From matt at tempo.com.au Thu Aug 1 21:20:53 2002 From: matt at tempo.com.au (Matthew Gavin) Date: Fri, 2 Aug 2002 12:20:53 +1000 Subject: [pptp-server] Windows XP, and it's inability to Browse HTML pages when on VPN. Message-ID: Hi all, I recently upgraded my VPN to pptpd-1.1.3-1 and ppp-mppe-2.4.1-6. Everything has been working perfectly, however... I just found that Windows XP cannot view Web Pages, in particular my Intranet. Windows 2000/NT4/9x have no problems whatsoever. My config is very simple (follows), I'm at a loss here... I know it is VPN related because when the user dials in directly via ppp, the Intranet page is accessible. As soon as I get him to connect through the VPN, it fails. I don't get any errors, the page just does not load. All clients are using Internet Explorer 6.0x... Has anyone encounter this before? /etc/ppp/options.pptpd: # lock debug name poptop proxyarp #chapms-strip-domain +chap #-chap -chapms +chapms-v2 mppe-128 mppe-stateless #ms-wins your.server.here ms-dns 10.1.1.2 -------------------------------------------- /etc/pptpd.conf: # option /etc/ppp/options.pptpd debug localip 203.41.208.130 remoteip 203.41.208.192-253 Thanks in advance. Matt Gavin From brent.w at infosynergy.com.au Thu Aug 1 21:34:01 2002 From: brent.w at infosynergy.com.au (Brent Wallis) Date: Fri, 2 Aug 2002 12:34:01 +1000 Subject: [pptp-server] Windows XP, and it's inability to Browse HTML pages when on VPN. In-Reply-To: Message-ID: Hi, Although you don;t mention it, are you using an HTTP proxy like squid? If so, try an explicit exception in your proxy setup for the IP of the Intranet. I have had the same prob and it seems related to IE6 proxy implementations. *shrug* it's just a stab, but worth a try based on your info here. You don;t mention any tests in lower layers... Can you ping the Intranet servers IP from the XP box? If so, can you ping by FQDN? If so, is there a proxy inbetween? Is the poptop server on a Firewall configed for proxy access but not http? (ie: is say port 3128 open for your proxy but port 80 closed for the direction your data is trying to travel?) Have you tried flushing IE6.0's cache on said XP box? Anything else you can offer by way of info? Brent Wallis PS: Is there a reason for the public IPs being used for PopTop connections? -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Matthew Gavin Sent: Friday, 2 August 2002 12:21 PM To: PPTPD User Group Subject: [pptp-server] Windows XP, and it's inability to Browse HTML pages when on VPN. Hi all, I recently upgraded my VPN to pptpd-1.1.3-1 and ppp-mppe-2.4.1-6. Everything has been working perfectly, however... I just found that Windows XP cannot view Web Pages, in particular my Intranet. Windows 2000/NT4/9x have no problems whatsoever. My config is very simple (follows), I'm at a loss here... I know it is VPN related because when the user dials in directly via ppp, the Intranet page is accessible. As soon as I get him to connect through the VPN, it fails. I don't get any errors, the page just does not load. All clients are using Internet Explorer 6.0x... Has anyone encounter this before? /etc/ppp/options.pptpd: # lock debug name poptop proxyarp #chapms-strip-domain +chap #-chap -chapms +chapms-v2 mppe-128 mppe-stateless #ms-wins your.server.here ms-dns 10.1.1.2 -------------------------------------------- /etc/pptpd.conf: # option /etc/ppp/options.pptpd debug localip 203.41.208.130 remoteip 203.41.208.192-253 Thanks in advance. Matt Gavin _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From matt at tempo.com.au Thu Aug 1 21:44:26 2002 From: matt at tempo.com.au (Matthew Gavin) Date: Fri, 2 Aug 2002 12:44:26 +1000 Subject: [pptp-server] Windows XP, and it's inability to Browse HTML pages when on VPN. In-Reply-To: Message-ID: Hi Brent, thanx for your reply... answers inline. > Although you don;t mention it, are you using an HTTP proxy like squid? > If so, try an explicit exception in your proxy setup for the IP of the > Intranet. Interesting, will look at that. It works for Windows 2000/NT4/9x, and I have not touched the firewall for months. So I would assume it is a requirement of XP only. > Can you ping the Intranet servers IP from the XP box? I can ping and telnet to any of the hosts. I can even telnet to them on port 80. It is just IE that is having a fit. > If so, can you ping by FQDN? Yes. > If so, is there a proxy inbetween? No. > Is the poptop server on a Firewall configed for proxy access but not http? The poptop server has no firewall, but their is a Cisco in between them and http is enabled. > Have you tried flushing IE6.0's cache on said XP box? > Anything else you can offer by way of info? Yes. > PS: Is there a reason for the public IPs being used for PopTop connections? I can't believe I did not edit those out, I normally 203.x.x.x them. Not happy about that. The server is in a DMZ, We have a Class C and using the 203 subnet which helps with smtpd rules and a number of other firewall variables. From jvonau at shaw.ca Thu Aug 1 23:01:00 2002 From: jvonau at shaw.ca (Jerry Vonau) Date: Thu, 01 Aug 2002 23:01:00 -0500 Subject: [pptp-server] Windows XP, and it's inability to Browse HTML pages when on VPN. Message-ID: <01C239AF.4E9D8000.jvonau@shaw.ca> Try setting the mtu option in the /options.pptpd file. I dug this out of my email You'll have to read the thread from the bottom up: Jerry, mtu 1452 in pptp options file FIXED the URL problem!! I'll try OutLook tomorrow. THANKS! Joe Polcari wrote: > Jerry, > > Does this mean that since I am masqing anything coming in on my eth0 interface > and going out any interface except eth0, that I should set eth0 MTU > to 1452 or the PPP interface MTU to 1452? > > Joe > > Jerry Vonau wrote: > > > Joe: > > > > Well I'll try to explain.. > > > > The web server on the lan see the pptp server's lan card has > > a mtu of 1500, > > but if it sends the max of 1500 then it will not fit into > > the ppp frame. > > There is overhead involved with the encapsulation, as a > > result it has to > > fragment the frame. If it has the "don't fragment bit" set > > then it can't > > go any farther down the pipe.... > > > > Found this at : > > http://feenix.burgiss.net/ldp/adsl/configure.html > > > > ----quote------ > > > > Note: PPPoE adds 8 bytes of extra overhead to the ethernet > > frames > > and the correct maximum setting for the ppp0 interface MTU > > is > > 1492. If the MTU is set too high, it may cause failure of > > some web > > pages to load properly, and possibly other annoying problems > > related > > to Path MTU Discovery. You may need to also set the MTU for > > interfaces > > on any masqueraded LAN connections MTU to 1452. This does > > not apply to > > PPPoA, or bridged configurations, just PPPoE! > > ---------------- > > > > Since both PPPoE and PPTP run on PPPD this may be the same > > type of problem. > > > > Just a shot in the dark, but it fits what your are > > describing > > > > Jerry > > > > Joe Polcari wrote: > > > > > > No, I haven't. Can you explain why that might make a difference > > > based on the address of the web page??? > > > > > > Jerry Vonau wrote: > > > > > > > Joe: > > > > > > > > Have you tried playing with the mtu settings on either the ppp link or the > > > > ethernet interface for the lan? Sounds like a fragmentation problem to me, similar > > > > to some PPPoE problems loading web pages. > > > > > > > > Jerry Vonau > > > > > > > > Joe Polcari wrote: > > > > > > > > > Nope. That's not it. > > > > > I can go to http://www.vibrationresearch.com or > > > > > http://www.vibrationresearch.com/ > > > > > but not to > > > > > http://www.vibrationresearch.com/pptpd or > > > > > http://www.vibrationresearch.com/pptpd/ > > > > > > > To see more info, follow the thread - Joe http://lists.schulte.org/pipermail/pptp-server/ Dec 2001 to view the whole thread -----Original Message----- From: Matthew Gavin [SMTP:matt at tempo.com.au] Sent: Thursday, August 01, 2002 09:21 PM To: PPTPD User Group Subject: [pptp-server] Windows XP, and it's inability to Browse HTML pages when on VPN. Hi all, I recently upgraded my VPN to pptpd-1.1.3-1 and ppp-mppe-2.4.1-6. Everything has been working perfectly, however... I just found that Windows XP cannot view Web Pages, in particular my Intranet. Windows 2000/NT4/9x have no problems whatsoever. My config is very simple (follows), I'm at a loss here... I know it is VPN related because when the user dials in directly via ppp, the Intranet page is accessible. As soon as I get him to connect through the VPN, it fails. I don't get any errors, the page just does not load. All clients are using Internet Explorer 6.0x... Has anyone encounter this before? /etc/ppp/options.pptpd: # lock debug name poptop proxyarp #chapms-strip-domain +chap #-chap -chapms +chapms-v2 mppe-128 mppe-stateless #ms-wins your.server.here ms-dns 10.1.1.2 -------------------------------------------- /etc/pptpd.conf: # option /etc/ppp/options.pptpd debug localip 203.41.208.130 remoteip 203.41.208.192-253 Thanks in advance. Matt Gavin _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From brent.w at infosynergy.com.au Fri Aug 2 00:34:03 2002 From: brent.w at infosynergy.com.au (Brent Wallis) Date: Fri, 2 Aug 2002 15:34:03 +1000 Subject: [pptp-server] Windows XP, and it's inability to Browse HTML pages when on VPN. In-Reply-To: Message-ID: Hi, My replies below :) >Hi Brent, thanx for your reply... answers inline. No probs... >> Although you don;t mention it, are you using an HTTP proxy like squid? >> If so, try an explicit exception in your proxy setup for the IP of the >> Intranet. >Interesting, will look at that. It works for Windows 2000/NT4/9x, and I have not touched >the firewall for months. So I would assume it is a requirement of XP only. Strangely no. It's one of those "mystical" win probs I am sure everyone has experienced. Note that it's difficult to get to the root of the cause here and we are still working on what the problem actually is...I hate offering that sort of crap but I have to be honest..:) >> Can you ping the Intranet servers IP from the XP box? >I can ping and telnet to any of the hosts. I can even telnet to them on port 80. It is >just IE that is having a fit. >> If so, can you ping by FQDN? >Yes. >> If so, is there a proxy inbetween? >No. >> Is the poptop server on a Firewall configed for proxy access but not http? >The poptop server has no firewall, but their is a Cisco in between them and http is >enabled. Hmm, couple o things (no need to answer jus thinking aloud.:): - Could the Cisco Ext ACLs for http be blocking your host/network range for PopTop connections? (I hate Cisco ACLs...especially that last line they recommend..."permit ip any any") - Has your XP box correctly picked up the right Name server for the LAN where you Intranet resides...(have assumed you have a split DNS and that the Intranet is on a "reserved/private" subnet) - How about the proxy settings for the VPN interface setup on the XP box. These appear under tools|options on IE. Each network interface can be configed to work with different proxies....I think by default that IE sets "automatically detect" by default. If that is set on the box in question and there is no proxy, then that may be it...try unchecking this option and restarting the browser. The fundamentals, seem A1 due to the relevant ping and name resolution tests. If all else fails, I have found running tcpdump during a connection attempt will almost always point to the cause. Generally, if the XP box is doing it's thing properly, and if there is an issue in your network design, then this will show it up. If tcpdump doesn;t see ANY of the relevant traffic then the prob will lie with the box. something like: "tcpdump -i host and port 80" would do it....changing the host IP to the Intranet server IP in this command allows you to look at the same traffic from a different perspective.... I know this ain't much but hope it helps....:) Brent >> PS: Is there a reason for the public IPs being used for PopTop connections? >I can't believe I did not edit those out, I normally 203.x.x.x them. Not happy about that. >The server is in a DMZ, We have a Class C and using the 203 subnet which helps with smtpd >rules and a number of other firewall variables. I had my eyes closed..|-) From bao at gibbons.com Tue Aug 6 14:13:56 2002 From: bao at gibbons.com (bao) Date: Tue, 06 Aug 2002 12:13:56 -0700 Subject: [pptp-server] pptp uses wrong adapter Message-ID: <3D501FF4.1EB58C48@gibbons.com> Hello group I have configured a poptop server to share file successfully. I dial up to my ISP, establish a VPN connection to the poptop server, and share files. I want to be capable of reading mail using the same method, routing IMAP packets through the VPN tunnel. But when I do a retrieval, the client uses the PPP adapter which connects it to my ISP. Whatever method it uses, I don't know, but it sends IMAP packets to the poptop server with the SrcIP the one assigned by my ISP. This is then denied by the firewall on the server. Does anyone have any idea of what is going on ?? Any help is appreciated. From lutz.niederer at gmx.net Sat Aug 3 07:17:47 2002 From: lutz.niederer at gmx.net (lutz.niederer at gmx.net) Date: Sat, 3 Aug 2002 14:17:47 +0200 (MEST) Subject: [pptp-server] HELP: PTY read or GRE write failed (pty,gre)=(5,6) Message-ID: <20946.1028377067@www32.gmx.net> hello all, i do have a problem that i saw in lots of postings but without any qualified answer. i always get the following error: Aug 3 13:36:54 sy pptpd[4338]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 3 13:36:54 sy pptpd[4338]: CTRL: local address = 192.168.50.50 Aug 3 13:36:54 sy pptpd[4338]: CTRL: remote address = 192.168.50.51 Aug 3 13:36:54 sy pptpd[4338]: CTRL: pppd options file = /etc/ppp/options.pptpd Aug 3 13:36:54 sy pptpd[4338]: CTRL: Client 10.252.201.100 control connection started Aug 3 13:36:54 sy pptpd[4338]: CTRL: Received PPTP Control Message (type: 1) Aug 3 13:36:54 sy pptpd[4338]: CTRL: Made a START CTRL CONN RPLY packet Aug 3 13:36:54 sy pptpd[4338]: CTRL: I wrote 156 bytes to the client. Aug 3 13:36:54 sy pptpd[4338]: CTRL: Sent packet to client Aug 3 13:36:54 sy pptpd[4338]: CTRL: Received PPTP Control Message (type: 7) Aug 3 13:36:54 sy pptpd[4338]: CTRL: Set parameters to 1525 maxbps, 64 window size Aug 3 13:36:54 sy pptpd[4338]: CTRL: Made a OUT CALL RPLY packet Aug 3 13:36:54 sy pptpd[4338]: CTRL: Starting call (launching pppd, opening GRE) Aug 3 13:36:54 sy pptpd[4338]: CTRL: pty_fd = 5 Aug 3 13:36:54 sy pptpd[4338]: CTRL: tty_fd = 6 Aug 3 13:36:54 sy pptpd[4338]: CTRL: I wrote 32 bytes to the client. Aug 3 13:36:54 sy pptpd[4339]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 3 13:36:54 sy pptpd[4338]: CTRL: Sent packet to client Aug 3 13:36:54 sy pptpd[4339]: CTRL (PPPD Launcher): local address = 192.168.50.50 Aug 3 13:36:54 sy pptpd[4339]: CTRL (PPPD Launcher): remote address = 192.168.50.51 Aug 3 13:36:54 sy pptpd[4338]: GRE: read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = Input/output error Aug 3 13:36:54 sy pptpd[4338]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Aug 3 13:36:54 sy pptpd[4338]: CTRL: Client 10.252.201.100 control connection finished Aug 3 13:36:54 sy pptpd[4338]: CTRL: Exiting now Aug 3 13:36:54 sy pptpd[3791]: MGR: Reaped child 4338 but, i do not have any form of firewalling between the two machines, they are on the same cable. i tried to apply the netfilter patch to my rh 2.4.18-5 kernel (& enabled iptables) but i still get the same messages. poptop and friends are the lastest i could get. i used the rpm packages except for the kernel. tcpdump showed that it seems to be a problem with gre. i saw no gre communication. but all modules ppp* und ip_gre are loaded (i need to load them manually even if they are mentioned in modules.conf). are there any things i forgot with the kernel? are there any settings in the conf files i forgot? ... any help is really welcome !! thanks, L* -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From lutz.niederer at gmx.net Sat Aug 3 07:31:19 2002 From: lutz.niederer at gmx.net (lutz.niederer at gmx.net) Date: Sat, 3 Aug 2002 14:31:19 +0200 (MEST) Subject: [pptp-server] HELP[2]: PTY read or GRE write failed (pty,gre)=(5,6) Message-ID: <7345.1028377879@www32.gmx.net> hi again, and btw, sometimes (really not often) i can see the following output from tcpdump: 14:23:35.061286 10.252.201.100.isakmp > 10.252.201.1.isakmp: isakmp: phase 1 I ident: [|sa] 14:23:35.061339 10.252.201.1 > 10.252.201.100: icmp: 10.252.201.1 udp port isakmp unreachable [tos 0xc0] 14:23:36.061303 10.252.201.100.isakmp > 10.252.201.1.isakmp: isakmp: phase 1 I ident: [|sa] 14:23:36.061339 10.252.201.1 > 10.252.201.100: icmp: 10.252.201.1 udp port isakmp unreachable [tos 0xc0] 14:23:36.665167 arp who-has 10.252.201.40 tell 10.252.201.1 14:23:36.668015 arp reply 10.252.201.40 is-at 0:2:2d:1d:5b:8 14:23:38.064339 10.252.201.100.isakmp > 10.252.201.1.isakmp: isakmp: phase 1 I ident: [|sa] 14:23:38.064375 10.252.201.1 > 10.252.201.100: icmp: 10.252.201.1 udp port isakmp unreachable [tos 0xc0] 14:23:40.852788 10.252.201.40.4961 > 10.252.201.1.imap: P 719836991:719836997(6) ack 3823258589 win 16602 (DF) 14:23:42.070403 10.252.201.100.isakmp > 10.252.201.1.isakmp: isakmp: phase 1 I ident: [|sa] 14:23:42.070438 10.252.201.1 > 10.252.201.100: icmp: 10.252.201.1 udp port isakmp unreachable [tos 0xc0] 14:23:42.564828 10.252.201.100.isakmp > 10.252.201.1.isakmp: isakmp: phase 2/others I inf: [|d] 14:23:42.564863 10.252.201.1 > 10.252.201.100: icmp: 10.252.201.1 udp port isakmp unreachable [tos 0xc0] i did it before, no isakmp messages, i did it after that, no isakmp messages... what's going on there? L* -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From jorgesantos at valnetsado.pt Wed Aug 7 03:23:36 2002 From: jorgesantos at valnetsado.pt (Jorge Santos) Date: Wed, 7 Aug 2002 09:23:36 +0100 Subject: [pptp-server] Masquerading Clients in openbsd Message-ID: <000e01c23deb$bbe437e0$1b64a8c0@valnetsado.pt> Hi list I?m having trouble masquerading a winXP pptp client that is being a openbsd firewall. The client connects to a poptop server ona linux machine. The trouble is that when the firewall is rebooted, the client connects fine, but after a few random connection it starts giving me a 619 error My kernel is compiled without the gre support. With gre support i didn't even ever suceeded. Here?s the tcpdump when the connection fails: tcpdump: listening on rl0 08:55:58.123815 a212-113-183-19.netcabo.pt.52496 > xxx.xxx.xxx.xxx.1723: S 3593451616:3593451616(0) win 64240 (DF) 08:55:58.213119 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496: S 3685148651:3685148651(0) ack 3593451617 win 5840 (DF) 08:55:58.213390 a212-113-183-19.netcabo.pt.52496 > xxx.xxx.xxx.xxx.1723: P 1:157(156) ack 1 win 64240 (DF) 08:55:58.237934 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496: . ack 157 win 5840 (DF) 08:55:58.245415 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496: P 1:157(156) ack 157 win 5840 (DF) 08:55:58.245673 a212-113-183-19.netcabo.pt.52496 > xxx.xxx.xxx.xxx.1723: P 157:325(168) ack 157 win 64084 (DF) 08:55:58.275667 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496: P 157:189(32) ack 325 win 6432 (DF) 08:55:58.280336 a212-113-183-19.netcabo.pt.52496 > xxx.xxx.xxx.xxx.1723: P 325:349(24) ack 189 win 64052 (DF) 08:55:58.286304 gre-proto-0x880B (gre encap) 08:55:58.304705 gre-proto-0x880B (gre encap) 08:55:58.304742 a212-113-183-19.netcabo.pt > xxx.xxx.xxx.xxx: icmp: a212-113-183-19.netcabo.pt protocol 47 unreachable 08:55:58.311146 gre-proto-0x880B (gre encap) 08:55:58.311169 a212-113-183-19.netcabo.pt > xxx.xxx.xxx.xxx: icmp: a212-113-183-19.netcabo.pt protocol 47 unreachable 08:55:58.312258 [|gre] (gre encap) 08:55:58.312281 a212-113-183-19.netcabo.pt > xxx.xxx.xxx.xxx: icmp: a212-113-183-19.netcabo.pt protocol 47 unreachable 08:55:58.325926 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496: F 189:189(0) ack 349 win 6432 (DF) 08:55:58.326162 a212-113-183-19.netcabo.pt.52496 > xxx.xxx.xxx.xxx.1723: F 349:349(0) ack 190 win 64052 (DF) 08:55:58.356192 xxx.xxx.xxx.xxx.1723 > a212-113-183-19.netcabo.pt.52496: . ack 350 win 6432 (DF) 08:55:58.410520 a212-113-183-19.netcabo.pt.3817 > ns2.tvcabo.pt.domain: 45311+ PTR? 4.136.54.212.in-addr.arpa. (43) 08:55:58.456269 ns2.tvcabo.pt.domain > a212-113-183-19.netcabo.pt.3817: 45311 NXDomain* 0/1/0 (98) 08:55:58.456935 a212-113-183-19.netcabo.pt.36745 > ns2.tvcabo.pt.domain: 43852+ PTR? 19.183.113.212.in-addr.arpa. (45) 08:55:58.464388 ns2.tvcabo.pt.domain > a212-113-183-19.netcabo.pt.36745: 43852* 1/0/0 (85) 08:55:59.460441 a212-113-183-19.netcabo.pt.13943 > ns2.tvcabo.pt.domain: 43256+ PTR? 226.161.113.212.in-addr.arpa. (46) 08:55:59.467564 ns2.tvcabo.pt.domain > a212-113-183-19.netcabo.pt.13943: 43256* 1/0/0 (73) ^C 24 packets received by filter 0 packets dropped by kernel Can you help me figure it out? Thanks in advance From charlieb-pptp at e-smith.com Wed Aug 7 11:44:22 2002 From: charlieb-pptp at e-smith.com (Charlie Brady) Date: Wed, 7 Aug 2002 12:44:22 -0400 (EDT) Subject: [pptp-server] ppp-mppe-2.4.1-5 RPM released In-Reply-To: <1025798220.2287.64.camel@richard> Message-ID: On 4 Jul 2002, R. de Vroede wrote: > Changes: > ppp-mppe-2.4.1-4 --> ppp-mppe-2.4.1-5 > ---------------------------------------------------------------------------- > * Thu Jul 04 2002 Richard de Vroede > - Fixed libsmbpw. It was in the package, but not in the filelist I don't think that libsmbpw belongs in this package. It's a dependency, not part of the ppp package. I find it particularly odd to see a .so file in a source RPM. You can find a libsmbpw RPM at: ftp://ftp.e-smith.org/pub/e-smith/releases/5.1.2/SRPMS/libsmbpw-1.1-3.src.rpm -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 592 5660 or 592 2122 Fax: +1 (613) 592 1175 From carnt at intellissence.com.br Fri Aug 9 14:19:19 2002 From: carnt at intellissence.com.br (Carlos Arnt) Date: Fri, 9 Aug 2002 16:19:19 -0300 Subject: [pptp-server] route rules in linux and Windows ?? References: <000e01c23deb$bbe437e0$1b64a8c0@valnetsado.pt> Message-ID: <000801c23fd9$aa5b52c0$0901a8c0@carlosa> Hi , SOmeone can tell how put this routes ... I has a Linux Box running pptpd and are using a cable connections. His internal Ip address is: 192.168.10.160 I put the range : 192.168.10.161 to 180 to be used with vpn connections . Now i need put one remote computer that are using windows2000 with remote connection share, to transmit his VPN connection to inside. VPN Server = 192.168.10.160 ---> (ppp) VPN Client 192.168.10.161 (WIn2000) (Need see 192.168.1.0 computers) | | Internal IP 192.168.1.1 (His ip) ---------------- --------------------- Internal Network - 192.168.1.0/24 | -- Some machine (192.168.1.2) Need see the 192.168.10.0 (Computers) What routes i need to put under my VPNServer and his Windows 2000 VPNClient to this 192.168.1.0 range see the 192.168.10.0 (192.168.10.0 must see this 192.168.1.0 too). ??????? Thanks . From carnt at intellissence.com.br Fri Aug 9 14:53:03 2002 From: carnt at intellissence.com.br (Carlos Arnt) Date: Fri, 9 Aug 2002 16:53:03 -0300 Subject: [pptp-server] route rules in linux and Windows ?? References: <000e01c23deb$bbe437e0$1b64a8c0@valnetsado.pt> <000801c23fd9$aa5b52c0$0901a8c0@carlosa> Message-ID: <000901c23fde$608406b0$0901a8c0@carlosa> Man i mess all info this time ... Let's be more specific .. I have this scenario : Client -- Windows 2000 Server - Using Dial Up connection. He is a proxy then he use has the IP 192.168.1.1 (Mask 255.255.255.0) I have 3 machines below that are - 192.168.1.2 to 192.168.1.3. ---- Server -- Linux usign pptpd server . He is using a Cable modem connection on his eth0 and has the IP 192.168.10.160 in his ETH1. Have 30 machines using it . ( 192.168.10.x) Mask 255.255.255.0 I leave the range - 192.168.10.170-180 to VPN purposes. -------- I just need to know when the client connect (Win2000) how make the computers that are in the (192.168.1.x) network see the (192.168.10.x) computers connected in the server side over the tunnel. Also i put to when the client connect always receive the IP 192.168.10.171. I think it's simple . If i'm wrong please someone tell-me !! Under the Linux server i must put this : /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.10.171 (Think that with this i tell the server this route) But what put under the WIndows 2000 client ?? To his inside networks computers see the inside networks computer of the vpn server ?? I think i just need two rules one at each computer (server and client) but what rule ?? Well thanks anyway . Carlos. From fcusack at fcusack.com Thu Aug 8 21:35:20 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Thu, 8 Aug 2002 19:35:20 -0700 Subject: [pptp-server] route rules in linux and Windows ?? In-Reply-To: <000901c23fde$608406b0$0901a8c0@carlosa>; from carnt@intellissence.com.br on Fri, Aug 09, 2002 at 04:53:03PM -0300 References: <000e01c23deb$bbe437e0$1b64a8c0@valnetsado.pt> <000801c23fd9$aa5b52c0$0901a8c0@carlosa> <000901c23fde$608406b0$0901a8c0@carlosa> Message-ID: <20020808193520.E13551@google.com> On Fri, Aug 09, 2002 at 04:53:03PM -0300, Carlos Arnt wrote: > Man i mess all info this time ... Actually, you did pretty well the first time! > -- > Windows 2000 Server - Using Dial Up connection. > He is a proxy then he use has the IP 192.168.1.1 (Mask 255.255.255.0) > I have 3 machines below that are - 192.168.1.2 to 192.168.1.3. > > ---- > Server > -- > Linux usign pptpd server . > He is using a Cable modem connection on his eth0 and has the IP > 192.168.10.160 in his ETH1. > Have 30 machines using it . ( 192.168.10.x) Mask 255.255.255.0 > I leave the range - 192.168.10.170-180 to VPN purposes. > -------- > > I just need to know when the client connect (Win2000) how make the computers > that are in the (192.168.1.x) network see the (192.168.10.x) computers > connected in the server side over the tunnel. > > Also i put to when the client connect always receive the IP 192.168.10.171. > > I think it's simple . > > If i'm wrong please someone tell-me !! > > Under the Linux server i must put this : > > /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.10.171 > > (Think that with this i tell the server this route) > > But what put under the WIndows 2000 client ?? To his inside networks > computers see the inside networks computer of the vpn server ?? > > > I think i just need two rules one at each computer (server and client) but > what rule ?? You shouldn't need any rule on the windows side. It should send 192.168.10 packets over to your linux server. If the other computers on the windows side do not have a default route to the windows server, THEN they need a route 192.168.10.0/255.255.255.0 to 192.168.1.1 (the windows proxy machine). The other machines on the linux side need to either have a default route pointing to the pptp server or a 192.168.1.x route. route add -net 192.168.1.0/24 gw 192.168.10.160 /fc From sangadsl at kornet.net Thu Aug 8 22:42:38 2002 From: sangadsl at kornet.net (Sang Yu) Date: Fri, 9 Aug 2002 12:42:38 +0900 Subject: [pptp-server] PPTP with PPP in sync mode problem Message-ID: <001701c23f56$cef07e40$6a01a8c0@kornet.net> Hi all, I have a big problem as follows; Could you please let me know how to solve it or any patchs for sync PPP? - Any version ppp with sync option does not pass pptp GRE packets and disconnected with an error LCP: timeout sending Config-Requests but async ppp works well. Thanks in advance, Sang -------------- next part -------------- An HTML attachment was scrubbed... URL: From james.cameron at hp.com Thu Aug 8 23:04:22 2002 From: james.cameron at hp.com (James Cameron) Date: 09 Aug 2002 14:04:22 +1000 Subject: [pptp-server] PPTP with PPP in sync mode problem In-Reply-To: <001701c23f56$cef07e40$6a01a8c0@kornet.net> References: <001701c23f56$cef07e40$6a01a8c0@kornet.net> Message-ID: <1028865863.14607.537.camel@quozl> On Fri, 2002-08-09 at 13:42, Sang Yu wrote: > - Any version ppp with sync option does not pass pptp GRE packets and > disconnected with an error LCP: timeout sending Config-Requests but > async ppp works well. Don't use sync. The PPTP server presumable has to do what the PPTP client does, which is re-encapsulate from asynchronous HDLC to GRE and vice-versa. Last I checked, it doesn't handle sync. Why would you want to use synchronous HDLC serial encoding? -- James Cameron (james.cameron at hp.com) http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ From sangadsl at kornet.net Thu Aug 8 23:36:48 2002 From: sangadsl at kornet.net (Sang Yu) Date: Fri, 9 Aug 2002 13:36:48 +0900 Subject: [pptp-server] PPTP with PPP in sync mode problem Message-ID: <003901c23f5e$676bf800$6a01a8c0@kornet.net> Thanks you for your prompt response to this matter. Generally speaking, Using the sync option can reduce pppd's CPU utilization to about 1/4 and get more performance that async PPP like as PPPoE. Thanks, Sang ----- Original Message ----- From: "James Cameron" To: "Sang Yu" Cc: Sent: Friday, August 09, 2002 1:04 PM Subject: Re: [pptp-server] PPTP with PPP in sync mode problem > On Fri, 2002-08-09 at 13:42, Sang Yu wrote: > > - Any version ppp with sync option does not pass pptp GRE packets and > > disconnected with an error LCP: timeout sending Config-Requests but > > async ppp works well. > > Don't use sync. > > The PPTP server presumable has to do what the PPTP client does, which is > re-encapsulate from asynchronous HDLC to GRE and vice-versa. Last I > checked, it doesn't handle sync. > > Why would you want to use synchronous HDLC serial encoding? > > -- > James Cameron (james.cameron at hp.com) > > http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sangadsl at kornet.net Thu Aug 8 23:41:15 2002 From: sangadsl at kornet.net (Sang Yu) Date: Fri, 9 Aug 2002 13:41:15 +0900 Subject: [pptp-server] PPTP with PPP in sync mode problem Message-ID: <005b01c23f5e$fee6a7c0$6a01a8c0@kornet.net> Thanks you for your prompt response to this matter. Generally speaking, Using the sync option can reduce pppd's CPU utilization to about 1/4 and get more performance that async PPP like as PPPoE. Thanks, Sang ----- Original Message ----- From: "James Cameron" To: "Sang Yu" Cc: Sent: Friday, August 09, 2002 1:04 PM Subject: Re: [pptp-server] PPTP with PPP in sync mode problem > On Fri, 2002-08-09 at 13:42, Sang Yu wrote: > > - Any version ppp with sync option does not pass pptp GRE packets and > > disconnected with an error LCP: timeout sending Config-Requests but > > async ppp works well. > > Don't use sync. > > The PPTP server presumable has to do what the PPTP client does, which is > re-encapsulate from asynchronous HDLC to GRE and vice-versa. Last I > checked, it doesn't handle sync. > > Why would you want to use synchronous HDLC serial encoding? > > -- > James Cameron (james.cameron at hp.com) > > http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ > From bao at gibbons.com Fri Aug 9 17:17:05 2002 From: bao at gibbons.com (bao) Date: Fri, 09 Aug 2002 15:17:05 -0700 Subject: [pptp-server] Strange problem with pptp. Please help Message-ID: <3D543F61.F0D45AA4@gibbons.com> I have pptp and sendmail servers both on one RH 7.3 box. My intent is to set up a firewall to block all external traffic, while allowing traffic within the subnet range. The setup has this configuration: subnet range 96.50.3.160 - 96.50.3.191 pptp server's IP : 96.50.3.162 pptp client range: 96.50.3.188-190 server is set up to allow all traffic within 96.50.3.160/27 Its firewall is set up to allow packets to port 1723, and GRE packets from any machine. The expected behavior is that a user will dial out to their ISP, which will give him the IP 209.243.13.17 . This solely will not let him access the subnet. He has to establish a VPN connection to the server at 96.50.3.162, and will be assigned 96.50.3.188. With this new IP, he now has access to the server's resources, specifically mail access. With this setup, when the user retrieves or sends out mail using this server, all the packets will be encapsulated in GRE, sent to the server. The server will open it and take care of the request. The situation is, this only works when pptp server and sendmail server are on different machines. But when they're on the same machine, the TCP packets destined for the mail server at .162 are not encapsulated and routed through the VPN tunnel. They are sent directly to the server with the source IP as 209.243.13.17, which will be completely blocked by the firewall on the server side. My question is which side is responsible for this? If it's the client side, can I set it up somehow to make it send the mail packets via the VPN tunnel? If it's the server's responsibility, how can I fix this? Or is it something that both sides negotiate and agree on?? Thank you all. From johnf at inodes.org Sun Aug 11 18:07:14 2002 From: johnf at inodes.org (John Ferlito) Date: Mon, 12 Aug 2002 09:07:14 +1000 Subject: [pptp-server] pptpd hanging Message-ID: <20020811230714.GC5077@inodes.org> I'm having a problem on a couple of servers where after a while the pptpd daemon hangs. I think I sort of know why this is happening but I'm not sure. Firstly I'm probably exacerbating the problem since I've got netsaint basically telneting to port 1723 every 5 minutes to check that the daemon is running. Anyway when it's in the non working state if you do an strace you get select(6, [], NULL NULL NULL) ie it's sitting on an empty select with no timeout. Now this happens in pptpmanager.c:167 when its waiting for a SIGCHLD. Now as far as I can tell this happens when it thinks its run out of IPs to allocate. Now there aren't any children hanging around so there is no way its evr going to get this signal. Hence its stuck there forever. I can't see how it would get into this state however since I don't ever see MGR: No free connection slots or IPs in my logs anywhere. Which would always get printed if the FD_CLR instead of FD_SET happened. I'm also seeing a few MGR: Reaped unknown child which is making me think this maybe the cause too some degree ie it really has free IPs left but the counter never decreases. Has anyone come across this problem before? The problem is its hard to reproduce the problem so hard to test. I'm going to recompile pptpd with debugging symbols so I can gdb it and check values next time it happens. -- John http://www.inodes.org/ From james.cameron at hp.com Sun Aug 11 20:10:43 2002 From: james.cameron at hp.com (James Cameron) Date: 12 Aug 2002 11:10:43 +1000 Subject: [pptp-server] PPTP with PPP in sync mode problem In-Reply-To: <005b01c23f5e$fee6a7c0$6a01a8c0@kornet.net> References: <005b01c23f5e$fee6a7c0$6a01a8c0@kornet.net> Message-ID: <1029114645.2234.82.camel@quozl> G'day Sang, You posted essentially the same question to both the pptpd and the pptp mailing lists. But I'm not sure if you are asking about the PPTP Server or the PPTP Client. I initially answered assuming you were asking about the server, pptpd. I've checked both pptpd (1.1.2) and pptp (cvs) source code. Neither handle pppd sync mode. However, as Rein Klazes says, he has a patch available for pptp. I've reviewed that patch and I can see how it works. In my review of pptpgre.c in pptpd, there have been significant changes since it was derived from the pptp_gre.c from pptp, so Rein's patch would need some work to apply. -- James Cameron (james.cameron at hp.com) http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ From sangadsl at kornet.net Mon Aug 12 21:04:44 2002 From: sangadsl at kornet.net (Sang Yu) Date: Tue, 13 Aug 2002 11:04:44 +0900 Subject: [pptp-server] PPTP with PPP in sync mode problem Message-ID: <000b01c2426d$cb936c20$6a01a8c0@kornet.net> Dear James Cameron, Thank you for your response to this matter. I have tested the patch from Rein Klazes and reported performance problem as follows; - Download performance is too slow, - In my test, file upload with ftp from the pptp client is good, but download performance from the client is too slow, very slow. why? Thanks, Sang ----- Original Message ----- From: "James Cameron" To: "Sang Yu" Cc: ; "PPTP Client Mailing List" Sent: Monday, August 12, 2002 10:10 AM Subject: Re: [pptp-server] PPTP with PPP in sync mode problem > G'day Sang, > > You posted essentially the same question to both the pptpd and the pptp > mailing lists. But I'm not sure if you are asking about the PPTP Server > or the PPTP Client. I initially answered assuming you were asking about > the server, pptpd. > > I've checked both pptpd (1.1.2) and pptp (cvs) source code. > Neither handle pppd sync mode. > > However, as Rein Klazes says, he has a patch available for pptp. I've > reviewed that patch and I can see how it works. > > In my review of pptpgre.c in pptpd, there have been significant changes > since it was derived from the pptp_gre.c from pptp, so Rein's patch > would need some work to apply. > > -- > James Cameron (james.cameron at hp.com) > > http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ > From james.cameron at hp.com Mon Aug 12 21:34:22 2002 From: james.cameron at hp.com (James Cameron) Date: 13 Aug 2002 12:34:22 +1000 Subject: [pptp-server] PPTP with PPP in sync mode problem In-Reply-To: <000b01c2426d$cb936c20$6a01a8c0@kornet.net> References: <000b01c2426d$cb936c20$6a01a8c0@kornet.net> Message-ID: <1029206064.5010.181.camel@quozl> G'day Sang, Thanks for testing that. It suggests that any download performance issues you have are not related to whether you are using sync mode or normal HDLC. Do you have results for normal HDLC mode? Can you quantify the results rather than say "slow?" -- James Cameron (james.cameron at hp.com) http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ From sangadsl at kornet.net Tue Aug 13 00:06:56 2002 From: sangadsl at kornet.net (Sang Yu) Date: Tue, 13 Aug 2002 14:06:56 +0900 Subject: [pptp-server] PPTP with PPP in sync mode problem Message-ID: <001401c24287$3f61fe00$6a01a8c0@kornet.net> Dear James Cameron, I think that the sync patch is unstable currently because it is frequently disconnected whenever data transfering with the following errors from pptp server. -pptpd[2246]: GRE: read (fd=5,buffer=804d8c0,len=8196) from PTY failed: status = - 1 errror = Input/output error -pptpd[2246]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) -pptpd[2246]: CTRL: Client 192.168.1.12 control connection finished * and the "slow" means that if upload performance is 8~9Mbps on 10Mbps ethernet, download is 50~70Kbps. Many thanks, Sang From james.cameron at hp.com Tue Aug 13 00:26:34 2002 From: james.cameron at hp.com (James Cameron) Date: 13 Aug 2002 15:26:34 +1000 Subject: [pptp-server] PPTP with PPP in sync mode problem In-Reply-To: <001401c24287$3f61fe00$6a01a8c0@kornet.net> References: <001401c24287$3f61fe00$6a01a8c0@kornet.net> Message-ID: <1029216396.2234.184.camel@quozl> G'day Sang, As far as I know, pptpd does not handle sync PPP. I would expect disconnection. What version is it you are running? Have you modified it to handle sync? Were the poor performance results using pptpd or some other PPTP server? -- James Cameron (james.cameron at hp.com) http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ From sangadsl at kornet.net Tue Aug 13 19:02:05 2002 From: sangadsl at kornet.net (Sang Yu) Date: Wed, 14 Aug 2002 09:02:05 +0900 Subject: [pptp-server] PPTP with PPP in sync mode problem Message-ID: <000b01c24325$d334d0a0$6a01a8c0@kornet.net> Dear James, I think so, but it is different as follows; 1. pptp-1.0.2 (modified for sync) and pptpd-1.1.3 (not modified). - Same result as I reported latest. 2. pptp-1.0.2 (modified for sync) and pptpd-1.1.3(modified for sync) - No answer from the server and disconnected. Thanks, Sang >G'day Sang, > >As far as I know, pptpd does not handle sync PPP. I would expect >disconnection. What version is it you are running? Have you modified >it to handle sync? > >Were the poor performance results using pptpd or some other PPTP server? > >-- >James Cameron (james.cameron at hp.com) > >ttp://quozl.linux.org.au/ (or) http://quozl.netrek.org/ > From james.cameron at hp.com Tue Aug 13 22:09:20 2002 From: james.cameron at hp.com (James Cameron) Date: 14 Aug 2002 13:09:20 +1000 Subject: [pptp-server] PPTP with PPP in sync mode problem In-Reply-To: <000b01c24325$d334d0a0$6a01a8c0@kornet.net> References: <000b01c24325$d334d0a0$6a01a8c0@kornet.net> Message-ID: <1029294562.2234.227.camel@quozl> G'day Sang, You will need to find the cause of poor performance yourself, unless someone here on the mailing lists is able to reproduce it. I do not expect it to work at all if one or the other host has ppp-to-gre code that does not understand sync mode. So your test case 1 with pptpd not modified is unexpected. pptp-1.0.2 is quite old. Current version is 1.1.0. I've not seen the sync modifications to pptpd-1.1.3, so I cannot reproduce the environment you are testing in. I'm not the right person to talk to about pptpd. Hopefully someone more experienced with that code will be able to answer you. My main experience is with pptp. -- James Cameron (james.cameron at hp.com) http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ From carnt at intellissence.com.br Thu Aug 15 08:09:43 2002 From: carnt at intellissence.com.br (Carlos Arnt) Date: Thu, 15 Aug 2002 10:09:43 -0300 Subject: [pptp-server] Routes and Diagram problem . References: <000b01c24325$d334d0a0$6a01a8c0@kornet.net> <1029294562.2234.227.camel@quozl> Message-ID: <001e01c2445d$064f9000$0901a8c0@carlosa> Hi, I attach to this files has a jpg image of one desire network . Both server and client communicate very well, but i can't put the Net-A network to see the Net-B network Can someone helpme out with this . If you see the diagram , i has two networks the first one it's the server VPN network that has a 192.168.10.x ip address, the second one it's a linux client that has the 192.168.2.x. When the 192.168.10.x connect to the client 192.168.2.x, the can see each other, now how can i put my server 192.168.10.x (all machines besides this) to see and communicate with the (192.168.2.x net) Both must see each others and all machines as well in both networks. I really try, but i can't figure out a way. Thanks for helping out. -------------- next part -------------- A non-text attachment was scrubbed... Name: Drawing1.jpg Type: image/jpeg Size: 20913 bytes Desc: not available URL: From james.cameron at hp.com Wed Aug 14 17:58:59 2002 From: james.cameron at hp.com (James Cameron) Date: 15 Aug 2002 08:58:59 +1000 Subject: [pptp-server] Routes and Diagram problem . In-Reply-To: <001e01c2445d$064f9000$0901a8c0@carlosa> References: <000b01c24325$d334d0a0$6a01a8c0@kornet.net> <1029294562.2234.227.camel@quozl> <001e01c2445d$064f9000$0901a8c0@carlosa> Message-ID: <1029365942.31849.24.camel@quozl> Nice picture. This is an isolated network? No external internet connection? It matters a bit. What are the IP addresses of the VPN interfaces? Both the VPN server and the VPN client need to forward IP. They also have to have a route to the other network via the VPN interface. Normally they have just a route to the peer address. Each of the machines on each network must have a route to the other network which points at the IP address of their VPN client or server. 10.x.x.x is much easier to remember than 192.168.x.x. ;-) -- James Cameron (james.cameron at hp.com) http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ From jeremyb at hksys.com Mon Aug 19 10:24:20 2002 From: jeremyb at hksys.com (Jeremy Bettis) Date: Mon, 19 Aug 2002 10:24:20 -0500 Subject: [pptp-server] RE: [pptp-devel] pptp disconnects after a minute or two Message-ID: <97DA4ED9176C464DA051B9CA5438D314200303@mail.hksys.com> So, does anyone know how to remove the class route on Windows9x? When the PPTP tunnel is established, for me the ip address is 10.0.3.1, so windows adds a class route of 10.0.0.0/8 to 10.0.3.1 and a default route to 10.0.3.1, I delete the default route and add 3 routes to where I really want. But I can't delete that darn class route! The route command just tells me route not found! Any ideas? -- Jeremy Bettis, Software Development Manager HKS Medical Information Systems, Inc. jeremyb at hksys.com > -----Original Message----- > From: Jon-o Addleman [mailto:jonathan.addleman at mail.mcgill.ca] > Sent: Friday, August 16, 2002 5:26 PM > To: PPTP Client Mailing List > Subject: Re: [pptp-devel] pptp disconnects after a minute or two > > On Wed, Aug 07, 2002 at 12:31:02PM +1000, James Cameron spake thusly: > > On Wed, 2002-08-07 at 00:59, Jon-o Addleman wrote: > > > Well, I did get rid of the route to inside.mcgill.ca through the > tunnel > > > that was automatically created... Is that route actually necessary? > > > > Yes, it is necessary for a route to exist through the tunnel, otherwise > > it wouldn't be possible to send packets into the tunnel. > > > > > Maybe I should just check with people at McGill who set up the > server.. > > > apparently some of them have gotten it to work with linux. > > > > That would be excellent. Let me know how they solved it! > > I haven't gotten it working yet, but I did get some suggestions: > > ======================================================================== == > = > once you have established your VPN connection, try manually modifying > your routing table to look similar to below (ignore the metrics in terms > of > absolute values, but make sure that they are correct in a relative > sense). > > in this case, 132.216.85.11 is the IP assigned by the VPN server > 192.168.1.101 is the IP of the machine on the localnetwork > 192.168.1.1 is the local gateway > 132.216.85.11 becomes the default gateway for all traffic > > i will assume that you know how to change the routing tables manually. > > Example routing table: > Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 132.216.85.11 132.216.85.11 1 > 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 31 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 132.216.1.254 255.255.255.255 192.168.1.1 192.168.1.101 30 > 132.216.85.11 255.255.255.255 127.0.0.1 127.0.0.1 50 > 132.216.255.255 255.255.255.255 132.216.85.11 132.216.85.11 50 > 192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 30 > 192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 30 > 192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 30 > 224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 30 > 224.0.0.0 240.0.0.0 132.216.85.11 132.216.85.11 1 > 255.255.255.255 255.255.255.255 132.216.85.11 2 1 > 255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1 > Default Gateway: 132.216.85.11 > ======================================================================== == > = > > Seems odd to me though... why would you use your local pptp ip as the > gateway? the packets are originating there! Seems redundant... but > that's what he suggested. Anyway, I tried it, and got some funny errors. > After connecting and getting an IP and running ip-up, I set up the > routing table, and then tried pinging some things... and got this in the > log: > > Aug 16 17:58:57 redowl pppd[18502]: local IP address 132.216.86.182 > Aug 16 17:58:57 redowl pppd[18502]: remote IP address 132.216.1.254 > Aug 16 17:58:57 redowl pppd[18502]: Script /etc/ppp/ip-up started (pid > 18511) > Aug 16 17:59:23 redowl pppd[18502]: sent [LCP EchoReq id=0x1 > magic=0xf55a2e2f] > Aug 16 17:59:23 redowl pppd[18502]: rcvd [LCP EchoRep id=0x1 magic=0x0] > Aug 16 17:59:34 redowl pppd[18502]: read: Value too large for defined data > type > Aug 16 17:59:44 redowl last message repeated 5 times > Aug 16 17:59:45 redowl pppd[18502]: rcvd [LCP TermReq id=0x9] > Aug 16 17:59:45 redowl pppd[18502]: LCP terminated by peer > Aug 16 17:59:45 redowl pppd[18502]: sent [LCP TermAck id=0x9] > Aug 16 17:59:46 redowl pptp[18499]: log[decaps_gre:pptp_gre.c:262]: > discarding out-of-order seq is 23 seqrecv is 24 > Aug 16 17:59:48 redowl pppd[18502]: Connection terminated. > > Any ideas? > > -- > Jon-o Addleman > > > > ------------------------------------------------------- > This sf.net email is sponsored by: OSDN - Tired of that same old > cell phone? Get a new here for FREE! > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 > _______________________________________________ > pptpclient-devel mailing list > pptpclient-devel at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/pptpclient-devel From dholmes at bigpond.net.au Mon Aug 19 18:28:42 2002 From: dholmes at bigpond.net.au (Dougal Holmes) Date: Tue, 20 Aug 2002 09:28:42 +1000 Subject: [pptp-server] RE: [pptp-devel] pptp disconnects after a minute or two References: <97DA4ED9176C464DA051B9CA5438D314200303@mail.hksys.com> Message-ID: <000801c247d8$27b61e70$111f500a@mel.watsonwyatt.com.au> As far as I know, this is "behavior by design" and cannot be changed. Basically Microsoft assumes the class for all PPTP connections, and hence regards the 10.x.x.x network as "local"....... Dougal -- Dougal Holmes (at home) mailto://dholmes at bigpond.net.au ----- Original Message ----- From: "Jeremy Bettis" To: "pptp" Sent: Tuesday, August 20, 2002 1:24 AM Subject: [pptp-server] RE: [pptp-devel] pptp disconnects after a minute or two So, does anyone know how to remove the class route on Windows9x? When the PPTP tunnel is established, for me the ip address is 10.0.3.1, so windows adds a class route of 10.0.0.0/8 to 10.0.3.1 and a default route to 10.0.3.1, I delete the default route and add 3 routes to where I really want. But I can't delete that darn class route! The route command just tells me route not found! Any ideas? -- Jeremy Bettis, Software Development Manager HKS Medical Information Systems, Inc. jeremyb at hksys.com > -----Original Message----- > From: Jon-o Addleman [mailto:jonathan.addleman at mail.mcgill.ca] > Sent: Friday, August 16, 2002 5:26 PM > To: PPTP Client Mailing List > Subject: Re: [pptp-devel] pptp disconnects after a minute or two > > On Wed, Aug 07, 2002 at 12:31:02PM +1000, James Cameron spake thusly: > > On Wed, 2002-08-07 at 00:59, Jon-o Addleman wrote: > > > Well, I did get rid of the route to inside.mcgill.ca through the > tunnel > > > that was automatically created... Is that route actually necessary? > > > > Yes, it is necessary for a route to exist through the tunnel, otherwise > > it wouldn't be possible to send packets into the tunnel. > > > > > Maybe I should just check with people at McGill who set up the > server.. > > > apparently some of them have gotten it to work with linux. > > > > That would be excellent. Let me know how they solved it! > > I haven't gotten it working yet, but I did get some suggestions: > > ======================================================================== == > = > once you have established your VPN connection, try manually modifying > your routing table to look similar to below (ignore the metrics in terms > of > absolute values, but make sure that they are correct in a relative > sense). > > in this case, 132.216.85.11 is the IP assigned by the VPN server > 192.168.1.101 is the IP of the machine on the localnetwork > 192.168.1.1 is the local gateway > 132.216.85.11 becomes the default gateway for all traffic > > i will assume that you know how to change the routing tables manually. > > Example routing table: > Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 132.216.85.11 132.216.85.11 1 > 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 31 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 132.216.1.254 255.255.255.255 192.168.1.1 192.168.1.101 30 > 132.216.85.11 255.255.255.255 127.0.0.1 127.0.0.1 50 > 132.216.255.255 255.255.255.255 132.216.85.11 132.216.85.11 50 > 192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 30 > 192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 30 > 192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 30 > 224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 30 > 224.0.0.0 240.0.0.0 132.216.85.11 132.216.85.11 1 > 255.255.255.255 255.255.255.255 132.216.85.11 2 1 > 255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1 > Default Gateway: 132.216.85.11 > ======================================================================== == > = > > Seems odd to me though... why would you use your local pptp ip as the > gateway? the packets are originating there! Seems redundant... but > that's what he suggested. Anyway, I tried it, and got some funny errors. > After connecting and getting an IP and running ip-up, I set up the > routing table, and then tried pinging some things... and got this in the > log: > > Aug 16 17:58:57 redowl pppd[18502]: local IP address 132.216.86.182 > Aug 16 17:58:57 redowl pppd[18502]: remote IP address 132.216.1.254 > Aug 16 17:58:57 redowl pppd[18502]: Script /etc/ppp/ip-up started (pid > 18511) > Aug 16 17:59:23 redowl pppd[18502]: sent [LCP EchoReq id=0x1 > magic=0xf55a2e2f] > Aug 16 17:59:23 redowl pppd[18502]: rcvd [LCP EchoRep id=0x1 magic=0x0] > Aug 16 17:59:34 redowl pppd[18502]: read: Value too large for defined data > type > Aug 16 17:59:44 redowl last message repeated 5 times > Aug 16 17:59:45 redowl pppd[18502]: rcvd [LCP TermReq id=0x9] > Aug 16 17:59:45 redowl pppd[18502]: LCP terminated by peer > Aug 16 17:59:45 redowl pppd[18502]: sent [LCP TermAck id=0x9] > Aug 16 17:59:46 redowl pptp[18499]: log[decaps_gre:pptp_gre.c:262]: > discarding out-of-order seq is 23 seqrecv is 24 > Aug 16 17:59:48 redowl pppd[18502]: Connection terminated. > > Any ideas? > > -- > Jon-o Addleman > > > > ------------------------------------------------------- > This sf.net email is sponsored by: OSDN - Tired of that same old > cell phone? Get a new here for FREE! > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 > _______________________________________________ > pptpclient-devel mailing list > pptpclient-devel at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/pptpclient-devel _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- Notice of Confidentiality This transmission contains information that may be confidential and that may also be privileged. Unless you are the intended recipient of the message (or authorized to receive it for the intended recipient) you may not copy, forward, or otherwise use it, or disclose its contents to anyone else. If you have received this transmission in error, please notify us immediately and delete it from your system. From matt at tempo.com.au Mon Aug 19 18:59:38 2002 From: matt at tempo.com.au (Matthew Gavin) Date: Tue, 20 Aug 2002 09:59:38 +1000 Subject: [pptp-server] RE: [pptp-devel] pptp disconnects after a minute or two In-Reply-To: <000801c247d8$27b61e70$111f500a@mel.watsonwyatt.com.au> Message-ID: I have a simmilar problem with my remote users who occasionally spend time in the office. They need to change their LAN address from 10.1.1.x to 10.0.0.x and likewise with the gateway for the routes to be dropped when connecting to VPN. Frustrating, but it works. > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Dougal Holmes > Sent: Tuesday, 20 August 2002 9:29 AM > To: pptp > Subject: Re: [pptp-server] RE: [pptp-devel] pptp disconnects after a > minute or two > > > As far as I know, this is "behavior by design" and cannot be changed. > Basically Microsoft assumes the class for all PPTP connections, and hence > regards the 10.x.x.x network as "local"....... > > Dougal > -- > Dougal Holmes (at home) > mailto://dholmes at bigpond.net.au > ----- Original Message ----- > From: "Jeremy Bettis" > To: "pptp" > Sent: Tuesday, August 20, 2002 1:24 AM > Subject: [pptp-server] RE: [pptp-devel] pptp disconnects after a minute or > two > > > > So, does anyone know how to remove the class route on Windows9x? > > When the PPTP tunnel is established, for me the ip address is 10.0.3.1, > so windows adds a class route of 10.0.0.0/8 to 10.0.3.1 and a default > route to 10.0.3.1, I delete the default route and add 3 routes to where > I really want. But I can't delete that darn class route! The route > command just tells me route not found! > > Any ideas? > -- > Jeremy Bettis, Software Development Manager > HKS Medical Information Systems, Inc. > jeremyb at hksys.com > > > > -----Original Message----- > > From: Jon-o Addleman [mailto:jonathan.addleman at mail.mcgill.ca] > > Sent: Friday, August 16, 2002 5:26 PM > > To: PPTP Client Mailing List > > Subject: Re: [pptp-devel] pptp disconnects after a minute or two > > > > On Wed, Aug 07, 2002 at 12:31:02PM +1000, James Cameron spake thusly: > > > On Wed, 2002-08-07 at 00:59, Jon-o Addleman wrote: > > > > Well, I did get rid of the route to inside.mcgill.ca through the > > tunnel > > > > that was automatically created... Is that route actually > necessary? > > > > > > Yes, it is necessary for a route to exist through the tunnel, > otherwise > > > it wouldn't be possible to send packets into the tunnel. > > > > > > > Maybe I should just check with people at McGill who set up the > > server.. > > > > apparently some of them have gotten it to work with linux. > > > > > > That would be excellent. Let me know how they solved it! > > > > I haven't gotten it working yet, but I did get some suggestions: > > > > > ======================================================================== > == > > = > > once you have established your VPN connection, try manually modifying > > your routing table to look similar to below (ignore the metrics in > terms > > of > > absolute values, but make sure that they are correct in a relative > > sense). > > > > in this case, 132.216.85.11 is the IP assigned by the VPN server > > 192.168.1.101 is the IP of the machine on the > localnetwork > > 192.168.1.1 is the local gateway > > 132.216.85.11 becomes the default gateway for all > traffic > > > > i will assume that you know how to change the routing tables manually. > > > > Example routing table: > > Network Destination Netmask Gateway Interface > Metric > > 0.0.0.0 0.0.0.0 132.216.85.11 132.216.85.11 1 > > 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 31 > > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > > 132.216.1.254 255.255.255.255 192.168.1.1 192.168.1.101 30 > > 132.216.85.11 255.255.255.255 127.0.0.1 127.0.0.1 50 > > 132.216.255.255 255.255.255.255 132.216.85.11 132.216.85.11 50 > > 192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 30 > > 192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 30 > > 192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 30 > > 224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 30 > > 224.0.0.0 240.0.0.0 132.216.85.11 132.216.85.11 1 > > 255.255.255.255 255.255.255.255 132.216.85.11 2 1 > > 255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1 > > Default Gateway: 132.216.85.11 > > > ======================================================================== > == > > = > > > > Seems odd to me though... why would you use your local pptp ip as the > > gateway? the packets are originating there! Seems redundant... but > > that's what he suggested. Anyway, I tried it, and got some funny > errors. > > After connecting and getting an IP and running ip-up, I set up the > > routing table, and then tried pinging some things... and got this in > the > > log: > > > > Aug 16 17:58:57 redowl pppd[18502]: local IP address 132.216.86.182 > > Aug 16 17:58:57 redowl pppd[18502]: remote IP address 132.216.1.254 > > Aug 16 17:58:57 redowl pppd[18502]: Script /etc/ppp/ip-up started (pid > > 18511) > > Aug 16 17:59:23 redowl pppd[18502]: sent [LCP EchoReq id=0x1 > > magic=0xf55a2e2f] > > Aug 16 17:59:23 redowl pppd[18502]: rcvd [LCP EchoRep id=0x1 > magic=0x0] > > Aug 16 17:59:34 redowl pppd[18502]: read: Value too large for defined > data > > type > > Aug 16 17:59:44 redowl last message repeated 5 times > > Aug 16 17:59:45 redowl pppd[18502]: rcvd [LCP TermReq id=0x9] > > Aug 16 17:59:45 redowl pppd[18502]: LCP terminated by peer > > Aug 16 17:59:45 redowl pppd[18502]: sent [LCP TermAck id=0x9] > > Aug 16 17:59:46 redowl pptp[18499]: log[decaps_gre:pptp_gre.c:262]: > > discarding out-of-order seq is 23 seqrecv is 24 > > Aug 16 17:59:48 redowl pppd[18502]: Connection terminated. > > > > Any ideas? > > > > -- > > Jon-o Addleman > > > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by: OSDN - Tired of that same old > > cell phone? Get a new here for FREE! > > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 > > _______________________________________________ > > pptpclient-devel mailing list > > pptpclient-devel at lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/pptpclient-devel > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > > Notice of Confidentiality > This transmission contains information that may be confidential and that may > also be privileged. Unless you are the intended recipient of the message (or > authorized to receive it for the intended recipient) you may not copy, forward, > or otherwise use it, or disclose its contents to anyone else. If you have > received this transmission in error, please notify us immediately and delete it > from your system. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From r.devroede at linvision.com Tue Aug 20 07:20:11 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 20 Aug 2002 14:20:11 +0200 Subject: [pptp-server] ppp-mppe-2.4.1-5 RPM released In-Reply-To: References: Message-ID: <1029846011.1677.27.camel@richard> You're absolutely right. It's a quick and dirty. And I didn't know it was allready RPMed. When I have time, I'll sort things out as it should be. Until then, if it harms none, just ignore it. Regards, Richard On Wed, 2002-08-07 at 18:44, Charlie Brady wrote: > > On 4 Jul 2002, R. de Vroede wrote: > > > Changes: > > ppp-mppe-2.4.1-4 --> ppp-mppe-2.4.1-5 > > ---------------------------------------------------------------------------- > > * Thu Jul 04 2002 Richard de Vroede > > - Fixed libsmbpw. It was in the package, but not in the filelist > > I don't think that libsmbpw belongs in this package. It's a dependency, > not part of the ppp package. I find it particularly odd to see a .so file > in a source RPM. > > You can find a libsmbpw RPM at: > > ftp://ftp.e-smith.org/pub/e-smith/releases/5.1.2/SRPMS/libsmbpw-1.1-3.src.rpm > > -- > Charlie Brady charlieb at e-smith.com > Lead Product Developer > Network Server Solutions Group http://www.e-smith.com/ > Mitel Networks Corporation http://www.mitel.com/ > Phone: +1 (613) 592 5660 or 592 2122 Fax: +1 (613) 592 1175 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From r.devroede at linvision.com Tue Aug 20 07:36:34 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 20 Aug 2002 14:36:34 +0200 Subject: [pptp-server] Routes and Diagram problem . In-Reply-To: <001e01c2445d$064f9000$0901a8c0@carlosa> References: <000b01c24325$d334d0a0$6a01a8c0@kornet.net> <1029294562.2234.227.camel@quozl> <001e01c2445d$064f9000$0901a8c0@carlosa> Message-ID: <1029846994.1677.34.camel@richard> Don't use pptp. Take a look at Tinc. It's a RSA based location-to-location VPN solution. http://tinc.nl.linux.org/ Regards, Richard On Thu, 2002-08-15 at 15:09, Carlos Arnt wrote: > Hi, > > I attach to this files has a jpg image of one desire network . > Both server and client communicate very well, but i can't put the Net-A > network to see the Net-B network > Can someone helpme out with this . > > If you see the diagram , i has two networks the first one it's the server > VPN network that has a 192.168.10.x ip address, the second one it's a linux > client that has the 192.168.2.x. > > When the 192.168.10.x connect to the client 192.168.2.x, the can see each > other, now how can i put my server 192.168.10.x (all machines besides this) > to see and communicate with the (192.168.2.x net) > Both must see each others and all machines as well in both networks. > > I really try, but i can't figure out a way. > > Thanks for helping out. > > -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From jsubs at shanholtz.com Wed Aug 21 01:53:58 2002 From: jsubs at shanholtz.com (Jeff Shanholtz) Date: Tue, 20 Aug 2002 23:53:58 -0700 Subject: [pptp-server] can't get through firewall Message-ID: <000201c248df$8698e870$6500a8c0@jeff> I've set up poptop, ppp, and my kernel for 128 bit encryption according to the document. However I can't seem to get through the firewall. First I tried the "simple" firewall script given in the "2.4 Kernel Howto (Robert)" document with no luck, and since that script doesn't set up any reject logging, I then tried the "complete" firewall script he mentions (http://home.swbell.net/berzerke). I still can't connect, but now I'm getting some log information which has me a little puzzled. Aug 20 23:30:09 antishane kernel: Input packet droppedIN=eth1 OUT= MAC=00:20:af:a3:ea:67:00:80:48:db:39:80:08:00 SRC=4.18.238.25 DST=4.18.238.26 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=6479 DF PROTO=TCP SPT=4725 DPT=1723 WINDOW=16384 RES=0x00 SYN URGP=0 The first line of the pptpd section should cause that packet to be allowed as far as I can tell. Can someone point out the problem? $EXTINT is set to "eth1" and $PUBLICPORTS is set to "1024:65535" #Allow pptpd connections (port 1723) /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ --sport $PUBLICPORTS --dport 1723 -j ACCEPT /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT /sbin/iptables -A INPUT -i ppp+ \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT /sbin/iptables -A OUTPUT -o ppp+ \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT /sbin/iptables -A FORWARD -i ppp+ -o $EXTINT -p 47 \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT /sbin/iptables -A FORWARD -o ppp+ -i $EXTINT -p 47 \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT /sbin/iptables -t nat -A PREROUTING -j LOG --log-level info \ --log-prefix "PreNat logging after pptpd." #Rules to allow surfing /sbin/iptables -A FORWARD -i ppp+ -o $EXTINT -s $LOCALNETWORK \ -j ACCEPT /sbin/iptables -A FORWARD -o ppp+ -i $EXTINT -d $LOCALNETWORK \ -j ACCEPT echo "PPTPD allowed" From charlieb-pptp at e-smith.com Wed Aug 21 11:28:42 2002 From: charlieb-pptp at e-smith.com (Charlie Brady) Date: Wed, 21 Aug 2002 12:28:42 -0400 (EDT) Subject: [pptp-server] ppp-mppe-2.4.1-5 RPM released In-Reply-To: <1029846011.1677.27.camel@richard> Message-ID: On 20 Aug 2002, R. de Vroede wrote: > > I don't think that libsmbpw belongs in this package. It's a dependency, > > not part of the ppp package. I find it particularly odd to see a .so file > > in a source RPM. > > You're absolutely right. It's a quick and dirty. And I didn't know it > was allready RPMed. When I have time, I'll sort things out as it should > be. Until then, if it harms none, just ignore it. I'd caution anyone against installing a binary package for which the source isn't available. It's likely to be a copyright violation and it's also a bad habit to be in from a security point of view. > > You can find a libsmbpw RPM at: > > > > ftp://ftp.e-smith.org/pub/e-smith/releases/5.1.2/SRPMS/libsmbpw-1.1-3.src.rpm > > -- Charlie Brady charlieb at e-smith.com Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 592 5660 or 592 2122 Fax: +1 (613) 592 1175 From gml at advancevpn.com Wed Aug 21 06:26:24 2002 From: gml at advancevpn.com (=?iso-8859-1?Q?Mikael_L=F6nnroth?=) Date: Wed, 21 Aug 2002 14:26:24 +0300 Subject: [pptp-server] can't get through firewall References: <000201c248df$8698e870$6500a8c0@jeff> Message-ID: <001401c2493e$88901860$1b01080a@advancevp20wmu> ---- Original Message ----- From: "Jeff Shanholtz" To: Sent: Wednesday, August 21, 2002 9:53 AM Subject: [pptp-server] can't get through firewall > mentions (http://home.swbell.net/berzerke). I still can't connect, but > now I'm getting some log information which has me a little puzzled. > > Aug 20 23:30:09 antishane kernel: Input packet droppedIN=eth1 OUT= > MAC=00:20:af:a3:ea:67:00:80:48:db:39:80:08:00 SRC=4.18.238.25 > DST=4.18.238.26 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=6479 DF PROTO=TCP > SPT=4725 DPT=1723 WINDOW=16384 RES=0x00 SYN URGP=0 > > The first line of the pptpd section should cause that packet to be > allowed as far as I can tell. Can someone point out the problem? $EXTINT > is set to "eth1" and $PUBLICPORTS is set to "1024:65535" > > #Allow pptpd connections (port 1723) > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ > --sport $PUBLICPORTS --dport 1723 -j ACCEPT It should be "iptables -A INPUT ..." not "...-t nat -A PREROUTING. " Regards, Mikael L?nnroth AdvanceVPN Oy www.advancevpn.com From Administrator at josims.com Thu Aug 22 04:50:43 2002 From: Administrator at josims.com (Andrew Lyon) Date: Thu, 22 Aug 2002 10:50:43 +0100 Subject: [pptp-server] Ppp modules not automatically loading after upgrade Message-ID: <592F914D209FD942908826DFF2277A2D0D62C3@COMMSSERVER> Hi, I just performed some RPM upgrades on our Redhat 7.3 server, I upgraded the kernel rpms to 2.4.18-10, I applied the patch for ppp_mppe to the kernel source and compiled both the kernel and modules successfully. I also upgraded from ppp-mppe-2.4.1-5 to ppp-mppe-2.4.1-7. Before this upgrade, the server would boot up and start up services, including pptpd which would all work perfectly. After this upgrade, I get errors when clients attempt to connect to pptpd: Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Starting call (launching pppd, opening GRE) Aug 22 10:42:09 LinuxServer pptpd[1966]: GRE: read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = Input/output error Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Client x.x.x.x control connection finished Aug 22 10:42:17 LinuxServer pptpd[1969]: CTRL: Client x.x.x.x control connection started Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Starting call (launching pppd, opening GRE) Aug 22 10:42:19 LinuxServer pptpd[1969]: GRE: read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = Input/output error Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Client x.x.x.x control connection finished I realised that ppp is not loading the ppp module (ppp_generic) automatically, I checked my modules.conf which appears to be correct: alias ppp ppp_generic alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias net-pf-47 ip_gre alias char-major-108 ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty If I modprobe -v ppp, the ppp_generic module loads, and clients can connect without any problems. andy The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. From r.devroede at linvision.com Thu Aug 22 05:03:04 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 22 Aug 2002 12:03:04 +0200 Subject: [pptp-server] Ppp modules not automatically loading after upgrade In-Reply-To: <592F914D209FD942908826DFF2277A2D0D62C3@COMMSSERVER> References: <592F914D209FD942908826DFF2277A2D0D62C3@COMMSSERVER> Message-ID: <1030010584.2290.5.camel@richard> remove alias ppp ppp_generic from /etc/modules.conf and run depmod -a This is a little inherited mistake. Regards, Richard de Vroede On Thu, 2002-08-22 at 11:50, Andrew Lyon wrote: > Hi, > > I just performed some RPM upgrades on our Redhat 7.3 server, I upgraded the > kernel rpms to 2.4.18-10, I applied the patch for ppp_mppe to the kernel > source and compiled both the kernel and modules successfully. > > I also upgraded from ppp-mppe-2.4.1-5 to ppp-mppe-2.4.1-7. > > Before this upgrade, the server would boot up and start up services, > including pptpd which would all work perfectly. > > After this upgrade, I get errors when clients attempt to connect to pptpd: > > Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Starting call (launching > pppd, opening GRE) > Aug 22 10:42:09 LinuxServer pptpd[1966]: GRE: > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = > Input/output error > Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Client x.x.x.x control > connection finished > Aug 22 10:42:17 LinuxServer pptpd[1969]: CTRL: Client x.x.x.x control > connection started > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Starting call (launching > pppd, opening GRE) > Aug 22 10:42:19 LinuxServer pptpd[1969]: GRE: > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = > Input/output error > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Client x.x.x.x control > connection finished > > I realised that ppp is not loading the ppp module (ppp_generic) > automatically, I checked my modules.conf which appears to be correct: > > alias ppp ppp_generic > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > alias net-pf-47 ip_gre > alias char-major-108 ppp_generic > alias tty-ldisc-3 ppp_async > alias tty-ldisc-14 ppp_synctty > > If I modprobe -v ppp, the ppp_generic module loads, and clients can connect > without any problems. > > andy > > The information contained in this e-mail is confidential and is intended for > the addressee only. The contents of this e-mail must not be disclosed or > copied without the sender's consent. If you are not the intended recipient > of the message, please notify the sender immediately, and delete the > message. The statements and opinions expressed in this message are those of > the author and do not necessarily reflect those of the company. No > commitment may be inferred from the contents unless explicitly stated. The > company does not take any responsibility for the personal views of the > author. This message has been scanned for viruses before sending, but the > company does not accept any responsibility for infection and recommends that > you scan any attachments. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From Administrator at josims.com Thu Aug 22 06:22:43 2002 From: Administrator at josims.com (Andrew Lyon) Date: Thu, 22 Aug 2002 12:22:43 +0100 Subject: [pptp-server] Ppp modules not automatically loading after upg rade Message-ID: <592F914D209FD942908826DFF2277A2D0D62C8@COMMSSERVER> Yes!, I'm trying something else now, I usually try to keep my servers RPM only, although on my own workstation I do things very differently, for this reason I have been using the pptp and ppp-mppe rpms for quite a while, but instead of using kernel rpms which include ppp-mppe, I usually just install the latest redhat kernel source rpms, and patch it for ppp_mppe, for the standard redhat 7.3 kernel source rpms and all versions upto 2.4.18-5, I used the 2.4.16 kernel patch, which worked fine, I've noticed a new patch at http://planetmirror.com/pub/mppe/ for 2.4.19, I just tried to apply it to 2.4.18-10 , I applied more cleanly than the 2.4.16 patch so perhaps it will work ! I'll let you know. andy -----Original Message----- From: R. de Vroede [mailto:r.devroede at linvision.com] Sent: 22 August 2002 12:22 To: Andrew Lyon Subject: RE: [pptp-server] Ppp modules not automatically loading after upg rade You DID enable it in the kernel did you? On Thu, 2002-08-22 at 12:42, Andrew Lyon wrote: > I've just noticed that I cannot run pppd manually: > > pppd > pppd: This system lacks kernel support for PPP. This could be because > the PPP kernel module could not be loaded, or because PPP was not > included in the kernel configuration. If PPP was included as a > module, try `/sbin/modprobe -v ppp'. If that fails, check that ppp.o > exists in /lib/modules/`uname -r`/net. See README.linux file in the > ppp distribution for more details. > > Which is obviously the cause of the errors from ppptpd! > > Here is my entire modules.conf > > alias parport_lowlevel parport_pc > alias eth0 3c59x > alias eth1 3c59x > alias scsi_hostadapter aic7xxx > alias usb-controller usb-uhci > alias char-major-108 ppp_generic > #alias ppp ppp_generic > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > alias net-pf-47 ip_gre > alias tty-ldisc-3 ppp_async > alias tty-ldisc-14 ppp_synctty > alias sound-slot-0 sb > post-install sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -L > >/dev/null > 2>&1 || : > pre-remove sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -S > >/dev/null > 2>&1 || : > options sound dmabuf=1 > alias synth0 opl3 > options opl3 io=0x388 > options sb isapnp=1 > alias char-major-108 off # This will be different for 2.3.x kernels > > > > -----Original Message----- > From: R. de Vroede [mailto:r.devroede at linvision.com] > Sent: 22 August 2002 11:31 > To: Andrew Lyon > Subject: RE: [pptp-server] Ppp modules not automatically loading after upg > rade > > > The 'alias char-major-108 ppp_generic' should do the magic. Maybe you > should move it up, above the other ppp modules. Just a guess. > > Regards, > Richard > > On Thu, 2002-08-22 at 12:11, Andrew Lyon wrote: > > Just tried that still get the same error, modprobe -v ppp_generic > > fixed it again... Strange! > > > > -----Original Message----- > > From: R. de Vroede [mailto:r.devroede at linvision.com] > > Sent: 22 August 2002 11:03 > > To: Andrew Lyon > > Cc: 'pptp-server at lists.schulte.org' > > Subject: Re: [pptp-server] Ppp modules not automatically loading > > after upgrade > > > > > > remove alias ppp ppp_generic from /etc/modules.conf and run depmod > > -a > > This is a little inherited mistake. > > > > Regards, > > Richard de Vroede > > > > > > > > On Thu, 2002-08-22 at 11:50, Andrew Lyon wrote: > > > Hi, > > > > > > I just performed some RPM upgrades on our Redhat 7.3 server, I > > > upgraded the kernel rpms to 2.4.18-10, I applied the patch for > > > ppp_mppe to the kernel source and compiled both the kernel and > > > modules successfully. > > > > > > I also upgraded from ppp-mppe-2.4.1-5 to ppp-mppe-2.4.1-7. > > > > > > Before this upgrade, the server would boot up and start up > > > services, including pptpd which would all work perfectly. > > > > > > After this upgrade, I get errors when clients attempt to connect > > > to > > > pptpd: > > > > > > Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Starting call > > > (launching pppd, opening GRE) Aug 22 10:42:09 LinuxServer > > > pptpd[1966]: > > > GRE: > > > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error > > > = Input/output error Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: > > > PTY read or GRE write failed > > > (pty,gre)=(5,6) > > > Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Client x.x.x.x control > > > connection finished Aug 22 10:42:17 LinuxServer pptpd[1969]: CTRL: > > > Client x.x.x.x control connection started > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Starting call (launching > > > pppd, opening GRE) > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: GRE: > > > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = > > > Input/output error > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: PTY read or GRE write > > failed > > > (pty,gre)=(5,6) > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Client x.x.x.x > > > control connection finished > > > > > > I realised that ppp is not loading the ppp module (ppp_generic) > > > automatically, I checked my modules.conf which appears to be > > > correct: > > > > > > alias ppp ppp_generic > > > alias ppp-compress-18 ppp_mppe > > > alias ppp-compress-21 bsd_comp > > > alias ppp-compress-24 ppp_deflate > > > alias ppp-compress-26 ppp_deflate > > > alias net-pf-47 ip_gre > > > alias char-major-108 ppp_generic > > > alias tty-ldisc-3 ppp_async > > > alias tty-ldisc-14 ppp_synctty > > > > > > If I modprobe -v ppp, the ppp_generic module loads, and clients > > > can connect without any problems. > > > > > > andy > > > > > > The information contained in this e-mail is confidential and is > > > intended for the addressee only. The contents of this e-mail must > > > not be disclosed or copied without the sender's consent. If you > > > are not the intended recipient of the message, please notify the > > > sender immediately, and delete the message. The statements and > > > opinions expressed in this message are those of the author and do > > > not necessarily reflect those of the company. No commitment may be > > > inferred from the contents unless explicitly stated. The company > > > does not take any responsibility for the personal views of the > > > author. This message has been scanned for viruses before sending, > > > but the company does not accept any responsibility for infection > > > and recommends that you scan any attachments. > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > -- > > Richard de Vroede > > (r.devroede at linvision.com) > > ------------------------------------------------ > > Linvision BV Provides Linux Solutions > > Elektronicaweg 16D > > 2628 XG Delft > > T: +31157502310 info at linvision.com > > F: +31157502319 http://devel.linvision.com > > ------------------------------------------------ > > > > The information contained in this e-mail is confidential and is > > intended for the addressee only. The contents of this e-mail must not > > be disclosed or copied without the sender's consent. If you are not > > the intended recipient of the message, please notify the sender > > immediately, and delete the message. The statements and opinions > > expressed in this message are those of the author and do not > > necessarily reflect those of the company. No commitment may be > > inferred from the contents unless explicitly stated. The company > > does not take any responsibility for the personal views of the author. > > This message has been scanned for viruses before sending, but the > > company does not accept any responsibility for infection and > > recommends that you scan any attachments. > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > The information contained in this e-mail is confidential and is > intended for the addressee only. The contents of this e-mail must not > be disclosed or copied without the sender's consent. If you are not > the intended recipient of the message, please notify the sender > immediately, and delete the message. The statements and opinions > expressed in this message are those of the author and do not > necessarily reflect those of the company. No commitment may be > inferred from the contents unless explicitly stated. The company > does not take any responsibility for the personal views of the author. > This message has been scanned for viruses before sending, but the > company does not accept any responsibility for infection and > recommends that you scan any attachments. -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. From Administrator at josims.com Thu Aug 22 06:51:09 2002 From: Administrator at josims.com (Andrew Lyon) Date: Thu, 22 Aug 2002 12:51:09 +0100 Subject: [pptp-server] Ppp modules not automatically loading after upg rade Message-ID: <592F914D209FD942908826DFF2277A2D0D62CA@COMMSSERVER> All compiled and working ok, but again it doenst load the module automatically, I think there is either a bug in the latest ppp-mppe rpm or a bug in my setup!, for now I've put modprobe ppp_generic in my rc.local which fixes the problem. andy -----Original Message----- From: Andrew Lyon Sent: 22 August 2002 12:23 To: 'R. de Vroede' Cc: 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] Ppp modules not automatically loading after upg rade Yes!, I'm trying something else now, I usually try to keep my servers RPM only, although on my own workstation I do things very differently, for this reason I have been using the pptp and ppp-mppe rpms for quite a while, but instead of using kernel rpms which include ppp-mppe, I usually just install the latest redhat kernel source rpms, and patch it for ppp_mppe, for the standard redhat 7.3 kernel source rpms and all versions upto 2.4.18-5, I used the 2.4.16 kernel patch, which worked fine, I've noticed a new patch at http://planetmirror.com/pub/mppe/ for 2.4.19, I just tried to apply it to 2.4.18-10 , I applied more cleanly than the 2.4.16 patch so perhaps it will work ! I'll let you know. andy -----Original Message----- From: R. de Vroede [mailto:r.devroede at linvision.com] Sent: 22 August 2002 12:22 To: Andrew Lyon Subject: RE: [pptp-server] Ppp modules not automatically loading after upg rade You DID enable it in the kernel did you? On Thu, 2002-08-22 at 12:42, Andrew Lyon wrote: > I've just noticed that I cannot run pppd manually: > > pppd > pppd: This system lacks kernel support for PPP. This could be because > the PPP kernel module could not be loaded, or because PPP was not > included in the kernel configuration. If PPP was included as a > module, try `/sbin/modprobe -v ppp'. If that fails, check that ppp.o > exists in /lib/modules/`uname -r`/net. See README.linux file in the > ppp distribution for more details. > > Which is obviously the cause of the errors from ppptpd! > > Here is my entire modules.conf > > alias parport_lowlevel parport_pc > alias eth0 3c59x > alias eth1 3c59x > alias scsi_hostadapter aic7xxx > alias usb-controller usb-uhci > alias char-major-108 ppp_generic > #alias ppp ppp_generic > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > alias net-pf-47 ip_gre > alias tty-ldisc-3 ppp_async > alias tty-ldisc-14 ppp_synctty > alias sound-slot-0 sb > post-install sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -L > >/dev/null > 2>&1 || : > pre-remove sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -S > >/dev/null > 2>&1 || : > options sound dmabuf=1 > alias synth0 opl3 > options opl3 io=0x388 > options sb isapnp=1 > alias char-major-108 off # This will be different for 2.3.x kernels > > > > -----Original Message----- > From: R. de Vroede [mailto:r.devroede at linvision.com] > Sent: 22 August 2002 11:31 > To: Andrew Lyon > Subject: RE: [pptp-server] Ppp modules not automatically loading after > upg rade > > > The 'alias char-major-108 ppp_generic' should do the magic. Maybe you > should move it up, above the other ppp modules. Just a guess. > > Regards, > Richard > > On Thu, 2002-08-22 at 12:11, Andrew Lyon wrote: > > Just tried that still get the same error, modprobe -v ppp_generic > > fixed it again... Strange! > > > > -----Original Message----- > > From: R. de Vroede [mailto:r.devroede at linvision.com] > > Sent: 22 August 2002 11:03 > > To: Andrew Lyon > > Cc: 'pptp-server at lists.schulte.org' > > Subject: Re: [pptp-server] Ppp modules not automatically loading > > after upgrade > > > > > > remove alias ppp ppp_generic from /etc/modules.conf and run depmod > > -a > > This is a little inherited mistake. > > > > Regards, > > Richard de Vroede > > > > > > > > On Thu, 2002-08-22 at 11:50, Andrew Lyon wrote: > > > Hi, > > > > > > I just performed some RPM upgrades on our Redhat 7.3 server, I > > > upgraded the kernel rpms to 2.4.18-10, I applied the patch for > > > ppp_mppe to the kernel source and compiled both the kernel and > > > modules successfully. > > > > > > I also upgraded from ppp-mppe-2.4.1-5 to ppp-mppe-2.4.1-7. > > > > > > Before this upgrade, the server would boot up and start up > > > services, including pptpd which would all work perfectly. > > > > > > After this upgrade, I get errors when clients attempt to connect > > > to > > > pptpd: > > > > > > Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Starting call > > > (launching pppd, opening GRE) Aug 22 10:42:09 LinuxServer > > > pptpd[1966]: > > > GRE: > > > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error > > > = Input/output error Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: > > > PTY read or GRE write failed > > > (pty,gre)=(5,6) > > > Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Client x.x.x.x control > > > connection finished Aug 22 10:42:17 LinuxServer pptpd[1969]: CTRL: > > > Client x.x.x.x control connection started > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Starting call (launching > > > pppd, opening GRE) > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: GRE: > > > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 > > > error = > > > Input/output error > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: PTY read or GRE > > > write > > failed > > > (pty,gre)=(5,6) > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Client x.x.x.x > > > control connection finished > > > > > > I realised that ppp is not loading the ppp module (ppp_generic) > > > automatically, I checked my modules.conf which appears to be > > > correct: > > > > > > alias ppp ppp_generic > > > alias ppp-compress-18 ppp_mppe > > > alias ppp-compress-21 bsd_comp > > > alias ppp-compress-24 ppp_deflate > > > alias ppp-compress-26 ppp_deflate > > > alias net-pf-47 ip_gre > > > alias char-major-108 ppp_generic > > > alias tty-ldisc-3 ppp_async > > > alias tty-ldisc-14 ppp_synctty > > > > > > If I modprobe -v ppp, the ppp_generic module loads, and clients > > > can connect without any problems. > > > > > > andy > > > > > > The information contained in this e-mail is confidential and is > > > intended for the addressee only. The contents of this e-mail must > > > not be disclosed or copied without the sender's consent. If you > > > are not the intended recipient of the message, please notify the > > > sender immediately, and delete the message. The statements and > > > opinions expressed in this message are those of the author and do > > > not necessarily reflect those of the company. No commitment may be > > > inferred from the contents unless explicitly stated. The company > > > does not take any responsibility for the personal views of the > > > author. This message has been scanned for viruses before sending, > > > but the company does not accept any responsibility for infection > > > and recommends that you scan any attachments. > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > -- > > Richard de Vroede > > (r.devroede at linvision.com) > > ------------------------------------------------ > > Linvision BV Provides Linux Solutions > > Elektronicaweg 16D > > 2628 XG Delft > > T: +31157502310 info at linvision.com > > F: +31157502319 http://devel.linvision.com > > ------------------------------------------------ > > > > The information contained in this e-mail is confidential and is > > intended for the addressee only. The contents of this e-mail must > > not be disclosed or copied without the sender's consent. If you are > > not the intended recipient of the message, please notify the sender > > immediately, and delete the message. The statements and opinions > > expressed in this message are those of the author and do not > > necessarily reflect those of the company. No commitment may be > > inferred from the contents unless explicitly stated. The company > > does not take any responsibility for the personal views of the > > author. This message has been scanned for viruses before sending, > > but the company does not accept any responsibility for infection and > > recommends that you scan any attachments. > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > The information contained in this e-mail is confidential and is > intended for the addressee only. The contents of this e-mail must not > be disclosed or copied without the sender's consent. If you are not > the intended recipient of the message, please notify the sender > immediately, and delete the message. The statements and opinions > expressed in this message are those of the author and do not > necessarily reflect those of the company. No commitment may be > inferred from the contents unless explicitly stated. The company > does not take any responsibility for the personal views of the author. > This message has been scanned for viruses before sending, but the > company does not accept any responsibility for infection and > recommends that you scan any attachments. -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. From andersjk at sol-invictus.org Thu Aug 22 07:11:19 2002 From: andersjk at sol-invictus.org (Kevin Anderson) Date: Thu, 22 Aug 2002 14:11:19 +0200 (CEST) Subject: [pptp-server] Ppp modules not automatically loading after upg rade In-Reply-To: <592F914D209FD942908826DFF2277A2D0D62CA@COMMSSERVER> Message-ID: Hi Andy, i did this... wrote a small script in /etc/rc.d/init.d/ppp-mods then put the link in the rc3.d directory so it starts everytime...of course if you are setup for runlevel 3 in your inittab. kevin On Thu, 22 Aug 2002, Andrew Lyon wrote: > All compiled and working ok, but again it doenst load the module > automatically, I think there is either a bug in the latest ppp-mppe rpm or a > bug in my setup!, for now I've put modprobe ppp_generic in my rc.local which > fixes the problem. > > andy > > -----Original Message----- > From: Andrew Lyon > Sent: 22 August 2002 12:23 > To: 'R. de Vroede' > Cc: 'pptp-server at lists.schulte.org' > Subject: RE: [pptp-server] Ppp modules not automatically loading after upg > rade > > > Yes!, > > I'm trying something else now, I usually try to keep my servers RPM only, > although on my own workstation I do things very differently, for this reason > I have been using the pptp and ppp-mppe rpms for quite a while, but instead > of using kernel rpms which include ppp-mppe, I usually just install the > latest redhat kernel source rpms, and patch it for ppp_mppe, for the > standard redhat 7.3 kernel source rpms and all versions upto 2.4.18-5, I > used the 2.4.16 kernel patch, which worked fine, I've noticed a new patch at > http://planetmirror.com/pub/mppe/ for 2.4.19, I just tried to apply it to > 2.4.18-10 , I applied more cleanly than the 2.4.16 patch so perhaps it will > work ! > > I'll let you know. > > andy > > -----Original Message----- > From: R. de Vroede [mailto:r.devroede at linvision.com] > Sent: 22 August 2002 12:22 > To: Andrew Lyon > Subject: RE: [pptp-server] Ppp modules not automatically loading after upg > rade > > > You DID enable it in the kernel did you? > > On Thu, 2002-08-22 at 12:42, Andrew Lyon wrote: > > I've just noticed that I cannot run pppd manually: > > > > pppd > > pppd: This system lacks kernel support for PPP. This could be because > > the PPP kernel module could not be loaded, or because PPP was not > > included in the kernel configuration. If PPP was included as a > > module, try `/sbin/modprobe -v ppp'. If that fails, check that ppp.o > > exists in /lib/modules/`uname -r`/net. See README.linux file in the > > ppp distribution for more details. > > > > Which is obviously the cause of the errors from ppptpd! > > > > Here is my entire modules.conf > > > > alias parport_lowlevel parport_pc > > alias eth0 3c59x > > alias eth1 3c59x > > alias scsi_hostadapter aic7xxx > > alias usb-controller usb-uhci > > alias char-major-108 ppp_generic > > #alias ppp ppp_generic > > alias ppp-compress-18 ppp_mppe > > alias ppp-compress-21 bsd_comp > > alias ppp-compress-24 ppp_deflate > > alias ppp-compress-26 ppp_deflate > > alias net-pf-47 ip_gre > > alias tty-ldisc-3 ppp_async > > alias tty-ldisc-14 ppp_synctty > > alias sound-slot-0 sb > > post-install sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -L > > >/dev/null > > 2>&1 || : > > pre-remove sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -S > > >/dev/null > > 2>&1 || : > > options sound dmabuf=1 > > alias synth0 opl3 > > options opl3 io=0x388 > > options sb isapnp=1 > > alias char-major-108 off # This will be different for 2.3.x kernels > > > > > > > > -----Original Message----- > > From: R. de Vroede [mailto:r.devroede at linvision.com] > > Sent: 22 August 2002 11:31 > > To: Andrew Lyon > > Subject: RE: [pptp-server] Ppp modules not automatically loading after > > upg rade > > > > > > The 'alias char-major-108 ppp_generic' should do the magic. Maybe you > > should move it up, above the other ppp modules. Just a guess. > > > > Regards, > > Richard > > > > On Thu, 2002-08-22 at 12:11, Andrew Lyon wrote: > > > Just tried that still get the same error, modprobe -v ppp_generic > > > fixed it again... Strange! > > > > > > -----Original Message----- > > > From: R. de Vroede [mailto:r.devroede at linvision.com] > > > Sent: 22 August 2002 11:03 > > > To: Andrew Lyon > > > Cc: 'pptp-server at lists.schulte.org' > > > Subject: Re: [pptp-server] Ppp modules not automatically loading > > > after upgrade > > > > > > > > > remove alias ppp ppp_generic from /etc/modules.conf and run depmod > > > -a > > > This is a little inherited mistake. > > > > > > Regards, > > > Richard de Vroede > > > > > > > > > > > > On Thu, 2002-08-22 at 11:50, Andrew Lyon wrote: > > > > Hi, > > > > > > > > I just performed some RPM upgrades on our Redhat 7.3 server, I > > > > upgraded the kernel rpms to 2.4.18-10, I applied the patch for > > > > ppp_mppe to the kernel source and compiled both the kernel and > > > > modules successfully. > > > > > > > > I also upgraded from ppp-mppe-2.4.1-5 to ppp-mppe-2.4.1-7. > > > > > > > > Before this upgrade, the server would boot up and start up > > > > services, including pptpd which would all work perfectly. > > > > > > > > After this upgrade, I get errors when clients attempt to connect > > > > to > > > > pptpd: > > > > > > > > Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Starting call > > > > (launching pppd, opening GRE) Aug 22 10:42:09 LinuxServer > > > > pptpd[1966]: > > > > GRE: > > > > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error > > > > = Input/output error Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: > > > > PTY read or GRE write failed > > > > (pty,gre)=(5,6) > > > > Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Client x.x.x.x control > > > > connection finished Aug 22 10:42:17 LinuxServer pptpd[1969]: CTRL: > > > > Client x.x.x.x control connection started > > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Starting call > (launching > > > > pppd, opening GRE) > > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: GRE: > > > > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 > > > > error > = > > > > Input/output error > > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: PTY read or GRE > > > > write > > > failed > > > > (pty,gre)=(5,6) > > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Client x.x.x.x > > > > control connection finished > > > > > > > > I realised that ppp is not loading the ppp module (ppp_generic) > > > > automatically, I checked my modules.conf which appears to be > > > > correct: > > > > > > > > alias ppp ppp_generic > > > > alias ppp-compress-18 ppp_mppe > > > > alias ppp-compress-21 bsd_comp > > > > alias ppp-compress-24 ppp_deflate > > > > alias ppp-compress-26 ppp_deflate > > > > alias net-pf-47 ip_gre > > > > alias char-major-108 ppp_generic > > > > alias tty-ldisc-3 ppp_async > > > > alias tty-ldisc-14 ppp_synctty > > > > > > > > If I modprobe -v ppp, the ppp_generic module loads, and clients > > > > can connect without any problems. > > > > > > > > andy > > > > > > > > The information contained in this e-mail is confidential and is > > > > intended for the addressee only. The contents of this e-mail must > > > > not be disclosed or copied without the sender's consent. If you > > > > are not the intended recipient of the message, please notify the > > > > sender immediately, and delete the message. The statements and > > > > opinions expressed in this message are those of the author and do > > > > not necessarily reflect those of the company. No commitment may be > > > > inferred from the contents unless explicitly stated. The company > > > > does not take any responsibility for the personal views of the > > > > author. This message has been scanned for viruses before sending, > > > > but the company does not accept any responsibility for infection > > > > and recommends that you scan any attachments. > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > -- > > > Richard de Vroede > > > (r.devroede at linvision.com) > > > ------------------------------------------------ > > > Linvision BV Provides Linux Solutions > > > Elektronicaweg 16D > > > 2628 XG Delft > > > T: +31157502310 info at linvision.com > > > F: +31157502319 http://devel.linvision.com > > > ------------------------------------------------ > > > > > > The information contained in this e-mail is confidential and is > > > intended for the addressee only. The contents of this e-mail must > > > not be disclosed or copied without the sender's consent. If you are > > > not the intended recipient of the message, please notify the sender > > > immediately, and delete the message. The statements and opinions > > > expressed in this message are those of the author and do not > > > necessarily reflect those of the company. No commitment may be > > > inferred from the contents unless explicitly stated. The company > > > does not take any responsibility for the personal views of the > > > author. This message has been scanned for viruses before sending, > > > but the company does not accept any responsibility for infection and > > > recommends that you scan any attachments. > > -- > > Richard de Vroede > > (r.devroede at linvision.com) > > ------------------------------------------------ > > Linvision BV Provides Linux Solutions > > Elektronicaweg 16D > > 2628 XG Delft > > T: +31157502310 info at linvision.com > > F: +31157502319 http://devel.linvision.com > > ------------------------------------------------ > > > > The information contained in this e-mail is confidential and is > > intended for the addressee only. The contents of this e-mail must not > > be disclosed or copied without the sender's consent. If you are not > > the intended recipient of the message, please notify the sender > > immediately, and delete the message. The statements and opinions > > expressed in this message are those of the author and do not > > necessarily reflect those of the company. No commitment may be > > inferred from the contents unless explicitly stated. The company > > does not take any responsibility for the personal views of the author. > > This message has been scanned for viruses before sending, but the > > company does not accept any responsibility for infection and > > recommends that you scan any attachments. > -- @ _____________________________________________ chaos, panic and disorder... my job is done... From Administrator at josims.com Thu Aug 22 07:13:06 2002 From: Administrator at josims.com (Andrew Lyon) Date: Thu, 22 Aug 2002 13:13:06 +0100 Subject: [pptp-server] Ppp modules not automatically loading after upg rade Message-ID: <592F914D209FD942908826DFF2277A2D0D62CC@COMMSSERVER> Yeh that's a cleaner solution, its not really a serious problem just strikes me as a bit odd that it used to load automatically but not any more. :) -----Original Message----- From: Kevin Anderson [mailto:andersjk at sol-invictus.org] Sent: 22 August 2002 13:11 To: Andrew Lyon Cc: 'R. de Vroede'; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] Ppp modules not automatically loading after upg rade Hi Andy, i did this... wrote a small script in /etc/rc.d/init.d/ppp-mods then put the link in the rc3.d directory so it starts everytime...of course if you are setup for runlevel 3 in your inittab. kevin On Thu, 22 Aug 2002, Andrew Lyon wrote: > All compiled and working ok, but again it doenst load the module > automatically, I think there is either a bug in the latest ppp-mppe > rpm or a bug in my setup!, for now I've put modprobe ppp_generic in my > rc.local which fixes the problem. > > andy > > -----Original Message----- > From: Andrew Lyon > Sent: 22 August 2002 12:23 > To: 'R. de Vroede' > Cc: 'pptp-server at lists.schulte.org' > Subject: RE: [pptp-server] Ppp modules not automatically loading after > upg rade > > > Yes!, > > I'm trying something else now, I usually try to keep my servers RPM > only, although on my own workstation I do things very differently, for > this reason I have been using the pptp and ppp-mppe rpms for quite a > while, but instead of using kernel rpms which include ppp-mppe, I > usually just install the latest redhat kernel source rpms, and patch > it for ppp_mppe, for the standard redhat 7.3 kernel source rpms and > all versions upto 2.4.18-5, I used the 2.4.16 kernel patch, which > worked fine, I've noticed a new patch at > http://planetmirror.com/pub/mppe/ for 2.4.19, I just tried to apply it > to 2.4.18-10 , I applied more cleanly than the 2.4.16 patch so perhaps > it will work ! > > I'll let you know. > > andy > > -----Original Message----- > From: R. de Vroede [mailto:r.devroede at linvision.com] > Sent: 22 August 2002 12:22 > To: Andrew Lyon > Subject: RE: [pptp-server] Ppp modules not automatically loading after > upg rade > > > You DID enable it in the kernel did you? > > On Thu, 2002-08-22 at 12:42, Andrew Lyon wrote: > > I've just noticed that I cannot run pppd manually: > > > > pppd > > pppd: This system lacks kernel support for PPP. This could be > > because the PPP kernel module could not be loaded, or because PPP > > was not included in the kernel configuration. If PPP was included > > as a module, try `/sbin/modprobe -v ppp'. If that fails, check that > > ppp.o exists in /lib/modules/`uname -r`/net. See README.linux file > > in the ppp distribution for more details. > > > > Which is obviously the cause of the errors from ppptpd! > > > > Here is my entire modules.conf > > > > alias parport_lowlevel parport_pc > > alias eth0 3c59x > > alias eth1 3c59x > > alias scsi_hostadapter aic7xxx > > alias usb-controller usb-uhci > > alias char-major-108 ppp_generic > > #alias ppp ppp_generic > > alias ppp-compress-18 ppp_mppe > > alias ppp-compress-21 bsd_comp > > alias ppp-compress-24 ppp_deflate > > alias ppp-compress-26 ppp_deflate > > alias net-pf-47 ip_gre > > alias tty-ldisc-3 ppp_async > > alias tty-ldisc-14 ppp_synctty > > alias sound-slot-0 sb > > post-install sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -L > > >/dev/null > > 2>&1 || : > > pre-remove sound-slot-0 /bin/aumix-minimal -f /etc/.aumixrc -S > > >/dev/null > > 2>&1 || : > > options sound dmabuf=1 > > alias synth0 opl3 > > options opl3 io=0x388 > > options sb isapnp=1 > > alias char-major-108 off # This will be different for 2.3.x kernels > > > > > > > > -----Original Message----- > > From: R. de Vroede [mailto:r.devroede at linvision.com] > > Sent: 22 August 2002 11:31 > > To: Andrew Lyon > > Subject: RE: [pptp-server] Ppp modules not automatically loading > > after upg rade > > > > > > The 'alias char-major-108 ppp_generic' should do the magic. Maybe > > you should move it up, above the other ppp modules. Just a guess. > > > > Regards, > > Richard > > > > On Thu, 2002-08-22 at 12:11, Andrew Lyon wrote: > > > Just tried that still get the same error, modprobe -v ppp_generic > > > fixed it again... Strange! > > > > > > -----Original Message----- > > > From: R. de Vroede [mailto:r.devroede at linvision.com] > > > Sent: 22 August 2002 11:03 > > > To: Andrew Lyon > > > Cc: 'pptp-server at lists.schulte.org' > > > Subject: Re: [pptp-server] Ppp modules not automatically loading > > > after upgrade > > > > > > > > > remove alias ppp ppp_generic from /etc/modules.conf and run depmod > > > -a This is a little inherited mistake. > > > > > > Regards, > > > Richard de Vroede > > > > > > > > > > > > On Thu, 2002-08-22 at 11:50, Andrew Lyon wrote: > > > > Hi, > > > > > > > > I just performed some RPM upgrades on our Redhat 7.3 server, I > > > > upgraded the kernel rpms to 2.4.18-10, I applied the patch for > > > > ppp_mppe to the kernel source and compiled both the kernel and > > > > modules successfully. > > > > > > > > I also upgraded from ppp-mppe-2.4.1-5 to ppp-mppe-2.4.1-7. > > > > > > > > Before this upgrade, the server would boot up and start up > > > > services, including pptpd which would all work perfectly. > > > > > > > > After this upgrade, I get errors when clients attempt to connect > > > > to > > > > pptpd: > > > > > > > > Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Starting call > > > > (launching pppd, opening GRE) Aug 22 10:42:09 LinuxServer > > > > pptpd[1966]: > > > > GRE: > > > > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 > > > > error = Input/output error Aug 22 10:42:09 LinuxServer > > > > pptpd[1966]: CTRL: PTY read or GRE write failed > > > > (pty,gre)=(5,6) > > > > Aug 22 10:42:09 LinuxServer pptpd[1966]: CTRL: Client x.x.x.x > > > > control connection finished Aug 22 10:42:17 LinuxServer > > > > pptpd[1969]: CTRL: Client x.x.x.x control connection started Aug > > > > 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Starting call > (launching > > > > pppd, opening GRE) > > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: GRE: > > > > read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 > > > > error > = > > > > Input/output error > > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: PTY read or GRE > > > > write > > > failed > > > > (pty,gre)=(5,6) > > > > Aug 22 10:42:19 LinuxServer pptpd[1969]: CTRL: Client x.x.x.x > > > > control connection finished > > > > > > > > I realised that ppp is not loading the ppp module (ppp_generic) > > > > automatically, I checked my modules.conf which appears to be > > > > correct: > > > > > > > > alias ppp ppp_generic > > > > alias ppp-compress-18 ppp_mppe > > > > alias ppp-compress-21 bsd_comp > > > > alias ppp-compress-24 ppp_deflate > > > > alias ppp-compress-26 ppp_deflate > > > > alias net-pf-47 ip_gre > > > > alias char-major-108 ppp_generic > > > > alias tty-ldisc-3 ppp_async > > > > alias tty-ldisc-14 ppp_synctty > > > > > > > > If I modprobe -v ppp, the ppp_generic module loads, and clients > > > > can connect without any problems. > > > > > > > > andy > > > > > > > > The information contained in this e-mail is confidential and is > > > > intended for the addressee only. The contents of this e-mail > > > > must not be disclosed or copied without the sender's consent. If > > > > you are not the intended recipient of the message, please notify > > > > the sender immediately, and delete the message. The statements > > > > and opinions expressed in this message are those of the author > > > > and do not necessarily reflect those of the company. No > > > > commitment may be inferred from the contents unless explicitly > > > > stated. The company does not take any responsibility for the > > > > personal views of the author. This message has been scanned for > > > > viruses before sending, but the company does not accept any > > > > responsibility for infection and recommends that you scan any > > > > attachments. > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > -- > > > Richard de Vroede > > > (r.devroede at linvision.com) > > > ------------------------------------------------ > > > Linvision BV Provides Linux Solutions > > > Elektronicaweg 16D > > > 2628 XG Delft > > > T: +31157502310 info at linvision.com > > > F: +31157502319 http://devel.linvision.com > > > ------------------------------------------------ > > > > > > The information contained in this e-mail is confidential and is > > > intended for the addressee only. The contents of this e-mail must > > > not be disclosed or copied without the sender's consent. If you > > > are not the intended recipient of the message, please notify the > > > sender immediately, and delete the message. The statements and > > > opinions expressed in this message are those of the author and do > > > not necessarily reflect those of the company. No commitment may be > > > inferred from the contents unless explicitly stated. The company > > > does not take any responsibility for the personal views of the > > > author. This message has been scanned for viruses before sending, > > > but the company does not accept any responsibility for infection > > > and recommends that you scan any attachments. > > -- > > Richard de Vroede > > (r.devroede at linvision.com) > > ------------------------------------------------ > > Linvision BV Provides Linux Solutions > > Elektronicaweg 16D > > 2628 XG Delft > > T: +31157502310 info at linvision.com > > F: +31157502319 http://devel.linvision.com > > ------------------------------------------------ > > > > The information contained in this e-mail is confidential and is > > intended for the addressee only. The contents of this e-mail must > > not be disclosed or copied without the sender's consent. If you are > > not the intended recipient of the message, please notify the sender > > immediately, and delete the message. The statements and opinions > > expressed in this message are those of the author and do not > > necessarily reflect those of the company. No commitment may be > > inferred from the contents unless explicitly stated. The company > > does not take any responsibility for the personal views of the > > author. This message has been scanned for viruses before sending, > > but the company does not accept any responsibility for infection and > > recommends that you scan any attachments. > -- @ _____________________________________________ chaos, panic and disorder... my job is done... The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. From lists at lwolenczak.net Thu Aug 22 20:55:32 2002 From: lists at lwolenczak.net (lists at lwolenczak.net) Date: Thu, 22 Aug 2002 21:55:32 -0400 (EDT) Subject: [pptp-server] Using the newish pppd.... Does ChapMSv2 over Radius even work? Message-ID: Radius seems to hang when doing chapmsv2 on a box I'm working with... I have yet to dig into it much, but i get no error messages.. it just seems to time out... MS Chap seems to work, but I cant get mppe to work with it... Chap works over radius... HELP! -- Justin Kreger, MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net From jsubs at shanholtz.com Sat Aug 24 13:21:35 2002 From: jsubs at shanholtz.com (Jeff Shanholtz) Date: Sat, 24 Aug 2002 11:21:35 -0700 Subject: [pptp-server] can't get through firewall In-Reply-To: <000201c248df$8698e870$6500a8c0@jeff> Message-ID: <001b01c24b9b$1521dcb0$6500a8c0@jeff> Well I had some offline help and thought I'd share the results just for the record. My main problem was that I was using the same IP address for both client IP and server IP, which some time ago I read was acceptable and indeed, it used to work fine because I was successfully running poptop with ipchains (no encryption) in the past. For some reason, it doesn't work anymore (whether it's the encryption or what, I don't know). The secondary problem is that Robert's (berzerke) iptables rules don't work for me and I haven't figured out why. However, Jerry Vonau sent me some rules that do work. I don't know if his are just as secure or if I ought to figure out the problem with Robert's if they're somehow better/more secure. Here are Jerry's: /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT /sbin/iptables -A OUTPUT -o $EXTINT -p TCP --sport 1723 -j ACCEPT /sbin/iptables -A INPUT -i $EXTINT -p TCP --dport 1723 -j ACCEPT /sbin/iptables -A FORWARD -i ppp+ -o $INTINT -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT /sbin/iptables -A FORWARD -i $INTINT -o ppp+ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT Thanks in particular to Robert and Jerry who were both a big help in solving my problems. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Jeff Shanholtz Sent: Tuesday, August 20, 2002 11:54 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] can't get through firewall I've set up poptop, ppp, and my kernel for 128 bit encryption according to the document. However I can't seem to get through the firewall. First I tried the "simple" firewall script given in the "2.4 Kernel Howto (Robert)" document with no luck, and since that script doesn't set up any reject logging, I then tried the "complete" firewall script he mentions (http://home.swbell.net/berzerke). I still can't connect, but now I'm getting some log information which has me a little puzzled. Aug 20 23:30:09 antishane kernel: Input packet droppedIN=eth1 OUT= MAC=00:20:af:a3:ea:67:00:80:48:db:39:80:08:00 SRC=4.18.238.25 DST=4.18.238.26 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=6479 DF PROTO=TCP SPT=4725 DPT=1723 WINDOW=16384 RES=0x00 SYN URGP=0 The first line of the pptpd section should cause that packet to be allowed as far as I can tell. Can someone point out the problem? $EXTINT is set to "eth1" and $PUBLICPORTS is set to "1024:65535" #Allow pptpd connections (port 1723) /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ --sport $PUBLICPORTS --dport 1723 -j ACCEPT /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT /sbin/iptables -A INPUT -i ppp+ \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT /sbin/iptables -A OUTPUT -o ppp+ \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT /sbin/iptables -A FORWARD -i ppp+ -o $EXTINT -p 47 \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT /sbin/iptables -A FORWARD -o ppp+ -i $EXTINT -p 47 \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT /sbin/iptables -t nat -A PREROUTING -j LOG --log-level info \ --log-prefix "PreNat logging after pptpd." #Rules to allow surfing /sbin/iptables -A FORWARD -i ppp+ -o $EXTINT -s $LOCALNETWORK \ -j ACCEPT /sbin/iptables -A FORWARD -o ppp+ -i $EXTINT -d $LOCALNETWORK \ -j ACCEPT echo "PPTPD allowed" _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From bao at gibbons.com Mon Aug 26 12:26:10 2002 From: bao at gibbons.com (bao) Date: Mon, 26 Aug 2002 10:26:10 -0700 Subject: [pptp-server] problem with routing table on client Message-ID: <3D6A64B2.9040702@gibbons.com> Good day everyone, I'm using RH7.3, kernel 2.4.18-3 with ppp-mppe 2.4.1-6 (rpm version) and pptpd 1.1.2-2. Everything works great except one little problem. Our network is 186.200.127.160-191. When VPN is up, I check the client side routing table and see an entry similar to this: 186.0.0.0 255.0.0.0 186.200.127.187 186.200.127.187 1 I have seen discussions about Microsoft always giving the wrong subnet mask (i.e., 255.0.0.0). But with this huge subnet 186.0.0.0 instead of 186.200.127.0 (desirably 186.200.127.160 and subnet mask 255.255.255.224), there is possibly a huge amount of traffic going to/from this huge network. And all of it will be blocked by the firewall on the pptp server. Is there any work-around that anyone has known of? Thanks for any help From bao at gibbons.com Mon Aug 26 17:04:05 2002 From: bao at gibbons.com (bao) Date: Mon, 26 Aug 2002 15:04:05 -0700 Subject: [pptp-server] OT Message-ID: <3D6AA5D5.2050801@gibbons.com> I'm looking for a CD writer that has its own driver for Linux (RH 7.3) Does anyone know of any brand?? Thank you all From discard at chickenandporn.com Mon Aug 26 17:16:33 2002 From: discard at chickenandporn.com (Reply To List Only) Date: Mon, 26 Aug 2002 18:16:33 -0400 Subject: [pptp-server] problem with routing table on client References: <3D6A64B2.9040702@gibbons.com> Message-ID: <3D6AA8C1.3DF3EAB2@chickenandporn.com> I thought the answer to this a while back was that Microsoft always gave out an assumed netmask based on IP Classes. 186.x.y.z is from class A space, and the server has given you a Class A netmask. If you have any dynamic routing protocols implemented, ie RIP or something more intelligent, you'll be automatically receiving receiving routing table entries for local subnets. These routing entries will be more specific than your 186.0.0.0/8, so your gateway/VPN box should choose then over your 186/8, yielding a more logical route to those advertised subnets. Does your 8-bit mask become a 24-bit mask when using IP pools from 182.168.x.0 for the PPTP IPs? Allan bao wrote: > > Good day everyone, > > I'm using RH7.3, kernel 2.4.18-3 with ppp-mppe 2.4.1-6 (rpm version) and > pptpd 1.1.2-2. Everything works great > except one little problem. Our network is 186.200.127.160-191. When VPN > is up, I check the client side routing > table and see an entry similar to this: > 186.0.0.0 255.0.0.0 186.200.127.187 186.200.127.187 1 > > I have seen discussions about Microsoft always giving the wrong subnet > mask (i.e., 255.0.0.0). > But with this huge subnet 186.0.0.0 instead of 186.200.127.0 (desirably > 186.200.127.160 and subnet mask > 255.255.255.224), there is possibly a huge amount of traffic going > to/from this huge network. And all of it > will be blocked by the firewall on the pptp server. > > Is there any work-around that anyone has known of? > > Thanks for any help > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From fabio at ipway.com.br Tue Aug 27 09:13:43 2002 From: fabio at ipway.com.br (Fabio Oliveira) Date: Tue, 27 Aug 2002 11:13:43 -0300 Subject: [pptp-server] failed to start pptpclient-restart (off-topic) In-Reply-To: <000901c23fde$608406b0$0901a8c0@carlosa> Message-ID: Dear, I am trying use pptpclient-restart at Linux to connect to my office (linux pptp server) in case of link goes down or any failed else. I insert at cron the line to do that each 5 minutes: 5,10,15,20,25,30,35,40,45,50,55 * * * * /home/fabio/pptpclient-restart But I am getting the error below: # sh pptpclient-restart pptpclient-restart: line 14: syntax error: unexpected end of file Thanks for any help. regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br phone: 13-97024714 (o- (o- (o- (o- (o- //\ //\ //\ //\ //\ V_/_ V_/_ V_/_ V_/_ V_/_ Live with freedom, choice Linux -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Carlos Arnt Enviada em: sexta-feira, 9 de agosto de 2002 16:53 Para: pptp-server at lists.schulte.org Assunto: Re: [pptp-server] route rules in linux and Windows ?? Man i mess all info this time ... Let's be more specific .. I have this scenario : Client -- Windows 2000 Server - Using Dial Up connection. He is a proxy then he use has the IP 192.168.1.1 (Mask 255.255.255.0) I have 3 machines below that are - 192.168.1.2 to 192.168.1.3. ---- Server -- Linux usign pptpd server . He is using a Cable modem connection on his eth0 and has the IP 192.168.10.160 in his ETH1. Have 30 machines using it . ( 192.168.10.x) Mask 255.255.255.0 I leave the range - 192.168.10.170-180 to VPN purposes. -------- I just need to know when the client connect (Win2000) how make the computers that are in the (192.168.1.x) network see the (192.168.10.x) computers connected in the server side over the tunnel. Also i put to when the client connect always receive the IP 192.168.10.171. I think it's simple . If i'm wrong please someone tell-me !! Under the Linux server i must put this : /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.10.171 (Think that with this i tell the server this route) But what put under the WIndows 2000 client ?? To his inside networks computers see the inside networks computer of the vpn server ?? I think i just need two rules one at each computer (server and client) but what rule ?? Well thanks anyway . Carlos. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From Steve at SteveCowles.com Tue Aug 27 09:46:30 2002 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 27 Aug 2002 09:46:30 -0500 Subject: [pptp-server] failed to start pptpclient-restart (off-topic) Message-ID: <90769AF04F76D41186C700A0C90AFC3EEBFA@defiant.infohiiway.com> > -----Original Message----- > From: Fabio Oliveira > Sent: Tuesday, August 27, 2002 9:14 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] failed to start pptpclient-restart (off-topic) > > > Dear, > > I am trying use pptpclient-restart at Linux to connect to my > office (linux pptp server) in case of link goes down or any > failed else. > > I insert at cron the line to do that each 5 minutes: > 5,10,15,20,25,30,35,40,45,50,55 * * * * /home/fabio/pptpclient-restart > > But I am getting the error below: > > # sh pptpclient-restart > pptpclient-restart: line 14: syntax error: unexpected end of file Have you taken a look at line 14 to see if you can spot the error? If line 14 is the end of the file, then look above line 14 to insure that all if,then,else/case statements are properly terminated. BTW: Most cron systems support specifying a "step" value. i.e. your cron entry can "probably" be specified using the following syntax: */5 * * * * /home/fabio/pptpclient-restart ...or even by using a "range" and "step" syntax 0-59/5 * * * * /home/fabio/pptpclient-restart Steve Cowles From Gareth_Marlow at scientia.com Tue Aug 27 11:28:18 2002 From: Gareth_Marlow at scientia.com (Gareth Marlow) Date: Tue, 27 Aug 2002 17:28:18 +0100 Subject: [pptp-server] Shifting ISPs - possible problem? Message-ID: I have been running a PoPToP server for about 2.5 years now with no problems. We have a class C network; the VPN server is on a DMZ behind a multi-homed Debian 2.2 box running IP chains. All IP addresses are publicly-routed; everything is cool. Unfortunately, we are shortly to be moving to a new ISP which will allocate us a tiny handful of IP addresses. I plan to keep the firewall and Proxy-ARP the addresses of the servers on the DMZ. To complicate matters, the ISP will be using static NAT (i.e. NOT masquerading). All of my PPTP clients are direct dial-up to the 'net. Are there likely to be any problems with this - both upstream with the ISP doing the 1 to 1 NATing, and with me proxy-arping the VPN server? We often have more than 1 simultaneous user (we have about 15 road warriors and the high water mark for simultaneous connections is 6). To summarise, the new config will be: Road warrior -- Internet -- ISP -- (1 to 1 static NAT) -- ProxyARP IP chains firewall -- PoPToP server If anyone is running this kind of config (or even just part of it) it'd be great to hear from you. Gareth -- Systems Manager, Scientia Ltd. and Fontal Ltd. From james.cameron at hp.com Tue Aug 27 20:50:22 2002 From: james.cameron at hp.com (James Cameron) Date: 28 Aug 2002 11:50:22 +1000 Subject: [pptp-server] failed to start pptpclient-restart (off-topic) In-Reply-To: References: Message-ID: <1030499425.14197.183.camel@quozl> On Wed, 2002-08-28 at 00:13, Fabio Oliveira wrote: > I am trying use pptpclient-restart at Linux to connect to my office (linux > pptp server) in case of link goes down or any failed else. Isn't it better to have pppd manage this process using the persist option? No dependency on cron. Immediate response. Detects LCP echo loss. It is necessary to activate pptp from within pppd, which is quite straightforward. I wrote it up here: http://pptpclient.sourceforge.net/howto-diagnosis.phtml#command_not_found -- James Cameron (james.cameron at hp.com) http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ From pcathala at orchestra.fr Wed Aug 28 12:51:20 2002 From: pcathala at orchestra.fr (Philippe CATHALA) Date: Wed, 28 Aug 2002 19:51:20 +0200 Subject: [pptp-server] Problem with IP allocation Message-ID: Hi, I've compiled PPTP with IP allocation and when I try to connect with a Window Client I have the following error : Could Not Determine local IP Adress. In my pptpd.conf I have only 2 lines : debug option /etc/ppp/options.pptp Someone could help me. Thanks in advance. Philippe ---------------------------------- Philippe CATHALA Orchestra France Responsable R&D Tel : 04.67.69.63.15 Fax : 04.67.69.63.30 email : pcathala at orchestra.fr ---------------------------------- From jvonau at shaw.ca Wed Aug 28 22:02:37 2002 From: jvonau at shaw.ca (Jerry Vonau) Date: Wed, 28 Aug 2002 22:02:37 -0500 Subject: [pptp-server] Problem with IP allocation Message-ID: <01C24EDE.A01608A0.jvonau@shaw.ca> Philippe: In the options.pptp file you'll need to have the local ip stated: /etc/ppp/options.pptp lock #debug auth +chap +chapms +chapms-v2 +mppe-40 +mppe-128 +mppe-stateless lcp-echo-failure 10 lcp-echo-interval 5 proxyarp 10.2.0.150: Jerry Vonau -----Original Message----- From: Philippe CATHALA [SMTP:pcathala at orchestra.fr] Sent: Wednesday, August 28, 2002 12:51 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Problem with IP allocation Hi, I've compiled PPTP with IP allocation and when I try to connect with a Window Client I have the following error : Could Not Determine local IP Adress. In my pptpd.conf I have only 2 lines : debug option /etc/ppp/options.pptp Someone could help me. Thanks in advance. Philippe ---------------------------------- Philippe CATHALA Orchestra France Responsable R&D Tel : 04.67.69.63.15 Fax : 04.67.69.63.30 email : pcathala at orchestra.fr ---------------------------------- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From jorgesantos at valnetsado.pt Thu Aug 29 04:18:20 2002 From: jorgesantos at valnetsado.pt (Jorge Santos) Date: Thu, 29 Aug 2002 10:18:20 +0100 Subject: [pptp-server] Just testing - sorry Message-ID: <000001c24f3d$065e2df0$1b64a8c0@jorge> From pcathala at orchestra.fr Sat Aug 31 09:45:58 2002 From: pcathala at orchestra.fr (Philippe CATHALA) Date: Sat, 31 Aug 2002 16:45:58 +0200 Subject: [pptp-server] MPPE Encryption Message-ID: Hi, I've a problem with encryption on an RedHat 7.2 I've compiled a kernel 2.4.18 with PPP_MPPE but when I want to connect with a window client I have the following error : Couldn't set MRRU : Inappropriate ioctl for device. What's the problem. Someone could help me. thanks in advance. Philippe ---------------------------------- Philippe CATHALA Orchestra France Responsable R&D Tel : 04.67.69.63.15 Fax : 04.67.69.63.30 email : pcathala at orchestra.fr ----------------------------------