com (Sean) Date: Tue, 29 May 2001 00:25:09 -0400 Subject: [pptp-server] No answer Message-ID: <009901c0e7f7$58f407a0$8bb8fea9@200mmx> Greetings, I have just subscribed to the list so please forgive me if I am asking a question that has been answered many times before. I have installed pptpd on a Mandrake 7.2 with ppp 2.4.0. PPTPD is running and showing port 1723 is open. The firewall has been amended to accept requests on this port. Nevertheless, when a connect is attempted I receive the error: The computer you dialed did not answer. Any assistance is appreciated. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Mon May 28 23:59:57 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 29 May 2001 14:59:57 +1000 Subject: [pptp-server] No answer Message-ID: <200FAA488DE0D41194F10010B597610D0124D1@JUPITER> We would be more interested on what errors are on your linux box.. can you provide logs and all configuration files? thanks, George Vieira -----Original Message----- From: Sean [mailto:sean at cyberfarer.com] Sent: Tuesday, May 29, 2001 2:25 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] No answer Greetings, I have just subscribed to the list so please forgive me if I am asking a question that has been answered many times before. I have installed pptpd on a Mandrake 7.2 with ppp 2.4.0. PPTPD is running and showing port 1723 is open. The firewall has been amended to accept requests on this port. Nevertheless, when a connect is attempted I receive the error: The computer you dialed did not answer. Any assistance is appreciated. Thank you. From neale at lowendale.com.au Tue May 29 02:04:19 2001 From: neale at lowendale.com.au (Neale Banks) Date: Tue, 29 May 2001 17:04:19 +1000 (EST) Subject: [pptp-server] how to detect GRE filtering? In-Reply-To: <3B131304.1C98B27E@sains.com.my> Message-ID: On Tue, 29 May 2001, Ismandy Ali wrote: > Correct me if I am wrong. I'll try ;-) > One way to detect that there is some kind > of filtering on port 1723 is using traceroute to the port 1723. Not sure how you would achieve this with traditional traceroute, which typically uses UDP (unix) or Ping (MS) to probe the path. You could however use hping for this. See: http://www.kyuzz.org/antirez/hping.html > So, how > to detect that there is some kind of filtering on protocol 47 for GRE? Maybe hping can do this now too (I don't know). There are patches for unix traceroute to use GRE packets. Some of us have posted pointers to patched-traceroute packages (.rpm, .deb) here. The original patch is at: ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html HTH, Neale. From dan at stallion.oz.au Tue May 29 02:19:26 2001 From: dan at stallion.oz.au (Daniel Walls) Date: Tue, 29 May 2001 17:19:26 +1000 Subject: [pptp-server] pptp client help needed please Message-ID: <3B134D7E.1030301@stallion.oz.au> Hi, I am just looking for a bit of information on the linux pptp client called "PPTP-Linux" v1.0.2 which is listed on the homepage for this list. Questions 1. I am aware it uses pppd underneath - How does it decide which tty to use? I am wanting the pppd daemon that starts to use a certain ttyE4 which is serial line (using ppp) to a device that has a pptp server waiting on it..??? Is this possible actually other questions later..I ahve to go home. my lifts arrived could you reply to my email instead of the list if possible cause I'm not on the list. thanks heaps. dan -- Daniel Walls, Software Engineer Stallion Technologies Ph: +61 7 3270-4277 | Fx: +61 7 3270-4245 "Well, slotted pig... it's standard issue" - Buzz Lightyear (Toy Story 2) From lists at earthling.2y.net Tue May 29 05:35:39 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 29 May 2001 06:35:39 -0400 (EDT) Subject: [pptp-server] No answer In-Reply-To: <009901c0e7f7$58f407a0$8bb8fea9@200mmx> Message-ID: Is gre (proto 47) permitted to pass through? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 29 May 2001, Sean wrote: > Greetings, > > I have just subscribed to the list so please forgive me if I am asking a question that has been answered many times before. > > I have installed pptpd on a Mandrake 7.2 with ppp 2.4.0. PPTPD is running and showing port 1723 is open. The firewall has been amended to accept requests on this port. Nevertheless, when a connect is attempted I receive the error: The computer you dialed did not answer. > > Any assistance is appreciated. > > Thank you. > From a.cocozza at pointercom.it Tue May 29 08:38:42 2001 From: a.cocozza at pointercom.it (Antonio Cocozza) Date: Tue, 29 May 2001 15:38:42 +0200 Subject: [pptp-server] pptp crypting Message-ID: the PPTP protocol has built in IPSEC crypting or it is optional? thank you for response my e-mail address is: a.cocozza at pointercom.it From lists at earthling.2y.net Tue May 29 09:28:59 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 29 May 2001 10:28:59 -0400 (EDT) Subject: [pptp-server] pptp crypting In-Reply-To: Message-ID: IPSEC and PPTP are two diffrent protocols. PPTP has NO encryption once so ever. IPSec has two sub protocols, AH and ESP. AH provides no encryption, but it is used to make sure that the data from the source is authentic, ESP can encrypt host to host communications, and also encrypt ip-ip tunnels, allowing you to connect large private networks over the internet with ease. You can use IPSec on two hosts, and then create a pptp tunnel between them, but its easyer with most implmentations of ipsec to just have ipsec do the ip-ip tunnel. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 29 May 2001, Antonio Cocozza wrote: > the PPTP protocol has built in IPSEC crypting or it is optional? > thank you for response > > my e-mail address is: a.cocozza at pointercom.it > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From Carl.Andrews at crackerbarrel.com Tue May 29 10:03:02 2001 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Tue, 29 May 2001 10:03:02 -0500 Subject: [pptp-server] PPTP "routing?" Issue Message-ID: Hi. I have installed the PPTP daemon on my linux server and it accepts calls. However, the only host I can "see"/ping is the PPTP server. When the connection is established the PPP0 interface has an ip address of 192.168.0.1 and gives the PPTP client and ip address of 192.168.1.1 . Can anyone help we to find where these ip addresses are being generated? The 192.168.1.1 is valid for my internal network, however DHCPD is giving out 192.168.1.100-192.168.1.200. I have NOTHING configured to use the 192.168.0.1 network. Thanks in advance! -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlieb at e-smith.com Tue May 29 10:07:22 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 29 May 2001 11:07:22 -0400 (EDT) Subject: [pptp-server] pptp crypting In-Reply-To: Message-ID: On Tue, 29 May 2001, Justin Kreger wrote: > IPSEC and PPTP are two diffrent protocols. PPTP has NO encryption once so > ever. To complete the answer: PPTP has no encryption whatsoever, but the PPP which is usually pushed through it (by, for example, Microsoft's VPN client) has an optional encryption layer (implemented as a compression plugin) called MPPE. Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From berzerke at swbell.net Tue May 29 09:45:43 2001 From: berzerke at swbell.net (robert) Date: Tue, 29 May 2001 09:45:43 -0500 Subject: [pptp-server] how to detect GRE filtering? In-Reply-To: <3B131304.1C98B27E@sains.com.my> References: <3B131304.1C98B27E@sains.com.my> Message-ID: <01052909454301.17992@linux> There are some GRE patched traceroute rpms at http://home.swbell.net/berzerke On Monday 28 May 2001 22:09, Ismandy Ali wrote: > Hi all, > Correct me if I am wrong. One way to detect that there is some kind > of filtering on port 1723 is using traceroute to the port 1723. So, how > to detect that there is some kind of filtering on protocol 47 for GRE? > > any help is greatly appreciated > > Kukulkan > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From menion at srci.iwpsd.org Tue May 29 00:40:53 2001 From: menion at srci.iwpsd.org (Joshua M. Schmidlkofer) Date: Tue, 29 May 2001 12:40:53 +0700 Subject: [pptp-server] High-Uptime with pptpd 1.0.1 Message-ID: <3B133665.9020608@srci.iwpsd.org> Howdy, I have been testing a redhat 7.1 <-> Win2k sp2 PPTP vpn. It has relatively low traffic [save for big db updates (50-100/meg at once)], and is actually hooked up across a 100Mbps lan currently. I have been using it to test the robustness of MySQL's current 'replication' abilities. Various tests have gone well both for pptp & MySQL. However, I have been testing the 'high-uptime' portion of things. After about 10 or 12 days of operating I came in to day, and had a load of the following messages in my syslog: May 26 23:29:42 widmers pptpd[980]: CTRL: Unexpected control message 0 in disconnect sequence May 26 23:29:42 widmers pptpd[980]: CTRL: EOF or bad error reading ctrl packet length. May 26 23:29:42 widmers pptpd[980]: CTRL: couldn't read packet header (exit) May 26 23:29:42 widmers pptpd[980]: CTRL: Unexpected control message 0 in disconnect sequence May 26 23:29:42 widmers pptpd[980]: CTRL: EOF or bad error reading ctrl packet length. May 26 23:29:42 widmers pptpd[980]: CTRL: couldn't read packet header (exit) When I say a lot, I mean 779 Meg. I rushed to clear out some junk before taking a serious look into where my space went. It is just my desktop so I have 'var' on my root volume. Anyway, the VPN was still running just fine, and everything was ok, but pptpctl was running at like 70% cpu time, and had accumulated about 2000+ minutes of cpu time. ??? Anyway, I have no idea what would cause this, but anyone know? Redhat 7.1 Vanilla Kernel 2.4.4 w/MPPE patches. Downloaded pppd from ... whatever that site is. [I am running 2.4.1] w/ppp-2.4.1-openssl-0.9.6-mppe-patch pptpd 1.0.1 thanks, Joshua From lists at earthling.2y.net Tue May 29 14:34:16 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 29 May 2001 15:34:16 -0400 (EDT) Subject: [pptp-server] High-Uptime with pptpd 1.0.1 In-Reply-To: <3B133665.9020608@srci.iwpsd.org> Message-ID: I have seen that only once, and it was a fluke then.... I did however soon afterwards goto pptpd 1.1.2. What was really bad is that perticular server paged me at like 2:10 am :( Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Tue, 29 May 2001, Joshua M. Schmidlkofer wrote: > Howdy, > > I have been testing a redhat 7.1 <-> Win2k sp2 PPTP vpn. It has > relatively low traffic [save for big db updates (50-100/meg at once)], > and is actually hooked up across a 100Mbps lan currently. I have been > using it to test the robustness of MySQL's current 'replication' > abilities. Various tests have gone well both for pptp & MySQL. > However, I have been testing the 'high-uptime' portion of things. > After about 10 or 12 days of operating I came in to day, and had a load > of the following messages in my syslog: > > > May 26 23:29:42 widmers pptpd[980]: CTRL: Unexpected control message 0 > in disconnect sequence > May 26 23:29:42 widmers pptpd[980]: CTRL: EOF or bad error reading ctrl > packet length. > May 26 23:29:42 widmers pptpd[980]: CTRL: couldn't read packet header (exit) > May 26 23:29:42 widmers pptpd[980]: CTRL: Unexpected control message 0 > in disconnect sequence > May 26 23:29:42 widmers pptpd[980]: CTRL: EOF or bad error reading ctrl > packet length. > May 26 23:29:42 widmers pptpd[980]: CTRL: couldn't read packet header (exit) > > > When I say a lot, I mean 779 Meg. I rushed to clear out some junk > before taking a serious look into where my space went. It is just my > desktop so I have 'var' on my root volume. Anyway, the VPN was still > running just fine, and everything was ok, but pptpctl was running at > like 70% cpu time, and had accumulated about 2000+ minutes of cpu time. > ??? Anyway, I have no idea what would cause this, but anyone know? > > > Redhat 7.1 > Vanilla Kernel 2.4.4 w/MPPE patches. > Downloaded pppd from ... whatever that site is. [I am running 2.4.1] > w/ppp-2.4.1-openssl-0.9.6-mppe-patch > pptpd 1.0.1 > > > > thanks, > Joshua > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From GeorgeV at citadelcomputer.com.au Tue May 29 18:02:27 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 30 May 2001 09:02:27 +1000 Subject: [pptp-server] PPTP "routing?" Issue Message-ID: <200FAA488DE0D41194F10010B597610D0124DD@JUPITER> Everybody makes this mistake. If you want to see the hosts on the inside the best way is to give the pptpd servers "localip" setting the same as it's LAN IP.. Then give the remote hosts the same IP range as the local LAN and use "proxyarp" in your /etc/ppp/options file so that the pptpd server will respond to local LAN machines who are looking for the pptp clients... Your localip is 192.168.0.1 and yet your pptp client is on 192.168.1.1 If you really need this to work you then need ipforwarding for your pptp client to the LAN and/or routing between them. This is a firewall/IP issue and not really a pptpd issue as it's just a network setup. I'm sure there's VFAQs about this. thanks, George Vieira -----Original Message----- From: Andrews Carl 448 [mailto:Carl.Andrews at crackerbarrel.com] Sent: Wednesday, May 30, 2001 1:03 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] PPTP "routing?" Issue Hi. I have installed the PPTP daemon on my linux server and it accepts calls. However, the only host I can "see"/ping is the PPTP server. When the connection is established the PPP0 interface has an ip address of 192.168.0.1 and gives the PPTP client and ip address of 192.168.1.1 . Can anyone help we to find where these ip addresses are being generated? The 192.168.1.1 is valid for my internal network, however DHCPD is giving out 192.168.1.100-192.168.1.200. I have NOTHING configured to use the 192.168.0.1 network. Thanks in advance! From GeorgeV at citadelcomputer.com.au Tue May 29 18:05:48 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 30 May 2001 09:05:48 +1000 Subject: [pptp-server] High-Uptime with pptpd 1.0.1 Message-ID: <200FAA488DE0D41194F10010B597610D0124DE@JUPITER> Upgrade to 1.1.2 and most of your problems will dissapear......... only to get new problems hee hee ;-) I don't know why the web sites aren't updated to often and why they don't recommend usign 1.1.2 version. Development or not... it's the most stable version of the lot.. thanks, George Vieira -----Original Message----- From: Joshua M. Schmidlkofer [mailto:menion at srci.iwpsd.org] Sent: Tuesday, May 29, 2001 3:41 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] High-Uptime with pptpd 1.0.1 Howdy, I have been testing a redhat 7.1 <-> Win2k sp2 PPTP vpn. It has relatively low traffic [save for big db updates (50-100/meg at once)], and is actually hooked up across a 100Mbps lan currently. I have been using it to test the robustness of MySQL's current 'replication' abilities. Various tests have gone well both for pptp & MySQL. However, I have been testing the 'high-uptime' portion of things. After about 10 or 12 days of operating I came in to day, and had a load of the following messages in my syslog: May 26 23:29:42 widmers pptpd[980]: CTRL: Unexpected control message 0 in disconnect sequence May 26 23:29:42 widmers pptpd[980]: CTRL: EOF or bad error reading ctrl packet length. May 26 23:29:42 widmers pptpd[980]: CTRL: couldn't read packet header (exit) May 26 23:29:42 widmers pptpd[980]: CTRL: Unexpected control message 0 in disconnect sequence May 26 23:29:42 widmers pptpd[980]: CTRL: EOF or bad error reading ctrl packet length. May 26 23:29:42 widmers pptpd[980]: CTRL: couldn't read packet header (exit) When I say a lot, I mean 779 Meg. I rushed to clear out some junk before taking a serious look into where my space went. It is just my desktop so I have 'var' on my root volume. Anyway, the VPN was still running just fine, and everything was ok, but pptpctl was running at like 70% cpu time, and had accumulated about 2000+ minutes of cpu time. ??? Anyway, I have no idea what would cause this, but anyone know? Redhat 7.1 Vanilla Kernel 2.4.4 w/MPPE patches. Downloaded pppd from ... whatever that site is. [I am running 2.4.1] w/ppp-2.4.1-openssl-0.9.6-mppe-patch pptpd 1.0.1 thanks, Joshua _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From Carl.Andrews at crackerbarrel.com Tue May 29 21:37:39 2001 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Tue, 29 May 2001 21:37:39 -0500 Subject: [pptp-server] PPTP "routing?" Issue Message-ID: Thanks! Anyone know of any FAQS? Note: The PPTP server and the FIREWALL are the same CPU ( also running DHCP for the internal network) Thanks in Advance! -----Original Message----- From: George Vieira To: 'Andrews Carl 448'; pptp-server at lists.schulte.org Sent: 5/29/01 6:02 PM Subject: RE: [pptp-server] PPTP "routing?" Issue Everybody makes this mistake. If you want to see the hosts on the inside the best way is to give the pptpd servers "localip" setting the same as it's LAN IP.. Then give the remote hosts the same IP range as the local LAN and use "proxyarp" in your /etc/ppp/options file so that the pptpd server will respond to local LAN machines who are looking for the pptp clients... Your localip is 192.168.0.1 and yet your pptp client is on 192.168.1.1 If you really need this to work you then need ipforwarding for your pptp client to the LAN and/or routing between them. This is a firewall/IP issue and not really a pptpd issue as it's just a network setup. I'm sure there's VFAQs about this. thanks, George Vieira -----Original Message----- From: Andrews Carl 448 [mailto:Carl.Andrews at crackerbarrel.com] Sent: Wednesday, May 30, 2001 1:03 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] PPTP "routing?" Issue Hi. I have installed the PPTP daemon on my linux server and it accepts calls. However, the only host I can "see"/ping is the PPTP server. When the connection is established the PPP0 interface has an ip address of 192.168.0.1 and gives the PPTP client and ip address of 192.168.1.1 . Can anyone help we to find where these ip addresses are being generated? The 192.168.1.1 is valid for my internal network, however DHCPD is giving out 192.168.1.100-192.168.1.200. I have NOTHING configured to use the 192.168.0.1 network. Thanks in advance! -------------- next part -------------- An HTML attachment was scrubbed... URL: From ismandya at sains.com.my Tue May 29 21:53:48 2001 From: ismandya at sains.com.my (kukulkan) Date: Wed, 30 May 2001 10:53:48 +0800 Subject: [pptp-server] how to detect GRE filtering? References: <3B131304.1C98B27E@sains.com.my> <01052909454301.17992@linux> Message-ID: <3B1460BC.9BB9372@sains.com.my> Hi there again, I am trying to check that whether my internet connection(our network and ISP) is implementing some form of filtering. Help me to make a decision. I have downloaded the patch for GRE traceroute , compile and run successfully. Again, please, please correct me if I am wrong. I also have tried to use the traceroute with -G option: test # 1 - traceroute -G 192.168.216.98 and it gave me several error just before the pptp server, the router in front of my PPTP server(192.168.216.98) test # 2 - traceroute -G -p 1723 192.168.216.98 and both gave me the same error. 1 e0.kch8.xxx.my (xxx.142.221.9) 116.096 ms 117.333 ms 120.209 ms 2 fe0-0-0.kch.xxx.my (xxx.142.221.1) 119.418 ms 129.945 ms 119.755 ms 3 fe0.kch15.xxx.my (xxx.142.221.16) 119.861 ms fe1.kch15.xxx.my (xxx.142.0.74) 119.767 ms fe0.kch15.xxx.my (xxx.142.221.16) 119.798 ms 4 xxx.142.33.210 (xxx.142.33.210) 339.815 ms !X 321.584 ms !X * My question is, i) is there any difference with the traceroute with -G(use GRE packets instead of UDP packets) test # 1. ii)or the -G with port specification 1723? in other words, is it *neccessary* for me to include the port specification - port 1723 to check whether my GRE is being filtered? Need advice robert wrote: > There are some GRE patched traceroute rpms at http://home.swbell.net/berzerke > > On Monday 28 May 2001 22:09, Ismandy Ali wrote: > > Hi all, > > Correct me if I am wrong. One way to detect that there is some kind > > of filtering on port 1723 is using traceroute to the port 1723. So, how > > to detect that there is some kind of filtering on protocol 47 for GRE? > > > > any help is greatly appreciated > > > > Kukulkan > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlieb at e-smith.com Tue May 29 22:35:56 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 29 May 2001 23:35:56 -0400 (EDT) Subject: [pptp-server] High-Uptime with pptpd 1.0.1 In-Reply-To: <200FAA488DE0D41194F10010B597610D0124DE@JUPITER> Message-ID: On Wed, 30 May 2001, George Vieira wrote: > Upgrade to 1.1.2 and most of your problems will dissapear......... only to > get new problems hee hee ;-) Is there a list of these "new problems" somewhere? Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From neale at lowendale.com.au Tue May 29 23:23:11 2001 From: neale at lowendale.com.au (Neale Banks) Date: Wed, 30 May 2001 14:23:11 +1000 (EST) Subject: [pptp-server] how to detect GRE filtering? In-Reply-To: <3B1460BC.9BB9372@sains.com.my> Message-ID: On Wed, 30 May 2001, kukulkan wrote: > Hi there again, > I am trying to check that whether my internet connection(our network and > ISP) is implementing some form of filtering. Help me to make a decision. I have > downloaded the patch for GRE traceroute , compile and run successfully. Again, > please, please correct me if I am wrong. > > I also have tried to use the traceroute with -G option: > > test # 1 - traceroute -G 192.168.216.98 > > and it gave me several error just before the pptp server, the router in front > of my PPTP server(192.168.216.98) > > test # 2 - traceroute -G -p 1723 192.168.216.98 > > and both gave me the same error. > > 1 e0.kch8.xxx.my (xxx.142.221.9) 116.096 ms 117.333 ms 120.209 ms > 2 fe0-0-0.kch.xxx.my (xxx.142.221.1) 119.418 ms 129.945 ms 119.755 ms > 3 fe0.kch15.xxx.my (xxx.142.221.16) 119.861 ms fe1.kch15.xxx.my > (xxx.142.0.74) 119.767 ms fe0.kch15.xxx.my (xxx.142.221.16) 119.798 ms > 4 xxx.142.33.210 (xxx.142.33.210) 339.815 ms !X 321.584 ms !X * Acording to "man traceroute" on my Debian system, that "X" means "communication administratively prohibited". I suspect that you've just identified the point that's blocking GRE ;-) > My question is, > > i) is there any difference with the traceroute with -G(use GRE packets instead > of UDP packets) test # 1. > ii)or the -G with port specification 1723? > > in other words, is it *neccessary* for me to include the port specification - > port 1723 to check whether my GRE is being filtered? No, GRE does not use port numbers. PPTP uses two separate channels: - a contol/setup channel over TCP which uses TCP port 1723. - a data channel for the PPP which uses GRE (no port# applicable). HTH, Neale. From kim at armann.de Wed May 30 05:22:19 2001 From: kim at armann.de (Kim Armann) Date: Wed, 30 May 2001 12:22:19 +0200 Subject: [pptp-server] pptp 1.0.1 - Win2k Message-ID: <3B14C9DB.3BCFAD9E@armann.de> Hi, if I connect to a pptpd-Server via LAN (Client 192.168.0.223 - Server 192.168.0.5) with win2k, I get success the authentication, revice one or two pings and after the connection-symbol "goes into the sys-tray", the ping stops. I see data transfering (the symbol flashes) but I get no connections to any services (telnet, smtp, ping) Windows 98 works fine. config : win2k (with and without SP1) Linux : Kernel 2.4.2 pptpd 1.0.1 pppd 2.4.0 iptables-firewall (activated / not activated - no differenze) maybe s.o. can help me ... thanks kim From lists at earthling.2y.net Wed May 30 05:44:45 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 30 May 2001 06:44:45 -0400 (EDT) Subject: [pptp-server] pptp 1.0.1 - Win2k In-Reply-To: <3B14C9DB.3BCFAD9E@armann.de> Message-ID: First of all, upgrade pptpd, 1.1.2 is more stable then 1.0.1. Whats your ppp config on both ends? Using RRAS or normal dialup/connect dialogs? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 30 May 2001, Kim Armann wrote: > Hi, > > if I connect to a pptpd-Server via LAN (Client 192.168.0.223 - Server > 192.168.0.5) with win2k, I get success the authentication, revice one or > two pings and after the connection-symbol "goes into the sys-tray", the > ping stops. > I see data transfering (the symbol flashes) but I get no connections to > any services (telnet, smtp, ping) > Windows 98 works fine. > > config : win2k (with and without SP1) > Linux : > Kernel 2.4.2 > pptpd 1.0.1 > pppd 2.4.0 > iptables-firewall (activated / not activated - no differenze) > > maybe s.o. can help me ... > > thanks > kim > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From kim at armann.de Wed May 30 06:43:33 2001 From: kim at armann.de (Kim Armann) Date: Wed, 30 May 2001 13:43:33 +0200 Subject: [pptp-server] pptp 1.0.1 - Win2k References: Message-ID: <3B14DCE5.11206CB8@armann.de> Hi Justin, I upgraded to 1.1.2 Configuration : Testenvironment both computers are connected to one hub via ethernet Client 192.168.0.223 - Server 192.168.0.5 Win98 Client 192.168.0.123 - no Problems win2k : standard "dial-up-connectiction" created with the connection-wizard. pptpd.conf : option /etc/ppp/options.pptp localip 10.254.254.1 remoteip 10.254.254.101-200 /etc/ppp/options.pptp : noauth crtscts lock asyncmap 0 nodetach lcp-echo-interval 45 lcp-echo-failure 4 idle 720 noipx ms-dns 192.168.85.1 ms-dns 192.168.85.1 ms-wins 192.168.85.1 ms-wins 192.168.85.1 auth lock debug +chap +chapms +chapms-v2 mppe-128 Justin Kreger wrote: > > First of all, upgrade pptpd, 1.1.2 is more stable then 1.0.1. > > Whats your ppp config on both ends? Using RRAS or normal dialup/connect > dialogs? > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > On Wed, 30 May 2001, Kim Armann wrote: > > > Hi, > > > > if I connect to a pptpd-Server via LAN (Client 192.168.0.223 - Server > > 192.168.0.5) with win2k, I get success the authentication, revice one or > > two pings and after the connection-symbol "goes into the sys-tray", the > > ping stops. > > I see data transfering (the symbol flashes) but I get no connections to > > any services (telnet, smtp, ping) > > Windows 98 works fine. > > > > config : win2k (with and without SP1) > > Linux : > > Kernel 2.4.2 > > pptpd 1.0.1 > > pppd 2.4.0 > > iptables-firewall (activated / not activated - no differenze) > > > > maybe s.o. can help me ... > > > > thanks > > kim From foob at return0.net Wed May 30 08:33:48 2001 From: foob at return0.net (foob at return0.net) Date: Wed, 30 May 2001 13:33:48 +0000 (GMT) Subject: [pptp-server] pptpd/pppd/mppe + kernel 2.2.19 Message-ID: Is it possible to use pptpd,pppd,mppe128 on linux *without* kernel modules? Im running 2.2.19, I dont want to add module support, but i'd quite like secure(ish) pptp. I have configured everything, and a Windows2000 machine can connect, if encyrption is 'optional'. If it is 'required', Windows fails to negotiate, saying the remote server doesnt support the desired encyrption. Is this because I havent got the ppp mppe modules installed? Can I build them into the kernel somehow? 5.13 Q: I can get the PPTP connection to work fine, but can not get encryption to work. What is wrong? A: It has been reported that changing PPP from being built into the kernel to being a loadable module has fixed the problem. The configuration file listed in the earlier instructions does build PPP as a loadable module. (http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt) Anyone got any knowledge of this? Why should it be required to be modular? Any help much appreciatde... - foob (heres a syslog dump of an unsuccessful connection from 2k to linux) pptpd[7140]: MGR: Launching /usr/sbin/pptpctrl to handle client pptpd[7140]: CTRL: local address = 10.10.10.254 pptpd[7140]: CTRL: remote address = 10.10.10.101 pptpd[7140]: CTRL: Client xxx.xxx.xxx.xxx control connection started pptpd[7140]: CTRL: Received PPTP Control Message (type: 1) pptpd[7140]: CTRL: Made a START CTRL CONN RPLY packet pptpd[7140]: CTRL: I wrote 156 bytes to the client. pptpd[7140]: CTRL: Sent packet to client pptpd[7140]: CTRL: Received PPTP Control Message (type: 7) pptpd[7140]: CTRL: Set parameters to 1525 maxbps, 64 window size pptpd[7140]: CTRL: Made a OUT CALL RPLY packet pptpd[7140]: CTRL: Starting call (launching pppd, opening GRE) pptpd[7140]: CTRL: pty_fd = 4 pptpd[7140]: CTRL: tty_fd = 5 pptpd[7140]: CTRL: I wrote 32 bytes to the client. pptpd[7141]: CTRL (PPPD Launcher): Connection speed = 115200 pptpd[7141]: CTRL (PPPD Launcher): local address = 10.10.10.254 pptpd[7141]: CTRL (PPPD Launcher): remote address = 10.10.10.101 pptpd[7140]: CTRL: Sent packet to client pppd[7141]: pppd 2.4.1 started by root, uid 0 pppd[7141]: Using interface ppp0 pppd[7141]: Connect: ppp0 <--> /dev/pts/5 pppd[7141]: sent [LCP ConfReq id=0x1 ] pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) pptpd[7140]: CTRL: Got a SET LINK INFO packet with standard ACCMs pptpd[7140]: GRE: Discarding out of order packet pppd[7141]: rcvd [LCP ConfNak id=0x1 ] pppd[7141]: sent [LCP ConfReq id=0x2 ] pppd[7141]: rcvd [LCP ConfAck id=0x2 ] pppd[7141]: rcvd [LCP ConfReq id=0x1 < 0d 03 06> ] pppd[7141]: sent [LCP ConfRej id=0x1 < 0d 03 06> ] pppd[7141]: rcvd [LCP ConfReq id=0x2 ] pppd[7141]: sent [LCP ConfAck id=0x2 ] pppd[7141]: sent [LCP EchoReq id=0x0 magic=0xcea6f60d] pppd[7141]: sent [CHAP Challenge id=0x1 <43e28c5c0616b272f6f180fa57005c56>, name = "xxx"] pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) pptpd[7140]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! pppd[7141]: rcvd [LCP code=0xc id=0x3 6c 25 19 ea 4d 53 52 41 53 56 35 2e 30 30] pppd[7141]: sent [LCP CodeRej id=0x3 0c 03 00 12 6c 25 19 ea 4d 53 52 41 53 56 35 2e 30 30] pppd[7141]: rcvd [LCP code=0xc id=0x4 6c 25 19 ea 4d 53 52 41 53 2d 31 2d 54 45 53 54] pppd[7141]: sent [LCP CodeRej id=0x4 0c 04 00 14 6c 25 19 ea 4d 53 52 41 53 2d 31 2d 54 45 53 54] pppd[7141]: rcvd [LCP EchoRep id=0x0 magic=0x6c2519ea] pppd[7141]: rcvd [CHAP Response id=0x1 <3f50738e46d222512e804f9793fdb7d00000000000000000e98127435c78168a6a3a4ed2acbe517a1cf6b7e8cc3abaa600>, name = "xxx"] pppd[7141]: sent [CHAP Success id=0x1 "S=0A5140A473E7E472164A21F197C7C5CC039110A8"] pppd[7141]: sent [IPCP ConfReq id=0x1 ] pppd[7141]: sent [CCP ConfReq id=0x1 ] pppd[7141]: MSCHAP-v2 peer authentication succeeded for xxx pppd[7141]: rcvd [CCP ConfReq id=0x5 ] pppd[7141]: sent [CCP ConfRej id=0x5 ] pptpd[7140]: GRE: Discarding out of order packet pppd[7141]: rcvd [IPCP ConfRej id=0x1 ] pppd[7141]: sent [IPCP ConfReq id=0x2 ] pppd[7141]: rcvd [CCP ConfRej id=0x1 ] pppd[7141]: sent [CCP ConfReq id=0x2] pppd[7141]: rcvd [IPCP ConfAck id=0x2 ] pppd[7141]: rcvd [CCP ConfNak id=0x2 ] pppd[7141]: sent [CCP ConfReq id=0x3] pppd[7141]: rcvd [CCP ConfNak id=0x3 ] pppd[7141]: sent [CCP ConfReq id=0x4] pppd[7141]: rcvd [CCP ConfNak id=0x4 ] pppd[7141]: sent [CCP ConfReq id=0x5] pppd[7141]: rcvd [CCP ConfNak id=0x5 ] pppd[7141]: sent [CCP ConfReq id=0x6] pppd[7141]: rcvd [CCP ConfNak id=0x6 ] pppd[7141]: sent [CCP ConfReq id=0x7] pppd[7141]: rcvd [CCP ConfNak id=0x7 ] pppd[7141]: sent [CCP ConfReq id=0x8] pppd[7141]: rcvd [CCP ConfNak id=0x8 ] pppd[7141]: sent [CCP ConfReq id=0x9] pppd[7141]: rcvd [CCP ConfNak id=0x9 ] pppd[7141]: sent [CCP ConfReq id=0xa] pppd[7141]: rcvd [CCP ConfNak id=0xa ] pppd[7141]: sent [CCP ConfReq id=0xb] pppd[7141]: rcvd [CCP ConfNak id=0xb ] pppd[7141]: sent [CCP ConfReq id=0xc] pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) pptpd[7140]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! pppd[7141]: rcvd [LCP TermReq id=0x7 "l%\031\37777777752\000<\37777777715t\000\000\002\37777777746"] pppd[7141]: LCP terminated by peer (l%^YM-j^@ Where can I find this module: ip_masq_pptp ? I tried insmod ip_masq_pptp , but it doesnt work... Please, anyone can help me? From Steve at SteveCowles.com Wed May 30 08:37:43 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 30 May 2001 08:37:43 -0500 Subject: [pptp-server] ip_masq_pptp Message-ID: <90769AF04F76D41186C700A0C90AFC3EE7B7@defiant.infohiiway.com> You will need to patch/compile your kernel to support vpn masquerading. Then the module ip_masq_pptp.o will be available. Checkout: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html Steve Cowles > -----Original Message----- > From: Eduardo Zola [mailto:ezola at riobravo.com.br] > Sent: Wednesday, May 30, 2001 7:55 AM > To: 'pptp-server at lists.schulte.org' > Subject: [pptp-server] ip_masq_pptp > > > Where can I find this module: ip_masq_pptp ? > I tried insmod ip_masq_pptp , but it doesnt work... > > Please, anyone can help me? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From berzerke at swbell.net Wed May 30 08:29:13 2001 From: berzerke at swbell.net (robert) Date: Wed, 30 May 2001 08:29:13 -0500 Subject: [pptp-server] pptpd/pppd/mppe + kernel 2.2.19 In-Reply-To: References: Message-ID: <01053008291300.19889@linux> In theory, compiled in or modular doesn't make any difference. But then again, in theory, there is no difference between theory and practice. In practice, there is. :) On Wednesday 30 May 2001 08:33, foob at return0.net wrote: > Is it possible to use pptpd,pppd,mppe128 on linux *without* > kernel modules? Im running 2.2.19, I dont want to add module > support, but i'd quite like secure(ish) pptp. > I have configured everything, and a Windows2000 machine can > connect, if encyrption is 'optional'. If it is 'required', > Windows fails to negotiate, saying the remote server doesnt > support the desired encyrption. > > Is this because I havent got the ppp mppe modules installed? > Can I build them into the kernel somehow? > > 5.13 Q: I can get the PPTP connection to work fine, but can not get > encryption to work. What is wrong? > > A: It has been reported that changing PPP from being built into > the kernel to being a loadable module has fixed the problem. The > configuration file listed in the earlier instructions does build PPP as a > loadable module. > (http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt) > > Anyone got any knowledge of this? Why should it be required > to be modular? Any help much appreciatde... > > > - foob > > > (heres a syslog dump of an unsuccessful connection from 2k to > linux) > > pptpd[7140]: MGR: Launching /usr/sbin/pptpctrl to handle client > pptpd[7140]: CTRL: local address = 10.10.10.254 > pptpd[7140]: CTRL: remote address = 10.10.10.101 > pptpd[7140]: CTRL: Client xxx.xxx.xxx.xxx control connection started > pptpd[7140]: CTRL: Received PPTP Control Message (type: 1) > pptpd[7140]: CTRL: Made a START CTRL CONN RPLY packet > pptpd[7140]: CTRL: I wrote 156 bytes to the client. > pptpd[7140]: CTRL: Sent packet to client > pptpd[7140]: CTRL: Received PPTP Control Message (type: 7) > pptpd[7140]: CTRL: Set parameters to 1525 maxbps, 64 window size > pptpd[7140]: CTRL: Made a OUT CALL RPLY packet > pptpd[7140]: CTRL: Starting call (launching pppd, opening GRE) > pptpd[7140]: CTRL: pty_fd = 4 > pptpd[7140]: CTRL: tty_fd = 5 > pptpd[7140]: CTRL: I wrote 32 bytes to the client. > pptpd[7141]: CTRL (PPPD Launcher): Connection speed = 115200 > pptpd[7141]: CTRL (PPPD Launcher): local address = 10.10.10.254 > pptpd[7141]: CTRL (PPPD Launcher): remote address = 10.10.10.101 > pptpd[7140]: CTRL: Sent packet to client > pppd[7141]: pppd 2.4.1 started by root, uid 0 > pppd[7141]: Using interface ppp0 > pppd[7141]: Connect: ppp0 <--> /dev/pts/5 > pppd[7141]: sent [LCP ConfReq id=0x1 81> ] > pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) > pptpd[7140]: CTRL: Got a SET LINK INFO packet with standard ACCMs > pptpd[7140]: GRE: Discarding out of order packet > pppd[7141]: rcvd [LCP ConfNak id=0x1 ] > pppd[7141]: sent [LCP ConfReq id=0x2 0xcea6f60d> ] > pppd[7141]: rcvd [LCP ConfAck id=0x2 0xcea6f60d> ] > pppd[7141]: rcvd [LCP ConfReq id=0x1 > < 0d 03 06> [local:e1.d1.f0.6e.e7.67.48.7c.8f.9b.e3.28.ac.0d.7a.d7.00.00.00.09]>] > pppd[7141]: sent [LCP ConfRej id=0x1 < 0d 03 06> ] > pppd[7141]: rcvd [LCP ConfReq id=0x2 > [local:e1.d1.f0.6e.e7.67.48.7c.8f.9b.e3.28.ac.0d.7a.d7.00.00.00.09]>] > pppd[7141]: sent [LCP ConfAck id=0x2 > [local:e1.d1.f0.6e.e7.67.48.7c.8f.9b.e3.28.ac.0d.7a.d7.00.00.00.09]>] > pppd[7141]: sent [LCP EchoReq id=0x0 magic=0xcea6f60d] > pppd[7141]: sent [CHAP Challenge id=0x1 > <43e28c5c0616b272f6f180fa57005c56>, name = "xxx"] > pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) > pptpd[7140]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! > pppd[7141]: rcvd [LCP code=0xc id=0x3 6c 25 19 ea 4d 53 52 41 53 56 35 2e > 30 30] > pppd[7141]: sent [LCP CodeRej id=0x3 0c 03 00 12 6c 25 19 ea 4d 53 52 41 > 53 56 35 2e 30 30] > pppd[7141]: rcvd [LCP code=0xc id=0x4 6c 25 19 ea 4d 53 52 41 53 2d 31 2d > 54 45 53 54] > pppd[7141]: sent [LCP CodeRej id=0x4 0c 04 00 14 6c 25 19 ea 4d 53 52 41 > 53 2d 31 2d 54 45 53 54] > pppd[7141]: rcvd [LCP EchoRep id=0x0 magic=0x6c2519ea] > pppd[7141]: rcvd [CHAP Response id=0x1 > <3f50738e46d222512e804f9793fdb7d00000000000000000e98127435c78168a6a3a4ed2ac >be517a1cf6b7e8cc3abaa600>, name = "xxx"] > pppd[7141]: sent [CHAP Success id=0x1 > "S=0A5140A473E7E472164A21F197C7C5CC039110A8"] > pppd[7141]: sent [IPCP ConfReq id=0x1 01>] > pppd[7141]: sent [CCP ConfReq id=0x1 ] > pppd[7141]: MSCHAP-v2 peer authentication succeeded for xxx > pppd[7141]: rcvd [CCP ConfReq id=0x5 ] > pppd[7141]: sent [CCP ConfRej id=0x5 ] > pptpd[7140]: GRE: Discarding out of order packet > pppd[7141]: rcvd [IPCP ConfRej id=0x1 ] > pppd[7141]: sent [IPCP ConfReq id=0x2 ] > pppd[7141]: rcvd [CCP ConfRej id=0x1 ] > pppd[7141]: sent [CCP ConfReq id=0x2] > pppd[7141]: rcvd [IPCP ConfAck id=0x2 ] > pppd[7141]: rcvd [CCP ConfNak id=0x2 ] > pppd[7141]: sent [CCP ConfReq id=0x3] > pppd[7141]: rcvd [CCP ConfNak id=0x3 ] > pppd[7141]: sent [CCP ConfReq id=0x4] > pppd[7141]: rcvd [CCP ConfNak id=0x4 ] > pppd[7141]: sent [CCP ConfReq id=0x5] > pppd[7141]: rcvd [CCP ConfNak id=0x5 ] > pppd[7141]: sent [CCP ConfReq id=0x6] > pppd[7141]: rcvd [CCP ConfNak id=0x6 ] > pppd[7141]: sent [CCP ConfReq id=0x7] > pppd[7141]: rcvd [CCP ConfNak id=0x7 ] > pppd[7141]: sent [CCP ConfReq id=0x8] > pppd[7141]: rcvd [CCP ConfNak id=0x8 ] > pppd[7141]: sent [CCP ConfReq id=0x9] > pppd[7141]: rcvd [CCP ConfNak id=0x9 ] > pppd[7141]: sent [CCP ConfReq id=0xa] > pppd[7141]: rcvd [CCP ConfNak id=0xa ] > pppd[7141]: sent [CCP ConfReq id=0xb] > pppd[7141]: rcvd [CCP ConfNak id=0xb ] > pppd[7141]: sent [CCP ConfReq id=0xc] > pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) > pptpd[7140]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! > pppd[7141]: rcvd [LCP TermReq id=0x7 > "l%\031\37777777752\000<\37777777715t\000\000\002\37777777746"] > pppd[7141]: LCP terminated by peer (l%^YM-j^@ pppd[7141]: sent [LCP TermAck id=0x7] > pptpd[7140]: CTRL: Received PPTP Control Message (type: 12) > pptpd[7140]: CTRL: Made a CALL DISCONNECT RPLY packet > pptpd[7140]: CTRL: Received CALL CLR request (closing call) > pptpd[7140]: CTRL: I wrote 148 bytes to the client. > pptpd[7140]: CTRL: Sent packet to client > pptpd[7140]: CTRL: Error with select(), quitting > pptpd[7140]: CTRL: Client xxx.xxx.xxx.xxx control connection finished > pptpd[7140]: CTRL: Exiting now > pptpd[7119]: MGR: Reaped child 7140 > pppd[7141]: Modem hangup > pppd[7141]: Connection terminated. > pppd[7141]: Connect time 0.1 minutes. > pppd[7141]: Sent 669 bytes, received 767 bytes. > pppd[7141]: Exit.May 30 12:41:23 node pptpd[6846]: MGR: Launching > /usr/sbin/pptpctrl to handle client > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From foob at return0.net Wed May 30 10:41:05 2001 From: foob at return0.net (foob at return0.net) Date: Wed, 30 May 2001 15:41:05 +0000 (GMT) Subject: [pptp-server] pptpd/pppd/mppe + kernel 2.2.19 In-Reply-To: <01053008291300.19889@linux> Message-ID: Um, my kernel has ppp support compiled in. I havent recompiled since installing a new pppd,mppe,pptp,etc... So I need to patch the kernel source somehow? It looks like there used to be a kinstal.sh script... did this modify some kernel headers? Maybe it will all work without modules, but I need to get the compiled-in version of ppp up to speed. Ideas? Or does that sound like a load of arse (highly probable) On Wed, 30 May 2001, robert wrote: > In theory, compiled in or modular doesn't make any difference. But then > again, in theory, there is no difference between theory and practice. In > practice, there is. :) > > On Wednesday 30 May 2001 08:33, foob at return0.net wrote: > > Is it possible to use pptpd,pppd,mppe128 on linux *without* > > kernel modules? Im running 2.2.19, I dont want to add module > > support, but i'd quite like secure(ish) pptp. > > I have configured everything, and a Windows2000 machine can > > connect, if encyrption is 'optional'. If it is 'required', > > Windows fails to negotiate, saying the remote server doesnt > > support the desired encyrption. > > > > Is this because I havent got the ppp mppe modules installed? > > Can I build them into the kernel somehow? > > > > 5.13 Q: I can get the PPTP connection to work fine, but can not get > > encryption to work. What is wrong? > > > > A: It has been reported that changing PPP from being built into > > the kernel to being a loadable module has fixed the problem. The > > configuration file listed in the earlier instructions does build PPP as a > > loadable module. > > (http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt) > > > > Anyone got any knowledge of this? Why should it be required > > to be modular? Any help much appreciatde... > > > > > > - foob > > > > > > (heres a syslog dump of an unsuccessful connection from 2k to > > linux) > > > > pptpd[7140]: MGR: Launching /usr/sbin/pptpctrl to handle client > > pptpd[7140]: CTRL: local address = 10.10.10.254 > > pptpd[7140]: CTRL: remote address = 10.10.10.101 > > pptpd[7140]: CTRL: Client xxx.xxx.xxx.xxx control connection started > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 1) > > pptpd[7140]: CTRL: Made a START CTRL CONN RPLY packet > > pptpd[7140]: CTRL: I wrote 156 bytes to the client. > > pptpd[7140]: CTRL: Sent packet to client > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 7) > > pptpd[7140]: CTRL: Set parameters to 1525 maxbps, 64 window size > > pptpd[7140]: CTRL: Made a OUT CALL RPLY packet > > pptpd[7140]: CTRL: Starting call (launching pppd, opening GRE) > > pptpd[7140]: CTRL: pty_fd = 4 > > pptpd[7140]: CTRL: tty_fd = 5 > > pptpd[7140]: CTRL: I wrote 32 bytes to the client. > > pptpd[7141]: CTRL (PPPD Launcher): Connection speed = 115200 > > pptpd[7141]: CTRL (PPPD Launcher): local address = 10.10.10.254 > > pptpd[7141]: CTRL (PPPD Launcher): remote address = 10.10.10.101 > > pptpd[7140]: CTRL: Sent packet to client > > pppd[7141]: pppd 2.4.1 started by root, uid 0 > > pppd[7141]: Using interface ppp0 > > pppd[7141]: Connect: ppp0 <--> /dev/pts/5 > > pppd[7141]: sent [LCP ConfReq id=0x1 > 81> ] > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) > > pptpd[7140]: CTRL: Got a SET LINK INFO packet with standard ACCMs > > pptpd[7140]: GRE: Discarding out of order packet > > pppd[7141]: rcvd [LCP ConfNak id=0x1 ] > > pppd[7141]: sent [LCP ConfReq id=0x2 > 0xcea6f60d> ] > > pppd[7141]: rcvd [LCP ConfAck id=0x2 > 0xcea6f60d> ] > > pppd[7141]: rcvd [LCP ConfReq id=0x1 > > < 0d 03 06> > [local:e1.d1.f0.6e.e7.67.48.7c.8f.9b.e3.28.ac.0d.7a.d7.00.00.00.09]>] > > pppd[7141]: sent [LCP ConfRej id=0x1 < 0d 03 06> ] > > pppd[7141]: rcvd [LCP ConfReq id=0x2 > > > [local:e1.d1.f0.6e.e7.67.48.7c.8f.9b.e3.28.ac.0d.7a.d7.00.00.00.09]>] > > pppd[7141]: sent [LCP ConfAck id=0x2 > > > [local:e1.d1.f0.6e.e7.67.48.7c.8f.9b.e3.28.ac.0d.7a.d7.00.00.00.09]>] > > pppd[7141]: sent [LCP EchoReq id=0x0 magic=0xcea6f60d] > > pppd[7141]: sent [CHAP Challenge id=0x1 > > <43e28c5c0616b272f6f180fa57005c56>, name = "xxx"] > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) > > pptpd[7140]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! > > pppd[7141]: rcvd [LCP code=0xc id=0x3 6c 25 19 ea 4d 53 52 41 53 56 35 2e > > 30 30] > > pppd[7141]: sent [LCP CodeRej id=0x3 0c 03 00 12 6c 25 19 ea 4d 53 52 41 > > 53 56 35 2e 30 30] > > pppd[7141]: rcvd [LCP code=0xc id=0x4 6c 25 19 ea 4d 53 52 41 53 2d 31 2d > > 54 45 53 54] > > pppd[7141]: sent [LCP CodeRej id=0x4 0c 04 00 14 6c 25 19 ea 4d 53 52 41 > > 53 2d 31 2d 54 45 53 54] > > pppd[7141]: rcvd [LCP EchoRep id=0x0 magic=0x6c2519ea] > > pppd[7141]: rcvd [CHAP Response id=0x1 > > <3f50738e46d222512e804f9793fdb7d00000000000000000e98127435c78168a6a3a4ed2ac > >be517a1cf6b7e8cc3abaa600>, name = "xxx"] > > pppd[7141]: sent [CHAP Success id=0x1 > > "S=0A5140A473E7E472164A21F197C7C5CC039110A8"] > > pppd[7141]: sent [IPCP ConfReq id=0x1 > 01>] > > pppd[7141]: sent [CCP ConfReq id=0x1 ] > > pppd[7141]: MSCHAP-v2 peer authentication succeeded for xxx > > pppd[7141]: rcvd [CCP ConfReq id=0x5 ] > > pppd[7141]: sent [CCP ConfRej id=0x5 ] > > pptpd[7140]: GRE: Discarding out of order packet > > pppd[7141]: rcvd [IPCP ConfRej id=0x1 ] > > pppd[7141]: sent [IPCP ConfReq id=0x2 ] > > pppd[7141]: rcvd [CCP ConfRej id=0x1 ] > > pppd[7141]: sent [CCP ConfReq id=0x2] > > pppd[7141]: rcvd [IPCP ConfAck id=0x2 ] > > pppd[7141]: rcvd [CCP ConfNak id=0x2 ] > > pppd[7141]: sent [CCP ConfReq id=0x3] > > pppd[7141]: rcvd [CCP ConfNak id=0x3 ] > > pppd[7141]: sent [CCP ConfReq id=0x4] > > pppd[7141]: rcvd [CCP ConfNak id=0x4 ] > > pppd[7141]: sent [CCP ConfReq id=0x5] > > pppd[7141]: rcvd [CCP ConfNak id=0x5 ] > > pppd[7141]: sent [CCP ConfReq id=0x6] > > pppd[7141]: rcvd [CCP ConfNak id=0x6 ] > > pppd[7141]: sent [CCP ConfReq id=0x7] > > pppd[7141]: rcvd [CCP ConfNak id=0x7 ] > > pppd[7141]: sent [CCP ConfReq id=0x8] > > pppd[7141]: rcvd [CCP ConfNak id=0x8 ] > > pppd[7141]: sent [CCP ConfReq id=0x9] > > pppd[7141]: rcvd [CCP ConfNak id=0x9 ] > > pppd[7141]: sent [CCP ConfReq id=0xa] > > pppd[7141]: rcvd [CCP ConfNak id=0xa ] > > pppd[7141]: sent [CCP ConfReq id=0xb] > > pppd[7141]: rcvd [CCP ConfNak id=0xb ] > > pppd[7141]: sent [CCP ConfReq id=0xc] > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) > > pptpd[7140]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! > > pppd[7141]: rcvd [LCP TermReq id=0x7 > > "l%\031\37777777752\000<\37777777715t\000\000\002\37777777746"] > > pppd[7141]: LCP terminated by peer (l%^YM-j^@ > pppd[7141]: sent [LCP TermAck id=0x7] > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 12) > > pptpd[7140]: CTRL: Made a CALL DISCONNECT RPLY packet > > pptpd[7140]: CTRL: Received CALL CLR request (closing call) > > pptpd[7140]: CTRL: I wrote 148 bytes to the client. > > pptpd[7140]: CTRL: Sent packet to client > > pptpd[7140]: CTRL: Error with select(), quitting > > pptpd[7140]: CTRL: Client xxx.xxx.xxx.xxx control connection finished > > pptpd[7140]: CTRL: Exiting now > > pptpd[7119]: MGR: Reaped child 7140 > > pppd[7141]: Modem hangup > > pppd[7141]: Connection terminated. > > pppd[7141]: Connect time 0.1 minutes. > > pppd[7141]: Sent 669 bytes, received 767 bytes. > > pppd[7141]: Exit.May 30 12:41:23 node pptpd[6846]: MGR: Launching > > /usr/sbin/pptpctrl to handle client > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > From charlieb at e-smith.com Wed May 30 09:39:28 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 30 May 2001 10:39:28 -0400 (EDT) Subject: [pptp-server] pptp 1.0.1 - Win2k In-Reply-To: <3B14C9DB.3BCFAD9E@armann.de> Message-ID: On Wed, 30 May 2001, Kim Armann wrote: > if I connect to a pptpd-Server via LAN (Client 192.168.0.223 - Server > 192.168.0.5) with win2k, It doesn't make much sense to connect to a server on the same LAN. There is already a direct route on the LAN to that server. If you configure the pptpd server the way it is usually configured (to use its LAN address as the local address for the PPTP connection), then you will have two routes to that IP address in your client. All rather confusing for the client. If you are going to test this way, make sure that the server uses a different network for its addresses. Then when you start to access from outside your LAN, you probably want to change the addresses again - the PPTP VPN makes most sense if you use the same network addresses, and configure proxyarp on the server. Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From charlieb at e-smith.com Wed May 30 10:01:11 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 30 May 2001 11:01:11 -0400 (EDT) Subject: [pptp-server] ip_masq_pptp In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE7B7@defiant.infohiiway.com> Message-ID: On Wed, 30 May 2001, Cowles, Steve wrote: > You will need to patch/compile your kernel to support vpn masquerading. Then > the module ip_masq_pptp.o will be available. Already done if you have a late enough RedHat kernel. Also, use "modprobe ip_masq_pptp", not insmod. Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From kim at armann.de Wed May 30 09:47:32 2001 From: kim at armann.de (Kim Armann) Date: Wed, 30 May 2001 16:47:32 +0200 Subject: [pptp-server] pptp 1.0.1 - Win2k References: Message-ID: <3B150804.85852882@armann.de> OK, here the net : net:192.168.85.0/24--pptpd-Server:192.168.85.1/192.168.0.5--pptp-Client:192.168.0.223 pptp-Client wants to connect to 192.168.85.0/24 via pptpd-Server. I don't want to test it with dial-up, but LAN because of the costs. on connection pptp-Client and pptpd-Server have a transfernet 10.254.254.0 Windows 98 : c:\> tracert 192.168.85.2 10.254.254.1 192.168.85.2 Win 2k : Timeout Timeout .... regards kim Charlie Brady wrote: > > On Wed, 30 May 2001, Kim Armann wrote: > > > if I connect to a pptpd-Server via LAN (Client 192.168.0.223 - Server > > 192.168.0.5) with win2k, > > It doesn't make much sense to connect to a server on the same LAN. There > is already a direct route on the LAN to that server. If you configure the > pptpd server the way it is usually configured (to use its LAN address as > the local address for the PPTP connection), then you will have two routes > to that IP address in your client. All rather confusing for the client. > > If you are going to test this way, make sure that the server uses a > different network for its addresses. Then when you start to access from > outside your LAN, you probably want to change the addresses again - the > PPTP VPN makes most sense if you use the same network addresses, and > configure proxyarp on the server. > > Charlie Brady charlieb at e-smith.com > http://www.e-smith.org (development) http://www.e-smith.com (corporate) > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From Josh.Howlett at bristol.ac.uk Wed May 30 10:56:20 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Wed, 30 May 2001 16:56:20 +0100 (BST) Subject: [pptp-server] MPPE works with chapms, not chapms-v2 Message-ID: Hi all, I can connect fine from W2K using MPPE (128 bit) using MS-CHAP (v1). However, PPPD chokes if I try to authenticate using MS-CHAP-V2. I have "+chapms-v2" in my options. I get this in my syslog: MSCHAP-v2 peer authentication succeeded for ***** CTRL: Ignored a SET LINK INFO packet with real ACCMs! LCP terminated by peer (JM-^Q0.^@ This is the setup I wanted to use: Machine A Checkpoint FW-1 192.168.1.1/24=======| |-----------| |-------------------| |==| |========.... INTERNET ....======| Linux PPTP server | Machine B | | | | | 192.168.1.2/24=======| |-----------| |-------------------| 192.168.1.254/24 213.2.45.6 Machine A and machine B needs to connect to the PPTP server and are using 2 different accounts. My question is: Is it possible to do this, can the PPTP protocol be masqueraded ? The TCP port 1723 will be offcourse no problem, but what about the GRE. Because 1 connection works, but a second fails ... Thanks, Kurt From ezola at riobravo.com.br Wed May 30 11:25:49 2001 From: ezola at riobravo.com.br (Eduardo Zola) Date: Wed, 30 May 2001 13:25:49 -0300 Subject: [pptp-server] ip_masq_pptp Message-ID: <70A90ED25199D411902E00508B554F4308023B@EFS-BRSP-MAIL> I downloaded this file ip_masq_vpn-2.2.15.patch.gz, my kernel is 2.2.16, SuSE distribution... How can I patch my linux now? From kim at armann.de Wed May 30 11:44:10 2001 From: kim at armann.de (Kim Armann) Date: Wed, 30 May 2001 18:44:10 +0200 Subject: [pptp-server] pptp 1.0.1 - Win2k References: <3B14C9DB.3BCFAD9E@armann.de> Message-ID: <3B15235A.D9221359@armann.de> I found it !! Win2k seems to have problems with bsdcom adn deflate. I added nodeflate nobsdcomp into my option file and - bingo even windows 2000 is able to connect to my server kim Kim Armann wrote: > > Hi, > > if I connect to a pptpd-Server via LAN (Client 192.168.0.223 - Server > 192.168.0.5) with win2k, I get success the authentication, revice one or > two pings and after the connection-symbol "goes into the sys-tray", the > ping stops. > I see data transfering (the symbol flashes) but I get no connections to > any services (telnet, smtp, ping) > Windows 98 works fine. > > config : win2k (with and without SP1) > Linux : > Kernel 2.4.2 > pptpd 1.0.1 > pppd 2.4.0 > iptables-firewall (activated / not activated - no differenze) > > maybe s.o. can help me ... > > thanks > kim > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Wed May 30 12:19:56 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 30 May 2001 13:19:56 -0400 (EDT) Subject: [pptp-server] pptpd/pppd/mppe + kernel 2.2.19 In-Reply-To: Message-ID: The deal is... Untill recently... everything but true ppp support was kept as a module to the kernel. So deflate and bsdcomp moduels were only allowed to be modules. This has Changed recently.... So in theory, I guess you could build a monolithic kernel supporting mppe... How... Is beoynd me at the moment... look at the patch that patche's the kernel for mppe support. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 30 May 2001 foob at return0.net wrote: > > Um, my kernel has ppp support compiled in. > I havent recompiled since installing a new pppd,mppe,pptp,etc... > So I need to patch the kernel source somehow? It looks > like there used to be a kinstal.sh script... did this > modify some kernel headers? > > Maybe it will all work without modules, but I need to get > the compiled-in version of ppp up to speed. > > Ideas? > > Or does that sound like a load of arse (highly probable) > > > On Wed, 30 May 2001, robert wrote: > > > In theory, compiled in or modular doesn't make any difference. But then > > again, in theory, there is no difference between theory and practice. In > > practice, there is. :) > > > > On Wednesday 30 May 2001 08:33, foob at return0.net wrote: > > > Is it possible to use pptpd,pppd,mppe128 on linux *without* > > > kernel modules? Im running 2.2.19, I dont want to add module > > > support, but i'd quite like secure(ish) pptp. > > > I have configured everything, and a Windows2000 machine can > > > connect, if encyrption is 'optional'. If it is 'required', > > > Windows fails to negotiate, saying the remote server doesnt > > > support the desired encyrption. > > > > > > Is this because I havent got the ppp mppe modules installed? > > > Can I build them into the kernel somehow? > > > > > > 5.13 Q: I can get the PPTP connection to work fine, but can not get > > > encryption to work. What is wrong? > > > > > > A: It has been reported that changing PPP from being built into > > > the kernel to being a loadable module has fixed the problem. The > > > configuration file listed in the earlier instructions does build PPP as a > > > loadable module. > > > (http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt) > > > > > > Anyone got any knowledge of this? Why should it be required > > > to be modular? Any help much appreciatde... > > > > > > > > > - foob > > > > > > > > > (heres a syslog dump of an unsuccessful connection from 2k to > > > linux) > > > > > > pptpd[7140]: MGR: Launching /usr/sbin/pptpctrl to handle client > > > pptpd[7140]: CTRL: local address = 10.10.10.254 > > > pptpd[7140]: CTRL: remote address = 10.10.10.101 > > > pptpd[7140]: CTRL: Client xxx.xxx.xxx.xxx control connection started > > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 1) > > > pptpd[7140]: CTRL: Made a START CTRL CONN RPLY packet > > > pptpd[7140]: CTRL: I wrote 156 bytes to the client. > > > pptpd[7140]: CTRL: Sent packet to client > > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 7) > > > pptpd[7140]: CTRL: Set parameters to 1525 maxbps, 64 window size > > > pptpd[7140]: CTRL: Made a OUT CALL RPLY packet > > > pptpd[7140]: CTRL: Starting call (launching pppd, opening GRE) > > > pptpd[7140]: CTRL: pty_fd = 4 > > > pptpd[7140]: CTRL: tty_fd = 5 > > > pptpd[7140]: CTRL: I wrote 32 bytes to the client. > > > pptpd[7141]: CTRL (PPPD Launcher): Connection speed = 115200 > > > pptpd[7141]: CTRL (PPPD Launcher): local address = 10.10.10.254 > > > pptpd[7141]: CTRL (PPPD Launcher): remote address = 10.10.10.101 > > > pptpd[7140]: CTRL: Sent packet to client > > > pppd[7141]: pppd 2.4.1 started by root, uid 0 > > > pppd[7141]: Using interface ppp0 > > > pppd[7141]: Connect: ppp0 <--> /dev/pts/5 > > > pppd[7141]: sent [LCP ConfReq id=0x1 > > 81> ] > > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) > > > pptpd[7140]: CTRL: Got a SET LINK INFO packet with standard ACCMs > > > pptpd[7140]: GRE: Discarding out of order packet > > > pppd[7141]: rcvd [LCP ConfNak id=0x1 ] > > > pppd[7141]: sent [LCP ConfReq id=0x2 > > 0xcea6f60d> ] > > > pppd[7141]: rcvd [LCP ConfAck id=0x2 > > 0xcea6f60d> ] > > > pppd[7141]: rcvd [LCP ConfReq id=0x1 > > > < 0d 03 06> > > [local:e1.d1.f0.6e.e7.67.48.7c.8f.9b.e3.28.ac.0d.7a.d7.00.00.00.09]>] > > > pppd[7141]: sent [LCP ConfRej id=0x1 < 0d 03 06> ] > > > pppd[7141]: rcvd [LCP ConfReq id=0x2 > > > > > [local:e1.d1.f0.6e.e7.67.48.7c.8f.9b.e3.28.ac.0d.7a.d7.00.00.00.09]>] > > > pppd[7141]: sent [LCP ConfAck id=0x2 > > > > > [local:e1.d1.f0.6e.e7.67.48.7c.8f.9b.e3.28.ac.0d.7a.d7.00.00.00.09]>] > > > pppd[7141]: sent [LCP EchoReq id=0x0 magic=0xcea6f60d] > > > pppd[7141]: sent [CHAP Challenge id=0x1 > > > <43e28c5c0616b272f6f180fa57005c56>, name = "xxx"] > > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) > > > pptpd[7140]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! > > > pppd[7141]: rcvd [LCP code=0xc id=0x3 6c 25 19 ea 4d 53 52 41 53 56 35 2e > > > 30 30] > > > pppd[7141]: sent [LCP CodeRej id=0x3 0c 03 00 12 6c 25 19 ea 4d 53 52 41 > > > 53 56 35 2e 30 30] > > > pppd[7141]: rcvd [LCP code=0xc id=0x4 6c 25 19 ea 4d 53 52 41 53 2d 31 2d > > > 54 45 53 54] > > > pppd[7141]: sent [LCP CodeRej id=0x4 0c 04 00 14 6c 25 19 ea 4d 53 52 41 > > > 53 2d 31 2d 54 45 53 54] > > > pppd[7141]: rcvd [LCP EchoRep id=0x0 magic=0x6c2519ea] > > > pppd[7141]: rcvd [CHAP Response id=0x1 > > > <3f50738e46d222512e804f9793fdb7d00000000000000000e98127435c78168a6a3a4ed2ac > > >be517a1cf6b7e8cc3abaa600>, name = "xxx"] > > > pppd[7141]: sent [CHAP Success id=0x1 > > > "S=0A5140A473E7E472164A21F197C7C5CC039110A8"] > > > pppd[7141]: sent [IPCP ConfReq id=0x1 > > 01>] > > > pppd[7141]: sent [CCP ConfReq id=0x1 ] > > > pppd[7141]: MSCHAP-v2 peer authentication succeeded for xxx > > > pppd[7141]: rcvd [CCP ConfReq id=0x5 ] > > > pppd[7141]: sent [CCP ConfRej id=0x5 ] > > > pptpd[7140]: GRE: Discarding out of order packet > > > pppd[7141]: rcvd [IPCP ConfRej id=0x1 ] > > > pppd[7141]: sent [IPCP ConfReq id=0x2 ] > > > pppd[7141]: rcvd [CCP ConfRej id=0x1 ] > > > pppd[7141]: sent [CCP ConfReq id=0x2] > > > pppd[7141]: rcvd [IPCP ConfAck id=0x2 ] > > > pppd[7141]: rcvd [CCP ConfNak id=0x2 ] > > > pppd[7141]: sent [CCP ConfReq id=0x3] > > > pppd[7141]: rcvd [CCP ConfNak id=0x3 ] > > > pppd[7141]: sent [CCP ConfReq id=0x4] > > > pppd[7141]: rcvd [CCP ConfNak id=0x4 ] > > > pppd[7141]: sent [CCP ConfReq id=0x5] > > > pppd[7141]: rcvd [CCP ConfNak id=0x5 ] > > > pppd[7141]: sent [CCP ConfReq id=0x6] > > > pppd[7141]: rcvd [CCP ConfNak id=0x6 ] > > > pppd[7141]: sent [CCP ConfReq id=0x7] > > > pppd[7141]: rcvd [CCP ConfNak id=0x7 ] > > > pppd[7141]: sent [CCP ConfReq id=0x8] > > > pppd[7141]: rcvd [CCP ConfNak id=0x8 ] > > > pppd[7141]: sent [CCP ConfReq id=0x9] > > > pppd[7141]: rcvd [CCP ConfNak id=0x9 ] > > > pppd[7141]: sent [CCP ConfReq id=0xa] > > > pppd[7141]: rcvd [CCP ConfNak id=0xa ] > > > pppd[7141]: sent [CCP ConfReq id=0xb] > > > pppd[7141]: rcvd [CCP ConfNak id=0xb ] > > > pppd[7141]: sent [CCP ConfReq id=0xc] > > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 15) > > > pptpd[7140]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! > > > pppd[7141]: rcvd [LCP TermReq id=0x7 > > > "l%\031\37777777752\000<\37777777715t\000\000\002\37777777746"] > > > pppd[7141]: LCP terminated by peer (l%^YM-j^@ > > pppd[7141]: sent [LCP TermAck id=0x7] > > > pptpd[7140]: CTRL: Received PPTP Control Message (type: 12) > > > pptpd[7140]: CTRL: Made a CALL DISCONNECT RPLY packet > > > pptpd[7140]: CTRL: Received CALL CLR request (closing call) > > > pptpd[7140]: CTRL: I wrote 148 bytes to the client. > > > pptpd[7140]: CTRL: Sent packet to client > > > pptpd[7140]: CTRL: Error with select(), quitting > > > pptpd[7140]: CTRL: Client xxx.xxx.xxx.xxx control connection finished > > > pptpd[7140]: CTRL: Exiting now > > > pptpd[7119]: MGR: Reaped child 7140 > > > pppd[7141]: Modem hangup > > > pppd[7141]: Connection terminated. > > > pppd[7141]: Connect time 0.1 minutes. > > > pppd[7141]: Sent 669 bytes, received 767 bytes. > > > pppd[7141]: Exit.May 30 12:41:23 node pptpd[6846]: MGR: Launching > > > /usr/sbin/pptpctrl to handle client > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From kim at armann.de Wed May 30 12:19:37 2001 From: kim at armann.de (Kim Armann) Date: Wed, 30 May 2001 19:19:37 +0200 Subject: [pptp-server] MPPE works with chapms, not chapms-v2 References: Message-ID: <3B152BA9.6458878A@armann.de> Hi Josh, I have no problems : pppd[1582]: MSCHAP-v2 peer authentication succeeded for ****** pppd[1582]: Script /etc/ppp/auth-up finished (pid 1583), status = 0x0 pppd[1582]: rcvd [CCP ConfReq id=0x4 ] pppd[1582]: sent [CCP ConfNak id=0x4 ] pppd[1582]: rcvd [IPCP ConfReq id=0x5 pppd[1582]: sent [IPCP ConfNak id=0x5 > Hi all, > > I can connect fine from W2K using MPPE (128 bit) using MS-CHAP (v1). > However, PPPD chokes if I try to authenticate using MS-CHAP-V2. I have > "+chapms-v2" in my options. I get this in my syslog: > > MSCHAP-v2 peer authentication succeeded for ***** > CTRL: Ignored a SET LINK INFO packet with real ACCMs! > LCP terminated by peer (JM-^Q0.^@ Modem hangup > Connection terminated > > W2K returns this error: > > Error 778: It was not possible to verify the identity of the server. > > I'm using ppp-2.4.0, linux-2.4.1, and the relevant MPPE patches. > > TIA... > > josh. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Wed May 30 12:25:19 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 30 May 2001 13:25:19 -0400 (EDT) Subject: [pptp-server] PPTP client connection trough masqueraded firewall In-Reply-To: Message-ID: Your diagram is.... umm... not clear.. Dose the internet side of your firewall have a static ip? Is it acceptable to have one connect to the pptp server, and route between the two networks? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 30 May 2001, Kurt Glazemakers wrote: > > This is the setup I wanted to use: > Machine A Checkpoint FW-1 > 192.168.1.1/24=======| |-----------| > |-------------------| > |==| |========.... > INTERNET ....======| Linux PPTP server | > Machine B | | | > | | > 192.168.1.2/24=======| |-----------| > |-------------------| > 192.168.1.254/24 213.2.45.6 > > Machine A and machine B needs to connect to the PPTP server and are > using 2 different accounts. > > My question is: Is it possible to do this, can the PPTP protocol be > masqueraded ? The TCP port 1723 will be offcourse no problem, but what > about the GRE. Because 1 connection works, but a second fails ... > > Thanks, > > Kurt > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Wed May 30 12:27:13 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 30 May 2001 13:27:13 -0400 (EDT) Subject: [pptp-server] ip_masq_pptp In-Reply-To: <70A90ED25199D411902E00508B554F4308023B@EFS-BRSP-MAIL> Message-ID: ip_masq_vpn-2.2.15.patch.gz will cleanly patch to 2.2.16, .17, and .18 I dunno about .19. There is a HOWTO on how to install the patch and build the modules, goto www.linuxdoc.org, click howtos, select html - read online, then look for VPN Masquerade How-to. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 30 May 2001, Eduardo Zola wrote: > I downloaded this file ip_masq_vpn-2.2.15.patch.gz, my kernel is 2.2.16, > SuSE distribution... > How can I patch my linux now? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Wed May 30 12:28:54 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 30 May 2001 13:28:54 -0400 (EDT) Subject: [pptp-server] pptp 1.0.1 - Win2k In-Reply-To: <3B15235A.D9221359@armann.de> Message-ID: Microsoft dosen't support Deflate and BSDComp last I checked.... So there is no real reason to have it.... Though, I looked at a client's poptop server today, and it appears that a user was using Deflate compression + MPPE..... and as far as I know, there are no linux gurus there that know how to do it. *shrug* Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 30 May 2001, Kim Armann wrote: > I found it !! > > Win2k seems to have problems with bsdcom adn deflate. > I added > nodeflate > nobsdcomp > into my option file and - bingo even windows 2000 is able to connect to > my server > > kim > > > Kim Armann wrote: > > > > Hi, > > > > if I connect to a pptpd-Server via LAN (Client 192.168.0.223 - Server > > 192.168.0.5) with win2k, I get success the authentication, revice one or > > two pings and after the connection-symbol "goes into the sys-tray", the > > ping stops. > > I see data transfering (the symbol flashes) but I get no connections to > > any services (telnet, smtp, ping) > > Windows 98 works fine. > > > > config : win2k (with and without SP1) > > Linux : > > Kernel 2.4.2 > > pptpd 1.0.1 > > pppd 2.4.0 > > iptables-firewall (activated / not activated - no differenze) > > > > maybe s.o. can help me ... > > > > thanks > > kim > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From kurt.glazemakers at dedigate.com Wed May 30 12:35:04 2001 From: kurt.glazemakers at dedigate.com (Kurt Glazemakers) Date: Wed, 30 May 2001 19:35:04 +0200 Subject: [pptp-server] PPTP client connection trough masqueraded firewall Message-ID: I'm sorry, the image totally screwed up by sending it, maybe this will be more clear Linux PPTP server | | ... Internet ... | | 213.2.45.6 FW-1 192.168.1.254/24 | ------------- | | PC-A PC-B 192.168.1.1/24 192.168.1.2/24 Yep, the internet address of the firewall is fixed, and yep PC-A or PC-B is able to connect. Only both PPTP connections togheter don't work. I could make one connection and route it, but then I need an extra machine, because PC-A and PC-B are laptop pc's. If possible I would like to avoid it. -----Original Message----- From: Justin Kreger [mailto:lists at earthling.2y.net] Sent: woensdag 30 mei 2001 19:25 To: Kurt Glazemakers Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPTP client connection trough masqueraded firewall Your diagram is.... umm... not clear.. Dose the internet side of your firewall have a static ip? Is it acceptable to have one connect to the pptp server, and route between the two networks? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 30 May 2001, Kurt Glazemakers wrote: > > This is the setup I wanted to use: > Machine A Checkpoint FW-1 > 192.168.1.1/24=======| |-----------| > |-------------------| > |==| |========.... > INTERNET ....======| Linux PPTP server | > Machine B | | | > | | > 192.168.1.2/24=======| |-----------| > |-------------------| > 192.168.1.254/24 213.2.45.6 > > Machine A and machine B needs to connect to the PPTP server and are > using 2 different accounts. > > My question is: Is it possible to do this, can the PPTP protocol be > masqueraded ? The TCP port 1723 will be offcourse no problem, but what > about the GRE. Because 1 connection works, but a second fails ... > > Thanks, > > Kurt > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From charlieb at e-smith.com Wed May 30 13:26:50 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 30 May 2001 14:26:50 -0400 (EDT) Subject: [pptp-server] MPPE works with chapms, not chapms-v2 In-Reply-To: <3B152BA9.6458878A@armann.de> Message-ID: On Wed, 30 May 2001, Kim Armann wrote: > Hi Josh, > > I have no problems : > pppd[1582]: MSCHAP-v2 peer authentication succeeded for ****** > pppd[1582]: Script /etc/ppp/auth-up finished (pid 1583), status = 0x0 > pppd[1582]: rcvd [CCP ConfReq id=0x4 ] ^^ Your client is requesting 56 or 40 bit encryption, with MPPC compression. > pppd[1582]: sent [CCP ConfNak id=0x4 ] ^^ Your server is responding that it supports 40 or 128 bit encryption, with no MPPC compression. Is 40 bit encryption what you want? -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From scott.venier at compaq.com Wed May 30 14:35:56 2001 From: scott.venier at compaq.com (Scott Venier) Date: Wed, 30 May 2001 15:35:56 -0400 (EDT) Subject: [pptp-server] PPTP client connection trough masqueraded firewall In-Reply-To: Message-ID: FW-1 probably only supports 1 concurrent connection behind it. it's not smart enough to figure out based on call id which machine should get the GRE packets. See if there's an update. if not, get a box to route. Scott On Wed, 30 May 2001, Kurt Glazemakers wrote: > > I'm sorry, the image totally screwed up by sending it, maybe this will > be more clear > > Linux PPTP server > | > | > ... > Internet > ... > | > | > 213.2.45.6 > FW-1 > 192.168.1.254/24 > | > ------------- > | | > PC-A PC-B > 192.168.1.1/24 192.168.1.2/24 > > Yep, the internet address of the firewall is fixed, and yep PC-A or PC-B > is able to connect. Only both PPTP connections togheter don't work. > > I could make one connection and route it, but then I need an extra > machine, because PC-A and PC-B are laptop pc's. If possible I would like > to avoid it. > > > -----Original Message----- > From: Justin Kreger [mailto:lists at earthling.2y.net] > Sent: woensdag 30 mei 2001 19:25 > To: Kurt Glazemakers > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] PPTP client connection trough masqueraded > firewall > > > Your diagram is.... umm... not clear.. Dose the internet side of your > firewall have a static ip? Is it acceptable to have one connect to the > pptp server, and route between the two networks? > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > On Wed, 30 May 2001, Kurt Glazemakers wrote: > > > > > This is the setup I wanted to use: > > Machine A Checkpoint FW-1 > > 192.168.1.1/24=======| |-----------| > > |-------------------| > > |==| |========.... > > INTERNET ....======| Linux PPTP server | > > Machine B | | | > > | | > > 192.168.1.2/24=======| |-----------| > > |-------------------| > > 192.168.1.254/24 213.2.45.6 > > > > Machine A and machine B needs to connect to the PPTP server and are > > using 2 different accounts. > > > > My question is: Is it possible to do this, can the PPTP protocol be > > masqueraded ? The TCP port 1723 will be offcourse no problem, but what > > about the GRE. Because 1 connection works, but a second fails ... > > > > Thanks, > > > > Kurt > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From gregm at hiddenvillage.net Wed May 30 15:23:16 2001 From: gregm at hiddenvillage.net (Greg Muehl) Date: Wed, 30 May 2001 15:23:16 -0500 Subject: [pptp-server] PPTP client connection trough masqueraded firewall In-Reply-To: References: Message-ID: <5.1.0.14.0.20010530150945.00a552e8@12.37.14.181> I have the same problem. I am using an extendnet4000 firewall at work (based on 2.2.14) that claims to support VPN port forwarding. I have it forward to an inside Linux Slackware 2.2.16 box. I can connect multiple clients that are inside the local network (useless except for testing). Outside the network I get this in my pptpd.log when I connect multiple machines, even from different locations: May 30 00:15:35 file_server pppd[227]: sent [LCP ConfReq id=0x1 ] May 30 00:15:35 file_server pptpd[202]: GRE: Discarding out of order packet May 30 00:15:35 file_server pptpd[226]: GRE: Discarding out of order packet May 30 00:15:35 file_server pptpd[202]: GRE: Discarding out of order packet May 30 00:15:35 file_server pptpd[226]: GRE: Discarding out of order packet May 30 00:15:38 file_server pppd[227]: sent [LCP ConfReq id=0x1 ] May 30 00:15:38 file_server pptpd[202]: GRE: Discarding out of order packet May 30 00:15:38 file_server pptpd[226]: GRE: Discarding out of order packet May 30 00:15:38 file_server pptpd[202]: GRE: Discarding out of order packet May 30 00:15:38 file_server pptpd[226]: GRE: Discarding out of order packet May 30 00:15:41 file_server pppd[227]: LCP: timeout sending Config-Requests May 30 00:15:41 file_server pppd[227]: Connection terminated. May 30 00:15:41 file_server pppd[227]: Exit. May 30 00:15:41 file_server pptpd[226]: GRE: read(fd=4,buffer=804d840,len=8196) from PTY failed: status = -1 error = Input/output error May 30 00:15:41 file_server pptpd[226]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) May 30 00:15:41 file_server pptpd[226]: CTRL: Client 100.0.0.199 control connection finished any ideas??? At 03:35 PM 5/30/2001 -0400, you wrote: >FW-1 probably only supports 1 concurrent connection behind it. it's not >smart enough to figure out based on call id which machine should get the >GRE packets. See if there's an update. if not, get a box to route. > >Scott > >On Wed, 30 May 2001, Kurt Glazemakers wrote: > > > > > I'm sorry, the image totally screwed up by sending it, maybe this will > > be more clear > > > > Linux PPTP server > > | > > | > > ... > > Internet > > ... > > | > > | > > 213.2.45.6 > > FW-1 > > 192.168.1.254/24 > > | > > ------------- > > | | > > PC-A PC-B > > 192.168.1.1/24 192.168.1.2/24 > > > > Yep, the internet address of the firewall is fixed, and yep PC-A or PC-B > > is able to connect. Only both PPTP connections togheter don't work. > > > > I could make one connection and route it, but then I need an extra > > machine, because PC-A and PC-B are laptop pc's. If possible I would like > > to avoid it. > > > > > > -----Original Message----- > > From: Justin Kreger [mailto:lists at earthling.2y.net] > > Sent: woensdag 30 mei 2001 19:25 > > To: Kurt Glazemakers > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] PPTP client connection trough masqueraded > > firewall > > > > > > Your diagram is.... umm... not clear.. Dose the internet side of your > > firewall have a static ip? Is it acceptable to have one connect to the > > pptp server, and route between the two networks? > > > > Justin Kreger, MCP MCSE CCNA > > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > > > > On Wed, 30 May 2001, Kurt Glazemakers wrote: > > > > > > > > This is the setup I wanted to use: > > > Machine A Checkpoint FW-1 > > > 192.168.1.1/24=======| |-----------| > > > |-------------------| > > > |==| |========.... > > > INTERNET ....======| Linux PPTP server | > > > Machine B | | | > > > | | > > > 192.168.1.2/24=======| |-----------| > > > |-------------------| > > > 192.168.1.254/24 213.2.45.6 > > > > > > Machine A and machine B needs to connect to the PPTP server and are > > > using 2 different accounts. > > > > > > My question is: Is it possible to do this, can the PPTP protocol be > > > masqueraded ? The TCP port 1723 will be offcourse no problem, but what > > > about the GRE. Because 1 connection works, but a second fails ... > > > > > > Thanks, > > > > > > Kurt > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! From thorvald at natvig.com Wed May 30 15:56:19 2001 From: thorvald at natvig.com (Thorvald Natvig) Date: Wed, 30 May 2001 22:56:19 +0200 (CEST) Subject: [pptp-server] Giving up waiting for packets on LAN? Message-ID: Greetings, I'm using pptpd-1.1.2 with ppp-2.3.11 on Linux 2.2.19, plus the mppe patches. The VPN link works fine for normal 'low intensity' traffic, but as soon as I start a full speed FTP transfer, the log on the server fills with: May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3178 after 3176 May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3179 after 3176 May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3180 after 3176 May 30 22:23:28 eva pptpd[30516]: Gave up waiting for 1 lost packets beginning with 3177 May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3277 after 3275 May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3278 after 3275 May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3279 after 3275 May 30 22:23:28 eva pptpd[30516]: Gave up waiting for 1 lost packets beginning with 3276 (repeat a whole lot) Naturally, speed crawls to almost nothing. Under WinME, about 250 kB/sec is maximum, while Win2k manages up to 800-900 kB. Normally, I'd credit this to actually lost packets, but the server and the client are just on two different local VLANs, each connected to a 100Mbit switched port, and there should be no dropped packets. Pingflooding, extensive ttcp etc reveals no dropped packets, and the server CPU is never loaded about 20-30%. If I just turn the VPN off, the same FTP transfer strolls along with 8-9 MB / sec. Any ideas on what's wrong and how I can fix it? From pfremond at thelab-intl.com Wed May 30 16:01:05 2001 From: pfremond at thelab-intl.com (Patrick Fremond) Date: Wed, 30 May 2001 23:01:05 +0200 Subject: [pptp-server] Best choice? Message-ID: I ve got to connect 3 sites to a headquarter using vpn on Adsl what is the best way? Freeswan?? or something else? Tks From charlieb at e-smith.com Wed May 30 16:20:01 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 30 May 2001 17:20:01 -0400 (EDT) Subject: [pptp-server] Giving up waiting for packets on LAN? In-Reply-To: Message-ID: On Wed, 30 May 2001, Thorvald Natvig wrote: > > I'm using pptpd-1.1.2 with ppp-2.3.11 on Linux 2.2.19, plus the mppe > patches. > > The VPN link works fine for normal 'low intensity' traffic, but as soon as > I start a full speed FTP transfer, the log on the server fills with: > > May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3178 after 3176 > May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3179 after 3176 > May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3180 after 3176 > May 30 22:23:28 eva pptpd[30516]: Gave up waiting for 1 lost packets beginning with 3177 ... > Any ideas on what's wrong and how I can fix it? Sniff the network and see if that 3177 packet actually crosses the wire. At least then you'll know which end of the list to look at more closely. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From jvonau at home.com Wed May 30 18:03:15 2001 From: jvonau at home.com (Jerry Vonau) Date: Wed, 30 May 2001 18:03:15 -0500 Subject: [pptp-server] PPTP client connection trough masqueraded firewall References: Message-ID: <3B157C33.9BD070CC@home.com> Kurt: From: http://www.ibiblio.org/pub/Linux/docs/HOWTO/VPN-Masquerade-HOWTO Section 2.7: The PPTP RFC specifies in section 3.1.3 that there may only be one control channel connection between two systems. This should mean that you can only masquerade one PPTP session at a time with a given remote server, but in practice the MS implementation of PPTP does not enforce this, at least not as of NT 4.0 Service Pack 4. If the PPTP server you're trying to connect to only permits one connection at a time, it's following the protocol rules properly. Note that this does not affect a masqueraded server, only multiple masqueraded clients attempting to contact the same remote server. I guess POPTOP is following the RFC to the letter while MS doesn't...... Can you install a PPTP client on the FW-1? Jerry Vonau Kurt Glazemakers wrote: > I'm sorry, the image totally screwed up by sending it, maybe this will > be more clear > > Linux PPTP server > | > | > ... > Internet > ... > | > | > 213.2.45.6 > FW-1 > 192.168.1.254/24 > | > ------------- > | | > PC-A PC-B > 192.168.1.1/24 192.168.1.2/24 > > Yep, the internet address of the firewall is fixed, and yep PC-A or PC-B > is able to connect. Only both PPTP connections togheter don't work. > > I could make one connection and route it, but then I need an extra > machine, because PC-A and PC-B are laptop pc's. If possible I would like > to avoid it. > > -----Original Message----- > From: Justin Kreger [mailto:lists at earthling.2y.net] > Sent: woensdag 30 mei 2001 19:25 > To: Kurt Glazemakers > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] PPTP client connection trough masqueraded > firewall > > Your diagram is.... umm... not clear.. Dose the internet side of your > firewall have a static ip? Is it acceptable to have one connect to the > pptp server, and route between the two networks? > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > On Wed, 30 May 2001, Kurt Glazemakers wrote: > > > > > This is the setup I wanted to use: > > Machine A Checkpoint FW-1 > > 192.168.1.1/24=======| |-----------| > > |-------------------| > > |==| |========.... > > INTERNET ....======| Linux PPTP server | > > Machine B | | | > > | | > > 192.168.1.2/24=======| |-----------| > > |-------------------| > > 192.168.1.254/24 213.2.45.6 > > > > Machine A and machine B needs to connect to the PPTP server and are > > using 2 different accounts. > > > > My question is: Is it possible to do this, can the PPTP protocol be > > masqueraded ? The TCP port 1723 will be offcourse no problem, but what > > about the GRE. Because 1 connection works, but a second fails ... > > > > Thanks, > > > > Kurt > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Wed May 30 21:17:52 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 30 May 2001 22:17:52 -0400 (EDT) Subject: [pptp-server] PPTP client connection trough masqueraded firewall In-Reply-To: <3B157C33.9BD070CC@home.com> Message-ID: What os is the firewall.... ? Linux? NT? Solaris/SunOS? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 30 May 2001, Jerry Vonau wrote: > Kurt: > > From: http://www.ibiblio.org/pub/Linux/docs/HOWTO/VPN-Masquerade-HOWTO > Section 2.7: > > The PPTP RFC specifies in section 3.1.3 that there may only be one > control channel connection between two systems. This should mean that > you can only masquerade one PPTP session at a time with a given remote > server, but in practice the MS implementation of PPTP does not enforce > this, at least not as of NT 4.0 Service Pack 4. If the PPTP server > you're trying to connect to only permits one connection at a time, > it's following the protocol rules properly. Note that this does not > affect a masqueraded server, only multiple masqueraded clients > attempting to contact the same remote server. > > I guess POPTOP is following the RFC to the letter while MS doesn't...... > Can you install a PPTP client on the FW-1? > > Jerry Vonau > > > Kurt Glazemakers wrote: > > > I'm sorry, the image totally screwed up by sending it, maybe this will > > be more clear > > > > Linux PPTP server > > | > > | > > ... > > Internet > > ... > > | > > | > > 213.2.45.6 > > FW-1 > > 192.168.1.254/24 > > | > > ------------- > > | | > > PC-A PC-B > > 192.168.1.1/24 192.168.1.2/24 > > > > Yep, the internet address of the firewall is fixed, and yep PC-A or PC-B > > is able to connect. Only both PPTP connections togheter don't work. > > > > I could make one connection and route it, but then I need an extra > > machine, because PC-A and PC-B are laptop pc's. If possible I would like > > to avoid it. > > > > -----Original Message----- > > From: Justin Kreger [mailto:lists at earthling.2y.net] > > Sent: woensdag 30 mei 2001 19:25 > > To: Kurt Glazemakers > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] PPTP client connection trough masqueraded > > firewall > > > > Your diagram is.... umm... not clear.. Dose the internet side of your > > firewall have a static ip? Is it acceptable to have one connect to the > > pptp server, and route between the two networks? > > > > Justin Kreger, MCP MCSE CCNA > > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > > On Wed, 30 May 2001, Kurt Glazemakers wrote: > > > > > > > > This is the setup I wanted to use: > > > Machine A Checkpoint FW-1 > > > 192.168.1.1/24=======| |-----------| > > > |-------------------| > > > |==| |========.... > > > INTERNET ....======| Linux PPTP server | > > > Machine B | | | > > > | | > > > 192.168.1.2/24=======| |-----------| > > > |-------------------| > > > 192.168.1.254/24 213.2.45.6 > > > > > > Machine A and machine B needs to connect to the PPTP server and are > > > using 2 different accounts. > > > > > > My question is: Is it possible to do this, can the PPTP protocol be > > > masqueraded ? The TCP port 1723 will be offcourse no problem, but what > > > about the GRE. Because 1 connection works, but a second fails ... > > > > > > Thanks, > > > > > > Kurt > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Wed May 30 21:21:02 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 30 May 2001 22:21:02 -0400 (EDT) Subject: [pptp-server] Best choice? In-Reply-To: Message-ID: Depends on what the routers are, how they are configured, and what kind of firewalls you have at the ends. If all some sort of unix, go for IPSec. maybe somebody has written a mod to zebra's ospf daemon to support ipsec..... Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 30 May 2001, Patrick Fremond wrote: > I ve got to connect 3 sites to a headquarter using vpn on Adsl what is the > best way? > > Freeswan?? > > or something else? > > > Tks > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Wed May 30 21:21:02 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 30 May 2001 22:21:02 -0400 (EDT) Subject: [pptp-server] Best choice? In-Reply-To: Message-ID: Depends on what the routers are, how they are configured, and what kind of firewalls you have at the ends. If all some sort of unix, go for IPSec. maybe somebody has written a mod to zebra's ospf daemon to support ipsec..... Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 30 May 2001, Patrick Fremond wrote: > I ve got to connect 3 sites to a headquarter using vpn on Adsl what is the > best way? > > Freeswan?? > > or something else? > > > Tks > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Wed May 30 21:23:23 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Wed, 30 May 2001 22:23:23 -0400 (EDT) Subject: [pptp-server] Giving up waiting for packets on LAN? In-Reply-To: Message-ID: Does it allways start at that point? Check your MTU/MRU... Windows kind of likes to have it's MTU and MRU fixed to 1500 even for ppp links. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Wed, 30 May 2001, Charlie Brady wrote: > > On Wed, 30 May 2001, Thorvald Natvig wrote: > > > > > I'm using pptpd-1.1.2 with ppp-2.3.11 on Linux 2.2.19, plus the mppe > > patches. > > > > The VPN link works fine for normal 'low intensity' traffic, but as soon as > > I start a full speed FTP transfer, the log on the server fills with: > > > > May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3178 after 3176 > > May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3179 after 3176 > > May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3180 after 3176 > > May 30 22:23:28 eva pptpd[30516]: Gave up waiting for 1 lost packets beginning with 3177 > ... > > > Any ideas on what's wrong and how I can fix it? > > Sniff the network and see if that 3177 packet actually crosses the wire. > At least then you'll know which end of the list to look at more closely. > > -- > > Charlie Brady charlieb at e-smith.com > http://www.e-smith.org (development) http://www.e-smith.com (corporate) > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From ismandya at sains.com.my Wed May 30 22:53:01 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Thu, 31 May 2001 11:53:01 +0800 Subject: [pptp-server] GRE with cisco IOS IP Plus on version 11.1 References: Message-ID: <3B15C01D.3FAB1F3C@sains.com.my> Hi again guys, Is the type of router (IOS) used is also effect the use of GRE? I have a short discussion with my friends that he told me there is such possibility that the router doesn't accept the type of GRE that ie being used. I am using router with version IOS IP Plus on version 11.1 Sounds weird to me, but this question sis to make sure. this is an excerpt from ciscom page: ------------ GRE is a tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork. By connecting multiprotocol subnetworks in a single-protocol backbone environment, IP tunneling using GRE allows network expansion across a single-protocol backbone environment. In order to run GRE, the particular Cisco router must run the IOS with IPSec and version 12.1 onwards. -------------- But I believe that this is true if I am running IPSEC, but still not sure. somebody , have any idea? From PW at WIL-DEV.COM Wed May 30 23:29:32 2001 From: PW at WIL-DEV.COM (Wilson Development) Date: Thu, 31 May 2001 00:29:32 -0400 Subject: [pptp-server] Monitoring PPTPD connections Message-ID: <00f001c0e98a$4a23e940$90428d18@hama1.on.home.com> Hi, Which tools are available for monitoring VPN connections made though PPTPD? Other than digging through the log. Will the standard PPP tools work? thanxs -------------- next part -------------- An HTML attachment was scrubbed... URL: From berzerke at swbell.net Wed May 30 23:45:29 2001 From: berzerke at swbell.net (robert) Date: Wed, 30 May 2001 23:45:29 -0500 Subject: [pptp-server] GRE with cisco IOS IP Plus on version 11.1 In-Reply-To: <3B15C01D.3FAB1F3C@sains.com.my> References: <3B15C01D.3FAB1F3C@sains.com.my> Message-ID: <01053023452900.21176@linux> Well, from the ciscom page you have to have at least version 12.1 You state you have version 11.1. Therefore, the problem is at least your router. On Wednesday 30 May 2001 22:53, Ismandy Ali wrote: > Hi again guys, > Is the type of router (IOS) used is also effect the use of GRE? I > have a short discussion with my friends that he told me there is such > possibility that the router doesn't accept the type of GRE that ie being > used. I am using router with version IOS IP Plus on version 11.1 > > Sounds weird to me, but this question sis to make sure. this is an excerpt > from ciscom page: > ------------ > GRE is a tunneling protocol developed by Cisco that can encapsulate a wide > variety of protocol packet types inside IP tunnels, creating a virtual > point-to-point link to Cisco routers at remote points over an IP > internetwork. By connecting multiprotocol subnetworks in a single-protocol > backbone environment, IP tunneling using GRE allows network expansion > across a single-protocol backbone environment. In order to run GRE, the > particular Cisco router must run the IOS with IPSec and version 12.1 > onwards. -------------- > > But I believe that this is true if I am running IPSEC, but still not sure. > somebody , have any idea? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From Josh.Howlett at bristol.ac.uk Thu May 31 02:34:26 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Thu, 31 May 2001 08:34:26 +0100 (BST) Subject: [pptp-server] Best choice? In-Reply-To: Message-ID: Vtun (vtun.sourceforge.net) is pretty good at this sort of thing. josh. On Wed, 30 May 2001, Patrick Fremond wrote: > I ve got to connect 3 sites to a headquarter using vpn on Adsl what is the > best way? > > Freeswan?? > > or something else? > > > Tks > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > From kim at armann.de Thu May 31 03:04:37 2001 From: kim at armann.de (Kim Armann) Date: Thu, 31 May 2001 10:04:37 +0200 Subject: [pptp-server] MPPE works with chapms, not chapms-v2 References: Message-ID: <3B15FB15.9A7B7C36@armann.de> In Germany I think you dont get 128 bit - how can I get 56 bit ? kim Charlie Brady wrote: > > On Wed, 30 May 2001, Kim Armann wrote: > > > Hi Josh, > > > > I have no problems : > > pppd[1582]: MSCHAP-v2 peer authentication succeeded for ****** > > pppd[1582]: Script /etc/ppp/auth-up finished (pid 1583), status = 0x0 > > pppd[1582]: rcvd [CCP ConfReq id=0x4 ] > ^^ > Your client is requesting 56 or 40 bit encryption, with MPPC compression. > > > pppd[1582]: sent [CCP ConfNak id=0x4 ] > ^^ > > Your server is responding that it supports 40 or 128 bit encryption, with > no MPPC compression. Is 40 bit encryption what you want? > > -- > > Charlie Brady charlieb at e-smith.com > http://www.e-smith.org (development) http://www.e-smith.com (corporate) > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From kim at armann.de Thu May 31 03:42:32 2001 From: kim at armann.de (Kim Armann) Date: Thu, 31 May 2001 10:42:32 +0200 Subject: [pptp-server] Chap-Secrets without domain Message-ID: <3B1603F8.4ADA974C@armann.de> Hi there, I use pptp 1.1.2 with pppd-2.4.0 - Clients Win98 and Win2k - works fine. But if I want to authenticate - Win98 uses its domain (domain\\user) But I dont want to insert a lot of entries into my /etc/ppp/chap-secrets like dom1\\user ... dom5\\user Is there a possibility to work with wildcards? *\\user does not work - do I have to use regex or something like that ? regards kim From Josh.Howlett at bristol.ac.uk Thu May 31 06:45:34 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Thu, 31 May 2001 12:45:34 +0100 (BST) Subject: [pptp-server] Chap-Secrets without domain In-Reply-To: <3B1603F8.4ADA974C@armann.de> Message-ID: There's a patch to fix this; search the archives for a URL. josh. On Thu, 31 May 2001, Kim Armann wrote: > Hi there, > > I use pptp 1.1.2 with pppd-2.4.0 - Clients Win98 and Win2k - works fine. > > But if I want to authenticate - Win98 uses its domain (domain\\user) > But I dont want to insert a lot of entries into my /etc/ppp/chap-secrets > like dom1\\user ... dom5\\user > Is there a possibility to work with wildcards? > *\\user does not work - do I have to use regex or something like that ? > > > regards kim > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > From c96jg at yahoo.com Thu May 31 08:14:55 2001 From: c96jg at yahoo.com (James D Green) Date: Thu, 31 May 2001 06:14:55 -0700 (PDT) Subject: [pptp-server] tar zxvf pptpd-1.0.1.tar.gz not working - HELP In-Reply-To: <200105311110.f4VBAMaa048354@poontang.schulte.org> Message-ID: <20010531131455.81178.qmail@web11505.mail.yahoo.com> Hi, Sorry about this I'm quite new to linux, this is the first time I've tryed to uncompress a file. I have just downloaded the pptpd-1.0.1.tar.gz, I then used the command >tar zxvf pptpd-1.0.1.tar.gz as stated in the how to (http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt) and this is what happens. Waterfall:/usr/local/src # tar zxvf pptpd-1.0.1.tar.gz gzip: stdin: not in gzip format tar: Child returned status 1 tar: Error exit delayed from previous errors Waterfall:/usr/local/src # I have no idea what to do, I'm doing what it says in the how to but it dosn't work. Thanks to anyone that can/will help. Jim PS. If it helps I'm using Suse7.1 with the 2.4 kernel. ===== ------------------------------------------------------------ You can also contact me at; Home: jim at JDGnet.freeserve.co.uk Uni: c96jg at dmu.ac.uk. Visit my web page at http://www.JDGnet.freeserve.co.uk Copyright ? 1999 James D Green All rights reserved. __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ From gord at amador.ca Thu May 31 08:43:06 2001 From: gord at amador.ca (Gord Belsey) Date: Thu, 31 May 2001 07:43:06 -0600 Subject: [pptp-server] GRE with cisco IOS IP Plus on version 11.1 In-Reply-To: <01053023452900.21176@linux> Message-ID: <00ea01c0e9d7$9fbdcb30$280111ac@amadorinc.com> Also note: IP Plus is basic IP....it doesn't include support for IPSec, firewalling etc. You need a different feature set to get support for that. There *may* be support for basic GRE tunneling in IP Plus but I doubt it....haven't checked, though. Gord -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of robert Sent: Wednesday, May 30, 2001 10:45 PM To: Ismandy Ali Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] GRE with cisco IOS IP Plus on version 11.1 Well, from the ciscom page you have to have at least version 12.1 You state you have version 11.1. Therefore, the problem is at least your router. On Wednesday 30 May 2001 22:53, Ismandy Ali wrote: > Hi again guys, > Is the type of router (IOS) used is also effect the use of GRE? I > have a short discussion with my friends that he told me there is such > possibility that the router doesn't accept the type of GRE that ie being > used. I am using router with version IOS IP Plus on version 11.1 > > Sounds weird to me, but this question sis to make sure. this is an excerpt > from ciscom page: > ------------ > GRE is a tunneling protocol developed by Cisco that can encapsulate a wide > variety of protocol packet types inside IP tunnels, creating a virtual > point-to-point link to Cisco routers at remote points over an IP > internetwork. By connecting multiprotocol subnetworks in a single-protocol > backbone environment, IP tunneling using GRE allows network expansion > across a single-protocol backbone environment. In order to run GRE, the > particular Cisco router must run the IOS with IPSec and version 12.1 > onwards. -------------- > > But I believe that this is true if I am running IPSEC, but still not sure. > somebody , have any idea? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From thorvald at natvig.com Thu May 31 08:54:52 2001 From: thorvald at natvig.com (Thorvald Natvig) Date: Thu, 31 May 2001 15:54:52 +0200 (CEST) Subject: [pptp-server] Giving up waiting for packets on LAN? In-Reply-To: Message-ID: > > I'm using pptpd-1.1.2 with ppp-2.3.11 on Linux 2.2.19, plus the mppe > > patches. > > > > The VPN link works fine for normal 'low intensity' traffic, but as soon as > > I start a full speed FTP transfer, the log on the server fills with: > > > > May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3178 after 3176 > > May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3179 after 3176 > > May 30 22:23:28 eva pptpd[30516]: Buffering out-of-order packet; got 3180 after 3176 > > May 30 22:23:28 eva pptpd[30516]: Gave up waiting for 1 lost packets beginning with 3177 > ... > > > Any ideas on what's wrong and how I can fix it? > > Sniff the network and see if that 3177 packet actually crosses the wire. > At least then you'll know which end of the list to look at more closely. I've done a bit of ethereal sniffing, and judging by the GRE sequence numbers, it seems that, indeed, some of the GRE packets from the client are silently dropped by the router. *Sigh* But why does a drop rate of 1% reduce the speed by 90%? Is the overhead of 'correcting' the loss that large? From kim at armann.de Thu May 31 09:13:29 2001 From: kim at armann.de (Kim Armann) Date: Thu, 31 May 2001 16:13:29 +0200 Subject: [pptp-server] tar zxvf pptpd-1.0.1.tar.gz not working - HELP References: <20010531131455.81178.qmail@web11505.mail.yahoo.com> Message-ID: <3B165189.E3F96622@armann.de> Hi, it seems that your achive was corrupted during the download. Either you try again to download the file and/or downlod pptpd-1.1.2 Tipp: in mc (midnight commander) you can "execute" the zipped file by marking it and hitting enter (the file must not be executable) mc enters the file and you see the filesystem-structre within the file. regards kim James D Green wrote: > > Hi, > > Sorry about this I'm quite new to linux, this is the > first time I've tryed to uncompress a file. > > I have just downloaded the pptpd-1.0.1.tar.gz, I then > used the command > > >tar zxvf pptpd-1.0.1.tar.gz > > as stated in the how to > (http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt) > and this is what happens. > > Waterfall:/usr/local/src # tar zxvf pptpd-1.0.1.tar.gz > > gzip: stdin: not in gzip format > tar: Child returned status 1 > tar: Error exit delayed from previous errors > Waterfall:/usr/local/src # > > I have no idea what to do, I'm doing what it says in > the how to but it dosn't work. > > Thanks to anyone that can/will help. > > Jim > > PS. If it helps I'm using Suse7.1 with the 2.4 kernel. > From berzerke at swbell.net Thu May 31 09:11:13 2001 From: berzerke at swbell.net (robert) Date: Thu, 31 May 2001 09:11:13 -0500 Subject: [pptp-server] tar zxvf pptpd-1.0.1.tar.gz not working - HELP In-Reply-To: <20010531131455.81178.qmail@web11505.mail.yahoo.com> References: <20010531131455.81178.qmail@web11505.mail.yahoo.com> Message-ID: <01053109111301.21176@linux> Some browsers (Netscape???) are known to unzip the file, but leave the extension unchanged. Try the commands: mv pptpd-1.0.1.tar.gz pptpd-1.0.1.tar tar xvf pptpd-1.0.1.tar BTW, use version 1.1.2 rather than 1.0.1 On Thursday 31 May 2001 08:14, James D Green wrote: > Hi, > > Sorry about this I'm quite new to linux, this is the > first time I've tryed to uncompress a file. > > I have just downloaded the pptpd-1.0.1.tar.gz, I then > used the command > > >tar zxvf pptpd-1.0.1.tar.gz > > as stated in the how to > (http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt) > and this is what happens. > > Waterfall:/usr/local/src # tar zxvf pptpd-1.0.1.tar.gz > > gzip: stdin: not in gzip format > tar: Child returned status 1 > tar: Error exit delayed from previous errors > Waterfall:/usr/local/src # > > I have no idea what to do, I'm doing what it says in > the how to but it dosn't work. > > Thanks to anyone that can/will help. > > Jim > > PS. If it helps I'm using Suse7.1 with the 2.4 kernel. > > ===== > ------------------------------------------------------------ > You can also contact me at; > Home: jim at JDGnet.freeserve.co.uk > Uni: c96jg at dmu.ac.uk. > Visit my web page at http://www.JDGnet.freeserve.co.uk > Copyright ? 1999 James D Green All rights reserved. > > __________________________________________________ > Do You Yahoo!? > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From lists at earthling.2y.net Thu May 31 09:38:09 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 31 May 2001 10:38:09 -0400 (EDT) Subject: [pptp-server] MPPE works with chapms, not chapms-v2 In-Reply-To: <3B15FB15.9A7B7C36@armann.de> Message-ID: Crypto Export restrictions have been loosened in the US for the past year or so... you should be able to obtain a 128 bit crypto patch, and install it w/o problems. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 31 May 2001, Kim Armann wrote: > In Germany I think you dont get 128 bit - how can I get 56 bit ? > > kim > > Charlie Brady wrote: > > > > On Wed, 30 May 2001, Kim Armann wrote: > > > > > Hi Josh, > > > > > > I have no problems : > > > pppd[1582]: MSCHAP-v2 peer authentication succeeded for ****** > > > pppd[1582]: Script /etc/ppp/auth-up finished (pid 1583), status = 0x0 > > > pppd[1582]: rcvd [CCP ConfReq id=0x4 ] > > ^^ > > Your client is requesting 56 or 40 bit encryption, with MPPC compression. > > > > > pppd[1582]: sent [CCP ConfNak id=0x4 ] > > ^^ > > > > Your server is responding that it supports 40 or 128 bit encryption, with > > no MPPC compression. Is 40 bit encryption what you want? > > > > -- > > > > Charlie Brady charlieb at e-smith.com > > http://www.e-smith.org (development) http://www.e-smith.com (corporate) > > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Thu May 31 09:41:02 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 31 May 2001 10:41:02 -0400 (EDT) Subject: [pptp-server] GRE with cisco IOS IP Plus on version 11.1 In-Reply-To: <3B15C01D.3FAB1F3C@sains.com.my> Message-ID: are you trying to make a gre tunnel to/from a cisco router, or are you trying to have packets pass thru a cisco router? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 31 May 2001, Ismandy Ali wrote: > > Hi again guys, > Is the type of router (IOS) used is also effect the use of GRE? I have > a short discussion with my friends that he told me there is such possibility > that the router doesn't accept the type of GRE that ie being used. I am using > router with version IOS IP Plus on version 11.1 > > Sounds weird to me, but this question sis to make sure. this is an excerpt > from ciscom page: > ------------ > GRE is a tunneling protocol developed by Cisco that can encapsulate a wide > variety of protocol packet types inside IP tunnels, creating a virtual > point-to-point link to Cisco routers at remote points over an IP internetwork. > By connecting multiprotocol subnetworks in a single-protocol backbone > environment, IP tunneling using GRE allows network expansion across a > single-protocol backbone environment. In order to run GRE, the particular > Cisco router must run the IOS with IPSec and version 12.1 onwards. > -------------- > > But I believe that this is true if I am running IPSEC, but still not sure. > somebody , have any idea? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From kim at armann.de Thu May 31 10:48:16 2001 From: kim at armann.de (Kim Armann) Date: Thu, 31 May 2001 17:48:16 +0200 Subject: [pptp-server] MPPE works with chapms, not chapms-v2 References: Message-ID: <3B1667C0.407C815@armann.de> But I found no 128 Bit enrcyption-Patch for any Win on the MS-homepage. SP6 for NT 4.0 has no 128 Bit enrcyption .... - doesnt matter right at the moment kim Justin Kreger wrote: > > Crypto Export restrictions have been loosened in the US for the past year > or so... you should be able to obtain a 128 bit crypto patch, and install > it w/o problems. > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > On Thu, 31 May 2001, Kim Armann wrote: > > > In Germany I think you dont get 128 bit - how can I get 56 bit ? > > > > kim > > > > Charlie Brady wrote: > > > > > > On Wed, 30 May 2001, Kim Armann wrote: > > > > > > > Hi Josh, > > > > > > > > I have no problems : > > > > pppd[1582]: MSCHAP-v2 peer authentication succeeded for ****** > > > > pppd[1582]: Script /etc/ppp/auth-up finished (pid 1583), status = 0x0 > > > > pppd[1582]: rcvd [CCP ConfReq id=0x4 ] > > > ^^ > > > Your client is requesting 56 or 40 bit encryption, with MPPC compression. > > > > > > > pppd[1582]: sent [CCP ConfNak id=0x4 ] > > > ^^ > > > > > > Your server is responding that it supports 40 or 128 bit encryption, with > > > no MPPC compression. Is 40 bit encryption what you want? > > > > > > -- > > > > > > Charlie Brady charlieb at e-smith.com > > > http://www.e-smith.org (development) http://www.e-smith.com (corporate) > > > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > > e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > From szmidt at zedat.fu-berlin.de Thu May 31 11:37:06 2001 From: szmidt at zedat.fu-berlin.de (Roman Schmidt) Date: Thu, 31 May 2001 18:37:06 +0200 Subject: [pptp-server] How to set up pptp on a Win2000 Client? Message-ID: <3B167332.8403C926@zedat.fu-berlin.de> Hi, I'm trying to connect a Win2000 Client with pptp to a WinNT Server, but it doesn't work. There seems to be a connection, but the error message says Win20000 wasn't shure which protocol to use. Is there need and possibility to setup pptp on a Win2000 Client? In the Network Configuration Dialog, there is no such option (like there is in WinNT). Which configuration is needed ? Thanx a lot for help, Roman From angelbracket at yahoo.com Thu May 31 12:07:40 2001 From: angelbracket at yahoo.com (Angelbracket) Date: Thu, 31 May 2001 19:07:40 +0200 Subject: [pptp-server] MPPE works with chapms, not chapms-v2 References: <3B1667C0.407C815@armann.de> Message-ID: <004f01c0e9f4$339a82f0$0d00a8c0@trinity> You can grab it for win2k @ http://www.microsoft.com/windows2000/downloads/recommended/encryption/defaul t.asp I believe that that the latest service pack 2 for win2k and the IE beta 6 also contains the upgrade to 128 bits encryption. mvg, Angelbracket. ----- Original Message ----- From: "Kim Armann" To: "Justin Kreger" Cc: "Charlie Brady" ; Sent: Thursday, May 31, 2001 5:48 PM Subject: Re: [pptp-server] MPPE works with chapms, not chapms-v2 > But I found no 128 Bit enrcyption-Patch for any Win on the MS-homepage. > SP6 for NT 4.0 has no 128 Bit enrcyption .... > - doesnt matter right at the moment > kim > > Justin Kreger wrote: > > > > Crypto Export restrictions have been loosened in the US for the past year > > or so... you should be able to obtain a 128 bit crypto patch, and install > > it w/o problems. > > > > Justin Kreger, MCP MCSE CCNA > > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > > On Thu, 31 May 2001, Kim Armann wrote: > > > > > In Germany I think you dont get 128 bit - how can I get 56 bit ? > > > > > > kim > > > > > > Charlie Brady wrote: > > > > > > > > On Wed, 30 May 2001, Kim Armann wrote: > > > > > > > > > Hi Josh, > > > > > > > > > > I have no problems : > > > > > pppd[1582]: MSCHAP-v2 peer authentication succeeded for ****** > > > > > pppd[1582]: Script /etc/ppp/auth-up finished (pid 1583), status = 0x0 > > > > > pppd[1582]: rcvd [CCP ConfReq id=0x4 ] > > > > ^^ > > > > Your client is requesting 56 or 40 bit encryption, with MPPC compression. > > > > > > > > > pppd[1582]: sent [CCP ConfNak id=0x4 ] > > > > ^^ > > > > > > > > Your server is responding that it supports 40 or 128 bit encryption, with > > > > no MPPC compression. Is 40 bit encryption what you want? > > > > > > > > -- > > > > > > > > Charlie Brady charlieb at e-smith.com > > > > http://www.e-smith.org (development) http://www.e-smith.com (corporate) > > > > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > > > e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From ismandya at sains.com.my Thu May 31 12:54:18 2001 From: ismandya at sains.com.my (Ismandy Ali) Date: Fri, 1 Jun 2001 01:54:18 +0800 Subject: [pptp-server] GRE with cisco IOS IP Plus on version 11.1 Message-ID: <7745A5BD152A.AAA6040@mail.sarawaknet.gov.my> I am trying to run my PPTPD just like anybody else. I guess i am trying to run my GRE tunnel thru the cisco router. When I use traceroute using GRE packets instead of using udp or icmp, it gave me error "admin prohibited error" - !X. more info chk for the traceroute man. Justin Kreger wrote: >are you trying to make a gre tunnel to/from a cisco router, or are you >trying to have packets pass thru a cisco router? > >Justin Kreger, MCP MCSE CCNA >jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > >On Thu, 31 May 2001, Ismandy Ali wrote: > >> >> Hi again guys, >> Is the type of router (IOS) used is also effect the use of GRE? I have >> a short discussion with my friends that he told me there is such possibility >> that the router doesn't accept the type of GRE that ie being used. I am using >> router with version IOS IP Plus on version 11.1 >> >> Sounds weird to me, but this question sis to make sure. this is an excerpt >> from ciscom page: >> ------------ >> GRE is a tunneling protocol developed by Cisco that can encapsulate a wide >> variety of protocol packet types inside IP tunnels, creating a virtual >> point-to-point link to Cisco routers at remote points over an IP internetwork. >> By connecting multiprotocol subnetworks in a single-protocol backbone >> environment, IP tunneling using GRE allows network expansion across a >> single-protocol backbone environment. In order to run GRE, the particular >> Cisco router must run the IOS with IPSec and version 12.1 onwards. >> -------------- >> >> But I believe that this is true if I am running IPSEC, but still not sure. >> somebody , have any idea? >> >> _______________________________________________ >> pptp-server maillist - pptp-server at lists.schulte.org >> http://lists.schulte.org/mailman/listinfo/pptp-server >> List services provided by www.schulteconsulting.com! >> > > From palliett at accurcast.com Thu May 31 14:08:52 2001 From: palliett at accurcast.com (Peter Alliett) Date: Thu, 31 May 2001 15:08:52 -0400 Subject: [pptp-server] Connecting remote sites w/Samba Message-ID: This question probably does not apply to this maillist but I will ask anyway. I have 2 sites connected remotely via pptp linux client, now they want to be able to browse the network via Network Neighborhood. I can't seem to get this to work. I tried using samba but I could not get it to work. Has anyone had success with this or is it even possible. Thanks, Peter From csy at hjc.edu.sg Thu May 31 14:10:54 2001 From: csy at hjc.edu.sg (Chen Shiyuan) Date: Fri, 01 Jun 2001 03:10:54 +0800 (SGT) Subject: [pptp-server] GRE with cisco IOS IP Plus on version 11.1 In-Reply-To: <7745A5BD152A.AAA6040@mail.sarawaknet.gov.my> References: <7745A5BD152A.AAA6040@mail.sarawaknet.gov.my> Message-ID: <991336254.3b16973ec2534@home.hjc.edu.sg> do you currently have any ip access lists on your router? if so, you might need to explicity allow GRE traffic to pass through your router. e.g. access-list NNN permit gre if not your access list could be blocking GRE traffic from passing through. note that it is permit GRE and NOT permit TCP/UDP . On Fri, 1 Jun 2001 01:54:18 +0800, Ismandy Ali wrote : > I am trying to run my PPTPD just like anybody else. I guess i am > trying to > run my GRE tunnel thru the cisco router. When I use > traceroute using GRE > packets instead of using udp or icmp, it gave me error "admin > prohibited > error" - !X. more info chk for the traceroute man. From lists at earthling.2y.net Thu May 31 15:39:52 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 31 May 2001 16:39:52 -0400 (EDT) Subject: [pptp-server] MPPE works with chapms, not chapms-v2 In-Reply-To: <3B1667C0.407C815@armann.de> Message-ID: Yes, NT has 128 bit encryption, its achieved by installing the 128 bit service pack. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 31 May 2001, Kim Armann wrote: > But I found no 128 Bit enrcyption-Patch for any Win on the MS-homepage. > SP6 for NT 4.0 has no 128 Bit enrcyption .... > - doesnt matter right at the moment > kim > > Justin Kreger wrote: > > > > Crypto Export restrictions have been loosened in the US for the past year > > or so... you should be able to obtain a 128 bit crypto patch, and install > > it w/o problems. > > > > Justin Kreger, MCP MCSE CCNA > > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > > On Thu, 31 May 2001, Kim Armann wrote: > > > > > In Germany I think you dont get 128 bit - how can I get 56 bit ? > > > > > > kim > > > > > > Charlie Brady wrote: > > > > > > > > On Wed, 30 May 2001, Kim Armann wrote: > > > > > > > > > Hi Josh, > > > > > > > > > > I have no problems : > > > > > pppd[1582]: MSCHAP-v2 peer authentication succeeded for ****** > > > > > pppd[1582]: Script /etc/ppp/auth-up finished (pid 1583), status = 0x0 > > > > > pppd[1582]: rcvd [CCP ConfReq id=0x4 ] > > > > ^^ > > > > Your client is requesting 56 or 40 bit encryption, with MPPC compression. > > > > > > > > > pppd[1582]: sent [CCP ConfNak id=0x4 ] > > > > ^^ > > > > > > > > Your server is responding that it supports 40 or 128 bit encryption, with > > > > no MPPC compression. Is 40 bit encryption what you want? > > > > > > > > -- > > > > > > > > Charlie Brady charlieb at e-smith.com > > > > http://www.e-smith.org (development) http://www.e-smith.com (corporate) > > > > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > > > e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > From lists at earthling.2y.net Thu May 31 15:41:25 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 31 May 2001 16:41:25 -0400 (EDT) Subject: [pptp-server] How to set up pptp on a Win2000 Client? In-Reply-To: <3B167332.8403C926@zedat.fu-berlin.de> Message-ID: What protocol? vpn protocol? network protocol? Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 31 May 2001, Roman Schmidt wrote: > Hi, > I'm trying to connect a Win2000 Client with pptp to a WinNT Server, but > it doesn't work. There seems to be a connection, but the error message > says Win20000 wasn't shure which protocol to use. > Is there need and possibility to setup pptp on a Win2000 Client? In the > Network Configuration Dialog, there is no such option (like there is in > WinNT). > > Which configuration is needed ? > > Thanx a lot for help, > Roman > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Thu May 31 15:41:58 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 31 May 2001 16:41:58 -0400 (EDT) Subject: [pptp-server] GRE with cisco IOS IP Plus on version 11.1 In-Reply-To: <7745A5BD152A.AAA6040@mail.sarawaknet.gov.my> Message-ID: Allow Protocol 47 thru your router Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Fri, 1 Jun 2001, Ismandy Ali wrote: > I am trying to run my PPTPD just like anybody else. I guess i am trying to > run my GRE tunnel thru the cisco router. When I use traceroute using GRE > packets instead of using udp or icmp, it gave me error "admin prohibited > error" - !X. more info chk for the traceroute man. > > > > Justin Kreger wrote: > >are you trying to make a gre tunnel to/from a cisco router, or are you > >trying to have packets pass thru a cisco router? > > > >Justin Kreger, MCP MCSE CCNA > >jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net > > > > > >On Thu, 31 May 2001, Ismandy Ali wrote: > > > >> > >> Hi again guys, > >> Is the type of router (IOS) used is also effect the use of GRE? > I have > >> a short discussion with my friends that he told me there is such > possibility > >> that the router doesn't accept the type of GRE that ie being used. I am > using > >> router with version IOS IP Plus on version 11.1 > >> > >> Sounds weird to me, but this question sis to make sure. this is an > excerpt > >> from ciscom page: > >> ------------ > >> GRE is a tunneling protocol developed by Cisco that can encapsulate a > wide > >> variety of protocol packet types inside IP tunnels, creating a virtual > >> point-to-point link to Cisco routers at remote points over an IP > internetwork. > >> By connecting multiprotocol subnetworks in a single-protocol backbone > >> environment, IP tunneling using GRE allows network expansion across a > >> single-protocol backbone environment. In order to run GRE, the > particular > >> Cisco router must run the IOS with IPSec and version 12.1 onwards. > >> -------------- > >> > >> But I believe that this is true if I am running IPSEC, but still not > sure. > >> somebody , have any idea? > >> > >> _______________________________________________ > >> pptp-server maillist - pptp-server at lists.schulte.org > >> http://lists.schulte.org/mailman/listinfo/pptp-server > >> List services provided by www.schulteconsulting.com! > >> > > > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From lists at earthling.2y.net Thu May 31 15:56:02 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Thu, 31 May 2001 16:56:02 -0400 (EDT) Subject: [pptp-server] Connecting remote sites w/Samba In-Reply-To: Message-ID: Ok, both have to have the same domain/workgroup name, and share common wins servers. I think the freeswan faq has how to do this in more detail. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net On Thu, 31 May 2001, Peter Alliett wrote: > This question probably does not apply to this maillist but I will ask > anyway. > > I have 2 sites connected remotely via pptp linux client, now they want to be > able to browse the network via Network Neighborhood. I can't seem to get > this to work. I tried using samba but I could not get it to work. > > Has anyone had success with this or is it even possible. > > Thanks, > > Peter > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From berzerke at swbell.net Thu May 31 17:54:02 2001 From: berzerke at swbell.net (robert) Date: Thu, 31 May 2001 17:54:02 -0500 Subject: [pptp-server] Connecting remote sites w/Samba In-Reply-To: References: Message-ID: <01053117540200.22319@linux> The 2.4 kernel howto at http://home.swbell.net/berzerke, section 5.10 tries to answer this question. It is possible. On Thursday 31 May 2001 14:08, Peter Alliett wrote: > This question probably does not apply to this maillist but I will ask > anyway. > > I have 2 sites connected remotely via pptp linux client, now they want to > be able to browse the network via Network Neighborhood. I can't seem to > get this to work. I tried using samba but I could not get it to work. > > Has anyone had success with this or is it even possible. > > Thanks, > > Peter > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From ctooley at amoa.org Thu May 31 18:35:46 2001 From: ctooley at amoa.org (ctooley at amoa.org) Date: Thu, 31 May 2001 18:35:46 -0500 Subject: [pptp-server] Connecting remote sites w/Samba Message-ID: <86256A5D.00819AE2.00@amoa.org> Is there any hope of this ever getting on the PoPToP website, as that would be the ideal place for it. Chris Tooley robert on 05/31/2001 05:54:02 PM To: Peter Alliett , "vpn (E-mail)" cc: (bcc: Chris Tooley/AMOA) Subject Re: [pptp-server] Connecting remote sites : w/Samba The 2.4 kernel howto at http://home.swbell.net/berzerke, section 5.10 tries to answer this question. It is possible. On Thursday 31 May 2001 14:08, Peter Alliett wrote: > This question probably does not apply to this maillist but I will ask > anyway. > > I have 2 sites connected remotely via pptp linux client, now they want to > be able to browse the network via Network Neighborhood. I can't seem to > get this to work. I tried using samba but I could not get it to work. > > Has anyone had success with this or is it even possible. > > Thanks, > > Peter > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com!