[pptp-server] Issues with OpenBSD 3

Robert Schwartz robert at mrsquirrel.com
Thu Feb 21 13:06:17 CST 2002 

Hello list, I have an issue that I'm deeply interested in solving.  I
implemented a new development firewall for to move into production, and
there's just one piece that's causing me headaches.  I'm running OpenBSD
3.0 on a firewall with 3 interfaces.  The last issue is PoPToP.  
 
I've compiled the latest source with --bsdppp and with -ipalloc.  I've
set up the server as per the documentation I've found scattered about
the net.  I've rebuilt the kernel without GRE (and I removed some
non-firewall junk like X and such from the kernel).  I've added the
following 1 lines to my startup scripts:
 
/etc/inetd.conf
ppploop         stream  tcp     nowait  root    /usr/sbin/ppp ppp
-direct loop-in
 
/etc/services
#   ppploop 6671/tcp # loopback ppp daemon
 
I can connect with a client computer, exchange authentication, receive
the IP addressing information, and get registered on the remote network.
 
Sniffing the interface with the client shows a ton of encapsulated GRE
traffic.
 
When I ping (telnet, etc) from the PPTP client, nothing happens.  I see
arp-requests on the internal interface when I run tcpdump, and I see the
traffic when I run tcpdump on tun0.  I do not see arp-replies on the
internal network or on the tunnel though.  At this point I believe that
proxy arp in ppp isn't working right.  Any ideas as to why I would be
able to log in, pass an arp-whohas request to the local interface, but
not be able to get traffic back?
 
I've spent a few days tweaking all the files and settings and I'm no
farther then I was the first night after my successful authentication.
 
I haven't implemented encrypted passwords yet (one must walk before one
flies), and I am using the allow all rule in PF for these tests.
 
Here is my conf:
 
/etc/pptpd.conf
 
option /etc/ppp/ppp.conf
debug
localip 10.x.y.1
remoteip 10.x.y.222-223
pidfile /var/run/pptpd.pid
speed 115200
option /etc/ppp/ppp.conf
 
/etc/ppp/ppp.conf
 
loop:
 set timeout 0
 set log phase chat connect lcp ipcp command
 set device localhost:pptp
 set dial
 set login
 # Server (local) IP address, Range for Clients, and Netmask
 set ifaddr 10.x.y.1 10.x.y.222-10.x.y.223 255.255.255.255
 enable proxy
 set server /tmp/loop "" 0177
loop-in:
 set timeout 0
 set log phase lcp ipcp command
 allow mode direct
pptp:
 load loop
 enable chap
 disable pap
 # Authenticate against /etc/passwd
 ##enable passwdauth
 enable proxy
 accept dns
 # DNS Servers to assign client
 set dns 10.x.y.10
 # NetBIOS/WINS Servers to assign client
 set nbns 10.x.y.10
 set device !/etc/ppp/secure
 
/etc/ppp/options
 
lock
auth
#usehostname
 
/etc/ppp/secure
#!/bin/sh
exec /usr/sbin/ppp -direct loop-in
 
and /etc/ppp/ppp.secret
 
username1        password1
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020221/936ebc2f/attachment.html>

More information about the pptp-server mailing list