[pptp-server] Strange problem ...
Jim Roland
jroland at roland.net
Thu Oct 18 18:18:05 CDT 2001
----- Original Message -----
From: "Jordan Share" <iso9 at phantasticant.com>
To: "Jim Roland" <jroland at roland.net>; "Marek Butas" <MarekButas at seznam.cz>;
"PPTP List" <pptp-server at lists.schulte.org>
Sent: Thursday, October 18, 2001 6:01 PM
Subject: RE: [pptp-server] Strange problem ...
> This boggles my mind. I can't believe this is the first time I've even
heard of it. I've already rolled this out on our LAN (thought it would save
us from buying a win2k server box). I wasn't fully able to reproduce the
behaviour you describe, but there was definite weirdness when I tried
connecting two boxes. They would alternately drop off the network (it's a
little hard to tell what's going on, since I only have a flat LAN to play
with here at work, and all the machines are on the same network.
>
> Still, I was able to connect 2 at the same time, albeit with intermittant
failures (I had a continuous ping running on each machine the whole time).
>
> As I understood your message, you were saying that the second client would
not be able to send/recieve data when it connected? I was able to
successfully connect the second client, and ping its (new) address from
another machine. Does this jibe with your experience?
Sort of. If I let the connection sit without manually intervening, the 2nd
client will drop on it's own after a while. When experiencing the problem,
I am unable to ping the gateway from the 2nd client at all...2nd client can
ping itself, but nowhere else. The gateway and LAN machines are unable to
ping the 2nd client.
I believe I have tried setting up for multiple LOCAL IPs in pptpd.conf, but
believe I got the same response. When using multiple REMOTE IPs, am I
forced to use multiple LOCAL IPs (having those locals aliased to eth1 or
eth0)?
My network setup:
Internet ---> External Firewall (forwarding/NATingGRE and 1723 to Internal
FW) --> Internal FW/Proxy with PPTP --> LAN
Now, I don't think it's a NAT issue since turning MPPE off completely and
unloading MPPE allows 2 clients to work flawlessly.
> Jordan
>
>
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jim Roland
> Sent: Thursday, October 18, 2001 12:49 PM
> To: Jordan Share; Marek Butas; PPTP List
> Subject: Re: [pptp-server] Strange problem ...
>
>
> That is correct. There is also a problem of no packets running at all if
> "mppe-40" is enabled in /etc/ppp/options, in all cases. Symptoms occur as
> soon as MPPE mode is initialized (after IP assignment and authentication).
> The instant the "MPPE Loaded" message occurs in the /var/log/messages
> logfile, packets stop running (with and without mppe-stateless and with
and
> without mppe-128). Reproducing the problem and workarounds are noted
below.
>
> Here is what's loaded on the box:
> Server-
> RedHat 7.1 distro, custom compiled kernel (compiled to add iptables &
> connection tracking capabilities, and mppe module)
> Kernel 2.4.2-2
> pptpd (PoPToP v1.1.2)
> ppp-2.4.0 (have tried ppp-2.4.1 same result), compiled from source code
> after the following patches installed:
> linux-2.4.0-openssl-0.9.6-mppe.patch.gz
> ppp-2.4.0-openssl-0.9.6-mppe.patch.gz
> ** The box is being used as a firewall & squid proxy. It works w/o MPPE
> (read below).
> -----
> Client-
> Windows 2000, with no SP, and with SP1 and with SP2
>
> -----
> This is the way I reproduce the problem:
> 1) Multiple users: A user connects in with MPPE, the ppp_mppe module
> auto-loads. No problems thus far.
> a) While the first user stays connected, a 2nd user connects. The
> moment "MPPE loaded" shows in the messages log, packets stop moving
through
> the tunnel. First user can still access the tunnel (I think).
> 2) Single user: A user connects in with MPPE, the ppp_mppe module
> auto-loads. No problems accessing the tunnel.
> a) Single user disconnects, waits a few minutes and reconnects (mppe
> module not unloaded yet).
> b) Single user unable to access tunnel as soon as "MPPE loaded" shows
up
> in the messages log.
>
> -----
> Workarounds (either 1 or 2):
> 1) No MPPE usage at all (tunnel works fine for multiple users):
> a) End users turn encryption requirement off
> b) mppe-* options are disabled in the /etc/ppp/options log
> c) ppp_mppe module not loaded
> 2) Single user, MPPE usage:
> a) Manually unloading ppp_mppe at shell prompt via rmmod
> or
> b) Unloading ppp_mppe when pppd terminates (via ipdown.local with an
> rmmod command inside the script)
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jim Roland, RHCE (RedHat Certified Engineer)
> Owner, Roland Internet Services
> "The four surefire rules for success: Show up, Pay attention, Ask
> questions, Don't quit."
> --Rob Gilbert, PH.D.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ----- Original Message -----
> From: "Jordan Share" <iso9 at phantasticant.com>
> To: "Jim Roland" <jroland at roland.net>; "Marek Butas"
<MarekButas at seznam.cz>;
> "PPTP List" <pptp-server at lists.schulte.org>
> Sent: Thursday, October 18, 2001 1:35 PM
> Subject: RE: [pptp-server] Strange problem ...
>
>
> > Wait, are you saying that two people cannot be connected at once to a
> linux PPTP server with MPPE ?
> >
> > Jordan
> >
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jim Roland
> > Sent: Wednesday, October 17, 2001 11:02 PM
> > To: Marek Butas; PPTP List
> > Subject: Re: [pptp-server] Strange problem ...
> >
> >
> > If you're using MPPE, it has a bug in it that prevents a secondary
> (single)
> > connection, or multiple simultaneous connections.
> >
> >
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>
More information about the pptp-server
mailing list