From r.welbers at t-online.de Sun Sep 2 10:12:25 2001 From: r.welbers at t-online.de (Raphael Welbers) Date: Sun, 2 Sep 2001 17:12:25 +0200 Subject: [pptp-server] Error in SYSLOG Message-ID: <000101c133c1$acc71f00$0100a8c0@bionic.rw> Hello. I wanted to run a PPTP-Server with a DSL-Flat, but I dont get any Connection established. There is still an SYSLOG Error I dont understand. Sep 2 16:14:02 samba pppd[1078]: Using interface ppp1 Sep 2 16:14:02 samba pppd[1078]: Connect: ppp1 <--> /dev/pts/1 Sep 2 16:14:02 samba pppd[1078]: sent [LCP ConfReq id=0x1 ] Sep 2 16:14:02 samba pptpd[1077]: CTRL: Sent packet to client Sep 2 16:14:02 samba pptpd[1077]: CTRL: Received PPTP Control Message (type: 15) Sep 2 16:14:02 samba pptpd[1077]: CTRL: Got a SET LINK INFO packet with standard ACCMs Sep 2 16:14:02 samba pppd[1078]: Timeout 0x8050ba0:0x807a2c0 in 3 seconds. Sep 2 16:14:02 samba pptpd[1077]: GRE: Discarding duplicate packet Sep 2 16:14:02 samba pppd[1078]: rcvd [LCP ConfAck id=0x1 ] Sep 2 16:14:04 samba pppd[1078]: rcvd [LCP ConfReq id=0x1 < 11 04 06 4e> < 13 17 01 0d eb eb 90 bb b3 46 0a ba 2c d8 bc 75 d8 b6 e9 00 00 00 02>] Sep 2 16:14:04 samba pppd[1078]: Fatal signal 11 Sep 2 16:14:04 samba pppd[1078]: Exit. Sep 2 16:14:04 samba pptpd[1077]: GRE: read(fd=5,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output error Sep 2 16:14:04 samba pptpd[1077]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Sep 2 16:14:04 samba pptpd[1077]: CTRL: Client 192.168.0.1 control connection finished Sep 2 16:14:04 samba pptpd[1077]: CTRL: Exiting now Sep 2 16:14:04 samba pptpd[1043]: MGR: Reaped child 1077 Maybe someone can help me. Thanks. Raphael Welbers -------------- next part -------------- An HTML attachment was scrubbed... URL: From jimmc at shocksystems.com Mon Sep 3 10:22:12 2001 From: jimmc at shocksystems.com (Jim McCormack) Date: 03 Sep 2001 11:22:12 -0400 Subject: [pptp-server] PPTP client behind iptables firewall Message-ID: <999530532.4059.14.camel@snorlax.int.shocksystems.com> Hello All: I understand that the RFC/protocol and consequently PoPToP will not allow multiple vpn connections from a single ip address. This is not an issue for me necessarily, as long as I can connect from any of my vpn clients behind my iptables firewall, as long as they are at different times. I have been having trouble getting this to work. I have searched the mailing list archives for sample iptables code, but most seemes to be relevant for running a poptop SERVER behind a masqueraded firewall. Furthermore most of the examples I see have you explicitly state the ip address of the client that will be connecting through the firewall, and having all of the GRE traffic directed to that machine. That of course won't allow me to connect from different machines at any time without changing the firewall code. I of course explicitly allow incoming and outgoing Protocol 47 (GRE) and TCP 1723 traffic. Can anyone who is currently connecting to a pptp server from a client behind an iptables firewall share their experience, and what, if anything, special they had to do to make it work. Cheers! Jim McCormack From gimli at momsquad.net Sun Sep 2 14:52:03 2001 From: gimli at momsquad.net (Tom Hallberg) Date: Sun, 02 Sep 2001 21:52:03 +0200 Subject: [pptp-server] pptp defaultroute on unix Message-ID: <4.3.1.0.20010902214927.02c19d00@pop3.norton.antivirus> Hi I know and I have seen many of this sort of question but it's only for windows.. and that part I have fixed.. but I want to run the pptp client from my fbsd box.. thats my own GW.. but it wont put up the VPN because of the default route allready exist.. so how is the best way to do it.. because if I take away default route I will lose my connection ofcourse.. and then I cant connect to my pptpd server =) so how can I tell my ppp or pptp to not try to make a new default route and so on?? plz help me =) thx alot.. /Tom From walterm at Gliatech.com Tue Sep 4 15:00:35 2001 From: walterm at Gliatech.com (Michael Walter) Date: Tue, 4 Sep 2001 16:00:35 -0400 Subject: [pptp-server] Error 742 - the answer.. which brings new quest ions Message-ID: <924448B61EE36B45A3134C7B685E87933544@gliatechusa1.gliatech.com> I have seen a similar issue on the 2.4.9 kernel with the latest pptpd, I actually still have the issue, but have more information on it. For some reason, even if 40bit encryption has been explicitly disabled in the options file, pptpd will still allow a 40bit encrypted host to connect. But nothing works, the tunnel comes up but delivers no traffic. However, if you update the encryption level of your client to the one supported by the pptpd daemon, things work fine. This may or may not be your problem, but I was getting similar error messages. Thanks, Michael J. Walter rhce mcdba mcse+i ccna cca a+ Network Administrator Gliatech, Inc. 23420 Commerce Park Rd. Beachwood, Ohio 44122 Tel: (216) 831-3200 Email: walterm at gliatech.com -----Original Message----- From: Alexander Polonsky [mailto:apl at informatik.uni-rostock.de] Sent: Friday, August 31, 2001 6:45 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Error 742 - the answer.. which brings new questions Hi all! I got rid of this black fortune - error 742 - by reinstalling the PPTP adapter and RAS service in NT. Now PPTP connection seems to work... but only seems. TCP/IP level is completely down. No machine in the outside network answer pings. When I look in the pppd log file, it shows a lot of messages "unsupported protocol xxxxxx received". Look here: Aug 30 14:44:25 nebel pppd[12977]: rcvd [proto=0x2576] 83 44 5f 9f 81 5d 31 ca 61 05 80 92 d8 ad 38 4e 5a 72 6d e3 1b 32 e3 bc dd 75 0c 8d 05 b5 cb 2f ... Aug 30 14:44:25 nebel pppd[12977]: Unsupported protocol 0x2576 received Aug 30 14:44:25 nebel pppd[12977]: sent [LCP ProtRej id=0x14 25 76 83 44 5f 9f 81 5d 31 ca 61 05 80 92 d8 ad 38 4e 5a 72 6d e3 1b 32 e3 bc dd 75 0c 8d 05 b5 cb 2f 85 eb e4 24 5f 2d fe 56 36 b4 d5 ff 9b 5d db bb d0 ea] Aug 30 14:44:25 nebel pppd[12977]: rcvd [proto=0x8ee1] 62 e2 3f 0b 5c d7 66 15 82 63 f5 08 84 88 5a 7a b6 48 76 6e 40 ca ea b9 7d 2a 1d be 4f 30 98 97 ... Aug 30 14:44:25 nebel pppd[12977]: Unsupported protocol 0x8ee1 received Aug 30 14:44:25 nebel pppd[12977]: sent [LCP ProtRej id=0x15 8e e1 62 e2 3f 0b 5c d7 66 15 82 63 f5 08 84 88 5a 7a b6 48 76 6e 40 ca ea b9 7d 2a 1d be 4f 30 98 97 52 50 7d 5d 00 5e bd 80 24 69 54 22 98 71 39 d4 3c d2] Aug 30 14:44:29 nebel pppd[12977]: rcvd [proto=0x1ca1] 89 93 d7 1f 8f b8 9e 01 3f c0 40 40 6d a3 ac 14 dc 36 1b a3 1f 21 6f 56 39 e0 e6 d0 4e 13 26 19 ... Aug 30 14:44:29 nebel pppd[12977]: Unsupported protocol 0x1ca1 received Aug 30 14:44:29 nebel pppd[12977]: sent [LCP ProtRej id=0x16 1c a1 89 93 d7 1f 8f b8 9e 01 3f c0 40 40 6d a3 ac 14 dc 36 1b a3 1f 21 6f 56 39 e0 e6 d0 4e 13 26 19 d8 3f 1d 33 61 4d 9d 5e 0d 99 04 8c 26 cd 1b 02 f1 e8] Have anybody faced this? Any solutions or ideas? Alexander _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From leo at avati.com.br Tue Sep 4 15:12:11 2001 From: leo at avati.com.br (Leonardo Pimenta Gonzalez) Date: Tue, 4 Sep 2001 17:12:11 -0300 Subject: [pptp-server] Problems with network neighborhood Message-ID: <004c01c1357d$e1765fa0$5a00a8c0@avati.com.br> Hellow Guys, I have a little problem. I connect my windows client in a Linux pptpd server. It connect fine. When I try to access one machine with \\ip.adress works.. But, I couldn't list other machines in network neighborhood. I do a tcpdump in ppp0 on Server and get this output: 11:30:52.099331 192.168.101.205.netbios-ns > 192.168.101.200.netbios-ns: >>> NBT UDP PACKET(137): QUERY; REQUEST; UNICAST TrnID=0x9C OpCode=0 NmFlags=0x10 Rcode=0 QueryCount=1 AnswerCount=0 AuthorityCount=0 AddressRecCount=0 QuestionRecords: Name=Mygroup NameType=0x1B (Domain Controller) QuestionType=0x20 QuestionClass=0x1 11:30:52.099872 192.168.101.200.netbios-ns > 192.168.101.205.netbios-ns: >>> NBT UDP PACKET(137): QUERY; NEGATIVE; RESPONSE; UNICAST TrnID=0x9C OpCode=0 NmFlags=0x58 Rcode=3 QueryCount=0 AnswerCount=0 AuthorityCount=0 AddressRecCount=0 AdditionalData: Data: (44 bytes) [000] 20 45 42 46 47 45 42 46 45 45 4A 43 41 43 41 43 EBFGEBF EEJCACAC [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 42 ACACACAC ACACACAB [020] 4C 00 00 0A 00 01 00 00 00 00 00 00 L....... .... Anybody know what are doing???? Thankz a lot. -------------- next part -------------- An HTML attachment was scrubbed... URL: From JaminC at adapt-tele.com Tue Sep 4 15:18:57 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Tue, 4 Sep 2001 15:18:57 -0500 Subject: [pptp-server] PPTP client behind iptables firewall Message-ID: Jim McCormack [mailto:jimmc at shocksystems.com] wrote: > This is not an issue for me necessarily, as long as I can connect > from any of my vpn clients behind my iptables firewall, as long as > they are at different times. I have been having trouble getting > this to work. I have searched the mailing list archives for sample > iptables code, but most seemes to be relevant for running a poptop > SERVER behind a masqueraded firewall. This is because there isn't any special configuration needed under iptables for PPTP VPN clients. I have several iptables based firewalls NAT'ing PPTP traffic through them with no special configuration of any kind. All of these firewalls are running my firewall script (http://www.asgardsrealm.net/linux/firewall). Jamin W. Collins From cory at bestbuy.com.au Mon Sep 3 21:21:19 2001 From: cory at bestbuy.com.au (Cory Robson) Date: Tue, 4 Sep 2001 10:21:19 +0800 Subject: [pptp-server] Interesting errors Message-ID: <003801c134e8$490eac80$1a4cb5ca@service> I get the following messages from my logs whenever a connection is made. I'm running mandrake 7.1 on a Athlon 550 system all connections are successful without any connection issues but these messages in my logs concern me, does anyone know what is the cause of them and how to prevent them from occurring again. Note the xx.xx.xx.xx is to hide the guilty : ) Thanks in Advance Cory Sep 4 10:16:10 bestbuy pppd[1823]: pppd 2.4.0 started by root, uid 0 Sep 4 10:16:10 bestbuy pppd[1823]: Using interface ppp1 Sep 4 10:16:10 bestbuy pppd[1823]: Connect: ppp1 <--> /dev/pts/4 Sep 4 10:16:10 bestbuy pptpd[1822]: GRE: Bad checksum from pppd. Sep 4 10:16:12 bestbuy pptpd[1822]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Sep 4 10:16:12 bestbuy pppd[1823]: MSCHAP-v2 peer authentication succeeded for billy Sep 4 10:16:12 bestbuy pppd[1823]: Protocol-Reject for unsupported protocol 0x4c6f Sep 4 10:16:12 bestbuy pppd[1823]: Protocol-Reject for unsupported protocol 0x47 Sep 4 10:16:12 bestbuy last message repeated 4 times Sep 4 10:16:12 bestbuy pppd[1823]: Cannot determine ethernet address for proxy ARP Sep 4 10:16:12 bestbuy pppd[1823]: local IP address xx.xx.xx.xx Sep 4 10:16:12 bestbuy pppd[1823]: remote IP address xx.xx.xx.xx Sep 4 10:16:12 bestbuy pppd[1823]: MPPE 40 bit, stateless compression enabled -------------- next part -------------- An HTML attachment was scrubbed... URL: From quasimotoca at yahoo.ca Sun Sep 2 19:11:13 2001 From: quasimotoca at yahoo.ca (Dave Cook) Date: Sun, 2 Sep 2001 20:11:13 -0400 (EDT) Subject: [pptp-server] PoPToP and TN5250 no luck: Message-ID: <20010903001113.52504.qmail@web14708.mail.yahoo.com> Hi: I need an answer if possible. I can't run TN5250 sessions properly through PoPToP. When packets get fragmented the sessions freeze or go into limbo. I tried multiple MTU sizes, no luck. (although the behaviour changes somewhat which indicates a possible MTU issue) Has anyone experienced this? Dave Cook _______________________________________________________ Do You Yahoo!? Get your free @yahoo.ca address at http://mail.yahoo.ca From tnsampaio at planae.com.br Mon Sep 3 13:50:02 2001 From: tnsampaio at planae.com.br (tnsampaio at planae.com.br) Date: Mon, 03 Sep 2001 15:50:02 -0300 (BRST) Subject: [pptp-server] it legalizes any users,,, with pass correctly or no.... Message-ID: <999543002.3b93d0da85518@intranet.planae.com.br> Hi, excuse my english.... hehe... Well... In my network (192.168.1.0) i trying to install a vpn ( a test for one client) (linux conectiva, kernel 2.2.14, ppp 2.3.11 patched correctly, poptop 1.1.2 and 1.0.1) using poptop server and client windows 98 se.... well, the VPN is work, but al passwords and usernames are accepteds, all conections is allowed... I use de poptop how-to , with MSCHAPv2/MPPE , to install my poptop, i followed exactly the manual, all itens checkeds over 2x .... Thanks for all... Ps: Is very very urgent... PS2: i using the ip static for username Tiago N. Sampaio tnsampaio at planae.com.br Bauru - S?o Paulo - Brasil ---------------------------------------------------------------------- E-mail enviado atrav?s do webmail ( intranet.planae.com.br ) Planae Inform?tica. From rom at cod.5sl.org Tue Sep 4 06:42:50 2001 From: rom at cod.5sl.org (rom at cod.5sl.org) Date: Tue, 4 Sep 2001 13:42:50 +0200 (CEST) Subject: [pptp-server] Authentication Problem Win2K Message-ID: Hi together, I have got a authentication problem - and don't know what's wrong. I am using Kernel 2.4.7, pppd 2.4.0 and pptp 1.1.2 Sep 4 13:32:09 aleph-0 pptpd[1099]: MGR: Launching /usr/sbin/pptpctrl to handle client Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: local address = 192.168.0.247 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: remote address = 192.168.0.248 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pppd speed = 115200 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pppd options file = /etc/ppp/options.ppp0 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Client 62.180.216.200 control connection started Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Received PPTP Control Message (type: 1) Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Made a START CTRL CONN RPLY packet Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: I wrote 156 bytes to the client. Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Sent packet to client Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Received PPTP Control Message (type: 7) Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Made a OUT CALL RPLY packet Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Starting call (launching pppd, opening GRE) Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pty_fd = 5 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: tty_fd = 6 Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): Connection speed = 115200 Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): local address = 192.168.0.247 Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): remote address = 192.168.0.248 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: I wrote 32 bytes to the client. Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Sent packet to client Sep 4 13:32:09 aleph-0 pppd[1100]: The remote system is required to authenticate itself Sep 4 13:32:09 aleph-0 pppd[1100]: but I couldn't find any suitable secret (password) for it to use to do so. Sep 4 13:32:09 aleph-0 pppd[1100]: (None of the available passwords would let it use an IP address.) Sep 4 13:32:09 aleph-0 pptpd[1099]: Error reading from pppd: Input/output error Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Client 62.180.216.200 control connection finished Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Exiting now Sep 4 13:32:09 aleph-0 pptpd[1090]: MGR: Reaped child 1099 From JaminC at adapt-tele.com Tue Sep 4 15:37:11 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Tue, 4 Sep 2001 15:37:11 -0500 Subject: [pptp-server] Authentication Problem Win2K Message-ID: rom at cod.5sl.org [mailto:rom at cod.5sl.org] wrote: > I have got a authentication problem - and don't know what's > wrong. I am using Kernel 2.4.7, pppd 2.4.0 and pptp 1.1.2 (snip) > Sep 4 13:32:09 aleph-0 pppd[1100]: The remote system is required to > authenticate itself > Sep 4 13:32:09 aleph-0 pppd[1100]: but I couldn't find any suitable > secret (password) for it to use to do so. > Sep 4 13:32:09 aleph-0 pppd[1100]: (None of the available > passwords would let it use an IP address.) Looks to me like your problem is right there. However to pin it down further I would need to see your configuration files ("/etc/ppp/options", "/etc/ppp/chap-secrets", and pptpd.conf). Someone else might be able to help without these files. I realize the chap-secrets file may not be something you want to provide, but you are welcome to obscure any entries with "X". Jamin W. Collins From GeorgeV at citadelcomputer.com.au Tue Sep 4 17:24:57 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 5 Sep 2001 08:24:57 +1000 Subject: [pptp-server] Error 742 - the answer.. which brings new quest ions Message-ID: <200FAA488DE0D41194F10010B597610D1CED1B@jupiter.citadelcomputer.com.au> I found those unsupported errors were usually things like NetBEUI, IPX/SPX and other protocols trying to run over PPP... try switching them off if not already and see if they appear less often or not at all... How do you mean by "outside network"? Are you talking about the PPTP LAN machines? Are you using proxyarp etc.etc? thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Alexander Polonsky [mailto:apl at informatik.uni-rostock.de] Sent: Friday, August 31, 2001 8:45 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Error 742 - the answer.. which brings new questions Hi all! I got rid of this black fortune - error 742 - by reinstalling the PPTP adapter and RAS service in NT. Now PPTP connection seems to work... but only seems. TCP/IP level is completely down. No machine in the outside network answer pings. When I look in the pppd log file, it shows a lot of messages "unsupported protocol xxxxxx received". Look here: Aug 30 14:44:25 nebel pppd[12977]: rcvd [proto=0x2576] 83 44 5f 9f 81 5d 31 ca 61 05 80 92 d8 ad 38 4e 5a 72 6d e3 1b 32 e3 bc dd 75 0c 8d 05 b5 cb 2f ... Aug 30 14:44:25 nebel pppd[12977]: Unsupported protocol 0x2576 received Aug 30 14:44:25 nebel pppd[12977]: sent [LCP ProtRej id=0x14 25 76 83 44 5f 9f 81 5d 31 ca 61 05 80 92 d8 ad 38 4e 5a 72 6d e3 1b 32 e3 bc dd 75 0c 8d 05 b5 cb 2f 85 eb e4 24 5f 2d fe 56 36 b4 d5 ff 9b 5d db bb d0 ea] Aug 30 14:44:25 nebel pppd[12977]: rcvd [proto=0x8ee1] 62 e2 3f 0b 5c d7 66 15 82 63 f5 08 84 88 5a 7a b6 48 76 6e 40 ca ea b9 7d 2a 1d be 4f 30 98 97 ... Aug 30 14:44:25 nebel pppd[12977]: Unsupported protocol 0x8ee1 received Aug 30 14:44:25 nebel pppd[12977]: sent [LCP ProtRej id=0x15 8e e1 62 e2 3f 0b 5c d7 66 15 82 63 f5 08 84 88 5a 7a b6 48 76 6e 40 ca ea b9 7d 2a 1d be 4f 30 98 97 52 50 7d 5d 00 5e bd 80 24 69 54 22 98 71 39 d4 3c d2] Aug 30 14:44:29 nebel pppd[12977]: rcvd [proto=0x1ca1] 89 93 d7 1f 8f b8 9e 01 3f c0 40 40 6d a3 ac 14 dc 36 1b a3 1f 21 6f 56 39 e0 e6 d0 4e 13 26 19 ... Aug 30 14:44:29 nebel pppd[12977]: Unsupported protocol 0x1ca1 received Aug 30 14:44:29 nebel pppd[12977]: sent [LCP ProtRej id=0x16 1c a1 89 93 d7 1f 8f b8 9e 01 3f c0 40 40 6d a3 ac 14 dc 36 1b a3 1f 21 6f 56 39 e0 e6 d0 4e 13 26 19 d8 3f 1d 33 61 4d 9d 5e 0d 99 04 8c 26 cd 1b 02 f1 e8] Have anybody faced this? Any solutions or ideas? Alexander _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Tue Sep 4 17:27:29 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 5 Sep 2001 08:27:29 +1000 Subject: [pptp-server] pptp defaultroute on unix Message-ID: <200FAA488DE0D41194F10010B597610D1CED1C@jupiter.citadelcomputer.com.au> Use the "nodefaultroute" option in the /etc/ppp/options file.. do what I do with my 2 linux boxes and have seperate options files. ie. options.pptpd (VPN server) , options.pptpc (VPN client)..etc. Read up on your `man pppd` as all your answers are there... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Tom Hallberg [mailto:gimli at momsquad.net] Sent: Monday, September 03, 2001 5:52 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] pptp defaultroute on unix Hi I know and I have seen many of this sort of question but it's only for windows.. and that part I have fixed.. but I want to run the pptp client from my fbsd box.. thats my own GW.. but it wont put up the VPN because of the default route allready exist.. so how is the best way to do it.. because if I take away default route I will lose my connection ofcourse.. and then I cant connect to my pptpd server =) so how can I tell my ppp or pptp to not try to make a new default route and so on?? plz help me =) thx alot.. /Tom _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Tue Sep 4 17:29:43 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 5 Sep 2001 08:29:43 +1000 Subject: [pptp-server] Problems with network neighborhood Message-ID: <200FAA488DE0D41194F10010B597610D1CED1D@jupiter.citadelcomputer.com.au> You must setup your linux box to be the master browser of the network because it's what's linking your 2 networks together. To make sure you get broadcasts, use the "remote announce = vpn.ip.add.ress" option too in /etc/smb.conf thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Leonardo Pimenta Gonzalez [mailto:leo at avati.com.br] Sent: Wednesday, September 05, 2001 6:12 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Problems with network neighborhood Hellow Guys, I have a little problem. I connect my windows client in a Linux pptpd server. It connect fine. When I try to access one machine with \\ip.adress works.. But, I couldn't list other machines in network neighborhood. I do a tcpdump in ppp0 on Server and get this output: 11:30:52.099331 192.168.101.205.netbios-ns > 192.168.101.200.netbios-ns: >>> NBT UDP PACKET(137): QUERY; REQUEST; UNICAST TrnID=0x9C OpCode=0 NmFlags=0x10 Rcode=0 QueryCount=1 AnswerCount=0 AuthorityCount=0 AddressRecCount=0 QuestionRecords: Name=Mygroup NameType=0x1B (Domain Controller) QuestionType=0x20 QuestionClass=0x1 11:30:52.099872 192.168.101.200.netbios-ns > 192.168.101.205.netbios-ns: >>> NBT UDP PACKET(137): QUERY; NEGATIVE; RESPONSE; UNICAST TrnID=0x9C OpCode=0 NmFlags=0x58 Rcode=3 QueryCount=0 AnswerCount=0 AuthorityCount=0 AddressRecCount=0 AdditionalData: Data: (44 bytes) [000] 20 45 42 46 47 45 42 46 45 45 4A 43 41 43 41 43 EBFGEBF EEJCACAC [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 42 ACACACAC ACACACAB [020] 4C 00 00 0A 00 01 00 00 00 00 00 00 L....... .... Anybody know what are doing???? Thankz a lot. From GeorgeV at citadelcomputer.com.au Tue Sep 4 17:32:08 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 5 Sep 2001 08:32:08 +1000 Subject: [pptp-server] Interesting errors Message-ID: <200FAA488DE0D41194F10010B597610D1CED1E@jupiter.citadelcomputer.com.au> Strip the non TCP/IP network protocols in your windows PPTP client.. (netBEUI and IPX etc).. also your most likely not using IP address on your PPTP link that are on the same IP range as the local LAN which is why your getting complaints about not finding a local IP for proxy arp thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Cory Robson [mailto:cory at bestbuy.com.au] Sent: Tuesday, September 04, 2001 12:21 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Interesting errors Importance: High I get the following messages from my logs whenever a connection is made. I'm running mandrake 7.1 on a Athlon 550 system all connections are successful without any connection issues but these messages in my logs concern me, does anyone know what is the cause of them and how to prevent them from occurring again. Note the xx.xx.xx.xx is to hide the guilty : ) Thanks in Advance Cory Sep 4 10:16:10 bestbuy pppd[1823]: pppd 2.4.0 started by root, uid 0 Sep 4 10:16:10 bestbuy pppd[1823]: Using interface ppp1 Sep 4 10:16:10 bestbuy pppd[1823]: Connect: ppp1 <--> /dev/pts/4 Sep 4 10:16:10 bestbuy pptpd[1822]: GRE: Bad checksum from pppd. Sep 4 10:16:12 bestbuy pptpd[1822]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Sep 4 10:16:12 bestbuy pppd[1823]: MSCHAP-v2 peer authentication succeeded for billy Sep 4 10:16:12 bestbuy pppd[1823]: Protocol-Reject for unsupported protocol 0x4c6f Sep 4 10:16:12 bestbuy pppd[1823]: Protocol-Reject for unsupported protocol 0x47 Sep 4 10:16:12 bestbuy last message repeated 4 times Sep 4 10:16:12 bestbuy pppd[1823]: Cannot determine ethernet address for proxy ARP Sep 4 10:16:12 bestbuy pppd[1823]: local IP address xx.xx.xx.xx Sep 4 10:16:12 bestbuy pppd[1823]: remote IP address xx.xx.xx.xx Sep 4 10:16:12 bestbuy pppd[1823]: MPPE 40 bit, stateless compression enabled From GeorgeV at citadelcomputer.com.au Tue Sep 4 17:33:51 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 5 Sep 2001 08:33:51 +1000 Subject: [pptp-server] Can I assign an IP for each client based on MAC like you can with DHCP? Message-ID: <200FAA488DE0D41194F10010B597610D1CED1F@jupiter.citadelcomputer.com.au> I don't think this is 100% possible because the link is really made up of a PPP link. Most clients coming in are using modems which use a fabricated MAC address so there may (MAY) be a chance that the MAC may change and may match another user... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Phil Labonte [mailto:plabonte at atreus-systems.com] Sent: Saturday, September 01, 2001 4:46 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] Can I assign an IP for each client based on MAC like you can with DHCP? I would like to assign each person an IP based on their MAC address like you can with DHCPD. Can this be done with PPTP ip assigning? Thanks! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From bx3 at eresmas.com Tue Sep 4 17:38:35 2001 From: bx3 at eresmas.com (help) Date: Wed, 5 Sep 2001 00:38:35 +0200 Subject: [pptp-server] list Message-ID: <000e01c13592$55ee1c10$b66c533e@COM> list -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Tue Sep 4 17:38:06 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 5 Sep 2001 08:38:06 +1000 Subject: [pptp-server] Authentication Problem Win2K Message-ID: <200FAA488DE0D41194F10010B597610D1CED20@jupiter.citadelcomputer.com.au> Looks like your password is incorrect or if these logs are from a linux "client" then it's asking the server to authenticate when it shouldn't.. Can you show us the chap-secrets file and the options files and anything else you have.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: rom at cod.5sl.org [mailto:rom at cod.5sl.org] Sent: Tuesday, September 04, 2001 9:43 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Authentication Problem Win2K Hi together, I have got a authentication problem - and don't know what's wrong. I am using Kernel 2.4.7, pppd 2.4.0 and pptp 1.1.2 Sep 4 13:32:09 aleph-0 pptpd[1099]: MGR: Launching /usr/sbin/pptpctrl to handle client Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: local address = 192.168.0.247 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: remote address = 192.168.0.248 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pppd speed = 115200 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pppd options file = /etc/ppp/options.ppp0 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Client 62.180.216.200 control connection started Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Received PPTP Control Message (type: 1) Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Made a START CTRL CONN RPLY packet Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: I wrote 156 bytes to the client. Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Sent packet to client Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Received PPTP Control Message (type: 7) Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Made a OUT CALL RPLY packet Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Starting call (launching pppd, opening GRE) Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pty_fd = 5 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: tty_fd = 6 Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): Connection speed = 115200 Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): local address = 192.168.0.247 Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): remote address = 192.168.0.248 Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: I wrote 32 bytes to the client. Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Sent packet to client Sep 4 13:32:09 aleph-0 pppd[1100]: The remote system is required to authenticate itself Sep 4 13:32:09 aleph-0 pppd[1100]: but I couldn't find any suitable secret (password) for it to use to do so. Sep 4 13:32:09 aleph-0 pppd[1100]: (None of the available passwords would let it use an IP address.) Sep 4 13:32:09 aleph-0 pptpd[1099]: Error reading from pppd: Input/output error Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Client 62.180.216.200 control connection finished Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Exiting now Sep 4 13:32:09 aleph-0 pptpd[1090]: MGR: Reaped child 1099 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From bx3 at eresmas.com Tue Sep 4 17:55:57 2001 From: bx3 at eresmas.com (help) Date: Wed, 5 Sep 2001 00:55:57 +0200 Subject: [pptp-server] confirm 820371 Message-ID: <002c01c13594$c2c9edd0$b66c533e@COM> -------------- next part -------------- An HTML attachment was scrubbed... URL: From vajahat.khan at ao.kwe.com Tue Sep 4 23:18:59 2001 From: vajahat.khan at ao.kwe.com (Vajahat Khan) Date: Wed, 05 Sep 2001 12:18:59 +0800 Subject: [pptp-server] Error 742 - the answer.. which brings new questions References: <924448B61EE36B45A3134C7B685E87933544@gliatechusa1.gliatech.com> Message-ID: <3B95A7B3.C234B8A8@ao.kwe.com> Install a latest service pack on NT Sp5 or Sp6 it will solve the problem. cheers :) Vajahat. Michael Walter wrote: > I have seen a similar issue on the 2.4.9 kernel with the latest pptpd, I > actually still have the issue, but have more information on it. For some > reason, even if 40bit encryption has been explicitly disabled in the options > file, pptpd will still allow a 40bit encrypted host to connect. But nothing > works, the tunnel comes up but delivers no traffic. However, if you update > the encryption level of your client to the one supported by the pptpd > daemon, things work fine. This may or may not be your problem, but I was > getting similar error messages. > > Thanks, > > Michael J. Walter > rhce mcdba mcse+i ccna cca a+ > Network Administrator > Gliatech, Inc. > 23420 Commerce Park Rd. > Beachwood, Ohio 44122 > Tel: (216) 831-3200 > Email: walterm at gliatech.com > > -----Original Message----- > From: Alexander Polonsky [mailto:apl at informatik.uni-rostock.de] > Sent: Friday, August 31, 2001 6:45 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Error 742 - the answer.. which brings new questions > > Hi all! > > I got rid of this black fortune - error 742 - by reinstalling the > PPTP adapter and RAS service in NT. Now PPTP connection seems to > work... but only seems. > > TCP/IP level is completely down. No machine in the outside network > answer pings. When I look in the pppd log file, it shows a lot of > messages "unsupported protocol xxxxxx received". Look here: > > > Aug 30 14:44:25 nebel pppd[12977]: rcvd [proto=0x2576] 83 44 5f 9f > 81 5d 31 ca 61 05 80 92 d8 ad 38 4e 5a 72 6d e3 1b 32 e3 bc dd 75 0c > 8d 05 b5 cb 2f ... > Aug 30 14:44:25 nebel pppd[12977]: Unsupported protocol 0x2576 received > Aug 30 14:44:25 nebel pppd[12977]: sent [LCP ProtRej id=0x14 25 76 > 83 44 5f 9f 81 5d 31 ca 61 05 80 92 d8 ad 38 4e 5a 72 6d e3 1b 32 > e3 bc dd 75 0c 8d 05 b5 cb 2f 85 eb e4 24 5f 2d fe 56 36 b4 d5 ff > 9b 5d db bb d0 ea] > Aug 30 14:44:25 nebel pppd[12977]: rcvd [proto=0x8ee1] 62 e2 3f 0b > 5c d7 66 15 82 63 f5 08 84 88 5a 7a b6 48 76 6e 40 ca ea b9 7d 2a 1d > be 4f 30 98 97 ... > Aug 30 14:44:25 nebel pppd[12977]: Unsupported protocol 0x8ee1 received > Aug 30 14:44:25 nebel pppd[12977]: sent [LCP ProtRej id=0x15 8e e1 > 62 e2 3f 0b 5c d7 66 15 82 63 f5 08 84 88 5a 7a b6 48 76 6e 40 ca > ea b9 7d 2a 1d be 4f 30 98 97 52 50 7d 5d 00 5e bd 80 24 69 54 22 > 98 71 39 d4 3c d2] > Aug 30 14:44:29 nebel pppd[12977]: rcvd [proto=0x1ca1] 89 93 d7 1f > 8f b8 9e 01 3f c0 40 40 6d a3 ac 14 dc 36 1b a3 1f 21 6f 56 39 e0 > e6 d0 4e 13 26 19 ... > Aug 30 14:44:29 nebel pppd[12977]: Unsupported protocol 0x1ca1 received > Aug 30 14:44:29 nebel pppd[12977]: sent [LCP ProtRej id=0x16 1c a1 > 89 93 d7 1f 8f b8 9e 01 3f c0 40 40 6d a3 ac 14 dc 36 1b a3 1f 21 > 6f 56 39 e0 e6 d0 4e 13 26 19 d8 3f 1d 33 61 4d 9d 5e 0d 99 04 8c > 26 cd 1b 02 f1 e8] > > Have anybody faced this? Any solutions or ideas? > > Alexander > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From muralivemuri at multitech.co.in Tue Sep 4 22:39:16 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Wed, 05 Sep 2001 09:09:16 +0530 Subject: [pptp-server] the client gets different ip addresses Message-ID: <3B959E64.78063C9E@multitech.co.in> hi all, i have a PPTP server running in my machine. attached is the pptpd.conf file. when i was testing with a windows 95 client, i got this annoying problem. for the local ip end of the pptp server, it gets the ip address from the range as in the pptpd.conf . but, for the remote end of the link, it takes only the ip address mentioned in the pap-secrets file in the /etc/ppp/ directory. i could not understand why it is taking so . also, i wish to know if it is a feature of the pptp-server itself to take the remote ip address from the pap-secrets file( infact, in that case, there is no need to really mention that item in the configuration file of the pptp :-) ) regards, murali krishna vemuri -------------- next part -------------- speed 56000 localip 192.168.1.140-200 remoteip 192.168.1.200-240 From rom at cod.5sl.org Wed Sep 5 02:03:16 2001 From: rom at cod.5sl.org (rom at cod.5sl.org) Date: Wed, 5 Sep 2001 09:03:16 +0200 (CEST) Subject: [pptp-server] Authentication Problem Win2K In-Reply-To: <200FAA488DE0D41194F10010B597610D1CED20@jupiter.citadelcomputer.com.au> Message-ID: Ok sorry, Now once again the error messages: Sep 4 11:24:31 aleph-0 pptpd[26552]: MGR: Launching /usr/sbin/pptpctrl to handle client Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: local address = 192.168.0.247 Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: remote address = 192.168.0.248 Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: pppd speed = 115200 Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: pppd options file = /etc/ppp/options.ppp0 Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Client 62.180.216.160 control connection started Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Received PPTP Control Message (type: 1) Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Made a START CTRL CONN RPLY packet Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: I wrote 156 bytes to the client. Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Sent packet to client Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Received PPTP Control Message (type: 7) Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Made a OUT CALL RPLY packet Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Starting call (launching pppd, opening GRE) Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: pty_fd = 5 Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: tty_fd = 6 Sep 4 11:24:32 aleph-0 pptpd[26553]: CTRL (PPPD Launcher): Connection speed = 115200 Sep 4 11:24:32 aleph-0 pptpd[26553]: CTRL (PPPD Launcher): local address = 192.168.0.247 Sep 4 11:24:32 aleph-0 pptpd[26553]: CTRL (PPPD Launcher): remote address = 192.168.0.248 Sep 4 11:24:32 aleph-0 pppd[26553]: The remote system is required to authenticate itself Sep 4 11:24:32 aleph-0 pppd[26553]: but I couldn't find any suitable secret (password) for it to use to do so. Sep 4 11:24:32 aleph-0 pppd[26553]: (None of the available passwords would let it use an IP address.) Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: I wrote 32 bytes to the client. Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Sent packet to client Sep 4 11:24:32 aleph-0 pptpd[26552]: Error reading from pppd: Input/output error Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Client 62.180.216.160 control connection finished Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Exiting now Sep 4 11:24:32 aleph-0 pptpd[26550]: MGR: Reaped child 26552 Then my pptp.conf: speed 115200 option /etc/ppp/options.ppp0 debug localip 192.168.0.247 remoteip 192.168.0.248-249 pidfile /var/run/pptpd.pid and my chap-secrets: # INBOUND CONNECTIONS #client hostname 192.168.1.1 test * test * and my options.ppp0: name * lock mtu 1490 mru 1490 proxyarp auth +chap #[+chapms] #This one is optional and my be omitted. +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 #deflate 0 nodeflate nobsdcomp mppe-128 mppe-40 mppe-stateless debug kdebug 6 I try to connect with a Win2K Client. The Linux Server is running with ppoed (TDSL). Thanks for your help On Wed, 5 Sep 2001, George Vieira wrote: > Looks like your password is incorrect or if these logs are from a linux > "client" then it's asking the server to authenticate when it shouldn't.. > > Can you show us the chap-secrets file and the options files and anything > else you have.. > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > PH +(61)2 9955 2644 > FX +(61)2 9955 2659 > > -----Original Message----- > From: rom at cod.5sl.org [mailto:rom at cod.5sl.org] > Sent: Tuesday, September 04, 2001 9:43 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Authentication Problem Win2K > > > > > Hi together, > > I have got a authentication problem - and don't know what's wrong. I am > using Kernel 2.4.7, pppd 2.4.0 and pptp 1.1.2 > > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: MGR: Launching /usr/sbin/pptpctrl to > handle client > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: local address = 192.168.0.247 > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: remote address = 192.168.0.248 > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pppd speed = 115200 > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pppd options file = > /etc/ppp/options.ppp0 > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Client 62.180.216.200 control > connection started > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Received PPTP Control Message > (type: 1) > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Made a START CTRL CONN RPLY > packet > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: I wrote 156 bytes to the > client. > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Sent packet to client > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Received PPTP Control Message > (type: 7) > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: 0 min_bps, 1525 max_bps, 32 > window size > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Made a OUT CALL RPLY packet > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Starting call (launching pppd, > opening GRE) > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pty_fd = 5 > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: tty_fd = 6 > Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): Connection > speed = 115200 > Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): local address = > 192.168.0.247 > Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): remote address > = 192.168.0.248 > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: I wrote 32 bytes to the client. > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Sent packet to client > Sep 4 13:32:09 aleph-0 pppd[1100]: The remote system is required to > authenticate itself > Sep 4 13:32:09 aleph-0 pppd[1100]: but I couldn't find any suitable > secret (password) for it to use to do so. > Sep 4 13:32:09 aleph-0 pppd[1100]: (None of the available passwords would > let it use an IP address.) > Sep 4 13:32:09 aleph-0 pptpd[1099]: Error reading from pppd: Input/output > error > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: GRE read or PTY write failed > (gre,pty)=(6,5) > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Client 62.180.216.200 control > connection finished > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Exiting now > Sep 4 13:32:09 aleph-0 pptpd[1090]: MGR: Reaped child 1099 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From GeorgeV at citadelcomputer.com.au Wed Sep 5 02:07:54 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 5 Sep 2001 17:07:54 +1000 Subject: [pptp-server] Authentication Problem Win2K Message-ID: <200FAA488DE0D41194F10010B597610D1CED3D@jupiter.citadelcomputer.com.au> Is this only on W2K and it works on W9x? If this is W2K only, then it could be something to the with the way it's set up. > -----Original Message----- > From: rom at cod.5sl.org [SMTP:rom at cod.5sl.org] > Sent: Wednesday, September 05, 2001 5:03 PM > To: George Vieira > Cc: 'rom at cod.5sl.org'; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Authentication Problem Win2K > > Ok sorry, > > Now once again the error messages: > > Sep 4 11:24:31 aleph-0 pptpd[26552]: MGR: Launching /usr/sbin/pptpctrl to > handle client > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: local address = 192.168.0.247 > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: remote address = 192.168.0.248 > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: pppd speed = 115200 > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: pppd options file = > /etc/ppp/options.ppp0 > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Client 62.180.216.160 control > connection started > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Received PPTP Control Message > (type: 1) > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Made a START CTRL CONN RPLY > packet > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: I wrote 156 bytes to the > client. > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Sent packet to client > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Received PPTP Control Message > (type: 7) > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: 0 min_bps, 1525 max_bps, 32 > window size > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Made a OUT CALL RPLY packet > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Starting call (launching pppd, > opening GRE) > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: pty_fd = 5 > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: tty_fd = 6 > Sep 4 11:24:32 aleph-0 pptpd[26553]: CTRL (PPPD Launcher): Connection > speed = 115200 > Sep 4 11:24:32 aleph-0 pptpd[26553]: CTRL (PPPD Launcher): local address > = 192.168.0.247 > Sep 4 11:24:32 aleph-0 pptpd[26553]: CTRL (PPPD Launcher): remote address > = 192.168.0.248 > Sep 4 11:24:32 aleph-0 pppd[26553]: The remote system is required to > authenticate itself > Sep 4 11:24:32 aleph-0 pppd[26553]: but I couldn't find any suitable > secret (password) for it to use to do so. > Sep 4 11:24:32 aleph-0 pppd[26553]: (None of the available passwords > would let it use an IP address.) > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: I wrote 32 bytes to the > client. > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Sent packet to client > Sep 4 11:24:32 aleph-0 pptpd[26552]: Error reading from pppd: > Input/output error > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: GRE read or PTY write failed > (gre,pty)=(6,5) > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Client 62.180.216.160 control > connection finished > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Exiting now > Sep 4 11:24:32 aleph-0 pptpd[26550]: MGR: Reaped child 26552 > > > > > Then my pptp.conf: > > > speed 115200 > option /etc/ppp/options.ppp0 > debug > localip 192.168.0.247 > remoteip 192.168.0.248-249 > pidfile /var/run/pptpd.pid > > > > and my chap-secrets: > > # INBOUND CONNECTIONS > #client hostname 192.168.1.1 > test * test * > > > and my options.ppp0: > > name * > lock > mtu 1490 > mru 1490 > proxyarp > auth > +chap > #[+chapms] #This one is optional and my be omitted. > +chapms-v2 > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > #deflate 0 > nodeflate > nobsdcomp > mppe-128 > mppe-40 > mppe-stateless > debug > kdebug 6 > > > > I try to connect with a Win2K Client. The Linux Server is running with > ppoed (TDSL). Thanks for your help > > > > > On Wed, 5 Sep 2001, George Vieira wrote: > > > Looks like your password is incorrect or if these logs are from a linux > > "client" then it's asking the server to authenticate when it shouldn't.. > > > > Can you show us the chap-secrets file and the options files and anything > > else you have.. > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > PH +(61)2 9955 2644 > > FX +(61)2 9955 2659 > > > > -----Original Message----- > > From: rom at cod.5sl.org [mailto:rom at cod.5sl.org] > > Sent: Tuesday, September 04, 2001 9:43 PM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] Authentication Problem Win2K > > > > > > > > > > Hi together, > > > > I have got a authentication problem - and don't know what's wrong. I am > > using Kernel 2.4.7, pppd 2.4.0 and pptp 1.1.2 > > > > > > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: MGR: Launching /usr/sbin/pptpctrl > to > > handle client > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: local address = 192.168.0.247 > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: remote address = > 192.168.0.248 > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pppd speed = 115200 > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pppd options file = > > /etc/ppp/options.ppp0 > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Client 62.180.216.200 control > > connection started > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Received PPTP Control Message > > (type: 1) > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Made a START CTRL CONN RPLY > > packet > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: I wrote 156 bytes to the > > client. > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Sent packet to client > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Received PPTP Control Message > > (type: 7) > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: 0 min_bps, 1525 max_bps, 32 > > window size > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Made a OUT CALL RPLY packet > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Starting call (launching > pppd, > > opening GRE) > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pty_fd = 5 > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: tty_fd = 6 > > Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): Connection > > speed = 115200 > > Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): local address > = > > 192.168.0.247 > > Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): remote > address > > = 192.168.0.248 > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: I wrote 32 bytes to the > client. > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Sent packet to client > > Sep 4 13:32:09 aleph-0 pppd[1100]: The remote system is required to > > authenticate itself > > Sep 4 13:32:09 aleph-0 pppd[1100]: but I couldn't find any suitable > > secret (password) for it to use to do so. > > Sep 4 13:32:09 aleph-0 pppd[1100]: (None of the available passwords > would > > let it use an IP address.) > > Sep 4 13:32:09 aleph-0 pptpd[1099]: Error reading from pppd: > Input/output > > error > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: GRE read or PTY write failed > > (gre,pty)=(6,5) > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Client 62.180.216.200 control > > connection finished > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Exiting now > > Sep 4 13:32:09 aleph-0 pptpd[1090]: MGR: Reaped child 1099 > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > From GeorgeV at citadelcomputer.com.au Wed Sep 5 02:16:36 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 5 Sep 2001 17:16:36 +1000 Subject: [pptp-server] the client gets different ip addresses Message-ID: <200FAA488DE0D41194F10010B597610D1CED3E@jupiter.citadelcomputer.com.au> Firstly use 1 IP address for localip and secondly don't use an IP which is found in both localip and remoteip (in other words remove 192.168.1.240 from either localip or remoteip). What do you mean by in the pap-secrets file.. usually it's the chap-secrets file that's used.. usually.... Don't specify an IP in the secrets file and put a * which should assign a DHCP IP to the user... > -----Original Message----- > From: Murali K. Vemuri [SMTP:muralivemuri at multitech.co.in] > Sent: Wednesday, September 05, 2001 1:39 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] the client gets different ip addresses > > hi all, > > i have a PPTP server running in my machine. > attached is the pptpd.conf file. > when i was testing with a windows 95 client, i got this annoying > problem. > for the local ip end of the pptp server, it gets the ip address from the > range as in the pptpd.conf . > but, for the remote end of the link, it takes only the ip address > mentioned in the pap-secrets file in the > /etc/ppp/ directory. i could not understand why it is taking so . > also, i wish to know if it is a feature of the pptp-server itself to > take the remote ip address from the pap-secrets file( infact, in that > case, there is no need to really mention that item in the configuration > file of the pptp :-) ) > > regards, > murali krishna vemuri > << File: pptpd.conf >> From apl at informatik.uni-rostock.de Wed Sep 5 04:13:23 2001 From: apl at informatik.uni-rostock.de (Sasha) Date: Wed, 5 Sep 2001 11:13:23 +0200 (MET DST) Subject: [pptp-server] Service Pack 6a helps!! In-Reply-To: <3B95A7B3.C234B8A8@ao.kwe.com> Message-ID: Hi, Vajahat!!! > Install a latest service pack on NT > Sp5 or Sp6 it will solve the problem. I already had service pack 5, but service pack 6a helped. Thank you very much! Alexander -=Don't worry, be happy!=- From mailinglists at avati.com.br Wed Sep 5 08:35:36 2001 From: mailinglists at avati.com.br (Wildcat) Date: Wed, 05 Sep 2001 13:35:36 GMT Subject: [pptp-server] Re: Problems with network neighborhood In-Reply-To: <200FAA488DE0D41194F10010B597610D1CED1D@jupiter.citadelcomputer.com.au> References: <200FAA488DE0D41194F10010B597610D1CED1D@jupiter.citadelcomputer.com.au> Message-ID: <20010905133536.24734.qmail@wolverine.avati.com.br> Hey.. wait one second.. I forget to say: In my options.conf I have configured the option: ms-wins 192.168.101.200 This ip is one NT machine with WINS SERVER. I don't have and don't need samba server George Vieira wrote: > You must setup your linux box to be the master browser of the network > because it's what's linking your 2 networks together. > To make sure you get broadcasts, use the "remote announce = vpn.ip.add.ress" > option too in /etc/smb.conf > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > PH +(61)2 9955 2644 > FX +(61)2 9955 2659 > > > -----Original Message----- > From: Leonardo Pimenta Gonzalez [mailto:leo at avati.com.br] > Sent: Wednesday, September 05, 2001 6:12 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Problems with network neighborhood > > > Hellow Guys, > > I have a little problem. I connect my windows client in a Linux pptpd > server. It connect fine. When I try to access one machine with \\ip.adress > works.. But, I couldn't list other machines in network > neighborhood. I do a tcpdump in ppp0 on Server and get this output: > > > 11:30:52.099331 192.168.101.205.netbios-ns > 192.168.101.200.netbios-ns: >>>> NBT UDP PACKET(137): QUERY; REQUEST; UNICAST > TrnID=0x9C > OpCode=0 > NmFlags=0x10 > Rcode=0 > QueryCount=1 > AnswerCount=0 > AuthorityCount=0 > AddressRecCount=0 > QuestionRecords: > Name=Mygroup NameType=0x1B (Domain Controller) > QuestionType=0x20 > QuestionClass=0x1 > > > 11:30:52.099872 192.168.101.200.netbios-ns > 192.168.101.205.netbios-ns: >>>> NBT UDP PACKET(137): QUERY; NEGATIVE; RESPONSE; UNICAST > TrnID=0x9C > OpCode=0 > NmFlags=0x58 > Rcode=3 > QueryCount=0 > AnswerCount=0 > AuthorityCount=0 > AddressRecCount=0 > AdditionalData: > Data: (44 bytes) > [000] 20 45 42 46 47 45 42 46 45 45 4A 43 41 43 41 43 EBFGEBF EEJCACAC > [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 42 ACACACAC ACACACAB > [020] 4C 00 00 0A 00 01 00 00 00 00 00 00 L....... .... > > > Anybody know what are doing???? > > Thankz a lot. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From muralivemuri at multitech.co.in Wed Sep 5 09:33:39 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Wed, 05 Sep 2001 20:03:39 +0530 Subject: [pptp-server] subnet gateway problem Message-ID: <3B9637C3.F5CEC3B7@multitech.co.in> hi i have configured my PPTP server. i gave the range of addresses as : localip 192.168.2.120-125 remoteip 192.168.2.140-145 the ip address of the host(for eth0) is 192.168.2.76 after the link is established, i could read that the PPTP link got: localip : 192.168.2.121 remoteip 192.168.2.142 also, the client(win95) is able to ping to 192.168.2.121 as well as 192.168.2.76 but, the client is not able to ping to any other host in 192.168.2.x also, to my dismay, the client had subnet gateway as 192.168.2.142 itself whereas the subnet gateway of the server is 192.168.2.1. i could not understand where i have to configure the the subnet gateway. murali krishna vemuri From mhagerty at p-inet.net Wed Sep 5 09:35:26 2001 From: mhagerty at p-inet.net (mike hagerty) Date: Wed, 05 Sep 2001 09:35:26 -0500 Subject: [pptp-server] windows ME Message-ID: <3B96382E.D33A050B@p-inet.net> Does poptop work with windows ME?? we are using poptop on freebsd and it works great with windows 2000 and 98 but we may need to support ME. I cannot get it to work. looks like it is not even trying to use pptp Type of Dial-Up Server: says PPP: Internet, Windows 2000/NT, Windows ME which is grayed out so you cannot change it to something like PPTP.. thanks for you help. -- Mike Hagerty Prairie iNet www.prairieinet.net mhagerty at p-inet.net From JaminC at adapt-tele.com Wed Sep 5 09:44:47 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Wed, 5 Sep 2001 09:44:47 -0500 Subject: [pptp-server] windows ME Message-ID: mike hagerty [mailto:mhagerty at p-inet.net] wrote: > Does poptop work with windows ME?? Yes, it does. I have a few ME based clients connecting to my PoPToP server. Jamin W. Collins From JaminC at adapt-tele.com Wed Sep 5 09:47:47 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Wed, 5 Sep 2001 09:47:47 -0500 Subject: [pptp-server] subnet gateway problem Message-ID: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] wrote: > i have configured my PPTP server. > i gave the range of addresses as : > localip 192.168.2.120-125 You only need one ip for localip > remoteip 192.168.2.140-145 > the ip address of the host(for eth0) is 192.168.2.76 > after the link is established, i could read that the PPTP link got: > localip : 192.168.2.121 > remoteip 192.168.2.142 > also, the client(win95) is able to ping to 192.168.2.121 as well as > 192.168.2.76 > but, the client is not able to ping to any other host in 192.168.2.x > also, to my dismay, the client had subnet gateway as 192.168.2.142 > itself whereas the subnet gateway of the server is 192.168.2.1. > i could not understand where i have to configure the the > subnet gateway. IIRC, this is normal. Try adding proxyarp to your ppp/options file or your pptpd.conf file. Jamin W. Collins From mhagerty at p-inet.net Wed Sep 5 10:24:24 2001 From: mhagerty at p-inet.net (mike hagerty) Date: Wed, 05 Sep 2001 10:24:24 -0500 Subject: [pptp-server] windows ME References: Message-ID: <3B9643A8.DA621607@p-inet.net> Well that is good and bad. I cannot figure out how to get this to work with ME we are requiring 128 bit encryption so you have to download the High encryption pack for windows 2000 would we also need something similar for windows ME. The error we get is .....denied access because the username and/or password is invalid on the domain. the ppp log shows the following. Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Ack-Rcvd --> Opened Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: LayerUp Sep 5 10:20:31 pptp ppp[90737]: Phase: bundle: Authenticate Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: his = none, mine = CHAP 0x81 Sep 5 10:20:31 pptp ppp[90737]: Phase: Chap Output: CHALLENGE Sep 5 10:20:31 pptp ppp[90737]: Phase: Chap Input: RESPONSE (49 bytes from username) Sep 5 10:20:31 pptp ppp[90737]: Phase: Chap Output: FAILURE Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: LayerDown Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: SendTerminateReq(2) state = Opened Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Opened --> Closing Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: RecvTerminateAck(2) state = Closing Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: LayerFinish Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Closing --> Closed Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Closed --> Initial Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: Disconnected! Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: Connect time: 3 secs: 199 octets in, 222 octets out Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: : 4 packets in, 5 packets out Sep 5 10:20:31 pptp ppp[90737]: Phase: total 140 bytes/sec, peak 40 bytes/sec on Wed Sep 5 10:20:31 2001 Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: lcp -> closed Sep 5 10:20:31 pptp ppp[90737]: Phase: bundle: Dead Sep 5 10:20:31 pptp ppp[90737]: Phase: PPP Terminated (normal). I am worried because you can't make any changes to the connection type it just list ppp thanks for you help > Jamin Collins wrote: > > mike hagerty [mailto:mhagerty at p-inet.net] wrote: > > Does poptop work with windows ME?? > > Yes, it does. I have a few ME based clients connecting to my PoPToP > server. > > Jamin W. Collins -- Mike Hagerty Prairie iNet www.prairieinet.net mhagerty at p-inet.net From djolivier at bigfoot.com Wed Sep 5 10:27:48 2001 From: djolivier at bigfoot.com (Douglas Olivier) Date: Wed, 5 Sep 2001 08:27:48 -0700 Subject: [pptp-server] windows ME References: <3B9643A8.DA621607@p-inet.net> Message-ID: <003701c1361f$524dc8c0$4d01a8c0@stuartallan.com> They are sending DOMAIN/LOGIN instead of just login. 2 ways to go: Compile in the domainname strip patch (location?) Add the domain/ to front of login in chap-secrets (my solution) ----- Original Message ----- From: "mike hagerty" To: "Jamin Collins" ; Sent: Wednesday, September 05, 2001 8:24 AM Subject: Re: [pptp-server] windows ME > Well that is good and bad. > I cannot figure out how to get this to work with ME > we are requiring 128 bit encryption so you have to download the High > encryption pack for windows 2000 > would we also need something similar for windows ME. > > > The error we get is > .....denied access because the username and/or password is invalid on > the domain. > > > the ppp log shows the following. > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Ack-Rcvd --> > Opened > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: LayerUp > Sep 5 10:20:31 pptp ppp[90737]: Phase: bundle: Authenticate > Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: his = none, mine = CHAP > 0x81 > Sep 5 10:20:31 pptp ppp[90737]: Phase: Chap Output: CHALLENGE > Sep 5 10:20:31 pptp ppp[90737]: Phase: Chap Input: RESPONSE (49 bytes > from username) > Sep 5 10:20:31 pptp ppp[90737]: Phase: Chap Output: FAILURE > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: LayerDown > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: SendTerminateReq(2) state > = Opened > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Opened --> > Closing > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: RecvTerminateAck(2) state > = Closing > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: LayerFinish > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Closing --> > Closed > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Closed --> > Initial > Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: Disconnected! > Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: Connect time: 3 secs: > 199 octets in, 222 octets out > Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: : 4 packets in, 5 > packets out > Sep 5 10:20:31 pptp ppp[90737]: Phase: total 140 bytes/sec, peak 40 > bytes/sec on Wed Sep 5 10:20:31 2001 > Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: lcp -> closed > Sep 5 10:20:31 pptp ppp[90737]: Phase: bundle: Dead > Sep 5 10:20:31 pptp ppp[90737]: Phase: PPP Terminated (normal). > > I am worried because you can't make any changes to the connection type > it just list ppp > thanks > for you help > > > > Jamin Collins wrote: > > > > mike hagerty [mailto:mhagerty at p-inet.net] wrote: > > > Does poptop work with windows ME?? > > > > Yes, it does. I have a few ME based clients connecting to my PoPToP > > server. > > > > Jamin W. Collins > > -- > Mike Hagerty > Prairie iNet > www.prairieinet.net > mhagerty at p-inet.net > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From mhagerty at p-inet.net Wed Sep 5 10:36:27 2001 From: mhagerty at p-inet.net (mike hagerty) Date: Wed, 05 Sep 2001 10:36:27 -0500 Subject: [pptp-server] windows ME References: <003701c1361f$524dc8c0$4d01a8c0@stuartallan.com> Message-ID: <3B96467B.E9E3A2CE@p-inet.net> I don't think we are seeing this issue In the log it shows it as comming just from username notdomain/username. If I add a domain in the client side then it shows up as domain/username in the logs. > Douglas Olivier wrote: > > They are sending DOMAIN/LOGIN instead of just login. > 2 ways to go: > > Compile in the domainname strip patch (location?) > Add the domain/ to front of login in chap-secrets (my solution) > ----- Original Message ----- > From: "mike hagerty" > To: "Jamin Collins" ; > > Sent: Wednesday, September 05, 2001 8:24 AM > Subject: Re: [pptp-server] windows ME > > > Well that is good and bad. > > I cannot figure out how to get this to work with ME > > we are requiring 128 bit encryption so you have to download the High > > > encryption pack for windows 2000 > > would we also need something similar for windows ME. > > > > > > The error we get is > > .....denied access because the username and/or password is invalid > on > > the domain. > > > > > > the ppp log shows the following. > > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Ack-Rcvd > --> > > Opened > > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: LayerUp > > Sep 5 10:20:31 pptp ppp[90737]: Phase: bundle: Authenticate > > Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: his = none, mine = > CHAP > > 0x81 > > Sep 5 10:20:31 pptp ppp[90737]: Phase: Chap Output: CHALLENGE > > Sep 5 10:20:31 pptp ppp[90737]: Phase: Chap Input: RESPONSE (49 > bytes > > from username) > > Sep 5 10:20:31 pptp ppp[90737]: Phase: Chap Output: FAILURE > > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: LayerDown > > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: SendTerminateReq(2) > state > > = Opened > > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Opened > --> > > Closing > > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: RecvTerminateAck(2) > state > > = Closing > > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: LayerFinish > > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Closing > --> > > Closed > > Sep 5 10:20:31 pptp ppp[90737]: LCP: deflink: State change Closed > --> > > Initial > > Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: Disconnected! > > Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: Connect time: 3 > secs: > > 199 octets in, 222 octets out > > Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: : 4 packets in, 5 > > packets out > > Sep 5 10:20:31 pptp ppp[90737]: Phase: total 140 bytes/sec, peak > 40 > > bytes/sec on Wed Sep 5 10:20:31 2001 > > Sep 5 10:20:31 pptp ppp[90737]: Phase: deflink: lcp -> closed > > Sep 5 10:20:31 pptp ppp[90737]: Phase: bundle: Dead > > Sep 5 10:20:31 pptp ppp[90737]: Phase: PPP Terminated (normal). > > > > I am worried because you can't make any changes to the connection > type > > it just list ppp > > thanks > > for you help > > > > > > > Jamin Collins wrote: > > > > > > mike hagerty [mailto:mhagerty at p-inet.net] wrote: > > > > Does poptop work with windows ME?? > > > > > > Yes, it does. I have a few ME based clients connecting to my > PoPToP > > > server. > > > > > > Jamin W. Collins > > > > -- > > Mike Hagerty > > Prairie iNet > > www.prairieinet.net > > mhagerty at p-inet.net > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > -- Mike Hagerty Prairie iNet www.prairieinet.net mhagerty at p-inet.net From tnsampaio at planae.com.br Wed Sep 5 13:44:21 2001 From: tnsampaio at planae.com.br (Tiago N. Sampaio) Date: Wed, 5 Sep 2001 15:44:21 -0300 Subject: [pptp-server] Midle off topic --- how do use pptp client for linux Message-ID: <01090515484701.00924@tnsampaio.planae.com.br> Hi.... Sorry for off topic, midle.. i have a pptp server running in my linux box, work fine with win98 clients.... But now i have a new work, use my other linux box to use this vpn.... i tying to use pptp-linux but the documentation is no very good for "newbies" heheheh.. thanks for all.. Tiago N. Sampaio From rom at cod.5sl.org Wed Sep 5 14:07:43 2001 From: rom at cod.5sl.org (rom at cod.5sl.org) Date: Wed, 5 Sep 2001 21:07:43 +0200 (CEST) Subject: [pptp-server] Authentication Problem Win2K In-Reply-To: <200FAA488DE0D41194F10010B597610D1CED3D@jupiter.citadelcomputer.com.au> Message-ID: Hi, yes it is only Win2k - but I think the Win2k Client has a correct configuration. On Wed, 5 Sep 2001, George Vieira wrote: > Is this only on W2K and it works on W9x? > > If this is W2K only, then it could be something to the with the way it's set > up. > > > > -----Original Message----- > > From: rom at cod.5sl.org [SMTP:rom at cod.5sl.org] > > Sent: Wednesday, September 05, 2001 5:03 PM > > To: George Vieira > > Cc: 'rom at cod.5sl.org'; pptp-server at lists.schulte.org > > Subject: RE: [pptp-server] Authentication Problem Win2K > > > > Ok sorry, > > > > Now once again the error messages: > > > > Sep 4 11:24:31 aleph-0 pptpd[26552]: MGR: Launching /usr/sbin/pptpctrl to > > handle client > > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: local address = 192.168.0.247 > > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: remote address = 192.168.0.248 > > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: pppd speed = 115200 > > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: pppd options file = > > /etc/ppp/options.ppp0 > > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Client 62.180.216.160 control > > connection started > > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Received PPTP Control Message > > (type: 1) > > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Made a START CTRL CONN RPLY > > packet > > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: I wrote 156 bytes to the > > client. > > Sep 4 11:24:31 aleph-0 pptpd[26552]: CTRL: Sent packet to client > > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Received PPTP Control Message > > (type: 7) > > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: 0 min_bps, 1525 max_bps, 32 > > window size > > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Made a OUT CALL RPLY packet > > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Starting call (launching pppd, > > opening GRE) > > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: pty_fd = 5 > > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: tty_fd = 6 > > Sep 4 11:24:32 aleph-0 pptpd[26553]: CTRL (PPPD Launcher): Connection > > speed = 115200 > > Sep 4 11:24:32 aleph-0 pptpd[26553]: CTRL (PPPD Launcher): local address > > = 192.168.0.247 > > Sep 4 11:24:32 aleph-0 pptpd[26553]: CTRL (PPPD Launcher): remote address > > = 192.168.0.248 > > Sep 4 11:24:32 aleph-0 pppd[26553]: The remote system is required to > > authenticate itself > > Sep 4 11:24:32 aleph-0 pppd[26553]: but I couldn't find any suitable > > secret (password) for it to use to do so. > > Sep 4 11:24:32 aleph-0 pppd[26553]: (None of the available passwords > > would let it use an IP address.) > > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: I wrote 32 bytes to the > > client. > > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Sent packet to client > > Sep 4 11:24:32 aleph-0 pptpd[26552]: Error reading from pppd: > > Input/output error > > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: GRE read or PTY write failed > > (gre,pty)=(6,5) > > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Client 62.180.216.160 control > > connection finished > > Sep 4 11:24:32 aleph-0 pptpd[26552]: CTRL: Exiting now > > Sep 4 11:24:32 aleph-0 pptpd[26550]: MGR: Reaped child 26552 > > > > > > > > > > Then my pptp.conf: > > > > > > speed 115200 > > option /etc/ppp/options.ppp0 > > debug > > localip 192.168.0.247 > > remoteip 192.168.0.248-249 > > pidfile /var/run/pptpd.pid > > > > > > > > and my chap-secrets: > > > > # INBOUND CONNECTIONS > > #client hostname 192.168.1.1 > > test * test * > > > > > > and my options.ppp0: > > > > name * > > lock > > mtu 1490 > > mru 1490 > > proxyarp > > auth > > +chap > > #[+chapms] #This one is optional and my be omitted. > > +chapms-v2 > > ipcp-accept-local > > ipcp-accept-remote > > lcp-echo-failure 3 > > lcp-echo-interval 5 > > #deflate 0 > > nodeflate > > nobsdcomp > > mppe-128 > > mppe-40 > > mppe-stateless > > debug > > kdebug 6 > > > > > > > > I try to connect with a Win2K Client. The Linux Server is running with > > ppoed (TDSL). Thanks for your help > > > > > > > > > > On Wed, 5 Sep 2001, George Vieira wrote: > > > > > Looks like your password is incorrect or if these logs are from a linux > > > "client" then it's asking the server to authenticate when it shouldn't.. > > > > > > Can you show us the chap-secrets file and the options files and anything > > > else you have.. > > > > > > thanks, > > > George Vieira > > > Network Engineer > > > Citadel Computer Systems P/L > > > PH +(61)2 9955 2644 > > > FX +(61)2 9955 2659 > > > > > > -----Original Message----- > > > From: rom at cod.5sl.org [mailto:rom at cod.5sl.org] > > > Sent: Tuesday, September 04, 2001 9:43 PM > > > To: pptp-server at lists.schulte.org > > > Subject: [pptp-server] Authentication Problem Win2K > > > > > > > > > > > > > > > Hi together, > > > > > > I have got a authentication problem - and don't know what's wrong. I am > > > using Kernel 2.4.7, pppd 2.4.0 and pptp 1.1.2 > > > > > > > > > > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: MGR: Launching /usr/sbin/pptpctrl > > to > > > handle client > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: local address = 192.168.0.247 > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: remote address = > > 192.168.0.248 > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pppd speed = 115200 > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pppd options file = > > > /etc/ppp/options.ppp0 > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Client 62.180.216.200 control > > > connection started > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Received PPTP Control Message > > > (type: 1) > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Made a START CTRL CONN RPLY > > > packet > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: I wrote 156 bytes to the > > > client. > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Sent packet to client > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Received PPTP Control Message > > > (type: 7) > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: 0 min_bps, 1525 max_bps, 32 > > > window size > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Made a OUT CALL RPLY packet > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Starting call (launching > > pppd, > > > opening GRE) > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: pty_fd = 5 > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: tty_fd = 6 > > > Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): Connection > > > speed = 115200 > > > Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): local address > > = > > > 192.168.0.247 > > > Sep 4 13:32:09 aleph-0 pptpd[1100]: CTRL (PPPD Launcher): remote > > address > > > = 192.168.0.248 > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: I wrote 32 bytes to the > > client. > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Sent packet to client > > > Sep 4 13:32:09 aleph-0 pppd[1100]: The remote system is required to > > > authenticate itself > > > Sep 4 13:32:09 aleph-0 pppd[1100]: but I couldn't find any suitable > > > secret (password) for it to use to do so. > > > Sep 4 13:32:09 aleph-0 pppd[1100]: (None of the available passwords > > would > > > let it use an IP address.) > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: Error reading from pppd: > > Input/output > > > error > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: GRE read or PTY write failed > > > (gre,pty)=(6,5) > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Client 62.180.216.200 control > > > connection finished > > > Sep 4 13:32:09 aleph-0 pptpd[1099]: CTRL: Exiting now > > > Sep 4 13:32:09 aleph-0 pptpd[1090]: MGR: Reaped child 1099 > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From paulpurkett at ziplip.com Wed Sep 5 19:01:43 2001 From: paulpurkett at ziplip.com (paulpurkett) Date: Wed, 5 Sep 2001 17:01:43 -0700 (PDT) Subject: [pptp-server] UNSUBCRIBE Message-ID: Please unsubscribe me from your mailing list. Thanks, Paul From paulpurkett at ziplip.com Wed Sep 5 19:01:45 2001 From: paulpurkett at ziplip.com (paulpurkett) Date: Wed, 5 Sep 2001 17:01:45 -0700 (PDT) Subject: [pptp-server] UNSUBCRIBE Message-ID: Please unsubscribe me from your mailing list. Thanks, Paul From muralivemuri at multitech.co.in Wed Sep 5 23:10:34 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 06 Sep 2001 09:40:34 +0530 Subject: [pptp-server] subnet gateway problem References: Message-ID: <3B96F73A.6447FDA2@multitech.co.in> hi, i tried that also, and no use:-( even i recompiled the kernel(2.4.2) with routing option enabled and booted from that. still no use! murali krishna vemuri Jamin Collins wrote: > Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] wrote: > > i have configured my PPTP server. > > i gave the range of addresses as : > > localip 192.168.2.120-125 > > You only need one ip for localip > > > remoteip 192.168.2.140-145 > > the ip address of the host(for eth0) is 192.168.2.76 > > after the link is established, i could read that the PPTP link got: > > localip : 192.168.2.121 > > remoteip 192.168.2.142 > > also, the client(win95) is able to ping to 192.168.2.121 as well as > > 192.168.2.76 > > but, the client is not able to ping to any other host in 192.168.2.x > > also, to my dismay, the client had subnet gateway as 192.168.2.142 > > itself whereas the subnet gateway of the server is 192.168.2.1. > > i could not understand where i have to configure the the > > subnet gateway. > > IIRC, this is normal. Try adding proxyarp to your ppp/options file or your > pptpd.conf file. > > Jamin W. Collins -- with thanks for your time, Murali Krishna Vemuri off: Multitech Software Systems, #95, 17th'B' Main Road, V Block, Koramangala, BANGALORE 560095 tel: 080 5534471 xtn: 255/214 res: #12, 6th 'A' Cross, Ramaswamy Palya, Vignana Nagara, Martha Halli Post, Bangalore 560 037. -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Wed Sep 5 23:13:33 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 6 Sep 2001 14:13:33 +1000 Subject: [pptp-server] subnet gateway problem Message-ID: <200FAA488DE0D41194F10010B597610D1CED4D@jupiter.citadelcomputer.com.au> Use tcpdump to see what's going on... you need to check all things like tcpdump netstat -rn ifconfig etc.etc. use tcpdump to see if pings are coming through then check that ip_forward is on! echo 1 > /proc/net/.......something.../ip_forward depending on our distro... -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Thursday, September 06, 2001 2:11 PM To: Jamin Collins Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] subnet gateway problem hi, i tried that also, and no use:-( even i recompiled the kernel(2.4.2) with routing option enabled and booted from that. still no use! murali krishna vemuri Jamin Collins wrote: Murali K. Vemuri [ mailto:muralivemuri at multitech.co.in ] wrote: > i have configured my PPTP server. > i gave the range of addresses as : > localip 192.168.2.120-125 You only need one ip for localip > remoteip 192.168.2.140-145 > the ip address of the host(for eth0) is 192.168.2.76 > after the link is established, i could read that the PPTP link got: > localip : 192.168.2.121 > remoteip 192.168.2.142 > also, the client(win95) is able to ping to 192.168.2.121 as well as > 192.168.2.76 > but, the client is not able to ping to any other host in 192.168.2.x > also, to my dismay, the client had subnet gateway as 192.168.2.142 > itself whereas the subnet gateway of the server is 192.168.2.1. > i could not understand where i have to configure the the > subnet gateway. IIRC, this is normal. Try adding proxyarp to your ppp/options file or your pptpd.conf file. Jamin W. Collins -- with thanks for your time, Murali Krishna Vemuri off: Multitech Software Systems, #95, 17th'B' Main Road, V Block, Koramangala, BANGALORE 560095 tel: 080 5534471 xtn: 255/214 res: #12, 6th 'A' Cross, Ramaswamy Palya, Vignana Nagara, Martha Halli Post, Bangalore 560 037. -------------- next part -------------- An HTML attachment was scrubbed... URL: From etuc at lycos.com Wed Sep 5 23:16:57 2001 From: etuc at lycos.com (tan shilan nor haliyan) Date: Wed, 05 Sep 2001 21:16:57 -0700 Subject: [pptp-server] UNSUBSCRIBES Message-ID: help me. i want to unsubscribe from this mailing list.. thank you Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ From GeorgeV at citadelcomputer.com.au Wed Sep 5 23:20:45 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 6 Sep 2001 14:20:45 +1000 Subject: [pptp-server] UNSUBSCRIBES Message-ID: <200FAA488DE0D41194F10010B597610D1CED4E@jupiter.citadelcomputer.com.au> If you can read like most people the very bottom line says "To unsubscribe, go to the url just above this line." and if you go there to that web page.. it also says at the bottom "To change your subscription (set options like digest and delivery modes, get a reminder of your password, or ********unsubscribe******** from pptp-server), enter your subscription email address" If you have problems unsubscribing, then says so and not just "help me" GV... -----Original Message----- From: tan shilan nor haliyan [mailto:etuc at lycos.com] Sent: Thursday, September 06, 2001 2:17 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] UNSUBSCRIBES help me. i want to unsubscribe from this mailing list.. thank you Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From muralivemuri at multitech.co.in Thu Sep 6 03:37:08 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 06 Sep 2001 14:07:08 +0530 Subject: [pptp-server] encryption in pptp Message-ID: <3B9735B4.53A0212D@multitech.co.in> hi , i am using version PoPToP - version 1.0.1 as pptp server. as per our requirements, i need to have some encryption embedded into the server. i could not figure out where and how i shall configure that. also, if i need to add any patches, please let me know, where i can download them. regards murali krishna vemuri From muralivemuri at multitech.co.in Thu Sep 6 04:24:15 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 06 Sep 2001 14:54:15 +0530 Subject: [pptp-server] subnet gateway problem References: <200FAA488DE0D41194F10010B597610D1CED4D@jupiter.citadelcomputer.com.au> Message-ID: <3B9740BF.DF9D40AF@multitech.co.in> tried all !!!!!!!!!!!! still NOPE!!!! murali krishna vemuri George Vieira wrote: > Use tcpdump to see what's going on... you need to check all things > like > tcpdump > netstat -rn > ifconfig > etc.etc. > use tcpdump to see if pings are coming through then check that > ip_forward is on! > echo 1 > /proc/net/.......something.../ip_forward depending on our > distro... > > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > > Sent: Thursday, September 06, 2001 2:11 PM > To: Jamin Collins > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] subnet gateway problem > hi, > > i tried that also, and no use:-( > even i recompiled the kernel(2.4.2) with routing option > enabled and booted from that. > still no use! > murali krishna vemuri > Jamin Collins wrote: > > > Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > > wrote: > > > i have configured my PPTP server. > > > i gave the range of addresses as : > > > localip 192.168.2.120-125 > > > > You only need one ip for localip > > > > > remoteip 192.168.2.140-145 > > > the ip address of the host(for eth0) is 192.168.2.76 > > > after the link is established, i could read that the > > PPTP link got: > > > localip : 192.168.2.121 > > > remoteip 192.168.2.142 > > > also, the client(win95) is able to ping to 192.168.2.121 > > as well as > > > 192.168.2.76 > > > but, the client is not able to ping to any other host in > > 192.168.2.x > > > also, to my dismay, the client had subnet gateway as > > 192.168.2.142 > > > itself whereas the subnet gateway of the server is > > 192.168.2.1. > > > i could not understand where i have to configure the the > > > > > subnet gateway. > > > > IIRC, this is normal. Try adding proxyarp to your > > ppp/options file or your > > pptpd.conf file. > > > > Jamin W. Collins > > -- > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pstarzew at gbp.com Thu Sep 6 07:40:55 2001 From: pstarzew at gbp.com (Pete Starzewski) Date: Thu, 06 Sep 2001 07:40:55 -0500 Subject: [pptp-server] UNSUBCRIBE In-Reply-To: Message-ID: <4.3.2.7.1.20010906073803.00bad180@mail06.gbp.com> Fat chance. I tried to unsubscribe 3 weeks ago and I'm still getting mail. I got a confirmation, but I'm still here. Is there a list moderator out there? Why isn't the unsubscribe automated like other lists? Wake up and do your damned job! At 05:01 PM 9/5/01 -0700, you wrote: >Please unsubscribe me from your mailing list. > >Thanks, > >Paul >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- From pstarzew at gbp.com Thu Sep 6 07:47:40 2001 From: pstarzew at gbp.com (Pete Starzewski) Date: Thu, 06 Sep 2001 07:47:40 -0500 Subject: [pptp-server] UNSUBSCRIBES In-Reply-To: <200FAA488DE0D41194F10010B597610D1CED4E@jupiter.citadelcomp uter.com.au> Message-ID: <4.3.2.7.1.20010906074411.00b3ca40@mail06.gbp.com> And you don't have to be a rude little SOB. The unsubscribe for this list is NOT automated. I tried unsubscribing almost 3 weeks ago and I still get the mail too. You go to unsub and you get a cute little mail message back that the moderator will remove you as soon as possible and it never happens. You want to bitch at someone, bitch at the moderator who obviously either doesn't know what he is doing, or just doesn't give a damn. At 02:20 PM 9/6/01 +1000, you wrote: >If you can read like most people the very bottom line says "To unsubscribe, >go to the url just above this line." and if you go there to that web page.. >it also says at the bottom > >"To change your subscription (set options like digest and delivery modes, >get a reminder of your password, or ********unsubscribe******** from >pptp-server), enter your subscription email address" > > >If you have problems unsubscribing, then says so and not just "help me" > > >GV... >-----Original Message----- >From: tan shilan nor haliyan [mailto:etuc at lycos.com] >Sent: Thursday, September 06, 2001 2:17 PM >To: pptp-server at lists.schulte.org >Subject: [pptp-server] UNSUBSCRIBES > > >help me. >i want to unsubscribe from this mailing list.. >thank you > > > >Get 250 color business cards for FREE! >http://businesscards.lycos.com/vp/fastpath/ >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- From berzerke at swbell.net Thu Sep 6 09:12:14 2001 From: berzerke at swbell.net (robert) Date: Thu, 06 Sep 2001 09:12:14 -0500 Subject: [pptp-server] subnet gateway problem In-Reply-To: <3B9740BF.DF9D40AF@multitech.co.in> References: <200FAA488DE0D41194F10010B597610D1CED4D@jupiter.citadelcomputer.com.au> <3B9740BF.DF9D40AF@multitech.co.in> Message-ID: <0GJ800C3NVBYFY@mta4.rcsntx.swbell.net> Sometimes it is just a minor mistake, but almost impossible to find. You might consider scrapping your current setup (although keep backup copies of you config files) and starting over. Follow one of the howtos. Once you have it working, then begin to use your previously backuped config files to see where the mistake was. If you find it, let the list know. It's just a matter of time before someone else makes the same mistake. On Thursday 06 September 2001 04:24 am, Murali K. Vemuri wrote: > tried all !!!!!!!!!!!! > still NOPE!!!! > murali krishna vemuri > > George Vieira wrote: > > Use tcpdump to see what's going on... you need to check all things > > like > > > > tcpdump > > > > netstat -rn > > > > ifconfig > > > > etc.etc. > > > > use tcpdump to see if pings are coming through then check that > > ip_forward is on! > > > > echo 1 > /proc/net/.......something.../ip_forward depending on our > > distro... > > > > -----Original Message----- > > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > > > > Sent: Thursday, September 06, 2001 2:11 PM > > To: Jamin Collins > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] subnet gateway problem > > hi, > > > > i tried that also, and no use:-( > > even i recompiled the kernel(2.4.2) with routing option > > enabled and booted from that. > > still no use! > > murali krishna vemuri > > > > Jamin Collins wrote: > > > Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > > > > > > wrote: > > > > i have configured my PPTP server. > > > > i gave the range of addresses as : > > > > localip 192.168.2.120-125 > > > > > > You only need one ip for localip > > > > > > > remoteip 192.168.2.140-145 > > > > the ip address of the host(for eth0) is 192.168.2.76 > > > > after the link is established, i could read that the > > > > > > PPTP link got: > > > > localip : 192.168.2.121 > > > > remoteip 192.168.2.142 > > > > also, the client(win95) is able to ping to 192.168.2.121 > > > > > > as well as > > > > > > > 192.168.2.76 > > > > but, the client is not able to ping to any other host in > > > > > > 192.168.2.x > > > > > > > also, to my dismay, the client had subnet gateway as > > > > > > 192.168.2.142 > > > > > > > itself whereas the subnet gateway of the server is > > > > > > 192.168.2.1. > > > > > > > i could not understand where i have to configure the the > > > > > > > > subnet gateway. > > > > > > IIRC, this is normal. Try adding proxyarp to your > > > ppp/options file or your > > > pptpd.conf file. > > > > > > Jamin W. Collins > > > > -- From charlieb at e-smith.com Thu Sep 6 10:36:18 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 6 Sep 2001 11:36:18 -0400 (EDT) Subject: [pptp-server] UNSUBSCRIBES In-Reply-To: <4.3.2.7.1.20010906074411.00b3ca40@mail06.gbp.com> Message-ID: On Thu, 6 Sep 2001, Pete Starzewski wrote: > And you don't have to be a rude little SOB. That's the pot calling the kettle black, if I've ever seen it. > The unsubscribe for this list is NOT automated. Really? You know that for a fact? > I tried unsubscribing almost 3 weeks ago and I still get the mail too. Most likely because you unsubscribed a different email address from teh one which is still being delivered, or you didn't use the correct password. If you did any of those things, the mailing list manager will inform you by mail. > You go to unsub and you get a cute little mail message back that the > moderator will remove you as soon as possible and it never happens. That's funny, because I just unsubscribed by mail, and I received a message confirming that the unsubscribe had succeeded. Nothing in there about a moderator being involved. > You want to bitch at someone, bitch at the moderator who obviously > either doesn't know what he is doing, or just doesn't give a damn. OTOH, you could just follow the instructions carefully, and keep your ugly opinions to yourself. http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From christopher at schulte.org Thu Sep 6 11:24:23 2001 From: christopher at schulte.org (Christopher Schulte) Date: Thu, 06 Sep 2001 11:24:23 -0500 Subject: [pptp-server] Re: UNSUBSCRIBES Message-ID: <5.1.0.14.0.20010906104324.03a59110@pop.schulte.org> ATTN: pptp-server members, if you see more people who can't get off the list (for whatever reason, I don't care) please don't argue. Just send me a message and I'll take care of it ASAP. Some people simply cannot read and follow directions. This will not change. The best bet is for me to hold their hand, unsubscribe them manually. They'll go away and bother other people. > > The unsubscribe for this list is NOT automated. It most certainly is, if you follow the instructions properly. If not, all bets are off. > > I tried unsubscribing almost 3 weeks ago and I still get the mail too. You sent a message to the list on Aug 6 trying to unsubscribe. That is the improper procedure. Aug 06 12:27:01 2001 (24217) pptp-server post from pstarzew at gbp.com held: Message may contain administrivia You cannot unsubscribe by sending messages to the list address. Your messages contained administrivia. Thus it was held in queue until Aug 13 when it was sent back to you with this explanation: "Reason: Please do *not* post administrative requests to the mailing list. If you wish to subscribe, visit http://lists.schulte.org/mailman/listinfo/pptp-server or send a message with the word `help' in it to the request address, pptp-server-request at lists.schulte.org, for further instructions." All you had to do was visit that url, the same url posted at the bottom of every message, the same url that is referenced in the help message (had you requested it) and follow basic instructions. It's that easy. Period. Bottom line. > > You go to unsub and you get a cute little mail message back that the > > moderator will remove you as soon as possible and it never happens. I've never seen that message, and I've been using this list software for close to 3 years with millions of delivered email messages. Unless you can document it, I'll assume you saw the 'held posting' message and were confused. > > You want to bitch at someone, bitch at the moderator who obviously > > either doesn't know what he is doing, or just doesn't give a damn. This list has no moderator. It's user supported, with a list admin who checks in from time to time. I don't admin this list personally, I'm the server admin. pstarzew at gbp.com is now off the list. From ckalos at gothambroadband.com Thu Sep 6 11:21:49 2001 From: ckalos at gothambroadband.com (Christopher Kalos) Date: Thu, 6 Sep 2001 12:21:49 -0400 Subject: [pptp-server] Sanity Check -- NAT + VPN Message-ID: I've got a group of systems attempting to access our PoPToP VPN from a remote location. At this point, they're all sharing a single connection to the outside world, so they're dealing with a NAT gateway. I'm certain that this can't be done, but I'd like to bounce it off of the list first. Can multiple clients connect from behind this NAT system to the VPN at the same time? If so, how would I go about setting that up? I know that at the moment, it fails miserably each time I try to get two users on, which I'll chalk up to the GRE traffic. Thanks in advance, Christopher Kalos Systems Administrator Gotham Broadband 212.206.9620 x340 From JaminC at adapt-tele.com Thu Sep 6 11:40:42 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Thu, 6 Sep 2001 11:40:42 -0500 Subject: [pptp-server] Sanity Check -- NAT + VPN Message-ID: Christopher Kalos [mailto:ckalos at gothambroadband.com] wrote: > I've got a group of systems attempting to access our PoPToP VPN from a > remote location. At this point, they're all sharing a single connection to > the outside world, so they're dealing with a NAT gateway. I'm certain that > this can't be done, but I'd like to bounce it off of the list first. Can > multiple clients connect from behind this NAT system to the VPN at the same > time? If so, how would I go about setting that up? I know that at the > moment, it fails miserably each time I try to get two users on, which I'll > chalk up to the GRE traffic. You are absolutely correct. PoPToP for a few different reasons can not accept multiple concurrent connections from the same IP address. Jamin W. Collins From awdavis at waretec.com Thu Sep 6 11:46:09 2001 From: awdavis at waretec.com (Andrew W. Davis) Date: Thu, 6 Sep 2001 11:46:09 -0500 Subject: [pptp-server] What list is this? Message-ID: <20010906114609.A24322@falcon.waretec.com> So is the this PoPToP/Linux VPN list or the "help I've subscribed to a list that discusses material that's either way too complicated for me to understand or I just don't like getting 20 e-mails a day about issues that I don't know/care to know anything about" list? And on a positive note, thanks to all the PoPToP problem solvers and problem creators out there, for without your assistance, I couldn't have implemented my first VPN box. Thanks too to all those who stay on topic (unlike me:). L8s, Andrew -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Andrew Davis LAN/WAN Administrative Engineer and Live Weather Contact Weather Metrics, Inc. From michaelm at eyeball.com Thu Sep 6 13:46:46 2001 From: michaelm at eyeball.com (Michael McConnell) Date: Thu, 6 Sep 2001 11:46:46 -0700 Subject: [pptp-server] Sanity Check -- NAT + VPN References: Message-ID: <044101c13704$47c7d540$db01020a@eyeball.com> I've been bit by these various problems.. I've just completed a migration from PPTP-Client / PopTop to VTUN http://vtun.sourceforge.net/ Check it out, you will not have any of these problems in VTUN's Ether Configuration. Mike ----- Original Message ----- From: "Jamin Collins" To: "'Christopher Kalos'" ; "Poptop Mailing List" Sent: Thursday, September 06, 2001 9:40 AM Subject: RE: [pptp-server] Sanity Check -- NAT + VPN > Christopher Kalos [mailto:ckalos at gothambroadband.com] wrote: > > I've got a group of systems attempting to access our PoPToP VPN from > a > > remote location. At this point, they're all sharing a single connection > to > > the outside world, so they're dealing with a NAT gateway. I'm certain > that > > this can't be done, but I'd like to bounce it off of the list first. Can > > multiple clients connect from behind this NAT system to the VPN at the > same > > time? If so, how would I go about setting that up? I know that at the > > moment, it fails miserably each time I try to get two users on, which I'll > > chalk up to the GRE traffic. > > You are absolutely correct. PoPToP for a few different reasons can not > accept multiple concurrent connections from the same IP address. > > Jamin W. Collins > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From iso9 at phantasticant.com Thu Sep 6 14:07:53 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Thu, 6 Sep 2001 12:07:53 -0700 Subject: [pptp-server] Sanity Check -- NAT + VPN In-Reply-To: Message-ID: Why not use FreeS/WAN ? http://www.freeswan.org/ It's the IPSec software for linux. I found it to be relatively straightforward to set up, and there is a lot of assistance available on the mailing list. I'm using PPTP for win2k clients to VPN into our LAN, and IPSec to connect my home LAN with the office LAN, as well as connect the Office LAN to our colocated LANs. Everything works flawlessly (although I did have some problems at the beginning with MTU size. :) Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher Kalos Sent: Thursday, September 06, 2001 9:22 AM To: Poptop Mailing List Subject: [pptp-server] Sanity Check -- NAT + VPN I've got a group of systems attempting to access our PoPToP VPN from a remote location. At this point, they're all sharing a single connection to the outside world, so they're dealing with a NAT gateway. I'm certain that this can't be done, but I'd like to bounce it off of the list first. Can multiple clients connect from behind this NAT system to the VPN at the same time? If so, how would I go about setting that up? I know that at the moment, it fails miserably each time I try to get two users on, which I'll chalk up to the GRE traffic. Thanks in advance, Christopher Kalos Systems Administrator Gotham Broadband 212.206.9620 x340 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From ckalos at gothambroadband.com Thu Sep 6 14:07:21 2001 From: ckalos at gothambroadband.com (Christopher Kalos) Date: Thu, 6 Sep 2001 15:07:21 -0400 Subject: [pptp-server] Sanity Check -- NAT + VPN In-Reply-To: Message-ID: Well, I'm trying to stay as close to MS compliant as I can, since we can't control every client that enters the VPN. The less custom stuff that we work with, the easier it is to help any people overseas with their connection. Adding another variable would be painful at this point. In addition, unless I see something horrendously wrong with Poptop, why should I change the system? As it stands, I've successfully managed to enable MPPE support, and as far as Win2000/Win98 are concerned, they're talking to a Windows VPN server. Does FreeS/WAN really buy me so much that I should be forced to fix that which isn't even entirely broken? I can share the VPN link, effectively running router-to-router VPN, but there are reasons that we may prefer a client-server design at this point. That's the only reason that I've asked, and I didn't really consider it an entry point to any arguments over which VPN software is better. If I wanted to deal with that, I'd move onto mpd-netgraph and call it a day :-) CK -----Original Message----- From: Jordan Share [mailto:iso9 at phantasticant.com] Sent: Thursday, September 06, 2001 3:08 PM To: Christopher Kalos; Poptop Mailing List Subject: RE: [pptp-server] Sanity Check -- NAT + VPN Why not use FreeS/WAN ? http://www.freeswan.org/ It's the IPSec software for linux. I found it to be relatively straightforward to set up, and there is a lot of assistance available on the mailing list. I'm using PPTP for win2k clients to VPN into our LAN, and IPSec to connect my home LAN with the office LAN, as well as connect the Office LAN to our colocated LANs. Everything works flawlessly (although I did have some problems at the beginning with MTU size. :) Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher Kalos Sent: Thursday, September 06, 2001 9:22 AM To: Poptop Mailing List Subject: [pptp-server] Sanity Check -- NAT + VPN I've got a group of systems attempting to access our PoPToP VPN from a remote location. At this point, they're all sharing a single connection to the outside world, so they're dealing with a NAT gateway. I'm certain that this can't be done, but I'd like to bounce it off of the list first. Can multiple clients connect from behind this NAT system to the VPN at the same time? If so, how would I go about setting that up? I know that at the moment, it fails miserably each time I try to get two users on, which I'll chalk up to the GRE traffic. Thanks in advance, Christopher Kalos Systems Administrator Gotham Broadband 212.206.9620 x340 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From iso9 at phantasticant.com Thu Sep 6 14:21:32 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Thu, 6 Sep 2001 12:21:32 -0700 Subject: [pptp-server] Sanity Check -- NAT + VPN In-Reply-To: Message-ID: Ah, I forgot to mention. The nice thing about using IPSec, is that it is an interoperable protocol. The LANs at the colo center are protected by a Netscreen100 firewall, which talks IPSec just fine with freeswan. The VTUN solution that was mentioned is much more proprietary. But, I've often seen people recommend it, so whatever will work best for you. Me, I like standards. :) Jordan P.S. One more caveat that I just remembered, if you are using NAT at some point between the IPSec gateways, things get a bit more tricky. But my IPSec gateway at the office is behind a 1-to-1 NAT box (a Webramp 700s, *shudder*), and it's still talking fine with my linuxbox at home, and the Netscreen100 at the colo. I wasn't able to get it to talk to Win2k's built-in IPSec, when the Win2k box was behind a 1-to-1 NAT box, but I didn't try very hard, because I figured it'd just be easier to put IPSec on my gateway. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jordan Share Sent: Thursday, September 06, 2001 12:08 PM To: Christopher Kalos; Poptop Mailing List Subject: RE: [pptp-server] Sanity Check -- NAT + VPN Why not use FreeS/WAN ? http://www.freeswan.org/ It's the IPSec software for linux. I found it to be relatively straightforward to set up, and there is a lot of assistance available on the mailing list. I'm using PPTP for win2k clients to VPN into our LAN, and IPSec to connect my home LAN with the office LAN, as well as connect the Office LAN to our colocated LANs. Everything works flawlessly (although I did have some problems at the beginning with MTU size. :) Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher Kalos Sent: Thursday, September 06, 2001 9:22 AM To: Poptop Mailing List Subject: [pptp-server] Sanity Check -- NAT + VPN I've got a group of systems attempting to access our PoPToP VPN from a remote location. At this point, they're all sharing a single connection to the outside world, so they're dealing with a NAT gateway. I'm certain that this can't be done, but I'd like to bounce it off of the list first. Can multiple clients connect from behind this NAT system to the VPN at the same time? If so, how would I go about setting that up? I know that at the moment, it fails miserably each time I try to get two users on, which I'll chalk up to the GRE traffic. Thanks in advance, Christopher Kalos Systems Administrator Gotham Broadband 212.206.9620 x340 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From JaminC at adapt-tele.com Thu Sep 6 14:25:51 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Thu, 6 Sep 2001 14:25:51 -0500 Subject: [pptp-server] Sanity Check -- NAT + VPN Message-ID: Michael McConnell [mailto:michaelm at eyeball.com] wrote: > I've been bit by these various problems.. > > I've just completed a migration from PPTP-Client / PopTop to VTUN > http://vtun.sourceforge.net/ > > Check it out, you will not have any of these problems in VTUN's Ether > Configuration. While VTUN does support multiple connections, it is limited with regard to the platforms it supports. Directly from their site's FAQ: |1.6 Can I establish VTun tunnel with Windows machine ? | Unfortunately there is no VTun client for Windows yet. | We a looking for a guru who will port VTun to Windows. | |1.7 Can I establish VTun tunnel with Cisco ? | No. VTun doesn't support tunneling with Cisco. | |1.8 Does VTun support PPTP, L2TP, IPsec ? | VTun uses it's own simple and efficient protocol with TCP or UDP. | It doesn't support PPTP, L2TP, IPsec. | |1.9 What platforms are supported by VTun ? | VTun was developed on Linux and then ported to several other OS: | Linux (any glibc based distribution) | Solaris | FreeBSD, OpenBSD, NetBSD and other BSD clones. Thus, if windows client connectivity is needed, this is not really an ideal solution. Jamin W. Collins From iso9 at phantasticant.com Thu Sep 6 14:27:03 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Thu, 6 Sep 2001 12:27:03 -0700 Subject: [pptp-server] Sanity Check -- NAT + VPN In-Reply-To: Message-ID: OIC. I thought you were looking for a way to connect two subnets securely, which IPSec definitely is. Since you only need to connect clients, then PPTP is probably the easiest thing (especially since you already have it working. :) And you could share the PPTP connection if it comes down to it, I guess. I see PPTP and IPSec as having different applications/purposes, and I was confused as to what your application was. Thanks, Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher Kalos Sent: Thursday, September 06, 2001 12:07 PM To: Poptop Mailing List Subject: RE: [pptp-server] Sanity Check -- NAT + VPN Well, I'm trying to stay as close to MS compliant as I can, since we can't control every client that enters the VPN. The less custom stuff that we work with, the easier it is to help any people overseas with their connection. Adding another variable would be painful at this point. In addition, unless I see something horrendously wrong with Poptop, why should I change the system? As it stands, I've successfully managed to enable MPPE support, and as far as Win2000/Win98 are concerned, they're talking to a Windows VPN server. Does FreeS/WAN really buy me so much that I should be forced to fix that which isn't even entirely broken? I can share the VPN link, effectively running router-to-router VPN, but there are reasons that we may prefer a client-server design at this point. That's the only reason that I've asked, and I didn't really consider it an entry point to any arguments over which VPN software is better. If I wanted to deal with that, I'd move onto mpd-netgraph and call it a day :-) CK -----Original Message----- From: Jordan Share [mailto:iso9 at phantasticant.com] Sent: Thursday, September 06, 2001 3:08 PM To: Christopher Kalos; Poptop Mailing List Subject: RE: [pptp-server] Sanity Check -- NAT + VPN Why not use FreeS/WAN ? http://www.freeswan.org/ It's the IPSec software for linux. I found it to be relatively straightforward to set up, and there is a lot of assistance available on the mailing list. I'm using PPTP for win2k clients to VPN into our LAN, and IPSec to connect my home LAN with the office LAN, as well as connect the Office LAN to our colocated LANs. Everything works flawlessly (although I did have some problems at the beginning with MTU size. :) Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher Kalos Sent: Thursday, September 06, 2001 9:22 AM To: Poptop Mailing List Subject: [pptp-server] Sanity Check -- NAT + VPN I've got a group of systems attempting to access our PoPToP VPN from a remote location. At this point, they're all sharing a single connection to the outside world, so they're dealing with a NAT gateway. I'm certain that this can't be done, but I'd like to bounce it off of the list first. Can multiple clients connect from behind this NAT system to the VPN at the same time? If so, how would I go about setting that up? I know that at the moment, it fails miserably each time I try to get two users on, which I'll chalk up to the GRE traffic. Thanks in advance, Christopher Kalos Systems Administrator Gotham Broadband 212.206.9620 x340 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Thu Sep 6 14:29:46 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 6 Sep 2001 15:29:46 -0400 (EDT) Subject: [pptp-server] Sanity Check -- NAT + VPN In-Reply-To: Message-ID: On Thu, 6 Sep 2001, Jamin Collins wrote: > Thus, if windows client connectivity is needed, this is not really an ideal > solution. ... not really a solution at all. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From tnsampaio at planae.com.br Thu Sep 6 14:41:10 2001 From: tnsampaio at planae.com.br (Tiago N. Sampaio) Date: Thu, 6 Sep 2001 16:41:10 -0300 Subject: [pptp-server] Please cliente for linux... Message-ID: <01090616440103.01017@tnsampaio.planae.com.br> Please..... My poptop is working fine with clients win98 , but i dont now configure the pptp cliente for linux..... Please send -me a configuration examples fo pptp-linux..... my boss to be hot.... Thanks... Ps: my english is not very good.... hehe -- Tiago N. Sampaio Planae Informatica Sp/Brasil Depto Linux/VPN From mule at umich.edu Thu Sep 6 16:27:26 2001 From: mule at umich.edu (Dudek, Stephen) Date: Thu, 6 Sep 2001 17:27:26 -0400 Subject: [pptp-server] Please cliente for linux... Message-ID: <5968304D93D0D411AA0D009027CCC0B016D4AA@EXCHANGE01> I think some of us new to the list have read the FAQs for the client, but are still somewhat confused. I've got the PoPToP server running on Linux Kernel 2.4.2. Windows NT / 2000 will connect fine, but am having trouble getting the client to work. Thanks, Steve D. > -----Original Message----- > From: Tiago N. Sampaio [mailto:tnsampaio at planae.com.br] > Sent: Thursday, September 06, 2001 3:41 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Please cliente for linux... > > > Please..... > My poptop is working fine with clients win98 , but i dont now > configure the > pptp cliente for linux..... > Please send -me a configuration examples fo pptp-linux..... > my boss to be hot.... > > Thanks... > > Ps: my english is not very good.... > hehe > > -- > Tiago N. Sampaio > Planae Informatica > Sp/Brasil > Depto Linux/VPN > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From g.zanetti at staff.ihug.co.nz Thu Sep 6 17:05:36 2001 From: g.zanetti at staff.ihug.co.nz (Grant Zanetti) Date: Fri, 7 Sep 2001 10:05:36 +1200 (NZST) Subject: [pptp-server] GRE window size Message-ID: Is there anyway to adjust the window size for acknowledging packets coming out of the tunnel? At the moment in the source I see we just go with whatever the windows client says. However using tcpdump I'm seeing a 1:1 ratio of output packets to acks sent back. Grant Zanetti -- Systems Programmer +64 21 605 328 Ihug g.zanetti at staff.ihug.co.nz Programming -------------------------------------------------------------- "Democracy: Four wolves and one lamb voting on lunch" From GeorgeV at citadelcomputer.com.au Thu Sep 6 17:28:51 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 7 Sep 2001 08:28:51 +1000 Subject: [pptp-server] subnet gateway problem Message-ID: <200FAA488DE0D41194F10010B597610D1CED55@jupiter.citadelcomputer.com.au> "NOPE" doesn't tell us what tcpdump returned nor does it any differences anywhere where you may not have noticed. We can't help you if you can't help us by sending us as much info as possible. What parameters did you pass tcpdump if any? Did you get any output at all from it? -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Thursday, September 06, 2001 7:24 PM To: George Vieira Cc: Jamin Collins; pptp-server at lists.schulte.org Subject: Re: [pptp-server] subnet gateway problem tried all !!!!!!!!!!!! still NOPE!!!! murali krishna vemuri George Vieira wrote: Use tcpdump to see what's going on... you need to check all things like tcpdump netstat -rn ifconfig etc.etc. use tcpdump to see if pings are coming through then check that ip_forward is on! echo 1 > /proc/net/.......something.../ip_forward depending on our distro... -----Original Message----- From: Murali K. Vemuri [ mailto:muralivemuri at multitech.co.in ] Sent: Thursday, September 06, 2001 2:11 PM To: Jamin Collins Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] subnet gateway problem hi, i tried that also, and no use:-( even i recompiled the kernel(2.4.2) with routing option enabled and booted from that. still no use! murali krishna vemuri Jamin Collins wrote: Murali K. Vemuri [ mailto:muralivemuri at multitech.co.in ] wrote: > i have configured my PPTP server. > i gave the range of addresses as : > localip 192.168.2.120-125 You only need one ip for localip > remoteip 192.168.2.140-145 > the ip address of the host(for eth0) is 192.168.2.76 > after the link is established, i could read that the PPTP link got: > localip : 192.168.2.121 > remoteip 192.168.2.142 > also, the client(win95) is able to ping to 192.168.2.121 as well as > 192.168.2.76 > but, the client is not able to ping to any other host in 192.168.2.x > also, to my dismay, the client had subnet gateway as 192.168.2.142 > itself whereas the subnet gateway of the server is 192.168.2.1. > i could not understand where i have to configure the the > subnet gateway. IIRC, this is normal. Try adding proxyarp to your ppp/options file or your pptpd.conf file. Jamin W. Collins -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Thu Sep 6 18:04:43 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 7 Sep 2001 09:04:43 +1000 Subject: [pptp-server] encryption in pptp Message-ID: <200FAA488DE0D41194F10010B597610D1CED58@jupiter.citadelcomputer.com.au> Firstly most of us recommend using poptop 1.1.2 even though it's in development STILL (I'd call it stable and I'm sure most people on the list would too)... Patches are found in numerous sites (do a search or someone on list list may reply). Also helps to let people know what you have as some sites have patches for kernel 2.4.X and some for 2.2.X I have files/patches here for 2.4.X kernels of linux. -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Thursday, September 06, 2001 6:37 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] encryption in pptp hi , i am using version PoPToP - version 1.0.1 as pptp server. as per our requirements, i need to have some encryption embedded into the server. i could not figure out where and how i shall configure that. also, if i need to add any patches, please let me know, where i can download them. regards murali krishna vemuri _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Thu Sep 6 18:16:13 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 7 Sep 2001 09:16:13 +1000 Subject: [pptp-server] Sanity Check -- NAT + VPN Message-ID: <200FAA488DE0D41194F10010B597610D1CED59@jupiter.citadelcomputer.com.au> If it's anything important, you can ipforward the NATed network to the VPN LAN. If you require visible machines on the NAT clients then try routing the network through... This is what I've been playing with at home. So why make multiple connections when 1 is enough anyway????? Any use? -----Original Message----- From: Christopher Kalos [mailto:ckalos at gothambroadband.com] Sent: Friday, September 07, 2001 2:22 AM To: Poptop Mailing List Subject: [pptp-server] Sanity Check -- NAT + VPN I've got a group of systems attempting to access our PoPToP VPN from a remote location. At this point, they're all sharing a single connection to the outside world, so they're dealing with a NAT gateway. I'm certain that this can't be done, but I'd like to bounce it off of the list first. Can multiple clients connect from behind this NAT system to the VPN at the same time? If so, how would I go about setting that up? I know that at the moment, it fails miserably each time I try to get two users on, which I'll chalk up to the GRE traffic. Thanks in advance, Christopher Kalos Systems Administrator Gotham Broadband 212.206.9620 x340 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From neale at lowendale.com.au Thu Sep 6 19:01:07 2001 From: neale at lowendale.com.au (Neale Banks) Date: Fri, 7 Sep 2001 10:01:07 +1000 (EST) Subject: [pptp-server] Sanity Check -- NAT + VPN In-Reply-To: Message-ID: On Thu, 6 Sep 2001, Jamin Collins wrote: [...] > You are absolutely correct. PoPToP for a few different reasons can not > accept multiple concurrent connections from the same IP address. W.R.T. PoPToP, is the limitation specifically and exclusively w.r.t the TCP control channel? If so, and if the TCP side was fixed, would there be an issue with multiple GRE tunnels? Pointers to documentation etc gratefully accepted. Thanks, Neale. From GeorgeV at citadelcomputer.com.au Thu Sep 6 19:08:26 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 7 Sep 2001 10:08:26 +1000 Subject: [pptp-server] PPTP and links Message-ID: <200FAA488DE0D41194F10010B597610D1CED5F@jupiter.citadelcomputer.com.au> Hi all, I am getting fed up with poptop.lineo.com as it doesn't have all the updates and patches that people keep looking for. I'm planning to put up a site purely for poptop and patches etc for people to come in and get whatever is new and needed... any ideas, links etc people want me to put up? I may/may not do this depending on the support/response I get. thanks, George Vieira. From muralivemuri at multitech.co.in Thu Sep 6 19:18:11 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Fri, 07 Sep 2001 05:48:11 +0530 Subject: [pptp-server] encryption in pptp References: <200FAA488DE0D41194F10010B597610D1CED58@jupiter.citadelcomputer.com.au> Message-ID: <3B981243.E113105B@multitech.co.in> first of all, i am pretty thankful for the support through the list. please don't mind to find my comments starting with $$$. George Vieira wrote: > Firstly most of us recommend using poptop 1.1.2 even though it's in > development STILL (I'd call it stable and I'm sure most people on the list > would too)... > $$$ sorry for my ignorance.............does 1.1.2 have encryption ? > > Patches are found in numerous sites (do a search or someone on list list may > reply). $$$ i tried some patches y'day.............but, 'make' itself exits with some errors.......and the patches doesnot get installed only......... > > > Also helps to let people know what you have as some sites have patches for > kernel 2.4.X and some for 2.2.X > > I have files/patches here for 2.4.X kernels of linux. $$$ I have two machines on which i have installed PoPToP. one has got 2.2.16 kernel and the other has got 2.4.2 kernel. so, i would be more than thankful if i could get patches for both(at least their links). regards murali krishna vemuri > > > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > Sent: Thursday, September 06, 2001 6:37 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] encryption in pptp > > hi , > > i am using version PoPToP - version 1.0.1 as pptp server. > > as per our requirements, i need to have some encryption embedded into > the server. > > i could not figure out where and how i shall configure that. > > also, if i need to add any patches, please let me know, where i can > download them. > > regards > murali krishna vemuri > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From doc at docwardo.net Thu Sep 6 19:16:11 2001 From: doc at docwardo.net (Joe Ward) Date: Thu, 6 Sep 2001 20:16:11 -0400 Subject: [pptp-server] PPTP and links In-Reply-To: <200FAA488DE0D41194F10010B597610D1CED5F@jupiter.citadelcomputer.com.au> Message-ID: I too was thinking the same thing. maybe with either a msg board or a well maintained FAQ setup for all these common questions that keep getting passed on this list like the multiple nat'd clients. -Joe Ward > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira > Sent: Thursday, September 06, 2001 8:08 PM > To: PPTP List (E-mail) > Subject: [pptp-server] PPTP and links > > > Hi all, > > I am getting fed up with poptop.lineo.com as it doesn't have all > the updates > and patches that people keep looking for. > I'm planning to put up a site purely for poptop and patches etc for people > to come in and get whatever is new and needed... > > any ideas, links etc people want me to put up? > > I may/may not do this depending on the support/response I get. > > thanks, > George Vieira. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From neale at lowendale.com.au Thu Sep 6 19:33:33 2001 From: neale at lowendale.com.au (Neale Banks) Date: Fri, 7 Sep 2001 10:33:33 +1000 (EST) Subject: [pptp-server] encryption in pptp In-Reply-To: <3B981243.E113105B@multitech.co.in> Message-ID: On Fri, 7 Sep 2001, Murali K. Vemuri wrote: > first of all, > i am pretty thankful for the support through the list. > please don't mind to find my comments starting with $$$. > George Vieira wrote: > > > Firstly most of us recommend using poptop 1.1.2 even though it's in > > development STILL (I'd call it stable and I'm sure most people on the list > > would too)... > > > > $$$ sorry for my ignorance.............does 1.1.2 have encryption ? No - PPTP ecryption (and FWIW authentication) is in ppp. PoPToP's role is to arrange the GRE tunnel for ppp - then ppp does authentication, encryption etc. So to get MS-specific authentication and encrytion, it's patches for ppp that you'll be needing. HTH, Neale. From neale at lowendale.com.au Thu Sep 6 19:49:54 2001 From: neale at lowendale.com.au (Neale Banks) Date: Fri, 7 Sep 2001 10:49:54 +1000 (EST) Subject: [pptp-server] PPTP and links In-Reply-To: <200FAA488DE0D41194F10010B597610D1CED5F@jupiter.citadelcomputer.com.au> Message-ID: On Fri, 7 Sep 2001, George Vieira wrote: > Hi all, > > I am getting fed up with poptop.lineo.com as it doesn't have all the updates > and patches that people keep looking for. > I'm planning to put up a site purely for poptop and patches etc for people > to come in and get whatever is new and needed... > > any ideas, links etc people want me to put up? > > I may/may not do this depending on the support/response I get. Sounds like a Good Idea to me. Thanks, Neale. From berzerke at swbell.net Thu Sep 6 20:18:40 2001 From: berzerke at swbell.net (robert) Date: Thu, 06 Sep 2001 20:18:40 -0500 Subject: [pptp-server] PPTP and links In-Reply-To: References: Message-ID: <0GJ900MJ0Q6LOL@mta5.rcsntx.swbell.net> There already is such a FAQ. See the 2.4 kernel howto at http://home.swbell.net/berzerke . I need to update it to docbook, once I learn docbook and work on the organization a bit. On Thursday 06 September 2001 07:16 pm, Joe Ward wrote: > I too was thinking the same thing. maybe with either a msg board or a well > maintained FAQ setup for all these common questions that keep getting > passed on this list like the multiple nat'd clients. > > -Joe Ward > > > -----Original Message----- > > From: pptp-server-admin at lists.schulte.org > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira > > Sent: Thursday, September 06, 2001 8:08 PM > > To: PPTP List (E-mail) > > Subject: [pptp-server] PPTP and links > > > > > > Hi all, > > > > I am getting fed up with poptop.lineo.com as it doesn't have all > > the updates > > and patches that people keep looking for. > > I'm planning to put up a site purely for poptop and patches etc for > > people to come in and get whatever is new and needed... > > > > any ideas, links etc people want me to put up? > > > > I may/may not do this depending on the support/response I get. > > > > thanks, > > George Vieira. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Thu Sep 6 23:05:51 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 7 Sep 2001 14:05:51 +1000 Subject: [pptp-server] PPTP and links Message-ID: <200FAA488DE0D41194F10010B597610D1CED71@jupiter.citadelcomputer.com.au> Can you confirm which files are outdated or no longer required etc..etc.. Here's my list of found files on my PPTP server... -rw-r--r-- 1 root root 98897 Jun 18 03:12 linux-2.4.4-openssl-0.9.6a-mppe.patch -rw-r--r-- 1 root root 26534489 Jun 18 03:12 linux-2.4.5.tar.gz -rw-r--r-- 1 root root 445 Jun 18 03:12 mppe-chapv1-fix.diff -rw-r--r-- 1 root root 838 Jun 18 03:12 mppe_stateless.patch -rw-r--r-- 1 root root 137128 Jun 18 03:12 ppp-2.4.0-openssl-0.9.6-mppe.patch -rw-r--r-- 1 root root 507 Jun 18 03:12 ppp-2.4.1-MSCHAPv2-fix.patch -rw-r--r-- 1 root root 136956 Jun 18 03:12 ppp-2.4.1-openssl-0.9.6-mppe-patch -rw-r--r-- 1 root root 536746 Jun 18 03:46 ppp-2.4.1.tar.gz -rw-r--r-- 1 root root 335 Jun 18 03:46 ppp_mppe_compressed_data_fix.diff -rw-r--r-- 1 root root 14132 Jun 18 03:46 ppp-mppe.patch -rw-r--r-- 1 root root 115418 Jun 18 03:12 pptpd-1.1.2.tar.gz Most are 2.4 specific I know, but some seem like they replace others there on the list.. Anybody got updated versions of whatever files like the SMB patches (hopefully the fully bug stomped versions).. thanks, GV.. From muralivemuri at multitech.co.in Thu Sep 6 23:39:35 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Fri, 07 Sep 2001 10:09:35 +0530 Subject: [pptp-server] subnet gateway problem References: <200FAA488DE0D41194F10010B597610D1CED55@jupiter.citadelcomputer.com.au> Message-ID: <3B984F87.7F5009BF@multitech.co.in> hi all, i am enclosing the tcpdump when the pptp link is up i could not figure out the problem there. please don't mind to spare a minute for that. regards murali krishna vemuri George Vieira wrote: > "NOPE" doesn't tell us what tcpdump returned nor does it any > differences anywhere where you may not have noticed. We can't help you > if you can't help us by sending us as much info as possible.What > parameters did you pass tcpdump if any? Did you get any output at all > from it? > > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > > Sent: Thursday, September 06, 2001 7:24 PM > To: George Vieira > Cc: Jamin Collins; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] subnet gateway problem > tried all !!!!!!!!!!!! > still NOPE!!!! > murali krishna vemuri > George Vieira wrote: > > > Use tcpdump to see what's going on... you need to check > > all things like > > > tcpdump > > > netstat -rn > > > ifconfig > > > etc.etc. > > > use tcpdump to see if pings are coming through then check > > that ip_forward is on! > > > echo 1 > /proc/net/.......something.../ip_forward > > depending on our distro... > > > > -----Original Message----- > > From: Murali K. Vemuri > > [mailto:muralivemuri at multitech.co.in] > > Sent: Thursday, September 06, 2001 2:11 PM > > To: Jamin Collins > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] subnet gateway > > problem > > hi, > > > > i tried that also, and no use:-( > > even i recompiled the kernel(2.4.2) with routing > > option enabled and booted from that. > > still no use! > > murali krishna vemuri > > Jamin Collins wrote: > > > > > Murali K. Vemuri > > > [mailto:muralivemuri at multitech.co.in] wrote: > > > > i have configured my PPTP server. > > > > i gave the range of addresses as : > > > > localip 192.168.2.120-125 > > > > > > You only need one ip for localip > > > > > > > remoteip 192.168.2.140-145 > > > > the ip address of the host(for eth0) is > > > 192.168.2.76 > > > > after the link is established, i could read > > > that the PPTP link got: > > > > localip : 192.168.2.121 > > > > remoteip 192.168.2.142 > > > > also, the client(win95) is able to ping to > > > 192.168.2.121 as well as > > > > 192.168.2.76 > > > > but, the client is not able to ping to any > > > other host in 192.168.2.x > > > > also, to my dismay, the client had subnet > > > gateway as 192.168.2.142 > > > > itself whereas the subnet gateway of the > > > server is 192.168.2.1. > > > > i could not understand where i have to > > > configure the the > > > > subnet gateway. > > > > > > IIRC, this is normal. Try adding proxyarp to > > > your ppp/options file or your > > > pptpd.conf file. > > > > > > Jamin W. Collins > > > > -- > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- 09:11:47.707558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:47.707558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:47.707558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:47.717558 eth0 > arp who-has 192.168.2.1 tell 192.168.2.76 (0:0:c0:ea:c4:9f) 09:11:47.717558 eth0 < arp reply 192.168.2.1 is-at 0:40:5:70:49:75 (0:0:c0:ea:c4:9f) 09:11:47.717558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46088+ PTR? 255.2.168.192.in-addr.arpa. (44) (DF) 09:11:48.127558 eth0 B 16680b3.00:40:05:72:59:02.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 193 09:11:48.127558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:11:48.127558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:11:48.127558 eth0 B 0:40:5:70:49:75 Broadcast 8137 238: 09:11:48.137558 eth0 B 0:0:c0:86:34:9f > Broadcast sap e0 ui/C 09:11:48.467558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:48.467558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:48.467558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:48.767558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:48.767558 eth0 B 0:0:c0:86:34:9f > Broadcast sap e0 ui/C 09:11:48.767558 eth0 B be6058b0.00:00:c0:86:34:9f.550 > d017d.ff:ff:ff:ff:ff:ff.551: ipx-#551 68 09:11:48.767558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:11:48.767558 eth0 B 0:40:5:70:49:75 Broadcast 8137 112: 09:11:49.267558 eth0 B 0:0:c0:86:34:9f > Broadcast sap e0 ui/C 09:11:49.267558 eth0 B be6058b0.00:00:c0:86:34:9f.550 > d017d.ff:ff:ff:ff:ff:ff.551: ipx-#551 68 09:11:49.267558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:11:49.267558 eth0 B 0:40:5:70:49:75 Broadcast 8137 112: 09:11:49.517558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:49.767558 eth0 B 0:0:c0:86:34:9f > Broadcast sap e0 ui/C 09:11:49.767558 eth0 B be6058b0.00:00:c0:86:34:9f.550 > d017d.ff:ff:ff:ff:ff:ff.551: ipx-#551 68 09:11:49.767558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:11:49.767558 eth0 B 0:40:5:70:49:75 Broadcast 8137 112: 09:11:50.267558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:50.267558 eth0 B 0:0:c0:86:34:9f > Broadcast sap e0 ui/C 09:11:50.267558 eth0 B be6058b0.00:00:c0:86:34:9f.550 > d017d.ff:ff:ff:ff:ff:ff.551: ipx-#551 68 09:11:50.267558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:11:50.267558 eth0 B 0:40:5:70:49:75 Broadcast 8137 112: 09:11:50.767558 eth0 B 0:0:c0:86:34:9f > Broadcast sap e0 ui/C 09:11:50.767558 eth0 B be6058b0.00:00:c0:86:34:9f.550 > d017d.ff:ff:ff:ff:ff:ff.551: ipx-#551 68 09:11:50.767558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:11:50.767558 eth0 B 0:40:5:70:49:75 Broadcast 8137 112: 09:11:51.017558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:51.057558 eth0 B 192.168.2.1.router > 255.255.255.255.router: rip-resp 3: 0.0.0.0(1) 192.168.3.0(1) 192.168.1.0(1) 09:11:51.767558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:52.517558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:52.537558 eth0 B 192.168.2.11.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:11:52.727558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46088+ PTR? 255.2.168.192.in-addr.arpa. (44) (DF) 09:11:52.817558 eth0 B 0:0:c0:86:34:9f > Broadcast sap e0 ui/C IPX/SMB 09:11:52.817558 eth0 B be6058b0.00:00:c0:86:34:9f.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 197 09:11:52.817558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:11:52.817558 eth0 B 0:40:5:70:49:75 Broadcast 8137 242: 09:11:53.257558 eth0 B 192.168.2.233.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:11:53.267558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:54.027558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:11:55.537558 eth0 B 16680b3.00:50:ba:8c:7a:1d.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 190 09:11:55.537558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:11:55.537558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:11:55.537558 eth0 B 0:40:5:70:49:75 Broadcast 8137 234: 09:11:55.787558 eth0 B 192.168.2.143.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:11:57.737558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46089+ PTR? 143.2.168.192.in-addr.arpa. (44) (DF) 09:12:02.747558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46089+ PTR? 143.2.168.192.in-addr.arpa. (44) (DF) 09:12:03.547558 eth0 B 0:c0:26:2f:8c:56 > Broadcast sap e0 ui/C 09:12:04.207558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:12:04.957558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:12:05.647558 eth0 B 0:50:ba:88:35:be > Broadcast sap e0 ui/C 09:12:05.707558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:12:06.457558 eth0 B 192.168.2.49.router > 192.168.2.255.router: rip-resp 3: {192.168.2.0/255.255.255.0}(16) {192.168.1.0/255.255.255.0->192.168.2.1}(16) {192.168.3.0/255.255.255.0->192.168.2.1}(16) 09:12:06.457558 eth0 B 192.168.2.143.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 09:12:07.117558 eth0 B 0:50:ba:88:33:94 > Broadcast sap e0 ui/C 09:12:07.767558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46090+ PTR? 1.2.168.192.in-addr.arpa. (42) (DF) 09:12:11.057558 ppp0 < 192.168.2.122 > ALL-ROUTERS.MCAST.NET: icmp: router solicitation 09:12:12.087558 eth0 B 0:50:ba:89:4b:e8 Broadcast 8137 242: 09:12:12.087558 eth0 B 29326719.00:50:ba:89:4b:e8.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 198 09:12:12.087558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:12:12.087558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:12.777558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46090+ PTR? 1.2.168.192.in-addr.arpa. (42) (DF) 09:12:14.067558 ppp0 < 192.168.2.122 > ALL-ROUTERS.MCAST.NET: icmp: router solicitation 09:12:15.207558 eth0 B 0:c0:26:2f:8c:56 > Broadcast sap e0 ui/C 09:12:15.277558 eth0 B 192.168.2.241.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:12:16.177558 eth0 B 192.168.2.233.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:12:16.177558 eth0 B arp who-has 192.168.2.233 tell 192.168.2.241 09:12:16.487558 eth0 B d017d.00:40:05:70:49:75.452 > d017d.ff:ff:ff:ff:ff:ff.452:ipx-sap-resp 640 'PRATHIBA' addr be6058b0.00:50:ba:88:35:be[|ipx 384] 09:12:16.487558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C 09:12:16.487558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:12:16.487558 eth0 B 0:40:5:70:49:75 Broadcast 8137 494: 09:12:16.597558 eth0 B 0:40:5:70:49:75 Broadcast 8137 238: 09:12:16.597558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:12:16.597558 eth0 B d017d.00:40:05:70:49:75.452 > d017d.ff:ff:ff:ff:ff:ff.452:ipx-sap-resp 64e 'MULTIVISTA!!!!!A5569B20ABE511CE9CA400004C762832' addr 9b14c58a.00:40:05:71:a9:f5[|ipx 128] 09:12:17.077558 ppp0 < 192.168.2.122 > ALL-ROUTERS.MCAST.NET: icmp: router solicitation 09:12:17.797558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46091+ PTR? 76.2.168.192.in-addr.arpa. (43) (DF) 09:12:18.547558 eth0 B arp who-has 192.168.2.1 tell 192.168.2.166 09:12:18.627558 eth0 B 192.168.2.233.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST 09:12:19.257558 eth0 B arp who-has 192.168.2.1 tell 192.168.2.66 09:12:19.317558 eth0 B 192.168.2.233.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST 09:12:19.317558 eth0 B 192.168.2.233.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST 09:12:19.317558 eth0 B 192.168.2.233.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST 09:12:19.337558 eth0 B 192.168.2.233.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:12:19.497558 ppp0 < 192.168.2.81.netbios-ns > 192.168.1.10.domain: 54+ A? DAMUGRP. (34) 09:12:19.577558 eth0 B 16680b3.00:50:ba:8c:88:73.455 > d017d.ff:ff:ff:ff:ff:ff.455: ipx-netbios 50 09:12:19.577558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C 09:12:19.577558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:12:19.577558 eth0 B 0:40:5:70:49:75 Broadcast 8137 94: 09:12:19.607558 ppp0 < 192.168.2.81.netbios-ns > 192.168.1.10.domain: 60+ A? DAMUGRP. (34) 09:12:20.997558 ppp0 < 192.168.2.81.netbios-ns > 192.168.1.10.domain: 54+ A? DAMUGRP. (34) 09:12:21.107558 ppp0 < 192.168.2.81.netbios-ns > 192.168.1.10.domain: 60+ A? DAMUGRP. (34) 09:12:21.487558 ppp0 < 192.168.2.122.1026 > 192.168.2.76.1723: S 118383:118383(0) win 8192 (DF) 09:12:21.487558 ppp0 > 192.168.2.76.1723 > 192.168.2.122.1026: S 3011020951:3011020951(0) ack 118384 win 5840 (DF) 09:12:21.657558 ppp0 < 192.168.2.122.1026 > 192.168.2.76.1723: . 1:1(0) ack 1 win 8576 (DF) 09:12:21.707558 eth0 B 192.168.2.1.router > 255.255.255.255.router: rip-resp 3: 0.0.0.0(1) 192.168.3.0(1) 192.168.1.0(1) 09:12:21.807558 ppp0 < 192.168.2.122.1026 > 192.168.2.76.1723: P 1:157(156) ack 1 win 8576 (DF) 09:12:21.807558 ppp0 > 192.168.2.76.1723 > 192.168.2.122.1026: . 1:1(0) ack 157 win 5840 (DF) 09:12:21.807558 ppp0 > 192.168.2.76.1723 > 192.168.2.122.1026: P 1:157(156) ack 157 win 5840 (DF) 09:12:22.237558 ppp0 < 192.168.2.122.1026 > 192.168.2.76.1723: P 157:325(168) ack 157 win 8420 (DF) 09:12:22.237558 ppp0 > 192.168.2.76.1723 > 192.168.2.122.1026: P 157:189(32) ack 325 win 6432 (DF) 09:12:22.327558 eth0 B 192.168.2.18.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:12:22.337558 ppp0 > gre-proto-0x880B (gre encap) 09:12:22.527558 ppp0 < 192.168.2.81.netbios-ns > 192.168.1.10.domain: 54+ A? DAMUGRP. (34) 09:12:22.547558 ppp0 < gre-proto-0x880B (gre encap) 09:12:22.547558 ppp0 > [|gre] (gre encap) 09:12:22.547558 ppp0 > gre-proto-0x880B (gre encap) 09:12:22.607558 eth0 B 0:20:30:0:3:49 > Broadcast sap e0 ui/C IPX/SMB 09:12:22.607558 eth0 B be6058b0.00:20:30:00:03:49.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 199 09:12:22.607558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:22.607558 eth0 B 0:40:5:70:49:75 Broadcast 8137 244: 09:12:22.637558 ppp0 < 192.168.2.81.netbios-ns > 192.168.1.10.domain: 60+ A? DAMUGRP. (34) 09:12:22.657558 ppp0 < 192.168.2.122.1026 > 192.168.2.76.1723: . 325:325(0) ack 189 win 8388 (DF) 09:12:22.687558 ppp0 < gre-proto-0x880B (gre encap) 09:12:22.687558 ppp0 > [|gre] (gre encap) 09:12:22.757558 ppp0 < gre-proto-0x880B (gre encap) 09:12:22.757558 ppp0 > [|gre] (gre encap) 09:12:22.757558 ppp0 > gre-proto-0x880B (gre encap) 09:12:22.757558 ppp0 > gre-proto-0x880B (gre encap) 09:12:22.757558 ppp0 > gre-proto-0x880B (gre encap) 09:12:22.807558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46091+ PTR? 76.2.168.192.in-addr.arpa. (43) (DF) 09:12:23.087558 ppp0 < gre-proto-0x880B (gre encap) 09:12:23.087558 ppp0 > [|gre] (gre encap) 09:12:23.087558 ppp0 > gre-proto-0x880B (gre encap) 09:12:23.107558 ppp0 < gre-proto-0x880B (gre encap) 09:12:23.107558 ppp0 > [|gre] (gre encap) 09:12:23.107558 ppp0 > gre-proto-0x880B (gre encap) 09:12:23.117558 ppp0 < gre-proto-0x880B (gre encap) 09:12:23.117558 ppp0 > [|gre] (gre encap) 09:12:23.327558 ppp0 < gre-proto-0x880B (gre encap) 09:12:23.327558 ppp0 > [|gre] (gre encap) 09:12:23.327558 ppp0 > gre-proto-0x880B (gre encap) 09:12:23.387558 ppp0 < gre-proto-0x880B (gre encap) 09:12:23.387558 ppp0 > [|gre] (gre encap) 09:12:23.537558 ppp0 < gre-proto-0x880B (gre encap) 09:12:23.537558 ppp0 > [|gre] (gre encap) 09:12:23.537558 ppp0 > gre-proto-0x880B (gre encap) 09:12:24.047558 ppp0 < [|gre] (gre encap) 09:12:24.587558 ppp0 < gre-proto-0x880B (gre encap) 09:12:24.587558 ppp1 < 192.168.2.230 > ALL-ROUTERS.MCAST.NET: icmp: router solicitation 09:12:24.587558 ppp0 > [|gre] (gre encap) 09:12:26.297558 eth0 B 192.168.2.10.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:12:26.297558 eth0 B 0:c0:26:2f:8c:56 > Broadcast sap e0 ui/C 09:12:26.307558 eth0 B 9e269209.00:00:00:00:00:01.455 > d017d.ff:ff:ff:ff:ff:ff.455: ipx-netbios 50 09:12:26.307558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:12:26.307558 eth0 B 0:40:5:70:49:75 Broadcast 8137 94: 09:12:27.147558 eth0 B 0:c0:26:2f:8c:56 > Broadcast sap e0 ui/C 09:12:27.147558 eth0 B 9e269209.00:00:00:00:00:01.455 > d017d.ff:ff:ff:ff:ff:ff.455: ipx-netbios 50 09:12:27.147558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:12:27.147558 eth0 B 0:40:5:70:49:75 Broadcast 8137 94: 09:12:27.587558 ppp0 < gre-proto-0x880B (gre encap) 09:12:27.587558 ppp1 < 192.168.2.230 > ALL-ROUTERS.MCAST.NET: icmp: router solicitation 09:12:27.587558 ppp0 > [|gre] (gre encap) 09:12:27.827558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46092+ PTR? 10.1.168.192.in-addr.arpa. (43) (DF) 09:12:27.987558 eth0 B 0:c0:26:2f:8c:56 > Broadcast sap e0 ui/C 09:12:27.987558 eth0 B 9e269209.00:00:00:00:00:01.455 > d017d.ff:ff:ff:ff:ff:ff.455: ipx-netbios 50 09:12:27.987558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:12:27.987558 eth0 B 0:40:5:70:49:75 Broadcast 8137 94: 09:12:28.827558 eth0 B 0:c0:26:2f:8c:56 > Broadcast sap e0 ui/C IPX/SMB 09:12:28.827558 eth0 B 9e269209.00:00:00:00:00:01.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 187 09:12:28.827558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:28.827558 eth0 B 0:40:5:70:49:75 Broadcast 8137 232: 09:12:30.597558 ppp0 < gre-proto-0x880B (gre encap) 09:12:30.597558 ppp1 < 192.168.2.230 > ALL-ROUTERS.MCAST.NET: icmp: router solicitation 09:12:30.597558 ppp0 > [|gre] (gre encap) 09:12:32.117558 eth0 B 16680b3.00:40:05:72:59:02.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 162 09:12:32.117558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:12:32.117558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:32.117558 eth0 B 0:40:5:70:49:75 Broadcast 8137 206: 09:12:32.117558 eth0 B 16680b3.00:50:ba:8c:88:73.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 187 09:12:32.117558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C 09:12:32.117558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:12:32.117558 eth0 B 0:40:5:70:49:75 Broadcast 8137 232: 09:12:32.607558 eth0 B 192.168.2.11.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:12:32.607558 eth0 B 192.168.2.11.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:12:32.657558 eth0 B 16680b3.52:54:4c:1c:85:d3.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 202 09:12:32.657558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:12:32.657558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:32.657558 eth0 B 0:40:5:70:49:75 Broadcast 8137 246: 09:12:32.837558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46092+ PTR? 10.1.168.192.in-addr.arpa. (43) (DF) 09:12:33.367558 eth0 B 192.168.2.11.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:12:34.117558 eth0 B 192.168.2.11.netbios-ns > 192.168.2.255.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:12:34.227558 ppp0 < gre-proto-0x880B (gre encap) 09:12:34.227558 ppp1 < 192.168.2.122.netbios-ns > 192.168.1.10.domain: 76+ A? DAMUGRP. (34) 09:12:34.227558 ppp0 > [|gre] (gre encap) 09:12:34.967558 eth0 B 0:0:c0:80:34:9f > Broadcast sap e0 ui/C 09:12:35.127558 eth0 B 192.168.2.49.router > 192.168.2.255.router: rip-resp 3: {192.168.2.0/255.255.255.0}(16) {192.168.1.0/255.255.255.0->192.168.2.1}(16) {192.168.3.0/255.255.255.0->192.168.2.1}(16) 09:12:35.277558 eth0 B 16680b3.00:40:05:70:48:fa.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 187 09:12:35.277558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:12:35.277558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:35.277558 eth0 B 0:40:5:70:49:75 Broadcast 8137 232: 09:12:35.377558 eth0 B 192.168.2.63.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:12:35.727558 ppp0 < gre-proto-0x880B (gre encap) 09:12:35.727558 ppp1 < 192.168.2.122.netbios-ns > 192.168.1.10.domain: 76+ A? DAMUGRP. (34) 09:12:35.727558 ppp0 > [|gre] (gre encap) 09:12:37.267558 ppp0 < gre-proto-0x880B (gre encap) 09:12:37.267558 ppp1 < 192.168.2.230 > 192.168.2.1: icmp: echo request 09:12:37.267558 ppp0 > [|gre] (gre encap) 09:12:37.287558 ppp0 < gre-proto-0x880B (gre encap) 09:12:37.287558 ppp1 < 192.168.2.122.netbios-ns > 192.168.1.10.domain: 76+ A? DAMUGRP. (34) 09:12:37.287558 ppp0 > [|gre] (gre encap) 09:12:37.857558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46093+ PTR? 0.3.168.192.in-addr.arpa. (42) (DF) 09:12:38.657558 ppp0 < gre-proto-0x880B (gre encap) 09:12:38.657558 ppp1 < 192.168.2.230 > 192.168.2.1: icmp: echo request 09:12:38.657558 ppp0 > [|gre] (gre encap) 09:12:39.767558 eth0 B 192.168.2.143.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:12:40.157558 ppp0 < gre-proto-0x880B (gre encap) 09:12:40.157558 ppp1 < 192.168.2.230 > 192.168.2.1: icmp: echo request 09:12:40.157558 ppp0 > [|gre] (gre encap) 09:12:41.657558 ppp0 < gre-proto-0x880B (gre encap) 09:12:41.657558 ppp1 < 192.168.2.230 > 192.168.2.1: icmp: echo request 09:12:41.657558 ppp0 > [|gre] (gre encap) 09:12:42.117558 eth0 B 16680b3.00:40:05:72:59:02.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 162 09:12:42.117558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:12:42.117558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:42.117558 eth0 B 0:40:5:70:49:75 Broadcast 8137 206: 09:12:42.117558 eth0 B 16680b3.00:40:05:70:48:fa.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 187 09:12:42.117558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:12:42.117558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:42.117558 eth0 B 0:40:5:70:49:75 Broadcast 8137 232: 09:12:42.127558 eth0 B 16680b3.00:50:ba:8c:88:73.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 187 09:12:42.127558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:12:42.127558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:42.127558 eth0 B 0:40:5:70:49:75 Broadcast 8137 232: 09:12:42.617558 eth0 B 192.168.2.11.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:12:42.687558 eth0 B 0:50:ba:88:35:be > Broadcast sap e0 ui/C IPX/SMB 09:12:42.867558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46093+ PTR? 0.3.168.192.in-addr.arpa. (42) (DF) 09:12:43.337558 eth0 < 192.168.1.10.domain > 192.168.2.76.1026: 46088 ServFail 0/0/0 (44) 09:12:44.387558 eth0 B 16680b3.52:54:4c:1c:85:d3.455 > d017d.ff:ff:ff:ff:ff:ff.455: ipx-netbios 50 09:12:44.387558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C 09:12:44.387558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:12:44.387558 eth0 B 0:40:5:70:49:75 Broadcast 8137 94: 09:12:45.197558 eth0 B 16680b3.52:54:4c:1c:85:d3.455 > d017d.ff:ff:ff:ff:ff:ff.455: ipx-netbios 50 09:12:45.197558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C 09:12:45.197558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:12:45.197558 eth0 B 0:40:5:70:49:75 Broadcast 8137 94: 09:12:46.007558 eth0 B 16680b3.52:54:4c:1c:85:d3.455 > d017d.ff:ff:ff:ff:ff:ff.455: ipx-netbios 50 09:12:46.007558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C 09:12:46.007558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:12:46.007558 eth0 B 0:40:5:70:49:75 Broadcast 8137 94: 09:12:46.147558 eth0 B d017d.00:40:05:70:49:75.453 > d017d.ff:ff:ff:ff:ff:ff.453:ipx-rip-resp 2653327881/2.3 691169049/1.2 1315461812/1.2 3193985200/1.2 4250441260/1.2 3107600669/1.2 23494835/1.2 3697271750/1.2 4076436619/1.2 670755197/1.2 874151309/1.2 2601829770/1.2 65535/1.2 09:12:46.147558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C 09:12:46.147558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C 09:12:46.147558 eth0 B 0:40:5:70:49:75 Broadcast 8137 150: 09:12:47.867558 eth0 > arp who-has 192.168.2.1 tell 192.168.2.76 (0:0:c0:ea:c4:9f) 09:12:47.867558 eth0 < arp reply 192.168.2.1 is-at 0:40:5:70:49:75 (0:0:c0:ea:c4:9f) 09:12:48.117558 eth0 B 16680b3.00:40:05:72:59:02.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 193 09:12:48.117558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:12:48.117558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:48.117558 eth0 B 0:40:5:70:49:75 Broadcast 8137 238: 09:12:48.347558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46094+ PTR? 0.1.168.192.in-addr.arpa. (42) (DF) 09:12:52.127558 eth0 B 16680b3.00:40:05:72:59:02.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 162 09:12:52.127558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:12:52.127558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:52.127558 eth0 B 0:40:5:70:49:75 Broadcast 8137 206: 09:12:52.127558 eth0 B 16680b3.00:50:ba:8c:88:73.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 187 09:12:52.127558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:12:52.127558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:52.127558 eth0 B 0:40:5:70:49:75 Broadcast 8137 232: 09:12:52.347558 eth0 B 192.168.2.1.router > 255.255.255.255.router: rip-resp 3: 0.0.0.0(1) 192.168.3.0(1) 192.168.1.0(1) 09:12:52.797558 eth0 B 0:0:c0:86:34:9f > Broadcast sap e0 ui/C IPX/SMB 09:12:52.797558 eth0 B be6058b0.00:00:c0:86:34:9f.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 197 09:12:52.797558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:52.797558 eth0 B 0:40:5:70:49:75 Broadcast 8137 242: 09:12:53.277558 eth0 B 192.168.2.66.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:12:53.327558 eth0 < 192.168.1.10.domain > 192.168.2.76.1026: 46089 ServFail 0/0/0 (44) 09:12:53.457558 eth0 B 192.168.2.77.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:12:53.527558 eth0 B 192.168.2.63.bootpc > 255.255.255.255.bootps: hlen:16 xid:0xee225023 flags:0x8000 [|bootp] 09:12:55.767558 eth0 B 192.168.2.143.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP (138) 09:12:55.977558 eth0 B 16680b3.00:50:ba:8c:7a:1d.553 > d017d.ff:ff:ff:ff:ff:ff.553: ipx-#553 190 09:12:55.977558 eth0 B 0:40:5:70:49:75 > Broadcast sap e0 ui/C IPX/SMB 09:12:55.977558 eth0 B 0:40:5:70:49:75 > Broadcast sap aa ui/C IPX/SMB 09:12:55.977558 eth0 B 0:40:5:70:49:75 Broadcast 8137 234: 09:12:56.457558 eth0 B arp who-has 192.168.2.1 tell 192.168.2.143 09:12:57.527558 eth0 B 192.168.2.63.bootpc > 255.255.255.255.bootps: hlen:16 xid:0xee225023 secs:1024 flags:0x8000 [|bootp] 09:12:58.337558 eth0 > 192.168.2.76.1026 > 192.168.1.10.domain: 46094+ PTR? 0.1.168.192.in-addr.arpa. (42) (DF) 09:13:01.327558 eth0 B arp who-has 192.168.2.217 tell 192.168.2.217 09:13:02.327558 eth0 B arp who-has 192.168.2.217 tell 192.168.2.217 09:13:03.327558 eth0 B arp who-has 192.168.2.217 tell 192.168.2.217 09:13:03.327558 eth0 < 192.168.1.10.domain > 192.168.2.76.1026: 46090 ServFail 0/0/0 (42) 09:13:03.537558 eth0 B 0:c0:26:2f:8c:56 > Broadcast sap e0 ui/C 09:13:03.807558 eth0 B 192.168.2.49.router > 192.168.2.255.router: rip-resp 3: {192.168.2.0/255.255.255.0}(16) {192.168.1.0/255.255.255.0->192.168.2.1}(16) {192.168.3.0/255.255.255.0->192.168.2.1}(16) 09:13:05.127558 ppp0 < gre-proto-0x880B (gre encap) 09:13:05.127558 ppp1 < From neale at lowendale.com.au Fri Sep 7 01:52:26 2001 From: neale at lowendale.com.au (Neale Banks) Date: Fri, 7 Sep 2001 16:52:26 +1000 (EST) Subject: [pptp-server] PPTP and links In-Reply-To: <0GJ900MJ0Q6LOL@mta5.rcsntx.swbell.net> Message-ID: On Thu, 6 Sep 2001, robert wrote: > There already is such a FAQ. See the 2.4 kernel howto at > http://home.swbell.net/berzerke . I need to update it to docbook, once I > learn docbook and work on the organization a bit. Would you like some help docbook-ifying it? Regards, Neale. From Steve at SteveCowles.com Fri Sep 7 09:04:46 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 7 Sep 2001 09:04:46 -0500 Subject: [pptp-server] subnet gateway problem Message-ID: <90769AF04F76D41186C700A0C90AFC3EE872@defiant.infohiiway.com> This is a very confusing post. The lack of relevant data makes it hard to understand. After reading through all the related posts and your tcpdump capture, I have a few comments. Your referencing the following IP assignments from pptpd.conf: localip 192.168.2.120-125 remoteip 192.168.2.140-145 But yet the tcpdump capture seems to be referencing a remote PPTP client that was assigned an IP address if .230 09:12:38.657558 ppp0 < gre-proto-0x880B (gre encap) 09:12:38.657558 ppp1 < 192.168.2.230 > 192.168.2.1: icmp: echo request Based on what I can determine (more like decipher) from your tcpdump capture... the lack of any response to a ping request from a PPTP client can usually be attributed to one of the following: 1) In your case, eth0 not being set as a proxyarp for your PPTP connection. 2) IP_FORWARDING is not enabled on the PPTP server. 3) Firewall rules blocking any forwarding requests. ie. ipchain or iptables For item one (1) above: In your /var/log/messages file... do you see a line similar to the following after the PPTP tunnel is brought up? Should be after the local/remote assignments pppd[14500]: found interface eth0 for proxy arp For item number two (2) above: Is IP_FORWARDING enabled? To verify type: # cat /proc/sys/net/ipv4/ip_forward 1 If IP_FORWARDNG is enabled, the output of the above command should be one (1). For item number three (3) above: Type one of the following commands to insure that there are no firewall rules blocking packets of data between eth0 and the ppp devices: ipchain -L -n iptables -L -n Also, from the tcpdump capture: I noticed you have alot of IPX traffic on your network. Not a problem, unless the PPTP client also has this protocol bound in addition to TCP/IP (protocol binding order). If this is the case, do yourself a favor and temporarily remove the IPX protocol from the PPTP client (only) until you get this routing problem resolved between the PPTP client and your LAN. Then deal with getting multiple protocols (binding order) working across the tunnel. Steve Cowles From ckalos at gothambroadband.com Fri Sep 7 09:08:06 2001 From: ckalos at gothambroadband.com (Christopher Kalos) Date: Fri, 7 Sep 2001 10:08:06 -0400 Subject: [pptp-server] Sanity Check -- NAT + VPN In-Reply-To: <200FAA488DE0D41194F10010B597610D1CED59@jupiter.citadelcomputer.com.au> Message-ID: I've been ipforwarding (sorta) as it is. Unfortunately, I'm the sysadmin in New York, and they're the users in Germany. So, the router is a Win2000 box. That's why I was just looking to see if I can share the actual link and then have concurrent VPN connections handled. To put it in more detail (which wasn't originally needed, but why not? :), Win2000 NAT/ICS is just shy of useless. I'm fairly convinced at this point that Win98SE does a better job of sharing an internet connection. Whether I'm sharing the ISDN link out there, *or* the VPN link (think Windows, not Linux!) web traffic doesn't work to anything but the gateway. Ping and FTP work, SSH works, even Telnet works, but I need a proxy for web traffic for some unexplainable reason. Add that into the fact that Win2000 can't route for beans (even with regediting to add IP forwarding!), such that it's providing NAT but only routing internal traffic through one of three possible connections (remote LAN, ISDN, and VPN), and it's clear that this solution requires a more powerful router. Since that's still a couple of days away for us, I'm just trying to make their network slightly more usable until then. CK -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira Sent: Thursday, September 06, 2001 7:16 PM To: 'Christopher Kalos'; Poptop Mailing List Subject: RE: [pptp-server] Sanity Check -- NAT + VPN If it's anything important, you can ipforward the NATed network to the VPN LAN. If you require visible machines on the NAT clients then try routing the network through... This is what I've been playing with at home. So why make multiple connections when 1 is enough anyway????? Any use? -----Original Message----- From: Christopher Kalos [mailto:ckalos at gothambroadband.com] Sent: Friday, September 07, 2001 2:22 AM To: Poptop Mailing List Subject: [pptp-server] Sanity Check -- NAT + VPN I've got a group of systems attempting to access our PoPToP VPN from a remote location. At this point, they're all sharing a single connection to the outside world, so they're dealing with a NAT gateway. I'm certain that this can't be done, but I'd like to bounce it off of the list first. Can multiple clients connect from behind this NAT system to the VPN at the same time? If so, how would I go about setting that up? I know that at the moment, it fails miserably each time I try to get two users on, which I'll chalk up to the GRE traffic. Thanks in advance, Christopher Kalos Systems Administrator Gotham Broadband 212.206.9620 x340 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From JaminC at adapt-tele.com Fri Sep 7 09:36:24 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 7 Sep 2001 09:36:24 -0500 Subject: [pptp-server] subnet gateway problem Message-ID: Cowles, Steve [mailto:Steve at SteveCowles.com] wrote: > For item number three (3) above: > Type one of the following commands to insure that there are > no firewall > rules blocking packets of data between eth0 and the ppp devices: > ipchain -L -n > iptables -L -n I think it needs to be noted that your command for listing iptables rules "iptables -L -n" will not reveal all rules in effect. It is even possible for the output of this command to give the appearance that no rules are in effect when in fact they are. This is due to the fact that this command only lists the contents of the "filter" table rules. To get an accurate picture of what rules are in effect for iptables you need to issue at least three commands that I'm aware of: iptables -t filter -L -n iptables -t mangle -L -n iptables -t nat -L -n Note: the first of these "iptables -t filter -L -n" is the same as your command "iptables -L -n". I've simply taken to explicitly noting what table I'm working with when using iptables. Jamin W. Collins From kparent at csd.mine.nu Fri Sep 7 17:05:01 2001 From: kparent at csd.mine.nu (Kevin Parent) Date: Fri, 7 Sep 2001 17:05:01 -0500 Subject: [pptp-server] Sanity Check -- NAT + VPN In-Reply-To: Message-ID: If you need a good and cheap router to replace your Win2000 ICS box, try Freesco (Free Cisco replacement). It's a free linux distro that's easy to use and can run on a old 486 or better right off a floppy. You only need to supply an old 486 or better with at least 8 meg of ram and two NIC cards. Features include firewall, DNS caching server, dhcp server, web server, dial in PPP server and more. You can pick and choose which servers you want to run. PPTP traffic can be routed thru the Freesco box. My explaination doesn't do it justice. Check it out yourself at www.freesco.org I've been using it for about 1.5 years - works great! Regards, Kevin Parent -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher Kalos Sent: Friday, September 07, 2001 9:08 AM To: Poptop Mailing List Subject: RE: [pptp-server] Sanity Check -- NAT + VPN I've been ipforwarding (sorta) as it is. Unfortunately, I'm the sysadmin in New York, and they're the users in Germany. So, the router is a Win2000 box. That's why I was just looking to see if I can share the actual link and then have concurrent VPN connections handled. To put it in more detail (which wasn't originally needed, but why not? :), Win2000 NAT/ICS is just shy of useless. I'm fairly convinced at this point that Win98SE does a better job of sharing an internet connection. Whether I'm sharing the ISDN link out there, *or* the VPN link (think Windows, not Linux!) web traffic doesn't work to anything but the gateway. Ping and FTP work, SSH works, even Telnet works, but I need a proxy for web traffic for some unexplainable reason. Add that into the fact that Win2000 can't route for beans (even with regediting to add IP forwarding!), such that it's providing NAT but only routing internal traffic through one of three possible connections (remote LAN, ISDN, and VPN), and it's clear that this solution requires a more powerful router. Since that's still a couple of days away for us, I'm just trying to make their network slightly more usable until then. CK -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira Sent: Thursday, September 06, 2001 7:16 PM To: 'Christopher Kalos'; Poptop Mailing List Subject: RE: [pptp-server] Sanity Check -- NAT + VPN If it's anything important, you can ipforward the NATed network to the VPN LAN. If you require visible machines on the NAT clients then try routing the network through... This is what I've been playing with at home. So why make multiple connections when 1 is enough anyway????? Any use? -----Original Message----- From: Christopher Kalos [mailto:ckalos at gothambroadband.com] Sent: Friday, September 07, 2001 2:22 AM To: Poptop Mailing List Subject: [pptp-server] Sanity Check -- NAT + VPN I've got a group of systems attempting to access our PoPToP VPN from a remote location. At this point, they're all sharing a single connection to the outside world, so they're dealing with a NAT gateway. I'm certain that this can't be done, but I'd like to bounce it off of the list first. Can multiple clients connect from behind this NAT system to the VPN at the same time? If so, how would I go about setting that up? I know that at the moment, it fails miserably each time I try to get two users on, which I'll chalk up to the GRE traffic. Thanks in advance, Christopher Kalos Systems Administrator Gotham Broadband 212.206.9620 x340 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From mu5tfind at yahoo.com Fri Sep 7 20:35:43 2001 From: mu5tfind at yahoo.com (Dave Freejack) Date: Fri, 7 Sep 2001 18:35:43 -0700 (PDT) Subject: [pptp-server] How to install the mppe on slackware 7.1 and Doesn't assing IP Message-ID: <20010908013543.47603.qmail@web11604.mail.yahoo.com> I've been searching on the net for this, but couldn't find any that matches what I have on my system... At this time PPTP is functionning without Encryption in my intranet... Form the internet the client is reporting: The server did not assign an address -- Here is the pptp.conf -- option /etc/ppp/options localip 192.168.1.10-14 remoteip 192.168.1.15-19 -- end -- Thanks in advance! __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com From GeorgeV at citadelcomputer.com.au Sun Sep 9 17:16:15 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 10 Sep 2001 08:16:15 +1000 Subject: [pptp-server] subnet gateway problem Message-ID: <200FAA488DE0D41194F10010B597610D1CED82@jupiter.citadelcomputer.com.au> I have been helping this person off the list emailing me as much detail as possible and this was the interesting part when he emailed me this: -------------------------------------------------- hi, i am sorry if i have communicated wrongly. our setup is like this. LAN -> 192.168.2.1 -> 192.168.2.76 (eth0 of the LINUX box) 192.168.2.121(localip of PPP link) -> 192.168.2.122(remoteip of PPP link) 192.168.2.128(localip of PPTP) -> 192.168.2.230 (remoteip of PPTP) i hope you got my picture in the right way. in my LAN, i have the subnet 192.168.2.1 and my linux box's ip address over eth0 is 192.168.2.76. over PPP0(normal PPP link) (where, itself is the server), he has 192.168.2.121 as the ip address and remote client(win95) has 192.168.2.122 over PPP1(pptp link) he has 192.168.2.128 (local ip of pptp server) and remoteip was assigned as 192.168.2.230 -------------------------------------------------- Every link uses the same subnet and must be confusing the PPTP link badly as the PPP connections (dialup and pptp) have the same IP range. So unless he uses host routing this is going to be a pain... My suggestion was to use different IPs on the PPP link.. but then why run PPTP over a dial up PPP account as this doesn't seem to be a ISP connection since it's not a Public IP addres... George Vieira. -----Original Message----- From: Cowles, Steve [mailto:Steve at SteveCowles.com] Sent: Saturday, September 08, 2001 12:05 AM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] subnet gateway problem This is a very confusing post. The lack of relevant data makes it hard to understand. After reading through all the related posts and your tcpdump capture, I have a few comments. Your referencing the following IP assignments from pptpd.conf: localip 192.168.2.120-125 remoteip 192.168.2.140-145 But yet the tcpdump capture seems to be referencing a remote PPTP client that was assigned an IP address if .230 09:12:38.657558 ppp0 < gre-proto-0x880B (gre encap) 09:12:38.657558 ppp1 < 192.168.2.230 > 192.168.2.1: icmp: echo request Based on what I can determine (more like decipher) from your tcpdump capture... the lack of any response to a ping request from a PPTP client can usually be attributed to one of the following: 1) In your case, eth0 not being set as a proxyarp for your PPTP connection. 2) IP_FORWARDING is not enabled on the PPTP server. 3) Firewall rules blocking any forwarding requests. ie. ipchain or iptables For item one (1) above: In your /var/log/messages file... do you see a line similar to the following after the PPTP tunnel is brought up? Should be after the local/remote assignments pppd[14500]: found interface eth0 for proxy arp For item number two (2) above: Is IP_FORWARDING enabled? To verify type: # cat /proc/sys/net/ipv4/ip_forward 1 If IP_FORWARDNG is enabled, the output of the above command should be one (1). For item number three (3) above: Type one of the following commands to insure that there are no firewall rules blocking packets of data between eth0 and the ppp devices: ipchain -L -n iptables -L -n Also, from the tcpdump capture: I noticed you have alot of IPX traffic on your network. Not a problem, unless the PPTP client also has this protocol bound in addition to TCP/IP (protocol binding order). If this is the case, do yourself a favor and temporarily remove the IPX protocol from the PPTP client (only) until you get this routing problem resolved between the PPTP client and your LAN. Then deal with getting multiple protocols (binding order) working across the tunnel. Steve Cowles _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From dlong at hrcn.com Mon Sep 10 16:06:41 2001 From: dlong at hrcn.com (Douglas Long) Date: Mon, 10 Sep 2001 11:06:41 -1000 Subject: [pptp-server] First Contact! Message-ID: <3B9D2B61.B0BBB4C2@hrcn.com> After weeks of study and tweaking, I finally made first VPN contact. But,,,,, I still have a few problems On first contact the server could not connect with encryption. message as follows: modprobe: Can't locate module ppp-compress-18 PPP Deflate Compression module registered Second,, I disabled encrytion and was able to make connection and see computers on the network. But, that's all. All the windows computers show up, but when I click on one, it says they are not available. The Samba server, which the pptpd server is on, I click on, it brings up a password box, but I was not able to give it a password that it would accept. Any help will be greatly appreciated.. P.S. I am using the IPtables config file from berzerke Doug Long From GeorgeV at citadelcomputer.com.au Sun Sep 9 22:28:32 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 10 Sep 2001 13:28:32 +1000 Subject: [pptp-server] First Contact! Message-ID: <200FAA488DE0D41194F10010B597610D1CED9B@jupiter.citadelcomputer.com.au> Use `alias ppp-compress-18 ppp_mppe` in your modules.conf file. You may also want to put `nobsdcomp` & `nodeflate` into /etc/ppp/options.pptpd file. Your pptp client machine is trying to resolve the windows LAN machines or can't ping/access them. Can you connect via IP address, if not then try pinging them. If pinging works then try a lmhosts file entry for one machine and check that.. -----Original Message----- From: Douglas Long [mailto:dlong at hrcn.com] Sent: Tuesday, September 11, 2001 7:07 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] First Contact! After weeks of study and tweaking, I finally made first VPN contact. But,,,,, I still have a few problems On first contact the server could not connect with encryption. message as follows: modprobe: Can't locate module ppp-compress-18 PPP Deflate Compression module registered Second,, I disabled encrytion and was able to make connection and see computers on the network. But, that's all. All the windows computers show up, but when I click on one, it says they are not available. The Samba server, which the pptpd server is on, I click on, it brings up a password box, but I was not able to give it a password that it would accept. Any help will be greatly appreciated.. P.S. I am using the IPtables config file from berzerke Doug Long _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From gimli at momsquad.net Mon Sep 10 06:23:31 2001 From: gimli at momsquad.net (Tom Hallberg) Date: Mon, 10 Sep 2001 13:23:31 +0200 Subject: [pptp-server] pptp + freebsd Message-ID: <4.3.1.0.20010910132131.02f443a0@pop3.norton.antivirus> Hi I got some big problems using freebsd as pptp client, my windows 2k manage it easy but not my freebsd.. so have anyone manage to put up an pptp client with freebsd? if so can I have a look on yours options file and so on? or tell me if there is any specieal security things that maybe stops a client on freebsd to use pptp... thanx /Tom From fming at borderware.com Mon Sep 10 12:24:09 2001 From: fming at borderware.com (Fu Ming) Date: Mon, 10 Sep 2001 10:24:09 -0700 Subject: [pptp-server] Impossible GRE packet Message-ID: <002901c13a1d$66dce620$1e010a0a@borderware.com> Hi, I come across a GRE packet sent by an NT4 box, see my tcpdump: 17:02:29.829533 gre-proto-0x880B (gre encap) 4500 002c 01f0 0000 802f 5995 c0a8 0016 c81c 5643 3081 880b 0008 0000 0000 0049 0000 0025 ff03 c021 060f 0004 0800 the IP length is two byte shorter than what is sent over the wire. What should I do to this kind of packet when passing it through a firewall. I have tried to increase the IP length by two byte, or chop off the extra two byte, none of them seams to be what the NT4 box willing to accept. Any suggestion is very much appreciated, ============================ Ming Fu Borderware Technologies, Inc. http://www.borderware.com fming at borderware.com (905)804-1855 Ext 229 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Ming Fu.vcf Type: text/x-vcard Size: 221 bytes Desc: not available URL: From bart_coninckx at axi.be Mon Sep 10 09:35:04 2001 From: bart_coninckx at axi.be (Bart Coninckx) Date: Mon, 10 Sep 2001 16:35:04 +0200 Subject: [pptp-server] running Poptop on another port Message-ID: Hi all, providers in Belgium restrict the use of certain server by blocking ports.We would like to do some VPN testing on an ADSL account which unfortunatley blocks port 1723. To your knowledge, would it be possible to configure Poptop for another port? Thx already! ____________________________________________________ Bart Coninckx Network System Engineer - CNE, ASE E-Mail : bart.coninckx at axi.be ____________________________________________________ AXI NV AXI BV Molenweg 107 Hooilaan 1 BE-2830 Willebroek NL-4816 EM Breda BELGIUM NETHERLANDS Tel : +32/3/860.40.25 Tel : +31/76/5725.511 Fax : +32/3/860.41.83 Fax : +31/76/5725.501 Web : www.axi.be Web : www.axi.nl ____________________________________________________ From lists at earthling.2y.net Mon Sep 10 23:36:17 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Tue, 11 Sep 2001 00:36:17 -0400 (EDT) Subject: [pptp-server] MPPE compression In-Reply-To: <200FAA488DE0D41194F10010B597610D1CEC9A@JUPITER> Message-ID: No, If memory serves, MPPE was hacked from the deflate code.... MPPC is much more like VJ-Comp, but used on the entire packet with a sliding window compression library. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net On Wed, 29 Aug 2001, George Vieira wrote: > Hi all, > > Sorry if I'm not reading my mail carefully but on the discussion of MPPE and > compression, my Syslog Monitor software under Windows has just shown up a > message from PPP which I never noticed before and SM tells me it's "unknown > syslog" so that tells me it's a first time it's gotten this too. > > It's the message: > > MPPE 128 bit, stateless receive compression enabled > > I (nor my software) have never noticed this message before, does this mean > compression with encryption is now on? > > Funny enough, my MPPE dying problems are now over.. the !DAMN! CPU fan had > disconnected and the CPU kept over heating which weirdly stopped the MPPE > and eventually killing the CPU (Lucky it's a little Pent 233 CPU and > cheap).... > > Now my MPPE problems are over.. funny how hardware faults trigger weird > problems in software...????? > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > PH +(61)2 9955 2644 > FX +(61)2 9955 2659 > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From s_kibe at mit.to Tue Sep 11 00:59:55 2001 From: s_kibe at mit.to (KIBE Sugio) Date: Tue, 11 Sep 2001 14:59:55 +0900 Subject: [pptp-server] Re: Message-ID: <002101c13a86$fb1b8d00$46001eac@mit.to> From muralivemuri at multitech.co.in Tue Sep 11 03:24:14 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Tue, 11 Sep 2001 13:54:14 +0530 Subject: [pptp-server] my experience with PPTP Message-ID: <3B9DCA2E.696A50B4@multitech.co.in> hi all, after a lot of struggle, i could finally run my PPTP server. thanks a lot to George, Cowels and a couple of others. i have Red Hat 7.1 with kernel 2.4.2 and i was using a win95 client. as my setup has to go into some product, i had to ensure that it works. i did all the configuration and still i could not figure out the problem. finally i had to take a chance and overwrite the existing PPP server with the downloaded version, 2.4.0. to my surprise, even without any changes in the configuration, the new server started working and perfectly fine. so, watch out carefully if you are having any problems with in-built PPP server of RedHat 7.1. once again, thanks a lot to all the people who have spared their valuable time for my cause, giving me suggestions over the list. -- with thanks for your time, Murali Krishna Vemuri From allen at mail-masters.com Tue Sep 11 11:23:07 2001 From: allen at mail-masters.com (Allen D. Moore) Date: Tue, 11 Sep 2001 09:23:07 -0700 Subject: [pptp-server] Connecting from varying, dynamic IP's Message-ID: <000001c13ade$0adb9d00$09fea8c0@prodmgr> Anyone have any strategy for setting up the pptpd.conf file for permitting connections for my boss's laptop as he travels around the country, getting various dynamic IP's from in-room hotel broadband connections as well as from dial-up connections to his ISP, or even AOL??? TIA, -Allen Moore September 11, 2001- the day America came under attack God bless all those lost to these senseless acts today. From kenny at muspellsheim.net Tue Sep 11 13:55:02 2001 From: kenny at muspellsheim.net (Kenny Austin) Date: Tue, 11 Sep 2001 13:55:02 -0500 Subject: [pptp-server] Connecting from varying, dynamic IP's In-Reply-To: <000001c13ade$0adb9d00$09fea8c0@prodmgr> Message-ID: Just setup the file like normal. The only files that cares about where the client's ip is chaps-secrets, and it can be a wildcard, ie: allen * password * kenny > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Allen D. Moore > Sent: Tuesday, September 11, 2001 11:23 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Connecting from varying, dynamic IP's > > > Anyone have any strategy for setting up the pptpd.conf file for > permitting connections for my boss's laptop as he travels around the > country, getting various dynamic IP's from in-room hotel broadband > connections as well as from dial-up connections to his ISP, or even > AOL??? > > TIA, > > -Allen Moore > > September 11, 2001- the day America came under attack > God bless all those lost to these senseless acts today. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From GeorgeV at citadelcomputer.com.au Tue Sep 11 17:08:29 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Sep 2001 08:08:29 +1000 Subject: [pptp-server] my experience with PPTP Message-ID: <200FAA488DE0D41194F10010B597610D1CEDC8@jupiter.citadelcomputer.com.au> Which is why the VPN community (especially the experienced ones) say to use the TAR.GZ version of anything you need to patch including the kernel and PPPD... Good on you!. ;-) -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Tuesday, September 11, 2001 6:24 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] my experience with PPTP hi all, after a lot of struggle, i could finally run my PPTP server. thanks a lot to George, Cowels and a couple of others. i have Red Hat 7.1 with kernel 2.4.2 and i was using a win95 client. as my setup has to go into some product, i had to ensure that it works. i did all the configuration and still i could not figure out the problem. finally i had to take a chance and overwrite the existing PPP server with the downloaded version, 2.4.0. to my surprise, even without any changes in the configuration, the new server started working and perfectly fine. so, watch out carefully if you are having any problems with in-built PPP server of RedHat 7.1. once again, thanks a lot to all the people who have spared their valuable time for my cause, giving me suggestions over the list. -- with thanks for your time, Murali Krishna Vemuri _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Tue Sep 11 17:11:46 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Sep 2001 08:11:46 +1000 Subject: [pptp-server] Connecting from varying, dynamic IP's Message-ID: <200FAA488DE0D41194F10010B597610D1CEDC9@jupiter.citadelcomputer.com.au> Note sure about AOL as I heard they do funny things with their connections (maybe rumors)... Setup 128 (MPPE) encryption if possible. Setup a SMB (Master Browser) if he needs to see other machines but mapping them via IP is fine. Setup (for the above) proxyarp so he's actually part of the same network with a network IP... Pretty standard stuff, no specials.. Maybe just assign him an IP and install something like pcAnywhere if something goes wrong and you can fix his laptop over the link ("BOSS:I can't see my P: drive...","TECHO:Let me connect and fix it for you"). -----Original Message----- From: Allen D. Moore [mailto:allen at mail-masters.com] Sent: Wednesday, September 12, 2001 2:23 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Connecting from varying, dynamic IP's Anyone have any strategy for setting up the pptpd.conf file for permitting connections for my boss's laptop as he travels around the country, getting various dynamic IP's from in-room hotel broadband connections as well as from dial-up connections to his ISP, or even AOL??? TIA, -Allen Moore September 11, 2001- the day America came under attack God bless all those lost to these senseless acts today. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From bart.coninckx at pandora.be Wed Sep 12 00:53:57 2001 From: bart.coninckx at pandora.be (Bart Coninckx) Date: Wed, 12 Sep 2001 07:53:57 +0200 Subject: [pptp-server] Poptop on another port. Message-ID: <001001c13b4f$501393c0$0300a8c0@domain.org> Hi all, I've sent this question before to the list, but I'm not sure it got there. Here goes: since ISPs block VPN-ability over here, I would like to run Poptop on another port. Would that be possible? On the Wondows client I would use portmapping software to reroute porttraffic. Thx already! Bart -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Wed Sep 12 00:56:18 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Sep 2001 15:56:18 +1000 Subject: [pptp-server] Poptop on another port. Message-ID: <200FAA488DE0D41194F10010B597610D1CEDE7@jupiter.citadelcomputer.com.au> Does your ISP block GRE packets too? If not then you have half the luck as you can run it on a different port but with some hassles including modifying MS clients use that different port too which I have no idea if it's possible... Some other people here may be able to correct me or not. -----Original Message----- From: Bart Coninckx [mailto:bart.coninckx at pandora.be] Sent: Wednesday, September 12, 2001 3:54 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Poptop on another port. Hi all, I've sent this question before to the list, but I'm not sure it got there. Here goes: since ISPs block VPN-ability over here, I would like to run Poptop on another port. Would that be possible? On the Wondows client I would use portmapping software to reroute porttraffic. Thx already! Bart -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthieu at oodrive.fr Wed Sep 12 10:32:51 2001 From: matthieu at oodrive.fr (Matthieu PARISOT) Date: Wed, 12 Sep 2001 17:32:51 +0200 Subject: [pptp-server] Is pptpd code secure? References: <001001c13b4f$501393c0$0300a8c0@domain.org> Message-ID: <3B9F8022.6ED51CDF@oodrive.fr> Hi everybody, I have used its4 ( http://www.cigital.com/its4/ ) to audit pptpd-1.0.1 source archive; The dump is attached is attached with the mail. Could anyone with a good knowledge of pptpd sources check this dump and tells us if there's something wrong? Is it possible to an attacker to pass arguments to pptpctrl (using a home made pptp client) ? Thanks... -------------- next part -------------- ---------------- pptpctrl.c:177:(Very Risky) sprintf pptpctrl.c:680:(Very Risky) sprintf pptpd.c:609:(Very Risky) sprintf This function is high risk for buffer overflows Use snprintf if available, or precision specifiers, if available. ---------------- configfile.c:65:(Very Risky) sscanf This function is high risk for buffer overflows Use precision specifiers, or do your own parsing. ---------------- compat.c:63:(Very Risky) strcpy compat.c:64:(Very Risky) strcpy compat.c:91:(Very Risky) strcpy configfile.c:67:(Very Risky) strcpy inststr.c:27:(Very Risky) strcpy pptpd.c:636:(Very Risky) strcpy This function is high risk for buffer overflows Use strncpy instead. ---------------- pptpd.c:347:(Risky) chdir pptpd.c:373:(Risky) chdir Can lead to process/file interaction race conditions (TOCTOU problems) Manipulate file descriptors, not symbolic names, when possible. ---------------- pptpctrl.c:692:(Risky) execvp pptpd.c:353:(Risky) execvp pptpmanager.c:365:(Risky) execvp Many potential problems. Close all fds, clean the environment, set the umask to something good, and reset uids before calling. ---------------- configfile.c:93:(Risky) fopen pptpd.c:185:(Risky) fopen pptpd.c:212:(Risky) fopen pptpd.c:255:(Risky) fopen pptpd.c:320:(Risky) fopen Can be involved in a race condition if you open things after a poor check. For example, don't check to see if something is not a symbolic link before opening it. Open it, then check bt querying the resulting object. Don't run tests on symbolic file names... Perform all checks AFTER the open, and based on the returned object, not a symbolic name. ---------------- pptpd.c:293:(Risky) freopen pptpd.c:345:(Risky) freopen pptpd.c:371:(Risky) freopen Can be involved in a race condition if you open things after a poor check. For example, don't check to see if something is not a symbolic link before opening it. Open it, then check bt querying the resulting object. Don't run tests on symbolic file names... Perform all checks AFTER the open, and based on the returned object, not a symbolic name. ---------------- compat.c:69:(Risky) open compat.c:70:(Risky) open Can be involved in a race condition if you open things after a poor check. For example, don't check to see if something is not a symbolic link before opening it. Open it, then check bt querying the resulting object. Don't run tests on symbolic file names... Perform all checks AFTER the open, and based on the returned object, not a symbolic name. ---------------- pptpctrl.c:120:(Risky) openlog pptpd.c:128:(Risky) openlog pptpd.c:298:(Risky) openlog pptpd.c:376:(Risky) openlog Can lead to process/file interaction race conditions (TOCTOU category B) Manipulate file descriptors, not symbolic names, when possible. ---------------- pptpd.c:319:(Risky) umask pptpd.c:321:(Risky) umask pptpd.c:348:(Risky) umask pptpd.c:374:(Risky) umask Setting a liberal umask can be bad when you exec an untrusted process. Reset the umask to something sane before execing. ---------------- compat.c:27:(Some risk) bcopy At risk for buffer overflows. Make sure that your buffer is really big enough to handle a max len string. ---------------- getopt.c:981:(Some risk) getopt getopt.c:1011:(Some risk) getopt Depending on the lib implementation, can be a buffer overflow problem. Truncate all str inputs to a reasonable size before calling this. ---------------- getopt1.c:78:(Some risk) getopt_long getopt1.c:134:(Some risk) getopt_long pptpd.c:147:(Some risk) getopt_long Depending on the lib implementation, can be a buffer overflow problem. Truncate all str inputs to a reasonable size before calling this. ---------------- getopt1.c:94:(Some risk) getopt_long_only Depending on the lib implementation, can be a buffer overflow problem. Truncate all str inputs to a reasonable size before calling this. ---------------- ctrlpacket.c:225:(Some risk) read ctrlpacket.c:266:(Some risk) read pptpgre.c:116:(Some risk) read pptpgre.c:281:(Some risk) read Be careful not to introduce a buffer overflow when using in a loop. Make sure to check your buffer boundries. ---------------- From GeorgeV at citadelcomputer.com.au Wed Sep 12 17:07:52 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 13 Sep 2001 08:07:52 +1000 Subject: [pptp-server] Is pptpd code secure? Message-ID: <200FAA488DE0D41194F10010B597610D1CEDF1@jupiter.citadelcomputer.com.au> PPTP is not the most secure product on the internet. Will some work involved some can gather enough information on the encrypted packets and with the speed of computers these days and having probably 10 machines working for you, you could probably crack the encryption and gather all the info you want... From topaz at hcisp.net Thu Sep 13 12:25:00 2001 From: topaz at hcisp.net (Topaz M.Bott) Date: Thu, 13 Sep 2001 13:25:00 -0400 Subject: [pptp-server] tunnel Message-ID: <20010913132500.31f4a39e.topaz@hcisp.net> I am tring to set up a tunnel, Both computers are running 2.4.8 Kernel's With pppd of 2.4.1 pptpd & pptp 1.0.2 WinX works but U can't got the two linux boxes running. I get this error from the pptp box. warn[open_unixsock:pptp_callmgr.c:308]: Call manager for 208.60.89.6 is already running. fatal[callmgr_main:pptp_callmgr.c:124]: Could not open unix socket for 208.60.89.6 fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256 I would love to hear some sugestions. Thanks, topaz From cstorer at infinitisystems.com Thu Sep 13 14:29:27 2001 From: cstorer at infinitisystems.com (Chris Storer) Date: Thu, 13 Sep 2001 15:29:27 -0400 Subject: [pptp-server] Thoughts and suggestions for a NAT situation Message-ID: After briefly scanning the recent thread regarding NAT, I realized I might just have a problem... I've been playing with poptop in my office and it has been working great. My boss now wants me to setup a poptop server at one of our clients, replacing 2 MS PPTP servers. Sounds great, right? Not so great. The client in question has multiple small, remote offices who VPN in, then basically telnet into an AS/400. Two of these remote sites have DSL, the other 4-5 are on dialup connections. *All* of them are behind NAT!! (Yes, each individual client workstation initiates a PPTP connection to our main office..it's somewhat ugly, but works well for the most part, and is much less expensive than running "router-to-router" type VPN's requiring endpoints at each location) My understanding (please correct me if I am wrong!) is that MS's PPTP implementation is actually "broken", allowing more than one connection from an IP address - hence, all my NAT'ed users can all VPN in at the same time. Obviously, (from the last NAT thread) this does NOT work with poptop. Does anybody have any ideas or suggestions as to how I might implement an open source solution in this situation? Are there any other VPN implementations that work well in a "road warrior" type environment, rather than router to router? How hard would it be to "break" poptop into working this way? Please help!! Thanks very much in advance for any insight! Chris Storer IT Consultant Infiniti Systems Group, Inc A Weatherhead 100 Company www.infinitisystems.com cstorer at infinitisystems.com From allanc at caldera.com Thu Sep 13 15:29:14 2001 From: allanc at caldera.com (Allan Clark) Date: Thu, 13 Sep 2001 16:29:14 -0400 Subject: [pptp-server] Thoughts and suggestions for a NAT situation References: Message-ID: <3BA1171A.BD0A0166@caldera.com> Chris; For what I recall, you are correct that this NAT->poptop connection will fail on poptop. The proper PPTP functionality, supported by poptop, is that the NAT node would have to aggregate the control connections for each client into its one control connection between it and the poptop/PPTP service node. The only way to support this with poptop would be to break poptop, which is not a purists' solution, but it would be one of "working everywhere MS works". I don't support using a single vendor as an acceptance case, unless eliminating that vendor is one of the objectives. ...but then, I'm not coding any part of poptop... so take my comments with reduced weighting. I apologize that I have no solution for you, just confirmation. Allan Chris Storer wrote: > > After briefly scanning the recent thread regarding NAT, I realized I might > just have a problem... > > I've been playing with poptop in my office and it has been working great. > My boss now wants me to setup a poptop server at one of our clients, > replacing 2 MS PPTP servers. Sounds great, right? > > Not so great. The client in question has multiple small, remote offices who > VPN in, then basically telnet into an AS/400. Two of these remote sites > have DSL, the other 4-5 are on dialup connections. *All* of them are behind > NAT!! (Yes, each individual client workstation initiates a PPTP connection > to our main office..it's somewhat ugly, but works well for the most part, > and is much less expensive than running "router-to-router" type VPN's > requiring endpoints at each location) > > My understanding (please correct me if I am wrong!) is that MS's PPTP > implementation is actually "broken", allowing more than one connection from > an IP address - hence, all my NAT'ed users can all VPN in at the same time. > > Obviously, (from the last NAT thread) this does NOT work with poptop. > > Does anybody have any ideas or suggestions as to how I might implement an > open source solution in this situation? Are there any other VPN > implementations that work well in a "road warrior" type environment, rather > than router to router? How hard would it be to "break" poptop into working > this way? Please help!! > > Thanks very much in advance for any insight! > > Chris Storer > IT Consultant > Infiniti Systems Group, Inc > A Weatherhead 100 Company > www.infinitisystems.com > cstorer at infinitisystems.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From john at snake.supranet.net Thu Sep 13 15:29:43 2001 From: john at snake.supranet.net (John Heyer) Date: Thu, 13 Sep 2001 15:29:43 -0500 (CDT) Subject: [pptp-server] pptp + freebsd In-Reply-To: <4.3.1.0.20010910132131.02f443a0@pop3.norton.antivirus> Message-ID: <20010913151440.F44862-100000@snake.supranet.net> On Mon, 10 Sep 2001, Tom Hallberg wrote: > Hi > I got some big problems using freebsd as pptp client, my windows 2k manage > it easy but not my freebsd.. so have anyone manage to put up an pptp client > with freebsd? if so can I have a look on yours options file and so on? or > tell me if there is any specieal security things that maybe stops a client > on freebsd to use pptp... > > thanx > /Tom Basic steps are: 1) Install pptpclient from packages 2) Add a label to /etc/ppp/ppp.conf (see /usr/local/share/examples/pptpclient) 3) Run pptp It's not great but I was able to get it working. There's no encryption, and I had to reboot if the connection got interrupted for any reason. From cstorer at infinitisystems.com Thu Sep 13 21:09:42 2001 From: cstorer at infinitisystems.com (Chris j. Storer) Date: Thu, 13 Sep 2001 22:09:42 -0400 Subject: [pptp-server] Thoughts and suggestions for a NAT situation Message-ID: <4FD53673C349EF4EBC2E08390F26F7EC01C41C@ISGMAIL.ISGDomain> That's exactly what I mean - 1 IP address that is NATing a LAN - each client on the LAN maintains a PPTP connection, through NAT on a Win2k server, or a 3com "lanmodem". I have main office in Cleveland with an as400 and a t1. 7 small, remote offices - 2 on dsl, the rest share dialup lines with 3com lanmodems, small analog NAT routers. Each individual client at the 7 remote sites initiates a VPN session into cleveland (1 Win2k VPN server, 1 WinNT VPN server...don't ask), through NAT, and then telnet into the 400. At one site I have 25 sessions running through one IP address. MS PPTP, in this situation, works - I can have 20 seperate connections NATed from one IP. PoPToP does not seem to handle this. Once one client behind the NAT has a PPTP connection, all other attempts to connect from behind the NAT fail. -----Original Message----- From: George Vieira To: Chris j. Storer; pptp-server Sent: 9/13/2001 6:28 PM Subject: RE: [pptp-server] Thoughts and suggestions for a NAT situation I'm not sure what you mean by "allowing more than one connection from an IP address"... It's actually the opposite. You can't connect multiple tunnels coming from the same IP unless it's 1 IP and NATing multiple machines.. Can you explain the NAT further and who is doing the NATing... -----Original Message----- From: Chris Storer [mailto:cstorer at infinitisystems.com] Sent: Friday, September 14, 2001 5:29 AM To: pptp-server Subject: [pptp-server] Thoughts and suggestions for a NAT situation After briefly scanning the recent thread regarding NAT, I realized I might just have a problem... I've been playing with poptop in my office and it has been working great. My boss now wants me to setup a poptop server at one of our clients, replacing 2 MS PPTP servers. Sounds great, right? Not so great. The client in question has multiple small, remote offices who VPN in, then basically telnet into an AS/400. Two of these remote sites have DSL, the other 4-5 are on dialup connections. *All* of them are behind NAT!! (Yes, each individual client workstation initiates a PPTP connection to our main office..it's somewhat ugly, but works well for the most part, and is much less expensive than running "router-to-router" type VPN's requiring endpoints at each location) My understanding (please correct me if I am wrong!) is that MS's PPTP implementation is actually "broken", allowing more than one connection from an IP address - hence, all my NAT'ed users can all VPN in at the same time. Obviously, (from the last NAT thread) this does NOT work with poptop. Does anybody have any ideas or suggestions as to how I might implement an open source solution in this situation? Are there any other VPN implementations that work well in a "road warrior" type environment, rather than router to router? How hard would it be to "break" poptop into working this way? Please help!! Thanks very much in advance for any insight! Chris Storer IT Consultant Infiniti Systems Group, Inc A Weatherhead 100 Company www.infinitisystems.com cstorer at infinitisystems.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Thu Sep 13 21:14:08 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 13 Sep 2001 22:14:08 -0400 (EDT) Subject: [pptp-server] Thoughts and suggestions for a NAT situation In-Reply-To: <4FD53673C349EF4EBC2E08390F26F7EC01C41C@ISGMAIL.ISGDomain> Message-ID: On Thu, 13 Sep 2001, Chris j. Storer wrote: > MS PPTP, in this situation, works - I can have 20 seperate connections NATed > from one IP. > > PoPToP does not seem to handle this. No, and as has been stated here numerous times, PoPToP does not handle it because it explicity breaches the specification. It's obviously possible, but as far as we know nobody has implemented (or is implementing) this non-standard-compliant feature. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From iso9 at phantasticant.com Thu Sep 13 21:21:50 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Thu, 13 Sep 2001 19:21:50 -0700 Subject: [pptp-server] Thoughts and suggestions for a NAT situation In-Reply-To: Message-ID: By "nobody", do you mean nobody other than Microsoft? Or am I misunderstanding this thread? Thanks, Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Charlie Brady Sent: Thursday, September 13, 2001 7:14 PM To: Chris j. Storer Cc: 'George Vieira '; 'pptp-server ' Subject: RE: [pptp-server] Thoughts and suggestions for a NAT situation On Thu, 13 Sep 2001, Chris j. Storer wrote: > MS PPTP, in this situation, works - I can have 20 seperate connections NATed > from one IP. > > PoPToP does not seem to handle this. No, and as has been stated here numerous times, PoPToP does not handle it because it explicity breaches the specification. It's obviously possible, but as far as we know nobody has implemented (or is implementing) this non-standard-compliant feature. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Thu Sep 13 21:33:23 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 13 Sep 2001 22:33:23 -0400 (EDT) Subject: [pptp-server] Thoughts and suggestions for a NAT situation In-Reply-To: Message-ID: On Thu, 13 Sep 2001, Jordan Share wrote: > > No, and as has been stated here numerous times, PoPToP does not handle it > > because it explicity breaches the specification. It's obviously possible, > > but as far as we know nobody has implemented (or is implementing) this > > non-standard-compliant feature. > > By "nobody", do you mean nobody other than Microsoft? Or am I > misunderstanding this thread? I meant, nobody has implemented (or is implementing) this non-standard-compliant feature in PoPToP. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From hakan_lager at hotmail.com Fri Sep 14 01:17:17 2001 From: hakan_lager at hotmail.com (=?iso-8859-1?B?SOVrYW4gTGFnZXI=?=) Date: Fri, 14 Sep 2001 06:17:17 +0000 Subject: [pptp-server] EAP? Message-ID: Does poptop handle or is planned to handle EAP (MS Extensible Authentification Protocol) with Certificates? Regards, Hakan _________________________________________________________________ H?mta MSN Explorer kostnadsfritt p? http://explorer.msn.se From rdhatt at u.washington.edu Fri Sep 14 06:20:53 2001 From: rdhatt at u.washington.edu ('Ricky' S Dhatt) Date: Fri, 14 Sep 2001 04:20:53 -0700 (PDT) Subject: [pptp-server] What's wrong? Message-ID: Well after countless archive searches and reading howto's I reached my last resort...you guys. I wouldn't be asking, but I'm not seeing anything in the log indicating what is going wrong! I'm trying to connect Win2K to Linux RHL6.2 2.2.14-12.10, PPP 2.3.11, PPTP 1.0.1. It works w/o encryption. With encryption I get the "Error: 742 The remote computer does not support the required data encryption type" error. --Ricky Sep 14 05:32:29 www pptpd[24909]: MGR: Launching /usr/sbin/pptpctrl to handle client Sep 14 05:32:29 www pptpd[24909]: CTRL: local address = 192.168.0.1 Sep 14 05:32:29 www pptpd[24909]: CTRL: remote address = 192.168.1.1 Sep 14 05:32:29 www pptpd[24909]: CTRL: Client 63.231.39.186 control connection started Sep 14 05:32:29 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 1) Sep 14 05:32:29 www pptpd[24909]: CTRL: Made a START CTRL CONN RPLY packet Sep 14 05:32:29 www pptpd[24909]: CTRL: I wrote 156 bytes to the client. Sep 14 05:32:29 www pptpd[24909]: CTRL: Sent packet to client Sep 14 05:32:29 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 7) Sep 14 05:32:29 www pptpd[24909]: CTRL: Set parameters to 1525 maxbps, 64 window size Sep 14 05:32:29 www pptpd[24909]: CTRL: Made a OUT CALL RPLY packet Sep 14 05:32:29 www pptpd[24909]: CTRL: Starting call (launching pppd, opening GRE) Sep 14 05:32:29 www pptpd[24909]: CTRL: pty_fd = 4 Sep 14 05:32:29 www pptpd[24909]: CTRL: tty_fd = 5 Sep 14 05:32:29 www pptpd[24909]: CTRL: I wrote 32 bytes to the client. Sep 14 05:32:29 www pptpd[24910]: CTRL (PPPD Launcher): Connection speed = 115200 Sep 14 05:32:29 www pptpd[24910]: CTRL (PPPD Launcher): local address = 192.168.0.1 Sep 14 05:32:29 www pptpd[24910]: CTRL (PPPD Launcher): remote address = 192.168.1.1 Sep 14 05:32:29 www pptpd[24909]: CTRL: Sent packet to client Sep 14 05:32:29 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 15) Sep 14 05:32:29 www pptpd[24909]: CTRL: Got a SET LINK INFO packet with standard ACCMs Sep 14 05:32:29 www pppd[24910]: pppd 2.3.11 started by root, uid 0 Sep 14 05:32:29 www pppd[24910]: Using interface ppp0 Sep 14 05:32:29 www pppd[24910]: Connect: ppp0 <--> /dev/pts/3 Sep 14 05:32:29 www pppd[24910]: sent [LCP ConfReq id=0x1 ] Sep 14 05:32:29 www pptpd[24909]: GRE: Discarding duplicate packet Sep 14 05:32:29 www pppd[24910]: Timeout 0x8050404:0x80785e0 in 3 seconds. Sep 14 05:32:29 www pppd[24910]: rcvd [LCP ConfNak id=0x1 ] Sep 14 05:32:29 www pppd[24910]: Untimeout 0x8050404:0x80785e0. Sep 14 05:32:29 www pppd[24910]: sent [LCP ConfReq id=0x2 ] Sep 14 05:32:29 www pppd[24910]: Timeout 0x8050404:0x80785e0 in 3 seconds. Sep 14 05:32:29 www pppd[24910]: rcvd [LCP ConfAck id=0x2 ] Sep 14 05:32:31 www pppd[24910]: rcvd [LCP ConfReq id=0x1 < 0d 03 06> < 11 04 06 4e> < 13 17 01 fd 77 cd 0e 05 70 47 fe 89 3c 85 9a fe 27 fc ac 00 00 00 1b>] Sep 14 05:32:31 www pppd[24910]: lcp_reqci: rcvd unknown option 13 Sep 14 05:32:31 www pppd[24910]: lcp_reqci: rcvd unknown option 17 Sep 14 05:32:31 www pppd[24910]: lcp_reqci: rcvd unknown option 19 Sep 14 05:32:31 www pppd[24910]: lcp_reqci: returning CONFREJ. Sep 14 05:32:31 www pppd[24910]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 11 04 06 4e> < 13 17 01 fd 77 cd 0e 05 70 47 fe 89 3c 85 9a fe 27 fc ac 00 00 00 1b>] Sep 14 05:32:31 www pppd[24910]: rcvd [LCP ConfReq id=0x2 ] Sep 14 05:32:31 www pppd[24910]: lcp_reqci: returning CONFACK. Sep 14 05:32:31 www pppd[24910]: sent [LCP ConfAck id=0x2 ] Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8050404:0x80785e0. Sep 14 05:32:31 www pppd[24910]: sent [LCP EchoReq id=0x0 magic=0xb67d06a8] Sep 14 05:32:31 www pppd[24910]: Timeout 0x8052c6c:0x80785e0 in 5 seconds. Sep 14 05:32:31 www pppd[24910]: sent [CHAP Challenge id=0x1 <8039a89f80e7ebefb18b29238b96db27>, name = "*"] Sep 14 05:32:31 www pppd[24910]: Timeout 0x8055b70:0x80788c0 in 3 seconds. Sep 14 05:32:31 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 15) Sep 14 05:32:31 www pptpd[24909]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Sep 14 05:32:31 www pppd[24910]: rcvd [LCP code=0xc id=0x3 30 49 51 17 4d 53 52 41 53 56 35 2e 30 30] Sep 14 05:32:31 www pppd[24910]: sent [LCP CodeRej id=0x3 0c 03 00 12 30 49 51 17 4d 53 52 41 53 56 35 2e 30 30] Sep 14 05:32:31 www pppd[24910]: rcvd [LCP code=0xc id=0x4 30 49 51 17 4d 53 52 41 53 2d 31 2d 49 54 53 41 4c 4c 47 4f 4f 44] Sep 14 05:32:31 www pppd[24910]: sent [LCP CodeRej id=0x4 0c 04 00 1a 30 49 51 17 4d 53 52 41 53 2d 31 2d 49 54 53 41 4c 4c 47 4f 4f 44] Sep 14 05:32:31 www pppd[24910]: rcvd [LCP EchoRep id=0x0 magic=0x30495117] Sep 14 05:32:31 www pppd[24910]: rcvd [CHAP Response id=0x1 <7f3af2d67cd2c227c75b342ade3c25f90000000000000000cf15e07fe175094f7be107c064e2f9caea1e441dcdfabf7b00>, name = "admin"] Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8055b70:0x80788c0. Sep 14 05:32:31 www pppd[24910]: ChapReceiveResponse: rcvd type MS-CHAP-V2 Sep 14 05:32:31 www pppd[24910]: sent [CHAP Success id=0x1 "S=D4FD80C02B768C347709CEDDA3618BE513CC6E08"] Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfReq id=0x1 ] Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078840 in 3 seconds. Sep 14 05:32:31 www pppd[24910]: sent [CCP ConfReq id=0x1] Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. Sep 14 05:32:31 www pppd[24910]: MSCHAP-v2 peer authentication succeeded for admin Sep 14 05:32:31 www pppd[24910]: rcvd [CCP ConfReq id=0x5 ] Sep 14 05:32:31 www pppd[24910]: sent [CCP ConfRej id=0x5 ] Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfReq id=0x6 ] Sep 14 05:32:31 www pppd[24910]: ipcp: returning Configure-REJ Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfRej id=0x6 ] Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfRej id=0x1 ] Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8050404:0x8078840. Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfReq id=0x2 ] Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078840 in 3 seconds. Sep 14 05:32:31 www pppd[24910]: rcvd [CCP ConfNak id=0x1 ] Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8050404:0x8078960. Sep 14 05:32:31 www pppd[24910]: sent [CCP ConfReq id=0x2] Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfReq id=0x7 ] Sep 14 05:32:31 www pppd[24910]: ipcp: returning Configure-NAK Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfNak id=0x7 ] Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfAck id=0x2 ] Sep 14 05:32:32 www pppd[24910]: rcvd [CCP ConfNak id=0x2 ] Sep 14 05:32:32 www pppd[24910]: Untimeout 0x8050404:0x8078960. Sep 14 05:32:32 www pppd[24910]: sent [CCP ConfReq id=0x3] Sep 14 05:32:32 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. Sep 14 05:32:32 www pppd[24910]: rcvd [IPCP ConfReq id=0x8 ] Sep 14 05:32:32 www pppd[24910]: ipcp: returning Configure-ACK Sep 14 05:32:32 www pppd[24910]: sent [IPCP ConfAck id=0x8 ] Sep 14 05:32:32 www pppd[24910]: Untimeout 0x8050404:0x8078840. Sep 14 05:32:32 www pppd[24910]: ipcp: up Sep 14 05:32:32 www pppd[24910]: local IP address 192.168.0.1 Sep 14 05:32:32 www pppd[24910]: remote IP address 192.168.1.1 Sep 14 05:32:32 www pppd[24910]: Script /etc/ppp/ip-up started (pid 24913) Sep 14 05:32:32 www pppd[24910]: rcvd [CCP ConfNak id=0x3 ] Sep 14 05:32:32 www pppd[24910]: Untimeout 0x8050404:0x8078960. Sep 14 05:32:32 www pppd[24910]: sent [CCP ConfReq id=0x4] Sep 14 05:32:32 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. Sep 14 05:32:32 www pppd[24910]: Script /etc/ppp/ip-up finished (pid 24913), status = 0x0 Sep 14 05:32:35 www pppd[24910]: sent [CCP ConfReq id=0x4] Sep 14 05:32:35 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. Sep 14 05:32:36 www pppd[24910]: sent [LCP EchoReq id=0x1 magic=0xb67d06a8] Sep 14 05:32:36 www pppd[24910]: Timeout 0x8052c6c:0x80785e0 in 5 seconds. Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x4] Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x4 ] Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x5] Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x4 ] Sep 14 05:32:38 www pppd[24910]: rcvd [LCP EchoRep id=0x1 magic=0x30495117] Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x4 ] Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x5 ] Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x6] Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x6 ] Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x7] Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x7 ] Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x8] Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x8 ] Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x9] Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. Sep 14 05:32:38 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 15) Sep 14 05:32:38 www pptpd[24909]: CTRL: Got a SET LINK INFO packet with standard ACCMs Sep 14 05:32:38 www pppd[24910]: rcvd [LCP TermReq id=0x9 "0IQ\027\000<\37777777715t\000\000\002\37777777746"] Sep 14 05:32:38 www pppd[24910]: LCP terminated by peer (0IQ^W^@ Message-ID: <3BA1EA18.FD73317@p-inet.net> download the high encryption pack for windows 2000 I assume you are using 128 bit encryption for pptp and windows 2000 only comes with 48 bit by default here is the URL on microsofts site. http://www.microsoft.com/windows2000/downloads/recommended/encryption/default.asp 'Ricky' S Dhatt wrote: > > Well after countless archive searches and reading howto's I reached my > last resort...you guys. I wouldn't be asking, but I'm not seeing anything > in the log indicating what is going wrong! I'm trying to connect Win2K to > Linux RHL6.2 2.2.14-12.10, PPP 2.3.11, PPTP 1.0.1. It works w/o > encryption. With encryption I get the "Error: 742 The remote computer > does not support the required data encryption type" error. > > --Ricky > > Sep 14 05:32:29 www pptpd[24909]: MGR: Launching /usr/sbin/pptpctrl to handle client > Sep 14 05:32:29 www pptpd[24909]: CTRL: local address = 192.168.0.1 > Sep 14 05:32:29 www pptpd[24909]: CTRL: remote address = 192.168.1.1 > Sep 14 05:32:29 www pptpd[24909]: CTRL: Client 63.231.39.186 control connection started > Sep 14 05:32:29 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 1) > Sep 14 05:32:29 www pptpd[24909]: CTRL: Made a START CTRL CONN RPLY packet > Sep 14 05:32:29 www pptpd[24909]: CTRL: I wrote 156 bytes to the client. > Sep 14 05:32:29 www pptpd[24909]: CTRL: Sent packet to client > Sep 14 05:32:29 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 7) > Sep 14 05:32:29 www pptpd[24909]: CTRL: Set parameters to 1525 maxbps, 64 window size > Sep 14 05:32:29 www pptpd[24909]: CTRL: Made a OUT CALL RPLY packet > Sep 14 05:32:29 www pptpd[24909]: CTRL: Starting call (launching pppd, opening GRE) > Sep 14 05:32:29 www pptpd[24909]: CTRL: pty_fd = 4 > Sep 14 05:32:29 www pptpd[24909]: CTRL: tty_fd = 5 > Sep 14 05:32:29 www pptpd[24909]: CTRL: I wrote 32 bytes to the client. > Sep 14 05:32:29 www pptpd[24910]: CTRL (PPPD Launcher): Connection speed = 115200 > Sep 14 05:32:29 www pptpd[24910]: CTRL (PPPD Launcher): local address = 192.168.0.1 > Sep 14 05:32:29 www pptpd[24910]: CTRL (PPPD Launcher): remote address = 192.168.1.1 > Sep 14 05:32:29 www pptpd[24909]: CTRL: Sent packet to client > Sep 14 05:32:29 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 15) > Sep 14 05:32:29 www pptpd[24909]: CTRL: Got a SET LINK INFO packet with standard ACCMs > Sep 14 05:32:29 www pppd[24910]: pppd 2.3.11 started by root, uid 0 > Sep 14 05:32:29 www pppd[24910]: Using interface ppp0 > Sep 14 05:32:29 www pppd[24910]: Connect: ppp0 <--> /dev/pts/3 > Sep 14 05:32:29 www pppd[24910]: sent [LCP ConfReq id=0x1 ] > Sep 14 05:32:29 www pptpd[24909]: GRE: Discarding duplicate packet > Sep 14 05:32:29 www pppd[24910]: Timeout 0x8050404:0x80785e0 in 3 seconds. > Sep 14 05:32:29 www pppd[24910]: rcvd [LCP ConfNak id=0x1 ] > Sep 14 05:32:29 www pppd[24910]: Untimeout 0x8050404:0x80785e0. > Sep 14 05:32:29 www pppd[24910]: sent [LCP ConfReq id=0x2 ] > Sep 14 05:32:29 www pppd[24910]: Timeout 0x8050404:0x80785e0 in 3 seconds. > Sep 14 05:32:29 www pppd[24910]: rcvd [LCP ConfAck id=0x2 ] > Sep 14 05:32:31 www pppd[24910]: rcvd [LCP ConfReq id=0x1 < 0d 03 06> < 11 04 06 4e> < 13 17 01 fd 77 cd 0e 05 70 47 fe 89 3c 85 9a fe 27 fc ac 00 00 00 1b>] > Sep 14 05:32:31 www pppd[24910]: lcp_reqci: rcvd unknown option 13 > Sep 14 05:32:31 www pppd[24910]: lcp_reqci: rcvd unknown option 17 > Sep 14 05:32:31 www pppd[24910]: lcp_reqci: rcvd unknown option 19 > Sep 14 05:32:31 www pppd[24910]: lcp_reqci: returning CONFREJ. > Sep 14 05:32:31 www pppd[24910]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 11 04 06 4e> < 13 17 01 fd 77 cd 0e 05 70 47 fe 89 3c 85 9a fe 27 fc ac 00 00 00 1b>] > Sep 14 05:32:31 www pppd[24910]: rcvd [LCP ConfReq id=0x2 ] > Sep 14 05:32:31 www pppd[24910]: lcp_reqci: returning CONFACK. > Sep 14 05:32:31 www pppd[24910]: sent [LCP ConfAck id=0x2 ] > Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8050404:0x80785e0. > Sep 14 05:32:31 www pppd[24910]: sent [LCP EchoReq id=0x0 magic=0xb67d06a8] > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8052c6c:0x80785e0 in 5 seconds. > Sep 14 05:32:31 www pppd[24910]: sent [CHAP Challenge id=0x1 <8039a89f80e7ebefb18b29238b96db27>, name = "*"] > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8055b70:0x80788c0 in 3 seconds. > Sep 14 05:32:31 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 15) > Sep 14 05:32:31 www pptpd[24909]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! > Sep 14 05:32:31 www pppd[24910]: rcvd [LCP code=0xc id=0x3 30 49 51 17 4d 53 52 41 53 56 35 2e 30 30] > Sep 14 05:32:31 www pppd[24910]: sent [LCP CodeRej id=0x3 0c 03 00 12 30 49 51 17 4d 53 52 41 53 56 35 2e 30 30] > Sep 14 05:32:31 www pppd[24910]: rcvd [LCP code=0xc id=0x4 30 49 51 17 4d 53 52 41 53 2d 31 2d 49 54 53 41 4c 4c 47 4f 4f 44] > Sep 14 05:32:31 www pppd[24910]: sent [LCP CodeRej id=0x4 0c 04 00 1a 30 49 51 17 4d 53 52 41 53 2d 31 2d 49 54 53 41 4c 4c 47 4f 4f 44] > Sep 14 05:32:31 www pppd[24910]: rcvd [LCP EchoRep id=0x0 magic=0x30495117] > Sep 14 05:32:31 www pppd[24910]: rcvd [CHAP Response id=0x1 <7f3af2d67cd2c227c75b342ade3c25f90000000000000000cf15e07fe175094f7be107c064e2f9caea1e441dcdfabf7b00>, name = "admin"] > Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8055b70:0x80788c0. > Sep 14 05:32:31 www pppd[24910]: ChapReceiveResponse: rcvd type MS-CHAP-V2 > Sep 14 05:32:31 www pppd[24910]: sent [CHAP Success id=0x1 "S=D4FD80C02B768C347709CEDDA3618BE513CC6E08"] > Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfReq id=0x1 ] > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078840 in 3 seconds. > Sep 14 05:32:31 www pppd[24910]: sent [CCP ConfReq id=0x1] > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > Sep 14 05:32:31 www pppd[24910]: MSCHAP-v2 peer authentication succeeded for admin > Sep 14 05:32:31 www pppd[24910]: rcvd [CCP ConfReq id=0x5 ] > Sep 14 05:32:31 www pppd[24910]: sent [CCP ConfRej id=0x5 ] > Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfReq id=0x6 ] > Sep 14 05:32:31 www pppd[24910]: ipcp: returning Configure-REJ > Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfRej id=0x6 ] > Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfRej id=0x1 ] > Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8050404:0x8078840. > Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfReq id=0x2 ] > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078840 in 3 seconds. > Sep 14 05:32:31 www pppd[24910]: rcvd [CCP ConfNak id=0x1 ] > Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8050404:0x8078960. > Sep 14 05:32:31 www pppd[24910]: sent [CCP ConfReq id=0x2] > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfReq id=0x7 ] > Sep 14 05:32:31 www pppd[24910]: ipcp: returning Configure-NAK > Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfNak id=0x7 ] > Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfAck id=0x2 ] > Sep 14 05:32:32 www pppd[24910]: rcvd [CCP ConfNak id=0x2 ] > Sep 14 05:32:32 www pppd[24910]: Untimeout 0x8050404:0x8078960. > Sep 14 05:32:32 www pppd[24910]: sent [CCP ConfReq id=0x3] > Sep 14 05:32:32 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > Sep 14 05:32:32 www pppd[24910]: rcvd [IPCP ConfReq id=0x8 ] > Sep 14 05:32:32 www pppd[24910]: ipcp: returning Configure-ACK > Sep 14 05:32:32 www pppd[24910]: sent [IPCP ConfAck id=0x8 ] > Sep 14 05:32:32 www pppd[24910]: Untimeout 0x8050404:0x8078840. > Sep 14 05:32:32 www pppd[24910]: ipcp: up > Sep 14 05:32:32 www pppd[24910]: local IP address 192.168.0.1 > Sep 14 05:32:32 www pppd[24910]: remote IP address 192.168.1.1 > Sep 14 05:32:32 www pppd[24910]: Script /etc/ppp/ip-up started (pid 24913) > Sep 14 05:32:32 www pppd[24910]: rcvd [CCP ConfNak id=0x3 ] > Sep 14 05:32:32 www pppd[24910]: Untimeout 0x8050404:0x8078960. > Sep 14 05:32:32 www pppd[24910]: sent [CCP ConfReq id=0x4] > Sep 14 05:32:32 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > Sep 14 05:32:32 www pppd[24910]: Script /etc/ppp/ip-up finished (pid 24913), status = 0x0 > Sep 14 05:32:35 www pppd[24910]: sent [CCP ConfReq id=0x4] > Sep 14 05:32:35 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > Sep 14 05:32:36 www pppd[24910]: sent [LCP EchoReq id=0x1 magic=0xb67d06a8] > Sep 14 05:32:36 www pppd[24910]: Timeout 0x8052c6c:0x80785e0 in 5 seconds. > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x4] > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x4 ] > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x5] > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x4 ] > Sep 14 05:32:38 www pppd[24910]: rcvd [LCP EchoRep id=0x1 magic=0x30495117] > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x4 ] > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x5 ] > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x6] > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x6 ] > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x7] > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x7 ] > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x8] > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x8 ] > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x9] > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > Sep 14 05:32:38 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 15) > Sep 14 05:32:38 www pptpd[24909]: CTRL: Got a SET LINK INFO packet with standard ACCMs > Sep 14 05:32:38 www pppd[24910]: rcvd [LCP TermReq id=0x9 "0IQ\027\000<\37777777715t\000\000\002\37777777746"] > Sep 14 05:32:38 www pppd[24910]: LCP terminated by peer (0IQ^W^@ Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8052c6c:0x80785e0. > Sep 14 05:32:38 www pppd[24910]: ipcp: down > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x805992c:0x0. > Sep 14 05:32:38 www pppd[24910]: Script /etc/ppp/ip-down started (pid 24943) > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x80785e0 in 3 seconds. > Sep 14 05:32:38 www pppd[24910]: sent [LCP TermAck id=0x9] > Sep 14 05:32:38 www pppd[24910]: Script /etc/ppp/ip-down finished (pid 24943), status = 0x0 > Sep 14 05:32:41 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 12) > Sep 14 05:32:41 www pptpd[24909]: CTRL: Made a CALL DISCONNECT RPLY packet > Sep 14 05:32:41 www pptpd[24909]: CTRL: Received CALL CLR request (closing call) > Sep 14 05:32:41 www pptpd[24909]: CTRL: I wrote 148 bytes to the client. > Sep 14 05:32:41 www pptpd[24909]: CTRL: Sent packet to client > Sep 14 05:32:41 www pptpd[24909]: CTRL: Error with select(), quitting > Sep 14 05:32:41 www pptpd[24909]: CTRL: Client 63.231.39.186 control connection finished > Sep 14 05:32:41 www pptpd[24909]: CTRL: Exiting now > Sep 14 05:32:41 www pptpd[24904]: MGR: Reaped child 24909 > Sep 14 05:32:41 www pppd[24910]: Modem hangup > Sep 14 05:32:41 www pppd[24910]: Untimeout 0x8050404:0x80785e0. > Sep 14 05:32:41 www pppd[24910]: Connection terminated. > Sep 14 05:32:41 www pppd[24910]: Connect time 0.2 minutes. > Sep 14 05:32:41 www pppd[24910]: Sent 777 bytes, received 2991 bytes. > Sep 14 05:32:41 www pppd[24910]: Exit. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Mike Hagerty Prairie iNet www.prairieinet.net mhagerty at p-inet.net From Steve at SteveCowles.com Fri Sep 14 09:35:30 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 14 Sep 2001 09:35:30 -0500 Subject: [pptp-server] Thoughts and suggestions for a NAT situation Message-ID: <90769AF04F76D41186C700A0C90AFC3EE878@defiant.infohiiway.com> > -----Original Message----- > From: Chris j. Storer [mailto:cstorer at infinitisystems.com] > Sent: Thursday, September 13, 2001 9:10 PM > To: 'George Vieira '; 'pptp-server ' > Subject: RE: [pptp-server] Thoughts and suggestions for a NAT > situation > > > That's exactly what I mean - 1 IP address that is NATing a > LAN - each client on the LAN maintains a PPTP connection, > through NAT on a Win2k server, or a 3com "lanmodem". > > I have main office in Cleveland with an as400 and a t1. 7 > small, remote offices - 2 on dsl, the rest share dialup > lines with 3com lanmodems, small analog NAT routers. Each > individual client at the 7 remote sites initiates a VPN > session into cleveland (1 Win2k VPN server, 1 WinNT VPN > server...don't ask), through NAT, and then telnet into the > 400. At one site I have 25 sessions running through one > IP address. > > MS PPTP, in this situation, works - I can have 20 seperate > connections NATed from one IP. > > PoPToP does not seem to handle this. Once one client behind > the NAT has a PPTP connection, all other attempts to connect > from behind the NAT fail. As you've stated, you have multiple clients connecting to a single PPTP server from behind a NAT'd firewall. The PPTP specification never accounted for this scenario. In a perfect world (with regards to network design), you should not have to create multiple PPTP connections (to the same server) from behind a NAT'd firewall. With this in mind, you seem to have only two choices: 1) Continue using your MS PPTP server since it meets your current requirements. 2) You touched on this option in your first post, but dismissed it due to cost. Anyway, it might be time to "bite the bullet" and consider implementing a LAN-to-LAN VPN solution for these remote offices. Then the clients simply telnet into the AS400 without first creating a VPN. I know, easier said than done. Option number two will be harder to implement, plus you have additional security issues to deal with. But long term though, your implementing a "sound" network design that is scalable on down the road. Plus, from a client perspective, its easier to use since they no longer have to deal with "first" establishing a PPTP tunnel and then telneting into your AS400. FWIW: I had a customer in a similar situation. i.e.. Cost was overriding implementing a sound network design. So, we used old 486's (with linux/ipsec) as endpoints between their offices. Checkout: http://jixen.tripod.com I would think the "Using a central IPSEC gateway as a tunnel hub" option applies to your case. This could also be implemented using PPTP. Good luck Steve Cowles From jpej at geo-rede.com.br Fri Sep 14 11:19:35 2001 From: jpej at geo-rede.com.br (Jos? de Paula Eufr?sio J?nior) Date: Fri, 14 Sep 2001 13:19:35 -0300 Subject: [pptp-server] Client drops, and when reconnects he doesn't navigate anymore Message-ID: <20010914162257.37007D14C6@poontang.schulte.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scenario: PPTPD server: linux 2.4.5, ppp 2.4 with ms-domainname-strip patch Clients: 40+, using windows 98/2000/NT 4 Problem: Sometimes the connection of the client just drops, without any plausible cause. Then, when it reconnects the data doesn't go anywhere.. even a ping to the pptpd host fails, no data trafegates at all.. Then they call the tech support and I have to reboot the server :\ Some idea? []s Junior -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7oi4czpjMtTpoYcMRAnlYAKCu/btY/VQiGkk9tP9SvbjfIUuFRACeJQH0 4SSVM1O6VJO8MYqY0jnTHw0= =OFgM -----END PGP SIGNATURE----- From dmitri at arvid.ee Fri Sep 14 12:49:34 2001 From: dmitri at arvid.ee (Dmitri Gofmekler) Date: Fri, 14 Sep 2001 19:49:34 +0200 Subject: [pptp-server] Allowing to access the lan. Message-ID: <001c01c13d45$9d740a30$0500a8c0@arvid.ee> Hello all, Probably you can help :) Situation: Server, that running pptpd (poptop.lineo.com), address is 212.7.8.250 (this server does not plays any routing or masquerading role). 2 local networks: Lan1 - 212.7.8.224/27 & Lan2 - 212.7.8.192/27, lan1 router - 212.7.8.225, lan2->lan1 router 212.7.8.222, lan 2 def. route - 212.7.8.193. Lan 1 connected to internet thru lan2. -- cut from /etc/pptpd.conf -- remote ip 212.7.8.251-253 local ip 212.7.8.242-244 Client, Windows NT 4.0. -- end of cut -- Question: What exactly I have to do to get PPTP client ability to use all lan1 and lan2 resources, includes MS Network over TCP/IP and also to allow client to go to the Internet thri it's vpn connection? Can someone give me explained configuration? Thanks in advance, Dmitri. From rdhatt at u.washington.edu Fri Sep 14 12:59:01 2001 From: rdhatt at u.washington.edu ('Ricky' S Dhatt) Date: Fri, 14 Sep 2001 10:59:01 -0700 (PDT) Subject: [pptp-server] What's wrong? In-Reply-To: <3BA1EA18.FD73317@p-inet.net> Message-ID: Unfortunately I already have that installed. --Ricky On Fri, 14 Sep 2001, mike hagerty wrote: > download the high encryption pack for windows 2000 > I assume you are using 128 bit encryption for pptp and windows 2000 only > comes with 48 bit by default > here is the URL on microsofts site. > http://www.microsoft.com/windows2000/downloads/recommended/encryption/default.asp > > > > 'Ricky' S Dhatt wrote: > > > > Well after countless archive searches and reading howto's I reached my > > last resort...you guys. I wouldn't be asking, but I'm not seeing anything > > in the log indicating what is going wrong! I'm trying to connect Win2K to > > Linux RHL6.2 2.2.14-12.10, PPP 2.3.11, PPTP 1.0.1. It works w/o > > encryption. With encryption I get the "Error: 742 The remote computer > > does not support the required data encryption type" error. > > > > --Ricky > > > > Sep 14 05:32:29 www pptpd[24909]: MGR: Launching /usr/sbin/pptpctrl to handle client > > Sep 14 05:32:29 www pptpd[24909]: CTRL: local address = 192.168.0.1 > > Sep 14 05:32:29 www pptpd[24909]: CTRL: remote address = 192.168.1.1 > > Sep 14 05:32:29 www pptpd[24909]: CTRL: Client 63.231.39.186 control connection started > > Sep 14 05:32:29 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 1) > > Sep 14 05:32:29 www pptpd[24909]: CTRL: Made a START CTRL CONN RPLY packet > > Sep 14 05:32:29 www pptpd[24909]: CTRL: I wrote 156 bytes to the client. > > Sep 14 05:32:29 www pptpd[24909]: CTRL: Sent packet to client > > Sep 14 05:32:29 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 7) > > Sep 14 05:32:29 www pptpd[24909]: CTRL: Set parameters to 1525 maxbps, 64 window size > > Sep 14 05:32:29 www pptpd[24909]: CTRL: Made a OUT CALL RPLY packet > > Sep 14 05:32:29 www pptpd[24909]: CTRL: Starting call (launching pppd, opening GRE) > > Sep 14 05:32:29 www pptpd[24909]: CTRL: pty_fd = 4 > > Sep 14 05:32:29 www pptpd[24909]: CTRL: tty_fd = 5 > > Sep 14 05:32:29 www pptpd[24909]: CTRL: I wrote 32 bytes to the client. > > Sep 14 05:32:29 www pptpd[24910]: CTRL (PPPD Launcher): Connection speed = 115200 > > Sep 14 05:32:29 www pptpd[24910]: CTRL (PPPD Launcher): local address = 192.168.0.1 > > Sep 14 05:32:29 www pptpd[24910]: CTRL (PPPD Launcher): remote address = 192.168.1.1 > > Sep 14 05:32:29 www pptpd[24909]: CTRL: Sent packet to client > > Sep 14 05:32:29 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 15) > > Sep 14 05:32:29 www pptpd[24909]: CTRL: Got a SET LINK INFO packet with standard ACCMs > > Sep 14 05:32:29 www pppd[24910]: pppd 2.3.11 started by root, uid 0 > > Sep 14 05:32:29 www pppd[24910]: Using interface ppp0 > > Sep 14 05:32:29 www pppd[24910]: Connect: ppp0 <--> /dev/pts/3 > > Sep 14 05:32:29 www pppd[24910]: sent [LCP ConfReq id=0x1 ] > > Sep 14 05:32:29 www pptpd[24909]: GRE: Discarding duplicate packet > > Sep 14 05:32:29 www pppd[24910]: Timeout 0x8050404:0x80785e0 in 3 seconds. > > Sep 14 05:32:29 www pppd[24910]: rcvd [LCP ConfNak id=0x1 ] > > Sep 14 05:32:29 www pppd[24910]: Untimeout 0x8050404:0x80785e0. > > Sep 14 05:32:29 www pppd[24910]: sent [LCP ConfReq id=0x2 ] > > Sep 14 05:32:29 www pppd[24910]: Timeout 0x8050404:0x80785e0 in 3 seconds. > > Sep 14 05:32:29 www pppd[24910]: rcvd [LCP ConfAck id=0x2 ] > > Sep 14 05:32:31 www pppd[24910]: rcvd [LCP ConfReq id=0x1 < 0d 03 06> < 11 04 06 4e> < 13 17 01 fd 77 cd 0e 05 70 47 fe 89 3c 85 9a fe 27 fc ac 00 00 00 1b>] > > Sep 14 05:32:31 www pppd[24910]: lcp_reqci: rcvd unknown option 13 > > Sep 14 05:32:31 www pppd[24910]: lcp_reqci: rcvd unknown option 17 > > Sep 14 05:32:31 www pppd[24910]: lcp_reqci: rcvd unknown option 19 > > Sep 14 05:32:31 www pppd[24910]: lcp_reqci: returning CONFREJ. > > Sep 14 05:32:31 www pppd[24910]: sent [LCP ConfRej id=0x1 < 0d 03 06> < 11 04 06 4e> < 13 17 01 fd 77 cd 0e 05 70 47 fe 89 3c 85 9a fe 27 fc ac 00 00 00 1b>] > > Sep 14 05:32:31 www pppd[24910]: rcvd [LCP ConfReq id=0x2 ] > > Sep 14 05:32:31 www pppd[24910]: lcp_reqci: returning CONFACK. > > Sep 14 05:32:31 www pppd[24910]: sent [LCP ConfAck id=0x2 ] > > Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8050404:0x80785e0. > > Sep 14 05:32:31 www pppd[24910]: sent [LCP EchoReq id=0x0 magic=0xb67d06a8] > > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8052c6c:0x80785e0 in 5 seconds. > > Sep 14 05:32:31 www pppd[24910]: sent [CHAP Challenge id=0x1 <8039a89f80e7ebefb18b29238b96db27>, name = "*"] > > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8055b70:0x80788c0 in 3 seconds. > > Sep 14 05:32:31 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 15) > > Sep 14 05:32:31 www pptpd[24909]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! > > Sep 14 05:32:31 www pppd[24910]: rcvd [LCP code=0xc id=0x3 30 49 51 17 4d 53 52 41 53 56 35 2e 30 30] > > Sep 14 05:32:31 www pppd[24910]: sent [LCP CodeRej id=0x3 0c 03 00 12 30 49 51 17 4d 53 52 41 53 56 35 2e 30 30] > > Sep 14 05:32:31 www pppd[24910]: rcvd [LCP code=0xc id=0x4 30 49 51 17 4d 53 52 41 53 2d 31 2d 49 54 53 41 4c 4c 47 4f 4f 44] > > Sep 14 05:32:31 www pppd[24910]: sent [LCP CodeRej id=0x4 0c 04 00 1a 30 49 51 17 4d 53 52 41 53 2d 31 2d 49 54 53 41 4c 4c 47 4f 4f 44] > > Sep 14 05:32:31 www pppd[24910]: rcvd [LCP EchoRep id=0x0 magic=0x30495117] > > Sep 14 05:32:31 www pppd[24910]: rcvd [CHAP Response id=0x1 <7f3af2d67cd2c227c75b342ade3c25f90000000000000000cf15e07fe175094f7be107c064e2f9caea1e441dcdfabf7b00>, name = "admin"] > > Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8055b70:0x80788c0. > > Sep 14 05:32:31 www pppd[24910]: ChapReceiveResponse: rcvd type MS-CHAP-V2 > > Sep 14 05:32:31 www pppd[24910]: sent [CHAP Success id=0x1 "S=D4FD80C02B768C347709CEDDA3618BE513CC6E08"] > > Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfReq id=0x1 ] > > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078840 in 3 seconds. > > Sep 14 05:32:31 www pppd[24910]: sent [CCP ConfReq id=0x1] > > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > > Sep 14 05:32:31 www pppd[24910]: MSCHAP-v2 peer authentication succeeded for admin > > Sep 14 05:32:31 www pppd[24910]: rcvd [CCP ConfReq id=0x5 ] > > Sep 14 05:32:31 www pppd[24910]: sent [CCP ConfRej id=0x5 ] > > Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfReq id=0x6 ] > > Sep 14 05:32:31 www pppd[24910]: ipcp: returning Configure-REJ > > Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfRej id=0x6 ] > > Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfRej id=0x1 ] > > Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8050404:0x8078840. > > Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfReq id=0x2 ] > > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078840 in 3 seconds. > > Sep 14 05:32:31 www pppd[24910]: rcvd [CCP ConfNak id=0x1 ] > > Sep 14 05:32:31 www pppd[24910]: Untimeout 0x8050404:0x8078960. > > Sep 14 05:32:31 www pppd[24910]: sent [CCP ConfReq id=0x2] > > Sep 14 05:32:31 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > > Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfReq id=0x7 ] > > Sep 14 05:32:31 www pppd[24910]: ipcp: returning Configure-NAK > > Sep 14 05:32:31 www pppd[24910]: sent [IPCP ConfNak id=0x7 ] > > Sep 14 05:32:31 www pppd[24910]: rcvd [IPCP ConfAck id=0x2 ] > > Sep 14 05:32:32 www pppd[24910]: rcvd [CCP ConfNak id=0x2 ] > > Sep 14 05:32:32 www pppd[24910]: Untimeout 0x8050404:0x8078960. > > Sep 14 05:32:32 www pppd[24910]: sent [CCP ConfReq id=0x3] > > Sep 14 05:32:32 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > > Sep 14 05:32:32 www pppd[24910]: rcvd [IPCP ConfReq id=0x8 ] > > Sep 14 05:32:32 www pppd[24910]: ipcp: returning Configure-ACK > > Sep 14 05:32:32 www pppd[24910]: sent [IPCP ConfAck id=0x8 ] > > Sep 14 05:32:32 www pppd[24910]: Untimeout 0x8050404:0x8078840. > > Sep 14 05:32:32 www pppd[24910]: ipcp: up > > Sep 14 05:32:32 www pppd[24910]: local IP address 192.168.0.1 > > Sep 14 05:32:32 www pppd[24910]: remote IP address 192.168.1.1 > > Sep 14 05:32:32 www pppd[24910]: Script /etc/ppp/ip-up started (pid 24913) > > Sep 14 05:32:32 www pppd[24910]: rcvd [CCP ConfNak id=0x3 ] > > Sep 14 05:32:32 www pppd[24910]: Untimeout 0x8050404:0x8078960. > > Sep 14 05:32:32 www pppd[24910]: sent [CCP ConfReq id=0x4] > > Sep 14 05:32:32 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > > Sep 14 05:32:32 www pppd[24910]: Script /etc/ppp/ip-up finished (pid 24913), status = 0x0 > > Sep 14 05:32:35 www pppd[24910]: sent [CCP ConfReq id=0x4] > > Sep 14 05:32:35 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > > Sep 14 05:32:36 www pppd[24910]: sent [LCP EchoReq id=0x1 magic=0xb67d06a8] > > Sep 14 05:32:36 www pppd[24910]: Timeout 0x8052c6c:0x80785e0 in 5 seconds. > > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x4] > > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x4 ] > > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x5] > > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x4 ] > > Sep 14 05:32:38 www pppd[24910]: rcvd [LCP EchoRep id=0x1 magic=0x30495117] > > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x4 ] > > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x5 ] > > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x6] > > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x6 ] > > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x7] > > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x7 ] > > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x8] > > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > > Sep 14 05:32:38 www pppd[24910]: rcvd [CCP ConfNak id=0x8 ] > > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > > Sep 14 05:32:38 www pppd[24910]: sent [CCP ConfReq id=0x9] > > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x8078960 in 3 seconds. > > Sep 14 05:32:38 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 15) > > Sep 14 05:32:38 www pptpd[24909]: CTRL: Got a SET LINK INFO packet with standard ACCMs > > Sep 14 05:32:38 www pppd[24910]: rcvd [LCP TermReq id=0x9 "0IQ\027\000<\37777777715t\000\000\002\37777777746"] > > Sep 14 05:32:38 www pppd[24910]: LCP terminated by peer (0IQ^W^@ > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8052c6c:0x80785e0. > > Sep 14 05:32:38 www pppd[24910]: ipcp: down > > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x805992c:0x0. > > Sep 14 05:32:38 www pppd[24910]: Script /etc/ppp/ip-down started (pid 24943) > > Sep 14 05:32:38 www pppd[24910]: Untimeout 0x8050404:0x8078960. > > Sep 14 05:32:38 www pppd[24910]: Timeout 0x8050404:0x80785e0 in 3 seconds. > > Sep 14 05:32:38 www pppd[24910]: sent [LCP TermAck id=0x9] > > Sep 14 05:32:38 www pppd[24910]: Script /etc/ppp/ip-down finished (pid 24943), status = 0x0 > > Sep 14 05:32:41 www pptpd[24909]: CTRL: Received PPTP Control Message (type: 12) > > Sep 14 05:32:41 www pptpd[24909]: CTRL: Made a CALL DISCONNECT RPLY packet > > Sep 14 05:32:41 www pptpd[24909]: CTRL: Received CALL CLR request (closing call) > > Sep 14 05:32:41 www pptpd[24909]: CTRL: I wrote 148 bytes to the client. > > Sep 14 05:32:41 www pptpd[24909]: CTRL: Sent packet to client > > Sep 14 05:32:41 www pptpd[24909]: CTRL: Error with select(), quitting > > Sep 14 05:32:41 www pptpd[24909]: CTRL: Client 63.231.39.186 control connection finished > > Sep 14 05:32:41 www pptpd[24909]: CTRL: Exiting now > > Sep 14 05:32:41 www pptpd[24904]: MGR: Reaped child 24909 > > Sep 14 05:32:41 www pppd[24910]: Modem hangup > > Sep 14 05:32:41 www pppd[24910]: Untimeout 0x8050404:0x80785e0. > > Sep 14 05:32:41 www pppd[24910]: Connection terminated. > > Sep 14 05:32:41 www pppd[24910]: Connect time 0.2 minutes. > > Sep 14 05:32:41 www pppd[24910]: Sent 777 bytes, received 2991 bytes. > > Sep 14 05:32:41 www pppd[24910]: Exit. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > -- > Mike Hagerty > Prairie iNet > www.prairieinet.net > mhagerty at p-inet.net > From allanc at caldera.com Fri Sep 14 13:07:36 2001 From: allanc at caldera.com (Allan Clark) Date: Fri, 14 Sep 2001 14:07:36 -0400 Subject: [pptp-server] Allowing to access the lan. References: <001c01c13d45$9d740a30$0500a8c0@arvid.ee> Message-ID: <3BA24768.CD0B968C@caldera.com> Dmitri; I think we've had problems in the past dealing with MSNetworking over a PPTP connection. I think it has to do with MSNewtworking defaulting to broadcasting for all resources... unless that was restricted to NetBEUI. In addressing what you want to work > ... all lan1 and > lan2 resources ... What *are* those resources? ftp, http, smtp, pop, imap, ssh, shttp all seem to work just fine. If you're having problems with WIndows name resolution, you might want to configure your PPTP clients to use DNS for resolution as a fallback; then, if a host isn't found (ie if \\PRINTER\laser4 refers to lrp laser4 at printer.lineo.com) "PRINTER" might be resolved as "printer.lineo.com" and enable you to see/use its resources. Does that address the services you're looking for? It's difficult to answer the question when we're assuming what services you need. Allan (pptp lurker) Dmitri Gofmekler wrote: > > Hello all, > > Probably you can help :) > > Situation: > > Server, that running pptpd (poptop.lineo.com), address is 212.7.8.250 (this > server does not plays any routing or masquerading role). > > 2 local networks: Lan1 - 212.7.8.224/27 & Lan2 - 212.7.8.192/27, lan1 > router - 212.7.8.225, lan2->lan1 router 212.7.8.222, lan 2 def. route - > 212.7.8.193. Lan 1 connected to internet thru lan2. > > -- cut from /etc/pptpd.conf -- > remote ip 212.7.8.251-253 > local ip 212.7.8.242-244 > Client, Windows NT 4.0. > -- end of cut -- > > Question: > What exactly I have to do to get PPTP client ability to use all lan1 and > lan2 resources, includes MS Network over TCP/IP and also to allow client to > go to the Internet thri it's vpn connection? Can someone give me explained > configuration? > > Thanks in advance, > Dmitri. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From dmitri at arvid.ee Fri Sep 14 13:07:19 2001 From: dmitri at arvid.ee (Dmitri Gofmekler) Date: Fri, 14 Sep 2001 20:07:19 +0200 Subject: [pptp-server] Allowing to access the lan. References: <001c01c13d45$9d740a30$0500a8c0@arvid.ee> <3BA24768.CD0B968C@caldera.com> Message-ID: <000f01c13d48$1898a0c0$0500a8c0@arvid.ee> Allan, > > ... all lan1 and > > lan2 resources ... > > What *are* those resources? ftp, http, smtp, pop, imap, ssh, shttp all I mean all TCP/IP traffic. I can't get it works, all connections a seems to go thru usual WAN, I mean default gateway. ----- Original Message ----- From: "Allan Clark" To: "Dmitri Gofmekler" Cc: Sent: Friday, September 14, 2001 8:07 PM Subject: Re: [pptp-server] Allowing to access the lan. > Dmitri; > > I think we've had problems in the past dealing with MSNetworking over a > PPTP connection. I think it has to do with MSNewtworking defaulting to > broadcasting for all resources... unless that was restricted to NetBEUI. > > In addressing what you want to work > > > ... all lan1 and > > lan2 resources ... > > What *are* those resources? ftp, http, smtp, pop, imap, ssh, shttp all > seem to work just fine. If you're having problems with WIndows name > resolution, you might want to configure your PPTP clients to use DNS for > resolution as a fallback; then, if a host isn't found (ie if > \\PRINTER\laser4 refers to lrp laser4 at printer.lineo.com) "PRINTER" might > be resolved as "printer.lineo.com" and enable you to see/use its > resources. > > Does that address the services you're looking for? It's difficult to > answer the question when we're assuming what services you need. > > Allan > (pptp lurker) > > > Dmitri Gofmekler wrote: > > > > Hello all, > > > > Probably you can help :) > > > > Situation: > > > > Server, that running pptpd (poptop.lineo.com), address is 212.7.8.250 (this > > server does not plays any routing or masquerading role). > > > > 2 local networks: Lan1 - 212.7.8.224/27 & Lan2 - 212.7.8.192/27, lan1 > > router - 212.7.8.225, lan2->lan1 router 212.7.8.222, lan 2 def. route - > > 212.7.8.193. Lan 1 connected to internet thru lan2. > > > > -- cut from /etc/pptpd.conf -- > > remote ip 212.7.8.251-253 > > local ip 212.7.8.242-244 > > Client, Windows NT 4.0. > > -- end of cut -- > > > > Question: > > What exactly I have to do to get PPTP client ability to use all lan1 and > > lan2 resources, includes MS Network over TCP/IP and also to allow client to > > go to the Internet thri it's vpn connection? Can someone give me explained > > configuration? > > > > Thanks in advance, > > Dmitri. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > From Steve at SteveCowles.com Fri Sep 14 14:35:36 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 14 Sep 2001 14:35:36 -0500 Subject: [pptp-server] Allowing to access the lan. Message-ID: <90769AF04F76D41186C700A0C90AFC3EE879@defiant.infohiiway.com> > -----Original Message----- > From: Dmitri Gofmekler [mailto:dmitri at arvid.ee] > Sent: Friday, September 14, 2001 12:50 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Allowing to access the lan. > > > Hello all, > > Probably you can help :) > > Situation: > > Server, that running pptpd (poptop.lineo.com), address is > 212.7.8.250 (this server does not plays any routing or masquerading role). > > 2 local networks: Lan1 - 212.7.8.224/27 & Lan2 - 212.7.8.192/27, lan1 > router - 212.7.8.225, lan2->lan1 router 212.7.8.222, lan 2 > def. route - 212.7.8.193. Lan 1 connected to internet thru lan2. > OK, If I have drawn this correctly, your PPTP server is physically located on LAN 1 at .250. Correct??? PPTP server (250) | ---------------------- | 212.7.8.224/27 | (LAN 1) ---------------------- | (225) ---------- | Router | ---------- | (222) ---------------------- | 212.7.8.192/27 | (LAN 2) ---------------------- | (193) ---------- | Router | ---------- | (Internet) In order to access this PPTP sever from the internet, you must go through two routers. The first being the internet router on LAN 2 (193) and then the router that hooks up LAN 2 -> LAN 1 (222). Whew!!! That's a lot of routers. If possible, consider placing the PPTP server on LAN 2. > -- cut from /etc/pptpd.conf -- > remote ip 212.7.8.251-253 > local ip 212.7.8.242-244 > Client, Windows NT 4.0. > -- end of cut -- > Unless really needed, you do not need multiple addresses for the local ip. i.e. remote ip 212.7.8.251-253 local ip 212.7.8.242 > > Question: > What exactly I have to do to get PPTP client ability to use all lan1 and lan2 > resources, includes MS Network over TCP/IP and also to allow client to > go to the Internet thri it's vpn connection? Can someone give > me explained configuration? > First of all, you have not explained your current problem. Just your end goal. When you connect to your PPTP server... 1) Are you able to ping the PPTP server from the remote? 2) Are your able to ping any other nodes on LAN 1 from the remote. ie proxyarp 3) I take it, your not able to ping anything on LAN 2 from the remote. First, if your using a MS based PPTP client, it should create a summarized route i.e. 212.7.8.0/24 when you establish the tunnel. This summarized route should route all traffic for both networks through the tunnel. Which if I understand your post correctly, is what you want. Given the above... 1) Have you enabled IP_FORWARDING on the PPTP server???? 2) Is the PPTP server correctly setting proxyarp for LAN 1 addresses 3) Does the router on LAN 2 (193) have a static route that points traffic for LAN 1 through the router that joins the two LAN's??? ie...on the 193 router: route add 212.7.8.224/27 gw 212.7.8.222 Steve Cowles From mailinglists at avati.com.br Fri Sep 14 15:48:44 2001 From: mailinglists at avati.com.br (Leonardo Pimenta Gonzalez) Date: Fri, 14 Sep 2001 17:48:44 -0300 Subject: [pptp-server] Machine crashing... In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE879@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EE879@defiant.infohiiway.com> Message-ID: <20010914204359.5EECFD14C6@poontang.schulte.org> Hellow guys, I have an Pentium 1GMHZ 256MB RAM running an linux suse with kernel 2.4.4 This machine have an Squid proxy, Bind and PPTP. The vpn traffic is 20-25 per hour. It crashes sometimes, and I don't have any logs error in machine. Anybody knows What's it crashes ? Thanz a lot and sorry for my poor english. From iso9 at phantasticant.com Fri Sep 14 15:46:25 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Fri, 14 Sep 2001 13:46:25 -0700 Subject: [pptp-server] Thoughts and suggestions for a NAT situation In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE878@defiant.infohiiway.com> Message-ID: Mad props must be given to the Freeswan developers; it is a fantastic piece of software. We are currently using a linuxbox with freeswan to access our backside lan in the colo cage (connecting to a Netscreen100). I am also using freeswan on both sides to connect my home LAN to my office LAN. Freeswan is super-nice. And, it's not that hard to implement, even if you have NAT inbetween (at least is wasn't for me), with the use of RSA certificates for the two freeswan boxes. My home gateway is directly on the internet, but the office gateway is behind a 1-to-1 NAT device. It works like a charm. I was not able to get it to work with 1 freeswan box behind a 1-to-1 NAT, and a client win2k box behind another 1-to-1 NAT. NAT is a blessing and a curse. :) Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Cowles, Steve Sent: Friday, September 14, 2001 7:36 AM To: 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] Thoughts and suggestions for a NAT situation > -----Original Message----- > From: Chris j. Storer [mailto:cstorer at infinitisystems.com] > Sent: Thursday, September 13, 2001 9:10 PM > To: 'George Vieira '; 'pptp-server ' > Subject: RE: [pptp-server] Thoughts and suggestions for a NAT > situation > > > That's exactly what I mean - 1 IP address that is NATing a > LAN - each client on the LAN maintains a PPTP connection, > through NAT on a Win2k server, or a 3com "lanmodem". > > I have main office in Cleveland with an as400 and a t1. 7 > small, remote offices - 2 on dsl, the rest share dialup > lines with 3com lanmodems, small analog NAT routers. Each > individual client at the 7 remote sites initiates a VPN > session into cleveland (1 Win2k VPN server, 1 WinNT VPN > server...don't ask), through NAT, and then telnet into the > 400. At one site I have 25 sessions running through one > IP address. > > MS PPTP, in this situation, works - I can have 20 seperate > connections NATed from one IP. > > PoPToP does not seem to handle this. Once one client behind > the NAT has a PPTP connection, all other attempts to connect > from behind the NAT fail. As you've stated, you have multiple clients connecting to a single PPTP server from behind a NAT'd firewall. The PPTP specification never accounted for this scenario. In a perfect world (with regards to network design), you should not have to create multiple PPTP connections (to the same server) from behind a NAT'd firewall. With this in mind, you seem to have only two choices: 1) Continue using your MS PPTP server since it meets your current requirements. 2) You touched on this option in your first post, but dismissed it due to cost. Anyway, it might be time to "bite the bullet" and consider implementing a LAN-to-LAN VPN solution for these remote offices. Then the clients simply telnet into the AS400 without first creating a VPN. I know, easier said than done. Option number two will be harder to implement, plus you have additional security issues to deal with. But long term though, your implementing a "sound" network design that is scalable on down the road. Plus, from a client perspective, its easier to use since they no longer have to deal with "first" establishing a PPTP tunnel and then telneting into your AS400. FWIW: I had a customer in a similar situation. i.e.. Cost was overriding implementing a sound network design. So, we used old 486's (with linux/ipsec) as endpoints between their offices. Checkout: http://jixen.tripod.com I would think the "Using a central IPSEC gateway as a tunnel hub" option applies to your case. This could also be implemented using PPTP. Good luck Steve Cowles _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From walterm at Gliatech.com Fri Sep 14 16:01:03 2001 From: walterm at Gliatech.com (Michael Walter) Date: Fri, 14 Sep 2001 17:01:03 -0400 Subject: [pptp-server] Machine crashing... Message-ID: If you are using iptables/netfilter version 1.2.1a as a packet filter on your system, there are some lockups associated with it. If this is indeed your problem, you can obtain the latest version of the iptable/netfilter code at: http://netfilter.filewatcher.org/ This is the official netfilter project homepage (it is down however as I write this) Thanks, Michael J. Walter rhce mcdba mcse+i ccna cca a+ Network Administrator Gliatech, Inc. 23420 Commerce Park Rd. Beachwood, Ohio 44122 Tel: (216) 831-3200 Email: walterm at gliatech.com -----Original Message----- From: Leonardo Pimenta Gonzalez [mailto:mailinglists at avati.com.br] Sent: Friday, September 14, 2001 4:49 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Machine crashing... Hellow guys, I have an Pentium 1GMHZ 256MB RAM running an linux suse with kernel 2.4.4 This machine have an Squid proxy, Bind and PPTP. The vpn traffic is 20-25 per hour. It crashes sometimes, and I don't have any logs error in machine. Anybody knows What's it crashes ? Thanz a lot and sorry for my poor english. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From tjreige at csc.com.au Sun Sep 16 19:39:44 2001 From: tjreige at csc.com.au (tjreige at csc.com.au) Date: Mon, 17 Sep 2001 10:39:44 +1000 Subject: [pptp-server] OpenBSD 2.8 + Poptop Message-ID: Has anyone successfully installed Poptop on OpenBSD 2.8. Help will be very much appreciated. email : tjreige at csc.com.au *** Thomas Jreige *** Communications Engineer *** CSC Network Services, Wollongong -------------- next part -------------- An HTML attachment was scrubbed... URL: From dna at tanker.d2g.com Mon Sep 17 05:07:06 2001 From: dna at tanker.d2g.com (David Nordenberg) Date: Mon, 17 Sep 2001 12:07:06 +0200 (CEST) Subject: [pptp-server] Can't login to my PoPToP VPN :( Message-ID: Hello. This seems to be a great program but unforunatly I can't get it working :( I use windows 2000 SP2 to logon to the VPN but "Verifying username and passowrd" takes very long time (i think it's then the 9 repeated messages i wrote down below accorurs) and then windows sais disconnected "Error 619: The specified port is not connected". I don't know if it is me doing something stupid but i'm ripping my hair of because of this little problem ;( Hope you can figure out the problem or if you want me to try something or send some other info about my computer, just reply to the mailinglist or contact me using ICQ 5545436. Sep 10 18:14:55 tanker modprobe: modprobe: Can't locate module char-major-108 Sep 10 18:14:55 tanker pppd[18571]: pppd 2.4.0 started by root, uid 0 Sep 10 18:14:55 tanker pppd[18571]: Using interface ppp0 Sep 10 18:14:55 tanker pppd[18571]: Connect: ppp0 <--> /dev/pts/8 Sep 10 18:14:55 tanker pppd[18571]: sent [LCP ConfReq id=0x1 ] Sep 10 18:15:22 tanker last message repeated 9 times Sep 10 18:15:25 tanker pppd[18571]: LCP: timeout sending Config-Requests Sep 10 18:15:25 tanker pppd[18571]: Connection terminated. Sep 10 18:15:25 tanker pppd[18571]: Exit. Thanks for reading my post :) David Nordenberg From khrys at transart.ro Mon Sep 17 05:23:23 2001 From: khrys at transart.ro (Cristian Gabor) Date: Mon, 17 Sep 2001 13:23:23 +0300 Subject: [pptp-server] Routing problem Message-ID: <004001c13f62$c8b981b0$8e67a8c0@corporate.transart.ro> Hi all, I have a problem using pptp. Here is the description: i have one pptp server(pptpd) and two clients(pptp). My problem is that when the connection to one of the clients is lost (or worse both) the routes on the server are deleted and when the connection is back online the routes are not created as they should be. The server has 192.168.109.1 for the ppp interface and it accepts 2 clients on 192.168.109.2-3, and i have a route to 192.168.110.0/24 on one ppp and to 192.168.104.0/24 on the other second ppp interface. The routes are assigned from /etc/ppp/ip-up.local when they get up. After one of the ppp interfaces goes down and then up again the routes go crazy, meaning that the routes are interchanged between the ppp interfaces. My question is how can i bypass this problem ( i have in mind of having more clients soon, so it will be harder for me to route manually), and maybe i alredy know the answer: is there a way to force one client to use one specifix ppp interface (for example ppp1 for one connection, even if ppp0 is available) so i can route automatically using interfaces? Thanks From topaz at hcisp.net Mon Sep 17 09:51:55 2001 From: topaz at hcisp.net (Topaz M. Bott) Date: Mon, 17 Sep 2001 10:51:55 -0400 Subject: [pptp-server] Re: pptp-server digest, Vol 1 #421 - 1 msg References: <20010915170102.485A2D144D@poontang.schulte.org> Message-ID: <00e801c13f88$4b914bc0$71593cd0@hcisp.net> A - What temp is the system running? Q - Hellow guys, I have an Pentium 1GMHZ 256MB RAM running an linux suse with kernel 2.4.4 This machine have an Squid proxy, Bind and PPTP. The vpn traffic is 20-25 per hour. It crashes sometimes, and I don't have any logs error in machine. Anybody knows What's it crashes ? Thanz a lot and sorry for my poor english. ----- Original Message ----- From: To: Sent: Saturday, September 15, 2001 1:01 PM Subject: pptp-server digest, Vol 1 #421 - 1 msg > Send pptp-server mailing list submissions to > pptp-server at lists.schulte.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.schulte.org/mailman/listinfo/pptp-server > or, via email, send a message with subject or body 'help' to > pptp-server-request at lists.schulte.org > > You can reach the person managing the list at > pptp-server-admin at lists.schulte.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of pptp-server digest..." > > > Today's Topics: > > 1. RE: Machine crashing... (Michael Walter) > > --__--__-- > > Message: 1 > From: Michael Walter > To: "'mailinglists at avati.com.br'" , > pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Machine crashing... > Date: Fri, 14 Sep 2001 17:01:03 -0400 > > If you are using iptables/netfilter version 1.2.1a as a packet filter on > your system, there are some lockups associated with it. If this is indeed > your problem, you can obtain the latest version of the iptable/netfilter > code at: http://netfilter.filewatcher.org/ This is the official netfilter > project homepage (it is down however as I write this) > > Thanks, > > Michael J. Walter > rhce mcdba mcse+i ccna cca a+ > Network Administrator > Gliatech, Inc. > 23420 Commerce Park Rd. > Beachwood, Ohio 44122 > Tel: (216) 831-3200 > Email: walterm at gliatech.com > > > > > -----Original Message----- > From: Leonardo Pimenta Gonzalez [mailto:mailinglists at avati.com.br] > Sent: Friday, September 14, 2001 4:49 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Machine crashing... > > > Hellow guys, > > I have an Pentium 1GMHZ 256MB RAM running an linux suse with kernel 2.4.4 > > This machine have an Squid proxy, Bind and PPTP. > > The vpn traffic is 20-25 per hour. > > It crashes sometimes, and I don't have any logs error in machine. > > Anybody knows What's it crashes ? > > Thanz a lot and sorry for my poor english. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > > --__--__-- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > End of pptp-server Digest > > > From godfrey.livingstone at ajpark.co.nz Mon Sep 17 15:54:24 2001 From: godfrey.livingstone at ajpark.co.nz (Godfrey Livingstone) Date: Tue, 18 Sep 2001 08:54:24 +1200 Subject: [pptp-server] Smbpasswd Message-ID: <09259B1E9A747045AEFC8FD791FDC21007B086@mason.ajpark.int> ___________________________________________________________ This e-mail is intended for the addressee only and may contain privileged and/or confidential information ___________________________________________________________ I wrote one of the patches to the smbpasswd patch that solved the problem of blank username/password. For some people my patch has not worked unless there was another entry in chap-secrets. Anyway I think I have found out why you require an additional entry in chap-secrets. When I created the patch my chap-secrets had other entries and so it worked for me. At the time it did not work for some other people but I could never figure out why (thanks Chen for pointing out the need for the extra entry). Explanation follows: auth.c calls a procedure have_chap_secret to see whether or not we have a chap secret suitable for authenticating. At the time that it calls this procedure it may not know the user name of the client if it does not know it sets client and/or server to NULL if (client != NULL && client[0] == 0) client = NULL; else if (server != NULL && server[0] == 0) server = NULL; then it calls scan_authfile as follows ret = scan_authfile(f, client, server, NULL, &addrs, NULL, filename); this is a problem for the fixed samba password patch because there will be no user in smbpasswd with username of NULL so scan_authfile returns that no suitable secret exists. This was not a problem with the original smb patch because it mistakenly accepted an empty (NULL) user. Proposed solution: thoughts please I will rewrite the smbpatch but have not done so as yet as I want to use smblib so that hopefully in addition to checking smbpasswd you can check the password the client send with a smb server (either Samba or NT/2000/XP). This will also solve the problem with the change of format of password file in Samba 2.2 as the library will know the format. I am thinking of using @samba in chap-secrets to indicate that smb should be checked does anyone have a preference for how the server to check against should be passed and or whether smbpasswd should still be checked in case samba server is down and if so how the location of this file should be passed. Alternatively we could introduce smb smbsrv smbpasswd options to ppp. Until this is done to use my smb patch including the patch for 2.4 (available from http://home.swbell.net/berzerke/pppsmb2.4.patch ) you need an additional valid entry in chap-secrets. Godfrey Livingstone _____________________________________________ A J Park Intellectual Property Lawyers and Consultants Patent and Trade Mark Attorneys New Zealand www.ajpark.com _____________________________________________ From godfrey at globe.net.nz Mon Sep 17 16:02:53 2001 From: godfrey at globe.net.nz (godfrey at globe.net.nz) Date: Mon, 17 Sep 2001 21:02:53 GMT Subject: [pptp-server] Smbpasswd repost readable form Message-ID: <200109172102.f8HL2po32173@julia.globe.net.nz> I wrote one of the patches to the smbpasswd patch that solved the problem of blank username/password. For some people my patch has not worked unless there was another entry in chap-secrets. Anyway I think I have found out why you require an additional entry in chap-secrets. When I created the patch my chap-secrets had other entries and so it worked for me. At the time it did not work for some other people but I could never figure out why (thanks Chen for pointing out the need for the extra entry). Explanation follows: auth.c calls a procedure have_chap_secret to see whether or not we have a chap secret suitable for authenticating. At the time that it calls this procedure it may not know the user name of the client if it does not know it sets client and/or server to NULL if (client != NULL && client[0] == 0) client = NULL; else if (server != NULL && server[0] == 0) server = NULL; then it calls scan_authfile as follows ret = scan_authfile(f, client, server, NULL, &addrs, NULL, filename); This is a problem for the fixed samba password patch because there will be no user in smbpasswd with username of NULL so scan_authfile returns that no suitable secret exists. This was not a problem with the original smb patch because it mistakenly accepted an empty (NULL) user. Proposed solution: thoughts please I will rewrite the smbpatch but have not done so as yet as I want to use smblib so that hopefully in addition to checking smbpasswd you can check the password the client send with a smb server (either Samba or NT/2000/XP). This will also solve the problem with the change of format of password file in Samba 2.2 as the library will know the format. I am thinking of using @samba in chap-secrets to indicate that smb should be checked does anyone have a preference for how the server to check against should be passed and or whether smbpasswd should still be checked in case samba server is down and if so how the location of this file should be passed. Alternatively we could introduce smb smbsrv smbpasswd options to ppp. Until this is done to use my smb patch including the patch for 2.4 (available from http://home.swbell.net/berzerke/pppsmb2.4.patch ) you need an additional valid entry in chap-secrets. Godfrey Livingstone From michaelm at eyeball.com Mon Sep 17 16:22:19 2001 From: michaelm at eyeball.com (Michael McConnell) Date: Mon, 17 Sep 2001 14:22:19 -0700 Subject: [pptp-server] if22 Message-ID: <121201c13fbe$d57bc8c0$db01020a@eyeball.com> Can anyone tell me what this if22 is? TCPDUMP displays a lot of packets being directed over if22, which is the ip address of my vpn connection? Thanks, mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Tue Sep 18 01:19:34 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Tue, 18 Sep 2001 11:49:34 +0530 Subject: [pptp-server] display problem Message-ID: <3BA6E776.846E5705@multitech.co.in> hi , my problem is not exactly related to the PPTP server. i am posing this problem because there is good probability of finding LINUX experts in this list. my setup is looks like this: PPTP client -> VPN server -> {LAN} -> A Linux host when PPTP client is also a LINUX box, after establishing the PPTP connection between the client and the VPN server, i tried to initiate a SSH Session between the PPTP client and the other LINUX host somewhere in the LAN. I could make the connection. but, when i tried to open the display, the LINUX host is not able to forward the X session to the client. The session is getting opened on the server itself. if any one knows how i can make the things work, please lemme know. regards murali krishna vemuri From ybzhg at hotmail.com Tue Sep 18 01:47:44 2001 From: ybzhg at hotmail.com (zhang.yb) Date: Tue, 18 Sep 2001 14:47:44 +0800 Subject: [pptp-server] how to work? Message-ID: Hi, Now i have downloaded pptpd-1.0.1.tar.gz , pptp-linux-1.0.2-patched.tar.gz. and i have install these two parts to my redhat 7.1. But i don't know how to run these to establish connection between PAC and PNS. regards Alex -------------- next part -------------- An HTML attachment was scrubbed... URL: From bj-45 at netsonic.fi Tue Sep 18 02:02:33 2001 From: bj-45 at netsonic.fi (Philippe Trottier) Date: Tue, 18 Sep 2001 10:02:33 +0300 Subject: [pptp-server] New guy in town... References: <3BA6E776.846E5705@multitech.co.in> Message-ID: <007801c1400f$ec2947e0$a22274d4@nitchiwam> Here is my situation all the LAN goes by router 192.168.0.1 to a WAN (internet) 0.0.0.0 is routed to internet world 192.168.1.X is routed to 192.168.0.20 Incoming to port 1723/47 goes to 192.168.0.20 192.168.0.20 Linux box handle route 192.168.1.x connected by PPTP do you think should work ? BTW I have kernel 2.4.8, and plan on installing more than one remote station at different place in the world, I tought running one pptp / machine on different net 192.68.2.x .3.x .4.x... good bad ??? Philippe From tcanich at geosc.psu.edu Tue Sep 18 08:22:21 2001 From: tcanich at geosc.psu.edu (Tom Canich) Date: Tue, 18 Sep 2001 08:22:21 -0500 (EST) Subject: [pptp-server] display problem In-Reply-To: <3BA6E776.846E5705@multitech.co.in> Message-ID: Hi murali, I've copied the list, just in case there are others out there with this question. This is probably better asked in comp.protocols.ssh or comp.os.linux.x, but... On Tue, 18 Sep 2001, Murali K. Vemuri wrote: > when PPTP client is also a LINUX box, after establishing the PPTP > connection between the client and the VPN server, i tried to initiate a > SSH Session between the PPTP client and the other LINUX host somewhere > in the LAN. I could make the connection. but, when i tried to open the > display, the LINUX host is not able to forward the X session to the > client. The session is getting opened on the server itself. Without more details (such as your configuration files, etc) I will wager that X11Forwarding is disabled in your /etc/ssh_config and/or /etc/sshd_config (location varies) on the client and/or server. You may also supply the appropriate argument when making the connection to enable X11Forwarding for the client (assuming it is already enabled for the server)? hopefully that does the trick. tom From Bellzerr at aol.com Tue Sep 18 08:11:30 2001 From: Bellzerr at aol.com (Bellzerr at aol.com) Date: Tue, 18 Sep 2001 09:11:30 EDT Subject: [pptp-server] How to match up a pppx connection with Linux process id Message-ID: I'm familiar with ifconfig and "ps -ef | grep ppt" But how do I match the two up so I can kill a given user's VPN connection? Thanks, Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: From jpej at geo-rede.com.br Tue Sep 18 09:48:35 2001 From: jpej at geo-rede.com.br (Jos? de Paula Eufr?sio J?nior) Date: Tue, 18 Sep 2001 11:48:35 -0300 Subject: [pptp-server] Client drops, and when reconnects he doesn't na vigate anymore In-Reply-To: <200FAA488DE0D41194F10010B597610D1CEE3A@jupiter.citadelcomputer.com.au> References: <200FAA488DE0D41194F10010B597610D1CEE3A@jupiter.citadelcomputer.com.au> Message-ID: <20010918145157.02586D15D6@poontang.schulte.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 16 September 2001 20:38, you wrote: > Did you check the server that it thinks the user is still online or not? > when you do a > > ps -ef |grep pppd > > ps -ef |grep pptp > > does any of these two produce connections still available? It's really hard to track, in high traffic times I can have 60 people conected... > Try adding this to your PPTPD options file. > lcp-echo-failure 10 > lcp-echo-interval 3 To the pptpd.conf OR /etc/ppp ? :) I put in the pptpd.conf =) []s Junior -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7p17KzpjMtTpoYcMRAkeuAKDFEPzTOchx22hTWVug+PPnCNvePQCdEgr7 zKrgVcpxstBqNhMYoQP1qQ8= =FkIG -----END PGP SIGNATURE----- From cwoods at uswest.net Tue Sep 18 10:02:40 2001 From: cwoods at uswest.net (Chris Woods) Date: Tue, 18 Sep 2001 10:02:40 -0500 Subject: [pptp-server] security question Message-ID: I am new to running this on a Linux server and was wondering if PPTP server is more secure on a Linux machine instead of a Windows machine. Are the Windows clients insecure still? Chris. -------------- next part -------------- An HTML attachment was scrubbed... URL: From haidang79 at yahoo.com Tue Sep 18 15:23:03 2001 From: haidang79 at yahoo.com (HaiDang) Date: Tue, 18 Sep 2001 13:23:03 -0700 (PDT) Subject: [pptp-server] pptp tunnel is not used for internet services Message-ID: <20010918202303.18397.qmail@web10408.mail.yahoo.com> Hi everyone, I have a VPN server (pptpd) running. I'd like to establish a VPN connection first, before using services like Xwindows, emailing, etc. When I connect to the pptp daemon, it assigns me a new IP address, which is from its IP pool. But when I use email or Xwindows, my client machine uses its original IP (the one before VPN) to connect, and thus is blocked by the firewall. Can anyone help me ?? Thanks, __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ From bj-45 at netsonic.fi Tue Sep 18 16:27:03 2001 From: bj-45 at netsonic.fi (Philippe Trottier) Date: Wed, 19 Sep 2001 00:27:03 +0300 Subject: [pptp-server] 1st trouble I got Message-ID: <00e901c14088$ab7cd760$602274d4@nitchiwam> I tried to patch the smbpassword to ppp 2.4.0 and 2.4.1, but it seems that I miss a lib... anyone know where to get that lib ? /usr/bin/ld: cannot find -lsmbpw collect2: ld returned 1 exit status make[1]: *** [pppd] Error 1 make[1]: Leaving directory `/usr/src/ppp-2.4.0/pppd' make: *** [all] Error 2 Phil From bjorn at linpro.no Tue Sep 18 17:39:09 2001 From: bjorn at linpro.no (=?iso-8859-1?q?Bj=F8rn?= Ruberg) Date: 19 Sep 2001 00:39:09 +0200 Subject: [pptp-server] 1st trouble I got In-Reply-To: "Philippe Trottier"'s message of "Wed, 19 Sep 2001 00:27:03 +0300" References: <00e901c14088$ab7cd760$602274d4@nitchiwam> Message-ID: "Philippe Trottier" writes: > I tried to patch the smbpassword to ppp 2.4.0 and 2.4.1, but it seems that I miss a lib... > > anyone know where to get that lib ? > > /usr/bin/ld: cannot find -lsmbpw I found it as files with the samba-tng (http://www.samba-tng.org): bjorn at test:/shared/src/samba-tng$ find ./ -name "*libsmbpw*" ./tng/source/bin/.libs/libsmbpw.so.0 ./tng/source/bin/.libs/libsmbpw.so ./tng/source/bin/.libs/libsmbpw.la and as comments in the cvs.log of Samba-2.2.1a: Modified Files: Tag: SAMBA_TNG Makefile.in configure configure.in Log Message: i like this library thing so much i made a libsmbpw as well. this contains passdb/smb*.c, passdb/sam*.c _and_ groupdb/*.c. Modified Files: Tag: SAMBA_TNG Makefile.in Log Message: forgot to add libsmbpw to install parts (i never install, so i didn't notice) Modified Files: Tag: SAMBA_TNG smbencrypt.c Log Message: yess! rpcclient no longer links with libsmbpw.so, which was so grossly unnecessary. Seems like the libsmpw has not found its way to the release versions yet, but someone please correct me if I'm wrong. Hope this helps. -- Bj?rn Ruberg, Linpro AS bjorn at linpro.no The more you scream, the less you hear. (Fish) From haidang79 at yahoo.com Tue Sep 18 19:00:31 2001 From: haidang79 at yahoo.com (HaiDang) Date: Tue, 18 Sep 2001 17:00:31 -0700 (PDT) Subject: [pptp-server] pptp tunnel is not used for internet services Message-ID: <20010919000031.53753.qmail@web10408.mail.yahoo.com> Hi everyone, I have a VPN server (pptpd) running. I'd like to establish a VPN connection first, before using services like Xwindows, emailing, etc. When I connect to the pptp daemon, it assigns me a new IP address, which is from its IP pool. But when I use email or Xwindows, my client machine uses its original IP (the one before VPN) to connect, and thus is blocked by the firewall. Can anyone help me ?? Thanks, __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ From bj-45 at netsonic.fi Wed Sep 19 03:49:47 2001 From: bj-45 at netsonic.fi (Philippe Trottier) Date: Wed, 19 Sep 2001 11:49:47 +0300 Subject: [pptp-server] 1st trouble I got References: <00e901c14088$ab7cd760$602274d4@nitchiwam> Message-ID: <00ba01c140e8$09777aa0$302274d4@nitchiwam> Thanks a lot... I should a check that 1st... the sytem I build has been installed by someone a bit like Redhat, select all and put a paper weight on enter... then samba 2.0.7 was there instead of 2.2.x ... rpm -e samba* =) Oh well... Phil "Philippe Trottier" writes: > I tried to patch the smbpassword to ppp 2.4.0 and 2.4.1, but it seems that I miss a lib... > > anyone know where to get that lib ? > > /usr/bin/ld: cannot find -lsmbpw I found it as files with the samba-tng (http://www.samba-tng.org): bjorn at test:/shared/src/samba-tng$ find ./ -name "*libsmbpw*" ./tng/source/bin/.libs/libsmbpw.so.0 ./tng/source/bin/.libs/libsmbpw.so ./tng/source/bin/.libs/libsmbpw.la _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From bj-45 at netsonic.fi Wed Sep 19 04:58:52 2001 From: bj-45 at netsonic.fi (Philippe Trottier) Date: Wed, 19 Sep 2001 12:58:52 +0300 Subject: [pptp-server] 1st trouble I got References: <00e901c14088$ab7cd760$602274d4@nitchiwam> Message-ID: <00ce01c140f1$b04fcb80$302274d4@nitchiwam> OK OK, I am doing something really wrong now... this TNG libsmbpw.so is not the right lib where is the good one ? Or is there a better list archive to look at this trouble ? I found in the pptp archive that a combined patch is available http://linus.yi.org/smbpw-mppe-stripdom-requiremppe.diff.bz2 but that site is down... anywhere else ??? usr/src/ppp-2.4.1/pppd/auth.c:1932: undefined reference to `setsmbfilepath' /usr/src/ppp-2.4.1/pppd/auth.c:1933: undefined reference to `setsmbpwent' /lib/libsmbpw.so: undefined reference to `ubi_slInitList' /lib/libsmbpw.so: undefined reference to `lp_builtinrid_file' ------------- SNIP bunch of not there stuff /lib/libsmbpw.so: undefined reference to `Atoic' /lib/libsmbpw.so: undefined reference to `sys_getpid' /lib/libsmbpw.so: undefined reference to `lp_passwd_expire_time' /lib/libsmbpw.so: undefined reference to `sid_split_rid' collect2: ld returned 1 exit status make[1]: *** [pppd] Error 1 make[1]: Leaving directory `/usr/src/ppp-2.4.1/pppd' make: *** [all] Error 2 ----- Original Message ----- From: "Bj?rn Ruberg" To: "Philippe Trottier" Cc: Sent: Wednesday, September 19, 2001 1:39 AM Subject: Re: [pptp-server] 1st trouble I got "Philippe Trottier" writes: > I tried to patch the smbpassword to ppp 2.4.0 and 2.4.1, but it seems that I miss a lib... > > anyone know where to get that lib ? > > /usr/bin/ld: cannot find -lsmbpw I found it as files with the samba-tng (http://www.samba-tng.org): bjorn at test:/shared/src/samba-tng$ find ./ -name "*libsmbpw*" ./tng/source/bin/.libs/libsmbpw.so.0 ./tng/source/bin/.libs/libsmbpw.so ./tng/source/bin/.libs/libsmbpw.la and as comments in the cvs.log of Samba-2.2.1a: Modified Files: Tag: SAMBA_TNG Makefile.in configure configure.in Log Message: i like this library thing so much i made a libsmbpw as well. this contains passdb/smb*.c, passdb/sam*.c _and_ groupdb/*.c. Modified Files: Tag: SAMBA_TNG Makefile.in Log Message: forgot to add libsmbpw to install parts (i never install, so i didn't notice) Modified Files: Tag: SAMBA_TNG smbencrypt.c Log Message: yess! rpcclient no longer links with libsmbpw.so, which was so grossly unnecessary. Seems like the libsmpw has not found its way to the release versions yet, but someone please correct me if I'm wrong. Hope this helps. -- Bj?rn Ruberg, Linpro AS bjorn at linpro.no The more you scream, the less you hear. (Fish) _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From mailinglists at avati.com.br Wed Sep 19 15:16:17 2001 From: mailinglists at avati.com.br (Leonardo Pimenta Gonzalez) Date: Wed, 19 Sep 2001 17:16:17 -0300 Subject: [pptp-server] Problems with dns, and pppd Message-ID: <20010919201202.61FA0D14B0@poontang.schulte.org> Hellow guys, I have some questions: 1 - In my options file I put the line "ms-dns ip.address", when I connect on my vpn server under Dial up connection, I get the dns , but not in PRIMARY DNS. My primary and secondary dns my provider give-me when i make a dial up connection. Well, when I try to resolv any name in my vpn connection, it consults the PRIMARY dns and can't resolv my internal lan ips. What I can do to use the vpn options dns in my PRIMARY Dns?? 2- When I have a lot of users disconnecting at some time, my machine crashes. If I do a "killall -9 ppp" when I have 5 or more users connected, my machine crashes. I using pptp 1.0.1 stable version with kernel 2.4.4 and ppp 2.4.1 with mppe patch. Anybody help me?? 3- When I connect in my vpn server, I need to "Logon on Network" to see machines on internal network? Thankz a lot guys, And sorry for my poor English. -- -------------------------------------------------------------------- Got an Access Denied? Good, my job is done! -------------------------------------------------------------------- From haidang79 at yahoo.com Wed Sep 19 15:11:43 2001 From: haidang79 at yahoo.com (HaiDang) Date: Wed, 19 Sep 2001 13:11:43 -0700 (PDT) Subject: [pptp-server] pptp tunnel is not used for internet services In-Reply-To: <194b01c140ae$416d3dd0$db01020a@eyeball.com> Message-ID: <20010919201143.45350.qmail@web10407.mail.yahoo.com> Maybe I need to clarify it more. The firewall is on the Linux box, which also runs as VPN server. The firewall only allows packets within the subnet to the Linux server (let say - 0 to 31). The IP pool consists of only 3 IPs: 29, 30, and 31). When I establish VPN, I get assigned 29. But when I use the mail server on the same Linux box, and check the log files, my Wins98 uses its original IP to send packets to the Linux, and thus is denied by the firewall rules. The tunnel is just between my Wins98 and the Linux server, nothing else's involved. And if I used firewall-config to configure the firewall, how should I add those rules in ?? Thank you, --- Michael McConnell wrote: > On the VPN Server, enable IP Masqing. > > echo 1 > /proc/sys/net/ipv4/ip_forward > ipchains -P forward DENY > ipchains -A forward -j MASQ > > > > Hi everyone, > > > > I have a VPN server (pptpd) running. I'd like to > > establish a VPN connection first, before using > > services like Xwindows, emailing, etc. > > > > When I connect to the pptp daemon, it assigns me a > new > > IP address, which is from its IP pool. But when I > use > > email or Xwindows, my client machine uses its > original > > IP (the one before VPN) to connect, and thus is > > blocked by the firewall. > > > > Can anyone help me ?? > > > > Thanks, > > > > > > > > __________________________________________________ > > Terrorist Attacks on U.S. - How can you help? > > Donate cash, emergency relief information > > > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > > _______________________________________________ > > pptp-server maillist - > pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this > line. -- > > > __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ From haidang79 at yahoo.com Wed Sep 19 17:20:24 2001 From: haidang79 at yahoo.com (HaiDang) Date: Wed, 19 Sep 2001 15:20:24 -0700 (PDT) Subject: [pptp-server] pptp tunnel is not used for internet services In-Reply-To: <20010919201143.45350.qmail@web10407.mail.yahoo.com> Message-ID: <20010919222024.8175.qmail@web10403.mail.yahoo.com> I forgot to mention, the Linux server is at my workplace, and I'd like to VPN to it from other places (home) that are not in that Lan. --- HaiDang wrote: > Maybe I need to clarify it more. > The firewall is on the Linux box, which also runs as > VPN server. The firewall only allows packets within > the subnet to the Linux server (let say - 0 to 31). > The IP pool consists of only 3 IPs: 29, 30, and 31). > When I establish VPN, I get assigned 29. But when I > use the mail server on the same Linux box, and check > the log files, my Wins98 uses its original IP to > send > packets to the Linux, and thus is denied by the > firewall rules. The tunnel is just between my Wins98 > and the Linux server, nothing else's involved. > > And if I used firewall-config to configure the > firewall, how should I add those rules in ?? > > Thank you, > > > --- Michael McConnell wrote: > > On the VPN Server, enable IP Masqing. > > > > echo 1 > /proc/sys/net/ipv4/ip_forward > > ipchains -P forward DENY > > ipchains -A forward -j MASQ > > > > > > > Hi everyone, > > > > > > I have a VPN server (pptpd) running. I'd like to > > > establish a VPN connection first, before using > > > services like Xwindows, emailing, etc. > > > > > > When I connect to the pptp daemon, it assigns me > a > > new > > > IP address, which is from its IP pool. But when > I > > use > > > email or Xwindows, my client machine uses its > > original > > > IP (the one before VPN) to connect, and thus is > > > blocked by the firewall. > > > > > > Can anyone help me ?? > > > > > > Thanks, > > > > > > > > > > > > > __________________________________________________ > > > Terrorist Attacks on U.S. - How can you help? > > > Donate cash, emergency relief information > > > > > > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > > > _______________________________________________ > > > pptp-server maillist - > > pptp-server at lists.schulte.org > > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above > this > > line. -- > > > > > > > > __________________________________________________ > Terrorist Attacks on U.S. - How can you help? > Donate cash, emergency relief information > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > _______________________________________________ > pptp-server maillist - > pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this > line. -- __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ From Steve at SteveCowles.com Wed Sep 19 17:41:20 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 19 Sep 2001 17:41:20 -0500 Subject: [pptp-server] pptp tunnel is not used for internet services Message-ID: <90769AF04F76D41186C700A0C90AFC3EE87D@defiant.infohiiway.com> > -----Original Message----- > From: HaiDang [mailto:haidang79 at yahoo.com] > Sent: Wednesday, September 19, 2001 3:12 PM > To: Michael McConnell > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] pptp tunnel is not used for > internet services > > > Maybe I need to clarify it more. Thank You! > The firewall is on the Linux box, which also runs as > VPN server. The firewall only allows packets within > the subnet to the Linux server (let say - 0 to 31). > The IP pool consists of only 3 IPs: 29, 30, and 31). > When I establish VPN, I get assigned 29. But when I > use the mail server on the same Linux box, and check > the log files, my Wins98 uses its original IP to send > packets to the Linux, and thus is denied by the > firewall rules. The tunnel is just between my Wins98 > and the Linux server, nothing else's involved. If I understand your post correctly, it sounds like your PPTP clients ethernet interface has an IP address that is within the same subnet as the VPN that you are trying to create. If this is the case, then what you are describing is normal. Think netmasks! Type: route print - at the PPTP client after you establish your VPN. If this is not the case, and you are establishing a VPN across the internet where your ethernet (or dialup) adapter has a differnent IP/netmask then the private LAN your are trying to access across the VPN, then how are you specifying the mail server? By IP or FQDN. ie. When you ping your mail server from the PPTP client using its FQDN... what IP address is being returned? In other words, is the IP address internal or external? FWIW: I run a DNS server which returns the internal IP address for mail.mydomain.com when queried internally (or across the VPN) and an external address when queried from the internet. > > And if I used firewall-config to configure the > firewall, how should I add those rules in ?? > > Thank you, Can't help you much here. Keep in mind that your PPTP server is in essence - a router. It is routing packets of data between eth0 and ppp0 and vice-versa. Your firewall rules will need to deal with this. Steve Cowles From berzerke at swbell.net Wed Sep 19 22:44:45 2001 From: berzerke at swbell.net (robert) Date: Wed, 19 Sep 2001 22:44:45 -0500 Subject: [pptp-server] security question In-Reply-To: References: Message-ID: <0GJX00D08ZK1EA@mta4.rcsntx.swbell.net> The security of machine, be it windoze or Linux, or BSD, etc., depends heavily on the adminstrator (and management keeping their noses out of things). I know your looking for a simple answer, but there is none. However, I would give Linux and BSD points for being immune to the outlook virus of the day, since outlook doesn't run on either. As for the clients, again, it depends on the skill of the administrator (who is also likely the user). If the user insists on opening every email attachment that comes along, well you should get the picture now... On Tuesday 18 September 2001 10:02 am, Chris Woods wrote: > I am new to running this on a Linux server and was wondering if PPTP server > is more secure on a Linux machine instead of a Windows machine. Are the > Windows clients insecure still? > > Chris. From jsubs at shanholtz.com Thu Sep 20 01:07:46 2001 From: jsubs at shanholtz.com (Jeff Shanholtz) Date: Wed, 19 Sep 2001 23:07:46 -0700 Subject: [pptp-server] MSCHAPv2/MPPE patch for ppp 2.4.0?? Message-ID: <006e01c1419a$9ad601d0$0200a8c0@Jeff> I'm running RH 7.1 (2.4.3-12), which uses ppp 2.4.0-2. Is anyone attempting to port the patch to this version of ppp? Any news on that front would be appreciated. From haidang79 at yahoo.com Thu Sep 20 05:21:11 2001 From: haidang79 at yahoo.com (HaiDang) Date: Thu, 20 Sep 2001 03:21:11 -0700 (PDT) Subject: [pptp-server] pptp tunnel is not used for internet services In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE87D@defiant.infohiiway.com> Message-ID: <20010920102111.50773.qmail@web10406.mail.yahoo.com> The latter case, I think, is my case. All the IPs in the subset (32 addresses) are static (I guess my company didn't bother paying for just one IP and masquerade all the rest of the machines). Therefore, I believe they are all external IPs. To connect to the VPN server, the client first has to dial into an ISP. Either it has a static IP (using DSL), or will obtain a dynamic one (using dial-up). The dial-up is more frequent, and is what I'm applying my Linux box to. Our purpose is that we don't trust any IPs not in our subnet (in other words - not within the 32 IPs we have). The IP that the Linux box has is a static IP, so it is visible, and I will get the right IP if I do a ping to www.mydomain.com after I already have a VPN connection. The client then would have a dynamic IP assigned from their ISP, with (probably) a different netmask from our netmask. They will connect via VPN to our Linux, and gets assigned one of the 32 IPs. Because the client now has an IP within the subnet, the firewall should let it through. By the way, after I already have a VPN connection, I use winipcf from the client (at home) and see that I do get a new IP from the pool, but the new subnet Mask is not the same as that of our Lan. It is 255.0.0.0 while our Lan subnet mask is 255.255.255.224 --- "Cowles, Steve" wrote: > > -----Original Message----- > > From: HaiDang [mailto:haidang79 at yahoo.com] > > Sent: Wednesday, September 19, 2001 3:12 PM > > To: Michael McConnell > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] pptp tunnel is not used > for > > internet services > > > > > > Maybe I need to clarify it more. > > Thank You! > > > The firewall is on the Linux box, which also runs > as > > VPN server. The firewall only allows packets > within > > the subnet to the Linux server (let say - 0 to > 31). > > The IP pool consists of only 3 IPs: 29, 30, and > 31). > > When I establish VPN, I get assigned 29. But when > I > > use the mail server on the same Linux box, and > check > > the log files, my Wins98 uses its original IP to > send > > packets to the Linux, and thus is denied by the > > firewall rules. The tunnel is just between my > Wins98 > > and the Linux server, nothing else's involved. > > If I understand your post correctly, it sounds like > your PPTP clients > ethernet interface has an IP address that is within > the same subnet as the > VPN that you are trying to create. If this is the > case, then what you are > describing is normal. Think netmasks! Type: route > print - at the PPTP client > after you establish your VPN. > > If this is not the case, and you are establishing a > VPN across the internet > where your ethernet (or dialup) adapter has a > differnent IP/netmask then the > private LAN your are trying to access across the > VPN, then how are you > specifying the mail server? By IP or FQDN. ie. When > you ping your mail > server from the PPTP client using its FQDN... what > IP address is being > returned? In other words, is the IP address internal > or external? FWIW: I > run a DNS server which returns the internal IP > address for mail.mydomain.com > when queried internally (or across the VPN) and an > external address when > queried from the internet. > > > > > And if I used firewall-config to configure the > > firewall, how should I add those rules in ?? > > > > Thank you, > > Can't help you much here. Keep in mind that your > PPTP server is in essence - > a router. It is routing packets of data between eth0 > and ppp0 and > vice-versa. Your firewall rules will need to deal > with this. > > Steve Cowles > _______________________________________________ > pptp-server maillist - > pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this > line. -- __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ From mailinglists at avati.com.br Thu Sep 20 08:32:27 2001 From: mailinglists at avati.com.br (Leonardo Pimenta Gonzalez) Date: Thu, 20 Sep 2001 10:32:27 -0300 Subject: [pptp-server] MSCHAPv2/MPPE patch for ppp 2.4.0?? In-Reply-To: <006e01c1419a$9ad601d0$0200a8c0@Jeff> References: <006e01c1419a$9ad601d0$0200a8c0@Jeff> Message-ID: <20010920135449.A98CCD14B0@poontang.schulte.org> Go to: ftp://cs.anu.edu.au/pub/software/ppp/ There you found the ppp 2.4.1 and mppe/mschapv2 patch. Cya's On Thursday 20 September 2001 03:07, Jeff Shanholtz wrote: > I'm running RH 7.1 (2.4.3-12), which uses ppp 2.4.0-2. Is anyone > attempting to port the patch to this version of ppp? Any news on that > front would be appreciated. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From cherry at mediafax.ro Thu Sep 20 20:08:04 2001 From: cherry at mediafax.ro (Andrei Dragus) Date: Thu, 20 Sep 2001 18:08:04 -0700 Subject: [pptp-server] pptpd Message-ID: <001201c14239$ddbcedc0$0c01a8c0@mediafax.ro> hello, To day I try to setup the pptpd server (PoPToP v1.0.1) on Redhat Linux (kernel 2.4.9) with ppp ver.2.4.1 I do everything but I when I connect to server I have one error (from win98se, dial-up vpn adapter) : GRE: read(fd=6,buffer=bfffd78c,len=8260) from network failed: status = -1 error = Protocol not available CTRL: GRE read or PTY write failed (gre,pty)=(6,5) but my gre (47) protocol is available... My firewall accept conections on 47 protocol, accept connections on 1723 TCP port, the kernel support gre or ipip tunnels (modules are compiled into kernel). If you can help my I would be very pleased. best regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: From b.johnson at totalise.co.uk Thu Sep 20 12:36:01 2001 From: b.johnson at totalise.co.uk (Benjamin Johnson) Date: Thu, 20 Sep 2001 18:36:01 +0100 Subject: [pptp-server] PPTP and Kernel 2.4 - with encryption Message-ID: <3BE31C8F@mail.totalise.co.uk> Hi guys, I've got a vpn up and running just how I want it with ppp-2.3.11 and pptpd-1.0.1 and I'm happy with it. However I want to add encryption and have been trying for the last two days to get it working with no sucess. I am running RedHat 7.1 with the stock 2.4.2-2 kernel. Can someone let me know the series of things I have to do to get the encryption working as I feel I have tried everything. Do I need to patch the kernel, or do I simply need to patch and then re-compile PPP? Obviously I don't mind moving to a newer kernel, ppp and or pptpd. Thanks very much for you help in advance! Benjamin Johnson From mvazquez at foton.es Thu Sep 20 13:00:54 2001 From: mvazquez at foton.es (Miki Vazquez) Date: Thu, 20 Sep 2001 18:00:54 -0000 Subject: [pptp-server] Cliente 3com 812 (firware 2.0.0) and Server Linux pptp ver 1.0.3 Message-ID: <200109201800.f8KI0v614925@mail.idecnet.com> Hello I have a pptp server runing in Linux: Red Hat 6.2 Kernel rpm RedHat 2.2.19-6.2.7smp #1 Server pptpd PoPToP v1.0.1 And I have a client router 3com ADSL 812 with Firware 2.0.0, which it have a cliente pptp but... it not run :( Well, If i connect cliente Win98 pptp it go good, but route 3com only one error: Sep 10 17:37:32 omega pptpd[13070]: CTRL: Client vvv.xxx.yyy.zzz control connection started Sep 10 17:37:33 omega pptpd[13070]: CTRL: PPTP Control Message type 9 not supported. Please can you help me, if you'll have more information, please tell me. Thank you -- ---- Miki Vazquez Foton Sistemas Inteligentes,S.L. Telf:+34 928 644358 Fax: +34 928 644662 c/Jose Antonio n?17 izq Santa Brigida (Las Palmas) 35300 Spain From ybzhg at hotmail.com Thu Sep 20 20:13:50 2001 From: ybzhg at hotmail.com (zhang.yb) Date: Fri, 21 Sep 2001 09:13:50 +0800 Subject: [pptp-server] How to access the subnet? Message-ID: I have a pptp server running in linux set up on my office LAN. Red Hat 6.2 Kernel rpm RedHat 2.2.19-6.2.7 Server pptpd PoPToP v1.0.1 I can connect to the server and ping to it fine, but I can't ping any other hosts on the office subnet. I have ip-forwarding turned on and I have proxyarp set in the ppp/options file. What can be wrong? -- cut from /etc/pptpd.conf -- localip 192.168.5.120 remoteip 192.168.5.100-119 -- end of cut -- --cut from /etc/ppp/options-- name vip noauth #require-chap proxyarp --end of cut-- --cut from /etc/ppp/chap-secrets-- vip * vip * -- end of cut-- 192.168.0.254 192.168.0.16 ________ ______ _____ | | | | | | | client |--------------------------> | pptp |----->| host | | | | srvr | | | |________| |______| |______| H H H H H H H===================================H 192.168.5.100 pptp connection 192.168.5.120 -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Thu Sep 20 20:39:03 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Fri, 21 Sep 2001 07:09:03 +0530 Subject: [pptp-server] PPTP and Kernel 2.4 - with encryption References: <3BE31C8F@mail.totalise.co.uk> Message-ID: <3BAA9A37.509A72D7@multitech.co.in> hey...... you need to add the mppe encryption patches to the PPP . this is because the PPP server itself is not having any enrtyption. when i had the same problem, a few days ago, i did the same and it works! cheers then murali krishna vemuri Benjamin Johnson wrote: > Hi guys, > > I've got a vpn up and running just how I want it with ppp-2.3.11 and > pptpd-1.0.1 and I'm happy with it. However I want to add encryption and have > been trying for the last two days to get it working with no sucess. I am > running RedHat 7.1 with the stock 2.4.2-2 kernel. Can someone let me know the > series of things I have to do to get the encryption working as I feel I have > tried everything. > > Do I need to patch the kernel, or do I simply need to patch and then > re-compile PPP? Obviously I don't mind moving to a newer kernel, ppp and or > pptpd. > > Thanks very much for you help in advance! > > Benjamin Johnson > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From iso9 at phantasticant.com Thu Sep 20 21:06:09 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Thu, 20 Sep 2001 19:06:09 -0700 Subject: [pptp-server] How to access the subnet? In-Reply-To: Message-ID: The client machines on your LAN probably don't know how to get packets to the 192.168.5.0 network. What is the routing? The simplest thing for you might be to do what I did, and just give the PPTP boxes addresses that "belong" on your LAN, based on your diagram below, that would be something like this: -- cut from /etc/pptpd.conf -- localip 192.168.5.120 # this can be anything remoteip 192.168.0.225-253 -- end of cut -- The machines on your 192.168.0.0 network will only ARP for IP addresses if they think the destination IP should be on the subnet. Otherwise they will send the packet to the router. So, if you want proxyarp to have any effect, you need to make the remoteip address range be in your LAN's range. [Jordan Share] -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of zhang.yb Sent: Thursday, September 20, 2001 6:14 PM To: pptp-server Subject: [pptp-server] How to access the subnet? I have a pptp server running in linux set up on my office LAN. Red Hat 6.2 Kernel rpm RedHat 2.2.19-6.2.7 Server pptpd PoPToP v1.0.1 I can connect to the server and ping to it fine, but I can't ping any other hosts on the office subnet. I have ip-forwarding turned on and I have proxyarp set in the ppp/options file. What can be wrong? -- cut from /etc/pptpd.conf -- localip 192.168.5.120 remoteip 192.168.5.100-119 -- end of cut -- --cut from /etc/ppp/options-- name vip noauth #require-chap proxyarp --end of cut-- --cut from /etc/ppp/chap-secrets-- vip * vip * -- end of cut-- 192.168.0.254 192.168.0.16 ________ ______ _____ | | | | | | | client |--------------------------> | pptp |----->| host | | | | srvr | | | |________| |______| |______| H H H H H H H===================================H 192.168.5.100 pptp connection 192.168.5.120 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ybzhg at hotmail.com Thu Sep 20 21:18:31 2001 From: ybzhg at hotmail.com (zhang.yb) Date: Fri, 21 Sep 2001 10:18:31 +0800 Subject: [pptp-server] authenticate and require-chap Message-ID: I have a pptp server running in linux set up on my office LAN. I can connect to the server and ping to it fine --cut from /etc/ppp/options-- name vip noauth #require-chap proxyarp --end of cut-- After i changed some items in /etc/ppp/options --cut from /etc/ppp/options-- name servername auth require-chap proxyarp --end of cut-- the pptp-server report this errors: pppd: The remote system is required to authenticate itself. pppd: but i could't find any suitable secret (password) for it to use to do so. pppd: (None of the available passwords would let it to use an Ip address) the pptp client is Win2K. Best regard -------------- next part -------------- An HTML attachment was scrubbed... URL: From ybzhg at hotmail.com Thu Sep 20 21:42:11 2001 From: ybzhg at hotmail.com (zhang.yb) Date: Fri, 21 Sep 2001 10:42:11 +0800 Subject: [pptp-server] How to access the subnet? References: Message-ID: Hi,Jordan: Now i have changed the /etc/ppp/options as you told: -- cut from /etc/pptpd.conf -- localip 192.168.5.120 # this can be anything remoteip 192.168.0.225-253 -- end of cut -- 192.168.0.254 192.168.0.16 ________ ______ _____ | | | | | | | client |--------------------------> | pptp |----->| host | | | | srvr | | | |________| |______| |______| H H H H H H H===================================H 192.168.0.225 pptp connection 192.168.5.120 but I can't ping any other hosts(for example :192.168.0.16) on the office subnet. Best regard From: Jordan Share To: zhang.yb ; pptp-server Sent: Friday, September 21, 2001 10:06 AM Subject: RE: [pptp-server] How to access the subnet? The client machines on your LAN probably don't know how to get packets to the 192.168.5.0 network. What is the routing? The simplest thing for you might be to do what I did, and just give the PPTP boxes addresses that "belong" on your LAN, based on your diagram below, that would be something like this: -- cut from /etc/pptpd.conf -- localip 192.168.5.120 # this can be anything remoteip 192.168.0.225-253 -- end of cut -- The machines on your 192.168.0.0 network will only ARP for IP addresses if they think the destination IP should be on the subnet. Otherwise they will send the packet to the router. So, if you want proxyarp to have any effect, you need to make the remoteip address range be in your LAN's range. [Jordan Share] -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of zhang.yb Sent: Thursday, September 20, 2001 6:14 PM To: pptp-server Subject: [pptp-server] How to access the subnet? I have a pptp server running in linux set up on my office LAN. Red Hat 6.2 Kernel rpm RedHat 2.2.19-6.2.7 Server pptpd PoPToP v1.0.1 I can connect to the server and ping to it fine, but I can't ping any other hosts on the office subnet. I have ip-forwarding turned on and I have proxyarp set in the ppp/options file. What can be wrong? -- cut from /etc/pptpd.conf -- localip 192.168.5.120 remoteip 192.168.5.100-119 -- end of cut -- --cut from /etc/ppp/options-- name vip noauth #require-chap proxyarp --end of cut-- --cut from /etc/ppp/chap-secrets-- vip * vip * -- end of cut-- 192.168.0.254 192.168.0.16 ________ ______ _____ | | | | | | | client |--------------------------> | pptp |----->| host | | | | srvr | | | |________| |______| |______| H H H H H H H===================================H 192.168.5.100 pptp connection 192.168.5.120 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ybzhg at hotmail.com Thu Sep 20 21:45:24 2001 From: ybzhg at hotmail.com (zhang.yb) Date: Fri, 21 Sep 2001 10:45:24 +0800 Subject: [pptp-server] authenticate and chap-secrets Message-ID: I have a pptp server running in linux set up on my office LAN. I can connect to the server and ping to it fine --cut from /etc/ppp/options-- name vip noauth #require-chap proxyarp --end of cut-- After i changed some items in /etc/ppp/options --cut from /etc/ppp/options-- name vip auth require-chap proxyarp --end of cut-- the pptp-server report this errors: pppd: The remote system is required to authenticate itself. pppd: but i could't find any suitable secret (password) for it to use to do so. pppd: (None of the available passwords would let it to use an Ip address) the pptp client is Win2K. Best regard -------------- next part -------------- An HTML attachment was scrubbed... URL: From lhicks at nc.rr.com Thu Sep 20 22:55:08 2001 From: lhicks at nc.rr.com (C. Linus Hicks) Date: 20 Sep 2001 23:55:08 -0400 Subject: [pptp-server] PPTP and Kernel 2.4 - with encryption In-Reply-To: <3BAA9A37.509A72D7@multitech.co.in> References: <3BE31C8F@mail.totalise.co.uk> <3BAA9A37.509A72D7@multitech.co.in> Message-ID: <1001044509.13842.14.camel@lh2> On 21 Sep 2001 07:09:03 +0530, Murali K. Vemuri wrote: > hey...... > you need to add the mppe encryption patches to the PPP . this is because the PPP > server itself is not having any enrtyption. when i had the same problem, a few > days ago, i did the same and it works! > cheers then > murali krishna vemuri > > Benjamin Johnson wrote: > > > Hi guys, > > > > I've got a vpn up and running just how I want it with ppp-2.3.11 and > > pptpd-1.0.1 and I'm happy with it. However I want to add encryption and have > > been trying for the last two days to get it working with no sucess. I am > > running RedHat 7.1 with the stock 2.4.2-2 kernel. Can someone let me know the > > series of things I have to do to get the encryption working as I feel I have > > tried everything. > > > > Do I need to patch the kernel, or do I simply need to patch and then > > re-compile PPP? Obviously I don't mind moving to a newer kernel, ppp and or > > pptpd. > > If you check the version requirements for your kernel, you will notice the minimum version for ppp is 2.4.0. I don't know if that's causing your problem, but I have it working with 2.4.9-ac9 kernel, 2.4.1 ppp, and 1.0.1 pptp. From thomasc at apogeemm.com Fri Sep 21 15:07:16 2001 From: thomasc at apogeemm.com (Thom Cherryhomes) Date: Fri, 21 Sep 2001 15:07:16 -0500 Subject: [pptp-server] Can the LAN see people connected via PPTP tunnels? Message-ID: <3BAB9DF4.2000300@apogeemm.com> The subject says it all: I have people doing a remote office set-up to a central LAN. They can connect to the LAN, and see the other machines connected directly to the central LAN, but the central LAN can not see the people connected via the PPTP tunnel, or anyone else connected via PPTP. Is there a way we can get around this? -Thom From iso9 at phantasticant.com Fri Sep 21 15:33:33 2001 From: iso9 at phantasticant.com (Jordan Share) Date: Fri, 21 Sep 2001 13:33:33 -0700 Subject: [pptp-server] Can the LAN see people connected via PPTP tunnels? In-Reply-To: <3BAB9DF4.2000300@apogeemm.com> Message-ID: Well, it depends on what you mean by "see". If you are using proxy-arp and have set the remoteip range to be on the same network as the PPTP server itself, then I'd expect your whole network to be able to see the "dialed-in" machines. My guess is that it is a routing issue of some kind. Perhaps a diagram of your network would be helpful? Jordan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Thom Cherryhomes Sent: Friday, September 21, 2001 1:07 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Can the LAN see people connected via PPTP tunnels? The subject says it all: I have people doing a remote office set-up to a central LAN. They can connect to the LAN, and see the other machines connected directly to the central LAN, but the central LAN can not see the people connected via the PPTP tunnel, or anyone else connected via PPTP. Is there a way we can get around this? -Thom _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From mailinglists at avati.com.br Fri Sep 21 16:12:19 2001 From: mailinglists at avati.com.br (Leonardo Pimenta Gonzalez) Date: Fri, 21 Sep 2001 18:12:19 -0300 Subject: [pptp-server] MSCHAPv2/MPPE patch for ppp 2.4.0?? In-Reply-To: <0173A382EE2CD5119D9400A0CC30E37C260F13@PREMIA7> References: <0173A382EE2CD5119D9400A0CC30E37C260F13@PREMIA7> Message-ID: <20010921210709.1484BD15F7@poontang.schulte.org> Sorry guy, The correct link for mppe patch for ppp and kernel 2.4.x is: http://mirror.binarix.com/ppp-mppe/ Cya's On Friday 21 September 2001 17:17, Shanholtz, Jeff wrote: > I found ppp 2.4.1 (and older versions), but I see nothing about the patch. > You don't seem to be implying that the patch has been incorporated into the > official release, so can you point me to the actual patch file you're > talking about? Thanks! > > > -----Original Message----- > From: Leonardo Pimenta Gonzalez [mailto:mailinglists at avati.com.br] > Sent: Thursday, September 20, 2001 6:32 AM > To: Jeff Shanholtz; PoPToP List > Subject: Re: [pptp-server] MSCHAPv2/MPPE patch for ppp 2.4.0?? > > > Go to: ftp://cs.anu.edu.au/pub/software/ppp/ > There you found the ppp 2.4.1 and mppe/mschapv2 patch. > > Cya's > > On Thursday 20 September 2001 03:07, Jeff Shanholtz wrote: > > I'm running RH 7.1 (2.4.3-12), which uses ppp 2.4.0-2. Is anyone > > attempting to port the patch to this version of ppp? Any news on that > > front would be appreciated. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- From loki at icenet.com.au Sat Sep 22 09:52:54 2001 From: loki at icenet.com.au (Loki) Date: Sat, 22 Sep 2001 22:52:54 +0800 Subject: [pptp-server] Speed settings References: <0173A382EE2CD5119D9400A0CC30E37C260F13@PREMIA7> <20010921210709.1484BD15F7@poontang.schulte.org> Message-ID: <000601c14376$4341c430$6400a8c0@loki> what are the possible options for the speed setting for PPP. I am trying to get our two offices to connect via ADSL connections. I have both set up with Dyndns services so I can resolve the ip addresses of the individual machines easy enough however the connections when they work seem to be quite slow in comparison. Is this governed by the speed option of the ppp session (Default is currently 115200) or can this be changed. Also to help a beginner like myself does anyone have a pre-compiled module for MPPE for ppp 2.4.1 and Mandrake 8, Kernel 2.4.3-20mdk Thanks in Advance Loki From jroland at roland.net Sat Sep 22 17:22:57 2001 From: jroland at roland.net (Jim Roland) Date: Sat, 22 Sep 2001 17:22:57 -0500 Subject: [pptp-server] PPP problems over VPN (MPPE) Message-ID: <002001c143b5$221aae40$bb1cfa18@JimWS> I've posted without a single response, so I'm going to try again... I want to preface my verbage below by asking why someone doesn't just come out with a version of PPP with MPPE built in?! I am having to deploy firewalls with VPN capabilities, prefer to use Linux, and have better things to do with my time than waste it constantly compiling and tweaking to get things working right, sometimes taking over a week full time until it works. My problem: Client machine: Windows 2000 connecting to server via VPN (PPTP) with encryption set. Win2K in both normal crypto mode and with 128-bit encryption pack added. Server machine: Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1) running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm). Kernel version 2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via the linux-2.4.0...gz file). PPP patched with ppp-2.4.0-mppe...gz from mirror.binarix.com. In short, using the mppe modules (which auto-load just fine) hose a connection. Encryption turned on at Client and in /etc/ppp/options (mppe-128 and mppe-stateless enabled): 1) At best I can make the client ping inside the VPN network, but no other operations occur. No errors other than the occaisional GRE: Discarding out of order packet message. I have another working VPN server and this occurs there, but all works just fine using same client. With the broken system, I am unable to connect to Exchange Server, Access NT server shares, etc. 2) After a period of time, the connection drops by itself (as if I had disconnected manually). 3) With mppe-40 enabled, no communications (not even a ping) happen. I am unable to ping the server's IP, nor can the server ping the client's IP. Encryption turned off at both client and in /etc/ppp/options (all mppe lines commented out): All works just fine and runs smoothly. * Authentication occurs correctly with an without 128/stateless enabled, MPPE modules autoload with no errors and ppp_generic shows it's being used by the ppp_mppe module. Just whenever mppe module is used, limited communication occurs. In debug mode, the debug logs show only LCP echo and LCP echorep packets. No errors. What's wrong with this?! From unruh at physics.ubc.ca Sat Sep 22 18:33:30 2001 From: unruh at physics.ubc.ca (Bill Unruh) Date: Sat, 22 Sep 2001 16:33:30 -0700 (PDT) Subject: [pptp-server] Re: PPP problems over VPN (MPPE) In-Reply-To: <002001c143b5$221aae40$bb1cfa18@JimWS> Message-ID: On Sat, 22 Sep 2001, Jim Roland wrote: > I've posted without a single response, so I'm going to try again... > > I want to preface my verbage below by asking why someone doesn't just come > out with a version of PPP with MPPE built in?! I am having to deploy Because Microsoft made it proprietary. Do you want Linux ( or yourself) sued by them? > firewalls with VPN capabilities, prefer to use Linux, and have better things > to do with my time than waste it constantly compiling and tweaking to get > things working right, sometimes taking over a week full time until it works. > > My problem: > Client machine: Windows 2000 connecting to server via VPN (PPTP) with > encryption set. Win2K in both normal crypto mode and with 128-bit > encryption pack added. Note that MS has an attrocious record re encryption. They like to invent thier own, without knowing much about it. I would not trust the encryption for much of anything. > Server machine: Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1) > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm) Get 2.4.1. 2.4.0 has a number of bugs in it.-- primarily in its inability to read any options files but the main /etc/ppp/options. >. Kernel version > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via the > linux-2.4.0...gz file). PPP patched with ppp-2.4.0-mppe...gz from > mirror.binarix.com. > > In short, using the mppe modules (which auto-load just fine) hose a > connection. > > Encryption turned on at Client and in /etc/ppp/options (mppe-128 and > mppe-stateless enabled): > 1) At best I can make the client ping inside the VPN network, but no other > operations occur. No errors other than the occaisional GRE: Discarding out > of order packet message. I have another working VPN server and this occurs > there, but all works just fine using same client. With the broken system, I > am unable to connect to Exchange Server, Access NT server shares, etc. > 2) After a period of time, the connection drops by itself (as if I had > disconnected manually). > 3) With mppe-40 enabled, no communications (not even a ping) happen. I am > unable to ping the server's IP, nor can the server ping the client's IP. Unfortunately you will not get much help in the ppp list. You have to go after the authors of the mppe. Using a hacked version of pppd means that all bets are off since it is hard to know what those hacks have done to pppd. > > Encryption turned off at both client and in /etc/ppp/options (all mppe lines > commented out): > All works just fine and runs smoothly. > > * Authentication occurs correctly with an without 128/stateless enabled, > MPPE modules autoload with no errors and ppp_generic shows it's being used > by the ppp_mppe module. Just whenever mppe module is used, limited > communication occurs. > > > In debug mode, the debug logs show only LCP echo and LCP echorep packets. > No errors. There is a whole host of initial negotiation messages long befor those LCP echo packets. That is where I would look for clues. And write to the authors of mppe patches. or perhaps the mppe list will be helpful. -- William G. Unruh Canadian Institute for Tel: +1(604)822-3273 Physics&Astronomy Advanced Research Fax: +1(604)822-5324 UBC, Vancouver,BC Program in Cosmology unruh at physics.ubc.ca Canada V6T 1Z1 and Gravity www.theory.physics.ubc.ca/ For step by step instructions about setting up ppp under Linux, see http://www.theory.physics.ubc.ca/ppp-linux.html From kite at inetport.com Sat Sep 22 17:42:56 2001 From: kite at inetport.com (Clifford Kite) Date: Sat, 22 Sep 2001 17:42:56 -0500 (CDT) Subject: [pptp-server] Re: PPP problems over VPN (MPPE) In-Reply-To: <002001c143b5$221aae40$bb1cfa18@JimWS> Message-ID: On Sat, 22 Sep 2001, Jim Roland wrote: |I've posted without a single response, so I'm going to try again... | |I want to preface my verbage below by asking why someone doesn't just come |out with a version of PPP with MPPE built in?! I am having to deploy You have to license MPPC which uses MPPE from the patent holder, Hi/fn: http://www.hifn.com/ It's as simple as that. --- Clifford Kite From jroland at roland.net Sat Sep 22 22:55:37 2001 From: jroland at roland.net (Jim Roland) Date: Sat, 22 Sep 2001 22:55:37 -0500 Subject: [pptp-server] Re: PPP problems over VPN (MPPE) References: Message-ID: <001501c143e3$9abb7c20$bb1cfa18@JimWS> Thanks for your comments. However (no offense and not trying to start a flame thread), I'm looking for solutions not rhetoric. I am a Linux bigot just like most people on the list, but I don't have time for anti-MS sentiment right now, I need to provide a solution as soon as possible. For any of us Linux/Unix bigots to continue to gain acceptance, it's better to follow the old adage of getting more flies with honey. Besides, that's what Microsoft did early on, befriended Apple before stealing their code and GUI...perhaps a lesson there. There are numerous RFCs and other papers, some/most provided by Microsoft for free, the explain PPTP and MPPE protocols, so Microsoft suing the author of the MPPE code is highly unlikely. Actually, I found a site with the binaries already compiled and ready to go, however it's an older version of PPP. I need a newer version of PPP that works without these flaky problems. ----- Original Message ----- From: "Bill Unruh" To: "Jim Roland" Cc: ; "Linux PPTP" Sent: Saturday, September 22, 2001 6:33 PM Subject: Re: PPP problems over VPN (MPPE) > On Sat, 22 Sep 2001, Jim Roland wrote: > > > I've posted without a single response, so I'm going to try again... > > > > I want to preface my verbage below by asking why someone doesn't just come > > out with a version of PPP with MPPE built in?! I am having to deploy > > Because Microsoft made it proprietary. Do you want Linux ( or yourself) sued by > them? > > > firewalls with VPN capabilities, prefer to use Linux, and have better things > > to do with my time than waste it constantly compiling and tweaking to get > > things working right, sometimes taking over a week full time until it works. > > > > My problem: > > Client machine: Windows 2000 connecting to server via VPN (PPTP) with > > encryption set. Win2K in both normal crypto mode and with 128-bit > > encryption pack added. > > Note that MS has an attrocious record re encryption. They like to invent thier own, > without knowing much about it. I would not trust the encryption for much of anything. > > > Server machine: Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1) > > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm) > > Get 2.4.1. 2.4.0 has a > number of bugs in it.-- primarily in its inability to read any options files but > the main /etc/ppp/options. > > >. Kernel version > > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via the > > linux-2.4.0...gz file). PPP patched with ppp-2.4.0-mppe...gz from > > mirror.binarix.com. > > > > In short, using the mppe modules (which auto-load just fine) hose a > > connection. > > > > Encryption turned on at Client and in /etc/ppp/options (mppe-128 and > > mppe-stateless enabled): > > 1) At best I can make the client ping inside the VPN network, but no other > > operations occur. No errors other than the occaisional GRE: Discarding out > > of order packet message. I have another working VPN server and this occurs > > there, but all works just fine using same client. With the broken system, I > > am unable to connect to Exchange Server, Access NT server shares, etc. > > 2) After a period of time, the connection drops by itself (as if I had > > disconnected manually). > > 3) With mppe-40 enabled, no communications (not even a ping) happen. I am > > unable to ping the server's IP, nor can the server ping the client's IP. > > Unfortunately you will not get much help in the ppp list. You have to go after the authors of > the mppe. Using a hacked version of pppd means that all bets are off since it is > hard to know what those hacks have done to pppd. > > > > > > Encryption turned off at both client and in /etc/ppp/options (all mppe lines > > commented out): > > All works just fine and runs smoothly. > > > > * Authentication occurs correctly with an without 128/stateless enabled, > > MPPE modules autoload with no errors and ppp_generic shows it's being used > > by the ppp_mppe module. Just whenever mppe module is used, limited > > communication occurs. > > > > > > In debug mode, the debug logs show only LCP echo and LCP echorep packets. > > No errors. > > There is a whole host of initial negotiation messages long befor > those LCP echo packets. That is where I would look for clues. And write to the > authors of mppe patches. or perhaps the mppe list will be helpful. > > > > > > -- > William G. Unruh Canadian Institute for Tel: +1(604)822-3273 > Physics&Astronomy Advanced Research Fax: +1(604)822-5324 > UBC, Vancouver,BC Program in Cosmology unruh at physics.ubc.ca > Canada V6T 1Z1 and Gravity www.theory.physics.ubc.ca/ > For step by step instructions about setting up ppp under Linux, see > http://www.theory.physics.ubc.ca/ppp-linux.html > From lists at earthling.2y.net Sat Sep 22 23:10:17 2001 From: lists at earthling.2y.net (Justin Kreger) Date: Sun, 23 Sep 2001 00:10:17 -0400 (EDT) Subject: [pptp-server] Re: PPP problems over VPN (MPPE) In-Reply-To: <001501c143e3$9abb7c20$bb1cfa18@JimWS> Message-ID: The question becomes why complicate such a simple program, pppd, with junk that maybe 10-15% of people will ever need. I remember reading a comment from a pppd developer, and the gist of it read that They are only interrested in only doing things the right way, an example of such are the compression implamentations in pppd. PPPD supports 3 compression types, on linux, it only supports BsdComp - For legacy, and Deflate - because it only compresses when it possible can, it does not try to compress everything, thus itwill not make the information larger by compressing it. I can see a novice user trying to dial up to their isp with a normal modem, and setting all this junk like mppe, and mschap when its not needed, nor supported. In response to the first post, binaries exist for the newest version, you just have to look for them. BTW, lets not get into a "microsoft stold their gui code" argument, I remember when I first got online, and that was STILL raging , and that was back in like 93 or 94... Besides, we all know where apple got their gui code from. On a side note, IPSec is better, its not nearlly as point and click, but it's much more secure. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net P.S., we should all know where M.S. got their TCP/IP Stack from.... :) On Sat, 22 Sep 2001, Jim Roland wrote: > Thanks for your comments. However (no offense and not trying to start a > flame thread), I'm looking for solutions not rhetoric. I am a Linux bigot > just like most people on the list, but I don't have time for anti-MS > sentiment right now, I need to provide a solution as soon as possible. For > any of us Linux/Unix bigots to continue to gain acceptance, it's better to > follow the old adage of getting more flies with honey. Besides, that's what > Microsoft did early on, befriended Apple before stealing their code and > GUI...perhaps a lesson there. > > There are numerous RFCs and other papers, some/most provided by Microsoft > for free, the explain PPTP and MPPE protocols, so Microsoft suing the author > of the MPPE code is highly unlikely. Actually, I found a site with the > binaries already compiled and ready to go, however it's an older version of > PPP. I need a newer version of PPP that works without these flaky problems. > > > > ----- Original Message ----- > From: "Bill Unruh" > To: "Jim Roland" > Cc: ; "Linux PPTP" > > Sent: Saturday, September 22, 2001 6:33 PM > Subject: Re: PPP problems over VPN (MPPE) > > > > On Sat, 22 Sep 2001, Jim Roland wrote: > > > > > I've posted without a single response, so I'm going to try again... > > > > > > I want to preface my verbage below by asking why someone doesn't just > come > > > out with a version of PPP with MPPE built in?! I am having to deploy > > > > Because Microsoft made it proprietary. Do you want Linux ( or yourself) > sued by > > them? > > > > > firewalls with VPN capabilities, prefer to use Linux, and have better > things > > > to do with my time than waste it constantly compiling and tweaking to > get > > > things working right, sometimes taking over a week full time until it > works. > > > > > > My problem: > > > Client machine: Windows 2000 connecting to server via VPN (PPTP) with > > > encryption set. Win2K in both normal crypto mode and with 128-bit > > > encryption pack added. > > > > Note that MS has an attrocious record re encryption. They like to invent > thier own, > > without knowing much about it. I would not trust the encryption for much > of anything. > > > > > Server machine: Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1) > > > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm) > > > > Get 2.4.1. 2.4.0 has a > > number of bugs in it.-- primarily in its inability to read any options > files but > > the main /etc/ppp/options. > > > > >. Kernel version > > > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via > the > > > linux-2.4.0...gz file). PPP patched with ppp-2.4.0-mppe...gz from > > > mirror.binarix.com. > > > > > > In short, using the mppe modules (which auto-load just fine) hose a > > > connection. > > > > > > Encryption turned on at Client and in /etc/ppp/options (mppe-128 and > > > mppe-stateless enabled): > > > 1) At best I can make the client ping inside the VPN network, but no > other > > > operations occur. No errors other than the occaisional GRE: Discarding > out > > > of order packet message. I have another working VPN server and this > occurs > > > there, but all works just fine using same client. With the broken > system, I > > > am unable to connect to Exchange Server, Access NT server shares, etc. > > > 2) After a period of time, the connection drops by itself (as if I had > > > disconnected manually). > > > 3) With mppe-40 enabled, no communications (not even a ping) happen. I > am > > > unable to ping the server's IP, nor can the server ping the client's IP. > > > > Unfortunately you will not get much help in the ppp list. You have to go > after the authors of > > the mppe. Using a hacked version of pppd means that all bets are off since > it is > > hard to know what those hacks have done to pppd. > > > > > > > > > > Encryption turned off at both client and in /etc/ppp/options (all mppe > lines > > > commented out): > > > All works just fine and runs smoothly. > > > > > > * Authentication occurs correctly with an without 128/stateless enabled, > > > MPPE modules autoload with no errors and ppp_generic shows it's being > used > > > by the ppp_mppe module. Just whenever mppe module is used, limited > > > communication occurs. > > > > > > > > > In debug mode, the debug logs show only LCP echo and LCP echorep > packets. > > > No errors. > > > > There is a whole host of initial negotiation messages long befor > > those LCP echo packets. That is where I would look for clues. And write to > the > > authors of mppe patches. or perhaps the mppe list will be helpful. > > > > > > > > > > > > -- > > William G. Unruh Canadian Institute for Tel: > +1(604)822-3273 > > Physics&Astronomy Advanced Research Fax: > +1(604)822-5324 > > UBC, Vancouver,BC Program in Cosmology > unruh at physics.ubc.ca > > Canada V6T 1Z1 and Gravity > www.theory.physics.ubc.ca/ > > For step by step instructions about setting up ppp under Linux, see > > http://www.theory.physics.ubc.ca/ppp-linux.html > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From jroland at roland.net Sun Sep 23 04:23:19 2001 From: jroland at roland.net (Jim Roland) Date: Sun, 23 Sep 2001 04:23:19 -0500 Subject: [pptp-server] Re: PPP problems over VPN (MPPE) References: Message-ID: <002401c14411$622bb950$bb1cfa18@JimWS> LOL....That's why I said I didn't want to start a thread war... Moving on...I would love to put IPSec, DES, or 3DES in...any recommendations? ----- Original Message ----- From: "Justin Kreger" To: "Jim Roland" Cc: "Bill Unruh" ; ; "Linux PPTP" Sent: Saturday, September 22, 2001 11:10 PM Subject: Re: [pptp-server] Re: PPP problems over VPN (MPPE) > The question becomes why complicate such a simple program, pppd, with junk > that maybe 10-15% of people will ever need. > > I remember reading a comment from a pppd developer, and the gist of it > read that They are only interrested in only doing things the right > way, an example of such are the compression implamentations in pppd. PPPD > supports 3 compression types, on linux, it only supports BsdComp - > For legacy, and Deflate - because it only compresses when it possible can, > it does not try to compress everything, thus itwill not make the > information larger by compressing it. > > I can see a novice user trying to dial up to their isp with a normal > modem, and setting all this junk like mppe, and mschap when its not > needed, nor supported. > > In response to the first post, binaries exist for the newest version, you > just have to look for them. BTW, lets not get into a "microsoft stold > their gui code" argument, I remember when I first got online, and that was > STILL raging , and that was back in like 93 or 94... Besides, we all know > where apple got their gui code from. > > On a side note, IPSec is better, its not nearlly as point and click, but > it's much more secure. > > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net > > > P.S., we should all know where M.S. got their TCP/IP Stack from.... :) > > On Sat, 22 Sep 2001, Jim Roland wrote: > > > Thanks for your comments. However (no offense and not trying to start a > > flame thread), I'm looking for solutions not rhetoric. I am a Linux bigot > > just like most people on the list, but I don't have time for anti-MS > > sentiment right now, I need to provide a solution as soon as possible. For > > any of us Linux/Unix bigots to continue to gain acceptance, it's better to > > follow the old adage of getting more flies with honey. Besides, that's what > > Microsoft did early on, befriended Apple before stealing their code and > > GUI...perhaps a lesson there. > > > > There are numerous RFCs and other papers, some/most provided by Microsoft > > for free, the explain PPTP and MPPE protocols, so Microsoft suing the author > > of the MPPE code is highly unlikely. Actually, I found a site with the > > binaries already compiled and ready to go, however it's an older version of > > PPP. I need a newer version of PPP that works without these flaky problems. > > > > > > > > ----- Original Message ----- > > From: "Bill Unruh" > > To: "Jim Roland" > > Cc: ; "Linux PPTP" > > > > Sent: Saturday, September 22, 2001 6:33 PM > > Subject: Re: PPP problems over VPN (MPPE) > > > > > > > On Sat, 22 Sep 2001, Jim Roland wrote: > > > > > > > I've posted without a single response, so I'm going to try again... > > > > > > > > I want to preface my verbage below by asking why someone doesn't just > > come > > > > out with a version of PPP with MPPE built in?! I am having to deploy > > > > > > Because Microsoft made it proprietary. Do you want Linux ( or yourself) > > sued by > > > them? > > > > > > > firewalls with VPN capabilities, prefer to use Linux, and have better > > things > > > > to do with my time than waste it constantly compiling and tweaking to > > get > > > > things working right, sometimes taking over a week full time until it > > works. > > > > > > > > My problem: > > > > Client machine: Windows 2000 connecting to server via VPN (PPTP) with > > > > encryption set. Win2K in both normal crypto mode and with 128-bit > > > > encryption pack added. > > > > > > Note that MS has an attrocious record re encryption. They like to invent > > thier own, > > > without knowing much about it. I would not trust the encryption for much > > of anything. > > > > > > > Server machine: Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1) > > > > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm) > > > > > > Get 2.4.1. 2.4.0 has a > > > number of bugs in it.-- primarily in its inability to read any options > > files but > > > the main /etc/ppp/options. > > > > > > >. Kernel version > > > > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via > > the > > > > linux-2.4.0...gz file). PPP patched with ppp-2.4.0-mppe...gz from > > > > mirror.binarix.com. > > > > > > > > In short, using the mppe modules (which auto-load just fine) hose a > > > > connection. > > > > > > > > Encryption turned on at Client and in /etc/ppp/options (mppe-128 and > > > > mppe-stateless enabled): > > > > 1) At best I can make the client ping inside the VPN network, but no > > other > > > > operations occur. No errors other than the occaisional GRE: Discarding > > out > > > > of order packet message. I have another working VPN server and this > > occurs > > > > there, but all works just fine using same client. With the broken > > system, I > > > > am unable to connect to Exchange Server, Access NT server shares, etc. > > > > 2) After a period of time, the connection drops by itself (as if I had > > > > disconnected manually). > > > > 3) With mppe-40 enabled, no communications (not even a ping) happen. I > > am > > > > unable to ping the server's IP, nor can the server ping the client's IP. > > > > > > Unfortunately you will not get much help in the ppp list. You have to go > > after the authors of > > > the mppe. Using a hacked version of pppd means that all bets are off since > > it is > > > hard to know what those hacks have done to pppd. > > > > > > > > > > > > > > Encryption turned off at both client and in /etc/ppp/options (all mppe > > lines > > > > commented out): > > > > All works just fine and runs smoothly. > > > > > > > > * Authentication occurs correctly with an without 128/stateless enabled, > > > > MPPE modules autoload with no errors and ppp_generic shows it's being > > used > > > > by the ppp_mppe module. Just whenever mppe module is used, limited > > > > communication occurs. > > > > > > > > > > > > In debug mode, the debug logs show only LCP echo and LCP echorep > > packets. > > > > No errors. > > > > > > There is a whole host of initial negotiation messages long befor > > > those LCP echo packets. That is where I would look for clues. And write to > > the > > > authors of mppe patches. or perhaps the mppe list will be helpful. > > > > > > > > > > > > > > > > > > -- > > > William G. Unruh Canadian Institute for Tel: > > +1(604)822-3273 > > > Physics&Astronomy Advanced Research Fax: > > +1(604)822-5324 > > > UBC, Vancouver,BC Program in Cosmology > > unruh at physics.ubc.ca > > > Canada V6T 1Z1 and Gravity > > www.theory.physics.ubc.ca/ > > > For step by step instructions about setting up ppp under Linux, see > > > http://www.theory.physics.ubc.ca/ppp-linux.html > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > From jsubs at shanholtz.com Sun Sep 23 10:24:38 2001 From: jsubs at shanholtz.com (Jeff Shanholtz) Date: Sun, 23 Sep 2001 08:24:38 -0700 Subject: [pptp-server] Re: PPP problems over VPN (MPPE) In-Reply-To: Message-ID: <001901c14443$dc077b60$0200a8c0@Jeff> Two things don't make sense to me yet. After applying the patches, you still have to enable the options in the options file, right? So I don't understand why incorporating the patches into the official version would force ISP's to support it. And I'm sure there are other PPP options that only 10-15% of users actually use, aren't there? Could it really boil down to anti-MS bigotry on the developers' part? And as to the legality of incorporating the patches into the official version of PPP without paying licensing fees, how is posting the patches on the PoPToP site not just as illegal? FYI I'm not anti-MS and I'm not anti-Linux; I use both and appreciate both for their respective strengths and acknowledge MS's and the Linux community's right to do things in their own ways. I'm also new to PoPToP, so I claim no expertise on the subject. However, I, too, get tired of dealing with kernel patches and compiles so like Jim, I am also very interested in the reasons this stuff is required. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Justin Kreger Sent: Saturday, September 22, 2001 9:10 PM To: Jim Roland Cc: Bill Unruh; linux-ppp at vger.kernel.org; Linux PPTP Subject: Re: [pptp-server] Re: PPP problems over VPN (MPPE) The question becomes why complicate such a simple program, pppd, with junk that maybe 10-15% of people will ever need. I remember reading a comment from a pppd developer, and the gist of it read that They are only interrested in only doing things the right way, an example of such are the compression implamentations in pppd. PPPD supports 3 compression types, on linux, it only supports BsdComp - For legacy, and Deflate - because it only compresses when it possible can, it does not try to compress everything, thus itwill not make the information larger by compressing it. I can see a novice user trying to dial up to their isp with a normal modem, and setting all this junk like mppe, and mschap when its not needed, nor supported. In response to the first post, binaries exist for the newest version, you just have to look for them. BTW, lets not get into a "microsoft stold their gui code" argument, I remember when I first got online, and that was STILL raging , and that was back in like 93 or 94... Besides, we all know where apple got their gui code from. On a side note, IPSec is better, its not nearlly as point and click, but it's much more secure. Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net P.S., we should all know where M.S. got their TCP/IP Stack from.... :) On Sat, 22 Sep 2001, Jim Roland wrote: > Thanks for your comments. However (no offense and not trying to start a > flame thread), I'm looking for solutions not rhetoric. I am a Linux bigot > just like most people on the list, but I don't have time for anti-MS > sentiment right now, I need to provide a solution as soon as possible. For > any of us Linux/Unix bigots to continue to gain acceptance, it's better to > follow the old adage of getting more flies with honey. Besides, that's what > Microsoft did early on, befriended Apple before stealing their code and > GUI...perhaps a lesson there. > > There are numerous RFCs and other papers, some/most provided by Microsoft > for free, the explain PPTP and MPPE protocols, so Microsoft suing the author > of the MPPE code is highly unlikely. Actually, I found a site with the > binaries already compiled and ready to go, however it's an older version of > PPP. I need a newer version of PPP that works without these flaky problems. > > > > ----- Original Message ----- > From: "Bill Unruh" > To: "Jim Roland" > Cc: ; "Linux PPTP" > > Sent: Saturday, September 22, 2001 6:33 PM > Subject: Re: PPP problems over VPN (MPPE) > > > > On Sat, 22 Sep 2001, Jim Roland wrote: > > > > > I've posted without a single response, so I'm going to try again... > > > > > > I want to preface my verbage below by asking why someone doesn't just > come > > > out with a version of PPP with MPPE built in?! I am having to deploy > > > > Because Microsoft made it proprietary. Do you want Linux ( or yourself) > sued by > > them? > > > > > firewalls with VPN capabilities, prefer to use Linux, and have better > things > > > to do with my time than waste it constantly compiling and tweaking to > get > > > things working right, sometimes taking over a week full time until it > works. > > > > > > My problem: > > > Client machine: Windows 2000 connecting to server via VPN (PPTP) with > > > encryption set. Win2K in both normal crypto mode and with 128-bit > > > encryption pack added. > > > > Note that MS has an attrocious record re encryption. They like to invent > thier own, > > without knowing much about it. I would not trust the encryption for much > of anything. > > > > > Server machine: Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1) > > > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm) > > > > Get 2.4.1. 2.4.0 has a > > number of bugs in it.-- primarily in its inability to read any options > files but > > the main /etc/ppp/options. > > > > >. Kernel version > > > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via > the > > > linux-2.4.0...gz file). PPP patched with ppp-2.4.0-mppe...gz from > > > mirror.binarix.com. > > > > > > In short, using the mppe modules (which auto-load just fine) hose a > > > connection. > > > > > > Encryption turned on at Client and in /etc/ppp/options (mppe-128 and > > > mppe-stateless enabled): > > > 1) At best I can make the client ping inside the VPN network, but no > other > > > operations occur. No errors other than the occaisional GRE: Discarding > out > > > of order packet message. I have another working VPN server and this > occurs > > > there, but all works just fine using same client. With the broken > system, I > > > am unable to connect to Exchange Server, Access NT server shares, etc. > > > 2) After a period of time, the connection drops by itself (as if I had > > > disconnected manually). > > > 3) With mppe-40 enabled, no communications (not even a ping) happen. I > am > > > unable to ping the server's IP, nor can the server ping the client's IP. > > > > Unfortunately you will not get much help in the ppp list. You have to go > after the authors of > > the mppe. Using a hacked version of pppd means that all bets are off since > it is > > hard to know what those hacks have done to pppd. > > > > > > > > > > Encryption turned off at both client and in /etc/ppp/options (all mppe > lines > > > commented out): > > > All works just fine and runs smoothly. > > > > > > * Authentication occurs correctly with an without 128/stateless enabled, > > > MPPE modules autoload with no errors and ppp_generic shows it's being > used > > > by the ppp_mppe module. Just whenever mppe module is used, limited > > > communication occurs. > > > > > > > > > In debug mode, the debug logs show only LCP echo and LCP echorep > packets. > > > No errors. > > > > There is a whole host of initial negotiation messages long befor > > those LCP echo packets. That is where I would look for clues. And write to > the > > authors of mppe patches. or perhaps the mppe list will be helpful. > > > > > > > > > > > > -- > > William G. Unruh Canadian Institute for Tel: > +1(604)822-3273 > > Physics&Astronomy Advanced Research Fax: > +1(604)822-5324 > > UBC, Vancouver,BC Program in Cosmology > unruh at physics.ubc.ca > > Canada V6T 1Z1 and Gravity > www.theory.physics.ubc.ca/ > > For step by step instructions about setting up ppp under Linux, see > > http://www.theory.physics.ubc.ca/ppp-linux.html > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From Steve at SteveCowles.com Sun Sep 23 11:31:02 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sun, 23 Sep 2001 11:31:02 -0500 Subject: [pptp-server] Re: PPP problems over VPN (MPPE) Message-ID: <90769AF04F76D41186C700A0C90AFC3EE881@defiant.infohiiway.com> > -----Original Message----- > From: Jeff Shanholtz [mailto:jsubs at shanholtz.com] > Sent: Sunday, September 23, 2001 10:25 AM > To: 'Linux PPTP' > Subject: RE: [pptp-server] Re: PPP problems over VPN (MPPE) > > > Two things don't make sense to me yet. > > After applying the patches, you still have to enable the > options in the options file, right? So I don't understand > why incorporating the patches into the official version > would force ISP's to support it. And I'm sure there are > other PPP options that only 10-15% of users actually use, > aren't there? Could it really boil down to anti-MS bigotry > on the developers' part? > > And as to the legality of incorporating the patches into > the official version of PPP without paying licensing fees, > how is posting the patches on the PoPToP site not just as > illegal? I'm not aware of any legal issues with regards to the MPPE patches. It's the MPPC stuff that would require licensing. Someone enlighten me please if I'm mistaken. FWIW: I'm in the process of developing a "consolidated" website and forum for PoPToP/PPP related issues. I plan on including pre-patched kernel/pppd source code to help make life easier for all of us. So far, my only real concern is finding time to support the effort, not all the legal bullshit. It's my understanding that just as long as the proper disclaimers are included, there should be no problems with posting PPP source code with the MPPE patches already applied along with linux kernels with the appropriate MPPE patches already applied. With the above in mind. Is there an interest in having a consolidated website that offers pre-patched kernels/ppp sources along with a searchable FAQ? I can find better things to do with my spare time. > > FYI I'm not anti-MS and I'm not anti-Linux; I use both and > appreciate both for their respective strengths and > acknowledge MS's and the Linux community's right to do > things in their own ways. I'm also new to PoPToP, so I > claim no expertise on the subject. However, I, too, get > tired of dealing with kernel patches and compiles so like > Jim, I am also very interested in the reasons this stuff > is required. Steve Cowles From unruh at physics.ubc.ca Sun Sep 23 11:59:46 2001 From: unruh at physics.ubc.ca (Bill Unruh) Date: Sun, 23 Sep 2001 09:59:46 -0700 (PDT) Subject: [pptp-server] Re: PPP problems over VPN (MPPE) In-Reply-To: <001501c143e3$9abb7c20$bb1cfa18@JimWS> Message-ID: On Sat, 22 Sep 2001, Jim Roland wrote: ] Thanks for your comments. However (no offense and not trying to start a ] flame thread), I'm looking for solutions not rhetoric. I am a Linux bigot I understand, but you asked why you could find no ready made solution. It IS a proprietary protocol. Just because MS has published the details does not remove its proprietary nature, nor MS or hifn willingness to prosecute if a distributor of Linux included it. Futhermore they would also use it as evidence of the perfidity of the opensource community, describing them as a nest of pirates. ] just like most people on the list, but I don't have time for anti-MS ] sentiment right now, I need to provide a solution as soon as possible. For ] any of us Linux/Unix bigots to continue to gain acceptance, it's better to ] follow the old adage of getting more flies with honey. Besides, that's what ] Microsoft did early on, befriended Apple before stealing their code and ] GUI...perhaps a lesson there. You have a few options. The first is to figure out why your current 2.4.0version does not work. I suggested that you look at and publish the negotiation phase of pppd to see if perhaps we could see some problems there. Your description was too sparse for anyone to be able to provide you with help, which is what you say you want. You MUST give as much information as possible in order to get help. They once you have 2.4.0 working ( making sure you do not trigger the 2.4.0 bugs such as using ausilliary options files-- put everything into /etc/ppp/options. Do not use either options.ttyS? or a user options file. ) youcan then transfer the patches to 2.4.1, altering them as necessary to make sure they work. Secondly, send messages to the people who developed the MPPE patch to see if they have suggestions, or if there are known problems. ] ] There are numerous RFCs and other papers, some/most provided by Microsoft ] for free, the explain PPTP and MPPE protocols, so Microsoft suing the author ] of the MPPE code is highly unlikely. Actually, I found a site with the ] binaries already compiled and ready to go, however it's an older version of ] PPP. I need a newer version of PPP that works without these flaky problems. ] ] ] ] ----- Original Message ----- ] From: "Bill Unruh" ] To: "Jim Roland" ] Cc: ; "Linux PPTP" ] ] Sent: Saturday, September 22, 2001 6:33 PM ] Subject: Re: PPP problems over VPN (MPPE) ] ] ] > On Sat, 22 Sep 2001, Jim Roland wrote: ] > ] > > I've posted without a single response, so I'm going to try again... ] > > ] > > I want to preface my verbage below by asking why someone doesn't just ] come ] > > out with a version of PPP with MPPE built in?! I am having to deploy ] > ] > Because Microsoft made it proprietary. Do you want Linux ( or yourself) ] sued by ] > them? ] > ] > > firewalls with VPN capabilities, prefer to use Linux, and have better ] things ] > > to do with my time than waste it constantly compiling and tweaking to ] get ] > > things working right, sometimes taking over a week full time until it ] works. ] > > ] > > My problem: ] > > Client machine: Windows 2000 connecting to server via VPN (PPTP) with ] > > encryption set. Win2K in both normal crypto mode and with 128-bit ] > > encryption pack added. ] > ] > Note that MS has an attrocious record re encryption. They like to invent ] thier own, ] > without knowing much about it. I would not trust the encryption for much ] of anything. ] > ] > > Server machine: Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1) ] > > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm) ] > ] > Get 2.4.1. 2.4.0 has a ] > number of bugs in it.-- primarily in its inability to read any options ] files but ] > the main /etc/ppp/options. ] > ] > >. Kernel version ] > > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via ] the ] > > linux-2.4.0...gz file). PPP patched with ppp-2.4.0-mppe...gz from ] > > mirror.binarix.com. ] > > ] > > In short, using the mppe modules (which auto-load just fine) hose a ] > > connection. ] > > ] > > Encryption turned on at Client and in /etc/ppp/options (mppe-128 and ] > > mppe-stateless enabled): ] > > 1) At best I can make the client ping inside the VPN network, but no ] other ] > > operations occur. No errors other than the occaisional GRE: Discarding ] out ] > > of order packet message. I have another working VPN server and this ] occurs ] > > there, but all works just fine using same client. With the broken ] system, I ] > > am unable to connect to Exchange Server, Access NT server shares, etc. ] > > 2) After a period of time, the connection drops by itself (as if I had ] > > disconnected manually). ] > > 3) With mppe-40 enabled, no communications (not even a ping) happen. I ] am ] > > unable to ping the server's IP, nor can the server ping the client's IP. ] > ] > Unfortunately you will not get much help in the ppp list. You have to go ] after the authors of ] > the mppe. Using a hacked version of pppd means that all bets are off since ] it is ] > hard to know what those hacks have done to pppd. ] > ] > ] > > ] > > Encryption turned off at both client and in /etc/ppp/options (all mppe ] lines ] > > commented out): ] > > All works just fine and runs smoothly. ] > > ] > > * Authentication occurs correctly with an without 128/stateless enabled, ] > > MPPE modules autoload with no errors and ppp_generic shows it's being ] used ] > > by the ppp_mppe module. Just whenever mppe module is used, limited ] > > communication occurs. ] > > ] > > ] > > In debug mode, the debug logs show only LCP echo and LCP echorep ] packets. ] > > No errors. ] > ] > There is a whole host of initial negotiation messages long befor ] > those LCP echo packets. That is where I would look for clues. And write to ] the ] > authors of mppe patches. or perhaps the mppe list will be helpful. ] > ] > ] > ] > ] > ] > -- ] > William G. Unruh Canadian Institute for Tel: ] +1(604)822-3273 ] > Physics&Astronomy Advanced Research Fax: ] +1(604)822-5324 ] > UBC, Vancouver,BC Program in Cosmology ] unruh at physics.ubc.ca ] > Canada V6T 1Z1 and Gravity ] www.theory.physics.ubc.ca/ ] > For step by step instructions about setting up ppp under Linux, see ] > http://www.theory.physics.ubc.ca/ppp-linux.html ] > ] ] -- William G. Unruh Canadian Institute for Tel: +1(604)822-3273 Physics&Astronomy Advanced Research Fax: +1(604)822-5324 UBC, Vancouver,BC Program in Cosmology unruh at physics.ubc.ca Canada V6T 1Z1 and Gravity www.theory.physics.ubc.ca/ For step by step instructions about setting up ppp under Linux, see http://www.theory.physics.ubc.ca/ppp-linux.html From mmahmodani at lycos.com Sun Sep 23 12:38:10 2001 From: mmahmodani at lycos.com (Mahbod Mahmodani) Date: Sun, 23 Sep 2001 13:38:10 -0400 Subject: [pptp-server] Win NT Problem Message-ID: Hello Everyone, I was wondering if anyone can help me with a problem I have. I have a Win NT machine working as a server which has approx. 100 client machines connected to it. Every now and then a machine will be kicked off the network. The clients are Win98 and Win2000 machines. I don't know If I have a licencing problem here or lack of network resources. Could someone tell me what are some possible solutions for this problem. Thank you, Mahbod M. --- THE EARTH IS BUT ONE COUNTRY AND MANKIND ITS CITIZENS. -BAHA'U'LLAH- Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp From mawali at news.icns.com Sun Sep 23 14:46:53 2001 From: mawali at news.icns.com (FT Rathore) Date: Sun, 23 Sep 2001 14:46:53 -0500 (CDT) Subject: [pptp-server] SMBpasswd and ppp-2.4 (Request) Message-ID: Hi Does anyone has the patch to use smbpasswd with ppp (pptpd) adapted to ppp-2.4.0. All previous posts and google search point to the site: http://linux.yo.org which seems to be hosted on a (XXX) NT server and is AWOL (how ironic). Any help or pointer in this repect will be really appreciated. FT From mps at rns-nis.co.yu Sun Sep 23 15:20:49 2001 From: mps at rns-nis.co.yu (Milan P. Stanic) Date: Sun, 23 Sep 2001 22:20:49 +0200 (CEST) Subject: [pptp-server] Re: PPP problems over VPN (MPPE) In-Reply-To: <002401c14411$622bb950$bb1cfa18@JimWS> Message-ID: On 23-Sep-2001 Jim Roland wrote: > Moving on...I would love to put IPSec, DES, or 3DES in...any > recommendations? www.freeswan.org They have really good doc's, so read it if you didn't already. And they have one of the best mailing list I ever seen. Milan From jsubs at shanholtz.com Mon Sep 24 02:52:00 2001 From: jsubs at shanholtz.com (Jeff Shanholtz) Date: Mon, 24 Sep 2001 00:52:00 -0700 Subject: [pptp-server] error 720 on client Message-ID: <000001c144cd$cb593490$6500a8c0@Jeff> My client machine is getting an error 720 after it tries to "register computer on the network". My server is RH 7.1 (ppp 2.4.0) with poptop 1.0.1. My client is XP Pro and the vpn properties dialog is almost identical to that of 2000. Chosen security settings: typical, require secured password, use win logon is unchecked, and require data encryption is unchecked. I had been connecting to the server just fine until tonight but I don't know what has changed to make it stop working. Any advice would be appreciated. The most relevant pptpd.log file messages (complete set below) seem to be: Sep 24 00:22:03 shane pptpd[1564]: CTRL: Made a CALL DISCONNECT RPLY packet Sep 24 00:22:03 shane pppd[1565]: LCP terminated by peer (^UM-^J^?^D^@ /dev/pts/0 Sep 24 00:22:00 shane pptpd[1564]: CTRL: Received PPTP Control Message (type: 15) Sep 24 00:22:00 shane pppd[1565]: sent [LCP ConfReq id=0x1 ] Sep 24 00:22:01 shane pptpd[1564]: CTRL: Got a SET LINK INFO packet with standard ACCMs Sep 24 00:22:01 shane pptpd[1564]: GRE: Discarding duplicate packet Sep 24 00:22:01 shane pppd[1565]: rcvd [LCP ConfAck id=0x1 ] Sep 24 00:22:02 shane pppd[1565]: rcvd [LCP ConfReq id=0x1 ] Sep 24 00:22:02 shane pppd[1565]: sent [LCP ConfRej id=0x1 ] Sep 24 00:22:02 shane pppd[1565]: rcvd [LCP ConfReq id=0x2 ] Sep 24 00:22:02 shane pppd[1565]: sent [LCP ConfAck id=0x2 ] Sep 24 00:22:02 shane pppd[1565]: sent [CHAP Challenge id=0x1 <079a8f9af08220f6b57ece216d5373fbb38f7f8a39>, name = "shane"] Sep 24 00:22:02 shane pptpd[1564]: CTRL: Received PPTP Control Message (type: 15) Sep 24 00:22:02 shane pptpd[1564]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Sep 24 00:22:02 shane pppd[1565]: rcvd [LCP code=0xc id=0x3 15 8a 7f 04 4d 53 52 41 53 56 35 2e 31 30] Sep 24 00:22:02 shane pppd[1565]: sent [LCP CodeRej id=0x2 0c 03 00 12 15 8a 7f 04 4d 53 52 41 53 56 35 2e 31 30] Sep 24 00:22:02 shane pppd[1565]: rcvd [LCP code=0xc id=0x4 15 8a 7f 04 4d 53 52 41 53 2d 31 2d 4a 45 46 46] Sep 24 00:22:02 shane pppd[1565]: sent [LCP CodeRej id=0x3 0c 04 00 14 15 8a 7f 04 4d 53 52 41 53 2d 31 2d 4a 45 46 46] Sep 24 00:22:02 shane pppd[1565]: rcvd [CHAP Response id=0x1 <25debd17cb6e762dbd084ac14634b7e8>, name = "jeff"] Sep 24 00:22:02 shane pppd[1565]: sent [CHAP Success id=0x1 "Welcome to shane."] Sep 24 00:22:02 shane pppd[1565]: sent [IPCP ConfReq id=0x1 ] Sep 24 00:22:02 shane pptpd[1564]: CTRL: Received PPTP Control Message (type: 15) Sep 24 00:22:03 shane pppd[1565]: sent [CCP ConfReq id=0x1 ] Sep 24 00:22:03 shane pptpd[1564]: CTRL: Got a SET LINK INFO packet with standard ACCMs Sep 24 00:22:03 shane pppd[1565]: CHAP peer authentication succeeded for jeff Sep 24 00:22:03 shane pptpd[1564]: CTRL: Received PPTP Control Message (type: 12) Sep 24 00:22:03 shane pppd[1565]: rcvd [LCP TermReq id=0x5 15 8a 7f 04 00 3c cd 74 00 00 02 d0] Sep 24 00:22:03 shane pptpd[1564]: CTRL: Made a CALL DISCONNECT RPLY packet Sep 24 00:22:03 shane pppd[1565]: LCP terminated by peer (^UM-^J^?^D^@ Message-ID: On Mon, 24 Sep 2001, Jeff Shanholtz wrote: > My client machine is getting an error 720 after it tries to "register > computer on the network". My server is RH 7.1 (ppp 2.4.0) with poptop > 1.0.1. My client is XP Pro and the vpn properties dialog is almost > identical to that of 2000. Chosen security settings: typical, require > secured password, use win logon is unchecked, and require data > encryption is unchecked. I had been connecting to the server just fine > until tonight but I don't know what has changed to make it stop working. > Any advice would be appreciated. snippet from http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q163111 "720 No PPP control protocols configured." > The most relevant pptpd.log file messages (complete set below) seem to > be: > > Sep 24 00:22:03 shane pptpd[1564]: CTRL: Made a CALL DISCONNECT RPLY > packet > Sep 24 00:22:03 shane pppd[1565]: LCP terminated by peer > (^UM-^J^?^D^@ Here is my config file (/etc/pptpd.conf) - comment lines stripped out: > > option /etc/ppp/options.pptp > localip 192.168.0.244 > remoteip 192.168.0.245 I see only one remoteip here - can you give it a small range? [...] > Here are the relevant lines from /var/log/pptpd.log: > [...] > Sep 24 00:22:00 shane pptpd[1430]: MGR: No free connection slots or > IPs - no more clients can connect! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This could be significant. [...] > Sep 24 00:22:00 shane pptpd[1565]: CTRL (PPPD Launcher): local > address = 192.168.0.244 > Sep 24 00:22:00 shane pptpd[1564]: CTRL: Sent packet to client > Sep 24 00:22:00 shane pptpd[1565]: CTRL (PPPD Launcher): remote > address = 192.168.0.245 OK, pptpd thinks it has an IP address for each end. > Sep 24 00:22:00 shane pppd[1565]: pppd 2.4.0 started by root, uid 0 > Sep 24 00:22:00 shane pppd[1565]: using channel 2 > Sep 24 00:22:00 shane pppd[1565]: Using interface ppp0 > Sep 24 00:22:00 shane pppd[1565]: Connect: ppp0 <--> /dev/pts/0 > Sep 24 00:22:00 shane pptpd[1564]: CTRL: Received PPTP Control > Message (type: 15) [...] > Sep 24 00:22:02 shane pppd[1565]: rcvd [CHAP Response id=0x1 > <25debd17cb6e762dbd084ac14634b7e8>, name = "jeff"] > Sep 24 00:22:02 shane pppd[1565]: sent [CHAP Success id=0x1 "Welcome > to shane."] "jeff" has authenticated th "shane"? > Sep 24 00:22:02 shane pppd[1565]: sent [IPCP ConfReq id=0x1 192.168.0.244> ] We send an IPCP ConfReq. > Sep 24 00:22:02 shane pptpd[1564]: CTRL: Received PPTP Control > Message (type: 15) > Sep 24 00:22:03 shane pppd[1565]: sent [CCP ConfReq id=0x1 15> ] > Sep 24 00:22:03 shane pptpd[1564]: CTRL: Got a SET LINK INFO packet > with standard ACCMs > Sep 24 00:22:03 shane pppd[1565]: CHAP peer authentication succeeded > for jeff > Sep 24 00:22:03 shane pptpd[1564]: CTRL: Received PPTP Control > Message (type: 12) > Sep 24 00:22:03 shane pppd[1565]: rcvd [LCP TermReq id=0x5 15 8a 7f > 04 00 3c cd 74 00 00 02 d0] Now we receive an LCP TermReq, without getting IPCP established. This doesn't smell right in the IP department. Hopefully somebody else can see a specific problem. HTH, Neale. From vogt at serc.nl Mon Sep 24 07:36:19 2001 From: vogt at serc.nl (Harald Vogt) Date: Mon, 24 Sep 2001 14:36:19 +0200 Subject: [pptp-server] Re: PPP problems over VPN (MPPE) References: Message-ID: <3BAF28C3.56B73B28@serc.nl> Bill Unruh wrote: > > On Sat, 22 Sep 2001, Jim Roland wrote: > > > I've posted without a single response, so I'm going to try again... > > > > I want to preface my verbage below by asking why someone doesn't just come > > out with a version of PPP with MPPE built in?! I am having to deploy Well, there is one, sort of. I did put MPPE into ppp (almost) by putting MPPE into slirp (slirp is based upon pppd). See http://www.serc.nl/people/vogt/vpn/ There you can find a version of ppp_mppe.c which behaves like a bsd-comp.c module. Now if only someone would put ppp_mppe.c into the pppd distibution ... Regards, -- Dr. H.H. (Harald) Vogt SERC (Software Engineering Research Centre) E-mail: vogt at serc.nl P.O. Box 424, 3500 AK Utrecht, The Netherlands http://www.serc.nl/people/vogt tel: +31-30-2545412, fax: +31-30-2545948 From jpej at geo-rede.com.br Mon Sep 24 09:10:46 2001 From: jpej at geo-rede.com.br (Jos? de Paula Eufr?sio J?nior) Date: Mon, 24 Sep 2001 11:10:46 -0300 Subject: [pptp-server] Version of pptpd Message-ID: <20010924141421.6441DD14C6@poontang.schulte.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was looking in the poptop site and it's a little "old"... the development of poptop stoped? in meanwhile, what version it's recommended use? The site "stable" or the development? i use the stable, and except by some bizarre errors it works fine.. thanks Junior Geo-rede Wireless Internet http://www.coredump.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7rz7qzpjMtTpoYcMRAlbuAKDPxmkvHIDMUGnrZinBrrhdN97B5ACg135q tzm3EAmk1rHc9PkMlF/sL4Y= =yxRR -----END PGP SIGNATURE----- From jsubs at shanholtz.com Mon Sep 24 09:52:11 2001 From: jsubs at shanholtz.com (Jeff Shanholtz) Date: Mon, 24 Sep 2001 07:52:11 -0700 Subject: [pptp-server] error 720 on client In-Reply-To: Message-ID: <001001c14508$7e1c18b0$6500a8c0@Jeff> IP settings are configured for automatic assignment of IP address and dns servers, so there doesn't appear to be a problem on the client end. I have tried giving the remote address setting a range instead of a single address just in case, but that didn't help and, indeed, I had it working just fine before without the range. The "no more clients can connect" just means that the server is *now* maxed out on client connections; it is irrelevant to this problem (I also got the message when clients could connect just fine). Also, you were curious about the jeff/shane thing. jeff is the user name and shane is the server's host name. Thanks for taking a look at my problem and hopefully someone will have the solution. :) -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Neale Banks Sent: Monday, September 24, 2001 1:23 AM To: Jeff Shanholtz Cc: PoPToP List Subject: Re: [pptp-server] error 720 on client On Mon, 24 Sep 2001, Jeff Shanholtz wrote: > My client machine is getting an error 720 after it tries to "register > computer on the network". My server is RH 7.1 (ppp 2.4.0) with poptop > 1.0.1. My client is XP Pro and the vpn properties dialog is almost > identical to that of 2000. Chosen security settings: typical, require > secured password, use win logon is unchecked, and require data > encryption is unchecked. I had been connecting to the server just fine > until tonight but I don't know what has changed to make it stop working. > Any advice would be appreciated. snippet from http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q163111 "720 No PPP control protocols configured." > The most relevant pptpd.log file messages (complete set below) seem to > be: > > Sep 24 00:22:03 shane pptpd[1564]: CTRL: Made a CALL DISCONNECT RPLY > packet > Sep 24 00:22:03 shane pppd[1565]: LCP terminated by peer > (^UM-^J^?^D^@ Here is my config file (/etc/pptpd.conf) - comment lines stripped out: > > option /etc/ppp/options.pptp > localip 192.168.0.244 > remoteip 192.168.0.245 I see only one remoteip here - can you give it a small range? [...] > Here are the relevant lines from /var/log/pptpd.log: > [...] > Sep 24 00:22:00 shane pptpd[1430]: MGR: No free connection slots or > IPs - no more clients can connect! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This could be significant. [...] > Sep 24 00:22:00 shane pptpd[1565]: CTRL (PPPD Launcher): local > address = 192.168.0.244 > Sep 24 00:22:00 shane pptpd[1564]: CTRL: Sent packet to client > Sep 24 00:22:00 shane pptpd[1565]: CTRL (PPPD Launcher): remote > address = 192.168.0.245 OK, pptpd thinks it has an IP address for each end. > Sep 24 00:22:00 shane pppd[1565]: pppd 2.4.0 started by root, uid 0 > Sep 24 00:22:00 shane pppd[1565]: using channel 2 > Sep 24 00:22:00 shane pppd[1565]: Using interface ppp0 > Sep 24 00:22:00 shane pppd[1565]: Connect: ppp0 <--> /dev/pts/0 > Sep 24 00:22:00 shane pptpd[1564]: CTRL: Received PPTP Control > Message (type: 15) [...] > Sep 24 00:22:02 shane pppd[1565]: rcvd [CHAP Response id=0x1 > <25debd17cb6e762dbd084ac14634b7e8>, name = "jeff"] > Sep 24 00:22:02 shane pppd[1565]: sent [CHAP Success id=0x1 "Welcome > to shane."] "jeff" has authenticated th "shane"? > Sep 24 00:22:02 shane pppd[1565]: sent [IPCP ConfReq id=0x1 192.168.0.244> ] We send an IPCP ConfReq. > Sep 24 00:22:02 shane pptpd[1564]: CTRL: Received PPTP Control > Message (type: 15) > Sep 24 00:22:03 shane pppd[1565]: sent [CCP ConfReq id=0x1 15> ] > Sep 24 00:22:03 shane pptpd[1564]: CTRL: Got a SET LINK INFO packet > with standard ACCMs > Sep 24 00:22:03 shane pppd[1565]: CHAP peer authentication succeeded > for jeff > Sep 24 00:22:03 shane pptpd[1564]: CTRL: Received PPTP Control > Message (type: 12) > Sep 24 00:22:03 shane pppd[1565]: rcvd [LCP TermReq id=0x5 15 8a 7f > 04 00 3c cd 74 00 00 02 d0] Now we receive an LCP TermReq, without getting IPCP established. This doesn't smell right in the IP department. Hopefully somebody else can see a specific problem. HTH, Neale. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From barjunk at attglobal.net Mon Sep 24 14:17:39 2001 From: barjunk at attglobal.net (Michael Barsalou) Date: Mon, 24 Sep 2001 11:17:39 -0800 Subject: [pptp-server] clients seeing each other In-Reply-To: <20010924145403.7F921D1646@poontang.schulte.org> Message-ID: <3BAF1653.12937.E60C80@localhost> I would like to allow each client to see files on the other. Is this possible? What are the things I should be looking for to ensure this will work? Thanks for the help. Mike Michael Barsalou barjunk at attglobal.net From rathore at bilo.icns.com Mon Sep 24 06:44:34 2001 From: rathore at bilo.icns.com (rathore at bilo.icns.com) Date: Mon, 24 Sep 2001 06:44:34 -0500 (CDT) Subject: [pptp-server] chapms-strip-domain and ppp-2.4 Message-ID: Hi I installed ppp-2.4.0 with strip-MSdomain-patch.diff (made against ppp-2.3.11) it patches successfully and compiles. I do see it stripping domain "XXX\\" from rhostname "XXX\\username" right after: if (strrchr(rhostname, '\\') && chapms_strip_domain) { strcpy(tmp, strrchr(rhostname, '\\') + 1); strcpy(rhostname, tmp); } But the authentication fails: probably because the Chalange is encrypted using "XXX\\usename" and stripping "XXX\\" doesnt work. I do not have a machine that will stick a domain name to the username so I am only simulating it by typing "XXX\username" instead of "username". Note that only typing "username" does authenticate successfully. Here is the log ("Im here mawali" is a warn() that I have put in to see if it was stripping OK) Sep 24 17:29:00 mawali pppd[26100]: sent [CHAP Challenge id=0x1 <55bf26bb0ce89df41ab74f04fc684499>, name = "*"] Sep 24 17:29:00 mawali pppd[26100]: rcvd [CHAP Response id=0x1 <3cb4587524c86b5728bd47e71e586674000000000000000079d8a2afdaab1012ae9444c33cb1d6f59a8f7bb62715f28d04>, name = "home\\mawali"] Sep 24 17:29:00 mawali pppd[26100]: Im here. "mawali" Sep 24 17:29:00 mawali pppd[26100]: sent [CHAP Failure id=0x1 "I don't like you. Go 'way."] Sep 24 17:29:00 mawali pppd[26100]: MSCHAP-v2 peer authentication failed for remote host mawali Sep 24 17:29:00 mawali pppd[26100]: sent [LCP TermReq id=0x2 "Authentication failed"] Here is if i dont use "XXX\" Sep 24 17:29:09 mawali pppd[26102]: sent [CHAP Challenge id=0x1 <0c2856905cfe7f47ed5c8ff6def820cd>, name = "*"] Sep 24 17:29:09 mawali pppd[26102]: rcvd [CHAP Response id=0x1 , name = "mawali"] Sep 24 17:29:09 mawali pppd[26102]: sent [CHAP Success id=0x1 "S=D262D372D9B7171106AB40DBF55CBEB93B6AE12D"] Any Ideas??? From vgill at technologist.com Mon Sep 24 19:24:21 2001 From: vgill at technologist.com (Gill, Vern) Date: Mon, 24 Sep 2001 17:24:21 -0700 Subject: [pptp-server] chapms-strip-domain and ppp-2.4 Message-ID: <574607996176D51195A400A0C90AB760C996@mail.gillnet.org> If the machine you are connecting with is say Linux and the pptp-client, you need to send DOMAIN\\username. Note the 2 \\. Otherwise, maybe post your pptpd.conf... -----Original Message----- From: rathore at bilo.icns.com [mailto:rathore at bilo.icns.com] Sent: Monday, September 24, 2001 4:45 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] chapms-strip-domain and ppp-2.4 Hi I installed ppp-2.4.0 with strip-MSdomain-patch.diff (made against ppp-2.3.11) it patches successfully and compiles. I do see it stripping domain "XXX\\" from rhostname "XXX\\username" right after: if (strrchr(rhostname, '\\') && chapms_strip_domain) { strcpy(tmp, strrchr(rhostname, '\\') + 1); strcpy(rhostname, tmp); } But the authentication fails: probably because the Chalange is encrypted using "XXX\\usename" and stripping "XXX\\" doesnt work. I do not have a machine that will stick a domain name to the username so I am only simulating it by typing "XXX\username" instead of "username". Note that only typing "username" does authenticate successfully. Here is the log ("Im here mawali" is a warn() that I have put in to see if it was stripping OK) Sep 24 17:29:00 mawali pppd[26100]: sent [CHAP Challenge id=0x1 <55bf26bb0ce89df41ab74f04fc684499>, name = "*"] Sep 24 17:29:00 mawali pppd[26100]: rcvd [CHAP Response id=0x1 <3cb4587524c86b5728bd47e71e586674000000000000000079d8a2afdaab1012ae9444c 33cb1d6f59a8f7bb62715f28d04>, name = "home\\mawali"] Sep 24 17:29:00 mawali pppd[26100]: Im here. "mawali" Sep 24 17:29:00 mawali pppd[26100]: sent [CHAP Failure id=0x1 "I don't like you. Go 'way."] Sep 24 17:29:00 mawali pppd[26100]: MSCHAP-v2 peer authentication failed for remote host mawali Sep 24 17:29:00 mawali pppd[26100]: sent [LCP TermReq id=0x2 "Authentication failed"] Here is if i dont use "XXX\" Sep 24 17:29:09 mawali pppd[26102]: sent [CHAP Challenge id=0x1 <0c2856905cfe7f47ed5c8ff6def820cd>, name = "*"] Sep 24 17:29:09 mawali pppd[26102]: rcvd [CHAP Response id=0x1 , name = "mawali"] Sep 24 17:29:09 mawali pppd[26102]: sent [CHAP Success id=0x1 "S=D262D372D9B7171106AB40DBF55CBEB93B6AE12D"] Any Ideas??? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From vgill at technologist.com Mon Sep 24 19:26:40 2001 From: vgill at technologist.com (Gill, Vern) Date: Mon, 24 Sep 2001 17:26:40 -0700 Subject: [pptp-server] SMBpasswd and ppp-2.4 (Request) Message-ID: <574607996176D51195A400A0C90AB760C997@mail.gillnet.org> Actually, that is my box. It is definitely NOT hosted on NT. And I don't use that hostname anymore 'cuz it only works 1% of the time. Additionally, you have/had it spelled wrong. It WAS linus.yi.org Try http://linus.dns2go.com -----Original Message----- From: FT Rathore [mailto:mawali at news.icns.com] Sent: Sunday, September 23, 2001 12:47 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] SMBpasswd and ppp-2.4 (Request) Hi Does anyone has the patch to use smbpasswd with ppp (pptpd) adapted to ppp-2.4.0. All previous posts and google search point to the site: http://linux.yo.org which seems to be hosted on a (XXX) NT server and is AWOL (how ironic). Any help or pointer in this repect will be really appreciated. FT _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From jroland at roland.net Tue Sep 25 00:07:14 2001 From: jroland at roland.net (Jim Roland) Date: Tue, 25 Sep 2001 00:07:14 -0500 Subject: [pptp-server] MPPE issue--packets stop flowing with 2nd client or re-establishing PPP Message-ID: <005001c1457f$f12a7820$bb1cfa18@JimWS> Perhaps you have seen this without me having to spam up email with sending 2 samples of debug and messages logs. No errors come up except discussion about pptpd buffering and reordering packets. This was normal at working and non-working moments. I am running the following: RedHat 7.1 kernel 2.4.2-2 ppp-2.4.0 (via source code) pptpd-1.0.1 (upgraded to 1.1.2 to eliminate "GRE: Discarded out of order packet" errors) linux-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to kernel) ppp-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to pppd) [Linux PPTP server] [Windows 2000 client] I am having 2 strange problems: 1) Single client only: All works fine if ppp_mppe module is NOT already loaded into memory when I establish a VPN connection. * I leave a window pinging an IP on the inside of the VPN and watch the /var/log/messages log on the VPN box for errors. * If I disconnect the VPN connection, re-establish a few seconds or minutes later (before a cronjob for rmmod runs removing ppp_mppe), packets stop pinging the instant the "MPPE 128 bit, stateless compression enabled" message comes up on. * Packets do flow ping during the time between IP address assignment and the "MPPE 128-bit..." entry in the log. As soon as the MPPE message comes up, packets stop flowing (no ping, no communication at all). Workaround: If I put in a line such as "/sbin/rmmod -ar ppp_mppe" in the /etc/ppp/ip-down script, all works fine for a SINGLE CLIENT only... This workaround unregisters the MPPE module when PPPd exits. When I reestablish a connection again, the module is reloaded into memory and all works like it should. 2) Multiple clients: I am presently unable to make a 2nd client work with the above programs and patches (packet flow confirmed by infinite pinging window to an IP on the inside of the VPN). * I connect client #1. MPPE registers, a few notes in the messages log about PPTPd buffering out of order packets, and all flows fine. * I connect client #2. Packets flow as soon as the IP address is assigned, but immediately stop after "MPPE 128-bit" message comes up. * Even though client #2 stops communicating, client #1 keeps running fine. ** Other issue: For whatever reason, the MPPE-40 option ("mppe-40") in /etc/ppp/options, if the 40-bit is enabled, no packets flow at all anywhere. As soon as I only allow mppe-128 and mppe-stateless to work (only those two enabled), packets work as noted above. ** I have already tried running pptpd with a single local IP and multiple local IPs in /etc/pptpd.conf (remote IPs are always multiple) and there is no change. ** I downloaded the generic ppp_mppe_compressed_data_fix.diff and tried to apply to the ppp_mppe.c file (in ppp-2.4.0 and it's patches noted above, the .c file is located in /usr/src/linux-2.4.2/drivers/net/ppp_mppe.c)...The patch will not apply at all (hunks not found). Please help!! I have got to make this work for multiple simultaneous clients. Regards, Jim Roland, RHCE From Josh.Howlett at bristol.ac.uk Tue Sep 25 02:21:44 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Tue, 25 Sep 2001 08:21:44 +0100 (BST) Subject: [pptp-server] MPPE issue--packets stop flowing with 2nd client or re-establishing PPP In-Reply-To: <005001c1457f$f12a7820$bb1cfa18@JimWS> Message-ID: Are you trying to have multiple clients over a masq'd connection? If so, it won't work. josh. On Tue, 25 Sep 2001, Jim Roland wrote: > > Perhaps you have seen this without me having to spam up email with sending 2 > samples of debug and messages logs. No errors come up except discussion > about pptpd buffering and reordering packets. This was normal at working > and non-working moments. > > I am running the following: > RedHat 7.1 > kernel 2.4.2-2 > ppp-2.4.0 (via source code) > pptpd-1.0.1 (upgraded to 1.1.2 to eliminate "GRE: Discarded out of order > packet" errors) > linux-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to kernel) > ppp-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to pppd) > [Linux PPTP server] > [Windows 2000 client] > > > I am having 2 strange problems: > 1) Single client only: All works fine if ppp_mppe module is NOT already > loaded into memory when I establish a VPN connection. > * I leave a window pinging an IP on the inside of the VPN and watch the > /var/log/messages log on the VPN box for errors. > * If I disconnect the VPN connection, re-establish a few seconds or > minutes later (before a cronjob for rmmod runs removing ppp_mppe), packets > stop pinging the instant the "MPPE 128 bit, stateless compression enabled" > message comes up on. > * Packets do flow ping during the time between IP address assignment and > the "MPPE 128-bit..." entry in the log. As soon as the MPPE message comes > up, packets stop flowing (no ping, no communication at all). > Workaround: If I put in a line such as "/sbin/rmmod -ar ppp_mppe" in > the /etc/ppp/ip-down script, all works fine for a SINGLE CLIENT only... > This workaround unregisters the MPPE module when PPPd exits. When I > reestablish a connection again, the module is reloaded into memory and all > works like it should. > > 2) Multiple clients: I am presently unable to make a 2nd client work with > the above programs and patches (packet flow confirmed by infinite pinging > window to an IP on the inside of the VPN). > * I connect client #1. MPPE registers, a few notes in the messages log > about PPTPd buffering out of order packets, and all flows fine. > * I connect client #2. Packets flow as soon as the IP address is > assigned, but immediately stop after "MPPE 128-bit" message comes up. > * Even though client #2 stops communicating, client #1 keeps running > fine. > > > ** Other issue: For whatever reason, the MPPE-40 option ("mppe-40") in > /etc/ppp/options, if the 40-bit is enabled, no packets flow at all anywhere. > As soon as I only allow mppe-128 and mppe-stateless to work (only those two > enabled), packets work as noted above. > > ** I have already tried running pptpd with a single local IP and multiple > local IPs in /etc/pptpd.conf (remote IPs are always multiple) and there is > no change. > > ** I downloaded the generic ppp_mppe_compressed_data_fix.diff and tried to > apply to the ppp_mppe.c file (in ppp-2.4.0 and it's patches noted above, the > .c file is located in /usr/src/linux-2.4.2/drivers/net/ppp_mppe.c)...The > patch will not apply at all (hunks not found). > > > Please help!! I have got to make this work for multiple simultaneous > clients. > > Regards, > Jim Roland, RHCE > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From neale at lowendale.com.au Tue Sep 25 03:46:18 2001 From: neale at lowendale.com.au (Neale Banks) Date: Tue, 25 Sep 2001 18:46:18 +1000 (EST) Subject: [pptp-server] ppp debug help pls Message-ID: Greetings all, I'm trying to connect a (non-patched) linux system to Win2k pptp server and am getting past auth but dying, apparently after successful IP negotiations. The command line is: pptp user noauth noipdefault noccp nopcomp novj debug The (Debian potato default) /etc/ppp/options (with comments and blank lines stripped out) that I'm using is: ====================== asyncmap 0 auth crtscts lock hide-password modem proxyarp lcp-echo-interval 30 lcp-echo-failure 4 noipx ====================== ppp debug ends like this: ============================================ Sep 25 17:56:09 gull pppd[520]: rcvd [CHAP Success id=0x0 ""] Sep 25 17:56:09 gull pppd[520]: sent [IPCP ConfReq id=0x1 ] Sep 25 17:56:09 gull pppd[520]: rcvd [CCP ConfReq id=0x4 < 12 06 01 00 00 b1>] Sep 25 17:56:09 gull pppd[520]: sent [LCP ProtRej id=0x2 80 fd 01 04 00 0a 12 06 01 00 00 b1] Sep 25 17:56:09 gull pppd[520]: rcvd [IPCP ConfReq id=0x5 ] Sep 25 17:56:09 gull pppd[520]: sent [IPCP ConfAck id=0x5 ] Sep 25 17:56:09 gull pppd[520]: rcvd [IPCP ConfNak id=0x1 ] Sep 25 17:56:09 gull pppd[520]: sent [IPCP ConfReq id=0x2 ] Sep 25 17:56:09 gull pppd[520]: rcvd [LCP TermReq id=0x6 "0\37777777636\025Q\000<\37777777715t\000\000\002\37777777746"] Sep 25 17:56:09 gull pppd[520]: sent [LCP TermAck id=0x6] ============================================ AFAICT, 172.30.1.3 is the server ppp address and we are all happy about that. Then we seem to agree about what's presumably the local IP address. Then we receive a TermReq with junk. :-( Any suggestions? Thanks, Neale. From muralivemuri at multitech.co.in Tue Sep 25 03:43:49 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Tue, 25 Sep 2001 14:13:49 +0530 Subject: [pptp-server] pam support for pptp Message-ID: <3BB043C5.7C38BD75@multitech.co.in> hi all, can any one help me in making my pptp / ppp server aware of "pam"? right now, authentication is through chap. with thanks for your time, Murali Krishna Vemuri From jroland at roland.net Tue Sep 25 11:04:53 2001 From: jroland at roland.net (Jim Roland) Date: Tue, 25 Sep 2001 11:04:53 -0500 Subject: [pptp-server] MPPE issue--packets stop flowing with 2nd client or re-establishing PPP References: Message-ID: <001d01c145db$d0652b10$bb1cfa18@JimWS> No I'm not. The box is receiving these in and not Masquerading. All works if I don't use the MPPE module. Multiple clients work just fine without the MPPE module. ----- Original Message ----- From: "Josh Howlett" To: "Jim Roland" Cc: "Linux PPTP" Sent: Tuesday, September 25, 2001 2:21 AM Subject: Re: [pptp-server] MPPE issue--packets stop flowing with 2nd client or re-establishing PPP > Are you trying to have multiple clients over a masq'd connection? If > so, it won't work. > > josh. > > On Tue, 25 Sep 2001, Jim Roland wrote: > > > > > Perhaps you have seen this without me having to spam up email with sending 2 > > samples of debug and messages logs. No errors come up except discussion > > about pptpd buffering and reordering packets. This was normal at working > > and non-working moments. > > > > I am running the following: > > RedHat 7.1 > > kernel 2.4.2-2 > > ppp-2.4.0 (via source code) > > pptpd-1.0.1 (upgraded to 1.1.2 to eliminate "GRE: Discarded out of order > > packet" errors) > > linux-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to kernel) > > ppp-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to pppd) > > [Linux PPTP server] > > [Windows 2000 client] > > > > > > I am having 2 strange problems: > > 1) Single client only: All works fine if ppp_mppe module is NOT already > > loaded into memory when I establish a VPN connection. > > * I leave a window pinging an IP on the inside of the VPN and watch the > > /var/log/messages log on the VPN box for errors. > > * If I disconnect the VPN connection, re-establish a few seconds or > > minutes later (before a cronjob for rmmod runs removing ppp_mppe), packets > > stop pinging the instant the "MPPE 128 bit, stateless compression enabled" > > message comes up on. > > * Packets do flow ping during the time between IP address assignment and > > the "MPPE 128-bit..." entry in the log. As soon as the MPPE message comes > > up, packets stop flowing (no ping, no communication at all). > > Workaround: If I put in a line such as "/sbin/rmmod -ar ppp_mppe" in > > the /etc/ppp/ip-down script, all works fine for a SINGLE CLIENT only... > > This workaround unregisters the MPPE module when PPPd exits. When I > > reestablish a connection again, the module is reloaded into memory and all > > works like it should. > > > > 2) Multiple clients: I am presently unable to make a 2nd client work with > > the above programs and patches (packet flow confirmed by infinite pinging > > window to an IP on the inside of the VPN). > > * I connect client #1. MPPE registers, a few notes in the messages log > > about PPTPd buffering out of order packets, and all flows fine. > > * I connect client #2. Packets flow as soon as the IP address is > > assigned, but immediately stop after "MPPE 128-bit" message comes up. > > * Even though client #2 stops communicating, client #1 keeps running > > fine. > > > > > > ** Other issue: For whatever reason, the MPPE-40 option ("mppe-40") in > > /etc/ppp/options, if the 40-bit is enabled, no packets flow at all anywhere. > > As soon as I only allow mppe-128 and mppe-stateless to work (only those two > > enabled), packets work as noted above. > > > > ** I have already tried running pptpd with a single local IP and multiple > > local IPs in /etc/pptpd.conf (remote IPs are always multiple) and there is > > no change. > > > > ** I downloaded the generic ppp_mppe_compressed_data_fix.diff and tried to > > apply to the ppp_mppe.c file (in ppp-2.4.0 and it's patches noted above, the > > .c file is located in /usr/src/linux-2.4.2/drivers/net/ppp_mppe.c)...The > > patch will not apply at all (hunks not found). > > > > > > Please help!! I have got to make this work for multiple simultaneous > > clients. > > > > Regards, > > Jim Roland, RHCE > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > > > --------------------------------------- > Josh Howlett, Network Supervisor, > Networking & Digital Communications, > Information Systems & Computing, > University of Bristol, U.K. > 0117 928 7850 | josh.howlett at bris.ac.uk > --------------------------------------- > From kidzrus2 at san.rr.com Tue Sep 25 18:11:10 2001 From: kidzrus2 at san.rr.com (Michael M.) Date: Tue, 25 Sep 2001 16:11:10 -0700 Subject: [pptp-server] Re: pptp-server digest, Vol 1 #432 - 10 msgs References: <20010925170103.1062DD15F7@poontang.schulte.org> Message-ID: <000b01c14617$5dcb9620$f9871e18@san.rr.com> stop emailing me........ ----- Original Message ----- From: To: Sent: Tuesday, September 25, 2001 10:01 AM Subject: pptp-server digest, Vol 1 #432 - 10 msgs > Send pptp-server mailing list submissions to > pptp-server at lists.schulte.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.schulte.org/mailman/listinfo/pptp-server > or, via email, send a message with subject or body 'help' to > pptp-server-request at lists.schulte.org > > You can reach the person managing the list at > pptp-server-admin at lists.schulte.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of pptp-server digest..." > > > Today's Topics: > > 1. clients seeing each other (Michael Barsalou) > 2. chapms-strip-domain and ppp-2.4 (rathore at bilo.icns.com) > 3. RE: chapms-strip-domain and ppp-2.4 (Gill, Vern) > 4. RE: SMBpasswd and ppp-2.4 (Request) (Gill, Vern) > 5. MPPE issue--packets stop flowing with 2nd client or re-establishing PPP (Jim Roland) > 6. Re: MPPE issue--packets stop flowing with 2nd client or > re-establishing PPP (Josh Howlett) > 7. ppp debug help pls (Neale Banks) > 8. pam support for pptp (Murali K. Vemuri) > 9. Re: MPPE issue--packets stop flowing with 2nd client or re-establishing PPP (Jim Roland) > > --__--__-- > > Message: 1 > From: "Michael Barsalou" > To: pptp-server at lists.schulte.org > Date: Mon, 24 Sep 2001 11:17:39 -0800 > Reply-To: mjbarsalou at attglobal.net > Subject: [pptp-server] clients seeing each other > > I would like to allow each client to see files on the other. Is this > possible? > > What are the things I should be looking for to ensure this will work? > > Thanks for the help. > > Mike > > > Michael Barsalou > barjunk at attglobal.net > > --__--__-- > > Message: 2 > Date: Mon, 24 Sep 2001 06:44:34 -0500 (CDT) > From: > To: pptp-server at lists.schulte.org > Subject: [pptp-server] chapms-strip-domain and ppp-2.4 > > > Hi > I installed ppp-2.4.0 with strip-MSdomain-patch.diff (made against > ppp-2.3.11) it patches successfully and compiles. I do see it stripping > domain "XXX\\" from rhostname "XXX\\username" right after: > > if (strrchr(rhostname, '\\') && chapms_strip_domain) { > strcpy(tmp, strrchr(rhostname, '\\') + 1); > strcpy(rhostname, tmp); > } > > But the authentication fails: > > probably because the Chalange is encrypted > using "XXX\\usename" and stripping "XXX\\" doesnt work. I do not have a > machine that will stick a domain name to the username so I am only > simulating it by typing "XXX\username" instead of "username". Note that > only typing "username" does authenticate successfully. > > Here is the log ("Im here mawali" is a warn() that I have put in to see > if it was stripping OK) > > Sep 24 17:29:00 mawali pppd[26100]: sent [CHAP Challenge id=0x1 > <55bf26bb0ce89df41ab74f04fc684499>, name = "*"] > Sep 24 17:29:00 mawali pppd[26100]: rcvd [CHAP Response id=0x1 > <3cb4587524c86b5728bd47e71e586674000000000000000079d8a2afdaab1012ae9444c33cb 1d6f59a8f7bb62715f28d04>, > name = "home\\mawali"] > Sep 24 17:29:00 mawali pppd[26100]: Im here. "mawali" > Sep 24 17:29:00 mawali pppd[26100]: sent [CHAP Failure id=0x1 "I don't > like you. Go 'way."] > Sep 24 17:29:00 mawali pppd[26100]: MSCHAP-v2 peer authentication failed > for remote host mawali > Sep 24 17:29:00 mawali pppd[26100]: sent [LCP TermReq id=0x2 > "Authentication failed"] > > Here is if i dont use "XXX\" > > Sep 24 17:29:09 mawali pppd[26102]: sent [CHAP Challenge id=0x1 > <0c2856905cfe7f47ed5c8ff6def820cd>, name = "*"] > Sep 24 17:29:09 mawali pppd[26102]: rcvd [CHAP Response id=0x1 > , > name = "mawali"] > Sep 24 17:29:09 mawali pppd[26102]: sent [CHAP Success id=0x1 > "S=D262D372D9B7171106AB40DBF55CBEB93B6AE12D"] > > > > Any Ideas??? > > > > --__--__-- > > Message: 3 > From: "Gill, Vern" > To: "'rathore at bilo.icns.com'" , > pptp-server at lists.schulte.org > Subject: RE: [pptp-server] chapms-strip-domain and ppp-2.4 > Date: Mon, 24 Sep 2001 17:24:21 -0700 > > If the machine you are connecting with is say Linux and the pptp-client, > you need to send DOMAIN\\username. Note the 2 \\. > > Otherwise, maybe post your pptpd.conf... > > -----Original Message----- > From: rathore at bilo.icns.com [mailto:rathore at bilo.icns.com] > Sent: Monday, September 24, 2001 4:45 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] chapms-strip-domain and ppp-2.4 > > > > Hi > I installed ppp-2.4.0 with strip-MSdomain-patch.diff (made against > ppp-2.3.11) it patches successfully and compiles. I do see it stripping > domain "XXX\\" from rhostname "XXX\\username" right after: > > if (strrchr(rhostname, '\\') && chapms_strip_domain) { > strcpy(tmp, strrchr(rhostname, '\\') + 1); > strcpy(rhostname, tmp); > } > > But the authentication fails: > > probably because the Chalange is encrypted > using "XXX\\usename" and stripping "XXX\\" doesnt work. I do not have a > machine that will stick a domain name to the username so I am only > simulating it by typing "XXX\username" instead of "username". Note that > only typing "username" does authenticate successfully. > > Here is the log ("Im here mawali" is a warn() that I have put in to see > if it was stripping OK) > > Sep 24 17:29:00 mawali pppd[26100]: sent [CHAP Challenge id=0x1 > <55bf26bb0ce89df41ab74f04fc684499>, name = "*"] > Sep 24 17:29:00 mawali pppd[26100]: rcvd [CHAP Response id=0x1 > <3cb4587524c86b5728bd47e71e586674000000000000000079d8a2afdaab1012ae9444c > 33cb1d6f59a8f7bb62715f28d04>, > name = "home\\mawali"] > Sep 24 17:29:00 mawali pppd[26100]: Im here. "mawali" > Sep 24 17:29:00 mawali pppd[26100]: sent [CHAP Failure id=0x1 "I don't > like you. Go 'way."] > Sep 24 17:29:00 mawali pppd[26100]: MSCHAP-v2 peer authentication failed > for remote host mawali > Sep 24 17:29:00 mawali pppd[26100]: sent [LCP TermReq id=0x2 > "Authentication failed"] > > Here is if i dont use "XXX\" > > Sep 24 17:29:09 mawali pppd[26102]: sent [CHAP Challenge id=0x1 > <0c2856905cfe7f47ed5c8ff6def820cd>, name = "*"] > Sep 24 17:29:09 mawali pppd[26102]: rcvd [CHAP Response id=0x1 > d266ed6bc0994e2e9d8b53f5204>, > name = "mawali"] > Sep 24 17:29:09 mawali pppd[26102]: sent [CHAP Success id=0x1 > "S=D262D372D9B7171106AB40DBF55CBEB93B6AE12D"] > > > > Any Ideas??? > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > --__--__-- > > Message: 4 > From: "Gill, Vern" > To: 'FT Rathore' , > pptp-server at lists.schulte.org > Subject: RE: [pptp-server] SMBpasswd and ppp-2.4 (Request) > Date: Mon, 24 Sep 2001 17:26:40 -0700 > > Actually, that is my box. It is definitely NOT hosted on NT. And I don't > use that hostname anymore 'cuz it only works 1% of the time. > Additionally, you have/had it spelled wrong. > It WAS linus.yi.org > > Try http://linus.dns2go.com > > -----Original Message----- > From: FT Rathore [mailto:mawali at news.icns.com] > Sent: Sunday, September 23, 2001 12:47 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] SMBpasswd and ppp-2.4 (Request) > > > Hi > Does anyone has the patch to use smbpasswd with ppp (pptpd) adapted to > ppp-2.4.0. All previous posts and google search point to the site: > http://linux.yo.org > which seems to be hosted on a (XXX) NT server and is AWOL (how ironic). > > Any help or pointer in this repect will be really appreciated. > FT > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > --__--__-- > > Message: 5 > From: "Jim Roland" > To: "Linux PPTP" > Date: Tue, 25 Sep 2001 00:07:14 -0500 > Subject: [pptp-server] MPPE issue--packets stop flowing with 2nd client or re-establishing PPP > > > Perhaps you have seen this without me having to spam up email with sending 2 > samples of debug and messages logs. No errors come up except discussion > about pptpd buffering and reordering packets. This was normal at working > and non-working moments. > > I am running the following: > RedHat 7.1 > kernel 2.4.2-2 > ppp-2.4.0 (via source code) > pptpd-1.0.1 (upgraded to 1.1.2 to eliminate "GRE: Discarded out of order > packet" errors) > linux-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to kernel) > ppp-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to pppd) > [Linux PPTP server] > [Windows 2000 client] > > > I am having 2 strange problems: > 1) Single client only: All works fine if ppp_mppe module is NOT already > loaded into memory when I establish a VPN connection. > * I leave a window pinging an IP on the inside of the VPN and watch the > /var/log/messages log on the VPN box for errors. > * If I disconnect the VPN connection, re-establish a few seconds or > minutes later (before a cronjob for rmmod runs removing ppp_mppe), packets > stop pinging the instant the "MPPE 128 bit, stateless compression enabled" > message comes up on. > * Packets do flow ping during the time between IP address assignment and > the "MPPE 128-bit..." entry in the log. As soon as the MPPE message comes > up, packets stop flowing (no ping, no communication at all). > Workaround: If I put in a line such as "/sbin/rmmod -ar ppp_mppe" in > the /etc/ppp/ip-down script, all works fine for a SINGLE CLIENT only... > This workaround unregisters the MPPE module when PPPd exits. When I > reestablish a connection again, the module is reloaded into memory and all > works like it should. > > 2) Multiple clients: I am presently unable to make a 2nd client work with > the above programs and patches (packet flow confirmed by infinite pinging > window to an IP on the inside of the VPN). > * I connect client #1. MPPE registers, a few notes in the messages log > about PPTPd buffering out of order packets, and all flows fine. > * I connect client #2. Packets flow as soon as the IP address is > assigned, but immediately stop after "MPPE 128-bit" message comes up. > * Even though client #2 stops communicating, client #1 keeps running > fine. > > > ** Other issue: For whatever reason, the MPPE-40 option ("mppe-40") in > /etc/ppp/options, if the 40-bit is enabled, no packets flow at all anywhere. > As soon as I only allow mppe-128 and mppe-stateless to work (only those two > enabled), packets work as noted above. > > ** I have already tried running pptpd with a single local IP and multiple > local IPs in /etc/pptpd.conf (remote IPs are always multiple) and there is > no change. > > ** I downloaded the generic ppp_mppe_compressed_data_fix.diff and tried to > apply to the ppp_mppe.c file (in ppp-2.4.0 and it's patches noted above, the > .c file is located in /usr/src/linux-2.4.2/drivers/net/ppp_mppe.c)...The > patch will not apply at all (hunks not found). > > > Please help!! I have got to make this work for multiple simultaneous > clients. > > Regards, > Jim Roland, RHCE > > > --__--__-- > > Message: 6 > Date: Tue, 25 Sep 2001 08:21:44 +0100 (BST) > From: Josh Howlett > To: Jim Roland > Cc: Linux PPTP > Subject: Re: [pptp-server] MPPE issue--packets stop flowing with 2nd client or > re-establishing PPP > > Are you trying to have multiple clients over a masq'd connection? If > so, it won't work. > > josh. > > On Tue, 25 Sep 2001, Jim Roland wrote: > > > > > Perhaps you have seen this without me having to spam up email with sending 2 > > samples of debug and messages logs. No errors come up except discussion > > about pptpd buffering and reordering packets. This was normal at working > > and non-working moments. > > > > I am running the following: > > RedHat 7.1 > > kernel 2.4.2-2 > > ppp-2.4.0 (via source code) > > pptpd-1.0.1 (upgraded to 1.1.2 to eliminate "GRE: Discarded out of order > > packet" errors) > > linux-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to kernel) > > ppp-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to pppd) > > [Linux PPTP server] > > [Windows 2000 client] > > > > > > I am having 2 strange problems: > > 1) Single client only: All works fine if ppp_mppe module is NOT already > > loaded into memory when I establish a VPN connection. > > * I leave a window pinging an IP on the inside of the VPN and watch the > > /var/log/messages log on the VPN box for errors. > > * If I disconnect the VPN connection, re-establish a few seconds or > > minutes later (before a cronjob for rmmod runs removing ppp_mppe), packets > > stop pinging the instant the "MPPE 128 bit, stateless compression enabled" > > message comes up on. > > * Packets do flow ping during the time between IP address assignment and > > the "MPPE 128-bit..." entry in the log. As soon as the MPPE message comes > > up, packets stop flowing (no ping, no communication at all). > > Workaround: If I put in a line such as "/sbin/rmmod -ar ppp_mppe" in > > the /etc/ppp/ip-down script, all works fine for a SINGLE CLIENT only... > > This workaround unregisters the MPPE module when PPPd exits. When I > > reestablish a connection again, the module is reloaded into memory and all > > works like it should. > > > > 2) Multiple clients: I am presently unable to make a 2nd client work with > > the above programs and patches (packet flow confirmed by infinite pinging > > window to an IP on the inside of the VPN). > > * I connect client #1. MPPE registers, a few notes in the messages log > > about PPTPd buffering out of order packets, and all flows fine. > > * I connect client #2. Packets flow as soon as the IP address is > > assigned, but immediately stop after "MPPE 128-bit" message comes up. > > * Even though client #2 stops communicating, client #1 keeps running > > fine. > > > > > > ** Other issue: For whatever reason, the MPPE-40 option ("mppe-40") in > > /etc/ppp/options, if the 40-bit is enabled, no packets flow at all anywhere. > > As soon as I only allow mppe-128 and mppe-stateless to work (only those two > > enabled), packets work as noted above. > > > > ** I have already tried running pptpd with a single local IP and multiple > > local IPs in /etc/pptpd.conf (remote IPs are always multiple) and there is > > no change. > > > > ** I downloaded the generic ppp_mppe_compressed_data_fix.diff and tried to > > apply to the ppp_mppe.c file (in ppp-2.4.0 and it's patches noted above, the > > .c file is located in /usr/src/linux-2.4.2/drivers/net/ppp_mppe.c)...The > > patch will not apply at all (hunks not found). > > > > > > Please help!! I have got to make this work for multiple simultaneous > > clients. > > > > Regards, > > Jim Roland, RHCE > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > > > --------------------------------------- > Josh Howlett, Network Supervisor, > Networking & Digital Communications, > Information Systems & Computing, > University of Bristol, U.K. > 0117 928 7850 | josh.howlett at bris.ac.uk > --------------------------------------- > > > --__--__-- > > Message: 7 > Date: Tue, 25 Sep 2001 18:46:18 +1000 (EST) > From: Neale Banks > To: pptp-server at lists.schulte.org > Subject: [pptp-server] ppp debug help pls > > Greetings all, > > I'm trying to connect a (non-patched) linux system to Win2k pptp server > and am getting past auth but dying, apparently after successful IP > negotiations. > > The command line is: > > pptp user noauth noipdefault noccp nopcomp novj debug > > The (Debian potato default) /etc/ppp/options (with comments and blank > lines stripped out) that I'm using is: > > ====================== > asyncmap 0 > auth > crtscts > lock > hide-password > modem > proxyarp > lcp-echo-interval 30 > lcp-echo-failure 4 > noipx > ====================== > > ppp debug ends like this: > > ============================================ > Sep 25 17:56:09 gull pppd[520]: rcvd [CHAP Success id=0x0 ""] > Sep 25 17:56:09 gull pppd[520]: sent [IPCP ConfReq id=0x1 ] > Sep 25 17:56:09 gull pppd[520]: rcvd [CCP ConfReq id=0x4 < 12 06 01 00 00 b1>] > Sep 25 17:56:09 gull pppd[520]: sent [LCP ProtRej id=0x2 80 fd 01 04 00 0a 12 06 01 00 00 b1] > Sep 25 17:56:09 gull pppd[520]: rcvd [IPCP ConfReq id=0x5 ] > Sep 25 17:56:09 gull pppd[520]: sent [IPCP ConfAck id=0x5 ] > Sep 25 17:56:09 gull pppd[520]: rcvd [IPCP ConfNak id=0x1 ] > Sep 25 17:56:09 gull pppd[520]: sent [IPCP ConfReq id=0x2 ] > Sep 25 17:56:09 gull pppd[520]: rcvd [LCP TermReq id=0x6 "0\37777777636\025Q\000<\37777777715t\000\000\002\37777777746"] > Sep 25 17:56:09 gull pppd[520]: sent [LCP TermAck id=0x6] > ============================================ > > AFAICT, 172.30.1.3 is the server ppp address and we are all happy about > that. Then we seem to agree about what's presumably the local IP address. > Then we receive a TermReq with junk. :-( > > Any suggestions? > > Thanks, > Neale. > > > --__--__-- > > Message: 8 > Date: Tue, 25 Sep 2001 14:13:49 +0530 > From: "Murali K. Vemuri" > Organization: MTSS > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pam support for pptp > > hi all, > can any one help me in making my pptp / ppp server aware of "pam"? > right now, authentication is through chap. > > with thanks for your time, > > Murali Krishna Vemuri > > > --__--__-- > > Message: 9 > From: "Jim Roland" > To: "Josh Howlett" > Cc: "Linux PPTP" > Subject: Re: [pptp-server] MPPE issue--packets stop flowing with 2nd client or re-establishing PPP > Date: Tue, 25 Sep 2001 11:04:53 -0500 > > No I'm not. The box is receiving these in and not Masquerading. All works > if I don't use the MPPE module. Multiple clients work just fine without the > MPPE module. > > ----- Original Message ----- > From: "Josh Howlett" > To: "Jim Roland" > Cc: "Linux PPTP" > Sent: Tuesday, September 25, 2001 2:21 AM > Subject: Re: [pptp-server] MPPE issue--packets stop flowing with 2nd client > or re-establishing PPP > > > > Are you trying to have multiple clients over a masq'd connection? If > > so, it won't work. > > > > josh. > > > > On Tue, 25 Sep 2001, Jim Roland wrote: > > > > > > > > Perhaps you have seen this without me having to spam up email with > sending 2 > > > samples of debug and messages logs. No errors come up except discussion > > > about pptpd buffering and reordering packets. This was normal at > working > > > and non-working moments. > > > > > > I am running the following: > > > RedHat 7.1 > > > kernel 2.4.2-2 > > > ppp-2.4.0 (via source code) > > > pptpd-1.0.1 (upgraded to 1.1.2 to eliminate "GRE: Discarded out of order > > > packet" errors) > > > linux-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to kernel) > > > ppp-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to pppd) > > > [Linux PPTP server] > > > [Windows 2000 client] > > > > > > > > > I am having 2 strange problems: > > > 1) Single client only: All works fine if ppp_mppe module is NOT already > > > loaded into memory when I establish a VPN connection. > > > * I leave a window pinging an IP on the inside of the VPN and watch > the > > > /var/log/messages log on the VPN box for errors. > > > * If I disconnect the VPN connection, re-establish a few seconds or > > > minutes later (before a cronjob for rmmod runs removing ppp_mppe), > packets > > > stop pinging the instant the "MPPE 128 bit, stateless compression > enabled" > > > message comes up on. > > > * Packets do flow ping during the time between IP address assignment > and > > > the "MPPE 128-bit..." entry in the log. As soon as the MPPE message > comes > > > up, packets stop flowing (no ping, no communication at all). > > > Workaround: If I put in a line such as "/sbin/rmmod -ar ppp_mppe" > in > > > the /etc/ppp/ip-down script, all works fine for a SINGLE CLIENT only... > > > This workaround unregisters the MPPE module when PPPd exits. > When I > > > reestablish a connection again, the module is reloaded into memory and > all > > > works like it should. > > > > > > 2) Multiple clients: I am presently unable to make a 2nd client work > with > > > the above programs and patches (packet flow confirmed by infinite > pinging > > > window to an IP on the inside of the VPN). > > > * I connect client #1. MPPE registers, a few notes in the messages > log > > > about PPTPd buffering out of order packets, and all flows fine. > > > * I connect client #2. Packets flow as soon as the IP address is > > > assigned, but immediately stop after "MPPE 128-bit" message comes up. > > > * Even though client #2 stops communicating, client #1 keeps running > > > fine. > > > > > > > > > ** Other issue: For whatever reason, the MPPE-40 option ("mppe-40") in > > > /etc/ppp/options, if the 40-bit is enabled, no packets flow at all > anywhere. > > > As soon as I only allow mppe-128 and mppe-stateless to work (only those > two > > > enabled), packets work as noted above. > > > > > > ** I have already tried running pptpd with a single local IP and > multiple > > > local IPs in /etc/pptpd.conf (remote IPs are always multiple) and there > is > > > no change. > > > > > > ** I downloaded the generic ppp_mppe_compressed_data_fix.diff and tried > to > > > apply to the ppp_mppe.c file (in ppp-2.4.0 and it's patches noted above, > the > > > .c file is located in /usr/src/linux-2.4.2/drivers/net/ppp_mppe.c)...The > > > patch will not apply at all (hunks not found). > > > > > > > > > Please help!! I have got to make this work for multiple simultaneous > > > clients. > > > > > > Regards, > > > Jim Roland, RHCE > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > > > > --------------------------------------- > > Josh Howlett, Network Supervisor, > > Networking & Digital Communications, > > Information Systems & Computing, > > University of Bristol, U.K. > > 0117 928 7850 | josh.howlett at bris.ac.uk > > --------------------------------------- > > > > > > --__--__-- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > End of pptp-server Digest From arronax at eircom.net Wed Sep 26 05:41:50 2001 From: arronax at eircom.net (John Moran) Date: Wed, 26 Sep 2001 11:41:50 +0100 Subject: [pptp-server] (no subject) Message-ID: Hi I'm new to setting up a vpn server, so I apologize if this question is stupid. I've seen how it is possible to set up pptp to use the samba password file, but is it possible to configure it to get its passwords from a Windows NT box, as I want to make it as easy as possible for the users to get on as possible, and the network they're trying to get on to is an NT network. I don't want to use an NT box as the VPN server, as I also want it to act as a mail server, and don't trust the security of NT/2000. Thanks John From Josh.Howlett at bristol.ac.uk Wed Sep 26 05:52:35 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Wed, 26 Sep 2001 11:52:35 +0100 (BST) Subject: [pptp-server] (no subject) In-Reply-To: Message-ID: You can use PAP authentication and the "login" ppp option with PAM and pam_smb. This works fine, but it means using cleartext passwords. You can't use CHAP with PAM. Alternatively, you could dump the password hashes from your NT PDC to a samba password file on a regular basis (say, every 12 hours). josh. On Wed, 26 Sep 2001, John Moran wrote: > Hi > > I'm new to setting up a vpn server, so I apologize if this question is > stupid. > > I've seen how it is possible to set up pptp to use the samba password file, > but is it possible to configure it to get its passwords from a Windows NT > box, as I want to make it as easy as possible for the users to get on as > possible, and the network they're trying to get on to is an NT network. I > don't want to use an NT box as the VPN server, as I also want it to act as a > mail server, and don't trust the security of NT/2000. > > > Thanks > John > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From Thaddeus.Fortenberry at COMPAQ.com Wed Sep 26 12:32:05 2001 From: Thaddeus.Fortenberry at COMPAQ.com (Fortenberry, Thaddeus) Date: Wed, 26 Sep 2001 12:32:05 -0500 Subject: [pptp-server] (no subject) Message-ID: Can the Linux PPTP server talk to a RADIUS server? If so, could you not configure a IAS server on your internal NT/2000 network for the authentication and accounting tasks? Thaddeus -----Original Message----- From: Josh Howlett [mailto:Josh.Howlett at bristol.ac.uk] Sent: Wednesday, September 26, 2001 6:53 AM To: John Moran Cc: pptp-server Subject: Re: [pptp-server] (no subject) You can use PAP authentication and the "login" ppp option with PAM and pam_smb. This works fine, but it means using cleartext passwords. You can't use CHAP with PAM. Alternatively, you could dump the password hashes from your NT PDC to a samba password file on a regular basis (say, every 12 hours). josh. On Wed, 26 Sep 2001, John Moran wrote: > Hi > > I'm new to setting up a vpn server, so I apologize if this question is > stupid. > > I've seen how it is possible to set up pptp to use the samba password file, > but is it possible to configure it to get its passwords from a Windows NT > box, as I want to make it as easy as possible for the users to get on as > possible, and the network they're trying to get on to is an NT network. I > don't want to use an NT box as the VPN server, as I also want it to act as a > mail server, and don't trust the security of NT/2000. > > > Thanks > John > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From admin at coldtech.com Wed Sep 26 12:29:05 2001 From: admin at coldtech.com (Michael C. Mitchell) Date: Wed, 26 Sep 2001 13:29:05 -0400 Subject: [pptp-server] Updated documentation/FAQ's? Message-ID: <6372D899503ED311BAC30090277681EE16E568@COLDNT> I recently upgraded my pptp host machine to Redhat 7.1 and the 2.4.X Kernels effectively breaking my pptp capabilities. Does anyone have any good sources of info on how to get these to work together? It seems no encryption patches exist since ppp 2.3.11. My apologies if this was answered before, which I have no doubt it was, but I just re subscribed to the list after quite a long time of happy VPN'ing :P From charlieb at e-smith.com Wed Sep 26 13:00:33 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 26 Sep 2001 14:00:33 -0400 (EDT) Subject: [pptp-server] Updated documentation/FAQ's? In-Reply-To: <6372D899503ED311BAC30090277681EE16E568@COLDNT> Message-ID: On Wed, 26 Sep 2001, Michael C. Mitchell wrote: > I recently upgraded my pptp host machine to Redhat 7.1 > and the 2.4.X Kernels effectively breaking my pptp capabilities. > > Does anyone have any good sources of info on how to get these > to work together? It seems no encryption patches exist since > ppp 2.3.11. ftp://ftp.e-smith.org/pub/e-smith/releases/4.1.2/SRPMS/ppp-2.4.0-10.src.rpm contains a full set of patches which have been forward ported to ppp 2.4.0. That particular RPM is configured to compile against kernel 2.2.16-22 (IIRC), you may need to do some more patching for the 2.4.x kernel. A point for all to note here is that we only need to build a new ppp.o file because of a poor choice of technique for passing the encryption keys up to the kernel. This requires a bigger parameter block than the limit which is compiled into ppp.o. If a pointer to the key were to be passed up from pppd to the kernel, then the pointer will fit into the standard parameter block, and the mppe module could use the pointer to do a copy from user to kernel space. This would mean that only a new pppd and mppe.o module would be required, and the standard ppp.o module could be used unmodified. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From florian.boelstler at orbiz.com Thu Sep 27 09:01:12 2001 From: florian.boelstler at orbiz.com (Florian Boelstler) Date: Thu, 27 Sep 2001 16:01:12 +0200 Subject: [pptp-server] newbie questions: PPTP over IPsec-tunnel Message-ID: <3BB33128.6DAAD98D@orbiz.com> hi all, nice to know a list like this! :) i have following problems: i have successfully set up a vpn with freeswan using ipsec protocol. also windows clients with pgpnet using the tunnel are possible. but a major problem is to get a virtual ip for the windows box. somebody told me that it?s possible to get this via pptpd. windows clients should connect to a standard internet provider and get a dynamic ip. after that they create a secure tunnel with pgpnet and freeswan. additionaly connect with windows built-in pptp-client to get a virtual ip. all traffic should be encryted through the freeswan-ipsec-tunnel. so i don?t need any encryption by pptp/pppd. i have done a test setup in our LAN, but i always get i/o errors. is it possible to test this in a LAN? or do i need a real dial-up adapter on windows? tia much greets to all! florian -- ----------------------------------------------------------------- Florian Boelstler | eMail : florian.boelstler at orbiz.com orbiz Software GmbH | www : http://www.orbiz.com Blarerstr. 56 | tel : +49 7531 12877-70 D-78462 Konstanz | fax : +49 7531 12877-77 From charlieb at e-smith.com Thu Sep 27 10:54:52 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 27 Sep 2001 11:54:52 -0400 (EDT) Subject: [pptp-server] Updated documentation/FAQ's? In-Reply-To: <574607996176D51195A400A0C90AB760C9A1@mail.gillnet.org> Message-ID: On Wed, 26 Sep 2001, Gill, Vern wrote: > You can get all the patches for kernel/ppp-2.4.x at > http://linus.dns2go.com and click the PPP link That doesn't seem to be true. I get a connection refused error. That would seem to apply that your dns2go is not up to date, or you are not running a web server, or your ISP is blocking port 80. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From admin at coldtech.com Thu Sep 27 15:13:20 2001 From: admin at coldtech.com (Michael C. Mitchell) Date: Thu, 27 Sep 2001 16:13:20 -0400 Subject: [pptp-server] Updated documentation/FAQ's? Message-ID: <6372D899503ED311BAC30090277681EE16E56A@COLDNT> -----Original Message----- From: Charlie Brady [mailto:charlieb at e-smith.com] Sent: Thursday, September 27, 2001 11:55 AM To: Gill, Vern Cc: Michael C. Mitchell; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] Updated documentation/FAQ's? On Wed, 26 Sep 2001, Gill, Vern wrote: > You can get all the patches for kernel/ppp-2.4.x at > http://linus.dns2go.com and click the PPP link That doesn't seem to be true. I get a connection refused error. That would seem to apply that your dns2go is not up to date, or you are not running a web server, or your ISP is blocking port 80. Worked for me and I downloaded the patch. I have managed to patch ppp and when attempting to connect from a remote linux box using pptp I receive the following errors from pptpd: EOF or bad error reading ctrl packet length. Couldn't read packet header(exit) I shut iptables down completely to ensure it wasn't a firewall issue, I don't quite understand yet whats going on. I suppose I will have to dig into it further on Monday. From charlieb at e-smith.com Thu Sep 27 21:55:39 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 27 Sep 2001 22:55:39 -0400 (EDT) Subject: [pptp-server] Updated documentation/FAQ's? In-Reply-To: <574607996176D51195A400A0C90AB760C9B0@mail.gillnet.org> Message-ID: On Thu, 27 Sep 2001, Gill, Vern wrote: > I am not sure when you were trying, but I was manipulating my iptables > configs a couple days ago. You should try again... I've tried again, at various times today, including just now. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From jroland at roland.net Fri Sep 28 10:52:31 2001 From: jroland at roland.net (Jim Roland) Date: Fri, 28 Sep 2001 10:52:31 -0500 Subject: [pptp-server] Updated documentation/FAQ's? References: Message-ID: <002901c14835$95a54f30$bb1cfa18@JimWS> Will these patches work with kernel 2.4.x and support multiple simultaneous connections? I have been unable to make multiple simultaneous connections work (it works with multiple people if mppe is not used). ----- Original Message ----- From: "Charlie Brady" To: "Gill, Vern" Cc: "Michael C. Mitchell" ; Sent: Thursday, September 27, 2001 10:54 AM Subject: RE: [pptp-server] Updated documentation/FAQ's? > > On Wed, 26 Sep 2001, Gill, Vern wrote: > > > You can get all the patches for kernel/ppp-2.4.x at > > http://linus.dns2go.com and click the PPP link > > That doesn't seem to be true. I get a connection refused error. That would > seem to apply that your dns2go is not up to date, or you are not running a > web server, or your ISP is blocking port 80. > > Charlie Brady charlieb at e-smith.com > Lead Product Developer > Network Server Solutions Group http://www.e-smith.com/ > Mitel Networks Corporation http://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From jroland at roland.net Fri Sep 28 15:24:45 2001 From: jroland at roland.net (Jim Roland) Date: Fri, 28 Sep 2001 15:24:45 -0500 Subject: [pptp-server] Updated documentation/FAQ's? References: <574607996176D51195A400A0C90AB760C9B7@mail.gillnet.org> Message-ID: <001b01c1485b$9d91b3c0$a000a8c0@gespl2k1> Well, I think the issue is with the MPPE module. If I force the clients to go without encryption (connect without MPPE support) and the server has MPPE options commented-out and ppp_mppe.o module unloaded, multiple simultaneous clients work flawlessly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jim Roland, RHCE (RedHat Certified Engineer) Owner, Roland Internet Services "The four surefire rules for success: Show up, Pay attention, Ask questions, Don't quit." --Rob Gilbert, PH.D. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----- Original Message ----- From: "Gill, Vern" To: "'Jim Roland'" ; "Charlie Brady" Cc: "Linux PPTP" ; Sent: Friday, September 28, 2001 2:19 PM Subject: RE: [pptp-server] Updated documentation/FAQ's? > No. That, as far as I can tell, would require a conntrack module for > netfilter. Which, to my knowledge, has not been written (yet) > > I think someone is working on it, but you would have to look thru the > netfilter maillist archives to be sure... > > -----Original Message----- > From: Jim Roland [mailto:jroland at roland.net] > Sent: Friday, September 28, 2001 8:53 AM > To: Charlie Brady > Cc: Linux PPTP; admin at coldtech.com; vgill at technologist.com > Subject: Re: [pptp-server] Updated documentation/FAQ's? > > > Will these patches work with kernel 2.4.x and support multiple > simultaneous > connections? I have been unable to make multiple simultaneous > connections > work (it works with multiple people if mppe is not used). > > ----- Original Message ----- > From: "Charlie Brady" > To: "Gill, Vern" > Cc: "Michael C. Mitchell" ; > > Sent: Thursday, September 27, 2001 10:54 AM > Subject: RE: [pptp-server] Updated documentation/FAQ's? > > > > > > On Wed, 26 Sep 2001, Gill, Vern wrote: > > > > > You can get all the patches for kernel/ppp-2.4.x at > > > http://linus.dns2go.com and click the PPP link > > > > That doesn't seem to be true. I get a connection refused error. That > would > > seem to apply that your dns2go is not up to date, or you are not > running a > > web server, or your ISP is blocking port 80. > > > > Charlie Brady charlieb at e-smith.com > > Lead Product Developer > > Network Server Solutions Group http://www.e-smith.com/ > > Mitel Networks Corporation http://www.mitel.com/ > > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From ybzhg at sina.com Sat Sep 29 04:47:40 2001 From: ybzhg at sina.com (ybzhg at sina.com) Date: Sat, 29 Sep 2001 17:47:40 +0800 Subject: [pptp-server] how to access subnet? Message-ID: <20010929094740.6508.qmail@sina.com> I have a pptp server running in linux set up on my office LAN. Red Hat 6.2 Kernel rpm RedHat 2.2.19-6.2.7 Server pptpd PoPToP v1.0.1 I can connect to the server and ping to it fine, but I can't ping any other hosts on the office subnet. I have ip-forwarding turned on and I have proxyarp set in the ppp/options file. What can be wrong? -- cut from /etc/pptpd.conf -- localip 192.168.0.120 remoteip 192.168.0.100-119 -- end of cut -- --cut from /etc/ppp/options-- name vip noauth #require-chap proxyarp --end of cut-- --cut from /etc/ppp/chap-secrets-- vip * vip -- end of cut-- 192.168.0.254 192.168.0.16 ________ ______ _____ | | | | | | | client |--------------------------> | pptp |----->| host | | | | srvr | | | |________| |______| |______| H H H H H H H===================================H 192.168.0.100 pptp connection 192.168.0.120 please answer me as soon as possible.Thanks ______________________________________ =================================================================== ???????????????? (http://mail.sina.com.cn) ?????????????????????? ???????????????? (http://cheese.sina.com.cn/ticket.html) ?????????????????????????????????????????? (http://classad.sina.com.cn/) From jroland at roland.net Sat Sep 29 11:13:37 2001 From: jroland at roland.net (Jim Roland) Date: Sat, 29 Sep 2001 11:13:37 -0500 Subject: [pptp-server] how to access subnet? References: <20010929094740.6508.qmail@sina.com> Message-ID: <001201c14901$b2279ce0$bb1cfa18@JimWS> Send your entire /etc/ppp/options file and what client OS is (Windows, Linux, etc). Output the route settings from the client (Linux=route -n , Windows=route print) ----- Original Message ----- From: To: Sent: Saturday, September 29, 2001 4:47 AM Subject: [pptp-server] how to access subnet? > I have a pptp server running in linux set up on my office LAN. > > Red Hat 6.2 > Kernel rpm RedHat 2.2.19-6.2.7 > Server pptpd PoPToP v1.0.1 > > I can connect to the server and ping to it fine, but I can't ping any other hosts on the office subnet. I have ip-forwarding turned on and I have proxyarp set in the ppp/options file. What can be wrong? > > -- cut from /etc/pptpd.conf -- > localip 192.168.0.120 > remoteip 192.168.0.100-119 > -- end of cut -- > > --cut from /etc/ppp/options-- > name vip > noauth > #require-chap > proxyarp > --end of cut-- > > --cut from /etc/ppp/chap-secrets-- > vip * vip > -- end of cut-- > > 192.168.0.254 192.168.0.16 > ________ ______ _____ > | | | | | | > | client |--------------------------> | pptp |----->| host | > | | | srvr | | | > |________| |______| |______| > H H > H H > H H > H===================================H > 192.168.0.100 pptp connection 192.168.0.120 > > please answer me as soon as possible.Thanks > > > ______________________________________ > > =================================================================== > ???????????????? (http://mail.sina.com.cn) > ?????????????????????? ???????????????? (http://cheese.sina.com.cn/ticket.html) > ?????????????????????????????????????????? (http://classad.sina.com.cn/) > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From djm at wiz.net.au Sun Sep 30 00:01:58 2001 From: djm at wiz.net.au (David Moylan) Date: Sun, 30 Sep 2001 15:01:58 +1000 Subject: RES: [pptp-server] MPPC support in PPTD In-Reply-To: Message-ID: <000001c1496d$0a8006f0$1464a8c0@dmoylan> why would you want to implement MPPC over a compressed link anyway? i mean, chances are you are remotely connecting via (a) a dialup modem or (b) a dialup ISDN/ADSL link or similar both these mediums will be compressing anyhow. and won't you have something like VJ or COMPRESS with ppp? double compression brings down the performance and creates more traffic. cheers, Wiz!! -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Charlie Brady Sent: Wednesday, 29 August 2001 5:47 am To: Patrick LIN Cc: akerr at uol.com.br; PPTP Server Mailing list Subject: Re: RES: [pptp-server] MPPC support in PPTD On Tue, 28 Aug 2001, Patrick LIN wrote: > MPPC = Microsoft Point to Point Compression > MPPE = Microsoft Point to Point Encryption I know! I am trying to tell you that. I am also trying to tell you that as far as I can tell, nobody has written any mppc code for pppd/pptpd for linux. Hence you cannot have the little bit of compression that you desire. Regards -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From djm at wiz.net.au Sun Sep 30 00:04:13 2001 From: djm at wiz.net.au (David Moylan) Date: Sun, 30 Sep 2001 15:04:13 +1000 Subject: [pptp-server] Win NT Problem In-Reply-To: Message-ID: <000601c1496d$599403e0$1464a8c0@dmoylan> are all the WIN98/WIN2K machines connecting in via pptp to the Windows NT server? is there a firewall involved? i think we need some more information on your configuration to be able to give some starting points. cheers, Wiz!! -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Mahbod Mahmodani Sent: Monday, 24 September 2001 3:38 am To: VPN MailList Subject: [pptp-server] Win NT Problem Hello Everyone, I was wondering if anyone can help me with a problem I have. I have a Win NT machine working as a server which has approx. 100 client machines connected to it. Every now and then a machine will be kicked off the network. The clients are Win98 and Win2000 machines. I don't know If I have a licencing problem here or lack of network resources. Could someone tell me what are some possible solutions for this problem. Thank you, Mahbod M. --- THE EARTH IS BUT ONE COUNTRY AND MANKIND ITS CITIZENS. -BAHA'U'LLAH- Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From marklanglite at hotmail.com Sun Sep 30 17:13:37 2001 From: marklanglite at hotmail.com (Mark Langlite) Date: Sun, 30 Sep 2001 15:13:37 -0700 Subject: [pptp-server] insmod won't work on bsd_comp.o while adding MSCHAPV2 Message-ID: I am trying to add the MSCHAPV2 patch to pptpd (via ppp-2.3.11) as per poptop.lineo.com. Things work pretty much alright until I do a "modprobe ppp", (or else I do an "insmode bsd_comp.o"), and get the following messages: /lib/modules/2.2.19/net/bsd_comp.o: couldn't find the kernel version the module was compiled for /lib/modules/2.2.19/net/bsd_comp.o: insmod /lib/modules/2.2.19/net/bsd_comp.o failed /lib/modules/2.2.19/net/bsd_comp.o: insmod ppp failed I would like it if someone can explain to me how to resolve this problem, so here are the steps I took leading up to the problem: 1) I was running successfully on Redhat 6.2, kernel 2.2.14-5.0 ("out of the box"). I then upgraded the kernel to 2.2.19 and everything is running fine. I did all steps listed below running from 2.2.19 (I don't even use 2.2.14-5.0 any more). 2) I have a Pentium II/233 with 128 meg RAM 3) I un-tar and install pptpd-1.0.1.tar.gz 4) I get pptpd working successfully, (but without MSCHAPV2). I can connect remotely. 5) I then follow the "Redhat PoPToP HOWTO" to apply the MSCHAPV2 patch 6) First I un-tar ppp-2.3.11.tar.gz and linux-2.2.19.tar.gz (for kernel 2.2.19) 7) I then apply the MSCHAPV2 patches, but find that one of these patches referenced in the HOWTO never works, (ie: the patch ppp-2.3.11-openssl-0.9.5-mppe.patch.gz always reports loads of bad hunks). I check out poptop.lineo.com and find a different MSCHAPV2 patch that actually patches successfully, called ppp-2.3.11-openssl-norc4-mppe.patch.gz. I use it instead and there are no bad hunks - the patch appears to run good. I then apply the second patch called ppp_mppe_compressed_data_fix.diff successfully. 8) To avoid the "PPP_MAGIC" errors during the kernel build I edit the if_ppp.h file in /usr/src/linux/include/linux to include two new lines as follows (this suggestion is from http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt): #define PPP_VERSION "2.3.11" #define PPP_MAGIC 0x5002 /* Magic value for the ppp structure */ 9) I do a "make menuconfig" to set up kernel 2.2.19 options. 10) I do a "make dep" and "make clean" 11) In the "ppp-2.3.11" folder I do a "./configure", "make", "make kernel", and "make install". 12) To avoid the error "dereferencing pointer to incomplete type" while building the kernel I have to copy rc4*.* from /openssl-0.9.5/crypto/rc4 into /usr/src/linux/drivers/net. 13) I build the kernel with "make bzImage". It seems to go just fine. 14) In "/usr/src/linux" I do a "make modules SUBDIRS=drivers/net". 15) In "/usr/src/linux" I do a "make mdoules_install", and "depmod -a 2.2.19", as well as "depmod -a". 16) I copy ppp.o, slhc.o, bsd_comp.o, ppp_deflate.o, and ppp_mppe.o from /usr/src/linux/drivers/net into /lib/modules/2.2.19/net. 17) I edit /etc/conf.modules so that it has at least the following info: alias char-major-108 off alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate 18) I do an "lsmod" and it reports only two modules, 3C509 and eepro100, (my two network cards). 19) I do a "modprobe ppp" and get the errors with bsd_comp.o that I listed at the top of this post. Does anyone have an idea what the problem is with bsd_comp.o? By the way I had already built kernel 2.2.19 successfully prior to attempting the ppp-2.3.11 and MSCHAPV2 installations. In fact I am running on kernel 2.2.19 all the time, (I rebuild the kernel only to include MSCHAPV2 functionality with pptpd). Also, as a test of the kernel versions, I try "insmod" on the bsd_comp.o found under the kernel 2.2.14-5.0 folder on my linux box and it definitely says it is the wrong kernel version for that file (this is good, because bsd_comp wasn't built under the 2.2.14-5.0 kernel. It was built under the 2.2.19 kernel). Thanks for help in advance, Mark Langlite _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp