[pptp-server] Issues with OpenBSD 3
Robert Schwartz
robert at mrsquirrel.com
Thu Feb 21 13:06:17 CST 2002
Hello list, I have an issue that I'm deeply interested in solving. I
implemented a new development firewall for to move into production, and
there's just one piece that's causing me headaches. I'm running OpenBSD
3.0 on a firewall with 3 interfaces. The last issue is PoPToP.
I've compiled the latest source with --bsdppp and with -ipalloc. I've
set up the server as per the documentation I've found scattered about
the net. I've rebuilt the kernel without GRE (and I removed some
non-firewall junk like X and such from the kernel). I've added the
following 1 lines to my startup scripts:
/etc/inetd.conf
ppploop stream tcp nowait root /usr/sbin/ppp ppp
-direct loop-in
/etc/services
# ppploop 6671/tcp # loopback ppp daemon
I can connect with a client computer, exchange authentication, receive
the IP addressing information, and get registered on the remote network.
Sniffing the interface with the client shows a ton of encapsulated GRE
traffic.
When I ping (telnet, etc) from the PPTP client, nothing happens. I see
arp-requests on the internal interface when I run tcpdump, and I see the
traffic when I run tcpdump on tun0. I do not see arp-replies on the
internal network or on the tunnel though. At this point I believe that
proxy arp in ppp isn't working right. Any ideas as to why I would be
able to log in, pass an arp-whohas request to the local interface, but
not be able to get traffic back?
I've spent a few days tweaking all the files and settings and I'm no
farther then I was the first night after my successful authentication.
I haven't implemented encrypted passwords yet (one must walk before one
flies), and I am using the allow all rule in PF for these tests.
Here is my conf:
/etc/pptpd.conf
option /etc/ppp/ppp.conf
debug
localip 10.x.y.1
remoteip 10.x.y.222-223
pidfile /var/run/pptpd.pid
speed 115200
option /etc/ppp/ppp.conf
/etc/ppp/ppp.conf
loop:
set timeout 0
set log phase chat connect lcp ipcp command
set device localhost:pptp
set dial
set login
# Server (local) IP address, Range for Clients, and Netmask
set ifaddr 10.x.y.1 10.x.y.222-10.x.y.223 255.255.255.255
enable proxy
set server /tmp/loop "" 0177
loop-in:
set timeout 0
set log phase lcp ipcp command
allow mode direct
pptp:
load loop
enable chap
disable pap
# Authenticate against /etc/passwd
##enable passwdauth
enable proxy
accept dns
# DNS Servers to assign client
set dns 10.x.y.10
# NetBIOS/WINS Servers to assign client
set nbns 10.x.y.10
set device !/etc/ppp/secure
/etc/ppp/options
lock
auth
#usehostname
/etc/ppp/secure
#!/bin/sh
exec /usr/sbin/ppp -direct loop-in
and /etc/ppp/ppp.secret
username1 password1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020221/936ebc2f/attachment.html>
More information about the pptp-server
mailing list