From Paul.Clark at scapatech.com Thu Nov 1 07:25:52 2001 From: Paul.Clark at scapatech.com (Paul.Clark at scapatech.com) Date: Thu, 1 Nov 2001 13:25:52 +0000 Subject: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. Message-ID: Hi, I have pptp running without encryption but I cannot get PPP set up right to use encryption and MSCHAP authentication. I am running Redhat 7.0 , pptpd-1.0.1, ppp 2.4.1. I am following the instructions on http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt but when I get to the 'make kernel' command to add the modules to the kernel source the command fails. The kinstall.sh script does not seem to be present in this version of ppp. Does anyone have any experience of installing pptpd on Redhat 7.0. Any ideas/ help much appreciated. Thanks Paul From shost at intellimec.com Thu Nov 1 07:47:24 2001 From: shost at intellimec.com (Steve Host) Date: Thu, 1 Nov 2001 08:47:24 -0500 Subject: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. References: Message-ID: <000901c162db$bc962180$5009630a@intellimec.com> ppp 2.4.1 is supposed to be used with Kernel 2.4 if i'm not mistaking. I suggest you downgrade your PPP to say 2.2.11 (which is what i'm using, with kernel 2.2.19) The scripts exist. Compilation can still be a pain, but if you follow the FAQ here and have patience: http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt then you'll be able to overcome your problems. ----- Original Message ----- From: To: Sent: Thursday, November 01, 2001 8:25 AM Subject: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. > Hi, > > I have pptp running without encryption but I cannot get PPP set up right > to use encryption and MSCHAP authentication. > > I am running Redhat 7.0 , pptpd-1.0.1, ppp 2.4.1. > > I am following the instructions on > http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt but when I get > to the 'make kernel' command to add the modules to the kernel source the > command fails. The kinstall.sh script does not seem to be present in > this version of ppp. > > Does anyone have any experience of installing pptpd on Redhat 7.0. Any > ideas/ help much appreciated. > > Thanks > > Paul > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From csjoshi at dishatech.com Thu Nov 1 08:02:47 2001 From: csjoshi at dishatech.com (Shekhar Joshi) Date: Thu, 01 Nov 2001 19:32:47 +0530 Subject: [Fwd: [pptp-server] Compiling PPP with MSCHAPv2/MPPE.] Message-ID: <3BE15607.7C288F56@dishatech.com> -------------- next part -------------- An embedded message was scrubbed... From: Shekhar Joshi Subject: Re: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. Date: Thu, 01 Nov 2001 19:31:24 +0530 Size: 2855 URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: csjoshi.vcf Type: text/x-vcard Size: 312 bytes Desc: Card for Shekhar Joshi URL: From Paul.Clark at scapatech.com Thu Nov 1 08:15:44 2001 From: Paul.Clark at scapatech.com (Paul.Clark at scapatech.com) Date: Thu, 1 Nov 2001 14:15:44 +0000 Subject: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. Message-ID: I as suggested have been trying to compile ppp 2.3.11 and when try to compile the modules I get the following output, any ideas. [root at fw linux]# make modules SUBDIRS=drivers/net make -C drivers/net CFLAGS="-Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DCPU=686 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h" MAKING_MODULES=1 modules make[1]: Entering directory `/usr/src/linux-2.2.16/drivers/net' gcc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DCPU=686 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -DEXPORT_SYMTAB -c ppp.c In file included from /usr/src/linux/include/linux/sched.h:20, from ppp.c:54: /usr/src/linux/include/linux/smp.h:77:49: warning: "smp_num_cpus" redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:28:1: warning: this is the location of the previous definition /usr/src/linux/include/linux/smp.h:83:26: warning: "smp_call_function" redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:118:1: warning: this is the location of the previous definition In file included from /usr/src/linux/include/linux/sched.h:74, from ppp.c:54: /usr/src/linux/include/asm/processor.h:96:18: warning: "cpu_data" redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:6:1: warning: this is the location of the previous definition In file included from /usr/src/linux/include/linux/interrupt.h:51, from ppp.c:57: /usr/src/linux/include/asm/hardirq.h:23:24: warning: "synchronize_irq" redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:138:1: warning: this is the location of the previous definition In file included from /usr/src/linux/include/linux/interrupt.h:52, from ppp.c:57: /usr/src/linux/include/asm/softirq.h:75:23: warning: "synchronize_bh" redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:142:1: warning: this is the location of the previous definition ppp.c:188: warning: static declaration for `ppp_register_compressor_R9682e733' follows non-static ppp.c:189: warning: static declaration for `ppp_unregister_compressor_Ra1b928df' follows non-static {standard input}: Assembler messages: {standard input}:9: Warning: Ignoring changed section attributes for .modinfo ppp.c: In function `rcv_proto_unknown': ppp.c:2563: too few arguments to function `kill_fasync_R__ver_kill_fasync' make[1]: *** [ppp.o] Error 1 make[1]: Leaving directory `/usr/src/linux-2.2.16/drivers/net' make: *** [_mod_drivers/net] Error 2 Thanks Paul From shost at intellimec.com Thu Nov 1 09:35:19 2001 From: shost at intellimec.com (Steve Host) Date: Thu, 1 Nov 2001 10:35:19 -0500 Subject: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. References: Message-ID: <002c01c162ea$d08aa120$5009630a@intellimec.com> From: http://mirror.binarix.com/ppp-mppe/README Edit ppp.c. Find the below and make the change at line approx 2563: Change: kill_fasync (ppp->tty->fasync, SIGIO); to: kill_fasync (ppp->tty->fasync, SIGIO, POLL_IN); Patch is below: RedHat update 14/10/2000 ------------------------ A number of people have reported problems with RedHat supplied kernels in RedHat 6.2 and 7.0. Harv Frost pointed out a patch that fixes a compilation problem: ppp.c: In function `rcv_proto_unknown': ppp.c:2563: too few arguments to function `kill_fasync_R5e73d35d' Patch: --- ./drivers/net/ppp.c~ Wed Apr 12 19:56:45 2000 +++ ./drivers/net/ppp.c Wed Apr 12 20:28:39 2000 @@ -2560,7 +2560,7 @@ wake_up_interruptible (&ppp->read_wait); if (ppp->tty->fasync != NULL) - kill_fasync (ppp->tty->fasync, SIGIO); + kill_fasync (ppp->tty->fasync, SIGIO, POLL_IN); return 1; } ----- Original Message ----- From: To: Sent: Thursday, November 01, 2001 9:15 AM Subject: RE: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. > I as suggested have been trying to compile ppp 2.3.11 and when try to > compile the modules I get the following output, any ideas. > > > > [root at fw linux]# make modules SUBDIRS=drivers/net > make -C drivers/net CFLAGS="-Wall -Wstrict-prototypes -O2 > -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce > -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DCPU=686 > -DMODULE -DMODVERSIONS -include > /usr/src/linux/include/linux/modversions.h" MAKING_MODULES=1 modules > make[1]: Entering directory `/usr/src/linux-2.2.16/drivers/net' > gcc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -O2 > -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce > -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DCPU=686 > -DMODULE -DMODVERSIONS -include > /usr/src/linux/include/linux/modversions.h -DEXPORT_SYMTAB -c ppp.c > In file included from /usr/src/linux/include/linux/sched.h:20, > from ppp.c:54: > /usr/src/linux/include/linux/smp.h:77:49: warning: "smp_num_cpus" > redefined > /usr/src/linux/include/linux/modules/i386_ksyms.ver:28:1: warning: this > is the location of the previous definition > /usr/src/linux/include/linux/smp.h:83:26: warning: "smp_call_function" > redefined > /usr/src/linux/include/linux/modules/i386_ksyms.ver:118:1: warning: this > is the location of the previous definition > In file included from /usr/src/linux/include/linux/sched.h:74, > from ppp.c:54: > /usr/src/linux/include/asm/processor.h:96:18: warning: "cpu_data" > redefined > /usr/src/linux/include/linux/modules/i386_ksyms.ver:6:1: warning: this > is the location of the previous definition > In file included from /usr/src/linux/include/linux/interrupt.h:51, > from ppp.c:57: > /usr/src/linux/include/asm/hardirq.h:23:24: warning: "synchronize_irq" > redefined > /usr/src/linux/include/linux/modules/i386_ksyms.ver:138:1: warning: this > is the location of the previous definition > In file included from /usr/src/linux/include/linux/interrupt.h:52, > from ppp.c:57: > /usr/src/linux/include/asm/softirq.h:75:23: warning: "synchronize_bh" > redefined > /usr/src/linux/include/linux/modules/i386_ksyms.ver:142:1: warning: this > is the location of the previous definition > ppp.c:188: warning: static declaration for > `ppp_register_compressor_R9682e733' follows non-static > ppp.c:189: warning: static declaration for > `ppp_unregister_compressor_Ra1b928df' follows non-static > {standard input}: Assembler messages: > {standard input}:9: Warning: Ignoring changed section attributes for > .modinfo > ppp.c: In function `rcv_proto_unknown': > ppp.c:2563: too few arguments to function > `kill_fasync_R__ver_kill_fasync' > make[1]: *** [ppp.o] Error 1 > make[1]: Leaving directory `/usr/src/linux-2.2.16/drivers/net' > make: *** [_mod_drivers/net] Error 2 > > Thanks > > Paul > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From jroland at roland.net Thu Nov 1 10:33:44 2001 From: jroland at roland.net (Jim Roland) Date: Thu, 1 Nov 2001 10:33:44 -0600 Subject: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. References: Message-ID: <003401c162f2$f9bff880$bb1cfa18@JimWS> That HOWTO is very out of date. Read the README, and somewhere around ppp-2.4.0 there is a mention of RedHat and download of "2 patches", one of which is for the 2.4 kernel. Just apply it, recompile the kernel (make dep clean install) and make the modules (make modules SUBDIRS=drivers/net && make modules_install). ----- Original Message ----- From: To: Sent: Thursday, November 01, 2001 7:25 AM Subject: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. > Hi, > > I have pptp running without encryption but I cannot get PPP set up right > to use encryption and MSCHAP authentication. > > I am running Redhat 7.0 , pptpd-1.0.1, ppp 2.4.1. > > I am following the instructions on > http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt but when I get > to the 'make kernel' command to add the modules to the kernel source the > command fails. The kinstall.sh script does not seem to be present in > this version of ppp. > > Does anyone have any experience of installing pptpd on Redhat 7.0. Any > ideas/ help much appreciated. > > Thanks > > Paul > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From Paul.Clark at scapatech.com Thu Nov 1 10:27:16 2001 From: Paul.Clark at scapatech.com (Paul.Clark at scapatech.com) Date: Thu, 1 Nov 2001 16:27:16 +0000 Subject: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. Message-ID: Now when I try to compile I the modules it fails at slhc.c with the following output. Anyone any ideas? [root at fw linux]# make modules SUBDIRS=drivers/net make -C drivers/net CFLAGS="-Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce -m386 -DCPU=386 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h" MAKING_MODULES=1 modules make[1]: Entering directory `/usr/src/linux-2.2.16/drivers/net' gcc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce -m386 -DCPU=386 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -DEXPORT_SYMTAB -c slhc.c In file included from slhc.c:55: /usr/src/linux/include/linux/module.h:145: `get_module_symbol_R_ver_str' declared as function returning a function /usr/src/linux/include/linux/module.h:145: warning: parameter names (without types) in function declaration In file included from /usr/src/linux/include/linux/sched.h:20, from slhc.c:62: /usr/src/linux/include/linux/smp.h:77:49: warning: "smp_num_cpus" redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:28:1: warning: this is the location of the previous definition /usr/src/linux/include/linux/smp.h:83:26: warning: "smp_call_function" redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:118:1: warning: this is the location of the previous definition In file included from /usr/src/linux/include/linux/sched.h:74, from slhc.c:62: /usr/src/linux/include/asm/processor.h:96:18: warning: "cpu_data" redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:6:1: warning: this is the location of the previous definition In file included from /usr/src/linux/include/linux/interrupt.h:51, from /usr/src/linux/include/linux/netdevice.h:334, from slhc.c:70: /usr/src/linux/include/asm/hardirq.h:23:24: warning: "synchronize_irq" redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:138:1: warning: this is the location of the previous definition In file included from /usr/src/linux/include/linux/interrupt.h:52, from /usr/src/linux/include/linux/netdevice.h:334, from slhc.c:70: /usr/src/linux/include/asm/softirq.h:75:23: warning: "synchronize_bh" redefined /usr/src/linux/include/linux/modules/i386_ksyms.ver:142:1: warning: this is the location of the previous definition {standard input}: Assembler messages: {standard input}:9: Warning: Ignoring changed section attributes for .modinfo make[1]: *** [slhc.o] Error 1 make[1]: Leaving directory `/usr/src/linux-2.2.16/drivers/net' make: *** [_mod_drivers/net] Error 2 Thanks Paul > -----Original Message----- > From: shost [mailto:shost at intellimec.com] > Sent: 01 November 2001 15:35 > To: Paul Clark; pptp-server > Subject: Re: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. > > > From: http://mirror.binarix.com/ppp-mppe/README > > Edit ppp.c. Find the below and make the change at line approx 2563: > > Change: > kill_fasync (ppp->tty->fasync, SIGIO); > > to: > kill_fasync (ppp->tty->fasync, SIGIO, POLL_IN); > > > Patch is below: > > > RedHat update 14/10/2000 > ------------------------ > A number of people have reported problems with RedHat > supplied kernels in > RedHat 6.2 and 7.0. Harv Frost pointed out a patch that fixes > a compilation > problem: > > ppp.c: In function `rcv_proto_unknown': > ppp.c:2563: too few arguments to function `kill_fasync_R5e73d35d' > > Patch: > > --- ./drivers/net/ppp.c~ Wed Apr 12 19:56:45 2000 > +++ ./drivers/net/ppp.c Wed Apr 12 20:28:39 2000 > @@ -2560,7 +2560,7 @@ > > wake_up_interruptible (&ppp->read_wait); > if (ppp->tty->fasync != NULL) > - kill_fasync (ppp->tty->fasync, SIGIO); > + kill_fasync (ppp->tty->fasync, SIGIO, POLL_IN); > > return 1; > } > > > > ----- Original Message ----- > From: > To: > Sent: Thursday, November 01, 2001 9:15 AM > Subject: RE: [pptp-server] Compiling PPP with MSCHAPv2/MPPE. > > > > I as suggested have been trying to compile ppp 2.3.11 and > when try to > > compile the modules I get the following output, any ideas. > > > > > > > > [root at fw linux]# make modules SUBDIRS=drivers/net > > make -C drivers/net CFLAGS="-Wall -Wstrict-prototypes -O2 > > -fomit-frame-pointer -fno-strict-aliasing -pipe > -fno-strength-reduce > > -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DCPU=686 > > -DMODULE -DMODVERSIONS -include > > /usr/src/linux/include/linux/modversions.h" MAKING_MODULES=1 modules > > make[1]: Entering directory `/usr/src/linux-2.2.16/drivers/net' > > gcc -D__KERNEL__ -I/usr/src/linux/include -Wall > -Wstrict-prototypes -O2 > > -fomit-frame-pointer -fno-strict-aliasing -pipe > -fno-strength-reduce > > -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DCPU=686 > > -DMODULE -DMODVERSIONS -include > > /usr/src/linux/include/linux/modversions.h > -DEXPORT_SYMTAB -c ppp.c > > In file included from /usr/src/linux/include/linux/sched.h:20, > > from ppp.c:54: > > /usr/src/linux/include/linux/smp.h:77:49: warning: "smp_num_cpus" > > redefined > > /usr/src/linux/include/linux/modules/i386_ksyms.ver:28:1: > warning: this > > is the location of the previous definition > > /usr/src/linux/include/linux/smp.h:83:26: warning: > "smp_call_function" > > redefined > > /usr/src/linux/include/linux/modules/i386_ksyms.ver:118:1: > warning: this > > is the location of the previous definition > > In file included from /usr/src/linux/include/linux/sched.h:74, > > from ppp.c:54: > > /usr/src/linux/include/asm/processor.h:96:18: warning: "cpu_data" > > redefined > > /usr/src/linux/include/linux/modules/i386_ksyms.ver:6:1: > warning: this > > is the location of the previous definition > > In file included from /usr/src/linux/include/linux/interrupt.h:51, > > from ppp.c:57: > > /usr/src/linux/include/asm/hardirq.h:23:24: warning: > "synchronize_irq" > > redefined > > /usr/src/linux/include/linux/modules/i386_ksyms.ver:138:1: > warning: this > > is the location of the previous definition > > In file included from /usr/src/linux/include/linux/interrupt.h:52, > > from ppp.c:57: > > /usr/src/linux/include/asm/softirq.h:75:23: warning: > "synchronize_bh" > > redefined > > /usr/src/linux/include/linux/modules/i386_ksyms.ver:142:1: > warning: this > > is the location of the previous definition > > ppp.c:188: warning: static declaration for > > `ppp_register_compressor_R9682e733' follows non-static > > ppp.c:189: warning: static declaration for > > `ppp_unregister_compressor_Ra1b928df' follows non-static > > {standard input}: Assembler messages: > > {standard input}:9: Warning: Ignoring changed section > attributes for > > .modinfo > > ppp.c: In function `rcv_proto_unknown': > > ppp.c:2563: too few arguments to function > > `kill_fasync_R__ver_kill_fasync' > > make[1]: *** [ppp.o] Error 1 > > make[1]: Leaving directory `/usr/src/linux-2.2.16/drivers/net' > > make: *** [_mod_drivers/net] Error 2 > > > > Thanks > > > > Paul > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From jroland at roland.net Thu Nov 1 10:39:36 2001 From: jroland at roland.net (Jim Roland) Date: Thu, 1 Nov 2001 10:39:36 -0600 Subject: [pptp-server] Martian packets and NetBIOS problems References: Message-ID: <006701c162f3$ce09faa0$bb1cfa18@JimWS> I have never been able to make 40-bit work among other freaky bugs. Add the Encryption pack to your Win2k client and enable mppe-128 in your options file (disable/comment-out mppe-40) and it should work. ----- Original Message ----- From: "Matt Gavin" To: "Leo Torio" Cc: "PPTPD User Group (E-mail)" Sent: Wednesday, October 24, 2001 4:47 PM Subject: RE: [pptp-server] Martian packets and NetBIOS problems > You need to patch you PoPToP Vpn server to allow 128 Bit encryption. I only > have 40 Bit encryption enabled on my server at the moment have not had time > to look at 128 Bit. You can get the patch and documentation from > http://poptop.lineo.com > > You should be able to connect with the Windows 2000 client with 40 Bit > encryption enabled. If you are running Samba on your "Mini network" then > accessing shared folders is another issue, I don't do this myself, but again > there are Docs on allowing SMB through the PoPToP at the PoPToP site as > above. > > As for Ipchains, someone posted this earlier in the week: > > # IP network address of the PPTP network > PPTPLAN="192.168.0.245/32" > PPTPIF="ppp+" > > # IP network address of the internal network > INTLAN="192.168.0.0/24" > INTIF="eth0" > > EXTIF="eth1" > > UNIVERSE="0.0.0.0/0" > > BROADCAST="255.255.255.255" > > SECUREHOST= use UNIVERSE instead if you want it wide open> > > # PPTP traffic > /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s $SECUREHOST -d > $EXTIP 1723 > /sbin/ipchains -A input -p 47 -j ACCEPT > > /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s $SECUREHOST 1723 > -d $UNIVERSE > /sbin/ipchains -A output -p 47 -j ACCEPT > > # PPTP: need to allow all incoming traffic on PPTPIF > /sbin/ipchains -A input -i $PPTPIF -s $PPTPLAN -d $INTLAN -j ACCEPT > > # PPTP: need to allow all outgoing traffic on PPTPIF > /sbin/ipchains -A output -i $PPTPIF -s $INTLAN -d $PPTPLAN -j ACCEPT > > # Enable TCP/IP forwarding between the PPTP network and the Internal LAN > /sbin/ipchains -A forward -i $INTIF -s $PPTPLAN -d $INTLAN -j ACCEPT > /sbin/ipchains -A forward -i $PPTPIF -s $INTLAN -d $PPTPLAN -j ACCEPT > > # DHCP traffic > /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p udp -s $UNIVERSE bootpc > -d $BROADCAST/0 bootps > /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p tcp -s $UNIVERSE bootpc > -d $BROADCAST/0 bootps > > # ICMP traffic (ping) > /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p icmp -s $UNIVERSE -d > $EXTIP > > Matt Gavin > Tempo Services Limited > ~~~~~~~~~~~~~~~~~~~~~~ > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From barjunk at attglobal.net Thu Nov 1 14:03:10 2001 From: barjunk at attglobal.net (Michael Barsalou) Date: Thu, 1 Nov 2001 11:03:10 -0900 Subject: [pptp-server] Windows XP Message-ID: <3BE12BEE.19094.1B2A54@localhost> We have a working PPTP setup, however, someone got a new Windows XP laptop and now can't browse the network neighborhood. Anyone have suggestions on where I can find some good info on how to setup one of these machines? Mike Michael Barsalou barjunk at attglobal.net From simon_yuen at fujitsu.com.hk Thu Nov 1 21:11:55 2001 From: simon_yuen at fujitsu.com.hk (Simon Yuen) Date: Fri, 2 Nov 2001 11:11:55 +0800 Subject: Fw: Question on [pptp-server] Redhat V7.0 and Kernel V2.2.16-22 Message-ID: <006301c1634c$204c2510$2a4210ac@ShenZhen> I followed the instruction in http://www.vibrationresearch.com/pptpd/example.html but I failed in "make bzImage". My Kernel is 2.2.16-22 and using RedHat 7.0. I also downloaded the http://www.vibrationresearch.com/pptpd/if_ppp_2.2.17.diff. Anyone know the reason. Following is the output message : make bzImage cc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -D__SMP__ -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DCPU=686 -DUTS_MACHINE='"i386"' -c -o init/version.o init/version.c make -C kernel make[1]: Entering directory `/usr/src/linux/kernel' make all_targets make[2]: Entering directory `/usr/src/linux/kernel' make[2]: Nothing to be done for `all_targets'. make[2]: Leaving directory `/usr/src/linux/kernel' make[1]: Leaving directory `/usr/src/linux/kernel' make -C drivers make[1]: Entering directory `/usr/src/linux/drivers' make -C block make[2]: Entering directory `/usr/src/linux/drivers/block' make all_targets make[3]: Entering directory `/usr/src/linux/drivers/block' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/drivers/block' make[2]: Leaving directory `/usr/src/linux/drivers/block' make -C char make[2]: Entering directory `/usr/src/linux/drivers/char' make all_targets make[3]: Entering directory `/usr/src/linux/drivers/char' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/drivers/char' make[2]: Leaving directory `/usr/src/linux/drivers/char' make -C net make[2]: Entering directory `/usr/src/linux/drivers/net' make all_targets make[3]: Entering directory `/usr/src/linux/drivers/net' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/drivers/net' make[2]: Leaving directory `/usr/src/linux/drivers/net' make -C misc make[2]: Entering directory `/usr/src/linux/drivers/misc' make all_targets make[3]: Entering directory `/usr/src/linux/drivers/misc' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/drivers/misc' make[2]: Leaving directory `/usr/src/linux/drivers/misc' make -C sound make[2]: Entering directory `/usr/src/linux/drivers/sound' make all_targets make[3]: Entering directory `/usr/src/linux/drivers/sound' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/drivers/sound' make[2]: Leaving directory `/usr/src/linux/drivers/sound' make -C pci make[2]: Entering directory `/usr/src/linux/drivers/pci' make all_targets make[3]: Entering directory `/usr/src/linux/drivers/pci' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/drivers/pci' make[2]: Leaving directory `/usr/src/linux/drivers/pci' make -C video make[2]: Entering directory `/usr/src/linux/drivers/video' make all_targets make[3]: Entering directory `/usr/src/linux/drivers/video' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/drivers/video' make[2]: Leaving directory `/usr/src/linux/drivers/video' make -C scsi make[2]: Entering directory `/usr/src/linux/drivers/scsi' make all_targets make[3]: Entering directory `/usr/src/linux/drivers/scsi' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/drivers/scsi' make[2]: Leaving directory `/usr/src/linux/drivers/scsi' make -C cdrom make[2]: Entering directory `/usr/src/linux/drivers/cdrom' make all_targets make[3]: Entering directory `/usr/src/linux/drivers/cdrom' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/drivers/cdrom' make[2]: Leaving directory `/usr/src/linux/drivers/cdrom' make all_targets make[2]: Entering directory `/usr/src/linux/drivers' make[2]: Nothing to be done for `all_targets'. make[2]: Leaving directory `/usr/src/linux/drivers' make[1]: Leaving directory `/usr/src/linux/drivers' make -C mm make[1]: Entering directory `/usr/src/linux/mm' make all_targets make[2]: Entering directory `/usr/src/linux/mm' make[2]: Nothing to be done for `all_targets'. make[2]: Leaving directory `/usr/src/linux/mm' make[1]: Leaving directory `/usr/src/linux/mm' make -C fs make[1]: Entering directory `/usr/src/linux/fs' make -C ext2 make[2]: Entering directory `/usr/src/linux/fs/ext2' make all_targets make[3]: Entering directory `/usr/src/linux/fs/ext2' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/fs/ext2' make[2]: Leaving directory `/usr/src/linux/fs/ext2' make -C proc make[2]: Entering directory `/usr/src/linux/fs/proc' make all_targets make[3]: Entering directory `/usr/src/linux/fs/proc' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/fs/proc' make[2]: Leaving directory `/usr/src/linux/fs/proc' make -C isofs make[2]: Entering directory `/usr/src/linux/fs/isofs' make all_targets make[3]: Entering directory `/usr/src/linux/fs/isofs' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/fs/isofs' make[2]: Leaving directory `/usr/src/linux/fs/isofs' make -C nfs make[2]: Entering directory `/usr/src/linux/fs/nfs' make all_targets make[3]: Entering directory `/usr/src/linux/fs/nfs' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/fs/nfs' make[2]: Leaving directory `/usr/src/linux/fs/nfs' make -C lockd make[2]: Entering directory `/usr/src/linux/fs/lockd' make all_targets make[3]: Entering directory `/usr/src/linux/fs/lockd' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/fs/lockd' make[2]: Leaving directory `/usr/src/linux/fs/lockd' make -C autofs make[2]: Entering directory `/usr/src/linux/fs/autofs' make all_targets make[3]: Entering directory `/usr/src/linux/fs/autofs' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/fs/autofs' make[2]: Leaving directory `/usr/src/linux/fs/autofs' make -C devpts make[2]: Entering directory `/usr/src/linux/fs/devpts' make all_targets make[3]: Entering directory `/usr/src/linux/fs/devpts' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/fs/devpts' make[2]: Leaving directory `/usr/src/linux/fs/devpts' make all_targets make[2]: Entering directory `/usr/src/linux/fs' make[2]: Nothing to be done for `all_targets'. make[2]: Leaving directory `/usr/src/linux/fs' make[1]: Leaving directory `/usr/src/linux/fs' make -C net make[1]: Entering directory `/usr/src/linux/net' make -C core make[2]: Entering directory `/usr/src/linux/net/core' make all_targets make[3]: Entering directory `/usr/src/linux/net/core' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/net/core' make[2]: Leaving directory `/usr/src/linux/net/core' make -C ethernet make[2]: Entering directory `/usr/src/linux/net/ethernet' make all_targets make[3]: Entering directory `/usr/src/linux/net/ethernet' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/net/ethernet' make[2]: Leaving directory `/usr/src/linux/net/ethernet' make -C sched make[2]: Entering directory `/usr/src/linux/net/sched' make all_targets make[3]: Entering directory `/usr/src/linux/net/sched' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/net/sched' make[2]: Leaving directory `/usr/src/linux/net/sched' make -C 802 make[2]: Entering directory `/usr/src/linux/net/802' make all_targets make[3]: Entering directory `/usr/src/linux/net/802' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/net/802' make[2]: Leaving directory `/usr/src/linux/net/802' make -C ipv4 make[2]: Entering directory `/usr/src/linux/net/ipv4' make all_targets make[3]: Entering directory `/usr/src/linux/net/ipv4' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/net/ipv4' make[2]: Leaving directory `/usr/src/linux/net/ipv4' make -C unix make[2]: Entering directory `/usr/src/linux/net/unix' make all_targets make[3]: Entering directory `/usr/src/linux/net/unix' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/net/unix' make[2]: Leaving directory `/usr/src/linux/net/unix' make -C packet make[2]: Entering directory `/usr/src/linux/net/packet' make all_targets make[3]: Entering directory `/usr/src/linux/net/packet' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/net/packet' make[2]: Leaving directory `/usr/src/linux/net/packet' make -C sunrpc make[2]: Entering directory `/usr/src/linux/net/sunrpc' make all_targets make[3]: Entering directory `/usr/src/linux/net/sunrpc' make[3]: Nothing to be done for `all_targets'. make[3]: Leaving directory `/usr/src/linux/net/sunrpc' make[2]: Leaving directory `/usr/src/linux/net/sunrpc' make all_targets make[2]: Entering directory `/usr/src/linux/net' make[2]: Nothing to be done for `all_targets'. make[2]: Leaving directory `/usr/src/linux/net' make[1]: Leaving directory `/usr/src/linux/net' make -C ipc make[1]: Entering directory `/usr/src/linux/ipc' make all_targets make[2]: Entering directory `/usr/src/linux/ipc' make[2]: Nothing to be done for `all_targets'. make[2]: Leaving directory `/usr/src/linux/ipc' make[1]: Leaving directory `/usr/src/linux/ipc' make -C lib make[1]: Entering directory `/usr/src/linux/lib' make all_targets make[2]: Entering directory `/usr/src/linux/lib' make[2]: Nothing to be done for `all_targets'. make[2]: Leaving directory `/usr/src/linux/lib' make[1]: Leaving directory `/usr/src/linux/lib' make -C arch/i386/kernel make[1]: Entering directory `/usr/src/linux/arch/i386/kernel' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/usr/src/linux/arch/i386/kernel' make -C arch/i386/mm make[1]: Entering directory `/usr/src/linux/arch/i386/mm' make all_targets make[2]: Entering directory `/usr/src/linux/arch/i386/mm' make[2]: Nothing to be done for `all_targets'. make[2]: Leaving directory `/usr/src/linux/arch/i386/mm' make[1]: Leaving directory `/usr/src/linux/arch/i386/mm' make -C arch/i386/lib make[1]: Entering directory `/usr/src/linux/arch/i386/lib' make all_targets make[2]: Entering directory `/usr/src/linux/arch/i386/lib' cc -D__KERNEL__ -I/usr/src/linux/include -D__ASSEMBLY__ -D__SMP__ -traditional -c checksum.S -o checksum.o checksum.S:231: badly punctuated parameter list in #define checksum.S:237: badly punctuated parameter list in #define make[2]: *** [checksum.o] Error 1 make[2]: Leaving directory `/usr/src/linux/arch/i386/lib' make[1]: *** [first_rule] Error 2 make[1]: Leaving directory `/usr/src/linux/arch/i386/lib' make: *** [_dir_arch/i386/lib] Error 2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at nexnix.co.uk Fri Nov 2 04:27:28 2001 From: nick at nexnix.co.uk (Nick Kay) Date: Fri, 02 Nov 2001 10:27:28 +0000 Subject: Fw: Question on [pptp-server] Redhat V7.0 and Kernel V2.2.16-22 Message-ID: <3.0.32.20011102102727.0148d804@core.localnet> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 1714 bytes Desc: not available URL: From sjbotha at base.za.net Fri Nov 2 09:33:32 2001 From: sjbotha at base.za.net (Sarel Botha) Date: Fri, 2 Nov 2001 10:33:32 -0500 Subject: [pptp-server] Linux > 2.4.8 ? Message-ID: Anyone gotten pptpd running a kernel later than 2.4.8? There are security problems with earlier kernels and the linux ACLs patch only work on the very latest. Thanks Sarel From DKinzer at premia.com Fri Nov 2 10:03:27 2001 From: DKinzer at premia.com (Kinzer, Don) Date: Fri, 2 Nov 2001 08:03:27 -0800 Subject: [pptp-server] Linux > 2.4.8 ? Message-ID: <21F77E1256CAD5119AC500B0D084344803D41F@LOKI> I have pptp-1.0.1 and ppp-2.4.1 running on linux-2.4.13. The only problem that I encountered was that I had to patch by hand to get the ppp_mppe.o module. I started with the patch for 2.4.4 found here: http://www.advancevpn.com/public/linux-2.4.4-openssl-0.9.6a-mppe.patch.gz. This site also has patches for ppp-2.4.1 (look in http://www.advancevpn.com/public). -----Original Message----- From: Sarel Botha [mailto:sjbotha at base.za.net] Sent: 02 Nov 2001 7:34 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Linux > 2.4.8 ? Anyone gotten pptpd running a kernel later than 2.4.8? There are security problems with earlier kernels and the linux ACLs patch only work on the very latest. Thanks Sarel _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From Josh.Howlett at bristol.ac.uk Fri Nov 2 10:25:34 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Fri, 2 Nov 2001 16:25:34 +0000 (GMT) Subject: [pptp-server] Linux > 2.4.8 ? In-Reply-To: Message-ID: 2.2-10 works for me. josh. On Fri, 2 Nov 2001, Sarel Botha wrote: > > Anyone gotten pptpd running a kernel later than 2.4.8? > > There are security problems with earlier kernels and the linux ACLs patch > only work on the very latest. > > Thanks > Sarel > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From leo at maximsoftware.com Fri Nov 2 13:45:58 2001 From: leo at maximsoftware.com (Leo Torio) Date: Fri, 2 Nov 2001 13:45:58 -0600 Subject: [pptp-server] RHL72 and PPP-MPPE Message-ID: <000a01c163d6$fedcd100$9900a8c0@leo> I downloaded ppp-2.4.1-3mdk.i586.rpm from http://mirror.binarix.com/ppp-mppe/. It installed without problems on my RHL72 system. However, modules.conf was modified and a new line was added. "alias ppp-compress-18 ppp_mppe" was the line that was added, but the file doesn't exist. Does anyone know of a ppp RPM (supporting mppe) that performs a complete install? From p.m.f.c at btinternet.com Fri Nov 2 15:41:03 2001 From: p.m.f.c at btinternet.com (Paul Clark) Date: Fri, 2 Nov 2001 21:41:03 -0000 Subject: [pptp-server] PPP modules for MPPE Message-ID: I have finally managed to get the PPP modules to comile for my kernel on redhat 7.0 but now when I try to load the modules they fail with the following output. Note: /etc/modules.conf is more recent than /lib/modules/2.2.16-22/modules.dep /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_compress_Rcfd3a418 /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_remember_R07972313 /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_init_R1ca65fca /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_toss_Ra152cec0 /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_free_Rb99033d9 /lib/modules/2.2.16-22/net/ppp.o: unresolved symbol slhc_uncompress_R3bb36b01 /lib/modules/2.2.16-22/net/ppp.o: insmod /lib/modules/2.2.16-22/net/ppp.o failed /lib/modules/2.2.16-22/net/ppp.o: insmod ppp failed Does anyone have any ideas why this would happen. Have I forgotten to do something? Thanks Paul From hvrietsc at yahoo.com Fri Nov 2 17:08:13 2001 From: hvrietsc at yahoo.com (HVR) Date: Fri, 02 Nov 2001 15:08:13 -0800 Subject: [pptp-server] how to get natted/masqued client to use poptop Message-ID: <3BE3275D.7020605@yahoo.com> i have multiple clients behind a linux box doing NAT/MASQ: the first client can connect just fine but once i start a 2nd one it somehow uses the same tunnel and things get really screwy. i searched the archives and found the trick to use ip aliasing on the pptpd server but then all the clients need to know which ip is free and which is used. another problem is that i will have dozens of clients so extra ips are not a scalable solution. now i am aware that this will break the pptp standard, but i have been told that the M$ implementation of pptp server will do this just fine buti really would like to create a linux based solution (if only to show them you do NOT need windows in here). Any leads/pointers on how i can solve my problem, if need be i will hack up the source code for pptpd, if someone can tell me were to start looking. H. From DKinzer at premia.com Fri Nov 2 17:56:57 2001 From: DKinzer at premia.com (Kinzer, Don) Date: Fri, 2 Nov 2001 15:56:57 -0800 Subject: [pptp-server] how to get natted/masqued client to use poptop Message-ID: <21F77E1256CAD5119AC500B0D084344803D421@LOKI> Your firewall needs to be aware of the PPTP protocol and have special support for it. If you're using ipchains, the solution may be found here: http://bmrc.berkeley.edu/people/chaffee/linux_pptp.html. I've been using the PPTP-only patch for the 2.2 kernel for a year or two. If you're using iptables, the solution is being worked on (i.e. being tested by some); search the iptables development list for more information. I've been using it on a test firewall and it appears to work fine. If you're using a commercial firewall, contact your vendor. -----Original Message----- From: HVR [mailto:hvrietsc at yahoo.com] Sent: 02 Nov 2001 3:08 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] how to get natted/masqued client to use poptop i have multiple clients behind a linux box doing NAT/MASQ: the first client can connect just fine but once i start a 2nd one it somehow uses the same tunnel and things get really screwy. i searched the archives and found the trick to use ip aliasing on the pptpd server but then all the clients need to know which ip is free and which is used. another problem is that i will have dozens of clients so extra ips are not a scalable solution. now i am aware that this will break the pptp standard, but i have been told that the M$ implementation of pptp server will do this just fine buti really would like to create a linux based solution (if only to show them you do NOT need windows in here). Any leads/pointers on how i can solve my problem, if need be i will hack up the source code for pptpd, if someone can tell me were to start looking. H. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From hvrietsc at yahoo.com Fri Nov 2 19:31:37 2001 From: hvrietsc at yahoo.com (HVR) Date: Fri, 02 Nov 2001 17:31:37 -0800 Subject: [pptp-server] how to get natted/masqued client to use poptop References: <21F77E1256CAD5119AC500B0D084344803D421@LOKI> Message-ID: <3BE348F9.3060103@yahoo.com> Kinzer, Don wrote: > Your firewall needs to be aware of the PPTP protocol and have special > support for it. > > If you're using ipchains, the solution may be found here: > http://bmrc.berkeley.edu/people/chaffee/linux_pptp.html. I've been using > the PPTP-only patch for the 2.2 kernel for a year or two. > i have applied all those patches, because without those i couldn't even connect a single NAT/MASQed client. the issue is however that whne i connect more then one client via the same NAT box then poptop will only assign one tunnel, and two clients talking via the same tunnel gets messy real fast. i also did an ip alias on the eth0 where the pptpd is listening and if one client calls on one ip address and the other client on the other ip address then they both get a different tunnel and all is fine. so i know it is not my natting/masquerading that is the problem. H. > If you're using iptables, the solution is being worked on (i.e. being tested > by some); search the iptables development list for more information. I've > been using it on a test firewall and it appears to work fine. > > If you're using a commercial firewall, contact your vendor. > > -----Original Message----- > From: HVR [mailto:hvrietsc at yahoo.com] > Sent: 02 Nov 2001 3:08 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] how to get natted/masqued client to use poptop > > i have multiple clients behind a linux box doing NAT/MASQ: the first > client can connect just fine but once i start a 2nd one it somehow uses > the same tunnel and things get really screwy. > > i searched the archives and found the trick to use ip aliasing on the > pptpd server but then all the clients need to know which ip is free and > which is used. another problem is that i will have dozens of clients so > extra ips are not a scalable solution. > > now i am aware that this will break the pptp standard, but i have been > told that the M$ implementation of pptp server will do this just fine > buti really would like to create a linux based solution (if only to show > them you do NOT need windows in here). > > Any leads/pointers on how i can solve my problem, if need be i will hack > up the source code for pptpd, if someone can tell me were to start looking. > > H. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From mike_listpptp at wasaa.com Fri Nov 2 22:01:04 2001 From: mike_listpptp at wasaa.com (mike) Date: Fri, 02 Nov 2001 23:01:04 -0500 Subject: [pptp-server] Error 741 - The local computer does not support the required data encryption type. Message-ID: <5.1.0.14.0.20011102223459.00a88d40@pop.odmp.org> I imagine somebody else must have seen this at some point.. I installed PoPToP onto my Red Hat 7.1 server, and am connecting to it with a Win2K box. Sans encryption, it works fine. With encryption required by the Win2K box, it gives me this error: "Error 741 - The local computer does not support the required data encryption type." (log activity below) This leads me to believe that something is missing from the W2K box, so I was sure to upgrade to 128-bit encryption (I found the link somewhere in the archives). Afterwards, it still fails. Perhaps my pppd simply doesn't have the encryption support? Surprisingly, every reference I can seem to find about patching ppp wants me to download the source, patch it, and build it into the kernel (no thanks) and the links to the patched files all seem to be dead. Is there a place to download the source just for the ms-chap2 module, or a similar solution? Any help is much appreciated. --mike Nov 2 22:34:36 gonzo pptpd[25341]: CTRL: Client 192.168.1.18 control connection started Nov 2 22:34:36 gonzo pptpd[25341]: CTRL: Starting call (launching pppd, opening GRE) Nov 2 22:34:36 gonzo pppd[25342]: pppd 2.4.0 started by root, uid 0 Nov 2 22:34:36 gonzo pppd[25342]: using channel 5 Nov 2 22:34:36 gonzo pppd[25342]: Using interface ppp0 Nov 2 22:34:36 gonzo pppd[25342]: Connect: ppp0 <--> /dev/pts/2 Nov 2 22:34:36 gonzo pppd[25342]: sent [LCP ConfReq id=0x1 ] Nov 2 22:34:36 gonzo pptpd[25341]: GRE: Discarding duplicate packet Nov 2 22:34:38 gonzo pppd[25342]: rcvd [LCP ConfReq id=0x1 ] Nov 2 22:34:38 gonzo pppd[25342]: sent [LCP ConfRej id=0x1 ] Nov 2 22:34:38 gonzo pppd[25342]: rcvd [LCP ConfReq id=0x2 ] Nov 2 22:34:38 gonzo pppd[25342]: sent [LCP ConfAck id=0x2 ] Nov 2 22:34:39 gonzo pppd[25342]: sent [LCP ConfReq id=0x1 ] Nov 2 22:34:39 gonzo pppd[25342]: rcvd [LCP ConfNak id=0x1 ] Nov 2 22:34:39 gonzo pppd[25342]: sent [LCP ConfReq id=0x2 ] Nov 2 22:34:39 gonzo pppd[25342]: rcvd [LCP ConfAck id=0x2 ] Nov 2 22:34:39 gonzo pppd[25342]: peer refused to authenticate: terminating link Nov 2 22:34:39 gonzo pppd[25342]: sent [LCP TermReq id=0x3 "peer refused to authenticate"] Nov 2 22:34:39 gonzo pptpd[25341]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Nov 2 22:34:39 gonzo pptpd[25341]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Nov 2 22:34:39 gonzo pppd[25342]: rcvd [LCP code=0xc id=0x3 44 66 39 62 4d 53 52 41 53 56 35 2e 30 30] Nov 2 22:34:39 gonzo pppd[25342]: sent [LCP CodeRej id=0x4 0c 03 00 12 44 66 39 62 4d 53 52 41 53 56 35 2e 30 30] Nov 2 22:34:39 gonzo pppd[25342]: rcvd [LCP code=0xc id=0x4 44 66 39 62 4d 53 52 41 53 2d 31 2d 4b 45 52 4d 49 54] Nov 2 22:34:39 gonzo pppd[25342]: sent [LCP CodeRej id=0x5 0c 04 00 16 44 66 39 62 4d 53 52 41 53 2d 31 2d 4b 45 52 4d 49 54] Nov 2 22:34:39 gonzo pppd[25342]: rcvd [LCP TermAck id=0x3 "peer refused to authenticate"] Nov 2 22:34:39 gonzo pppd[25342]: Connection terminated. Nov 2 22:34:39 gonzo pptpd[25341]: CTRL: Error with select(), quitting Nov 2 22:34:39 gonzo pppd[25342]: tcflush failed: Input/output error Nov 2 22:34:39 gonzo pptpd[25341]: CTRL: Client 192.168.1.18 control connection finished Nov 2 22:34:39 gonzo pppd[25342]: Exit. From hvrietsc at yahoo.com Fri Nov 2 22:33:57 2001 From: hvrietsc at yahoo.com (hvrietsc at yahoo.com) Date: Fri, 2 Nov 2001 20:33:57 -0800 Subject: [pptp-server] Error 741 - The local computer does not support the required data encryption type. In-Reply-To: <5.1.0.14.0.20011102223459.00a88d40@pop.odmp.org> References: <5.1.0.14.0.20011102223459.00a88d40@pop.odmp.org> Message-ID: <20011102203356.A1884@yahoo.com> yes you need build a few more kernel modules as instructed, ppp-mpe-40 and 128 come to mind, without those your pptpd wont do encryption. On Fri, Nov 02, 2001 at 11:01:04PM -0500, mike wrote: > I imagine somebody else must have seen this at some point.. I installed > PoPToP onto my Red Hat 7.1 server, and am connecting to it with a Win2K > box. Sans encryption, it works fine. With encryption required by the > Win2K box, it gives me this error: "Error 741 - The local computer does not > support the required data encryption type." (log activity below) > > This leads me to believe that something is missing from the W2K box, so I > was sure to upgrade to 128-bit encryption (I found the link somewhere in > the archives). Afterwards, it still fails. > > Perhaps my pppd simply doesn't have the encryption support? Surprisingly, > every reference I can seem to find about patching ppp wants me to download > the source, patch it, and build it into the kernel (no thanks) and the > links to the patched files all seem to be dead. Is there a place to > download the source just for the ms-chap2 module, or a similar solution? > > Any help is much appreciated. > > --mike > > > Nov 2 22:34:36 gonzo pptpd[25341]: CTRL: Client 192.168.1.18 control > connection started > Nov 2 22:34:36 gonzo pptpd[25341]: CTRL: Starting call (launching pppd, > opening GRE) > Nov 2 22:34:36 gonzo pppd[25342]: pppd 2.4.0 started by root, uid 0 > Nov 2 22:34:36 gonzo pppd[25342]: using channel 5 > Nov 2 22:34:36 gonzo pppd[25342]: Using interface ppp0 > Nov 2 22:34:36 gonzo pppd[25342]: Connect: ppp0 <--> /dev/pts/2 > Nov 2 22:34:36 gonzo pppd[25342]: sent [LCP ConfReq id=0x1 > ] > Nov 2 22:34:36 gonzo pptpd[25341]: GRE: Discarding duplicate packet > Nov 2 22:34:38 gonzo pppd[25342]: rcvd [LCP ConfReq id=0x1 0x44663962> [local:f0.81.61.69.8f.fe.4d.23.85.3d.d7.85.b3.27.90.65.00.00.00.08]>] > Nov 2 22:34:38 gonzo pppd[25342]: sent [LCP ConfRej id=0x1 > ] > Nov 2 22:34:38 gonzo pppd[25342]: rcvd [LCP ConfReq id=0x2 0x44663962> [local:f0.81.61.69.8f.fe.4d.23.85.3d.d7.85.b3.27.90.65.00.00.00.08]>] > Nov 2 22:34:38 gonzo pppd[25342]: sent [LCP ConfAck id=0x2 0x44663962> [local:f0.81.61.69.8f.fe.4d.23.85.3d.d7.85.b3.27.90.65.00.00.00.08]>] > Nov 2 22:34:39 gonzo pppd[25342]: sent [LCP ConfReq id=0x1 > ] > Nov 2 22:34:39 gonzo pppd[25342]: rcvd [LCP ConfNak id=0x1 ] > Nov 2 22:34:39 gonzo pppd[25342]: sent [LCP ConfReq id=0x2 > ] > Nov 2 22:34:39 gonzo pppd[25342]: rcvd [LCP ConfAck id=0x2 > ] > Nov 2 22:34:39 gonzo pppd[25342]: peer refused to authenticate: > terminating link > Nov 2 22:34:39 gonzo pppd[25342]: sent [LCP TermReq id=0x3 "peer refused > to authenticate"] > Nov 2 22:34:39 gonzo pptpd[25341]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Nov 2 22:34:39 gonzo pptpd[25341]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Nov 2 22:34:39 gonzo pppd[25342]: rcvd [LCP code=0xc id=0x3 44 66 39 62 4d > 53 52 41 53 56 35 2e 30 30] > Nov 2 22:34:39 gonzo pppd[25342]: sent [LCP CodeRej id=0x4 0c 03 00 12 44 > 66 39 62 4d 53 52 41 53 56 35 2e 30 30] > Nov 2 22:34:39 gonzo pppd[25342]: rcvd [LCP code=0xc id=0x4 44 66 39 62 4d > 53 52 41 53 2d 31 2d 4b 45 52 4d 49 54] > Nov 2 22:34:39 gonzo pppd[25342]: sent [LCP CodeRej id=0x5 0c 04 00 16 44 > 66 39 62 4d 53 52 41 53 2d 31 2d 4b 45 52 4d 49 54] > Nov 2 22:34:39 gonzo pppd[25342]: rcvd [LCP TermAck id=0x3 "peer refused > to authenticate"] > Nov 2 22:34:39 gonzo pppd[25342]: Connection terminated. > Nov 2 22:34:39 gonzo pptpd[25341]: CTRL: Error with select(), quitting > Nov 2 22:34:39 gonzo pppd[25342]: tcflush failed: Input/output error > Nov 2 22:34:39 gonzo pptpd[25341]: CTRL: Client 192.168.1.18 control > connection finished > Nov 2 22:34:39 gonzo pppd[25342]: Exit. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From sjbotha at base.za.net Fri Nov 2 23:01:40 2001 From: sjbotha at base.za.net (Sarel Botha) Date: Sat, 3 Nov 2001 00:01:40 -0500 Subject: [pptp-server] Linux > 2.4.8 ? In-Reply-To: <21F77E1256CAD5119AC500B0D084344803D41F@LOKI> Message-ID: Oops, originally sent this only to Don... Aren't these just security-related patches? I think my problem might be something else then. When I try to make the VPN connection I get "GRE: Protocol not available". Here is the log. --- Nov 1 10:12:02 server pptpd[1257]: MGR: Launching /usr/sbin/pptpctrl to handle client Nov 1 10:12:02 server pptpd[1257]: CTRL: local address = 10.1.0.1 Nov 1 10:12:02 server pptpd[1257]: CTRL: remote address = 10.1.0.22 Nov 1 10:12:02 server pptpd[1257]: CTRL: pppd speed = 115200 Nov 1 10:12:02 server pptpd[1257]: CTRL: pppd options file = /etc/ppp/pptpd-options Nov 1 10:12:02 server pptpd[1257]: CTRL: Client 24.28.44.254 control connection started Nov 1 10:12:02 server pptpd[1257]: CTRL: Received PPTP Control Message (type: 1) Nov 1 10:12:02 server pptpd[1257]: CTRL: Made a START CTRL CONN RPLY packet Nov 1 10:12:02 server pptpd[1257]: CTRL: I wrote 156 bytes to the client. Nov 1 10:12:02 server pptpd[1257]: CTRL: Sent packet to client Nov 1 10:12:03 server pptpd[1257]: CTRL: Received PPTP Control Message (type: 7) Nov 1 10:12:03 server pptpd[1257]: CTRL: Set parameters to 1525 maxbps, 64 window size Nov 1 10:12:03 server pptpd[1257]: CTRL: Made a OUT CALL RPLY packet Nov 1 10:12:03 server pptpd[1257]: CTRL: Starting call (launching pppd, opening GRE) Nov 1 10:12:03 server pptpd[1257]: CTRL: pty_fd = 5 Nov 1 10:12:03 server pptpd[1257]: CTRL: tty_fd = 6 Nov 1 10:12:03 server pptpd[1257]: CTRL: I wrote 32 bytes to the client. Nov 1 10:12:03 server pptpd[1258]: CTRL (PPPD Launcher): Connection speed = 115200 Nov 1 10:12:03 server pptpd[1258]: CTRL (PPPD Launcher): local address = 10.1.0.1 Nov 1 10:12:03 server pptpd[1258]: CTRL (PPPD Launcher): remote address = 10.1.0.22 Nov 1 10:12:03 server pptpd[1257]: CTRL: Sent packet to client Nov 1 10:12:03 server pptpd[1257]: CTRL: Received PPTP Control Message (type: 15) Nov 1 10:12:03 server pptpd[1257]: CTRL: Got a SET LINK INFO packet with standard ACCMs Nov 1 10:12:03 server pppd[1258]: pppd 2.4.1 started by root, uid 0 Nov 1 10:12:03 server pppd[1258]: using channel 25 Nov 1 10:12:03 server pppd[1258]: Using interface ppp0 Nov 1 10:12:03 server pppd[1258]: Connect: ppp0 <--> /dev/pts/2 Nov 1 10:12:03 server pppd[1258]: sent [LCP ConfReq id=0x1 ] Nov 1 10:12:03 server pptpd[1257]: GRE: read(fd=6,buffer=bfffd988,len=8260) from network failed: status = -1 error = Protocol not available Nov 1 10:12:03 server pptpd[1257]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Nov 1 10:12:03 server pptpd[1257]: CTRL: Client 24.28.44.254 control connection finished Nov 1 10:12:03 server pptpd[1257]: CTRL: Exiting now Nov 1 10:12:03 server pptpd[718]: MGR: Reaped child 1257 Nov 1 10:12:03 server pppd[1258]: Modem hangup Nov 1 10:12:03 server pppd[1258]: Connection terminated. Nov 1 10:12:03 server pppd[1258]: Exit. --- Any ideas? Thanks -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Kinzer, Don Sent: Friday, November 02, 2001 11:03 AM To: 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] Linux > 2.4.8 ? I have pptp-1.0.1 and ppp-2.4.1 running on linux-2.4.13. The only problem that I encountered was that I had to patch by hand to get the ppp_mppe.o module. I started with the patch for 2.4.4 found here: http://www.advancevpn.com/public/linux-2.4.4-openssl-0.9.6a-mppe.patch.gz. This site also has patches for ppp-2.4.1 (look in http://www.advancevpn.com/public). -----Original Message----- From: Sarel Botha [mailto:sjbotha at base.za.net] Sent: 02 Nov 2001 7:34 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Linux > 2.4.8 ? Anyone gotten pptpd running a kernel later than 2.4.8? There are security problems with earlier kernels and the linux ACLs patch only work on the very latest. Thanks Sarel _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From jroland at roland.net Sat Nov 3 04:44:27 2001 From: jroland at roland.net (Jim Roland) Date: Sat, 3 Nov 2001 04:44:27 -0600 Subject: [pptp-server] PPP modules for MPPE References: Message-ID: <008101c16454$834a7550$bb1cfa18@JimWS> When I had this problem under RH70, I went to RH71 due to compilation errors. Both versions of distro had a "quirk" with the kernel in that you had to do an "mrproper" to force the symbol table to be exported and built. Here is what I did (I believe) to correct this issue: Backup your ".config" file from the /usr/src/linux* directory, back it up to /usr/src directory. From p.m.f.c at btinternet.com Sat Nov 3 05:39:07 2001 From: p.m.f.c at btinternet.com (Paul Clark) Date: Sat, 3 Nov 2001 11:39:07 -0000 Subject: [pptp-server] Win2k connecting to pptpd server error 742. Message-ID: I have ppptpd set up and working fine for connections with no encription. but when I enable encryption I get the following error in the log on the server and an "Error 742:The remote computer does not support the required data encription type." on the client. The mppe module is loaded and the client is using 128bit encrypiton. I have set up the appropriate entries in my options.pptp file and modules.conf file. I am running the server on RH7.0 with stock kernel. The MSCHAP-v2 authentication is working as you can see. Nov 3 12:29:38 fw pppd[3083]: pppd 2.3.11 started by root, uid 0 Nov 3 12:29:38 fw pppd[3083]: Using interface ppp0 Nov 3 12:29:38 fw pppd[3083]: Connect: ppp0 <--> /dev/pts/2 Nov 3 12:29:38 fw pptpd[3082]: GRE: Discarding duplicate packet Nov 3 12:29:40 fw pptpd[3082]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Nov 3 12:29:40 fw pppd[3083]: MSCHAP-v2 peer authentication succeeded for pmfc Nov 3 12:29:40 fw pppd[3083]: LCP terminated by peer (@M-b~^]^@ References: Message-ID: <20011103235010.Q11538@netexpress.net> Blake, On Tue, Oct 30, 2001 at 05:32:57PM -0600, Parker Blake MIS wrote: > Does this daemon support user authentication against a radius database? pptpd does not do authentication, it passes that part off to pppd. If you have a pppd server that can authenticate (and accept IP assignments) from a RADIUS server, that's all you need. Note that, in order to support MPPE encryption in pptp, you must be able to do MSCHAPv2 authentication over RADIUS. As far as I know, the software to do this does not yet exist for Unix, although I'm currently hacking on Linux pppd and freeradiusd to provide this support. Cheers, Steve Langasek postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From david_luyer at pacific.net.au Sun Nov 4 00:24:29 2001 From: david_luyer at pacific.net.au (David Luyer) Date: Sun, 4 Nov 2001 17:24:29 +1100 Subject: [pptp-server] Radius Support In-Reply-To: <20011103235010.Q11538@netexpress.net> Message-ID: <011c01c164f9$5c4fea20$46943ecb@pacific.net.au> Steve Langasek wrote: > pptpd does not do authentication, it passes that part off to pppd. If > you have a pppd server that can authenticate (and accept IP > assignments) > from a RADIUS server, that's all you need. Note that, in order to > support MPPE encryption in pptp, you must be able to do MSCHAPv2 > authentication over RADIUS. As far as I know, the software to do this > does not yet exist for Unix, although I'm currently hacking on Linux > pppd and freeradiusd to provide this support. There are a number of different ways to achieve pppd IP/auth via RADIUS under Linux - I first did this with an erpcd and RADIUS using the same back-end database and a pppd which talks to an erpcd, then I moved to using "PortSlave" at the next site I did it at. PortSlave includes changes to pppd to support RADIUS authentication and accounting among other things. The situations I've used pptpd in have been rather atypical, though, and have not needed MPPE/MSCHAPv2. If you also need to distribute routes as the interfaces go up and down, gated will do that for you. Zebra wasn't able to do things quite right when I last tried. David. -- David Luyer Phone: +61 3 9674 7525 Network Manager P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 2983 http://www.pacific.net.au/ NASDAQ: PCNTF From Josh.Howlett at bristol.ac.uk Sun Nov 4 06:27:45 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Sun, 4 Nov 2001 12:27:45 +0000 (GMT) Subject: [pptp-server] Radius Support In-Reply-To: <20011103235010.Q11538@netexpress.net> Message-ID: On Sat, 3 Nov 2001, Steve Langasek wrote: > Blake, > > On Tue, Oct 30, 2001 at 05:32:57PM -0600, Parker Blake MIS wrote: > > Does this daemon support user authentication against a radius database? > > pptpd does not do authentication, it passes that part off to pppd. If > you have a pppd server that can authenticate (and accept IP assignments) > from a RADIUS server, that's all you need. Note that, in order to > support MPPE encryption in pptp, you must be able to do MSCHAPv2 > authentication over RADIUS. As far as I know, the software to do this > does not yet exist for Unix, although I'm currently hacking on Linux > pppd and freeradiusd to provide this support. > I've been looking at this myself. The closest someone has come to this (to my knowledge) is James Maclean (also on this list) with his crap_chap patch. This consists of a patch against pppd and XTradius. However, IIRC, this is a bit of a dirty hack that takes some "short-cuts" :-) (ie. MPPE keys derived at pppd rather than at radiusd). I would be very interested in helping in this. How far have you got, and what remains to be done? josh. --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From simon_yuen at fujitsu.com.hk Sun Nov 4 22:40:59 2001 From: simon_yuen at fujitsu.com.hk (Simon Yuen) Date: Mon, 5 Nov 2001 12:40:59 +0800 Subject: Fw: Question on [pptp-server] Redhat V7.0 and Kernel V2.2.16-22 References: <3.0.32.20011102102727.0148d804@core.localnet> Message-ID: <00c801c165b4$10dd9400$2a4210ac@ShenZhen> Now, I created the bzImage successfully. The kernel also changed to 2.2.17. However, following problems occur. eth0 can't activate. When I use "netcfg" to activate the eth0, it returns "Delaying eth0 initialization". When I try to mount the floppy drive, it return "mount:/dev/fd0 has wrong major or minor number. Do you know the reason? ----- Original Message ----- From: Nick Kay To: Simon Yuen Cc: pptp-server at lists.schulte.org Sent: Friday, November 02, 2001 6:27 PM Subject: Re: Fw: Question on [pptp-server] Redhat V7.0 and Kernel V2.2.16-22 At 11:11 02/11/01 +0800, you wrote: >>>> I followed the instruction in http://www.vibrationresearch.com/pptpd/example.html but I failed in "make bzImage". My Kernel is 2.2.16-22 and using RedHat 7.0. I also downloaded the http://www.vibrationresearch.com/pptpd/if_ppp_2.2.17.diff. Anyone know the reason. Following is the output message : make bzImage make[2]: Entering directory `/usr/src/linux/arch/i386/lib' cc -D__KERNEL__ -I/usr/src/linux/include -D__ASSEMBLY__ -D__SMP__ -traditional -c checksum.S -o checksum.o checksum.S:231: badly punctuated parameter list in #define checksum.S:237: badly punctuated parameter list in #define make[2]: *** [checksum.o] Error 1 make[2]: Leaving directory `/usr/src/linux/arch/i386/lib' make[1]: *** [first_rule] Error 2 make[1]: Leaving directory `/usr/src/linux/arch/i386/lib' make: *** [_dir_arch/i386/lib] Error 2 You're using the wrong C compiler - RedHat 7.0 shipped with an experimental compiler. In the kernel Makefile (/usr/src/linux/Makefile) change "cc" to "kgcc" on or around line 25. (As I recall I made kgcc the default system-wide compiler when I had 7.0 - look at the symlinks in /usr/bin/*cc) You ought to consider upgrading the redhat completely as we're on 7.2 as of last week and 7.0 did have a few problems.... hih nick at nexnix PS - anyone got a nice iptables setup ??? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From csjoshi at dishatech.com Sun Nov 4 23:50:30 2001 From: csjoshi at dishatech.com (Shekhar Joshi) Date: Mon, 05 Nov 2001 11:20:30 +0530 Subject: [pptp-server] PPTP connection forwarding problemshello i am trying to implement a gateway-firewall solution using iptables on redhat 7.1, i also need to allow incoming vpn connections using pptp, and also need to allow around 15-20 outgoing vpn connections to a remote network. well allowing incoming connections through important is not urgent, but yes i need to be able to allow the outgoing vpn connections. currently i have just SNAT'd the vpn clients and allowed the the ports 1723 and protocol 47, does anyone have any detailed stPPTP connection forwarding problem Message-ID: <3BE628A6.CF4A187C@dishatech.com> hello i am trying to implement a gateway-firewall solution using iptables on redhat 7.1, i also need to allow incoming vpn connections using pptp, and also need to allow around 15-20 outgoing vpn connections to a remote network. well allowing incoming connections through important is not urgent, but yes i need to be able to allow the outgoing vpn connections. currently i have just SNAT'd the vpn clients and allowed the the ports 1723 and protocol 47, does anyone have any detailed step by step info on how to implement the above. as of now i am able to allow outgoing vpn connections but the max limit is 4, why does it not allow more connections any ideas? actually after more than 4 connections, the client is able to authenticate but later it says infinitely trying port and hangs out on the w2k-vpn-client. If anyone has any success with above, can you please give me a complete step by step info for setting up the same. thanks in advance. regards shekhar joshi From csjoshi at dishatech.com Mon Nov 5 00:07:50 2001 From: csjoshi at dishatech.com (Shekhar Joshi) Date: Mon, 05 Nov 2001 11:37:50 +0530 Subject: [pptp-server] oops sorry Message-ID: <3BE62CB6.E6FC1298@dishatech.com> hello oops sorry, by mistake i paste the mail message in the subject line. thank you regards / shekhar joshi From jroland at roland.net Mon Nov 5 05:06:23 2001 From: jroland at roland.net (Jim Roland) Date: Mon, 5 Nov 2001 05:06:23 -0600 Subject: [pptp-server] oops sorry References: <3BE62CB6.E6FC1298@dishatech.com> Message-ID: <000701c165e9$e8bde930$bb1cfa18@JimWS> Please repost to the list. The subject line is too long for me to handle (as well as others too). ----- Original Message ----- From: "Shekhar Joshi" To: "pptp server mailing list" Sent: Monday, November 05, 2001 12:07 AM Subject: [pptp-server] oops sorry > hello > oops sorry, by mistake i paste the mail message in the subject line. > > thank you > regards / shekhar joshi > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From csjoshi at dishatech.com Mon Nov 5 05:54:43 2001 From: csjoshi at dishatech.com (Shekhar Joshi) Date: Mon, 05 Nov 2001 17:24:43 +0530 Subject: [pptp-server] problem with forward pptp connections Message-ID: <3BE67E03.937A5896@dishatech.com> hello i am trying to implement a gateway-firewall solution using iptables on redhat 7.1, i also need to allow incoming vpn connections using pptp, and also need to allow around 15-20 outgoing vpn connections to a remote network. well allowing incoming connections through important is not urgent, but yes i need to be able to allow the outgoing vpn connections. currently i have just SNAT'd the vpn clients and allowed the the ports 1723 and protocol 47, does anyone have any detailed step by step info on how to implement the above. as of now i am able to allow outgoing vpn connections but the max limit is 4, why does it not allow more connections any ideas? actually after more than 4 connections, the client is able to authenticate but later it says infinitely trying port and hangs out on the w2k-vpn-client. If anyone has any success with above, can you please give me a complete step by step info for setting up the same. thanks in advance. regards shekhar joshi From mailinglists at avati.com.br Mon Nov 5 07:07:44 2001 From: mailinglists at avati.com.br (Leonardo Pimenta Gonzalez) Date: Mon, 5 Nov 2001 11:07:44 -0200 Subject: [pptp-server] Pptpd crashing my machine Message-ID: <20011105130640.450FBD143B@poontang.schulte.org> Hellow Guys, I have some problems with pptpd 1.0.1 stable. My machine: Pentium 1GHZ 256RAM, Kernel 2.4.4 on S.U.S.E Linux 7.1 My vpn traffic: 25 per 30 users simultaneous My problem: Well, my machine crashes sometimes. I make some tests and discover some things. When I do an "killall -9 pptpd" with 5 or 6 users or more users connected on pptpd server, the machine crashs. The problem maybe various users disconnecting at same time? Well.. I think it. Anybody have the same experience to help me?? Maybe I need to change my pptpd version to development, but I don't like this.. The development version is stable or had various security problems?? Thankz a lot and sorry for my poot English. From jorgesantos at valnetsado.pt Mon Nov 5 11:29:27 2001 From: jorgesantos at valnetsado.pt (Jorge Santos) Date: Mon, 5 Nov 2001 17:29:27 -0000 Subject: [pptp-server] testing Message-ID: \_/ Jorge Alexandre Santos 'v' jorgesantos at valnetsado.pt // \\ Tel : 212327300 /( )\ Fax : 212327301 ^`~?^ Valnet Sado S.A. From jorgesantos at valnetsado.pt Mon Nov 5 11:39:30 2001 From: jorgesantos at valnetsado.pt (Jorge Santos) Date: Mon, 5 Nov 2001 17:39:30 -0000 Subject: [pptp-server] Newbie trouble GRE fail Message-ID: Hi all I've just installed pptp-1.0.1 on a RH 7.2 box with stock ppp. I use iptables allowing everything in from a specific host from where i'm trying to connect with a win98 box my ppp options file is as follows: debug auth require-chap proxyarp my pptp.conf is: debug localip 192.168.0.15-20 remoteip 192.168.0.21-254 pidfile /var/run/pptpd.pid so when i start pptp with the command: HOME=/etc/ppp/ /usr/sbin/pptpd -d and i try to connect from the w98 box i get the following log: Nov 5 17:44:03 k1 pptpd[7064]: MGR: Launching /usr/sbin/pptpctrl to handle client Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Client 212.54.136.4 control connection started Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Received PPTP Control Message (type: 1) Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Made a START CTRL CONN RPLY packet Nov 5 17:44:03 k1 pptpd[7064]: CTRL: I wrote 156 bytes to the client. Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Sent packet to client Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Received PPTP Control Message (type: 7) Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Set parameters to 0 maxbps, 16 window size Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Made a OUT CALL RPLY packet Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Starting call (launching pppd, opening GRE) Nov 5 17:44:03 k1 pptpd[7064]: CTRL: pty_fd = 4 Nov 5 17:44:03 k1 pptpd[7064]: CTRL: tty_fd = 5 Nov 5 17:44:03 k1 pptpd[7064]: CTRL: I wrote 32 bytes to the client. Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Sent packet to client Nov 5 17:44:03 k1 pptpd[7065]: CTRL (PPPD Launcher): Connection speed = 115200 Nov 5 17:44:03 k1 pppd[7065]: pppd 2.4.1 started by root, uid 0 Nov 5 17:44:03 k1 pppd[7065]: using channel 20 Nov 5 17:44:03 k1 pppd[7065]: Using interface ppp0 Nov 5 17:44:03 k1 pppd[7065]: Connect: ppp0 <--> /dev/pts/2 Nov 5 17:44:03 k1 pppd[7065]: sent [LCP ConfReq id=0x1 ] Nov 5 17:44:03 k1 pptpd[7064]: GRE: read(fd=5,buffer=bfffd6f0,len=8260) from network failed: status = -1 error = Protocol not available Nov 5 17:44:03 k1 pptpd[7064]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4) Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Client 212.54.136.4 control connection finished Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Exiting now Nov 5 17:44:03 k1 pppd[7065]: Modem hangup Nov 5 17:44:03 k1 pppd[7065]: Connection terminated. Nov 5 17:44:03 k1 pptpd[6820]: MGR: Reaped child 7064 Nov 5 17:44:03 k1 pppd[7065]: Exit. I can't seem to figure out whta's wrong. Can you help me please? Thanks in advance \_/ Jorge Alexandre Santos 'v' jorgesantos at valnetsado.pt // \\ Tel : 212327300 /( )\ Fax : 212327301 ^`~?^ Valnet Sado S.A. From berzerke at swbell.net Mon Nov 5 12:50:55 2001 From: berzerke at swbell.net (robert) Date: Mon, 05 Nov 2001 12:50:55 -0600 Subject: [pptp-server] Pptpd crashing my machine In-Reply-To: <20011105130640.450FBD143B@poontang.schulte.org> References: <20011105130640.450FBD143B@poontang.schulte.org> Message-ID: <0GMC009ARCCDVL@mta5.rcsntx.swbell.net> Most people, including myself, actually recommend the development version over the "stable" version. As for the machine crashing, I don't have enough details to say for sure, but my experience is when running a stable kernel, only power problems or hardware problems cause a system to crash. It is possible it is a kernel problem, since there are a lot of bug fixes since 2.4.4. I'm currently running 2.4.13 with an uptime of 10 days so far. (I installed 2.4.13 10 days ago, however, I haven't tested pptpd against it yet). However, some people have complained about problems with pptpd on kernel versions greater than 2.4.8. On Monday 05 November 2001 07:07 am, Leonardo Pimenta Gonzalez wrote: > Hellow Guys, > > I have some problems with pptpd 1.0.1 stable. > > My machine: Pentium 1GHZ 256RAM, Kernel 2.4.4 on S.U.S.E Linux 7.1 > > My vpn traffic: 25 per 30 users simultaneous > > My problem: Well, my machine crashes sometimes. I make some tests and > discover some things. When I do an "killall -9 pptpd" with 5 or 6 users or > more users connected on pptpd server, the machine crashs. > The problem maybe various users disconnecting at same time? Well.. I think > it. > Anybody have the same experience to help me?? > Maybe I need to change my pptpd version to development, but I don't like > this.. The development version is stable or had various security problems?? > > Thankz a lot and sorry for my poot English. > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From berzerke at swbell.net Mon Nov 5 12:52:20 2001 From: berzerke at swbell.net (robert) Date: Mon, 05 Nov 2001 12:52:20 -0600 Subject: [pptp-server] Newbie trouble GRE fail In-Reply-To: References: Message-ID: <0GMC00E09CEQKR@mta5.rcsntx.swbell.net> It looks like the "stock" ppp doesn't have all the patches needed to work with pptpd. You have to patch and recompile. On Monday 05 November 2001 11:39 am, Jorge Santos wrote: > Hi all > > I've just installed pptp-1.0.1 on a RH 7.2 box with stock ppp. > I use iptables allowing everything in from a specific host from where i'm > trying to connect with a win98 box > my ppp options file is as follows: > > debug > auth > require-chap > proxyarp > > my pptp.conf is: > > debug > localip 192.168.0.15-20 > remoteip 192.168.0.21-254 > pidfile /var/run/pptpd.pid > > so when i start pptp with the command: > > HOME=/etc/ppp/ > /usr/sbin/pptpd -d > > and i try to connect from the w98 box i get the following log: > > Nov 5 17:44:03 k1 pptpd[7064]: MGR: Launching /usr/sbin/pptpctrl to handle > client > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Client 212.54.136.4 control > connection started > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Received PPTP Control Message (type: > 1) > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Made a START CTRL CONN RPLY packet > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: I wrote 156 bytes to the client. > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Sent packet to client > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Received PPTP Control Message (type: > 7) > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Set parameters to 0 maxbps, 16 window > size > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Made a OUT CALL RPLY packet > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Starting call (launching pppd, > opening GRE) > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: pty_fd = 4 > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: tty_fd = 5 > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: I wrote 32 bytes to the client. > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Sent packet to client > Nov 5 17:44:03 k1 pptpd[7065]: CTRL (PPPD Launcher): Connection speed = > 115200 > Nov 5 17:44:03 k1 pppd[7065]: pppd 2.4.1 started by root, uid 0 > Nov 5 17:44:03 k1 pppd[7065]: using channel 20 > Nov 5 17:44:03 k1 pppd[7065]: Using interface ppp0 > Nov 5 17:44:03 k1 pppd[7065]: Connect: ppp0 <--> /dev/pts/2 > Nov 5 17:44:03 k1 pppd[7065]: sent [LCP ConfReq id=0x1 > ] > Nov 5 17:44:03 k1 pptpd[7064]: GRE: read(fd=5,buffer=bfffd6f0,len=8260) > from network failed: status = -1 error = Protocol not available > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: GRE read or PTY write failed > (gre,pty)=(5,4) > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Client 212.54.136.4 control > connection finished > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Exiting now > Nov 5 17:44:03 k1 pppd[7065]: Modem hangup > Nov 5 17:44:03 k1 pppd[7065]: Connection terminated. > Nov 5 17:44:03 k1 pptpd[6820]: MGR: Reaped child 7064 > Nov 5 17:44:03 k1 pppd[7065]: Exit. > > I can't seem to figure out whta's wrong. > Can you help me please? > Thanks in advance > > > > \_/ Jorge Alexandre Santos > 'v' jorgesantos at valnetsado.pt > // \\ Tel : 212327300 > /( )\ Fax : 212327301 > ^`~?^ Valnet Sado S.A. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From hvrietsc at yahoo.com Mon Nov 5 14:39:57 2001 From: hvrietsc at yahoo.com (hvrietsc at yahoo.com) Date: Mon, 5 Nov 2001 12:39:57 -0800 Subject: [pptp-server] Newbie trouble GRE fail In-Reply-To: References: Message-ID: <20011105123956.A6121@yahoo.com> i think your problem is caused by the client being NATed On Mon, Nov 05, 2001 at 05:39:30PM -0000, Jorge Santos wrote: > > Hi all > > I've just installed pptp-1.0.1 on a RH 7.2 box with stock ppp. > I use iptables allowing everything in from a specific host from where i'm > trying to connect with a win98 box > my ppp options file is as follows: > > debug > auth > require-chap > proxyarp > > my pptp.conf is: > > debug > localip 192.168.0.15-20 > remoteip 192.168.0.21-254 > pidfile /var/run/pptpd.pid > > so when i start pptp with the command: > > HOME=/etc/ppp/ > /usr/sbin/pptpd -d > > and i try to connect from the w98 box i get the following log: > > Nov 5 17:44:03 k1 pptpd[7064]: MGR: Launching /usr/sbin/pptpctrl to handle > client > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Client 212.54.136.4 control connection > started > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Received PPTP Control Message (type: > 1) > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Made a START CTRL CONN RPLY packet > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: I wrote 156 bytes to the client. > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Sent packet to client > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Received PPTP Control Message (type: > 7) > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Set parameters to 0 maxbps, 16 window > size > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Made a OUT CALL RPLY packet > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Starting call (launching pppd, opening > GRE) > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: pty_fd = 4 > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: tty_fd = 5 > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: I wrote 32 bytes to the client. > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Sent packet to client > Nov 5 17:44:03 k1 pptpd[7065]: CTRL (PPPD Launcher): Connection speed = > 115200 > Nov 5 17:44:03 k1 pppd[7065]: pppd 2.4.1 started by root, uid 0 > Nov 5 17:44:03 k1 pppd[7065]: using channel 20 > Nov 5 17:44:03 k1 pppd[7065]: Using interface ppp0 > Nov 5 17:44:03 k1 pppd[7065]: Connect: ppp0 <--> /dev/pts/2 > Nov 5 17:44:03 k1 pppd[7065]: sent [LCP ConfReq id=0x1 chap MD5> ] > Nov 5 17:44:03 k1 pptpd[7064]: GRE: read(fd=5,buffer=bfffd6f0,len=8260) > from network failed: status = -1 error = Protocol not available > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: GRE read or PTY write failed > (gre,pty)=(5,4) > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Client 212.54.136.4 control connection > finished > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Exiting now > Nov 5 17:44:03 k1 pppd[7065]: Modem hangup > Nov 5 17:44:03 k1 pppd[7065]: Connection terminated. > Nov 5 17:44:03 k1 pptpd[6820]: MGR: Reaped child 7064 > Nov 5 17:44:03 k1 pppd[7065]: Exit. > > I can't seem to figure out whta's wrong. > Can you help me please? > Thanks in advance > > > > \_/ Jorge Alexandre Santos > 'v' jorgesantos at valnetsado.pt > // \\ Tel : 212327300 > /( )\ Fax : 212327301 > ^`~?^ Valnet Sado S.A. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From ckennedy-poptop at iland.net Mon Nov 5 14:42:14 2001 From: ckennedy-poptop at iland.net (Chris Kennedy) Date: 5 Nov 2001 14:42:14 -0600 Subject: [pptp-server] Windows XP and ACCMs possible problem. Message-ID: <20011105144214.B11471@iland.net> We cannot get a PPTP connection in Windows XP to pass data, it will connect but just be a dead link. The odd thing I notice is that the logs say... 'CTRL: Ignored a SET LINK INFO packet with real ACCMs!' I then modified the code to print out the SET_LINK_INFO fields values, which were 'send_accm = 0 recv_accm = ffffffff' and it says this in the code if they aren't both 0xffffffff. I can see in the RFC that this setting can set other options for the connection, which seems to have not been used in Microsoft Clients until XP (and seems to be a Win2000K patch that gets it into this broken state too). I am not sure where to go with this, maby someone with much more knowledge of this on the list can see more into what this all means, maby this is just another error, and something else is broken in XP's PPTP support. It seemed to work for users with XP betas, up until the final release, where it broke first. Also another interesting thing is if you setup 40bit encryption only on the PPTP server, it barely works, like a few lines of the HTTP headers then the packets stop, just a dribble of a connection. We are using the following (tried it on poptop1.0.1 too)... PPTP PopTop 1.1.2 Linux Kernel 2.4.2 PPPD 2.4.0 Thanks, Chris -- Chris Kennedy / ckennedy at iland.net / (660) 829-4638x117 I-Land Internet Services / Network Operations Center \|/ ____ \|/ "@'/ .. \`@" /_| \__/ |_\ \__U_/ -Linux SPARC Kernel Oops From dholmes at bigpond.net.au Mon Nov 5 15:30:34 2001 From: dholmes at bigpond.net.au (Dougal Holmes) Date: Tue, 6 Nov 2001 08:30:34 +1100 Subject: [pptp-server] Windows XP and ACCMs possible problem. References: <20011105144214.B11471@iland.net> Message-ID: <001801c16641$1a9d2c20$40dd0fcb@shoephone.apana.org.au> Chris I did have a similar problem with a Win2000 client which insisted on trying to negotiate ipsec as well as PPTP. The result was that it appeared to connect, but there was no data flow. To fix this, I specifically disabled ipsec in the dialup connectoid, and enabled pptp and high encryption (128 bit) only. Then we used the CMAK to setup a custom connectiod, and tweaked the .inf settings to ensure Windows _never_ tried to negotiate ipsec. Dougal Holmes (at home) mailto:dholmes at bigpond.net.au ----- Original Message ----- From: "Chris Kennedy" To: Sent: Tuesday, November 06, 2001 7:42 AM Subject: [pptp-server] Windows XP and ACCMs possible problem. > We cannot get a PPTP connection in Windows XP to pass > data, it will connect but just be a dead link. The odd > thing I notice is that the logs say... > 'CTRL: Ignored a SET LINK INFO packet with real ACCMs!' > I then modified the code to print out the SET_LINK_INFO > fields values, which were 'send_accm = 0 recv_accm = ffffffff' > and it says this in the code if they aren't both 0xffffffff. > I can see in the RFC that this setting can set other options > for the connection, which seems to have not been used in > Microsoft Clients until XP (and seems to be a Win2000K patch > that gets it into this broken state too). I am not sure where > to go with this, maby someone with much more knowledge of > this on the list can see more into what this all means, maby > this is just another error, and something else is broken in > XP's PPTP support. It seemed to work for users with XP betas, > up until the final release, where it broke first. Also another > interesting thing is if you setup 40bit encryption only on the > PPTP server, it barely works, like a few lines of the HTTP headers > then the packets stop, just a dribble of a connection. We are using > the following (tried it on poptop1.0.1 too)... > > PPTP PopTop 1.1.2 > Linux Kernel 2.4.2 > PPPD 2.4.0 > > Thanks, > Chris > -- > Chris Kennedy / ckennedy at iland.net / (660) 829-4638x117 > I-Land Internet Services / Network Operations Center > \|/ ____ \|/ > "@'/ .. \`@" > /_| \__/ |_\ > \__U_/ -Linux SPARC Kernel Oops > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From hvrietsc at yahoo.com Mon Nov 5 15:52:11 2001 From: hvrietsc at yahoo.com (HVR) Date: Mon, 05 Nov 2001 13:52:11 -0800 Subject: [pptp-server] how to hackup pptpd so it allows multiple tunnels to one box References: <3BE3275D.7020605@yahoo.com> Message-ID: <3BE70A0B.8060405@yahoo.com> Earlier i wrote the section below, after studying the problem some more i realize i need to start hacking pptpctrl.c to allow for multiple tunnels per ip-pair. can anyone on this list help me with this enhancement? or point me to a (better) implementation of pptp that allows multiple tunnels. if i dont do this they will go with a microsoft solution :( HVR wrote: > i have multiple clients behind a linux box doing NAT/MASQ: the first > client can connect just fine but once i start a 2nd one it somehow uses > the same tunnel and things get really screwy. > > i searched the archives and found the trick to use ip aliasing on the > pptpd server but then all the clients need to know which ip is free and > which is used. another problem is that i will have dozens of clients so > extra ips are not a scalable solution. > > now i am aware that this will break the pptp standard, but i have been > told that the M$ implementation of pptp server will do this just fine > buti really would like to create a linux based solution (if only to show > them you do NOT need windows in here). > > Any leads/pointers on how i can solve my problem, if need be i will hack > up the source code for pptpd, if someone can tell me were to start looking. > > H. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From chris at faredge.com.au Mon Nov 5 17:07:45 2001 From: chris at faredge.com.au (Chris Herrmann) Date: Tue, 6 Nov 2001 10:07:45 +1100 Subject: [pptp-server] Pptpd crashing my machine In-Reply-To: <0GMC009ARCCDVL@mta5.rcsntx.swbell.net> Message-ID: <000a01c1664e$ae351080$c8965ecb@faredge.com.au> there are a lot of reports of 2.4.anything kernels being unstable, and crashing without warning - have experienced this first hand myself. it appears to happen more with adaptec scsi configurations, and high load. i spent a day or so on the kernel mailing list, but the volume of email made my server crash (my brain, i meant). -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of robert Sent: Tuesday, 6 November 2001 05:51 To: mailinglists at avati.com.br; PoPToP List Subject: Re: [pptp-server] Pptpd crashing my machine Most people, including myself, actually recommend the development version over the "stable" version. As for the machine crashing, I don't have enough details to say for sure, but my experience is when running a stable kernel, only power problems or hardware problems cause a system to crash. It is possible it is a kernel problem, since there are a lot of bug fixes since 2.4.4. I'm currently running 2.4.13 with an uptime of 10 days so far. (I installed 2.4.13 10 days ago, however, I haven't tested pptpd against it yet). However, some people have complained about problems with pptpd on kernel versions greater than 2.4.8. On Monday 05 November 2001 07:07 am, Leonardo Pimenta Gonzalez wrote: > Hellow Guys, > > I have some problems with pptpd 1.0.1 stable. > > My machine: Pentium 1GHZ 256RAM, Kernel 2.4.4 on S.U.S.E Linux 7.1 > > My vpn traffic: 25 per 30 users simultaneous > > My problem: Well, my machine crashes sometimes. I make some tests and > discover some things. When I do an "killall -9 pptpd" with 5 or 6 users or > more users connected on pptpd server, the machine crashs. > The problem maybe various users disconnecting at same time? Well.. I think > it. > Anybody have the same experience to help me?? > Maybe I need to change my pptpd version to development, but I don't like > this.. The development version is stable or had various security problems?? > > Thankz a lot and sorry for my poot English. > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From csjoshi at dishatech.com Mon Nov 5 22:18:44 2001 From: csjoshi at dishatech.com (Shekhar Joshi) Date: Tue, 06 Nov 2001 09:48:44 +0530 Subject: [pptp-server] Re: [similar problem, second posting References: <3BE3275D.7020605@yahoo.com> <3BE70A0B.8060405@yahoo.com> Message-ID: <3BE764A4.9CEAF172@dishatech.com> hi i too have a similar problem, iposted my message yesterday, but as yet no one has answer it, jut to be on record i am posting it again i am trying to implement a gateway-firewall solution using iptables on redhat 7.1, i also need to allow incoming vpn connections using pptp, and also need to allow around 15-20 outgoing vpn connections to a remote network. well allowing incoming connections through important is not urgent, but yes i need to be able to allow the outgoing vpn connections. currently i have just SNAT'd the vpn clients and allowed the the ports 1723 and protocol 47, does anyone have any detailed step by step info on how to implement the above. as of now i am able to allow outgoing vpn connections but the max limit is 4, why does it not allow more connections any ideas? actually after more than 4 connections, the client is able to authenticate but later it says infinitely trying port and hangs out on the w2k-vpn-client. regards Shekhar HVR wrote: > > Earlier i wrote the section below, after studying the problem some more > i realize i need to start hacking pptpctrl.c to allow for multiple > tunnels per ip-pair. can anyone on this list help me with this > enhancement? or point me to a (better) implementation of pptp that > allows multiple tunnels. if i dont do this they will go with a microsoft > solution :( > > HVR wrote: > > > i have multiple clients behind a linux box doing NAT/MASQ: the first > > client can connect just fine but once i start a 2nd one it somehow uses > > the same tunnel and things get really screwy. > > > > i searched the archives and found the trick to use ip aliasing on the > > pptpd server but then all the clients need to know which ip is free and > > which is used. another problem is that i will have dozens of clients so > > extra ips are not a scalable solution. > > > > now i am aware that this will break the pptp standard, but i have been > > told that the M$ implementation of pptp server will do this just fine > > buti really would like to create a linux based solution (if only to show > > them you do NOT need windows in here). > > > > Any leads/pointers on how i can solve my problem, if need be i will hack > > up the source code for pptpd, if someone can tell me were to start looking. > > > > H. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From Josh.Howlett at bristol.ac.uk Tue Nov 6 02:10:11 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Tue, 6 Nov 2001 08:10:11 +0000 (GMT) Subject: [pptp-server] Windows XP and ACCMs possible problem. In-Reply-To: <20011105144214.B11471@iland.net> Message-ID: Oddly, I had connection problems with the betas, but none with the final release. Linux 2.4.10 PoPToP 1.1.2 PPPD 2.4.1 josh. On Mon, 5 Nov 2001, Chris Kennedy wrote: > We cannot get a PPTP connection in Windows XP to pass > data, it will connect but just be a dead link. The odd > thing I notice is that the logs say... > 'CTRL: Ignored a SET LINK INFO packet with real ACCMs!' > I then modified the code to print out the SET_LINK_INFO > fields values, which were 'send_accm = 0 recv_accm = ffffffff' > and it says this in the code if they aren't both 0xffffffff. > I can see in the RFC that this setting can set other options > for the connection, which seems to have not been used in > Microsoft Clients until XP (and seems to be a Win2000K patch > that gets it into this broken state too). I am not sure where > to go with this, maby someone with much more knowledge of > this on the list can see more into what this all means, maby > this is just another error, and something else is broken in > XP's PPTP support. It seemed to work for users with XP betas, > up until the final release, where it broke first. Also another > interesting thing is if you setup 40bit encryption only on the > PPTP server, it barely works, like a few lines of the HTTP headers > then the packets stop, just a dribble of a connection. We are using > the following (tried it on poptop1.0.1 too)... > > PPTP PopTop 1.1.2 > Linux Kernel 2.4.2 > PPPD 2.4.0 > > Thanks, > Chris > -- > Chris Kennedy / ckennedy at iland.net / (660) 829-4638x117 > I-Land Internet Services / Network Operations Center > \|/ ____ \|/ > "@'/ .. \`@" > /_| \__/ |_\ > \__U_/ -Linux SPARC Kernel Oops > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From sjbotha at base.za.net Tue Nov 6 06:19:11 2001 From: sjbotha at base.za.net (Sarel Botha) Date: Tue, 6 Nov 2001 07:19:11 -0500 Subject: [pptp-server] Newbie trouble GRE fail In-Reply-To: <20011105195955.A7202@yahoo.com> Message-ID: Darn. It's a Linksys 'router' which is supposed to have support for PPTP. I can maybe replace it with a linux box. Where could I find the patch? Thanks Sarel PS. Could someone configure the mailing list to set a reply-to: header so replies go to the list by default? -----Original Message----- From: hvrietsc at yahoo.com [mailto:hvrietsc at yahoo.com] Sent: Monday, November 05, 2001 11:00 PM To: Sarel Botha Cc: hvrietsc at yahoo.com Subject: Re: [pptp-server] Newbie trouble GRE fail you need to apply the kernel patch to ipchains to properly apply NAt/MASQ so on the machine that is doinfg NAT/MASQ (assuming this is a linux box). On Mon, Nov 05, 2001 at 10:04:27PM -0500, Sarel Botha wrote: > > > I thought that could be my problem too. What can you do when the client is > behind a NAT firewall? I thought port 47 and 1723 have to be masqed and > that's it. Anything else? > > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > hvrietsc at yahoo.com > Sent: Monday, November 05, 2001 3:40 PM > To: Jorge Santos > Cc: pptp > Subject: Re: [pptp-server] Newbie trouble GRE fail > > > i think your problem is caused by the client being NATed > > On Mon, Nov 05, 2001 at 05:39:30PM -0000, Jorge Santos wrote: > > > > Hi all > > > > I've just installed pptp-1.0.1 on a RH 7.2 box with stock ppp. > > I use iptables allowing everything in from a specific host from where i'm > > trying to connect with a win98 box > > my ppp options file is as follows: > > > > debug > > auth > > require-chap > > proxyarp > > > > my pptp.conf is: > > > > debug > > localip 192.168.0.15-20 > > remoteip 192.168.0.21-254 > > pidfile /var/run/pptpd.pid > > > > so when i start pptp with the command: > > > > HOME=/etc/ppp/ > > /usr/sbin/pptpd -d > > > > and i try to connect from the w98 box i get the following log: > > > > Nov 5 17:44:03 k1 pptpd[7064]: MGR: Launching /usr/sbin/pptpctrl to > handle > > client > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Client 212.54.136.4 control > connection > > started > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Received PPTP Control Message (type: > > 1) > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Made a START CTRL CONN RPLY packet > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: I wrote 156 bytes to the client. > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Sent packet to client > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Received PPTP Control Message (type: > > 7) > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Set parameters to 0 maxbps, 16 > window > > size > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Made a OUT CALL RPLY packet > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Starting call (launching pppd, > opening > > GRE) > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: pty_fd = 4 > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: tty_fd = 5 > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: I wrote 32 bytes to the client. > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Sent packet to client > > Nov 5 17:44:03 k1 pptpd[7065]: CTRL (PPPD Launcher): Connection speed = > > 115200 > > Nov 5 17:44:03 k1 pppd[7065]: pppd 2.4.1 started by root, uid 0 > > Nov 5 17:44:03 k1 pppd[7065]: using channel 20 > > Nov 5 17:44:03 k1 pppd[7065]: Using interface ppp0 > > Nov 5 17:44:03 k1 pppd[7065]: Connect: ppp0 <--> /dev/pts/2 > > Nov 5 17:44:03 k1 pppd[7065]: sent [LCP ConfReq id=0x1 > > chap MD5> ] > > Nov 5 17:44:03 k1 pptpd[7064]: GRE: read(fd=5,buffer=bfffd6f0,len=8260) > > from network failed: status = -1 error = Protocol not available > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: GRE read or PTY write failed > > (gre,pty)=(5,4) > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Client 212.54.136.4 control > connection > > finished > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Exiting now > > Nov 5 17:44:03 k1 pppd[7065]: Modem hangup > > Nov 5 17:44:03 k1 pppd[7065]: Connection terminated. > > Nov 5 17:44:03 k1 pptpd[6820]: MGR: Reaped child 7064 > > Nov 5 17:44:03 k1 pppd[7065]: Exit. > > > > I can't seem to figure out whta's wrong. > > Can you help me please? > > Thanks in advance > > > > > > > > \_/ Jorge Alexandre Santos > > 'v' jorgesantos at valnetsado.pt > > // \\ Tel : 212327300 > > /( )\ Fax : 212327301 > > ^`~?^ Valnet Sado S.A. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From sjbotha at base.za.net Tue Nov 6 06:47:46 2001 From: sjbotha at base.za.net (Sarel Botha) Date: Tue, 6 Nov 2001 07:47:46 -0500 Subject: [pptp-server] Newbie trouble GRE fail In-Reply-To: <20011105195955.A7202@yahoo.com> Message-ID: I don't think this is true. I used to be able to use VPN across this Linksys router to access a 2.2.x box. Now, with 2.4.x on the server and still the same router it won't work. Sarel -----Original Message----- From: hvrietsc at yahoo.com [mailto:hvrietsc at yahoo.com] Sent: Monday, November 05, 2001 11:00 PM To: Sarel Botha Cc: hvrietsc at yahoo.com Subject: Re: [pptp-server] Newbie trouble GRE fail you need to apply the kernel patch to ipchains to properly apply NAt/MASQ so on the machine that is doinfg NAT/MASQ (assuming this is a linux box). On Mon, Nov 05, 2001 at 10:04:27PM -0500, Sarel Botha wrote: > > > I thought that could be my problem too. What can you do when the client is > behind a NAT firewall? I thought port 47 and 1723 have to be masqed and > that's it. Anything else? > > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > hvrietsc at yahoo.com > Sent: Monday, November 05, 2001 3:40 PM > To: Jorge Santos > Cc: pptp > Subject: Re: [pptp-server] Newbie trouble GRE fail > > > i think your problem is caused by the client being NATed > > On Mon, Nov 05, 2001 at 05:39:30PM -0000, Jorge Santos wrote: > > > > Hi all > > > > I've just installed pptp-1.0.1 on a RH 7.2 box with stock ppp. > > I use iptables allowing everything in from a specific host from where i'm > > trying to connect with a win98 box > > my ppp options file is as follows: > > > > debug > > auth > > require-chap > > proxyarp > > > > my pptp.conf is: > > > > debug > > localip 192.168.0.15-20 > > remoteip 192.168.0.21-254 > > pidfile /var/run/pptpd.pid > > > > so when i start pptp with the command: > > > > HOME=/etc/ppp/ > > /usr/sbin/pptpd -d > > > > and i try to connect from the w98 box i get the following log: > > > > Nov 5 17:44:03 k1 pptpd[7064]: MGR: Launching /usr/sbin/pptpctrl to > handle > > client > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Client 212.54.136.4 control > connection > > started > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Received PPTP Control Message (type: > > 1) > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Made a START CTRL CONN RPLY packet > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: I wrote 156 bytes to the client. > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Sent packet to client > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Received PPTP Control Message (type: > > 7) > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Set parameters to 0 maxbps, 16 > window > > size > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Made a OUT CALL RPLY packet > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Starting call (launching pppd, > opening > > GRE) > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: pty_fd = 4 > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: tty_fd = 5 > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: I wrote 32 bytes to the client. > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Sent packet to client > > Nov 5 17:44:03 k1 pptpd[7065]: CTRL (PPPD Launcher): Connection speed = > > 115200 > > Nov 5 17:44:03 k1 pppd[7065]: pppd 2.4.1 started by root, uid 0 > > Nov 5 17:44:03 k1 pppd[7065]: using channel 20 > > Nov 5 17:44:03 k1 pppd[7065]: Using interface ppp0 > > Nov 5 17:44:03 k1 pppd[7065]: Connect: ppp0 <--> /dev/pts/2 > > Nov 5 17:44:03 k1 pppd[7065]: sent [LCP ConfReq id=0x1 > > chap MD5> ] > > Nov 5 17:44:03 k1 pptpd[7064]: GRE: read(fd=5,buffer=bfffd6f0,len=8260) > > from network failed: status = -1 error = Protocol not available > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: GRE read or PTY write failed > > (gre,pty)=(5,4) > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Client 212.54.136.4 control > connection > > finished > > Nov 5 17:44:03 k1 pptpd[7064]: CTRL: Exiting now > > Nov 5 17:44:03 k1 pppd[7065]: Modem hangup > > Nov 5 17:44:03 k1 pppd[7065]: Connection terminated. > > Nov 5 17:44:03 k1 pptpd[6820]: MGR: Reaped child 7064 > > Nov 5 17:44:03 k1 pppd[7065]: Exit. > > > > I can't seem to figure out whta's wrong. > > Can you help me please? > > Thanks in advance > > > > > > > > \_/ Jorge Alexandre Santos > > 'v' jorgesantos at valnetsado.pt > > // \\ Tel : 212327300 > > /( )\ Fax : 212327301 > > ^`~?^ Valnet Sado S.A. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From Paul.Clark at scapatech.com Tue Nov 6 10:49:46 2001 From: Paul.Clark at scapatech.com (Paul.Clark at scapatech.com) Date: Tue, 6 Nov 2001 16:49:46 +0000 Subject: [pptp-server] Encrytion for win2k client. Message-ID: I have been trying to get pptp to work with encryption for a few days for Win 2000 clients. I can connect with no encription fine but as soon as I try to connect with encryption it fails with either error 619 or 742 on the client. This is all form a client with the high encryption pack installed for both 40 and 128 bit. Interestingly a identical machine without the high encryption pack works fine with 40bit encryption and when I installed the encryption pack it stopped working woth both types of encryption. Does anyone have any ideas why the encryption pack would be breaking connections with encryption. Thanks in advance Paul From mattgav at tempo.com.au Tue Nov 6 15:50:40 2001 From: mattgav at tempo.com.au (Matt Gavin) Date: Wed, 7 Nov 2001 08:50:40 +1100 Subject: [pptp-server] Encrytion for win2k client. In-Reply-To: Message-ID: I have a plane Jane Windows 2000 Pro client at home, have never installed any encryption packs on it. I can connect to my PoPToP VPN server at work with 40-Bit encryption enabled, but not 128 Bit encryption. I have not had time to fix it yet... Is your PoPToP server patched for 128 Bit encryption? Does 128 work with Win 9x? Matt -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Paul.Clark at scapatech.com Sent: Wednesday, 7 November 2001 3:50 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Encrytion for win2k client. I have been trying to get pptp to work with encryption for a few days for Win 2000 clients. I can connect with no encription fine but as soon as I try to connect with encryption it fails with either error 619 or 742 on the client. This is all form a client with the high encryption pack installed for both 40 and 128 bit. Interestingly a identical machine without the high encryption pack works fine with 40bit encryption and when I installed the encryption pack it stopped working woth both types of encryption. Does anyone have any ideas why the encryption pack would be breaking connections with encryption. Thanks in advance Paul _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From p.m.f.c at btinternet.com Tue Nov 6 16:43:58 2001 From: p.m.f.c at btinternet.com (Paul Clark) Date: Tue, 6 Nov 2001 22:43:58 -0000 Subject: [pptp-server] Encrytion for win2k client. In-Reply-To: Message-ID: Yes I have the PoPToP server patched for 128 bit encryption. And when i try to connect from a client that does not have the encryption pack it works fine for 40-Bit encryption and as you would expect not for 128 Bit encryption as the client does not support it without the encryption pack. As soon as I install the encryption pack encryption of any kind (40-Bit and 128Bit) does not work. I don't have a 98 client to test it on but it looks like the encryption pack is breaking something with the encryption. Paul -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Matt Gavin Sent: 06 November 2001 21:51 To: Paul.Clark at scapatech.com; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Encrytion for win2k client. I have a plane Jane Windows 2000 Pro client at home, have never installed any encryption packs on it. I can connect to my PoPToP VPN server at work with 40-Bit encryption enabled, but not 128 Bit encryption. I have not had time to fix it yet... Is your PoPToP server patched for 128 Bit encryption? Does 128 work with Win 9x? Matt -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Paul.Clark at scapatech.com Sent: Wednesday, 7 November 2001 3:50 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Encrytion for win2k client. I have been trying to get pptp to work with encryption for a few days for Win 2000 clients. I can connect with no encription fine but as soon as I try to connect with encryption it fails with either error 619 or 742 on the client. This is all form a client with the high encryption pack installed for both 40 and 128 bit. Interestingly a identical machine without the high encryption pack works fine with 40bit encryption and when I installed the encryption pack it stopped working woth both types of encryption. Does anyone have any ideas why the encryption pack would be breaking connections with encryption. Thanks in advance Paul _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From fmeini at robinson.it Wed Nov 7 05:34:26 2001 From: fmeini at robinson.it (Fiorenza Meini) Date: Wed, 7 Nov 2001 12:34:26 +0100 Subject: [pptp-server] pptp-server and xinetd Message-ID: <865DA6B364F6FA4783242FB524ACFB32076F69@robitn.robinsongroup> Hi there! Does pptp work under xinetd? Thanks Fiorenza Meini Robinson s.r.l From hvrietsc at yahoo.com Wed Nov 7 10:40:42 2001 From: hvrietsc at yahoo.com (HVR) Date: Wed, 07 Nov 2001 08:40:42 -0800 Subject: [pptp-server] pptp-server and xinetd References: <865DA6B364F6FA4783242FB524ACFB32076F69@robitn.robinsongroup> Message-ID: <3BE9640A.6050602@yahoo.com> yes! read the man page or the sourc for more info Fiorenza Meini wrote: > Hi there! > Does pptp work under xinetd? > > Thanks > > Fiorenza Meini > Robinson s.r.l > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From pptp at szczepanek.de Wed Nov 7 10:59:54 2001 From: pptp at szczepanek.de (Torge Szczepanek) Date: 07 Nov 2001 17:59:54 +0100 Subject: [pptp-server] Windows XP and ACCMs possible problem. In-Reply-To: <20011105144214.B11471@iland.net> References: <20011105144214.B11471@iland.net> Message-ID: <1005152395.1109.46.camel@cygnus> Am Mon, 2001-11-05 um 21.42 schrieb Chris Kennedy: > We cannot get a PPTP connection in Windows XP to pass > data, it will connect but just be a dead link. The odd > thing I notice is that the logs say... > XP's PPTP support. It seemed to work for users with XP betas, > up until the final release, where it broke first. Also another > interesting thing is if you setup 40bit encryption only on the > PPTP server, it barely works, like a few lines of the HTTP headers > then the packets stop, just a dribble of a connection. We are using > the following (tried it on poptop1.0.1 too)... I have exactly the same problems with users who have XP final and users who have Windows 2000 SP2 and all avaible updates installed. Is there anything which can be changed in the client or server to get this working properly? From sean at celsoft.com Wed Nov 7 11:39:37 2001 From: sean at celsoft.com (Sean O'Dell) Date: Wed, 07 Nov 2001 09:39:37 -0800 Subject: [pptp-server] Problem Connecting Win98 to pptpd on Linux Message-ID: <01110709393700.01363@area02> I'm stuck for what to try next getting Win98 connected to pptpd. I'll try and be brief: I am trying to establish a VPN between my home office and another office downtown. I followed the PoPToP documentation for installing a server under linux and almost have it working. I installed the Microsoft VPN adapter and have it, NDISWAN, TCP/IP and the dial-up adapter all happily connected together. What's wrong: I can connect my home computer to the remote server running pptpd, but it accepts ANY username/password (it seems to ignore what's in /etc/ppp/chao-secrets), it doesn't change my home computer's IP in any way (it retains the local private IP issued on boot-up) and I can't browse any shared folders/files on the remote network. Me: DSL linux kernel 2.4.2 iptables-based firewall single public ip masquerading private IPs of 192.168.1.0/254 DHCP issuing dynamic IPs in the private range Downtown: T1 linux kernel 2.4.2 iptables-based firewall (port 1723 is open and GRE packets are accepted) single public ip masquerading private IPs of 192.168.1.0/254 DHCP issuing dynamic IPs in the private range My home computer is behind a gateway/firewall and has a private masq IP of 192.168.1.2. The server is running a firewall and has a public internet IP and is running pptpd bound to the public IP, although it also masquerades IPs for the remote private network. I'm pretty sure I did EVERYTHING the documentation said to do, so I'm guessing I have made some basic, stupid mistake somewhere which is not covered in the documentation. Does anyone have any idea what I should be checking? What mis-configuration I may have done that would cause this? From sean at celsoft.com Wed Nov 7 14:49:44 2001 From: sean at celsoft.com (Sean O'Dell) Date: Wed, 07 Nov 2001 12:49:44 -0800 Subject: [pptp-server] Problem Connecting Win98 to pptpd on Linux In-Reply-To: References: Message-ID: <01110712494400.01825@area02> That actually solved one of the three problems! I was able to log in with authentication and the server rejected random username/passwords, but my local IP is still the same and I still can't browse the remote network. What might be causing that you think? Sean On Wednesday 07 November 2001 11:23 am, you wrote: > Put the auth option in the server config. Turn on "Log on to network" on > the client. > > Sarel > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Sean O'Dell > Sent: Wednesday, November 07, 2001 12:40 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Problem Connecting Win98 to pptpd on Linux > > > I'm stuck for what to try next getting Win98 connected to pptpd. I'll try > and be brief: > > I am trying to establish a VPN between my home office and another office > downtown. I followed the PoPToP documentation for installing a server > under linux and almost have it working. I installed the Microsoft VPN > adapter and have it, NDISWAN, TCP/IP and the dial-up adapter all happily > connected together. > > What's wrong: I can connect my home computer to the remote server running > pptpd, but it accepts ANY username/password (it seems to ignore what's in > /etc/ppp/chao-secrets), it doesn't change my home computer's IP in any way > (it retains the local private IP issued on boot-up) and I can't browse any > shared folders/files on the remote network. > > Me: > DSL > linux kernel 2.4.2 > iptables-based firewall > single public ip masquerading private IPs of 192.168.1.0/254 > DHCP issuing dynamic IPs in the private range > > Downtown: > T1 > linux kernel 2.4.2 > iptables-based firewall (port 1723 is open and GRE packets are accepted) > single public ip masquerading private IPs of 192.168.1.0/254 > DHCP issuing dynamic IPs in the private range > > My home computer is behind a gateway/firewall and has a private masq IP of > 192.168.1.2. The server is running a firewall and has a public internet IP > and is running pptpd bound to the public IP, although it also masquerades > IPs > for the remote private network. > > I'm pretty sure I did EVERYTHING the documentation said to do, so I'm > guessing I have made some basic, stupid mistake somewhere which is not > covered in the documentation. > > Does anyone have any idea what I should be checking? What > mis-configuration I may have done that would cause this? > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From wilson at zsu.org Thu Nov 8 16:35:27 2001 From: wilson at zsu.org (Wilson Chu) Date: Thu, 8 Nov 2001 14:35:27 -0800 Subject: [pptp-server] Windows 98 / Windows 2000 Problem. Message-ID: <20011108143527.A23592@zsu.org> I had the same problem before. win2k and win98 could not work at the same time. I'm using RedHat 7.1 linux 2.4.3 pptpd 1.1.2 and pppd 2.4.1. patch linux-2.4.4-openssl-0.9.6a-mppe.patch.gz and ppp-2.4.1-openssl-0.9.6-mppe-patch.gz Finally following config works for all win2k(128bit)i, win98(128 and 40 bit): vpn:/etc/ppp{65}# cat options name * lock debug mtu 1490 mru 1490 proxyarp auth idle 3600 +chap #This one is optional and may be omitted. #+chapms +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-40 mppe-stateless #nodeflate nobsdcomp Hopefully this help for others. > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > No, the require statements are not the "breakers". It is something > else. The options file he has is identical, excepting ip addresses > and system names, to the one I have been using for over a year now. > By the way, looks like you also used my combined patch. Cool! Anyway, > the options file, which is nearly identical to mine, has worked for > 9x/Me/NT/2k for a long time now. Something else is causing the > problem. > > PGP Signed! Why? > > "If all the personal computers in the world - > ~260 million computers - were put to work on a > single PGP-encrypted message, it would still > take an estimated 12 million times the age of > the universe, on average, to break a single message." > > - - William Crowell, > Deputy Director of the > National Security Agency, in testimony to the > U.S. Congress, March 20, 1997 > > - -----Original Message----- > From: robert [mailto:berzerke at swbell.net] > Sent: Thursday, May 10, 2001 7:38 PM > To: Kirk > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Windows 98 / Windows 2000 Problem. > > > ?= > > MIME-Version: 1.0 > Message-Id: <01051021381300.18517 at linux> > Content-Transfer-Encoding: 8bit > > On Thursday 10 May 2001 09:47, Kirk wrote: > > Ill give it a shot, I put it on the server already, but alas I dont > > run windoze at home :-) > > > > Does it have something to do with the order in which I > > wrote the config?? > > No. Certain config lines "break" things. I think the require lines > you have > are the breakers. However, once you have a working example, then you > can add > back one line at a time until it breaks. Then post so others can > learn what > lines to avoid. > > > > > Kirk > > > > >On Wed, 9 May 2001, robert wrote: > > > > > > > > > Try this config. Do not add anything to it or change it (except > > > for the name line and maybe adding a debug line)! > > > > > > name * > > > lock > > > mtu 1490 > > > mru 1490 > > > proxyarp > > > auth > > > +chap > > > +chapms > > > +chapms-v2 > > > ipcp-accept-local > > > ipcp-accept-remote > > > lcp-echo-failure 3 > > > lcp-echo-interval 5 > > > deflate 0 > > > mppe-128 > > > mppe-40 > > > mppe-stateless > > > > > > On Wednesday 09 May 2001 16:37, Kirk wrote: > > > > Hello, > > > > > > > > Im new to the list. I have been going thru the archives > > > > searching for a solution. The problem I've been having is with > > > > windows 2000 and 98 working at the same time. I found great > > > > examples in the archive and read _many_ posts. The root of the > > > > problem is that if I have it setup to work with 2000 (ie > > > > commenting out the mppe-40 in the options.pptp file) windows > > > > 2000 works fine and so does the beta 2 of windows XP, but then > > > > the windows 95/98/ME clients cannot pass data (yes they are > > > > using 128bit encryption). If I put back the mppe-40 windows > > > > 98/me work but then 2000/xp doesnt work. They all connect fine > > > > all the time, just no icmp & tcp traffic for who ever is the > > > > odd one out at the time. Im kind of in a catch 22 here. > > > > > > > > I can send my other configs if they are needed, didnt want to > > > > make my first post that long. > > > > > > > > Thanks in advance. > > > > Kirk > > > > > > > > System, RedHat 7.1 > > > > kernel 2.4.3 > > > > linux-2.4.0-openssl-0.9.6-mppe.patch > > > > ppp-2.4.0 > > > > smbpw-mppe-stripdom-requiremppe.diff > > > > pptpd-1.1.2 > > > > iptables for routing/firewalling > > > > > > > > ####options.pptp > > > > debug > > > > #kdebug 9 > > > > lock > > > > #proxyarp <-- tired this both commented out and not, made no > > > > difference name pptpd > > > > auth > > > > +chap > > > > +chapms > > > > +chapms-v2 > > > > chapms-strip-domain > > > > #mppe-40 > > > > mppe-128 > > > > mppe-stateless > > > > require-chap > > > > require-mppe > > > > require-mppe-stateless > > > > ms-wins 10.10.10.41 > > > > idle 1800 > > > > mtu 1490 > > > > mru 1490 > > > > ipcp-accept-local > > > > ipcp-accept-remote > > > > lcp-echo-failure 30 > > > > lcp-echo-interval 5 > > > > deflate 0 > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.8 for non-commercial use > > iQA/AwUBOvvpWheamMdwy9TXEQJtawCg339mcEkD/0VEYzQzw7PEfSHItJ4AoKcL > OOWaBRXB6MBkQXj2F5XQX8at > =Ovb5 > -----END PGP SIGNATURE----- > From magnus at vonkoeller.de Thu Nov 8 16:50:25 2001 From: magnus at vonkoeller.de (Magnus von Koeller) Date: Thu, 8 Nov 2001 23:50:25 +0100 Subject: [pptp-server] kernel 2.4.8...13, pptp/mppe problems In-Reply-To: <20011030141413.70787.qmail@web9601.mail.yahoo.com> References: <20011030141413.70787.qmail@web9601.mail.yahoo.com> Message-ID: <200111082346.31531@vonkoeller.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't know, I think I'm a little confused about how pptp development works. Is there anybody that is 'responsible' for the pptpd, the PPP MPPE Kernel module and the pppd patch? Like a maintainer, or maybe an origninal author? Or does anybody else feel responsible for fixings these problems with newer kernels? I still don't dare installing a new kernel because of the pains the switching around would be for my users if it doesn't work. This way I'm still running 2.4.2 which doesn't seem that good to me. On Tuesday 30 October 2001 15:14, you wrote: > i'm using linux-2.4.13 and got the same problems > with pptp/mppe (something like GRE: read error: ...) > i think there are some changes in > the kernel-error codes. here's my quick and dirty > resolution: > get pptpd-1.1.2, > open pptpgre.c, > change the line 462 to: return 0; > and recompile ppptd. > > for me it works fine, i hope some people work > out a better resolution. - -- - -M - ------- Magnus von Koeller ------ Georg-Westermann-Allee 76 / 38104 Braunschweig / Germany Phone: +49-(0)531/2094886 Mobile: +49-(0)179/4562940 lp1 on fire (One of the more obfuscated kernel messages) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE76ww0UIvM6e6BgFARAuIzAJ9Fxxvq6O5OCtzFNpDcn0H9JJ+HcQCgi0bJ 1JRg0HQy5iazrujrPK6z6QE= =BCJ8 -----END PGP SIGNATURE----- From simon_yuen at fujitsu.com.hk Fri Nov 9 02:15:06 2001 From: simon_yuen at fujitsu.com.hk (Simon Yuen) Date: Fri, 9 Nov 2001 16:15:06 +0800 Subject: [pptp-server] encryption problem? Message-ID: <00e501c168f6$a4491120$2a4210ac@ShenZhen> I read the document which titled "Setting up PPTPD on Linux Kernel 2.4 HOWTO". I followed the instruction which mentioned in the document. But I got following error when I use VPN with "encrypt data" from Win98 to make a connection.(I am using Kernel 2.4.7) Nov 9 15:44:42 localhost pppd[1480]: pppd 2.4.0 started by root, uid 0 Nov 9 15:44:42 localhost pppd[1480]: Using interface ppp0 Nov 9 15:44:42 localhost pppd[1480]: Connect: ppp0 <--> /dev/pts/2 Nov 9 15:44:45 localhost modprobe: modprobe: Can't locate module ppp-compress-18 Nov 9 15:44:45 localhost modprobe: modprobe: Can't locate module ppp-compress-18 Nov 9 15:44:45 localhost pppd[1480]: MSCHAP-v2 peer authentication succeeded for psdomain\\psuser Nov 9 15:44:46 localhost modprobe: modprobe: Can't locate module ppp-compress-18 Nov 9 15:44:46 localhost pppd[1480]: Cannot determine ethernet address for proxy ARP Nov 9 15:44:46 localhost pppd[1480]: local IP address 192.168.0.235 Nov 9 15:44:46 localhost pppd[1480]: remote IP address 192.168.1.235 Nov 9 15:44:46 localhost pppd[1480]: CCP terminated by peer Nov 9 15:44:46 localhost pppd[1480]: Compression disabled by peer. Nov 9 15:44:46 localhost pppd[1480]: LCP terminated by peer Nov 9 15:44:46 localhost pppd[1480]: Modem hangup Nov 9 15:44:46 localhost pppd[1480]: Connection terminated. Nov 9 15:44:46 localhost pppd[1480]: Connect time 0.1 minutes. Nov 9 15:44:46 localhost pppd[1480]: Sent 112 bytes, received 130 bytes. Nov 9 15:44:46 localhost pppd[1480]: Exit. How could I locate the module? Many thanks... -------------- next part -------------- An HTML attachment was scrubbed... URL: From wiedenfeld at moving-objects.de Fri Nov 9 04:30:37 2001 From: wiedenfeld at moving-objects.de (=?iso-8859-1?Q?J=F6rg_Wiedenfeld?=) Date: Fri, 9 Nov 2001 11:30:37 +0100 Subject: [pptp-server] my pptp-server hangs after much traffic Message-ID: Hi list, I have big trouble here. Six weeks ago I installed the pptp-server on my linux 2.4.4 system. Everything seems to be ok. My colleague connects to the server by winnt, win2000, win98 and linux clients on 40 or 128 bit encryption. I was happy. BUT, since one of my colleague got a wide-band (2mbit) internet connection the complett linix hangs on a upload transfer. No kernel panic only a hanging linux system. When I looking in the logs, I can only see the colleague logging in, after this the system stops. Have somebody any ideas about this problem ? I have checked the mailing archive but I did not found anything. please help me. J?rg Wiedenfeld --- Joerg Wiedenfeld - moving objects GmbH From khrys at transart.ro Fri Nov 9 05:53:36 2001 From: khrys at transart.ro (Cristian Gabor) Date: Fri, 9 Nov 2001 13:53:36 +0200 Subject: [pptp-server] Can't locate module tty-ldisc-3 Message-ID: <001601c16915$2a884d50$7867a8c0@corporate.transart.ro> I use kernel 2.4.10 on the pptp client and i get this error. Here is the log. Can someone tell me what i forgot to compile in my kernel or what is the problem? thanks Nov 9 14:45:33 istf (unknown)[2550]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c: 531]: Client connection established. Nov 9 14:45:34 istf (unknown)[2550]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c: 637]: Outgoing call established. Nov 9 14:45:34 istf pppd[2552]: pppd 2.4.0 started by root, uid 0 Nov 9 14:45:34 istf modprobe: modprobe: Can't locate module tty-ldisc-3 Nov 9 14:45:34 istf pppd[2552]: Couldn't set tty to PPP discipline: Invalid arg ument Nov 9 14:45:35 istf pppd[2552]: Exit. From Steve at SteveCowles.com Fri Nov 9 07:03:12 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 9 Nov 2001 07:03:12 -0600 Subject: [pptp-server] encryption problem? Message-ID: <90769AF04F76D41186C700A0C90AFC3EE8FB@defiant.infohiiway.com> -----Original Message----- From: Simon Yuen [mailto:simon_yuen at fujitsu.com.hk] Sent: Friday, November 09, 2001 2:15 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] encryption problem? I read the document which titled "Setting up PPTPD on Linux Kernel 2.4 HOWTO". I followed the instruction which mentioned in the document. But I got following error when I use VPN with "encrypt data" from Win98 to make a connection.(I am using Kernel 2.4.7) Nov 9 15:44:42 localhost pppd[1480]: pppd 2.4.0 started by root, uid 0 Nov 9 15:44:42 localhost pppd[1480]: Using interface ppp0 Nov 9 15:44:42 localhost pppd[1480]: Connect: ppp0 <--> /dev/pts/2 Nov 9 15:44:45 localhost modprobe: modprobe: Can't locate module ppp-compress-18 Nov 9 15:44:45 localhost modprobe: modprobe: Can't locate module ppp-compress-18 Nov 9 15:44:45 localhost pppd[1480]: MSCHAP-v2 peer authentication succeeded for psdomain\\psuser Nov 9 15:44:46 localhost modprobe: modprobe: Can't locate module ppp-compress-18 Did you add the proper aliases to your /etc/modules.conf file???? i.e. alias char-major-108 ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate Nov 9 15:44:46 localhost pppd[1480]: Cannot determine ethernet address for proxy ARP Nov 9 15:44:46 localhost pppd[1480]: local IP address 192.168.0.235 Nov 9 15:44:46 localhost pppd[1480]: remote IP address 192.168.1.235 Although this is a totally unrelated problem, in most cases, if it is not fixed, you will be unable to access any nodes on your LAN from the remote PPTP client. To fix: 1) Change the remote ip address range to be within the same network address range as your LAN. i.e. 192.168.0.x 2) If you must break out your remote PPTP clients into a separate network, then you will need to look at using a combination of ip aliasing and routing so that the PPTP server's interface can properly determine that it can act as a proxy arp for the remote PPTP clients. Nov 9 15:44:46 localhost pppd[1480]: CCP terminated by peer Nov 9 15:44:46 localhost pppd[1480]: Compression disabled by peer. Nov 9 15:44:46 localhost pppd[1480]: LCP terminated by peer Nov 9 15:44:46 localhost pppd[1480]: Modem hangup Nov 9 15:44:46 localhost pppd[1480]: Connection terminated. Nov 9 15:44:46 localhost pppd[1480]: Connect time 0.1 minutes. Nov 9 15:44:46 localhost pppd[1480]: Sent 112 bytes, received 130 bytes. Nov 9 15:44:46 localhost pppd[1480]: Exit. How could I locate the module? If you properly applied the MPPE patches to the kernel and pppd, then the resulting modules should be in the following directory: /lib/modules//kernel/drivers/net Many thanks... -------------- next part -------------- An HTML attachment was scrubbed... URL: From Steve at SteveCowles.com Fri Nov 9 07:07:32 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 9 Nov 2001 07:07:32 -0600 Subject: [pptp-server] Can't locate module tty-ldisc-3 Message-ID: <90769AF04F76D41186C700A0C90AFC3EE8FC@defiant.infohiiway.com> > -----Original Message----- > From: Cristian Gabor [mailto:khrys at transart.ro] > Sent: Friday, November 09, 2001 5:54 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Can't locate module tty-ldisc-3 > > > I use kernel 2.4.10 on the pptp client and i get this error. > Here is the log. > Can someone tell me what i forgot to compile in my kernel or > what is the problem? > > thanks > Add the following to your /etc/modules.conf file: alias char-major-108 ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate Then type: depmod -a Steve Cowles From fmeini at robinson.it Fri Nov 9 08:18:06 2001 From: fmeini at robinson.it (Fiorenza Meini) Date: Fri, 9 Nov 2001 15:18:06 +0100 Subject: [pptp-server] LCP unsupported protocol Message-ID: <865DA6B364F6FA4783242FB524ACFB32076F76@robitn.robinsongroup> Hi there, this is my platform where I installed PPTP: Linux SuSE 7.2 - 2.4.4 Kernel pppd version: 2.4.0 pptp version: 1.0.1 I have a strange behaviour: I can connect to pptp from some machines without problem, but from other (Windows 2000 Professional, Windows NT) I can connect, but I cannot ping my Linux box: the ip address is correctly assigned to the calling host, and routing table seem to be ok; from Linux I can see the connection, and from client I can see connection too, but both machine aren't reachable each other. I looked at my syslog file, I see: Nov 9 12:18:25 l01 pppd[14825]: rcvd [CCP ConfAck id=0x3 ] Nov 9 12:18:25 l01 pppd[14825]: MPPE 40 bit, stateless compression enabled Nov 9 12:18:25 l01 pppd[14825]: Script /etc/ppp/ip-up finished (pid 14830), status = 0x0 Nov 9 12:18:33 l01 pppd[14825]: rcvd [proto=0xd057] 19 89 42 cb fc a5 b9 52 94 6b ec 78 5b f2 dc be f6 03 a7 9e 25 bf bb 04 f4 a7 47 36 2c 15 6c 58 ... Nov 9 12:18:33 l01 pppd[14825]: Unsupported protocol 0xd057 received Nov 9 12:18:33 l01 pppd[14825]: sent [LCP ProtRej id=0x4 d0 57 19 89 42 cb fc a5 b9 52 94 6b ec 78 5b f2 dc be f6 03 a7 9e 25 bf bb 04 f4 a7 47 36 2c 15 ...] Nov 9 12:18:34 l01 pppd[14825]: rcvd [proto=0x8bd2] fe a6 f0 6e 9d 9e 58 9c bd 28 df 3d 23 9a 33 c0 8e 3e 2d 56 91 7d 58 0e 92 5e 60 62 11 c8 30 fb ... Nov 9 12:18:34 l01 pppd[14825]: Unsupported protocol 0x8bd2 received Nov 9 12:18:34 l01 pppd[14825]: sent [LCP ProtRej id=0x5 8b d2 fe a6 f0 6e 9d 9e 58 9c bd 28 df 3d 23 9a 33 c0 8e 3e 2d 56 91 7d 58 0e 92 5e 60 62 11 c8 ...] Nov 9 12:18:35 l01 pppd[14825]: rcvd [proto=0xe658] a9 fe c0 04 52 5e 1f df 19 16 f6 ac 5a d9 28 9f b2 60 94 cd 52 6f 03 45 e6 57 40 69 20 2c 07 14 ... Nov 9 12:18:35 l01 pppd[14825]: Unsupported protocol 0xe658 received Nov 9 12:18:35 l01 pppd[14825]: sent [LCP ProtRej id=0x6 e6 58 a9 fe c0 04 52 5e 1f df 19 16 f6 ac 5a d9 28 9f b2 60 94 cd 52 6f 03 45 e6 57 40 69 20 2c ...] Nov 9 12:18:55 l01 pppd[14825]: sent [LCP EchoReq id=0x1 magic=0xf784a278] Nov 9 12:18:55 l01 pppd[14825]: rcvd [LCP EchoRep id=0x1 magic=0x6d91] Nov 9 12:19:20 l01 pptpd[14824]: CTRL: Received PPTP Control Message (type: 12) Nov 9 12:19:20 l01 pptpd[14824]: CTRL: Made a CALL DISCONNECT RPLY packet Nov 9 12:19:20 l01 pptpd[14824]: CTRL: Received CALL CLR request (closing call) Nov 9 12:19:20 l01 pptpd[14824]: CTRL: I wrote 148 bytes to the client. Nov 9 12:19:20 l01 pptpd[14824]: CTRL: Sent packet to client What are these unsupported protocols? What does it means all that? I'd like to understand where is the problem: pptp or the client machine? Thanks Fiorenza Meini Robinson s.r.l. From fmeini at robinson.it Fri Nov 9 08:09:49 2001 From: fmeini at robinson.it (Fiorenza Meini) Date: Fri, 9 Nov 2001 15:09:49 +0100 Subject: [pptp-server] LCP unsupported protocol Message-ID: <865DA6B364F6FA4783242FB524ACFB32076F75@robitn.robinsongroup> Hi there, this is my platform where I installed PPTP: Linux SuSE 7.2 - 2.4.4 Kernel pppd version: 2.4.0 pptp version: 1.0.1 I have a strange behaviour: I can connect to pptp from some machines without problem, but from other (Windows 2000 Professional, Windows NT) I can connect, but I cannot ping my Linux box: the ip address is correctly assigned to the calling host, and routing table seem to be ok; from Linux I can see the connection, and from client I can see connection too, but both machine aren't reachable each other. I looked at my syslog file, I see: Nov 9 12:18:25 l01 pppd[14825]: rcvd [CCP ConfAck id=0x3 ] Nov 9 12:18:25 l01 pppd[14825]: MPPE 40 bit, stateless compression enabled Nov 9 12:18:25 l01 pppd[14825]: Script /etc/ppp/ip-up finished (pid 14830), status = 0x0 Nov 9 12:18:33 l01 pppd[14825]: rcvd [proto=0xd057] 19 89 42 cb fc a5 b9 52 94 6b ec 78 5b f2 dc be f6 03 a7 9e 25 bf bb 04 f4 a7 47 36 2c 15 6c 58 ... Nov 9 12:18:33 l01 pppd[14825]: Unsupported protocol 0xd057 received Nov 9 12:18:33 l01 pppd[14825]: sent [LCP ProtRej id=0x4 d0 57 19 89 42 cb fc a5 b9 52 94 6b ec 78 5b f2 dc be f6 03 a7 9e 25 bf bb 04 f4 a7 47 36 2c 15 ...] Nov 9 12:18:34 l01 pppd[14825]: rcvd [proto=0x8bd2] fe a6 f0 6e 9d 9e 58 9c bd 28 df 3d 23 9a 33 c0 8e 3e 2d 56 91 7d 58 0e 92 5e 60 62 11 c8 30 fb ... Nov 9 12:18:34 l01 pppd[14825]: Unsupported protocol 0x8bd2 received Nov 9 12:18:34 l01 pppd[14825]: sent [LCP ProtRej id=0x5 8b d2 fe a6 f0 6e 9d 9e 58 9c bd 28 df 3d 23 9a 33 c0 8e 3e 2d 56 91 7d 58 0e 92 5e 60 62 11 c8 ...] Nov 9 12:18:35 l01 pppd[14825]: rcvd [proto=0xe658] a9 fe c0 04 52 5e 1f df 19 16 f6 ac 5a d9 28 9f b2 60 94 cd 52 6f 03 45 e6 57 40 69 20 2c 07 14 ... Nov 9 12:18:35 l01 pppd[14825]: Unsupported protocol 0xe658 received Nov 9 12:18:35 l01 pppd[14825]: sent [LCP ProtRej id=0x6 e6 58 a9 fe c0 04 52 5e 1f df 19 16 f6 ac 5a d9 28 9f b2 60 94 cd 52 6f 03 45 e6 57 40 69 20 2c ...] Nov 9 12:18:55 l01 pppd[14825]: sent [LCP EchoReq id=0x1 magic=0xf784a278] Nov 9 12:18:55 l01 pppd[14825]: rcvd [LCP EchoRep id=0x1 magic=0x6d91] Nov 9 12:19:20 l01 pptpd[14824]: CTRL: Received PPTP Control Message (type: 12) Nov 9 12:19:20 l01 pptpd[14824]: CTRL: Made a CALL DISCONNECT RPLY packet Nov 9 12:19:20 l01 pptpd[14824]: CTRL: Received CALL CLR request (closing call) Nov 9 12:19:20 l01 pptpd[14824]: CTRL: I wrote 148 bytes to the client. Nov 9 12:19:20 l01 pptpd[14824]: CTRL: Sent packet to client What are the unsupported protocols? What does it means? I'd like to understand where is the problem: pptp or the client machine? Thanks Fiorenza Meini Robinson s.r.l. From chris at ooc2000.com Fri Nov 9 10:23:05 2001 From: chris at ooc2000.com (Chris) Date: Fri, 09 Nov 2001 10:23:05 -0600 Subject: [pptp-server] Current docs? Message-ID: <5.1.0.14.0.20011109101952.00b12f08@www.carttest.com> Howdy all, Before I install PopTop, I was wondering if there are some fresher docs than what's available on lineo.poptop.org. Now don't get me wrong, I don't mean to be critical of the authors of such docs, because they've done a fine job. But they seem to refer to PopTop 0.9, and pppd 2.3.x, and I can't help but think a fella like myself would be better off making sure his docs are as up to date as possible. In particular, I'd like to know if the config file information is accurate, and if all the stuff about applying the MS patch to pppd-2.3.8 is still necessary for pppd-2.4.1. Much obliged, CC From markp at nonlinear.com Fri Nov 9 10:23:59 2001 From: markp at nonlinear.com (Mark Pearson) Date: Fri, 9 Nov 2001 16:23:59 -0000 Subject: [pptp-server] Out Of Order Packets (NOT GRE) Message-ID: Any ideas on this one? My VPN keeps kicking people off, but does not seem to reset their packet count. When they reconnect it thinks they have pass higher numbered packets and refuses to operate! This happens continually :-( (Windows 2000 clients) Here is some stuff from the log i can provide further if neccessary. Nov 9 16:52:00 vern pptpd[636]: CTRL: pppd options file = /etc/ppp/options.pptp Nov 9 16:52:00 vern pptpd[636]: CTRL: Client 192.168.0.123 control connection started Nov 9 16:52:00 vern pptpd[636]: CTRL: Received PPTP Control Message (type: 1) Nov 9 16:52:00 vern pptpd[636]: CTRL: Made a START CTRL CONN RPLY packet Nov 9 16:52:00 vern pptpd[636]: CTRL: I wrote 156 bytes to the client. Nov 9 16:52:00 vern pptpd[636]: CTRL: Sent packet to client Nov 9 16:52:00 vern pptpd[636]: CTRL: Received PPTP Control Message (type: 7) Nov 9 16:52:00 vern pptpd[636]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Nov 9 16:52:00 vern pptpd[636]: CTRL: Made a OUT CALL RPLY packet Nov 9 16:52:00 vern pptpd[636]: CTRL: Starting call (launching pppd, opening GRE) Nov 9 16:52:00 vern pptpd[636]: CTRL: pty_fd = 5 Nov 9 16:52:00 vern pptpd[636]: CTRL: tty_fd = 6 Nov 9 16:52:00 vern pptpd[636]: CTRL: I wrote 32 bytes to the client. Nov 9 16:52:00 vern pptpd[637]: CTRL (PPPD Launcher): Connection speed = 115200 Nov 9 16:52:00 vern pptpd[637]: CTRL (PPPD Launcher): local address = 192.168.0.124 Nov 9 16:52:00 vern pptpd[637]: CTRL (PPPD Launcher): remote address = 192.168.0.124 Nov 9 16:52:00 vern pptpd[636]: CTRL: Sent packet to client Nov 9 16:52:00 vern pppd[637]: pppd 2.4.0 started by root, uid 0 Nov 9 16:52:00 vern pppd[637]: using channel 4 Nov 9 16:52:00 vern pppd[637]: Using interface ppp1 Nov 9 16:52:00 vern pppd[637]: Connect: ppp1 <--> /dev/pts/2 Nov 9 16:52:00 vern pppd[637]: sent [LCP ConfReq id=0x1 ] Nov 9 16:52:01 vern pptpd[636]: CTRL: Received PPTP Control Message (type: 15) Nov 9 16:52:01 vern pptpd[636]: CTRL: Got a SET LINK INFO packet with standard ACCMs Nov 9 16:52:01 vern pptpd[590]: Discarding out-of-order packet 0, already have 109 Nov 9 16:52:01 vern pppd[637]: rcvd [LCP ConfReq id=0x0 ] Nov 9 16:52:01 vern pppd[637]: sent [LCP ConfRej id=0x0 ] ****Nov 9 16:52:01 vern pptpd[590]: Discarding out-of-order packet 1, already have 109 Nov 9 16:52:01 vern pppd[637]: rcvd [LCP ConfNak id=0x1 ] Nov 9 16:52:01 vern pppd[637]: sent [LCP ConfReq id=0x2 ] ****Nov 9 16:52:01 vern pptpd[590]: Discarding out-of-order packet 2, already have 109 Nov 9 16:52:01 vern pppd[637]: rcvd [LCP ConfReq id=0x1 ] Nov 9 16:52:01 vern pppd[637]: sent [LCP ConfAck id=0x1 ] ****Nov 9 16:52:01 vern pptpd[590]: Discarding out-of-order packet 3, already have 109 Nov 9 16:52:01 vern pppd[637]: rcvd [LCP ConfAck id=0x2 ] Nov 9 16:52:01 vern pppd[637]: sent [LCP EchoReq id=0x0 magic=0xe642dec6] Nov 9 16:52:01 vern pppd[637]: cbcp_lowerup Nov 9 16:52:01 vern pppd[637]: want: 2 Nov 9 16:52:01 vern pppd[637]: sent [CHAP Challenge id=0x1 <0ce3144fb61c0e4fd02c49ced4772b29>, name = "vern"] Nov 9 16:52:01 vern pptpd[636]: CTRL: Received PPTP Control Message (type: 15) Nov 9 16:52:01 vern pptpd[636]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Nov 9 16:52:01 vern pptpd[590]: Discarding out-of-order packet 4, already have 109 Nov 9 16:52:01 vern pppd[637]: rcvd [LCP code=0xc id=0x2 5f 42 7d 0b 4d 53 52 41 53 56 35 2e 30 30] Nov 9 16:52:01 vern pppd[637]: sent [LCP CodeRej id=0x3 0c 02 00 12 5f 42 7d 0b 4d 53 52 41 53 56 35 2e 30 30] Nov 9 16:52:01 vern pptpd[590]: Discarding out-of-order packet 5, already have 109 Nov 9 16:52:01 vern pppd[637]: rcvd [LCP code=0xc id=0x3 5f 42 7d 0b 4d 53 52 41 53 2d 31 2d 41 4e 44 59 5f 48] Nov 9 16:52:01 vern pppd[637]: sent [LCP CodeRej id=0x4 0c 03 00 16 5f 42 7d 0b 4d 53 52 41 53 2d 31 2d 41 4e 44 59 5f 48] My Options file: debug name XXX mru 1450 mtu 1450 auth ms-wins 192.168.0.124 require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless Mark From dmitri at arvid.ee Fri Nov 9 10:49:14 2001 From: dmitri at arvid.ee (Dmitri Gofmekler) Date: Fri, 9 Nov 2001 18:49:14 +0200 Subject: [pptp-server] MSN Messenger. Message-ID: <001501c1693e$76a5f100$0500a8c0@arvid.ee> Hello all, If a poptop server is setup for giving an access to internal network on linux box and vpn client work on WinNT 4.0 sp6a machine, should the MSN Messenger service voice and files connctions go thru VPN tunnel or not? MSN Messenger seems to trying to establish a direct connction thru default gateway? How to poing such connections thru VPN gateway? Thanks in advance, Dmitri. From knollst at tronicplanet.de Sat Nov 10 06:29:06 2001 From: knollst at tronicplanet.de (knollst at tronicplanet.de) Date: Sat, 10 Nov 2001 13:29:06 +0100 (MET) Subject: [pptp-server] linux to linux pptp connection Message-ID: <1005395346.3bed1d92ac3e1@webmail.tronicplanet.de> hello, we have a linux pptp-server running and all windows clients have no problem in connecting and sending data over the tunnel. But now we try to get a linux pptp-client get a connection to the same server and encounter several problems. Till now we managed it to build the tunnel between the machines and send some pings over the tunnel but after a certain time we get a timeout message that 10 echo-requests were not replied by the other machine. What is the cause for that strange behavior? Somebody had the same problem? How can we fix it? ------------------------------------------------- This mail sent through IMP: webmail.tronicplanet.de From jvonau at home.com Sat Nov 10 10:28:57 2001 From: jvonau at home.com (Jerry Vonau) Date: Sat, 10 Nov 2001 10:28:57 -0600 Subject: [pptp-server] linux to linux pptp connection References: <1005395346.3bed1d92ac3e1@webmail.tronicplanet.de> Message-ID: <3BED55C9.D050BC2B@home.com> I had that problem, the cause, internet route between the 2 boxes was a little flakey. Doing a ping to the public ip showed dropped packets. dropped packets = dropped tunnel. On a solid connection, the tunnels stay up for me, the longest was about 6 weeks, then some internet problems on my isp's upstream, dropped the tunnel..... The fix is to have a reliable isp and hope their upstream is reliable. Jerry Vonau knollst at tronicplanet.de wrote: > > hello, > > we have a linux pptp-server running and all windows clients have no problem in > connecting and sending data over the tunnel. But now we try to get a linux > pptp-client get a connection to the same server and encounter several problems. > Till now we managed it to build the tunnel between the machines and send some > pings over the tunnel but after a certain time we get a timeout message that 10 > echo-requests were not replied by the other machine. What is the cause for that > strange behavior? Somebody had the same problem? How can we fix it? > > ------------------------------------------------- > This mail sent through IMP: webmail.tronicplanet.de > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From teastep at shorewall.net Sat Nov 10 10:35:00 2001 From: teastep at shorewall.net (Tom Eastep) Date: Sat, 10 Nov 2001 08:35:00 -0800 Subject: [pptp-server] linux to linux pptp connection In-Reply-To: <3BED55C9.D050BC2B@home.com> References: <1005395346.3bed1d92ac3e1@webmail.tronicplanet.de> <3BED55C9.D050BC2B@home.com> Message-ID: <20011110163500.D21A5ACF0@mail.shorewall.net> On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: > The fix is to have a reliable isp and hope their upstream is reliable. > Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've found FreeS/Wan to be more reliable than PPTP. -Tom -- Tom Eastep \ teastep at shorewall.net AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \_________________________ From jvonau at home.com Sat Nov 10 11:49:40 2001 From: jvonau at home.com (Jerry Vonau) Date: Sat, 10 Nov 2001 11:49:40 -0600 Subject: [pptp-server] linux to linux pptp connection References: <1005395346.3bed1d92ac3e1@webmail.tronicplanet.de> <3BED55C9.D050BC2B@home.com> <20011110163500.D21A5ACF0@mail.shorewall.net> Message-ID: <3BED68B4.E91C61E9@home.com> Tom: Just figured out vtund, I'm testing it now. Have you played with it? Seems stable. Jerry Vonau Tom Eastep wrote: > > On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: > > > The fix is to have a reliable isp and hope their upstream is reliable. > > > > Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've found > FreeS/Wan to be more reliable than PPTP. > > -Tom > -- > Tom Eastep \ teastep at shorewall.net > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \_________________________ From berzerke at swbell.net Sat Nov 10 23:37:40 2001 From: berzerke at swbell.net (robert) Date: Sat, 10 Nov 2001 23:37:40 -0600 Subject: [pptp-server] Current docs? In-Reply-To: <5.1.0.14.0.20011109101952.00b12f08@www.carttest.com> References: <5.1.0.14.0.20011109101952.00b12f08@www.carttest.com> Message-ID: <0GMM000XAFLK67@mta4.rcsntx.swbell.net> There is a 2.4 kernel howto at http://home.swbell.net/berzerke On Friday 09 November 2001 10:23 am, Chris wrote: > Howdy all, > > Before I install PopTop, I was wondering if there are some fresher docs > than what's available on lineo.poptop.org. Now don't get me wrong, I don't > mean to be critical of the authors of such docs, because they've done a > fine job. But they seem to refer to PopTop 0.9, and pppd 2.3.x, and I can't > help but think a fella like myself would be better off making sure his docs > are as up to date as possible. In particular, I'd like to know if the > config file information is accurate, and if all the stuff about applying > the MS patch to pppd-2.3.8 is still necessary for pppd-2.4.1. > > Much obliged, > CC > From berzerke at swbell.net Sat Nov 10 23:49:13 2001 From: berzerke at swbell.net (robert) Date: Sat, 10 Nov 2001 23:49:13 -0600 Subject: [pptp-server] MSN Messenger. In-Reply-To: <001501c1693e$76a5f100$0500a8c0@arvid.ee> References: <001501c1693e$76a5f100$0500a8c0@arvid.ee> Message-ID: <0GMM000PPG4T66@mta4.rcsntx.swbell.net> In the client VPN setup (dial-up networking, etc), under TCP/IP properties if memory serves me correctly, is the option to use the VPN as the default gateway. Check that box. On Friday 09 November 2001 10:49 am, Dmitri Gofmekler wrote: > Hello all, > > If a poptop server is setup for giving an access to internal network on > linux box and vpn client work on WinNT 4.0 sp6a machine, should the MSN > Messenger service voice and files connctions go thru VPN tunnel or not? MSN > Messenger seems to trying to establish a direct connction thru default > gateway? How to poing such connections thru VPN gateway? > > > Thanks in advance, > Dmitri. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From adrien.vdb at wanadoo.fr Sun Nov 11 05:50:04 2001 From: adrien.vdb at wanadoo.fr (Adrien van den Bossche) Date: Sun, 11 Nov 2001 12:50:04 +0100 Subject: [pptp-server] Server IP with --with-pppd-ip-alloc compilation Message-ID: <001e01c16aa7$00bc2ee0$6f01a8c0@oxford.org> Hi everybody ! Here is my problem: I have compiled pptpd with the option --with-ppd-ip-alloc because I want a static IP for each user of my server (The IPs are writed in the chap-secrets file) and a static adress for the server (192.168.1.1). But since I have compiled pptpd with the option --with-ppd-ip-alloc, the program works fine with every client (each user has his/her IP) but the server hasn't got the adress 192.168.1.1 anymore. Does the compilation --with-ppd-ip-alloc makes unusuable the localip 192.168.100.1 option of pptpd.conf file ?!? Thanks Adrien -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlieb at e-smith.com Sun Nov 11 10:38:50 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Sun, 11 Nov 2001 11:38:50 -0500 (EST) Subject: [pptp-server] Server IP with --with-pppd-ip-alloc compilation In-Reply-To: <001e01c16aa7$00bc2ee0$6f01a8c0@oxford.org> Message-ID: On Sun, 11 Nov 2001, Adrien van den Bossche wrote: > his/her IP) but the server hasn't got the adress 192.168.1.1 anymore. > Does the compilation --with-ppd-ip-alloc makes unusuable the localip > 192.168.100.1 option of pptpd.conf file ?!? I'd guess not. Have you tried "192.168.1.1:" in your pppd options? Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From dmitri at arvid.ee Mon Nov 12 02:48:50 2001 From: dmitri at arvid.ee (Dmitri Gofmekler) Date: Mon, 12 Nov 2001 10:48:50 +0200 Subject: [pptp-server] MSN Messenger. References: <001501c1693e$76a5f100$0500a8c0@arvid.ee> <0GMM000PPG4T66@mta4.rcsntx.swbell.net> Message-ID: <001f01c16b56$dafabef0$0500a8c0@arvid.ee> Thanks a lot, it works. I had manually edited a route table each time before :) Dmitri. ----- Original Message ----- From: "robert" To: "Dmitri Gofmekler" ; Sent: Sunday, November 11, 2001 7:49 AM Subject: Re: [pptp-server] MSN Messenger. > In the client VPN setup (dial-up networking, etc), under TCP/IP properties if > memory serves me correctly, is the option to use the VPN as the default > gateway. Check that box. > > On Friday 09 November 2001 10:49 am, Dmitri Gofmekler wrote: > > Hello all, > > > > If a poptop server is setup for giving an access to internal network on > > linux box and vpn client work on WinNT 4.0 sp6a machine, should the MSN > > Messenger service voice and files connctions go thru VPN tunnel or not? MSN > > Messenger seems to trying to establish a direct connction thru default > > gateway? How to poing such connections thru VPN gateway? > > > > > > Thanks in advance, > > Dmitri. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From mailinglists at avati.com.br Mon Nov 12 06:19:42 2001 From: mailinglists at avati.com.br (Leonardo Pimenta Gonzalez) Date: Mon, 12 Nov 2001 10:19:42 -0200 Subject: [pptp-server] Authentication in Mysql Message-ID: <20011112122138.8F594D1431@poontang.schulte.org> Hellow Guys, Anybody knows a way (module) to authenticate on Vpn PPTP server directly in mysql database in opposite of chap-secrets? Thanks a lot. From iso9 at phantasticant.com Mon Nov 12 12:42:35 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Mon, 12 Nov 2001 10:42:35 -0800 Subject: [pptp-server] linux to linux pptp connection In-Reply-To: <3BED68B4.E91C61E9@home.com> Message-ID: I'd have to agree that FreeS/WAN is probably what you want to go with. I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) Also, you have the bonus that it interoperates with other IPSec implementations (an advantage you don't have with vtund). I set up FreeS/WAN for connectivity to our backside LAN at the colo center (connecting to a Netscreen100 firewall), and since then have been easily able to add in tunnels for my network at home (FreeS/WAN) and to a coworker's Win2k box. Plus, I really feel that the experience you gain in setting up a FreeS/WAN tunnel is far more broadly applicable to other IPSec installations than setting up some proprietary tunneling product (such as vtund). There's no way I'd ever use PPTP to tunnel two LANs together, if I had a choice. PPTP is for remote access, IMHO. Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry Vonau Sent: Saturday, November 10, 2001 9:50 AM To: Tom Eastep Cc: knollst at tronicplanet.de; pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux to linux pptp connection Tom: Just figured out vtund, I'm testing it now. Have you played with it? Seems stable. Jerry Vonau Tom Eastep wrote: > > On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: > > > The fix is to have a reliable isp and hope their upstream is reliable. > > > > Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've found > FreeS/Wan to be more reliable than PPTP. > > -Tom > -- > Tom Eastep \ teastep at shorewall.net > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \_________________________ _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From allanc at caldera.com Mon Nov 12 14:49:59 2001 From: allanc at caldera.com (Allan Clark) Date: Mon, 12 Nov 2001 15:49:59 -0500 Subject: [pptp-server] Failed CCP on linux-2.4.9/MS VPN 128-bit Message-ID: <3BF035F7.6450E31F@caldera.com> Hey everyone; So I grabbed ppp-2.4.1, patched as per poptop.lineo.com, built a ppp_mppe.o module in my kernel tree. I'm using linux-2.4.9 since that's a Caldera 3.1.1 beta-2 release. I've got poptop receiving a connection and authenticating, but it seems to be rejecting CCP handshaking. The key parts are below, followed by the full dump (it's a protected system, so nothing's really been altered). The handshake seems to be saying: Linux: req MSVPN: req Linux: no lzs MSVPN: no , how about Linux: req a config MSVPN: Linux: no , how about MSVPN: ok Linux: huh? (Received bad configure-ack) MSVPN: how about Linux: no , how about MSVPN: how about no config Linux: OK MSVPN: disconnect... (The client has "require encryption" activated) Is this what's happening? For some reason, the client is never asking for , which seems to be 40-bit stateless MPPE from past email on this list. Any ideas? Allan Clark (as in "Allan's Blenderfier") CCP part of the interaction: > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfReq id=0x1 ] > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x1 ] > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfRej id=0x1 ] > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfNak id=0x1 ] > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfReq id=0x2] > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x2 ] > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfNak id=0x2 ] > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2] > > Nov 12 15:04:21 grinder pppd[13795]: Received bad configure-ack: > > Nov 12 15:04:21 grinder pppd[13795]: local IP address 192.168.55.1 > > Nov 12 15:04:21 grinder pppd[13795]: remote IP address 192.168.55.2 > > Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-up started (pid 13801) > > Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-up finished (pid 13801), status = 0x0 > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x3 ] > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfRej id=0x3 ] > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x4] > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfAck id=0x4] > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP TermReq id=0x5] > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP TermAck id=0x5] > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [LCP TermReq id=0x2] > > Nov 12 15:04:21 grinder pppd[13795]: LCP terminated by peer Full interaction: > Nov 12 15:04:21 grinder pppd[13795]: pppd 2.4.1 started by root, uid 0 > Nov 12 15:04:21 grinder pppd[13795]: using channel 7 > Nov 12 15:04:21 grinder pppd[13795]: Using interface ppp0 > Nov 12 15:04:21 grinder pppd[13795]: Connect: ppp0 <--> /dev/pts/2 > Nov 12 15:04:21 grinder pppd[13795]: sent [LCP ConfReq id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [LCP ConfReq id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: sent [LCP ConfAck id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [LCP ConfAck id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: sent [LCP EchoReq id=0x0 magic=0x4777c500] > Nov 12 15:04:21 grinder pppd[13795]: sent [CHAP Challenge id=0x1 <80f11fec93478cfe510f497183a25153>, name = "*"] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [LCP EchoRep id=0x0 magic=0xdf36d0] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CHAP Response id=0x1 <28f22ad41e8fd74da0ba7fcf9ec4cab80000000000000000ffa0b7a9c7b76b56312d2b272313a14f4ec5b1d85846815304>, name = "allanc"] > Nov 12 15:04:21 grinder pppd[13795]: sent [CHAP Success id=0x1 "S=2648381881F34A24C827B7B9D75A0A1205579723"] > Nov 12 15:04:21 grinder pppd[13795]: sent [IPCP ConfReq id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfReq id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: MSCHAP-v2 peer authentication succeeded for allanc > Nov 12 15:04:21 grinder pppd[13795]: rcvd [IPCP ConfReq id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: sent [IPCP ConfRej id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfRej id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [IPCP ConfAck id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfNak id=0x1 ] > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfReq id=0x2] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [IPCP ConfReq id=0x2 ] > Nov 12 15:04:21 grinder pppd[13795]: sent [IPCP ConfNak id=0x2 ] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x2 ] > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfNak id=0x2 ] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2] > Nov 12 15:04:21 grinder pppd[13795]: Received bad configure-ack: > Nov 12 15:04:21 grinder pppd[13795]: rcvd [IPCP ConfReq id=0x3 ] > Nov 12 15:04:21 grinder pppd[13795]: sent [IPCP ConfAck id=0x3 ] > Nov 12 15:04:21 grinder pppd[13795]: local IP address 192.168.55.1 > Nov 12 15:04:21 grinder pppd[13795]: remote IP address 192.168.55.2 > Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-up started (pid 13801) > Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-up finished (pid 13801), status = 0x0 > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x3 ] > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfRej id=0x3 ] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x4] > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfAck id=0x4] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP TermReq id=0x5] > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP TermAck id=0x5] > Nov 12 15:04:21 grinder pppd[13795]: rcvd [LCP TermReq id=0x2] > Nov 12 15:04:21 grinder pppd[13795]: LCP terminated by peer > Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-down started (pid 13802) > Nov 12 15:04:21 grinder pppd[13795]: sent [LCP TermAck id=0x2] > Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-down finished (pid 13802), status = 0x0 > Nov 12 15:04:21 grinder pptpd[13794]: CTRL: Error with select(), quitting > Nov 12 15:04:21 grinder pptpd[13794]: CTRL: Client 132.147.103.230 control connection finished > Nov 12 15:04:21 grinder pppd[13795]: Modem hangup > Nov 12 15:04:21 grinder pppd[13795]: Connection terminated. > Nov 12 15:04:21 grinder pppd[13795]: Connect time 0.0 minutes. > Nov 12 15:04:21 grinder pppd[13795]: Sent 121 bytes, received 145 bytes. > Nov 12 15:04:21 grinder pppd[13795]: Exit. > Nov 12 15:05:01 grinder crond[13810]: (root) CMD (/sbin/rmmod -a) > [root at grinder vpn]# /etc/ppp/options: (as per Wilson Chu) name * lock debug mtu 1490 mru 1490 #proxyarp auth idle 3600 +chap #This one is optional and may be omitted. #+chapms +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-40 mppe-stateless #nodeflate nobsdcomp [root at grinder]# grep -v '^#' /etc/pptpd.conf localip 192.168.55.1 remoteip 192.168.55.2-240 From charlieb at e-smith.com Mon Nov 12 14:59:44 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 12 Nov 2001 15:59:44 -0500 (EST) Subject: [pptp-server] Failed CCP on linux-2.4.9/MS VPN 128-bit In-Reply-To: <3BF035F7.6450E31F@caldera.com> Message-ID: On Mon, 12 Nov 2001, Allan Clark wrote: > Linux: req a config > MSVPN: > Linux: no , how about > MSVPN: ok > Linux: huh? (Received bad configure-ack) Should the "ok" have been "ok, mppe 1 0 0 60"? i.e. > > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfReq id=0x2] > > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x2 ] > > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfNak id=0x2 ] > > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2] Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2 ] -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From allanc at caldera.com Mon Nov 12 15:11:47 2001 From: allanc at caldera.com (Allan Clark) Date: Mon, 12 Nov 2001 16:11:47 -0500 Subject: [pptp-server] Failed CCP on linux-2.4.9/MS VPN 128-bit References: Message-ID: <3BF03B13.6916EA77@caldera.com> Charlie; I think that's what it's saying: the MSVPN seems to be acknowledging the offer from the linux side of mppe 1 0 0 60, but the linux side doesn't seem to expect this ack, as indicated by the following log message from the full trace: > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x2 ] > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfNak id=0x2 ] > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2] > > Nov 12 15:04:21 grinder pppd[13795]: Received bad configure-ack: > > Nov 12 15:04:21 grinder pppd[13795]: local IP address 192.168.55.1 > > Nov 12 15:04:21 grinder pppd[13795]: remote IP address 192.168.55.2 There are people on this list who claim to have a 128-bit functioning, so I'm wondering if they receive the same log messages. Allan Charlie Brady wrote: > > On Mon, 12 Nov 2001, Allan Clark wrote: > > > Linux: req a config > > MSVPN: > > Linux: no , how about > > MSVPN: ok > > Linux: huh? (Received bad configure-ack) > > Should the "ok" have been "ok, mppe 1 0 0 60"? > > i.e. > > > > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfReq id=0x2] > > > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x2 ] > > > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfNak id=0x2 ] > > > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2] > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2 ] > > -- > > Charlie Brady charlieb at e-smith.com > Lead Product Developer > Network Server Solutions Group http://www.e-smith.com/ > Mitel Networks Corporation http://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From charlieb at e-smith.com Mon Nov 12 15:32:11 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 12 Nov 2001 16:32:11 -0500 (EST) Subject: [pptp-server] Failed CCP on linux-2.4.9/MS VPN 128-bit In-Reply-To: <3BF03B13.6916EA77@caldera.com> Message-ID: On Mon, 12 Nov 2001, Allan Clark wrote: > I think that's what it's saying: the MSVPN seems to be acknowledging the > offer from the linux side of mppe 1 0 0 60, but the linux side doesn't > seem to expect this ack, as indicated by the following log message from > the full trace: It seems to be to be complaining about the syntax of the Ack. As I said, I suspect that the Ack should restate the agreed upon config. I haven't checked the RFC, and don't know it in any detail, so I can't say for sure. > > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x2 ] > > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfNak id=0x2 ] > > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2] > > > Nov 12 15:04:21 grinder pppd[13795]: Received bad configure-ack: > > > Nov 12 15:04:21 grinder pppd[13795]: local IP address 192.168.55.1 > > > Nov 12 15:04:21 grinder pppd[13795]: remote IP address 192.168.55.2 > > There are people on this list who claim to have a 128-bit functioning, > so I'm wondering if they receive the same log messages. I have 128 bit functioning, and don't see those log messages. Your ConfAck is clearly bogus. You've told the remote end you'll only do 40 or 128 bit bit encryption, no compression. It's replied "OK". How are you to know what OK means? -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From allanc at caldera.com Mon Nov 12 16:01:03 2001 From: allanc at caldera.com (Allan Clark) Date: Mon, 12 Nov 2001 17:01:03 -0500 Subject: [pptp-server] Failed CCP on linux-2.4.9/MS VPN 128-bit References: Message-ID: <3BF0469F.C1EACA7@caldera.com> Charlie Brady wrote: > > On Mon, 12 Nov 2001, Allan Clark wrote: > > > I think that's what it's saying: the MSVPN seems to be acknowledging the > > offer from the linux side of mppe 1 0 0 60, but the linux side doesn't > > seem to expect this ack, as indicated by the following log message from > > the full trace: > > It seems to be to be complaining about the syntax of the Ack. As I said, > I suspect that the Ack should restate the agreed upon config. I haven't > checked the RFC, and don't know it in any detail, so I can't say for sure. > > > > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x2 ] > > > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfNak id=0x2 ] > > > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2] > > > > Nov 12 15:04:21 grinder pppd[13795]: Received bad configure-ack: > > > > Nov 12 15:04:21 grinder pppd[13795]: local IP address 192.168.55.1 > > > > Nov 12 15:04:21 grinder pppd[13795]: remote IP address 192.168.55.2 > > > > There are people on this list who claim to have a 128-bit functioning, > > so I'm wondering if they receive the same log messages. > > I have 128 bit functioning, and don't see those log messages. > > Your ConfAck is clearly bogus. You've told the remote end you'll only do > 40 or 128 bit bit encryption, no compression. It's replied "OK". How are > you to know what OK means? I understand your logic, and I agree. The remote side of this, the client that initiated the connection, is a Microsoft DUN VPN, updated with 128-bit security. I can't alter that code, so I assume it's the same client as what connects to your system. Are you accepting connections from Win98 128-bit clients? My connections work fine as 40-bit, but not 128-bit. Can you send me pptpd.conf and ppp/options file? Do they differ from mine? Allan From hvrietsc at yahoo.com Mon Nov 12 22:29:38 2001 From: hvrietsc at yahoo.com (hvrietsc at yahoo.com) Date: Mon, 12 Nov 2001 20:29:38 -0800 Subject: [pptp-server] linux to linux pptp connection In-Reply-To: References: <3BED68B4.E91C61E9@home.com> Message-ID: <20011112202938.A16238@yahoo.com> ok you got me curious, can i do the following with frees/wan: one secure box running frees/wan with one eth to the outside and one eth to the inside. then can i use win-2k and win 98 to connect to freesw/wan? if so what do they use for making the tunnels. for pptp connections i just have them use the build in vpn connector or whatever M$ calls this. so what about ipsec? is this supported by win/2k and win98? On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan Share wrote: > I'd have to agree that FreeS/WAN is probably what you want to go with. I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) Also, you have the bonus that it interoperates with other IPSec implementations (an advantage you don't have with vtund). I set up FreeS/WAN for connectivity to our backside LAN at the colo center (connecting to a Netscreen100 firewall), and since then have been easily able to add in tunnels for my network at home (FreeS/WAN) and to a coworker's Win2k box. > > Plus, I really feel that the experience you gain in setting up a FreeS/WAN tunnel is far more broadly applicable to other IPSec installations than setting up some proprietary tunneling product (such as vtund). > > There's no way I'd ever use PPTP to tunnel two LANs together, if I had a choice. PPTP is for remote access, IMHO. > > Jordan > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry Vonau > Sent: Saturday, November 10, 2001 9:50 AM > To: Tom Eastep > Cc: knollst at tronicplanet.de; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] linux to linux pptp connection > > > Tom: > > Just figured out vtund, I'm testing it now. > Have you played with it? Seems stable. > > Jerry Vonau > > Tom Eastep wrote: > > > > On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: > > > > > The fix is to have a reliable isp and hope their upstream is reliable. > > > > > > > Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've found > > FreeS/Wan to be more reliable than PPTP. > > > > -Tom > > -- > > Tom Eastep \ teastep at shorewall.net > > AIM: tmeastep \ http://www.shorewall.net > > ICQ: #60745924 \_________________________ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From greg at earth.gmconsult.com Tue Nov 13 00:33:09 2001 From: greg at earth.gmconsult.com (greg) Date: Mon, 12 Nov 2001 22:33:09 -0800 (PST) Subject: [pptp-server] poptop compression Message-ID: I get the error "compression disabled by peer". After much research I'm unable fix the problem. The bsd_comp and ppp_deflate modules are inserted. Does anyone know the procedure to enable software compression. I'm using RedHat 6.2 with 2.2.19 kernel and ppp-2.3.11-4 Many Thanks, Greg George From simon_yuen at fujitsu.com.hk Tue Nov 13 03:14:56 2001 From: simon_yuen at fujitsu.com.hk (Simon Yuen) Date: Tue, 13 Nov 2001 17:14:56 +0800 Subject: [pptp-server] poptop server with encryption References: Message-ID: <011901c16c23$a9f73450$2a4210ac@ShenZhen> Is it possible to install "the pptp with encryption" without compile the Linux Kernel? I got some problems during "make menuconfig". I use the default configuration and then "make dep clean bzImage modules modules_Install" Next, put the bzImage to /boot and changed the lilo.conf image = /boot/bzImage label = Linux root = /dev/hda1 and execute the command "lilo -v". However, when I restart the linux, I can't mount the floppy driver and can't activate the eth0(Network card). I am using RedHat 7.2 with Kernel 2.4.7 I follow the instruction in "Setting up PPTPD on Linux Kernel 2.4 HOWTO". From Steve at SteveCowles.com Tue Nov 13 07:08:36 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 13 Nov 2001 07:08:36 -0600 Subject: [pptp-server] linux to linux pptp connection Message-ID: <90769AF04F76D41186C700A0C90AFC3EE905@defiant.infohiiway.com> > -----Original Message----- > From: hvrietsc at yahoo.com [mailto:hvrietsc at yahoo.com] > Sent: Monday, November 12, 2001 10:30 PM > Subject: Re: [pptp-server] linux to linux pptp connection > > > ok you got me curious, can i do the following with frees/wan: > > one secure box running frees/wan with one eth to the outside > and one eth to the inside. Yes!! > > then can i use win-2k and win 98 to connect to freesw/wan? W2K = yes (out of the box) Win9x = $$$$$ > if so what do they use for making the tunnels. for pptp > connections i just have them use the build in vpn connector > or whatever M$ calls this. so what about ipsec? is this > supported by win/2k and win98? For W2K: Although a pain in the ass to configure, (way to many dialog boxes) W2K supports IPSEC out of the box. Checkout the following website if your interested in configuring W2K for ipsec. http://jixen.tripod.com For Win9x: Somebody correct me if I'm wrong here, but I'm not aware of any "free" ipsec package for Win9x clients. So you will probably have to purchase a 3rd party ipsec package for your Win9x clients. Steve Cowles From charlieb at e-smith.com Tue Nov 13 08:43:37 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 13 Nov 2001 09:43:37 -0500 (EST) Subject: [pptp-server] poptop compression In-Reply-To: Message-ID: On Mon, 12 Nov 2001, greg wrote: > I get the error "compression disabled by peer". > After much research I'm unable fix the problem. > The bsd_comp and ppp_deflate modules are inserted. > > Does anyone know the procedure to enable software > compression. There isn't one. The only compression supported by the MPPE protocol uses a proprietary algorithm which needs to be licensed. You won't be seeing it supported by (a publicly available) PPP daemon any time soon. [The compression isn't handled by PoPToP itself, so it's the PPP daemon which is relevant. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From sjbotha at base.za.net Tue Nov 13 09:07:57 2001 From: sjbotha at base.za.net (Sarel Botha) Date: Tue, 13 Nov 2001 10:07:57 -0500 Subject: [pptp-server] poptop server with encryption In-Reply-To: <011901c16c23$a9f73450$2a4210ac@ShenZhen> Message-ID: You need to find out what module you need for your network card. Make sure support for a floppy drive is compiled in. Sarel -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Simon Yuen Sent: Tuesday, November 13, 2001 4:15 AM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] poptop server with encryption Is it possible to install "the pptp with encryption" without compile the Linux Kernel? I got some problems during "make menuconfig". I use the default configuration and then "make dep clean bzImage modules modules_Install" Next, put the bzImage to /boot and changed the lilo.conf image = /boot/bzImage label = Linux root = /dev/hda1 and execute the command "lilo -v". However, when I restart the linux, I can't mount the floppy driver and can't activate the eth0(Network card). I am using RedHat 7.2 with Kernel 2.4.7 I follow the instruction in "Setting up PPTPD on Linux Kernel 2.4 HOWTO". _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From hvrietsc at yahoo.com Tue Nov 13 10:35:19 2001 From: hvrietsc at yahoo.com (HVR) Date: Tue, 13 Nov 2001 08:35:19 -0800 Subject: [pptp-server] poptop server with encryption References: <011901c16c23$a9f73450$2a4210ac@ShenZhen> Message-ID: <3BF14BC7.6080205@yahoo.com> yes you only need to rebuild the mppe-40 and 128 modules not the whole kernel. well maybe build it but you do not need to replace it all you need is the new modules and install them at the right place. Simon Yuen wrote: >Is it possible to install "the pptp with encryption" without compile the >Linux Kernel? >I got some problems during "make menuconfig". >I use the default configuration and then "make dep clean bzImage modules >modules_Install" >Next, put the bzImage to /boot and changed the lilo.conf > > image = /boot/bzImage > label = Linux > root = /dev/hda1 > >and execute the command "lilo -v". >However, when I restart the linux, I can't mount the floppy driver and can't >activate the eth0(Network card). > >I am using RedHat 7.2 with Kernel 2.4.7 >I follow the instruction in "Setting up PPTPD on Linux Kernel 2.4 HOWTO". > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- > From charlieb at e-smith.com Tue Nov 13 10:51:37 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 13 Nov 2001 11:51:37 -0500 (EST) Subject: [pptp-server] poptop server with encryption In-Reply-To: <3BF14BC7.6080205@yahoo.com> Message-ID: On Tue, 13 Nov 2001, HVR wrote: > yes you only need to rebuild the mppe-40 and 128 modules not the whole > kernel. You also need a new ppp module. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From allanc at caldera.com Tue Nov 13 11:08:42 2001 From: allanc at caldera.com (Allan Clark) Date: Tue, 13 Nov 2001 12:08:42 -0500 Subject: [pptp-server] poptop server with encryption References: Message-ID: <3BF1539A.B960FABB@caldera.com> Isn't this a FAQ? 1) you need to rebuild your ppp_mppe.o module (kernel link kit with a patch or seventeen) 2) you need the newer ppp-2.4.1 with the Where's the FAQ for this ? Allan Charlie Brady wrote: > > On Tue, 13 Nov 2001, HVR wrote: > > > yes you only need to rebuild the mppe-40 and 128 modules not the whole > > kernel. > > You also need a new ppp module. > > -- > > Charlie Brady charlieb at e-smith.com > Lead Product Developer > Network Server Solutions Group http://www.e-smith.com/ > Mitel Networks Corporation http://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Tue Nov 13 11:12:15 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 13 Nov 2001 12:12:15 -0500 (EST) Subject: [pptp-server] poptop server with encryption In-Reply-To: <3BF1539A.B960FABB@caldera.com> Message-ID: On Tue, 13 Nov 2001, Allan Clark wrote: > Isn't this a FAQ? > > 1) you need to rebuild your ppp_mppe.o module > (kernel link kit with a patch or seventeen) You also need to rebuild ppp.o. > 2) you need the newer ppp-2.4.1 with the AFAIK, ppp 2.3.11 and 2.4.0 can also work (with kernels 2.2.x at least, I don't know about 2.3.11 with 2.4.x kernels). > Where's the FAQ for this ? I don't know. Google is your friend. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From iso9 at phantasticant.com Tue Nov 13 13:16:14 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Tue, 13 Nov 2001 11:16:14 -0800 Subject: [pptp-server] linux to linux pptp connection In-Reply-To: <20011112202938.A16238@yahoo.com> Message-ID: For remote access, it's probably easier to get PPTP "dialin" working. Freeswan does not support "remote" IPs in the same way. You do not lease an IP address on the local network, you just encrypt the traffic to and from a given IP/Netmask. This makes "roadwarrior" dialins a bit tricky. If you have a static IP on the Win2k box, then it's very easy to set up the IPSec tunneling. (Well, not easy, perhaps, but doable). If you want to connect roaming dialin users, then you need to jump through some hoops, or just use PGPNet, or some other IPSec client software to manage things. The original post I was replying to was talking about using PPTP to connect two LANs together. Which is something that I think is much better done with IPSec. Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of hvrietsc at yahoo.com Sent: Monday, November 12, 2001 8:30 PM To: Jordan Share Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux to linux pptp connection ok you got me curious, can i do the following with frees/wan: one secure box running frees/wan with one eth to the outside and one eth to the inside. then can i use win-2k and win 98 to connect to freesw/wan? if so what do they use for making the tunnels. for pptp connections i just have them use the build in vpn connector or whatever M$ calls this. so what about ipsec? is this supported by win/2k and win98? On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan Share wrote: > I'd have to agree that FreeS/WAN is probably what you want to go with. I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) Also, you have the bonus that it interoperates with other IPSec implementations (an advantage you don't have with vtund). I set up FreeS/WAN for connectivity to our backside LAN at the colo center (connecting to a Netscreen100 firewall), and since then have been easily able to add in tunnels for my network at home (FreeS/WAN) and to a coworker's Win2k box. > > Plus, I really feel that the experience you gain in setting up a FreeS/WAN tunnel is far more broadly applicable to other IPSec installations than setting up some proprietary tunneling product (such as vtund). > > There's no way I'd ever use PPTP to tunnel two LANs together, if I had a choice. PPTP is for remote access, IMHO. > > Jordan > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry Vonau > Sent: Saturday, November 10, 2001 9:50 AM > To: Tom Eastep > Cc: knollst at tronicplanet.de; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] linux to linux pptp connection > > > Tom: > > Just figured out vtund, I'm testing it now. > Have you played with it? Seems stable. > > Jerry Vonau > > Tom Eastep wrote: > > > > On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: > > > > > The fix is to have a reliable isp and hope their upstream is reliable. > > > > > > > Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've found > > FreeS/Wan to be more reliable than PPTP. > > > > -Tom > > -- > > Tom Eastep \ teastep at shorewall.net > > AIM: tmeastep \ http://www.shorewall.net > > ICQ: #60745924 \_________________________ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From hvrietsc at yahoo.com Tue Nov 13 13:55:13 2001 From: hvrietsc at yahoo.com (HVR) Date: Tue, 13 Nov 2001 11:55:13 -0800 Subject: [pptp-server] linux to linux pptp connection References: Message-ID: <3BF17AA1.1050703@yahoo.com> Jordan Share wrote: >For remote access, it's probably easier to get PPTP "dialin" working. Freeswan does not support "remote" IPs in the same way. You do not lease an IP address on the local network, you just encrypt the traffic to and from a given IP/Netmask. This makes "roadwarrior" dialins a bit tricky. If you have a static IP on the Win2k box, then it's very easy to set up the IPSec tunneling. (Well, not easy, perhaps, but doable). If you want to connect roaming dialin users, then you need to jump through some hoops, or just use PGPNet, or some other IPSec client software to manage things. > >The original post I was replying to was talking about using PPTP to connect two LANs together. Which is something that I think is much better done with IPSec. > >Jordan > By problem is currently that i have multiple clients behind a linux box doing NAT/masquerading. so when the clients get to the pptp server they all seem to have the same ip address and hence pptp will only create one tunnel per ip and ALL clients will go thru this, which creates a big mess! i was hoping that we can either change pptp to allow mutliple tunnels per ip-pair or that i can use FreeS/wan somehow. The clients are a mix of win/2k/98 they connect to the linux box which will serve them an ip address via dhcp, and then the box will NAT all their packets which are then forwarded to the pptp server. and that is where i get into problems... i can explain why i am doing all this in case you are interested. > >-----Original Message----- >From: pptp-server-admin at lists.schulte.org >[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of >hvrietsc at yahoo.com >Sent: Monday, November 12, 2001 8:30 PM >To: Jordan Share >Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; >pptp-server at lists.schulte.org >Subject: Re: [pptp-server] linux to linux pptp connection > > >ok you got me curious, can i do the following with frees/wan: > >one secure box running frees/wan with one eth to the outside and one eth >to the inside. > >then can i use win-2k and win 98 to connect to freesw/wan? if so what >do they use for making the tunnels. for pptp connections i just have them use the build >in vpn connector or whatever M$ calls this. so what about ipsec? is this supported >by win/2k and win98? > >On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan Share wrote: > >>I'd have to agree that FreeS/WAN is probably what you want to go with. I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) Also, you have the bonus that it interoperates with other IPSec implementations (an advantage you don't have with vtund). I set up FreeS/WAN for connectivity to our backside LAN at the colo center (connecting to a Netscreen100 firewall), and since then have been easily able to add in tunnels for my network at home (FreeS/WAN) and to a coworker's Win2k box. >> >>Plus, I really feel that the experience you gain in setting up a FreeS/WAN tunnel is far more broadly applicable to other IPSec installations than setting up some proprietary tunneling product (such as vtund). >> >>There's no way I'd ever use PPTP to tunnel two LANs together, if I had a choice. PPTP is for remote access, IMHO. >> >>Jordan >> >>-----Original Message----- >>From: pptp-server-admin at lists.schulte.org >>[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry Vonau >>Sent: Saturday, November 10, 2001 9:50 AM >>To: Tom Eastep >>Cc: knollst at tronicplanet.de; pptp-server at lists.schulte.org >>Subject: Re: [pptp-server] linux to linux pptp connection >> >> >>Tom: >> >>Just figured out vtund, I'm testing it now. >>Have you played with it? Seems stable. >> >>Jerry Vonau >> >>Tom Eastep wrote: >> >>>On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: >>> >>>>The fix is to have a reliable isp and hope their upstream is reliable. >>>> >>>Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've found >>>FreeS/Wan to be more reliable than PPTP. >>> >>>-Tom >>>-- >>>Tom Eastep \ teastep at shorewall.net >>>AIM: tmeastep \ http://www.shorewall.net >>>ICQ: #60745924 \_________________________ >>> >>_______________________________________________ >>pptp-server maillist - pptp-server at lists.schulte.org >>http://lists.schulte.org/mailman/listinfo/pptp-server >>--- To unsubscribe, go to the url just above this line. -- >> >>_______________________________________________ >>pptp-server maillist - pptp-server at lists.schulte.org >>http://lists.schulte.org/mailman/listinfo/pptp-server >>--- To unsubscribe, go to the url just above this line. -- >> >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- > -------------- next part -------------- An HTML attachment was scrubbed... URL: From shughes at arn.net Tue Nov 13 21:42:32 2001 From: shughes at arn.net (Shawn Hughes) Date: Tue, 13 Nov 2001 19:42:32 -0800 Subject: [pptp-server] Logging on Problems Message-ID: <001901c16cbe$64730490$0204a8c0@shawn> I have installed poptop and I'm getting connected over the lan. The problem that I'm having is when I try to connect over the internet using the VPN on a win98 computer. It will say "Verifying username and password..." then I get the error 650. While the win98 computer is trying I typed the following command on the Linux. netstat --inet -a -n -p | grep 1723 The response is: tcp 0 0 192.168.4.10:1723 209.40.144.225:1190 ESTABLISHED Then when I get the error 650 on the win98, the Linux no longer shows established. -------------- next part -------------- An HTML attachment was scrubbed... URL: From iso9 at phantasticant.com Tue Nov 13 20:08:15 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Tue, 13 Nov 2001 18:08:15 -0800 Subject: [pptp-server] linux to linux pptp connection In-Reply-To: <3BF17AA1.1050703@yahoo.com> Message-ID: Ok, yes. If you have a Linux-to-Linux connection, then I think you'd be better off getting IPSec working, and a tunnel set up between your two subnets. Do you have a static IP on both ends? That is really helpful, but I don't think it's needed (although I can't say for sure, since I do have a static IP on both ends). You have to make sure that the subnets that you are using are distinct. For example, at work we are using the 10.1.1.0/24 subnet, which I have connected to my network at home (192.168.0.0/24). That way, a route can be set up (FreeS/WAN does this automatically at each end) for the destination subnet, after the IPSec tunnel comes up. You end up with something like this: LAN1 - 10.1.1.0/24 | 10.1.1.1 -- eth0 on linuxbox1 | linuxbox1 | a.b.c.d -- eth1 on linuxbox1 | Internet | w.x.y.z -- eth1 on linuxbox2 | linuxbox2 | 192.168.0.1 | LAN2 - 192.168.0.0/24 Then machines on my LAN at home send their packets to linuxbox2, which encrypts and tunnels them to linuxbox1, which decrypts and sends them on to the machines on LAN1. This kind of thing is really easy to set up with FreeS/WAN. If you need to do windows browsing and whatnot, then you'd need to fool around with a WINS server for your network neighborhood to connect properly (Samba is working fine for us in this respect, although you probably are already using a WINS server if you have a windows domain). Jordan ----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of HVR Sent: Tuesday, November 13, 2001 11:55 AM To: Jordan Share Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux to linux pptp connection Jordan Share wrote: For remote access, it's probably easier to get PPTP "dialin" working. Freeswan does not support "remote" IPs in the same way. You do not lease an IP address on the local network, you just encrypt the traffic to and from a given IP/Netmask. This makes "roadwarrior" dialins a bit tricky. If you have a static IP on the Win2k box, then it's very easy to set up the IPSec tunneling. (Well, not easy, perhaps, but doable). If you want to connect roaming dialin users, then you need to jump through some hoops, or just use PGPNet, or some other IPSec client software to manage things.The original post I was replying to was talking about using PPTP to connect two LANs together. Which is something that I think is much better done with IPSec.Jordan By problem is currently that i have multiple clients behind a linux box doing NAT/masquerading. so when the clients get to the pptp server they all seem to have the same ip address and hence pptp will only create one tunnel per ip and ALL clients will go thru this, which creates a big mess! i was hoping that we can either change pptp to allow mutliple tunnels per ip-pair or that i can use FreeS/wan somehow. The clients are a mix of win/2k/98 they connect to the linux box which will serve them an ip address via dhcp, and then the box will NAT all their packets which are then forwarded to the pptp server. and that is where i get into problems... i can explain why i am doing all this in case you are interested. -----Original Message-----From: pptp-server-admin at lists.schulte.org[mailto:pptp-server-admin at lists.schulte.org]On Behalf Ofhvrietsc at yahoo.comSent: Monday, November 12, 2001 8:30 PMTo: Jordan ShareCc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de;pptp-server at lists.schulte.orgSubject: Re: [pptp-server] linux to linux pptp connectionok you got me curious, can i do the following with frees/wan:one secure box running frees/wan with one eth to the outside and one ethto the inside.then can i use win-2k and win 98 to connect to freesw/wan? if so whatdo they use for making the tunnels. for pptp connections i just have them use the build in vpn connector or whatever M$ calls this. so what about ipsec? is this supportedby win/2k and win98?On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan Share wrote: I'd have to agree that FreeS/WAN is probably what you want to go with. I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) Also, you have the bonus that it interoperates with other IPSec implementations (an advantage you don't have with vtund). I set up FreeS/WAN for connectivity to our backside LAN at the colo center (connecting to a Netscreen100 firewall), and since then have been easily able to add in tunnels for my network at home (FreeS/WAN) and to a coworker's Win2k box.Plus, I really feel that the experience you gain in setting up a FreeS/WAN tunnel is far more broadly applicable to other IPSec installations than setting up some proprietary tunneling product (such as vtund).There's no way I'd ever use PPTP to tunnel two LANs together, if I had a choice. PPTP is for remote access, IMHO.Jordan-----Original Message-----From: pptp-server-admin at lists.schulte.org[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry VonauSent: Saturday, November 10, 2001 9:50 AMTo: Tom EastepCc: knollst at tronicplanet.de; pptp-server at lists.schulte.orgSubject: Re: [pptp-server] linux to linux pptp connectionTom:Just figured out vtund, I'm testing it now.Have you played with it? Seems stable.Jerry VonauTom Eastep wrote: On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: The fix is to have a reliable isp and hope their upstream is reliable. Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've foundFreeS/Wan to be more reliable than PPTP.-Tom--Tom Eastep \ teastep at shorewall.netAIM: tmeastep \ http://www.shorewall.netICQ: #60745924 \_________________________ _______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. --_______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. -- _______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From berzerke at swbell.net Tue Nov 13 21:20:44 2001 From: berzerke at swbell.net (robert) Date: Tue, 13 Nov 2001 21:20:44 -0600 Subject: [pptp-server] poptop server with encryption In-Reply-To: <011901c16c23$a9f73450$2a4210ac@ShenZhen> References: <011901c16c23$a9f73450$2a4210ac@ShenZhen> Message-ID: <0GMR00MMJT8YWF@mta5.rcsntx.swbell.net> Until you correct the problems with make menuconfig, you're looking at trouble down the road. It appears that perhaps the problems stopped you from configuring your kernel to support your floppy and network card. What were the problems? On Tuesday 13 November 2001 03:14 am, Simon Yuen wrote: > Is it possible to install "the pptp with encryption" without compile the > Linux Kernel? > I got some problems during "make menuconfig". > I use the default configuration and then "make dep clean bzImage modules > modules_Install" > Next, put the bzImage to /boot and changed the lilo.conf > > image = /boot/bzImage > label = Linux > root = /dev/hda1 > > and execute the command "lilo -v". > However, when I restart the linux, I can't mount the floppy driver and > can't activate the eth0(Network card). > > I am using RedHat 7.2 with Kernel 2.4.7 > I follow the instruction in "Setting up PPTPD on Linux Kernel 2.4 HOWTO". > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From jvonau at home.com Tue Nov 13 22:38:57 2001 From: jvonau at home.com (Jerry Vonau) Date: Tue, 13 Nov 2001 22:38:57 -0600 Subject: [pptp-server] linux to linux pptp connection References: <3BF17AA1.1050703@yahoo.com> Message-ID: <3BF1F561.FAF3F4C9@home.com> Hey All: Just playing around, Guess what, I got the 128-bit mppe to run with vtund in tty mode. Actually I forgot to # them out when playing. It will take all the pppd options as is, including mppe. I'm routing LAN to LAN, I didn't have to change the ip-up.local at all. Yes I was doing that with pptp before. You can still run dial up clients with pptp. Total time about 30 mins for both machines. Anybody have any thoughts? Jerry Vonau HVR wrote: > > Jordan Share wrote: > > > For remote access, it's probably easier to get PPTP "dialin" working. > > Freeswan does not support "remote" IPs in the same way. You do not lease an > > IP address on the local network, you just encrypt the traffic to and from a > > given IP/Netmask. This makes "roadwarrior" dialins a bit tricky. If you > > have a static IP on the Win2k box, then it's very easy to set up the IPSec > > tunneling. (Well, not easy, perhaps, but doable). If you want to connect > > roaming dialin users, then you need to jump through some hoops, or just use > > PGPNet, or some other IPSec client software to manage things. > > The original post I was replying to was talking about using PPTP to connect > > two LANs together. Which is something that I think is much better done with > > IPSec. > > Jordan > > > > By problem is currently that i have multiple clients behind a linux box doing > NAT/masquerading. so when the clients get to the pptp server they all seem to > have the same ip address and hence pptp will only create one tunnel per ip and > ALL clients will go thru this, which creates a big mess! i was hoping that we > can either change pptp to allow mutliple tunnels per ip-pair or that i can use > FreeS/wan somehow. > > The clients are a mix of win/2k/98 they connect to the linux box which will > serve them an ip address via dhcp, and then the box will NAT all their packets > which are then forwarded to the pptp server. and that is where i get into > problems... > > i can explain why i am doing all this in case you are interested. > > > -----Original Message----- > > From: pptp-server-admin at lists.schulte.org > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > > hvrietsc at yahoo.com > > Sent: Monday, November 12, 2001 8:30 PM > > To: Jordan Share > > Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; > > pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] linux to linux pptp connection > > ok you got me curious, can i do the following with frees/wan: > > one secure box running frees/wan with one eth to the outside and one eth > > to the inside. > > then can i > > use win-2k and win 98 to connect to freesw/wan? if so what > > do they use for making the tunnels. for pptp connections i just have them > > use the build > > in vpn connector or whatever M$ calls this. so what about ipsec? is this > > supported > > by win/2k and win98? > > On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan Share wrote: > > > >> I'd have to agree that FreeS/WAN is probably what you want to go with. > >> I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) > >> Also, you have the bonus that it interoperates with other IPSec > >> implementations (an advantage you don't have with vtund). I set up > >> FreeS/WAN for connectivity to our backside LAN at the colo center > >> (connecting to a Netscreen100 firewall), and since then have been easily > >> able to add in tunnels for my network at home (FreeS/WAN) and to a > >> coworker's Win2k box. > >> Plus, I really feel that the experience you gain in setting up a FreeS/WAN > >> tunnel is far more broadly applicable to other IPSec installations than > >> setting up some proprietary tunneling product (such as vtund). > >> There's no way I'd ever use PPTP to tunnel two LANs together, if I had a > >> choice. PPTP is for remote access, IMHO. > >> Jordan > >> -----Original Message----- > >> From: pptp-server-admin at lists.schulte.org > >> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry Vonau > >> Sent: Saturday, November 10, 2001 9:50 AM > >> To: Tom Eastep > >> Cc: knollst at tronicplanet.de; pptp-server at lists.schulte.org > >> Subject: Re: [pptp-server] linux to linux pptp connection > >> Tom: > >> Just figured out vtund, I'm testing it now. > >> Have you played with it? Seems stable. > >> Jerry Vonau > >> Tom Eastep wrote: > >> > >> > On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: > >> > > >> >> The fix is to have a reliable isp and hope their upstream is reliable. > >> >> > >> > Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've found > >> > FreeS/Wan to be more reliable than PPTP. > >> > -Tom > >> > -- > >> > Tom Eastep \ teastep at shorewall.net > >> > AIM: tmeastep \ http://www.shorewall.net > >> > ICQ: #60745924 \_________________________ > >> > > >> _______________________________________________ > >> pptp-server maillist - pptp-server at lists.schulte.org > >> http://lists.schulte.org/mailman/listinfo/pptp-server > >> --- To unsubscribe, go to the url just above this line. -- > >> _______________________________________________ > >> pptp-server maillist - pptp-server at lists.schulte.org > >> http://lists.schulte.org/mailman/listinfo/pptp-server > >> --- To unsubscribe, go to the url just above this line. -- > >> > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > From shughes at arn.net Wed Nov 14 09:52:43 2001 From: shughes at arn.net (Shawn Hughes) Date: Wed, 14 Nov 2001 07:52:43 -0800 Subject: [pptp-server] Poptop Behind an OfficeConnect Lan ISDN Lan Modem Message-ID: <003c01c16d24$693f2240$0204a8c0@shawn> I have installed poptop and I'm getting connected over the lan and over a dialup connection with the Linux running poptop. The problem I'm having is when I connect the Linux through eth0 to the Lan Modem thats connected to the internet. Linux---192.168.4.10--->Lan Modem---192.168.4.1--->****Internet***** Then I try to connect over the internet using the VPN on a win98SE computer. It will say "Verifying username and password..." then I get the error 650. While the win98 computer is trying I typed the following command on the Linux running poptop. netstat --inet -a -n -p | grep 1723 The response is: tcp 0 0 192.168.4.10:1723 209.40.144.225:1190 ESTABLISHED Then when I get the error 650 on the win98, the Linux no longer shows established. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at saers.com Wed Nov 14 08:35:23 2001 From: alex at saers.com (ACEAlex) Date: Wed, 14 Nov 2001 15:35:23 +0100 Subject: [pptp-server] linux to linux pptp connection References: Message-ID: <00a301c16d19$9802e0e0$e4d22fc2@acealex> Hello Iwe been watching this newsgroup for some time. I want to be able to set up a secure network over the internet so that i can run samba, or other insecure protocolls without worring about security.. Because the clients where win2k or other ms boxes i thought that vpn would be the easiest way. So i started to set it up using pptp. But i ran into some problems. First of all. You need to patch the kernel and all the patches that i found are for 2.4.4, im using 2.4.14 right now :(.. So there seams to be another way with ipsec or pgp net. But ipsec wont give me a new device in windows? And what about the software on linux, where do i find that. The same question about pgpnet. Thanx in advance /Alexander ----- Original Message ----- From: "Jordan Share" To: Cc: "Jerry Vonau" ; "Tom Eastep" ; ; Sent: Tuesday, November 13, 2001 8:16 PM Subject: RE: [pptp-server] linux to linux pptp connection > For remote access, it's probably easier to get PPTP "dialin" working. Freeswan does not support "remote" IPs in the same way. You do not lease an IP address on the local network, you just encrypt the traffic to and from a given IP/Netmask. This makes "roadwarrior" dialins a bit tricky. If you have a static IP on the Win2k box, then it's very easy to set up the IPSec tunneling. (Well, not easy, perhaps, but doable). If you want to connect roaming dialin users, then you need to jump through some hoops, or just use PGPNet, or some other IPSec client software to manage things. > > The original post I was replying to was talking about using PPTP to connect two LANs together. Which is something that I think is much better done with IPSec. > > Jordan > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > hvrietsc at yahoo.com > Sent: Monday, November 12, 2001 8:30 PM > To: Jordan Share > Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; > pptp-server at lists.schulte.org > Subject: Re: [pptp-server] linux to linux pptp connection > > > ok you got me curious, can i do the following with frees/wan: > > one secure box running frees/wan with one eth to the outside and one eth > to the inside. > > then can i use win-2k and win 98 to connect to freesw/wan? if so what > do they use for making the tunnels. for pptp connections i just have them use the build > in vpn connector or whatever M$ calls this. so what about ipsec? is this supported > by win/2k and win98? > > On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan Share wrote: > > I'd have to agree that FreeS/WAN is probably what you want to go with. I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) Also, you have the bonus that it interoperates with other IPSec implementations (an advantage you don't have with vtund). I set up FreeS/WAN for connectivity to our backside LAN at the colo center (connecting to a Netscreen100 firewall), and since then have been easily able to add in tunnels for my network at home (FreeS/WAN) and to a coworker's Win2k box. > > > > Plus, I really feel that the experience you gain in setting up a FreeS/WAN tunnel is far more broadly applicable to other IPSec installations than setting up some proprietary tunneling product (such as vtund). > > > > There's no way I'd ever use PPTP to tunnel two LANs together, if I had a choice. PPTP is for remote access, IMHO. > > > > Jordan > > > > -----Original Message----- > > From: pptp-server-admin at lists.schulte.org > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry Vonau > > Sent: Saturday, November 10, 2001 9:50 AM > > To: Tom Eastep > > Cc: knollst at tronicplanet.de; pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] linux to linux pptp connection > > > > > > Tom: > > > > Just figured out vtund, I'm testing it now. > > Have you played with it? Seems stable. > > > > Jerry Vonau > > > > Tom Eastep wrote: > > > > > > On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: > > > > > > > The fix is to have a reliable isp and hope their upstream is reliable. > > > > > > > > > > Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've found > > > FreeS/Wan to be more reliable than PPTP. > > > > > > -Tom > > > -- > > > Tom Eastep \ teastep at shorewall.net > > > AIM: tmeastep \ http://www.shorewall.net > > > ICQ: #60745924 \_________________________ > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From vlast at indivisuallearning.com Wed Nov 14 08:27:40 2001 From: vlast at indivisuallearning.com (Vladimir Strezhnev) Date: Wed, 14 Nov 2001 08:27:40 -0600 Subject: [pptp-server] linux to linux pptp connection In-Reply-To: <00a301c16d19$9802e0e0$e4d22fc2@acealex> References: <00a301c16d19$9802e0e0$e4d22fc2@acealex> Message-ID: <200111141427.fAEERfH07569@vlad.comstock.eaglebear.net> Don't just look at the label, try the patch! It applies seamlessly to 2.4.14 On Wednesday 14 November 2001 08:35, you wrote: > Hello > First of all. You need to patch the kernel and all the patches that i found > are for 2.4.4, im using 2.4.14 right now :(.. From hvrietsc at yahoo.com Wed Nov 14 11:34:09 2001 From: hvrietsc at yahoo.com (HVR) Date: Wed, 14 Nov 2001 09:34:09 -0800 Subject: [pptp-server] linux to linux pptp connection References: Message-ID: <3BF2AB11.1020203@yahoo.com> i think we are on to something, but let me explain my setup: we have several win/2k and win98 laptops, they all have a orinico wireless card, via this wireless card they connect to the lucent basestation, this lucent basestation is plugged into eth0 of a linux box firewall. the linux box does dhcp so all the laptops get a 10.1.1.0/24 ip address it then does MASQ/NAT and send each packet coming in on eth0, out on eth1 which is connected to our LAN. However it will ONLY forward packets going out on eth1 which are going to the linux box running pptpd. pptpd box then authenticates and assigns ip to the tunnels in the 192.168.1.0/24 range and then NAT/MASQ the packets coming from within the tunnel out into the LAN. doing this forces all over the air traffic (between laptop client and the basestation) to be pptp encrypted (since only packets going to the pptp server are forwarded, and these are encrypted). now the problem i have is that when multiple laptop clients are NATed via the linux box firewall then pptp will only set up one tunnel for all of them: quite messy! picture(?): laptop-W2k/w98 | lucent basestation | eth0 on linux firewall DHCP to laptop NAT to eth1 firewall rule: only packets going to pptp box are let thru eth1 | (this is our LAN) | pptp box authenticate NAT but only if from a pptp tunnel | internal LAN With frees/wan i would like to be able to setup IPsec from each laptop, NAT them all via the firewall and have the pptp server (now just running ipsec) be the receiving side. so i need some fancy setup and i need ipsec support for win/2k and win/98 Any comments greatly appreciated. Jordan Share wrote: > Ok, yes. If you have a Linux-to-Linux connection, then I think you'd > be better off getting IPSec working, and a tunnel set up between your > two subnets. > > > Do you have a static IP on both ends? That is really helpful, but I > don't think it's needed (although I can't say for sure, since I do > have a static IP on both ends). > > > > You have to make sure that the subnets that you are using are > distinct. For example, at work we are using the 10.1.1.0/24 subnet, > which I have connected to my network at home (192.168.0.0/24). That > way, a route can be set up (FreeS/WAN does this automatically at each > end) for the destination subnet, after the IPSec tunnel comes up. > > > > You end up with something like this: > > > > LAN1 - 10.1.1.0/24 > > | > > 10.1.1.1 -- eth0 on linuxbox1 > > | > > linuxbox1 > > | > > a.b.c.d -- eth1 on linuxbox1 > > | > > Internet > > | > > w.x.y.z -- eth1 on linuxbox2 > > | > > linuxbox2 > > | > > 192.168.0.1 > > | > > LAN2 - 192.168.0.0/24 > > > > Then machines on my LAN at home send their packets to linuxbox2, which > encrypts and tunnels them to linuxbox1, which decrypts and sends them > on to the machines on LAN1. > > > > This kind of thing is really easy to set up with FreeS/WAN. If you > need to do windows browsing and whatnot, then you'd need to fool > around with a WINS server for your network neighborhood to connect > properly (Samba is working fine for us in this respect, although you > probably are already using a WINS server if you have a windows domain). > > > > Jordan > > > > ----Original Message----- > *From:* pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]* On Behalf Of *HVR > *Sent:* Tuesday, November 13, 2001 11:55 AM > *To:* Jordan Share > *Cc:* Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; > pptp-server at lists.schulte.org > *Subject:* Re: [pptp-server] linux to linux pptp connection > > > > Jordan Share wrote: > >>For remote access, it's probably easier to get PPTP "dialin" working. Freeswan does not support "remote" IPs in the same way. You do not lease an IP address on the local network, you just encrypt the traffic to and from a given IP/Netmask. This makes "roadwarrior" dialins a bit tricky. If you have a static IP on the Win2k box, then it's very easy to set up the IPSec tunneling. (Well, not easy, perhaps, but doable). If you want to connect roaming dialin users, then you need to jump through some hoops, or just use PGPNet, or some other IPSec client software to manage things. >> >>The original post I was replying to was talking about using PPTP to connect two LANs together. Which is something that I think is much better done with IPSec. >> >>Jordan >> > > By problem is currently that i have multiple clients behind a > linux box doing NAT/masquerading. so when the clients get to the > pptp server they all seem to have the same ip address and hence > pptp will only create one tunnel per ip and ALL clients will go > thru this, which creates a big mess! i was hoping that we can > either change pptp to allow mutliple tunnels per ip-pair or that i > can use FreeS/wan somehow. > > The clients are a mix of win/2k/98 they connect to the linux box > which will serve them an ip address via dhcp, and then the box > will NAT all their packets which are then forwarded to the pptp > server. and that is where i get into problems... > > i can explain why i am doing all this in case you are interested. > >> >>-----Original Message----- >>From: pptp-server-admin at lists.schulte.org >>[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of >>hvrietsc at yahoo.com >>Sent: Monday, November 12, 2001 8:30 PM >>To: Jordan Share >>Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de ; >>pptp-server at lists.schulte.org >>Subject: Re: [pptp-server] linux to linux pptp connection >> >> >>ok you got me curious, can i do the following with frees/wan: >> >>one secure box running frees/wan with one eth to the outside and one eth >>to the inside. >> >>then can i >>use win-2k and win 98 to connect to freesw/wan? if so what >>do they use for making the tunnels. for pptp connections i just have them use the build >>in vpn connector or whatever M$ calls this. so what about ipsec? is this supported >>by win/2k and win98? >> >>On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan Share wrote: >> >>>I'd have to agree that FreeS/WAN is probably what you want to go with. I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) Also, you have the bonus that it interoperates with other IPSec implementations (an advantage you don't have with vtund). I set up FreeS/WAN for connectivity to our backside LAN at the colo center (connecting to a Netscreen100 firewall), and since then have been easily able to add in tunnels for my network at home (FreeS/WAN) and to a coworker's Win2k box. >>> >>>Plus, I really feel that the experience you gain in setting up a FreeS/WAN tunnel is far more broadly applicable to other IPSec installations than setting up some proprietary tunneling product (such as vtund). >>> >>>There's no way I'd ever use PPTP to tunnel two LANs together, if I had a choice. PPTP is for remote access, IMHO. >>> >>>Jordan >>> >>>-----Original Message----- >>>From: pptp-server-admin at lists.schulte.org >>>[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry Vonau >>>Sent: Saturday, November 10, 2001 9:50 AM >>>To: Tom Eastep >>>Cc: knollst at tronicplanet.de ; pptp-server at lists.schulte.org >>>Subject: Re: [pptp-server] linux to linux pptp connection >>> >>> >>>Tom: >>> >>>Just figured out vtund, I'm testing it now. >>>Have you played with it? Seems stable. >>> >>>Jerry Vonau >>> >>>Tom Eastep wrote: >>> >>>>On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: >>>> >>>>>The fix is to have a reliable isp and hope their upstream is reliable. >>>>> >>>>Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've found >>>>FreeS/Wan to be more reliable than PPTP. >>>> >>>>-Tom >>>>-- >>>>Tom Eastep \ teastep at shorewall.net >>>>AIM: tmeastep \ http://www.shorewall.net >>>>ICQ: #60745924 \_________________________ >>>> >>>_______________________________________________ >>>pptp-server maillist - pptp-server at lists.schulte.org >>>http://lists.schulte.org/mailman/listinfo/pptp-server >>>--- To unsubscribe, go to the url just above this line. -- >>> >>>_______________________________________________ >>>pptp-server maillist - pptp-server at lists.schulte.org >>>http://lists.schulte.org/mailman/listinfo/pptp-server >>>--- To unsubscribe, go to the url just above this line. -- >>> >>_______________________________________________ >>pptp-server maillist - pptp-server at lists.schulte.org >>http://lists.schulte.org/mailman/listinfo/pptp-server >>--- To unsubscribe, go to the url just above this line. -- >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iso9 at phantasticant.com Wed Nov 14 13:49:26 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Wed, 14 Nov 2001 11:49:26 -0800 Subject: [pptp-server] linux to linux pptp connection In-Reply-To: <3BF2AB11.1020203@yahoo.com> Message-ID: Why not NAT the laptops to multiple addresses? Thus: 10.1.1.1 -> 192.168.1.129 10.1.1.2 -> 192.168.1.130 etc. Or, just run the PPTP server on the linux box that is directly attached to the lucent basestation. Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of HVR Sent: Wednesday, November 14, 2001 9:34 AM To: Jordan Share Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux to linux pptp connection i think we are on to something, but let me explain my setup: we have several win/2k and win98 laptops, they all have a orinico wireless card, via this wireless card they connect to the lucent basestation, this lucent basestation is plugged into eth0 of a linux box firewall. the linux box does dhcp so all the laptops get a 10.1.1.0/24 ip address it then does MASQ/NAT and send each packet coming in on eth0, out on eth1 which is connected to our LAN. However it will ONLY forward packets going out on eth1 which are going to the linux box running pptpd. pptpd box then authenticates and assigns ip to the tunnels in the 192.168.1.0/24 range and then NAT/MASQ the packets coming from within the tunnel out into the LAN. doing this forces all over the air traffic (between laptop client and the basestation) to be pptp encrypted (since only packets going to the pptp server are forwarded, and these are encrypted). now the problem i have is that when multiple laptop clients are NATed via the linux box firewall then pptp will only set up one tunnel for all of them: quite messy! picture(?): laptop-W2k/w98 | lucent basestation | eth0 on linux firewall DHCP to laptop NAT to eth1 firewall rule: only packets going to pptp box are let thru eth1 | (this is our LAN) | pptp box authenticate NAT but only if from a pptp tunnel | internal LAN With frees/wan i would like to be able to setup IPsec from each laptop, NAT them all via the firewall and have the pptp server (now just running ipsec) be the receiving side. so i need some fancy setup and i need ipsec support for win/2k and win/98 Any comments greatly appreciated. Jordan Share wrote: Ok, yes. If you have a Linux-to-Linux connection, then I think you'd be better off getting IPSec working, and a tunnel set up between your two subnets. Do you have a static IP on both ends? That is really helpful, but I don't think it's needed (although I can't say for sure, since I do have a static IP on both ends). You have to make sure that the subnets that you are using are distinct. For example, at work we are using the 10.1.1.0/24 subnet, which I have connected to my network at home (192.168.0.0/24). That way, a route can be set up (FreeS/WAN does this automatically at each end) for the destination subnet, after the IPSec tunnel comes up. You end up with something like this: LAN1 - 10.1.1.0/24 | 10.1.1.1 -- eth0 on linuxbox1 | linuxbox1 | a.b.c.d -- eth1 on linuxbox1 | Internet | w.x.y.z -- eth1 on linuxbox2 | linuxbox2 | 192.168.0.1 | LAN2 - 192.168.0.0/24 Then machines on my LAN at home send their packets to linuxbox2, which encrypts and tunnels them to linuxbox1, which decrypts and sends them on to the machines on LAN1. This kind of thing is really easy to set up with FreeS/WAN. If you need to do windows browsing and whatnot, then you'd need to fool around with a WINS server for your network neighborhood to connect properly (Samba is working fine for us in this respect, although you probably are already using a WINS server if you have a windows domain). Jordan ----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of HVR Sent: Tuesday, November 13, 2001 11:55 AM To: Jordan Share Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux to linux pptp connection Jordan Share wrote: For remote access, it's probably easier to get PPTP "dialin" working. Freeswan does not support "remote" IPs in the same way. You do not lease an IP address on the local network, you just encrypt the traffic to and from a given IP/Netmask. This makes "roadwarrior" dialins a bit tricky. If you have a static IP on the Win2k box, then it's very easy to set up the IPSec tunneling. (Well, not easy, perhaps, but doable). If you want to connect roaming dialin users, then you need to jump through some hoops, or just use PGPNet, or some other IPSec client software to manage things.The original post I was replying to was talking about using PPTP to connect two LANs together. Which is something that I think is much better done with IPSec.Jordan By problem is currently that i have multiple clients behind a linux box doing NAT/masquerading. so when the clients get to the pptp server they all seem to have the same ip address and hence pptp will only create one tunnel per ip and ALL clients will go thru this, which creates a big mess! i was hoping that we can either change pptp to allow mutliple tunnels per ip-pair or that i can use FreeS/wan somehow. The clients are a mix of win/2k/98 they connect to the linux box which will serve them an ip address via dhcp, and then the box will NAT all their packets which are then forwarded to the pptp server. and that is where i get into problems... i can explain why i am doing all this in case you are interested. -----Original Message-----From: pptp-server-admin at lists.schulte.org[mailto:pptp-server-admin at lists.schulte.org]On Behalf Ofhvrietsc at yahoo.comSent: Monday, November 12, 2001 8:30 PMTo: Jordan ShareCc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de;pptp-server at lists.schulte.orgSubject: Re: [pptp-server] linux to linux pptp connectionok you got me curious, can i do the following with frees/wan:one secure box running frees/wan with one eth to the outside and one ethto the inside.then ca n i use win-2k and win 98 to connect to freesw/wan? if so whatdo they use for making the tunnels. for pptp connections i just have them use the build in vpn connector or whatever M$ calls this. so what about ipsec? is this supportedby win/2k and win98?On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan Share wrote: I'd have to agree that FreeS/WAN is probably what you want to go with. I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) Also, you have the bonus that it interoperates with other IPSec implementations (an advantage you don't have with vtund). I set up FreeS/WAN for connectivity to our backside LAN at the colo center (connecting to a Netscreen100 firewall), and since then have been easily able to add in tunnels for my network at home (FreeS/WAN) and to a coworker's Win2k box.Plus, I really feel that the experience you gain in setting up a FreeS/WAN tunnel is far more broadly applicable to other IPSec installations than setting up some proprietary tunneling product (such as vtund).There's no way I'd ever use PPTP to tunnel two LANs together, if I had a choice. PPTP is for remote access, IMHO.Jordan-----Original Message-----From: pptp-server-admin at lists.schulte.org[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry VonauSent: Saturday, November 10, 2001 9:50 AMTo: Tom EastepCc: knollst at tronicplanet.de; pptp-server at lists.schulte.orgSubject: Re: [pptp-server] linux to linux pptp connectionTom:Just figured out vtund, I'm testing it now.Have you played with it? Seems stable.Jerry VonauTom Eastep wrote: On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: The fix is to have a reliable isp and hope their upstream is reliable. Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've foundFreeS/Wan to be more reliable than PPTP.-Tom--Tom Eastep \ teastep at shorewall.netAIM: tmeastep \ http://www.shorewall.netICQ: #60745924 \_________________________ _______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. --_______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. -- _______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From dlancaster at visionmd.com Wed Nov 14 14:01:19 2001 From: dlancaster at visionmd.com (David Lancaster) Date: Wed, 14 Nov 2001 16:01:19 -0400 Subject: [pptp-server] pppd-mppe for OpenBSD? References: <20011114173906.9CFBFD1608@poontang.schulte.org> Message-ID: <00b901c16d47$20f22410$2e01a8c0@us.com> I hope that this isn't a case of RTFM, but I can't seem to find any references for adding mppe encryption to the pppd in OpenBSD (2.9). Anybody know of a port of the linux patch, or a native OpenBSD patch? pppd doesn't recognize the +chapms-v2 option, so I'm assuming it doesn't have it. Thanks David Lancaster Security & Networks VisionMD From hvrietsc at yahoo.com Wed Nov 14 14:12:01 2001 From: hvrietsc at yahoo.com (HVR) Date: Wed, 14 Nov 2001 12:12:01 -0800 Subject: [pptp-server] linux to linux pptp connection References: Message-ID: <3BF2D011.8090607@yahoo.com> Jordan Share wrote: > Why not NAT the laptops to multiple addresses? Thus: > > 10.1.1.1 -> 192.168.1.129 > > 10.1.1.2 -> 192.168.1.130 > > etc. > > > how do you set that up? i always thought that NAT/MASQ will masquerade all packets as if they are coming from one IP address, can you actually NAT to multiple addresses? if yes that might solve my problem with pptp. > Or, just run the PPTP server on the linux box that is directly > attached to the lucent basestation. > > > that wont work since we need the firewall linux box to only let packets out to a trusted host inside the LAN (which is where we run pptp). if the firewall does pptp then even laptop which do NOT go tru a tunnel will have their packets forwarded. > Jordan > > -----Original Message----- > *From:* pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]* On Behalf Of *HVR > *Sent:* Wednesday, November 14, 2001 9:34 AM > *To:* Jordan Share > *Cc:* Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; > pptp-server at lists.schulte.org > *Subject:* Re: [pptp-server] linux to linux pptp connection > > i think we are on to something, but let me explain my setup: > > we have several win/2k and win98 laptops, they all have a orinico > wireless card, via this wireless card they connect to the lucent > basestation, this lucent basestation is plugged into eth0 of a > linux box firewall. the linux box does dhcp so all the laptops get > a 10.1.1.0/24 ip address it then does MASQ/NAT and send each > packet coming in on eth0, out on eth1 which is connected to our LAN. > > However it will ONLY forward packets going out on eth1 which are > going to the linux box running pptpd. pptpd box then authenticates > and assigns ip to the tunnels in the 192.168.1.0/24 range and then > NAT/MASQ the packets coming from within the tunnel out into the > LAN. doing this forces all over the air traffic (between laptop > client and the basestation) to be pptp encrypted (since only > packets going to the pptp server are forwarded, and these are > encrypted). > > now the problem i have is that when multiple laptop clients are > NATed via the linux box firewall then pptp will only set up one > tunnel for all of them: quite messy! > > picture(?): > > laptop-W2k/w98 > | > lucent basestation > | > eth0 on linux firewall > DHCP to laptop > NAT to eth1 > firewall rule: only packets going to pptp box are let thru > eth1 > | (this is our LAN) > | > pptp box > authenticate > NAT but only if from a pptp tunnel > | > internal LAN > > With frees/wan i would like to be able to setup IPsec from each > laptop, NAT them all via the firewall and have the pptp server > (now just running ipsec) be the receiving side. > > so i need some fancy setup and i need ipsec support for win/2k and > win/98 > > Any comments greatly appreciated. > > Jordan Share wrote: > >> Ok, yes. If you have a Linux-to-Linux connection, then I think >> you'd be better off getting IPSec working, and a tunnel set up >> between your two subnets. >> >> >> Do you have a static IP on both ends? That is really helpful, >> but I don't think it's needed (although I can't say for sure, >> since I do have a static IP on both ends). >> >> >> >> You have to make sure that the subnets that you are using are >> distinct. For example, at work we are using the 10.1.1.0/24 >> subnet, which I have connected to my network at home >> (192.168.0.0/24). That way, a route can be set up (FreeS/WAN >> does this automatically at each end) for the destination subnet, >> after the IPSec tunnel comes up. >> >> >> >> You end up with something like this: >> >> >> >> LAN1 - 10.1.1.0/24 >> >> | >> >> 10.1.1.1 -- eth0 on linuxbox1 >> >> | >> >> linuxbox1 >> >> | >> >> a.b.c.d -- eth1 on linuxbox1 >> >> | >> >> Internet >> >> | >> >> w.x.y.z -- eth1 on linuxbox2 >> >> | >> >> linuxbox2 >> >> | >> >> 192.168.0.1 >> >> | >> >> LAN2 - 192.168.0.0/24 >> >> >> >> Then machines on my LAN at home send their packets to linuxbox2, >> which encrypts and tunnels them to linuxbox1, which decrypts and >> sends them on to the machines on LAN1. >> >> >> >> This kind of thing is really easy to set up with FreeS/WAN. If >> you need to do windows browsing and whatnot, then you'd need to >> fool around with a WINS server for your network neighborhood to >> connect properly (Samba is working fine for us in this respect, >> although you probably are already using a WINS server if you have >> a windows domain). >> >> >> >> Jordan >> >> >> >> ----Original Message----- >> *From:* pptp-server-admin at lists.schulte.org >> [ >> mailto:pptp-server-admin at lists.schulte.org ]* On Behalf Of *HVR >> *Sent:* Tuesday, November 13, 2001 11:55 AM >> *To:* Jordan Share >> *Cc:* Jerry Vonau; Tom Eastep; knollst at tronicplanet.de >> ; pptp-server at lists.schulte.org >> >> *Subject:* Re: [pptp-server] linux to linux pptp connection >> >> >> >> Jordan Share wrote: >> >>>For remote access, it's probably easier to get PPTP "dialin" working. Freeswan does not support "remote" IPs in the same way. You do not lease an IP address on the local network, you just encrypt the traffic to and from a given IP/Netmask. This makes "roadwarrior" dialins a bit tricky. If you have a static IP on the Win2k box, then it's very easy to set up the IPSec tunneling. (Well, not easy, perhaps, but doable). If you want to connect roaming dialin users, then you need to jump through some hoops, or just use PGPNet, or some other IPSec client software to manage things. >>> >>>The original post I was replying to was talking about using PPTP to connect two LANs together. Which is something that I think is much better done with IPSec. >>> >>>Jordan >>> >> >> By problem is currently that i have multiple clients behind a >> linux box doing NAT/masquerading. so when the clients get to >> the pptp server they all seem to have the same ip address and >> hence pptp will only create one tunnel per ip and ALL >> clients will go thru this, which creates a big mess! i was >> hoping that we can either change pptp to allow mutliple >> tunnels per ip-pair or that i can use FreeS/wan somehow. >> >> The clients are a mix of win/2k/98 they connect to the linux >> box which will serve them an ip address via dhcp, and then >> the box will NAT all their packets which are then forwarded >> to the pptp server. and that is where i get into problems... >> >> i can explain why i am doing all this in case you are interested. >> >>> >>>-----Original Message----- >>>From: pptp-server-admin at lists.schulte.org >>>[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of >>>hvrietsc at yahoo.com >>>Sent: Monday, November 12, 2001 8:30 PM >>>To: Jordan Share >>>Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de ; >>>pptp-server at lists.schulte.org >>>Subject: Re: [pptp-server] linux to linux pptp connection >>> >>> >>>ok you got me curious, can i do the following with frees/wan: >>> >>>one secure box running frees/wan with one eth to the outside and one eth >>>to the inside. >>> >>>then ca >>>n i >>>use win-2k and win 98 to connect to freesw/wan? if so what >>>do they use for making the tunnels. for pptp connections i just have them use the build >>>in vpn connector or whatever M$ calls this. so what about ipsec? is this supported >>>by win/2k and win98? >>> >>>On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan Share wrote: >>> >>>>I'd have to agree that FreeS/WAN is probably what you want to go with. I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) Also, you have the bonus that it interoperates with other IPSec implementations (an advantage you don't have with vtund). I set up FreeS/WAN for connectivity to our backside LAN at the colo center (connecting to a Netscreen100 firewall), and since then have been easily able to add in tunnels for my network at home (FreeS/WAN) and to a coworker's Win2k box. >>>> >>>>Plus, I really feel that the experience you gain in setting up a FreeS/WAN tunnel is far more broadly applicable to other IPSec installations than setting up some proprietary tunneling product (such as vtund). >>>> >>>>There's no way I'd ever use PPTP to tunnel two LANs together, if I had a choice. PPTP is for remote access, IMHO. >>>> >>>>Jordan >>>> >>>>-----Original Message----- >>>>From: pptp-server-admin at lists.schulte.org >>>>[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry Vonau >>>>Sent: Saturday, November 10, 2001 9:50 AM >>>>To: Tom Eastep >>>>Cc: knollst at tronicplanet.de ; pptp-server at lists.schulte.org >>>>Subject: Re: [pptp-server] linux to linux pptp connection >>>> >>>> >>>>Tom: >>>> >>>>Just figured out vtund, I'm testing it now. >>>>Have you played with it? Seems stable. >>>> >>>>Jerry Vonau >>>> >>>>Tom Eastep wrote: >>>> >>>>>On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: >>>>> >>>>>>The fix is to have a reliable isp and hope their upstream is reliable. >>>>>> >>>>>Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've found >>>>>FreeS/Wan to be more reliable than PPTP. >>>>> >>>>>-Tom >>>>>-- >>>>>Tom Eastep \ teastep at shorewall.net >>>>>AIM: tmeastep \ http://www.shorewall.net >>>>>ICQ: #60745924 \_________________________ >>>>> >>>>_______________________________________________ >>>>pptp-server maillist - pptp-server at lists.schulte.org >>>>http://lists.schulte.org/mailman/listinfo/pptp-server >>>>--- To unsubscribe, go to the url just above this line. -- >>>> >>>>_______________________________________________ >>>>pptp-server maillist - pptp-server at lists.schulte.org >>>>http://lists.schulte.org/mailman/listinfo/pptp-server >>>>--- To unsubscribe, go to the url just above this line. -- >>>> >>>_______________________________________________ >>>pptp-server maillist - pptp-server at lists.schulte.org >>>http://lists.schulte.org/mailman/listinfo/pptp-server >>>--- To unsubscribe, go to the url just above this line. -- >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iso9 at phantasticant.com Wed Nov 14 16:03:29 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Wed, 14 Nov 2001 14:03:29 -0800 Subject: [pptp-server] linux to linux pptp connection In-Reply-To: <3BF2D011.8090607@yahoo.com> Message-ID: At home, we have 4 static IPs from our DSL provider (speakeasy.net, they kick ass). Here is the relevant portion of our rc.firewall script: ##========================================================================## # One-to-One Mapping (Inbound) ##========================================================================## $IPTABLES -t nat -A PREROUTING -i $EXTERNAL -d $EXT_IP_ANCA -j DNAT --to $ANCA $IPTABLES -t nat -A PREROUTING -i $EXTERNAL -d $EXT_IP_JWIZ -j DNAT --to $JWIZ $IPTABLES -t nat -A PREROUTING -i $EXTERNAL -d $EXT_IP_BAHMAN -j DNAT --to $BAHMAN ##========================================================================## # One-to-One Mapping (Outbound) ##========================================================================## $IPTABLES -t nat -A POSTROUTING -o $EXTERNAL -s $ANCA -j SNAT --to $EXT_IP_ANCA $IPTABLES -t nat -A POSTROUTING -o $EXTERNAL -s $JWIZ -j SNAT --to $EXT_IP_JWIZ $IPTABLES -t nat -A POSTROUTING -o $EXTERNAL -s $BAHMAN -j SNAT --to $EXT_IP_BAHMAN ##========================================================================## # Default Forwarding of Internal Machines to Internet ##========================================================================## ## Static IP address ## $IPTABLES -t nat -A POSTROUTING -o $EXTERNAL -s $INTERNAL_NET -j SNAT --to $EXT_IP ##========================================================================## $EXTERNAL is the external interface (eth0 in our case): EXTERNAL="eth0" $ANCA, $JWIZ, $BAHMAN are the internal IPs on our network $EXT_IP_ANCA, $EXT_IP_JWIZ, $EXT_IP_BAHMAN are the external IPs. We use the fourth IP for the linuxbox itself, and SNAT all (not previously matched) outgoing packets to come from the external IP of the linuxbox ($EXT_IP) This works for us, although I can't say as I fully understand the connection-tracking magic that allows non-1-to-1-NATted machines to talk to the internet. It just works. :) Jordan -----Original Message----- From: HVR [mailto:hvrietsc at yahoo.com] Sent: Wednesday, November 14, 2001 12:12 PM To: Jordan Share Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux to linux pptp connection Jordan Share wrote: Why not NAT the laptops to multiple addresses? Thus: 10.1.1.1 -> 192.168.1.129 10.1.1.2 -> 192.168.1.130 etc. how do you set that up? i always thought that NAT/MASQ will masquerade all packets as if they are coming from one IP address, can you actually NAT to multiple addresses? if yes that might solve my problem with pptp. Or, just run the PPTP server on the linux box that is directly attached to the lucent basestation. that wont work since we need the firewall linux box to only let packets out to a trusted host inside the LAN (which is where we run pptp). if the firewall does pptp then even laptop which do NOT go tru a tunnel will have their packets forwarded. Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of HVR Sent: Wednesday, November 14, 2001 9:34 AM To: Jordan Share Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux to linux pptp connection i think we are on to something, but let me explain my setup: we have several win/2k and win98 laptops, they all have a orinico wireless card, via this wireless card they connect to the lucent basestation, this lucent basestation is plugged into eth0 of a linux box firewall. the linux box does dhcp so all the laptops get a 10.1.1.0/24 ip address it then does MASQ/NAT and send each packet coming in on eth0, out on eth1 which is connected to our LAN. However it will ONLY forward packets going out on eth1 which are going to the linux box running pptpd. pptpd box then authenticates and assigns ip to the tunnels in the 192.168.1.0/24 range and then NAT/MASQ the packets coming from within the tunnel out into the LAN. doing this forces all over the air traffic (between laptop client and the basestation) to be pptp encrypted (since only packets going to the pptp server are forwarded, and these are encrypted). now the problem i have is that when multiple laptop clients are NATed via the linux box firewall then pptp will only set up one tunnel for all of them: quite messy! picture(?): laptop-W2k/w98 | lucent basestation | eth0 on linux firewall DHCP to laptop NAT to eth1 firewall rule: only packets going to pptp box are let thru eth1 | (this is our LAN) | pptp box authenticate NAT but only if from a pptp tunnel | internal LAN With frees/wan i would like to be able to setup IPsec from each laptop, NAT them all via the firewall and have the pptp server (now just running ipsec) be the receiving side. so i need some fancy setup and i need ipsec support for win/2k and win/98 Any comments greatly appreciated. Jordan Share wrote: Ok, yes. If you have a Linux-to-Linux connection, then I think you'd be better off getting IPSec working, and a tunnel set up between your two subnets. Do you have a static IP on both ends? That is really helpful, but I don't think it's needed (although I can't say for sure, since I do have a static IP on both ends). You have to make sure that the subnets that you are using are distinct. For example, at work we are using the 10.1.1.0/24 subnet, which I have connected to my network at home (192.168.0.0/24). That way, a route can be set up (FreeS/WAN does this automatically at each end) for the destination subnet, after the IPSec tunnel comes up. You end up with something like this: LAN1 - 10.1.1.0/24 | 10.1.1.1 -- eth0 on linuxbox1 | linuxbox1 | a.b.c.d -- eth1 on linuxbox1 | Internet | w.x.y.z -- eth1 on linuxbox2 | linuxbox2 | 192.168.0.1 | LAN2 - 192.168.0.0/24 Then machines on my LAN at home send their packets to linuxbox2, which encrypts and tunnels them to linuxbox1, which decrypts and sends them on to the machines on LAN1. This kind of thing is really easy to set up with FreeS/WAN. If you need to do windows browsing and whatnot, then you'd need to fool around with a WINS server for your network neighborhood to connect properly (Samba is working fine for us in this respect, although you probably are already using a WINS server if you have a windows domain). Jordan ----Original Message----- From: pptp-server-admin at lists.schulte.org [ mailto:pptp-server-admin at lists.schulte.org ] On Behalf Of HVR Sent: Tuesday, November 13, 2001 11:55 AM To: Jordan Share Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de ; pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux to linux pptp connection Jordan Share wrote: For remote access, it's probably easier to get PPTP "dialin" working. Freeswan does not support "remote" IPs in the same way. You do not lease an IP address on the local network, you just encrypt the traffic to and from a given IP/Netmask. This makes "roadwarrior" dialins a bit tricky. If you have a static IP on the Win2k box, then it's very easy to set up the IPSec tunneling. (Well, not easy, perhaps, but doable). If you want to connect roaming dialin users, then you need to jump through some hoops, or just use PGPNet, or some other IPSec client software to manage things.The original post I was replying to was talking about using PPTP to connect two LANs together. Which is something that I think is much better done with IPSec.Jordan By problem is currently that i have multiple clients behind a linux box doing NAT/masquerading. so when the clients get to the pptp server they all seem to have the same ip address and hence pptp will only create one tunnel per ip and ALL clients will go thru this, which creates a big mess! i was hoping that we can either change pptp to allow mutliple tunnels per ip-pair or that i can use FreeS/wan somehow. The clients are a mix of win/2k/98 they connect to the linux box which will serve them an ip address via dhcp, and then the box will NAT all their packets which are then forwarded to the pptp server. and that is where i get into problems... i can explain why i am doing all this in case you are interested. -----Original Message-----From: pptp-server-admin at lists.schulte.org[mailto:pptp-server-admin at lists.schulte.org]On Behalf Ofhvrietsc at yahoo.comSent: Monday, November 12, 2001 8:30 PMTo: Jordan ShareCc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de;pptp-server at lists.schulte.orgSubject: Re: [pptp-server] linux to linux pptp connectionok you got me curious, can i do the following with frees/wan:one secure box running frees/wan with one eth to the outside and one ethto the inside.then can i use win-2k and win 98 to connect to freesw/wan? if so whatdo they use for making the tunnels. for pptp connections i just have them use the build in vpn connector or whatever M$ calls this. so what about ipsec? is this supportedby win/2k and win98?On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan Share wrote: I'd have to agree that FreeS/WAN is probably what you want to go with. I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) Also, you have the bonus that it interoperates with other IPSec implementations (an advantage you don't have with vtund). I set up FreeS/WAN for connectivity to our backside LAN at the colo center (connecting to a Netscreen100 firewall), and since then have been easily able to add in tunnels for my network at home (FreeS/WAN) and to a coworker's Win2k box.Plus, I really feel that the experience you gain in setting up a FreeS/WAN tunnel is far more broadly applicable to other IPSec installations than setting up some proprietary tunneling product (such as vtund).There's no way I'd ever use PPTP to tunnel two LANs together, if I had a choice. PPTP is for remote access, IMHO.Jordan-----Original Message-----From: pptp-server-admin at lists.schulte.org[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry VonauSent: Saturday, November 10, 2001 9:50 AMTo: Tom EastepCc: knollst at tronicplanet.de; pptp-server at lists.schulte.orgSubject: Re: [pptp-server] linux to linux pptp connectionTom:Just figured out vtund, I'm testing it now.Have you played with it? Seems stable.Jerry VonauTom Eastep wrote: On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: The fix is to have a reliable isp and hope their upstream is reliable. Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've foundFreeS/Wan to be more reliable than PPTP.-Tom--Tom Eastep \ teastep at shorewall.netAIM: tmeastep \ http://www.shorewall.netICQ: #60745924 \_________________________ _______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. --_______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. -- _______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. -- From jvonau at home.com Wed Nov 14 18:18:21 2001 From: jvonau at home.com (Jerry Vonau) Date: Wed, 14 Nov 2001 18:18:21 -0600 Subject: [pptp-server] linux to linux pptp connection References: <3BF2D011.8090607@yahoo.com> <3BF30936.27D63BFB@home.com> Message-ID: <3BF309CD.A14743E4@home.com> Jerry Vonau wrote: > > Do you have to run NAT on this box? > > eth0 on linux firewall > DHCP to laptop > NAT to eth1 > firewall rule: only packets going to pptp box are let thru > eth1 > Your only allowing PPTP to pass with this box right? > I'd just use a different subnet (192.168.2.0?) > and filtering and straight forwarding (no MASQ or NAT) > should do the same thing with less headache IMHO. > > Jerry Vonau > > HVR wrote: > > > > Jordan Share wrote: > > > > > Why not NAT the laptops to multiple addresses? Thus: > > > 10.1.1.1 -> 192.168.1.129 > > > 10.1.1.2 -> 192.168.1.130 > > > etc. > > > > > > > > how do you set that up? i always thought that NAT/MASQ will masquerade all > > packets as if they are coming from one IP address, can you actually NAT to > > multiple addresses? > > if yes that might solve my problem with pptp. > > > > > Or, just run the PPTP server on the linux box that is directly attached to > > > the lucent basestation. > > > > > > > > that wont work since we need the firewall linux box to only let packets out to > > a trusted host inside the LAN (which is where we run pptp). if the firewall > > does pptp then even laptop which do NOT go tru a tunnel will have their > > packets forwarded. > > > > > Jordan > > > > > > -----Original Message----- > > > From: pptp-server-admin at lists.schulte.org > > > [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of HVR > > > Sent: Wednesday, November 14, 2001 9:34 AM > > > To: Jordan Share > > > Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; > > > pptp-server at lists.schulte.org > > > Subject: Re: [pptp-server] linux to linux pptp connection > > > > > > i think we are on to something, but let me explain my setup: > > > > > > we have several win/2k and win98 laptops, they all have a orinico > > > wireless card, via this wireless card they connect to the lucent > > > basestation, this lucent basestation is plugged into eth0 of a > > > linux box firewall. the linux box does dhcp so all the laptops get > > > a 10.1.1.0/24 ip address it then does MASQ/NAT and send each > > > packet coming in on eth0, out on eth1 which is connected to our > > > LAN. > > > > > > However it will ONLY forward packets going out on eth1 which are > > > going to the linux box running pptpd. pptpd box then authenticates > > > and assigns ip to the tunnels in the 192.168.1.0/24 range and then > > > NAT/MASQ the packets coming from within the tunnel out into the > > > LAN. doing this forces all over the air traffic (between laptop > > > client and the basestation) to be pptp encrypted (since only > > > packets going to the pptp server are forwarded, and these are > > > encrypted). > > > > > > now the problem i have is that when multiple laptop clients are > > > NATed via the linux box firewall then pptp will only set up one > > > tunnel for all of them: quite messy! > > > > > > picture(?): > > > > > > laptop-W2k/w98 > > > | > > > lucent basestation > > > | > > > eth0 on linux firewall > > > DHCP to laptop > > > NAT to eth1 > > > firewall rule: only packets going to pptp box are let thru > > > eth1 > > > | (this is our LAN) > > > | > > > pptp box > > > authenticate > > > NAT but only if from a pptp tunnel > > > | > > > internal LAN > > > > > > With frees/wan i would like to be able to setup IPsec from each > > > laptop, NAT them all via the firewall and have the pptp server > > > (now just running ipsec) be the receiving side. > > > > > > so i need some fancy setup and i need ipsec support for win/2k and > > > win/98 > > > > > > Any comments greatly appreciated. > > > > > > Jordan Share wrote: > > > > > > > Ok, yes. If you have a Linux-to-Linux connection, then I think > > > > you'd be better off getting IPSec working, and a tunnel set up > > > > between your two subnets. > > > > > > > > Do you have a static IP on both ends? That is really helpful, > > > > but I don't think it's needed (although I can't say for sure, > > > > since I do have a static IP on both ends). > > > > > > > > You have to make sure that the subnets that you are using are > > > > distinct. For example, at work we are using the 10.1.1.0/24 > > > > subnet, which I have connected to my network at home > > > > (192.168.0.0/24). That way, a route can be set up (FreeS/WAN > > > > does this automatically at each end) for the destination subnet, > > > > after the IPSec tunnel comes up. > > > > > > > > You end up with something like this: > > > > > > > > LAN1 - 10.1.1.0/24 > > > > | > > > > 10.1.1.1 -- eth0 on linuxbox1 > > > > | > > > > linuxbox1 > > > > | > > > > a.b.c.d -- eth1 on linuxbox1 > > > > | > > > > Internet > > > > | > > > > w.x.y.z -- eth1 on linuxbox2 > > > > | > > > > linuxbox2 > > > > | > > > > 192.168.0.1 > > > > | > > > > LAN2 - 192.168.0.0/24 > > > > > > > > Then machines on my LAN at home send their packets to linuxbox2, > > > > which encrypts and tunnels them to linuxbox1, which decrypts and > > > > sends them on to the machines on LAN1. > > > > > > > > This kind of thing is really easy to set up with FreeS/WAN. If > > > > you need to do windows browsing and whatnot, then you'd need to > > > > fool around with a WINS server for your network neighborhood to > > > > connect properly (Samba is working fine for us in this respect, > > > > although you probably are already using a WINS server if you > > > > have a windows domain). > > > > > > > > Jordan > > > > > > > > ----Original Message----- > > > > From: pptp-server-admin at lists.schulte.org [ > > > > mailto:pptp-server-admin at lists.schulte.org ] On Behalf Of HVR > > > > Sent: Tuesday, November 13, 2001 11:55 AM > > > > To: Jordan Share > > > > Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de ; > > > > pptp-server at lists.schulte.org > > > > Subject: Re: [pptp-server] linux to linux pptp connection > > > > > > > > > > > > > > > > Jordan Share wrote: > > > > > > > > > For remote access, it's probably easier to get PPTP > > > > > "dialin" working. Freeswan does not support "remote" > > > > > IPs in the same way. You do not lease an IP address > > > > > on the local network, you just encrypt the traffic to > > > > > and from a given IP/Netmask. This makes > > > > > "roadwarrior" dialins a bit tricky. If you have a > > > > > static IP on the Win2k box, then it's very easy to > > > > > set up the IPSec tunneling. (Well, not easy, > > > > > perhaps, but doable). If you want to connect roaming > > > > > dialin users, then you need to jump through some > > > > > hoops, or just use PGPNet, or some other IPSec client > > > > > software to manage things. > > > > > The original post I was replying to was talking about > > > > > using PPTP to connect two LANs together. Which is > > > > > something that I think is much better done with > > > > > IPSec. > > > > > Jordan > > > > > > > > > > > > > By problem is currently that i have multiple clients > > > > behind a linux box doing NAT/masquerading. so when the > > > > clients get to the pptp server they all seem to have > > > > the same ip address and hence pptp will only create > > > > one tunnel per ip and ALL clients will go thru this, > > > > which creates a big mess! i was hoping that we can > > > > either change pptp to allow mutliple tunnels per > > > > ip-pair or that i can use FreeS/wan somehow. > > > > > > > > The clients are a mix of win/2k/98 they connect to the > > > > linux box which will serve them an ip address via > > > > dhcp, and then the box will NAT all their packets > > > > which are then forwarded to the pptp server. and that > > > > is where i get into problems... > > > > > > > > i can explain why i am doing all this in case you are > > > > interested. > > > > > > > > > -----Original Message----- > > > > > From: pptp-server-admin at lists.schulte.org > > > > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf > > > > > Of > > > > > hvrietsc at yahoo.com > > > > > Sent: Monday, November 12, 2001 8:30 PM > > > > > To: Jordan Share > > > > > Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; > > > > > pptp-server at lists.schulte.org > > > > > Subject: Re: [pptp-server] linux to linux pptp > > > > > connection > > > > > ok you got me curious, can i do the following with > > > > > frees/wan: > > > > > one secure box running frees/wan with one eth to the > > > > > outside and one eth > > > > > to the inside. > > > > > then ca > > > > > n i > > > > > use win-2k and win 98 to connect to freesw/wan? if so > > > > > what > > > > > do they use for making the tunnels. for pptp > > > > > connections i just have them use the build > > > > > in vpn connector or whatever M$ calls this. so what > > > > > about ipsec? is this supported > > > > > by win/2k and win98? > > > > > On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan > > > > > Share wrote: > > > > > > > > > >> I'd have to agree that FreeS/WAN is probably what > > > > >> you want to go with. I've not had a tunnel go down > > > > >> yet. (Well, as long as our DSL stays up.) Also, > > > > >> you have the bonus that it interoperates with other > > > > >> IPSec implementations (an advantage you don't have > > > > >> with vtund). I set up FreeS/WAN for connectivity > > > > >> to our backside LAN at the colo center (connecting > > > > >> to a Netscreen100 firewall), and since then have > > > > >> been easily able to add in tunnels for my network > > > > >> at home (FreeS/WAN) and to a coworker's Win2k box. > > > > >> Plus, I really feel that the experience you gain in > > > > >> setting up a FreeS/WAN tunnel is far more broadly > > > > >> applicable to other IPSec installations than > > > > >> setting up some proprietary tunneling product (such > > > > >> as vtund). > > > > >> There's no way I'd ever use PPTP to tunnel two LANs > > > > >> together, if I had a choice. PPTP is for remote > > > > >> access, IMHO. > > > > >> Jordan > > > > >> -----Original Message----- > > > > >> From: pptp-server-admin at lists.schulte.org > > > > >> [mailto:pptp-server-admin at lists.schulte.org]On > > > > >> Behalf Of Jerry Vonau > > > > >> Sent: Saturday, November 10, 2001 9:50 AM > > > > >> To: Tom Eastep > > > > >> Cc: knollst at tronicplanet.de; > > > > >> pptp-server at lists.schulte.org > > > > >> Subject: Re: [pptp-server] linux to linux pptp > > > > >> connection > > > > >> Tom: > > > > >> Just figured out vtund, I'm testing it now. > > > > >> Have you played with it? Seems stable. > > > > >> Jerry Vonau > > > > >> Tom Eastep wrote: > > > > >> > > > > >> > On Saturday 10 November 2001 08:28 am, Jerry > > > > >> > Vonau wrote: > > > > >> > > > > > >> >> The fix is to have a reliable isp and hope their > > > > >> >> upstream is reliable. > > > > >> >> > > > > >> > Or switch to an IPSEC tunnel -- For Linux<->Linux > > > > >> > tunneling, I've found > > > > >> > FreeS/Wan to be more reliable than PPTP. > > > > >> > -Tom > > > > >> > -- > > > > >> > Tom Eastep \ teastep at shorewall.net > > > > >> > AIM: tmeastep \ http://www.shorewall.net > > > > >> > ICQ: #60745924 \_________________________ > > > > >> > > > > > >> _______________________________________________ > > > > >> pptp-server maillist - > > > > >> pptp-server at lists.schulte.org > > > > >> http://lists.schulte.org/mailman/listinfo/pptp-server > > > > >> --- To unsubscribe, go to the url just above this > > > > >> line. -- > > > > >> _______________________________________________ > > > > >> pptp-server maillist - > > > > >> pptp-server at lists.schulte.org > > > > >> http://lists.schulte.org/mailman/listinfo/pptp-server > > > > >> --- To unsubscribe, go to the url just above this > > > > >> line. -- > > > > >> > > > > > _______________________________________________ > > > > > pptp-server maillist - > > > > > pptp-server at lists.schulte.org > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > > --- To unsubscribe, go to the url just above this > > > > > line. -- > > > > > > > > > > > > From iso9 at phantasticant.com Wed Nov 14 19:27:02 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Wed, 14 Nov 2001 17:27:02 -0800 Subject: [pptp-server] linux to linux pptp connection In-Reply-To: <3BF2D011.8090607@yahoo.com> Message-ID: Also, re the PPTP stuff: I am not clear on why you can't run PPTP on the linux box that is connected to the wireless basestation. Only allow PPTP traffic in from the interface on the wireless segment. How does this allow laptops that aren't going through a tunnel to have their traffic forwarded? It's the same as if you had 1 linux box as your Internet firewall/PPTP server, except that the untrusted network is the wireless, not the Internet. Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of HVR Sent: Wednesday, November 14, 2001 12:12 PM To: Jordan Share Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux to linux pptp connection Jordan Share wrote: Why not NAT the laptops to multiple addresses? Thus: 10.1.1.1 -> 192.168.1.129 10.1.1.2 -> 192.168.1.130 etc. how do you set that up? i always thought that NAT/MASQ will masquerade all packets as if they are coming from one IP address, can you actually NAT to multiple addresses? if yes that might solve my problem with pptp. Or, just run the PPTP server on the linux box that is directly attached to the lucent basestation. that wont work since we need the firewall linux box to only let packets out to a trusted host inside the LAN (which is where we run pptp). if the firewall does pptp then even laptop which do NOT go tru a tunnel will have their packets forwarded. Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of HVR Sent: Wednesday, November 14, 2001 9:34 AM To: Jordan Share Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de; pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux to linux pptp connection i think we are on to something, but let me explain my setup: we have several win/2k and win98 laptops, they all have a orinico wireless card, via this wireless card they connect to the lucent basestation, this lucent basestation is plugged into eth0 of a linux box firewall. the linux box does dhcp so all the laptops get a 10.1.1.0/24 ip address it then does MASQ/NAT and send each packet coming in on eth0, out on eth1 which is connected to our LAN. However it will ONLY forward packets going out on eth1 which are going to the linux box running pptpd. pptpd box then authenticates and assigns ip to the tunnels in the 192.168.1.0/24 range and then NAT/MASQ the packets coming from within the tunnel out into the LAN. doing this forces all over the air traffic (between laptop client and the basestation) to be pptp encrypted (since only packets going to the pptp server are forwarded, and these are encrypted). now the problem i have is that when multiple laptop clients are NATed via the linux box firewall then pptp will only set up one tunnel for all of them: quite messy! picture(?): laptop-W2k/w98 | lucent basestation | eth0 on linux firewall DHCP to laptop NAT to eth1 firewall rule: only packets going to pptp box are let thru eth1 | (this is our LAN) | pptp box authenticate NAT but only if from a pptp tunnel | internal LAN With frees/wan i would like to be able to setup IPsec from each laptop, NAT them all via the firewall and have the pptp server (now just running ipsec) be the receiving side. so i need some fancy setup and i need ipsec support for win/2k and win/98 Any comments greatly appreciated. Jordan Share wrote: Ok, yes. If you have a Linux-to-Linux connection, then I think you'd be better off getting IPSec working, and a tunnel set up between your two subnets. Do you have a static IP on both ends? That is really helpful, but I don't think it's needed (although I can't say for sure, since I do have a static IP on both ends). You have to make sure that the subnets that you are using are distinct. For example, at work we are using the 10.1.1.0/24 subnet, which I have connected to my network at home (192.168.0.0/24). That way, a route can be set up (FreeS/WAN does this automatically at each end) for the destination subnet, after the IPSec tunnel comes up. You end up with something like this: LAN1 - 10.1.1.0/24 | 10.1.1.1 -- eth0 on linuxbox1 | linuxbox1 | a.b.c.d -- eth1 on linuxbox1 | Internet | w.x.y.z -- eth1 on linuxbox2 | linuxbox2 | 192.168.0.1 | LAN2 - 192.168.0.0/24 Then machines on my LAN at home send their packets to linuxbox2, which encrypts and tunnels them to linuxbox1, which decrypts and sends them on to the machines on LAN1. This kind of thing is really easy to set up with FreeS/WAN. If you need to do windows browsing and whatnot, then you'd need to fool around with a WINS server for your network neighborhood to connect properly (Samba is working fine for us in this respect, although you probably are already using a WINS server if you have a windows domain). Jordan ----Original Message----- From: pptp-server-admin at lists.schulte.org [ mailto:pptp-server-admin at lists.schulte.org ] On Behalf Of HVR Sent: Tuesday, November 13, 2001 11:55 AM To: Jordan Share Cc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de ; pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux to linux pptp connection Jordan Share wrote: For remote access, it's probably easier to get PPTP "dialin" working. Freeswan does not support "remote" IPs in the same way. You do not lease an IP address on the local network, you just encrypt the traffic to and from a given IP/Netmask. This makes "roadwarrior" dialins a bit tricky. If you have a static IP on the Win2k box, then it's very easy to set up the IPSec tunneling. (Well, not easy, perhaps, but doable). If you want to connect roaming dialin users, then you need to jump through some hoops, or just use PGPNet, or some other IPSec client software to manage things.The original post I was replying to was talking about using PPTP to connect two LANs together. Which is something that I think is much better done with IPSec.Jordan By problem is currently that i have multiple clients behind a linux box doing NAT/masquerading. so when the clients get to the pptp server they all seem to have the same ip address and hence pptp will only create one tunnel per ip and ALL clients will go thru this, which creates a big mess! i was hoping that we can either change pptp to allow mutliple tunnels per ip-pair or that i can use FreeS/wan somehow. The clients are a mix of win/2k/98 they connect to the linux box which will serve them an ip address via dhcp, and then the box will NAT all their packets which are then forwarded to the pptp server. and that is where i get into problems... i can explain why i am doing all this in case you are interested. -----Original Message-----From: pptp-server-admin at lists.schulte.org[mailto:pptp-server-admin at lists.schulte.org]On Behalf Ofhvrietsc at yahoo.comSent: Monday, November 12, 2001 8:30 PMTo: Jordan ShareCc: Jerry Vonau; Tom Eastep; knollst at tronicplanet.de;pptp-server at lists.schulte.orgSubject: Re: [pptp-server] linux to linux pptp connectionok you got me curious, can i do the following with frees/wan:one secure box running frees/wan with one eth to the outside and one ethto the inside.then can i use win-2k and win 98 to connect to freesw/wan? if so whatdo they use for making the tunnels. for pptp connections i just have them use the build in vpn connector or whatever M$ calls this. so what about ipsec? is this supportedby win/2k and win98?On Mon, Nov 12, 2001 at 10:42:35AM -0800, Jordan Share wrote: I'd have to agree that FreeS/WAN is probably what you want to go with. I've not had a tunnel go down yet. (Well, as long as our DSL stays up.) Also, you have the bonus that it interoperates with other IPSec implementations (an advantage you don't have with vtund). I set up FreeS/WAN for connectivity to our backside LAN at the colo center (connecting to a Netscreen100 firewall), and since then have been easily able to add in tunnels for my network at home (FreeS/WAN) and to a coworker's Win2k box.Plus, I really feel that the experience you gain in setting up a FreeS/WAN tunnel is far more broadly applicable to other IPSec installations than setting up some proprietary tunneling product (such as vtund).There's no way I'd ever use PPTP to tunnel two LANs together, if I had a choice. PPTP is for remote access, IMHO.Jordan-----Original Message-----From: pptp-server-admin at lists.schulte.org[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jerry VonauSent: Saturday, November 10, 2001 9:50 AMTo: Tom EastepCc: knollst at tronicplanet.de; pptp-server at lists.schulte.orgSubject: Re: [pptp-server] linux to linux pptp connectionTom:Just figured out vtund, I'm testing it now.Have you played with it? Seems stable.Jerry VonauTom Eastep wrote: On Saturday 10 November 2001 08:28 am, Jerry Vonau wrote: The fix is to have a reliable isp and hope their upstream is reliable. Or switch to an IPSEC tunnel -- For Linux<->Linux tunneling, I've foundFreeS/Wan to be more reliable than PPTP.-Tom--Tom Eastep \ teastep at shorewall.netAIM: tmeastep \ http://www.shorewall.netICQ: #60745924 \_________________________ _______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. --_______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. -- _______________________________________________pptp-server maillist - pptp-server at lists.schulte.orghttp://lists.schulte.org/mailman/listinfo/pptp-server--- To unsubscribe, go to the url just above this line. -- From simon_yuen at fujitsu.com.hk Wed Nov 14 22:42:51 2001 From: simon_yuen at fujitsu.com.hk (Simon Yuen) Date: Thu, 15 Nov 2001 12:42:51 +0800 Subject: [pptp-server] encryption on remote netwrok References: <3BF2D011.8090607@yahoo.com> <3BF30936.27D63BFB@home.com> <3BF309CD.A14743E4@home.com> Message-ID: <000501c16d8f$fb945dc0$2a4210ac@fujitsu.com.hk> I find that when I use VPN(Win98) to connect to the pptp server over the ethernet, it prompts me that the server does not suppport encryption. Instead, if I connect to the pptp server over the ppp, it is successfully. What's the reason? From shughes at arn.net Thu Nov 15 16:16:40 2001 From: shughes at arn.net (Shawn Hughes) Date: Thu, 15 Nov 2001 14:16:40 -0800 Subject: [pptp-server] PPTP server not passing anything back Message-ID: <001f01c16e23$379dbe40$1204a8c0@shawn> Here is my problem. I can connect over the internal network to the PPTP server but I can not connect over the internet from a client to the PPTP server. The information is passed to the PPTP server, but I think the PPTP server is not passing anything back to the public address. Here is my setup. Public IP Private-IP Client --> Internet --> ISDN --> PPTP----> Private Network Firewall Server Is the problem in the ip chain rules? I need some help or direction. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From eric.pregnon at wanadoo.fr Thu Nov 15 14:49:35 2001 From: eric.pregnon at wanadoo.fr (=?iso-8859-1?Q?Eric_Pr=E9gnon?=) Date: Thu, 15 Nov 2001 21:49:35 +0100 Subject: [pptp-server] POPTOP and LAN TO LAN Message-ID: Hi, I would like to link two networks. On one side, I have - Network A a Red Hat Linux 7.0 with poptop, a leased line and a Cisco router - Network B (subsediary office) with a DSL line and a Netopia R9100 router I have installed poptop. I have added static routes on both networks. - On network B all is working fine. I can ping workstations in the internal lan of network A - On network A, I can ONLY ping the VPN interface of network B. I can't ping any workstation of the network B For the moment no ipchains are used. Questions : - What can I for users of Network A to use servers in Network B ? - Is it possible with Poptop to work in the 2 ways ? Thanks. From nvieira at shaw.ca Thu Nov 15 15:57:47 2001 From: nvieira at shaw.ca (Nelson Vieira) Date: Thu, 15 Nov 2001 15:57:47 -0600 Subject: [pptp-server] PPTP server not passing anything back References: <001f01c16e23$379dbe40$1204a8c0@shawn> Message-ID: <005f01c16e20$91c85a40$01000100@nvieira> My guess is the firewall at the ISDN point in your diagram. The PPTP server has to be able to communicate on the interface with the public IP address. Or.. I believe you can masquerade the PPTP server behind the firewall. See this HOWTO for more information: http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html - ----- Original Message ----- From: Shawn Hughes To: pptp-server at lists.schulte.org Sent: Thursday, November 15, 2001 4:16 PM Subject: [pptp-server] PPTP server not passing anything back Here is my problem. I can connect over the internal network to the PPTP server but I can not connect over the internet from a client to the PPTP server. The information is passed to the PPTP server, but I think the PPTP server is not passing anything back to the public address. Here is my setup. Public IP Private-IP Client --> Internet --> ISDN --> PPTP----> Private Network Firewall Server Is the problem in the ip chain rules? I need some help or direction. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Fri Nov 16 08:16:00 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Fri, 16 Nov 2001 19:46:00 +0530 Subject: [pptp-server] making rpm Message-ID: <3BF51FA0.39DB9718@multitech.co.in> hi all, i was trying to make binary rpm of pptp server. version 1.0.1. i am attaching the spec file i am using for generation of the rpm. i am getting the source rpm but not the binary rpm. can someone help me? i am enclosing another spec file which i am using for ppp server 2.4.1 i have the same problem here also. regs murali krishna vemuri -------------- next part -------------- Summary: PPTP Server Name: pptpd Version: 1.0.1 Release: 1 Copyright: GNU GPL Group: services/net Source: pptpd-1.0.1.tar.gz Url: http://www.poptop.lineo.com/ %description PPTP is a tunneling protocol to make a tunnels through the IP network. %prep rm -rf $RPM_BUILD_DIR/pptpd-1.0.1 zcat $RPM_SOURCE_DIR/pptpd-1.0.1.tar.gz | tar -xvf - %setup ./configure %build make %install make install -------------- next part -------------- Summary: PPP Daemon Name: ppp Version: 2.4.1 Release: 2 Copyright: GNU GPL Group: Services/net Source0: ppp-2.4.1.tar.gz %Description PPP is point to point protocol which is used for connecting to the internet. %prep rm -rf $RPM_BUILD_DIR/ppp-2.4.1 zcat $RPM_SOURCE_DIR/ppp-2.4.1.tar.gz | tar -xvf - %setup ./configure %build make %install make install From giulioo at pobox.com Fri Nov 16 08:55:06 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Fri, 16 Nov 2001 15:55:06 +0100 Subject: [pptp-server] making rpm In-Reply-To: <3BF51FA0.39DB9718@multitech.co.in> References: <3BF51FA0.39DB9718@multitech.co.in> Message-ID: <20011116145508.47A4F276DF@i3.golden.dom> On Fri, 16 Nov 2001 19:46:00 +0530, you wrote: >i am attaching the spec file i am using for generation of the rpm. >i am getting the source rpm but not the binary rpm. >can someone help me? I don't see a %files section in your spec file. Why don't you start from pre-built src.rpm's and add your extensions? -- giulioo at pobox.com From jroland at roland.net Fri Nov 16 19:22:05 2001 From: jroland at roland.net (Jim Roland) Date: Fri, 16 Nov 2001 19:22:05 -0600 Subject: [pptp-server] making rpm References: <3BF51FA0.39DB9718@multitech.co.in> Message-ID: <008101c16f06$44d68180$a000a8c0@gespl2k1> What parameters are you passing to rpm? To build a binary rpm, use rpm -bb specfile (with any other opts) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jim Roland, RHCE (RedHat Certified Engineer) Owner, Roland Internet Services "The four surefire rules for success: Show up, Pay attention, Ask questions, Don't quit." --Rob Gilbert, PH.D. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----- Original Message ----- From: "Murali K. Vemuri" To: Sent: Friday, November 16, 2001 8:16 AM Subject: [pptp-server] making rpm > hi all, > > i was trying to make binary rpm of pptp server. version 1.0.1. > i am attaching the spec file i am using for generation of the rpm. > i am getting the source rpm but not the binary rpm. > can someone help me? > i am enclosing another spec file which i am using for ppp server 2.4.1 > i have the same problem here also. > regs > murali krishna vemuri > ---------------------------------------------------------------------------- ---- > Summary: PPTP Server > Name: pptpd > Version: 1.0.1 > Release: 1 > Copyright: GNU GPL > Group: services/net > Source: pptpd-1.0.1.tar.gz > Url: http://www.poptop.lineo.com/ > > %description > PPTP is a tunneling protocol to make a tunnels through the IP network. > > %prep > rm -rf $RPM_BUILD_DIR/pptpd-1.0.1 > zcat $RPM_SOURCE_DIR/pptpd-1.0.1.tar.gz | tar -xvf - > > %setup > ./configure > > %build > make > > %install > make install > > > ---------------------------------------------------------------------------- ---- > Summary: PPP Daemon > Name: ppp > Version: 2.4.1 > Release: 2 > Copyright: GNU GPL > Group: Services/net > Source0: ppp-2.4.1.tar.gz > > %Description > PPP is point to point protocol which is used for connecting to the internet. > > %prep > rm -rf $RPM_BUILD_DIR/ppp-2.4.1 > zcat $RPM_SOURCE_DIR/ppp-2.4.1.tar.gz | tar -xvf - > > %setup > ./configure > > %build > make > > %install > make install > From muralivemuri at multitech.co.in Fri Nov 16 23:44:35 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Sat, 17 Nov 2001 11:14:35 +0530 Subject: [pptp-server] making rpm References: <3BF51FA0.39DB9718@multitech.co.in> <008101c16f06$44d68180$a000a8c0@gespl2k1> Message-ID: <3BF5F943.A234B84@multitech.co.in> nope! i tried all ways........." rpm -ba" " rpm -bb", "rpm -bp" but still i get the same result. can some one give me suggestions? regards murali Jim Roland wrote: > What parameters are you passing to rpm? To build a binary rpm, use rpm -bb > specfile (with any other opts) > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Jim Roland, RHCE (RedHat Certified Engineer) > Owner, Roland Internet Services > "The four surefire rules for success: Show up, Pay attention, Ask > questions, Don't quit." > --Rob Gilbert, PH.D. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > ----- Original Message ----- > From: "Murali K. Vemuri" > To: > Sent: Friday, November 16, 2001 8:16 AM > Subject: [pptp-server] making rpm > > > hi all, > > > > i was trying to make binary rpm of pptp server. version 1.0.1. > > i am attaching the spec file i am using for generation of the rpm. > > i am getting the source rpm but not the binary rpm. > > can someone help me? > > i am enclosing another spec file which i am using for ppp server 2.4.1 > > i have the same problem here also. > > regs > > murali krishna vemuri > > > > ---------------------------------------------------------------------------- > ---- > > > Summary: PPTP Server > > Name: pptpd > > Version: 1.0.1 > > Release: 1 > > Copyright: GNU GPL > > Group: services/net > > Source: pptpd-1.0.1.tar.gz > > Url: http://www.poptop.lineo.com/ > > > > %description > > PPTP is a tunneling protocol to make a tunnels through the IP network. > > > > %prep > > rm -rf $RPM_BUILD_DIR/pptpd-1.0.1 > > zcat $RPM_SOURCE_DIR/pptpd-1.0.1.tar.gz | tar -xvf - > > > > %setup > > ./configure > > > > %build > > make > > > > %install > > make install > > > > > > > > ---------------------------------------------------------------------------- > ---- > > > Summary: PPP Daemon > > Name: ppp > > Version: 2.4.1 > > Release: 2 > > Copyright: GNU GPL > > Group: Services/net > > Source0: ppp-2.4.1.tar.gz > > > > %Description > > PPP is point to point protocol which is used for connecting to the > internet. > > > > %prep > > rm -rf $RPM_BUILD_DIR/ppp-2.4.1 > > zcat $RPM_SOURCE_DIR/ppp-2.4.1.tar.gz | tar -xvf - > > > > %setup > > ./configure > > > > %build > > make > > > > %install > > make install > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From shanu at exocore.com Sat Nov 17 00:04:33 2001 From: shanu at exocore.com (Shanker Balan) Date: Sat, 17 Nov 2001 11:34:33 +0530 Subject: [pptp-server] Re: making rpm In-Reply-To: <3BF5F943.A234B84@multitech.co.in>; from muralivemuri@multitech.co.in on Sat, Nov 17, 2001 at 11:14:35AM +0530 References: <3BF51FA0.39DB9718@multitech.co.in> <008101c16f06$44d68180$a000a8c0@gespl2k1> <3BF5F943.A234B84@multitech.co.in> Message-ID: <20011117113433.A3723@exocore.com> Hello: Murali K. Vemuri wrote, > nope! > i tried all ways........." rpm -ba" " rpm -bb", "rpm -bp" > but still i get the same result. > can some one give me suggestions? By the looks of it, your spec file lacks the "%files" section. Like suggested earlier, use the spec included in the SRPM as a template and then make custom hacks to it. See http://rpm.org/ for a HOWTO on building RPMS. -- Shanu -- C-3PO: Don't call me a mindless philosopher, you overweight glob of grease! From Timothy.Findlay at austrimtextiles.com.au Sun Nov 18 23:01:46 2001 From: Timothy.Findlay at austrimtextiles.com.au (Timothy Findlay) Date: Mon, 19 Nov 2001 16:01:46 +1100 Subject: [pptp-server] ARP Binding ?!? Message-ID: Hi, I've got poptop all installed (it's my second time around - it used to work a treat on the original server) and so far so good. It logs in and auth's me ok, and I can ping/telnet to my VPN server box, but I cant touch the Network behind it. The network looks a little like... Road Warrior 203.x.x.x (Live IP) : ppp0 | | 203.x.x.x (Live IP) : eth0 VPN / Firewall Gateway 128.1.x.x (Private IP) : eth1 | | 128.1.x.x (Private Network) Private Network I have "proxy-arp" in my options file and a 1 in /proc/sys/net/ipv4/ip_forward, but according to the messages file (when a connection is established) it binds proxy arp to eth0!! I had a hunt around under /proc/sys/net/conf/eth0 and saw the proxy-arp file thing, which was 0 so I cat'd a 1 to it and everything started working (yippie!) but I know this isn't really the right way to be doing things. I know as soon as I reboot these settings will re-set (erk!) ... I'm running Redhat 7.2 ... does anyone know where I should set the proxy-arp thing properly ?? Any thoughts greatly appreciated. Tim. --------------------------------------------------------------- CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please delete it and notify Austrim Textiles Pty Ltd. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Austrim Textiles Pty Ltd. Although antivirus software is used to scan mail messages Austrim Textiles Pty Ltd excludes all liability for viruses or similar in any outbound mail message. --------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From jvonau at home.com Mon Nov 19 04:37:11 2001 From: jvonau at home.com (Jerry Vonau) Date: Mon, 19 Nov 2001 04:37:11 -0600 Subject: [pptp-server] ARP Binding ?!? References: Message-ID: <3BF8E0D7.FB5AB2A0@home.com> Timothy: What is your local ip & remote ip set to in the pptpd.conf file? Should be from the private lan address range. Jerry Vonau > Timothy Findlay wrote: > > Hi, > > I've got poptop all installed (it's my second time around - it used to work a > treat on the original server) and so far so good. It logs in and auth's me ok, > and I can ping/telnet to my VPN server box, but I cant touch the Network > behind it. The network looks a little like... > > Road Warrior > 203.x.x.x (Live IP) : ppp0 > | > | > 203.x.x.x (Live IP) : eth0 > VPN / Firewall Gateway > 128.1.x.x (Private IP) : eth1 > | > | > 128.1.x.x (Private Network) > Private Network > > I have "proxy-arp" in my options file and a 1 in > /proc/sys/net/ipv4/ip_forward, but according to the messages file (when a > connection is established) it binds proxy arp to eth0!! > > I had a hunt around under /proc/sys/net/conf/eth0 and saw the proxy-arp file > thing, which was 0 so I cat'd a 1 to it and everything started working > (yippie!) but I know this isn't really the right way to be doing things. I > know as soon as I reboot these settings will re-set (erk!) ... I'm running > Redhat 7.2 ... does anyone know where I should set the proxy-arp thing > properly ?? > > Any thoughts greatly appreciated. > > Tim. > > --------------------------------------------------------------- > CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please delete it and notify Austrim Textiles Pty Ltd. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Austrim Textiles Pty Ltd. > > Although antivirus software is used to scan mail messages Austrim Textiles Pty Ltd excludes all liability for viruses or similar in any outbound mail message. > --------------------------------------------------------------- From Timothy.Findlay at austrimtextiles.com.au Mon Nov 19 15:40:52 2001 From: Timothy.Findlay at austrimtextiles.com.au (Timothy Findlay) Date: Tue, 20 Nov 2001 08:40:52 +1100 Subject: [pptp-server] ARP Binding ?!? Message-ID: Hi, My conf file looks like so.... option /etc/ppp/options localip 128.1.6.2 remoteip 128.1.6.38-40 listen 203.44.64.xxx I originally had the localip setting set to 128.1.6.35-37 but I figured if they could all tunnel back through my main private IP (128.1.6.2) on the box, this would save some IP's. Just for ref. my options file looks like... name atgproxy1 ms-wins 128.1.6.7 auth require-chap proxyarp Thanks for your reply.... any other thoughts/ideas welcome .... Tim. -----Original Message----- From: Jerry Vonau [mailto:jvonau at home.com] Sent: Monday, 19 November 2001 9:37 PM To: Timothy Findlay Cc: 'pptp-server at lists.schulte.org' Subject: Re: [pptp-server] ARP Binding ?!? Timothy: What is your local ip & remote ip set to in the pptpd.conf file? Should be from the private lan address range. Jerry Vonau > Timothy Findlay wrote: > > Hi, > > I've got poptop all installed (it's my second time around - it used to work a > treat on the original server) and so far so good. It logs in and auth's me ok, > and I can ping/telnet to my VPN server box, but I cant touch the Network > behind it. The network looks a little like... > > Road Warrior > 203.x.x.x (Live IP) : ppp0 > | > | > 203.x.x.x (Live IP) : eth0 > VPN / Firewall Gateway > 128.1.x.x (Private IP) : eth1 > | > | > 128.1.x.x (Private Network) > Private Network > > I have "proxy-arp" in my options file and a 1 in > /proc/sys/net/ipv4/ip_forward, but according to the messages file (when a > connection is established) it binds proxy arp to eth0!! > > I had a hunt around under /proc/sys/net/conf/eth0 and saw the proxy-arp file > thing, which was 0 so I cat'd a 1 to it and everything started working > (yippie!) but I know this isn't really the right way to be doing things. I > know as soon as I reboot these settings will re-set (erk!) ... I'm running > Redhat 7.2 ... does anyone know where I should set the proxy-arp thing > properly ?? > > Any thoughts greatly appreciated. > > Tim. > > --------------------------------------------------------------- > CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please delete it and notify Austrim Textiles Pty Ltd. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Austrim Textiles Pty Ltd. > > Although antivirus software is used to scan mail messages Austrim Textiles Pty Ltd excludes all liability for viruses or similar in any outbound mail message. > --------------------------------------------------------------- --------------------------------------------------------------- CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please delete it and notify Austrim Textiles Pty Ltd. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Austrim Textiles Pty Ltd. Although antivirus software is used to scan mail messages Austrim Textiles Pty Ltd excludes all liability for viruses or similar in any outbound mail message. --------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From allanc at caldera.com Mon Nov 19 15:56:41 2001 From: allanc at caldera.com (Allan Clark) Date: Mon, 19 Nov 2001 16:56:41 -0500 Subject: [pptp-server] ARP Binding ?!? References: Message-ID: <3BF98019.F566329E@caldera.com> Hey everyone; DO we still have a problem with PPP "assuming" various netmasks based on Class-ful IP? ie assuming 24 bits on a 192.x.y subnet? Whether we do or we don't, I would strongly suggest that using "128.x.y" as a network is just asking for trouble. Allan > Timothy Findlay wrote: > > Hi, > > My conf file looks like so.... > > option /etc/ppp/options > localip 128.1.6.2 > remoteip 128.1.6.38-40 > listen 203.44.64.xxx > > I originally had the localip setting set to 128.1.6.35-37 but I > figured if they could all tunnel back through my main private IP > (128.1.6.2) on the box, this would save some IP's. > > Just for ref. my options file looks like... > name atgproxy1 > ms-wins 128.1.6.7 > auth > require-chap > proxyarp > > Thanks for your reply.... any other thoughts/ideas welcome .... > > Tim. > > -----Original Message----- > From: Jerry Vonau [mailto:jvonau at home.com] > Sent: Monday, 19 November 2001 9:37 PM > To: Timothy Findlay > Cc: 'pptp-server at lists.schulte.org' > Subject: Re: [pptp-server] ARP Binding ?!? > > Timothy: > > What is your local ip & remote ip set to in the pptpd.conf file? > Should be from the private lan address range. > > Jerry Vonau > > > Timothy Findlay wrote: > > > > Hi, > > > > I've got poptop all installed (it's my second time around - it used > to work a > > treat on the original server) and so far so good. It logs in and > auth's me ok, > > and I can ping/telnet to my VPN server box, but I cant touch the > Network > > behind it. The network looks a little like... > > > > Road Warrior > > 203.x.x.x (Live IP) : ppp0 > > | > > | > > 203.x.x.x (Live IP) : eth0 > > VPN / Firewall Gateway > > 128.1.x.x (Private IP) : eth1 > > | > > | > > 128.1.x.x (Private Network) > > Private Network > > > > I have "proxy-arp" in my options file and a 1 in > > /proc/sys/net/ipv4/ip_forward, but according to the messages file > (when a > > connection is established) it binds proxy arp to eth0!! > > > > I had a hunt around under /proc/sys/net/conf/eth0 and saw the > proxy-arp file > > thing, which was 0 so I cat'd a 1 to it and everything started > working > > (yippie!) but I know this isn't really the right way to be doing > things. I > > know as soon as I reboot these settings will re-set (erk!) ... I'm > running > > Redhat 7.2 ... does anyone know where I should set the proxy-arp > thing > > properly ?? > > > > Any thoughts greatly appreciated. > > > > Tim. > > > > --------------------------------------------------------------- > > CAUTION - This message may contain privileged and confidential > information intended only for the use of the addressee named above. If > you are not the intended recipient of this message you are hereby > notified that any use, dissemination, distribution or reproduction of > this message is prohibited. If you have received this message in error > please delete it and notify Austrim Textiles Pty Ltd. Any views > expressed in this message are those of the individual sender and may > not necessarily reflect the views of Austrim Textiles Pty Ltd. > > > > > Although antivirus software is used to scan mail messages Austrim > Textiles Pty Ltd excludes all liability for viruses or similar in any > outbound mail message. > > > --------------------------------------------------------------- > > --------------------------------------------------------------- > CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please delete it and notify Austrim Textiles Pty Ltd. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Austrim Textiles Pty Ltd. > > Although antivirus software is used to scan mail messages Austrim Textiles Pty Ltd excludes all liability for viruses or similar in any outbound mail message. > --------------------------------------------------------------- From waldir at transimaribo.com.br Mon Nov 19 17:01:04 2001 From: waldir at transimaribo.com.br (Waldir Borba Junior) Date: Mon, 19 Nov 2001 20:01:04 -0300 Subject: [pptp-server] pptp-server -- confirmation of subscription -- request 118295 References: <20011119203743.33DCCD14D6@poontang.schulte.org> Message-ID: <002201c1714e$10d09f20$a201a8c0@orion> ----- Original Message ----- From: To: Sent: Monday, November 19, 2001 5:37 PM Subject: pptp-server -- confirmation of subscription -- request 118295 > pptp-server -- confirmation of subscription -- request 118295 > > We have received a request from 200.194.244.87 for subscription of > your email address, , to the > pptp-server at lists.schulte.org mailing list. To confirm the request, > please send a message to pptp-server-request at lists.schulte.org, and > either: > > - maintain the subject line as is (the reply's additional "Re:" is > ok), > > - or include the following line - and only the following line - in the > message body: > > confirm 118295 > > (Simply sending a 'reply' to this message should work from most email > interfaces, since that usually leaves the subject line in the right > form.) > > If you do not wish to subscribe to this list, please simply disregard > this message. Send questions to pptp-server-admin at lists.schulte.org. From allanc at caldera.com Mon Nov 19 16:06:55 2001 From: allanc at caldera.com (Allan Clark) Date: Mon, 19 Nov 2001 17:06:55 -0500 Subject: [pptp-server] ARP Binding ?!? References: <3BF98019.F566329E@caldera.com> Message-ID: <3BF9827F.79C3765E@caldera.com> Oops; I was seeing "127" where I read "128". 128 should be a valid class B network, so PPP would be assuming a 16-bit netmask if it is making these assumptions. Timothy, I assume you own this IP block 128.1.x.y ? Allan Allan Clark wrote: > > Hey everyone; > > DO we still have a problem with PPP "assuming" various netmasks based on > Class-ful IP? ie assuming 24 bits on a 192.x.y subnet? > > Whether we do or we don't, I would strongly suggest that using "128.x.y" > as a network is just asking for trouble. > > Allan > > > Timothy Findlay wrote: > > > > Hi, > > > > My conf file looks like so.... > > > > option /etc/ppp/options > > localip 128.1.6.2 > > remoteip 128.1.6.38-40 > > listen 203.44.64.xxx > > > > I originally had the localip setting set to 128.1.6.35-37 but I > > figured if they could all tunnel back through my main private IP > > (128.1.6.2) on the box, this would save some IP's. > > > > Just for ref. my options file looks like... > > name atgproxy1 > > ms-wins 128.1.6.7 > > auth > > require-chap > > proxyarp > > > > Thanks for your reply.... any other thoughts/ideas welcome .... > > > > Tim. > > > > -----Original Message----- > > From: Jerry Vonau [mailto:jvonau at home.com] > > Sent: Monday, 19 November 2001 9:37 PM > > To: Timothy Findlay > > Cc: 'pptp-server at lists.schulte.org' > > Subject: Re: [pptp-server] ARP Binding ?!? > > > > Timothy: > > > > What is your local ip & remote ip set to in the pptpd.conf file? > > Should be from the private lan address range. > > > > Jerry Vonau > > > > > Timothy Findlay wrote: > > > > > > Hi, > > > > > > I've got poptop all installed (it's my second time around - it used > > to work a > > > treat on the original server) and so far so good. It logs in and > > auth's me ok, > > > and I can ping/telnet to my VPN server box, but I cant touch the > > Network > > > behind it. The network looks a little like... > > > > > > Road Warrior > > > 203.x.x.x (Live IP) : ppp0 > > > | > > > | > > > 203.x.x.x (Live IP) : eth0 > > > VPN / Firewall Gateway > > > 128.1.x.x (Private IP) : eth1 > > > | > > > | > > > 128.1.x.x (Private Network) > > > Private Network > > > > > > I have "proxy-arp" in my options file and a 1 in > > > /proc/sys/net/ipv4/ip_forward, but according to the messages file > > (when a > > > connection is established) it binds proxy arp to eth0!! > > > > > > I had a hunt around under /proc/sys/net/conf/eth0 and saw the > > proxy-arp file > > > thing, which was 0 so I cat'd a 1 to it and everything started > > working > > > (yippie!) but I know this isn't really the right way to be doing > > things. I > > > know as soon as I reboot these settings will re-set (erk!) ... I'm > > running > > > Redhat 7.2 ... does anyone know where I should set the proxy-arp > > thing > > > properly ?? > > > > > > Any thoughts greatly appreciated. > > > > > > Tim. > > > > > > --------------------------------------------------------------- > > > CAUTION - This message may contain privileged and confidential > > information intended only for the use of the addressee named above. If > > you are not the intended recipient of this message you are hereby > > notified that any use, dissemination, distribution or reproduction of > > this message is prohibited. If you have received this message in error > > please delete it and notify Austrim Textiles Pty Ltd. Any views > > expressed in this message are those of the individual sender and may > > not necessarily reflect the views of Austrim Textiles Pty Ltd. > > > > > > > > Although antivirus software is used to scan mail messages Austrim > > Textiles Pty Ltd excludes all liability for viruses or similar in any > > outbound mail message. > > > > > --------------------------------------------------------------- > > > > --------------------------------------------------------------- > > CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please delete it and notify Austrim Textiles Pty Ltd. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Austrim Textiles Pty Ltd. > > > > Although antivirus software is used to scan mail messages Austrim Textiles Pty Ltd excludes all liability for viruses or similar in any outbound mail message. > > --------------------------------------------------------------- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From Timothy.Findlay at austrimtextiles.com.au Mon Nov 19 16:05:12 2001 From: Timothy.Findlay at austrimtextiles.com.au (Timothy Findlay) Date: Tue, 20 Nov 2001 09:05:12 +1100 Subject: [pptp-server] ARP Binding ?!? Message-ID: Hi There, I didn't quite follow the first bit, and I'm no network Guru, but the network here (128.x.x.x) was setup long before my time. I know there are RFC1819 thingo's set aside for internal networks though (192.168.x.x, 10.x.x.x etc. etc.) but as I mentioned, it was all setup before my time. Are there actually legitimate 128.x.x.x addresses live on the net are there ?? unfortunately I'd have quite an uphill battle changing things as there are a few hundred PC's and umpteen servers that would need to be changed. and for the most part people have the attitude of "Hey, but it all works doesn't it ?" Even the poptop VPN does actually work, if I manually go and change that proxy-arp file for my internal ethernet (eth1) ... .... it's just messy, and a pain to do... Thanks for your feedback, Tim. -----Original Message----- From: Allan Clark [mailto:allanc at caldera.com] Sent: Tuesday, 20 November 2001 8:57 AM To: Timothy Findlay Cc: 'Jerry Vonau'; 'pptp-server at lists.schulte.org' Subject: Re: [pptp-server] ARP Binding ?!? Hey everyone; DO we still have a problem with PPP "assuming" various netmasks based on Class-ful IP? ie assuming 24 bits on a 192.x.y subnet? Whether we do or we don't, I would strongly suggest that using "128.x.y" as a network is just asking for trouble. Allan > Timothy Findlay wrote: > > Hi, > > My conf file looks like so.... > > option /etc/ppp/options > localip 128.1.6.2 > remoteip 128.1.6.38-40 > listen 203.44.64.xxx > > I originally had the localip setting set to 128.1.6.35-37 but I > figured if they could all tunnel back through my main private IP > (128.1.6.2) on the box, this would save some IP's. > > Just for ref. my options file looks like... > name atgproxy1 > ms-wins 128.1.6.7 > auth > require-chap > proxyarp > > Thanks for your reply.... any other thoughts/ideas welcome .... > > Tim. > > -----Original Message----- > From: Jerry Vonau [mailto:jvonau at home.com] > Sent: Monday, 19 November 2001 9:37 PM > To: Timothy Findlay > Cc: 'pptp-server at lists.schulte.org' > Subject: Re: [pptp-server] ARP Binding ?!? > > Timothy: > > What is your local ip & remote ip set to in the pptpd.conf file? > Should be from the private lan address range. > > Jerry Vonau > > > Timothy Findlay wrote: > > > > Hi, > > > > I've got poptop all installed (it's my second time around - it used > to work a > > treat on the original server) and so far so good. It logs in and > auth's me ok, > > and I can ping/telnet to my VPN server box, but I cant touch the > Network > > behind it. The network looks a little like... > > > > Road Warrior > > 203.x.x.x (Live IP) : ppp0 > > | > > | > > 203.x.x.x (Live IP) : eth0 > > VPN / Firewall Gateway > > 128.1.x.x (Private IP) : eth1 > > | > > | > > 128.1.x.x (Private Network) > > Private Network > > > > I have "proxy-arp" in my options file and a 1 in > > /proc/sys/net/ipv4/ip_forward, but according to the messages file > (when a > > connection is established) it binds proxy arp to eth0!! > > > > I had a hunt around under /proc/sys/net/conf/eth0 and saw the > proxy-arp file > > thing, which was 0 so I cat'd a 1 to it and everything started > working > > (yippie!) but I know this isn't really the right way to be doing > things. I > > know as soon as I reboot these settings will re-set (erk!) ... I'm > running > > Redhat 7.2 ... does anyone know where I should set the proxy-arp > thing > > properly ?? > > > > Any thoughts greatly appreciated. > > > > Tim. > > > > --------------------------------------------------------------- > > CAUTION - This message may contain privileged and confidential > information intended only for the use of the addressee named above. If > you are not the intended recipient of this message you are hereby > notified that any use, dissemination, distribution or reproduction of > this message is prohibited. If you have received this message in error > please delete it and notify Austrim Textiles Pty Ltd. Any views > expressed in this message are those of the individual sender and may > not necessarily reflect the views of Austrim Textiles Pty Ltd. > > > > > Although antivirus software is used to scan mail messages Austrim > Textiles Pty Ltd excludes all liability for viruses or similar in any > outbound mail message. > > > --------------------------------------------------------------- > > --------------------------------------------------------------- > CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please delete it and notify Austrim Textiles Pty Ltd. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Austrim Textiles Pty Ltd. > > Although antivirus software is used to scan mail messages Austrim Textiles Pty Ltd excludes all liability for viruses or similar in any outbound mail message. > --------------------------------------------------------------- --------------------------------------------------------------- CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please delete it and notify Austrim Textiles Pty Ltd. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Austrim Textiles Pty Ltd. Although antivirus software is used to scan mail messages Austrim Textiles Pty Ltd excludes all liability for viruses or similar in any outbound mail message. --------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From vorlon at netexpress.net Mon Nov 19 16:47:04 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Mon, 19 Nov 2001 16:47:04 -0600 Subject: [pptp-server] ARP Binding ?!? In-Reply-To: References: Message-ID: <20011119164704.H3487@netexpress.net> Tim, On Tue, Nov 20, 2001 at 09:05:12AM +1100, Timothy Findlay wrote: > I didn't quite follow the first bit, and I'm no network Guru, but the > network here (128.x.x.x) was setup long before my time. I know there are > RFC1819 thingo's set aside for internal networks though (192.168.x.x, > 10.x.x.x etc. etc.) but as I mentioned, it was all setup before my time. > Are there actually legitimate 128.x.x.x addresses live on the net are there > ?? unfortunately I'd have quite an uphill battle changing things as there > are a few hundred PC's and umpteen servers that would need to be changed. > and for the most part people have the attitude of "Hey, but it all works > doesn't it ?" > Even the poptop VPN does actually work, if I manually go and change that > proxy-arp file for my internal ethernet (eth1) ... .... it's just > messy, and a pain to do... The issue with using 128.x.x.x on your network (addresses which are not assigned to you, unless you're a secret subdivision of BBN Communications ;) is that they are not reserved as private addresses; this means that at any time, it's possible that ARIN could revoke the current assignment and reallocate this network for public use. And of course, they wouldn't have to tell you before they did so, either -- so one day, you'd wake up and find that there was a new section of the Internet that was completely inaccessible to you. Of course, the longer you keep your current addressing scheme, the more infrastructure you'll have in place that will need to be converted when you're forced to; and of course, if you're like most companies, this argument will be utterly ineffective at persuading the Powers That Be until it becomes a material problem. ;D Cheers, Steve Langasek postmodern programmer From jvonau at home.com Mon Nov 19 17:53:58 2001 From: jvonau at home.com (Jerry Vonau) Date: Mon, 19 Nov 2001 17:53:58 -0600 Subject: [pptp-server] ARP Binding ?!? References: Message-ID: <3BF99B96.A5B48D6C@home.com> Timothy: You could remove the proxyarp from the options file. Then you could use in /etc/ppp/ip-up.local something like: /sbin/arp -i eth2 -Ds $5 eth2 pub ^ ^ Where you want the arp entry| Where to get the mac address from. $5 would be the remote ip passed from pppd. You'll need a ip-down.local to undo the arp setting on exit. Jerry Vonau > Timothy Findlay wrote: > > Hi There, > > I didn't quite follow the first bit, and I'm no network Guru, but the network > here (128.x.x.x) was setup long before my time. I know there are RFC1819 > thingo's set aside for internal networks though (192.168.x.x, 10.x.x.x etc. > etc.) but as I mentioned, it was all setup before my time. > > Are there actually legitimate 128.x.x.x addresses live on the net are there ?? > unfortunately I'd have quite an uphill battle changing things as there are a > few hundred PC's and umpteen servers that would need to be changed. and for > the most part people have the attitude of "Hey, but it all works doesn't it ?" > > Even the poptop VPN does actually work, if I manually go and change that > proxy-arp file for my internal ethernet (eth1) ... .... it's just > messy, and a pain to do... > > Thanks for your feedback, > > Tim. > > -----Original Message----- > From: Allan Clark [mailto:allanc at caldera.com] > Sent: Tuesday, 20 November 2001 8:57 AM > To: Timothy Findlay > Cc: 'Jerry Vonau'; 'pptp-server at lists.schulte.org' > Subject: Re: [pptp-server] ARP Binding ?!? > > Hey everyone; > > DO we still have a problem with PPP "assuming" various netmasks based on > Class-ful IP? ie assuming 24 bits on a 192.x.y subnet? > > Whether we do or we don't, I would strongly suggest that using "128.x.y" > as a network is just asking for trouble. > > Allan > > > Timothy Findlay wrote: > > > > Hi, > > > > My conf file looks like so.... > > > > option /etc/ppp/options > > localip 128.1.6.2 > > remoteip 128.1.6.38-40 > > listen 203.44.64.xxx > > > > I originally had the localip setting set to 128.1.6.35-37 but I > > figured if they could all tunnel back through my main private IP > > (128.1.6.2) on the box, this would save some IP's. > > > > Just for ref. my options file looks like... > > name atgproxy1 > > ms-wins 128.1.6.7 > > auth > > require-chap > > proxyarp > > > > Thanks for your reply.... any other thoughts/ideas welcome .... > > > > Tim. > > > > -----Original Message----- > > From: Jerry Vonau [mailto:jvonau at home.com] > > Sent: Monday, 19 November 2001 9:37 PM > > To: Timothy Findlay > > Cc: 'pptp-server at lists.schulte.org' > > Subject: Re: [pptp-server] ARP Binding ?!? > > > > Timothy: > > > > What is your local ip & remote ip set to in the pptpd.conf file? > > Should be from the private lan address range. > > > > Jerry Vonau > > > > > Timothy Findlay wrote: > > > > > > Hi, > > > > > > I've got poptop all installed (it's my second time around - it used > > to work a > > > treat on the original server) and so far so good. It logs in and > > auth's me ok, > > > and I can ping/telnet to my VPN server box, but I cant touch the > > Network > > > behind it. The network looks a little like... > > > > > > Road Warrior > > > 203.x.x.x (Live IP) : ppp0 > > > | > > > | > > > 203.x.x.x (Live IP) : eth0 > > > VPN / Firewall Gateway > > > 128.1.x.x (Private IP) : eth1 > > > | > > > | > > > 128.1.x.x (Private Network) > > > Private Network > > > > > > I have "proxy-arp" in my options file and a 1 in > > > /proc/sys/net/ipv4/ip_forward, but according to the messages file > > (when a > > > connection is established) it binds proxy arp to eth0!! > > > > > > I had a hunt around under /proc/sys/net/conf/eth0 and saw the > > proxy-arp file > > > thing, which was 0 so I cat'd a 1 to it and everything started > > working > > > (yippie!) but I know this isn't really the right way to be doing > > things. I > > > know as soon as I reboot these settings will re-set (erk!) ... I'm > > running > > > Redhat 7.2 ... does anyone know where I should set the proxy-arp > > thing > > > properly ?? > > > > > > Any thoughts greatly appreciated. > > > > > > Tim. > > > > > > --------------------------------------------------------------- > > > CAUTION - This message may contain privileged and confidential > > information intended only for the use of the addressee named above. If > > you are not the intended recipient of this message you are hereby > > notified that any use, dissemination, distribution or reproduction of > > this message is prohibited. If you have received this message in error > > please delete it and notify Austrim Textiles Pty Ltd. Any views > > expressed in this message are those of the individual sender and may > > not necessarily reflect the views of Austrim Textiles Pty Ltd. > > > > > > > > Although antivirus software is used to scan mail messages Austrim > > Textiles Pty Ltd excludes all liability for viruses or similar in any > > outbound mail message. > > > > > --------------------------------------------------------------- > > > > --------------------------------------------------------------- > > CAUTION - This message may contain privileged and confidential information > intended only for the use of the addressee named above. If you are not the > intended recipient of this message you are hereby notified that any use, > dissemination, distribution or reproduction of this message is prohibited. If > you have received this message in error please delete it and notify Austrim > Textiles Pty Ltd. Any views expressed in this message are those of the > individual sender and may not necessarily reflect the views of Austrim > Textiles Pty Ltd. > > > > > Although antivirus software is used to scan mail messages Austrim Textiles > Pty Ltd excludes all liability for viruses or similar in any outbound mail > message. > > > --------------------------------------------------------------- > > --------------------------------------------------------------- > CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please delete it and notify Austrim Textiles Pty Ltd. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Austrim Textiles Pty Ltd. > > Although antivirus software is used to scan mail messages Austrim Textiles Pty Ltd excludes all liability for viruses or similar in any outbound mail message. > --------------------------------------------------------------- From kingsley at wintronics.com.au Tue Nov 20 06:39:35 2001 From: kingsley at wintronics.com.au (Kingsley Foreman) Date: Tue, 20 Nov 2001 23:09:35 +1030 Subject: [pptp-server] trying to connect to a remote vpn through a router Message-ID: <002801c171c0$6cbdeb90$010da8c0@UgLyPuNk> ive been trying to connect to a remote vpn using poptop through a router set up to use nat eg my pc ------nat------linux router--------------internet--------------------vpn server and it won't let me connect or it times out or doesn't transmit any packets anyone got any ideas why it is doing this it connects from other places without any probs trying to connect to a remote vpn through a router From simon_yuen at fujitsu.com.hk Wed Nov 21 01:57:52 2001 From: simon_yuen at fujitsu.com.hk (Simon Yuen) Date: Tue, 20 Nov 2001 23:57:52 -0800 Subject: [pptp-server] How to route it? References: <3BF51FA0.39DB9718@multitech.co.in> <008101c16f06$44d68180$a000a8c0@gespl2k1> Message-ID: <006101c17262$396caef0$fb3a0f3d@simon> I am a beginner on Linux. I have a quesiton on routing. Following is my network: ppp 172.16.66.2 172.16.66.20 [Client(Win98)]-----[PPP/PPTP Server Linux]-----[remote machine(NT)] vpn 192.168.0.234 192.168.1.234 192.168.1.235 I started up a pptp server on Redhat7.2 successfully. After I dial up to the PPP server, I could ping the server and internet. However, when I connected with VPN behind the ppp, I can ping the server but I can't ping the remote machine and internet. What should I do? If the remote machine IP changed to 172.16.66.x, what should I do? Thank a lot. From muralivemuri at multitech.co.in Wed Nov 21 00:27:05 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Wed, 21 Nov 2001 11:57:05 +0530 Subject: [pptp-server] How to route it? References: <3BF51FA0.39DB9718@multitech.co.in> <008101c16f06$44d68180$a000a8c0@gespl2k1> <006101c17262$396caef0$fb3a0f3d@simon> Message-ID: <3BFB4939.B456C881@multitech.co.in> hi, out of my experience, i could understand this: you are not able to look beyond the pptp server, although a pptp connection is established for this to happen, you should have the option 'proxyarp' (without quotes, of course!) in the /etc/ppp/options file also, i understood one more thing. here, the pptp client is getting a different subnet address than the server. client : 192.168.0.X and server: 192.168.1.X why don't try setting the 'remoteip 192.168.1.Y' in the /etc/pptpd.conf file (the 'Y' should be an address which is not being used by anybody in the subnet). i struggled with the same problem and these things solved the problem i observed that ppp cannot proxy the requests beyond one subnet. << if i am not correct, some one please correct me>> after you do the changes, kill the ppp and pptp servers and restart them. this should work as it worked on both 7.0 and 7.1 regds murali krishna vemuri Simon Yuen wrote: > I am a beginner on Linux. I have a quesiton on routing. > Following is my network: > > ppp 172.16.66.2 172.16.66.20 > [Client(Win98)]-----[PPP/PPTP Server Linux]-----[remote machine(NT)] > vpn 192.168.0.234 192.168.1.234 192.168.1.235 > > I started up a pptp server on Redhat7.2 successfully. After I dial up to the > PPP server, I could ping the server and internet. > However, when I connected with VPN behind the ppp, I can ping the server but > I can't ping the remote machine and internet. > What should I do? > If the remote machine IP changed to 172.16.66.x, what should I do? > Thank a lot. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From sean at cyberfarer.com Wed Nov 21 00:41:37 2001 From: sean at cyberfarer.com (Sean) Date: Wed, 21 Nov 2001 01:41:37 -0500 Subject: [pptp-server] Really Unusual References: <3BF51FA0.39DB9718@multitech.co.in> <008101c16f06$44d68180$a000a8c0@gespl2k1> <006101c17262$396caef0$fb3a0f3d@simon> <3BFB4939.B456C881@multitech.co.in> Message-ID: <001601c17257$91f10ea0$0802a8c0@sympatico.ca> I have PopTop installed on a Linux server and everything works great. On a second server, with an almost identical configuration (different domain names) I have problems. It is somewhat wierd. I use the same win ME client to connect to either system. On the second, I bring up the server in Network Neighbourhood and access the shared volume. I can drag files from and to the shared volume. But if I right click on a file for a contextual menu, it will hang for minutes or entirely. The last time it actually shut down my system when first and hung and second when I tried to bring up the task manager. Any ideas? From muralivemuri at multitech.co.in Wed Nov 21 00:58:12 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Wed, 21 Nov 2001 12:28:12 +0530 Subject: [pptp-server] Really Unusual References: <3BF51FA0.39DB9718@multitech.co.in> <008101c16f06$44d68180$a000a8c0@gespl2k1> <006101c17262$396caef0$fb3a0f3d@simon> <3BFB4939.B456C881@multitech.co.in> <001601c17257$91f10ea0$0802a8c0@sympatico.ca> Message-ID: <3BFB5084.955DEB20@multitech.co.in> hi, can you just confirm if it is really copying the files rather than making shortcuts......... regds murali Sean wrote: > I have PopTop installed on a Linux server and everything works great. > On a second server, with an almost identical configuration (different domain > names) I have problems. > It is somewhat wierd. I use the same win ME client to connect to either > system. On the second, I bring up the server in Network Neighbourhood and > access the shared volume. I can drag files from and to the shared volume. > But if I right click on a file for a contextual menu, it will hang for > minutes or entirely. The last time it actually shut down my system when > first and hung and second when I tried to bring up the task manager. > > Any ideas? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From hacker at provider.ru Wed Nov 21 04:26:10 2001 From: hacker at provider.ru (hacker) Date: Wed, 21 Nov 2001 13:26:10 +0300 Subject: [pptp-server] (no subject) Message-ID: <18064566932.20011121132610@provider.ru> Hi All, anyone have better encryption for pppd than MPPE 40-128 bit RC4? Thanks for advice. From charlieb at e-smith.com Wed Nov 21 10:33:51 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 21 Nov 2001 11:33:51 -0500 (EST) Subject: [pptp-server] (no subject) In-Reply-To: <18064566932.20011121132610@provider.ru> Message-ID: On Wed, 21 Nov 2001, hacker wrote: > anyone have better encryption for pppd than MPPE 40-128 bit RC4? No. See: http://www.ietf.org/rfc/rfc2637.txt -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From epregnon at titus.fr Wed Nov 21 10:54:20 2001 From: epregnon at titus.fr (=?iso-8859-1?Q?Eric_Pr=E9gnon?=) Date: Wed, 21 Nov 2001 17:54:20 +0100 Subject: [pptp-server] Net2Net Message-ID: I Want to link two networks (Office and a subsediary). My problem is that i can work only in one direction and not on both sides. My config is : - Network A (Office) : private IP addresses, an Astaro server with 2 NICs (One with private address, one with a public address, a cisco router. - Network B (Subsediary) : private address, a Netopia R9100 router, a DSL line. - I have put the proxyarp in pptp.conf - I have added a static route in the Netopia to access the internal network A - I have added a static route in the Astaro server to access the internal network B When I launch the connection, in the VPN debug log, I have : Cannot determine ethernet address for proxy ARP From charlieb at e-smith.com Wed Nov 21 11:06:58 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 21 Nov 2001 12:06:58 -0500 (EST) Subject: [pptp-server] Really Unusual In-Reply-To: <001601c17257$91f10ea0$0802a8c0@sympatico.ca> Message-ID: On Wed, 21 Nov 2001, Sean wrote: > I have PopTop installed on a Linux server and everything works great. > On a second server, with an almost identical configuration (different domain > names) I have problems. > It is somewhat wierd. I use the same win ME client to connect to either > system. On the second, I bring up the server in Network Neighbourhood and > access the shared volume. I can drag files from and to the shared volume. > But if I right click on a file for a contextual menu, it will hang for > minutes or entirely. The last time it actually shut down my system when > first and hung and second when I tried to bring up the task manager. > > Any ideas? Other than "win ME is obviously buggy"? No, I don't have any. A network traffic dump might help you determine what the problem is. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From Joe at Polcari.com Wed Nov 21 14:17:07 2001 From: Joe at Polcari.com (Joe Polcari) Date: Wed, 21 Nov 2001 15:17:07 -0500 Subject: [pptp-server] Really Unusual References: Message-ID: <3BFC0BC3.1C9DD59@Polcari.com> How do I get a traffic dump from the input side of a pptp connection. corporate remote net=192.168.0/24 vpn remote IP=192.168.2.3 (wierd, huh?) vpn local ip=192.168.0.xxx nat to my local home net on 192.168.1.xxx all this happens on my dual if local machine 192.168.1.4 (eth0) which gateways the my local 192.168.1/24 home net to the pptp vpn and to the internet through a second if 192.168.2.100 (eth1) connected through a router/cable modem. normal default static route is to the 192.168.2.100 which gets replaced with 192.168.2.3 during pptp connection. Everything works fine except this: when I browse (http) through the vpn it works fine unless the ip is in the 192.168.0 net. In this case I can get and "/" url, but if I try anything else other than /, the connection times out. i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but http://192.168.0.10/anything doesn't. Thanks, Joe Charlie Brady wrote: > On Wed, 21 Nov 2001, Sean wrote: > > > I have PopTop installed on a Linux server and everything works great. > > On a second server, with an almost identical configuration (different domain > > names) I have problems. > > It is somewhat wierd. I use the same win ME client to connect to either > > system. On the second, I bring up the server in Network Neighbourhood and > > access the shared volume. I can drag files from and to the shared volume. > > But if I right click on a file for a contextual menu, it will hang for > > minutes or entirely. The last time it actually shut down my system when > > first and hung and second when I tried to bring up the task manager. > > > > Any ideas? > > Other than "win ME is obviously buggy"? No, I don't have any. A network > traffic dump might help you determine what the problem is. > > -- > > Charlie Brady charlieb at e-smith.com > Lead Product Developer > Network Server Solutions Group http://www.e-smith.com/ > Mitel Networks Corporation http://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From muralivemuri at multitech.co.in Wed Nov 21 18:06:00 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 22 Nov 2001 05:36:00 +0530 Subject: [pptp-server] Net2Net References: Message-ID: <3BFC4167.4419BEF6@multitech.co.in> hi, proxyarp should be there in the /etc/ppp/options files but not in the /etc/pptpd.conf. check it out. redgds murali krishna vemuri Eric Pr?gnon wrote: > I Want to link two networks (Office and a subsediary). My problem is that i > can work only in one direction and not on both sides. > My config is : > - Network A (Office) : private IP addresses, an Astaro server with 2 NICs > (One with private address, one with a public address, a cisco router. > - Network B (Subsediary) : private address, a Netopia R9100 router, a DSL > line. > > - I have put the proxyarp in pptp.conf > - I have added a static route in the Netopia to access the internal network > A > - I have added a static route in the Astaro server to access the internal > network B > > When I launch the connection, in the VPN debug log, I have : Cannot > determine ethernet address for proxy ARP > > >From network B, I can ping every address of Network A > >From Network A, I cannot ping any address in network B > > Can you help me ? > Thanks. > > ------------------------------------------- > Eric Pr?gnon > Network Administrator > Tel:33 1 60 31 57 71/Fax:33 1 60 31 07 08 > e-mail : epregnon at titus.fr > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From hvrietsc at yahoo.com Wed Nov 21 18:09:08 2001 From: hvrietsc at yahoo.com (HVR) Date: Wed, 21 Nov 2001 16:09:08 -0800 Subject: [pptp-server] Net2Net References: Message-ID: <3BFC4224.30609@yahoo.com> may i suggest FreeS/wan for this. an ipsec solution is much better for this situation http://www.freeswan.org Eric Pr?gnon wrote: > >I Want to link two networks (Office and a subsediary). My problem is that i >can work only in one direction and not on both sides. >My config is : >- Network A (Office) : private IP addresses, an Astaro server with 2 NICs >(One with private address, one with a public address, a cisco router. >- Network B (Subsediary) : private address, a Netopia R9100 router, a DSL >line. > >- I have put the proxyarp in pptp.conf >- I have added a static route in the Netopia to access the internal network >A >- I have added a static route in the Astaro server to access the internal >network B > >When I launch the connection, in the VPN debug log, I have : Cannot >determine ethernet address for proxy ARP > >>From network B, I can ping every address of Network A >>From Network A, I cannot ping any address in network B > >Can you help me ? >Thanks. > > >------------------------------------------- > Eric Pr?gnon > Network Administrator > Tel:33 1 60 31 57 71/Fax:33 1 60 31 07 08 > e-mail : epregnon at titus.fr > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- > From michaelm at eyeball.com Wed Nov 21 20:23:07 2001 From: michaelm at eyeball.com (Michael McConnell) Date: Wed, 21 Nov 2001 18:23:07 -0800 Subject: [pptp-server] Net2Net References: <3BFC4224.30609@yahoo.com> Message-ID: <15a401c172fc$9f583e10$db01020a@eyeball.com> I'd recommend Vtun, it's far easier than IPSec http://vtun.sourceforge.net/ ----- Original Message ----- From: "HVR" To: "Eric Pr?gnon" Cc: Sent: Wednesday, November 21, 2001 4:09 PM Subject: Re: [pptp-server] Net2Net > may i suggest FreeS/wan for this. an ipsec solution is much better for > this situation http://www.freeswan.org > > > Eric Pr?gnon wrote: > > > > >I Want to link two networks (Office and a subsediary). My problem is that i > >can work only in one direction and not on both sides. > >My config is : > >- Network A (Office) : private IP addresses, an Astaro server with 2 NICs > >(One with private address, one with a public address, a cisco router. > >- Network B (Subsediary) : private address, a Netopia R9100 router, a DSL > >line. > > > >- I have put the proxyarp in pptp.conf > >- I have added a static route in the Netopia to access the internal network > >A > >- I have added a static route in the Astaro server to access the internal > >network B > > > >When I launch the connection, in the VPN debug log, I have : Cannot > >determine ethernet address for proxy ARP > > > >>From network B, I can ping every address of Network A > >>From Network A, I cannot ping any address in network B > > > >Can you help me ? > >Thanks. > > > > > >------------------------------------------- > > Eric Pr?gnon > > Network Administrator > > Tel:33 1 60 31 57 71/Fax:33 1 60 31 07 08 > > e-mail : epregnon at titus.fr > > > > > > > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >--- To unsubscribe, go to the url just above this line. -- > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From iso9 at phantasticant.com Wed Nov 21 20:29:23 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Wed, 21 Nov 2001 18:29:23 -0800 Subject: [pptp-server] Net2Net In-Reply-To: <15a401c172fc$9f583e10$db01020a@eyeball.com> Message-ID: But IPSec is a standard. And the experience you get setting it up is way more transferable to other VPN setups that you might encounter in your career. IPSec also provides a solid foundation for future expansion. You know that your setup will work with other systems (like win2k, or Netscreen firewalls, etc.) You can grow incrementally, without having to redesign from scratch. Of course, if you just want it to work (and have no plans for future changes), Vtun may be just the ticket. Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Michael McConnell Sent: Wednesday, November 21, 2001 6:23 PM To: HVR; Eric Pr?gnon Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Net2Net I'd recommend Vtun, it's far easier than IPSec http://vtun.sourceforge.net/ ----- Original Message ----- From: "HVR" To: "Eric Pr?gnon" Cc: Sent: Wednesday, November 21, 2001 4:09 PM Subject: Re: [pptp-server] Net2Net > may i suggest FreeS/wan for this. an ipsec solution is much better for > this situation http://www.freeswan.org > > > Eric Pr?gnon wrote: > > > > >I Want to link two networks (Office and a subsediary). My problem is that i > >can work only in one direction and not on both sides. > >My config is : > >- Network A (Office) : private IP addresses, an Astaro server with 2 NICs > >(One with private address, one with a public address, a cisco router. > >- Network B (Subsediary) : private address, a Netopia R9100 router, a DSL > >line. > > > >- I have put the proxyarp in pptp.conf > >- I have added a static route in the Netopia to access the internal network > >A > >- I have added a static route in the Astaro server to access the internal > >network B > > > >When I launch the connection, in the VPN debug log, I have : Cannot > >determine ethernet address for proxy ARP > > > >>From network B, I can ping every address of Network A > >>From Network A, I cannot ping any address in network B > > > >Can you help me ? > >Thanks. > > > > > >------------------------------------------- > > Eric Pr?gnon > > Network Administrator > > Tel:33 1 60 31 57 71/Fax:33 1 60 31 07 08 > > e-mail : epregnon at titus.fr > > > > > > > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >--- To unsubscribe, go to the url just above this line. -- > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From sean at cyberfarer.com Wed Nov 21 23:06:45 2001 From: sean at cyberfarer.com (Sean) Date: Thu, 22 Nov 2001 00:06:45 -0500 Subject: [pptp-server] Really Unusual References: <3BF51FA0.39DB9718@multitech.co.in> <008101c16f06$44d68180$a000a8c0@gespl2k1> <006101c17262$396caef0$fb3a0f3d@simon> <3BFB4939.B456C881@multitech.co.in> <001601c17257$91f10ea0$0802a8c0@sympatico.ca> <3BFB5084.955DEB20@multitech.co.in> Message-ID: <006701c17313$7bd4c8c0$a42efea9@sympatico.ca> I think I might be on to the problem. I find this in my logs upon connect: Nov 21 22:56:29 server pptpd[15993]: GRE: Bad checksum from pppd. Any idea what might be causing it? And yes it is really copying. Thanks. ----- Original Message ----- From: "Murali K. Vemuri" To: "Sean" Cc: Sent: Wednesday, November 21, 2001 1:58 AM Subject: Re: [pptp-server] Really Unusual > hi, > can you just confirm if it is really copying the files rather than making > shortcuts......... > regds > murali > Sean wrote: > > > I have PopTop installed on a Linux server and everything works great. > > On a second server, with an almost identical configuration (different domain > > names) I have problems. > > It is somewhat wierd. I use the same win ME client to connect to either > > system. On the second, I bring up the server in Network Neighbourhood and > > access the shared volume. I can drag files from and to the shared volume. > > But if I right click on a file for a contextual menu, it will hang for > > minutes or entirely. The last time it actually shut down my system when > > first and hung and second when I tried to bring up the task manager. > > > > Any ideas? > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From muralivemuri at multitech.co.in Wed Nov 21 23:24:51 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 22 Nov 2001 10:54:51 +0530 Subject: [pptp-server] Really Unusual References: <3BF51FA0.39DB9718@multitech.co.in> <008101c16f06$44d68180$a000a8c0@gespl2k1> <006101c17262$396caef0$fb3a0f3d@simon> <3BFB4939.B456C881@multitech.co.in> <001601c17257$91f10ea0$0802a8c0@sympatico.ca> <3BFB5084.955DEB20@multitech.co.in> <006701c17313$7bd4c8c0$a42efea9@sympatico.ca> Message-ID: <3BFC8C22.A5F068EC@multitech.co.in> can you please give these files? 1. /etc/ppp/options 2. /etc/pptpd.conf 3. /etc/modules.conf 4. /etc/ppp/ioptions 5. /var/log/pppd ( some recent messages) regds murali Sean wrote: > I think I might be on to the problem. > > I find this in my logs upon connect: > > Nov 21 22:56:29 server pptpd[15993]: GRE: Bad checksum from pppd. > > Any idea what might be causing it? > > And yes it is really copying. > > Thanks. > > ----- Original Message ----- > From: "Murali K. Vemuri" > To: "Sean" > Cc: > Sent: Wednesday, November 21, 2001 1:58 AM > Subject: Re: [pptp-server] Really Unusual > > > hi, > > can you just confirm if it is really copying the files rather than making > > shortcuts......... > > regds > > murali > > Sean wrote: > > > > > I have PopTop installed on a Linux server and everything works great. > > > On a second server, with an almost identical configuration (different > domain > > > names) I have problems. > > > It is somewhat wierd. I use the same win ME client to connect to either > > > system. On the second, I bring up the server in Network Neighbourhood > and > > > access the shared volume. I can drag files from and to the shared > volume. > > > But if I right click on a file for a contextual menu, it will hang for > > > minutes or entirely. The last time it actually shut down my system when > > > first and hung and second when I tried to bring up the task manager. > > > > > > Any ideas? > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From markb at deeptech.com.au Wed Nov 21 23:57:27 2001 From: markb at deeptech.com.au (Mark Burring) Date: Thu, 22 Nov 2001 13:57:27 +0800 Subject: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Message-ID: I have deplyed PopTop so several servers to replace M$ vpn capability (mainly because W2K cannot multihome without dying) and one machine I get these errors: Nov 22 13:52:22 perth pptpd[16100]: CTRL: Client ***.***.***.*** control connection started Nov 22 13:52:22 perth pptpd[16100]: CTRL: Starting call (launching pppd, opening GRE) Nov 22 13:52:22 perth pptpd[16100]: GRE: read(fd=5,buffer=804d8a0,len=8196) from PTY failed: status = -1 error = Input/output error Nov 22 13:52:22 perth pptpd[16100]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Nov 22 13:52:22 perth pptpd[16100]: CTRL: Client ***.***.***.*** control connection finished This problem is listed in the FAQ and is caused by it being behind a firewall. However in this case, the machine is not behind a firewall, it is the firewall. I have 1) added entries to the box's firewall to let 1723 and proto 47 through (not that they were being blocked in the first place) 2) tried flushing the box's firewall rules 3) tried binding poptop to the external interface The only thing of note is that the kernel is patched to Masq pptp however its not being used in this case. -- Regards, Mark Burring Internetworking Engineer Deeptech - Intelligent Networking Deepcare - Caring for Your IT Investment web: www.deeptech.com.au ; www.deepcareonline.com phone: 1300 361 954 fax: +61 8 9201 2312 postal: PO BOX 1324, West Perth WA 6872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Thu Nov 22 00:14:28 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 22 Nov 2001 11:44:28 +0530 Subject: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) References: Message-ID: <3BFC97C4.B69DABF8@multitech.co.in> hi, can you give this info? 1. how many ether net cards do you have? 2. double-- literally double ensure that when you compiled the kernel, you enable unix pty support. 3. this error could also be because of different network addresses. check your settings. if you still get the problem, it would be convenient if you can provide the following files: /etc/ppp/options /etc/ppp/ioptions /etc/pptpd.conf /etc/modules.conf /var/log/pptpd.log and a typical diagram of your setup( along with ip addresses) regards murali Mark Burring wrote: > I have deplyed PopTop so several servers to replace M$ vpn capability > (mainly because W2K cannot multihome without dying) and one machine I > get these errors:Nov 22 13:52:22 perth pptpd[16100]: CTRL: Client > ***.***.***.*** control connection started > Nov 22 13:52:22 perth pptpd[16100]: CTRL: Starting call (launching > pppd, opening GRE) > Nov 22 13:52:22 perth pptpd[16100]: GRE: > read(fd=5,buffer=804d8a0,len=8196) from PTY failed: status = -1 error > = Input/output error > Nov 22 13:52:22 perth pptpd[16100]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Nov 22 13:52:22 perth pptpd[16100]: CTRL: Client ***.***.***.*** > control connection finishedThis problem is listed in the FAQ and is > caused by it being behind a firewall. However in this case, the > machine is not behind a firewall, it is the firewall.I have1) added > entries to the box's firewall to let 1723 and proto 47 through (not > that they were being blocked in the first place)2) tried flushing the > box's firewall rules3) tried binding poptop to the external > interfaceThe only thing of note is that the kernel is patched to Masq > pptp however its not being used in this case.--Regards, Mark Burring > Internetworking Engineer Deeptech - Intelligent Networking > Deepcare - Caring for Your IT Investment > web: www.deeptech.com.au ; www.deepcareonline.com > phone: 1300 361 954 > fax: +61 8 9201 2312 > postal: PO BOX 1324, West Perth WA 6872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikael.lonnroth at advancevpn.com Thu Nov 22 10:14:26 2001 From: mikael.lonnroth at advancevpn.com (=?iso-8859-1?Q?Mikael_L=F6nnroth?=) Date: Thu, 22 Nov 2001 08:14:26 -0800 Subject: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) References: Message-ID: <006601c17370$c2103ce0$121b7d0a@advancehome> MessageHi, If you add daemon.debug /var/log/messages (or some other file) ...to /etc/syslog.conf and then kill -SIGHUP , you will get more verbose debugging information about what is happening. Secondly, you can tcpdump the external port to see if there in fact are GRE packets moving (and in what direction) Thirdly, you can "ethereal" dump the client to check for GRE traffic there aswell. Regards, Mikael L?nnroth www.advancevpn.com ----- Original Message ----- From: Mark Burring To: pptp-server at lists.schulte.org Sent: Wednesday, November 21, 2001 9:57 PM Subject: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) I have deplyed PopTop so several servers to replace M$ vpn capability (mainly because W2K cannot multihome without dying) and one machine I get these errors: Nov 22 13:52:22 perth pptpd[16100]: CTRL: Client ***.***.***.*** control connection started Nov 22 13:52:22 perth pptpd[16100]: CTRL: Starting call (launching pppd, opening GRE) Nov 22 13:52:22 perth pptpd[16100]: GRE: read(fd=5,buffer=804d8a0,len=8196) from PTY failed: status = -1 error = Input/output error Nov 22 13:52:22 perth pptpd[16100]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Nov 22 13:52:22 perth pptpd[16100]: CTRL: Client ***.***.***.*** control connection finished This problem is listed in the FAQ and is caused by it being behind a firewall. However in this case, the machine is not behind a firewall, it is the firewall. I have 1) added entries to the box's firewall to let 1723 and proto 47 through (not that they were being blocked in the first place) 2) tried flushing the box's firewall rules 3) tried binding poptop to the external interface The only thing of note is that the kernel is patched to Masq pptp however its not being used in this case. -- Regards, Mark Burring Internetworking Engineer Deeptech - Intelligent Networking Deepcare - Caring for Your IT Investment web: www.deeptech.com.au ; www.deepcareonline.com phone: 1300 361 954 fax: +61 8 9201 2312 postal: PO BOX 1324, West Perth WA 6872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From markb at deeptech.com.au Thu Nov 22 00:29:40 2001 From: markb at deeptech.com.au (Mark Burring) Date: Thu, 22 Nov 2001 14:29:40 +0800 Subject: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Message-ID: No problem 1) 2 NIC's eth0 - internal eth1 - external 2) done so, I always compile pty support into the kernel and its definitely there (my ssh logins are producing pty's as we speak) 3) pptpd.conf { debug option /etc/ppp/options.pptp localip 192.168.xxx.xxx-xxx remoteip 192.168.xxx.xxx-xxx } options { asyncmap 0 crtscts proxyarp lock ttyS1 } ioptions { } options.pptp { lock debug proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless auth require-chap +chap ms-dns 192.168.xxx.xxx ms-wins 192.168.xxx.xxx name xxxxxx } /proc/modules { mppe 21696 0 (unused) ppp 20336 0 [mppe] slhc 4544 0 [ppp] } 4) typically the setup is this |---------eth1<->internet linux |---------eth0<->intranet -- Regards, Mark Burring Internetworking Engineer Deeptech - Intelligent Networking Deepcare - Caring for Your IT Investment web: www.deeptech.com.au ; www.deepcareonline.com phone: 1300 361 954 fax: +61 8 9201 2312 postal: PO BOX 1324, West Perth WA 6872 -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Thursday, November 22, 2001 2:14 PM To: Mark Burring Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) hi, can you give this info? 1. how many ether net cards do you have? 2. double-- literally double ensure that when you compiled the kernel, you enable unix pty support. 3. this error could also be because of different network addresses. check your settings. if you still get the problem, it would be convenient if you can provide the following files: /etc/ppp/options /etc/ppp/ioptions /etc/pptpd.conf /etc/modules.conf /var/log/pptpd.log and a typical diagram of your setup( along with ip addresses) regards murali Mark Burring wrote: I have deplyed PopTop so several servers to replace M$ vpn capability (mainly because W2K cannot multihome without dying) and one machine I get these errors:Nov 22 13:52:22 perth pptpd[16100]: CTRL: Client ***.***.***.*** control connection started Nov 22 13:52:22 perth pptpd[16100]: CTRL: Starting call (launching pppd, opening GRE) Nov 22 13:52:22 perth pptpd[16100]: GRE: read(fd=5,buffer=804d8a0,len=8196) from PTY failed: status = -1 error = Input/output error Nov 22 13:52:22 perth pptpd[16100]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Nov 22 13:52:22 perth pptpd[16100]: CTRL: Client ***.***.***.*** control connection finishedThis problem is listed in the FAQ and is caused by it being behind a firewall. However in this case, the machine is not behind a firewall, it is the firewall.I have1) added entries to the box's firewall to let 1723 and proto 47 through (not that they were being blocked in the first place)2) tried flushing the box's firewall rules3) tried binding poptop to the external interfaceThe only thing of note is that the kernel is patched to Masq pptp however its not being used in this case.--Regards, Mark Burring Internetworking Engineer Deeptech - Intelligent Networking Deepcare - Caring for Your IT Investment web: www.deeptech.com.au ; www.deepcareonline.com phone: 1300 361 954 fax: +61 8 9201 2312 postal: PO BOX 1324, West Perth WA 6872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From markb at deeptech.com.au Thu Nov 22 00:39:47 2001 From: markb at deeptech.com.au (Mark Burring) Date: Thu, 22 Nov 2001 14:39:47 +0800 Subject: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Message-ID: Alright, I added "daemon.debug /var/log/messages" to syslog and got a number of these: Nov 22 14:44:27 perth pppd[27432]: sent [LCP ConfReq id=0x5 ] Nov 22 14:44:27 perth pppd[27432]: rcvd [LCP ConfReq id=0x5 ] asyncmap? I blanked options and now it works. Which is a pity because it was being a pppd server for a modem as well. -- Regards, Mark Burring Internetworking Engineer Deeptech - Intelligent Networking Deepcare - Caring for Your IT Investment web: www.deeptech.com.au ; www.deepcareonline.com phone: 1300 361 954 fax: +61 8 9201 2312 postal: PO BOX 1324, West Perth WA 6872 -----Original Message----- From: Mikael L?nnroth [mailto:mikael.lonnroth at advancevpn.com] Sent: Friday, November 23, 2001 12:14 AM To: Mark Burring; pptp-server at lists.schulte.org Subject: Re: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Hi, If you add daemon.debug /var/log/messages (or some other file) ...to /etc/syslog.conf and then kill -SIGHUP , you will get more verbose debugging information about what is happening. Secondly, you can tcpdump the external port to see if there in fact are GRE packets moving (and in what direction) Thirdly, you can "ethereal" dump the client to check for GRE traffic there aswell. Regards, Mikael L?nnroth www.advancevpn.com ----- Original Message ----- From: Mark Burring To: pptp-server at lists.schulte.org Sent: Wednesday, November 21, 2001 9:57 PM Subject: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) I have deplyed PopTop so several servers to replace M$ vpn capability (mainly because W2K cannot multihome without dying) and one machine I get these errors: Nov 22 13:52:22 perth pptpd[16100]: CTRL: Client ***.***.***.*** control connection started Nov 22 13:52:22 perth pptpd[16100]: CTRL: Starting call (launching pppd, opening GRE) Nov 22 13:52:22 perth pptpd[16100]: GRE: read(fd=5,buffer=804d8a0,len=8196) from PTY failed: status = -1 error = Input/output error Nov 22 13:52:22 perth pptpd[16100]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Nov 22 13:52:22 perth pptpd[16100]: CTRL: Client ***.***.***.*** control connection finished This problem is listed in the FAQ and is caused by it being behind a firewall. However in this case, the machine is not behind a firewall, it is the firewall. I have 1) added entries to the box's firewall to let 1723 and proto 47 through (not that they were being blocked in the first place) 2) tried flushing the box's firewall rules 3) tried binding poptop to the external interface The only thing of note is that the kernel is patched to Masq pptp however its not being used in this case. -- Regards, Mark Burring Internetworking Engineer Deeptech - Intelligent Networking Deepcare - Caring for Your IT Investment web: www.deeptech.com.au ; www.deepcareonline.com phone: 1300 361 954 fax: +61 8 9201 2312 postal: PO BOX 1324, West Perth WA 6872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Thu Nov 22 01:01:43 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 22 Nov 2001 12:31:43 +0530 Subject: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) References: Message-ID: <3BFCA2D6.53456EB8@multitech.co.in> hi, the best i can help you is : delete the line : proxyarp from /etc/ppp/options.pptp and for localip, put only one ip address and put range only for remote ip. and be sure that remote range excludes the local ip . typically, localip 192.168.1.1 and remoteip 192.168.1.2-254 or some thing like this should work. and this worked for me. regds murali Mark Burring wrote: > No problem1) 2 NIC'seth0 - internaleth1 - external2) done so, I always > compile pty support into the kernel and its definitely there (my ssh > logins are producing pty's as we speak)3) pptpd.conf {debug > option /etc/ppp/options.pptp > localip 192.168.xxx.xxx-xxx > remoteip 192.168.xxx.xxx-xxx > }options {asyncmap 0 > crtscts > proxyarp > lock > ttyS1}ioptions {}options.pptp {lock > debug > proxyarp > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > auth > require-chap > +chap > ms-dns 192.168.xxx.xxx > ms-wins 192.168.xxx.xxx > name xxxxxx > }/proc/modules {mppe 21696 0 (unused) > ppp 20336 0 [mppe] > slhc 4544 0 [ppp] > }4)typically the setup is this > |---------eth1<->internet linux > |---------eth0<->intranet --Regards, Mark Burring > Internetworking Engineer Deeptech - Intelligent Networking > Deepcare - Caring for Your IT Investment > web: www.deeptech.com.au ; www.deepcareonline.com > phone: 1300 361 954 > fax: +61 8 9201 2312 > postal: PO BOX 1324, West Perth WA 6872 > > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > > Sent: Thursday, November 22, 2001 2:14 PM > To: Mark Burring > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] CTRL: PTY read or GRE write > failed (pty,gre)=(5,6) > hi, > can you give this info? > 1. how many ether net cards do you have? > 2. double-- literally double ensure that when you compiled > the kernel, you enable unix pty support. > 3. this error could also be because of different network > addresses. check your settings. > if you still get the problem, it would be convenient if you > can provide the following files: > /etc/ppp/options > /etc/ppp/ioptions > /etc/pptpd.conf > /etc/modules.conf > /var/log/pptpd.log > and a typical diagram of your setup( along with ip > addresses) > regards > murali > Mark Burring wrote: > > > I have deplyed PopTop so several servers to replace M$ vpn > > capability (mainly because W2K cannot multihome without > > dying) and one machine I get these errors:Nov 22 13:52:22 > > perth pptpd[16100]: CTRL: Client ***.***.***.*** control > > connection started > > Nov 22 13:52:22 perth pptpd[16100]: CTRL: Starting call > > (launching pppd, opening GRE) > > Nov 22 13:52:22 perth pptpd[16100]: GRE: > > read(fd=5,buffer=804d8a0,len=8196) from PTY failed: status > > = -1 error = Input/output error > > Nov 22 13:52:22 perth pptpd[16100]: CTRL: PTY read or GRE > > write failed (pty,gre)=(5,6) > > Nov 22 13:52:22 perth pptpd[16100]: CTRL: Client > > ***.***.***.*** control connection finishedThis problem is > > listed in the FAQ and is caused by it being behind a > > firewall. However in this case, the machine is not behind > > a firewall, it is the firewall.I have1) added entries to > > the box's firewall to let 1723 and proto 47 through (not > > that they were being blocked in the first place)2) tried > > flushing the box's firewall rules3) tried binding poptop > > to the external interfaceThe only thing of note is that > > the kernel is patched to Masq pptp however its not being > > used in this case.--Regards, Mark Burring > > Internetworking EngineerDeeptech - Intelligent Networking > > Deepcare - Caring for Your IT Investment > > web: www.deeptech.com.au ; www.deepcareonline.com > > phone: 1300 361 954 > > fax: +61 8 9201 2312 > > postal: PO BOX 1324, West Perth WA 6872 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kosmok at gmx.de Thu Nov 22 07:46:55 2001 From: kosmok at gmx.de (Hinnerk van Bruinehsen) Date: Thu, 22 Nov 2001 14:46:55 +0100 Subject: [pptp-server] DSL leased line and poptop Message-ID: <000a01c1735c$26782cc0$900aa8c0@intern.sip> Hello, I?m new here and I have a Question. Is there any possibility to use the pptp server with a DSL leased line? That means I have a DSL leased line (static ip, no dialing), a cisco 1400 series router and a linux pc with bind8, ipchains, apache, ftp... services running. How can I use the pptp server through that internet connection? -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlieb at e-smith.com Thu Nov 22 09:17:03 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 22 Nov 2001 10:17:03 -0500 (EST) Subject: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) In-Reply-To: Message-ID: On Thu, 22 Nov 2001, Mark Burring wrote: > asyncmap? I blanked options and now it works. Which is a pity because it > was being a pppd server for a modem as well. So use a different options file for the dialin pppd server. I think pppd might take a -f option. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From charlieb at e-smith.com Thu Nov 22 09:35:06 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 22 Nov 2001 10:35:06 -0500 (EST) Subject: [pptp-server] DSL leased line and poptop In-Reply-To: <000a01c1735c$26782cc0$900aa8c0@intern.sip> Message-ID: On Thu, 22 Nov 2001, Hinnerk van Bruinehsen wrote: > I?m new here and I have a Question. Is there any possibility to use > the pptp server with a DSL leased line? PPTP runs over an IP network. It doesn't care what the physical layer is. You could run it over carrier pigeons if you were patient enough. See: http://www.faqs.org/rfcs/rfc2549.html Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From beau at billbeau.net Thu Nov 22 11:23:30 2001 From: beau at billbeau.net (Bill Beauchemin) Date: Thu, 22 Nov 2001 09:23:30 -0800 Subject: [pptp-server] Issues with Win ME In-Reply-To: References: Message-ID: <0111220923300D.25891@ws1.billbeau.net> I installed the poptop server on a server running MDK 7.1 and had no issues. I have a win98 laptop that connects without any issues. I had to configure a users winME box to connect but for some reason it just wont connect I keep getting the error that the server type is wrong. Ive tried everything I know but it still wont work. I can see in the pptpd.log file where it tries to connect but it seems that winME wont answer when asked about the config. The pptpd tries nine times but ME wont answer the request so it just terminates the connection. Here is a sample of the log file. Is thewre issues with WinME and Poptop? Nov 20 12:11:11 fire2 pptpd[639]: CTRL: Client 12.18.115.130 control connection started Nov 20 12:11:11 fire2 pptpd[639]: CTRL: Starting call (launching pppd, opening GRE) Nov 20 12:11:11 fire2 pppd[640]: pppd 2.3.8 started by root, uid 0 Nov 20 12:11:11 fire2 pppd[640]: Using interface ppp0 Nov 20 12:11:11 fire2 pppd[640]: Connect: ppp0 <--> /dev/pts/1 Nov 20 12:11:11 fire2 pppd[640]: sent [LCP ConfReq id=0x1 ] Nov 20 12:11:38 fire2 last message repeated 9 times Nov 20 12:11:41 fire2 pppd[640]: LCP: timeout sending Config-Requests Nov 20 12:11:41 fire2 pptpd[639]: GRE: read(fd=4,buffer=804d940,len=8196) from PTY failed: status = -1 error = Input/output error Nov 20 12:11:41 fire2 pptpd[639]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Nov 20 12:11:41 fire2 pptpd[639]: CTRL: Client 12.18.115.130 control connection finished Nov 20 12:11:41 fire2 pppd[640]: Connection terminated. Nov 20 12:11:41 fire2 pppd[640]: Exit. From dsabourin at btsi.ca Thu Nov 22 13:18:47 2001 From: dsabourin at btsi.ca (Daniel Sabourin) Date: Thu, 22 Nov 2001 14:18:47 -0500 Subject: [pptp-server] mppe solution Message-ID: <014E75437724D511A60F0050BAAB3BFB0F282A@MAIL> I have finally found the reason I was getting problems when trying to connect with encrypted data. I was getting ppp-compression-18 not found in my syslog. What you have to do is recompile the kernel and putting the ppp options in network options as MODULES, even (especially) the first ppp option. After doing this, I was connecting at 128 bit encryption. Before, I was compiling all the ppp options in the kernel (putting y instead of m). The pptpd and ppp would work, but without encryption only. I don't know if this was already written somewhere but I've been browsing and searching the archive for 2 weeks now and all I found is other people in my situation and no solutions. ...hope it helps. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sean at cyberfarer.com Thu Nov 22 15:52:21 2001 From: sean at cyberfarer.com (Sean) Date: Thu, 22 Nov 2001 16:52:21 -0500 Subject: [pptp-server] Compiling ppp References: <3BF51FA0.39DB9718@multitech.co.in> <008101c16f06$44d68180$a000a8c0@gespl2k1> <006101c17262$396caef0$fb3a0f3d@simon> <3BFB4939.B456C881@multitech.co.in> <001601c17257$91f10ea0$0802a8c0@sympatico.ca> <3BFB5084.955DEB20@multitech.co.in> <006701c17313$7bd4c8c0$a42efea9@sympatico.ca> <3BFC8C22.A5F068EC@multitech.co.in> Message-ID: <001101c1739f$f6d17140$ef01a8c0@sympatico.ca> I would like to add mschap support. I am not a programmer so please bear with me. I downloaded the source code for ppp-2.4.1 and the corresponding patches. The patches applied without any trouble. So I run: configure -- no problem. make -- no problem make install -- no problem make kernel -- reports no target How do I get around this? Am I misisng a step? Thanks. P.S. source for ppp is in /usr/src/ppp-2.4.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From cfast at alliedbuilding.com Thu Nov 22 16:00:19 2001 From: cfast at alliedbuilding.com (Clint Fast) Date: Thu, 22 Nov 2001 17:00:19 -0500 Subject: [pptp-server] Net2Net References: Message-ID: <3BFD7573.C6431CD1@alliedbuilding.com> The original poster also mentioned that he was connecting this to a Netpoia 9100, which only supports PPTP and IPSec (but not 3DES, only DES, and IKE). So, VTun is not a solution. Jordan Share wrote: > > But IPSec is a standard. And the experience you get setting it up is way more transferable to other VPN setups that you might encounter in your career. > > IPSec also provides a solid foundation for future expansion. You know that your setup will work with other systems (like win2k, or Netscreen firewalls, etc.) You can grow incrementally, without having to redesign from scratch. > > Of course, if you just want it to work (and have no plans for future changes), Vtun may be just the ticket. > > Jordan > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Michael > McConnell > Sent: Wednesday, November 21, 2001 6:23 PM > To: HVR; Eric Pr?gnon > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Net2Net > > I'd recommend Vtun, it's far easier than IPSec > http://vtun.sourceforge.net/ > > ----- Original Message ----- > From: "HVR" > To: "Eric Pr?gnon" > Cc: > Sent: Wednesday, November 21, 2001 4:09 PM > Subject: Re: [pptp-server] Net2Net > > > may i suggest FreeS/wan for this. an ipsec solution is much better for > > this situation http://www.freeswan.org > > > > > > Eric Pr?gnon wrote: > > > > > > > >I Want to link two networks (Office and a subsediary). My problem is that > i > > >can work only in one direction and not on both sides. > > >My config is : > > >- Network A (Office) : private IP addresses, an Astaro server with 2 NICs > > >(One with private address, one with a public address, a cisco router. > > >- Network B (Subsediary) : private address, a Netopia R9100 router, a DSL > > >line. > > > > > >- I have put the proxyarp in pptp.conf > > >- I have added a static route in the Netopia to access the internal > network > > >A > > >- I have added a static route in the Astaro server to access the internal > > >network B > > > > > >When I launch the connection, in the VPN debug log, I have : Cannot > > >determine ethernet address for proxy ARP > > > > > >>From network B, I can ping every address of Network A > > >>From Network A, I cannot ping any address in network B > > > > > >Can you help me ? > > >Thanks. > > > > > > > > >------------------------------------------- > > > Eric Pr?gnon > > > Network Administrator > > > Tel:33 1 60 31 57 71/Fax:33 1 60 31 07 08 > > > e-mail : epregnon at titus.fr > > > > > > > > > > > >_______________________________________________ > > >pptp-server maillist - pptp-server at lists.schulte.org > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > >--- To unsubscribe, go to the url just above this line. -- > > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From sean at cyberfarer.com Thu Nov 22 18:59:22 2001 From: sean at cyberfarer.com (Sean) Date: Thu, 22 Nov 2001 19:59:22 -0500 Subject: [pptp-server] Really Unusual References: <3BF51FA0.39DB9718@multitech.co.in> <008101c16f06$44d68180$a000a8c0@gespl2k1> <006101c17262$396caef0$fb3a0f3d@simon> <3BFB4939.B456C881@multitech.co.in> <001601c17257$91f10ea0$0802a8c0@sympatico.ca> <3BFB5084.955DEB20@multitech.co.in> <006701c17313$7bd4c8c0$a42efea9@sympatico.ca> <3BFC8C22.A5F068EC@multitech.co.in> Message-ID: <004401c173ba$17281a60$ef01a8c0@sympatico.ca> Hello Murali, Options: debug name Server auth require-chap proxyarp +chap ms-wins 192.168.1.1 192.168.1.140: pptpd.conf: speed 115200 option /etc/ppp/options.vpn localip 192.168.1.140 remoteip 192.168.1.239-254 pidfile /var/run/pptpd.pid modules.conf: alias usb-interface usb-uhci alias sound-slot-0 i810_audio alias scsi_hostadapter ide-scsi alias eth0 tulip alias eth1 via-rhine alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias char-major-108 ppp I am using pptpd version 1.0.1. I do not have an ioptions file. The log files indicate I am continually getting this: Nov 22 15:29:55 server pptpd[16871]: GRE: Bad checksum from pppd. Nov 22 15:29:56 server pptpd[16871]: GRE: Discarding duplicate packet Nov 22 15:45:00 server pptpd[16933]: GRE: Bad checksum from pppd. Nov 22 15:45:00 server pptpd[16933]: GRE: Discarding duplicate packet Nov 22 17:03:35 server pptpd[16933]: CTRL: Error with select(), quitting Nov 22 18:38:14 server pptpd[17004]: GRE: Bad checksum from pppd. Nov 22 18:38:15 server pptpd[17004]: GRE: Discarding duplicate packet Nov 22 18:44:04 server pptpd[17004]: CTRL: Error with select(), quitting Nov 22 18:47:38 server pptpd[17059]: GRE: Bad checksum from pppd. Nov 22 18:47:38 server pptpd[17059]: GRE: Discarding duplicate packet As a final not I would like to explain a further discovery. I only encounter this problem when right clicking MS Office documents. I can right click on folders and other file types without a problem. Thanks, again. ----- Original Message ----- From: Murali K. Vemuri To: Sean Cc: pptp-server at lists.schulte.org Sent: Thursday, November 22, 2001 12:24 AM Subject: Re: [pptp-server] Really Unusual can you please give these files? 1. /etc/ppp/options 2. /etc/pptpd.conf 3. /etc/modules.conf 4. /etc/ppp/ioptions 5. /var/log/pppd ( some recent messages) regds murali Sean wrote: I think I might be on to the problem. I find this in my logs upon connect: Nov 21 22:56:29 server pptpd[15993]: GRE: Bad checksum from pppd. Any idea what might be causing it? And yes it is really copying. Thanks. ----- Original Message ----- From: "Murali K. Vemuri" To: "Sean" Cc: Sent: Wednesday, November 21, 2001 1:58 AM Subject: Re: [pptp-server] Really Unusual > hi, > can you just confirm if it is really copying the files rather than making > shortcuts......... > regds > murali > Sean wrote: > > > I have PopTop installed on a Linux server and everything works great. > > On a second server, with an almost identical configuration (different domain > > names) I have problems. > > It is somewhat wierd. I use the same win ME client to connect to either > > system. On the second, I bring up the server in Network Neighbourhood and > > access the shared volume. I can drag files from and to the shared volume. > > But if I right click on a file for a contextual menu, it will hang for > > minutes or entirely. The last time it actually shut down my system when > > first and hung and second when I tried to bring up the task manager. > > > > Any ideas? > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From shughes at arn.net Fri Nov 23 13:45:43 2001 From: shughes at arn.net (Shawn Hughes) Date: Fri, 23 Nov 2001 11:45:43 -0800 Subject: [pptp-server] PPTP not responding Message-ID: <007c01c17457$70f6be00$1204a8c0@shawn> Here is my problem. I can connect over the internal network to the PPTP server but I can not connect over the internet from a client to the PPTP server. The information is passed to the PPTP server, but I think the PPTP server is not passing anything back to the public address. Here is my setup. Public IP Private-IP Client --> Internet --> ISDN --> PPTP----> Private Network Firewall Server I have attached the log file below. Help if you can. Nov 23 10:46:37 linux pptpd[1191]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Nov 23 10:46:37 linux pptpd[1191]: CTRL: local address = 192.168.4.10 Nov 23 10:46:37 linux pptpd[1191]: CTRL: remote address = 192.168.4.106 Nov 23 10:46:37 linux pptpd[1191]: CTRL: pppd options file = /etc/ppp/options Nov 23 10:46:37 linux pptpd[1191]: CTRL: Client 206.103.114.212 control connection started Nov 23 10:46:37 linux pptpd[1191]: CTRL: Received PPTP Control Message (type: 1) Nov 23 10:46:37 linux pptpd[1191]: CTRL: Made a START CTRL CONN RPLY packet Nov 23 10:46:37 linux pptpd[1191]: CTRL: I wrote 156 bytes to the client. Nov 23 10:46:37 linux pptpd[1191]: CTRL: Sent packet to client Nov 23 10:46:38 linux pptpd[1191]: CTRL: Received PPTP Control Message (type: 7) Nov 23 10:46:38 linux pptpd[1191]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Nov 23 10:46:38 linux pptpd[1191]: CTRL: Made a OUT CALL RPLY packet Nov 23 10:46:38 linux pptpd[1191]: CTRL: Starting call (launching pppd, openingGRE) Nov 23 10:46:38 linux pptpd[1191]: CTRL: pty_fd = 5 Nov 23 10:46:38 linux pptpd[1191]: CTRL: tty_fd = 6 Nov 23 10:46:38 linux pptpd[1192]: CTRL (PPPD Launcher): Connection speed = 115200 Nov 23 10:46:38 linux pptpd[1192]: CTRL (PPPD Launcher): local address = 192.168.4.10 Nov 23 10:46:38 linux pptpd[1192]: CTRL (PPPD Launcher): remote address = 192.168.4.106 Nov 23 10:46:38 linux pptpd[1191]: CTRL: I wrote 32 bytes to the client. Nov 23 10:46:38 linux pptpd[1191]: CTRL: Sent packet to client Nov 23 10:46:38 linux pppd[1192]: pppd 2.4.0 started by root, uid 0 Nov 23 10:46:38 linux pppd[1192]: using channel 1 Nov 23 10:46:38 linux pppd[1192]: Using interface ppp0 Nov 23 10:46:38 linux pppd[1192]: Connect: ppp0 <--> /dev/pts/1 Nov 23 10:46:38 linux pppd[1192]: sent [LCP ConfReq id=0x1 ] Nov 23 10:46:38 linux pptpd[1191]: CTRL: Received PPTP Control Message (type: 15) Nov 23 10:46:38 linux pptpd[1191]: CTRL: Got a SET LINK INFO packet with standard ACCMs Nov 23 10:46:41 linux pppd[1192]: sent [LCP ConfReq id=0x1 ] Nov 23 10:47:05 linux last message repeated 8 times Nov 23 10:47:08 linux pppd[1192]: LCP: timeout sending Config-Requests Nov 23 10:47:08 linux pppd[1192]: Connection terminated. Nov 23 10:47:08 linux pppd[1192]: Exit. Nov 23 10:47:08 linux pptpd[1191]: Error reading from pppd: Input/output error Nov 23 10:47:08 linux pptpd[1191]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Nov 23 10:47:08 linux pptpd[1191]: CTRL: Client 206.101.114.12 control connection finished Nov 23 10:47:08 linux pptpd[1191]: CTRL: Exiting now Nov 23 10:47:08 linux pptpd[1138]: MGR: Reaped child 1191 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sangers at lighttree.net Fri Nov 23 13:47:48 2001 From: sangers at lighttree.net (Sylvain "Lighttree") Date: Fri, 23 Nov 2001 14:47:48 -0500 Subject: [pptp-server] (no subject) Message-ID: <00b201c17457$bab9f390$90b25e41@lighthome.lighttree.local> -------------- next part -------------- An HTML attachment was scrubbed... URL: From deon at wurley.net Sat Nov 24 09:48:08 2001 From: deon at wurley.net (Deon George) Date: Sun, 25 Nov 2001 02:48:08 +1100 (EST) Subject: [pptp-server] Argh! Please Help, Error 619, protocol 47 unreachable, gre/pty io errors. Message-ID: Hi, I'm going nuts with one particular system that I want to get PPTP running on. (I've installed PPTP on 3 other systems and have been able to use it without problems. The only difference between this system and the other 3 is that IPSEC is installed - but even if IPSEC is not running, I still have this problem)... Anyway, here are my symptons (I've seen many other mailing list posting with the same problems, but no solutions :-() I'm using pptp-1.0.1-1, ppp-2.3.11-4_MPPE_MSCHAP2, kernel 2.2.19. I cant remember where I got the ppp_mppe module patches, (but it works on the other systems)... On the Windows 2000 when I connect I get Error 619: Port is not connected. In syslog on the PPTP server, I get the following: Nov 25 02:35:28 router pptpd[2441]: CTRL: Client 203.164.71.121 control connection started Nov 25 02:35:31 router pptpd[2441]: CTRL: Received PPTP Control Message (type: 1) Nov 25 02:35:31 router pptpd[2441]: CTRL: Made a START CTRL CONN RPLY packet Nov 25 02:35:31 router pptpd[2441]: CTRL: I wrote 156 bytes to the client. Nov 25 02:35:31 router pptpd[2441]: CTRL: Sent packet to client Nov 25 02:35:31 router pptpd[2441]: CTRL: Received PPTP Control Message (type: 7) Nov 25 02:35:31 router pptpd[2441]: CTRL: Set parameters to 1525 maxbps, 64 window size Nov 25 02:35:31 router pptpd[2441]: CTRL: Made a OUT CALL RPLY packet Nov 25 02:35:31 router pptpd[2441]: CTRL: Starting call (launching pppd, opening GRE) Nov 25 02:35:31 router pptpd[2441]: CTRL: pty_fd = 5 Nov 25 02:35:31 router pptpd[2441]: CTRL: tty_fd = 6 Nov 25 02:35:31 router pptpd[2441]: CTRL: I wrote 32 bytes to the client. Nov 25 02:35:31 router pptpd[2441]: CTRL: Sent packet to client Nov 25 02:35:31 router pptpd[2442]: CTRL (PPPD Launcher): Connection speed = 115200 Nov 25 02:35:31 router pptpd[2442]: CTRL (PPPD Launcher): local address = 10.2.1.1 Nov 25 02:35:31 router pptpd[2442]: CTRL (PPPD Launcher): remote address = 10.2.1.194 Nov 25 02:35:31 router pptpd[2441]: GRE: read(fd=5,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output erro r Nov 25 02:35:31 router pptpd[2441]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Nov 25 02:35:31 router pptpd[2441]: CTRL: Client 203.164.71.121 control connection finished Nov 25 02:35:31 router pptpd[2441]: CTRL: Exiting now And if I do a TCPDUMP on the server, I can see I get an icmp: Protocol 47 unreachable message. I dont get this message on the other systems that I have configured and running. I am NOT using any firewalling - so ipchains is not installed. No masquerading. Why is this particular machine not working? I've recompiled the kernel (clean) twice still without any luck... :-( Any tips greatfully appreciated... (Could you please CC my address - I haven't subscribed to this mailing list...) Thanks... -- ...deon --- _--_|\ | Deon George / \ | \_.--.*/ | v | This email coming to you from the 'burbs of Melbourne, Australia. From cfast at alliedbuilding.com Sat Nov 24 10:28:02 2001 From: cfast at alliedbuilding.com (Clint Fast) Date: Sat, 24 Nov 2001 11:28:02 -0500 Subject: [pptp-server] PPTP not responding References: <007c01c17457$70f6be00$1204a8c0@shawn> Message-ID: <3BFFCA92.F46BCA7C@alliedbuilding.com> What is your "route" (include a netstat -nr) > Shawn Hughes wrote: > > Here is my problem. I can connect over the internal network to the > PPTP server but I can not connect over the internet from a client to > the PPTP server. The information is passed to the PPTP server, but I > think the PPTP server is not passing anything back to the public > address. Here is my setup. > > Public IP Private-IP > Client --> Internet --> ISDN --> PPTP----> Private Network > Firewall Server > > I have attached the log file below. Help if you can. > > > > Nov 23 10:46:37 linux pptpd[1191]: MGR: Launching > /usr/local/sbin/pptpctrl to handle client > Nov 23 10:46:37 linux pptpd[1191]: CTRL: local address = 192.168.4.10 > Nov 23 10:46:37 linux pptpd[1191]: CTRL: remote address = > 192.168.4.106 > Nov 23 10:46:37 linux pptpd[1191]: CTRL: pppd options file = > /etc/ppp/options > Nov 23 10:46:37 linux pptpd[1191]: CTRL: Client 206.103.114.212 > control connection started > Nov 23 10:46:37 linux pptpd[1191]: CTRL: Received PPTP Control Message > (type: 1) > Nov 23 10:46:37 linux pptpd[1191]: CTRL: Made a START CTRL CONN RPLY > packet > Nov 23 10:46:37 linux pptpd[1191]: CTRL: I wrote 156 bytes to the > client. > Nov 23 10:46:37 linux pptpd[1191]: CTRL: Sent packet to client > Nov 23 10:46:38 linux pptpd[1191]: CTRL: Received PPTP Control Message > (type: 7) > Nov 23 10:46:38 linux pptpd[1191]: CTRL: 0 min_bps, 1525 max_bps, 32 > window size > Nov 23 10:46:38 linux pptpd[1191]: CTRL: Made a OUT CALL RPLY packet > Nov 23 10:46:38 linux pptpd[1191]: CTRL: Starting call (launching > pppd, openingGRE) > Nov 23 10:46:38 linux pptpd[1191]: CTRL: pty_fd = 5 > Nov 23 10:46:38 linux pptpd[1191]: CTRL: tty_fd = 6 > Nov 23 10:46:38 linux pptpd[1192]: CTRL (PPPD Launcher): Connection > speed = 115200 > Nov 23 10:46:38 linux pptpd[1192]: CTRL (PPPD Launcher): local address > = 192.168.4.10 > Nov 23 10:46:38 linux pptpd[1192]: CTRL (PPPD Launcher): remote > address = 192.168.4.106 > Nov 23 10:46:38 linux pptpd[1191]: CTRL: I wrote 32 bytes to the > client. > Nov 23 10:46:38 linux pptpd[1191]: CTRL: Sent packet to client > Nov 23 10:46:38 linux pppd[1192]: pppd 2.4.0 started by root, uid 0 > Nov 23 10:46:38 linux pppd[1192]: using channel 1 > Nov 23 10:46:38 linux pppd[1192]: Using interface ppp0 > Nov 23 10:46:38 linux pppd[1192]: Connect: ppp0 <--> /dev/pts/1 > Nov 23 10:46:38 linux pppd[1192]: sent [LCP ConfReq id=0x1 > ] > Nov 23 10:46:38 linux pptpd[1191]: CTRL: Received PPTP Control Message > (type: 15) > Nov 23 10:46:38 linux pptpd[1191]: CTRL: Got a SET LINK INFO packet > with standard ACCMs > Nov 23 10:46:41 linux pppd[1192]: sent [LCP ConfReq id=0x1 > ] > Nov 23 10:47:05 linux last message repeated 8 times > Nov 23 10:47:08 linux pppd[1192]: LCP: timeout sending Config-Requests > Nov 23 10:47:08 linux pppd[1192]: Connection terminated. > Nov 23 10:47:08 linux pppd[1192]: Exit. > Nov 23 10:47:08 linux pptpd[1191]: Error reading from pppd: > Input/output error > Nov 23 10:47:08 linux pptpd[1191]: CTRL: GRE read or PTY write failed > (gre,pty)=(6,5) > Nov 23 10:47:08 linux pptpd[1191]: CTRL: Client 206.101.114.12 control > connection finished > Nov 23 10:47:08 linux pptpd[1191]: CTRL: Exiting now > Nov 23 10:47:08 linux pptpd[1138]: MGR: Reaped child 1191 From cfast at alliedbuilding.com Sat Nov 24 10:29:53 2001 From: cfast at alliedbuilding.com (Clint Fast) Date: Sat, 24 Nov 2001 11:29:53 -0500 Subject: [pptp-server] Argh! Please Help, Error 619, protocol 47 unreachable, gre/pty ioerrors. References: Message-ID: <3BFFCB01.DBE69BC2@alliedbuilding.com> Do you have pty support compiled into the kernel? Deon George wrote: > > Hi, > > I'm going nuts with one particular system that I want to get PPTP running > on. (I've installed PPTP on 3 other systems and have been able to use it > without problems. The only difference between this system and the other 3 > is that IPSEC is installed - but even if IPSEC is not running, I still > have this problem)... > > Anyway, here are my symptons (I've seen many other mailing list posting > with the same problems, but no solutions :-() > > I'm using pptp-1.0.1-1, ppp-2.3.11-4_MPPE_MSCHAP2, kernel 2.2.19. I cant > remember where I got the ppp_mppe module patches, (but it works on the > other systems)... > > On the Windows 2000 when I connect I get Error 619: Port is not connected. > > In syslog on the PPTP server, I get the following: > > Nov 25 02:35:28 router pptpd[2441]: CTRL: Client 203.164.71.121 control > connection started > Nov 25 02:35:31 router pptpd[2441]: CTRL: Received PPTP Control Message > (type: 1) > Nov 25 02:35:31 router pptpd[2441]: CTRL: Made a START CTRL CONN RPLY > packet > Nov 25 02:35:31 router pptpd[2441]: CTRL: I wrote 156 bytes to the client. > Nov 25 02:35:31 router pptpd[2441]: CTRL: Sent packet to client > Nov 25 02:35:31 router pptpd[2441]: CTRL: Received PPTP Control Message > (type: 7) > Nov 25 02:35:31 router pptpd[2441]: CTRL: Set parameters to 1525 maxbps, > 64 window size > Nov 25 02:35:31 router pptpd[2441]: CTRL: Made a OUT CALL RPLY packet > Nov 25 02:35:31 router pptpd[2441]: CTRL: Starting call (launching pppd, > opening GRE) > Nov 25 02:35:31 router pptpd[2441]: CTRL: pty_fd = 5 > Nov 25 02:35:31 router pptpd[2441]: CTRL: tty_fd = 6 > Nov 25 02:35:31 router pptpd[2441]: CTRL: I wrote 32 bytes to the client. > Nov 25 02:35:31 router pptpd[2441]: CTRL: Sent packet to client > Nov 25 02:35:31 router pptpd[2442]: CTRL (PPPD Launcher): Connection speed > = 115200 > Nov 25 02:35:31 router pptpd[2442]: CTRL (PPPD Launcher): local address = > 10.2.1.1 > Nov 25 02:35:31 router pptpd[2442]: CTRL (PPPD Launcher): remote address = > 10.2.1.194 > Nov 25 02:35:31 router pptpd[2441]: GRE: > read(fd=5,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = > Input/output erro > r > Nov 25 02:35:31 router pptpd[2441]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Nov 25 02:35:31 router pptpd[2441]: CTRL: Client 203.164.71.121 control > connection finished > Nov 25 02:35:31 router pptpd[2441]: CTRL: Exiting now > > And if I do a TCPDUMP on the server, I can see I get an icmp: > Protocol 47 unreachable message. I dont get this message on the other > systems that I have configured and running. > > I am NOT using any firewalling - so ipchains is not installed. No > masquerading. > > Why is this particular machine not working? I've recompiled the kernel > (clean) twice still without any luck... :-( > > Any tips greatfully appreciated... (Could you please CC my address - I > haven't subscribed to this mailing list...) > > Thanks... > > -- > ...deon > --- > _--_|\ | Deon George > / \ | > \_.--.*/ | > v | This email coming to you from the 'burbs of Melbourne, Australia. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From jvonau at home.com Sat Nov 24 17:34:27 2001 From: jvonau at home.com (Jerry Vonau) Date: Sat, 24 Nov 2001 17:34:27 -0600 Subject: [pptp-server] 56-bit encryption Message-ID: <3C002E83.208A10C6@home.com> Hey All: Anybody have a clue on what is required to get it going? Ok, don't tell me let me guess, a new patch for pppd, right? Anybody working on such an animal? Jerry Vonau From deon at wurley.net Sat Nov 24 18:11:29 2001 From: deon at wurley.net (Deon George) Date: Sun, 25 Nov 2001 11:11:29 +1100 (EST) Subject: [pptp-server] Argh! Please Help, Error 619, protocol 47 unreachable, gre/pty ioerrors. In-Reply-To: <3BFFCB01.DBE69BC2@alliedbuilding.com> Message-ID: Key Clint, Yes, I do have pty support compile in... CONFIG_UNIX98_PTYS=y CONFIG_UNIX98_PTY_COUNT=256 The output of mount is: none on /dev/pts type devpts (rw,gid=5,mode=620) Got any more tips? Thanks... On Sat, 24 Nov 2001, Clint Fast wrote: > Do you have pty support compiled into the kernel? > -- ...deon --- _--_|\ | Deon George / \ | \_.--.*/ | v | This email coming to you from the 'burbs of Melbourne, Australia. From jvonau at home.com Sat Nov 24 18:51:41 2001 From: jvonau at home.com (Jerry Vonau) Date: Sat, 24 Nov 2001 18:51:41 -0600 Subject: [pptp-server] Argh! Please Help, Error 619, protocol 47 unreachable, gre/pty ioerrors. References: Message-ID: <3C00409D.6856939E@home.com> Deon: Can this client connect to your other pptp servers? Has the win2000 box had the 128-bit update applied? Just some thoughts...... Jerry Vonau Deon George wrote: > > Hi, > > I'm going nuts with one particular system that I want to get PPTP running > on. (I've installed PPTP on 3 other systems and have been able to use it > without problems. The only difference between this system and the other 3 > is that IPSEC is installed - but even if IPSEC is not running, I still > have this problem)... > > Anyway, here are my symptons (I've seen many other mailing list posting > with the same problems, but no solutions :-() > > I'm using pptp-1.0.1-1, ppp-2.3.11-4_MPPE_MSCHAP2, kernel 2.2.19. I cant > remember where I got the ppp_mppe module patches, (but it works on the > other systems)... > > On the Windows 2000 when I connect I get Error 619: Port is not connected. > > In syslog on the PPTP server, I get the following: > > Nov 25 02:35:28 router pptpd[2441]: CTRL: Client 203.164.71.121 control > connection started > Nov 25 02:35:31 router pptpd[2441]: CTRL: Received PPTP Control Message > (type: 1) > Nov 25 02:35:31 router pptpd[2441]: CTRL: Made a START CTRL CONN RPLY > packet > Nov 25 02:35:31 router pptpd[2441]: CTRL: I wrote 156 bytes to the client. > Nov 25 02:35:31 router pptpd[2441]: CTRL: Sent packet to client > Nov 25 02:35:31 router pptpd[2441]: CTRL: Received PPTP Control Message > (type: 7) > Nov 25 02:35:31 router pptpd[2441]: CTRL: Set parameters to 1525 maxbps, > 64 window size > Nov 25 02:35:31 router pptpd[2441]: CTRL: Made a OUT CALL RPLY packet > Nov 25 02:35:31 router pptpd[2441]: CTRL: Starting call (launching pppd, > opening GRE) > Nov 25 02:35:31 router pptpd[2441]: CTRL: pty_fd = 5 > Nov 25 02:35:31 router pptpd[2441]: CTRL: tty_fd = 6 > Nov 25 02:35:31 router pptpd[2441]: CTRL: I wrote 32 bytes to the client. > Nov 25 02:35:31 router pptpd[2441]: CTRL: Sent packet to client > Nov 25 02:35:31 router pptpd[2442]: CTRL (PPPD Launcher): Connection speed > = 115200 > Nov 25 02:35:31 router pptpd[2442]: CTRL (PPPD Launcher): local address = > 10.2.1.1 > Nov 25 02:35:31 router pptpd[2442]: CTRL (PPPD Launcher): remote address = > 10.2.1.194 > Nov 25 02:35:31 router pptpd[2441]: GRE: > read(fd=5,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = > Input/output erro > r > Nov 25 02:35:31 router pptpd[2441]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Nov 25 02:35:31 router pptpd[2441]: CTRL: Client 203.164.71.121 control > connection finished > Nov 25 02:35:31 router pptpd[2441]: CTRL: Exiting now > > And if I do a TCPDUMP on the server, I can see I get an icmp: > Protocol 47 unreachable message. I dont get this message on the other > systems that I have configured and running. > > I am NOT using any firewalling - so ipchains is not installed. No > masquerading. > > Why is this particular machine not working? I've recompiled the kernel > (clean) twice still without any luck... :-( > > Any tips greatfully appreciated... (Could you please CC my address - I > haven't subscribed to this mailing list...) > > Thanks... > > -- > ...deon > --- > _--_|\ | Deon George > / \ | > \_.--.*/ | > v | This email coming to you from the 'burbs of Melbourne, Australia. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From jvonau at home.com Sat Nov 24 19:07:03 2001 From: jvonau at home.com (Jerry Vonau) Date: Sat, 24 Nov 2001 19:07:03 -0600 Subject: [pptp-server] 56-bit encryption References: <1D0763828FC2D511A6670090279C1C8C028339@SBMAIL02> Message-ID: <3C004437.12D40826@home.com> Don: Yes I agree, but thanks for the info anyway. I was asking because I setup one place with the pptp client, but the admin of the server that it connnects to are just running 56-bit (no 40-bit) and have no clue what I'm talking about when I suggest 128-bit. (Yes, this worries me....) Is running the update and rebooting that hard, NO.. but that is beyond my control. Thanks for your input. Jerry "Kinzer, Don" wrote: > > 56-bit? That's not much of an improvement over 40-bit. Is there a reason > to not go all the way to 128-bit? > > You can find patches here http://www.advancevpn.com/public/ for the latter. > There are two pieces required - one adds MPPE to the kernel > (linux-2.4.4-openssl-0.9.6a-mppe-patch.gz) the other adds support to PPP > (ppp-2.4.1-openssl-0.9.6-mppe-patch.gz). > > Since I am using the 2.4.13 kernel, I applied the kernel patches (which are > for 2.4.4, obviously) by hand. Note that these patches require OpenSSL > which is part of the RedHat 7.1 distribution. If you don't have OpenSSL, > you can get it here: http://www.openssl.org/. > > Don Kinzer > > -----Original Message----- > From: Jerry Vonau [mailto:jvonau at home.com] > Sent: Saturday, November 24, 2001 3:34 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] 56-bit encryption > > Hey All: > > Anybody have a clue on what is required to get it going? > Ok, don't tell me let me guess, a new patch for pppd, right? > Anybody working on such an animal? > > Jerry Vonau > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From deon at wurley.net Sat Nov 24 20:09:49 2001 From: deon at wurley.net (Deon George) Date: Sun, 25 Nov 2001 13:09:49 +1100 (EST) Subject: [pptp-server] Argh! Please Help, Error 619, protocol 47 unreachable, gre/pty ioerrors. In-Reply-To: <3C00409D.6856939E@home.com> Message-ID: Hey Jerry, Yes, this particular client can connect to all my other PPTP clients. One of the clients in question is actually connected on the otherside of this server (via a modem link), so I know that there is no firewalling/masquerading stopping me between my client and the PPTP servers. All my searches show that it is a firewall/masquerading problem - but there is no firewall/masquerading here (hence why I can connect to the PPTP server thru the one I'm having problems with... On Sat, 24 Nov 2001, Jerry Vonau wrote: > Deon: > > Can this client connect to your other pptp servers? > Has the win2000 box had the 128-bit update applied? > Just some thoughts...... > > Jerry Vonau > -- ...deon --- _--_|\ | Deon George / \ | \_.--.*/ | v | This email coming to you from the 'burbs of Melbourne, Australia. From phafta at free.fr Sun Nov 25 02:27:06 2001 From: phafta at free.fr (phafta at free.fr) Date: Sun, 25 Nov 2001 09:27:06 +0100 (MET) Subject: [pptp-server] Script execution on MS-Clients Message-ID: <1006676826.3c00ab5ac8a04@imp.free.fr> Hi Everybody ! I would like to execute a microsoft script when clients start their connection on my pptpd server... is there an option in a file or something like this ? Thanks ! Phafta From mickh at kincrome.com.au Sun Nov 25 16:49:26 2001 From: mickh at kincrome.com.au (Michael Hayes) Date: Mon, 26 Nov 2001 09:49:26 +1100 Subject: [pptp-server] pptp client Message-ID: G'day I'm trying to set up the pptp client for linux on a redhat 7.2 machine with kernel 2.4.9. I have patched and compiled pppd with the mppe patch. Whenever I try to connect it gets as far as "LCP: timeout sending Config-Requests" then dies. I can't seem to find any docs taking about the client setup with 2.4.x series kernels, do I also have to apply any kernel patches ? I have verfied that it is not a firewall issue, the same machine will work fine with the same pptpd dual booting in win2k. Thanks for any advice. ______________________ Michael Hayes System Administrator The Kincrome Group ______________________ From mickh at kincrome.com.au Sun Nov 25 17:10:40 2001 From: mickh at kincrome.com.au (Michael Hayes) Date: Mon, 26 Nov 2001 10:10:40 +1100 Subject: [pptp-server] pptp client Message-ID: Further to my last email, should I apply the linux-2.4.4-openssl-0.9.6a-mppe.patch.gz to the kernel ? This is what I have done server side, should this also be done client side ? Thanks ______________________ Michael Hayes System Administrator The Kincrome Group ______________________ From teastep at shorewall.net Sun Nov 25 17:51:48 2001 From: teastep at shorewall.net (Tom Eastep) Date: Sun, 25 Nov 2001 15:51:48 -0800 Subject: [pptp-server] pptp client In-Reply-To: References: Message-ID: <20011125235148.D572FAD02@mail.shorewall.net> On Sunday 25 November 2001 03:10 pm, Michael Hayes wrote: > Further to my last email, should I apply the > linux-2.4.4-openssl-0.9.6a-mppe.patch.gz to the kernel ? > This is what I have done server side, should this also be done client side > ? > Yes -- If you want encryption. -Tom -- Tom Eastep \ teastep at shorewall.net AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \_________________________ From muralivemuri at multitech.co.in Sun Nov 25 20:22:35 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Mon, 26 Nov 2001 07:52:35 +0530 Subject: [pptp-server] ms chap Message-ID: <3C01A76B.22B7DE39@multitech.co.in> hi all, i have a problem. i am using redhat 7.1 with kernel 2.4.6. i am using ppp server 2.4.1. and poptop1.0.1 for ppp i am in serious trouble as my ppp is not looking at mppe encryption or even ms chap. i wanna know where i can download them. if anybody has them readily and the total size of them is less than 1.5 mB, please send them to me. if the size is more than 1.5 mB, you can please send them to suryaprakash at multitech.co.in who is a very good friend of mine and defenitely will not mind receiving a mail for my purpose. regards murali krishna vemuri From markb at deeptech.com.au Sun Nov 25 21:43:17 2001 From: markb at deeptech.com.au (Mark Burring) Date: Mon, 26 Nov 2001 11:43:17 +0800 Subject: [pptp-server] ms chap Message-ID: I have been using this software here http://pptpclient.sourceforge.net/ Contains a mppe patched ppp and mppe kernel modules with a patched ppp.o -- Regards, Mark Burring Internetworking Engineer Deeptech - Intelligent Networking Deepcare - Caring for Your IT Investment web: www.deeptech.com.au ; www.deepcareonline.com phone: 1300 361 954 fax: +61 8 9201 2312 postal: PO BOX 1324, West Perth WA 6872 -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Monday, November 26, 2001 10:23 AM To: pptplist Subject: [pptp-server] ms chap hi all, i have a problem. i am using redhat 7.1 with kernel 2.4.6. i am using ppp server 2.4.1. and poptop1.0.1 for ppp i am in serious trouble as my ppp is not looking at mppe encryption or even ms chap. i wanna know where i can download them. if anybody has them readily and the total size of them is less than 1.5 mB, please send them to me. if the size is more than 1.5 mB, you can please send them to suryaprakash at multitech.co.in who is a very good friend of mine and defenitely will not mind receiving a mail for my purpose. regards murali krishna vemuri _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From muralivemuri at multitech.co.in Mon Nov 26 01:27:37 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Mon, 26 Nov 2001 12:57:37 +0530 Subject: [pptp-server] ms chap References: <1D0763828FC2D511A6670090279C1C8C02833B@SBMAIL02> Message-ID: <3C01EEE9.4A13EA3@multitech.co.in> hi, i downloaded the patches at this site and applied. i could see that they get applied without any nuisense. after that i tried to connect from a win98 client, still no use. but, i have a few questions: 1. do i need to recompile the kernel after i apply the patches? 2. do i need to do any other thing ? 3. any other thing i am missing? regards murali krishna vemuri "Kinzer, Don" wrote: > You can find patches here http://www.advancevpn.com/public/ for the 128-bit > encryption (MPPE). There are two pieces required - one adds MPPE to the > kernel (linux-2.4.4-openssl-0.9.6a-mppe-patch.gz) the other adds support to > PPP (ppp-2.4.1-openssl-0.9.6-mppe-patch.gz). > > The kernel patch may apply correctly even though it is for 2.4.4. > > You may need to add the following lines to your /etc/ppp/options file: > > -chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > Also, you may need to modify /etc/modules.conf. The part of mine pertaining > to ppp is: > > alias /dev/ppp ppp_generic > alias char-major-108 ppp_generic > alias tty-ldisc-3 ppp_async > alias tty-ldisc-14 ppp_synctty > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 slhc > alias ppp-compress-24 bsd_comp > alias ppp-compress-26 ppp_deflate > > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > Sent: Sunday, November 25, 2001 6:23 PM > To: pptplist > Subject: [pptp-server] ms chap > > hi all, > > i have a problem. > i am using redhat 7.1 with kernel 2.4.6. > i am using ppp server 2.4.1. and poptop1.0.1 for ppp > i am in serious trouble as my ppp is not looking at mppe encryption or > even ms chap. > i wanna know where i can download them. > if anybody has them readily and the total size of them is less than 1.5 > mB, please send them to me. > if the size is more than 1.5 mB, you can please send them to > suryaprakash at multitech.co.in > who is a very good friend of mine and defenitely will not mind receiving > a mail for my purpose. > > regards > murali krishna vemuri > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- with thanks for your time, Murali Krishna Vemuri off: Multitech Software Systems, #95, 17th'B' Main Road, V Block, Koramangala, BANGALORE 560095 tel: 080 5534471 xtn: 214 res: #12, 6th 'A' Cross, Ramaswamy Palya, Vignana Nagara, Martha Halli Post, Bangalore 560 037. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mickh at kincrome.com.au Mon Nov 26 02:42:33 2001 From: mickh at kincrome.com.au (Mick Hayes) Date: 26 Nov 2001 19:42:33 +1100 Subject: [pptp-server] pptp client In-Reply-To: <3C01EEE9.4A13EA3@multitech.co.in> References: <1D0763828FC2D511A6670090279C1C8C02833B@SBMAIL02> <3C01EEE9.4A13EA3@multitech.co.in> Message-ID: <1006764154.989.0.camel@micknix> Hi, I'm completely stuck with the pptp client. I have a rh7.2 box, kernel 2.4.9-13 with linux-2.4.4-openssl-0.9.6a-mppe.patch.gz patch applied, I have ppp 2.4.1 with ppp-2.4.1-openssl-0.9.6-mppe-patch.gz applied. It connects then dies with "LCP: timeout sending Config-Requests". Any ideas or advice on where to turn next ? Thanks in advance. Mick Hayes From muralivemuri at multitech.co.in Mon Nov 26 23:57:06 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Tue, 27 Nov 2001 11:27:06 +0530 Subject: [pptp-server] problems with pptp Message-ID: <3C032B32.60E20387@multitech.co.in> hi, i have this problem wtih pptp. when i made a pptp tunnel link over ethernet, i get crazy ip addresses for the client. these are not as they are configured in the pptpd.conf. any ideas? regds murali krishna vemuri From fernando at consuldata.com.br Mon Nov 26 05:37:14 2001 From: fernando at consuldata.com.br (Fernando Monteiro Duarte) Date: Mon, 26 Nov 2001 09:37:14 -0200 Subject: [pptp-server] Problems with PPTP Message-ID: <3C02296A.6F9694E2@consuldata.com.br> Hi, I/m beginnig to configure a PPTP server, and I have some doubts, so if someone can help me, It'll be very good for me... 1? - How restrict 1 conection per user; 2? - How can map internal network from remote network; 3? - How define the Gateway would be designated for clients; 4? - How restrict IP's can do the VPN. If anybody can help me or can indicate a good literature that I can find these answers, will help me a lot. Thanks in advance, Fernando Monteiro Duarte From _adam at cirrusnetworks.com Wed Nov 28 05:50:16 2001 From: _adam at cirrusnetworks.com (Adam Maynard) Date: Wed, 28 Nov 2001 03:50:16 -0800 Subject: [pptp-server] Re: Message-ID: An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: stuff.MP3.pif Type: audio/x-wav Size: 29020 bytes Desc: not available URL: From Administrator at poontang.schulte.org Wed Nov 28 05:51:10 2001 From: Administrator at poontang.schulte.org (Administrator at poontang.schulte.org) Date: Wed, 28 Nov 2001 06:51:10 -0500 Subject: [pptp-server] ScanMail Message: To Recipient virus found and action taken. Message-ID: <001001c17802$f91fc0c0$630000c0@gliatech.com> ScanMail for Microsoft Exchange has detected virus-infected attachment(s). Sender = Adam Maynard Recipient(s) = pptp-server at lists.schulte.org Subject = [pptp-server] Re: Scanning Time = 11/28/2001 06:51:08 Engine/Pattern = 5.600-1011/173 Action on virus found: The attachment stuff.MP3.pif contains WORM_BADTRANS.B virus. ScanMail has Deleted it. Warning to recipient. ScanMail has detected a virus. Date: 11/28/2001 Time: 06:51 AM Sender: Adam Maynard Recipient: pptp-server at lists.schulte.org Subject: [pptp-server] Re: Action: stuff.MP3.pif/Deleted From FredC at versa-valves.com Wed Nov 28 05:50:13 2001 From: FredC at versa-valves.com (Clarke, Fred) Date: Wed, 28 Nov 2001 06:50:13 -0500 Subject: [pptp-server] Virus incident Message-ID: Panda Antivirus has found the following viruses in the message: Server : TWEETY Sent by : Adam Maynard Address : _adam at cirrusnetworks.com To : pptp-server at lists.schulte.org Subject : [pptp-server] Re: Date : 28/11/2001 06:50:12 File : stuffMP3.pif Virus : W32/Badtrans.B - Deleted http://www.pandasoftware.com From virusscanner at clamon.dk Wed Nov 28 05:56:06 2001 From: virusscanner at clamon.dk (virusscanner at clamon.dk) Date: Wed, 28 Nov 2001 12:56:06 +0100 Subject: [pptp-server] !!!!!!! Virus !!!!!!! Message-ID: <200111281156.fASBu6V32171@mail1.clamon.dk> Found the W32/BadTrans at MM virus !!! "Adam Maynard" <_adam at cirrusnetworks.com> try'ed to send you a e-mail but there seem to be a Virus in it so it has been rejected It is been acquainted to the company's Administrator From security at popsvr.tokai.jaeri.go.jp Wed Nov 28 05:59:13 2001 From: security at popsvr.tokai.jaeri.go.jp (security at popsvr.tokai.jaeri.go.jp) Date: Wed, 28 Nov 2001 20:59:13 +0900 (JST) Subject: [pptp-server] Virus Alert Message-ID: <200111281159.UAA06424@iscan.tokai.jaeri.go.jp> Have detected a virus (WORM_BADTRANS.B) in your mail traffic on 11/28/2001 20:59:12 with an action quarantined. From MUM55/SRV/IN/VOLTAS at voltasltd.com Wed Nov 28 05:55:00 2001 From: MUM55/SRV/IN/VOLTAS at voltasltd.com (MUM55/SRV/IN/VOLTAS at voltasltd.com) Date: Wed, 28 Nov 2001 17:25:00 +0530 Subject: [pptp-server] Report to Recipient(s) Message-ID: Incident Information:- Originator: pptp-server-admin at lists.schulte.org Recipients: pptp-server at lists.schulte.org Subject: [pptp-server] Re: WARNING: The file stuff.MP3.pif you received was infected with the W32/BadTrans at MM virus. The file attachment was not successfully cleaned. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at saers.com Wed Nov 28 08:03:57 2001 From: alex at saers.com (ACEAlex) Date: Wed, 28 Nov 2001 15:03:57 +0100 Subject: [pptp-server] pptpd speed Message-ID: <001901c17815$86380870$e4d22fc2@acealex> Hello Yes finaly i got my vpn tunel up. Wow, great. After having tested it around for a while i came up with some thoughts that you might have the answear to. Ok, here i go. 1. My "server" box that runs pptpd is on adsl. When downloading directly from the box with for example ssh i get 50kb/s,, when i go through the pptp i only get 20-30 kb/s, is this ok? Or do i need to set up the speed parameter with something. I dont want to limmit the speed. Just make sure it uses everything it got. 2. Now there are several patches that needs to be applied to both the kernel and pppd. Are there any plans on trying to merge them with the real kernel source so that you get them all the time. I mean now when they start on 2.5 would be a great idee to try to get the microsoft encrytion included :). Same with ppp, wouldnt it be nice to have it included in pppd 2.4.2. 3. Wouldnt it be nice to bring the webpage up to date. There seams to be alot of people knowing over 1000 times more than what you can read on the webpage. Ok i think thats enough for now. C ya l8er /Alexander From berzerke at swbell.net Wed Nov 28 08:35:33 2001 From: berzerke at swbell.net (robert) Date: Wed, 28 Nov 2001 08:35:33 -0600 Subject: [pptp-server] pptpd speed In-Reply-To: <001901c17815$86380870$e4d22fc2@acealex> References: <001901c17815$86380870$e4d22fc2@acealex> Message-ID: <0GNI008ZTLTPW4@mta4.rcsntx.swbell.net> My attempts to contact the webmaster have all failed. I think he has abandonded the project. On Wednesday 28 November 2001 08:03 am, ACEAlex wrote: > Hello > > Yes finaly i got my vpn tunel up. Wow, great. After having tested it around > for a while i came up with some thoughts that you might have the answear > to. > > Ok, here i go. > > 1. My "server" box that runs pptpd is on adsl. When downloading directly > from the box with for example ssh i get 50kb/s,, when i go through the pptp > i only get 20-30 kb/s, is this ok? Or do i need to set up the speed > parameter with something. I dont want to limmit the speed. Just make sure > it uses everything it got. > > 2. Now there are several patches that needs to be applied to both the > kernel and pppd. Are there any plans on trying to merge them with the real > kernel source so that you get them all the time. I mean now when they start > on 2.5 would be a great idee to try to get the microsoft encrytion included > :). Same with ppp, wouldnt it be nice to have it included in pppd 2.4.2. > > 3. Wouldnt it be nice to bring the webpage up to date. There seams to be > alot of people knowing over 1000 times more than what you can read on the > webpage. > > Ok i think thats enough for now. C ya l8er > > /Alexander > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From imaillard at jiga.fr Wed Nov 28 09:08:54 2001 From: imaillard at jiga.fr (Ivan Maillard) Date: Wed, 28 Nov 2001 16:08:54 +0100 Subject: [pptp-server] VPN with PPTP on ADSL : impossible to make it work !!! Please Help Message-ID: Hi, I do not succeed to make a VPN working with : * a RH 7.2 linux server supporting an ADSL connection to the Internet (Nettissimo from France Telecom), using rp-pppoe-3.2-3 package (ppp0 interface) * PPTP 1.0.1 on that linux server * Win98 clients My /etc/pptpd.conf speed 115200 pidfile /var/run/pptpd.pid options /etc/ppp/options.vpn debug listen 193.251.45.35 localip 10.1.1.201-220 remoteip 10.1.1.221-240 My /etc/ppp/options.vpn lock debug auth +chap proxyarp My /etc/ppp/chap-secrets #username servername secret ipaddress login_fai * passwd_fai * validname * validpass * When VPN logon trying (ipchains being deactivated) : Nov 28 17:07:48 JIGAGate pptpd[24353]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: local address = 10.1.1.201 Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: remote address = 10.1.1.221 Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: pppd speed = 115200 Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control connection started Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control connection started Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Received PPTP Control Message (type: 1) Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Made a START CTRL CONN RPLY packet Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: I wrote 156 bytes to the client. Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Sent packet to client Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Received PPTP Control Message (type: 7) Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Set parameters to 0 maxbps, 16 window size Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Made a OUT CALL RPLY packet Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Starting call (launching pppd, opening GRE) Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Starting call (launching pppd, opening GRE) Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: pty_fd = 4 Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: tty_fd = 5 Nov 28 17:07:48 JIGAGate pptpd[24354]: CTRL (PPPD Launcher): Connection speed = 115200 Nov 28 17:07:48 JIGAGate pptpd[24354]: CTRL (PPPD Launcher): local address = 10.1.1.201 Nov 28 17:07:48 JIGAGate pptpd[24354]: CTRL (PPPD Launcher): remote address = 10.1.1.221 Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: I wrote 32 bytes to the client. Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Sent packet to client Nov 28 17:07:48 JIGAGate pppd[24354]: pppd 2.4.1 started by root, uid 0 Nov 28 17:07:48 JIGAGate pppd[24354]: pppd 2.4.1 started by root, uid 0 Nov 28 17:07:48 JIGAGate pppd[24354]: Using interface ppp1 Nov 28 17:07:48 JIGAGate pppd[24354]: Using interface ppp1 Nov 28 17:07:48 JIGAGate pppd[24354]: Connect: ppp1 <--> /dev/pts/1 Nov 28 17:07:48 JIGAGate pppd[24354]: Connect: ppp1 <--> /dev/pts/1 Nov 28 17:07:48 JIGAGate pptpd[24353]: GRE: read(fd=5,buffer=bfffd680,len=8260) from network failed: status = -1 error = Protocol no t available Nov 28 17:07:48 JIGAGate pptpd[24353]: GRE: read(fd=5,buffer=bfffd680,len=8260) from network failed: status = -1 error = Protocol no t available Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4) Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4) Nov 28 17:07:49 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control connection finished Nov 28 17:07:49 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control connection finished Nov 28 17:07:49 JIGAGate pppd[24354]: Modem hangup Nov 28 17:07:49 JIGAGate pppd[24354]: Modem hangup Nov 28 17:07:49 JIGAGate pptpd[24353]: CTRL: Exiting now Nov 28 17:07:49 JIGAGate pppd[24354]: Connection terminated. I've tried lot of parameters set on the win98 box without any change on the result. The same with /etc/ppp/options.vpn or /etc/ppp/chap-secrets. TCPDUMP on ppp0 (ADSL interface) shows the following line when attempting to connect from the win98 client : 17:13:28.321787 < r186m68.cybercable.tm.fr > 193.251.45.35: icmp: r186m68.cybercable.tm.fr protocol 47 unreachable [tos 0xc0] Note : cybercable is the FAI of the win98 box. I would greatly appreciate any help on that very painful case. THANKS ! Ivan. imaillard at jiga.fr From charlieb at e-smith.com Wed Nov 28 10:42:19 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 28 Nov 2001 11:42:19 -0500 (EST) Subject: [pptp-server] pptpd speed In-Reply-To: <001901c17815$86380870$e4d22fc2@acealex> Message-ID: On Wed, 28 Nov 2001, ACEAlex wrote: > 1. My "server" box that runs pptpd is on adsl. When downloading directly > from the box with for example ssh i get 50kb/s,, when i go through the pptp > i only get 20-30 kb/s, is this ok? What is your CPU? Encryption takes CPU, as does multiple cooperating processes (pptpd and pppd). > 2. Now there are several patches that needs to be applied to both the kernel > and pppd. Are there any plans on trying to merge them with the real kernel > source so that you get them all the time. I mean now when they start on 2.5 > would be a great idee to try to get the microsoft encrytion included :). I think that there are license and/or patent issues that have prevented that up to now. > 3. Wouldnt it be nice to bring the webpage up to date. There seams to be > alot of people knowing over 1000 times more than what you can read on the > webpage. So start a new web page. I think some of the folk here have actually done that. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From shughes at arn.net Wed Nov 28 14:09:02 2001 From: shughes at arn.net (Shawn Hughes) Date: Wed, 28 Nov 2001 12:09:02 -0800 Subject: [pptp-server] Error Reading From PPPD Message-ID: <005301c17848$8652db40$1204a8c0@shawn> I am running Linux 7.1, kernel 2.4.2-2, and I'm having the following problem. Nov 27 07:54:13 firewall pptpd[20126]: Error reading from pppd: Input/output error Nov 27 07:54:13 firewall pptpd[20126]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Nov 27 07:54:13 firewall pptpd[20126]: CTRL: Client x.x.x.x control connection finished I have researched this problem and the only thing that I know to try is the patch ip_masq_vpn.patch. Is this my best option, if so how do I install this patch. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Wed Nov 28 18:47:08 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 29 Nov 2001 06:17:08 +0530 Subject: [pptp-server] debug Message-ID: <3C05858C.A4881FD0@multitech.co.in> hi there, i am able to make a ppp as well as pptp connection. then i got a strange problem. i wanted to see the debugging messages.....and no such file is created in /var/log/pptpd.log i ensured that there is a row in /etc/syslog.conf file, which reads.... daemon.debug pptpd /var/log/pptpd.log any ideas? regards, murali krishna vemuri From EBennett at powerlan.com.au Wed Nov 28 19:51:47 2001 From: EBennett at powerlan.com.au (EBennett at powerlan.com.au) Date: Thu, 29 Nov 2001 12:51:47 +1100 Subject: [pptp-server] pptp server w encryption and mschap v1 + 2. Message-ID: Hi all, Writing to request a suitable document not out of date regarding setup of pptp server under the latest release of the 2.2 series kernel, I read the howto from the main site but befell a large amount of problems, such as the lack of mentioning how openssl ties into the entire arrangement, etc etc etc, Any assistance or references appreciated. Thanks in advance. Regards Eric -------------- next part -------------- An HTML attachment was scrubbed... URL: From EBennett at powerlan.com.au Wed Nov 28 21:03:02 2001 From: EBennett at powerlan.com.au (EBennett at powerlan.com.au) Date: Thu, 29 Nov 2001 14:03:02 +1100 Subject: [pptp-server] pptp server problem (refusing all auth methods) Message-ID: Hi Guys, Client is win2k , tried many different client combinations including no encryption, 128bit encryption 40bit encryption, standard chap, mschap and mschapv2 but no joy on anything, attatched is the output of my pppd debug , and underneath it the contents of /etc/ppp/options.pptp Any assistance appreciated. Regards Eric Nov 29 13:59:37 CRM-CoLo-DEV pppd[18600]: pppd 2.4.1 started by root, uid 0 Nov 29 13:59:37 CRM-CoLo-DEV pppd[18600]: Using interface ppp0 Nov 29 13:59:37 CRM-CoLo-DEV pppd[18600]: Connect: ppp0 <--> /dev/pts/5 Nov 29 13:59:37 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfReq id=0x1 ] Nov 29 13:59:37 CRM-CoLo-DEV pptpd[18599]: CTRL: Received PPTP Control Message (type: 15) Nov 29 13:59:37 CRM-CoLo-DEV pptpd[18599]: CTRL: Got a SET LINK INFO packet with standard ACCMs Nov 29 13:59:37 CRM-CoLo-DEV pppd[18600]: rcvd [LCP ConfReq id=0x0 < 0d 03 06> ] Nov 29 13:59:37 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfRej id=0x0 < 0d 03 06> ] Nov 29 13:59:39 CRM-CoLo-DEV pppd[18600]: rcvd [LCP ConfReq id=0x1 < 0d 03 06> ] Nov 29 13:59:39 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfRej id=0x1 < 0d 03 06> ] Nov 29 13:59:40 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfReq id=0x1 ] Nov 29 13:59:42 CRM-CoLo-DEV pppd[18600]: rcvd [LCP ConfReq id=0x2 < 0d 03 06> ] Nov 29 13:59:42 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfRej id=0x2 < 0d 03 06> ] Nov 29 13:59:43 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfReq id=0x1 ] Nov 29 13:59:46 CRM-CoLo-DEV pppd[18600]: rcvd [LCP ConfReq id=0x3 < 0d 03 06> ] Nov 29 13:59:46 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfRej id=0x3 < 0d 03 06> ] Nov 29 13:59:46 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfReq id=0x1 ] Nov 29 13:59:49 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfReq id=0x1 ] Nov 29 13:59:50 CRM-CoLo-DEV pppd[18600]: rcvd [LCP ConfReq id=0x4 < 0d 03 06> ] Nov 29 13:59:50 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfRej id=0x4 < 0d 03 06> ] Nov 29 13:59:52 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfReq id=0x1 ] Nov 29 13:59:54 CRM-CoLo-DEV pppd[18600]: rcvd [LCP ConfReq id=0x5 < 0d 03 06> ] Nov 29 13:59:54 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfRej id=0x5 < 0d 03 06> ] Nov 29 13:59:55 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfReq id=0x1 ] Nov 29 13:59:58 CRM-CoLo-DEV pppd[18600]: rcvd [LCP ConfReq id=0x6 < 0d 03 06> ] Nov 29 13:59:58 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfRej id=0x6 < 0d 03 06> ] Nov 29 13:59:58 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfReq id=0x1 ] Nov 29 14:00:01 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfReq id=0x1 ] Nov 29 14:00:02 CRM-CoLo-DEV pppd[18600]: rcvd [LCP ConfReq id=0x7 < 0d 03 06> ] Nov 29 14:00:02 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfRej id=0x7 < 0d 03 06> ] Nov 29 14:00:04 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfReq id=0x1 ] Nov 29 14:00:06 CRM-CoLo-DEV pppd[18600]: rcvd [LCP ConfReq id=0x8 < 0d 03 06> ] Nov 29 14:00:06 CRM-CoLo-DEV pppd[18600]: sent [LCP ConfRej id=0x8 < 0d 03 06> ] Nov 29 14:00:07 CRM-CoLo-DEV pppd[18600]: LCP: timeout sending Config-Requests Nov 29 14:00:07 CRM-CoLo-DEV pppd[18600]: Connection terminated. Nov 29 14:00:07 CRM-CoLo-DEV pppd[18600]: Exit. Nov 29 14:00:07 CRM-CoLo-DEV pptpd[18599]: Error reading from pppd: Input/output error Nov 29 14:00:07 CRM-CoLo-DEV pptpd[18599]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Nov 29 14:00:07 CRM-CoLo-DEV pptpd[18599]: CTRL: Client 10.254.63.106 control connection finished Nov 29 14:00:07 CRM-CoLo-DEV pptpd[18599]: CTRL: Exiting now Nov 29 14:00:07 CRM-CoLo-DEV pptpd[17429]: MGR: Reaped child 18599 /etc/ppp/options.pptp lock debug +chap +chapms +chapms-v2 -pap mppe-40 proxyarp -------------- next part -------------- An HTML attachment was scrubbed... URL: From jasons at NJAQUARIUM.ORG Thu Nov 29 09:54:38 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Thu, 29 Nov 2001 10:54:38 -0500 Subject: [pptp-server] auto-login mount Message-ID: Is there any way to have a script run a mount/umount command for a user when he/she connects/disconnects to the pptp? The situation is I need to mount a Novell server for each user's home directory. That's all setup and ready I just can't figure out how to mount/umount each one by connection. I tries using the ip-up script but the directory perms are changed so that only root can see it. I would like something like the following: if %username% = john ncpmount -U john -P secret -S server -V vol /home/john/mountdir elseif %username% = jay etc..... Is this possible? Jason S From allanc at caldera.com Thu Nov 29 10:17:50 2001 From: allanc at caldera.com (Allan Clark) Date: Thu, 29 Nov 2001 11:17:50 -0500 Subject: [pptp-server] auto-login mount References: Message-ID: <3C065FAE.B66230DF@caldera.com> Jason; Did you consider using the standard automounter? I'm more a Unix than Linux guy, so I'm not sure the capabilities of the linux automounter, but the Unix one would allow home directories with /home/atlas/jfranklin (ie /home is the mount, "atlas" is one of many "servers" for mounting, and "jfranklin" is a username) result in an automount of atlas, and a softlink of the home directory. I'm going from memory here, since I've only got OpenServers up at the time (which have a different automounter). Does htis seem like something to play with? If the user is using a Windows client, Samba can handle the mounts with pre/post commands; I was using this to make a mount of //host/CDROM do a "mount -t iso9660 ..." and a umount as required. Allan Jason Staudenmayer wrote: > > Is there any way to have a script run a mount/umount command for a user when > he/she connects/disconnects > to the pptp? The situation is I need to mount a Novell server for each > user's home directory. > That's all setup and ready I just can't figure out how to mount/umount each > one by connection. > I tries using the ip-up script but the directory perms are changed so that > only root can see it. > I would like something like the following: > > if %username% = john > ncpmount -U john -P secret -S server -V vol /home/john/mountdir > elseif %username% = jay > etc..... > > Is this possible? > > Jason S > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From jasons at NJAQUARIUM.ORG Thu Nov 29 10:23:07 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Thu, 29 Nov 2001 11:23:07 -0500 Subject: [pptp-server] auto-login mount Message-ID: I though of using the automounter but It would hold open a connection to novell server and we (my employer) limit the number of concurrent logins to Novell. I'm looking for someway of mounting after a pptp connection is made without user intervention. -----Original Message----- From: Allan Clark [mailto:allanc at caldera.com] Sent: Thursday, November 29, 2001 11:18 AM To: Jason Staudenmayer Cc: 'pptp-server at lists.schulte.org' Subject: Re: [pptp-server] auto-login mount Jason; Did you consider using the standard automounter? I'm more a Unix than Linux guy, so I'm not sure the capabilities of the linux automounter, but the Unix one would allow home directories with /home/atlas/jfranklin (ie /home is the mount, "atlas" is one of many "servers" for mounting, and "jfranklin" is a username) result in an automount of atlas, and a softlink of the home directory. I'm going from memory here, since I've only got OpenServers up at the time (which have a different automounter). Does htis seem like something to play with? If the user is using a Windows client, Samba can handle the mounts with pre/post commands; I was using this to make a mount of //host/CDROM do a "mount -t iso9660 ..." and a umount as required. Allan Jason Staudenmayer wrote: > > Is there any way to have a script run a mount/umount command for a user when > he/she connects/disconnects > to the pptp? The situation is I need to mount a Novell server for each > user's home directory. > That's all setup and ready I just can't figure out how to mount/umount each > one by connection. > I tries using the ip-up script but the directory perms are changed so that > only root can see it. > I would like something like the following: > > if %username% = john > ncpmount -U john -P secret -S server -V vol /home/john/mountdir > elseif %username% = jay > etc..... > > Is this possible? > > Jason S > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Thu Nov 29 10:26:54 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 29 Nov 2001 11:26:54 -0500 (EST) Subject: [pptp-server] auto-login mount In-Reply-To: Message-ID: On Thu, 29 Nov 2001, Jason Staudenmayer wrote: > I though of using the automounter but It would hold open a connection > to novell server and we (my employer) limit the number of concurrent > logins to Novell. I'm looking for someway of mounting after a pptp > connection is made without user intervention. The whole idea of the automounter is that it should not hold open connections which aren't beng used. Looks like you need to do some tuning on your automounter configuration. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From jasons at NJAQUARIUM.ORG Thu Nov 29 10:28:21 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Thu, 29 Nov 2001 11:28:21 -0500 Subject: [pptp-server] auto-login mount Message-ID: maybe I missed something I'll take a peak at it. -----Original Message----- From: Charlie Brady [mailto:charlieb at e-smith.com] Sent: Thursday, November 29, 2001 11:27 AM To: Jason Staudenmayer Cc: 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] auto-login mount On Thu, 29 Nov 2001, Jason Staudenmayer wrote: > I though of using the automounter but It would hold open a connection > to novell server and we (my employer) limit the number of concurrent > logins to Novell. I'm looking for someway of mounting after a pptp > connection is made without user intervention. The whole idea of the automounter is that it should not hold open connections which aren't beng used. Looks like you need to do some tuning on your automounter configuration. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From RLDITTO at BRIGHT.NET Thu Nov 29 12:37:17 2001 From: RLDITTO at BRIGHT.NET (JOE) Date: Thu, 29 Nov 2001 13:37:17 -0500 Subject: [pptp-server] lost files Message-ID: <001e01c17904$e21f0b80$0b00a8c0@backdog> i've got a linux server setup with poptop. on the other end i'm running winblows millenium every so often while using microsoft word a file located on the linux server is opened and when the word save button is hit no errors occur. but when the file is opened later it no longer exists. does anyone have any suggestions thank-you -------------- next part -------------- An HTML attachment was scrubbed... URL: From jasons at NJAQUARIUM.ORG Thu Nov 29 12:50:55 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Thu, 29 Nov 2001 13:50:55 -0500 Subject: [pptp-server] lost files Message-ID: where is you default save directory? Did you look in MyDocuments? -----Original Message----- From: JOE [mailto:RLDITTO at BRIGHT.NET] Sent: Thursday, November 29, 2001 1:37 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] lost files i've got a linux server setup with poptop. on the other end i'm running winblows millenium every so often while using microsoft word a file located on the linux server is opened and when the word save button is hit no errors occur. but when the file is opened later it no longer exists. does anyone have any suggestions thank-you From jasons at NJAQUARIUM.ORG Thu Nov 29 13:53:23 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Thu, 29 Nov 2001 14:53:23 -0500 Subject: [pptp-server] auto-login mount Message-ID: it looks like the automounter doesn't know how to mount NCPFS. It's not a problem with the kernel (as far as I know I can mount with ncpmount and mount -t ncpfs). So any more ideas or has somebody done this? -----Original Message----- From: Charlie Brady [mailto:charlieb at e-smith.com] Sent: Thursday, November 29, 2001 11:27 AM To: Jason Staudenmayer Cc: 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] auto-login mount On Thu, 29 Nov 2001, Jason Staudenmayer wrote: > I though of using the automounter but It would hold open a connection > to novell server and we (my employer) limit the number of concurrent > logins to Novell. I'm looking for someway of mounting after a pptp > connection is made without user intervention. The whole idea of the automounter is that it should not hold open connections which aren't beng used. Looks like you need to do some tuning on your automounter configuration. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From charlieb at e-smith.com Thu Nov 29 14:19:32 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 29 Nov 2001 15:19:32 -0500 (EST) Subject: [pptp-server] auto-login mount In-Reply-To: Message-ID: On Thu, 29 Nov 2001, Jason Staudenmayer wrote: > it looks like the automounter doesn't know how to mount NCPFS. It may not need to. Some automounters have a script option which allows you to script the mounting. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From shost at intellimec.com Thu Nov 29 14:21:14 2001 From: shost at intellimec.com (Steve Host) Date: Thu, 29 Nov 2001 15:21:14 -0500 Subject: [pptp-server] auto-login mount References: Message-ID: <001301c17913$64c11700$5009630a@intellimec.com> How do you folks achieve cross-domain authentication across PPTP link? Example scenario: PPTP server (A) Client PC (B), located across the internet on domain "mydomain" User bob on domain "mydomain" User bob logs into his client PC (B) user bob wants to log into the PPTP server (A) PPTP server tells msdun "your username is not valid in this domain" (or somethign similar) I read in the FAQ that you can edit your chap secrets and put in somethign like: domain\\user server password * but this did not solve the problem. What other methods are available? From jasons at NJAQUARIUM.ORG Thu Nov 29 14:23:15 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Thu, 29 Nov 2001 15:23:15 -0500 Subject: [pptp-server] auto-login mount Message-ID: you also have to have the reverse domain\\user * pass * * domain\\user pass * -----Original Message----- From: Steve Host [mailto:shost at intellimec.com] Sent: Thursday, November 29, 2001 3:21 PM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] auto-login mount How do you folks achieve cross-domain authentication across PPTP link? Example scenario: PPTP server (A) Client PC (B), located across the internet on domain "mydomain" User bob on domain "mydomain" User bob logs into his client PC (B) user bob wants to log into the PPTP server (A) PPTP server tells msdun "your username is not valid in this domain" (or somethign similar) I read in the FAQ that you can edit your chap secrets and put in somethign like: domain\\user server password * but this did not solve the problem. What other methods are available? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From shost at intellimec.com Thu Nov 29 14:25:39 2001 From: shost at intellimec.com (Steve Host) Date: Thu, 29 Nov 2001 15:25:39 -0500 Subject: [pptp-server] auto-login mount References: Message-ID: <001b01c17914$02c8b7a0$5009630a@intellimec.com> Thanks. Sorry for not changing the topic. =) ----- Original Message ----- From: "Jason Staudenmayer" To: "'Steve Host'" ; Sent: Thursday, November 29, 2001 3:23 PM Subject: RE: [pptp-server] auto-login mount > you also have to have the reverse > domain\\user * pass * > * domain\\user pass * > > > -----Original Message----- > From: Steve Host [mailto:shost at intellimec.com] > Sent: Thursday, November 29, 2001 3:21 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] auto-login mount > > > How do you folks achieve cross-domain authentication across PPTP link? > > Example scenario: > > PPTP server (A) > Client PC (B), located across the internet on domain "mydomain" > User bob on domain "mydomain" > > User bob logs into his client PC (B) > user bob wants to log into the PPTP server (A) > > PPTP server tells msdun "your username is not valid in this domain" (or > somethign similar) > > I read in the FAQ that you can edit your chap secrets and put in somethign > like: > > domain\\user server password * > > but this did not solve the problem. What other methods are available? > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From jasons at NJAQUARIUM.ORG Thu Nov 29 14:25:13 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Thu, 29 Nov 2001 15:25:13 -0500 Subject: [pptp-server] auto-login mount Message-ID: Oh and make sure you check the cAsE I used DOMAIN and domain for each user (each user has 4 entries) -----Original Message----- From: Jason Staudenmayer [mailto:jasons at NJAQUARIUM.ORG] Sent: Thursday, November 29, 2001 3:23 PM To: 'Steve Host'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] auto-login mount you also have to have the reverse domain\\user * pass * * domain\\user pass * -----Original Message----- From: Steve Host [mailto:shost at intellimec.com] Sent: Thursday, November 29, 2001 3:21 PM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] auto-login mount How do you folks achieve cross-domain authentication across PPTP link? Example scenario: PPTP server (A) Client PC (B), located across the internet on domain "mydomain" User bob on domain "mydomain" User bob logs into his client PC (B) user bob wants to log into the PPTP server (A) PPTP server tells msdun "your username is not valid in this domain" (or somethign similar) I read in the FAQ that you can edit your chap secrets and put in somethign like: domain\\user server password * but this did not solve the problem. What other methods are available? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From alex at saers.com Thu Nov 29 18:14:26 2001 From: alex at saers.com (ACEAlex) Date: Fri, 30 Nov 2001 01:14:26 +0100 Subject: [pptp-server] auto-login mount References: Message-ID: <000b01c17933$fb44af00$e4d22fc2@acealex> Uhh now i dont understand a thing. I have been fibling with vpn for a while. I got the network up and running. Now i want to be able to join the domain im calling. Ok, so here is my system. I have a domain called "ljungv" and the pdc is the linux running pptp. My computer that connects to it are called "acealex" and are on the workgroup "workgroup".. I havent joined the domain! On that computer i have a user called "LocalHero". Ok, I have set up the pptp chap-secret file like this billy * bob * And i have created an account on the domain for "billy" with "bob" as the password. When i enter the box in winxp that says that i should connect to the domain ljungv the connect thing fails. Whats wrong? What should i enter in chap-secret. Should i enter \\ljungv\billy as the user? Why do i user * billy * bob? Wow, lots of questions :) /Alexander ps. When i get this to work realy good im gonna make a webpage or a howto or something :) ds. ----- Original Message ----- From: "Jason Staudenmayer" To: "Jason Staudenmayer" ; "'Steve Host'" ; Sent: Thursday, November 29, 2001 9:25 PM Subject: RE: [pptp-server] auto-login mount > Oh and make sure you check the cAsE > I used DOMAIN and domain for each user (each user has 4 entries) > > -----Original Message----- > From: Jason Staudenmayer [mailto:jasons at NJAQUARIUM.ORG] > Sent: Thursday, November 29, 2001 3:23 PM > To: 'Steve Host'; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] auto-login mount > > > you also have to have the reverse > domain\\user * pass * > * domain\\user pass * > > > -----Original Message----- > From: Steve Host [mailto:shost at intellimec.com] > Sent: Thursday, November 29, 2001 3:21 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] auto-login mount > > > How do you folks achieve cross-domain authentication across PPTP link? > > Example scenario: > > PPTP server (A) > Client PC (B), located across the internet on domain "mydomain" > User bob on domain "mydomain" > > User bob logs into his client PC (B) > user bob wants to log into the PPTP server (A) > > PPTP server tells msdun "your username is not valid in this domain" (or > somethign similar) > > I read in the FAQ that you can edit your chap secrets and put in somethign > like: > > domain\\user server password * > > but this did not solve the problem. What other methods are available? > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From jorgens at coho.net Thu Nov 29 19:12:01 2001 From: jorgens at coho.net (Steve Jorgensen) Date: Thu, 29 Nov 2001 17:12:01 -0800 Subject: [pptp-server] IAS / RADIUS Message-ID: <01C178F8.F6617850.jorgens@coho.net> I'm interested in the idea of using poptop in a protected network, and authenticating against a Windows NT domain. The obvious way to do this would be to install IAS on a machine in the domain, and have the VPN server use RADIUS for authentication. I presume IAS can authenticate MS-CHAP logons (It Microsoft, after all), so the only missing piece would be to let poptop use RADIUS, right? Can this be done? From muralivemuri at multitech.co.in Thu Nov 29 21:10:34 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Fri, 30 Nov 2001 08:40:34 +0530 Subject: [pptp-server] problems of ppp and pptp Message-ID: <3C06F8AA.1C596E6F@multitech.co.in> hi guys! i have two problems. 1. the pptp server on my machine keeps posting some stupid messages : i attached a file by name messages.txt it keeps those messages posting to /var/log/messages, every 5 minutes. and also, i get the messages " respawning pptpd too fast" on the STDOUT. also, for my purpose, i need to post all debugging messages of the pptp, seperately in to a different file( than /var/log/messages). can it be done? 2. i applied the patches available at www.advancevpn.com/pub/ which are meant for the encryption stuff of PPP. I applied the patches to the kernel as well as the ppp . Then i complied them both and booted from that image. still, i am unable to make the link up from a win 98 client when i enable data encryption. I get the error message on the client as : "check your encryption settings". please give me some ideas. TIA murali krishna vemuri ps: i am attaching quite a few relevant files. please some one help me. -------------- next part -------------- # # inittab This file describes how the INIT process should set up # the system in a certain run-level. # # Author: Miquel van Smoorenburg, # Modified for RHS Linux by Marc Ewing and Donnie Barnes # # Default runlevel. The runlevels used by RHS are: # 0 - halt (Do NOT set initdefault to this) # 1 - Single user mode # 2 - Multiuser, without NFS (The same as 3, if you do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:3:initdefault: # System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc 0 l1:1:wait:/etc/rc.d/rc 1 l2:2:wait:/etc/rc.d/rc 2 l3:3:wait:/etc/rc.d/rc 3 l4:4:wait:/etc/rc.d/rc 4 l5:5:wait:/etc/rc.d/rc 5 l6:6:wait:/etc/rc.d/rc 6 # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few minutes # of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have powerd installed and your # UPS connected and working correctly. pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" # If power was restored before the shutdown kicked in, cancel it. pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled" #added by murali 7:2345:respawn:/sbin/mgetty -x 3 ttyS0 # Run gettys in standard runlevels 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 # Run xdm in runlevel 5 # xdm is now a separate service x:5:respawn:/etc/X11/prefdm -nodaemon pptp:35:respawn:/usr/sbin/pptpd -f # pptpd-1.0.1-1 -------------- next part -------------- Nov 30 08:30:23 yogi pptpd[21598]: MGR: Manager process started Nov 30 08:30:23 yogi pptpd[21598]: MGR: Couldn't create host socket Nov 30 08:30:23 yogi pptpd[21600]: MGR: Manager process started Nov 30 08:30:23 yogi pptpd[21600]: MGR: Couldn't create host socket Nov 30 08:30:23 yogi pptpd[21604]: MGR: Manager process started Nov 30 08:30:23 yogi pptpd[21604]: MGR: Couldn't create host socket Nov 30 08:30:23 yogi pptpd[21607]: MGR: Manager process started Nov 30 08:30:23 yogi pptpd[21607]: MGR: Couldn't create host socket Nov 30 08:30:23 yogi pptpd[21610]: MGR: Manager process started Nov 30 08:30:23 yogi pptpd[21610]: MGR: Couldn't create host socket Nov 30 08:30:23 yogi pptpd[21612]: MGR: Manager process started Nov 30 08:30:23 yogi pptpd[21612]: MGR: Couldn't create host socket Nov 30 08:30:23 yogi pptpd[21613]: MGR: Manager process started Nov 30 08:30:23 yogi pptpd[21613]: MGR: Couldn't create host socket Nov 30 08:30:23 yogi pptpd[21619]: MGR: Manager process started Nov 30 08:30:23 yogi pptpd[21619]: MGR: Couldn't create host socket Nov 30 08:30:23 yogi pptpd[21622]: MGR: Manager process started Nov 30 08:30:23 yogi pptpd[21622]: MGR: Couldn't create host socket Nov 30 08:30:23 yogi pptpd[21625]: MGR: Manager process started Nov 30 08:30:23 yogi pptpd[21625]: MGR: Couldn't create host socket -------------- next part -------------- debug lock proxyarp auth login require-chap #require-pap #asyncmap 0 10.110.2.1:10.110.2.3 mppe-40 mppe-128 +chapms +chapms-v2 -------------- next part -------------- +chap +chapms +chapms-v2 chapms-strip-domain mppe-40 mppe-128 require-chap require-mppe -------------- next part -------------- alias eth0 ne2k-pci alias parport_lowlevel parport_pc alias usb-controller usb-uhci # Added by i810 install alias char-major-10-175 agpgart alias char-major-107 3dfx alias ppp-compress-18 ppp_mppe alias char-major-108 ppp_generic alias /dev/ppp ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate From vorlon at netexpress.net Thu Nov 29 22:02:28 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Thu, 29 Nov 2001 22:02:28 -0600 Subject: [pptp-server] IAS / RADIUS In-Reply-To: <01C178F8.F6617850.jorgens@coho.net> References: <01C178F8.F6617850.jorgens@coho.net> Message-ID: <20011129220228.C11973@netexpress.net> Steve, On Thu, Nov 29, 2001 at 05:12:01PM -0800, Steve Jorgensen wrote: > I'm interested in the idea of using poptop in a protected network, and > authenticating against a Windows NT domain. The obvious way to do this > would be to install IAS on a machine in the domain, and have the VPN server > use RADIUS for authentication. I presume IAS can authenticate MS-CHAP > logons (It Microsoft, after all), so the only missing piece would be to let > poptop use RADIUS, right? > Can this be done? Not yet. PPTP authentication under Linux is handled by pppd; right now, there's a patch that lets you do MS-CHAPv2, and a patch that lets you do RADIUS authentication, but there's not yet anything that lets you do MS-CHAPv2 authentication over RADIUS. :) I'm working on such a beast, although it will be a bit before I have anything to show for the work. Interoperability with IAS seems like a reasonable goal. Cheers, Steve Langasek postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From jorgens at coho.net Fri Nov 30 00:15:04 2001 From: jorgens at coho.net (Steve Jorgensen) Date: Thu, 29 Nov 2001 22:15:04 -0800 Subject: [pptp-server] IAS / RADIUS Message-ID: <01C17923.4C521AB0.jorgens@coho.net> On Thursday, November 29, 2001 8:02 PM, Steve Langasek [SMTP:vorlon at netexpress.net] wrote: > Steve, > > On Thu, Nov 29, 2001 at 05:12:01PM -0800, Steve Jorgensen wrote: > > I'm interested in the idea of using poptop in a protected network, and > > authenticating against a Windows NT domain. The obvious way to do this > > would be to install IAS on a machine in the domain, and have the VPN server > > use RADIUS for authentication. I presume IAS can authenticate MS-CHAP > > logons (It Microsoft, after all), so the only missing piece would be to let > > poptop use RADIUS, right? > > > Can this be done? > > Not yet. PPTP authentication under Linux is handled by pppd; right now, > there's a patch that lets you do MS-CHAPv2, and a patch that lets you do > RADIUS authentication, but there's not yet anything that lets you do > MS-CHAPv2 authentication over RADIUS. :) I'm working on such a beast, > although it will be a bit before I have anything to show for the work. > Interoperability with IAS seems like a reasonable goal. (Sorry, Steve - I sent a copy of this to you personally while intending to reply to the group) Thanks for the reply. Now I'll probably make a fool of myself by speculating about things I know very little about. Trying, in my mind, to expand upon what you said, I'm guessing that the reason PPP(TP) authentication through RADIUS does not now do MS-CHAP, et al, even if the RADIUS server can do it for you is that the interface to RADIUS is through something like PAM and is a plain-text only API? If I guessed that right, it seems like a direct like to RADIUS would be nice because it would allow for any kind of password hashing the RADIUS server knows even if it is newer than the implementation of PPTP, be it a Microsoft thing, some new Cisco thing, or whatever. Another thought would be to enhance PAM itself to provide more complete access to extra functionality of RADIUS. I know this post makes many assumptions, and if any of them are wrong, I'm just blowing smoke, but I guess this is a good way to find out anything I don't yet get. From _raaman at wanadoo.nl Fri Nov 30 03:13:35 2001 From: _raaman at wanadoo.nl (Marcel Raaman) Date: Fri, 30 Nov 2001 03:13:35 -0600 (CST) Subject: [pptp-server] Re: Message-ID: <20011130091335.33886D14BF@poontang.schulte.org> An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: YOU_are_FAT!.MP3.scr Type: audio/x-wav Size: 29020 bytes Desc: not available URL: From mattgav at tempo.com.au Fri Nov 30 03:32:22 2001 From: mattgav at tempo.com.au (Matthew Gavin) Date: Fri, 30 Nov 2001 20:32:22 +1100 Subject: [pptp-server] Re: In-Reply-To: <20011130091335.33886D14BF@poontang.schulte.org> Message-ID: WTF!!!! -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Marcel Raaman Sent: Friday, 30 November 2001 8:14 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Re: --==BC0987654321DEF_== -------------- next part -------------- An HTML attachment was scrubbed... URL: From MUM55/SRV/IN/VOLTAS at voltasltd.com Fri Nov 30 03:17:11 2001 From: MUM55/SRV/IN/VOLTAS at voltasltd.com (MUM55/SRV/IN/VOLTAS at voltasltd.com) Date: Fri, 30 Nov 2001 14:47:11 +0530 Subject: [pptp-server] Report to Recipient(s) Message-ID: Incident Information:- Originator: pptp-server-admin at lists.schulte.org Recipients: pptp-server at lists.schulte.org Subject: [pptp-server] Re: WARNING: The file YOU_are_FAT!.MP3.scr you received was infected with the W32/BadTrans at MM virus. The file attachment was not successfully cleaned. -------------- next part -------------- An HTML attachment was scrubbed... URL: From MUM55/SRV/IN/VOLTAS at voltasltd.com Fri Nov 30 03:17:11 2001 From: MUM55/SRV/IN/VOLTAS at voltasltd.com (MUM55/SRV/IN/VOLTAS at voltasltd.com) Date: Fri, 30 Nov 2001 14:47:11 +0530 Subject: [pptp-server] Report to Recipient(s) Message-ID: Incident Information:- Originator: pptp-server-admin at lists.schulte.org Recipients: pptp-server at lists.schulte.org Subject: [pptp-server] Re: WARNING: The file YOU_are_FAT!.MP3.scr you received was infected with the W32/BadTrans at MM virus. The file attachment was not successfully cleaned. -------------- next part -------------- An HTML attachment was scrubbed... URL: From darbel at techunix.technion.ac.il Fri Nov 30 06:43:23 2001 From: darbel at techunix.technion.ac.il (Dani Arbel) Date: Fri, 30 Nov 2001 14:43:23 +0200 (IST) Subject: [pptp-server] VPN with PPTP on ADSL : impossible to make it work !!! Please Help In-Reply-To: Message-ID: could it be that your connection does not pass the gre protocol? it is ip protocol 47 .. I had this problem with iptables. had to specificaly allow this protocol (default or any wouldn't do). Dani On Wed, 28 Nov 2001, Ivan Maillard wrote: > Hi, > > I do not succeed to make a VPN working with : > > * a RH 7.2 linux server supporting an ADSL connection to the Internet > (Nettissimo from France Telecom), using rp-pppoe-3.2-3 package (ppp0 > interface) > * PPTP 1.0.1 on that linux server > * Win98 clients > > My /etc/pptpd.conf > > speed 115200 > pidfile /var/run/pptpd.pid > options /etc/ppp/options.vpn > debug > listen 193.251.45.35 > localip 10.1.1.201-220 > remoteip 10.1.1.221-240 > > My /etc/ppp/options.vpn > > lock > debug > auth > +chap > proxyarp > > My /etc/ppp/chap-secrets > > #username servername secret ipaddress > login_fai * passwd_fai * > validname * validpass * > > > When VPN logon trying (ipchains being deactivated) : > > Nov 28 17:07:48 JIGAGate pptpd[24353]: MGR: Launching > /usr/local/sbin/pptpctrl to handle client > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: local address = 10.1.1.201 > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: remote address = 10.1.1.221 > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: pppd speed = 115200 > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control > connection started > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control > connection started > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Received PPTP Control Message > (type: 1) > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Made a START CTRL CONN RPLY > packet > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: I wrote 156 bytes to the > client. > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Sent packet to client > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Received PPTP Control Message > (type: 7) > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Set parameters to 0 maxbps, 16 > window size > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Made a OUT CALL RPLY packet > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Starting call (launching pppd, > opening GRE) > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Starting call (launching pppd, > opening GRE) > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: pty_fd = 4 > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: tty_fd = 5 > Nov 28 17:07:48 JIGAGate pptpd[24354]: CTRL (PPPD Launcher): Connection > speed = 115200 > Nov 28 17:07:48 JIGAGate pptpd[24354]: CTRL (PPPD Launcher): local address = > 10.1.1.201 > Nov 28 17:07:48 JIGAGate pptpd[24354]: CTRL (PPPD Launcher): remote address > = 10.1.1.221 > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: I wrote 32 bytes to the client. > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Sent packet to client > Nov 28 17:07:48 JIGAGate pppd[24354]: pppd 2.4.1 started by root, uid 0 > Nov 28 17:07:48 JIGAGate pppd[24354]: pppd 2.4.1 started by root, uid 0 > Nov 28 17:07:48 JIGAGate pppd[24354]: Using interface ppp1 > Nov 28 17:07:48 JIGAGate pppd[24354]: Using interface ppp1 > Nov 28 17:07:48 JIGAGate pppd[24354]: Connect: ppp1 <--> /dev/pts/1 > Nov 28 17:07:48 JIGAGate pppd[24354]: Connect: ppp1 <--> /dev/pts/1 > Nov 28 17:07:48 JIGAGate pptpd[24353]: GRE: > read(fd=5,buffer=bfffd680,len=8260) from network failed: status = -1 error = > Protocol no > t available > Nov 28 17:07:48 JIGAGate pptpd[24353]: GRE: > read(fd=5,buffer=bfffd680,len=8260) from network failed: status = -1 error = > Protocol no > t available > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: GRE read or PTY write failed > (gre,pty)=(5,4) > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: GRE read or PTY write failed > (gre,pty)=(5,4) > Nov 28 17:07:49 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control > connection finished > Nov 28 17:07:49 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control > connection finished > Nov 28 17:07:49 JIGAGate pppd[24354]: Modem hangup > Nov 28 17:07:49 JIGAGate pppd[24354]: Modem hangup > Nov 28 17:07:49 JIGAGate pptpd[24353]: CTRL: Exiting now > Nov 28 17:07:49 JIGAGate pppd[24354]: Connection terminated. > > I've tried lot of parameters set on the win98 box without any change on the > result. The same with /etc/ppp/options.vpn or /etc/ppp/chap-secrets. > > TCPDUMP on ppp0 (ADSL interface) shows the following line when attempting to > connect from the win98 client : > 17:13:28.321787 < r186m68.cybercable.tm.fr > 193.251.45.35: icmp: > r186m68.cybercable.tm.fr protocol 47 unreachable [tos 0xc0] > > Note : cybercable is the FAI of the win98 box. > > I would greatly appreciate any help on that very painful case. > > THANKS ! > > Ivan. > imaillard at jiga.fr > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From imaillard at jiga.fr Fri Nov 30 07:15:28 2001 From: imaillard at jiga.fr (Ivan Maillard) Date: Fri, 30 Nov 2001 14:15:28 +0100 Subject: [pptp-server] VPN with PPTP on ADSL : impossible to make it work!!! Please Help In-Reply-To: Message-ID: In fact, the client was behind a masquerading server (not patched). That's now solved. Thanks anyway for your kindness ! Ivan. -----Message d'origine----- De : pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]De la part de Dani Arbel Envoy? : vendredi 30 novembre 2001 13:43 ? : Ivan Maillard Cc : pptp-server at lists.schulte.org Objet : Re: [pptp-server] VPN with PPTP on ADSL : impossible to make it work!!! Please Help could it be that your connection does not pass the gre protocol? it is ip protocol 47 .. I had this problem with iptables. had to specificaly allow this protocol (default or any wouldn't do). Dani On Wed, 28 Nov 2001, Ivan Maillard wrote: > Hi, > > I do not succeed to make a VPN working with : > > * a RH 7.2 linux server supporting an ADSL connection to the Internet > (Nettissimo from France Telecom), using rp-pppoe-3.2-3 package (ppp0 > interface) > * PPTP 1.0.1 on that linux server > * Win98 clients > > My /etc/pptpd.conf > > speed 115200 > pidfile /var/run/pptpd.pid > options /etc/ppp/options.vpn > debug > listen 193.251.45.35 > localip 10.1.1.201-220 > remoteip 10.1.1.221-240 > > My /etc/ppp/options.vpn > > lock > debug > auth > +chap > proxyarp > > My /etc/ppp/chap-secrets > > #username servername secret ipaddress > login_fai * passwd_fai * > validname * validpass * > > > When VPN logon trying (ipchains being deactivated) : > > Nov 28 17:07:48 JIGAGate pptpd[24353]: MGR: Launching > /usr/local/sbin/pptpctrl to handle client > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: local address = 10.1.1.201 > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: remote address = 10.1.1.221 > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: pppd speed = 115200 > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control > connection started > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control > connection started > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Received PPTP Control Message > (type: 1) > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Made a START CTRL CONN RPLY > packet > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: I wrote 156 bytes to the > client. > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Sent packet to client > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Received PPTP Control Message > (type: 7) > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Set parameters to 0 maxbps, 16 > window size > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Made a OUT CALL RPLY packet > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Starting call (launching pppd, > opening GRE) > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Starting call (launching pppd, > opening GRE) > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: pty_fd = 4 > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: tty_fd = 5 > Nov 28 17:07:48 JIGAGate pptpd[24354]: CTRL (PPPD Launcher): Connection > speed = 115200 > Nov 28 17:07:48 JIGAGate pptpd[24354]: CTRL (PPPD Launcher): local address = > 10.1.1.201 > Nov 28 17:07:48 JIGAGate pptpd[24354]: CTRL (PPPD Launcher): remote address > = 10.1.1.221 > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: I wrote 32 bytes to the client. > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: Sent packet to client > Nov 28 17:07:48 JIGAGate pppd[24354]: pppd 2.4.1 started by root, uid 0 > Nov 28 17:07:48 JIGAGate pppd[24354]: pppd 2.4.1 started by root, uid 0 > Nov 28 17:07:48 JIGAGate pppd[24354]: Using interface ppp1 > Nov 28 17:07:48 JIGAGate pppd[24354]: Using interface ppp1 > Nov 28 17:07:48 JIGAGate pppd[24354]: Connect: ppp1 <--> /dev/pts/1 > Nov 28 17:07:48 JIGAGate pppd[24354]: Connect: ppp1 <--> /dev/pts/1 > Nov 28 17:07:48 JIGAGate pptpd[24353]: GRE: > read(fd=5,buffer=bfffd680,len=8260) from network failed: status = -1 error = > Protocol no > t available > Nov 28 17:07:48 JIGAGate pptpd[24353]: GRE: > read(fd=5,buffer=bfffd680,len=8260) from network failed: status = -1 error = > Protocol no > t available > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: GRE read or PTY write failed > (gre,pty)=(5,4) > Nov 28 17:07:48 JIGAGate pptpd[24353]: CTRL: GRE read or PTY write failed > (gre,pty)=(5,4) > Nov 28 17:07:49 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control > connection finished > Nov 28 17:07:49 JIGAGate pptpd[24353]: CTRL: Client 195.132.186.68 control > connection finished > Nov 28 17:07:49 JIGAGate pppd[24354]: Modem hangup > Nov 28 17:07:49 JIGAGate pppd[24354]: Modem hangup > Nov 28 17:07:49 JIGAGate pptpd[24353]: CTRL: Exiting now > Nov 28 17:07:49 JIGAGate pppd[24354]: Connection terminated. > > I've tried lot of parameters set on the win98 box without any change on the > result. The same with /etc/ppp/options.vpn or /etc/ppp/chap-secrets. > > TCPDUMP on ppp0 (ADSL interface) shows the following line when attempting to > connect from the win98 client : > 17:13:28.321787 < r186m68.cybercable.tm.fr > 193.251.45.35: icmp: > r186m68.cybercable.tm.fr protocol 47 unreachable [tos 0xc0] > > Note : cybercable is the FAI of the win98 box. > > I would greatly appreciate any help on that very painful case. > > THANKS ! > > Ivan. > imaillard at jiga.fr > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From Steve at SteveCowles.com Fri Nov 30 08:06:37 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 30 Nov 2001 08:06:37 -0600 Subject: [pptp-server] auto-login mount Message-ID: <90769AF04F76D41186C700A0C90AFC3EE918@defiant.infohiiway.com> > -----Original Message----- > From: ACEAlex [mailto:alex at saers.com] > Sent: Thursday, November 29, 2001 6:14 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] auto-login mount > > > Uhh now i dont understand a thing. I have been fibling with > vpn for a while. I got the network up and running. Now i want > to be able to join the domain im calling. > > Ok, so here is my system. I have a domain called "ljungv" and > the pdc is the linux running pptp. My computer that connects > to it are called "acealex" and are on the workgroup "workgroup".. > I havent joined the domain! On that computer i have a user > called "LocalHero". > > Ok, I have set up the pptp chap-secret file like this > > billy * bob * > > And i have created an account on the domain for "billy" with > "bob" as the password. When i enter the box in winxp that says > that i should connect to the domain ljungv the connect thing > fails. Whats wrong? What should i enter in chap-secret. Should > i enter \\ljungv\billy as the user? > > Why do i user * billy * bob? > Are you sure your not confusing VPN tunnel authentication with your XP system trying to authenticate against the PDC??? They are totally separate processes. Other suggestions: 1) Do you have a WINS server running on your network? 2) Has your PDC registered with this WINS server? 3) Are you specifying this WINS server in your ppp options file. i.e. ms-wins Steve Cowles From jasons at NJAQUARIUM.ORG Fri Nov 30 08:25:28 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Fri, 30 Nov 2001 09:25:28 -0500 Subject: [pptp-server] auto-login mount Message-ID: ACEAlex here's the quick and dirty Client setup network properties Micro$oft client properties LOGON TO DOMAIN must be same domain as PDC (that's the whole point of domains) back to network properties Identification workgroup must be set to the same as domain (workgroup=domain) open notepad enter this 123.456.789.123 pdcname #PRE #DOM:domainname replace ip with real IP of pdc save in c:\windows as lmhosts (make sure this has NO extension look at it with win explorer) if you don't have a wins server fill-in the all addresses of all WS in lhmosts Make sure you don't have IPchains on. ipchains -L -n you should see three lines all ACCEPT restart and try it. -----Original Message----- From: Cowles, Steve [mailto:Steve at SteveCowles.com] Sent: Friday, November 30, 2001 9:07 AM To: 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] auto-login mount > -----Original Message----- > From: ACEAlex [mailto:alex at saers.com] > Sent: Thursday, November 29, 2001 6:14 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] auto-login mount > > > Uhh now i dont understand a thing. I have been fibling with > vpn for a while. I got the network up and running. Now i want > to be able to join the domain im calling. > > Ok, so here is my system. I have a domain called "ljungv" and > the pdc is the linux running pptp. My computer that connects > to it are called "acealex" and are on the workgroup "workgroup".. > I havent joined the domain! On that computer i have a user > called "LocalHero". > > Ok, I have set up the pptp chap-secret file like this > > billy * bob * > > And i have created an account on the domain for "billy" with > "bob" as the password. When i enter the box in winxp that says > that i should connect to the domain ljungv the connect thing > fails. Whats wrong? What should i enter in chap-secret. Should > i enter \\ljungv\billy as the user? > > Why do i user * billy * bob? > Are you sure your not confusing VPN tunnel authentication with your XP system trying to authenticate against the PDC??? They are totally separate processes. Other suggestions: 1) Do you have a WINS server running on your network? 2) Has your PDC registered with this WINS server? 3) Are you specifying this WINS server in your ppp options file. i.e. ms-wins Steve Cowles _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Fri Nov 30 09:38:20 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 30 Nov 2001 10:38:20 -0500 (EST) Subject: [pptp-server] Re: In-Reply-To: Message-ID: On Fri, 30 Nov 2001, Matthew Gavin wrote: > WTF!!!! It's a virus. While people continue to use Lookout! from Micky$oft, we will be periodically assaulted by such things. Get over it. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From vieri.sacchi at linuxexperts.it Fri Nov 30 11:08:15 2001 From: vieri.sacchi at linuxexperts.it (Vieri Sacchi) Date: Fri, 30 Nov 2001 18:08:15 +0100 Subject: [pptp-server] RADIUS support through portslave Message-ID: <3C07BCFF.6A7ECAFE@linuxexperts.it> HI, I'm trying to make PPTP clients authenticate to RADIUS through portslave, as I see that many people have done it successfully. It's not clear to me how it's supposed to work, anyway. I did the following: 1) I compiled and installed the following - pptpd-1.1.2 - portslave-2001.11.17.tar.gz - xtradius-1.1-pre2.tar.gz - ppp-2.4.1.tar.gz - kernel 2.4.13-ac8 2) I added the plugin option to ppp option file so that it loads libpsr.so at startup 3) I configured the pslave.conf file so that pseudo terminal pts/n are used (n ranging from 0 to 255) 4) when I start the connection, ppptpd invokes pppd, which exits because the plugin exits with the message "Bad environment" I had a look at portslave code and I found out that the plugin expects 3 environment variables be set (which cause the above error message) and, moreover, it needs the session structure thisauth be initialized. Now, as this initialization is done by the main, that is by portslave itself, it's not clear to me how pptpd can activate portslave's RADIUS-ready pppd without interacting with portslave itself (pptpd and portslave ignoring each other) Is there anybody who has managed to make pptpd authenticate to RADIUS willing to give me a hint? Am I missing anything? Thanks a lot in advance Vieri -------------- next part -------------- A non-text attachment was scrubbed... Name: vieri.sacchi.vcf Type: text/x-vcard Size: 314 bytes Desc: Card for Vieri Sacchi URL: From vorlon at netexpress.net Fri Nov 30 10:50:21 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Fri, 30 Nov 2001 10:50:21 -0600 Subject: [pptp-server] IAS / RADIUS In-Reply-To: <01C17923.4C521AB0.jorgens@coho.net> References: <01C17923.4C521AB0.jorgens@coho.net> Message-ID: <20011130105021.F14126@netexpress.net> On Thu, Nov 29, 2001 at 10:15:04PM -0800, Steve Jorgensen wrote: > Thanks for the reply. Now I'll probably make a fool of myself by > speculating about things I know very little about. > Trying, in my mind, to expand upon what you said, I'm guessing that the > reason PPP(TP) authentication through RADIUS does not now do MS-CHAP, et > al, even if the RADIUS server can do it for you is that the interface to > RADIUS is through something like PAM and is a plain-text only API? If I > guessed that right, it seems like a direct like to RADIUS would be nice > because it would allow for any kind of password hashing the RADIUS server > knows even if it is newer than the implementation of PPTP, be it a > Microsoft thing, some new Cisco thing, or whatever. Another thought would > be to enhance PAM itself to provide more complete access to extra > functionality of RADIUS. pppd actually doesn't use PAM at all for this, by default; PAM is a very bad fit for pppd, so the upstream source includes its own module API that provides hooks for other /PAP/ authenticators. I'm working on adding hooks for CHAP authenticators, and I have a CHAP module working that authenticates against RADIUS, but it's all very kludgy right now. I'm still struggling with getting MS-CHAP done right on the wire against freeradius (which already supports it) before trying to implement MS-CHAPv2 on both ends. Cheers, Steve Langasek postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From vlast at indivisuallearning.com Fri Nov 30 11:13:11 2001 From: vlast at indivisuallearning.com (Vladimir Strezhnev) Date: Fri, 30 Nov 2001 11:13:11 -0600 Subject: [pptp-server] RE: PAM is a very bad fit for pppd Message-ID: <01113011131100.03318@ivl-devel.eetc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve, Could you (or anybody on the list) explain more specifically why it is so. We're using ppp pam module on Linux dialup server, which (the module) is configured to authenticate - via pam_winbind.so - on W2K Domain Controller. All accounts on W2K DC that are not in the embargo file checked by pam_listfile.so module are able to use dialup. (It is nothing to do with pptp - just plain dialup ppp with pap authentication) Do you think it is insecure and why? > pppd actually doesn't use PAM at all for this, by default; PAM is a very > bad fit for pppd, so the upstream source includes its own module API > that provides hooks for other /PAP/ authenticators. > Cheers, > Steve Langasek > postmodern programmer - -- VLADIMIR STREZHNEV System Engineer IndiVisual Learning, LLC St. Paul, MN -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBPAe+J75tPDt+Qc/uEQLtNACgxSqlzNqG3s0AcsHD9tO93oacZP0AoPI/ 7ltVJ9NvQUo6RZPYfpl+FPxs =XoDx -----END PGP SIGNATURE----- From vorlon at netexpress.net Fri Nov 30 11:29:37 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Fri, 30 Nov 2001 11:29:37 -0600 Subject: [pptp-server] RE: PAM is a very bad fit for pppd In-Reply-To: <01113011131100.03318@ivl-devel.eetc.com> References: <01113011131100.03318@ivl-devel.eetc.com> Message-ID: <20011130112937.J14126@netexpress.net> Vladimir, On Fri, Nov 30, 2001 at 11:13:11AM -0600, Vladimir Strezhnev wrote: > Could you (or anybody on the list) explain more specifically why it is so. > We're using ppp pam module on Linux dialup server, which (the module) is > configured to authenticate - via pam_winbind.so - on W2K Domain Controller. > All accounts on W2K DC that are not in the embargo file checked by > pam_listfile.so module are able to use dialup. > (It is nothing to do with pptp - just plain dialup ppp with pap > authentication) > Do you think it is insecure and why? There's nothing wrong with using PAM for PPP authentication if it fits your needs. However, PAM is a general-purpose plugin API that gives little information back to the application; it basically answers the question, "is this user who he says he is?" This means any application which needs more information back from its authentication modules can't use standard PAM modules, and therefore probably shouldn't use PAM as an API. The first place where this limit affects pppd is when you want the remote IP address to be assigned by the authenticator (this is the whole reason my employer wants to use RADIUS). pppd's PAP plugins can do this, but PAM modules cannot. The second problem is when you want to do CHAP authentication, which is required for pptp encryption (and not just any CHAP, but MSCHAPv2). Stuffing CHAP handshaking into a PAM module would be /possible/, but it would also be painful -- and you *still* wouldn't have IP address assignment. PAM is great technology, but it doesn't fit every problem. Steve Langasek postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From sean at cyberfarer.com Fri Nov 30 13:00:49 2001 From: sean at cyberfarer.com (Sean) Date: Fri, 30 Nov 2001 14:00:49 -0500 Subject: [pptp-server] Data Encryption References: Message-ID: <001401c179d1$53e92a80$0802a8c0@sympatico.ca> I have the patches for MS-CHAP and MS-CHAPV2 installed. When I set up the client and select password authentication and connect, details show I am using MS-CHAPV2. However, when I select data encryption I get the following error: "The computer you're dialing in to does not support the data encryption requirements specified. Please check your encryption settings in the properties of the connection. If this problem persists, contact your network" My modules.conf is as follows: alias ppp-compress-18 mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias char-major-108 ppp My options.vpn is as follows: debug name Server auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless Should I be able to select data encryption within the Win client? Without it, as far as I can see, data is not encrypted. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jasons at NJAQUARIUM.ORG Fri Nov 30 13:27:44 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Fri, 30 Nov 2001 14:27:44 -0500 Subject: [pptp-server] Data Encryption Message-ID: versions? OS? -----Original Message----- From: Sean [mailto:sean at cyberfarer.com] Sent: Friday, November 30, 2001 2:01 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Data Encryption I have the patches for MS-CHAP and MS-CHAPV2 installed. When I set up the client and select password authentication and connect, details show I am using MS-CHAPV2. However, when I select data encryption I get the following error: "The computer you're dialing in to does not support the data encryption requirements specified. Please check your encryption settings in the properties of the connection. If this problem persists, contact your network" My modules.conf is as follows: alias ppp-compress-18 mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias char-major-108 ppp My options.vpn is as follows: debug name Server auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless Should I be able to select data encryption within the Win client? Without it, as far as I can see, data is not encrypted. Thanks. From sean at cyberfarer.com Fri Nov 30 13:44:24 2001 From: sean at cyberfarer.com (Sean) Date: Fri, 30 Nov 2001 14:44:24 -0500 Subject: [pptp-server] Data Encryption References: Message-ID: <003c01c179d7$6a2629a0$0802a8c0@sympatico.ca> I am using Mandrake Linux 8 with kernel version 2.4.3-20. I am using PopTop version 1.0.1 I have tried connecting with WinME and WinXP, both with the same result. WinME, I believe, is using DUN1.4. WinXP, I am not sure of the version number but I assume it would be the latest. Thanks. ----- Original Message ----- From: "Jason Staudenmayer" To: "'Sean'" ; Sent: Friday, November 30, 2001 2:27 PM Subject: RE: [pptp-server] Data Encryption > versions? > OS? > > > -----Original Message----- > From: Sean [mailto:sean at cyberfarer.com] > Sent: Friday, November 30, 2001 2:01 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Data Encryption > > > I have the patches for MS-CHAP and MS-CHAPV2 installed. > > When I set up the client and select password authentication and connect, > details show I am using MS-CHAPV2. > However, when I select data encryption I get the following error: "The > computer you're dialing in to does not support the data encryption > requirements specified. Please check your encryption settings in the > properties of the connection. If this problem persists, contact your > network" > > My modules.conf is as follows: > > alias ppp-compress-18 mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > alias char-major-108 ppp > > My options.vpn is as follows: > > debug > name Server > auth > require-chap > proxyarp > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > Should I be able to select data encryption within the Win client? > > Without it, as far as I can see, data is not encrypted. > > Thanks. > > > > > > > From jasons at NJAQUARIUM.ORG Fri Nov 30 14:13:34 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Fri, 30 Nov 2001 15:13:34 -0500 Subject: [pptp-server] Data Encryption Message-ID: get the source for ppp-2.4.x get the patches for mppe and any others you can find for ppp-2.4.x read the README for the patches and the install. you'll propbly have to build a new kernel to. then try it -----Original Message----- From: Sean [mailto:sean at cyberfarer.com] Sent: Friday, November 30, 2001 2:44 PM To: Jason Staudenmayer; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Data Encryption I am using Mandrake Linux 8 with kernel version 2.4.3-20. I am using PopTop version 1.0.1 I have tried connecting with WinME and WinXP, both with the same result. WinME, I believe, is using DUN1.4. WinXP, I am not sure of the version number but I assume it would be the latest. Thanks. ----- Original Message ----- From: "Jason Staudenmayer" To: "'Sean'" ; Sent: Friday, November 30, 2001 2:27 PM Subject: RE: [pptp-server] Data Encryption > versions? > OS? > > > -----Original Message----- > From: Sean [mailto:sean at cyberfarer.com] > Sent: Friday, November 30, 2001 2:01 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Data Encryption > > > I have the patches for MS-CHAP and MS-CHAPV2 installed. > > When I set up the client and select password authentication and connect, > details show I am using MS-CHAPV2. > However, when I select data encryption I get the following error: "The > computer you're dialing in to does not support the data encryption > requirements specified. Please check your encryption settings in the > properties of the connection. If this problem persists, contact your > network" > > My modules.conf is as follows: > > alias ppp-compress-18 mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > alias char-major-108 ppp > > My options.vpn is as follows: > > debug > name Server > auth > require-chap > proxyarp > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > Should I be able to select data encryption within the Win client? > > Without it, as far as I can see, data is not encrypted. > > Thanks. > > > > > > > From jasons at NJAQUARIUM.ORG Fri Nov 30 16:12:41 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Fri, 30 Nov 2001 17:12:41 -0500 Subject: [pptp-server] auto-login mount Message-ID: Here's a Samba preexec script to automount Novell vols. per samba user login. under the [homes] in smb.conf preexec = /etc/samba/myncpmount %u the contents of the myncpmount file: ----- #!/bin/bash # written by:Alan C. # debugged and tested by:Jason S. [ "x$1" = "x" ] && exit 1 USER=$1 PASS=`awk '/^'$USER' / {print $2}' /etc/samba/ncpasswd` SERV=`awk '/^'$USER' / {print $3}' /etc/samba/ncpasswd` VOL=`awk '/^'$USER' / {print $4}' /etc/samba/ncpasswd` PATH=`awk '/^'$USER' / {print $5}' /etc/samba/ncpasswd` #(tilde)awk (apos)/^(apos)$1(apos) / (print $2}(apos) /etc/samba/ncpasswd(tilde) #check for a no match of username somewhere [ "x$SERV" = "x" ] && exit 1 echo /usr/bin/ncpmount -U $USER -P $PASS -S $SERV -V $VOL $PATH -----EOF format for the ncpasswd: username password server volume mountdir **** MUST USE SPACES NOT TABS ****** make both files 755 have phun. I'm still working on the auto umount for this should have it soon. And maybe some better docs.