From nmazurier at free.fr  Tue Jan  1 11:42:54 2002
From: nmazurier at free.fr (Nicolas Mazurier)
Date: Tue, 1 Jan 2002 18:42:54 +0100
Subject: [pptp-server] Mandrake 8.1/PopTop 1.0.1  does not assign IP - pptpctrl segfaults?
Message-ID: <000301c192eb$bea1f720$1e01a8c0@koko>

Hi all,
 
Fist of all excuse my english...
 
Well i'm trying to setup a Linux Mandrake 8.1 box with PopTop 1.0.1 for
W2k or WinXP clients.
It runs quite well... until the IP address request: Got an error on the
client "the server did not affect an ip address". I do not have any DHCP
server running.
 
I've notice that when i run pptpctrl from a shell, with or without
parameters, it coredumps. 
 
Any help would be really appreciated! Following are the conf files and
log.
 
N.Mazurier
Lille
France
 
 
Here is the config:
The server has 1 ethernet card, 192.168.0.3. (Connected via a Linux
firewall, but even on the lan does not work)
 
-> Chap
ldesc * SECRET *
 
-> /etc/pptp.conf
debug
Localip 192.168.0.100
remoteip 192.168.0.101
option /etc/ppp/options.pptp
 
->/etc/ppp/options.pptp
auth
+chap
lock
debug
proxyarp
name 192.168.0.2
 
-> Syslog

Jan  1 18:16:07 nfw pptpd[3790]: MGR: Manager process started
Jan  1 18:16:22 nfw pptpd[3792]: MGR: Launching /usr/sbin/pptpctrl to
handle cli
ent
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: pppd options file =
/etc/ppp/options.pptp
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Client 172.143.23.78 control
connection s
tarted
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Received PPTP Control Message
(type: 1)
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Made a START CTRL CONN RPLY
packet
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: I wrote 156 bytes to the client.
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Sent packet to client
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Received PPTP Control Message
(type: 7)
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Set parameters to 1525 maxbps, 64
window
size
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Made a OUT CALL RPLY packet
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Starting call (launching pppd,
opening GR
E)
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: pty_fd = 5
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: tty_fd = 6
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: I wrote 32 bytes to the client.
Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Sent packet to client
Jan  1 18:16:22 nfw pptpd[3793]: CTRL (PPPD Launcher): Connection speed
= 115200
Jan  1 18:16:23 nfw pppd[3793]: pppd 2.4.1 started by root, uid 0
Jan  1 18:16:23 nfw pppd[3793]: using channel 42
Jan  1 18:16:23 nfw pppd[3793]: Using interface ppp0
Jan  1 18:16:23 nfw pppd[3793]: Connect: ppp0 <--> /dev/pts/1
Jan  1 18:16:23 nfw pppd[3793]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth ch
ap MD5> <magic 0x61ca7314> <pcomp> <accomp>]
Jan  1 18:16:23 nfw pptpd[3792]: CTRL: Received PPTP Control Message
(type: 15)
Jan  1 18:16:23 nfw pptpd[3792]: CTRL: Got a SET LINK INFO packet with
standard
ACCMs
Jan  1 18:16:23 nfw pptpd[3792]: GRE: Discarding duplicate packet
Jan  1 18:16:23 nfw pppd[3793]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth ch
ap MD5> <magic 0x61ca7314> <pcomp> <accomp>]
Jan  1 18:16:25 nfw pppd[3793]: rcvd [LCP ConfReq id=0x1 <mru 1400>
<magic 0x155
94551> <pcomp> <accomp>]
Jan  1 18:16:25 nfw pppd[3793]: sent [LCP ConfAck id=0x1 <mru 1400>
<magic 0x155
94551> <pcomp> <accomp>]
Jan  1 18:16:25 nfw pppd[3793]: sent [CHAP Challenge id=0x1
<509992dcc0c25223d32
41dd4381e0951ead336fb9cd5>, name = "192.168.0.2"]
Jan  1 18:16:25 nfw pptpd[3792]: CTRL: Received PPTP Control Message
(type: 15)
Jan  1 18:16:25 nfw pptpd[3792]: CTRL: Ignored a SET LINK INFO packet
with real
ACCMs!
Jan  1 18:16:26 nfw pppd[3793]: rcvd [CHAP Response id=0x1
<085def94495e051cf1c2
958cfcb5bcdb>, name = "ldesc"]
Jan  1 18:16:26 nfw pppd[3793]: Warning - secret file
/etc/ppp/chap-secrets has
world and/or group access
Jan  1 18:16:26 nfw pppd[3793]: sent [CHAP Success id=0x1 "Welcome to
nfw.rezo."
]
Jan  1 18:16:26 nfw pppd[3793]: sent [IPCP ConfReq id=0x1 <addr
192.168.0.3> <co
mpress VJ 0f 01>]
Jan  1 18:16:26 nfw pppd[3793]: sent [CCP ConfReq id=0x1 <deflate 15>
<deflate(o
ld#) 15> <bsd v1 15>]
Jan  1 18:16:26 nfw pppd[3793]: CHAP peer authentication succeeded for
ldesc
Jan  1 18:16:26 nfw pppd[3793]: rcvd [IPCP ConfReq id=0x2 <addr 0.0.0.0>
<ms-dns
1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Jan  1 18:16:26 nfw pppd[3793]: sent [IPCP ConfRej id=0x2 <addr 0.0.0.0>
<ms-dns
1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Jan  1 18:16:26 nfw pppd[3793]: rcvd [IPCP ConfRej id=0x1 <compress VJ
0f 01>]
Jan  1 18:16:26 nfw pppd[3793]: sent [IPCP ConfReq id=0x2 <addr
192.168.0.3>]
Jan  1 18:16:26 nfw pppd[3793]: rcvd [LCP ProtRej id=0x3 80 fd 01 01 00
0f 1a 04
 78 00 18 04 78 00 15 03 2f]
Jan  1 18:16:27 nfw pppd[3793]: rcvd [IPCP ConfReq id=0x4 <addr
0.0.0.0>]
Jan  1 18:16:27 nfw pppd[3793]: sent [IPCP ConfRej id=0x4 <addr
0.0.0.0>]
Jan  1 18:16:27 nfw pppd[3793]: rcvd [IPCP ConfAck id=0x2 <addr
192.168.0.3>]
Jan  1 18:16:28 nfw pppd[3793]: rcvd [IPCP TermReq id=0x5 15 59 45 51 00
3c cd 7
4 00 00 02 e2]
Jan  1 18:16:28 nfw pppd[3793]: sent [IPCP TermAck id=0x5]
Jan  1 18:16:28 nfw pptpd[3792]: CTRL: Received PPTP Control Message
(type: 15)
Jan  1 18:16:28 nfw pptpd[3792]: CTRL: Got a SET LINK INFO packet with
standard
ACCMs
Jan  1 18:16:28 nfw pppd[3793]: rcvd [LCP TermReq id=0x6 15 59 45 51 00
3c cd 74
 00 00 00 00]
Jan  1 18:16:28 nfw pppd[3793]: LCP terminated by peer (
<mailto:^UYEQ^@> ^UYEQ^@<M-Mt^@^@^@^@)
Jan  1 18:16:28 nfw pppd[3793]: sent [LCP TermAck id=0x6]
Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Received PPTP Control Message
(type: 12)
Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Made a CALL DISCONNECT RPLY
packet
Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Received CALL CLR request
(closing call)
Jan  1 18:16:29 nfw pptpd[3792]: CTRL: I wrote 148 bytes to the client.
Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Sent packet to client
Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Error with select(), quitting
Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Client 172.143.23.78 control
connection f
inished
Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Exiting now
Jan  1 18:16:29 nfw pptpd[3790]: MGR: Reaped child 3792
Jan  1 18:16:29 nfw pppd[3793]: Modem hangup
Jan  1 18:16:29 nfw pppd[3793]: Connection terminated.
Jan  1 18:16:29 nfw pppd[3793]: Connect time 0.1 minutes.
Jan  1 18:16:29 nfw pppd[3793]: Sent 89 bytes, received 80 bytes.
Jan  1 18:16:29 nfw pppd[3793]: Exit.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020101/a65f66d7/attachment.html>

From nmazurier at free.fr  Tue Jan  1 11:53:26 2002
From: nmazurier at free.fr (Nicolas Mazurier)
Date: Tue, 1 Jan 2002 18:53:26 +0100
Subject: [pptp-server] Mandrake 8.1/PopTop 1.0.1  does not assign IP - pptpctrl segfaults? CLUE?
Message-ID: <000801c192ed$37ee19a0$1e01a8c0@koko>

Hi all,
 
Following my message, may be a clue :
 
[root at nfw sbin]# pptpctrl 0 1 /etc/ppp/options.pptpd 1 115200 1
192.168.0.209 1 192.168.0.210 0
getsockname: Socket operation on non-socket
 
Thanks again,
Nicolas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020101/5d58f04c/attachment.html>

From berzerke at swbell.net  Tue Jan  1 12:09:43 2002
From: berzerke at swbell.net (robert)
Date: Tue, 01 Jan 2002 12:09:43 -0600
Subject: [pptp-server] Mandrake 8.1/PopTop 1.0.1  does not assign IP -
 pptpctrl segfaults?
In-Reply-To: <000301c192eb$bea1f720$1e01a8c0@koko>
References: <000301c192eb$bea1f720$1e01a8c0@koko>
Message-ID: <0GP90025VUD9AV@mta5.rcsntx.swbell.net>

Poptop 1.0.1 is really out of date (as is the web site).  You should switch 
to the "development" version.  In any case, a howto is at 
http://home.swbell.net/berzerke that will help you with your problems.

On Tuesday 01 January 2002 11:42 am, Nicolas Mazurier wrote:
> Hi all,
>
> Fist of all excuse my english...
>
> Well i'm trying to setup a Linux Mandrake 8.1 box with PopTop 1.0.1 for
> W2k or WinXP clients.
> It runs quite well... until the IP address request: Got an error on the
> client "the server did not affect an ip address". I do not have any DHCP
> server running.
>
> I've notice that when i run pptpctrl from a shell, with or without
> parameters, it coredumps.
>
> Any help would be really appreciated! Following are the conf files and
> log.
>
> N.Mazurier
> Lille
> France
>
>
> Here is the config:
> The server has 1 ethernet card, 192.168.0.3. (Connected via a Linux
> firewall, but even on the lan does not work)
>
> -> Chap
> ldesc * SECRET *
>
> -> /etc/pptp.conf
> debug
> Localip 192.168.0.100
> remoteip 192.168.0.101
> option /etc/ppp/options.pptp
>
> ->/etc/ppp/options.pptp
> auth
> +chap
> lock
> debug
> proxyarp
> name 192.168.0.2
>
> -> Syslog
>
> Jan  1 18:16:07 nfw pptpd[3790]: MGR: Manager process started
> Jan  1 18:16:22 nfw pptpd[3792]: MGR: Launching /usr/sbin/pptpctrl to
> handle cli
> ent
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: pppd options file =
> /etc/ppp/options.pptp
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Client 172.143.23.78 control
> connection s
> tarted
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> (type: 1)
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Made a START CTRL CONN RPLY
> packet
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: I wrote 156 bytes to the client.
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Sent packet to client
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> (type: 7)
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Set parameters to 1525 maxbps, 64
> window
> size
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Made a OUT CALL RPLY packet
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Starting call (launching pppd,
> opening GR
> E)
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: pty_fd = 5
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: tty_fd = 6
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: I wrote 32 bytes to the client.
> Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Sent packet to client
> Jan  1 18:16:22 nfw pptpd[3793]: CTRL (PPPD Launcher): Connection speed
> = 115200
> Jan  1 18:16:23 nfw pppd[3793]: pppd 2.4.1 started by root, uid 0
> Jan  1 18:16:23 nfw pppd[3793]: using channel 42
> Jan  1 18:16:23 nfw pppd[3793]: Using interface ppp0
> Jan  1 18:16:23 nfw pppd[3793]: Connect: ppp0 <--> /dev/pts/1
> Jan  1 18:16:23 nfw pppd[3793]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
> <auth ch
> ap MD5> <magic 0x61ca7314> <pcomp> <accomp>]
> Jan  1 18:16:23 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> (type: 15)
> Jan  1 18:16:23 nfw pptpd[3792]: CTRL: Got a SET LINK INFO packet with
> standard
> ACCMs
> Jan  1 18:16:23 nfw pptpd[3792]: GRE: Discarding duplicate packet
> Jan  1 18:16:23 nfw pppd[3793]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
> <auth ch
> ap MD5> <magic 0x61ca7314> <pcomp> <accomp>]
> Jan  1 18:16:25 nfw pppd[3793]: rcvd [LCP ConfReq id=0x1 <mru 1400>
> <magic 0x155
> 94551> <pcomp> <accomp>]
> Jan  1 18:16:25 nfw pppd[3793]: sent [LCP ConfAck id=0x1 <mru 1400>
> <magic 0x155
> 94551> <pcomp> <accomp>]
> Jan  1 18:16:25 nfw pppd[3793]: sent [CHAP Challenge id=0x1
> <509992dcc0c25223d32
> 41dd4381e0951ead336fb9cd5>, name = "192.168.0.2"]
> Jan  1 18:16:25 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> (type: 15)
> Jan  1 18:16:25 nfw pptpd[3792]: CTRL: Ignored a SET LINK INFO packet
> with real
> ACCMs!
> Jan  1 18:16:26 nfw pppd[3793]: rcvd [CHAP Response id=0x1
> <085def94495e051cf1c2
> 958cfcb5bcdb>, name = "ldesc"]
> Jan  1 18:16:26 nfw pppd[3793]: Warning - secret file
> /etc/ppp/chap-secrets has
> world and/or group access
> Jan  1 18:16:26 nfw pppd[3793]: sent [CHAP Success id=0x1 "Welcome to
> nfw.rezo."
> ]
> Jan  1 18:16:26 nfw pppd[3793]: sent [IPCP ConfReq id=0x1 <addr
> 192.168.0.3> <co
> mpress VJ 0f 01>]
> Jan  1 18:16:26 nfw pppd[3793]: sent [CCP ConfReq id=0x1 <deflate 15>
> <deflate(o
> ld#) 15> <bsd v1 15>]
> Jan  1 18:16:26 nfw pppd[3793]: CHAP peer authentication succeeded for
> ldesc
> Jan  1 18:16:26 nfw pppd[3793]: rcvd [IPCP ConfReq id=0x2 <addr 0.0.0.0>
> <ms-dns
> 1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
> Jan  1 18:16:26 nfw pppd[3793]: sent [IPCP ConfRej id=0x2 <addr 0.0.0.0>
> <ms-dns
> 1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
> Jan  1 18:16:26 nfw pppd[3793]: rcvd [IPCP ConfRej id=0x1 <compress VJ
> 0f 01>]
> Jan  1 18:16:26 nfw pppd[3793]: sent [IPCP ConfReq id=0x2 <addr
> 192.168.0.3>]
> Jan  1 18:16:26 nfw pppd[3793]: rcvd [LCP ProtRej id=0x3 80 fd 01 01 00
> 0f 1a 04
>  78 00 18 04 78 00 15 03 2f]
> Jan  1 18:16:27 nfw pppd[3793]: rcvd [IPCP ConfReq id=0x4 <addr
> 0.0.0.0>]
> Jan  1 18:16:27 nfw pppd[3793]: sent [IPCP ConfRej id=0x4 <addr
> 0.0.0.0>]
> Jan  1 18:16:27 nfw pppd[3793]: rcvd [IPCP ConfAck id=0x2 <addr
> 192.168.0.3>]
> Jan  1 18:16:28 nfw pppd[3793]: rcvd [IPCP TermReq id=0x5 15 59 45 51 00
> 3c cd 7
> 4 00 00 02 e2]
> Jan  1 18:16:28 nfw pppd[3793]: sent [IPCP TermAck id=0x5]
> Jan  1 18:16:28 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> (type: 15)
> Jan  1 18:16:28 nfw pptpd[3792]: CTRL: Got a SET LINK INFO packet with
> standard
> ACCMs
> Jan  1 18:16:28 nfw pppd[3793]: rcvd [LCP TermReq id=0x6 15 59 45 51 00
> 3c cd 74
>  00 00 00 00]
> Jan  1 18:16:28 nfw pppd[3793]: LCP terminated by peer (
> <mailto:^UYEQ^@> ^UYEQ^@<M-Mt^@^@^@^@)
> Jan  1 18:16:28 nfw pppd[3793]: sent [LCP TermAck id=0x6]
> Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> (type: 12)
> Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Made a CALL DISCONNECT RPLY
> packet
> Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Received CALL CLR request
> (closing call)
> Jan  1 18:16:29 nfw pptpd[3792]: CTRL: I wrote 148 bytes to the client.
> Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Sent packet to client
> Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Error with select(), quitting
> Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Client 172.143.23.78 control
> connection f
> inished
> Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Exiting now
> Jan  1 18:16:29 nfw pptpd[3790]: MGR: Reaped child 3792
> Jan  1 18:16:29 nfw pppd[3793]: Modem hangup
> Jan  1 18:16:29 nfw pppd[3793]: Connection terminated.
> Jan  1 18:16:29 nfw pppd[3793]: Connect time 0.1 minutes.
> Jan  1 18:16:29 nfw pppd[3793]: Sent 89 bytes, received 80 bytes.
> Jan  1 18:16:29 nfw pppd[3793]: Exit.


From berzerke at swbell.net  Tue Jan  1 13:40:26 2002
From: berzerke at swbell.net (robert)
Date: Tue, 01 Jan 2002 13:40:26 -0600
Subject: [pptp-server] Mandrake 8.1/PopTop 1.0.1  does not assign IP -
 pptpctrl segfaults?
In-Reply-To: <001101c192f3$ea327c90$1e01a8c0@koko>
References: <001101c192f3$ea327c90$1e01a8c0@koko>
Message-ID: <0GP9002EAYKFAN@mta5.rcsntx.swbell.net>

Not much info to go on, but from the howto:

6.4 Forwarding

You're going to have lots of trouble unless you enable ip forwarding. The 
command [echo "1" >/proc/sys/net/ipv4/ip_forward] will do it, but will not 
survive a reboot, so be sure and place the command somewhere in your startup 
scripts. Also, if you have a firewall, be sure it allows the forwarded 
packets through.

On Tuesday 01 January 2002 12:41 pm, Nicolas Mazurier wrote:
> Hi Robert,
>
> Well i've upgraded... And it works ;; thanks for the advice, i thought v
> 1.0.1 would be efficient enough! Well i can connect to the pptpd server,
> can ping it, get an adress, but can't ping the machines "behing" the ppp
> server (on the same lan, 192.168.0.0)... What did i do wrong?
>
> Thanks again
> Nicolas
>
>
> -----Message d'origine-----
> De : robert [mailto:berzerke at swbell.net]
> Envoy? : mardi 1 janvier 2002 19:10
> ? : Nicolas Mazurier; pptp-server at lists.schulte.org
> Objet : Re: [pptp-server] Mandrake 8.1/PopTop 1.0.1 does not assign IP -
> pptpctrl segfaults?
>
>
> Poptop 1.0.1 is really out of date (as is the web site).  You should
> switch
> to the "development" version.  In any case, a howto is at
> http://home.swbell.net/berzerke that will help you with your problems.
>
> On Tuesday 01 January 2002 11:42 am, Nicolas Mazurier wrote:
> > Hi all,
> >
> > Fist of all excuse my english...
> >
> > Well i'm trying to setup a Linux Mandrake 8.1 box with PopTop 1.0.1
> > for W2k or WinXP clients. It runs quite well... until the IP address
> > request: Got an error on the client "the server did not affect an ip
> > address". I do not have any DHCP server running.
> >
> > I've notice that when i run pptpctrl from a shell, with or without
> > parameters, it coredumps.
> >
> > Any help would be really appreciated! Following are the conf files and
> >
> > log.
> >
> > N.Mazurier
> > Lille
> > France
> >
> >
> > Here is the config:
> > The server has 1 ethernet card, 192.168.0.3. (Connected via a Linux
> > firewall, but even on the lan does not work)
> >
> > -> Chap
> > ldesc * SECRET *
> >
> > -> /etc/pptp.conf
> > debug
> > Localip 192.168.0.100
> > remoteip 192.168.0.101
> > option /etc/ppp/options.pptp
> >
> > ->/etc/ppp/options.pptp
> > auth
> > +chap
> > lock
> > debug
> > proxyarp
> > name 192.168.0.2
> >
> > -> Syslog
> >
> > Jan  1 18:16:07 nfw pptpd[3790]: MGR: Manager process started Jan  1
> > 18:16:22 nfw pptpd[3792]: MGR: Launching /usr/sbin/pptpctrl to handle
> > cli ent
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: pppd options file =
> > /etc/ppp/options.pptp
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Client 172.143.23.78 control
> > connection s
> > tarted
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> > (type: 1)
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Made a START CTRL CONN RPLY
> > packet
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: I wrote 156 bytes to the
>
> client.
>
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Sent packet to client
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> > (type: 7)
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Set parameters to 1525 maxbps,
>
> 64
>
> > window
> > size
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Made a OUT CALL RPLY packet
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Starting call (launching pppd,
> > opening GR
> > E)
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: pty_fd = 5
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: tty_fd = 6
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: I wrote 32 bytes to the client.
> > Jan  1 18:16:22 nfw pptpd[3792]: CTRL: Sent packet to client
> > Jan  1 18:16:22 nfw pptpd[3793]: CTRL (PPPD Launcher): Connection
>
> speed
>
> > = 115200
> > Jan  1 18:16:23 nfw pppd[3793]: pppd 2.4.1 started by root, uid 0
> > Jan  1 18:16:23 nfw pppd[3793]: using channel 42
> > Jan  1 18:16:23 nfw pppd[3793]: Using interface ppp0
> > Jan  1 18:16:23 nfw pppd[3793]: Connect: ppp0 <--> /dev/pts/1
> > Jan  1 18:16:23 nfw pppd[3793]: sent [LCP ConfReq id=0x1 <asyncmap
>
> 0x0>
>
> > <auth ch
> > ap MD5> <magic 0x61ca7314> <pcomp> <accomp>]
> > Jan  1 18:16:23 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> > (type: 15)
> > Jan  1 18:16:23 nfw pptpd[3792]: CTRL: Got a SET LINK INFO packet with
> > standard
> > ACCMs
> > Jan  1 18:16:23 nfw pptpd[3792]: GRE: Discarding duplicate packet
> > Jan  1 18:16:23 nfw pppd[3793]: rcvd [LCP ConfAck id=0x1 <asyncmap
>
> 0x0>
>
> > <auth ch
> > ap MD5> <magic 0x61ca7314> <pcomp> <accomp>]
> > Jan  1 18:16:25 nfw pppd[3793]: rcvd [LCP ConfReq id=0x1 <mru 1400>
> > <magic 0x155
> > 94551> <pcomp> <accomp>]
> > Jan  1 18:16:25 nfw pppd[3793]: sent [LCP ConfAck id=0x1 <mru 1400>
> > <magic 0x155
> > 94551> <pcomp> <accomp>]
> > Jan  1 18:16:25 nfw pppd[3793]: sent [CHAP Challenge id=0x1
> > <509992dcc0c25223d32
> > 41dd4381e0951ead336fb9cd5>, name = "192.168.0.2"]
> > Jan  1 18:16:25 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> > (type: 15)
> > Jan  1 18:16:25 nfw pptpd[3792]: CTRL: Ignored a SET LINK INFO packet
> > with real ACCMs!
> > Jan  1 18:16:26 nfw pppd[3793]: rcvd [CHAP Response id=0x1
> > <085def94495e051cf1c2
> > 958cfcb5bcdb>, name = "ldesc"]
> > Jan  1 18:16:26 nfw pppd[3793]: Warning - secret file
> > /etc/ppp/chap-secrets has world and/or group access
> > Jan  1 18:16:26 nfw pppd[3793]: sent [CHAP Success id=0x1 "Welcome to
> > nfw.rezo."
> > ]
> > Jan  1 18:16:26 nfw pppd[3793]: sent [IPCP ConfReq id=0x1 <addr
> > 192.168.0.3> <co
> > mpress VJ 0f 01>]
> > Jan  1 18:16:26 nfw pppd[3793]: sent [CCP ConfReq id=0x1 <deflate 15>
> > <deflate(o
> > ld#) 15> <bsd v1 15>]
> > Jan  1 18:16:26 nfw pppd[3793]: CHAP peer authentication succeeded for
> > ldesc
> > Jan  1 18:16:26 nfw pppd[3793]: rcvd [IPCP ConfReq id=0x2 <addr
>
> 0.0.0.0>
>
> > <ms-dns
> > 1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
> > Jan  1 18:16:26 nfw pppd[3793]: sent [IPCP ConfRej id=0x2 <addr
>
> 0.0.0.0>
>
> > <ms-dns
> > 1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
> > Jan  1 18:16:26 nfw pppd[3793]: rcvd [IPCP ConfRej id=0x1 <compress VJ
> > 0f 01>]
> > Jan  1 18:16:26 nfw pppd[3793]: sent [IPCP ConfReq id=0x2 <addr
> > 192.168.0.3>]
> > Jan  1 18:16:26 nfw pppd[3793]: rcvd [LCP ProtRej id=0x3 80 fd 01 01
>
> 00
>
> > 0f 1a 04
> >  78 00 18 04 78 00 15 03 2f]
> > Jan  1 18:16:27 nfw pppd[3793]: rcvd [IPCP ConfReq id=0x4 <addr
> > 0.0.0.0>]
> > Jan  1 18:16:27 nfw pppd[3793]: sent [IPCP ConfRej id=0x4 <addr
> > 0.0.0.0>]
> > Jan  1 18:16:27 nfw pppd[3793]: rcvd [IPCP ConfAck id=0x2 <addr
> > 192.168.0.3>]
> > Jan  1 18:16:28 nfw pppd[3793]: rcvd [IPCP TermReq id=0x5 15 59 45 51
>
> 00
>
> > 3c cd 7
> > 4 00 00 02 e2]
> > Jan  1 18:16:28 nfw pppd[3793]: sent [IPCP TermAck id=0x5]
> > Jan  1 18:16:28 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> > (type: 15)
> > Jan  1 18:16:28 nfw pptpd[3792]: CTRL: Got a SET LINK INFO packet with
> > standard
> > ACCMs
> > Jan  1 18:16:28 nfw pppd[3793]: rcvd [LCP TermReq id=0x6 15 59 45 51
>
> 00
>
> > 3c cd 74
> >  00 00 00 00]
> > Jan  1 18:16:28 nfw pppd[3793]: LCP terminated by peer (
> > <mailto:^UYEQ^@> ^UYEQ^@<M-Mt^@^@^@^@)
> > Jan  1 18:16:28 nfw pppd[3793]: sent [LCP TermAck id=0x6]
> > Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Received PPTP Control Message
> > (type: 12)
> > Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Made a CALL DISCONNECT RPLY
> > packet
> > Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Received CALL CLR request
> > (closing call)
> > Jan  1 18:16:29 nfw pptpd[3792]: CTRL: I wrote 148 bytes to the
>
> client.
>
> > Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Sent packet to client
> > Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Error with select(), quitting
> > Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Client 172.143.23.78 control
> > connection f
> > inished
> > Jan  1 18:16:29 nfw pptpd[3792]: CTRL: Exiting now
> > Jan  1 18:16:29 nfw pptpd[3790]: MGR: Reaped child 3792
> > Jan  1 18:16:29 nfw pppd[3793]: Modem hangup
> > Jan  1 18:16:29 nfw pppd[3793]: Connection terminated.
> > Jan  1 18:16:29 nfw pppd[3793]: Connect time 0.1 minutes.
> > Jan  1 18:16:29 nfw pppd[3793]: Sent 89 bytes, received 80 bytes.
> > Jan  1 18:16:29 nfw pppd[3793]: Exit.


From jrmann1999 at yahoo.com  Tue Jan  1 21:03:28 2002
From: jrmann1999 at yahoo.com (Jeremy Mann)
Date: Tue, 1 Jan 2002 19:03:28 -0800 (PST)
Subject: [pptp-server] Routing
Message-ID: <20020102030328.81352.qmail@web14108.mail.yahoo.com>

I am having serious trouble routing this, you guys
have been very helpful thusfar..so I decided I'd give
it a whirl here.

Two subnets, 10.10.0.0/255.255.255.0 and
192.100.0.0/255.255.255.0 need to be connected.

I have the 10. subnet connected to the 192. subnet(via
VPN, tested and working for static single IP Routes).
but have no clue what IP's to pass pptp(linux client)
and what route to add.  The 192.->10. connection is
rather easy since it's windows routed.  



=====
Jeremy Mann
"To learn cobol is an injustice, therefore it should be a crime to teach it."

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com


From lists at earthling.2y.net  Tue Jan  1 21:26:10 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Tue, 1 Jan 2002 22:26:10 -0500 (EST)
Subject: [pptp-server] Routing
In-Reply-To: <20020102030328.81352.qmail@web14108.mail.yahoo.com>
Message-ID: <Pine.LNX.4.33.0201012225100.7274-100000@earthling.2y.net>

Whats running on the windows box?  RRAS/Stealhead?

You may want to checkout http://earthling.2y.net/LinkingNets.html
-Justin Kreger (LW)


On Tue, 1 Jan 2002,
Jeremy Mann wrote:

> I am having serious trouble routing this, you guys
> have been very helpful thusfar..so I decided I'd give
> it a whirl here.
>
> Two subnets, 10.10.0.0/255.255.255.0 and
> 192.100.0.0/255.255.255.0 need to be connected.
>
> I have the 10. subnet connected to the 192. subnet(via
> VPN, tested and working for static single IP Routes).
> but have no clue what IP's to pass pptp(linux client)
> and what route to add.  The 192.->10. connection is
> rather easy since it's windows routed.
>
>
>
> =====
> Jeremy Mann
> "To learn cobol is an injustice, therefore it should be a crime to teach it."
>
> __________________________________________________
> Do You Yahoo!?
> Send your FREE holiday greetings online!
> http://greetings.yahoo.com
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From jrmann1999 at yahoo.com  Tue Jan  1 21:12:45 2002
From: jrmann1999 at yahoo.com (Jeremy Mann)
Date: Tue, 1 Jan 2002 19:12:45 -0800 (PST)
Subject: [pptp-server] Routing
In-Reply-To: <Pine.LNX.4.33.0201012225100.7274-100000@earthling.2y.net>
Message-ID: <20020102031245.17869.qmail@web14103.mail.yahoo.com>

--- lists at earthling.2y.net wrote:
> Whats running on the windows box?  RRAS/Stealhead?

It's a netopia VPN router that I'm getting into, I
forgot to mention that(and therefore that windows
doesn't do the routing, the VPN router connects and
sets everything up automagically).


=====
Jeremy Mann
"To learn cobol is an injustice, therefore it should be a crime to teach it."

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com


From lists at earthling.2y.net  Tue Jan  1 21:51:44 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Tue, 1 Jan 2002 22:51:44 -0500 (EST)
Subject: [pptp-server] Routing
In-Reply-To: <20020102031245.17869.qmail@web14103.mail.yahoo.com>
Message-ID: <Pine.LNX.4.33.0201012250200.7274-100000@earthling.2y.net>

Oh, ok.  Did you check the page, I just added an example.

Does the peer ip on the ppp connection ever change, or does it remain the
same with the netopia vpn router?

On Tue, 1 Jan 2002, Jeremy Mann wrote:

>
> --- lists at earthling.2y.net wrote:
> > Whats running on the windows box?  RRAS/Stealhead?
>
> It's a netopia VPN router that I'm getting into, I
> forgot to mention that(and therefore that windows
> doesn't do the routing, the VPN router connects and
> sets everything up automagically).
>
>
> =====
> Jeremy Mann
> "To learn cobol is an injustice, therefore it should be a crime to teach it."
>
> __________________________________________________
> Do You Yahoo!?
> Send your FREE holiday greetings online!
> http://greetings.yahoo.com
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From jditto at woh.rr.com  Tue Jan  1 21:57:13 2002
From: jditto at woh.rr.com (joe ditto)
Date: Tue, 1 Jan 2002 22:57:13 -0500
Subject: [pptp-server] speed
Message-ID: <002b01c19341$8fcd2c70$0702a8c0@JOE>

currently i have one network card installed on my machine. if i add a second and have the vpn connection go to the eth1 adapter and set the mtu for the "adapter" to say 1400 or less and the win9x client accessing on the eth1 adapter if my performance would increase on samba?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020101/b4c6efb9/attachment.html>

From lists at earthling.2y.net  Tue Jan  1 22:21:53 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Tue, 1 Jan 2002 23:21:53 -0500 (EST)
Subject: [pptp-server] speed
In-Reply-To: <002b01c19341$8fcd2c70$0702a8c0@JOE>
Message-ID: <Pine.LNX.4.33.0201012320120.7274-100000@earthling.2y.net>

SMB is not the best file protocol in the world.  MTU wont do you any real
good, but i did notice that when i had the MTU/MRU set to the low 700s on
the ppp interfaces, smb performance was better.  SMB is even slow on ipsec
links (40-60k/sec on tunnel between two hosts on a t1 lines).

On Tue, 1 Jan 2002, joe ditto wrote:

> currently i have one network card installed on my machine. if i add a second and have the vpn connection go to the eth1 adapter and set the mtu for the "adapter" to say 1400 or less and the win9x client accessing on the eth1 adapter if my performance would increase on samba?
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From tonypang at dmx.com.hk  Tue Jan  1 22:54:29 2002
From: tonypang at dmx.com.hk (Tony Pang)
Date: Wed, 2 Jan 2002 12:54:29 +0800
Subject: [pptp-server] What does localip and remoteip mean
Message-ID: <007d01c19349$8fb8c070$1ac8a8c0@tony2k>

Hi,

I have read through the documentation but I still quite confuse about localip and remoteip. I have the following scenario:

                                    ---------------------
   Internet                     |                     |  Internal
-----------------------------------|    PPTP         |---------------------------------
                                   |---------------------|

        203.198.189.111                           192.168.0.111

I want to assign the addresses 192.168.0.112-120 to the clients. Then what should be the localip and remoteip in this case? 

Best Regards,
Tony Pang
Network System Engineer
DMX Technologies (HK) Ltd.
tonypang at dmx.com.hk
+852 2520 2660
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020102/836ee4cf/attachment.html>

From mgix at nothingreal.com  Wed Jan  2 04:11:45 2002
From: mgix at nothingreal.com (Emmanuel Mogenet)
Date: Wed, 2 Jan 2002 02:11:45 -0800
Subject: [pptp-server] pptp proxy
Message-ID: <000501c19375$e2c67c40$01a800c0@aloysius>

Get it from here:

http://www.mgix.com/pptpproxy



From Steve at SteveCowles.com  Wed Jan  2 05:58:53 2002
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Wed, 2 Jan 2002 05:58:53 -0600 
Subject: [pptp-server] What does localip and remoteip mean
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9BE@defiant.infohiiway.com>

> -----Original Message-----
> From: Tony Pang [mailto:tonypang at dmx.com.hk]
> Sent: Tuesday, January 01, 2002 10:54 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] What does localip and remoteip mean
>
>
> Hi,
>
> I have read through the documentation but I still quite confuse
> about localip and remoteip. I have the following scenario:
>
> 
> Internet  |-----------------|  Internal
> ----------|      PPTP       |--------------
>           |-----------------|
> 203.198.189.111               192.168.0.111
>
> I want to assign the addresses 192.168.0.112-120 to the clients.
> Then what should be the localip and remoteip in this case? 

The following should work:

localip  = 192.168.0.111
remoteip = 192.168.0.112-120


From cfast at alliedbuilding.com  Wed Jan  2 08:17:24 2002
From: cfast at alliedbuilding.com (Clint Fast)
Date: Wed, 02 Jan 2002 09:17:24 -0500
Subject: [pptp-server] Routing
References: <Pine.LNX.4.33.0201012250200.7274-100000@earthling.2y.net>
Message-ID: <3C331674.4C7B0E9D@alliedbuilding.com>

I use Netopia routers for pptp connections as well.

I ended up having to add a router to the netopia) that would state that
the remote network was available through the Remote PPTP tunnel.

In my case, is was like this:

 Netopia
10.16.x.x/24 <--PPTP--> 10.24.0.x/16 <-- router --> 192.168.0.0/16
network.

I added the route:

192.168.0.0/16 using gateway of 10.24.0.5 (the inside of the pptp
tunnel, you specficy this IP in the PPTP configuration in the Netopia
PPTP config).

Works great for me.

--Clint.

lists at earthling.2y.net wrote:
> 
> Oh, ok.  Did you check the page, I just added an example.
> 
> Does the peer ip on the ppp connection ever change, or does it remain the
> same with the netopia vpn router?
> 
> On Tue, 1 Jan 2002, Jeremy Mann wrote:
> 
> >
> > --- lists at earthling.2y.net wrote:
> > > Whats running on the windows box?  RRAS/Stealhead?
> >
> > It's a netopia VPN router that I'm getting into, I
> > forgot to mention that(and therefore that windows
> > doesn't do the routing, the VPN router connects and
> > sets everything up automagically).
> >
> >
> > =====
> > Jeremy Mann
> > "To learn cobol is an injustice, therefore it should be a crime to teach it."
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Send your FREE holiday greetings online!
> > http://greetings.yahoo.com
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> >
> 
> --
> Justin Kreger, MCP MCSE CCNA
> jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From michael at weisberg.org  Wed Jan  2 08:15:56 2002
From: michael at weisberg.org (Michael D. Weisberg)
Date: Wed, 02 Jan 2002 09:15:56 -0500
Subject: [pptp-server] Stripping domain name
Message-ID: <5.1.0.14.0.20020102091146.00a8bc00@popd.ix.netcom.com>

Hello everybody!

I've found the Samba patch, but I was wondering, is there a patch around to 
just strip the domain?  I'm using a Slackware distribution of Linux that 
does not use PAM so the Samba authentication patch will not compile (or am 
I doing something wrong?).

Thanks in advance!



Do not attempt to teach a pig to sing,
It wastes your time, and it annoys the pig.



From RLDITTO at BRIGHT.NET  Wed Jan  2 08:20:21 2002
From: RLDITTO at BRIGHT.NET (JOE)
Date: Wed, 2 Jan 2002 09:20:21 -0500
Subject: [pptp-server] speed
Message-ID: <005101c19398$9d4bff00$0b00a8c0@backdog>

there's got to be a way around this? i mean doesn't pptp encapsulate the smb
packets and then send them over the line? why does smb cause such problems?
is it the way that smb transfers information back and forth like full duplex
or something?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020102/1f59358a/attachment.html>

From michael at weisberg.org  Wed Jan  2 08:23:14 2002
From: michael at weisberg.org (Michael D. Weisberg)
Date: Wed, 02 Jan 2002 09:23:14 -0500
Subject: [pptp-server] Stripping domain name
In-Reply-To: <D7C702733EC9D3119BE30050DA6B3ED4678FBE@mailvpn.199.9.192.i
 n-addr.arpa>
Message-ID: <5.1.0.14.0.20020102092238.009ef010@popd.ix.netcom.com>

Thank you!

At 09:18 AM 1/2/02 -0500, Jason Staudenmayer wrote:
>There is a pppd patch for stripping the domian
>check here http://mirror.binarix.com/ppp-mppe/
>
>-----Original Message-----
>From: Michael D. Weisberg [mailto:michael at weisberg.org]
>Sent: Wednesday, January 02, 2002 9:16 AM
>To: pptp-server at lists.schulte.org
>Subject: [pptp-server] Stripping domain name
>
>
>Hello everybody!
>
>I've found the Samba patch, but I was wondering, is there a patch around to
>just strip the domain?  I'm using a Slackware distribution of Linux that
>does not use PAM so the Samba authentication patch will not compile (or am
>I doing something wrong?).
>
>Thanks in advance!
>
>
>
>Do not attempt to teach a pig to sing,
>It wastes your time, and it annoys the pig.
>
>_______________________________________________
>pptp-server maillist  -  pptp-server at lists.schulte.org
>http://lists.schulte.org/mailman/listinfo/pptp-server
>--- To unsubscribe, go to the url just above this line. --


Do not attempt to teach a pig to sing,
It wastes your time, and it annoys the pig.



From henscha at uni-muenster.de  Wed Jan  2 08:32:45 2002
From: henscha at uni-muenster.de (Andreas Henschel)
Date: Wed, 2 Jan 2002 15:32:45 +0100
Subject: [pptp-server] pptpd 1.1.2 no Inter-client connection?
Message-ID: <001801c1939a$5c0b0fc0$6900a8c0@Mimo>

Hi everyone...

i'm new to this, so maybe this oproblem has been solved alerady:
I set up pptpd 1.1.2 on a Suse 7.1 Linux machine according to the HOWTO. I'm
able to connect multiple clients (in the local LAN) to the VPN-server, each
client can ping the server but none of the clients can ping another client.
What's wrong?

Thanks

Andreas Henschel



From a.waller at webpoint.at  Wed Jan  2 09:14:07 2002
From: a.waller at webpoint.at (Alexander Waller)
Date: Wed, 2 Jan 2002 16:14:07 +0100
Subject: [pptp-server] Security issue
Message-ID: <002801c193a0$1fca8120$0501a8c0@goetzis.webpoint.at>

Hi !
How can I determine the IP a connection is comming from. I want to use
it in auth-up to let the user in or not.
Any hints ?

Alex.


WebPoint Internet Services
Alexander Waller

Ihr Partner f?r Ihren Web-Auftritt !

A-6840 G?tzis
Tel 0043 5523 / 582-44
Fax 0043 5523 / 582-55

Mobil 0043 676 4121128

http://www.webpoint.at/      



____________________________________________________________________________
Scanned and protected by Florian Isolate 1.0.10 FLO on host city.webpoint.at



From lists at earthling.2y.net  Wed Jan  2 09:44:41 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Wed, 2 Jan 2002 10:44:41 -0500 (EST)
Subject: [pptp-server] speed
In-Reply-To: <003401c19398$52af0b40$0b00a8c0@backdog>
Message-ID: <Pine.LNX.4.33.0201021041340.7274-100000@earthling.2y.net>

Yeah, it does, but smb is just a horrible protocol to move files, its
really that simple.  Its just downright slow on anything but a lan.  FTP &
NFS are much more efficent.  Thats how we move the bulk of our files
between our home/office file servers.

We only use smb when its just a few small files.



 On Wed, 2 Jan 2002, JOE wrote:

> there's got to be a way around this? i mean doesn't pptp encapsulate the smb
> packets and then send them over the line? why does smb cause such problems?
> is it the way that smb transfers information back and forth like full duplex
> or something?
> ----- Original Message -----
> From: <lists at earthling.2y.net>
> To: "joe ditto" <jditto at woh.rr.com>
> Cc: <pptp-server at lists.schulte.org>
> Sent: Tuesday, January 01, 2002 11:21 PM
> Subject: Re: [pptp-server] speed
>
>
> > SMB is not the best file protocol in the world.  MTU wont do you any real
> > good, but i did notice that when i had the MTU/MRU set to the low 700s on
> > the ppp interfaces, smb performance was better.  SMB is even slow on ipsec
> > links (40-60k/sec on tunnel between two hosts on a t1 lines).
> >
> > On Tue, 1 Jan 2002, joe ditto wrote:
> >
> > > currently i have one network card installed on my machine. if i add a
> second and have the vpn connection go to the eth1 adapter and set the mtu
> for the "adapter" to say 1400 or less and the win9x client accessing on the
> eth1 adapter if my performance would increase on samba?
> > >
> >
> > --
> > Justin Kreger, MCP MCSE CCNA
> > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net
> >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
>
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From rcd at amherst.com  Wed Jan  2 09:34:07 2002
From: rcd at amherst.com (Robert Dege)
Date: 02 Jan 2002 10:34:07 -0500
Subject: [pptp-server] Security issue
In-Reply-To: <002801c193a0$1fca8120$0501a8c0@goetzis.webpoint.at>
References: <002801c193a0$1fca8120$0501a8c0@goetzis.webpoint.at>
Message-ID: <1009985648.16812.1.camel@homer.amherst.com>

Here's how I determine the Outside IP:

In the file /etc/ppp/ip-up:

# Get session pid
PID=`cat /var/run/$1.pid`
PPID=`ps --noheaders -p $PID -o \%P`

# Get Real World IP
OUTSIDE=`ps --noheaders -p $PPID -o cmd | cut -d\  -f2`

-Rob

> Hi !
> How can I determine the IP a connection is comming from. I want to use
> it in auth-up to let the user in or not.
> Any hints ?
> 
> Alex.
> 
> 
> WebPoint Internet Services
> Alexander Waller
> 
> Ihr Partner f?r Ihren Web-Auftritt !
> 
> A-6840 G?tzis
> Tel 0043 5523 / 582-44
> Fax 0043 5523 / 582-55
> 
> Mobil 0043 676 4121128
> 
> http://www.webpoint.at/      
> 
> 
> 
> ____________________________________________________________________________
> Scanned and protected by Florian Isolate 1.0.10 FLO on host city.webpoint.at
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 
-- 

-Rob



From garthpl at yahoo.com  Wed Jan  2 09:43:51 2002
From: garthpl at yahoo.com (Garth Lezama)
Date: Wed, 2 Jan 2002 07:43:51 -0800 (PST)
Subject: [pptp-server] Kernel Patch problem
Message-ID: <20020102154351.17682.qmail@web13004.mail.yahoo.com>

I am trying to patch a 2.4.2 kernel. I have tried
applying the patch to the source tree from kernel.org
and off the redhat cd. 
I keep getting the following error.
# zcat ../linux-2.4.4-openssl-0.9.6a-mppe.patch.gz |
patch 
 -p1
patching file README.MPPE
patching file include/linux/ppp-comp.h
can't find file to patch at input line 112
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -Naur ppp-2.4.0.orig/include/net/ppp-comp.h
ppp-2.4.0/include/net/ppp-comp.h
|--- ppp-2.4.0.orig/include/net/ppp-comp.h	Fri Feb  2
17:28:30 2001
|+++ ppp-2.4.0/include/net/ppp-comp.h	Fri Feb  2
17:34:38 2001
--------------------------

Could someone tell me what I am doinf wrong.
Appreciate the help.

Garth

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com


From sturm at kid.stu.cn.ua  Wed Jan  2 14:11:09 2002
From: sturm at kid.stu.cn.ua (Sergey L.Tereschenko)
Date: Wed, 2 Jan 2002 22:11:09 +0200 (EET)
Subject: [pptp-server] Kernel Patch problem
In-Reply-To: <20020102154351.17682.qmail@web13004.mail.yahoo.com>
Message-ID: <Pine.LNX.4.33.0201022210510.9569-100000@kid.stu.cn.ua>

Unsubscribe me pls




From berzerke at swbell.net  Wed Jan  2 16:22:05 2002
From: berzerke at swbell.net (robert)
Date: Wed, 02 Jan 2002 16:22:05 -0600
Subject: [pptp-server] pptpd 1.1.2 no Inter-client connection?
In-Reply-To: <001801c1939a$5c0b0fc0$6900a8c0@Mimo>
References: <001801c1939a$5c0b0fc0$6900a8c0@Mimo>
Message-ID: <0GPC00D1J0PP6Z@mta4.rcsntx.swbell.net>

Sounds like a forwarding and/or firewall issue.  Check those.

On Wednesday 02 January 2002 08:32 am, Andreas Henschel wrote:
> Hi everyone...
>
> i'm new to this, so maybe this oproblem has been solved alerady:
> I set up pptpd 1.1.2 on a Suse 7.1 Linux machine according to the HOWTO.
> I'm able to connect multiple clients (in the local LAN) to the VPN-server,
> each client can ping the server but none of the clients can ping another
> client. What's wrong?
>
> Thanks
>
> Andreas Henschel


From berzerke at swbell.net  Wed Jan  2 16:33:05 2002
From: berzerke at swbell.net (robert)
Date: Wed, 02 Jan 2002 16:33:05 -0600
Subject: [pptp-server] Kernel Patch problem
In-Reply-To: <20020102154351.17682.qmail@web13004.mail.yahoo.com>
References: <20020102154351.17682.qmail@web13004.mail.yahoo.com>
Message-ID: <0GPC00BUA181JM@mta4.rcsntx.swbell.net>

It looks like you got the patch names mixed up somehow.  The files you are 
trying to patch with the linux-2.4.4-openssl- patch are the files that should 
be used in the ppp patch.  From what you posted, this looks like it is 
actually the ppp-2.4.1-openssl-0.9.6-mppe.patch.gz or 
ppp-2.4.0-openssl-0.9.6-mppe.patch.gz patch.

On Wednesday 02 January 2002 09:43 am, Garth Lezama wrote:
> I am trying to patch a 2.4.2 kernel. I have tried
> applying the patch to the source tree from kernel.org
> and off the redhat cd.
> I keep getting the following error.
> # zcat ../linux-2.4.4-openssl-0.9.6a-mppe.patch.gz |
> patch
>  -p1
> patching file README.MPPE
> patching file include/linux/ppp-comp.h
> can't find file to patch at input line 112
> Perhaps you used the wrong -p or --strip option?
> The text leading up to this was:
> --------------------------
>
> |diff -Naur ppp-2.4.0.orig/include/net/ppp-comp.h
>
> ppp-2.4.0/include/net/ppp-comp.h
>
> |--- ppp-2.4.0.orig/include/net/ppp-comp.h	Fri Feb  2
>
> 17:28:30 2001
>
> |+++ ppp-2.4.0/include/net/ppp-comp.h	Fri Feb  2
>
> 17:34:38 2001
> --------------------------
>
> Could someone tell me what I am doinf wrong.
> Appreciate the help.
>
> Garth
>
> __________________________________________________
> Do You Yahoo!?
> Send your FREE holiday greetings online!
> http://greetings.yahoo.com
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From tonypang at dmx.com.hk  Wed Jan  2 21:04:07 2002
From: tonypang at dmx.com.hk (Tony Pang)
Date: Thu, 3 Jan 2002 11:04:07 +0800
Subject: [pptp-server] could not determine local IP address
Message-ID: <007e01c19403$4f2b8730$1ac8a8c0@tony2k>

Hi,

I am new to pptpd. I find the system can authenicate but the connection is lost after that. I got the log of could not determine local IP address but I have set it in pptpd.conf. I've got the following log: Can anyone tell me what does it mean?


Apr  2 10:56:41 pptp pppd[1613]: rcvd [IPCP ConfAck id=0x1 <addr 0.0.0.0> <compr
ess VJ 0f 01>]
Apr  2 10:56:41 pptp pppd[1613]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(
old#) 15> <bsd v1 15>]
Apr  2 10:56:41 pptp pppd[1613]: sent [CCP ConfReq id=0x2]
Apr  2 10:56:41 pptp pppd[1613]: rcvd [IPCP ConfReq id=0x2 <compress VJ 0f 01> <
addr 192.168.150.31>]
Apr  2 10:56:41 pptp pppd[1613]: sent [IPCP ConfAck id=0x2 <compress VJ 0f 01> <
addr 192.168.150.31>]
Apr  2 10:56:41 pptp pppd[1613]: Could not determine local IP address
Apr  2 10:56:41 pptp pppd[1613]: sent [IPCP TermReq id=0x2 "Could not determine
local IP address"]
Apr  2 10:56:41 pptp pppd[1613]: rcvd [CCP ConfReq id=0x2]
Apr  2 10:56:41 pptp pppd[1613]: sent [CCP ConfAck id=0x2]
Apr  2 10:56:41 pptp pppd[1613]: rcvd [CCP ConfAck id=0x2]
Apr  2 10:56:41 pptp pppd[1613]: rcvd [IPCP TermAck id=0x2]
Apr  2 10:56:41 pptp pppd[1613]: sent [LCP TermReq id=0x2 "No network protocols
running"]
Apr  2 10:56:41 pptp pppd[1613]: rcvd [CCP TermReq id=0x3]
Apr  2 10:56:41 pptp pppd[1613]: rcvd [LCP TermAck id=0x2]
Apr  2 10:56:41 pptp pppd[1613]: Connection terminated.
Apr  2 10:56:41 pptp pppd[1613]: Connect time 0.0 minutes.
Apr  2 10:56:41 pptp pppd[1613]: Sent 138 bytes, received 114 bytes.
Apr  2 10:56:41 pptp pppd[1613]: Exit.


Best Regards,
Tony Pang
Network System Engineer
DMX Technologies (HK) Ltd.
tonypang at dmx.com.hk
+852 2520 2660
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020103/db77e9e0/attachment.html>

From muralivemuri at multitech.co.in  Thu Jan  3 04:13:05 2002
From: muralivemuri at multitech.co.in (Murali K. Vemuri)
Date: Thu, 03 Jan 2002 15:43:05 +0530
Subject: [pptp-server] MPPE failing
Message-ID: <3C342EB1.AA1EF718@multitech.co.in>

hi everybody,
i have a problem.
MPPE is failing on my setup.
win98 is not able to connect.
the /etc/modules.conf does have an entry for the same.
and insmod says it is able to use ppp_mppe.o
but, if i enable the data encryption on the win98 client, i get the
message "check your encryption settings"
my win98 client knows only mppe-40 as i have not applied the dun14.exe.
any ideas..............?
any check points.....?
--
regards & thanks for your time,

Murali Krishna Vemuri




From berzerke at swbell.net  Thu Jan  3 09:06:02 2002
From: berzerke at swbell.net (robert)
Date: Thu, 03 Jan 2002 09:06:02 -0600
Subject: [pptp-server] MPPE failing
In-Reply-To: <3C342EB1.AA1EF718@multitech.co.in>
References: <3C342EB1.AA1EF718@multitech.co.in>
Message-ID: <0GPD00E8CB6V35@mta4.rcsntx.swbell.net>

Does your ppp options file allow 40 bit or does it only allow 128?

On Thursday 03 January 2002 04:13 am, Murali K. Vemuri wrote:
> hi everybody,
> i have a problem.
> MPPE is failing on my setup.
> win98 is not able to connect.
> the /etc/modules.conf does have an entry for the same.
> and insmod says it is able to use ppp_mppe.o
> but, if i enable the data encryption on the win98 client, i get the
> message "check your encryption settings"
> my win98 client knows only mppe-40 as i have not applied the dun14.exe.
> any ideas..............?
> any check points.....?


From Timothy.Findlay at austrimtextiles.com.au  Thu Jan  3 16:46:37 2002
From: Timothy.Findlay at austrimtextiles.com.au (Timothy Findlay)
Date: Fri, 4 Jan 2002 09:46:37 +1100 
Subject: [pptp-server] strange problem...
Message-ID: <C5F838DB189FD411974E0002555815BE93C807@atgemail.melbaind.com.au>

Hi,

I know this proberly isn't the right place for this question, but not quite
sure where to go with it.

I've installed PPTPD on a hacked up RH 7.1 box and the clients connect to it
fine (works like a charm!). However with 2-3 laptops(running Win98 SE),
after installing the Microsoft VPN Adapter (which works cool) regular
internet connections bugger up. When we dial Joe Bloggs service provider
(which used to work fine) it connects, authenticates, looks fine, but when
we fire up a web browser it only transfers a tiny bit of information and
then stops. 

It's almost like it disables the connection, no pings or traceroutes work
after been connected to the provider for more than say 10-15 seconds.

I'm wondering if adding the VPN support (in the Add/Remove Windows bits) is
overwriting some file somewhere in windows for the TCP/IP stack or
something.... but I just dont know, most systems work fine after adding the
VPN stuff, but only these 2-3 Acer laptops seem to bugger up.

Any thoughts ?? Anything I should be looking at ??

Thanks,
Tim.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020104/31877543/attachment.html>

From muralivemuri at multitech.co.in  Thu Jan  3 22:11:08 2002
From: muralivemuri at multitech.co.in (Murali K. Vemuri)
Date: Fri, 04 Jan 2002 09:41:08 +0530
Subject: [pptp-server] MPPE failing
References: <3C342EB1.AA1EF718@multitech.co.in> <0GPD00E8CB6V35@mta4.rcsntx.swbell.net>
Message-ID: <3C352B5B.BA129967@multitech.co.in>

NO.............
it was 'insmod' which was failing.
it was not inserting the ppp_mppe .
i fixed it.
thanks ..........
regds
murali krishna vemuri
robert wrote:

> Does your ppp options file allow 40 bit or does it only allow 128?
>
> On Thursday 03 January 2002 04:13 am, Murali K. Vemuri wrote:
> > hi everybody,
> > i have a problem.
> > MPPE is failing on my setup.
> > win98 is not able to connect.
> > the /etc/modules.conf does have an entry for the same.
> > and insmod says it is able to use ppp_mppe.o
> > but, if i enable the data encryption on the win98 client, i get the
> > message "check your encryption settings"
> > my win98 client knows only mppe-40 as i have not applied the dun14.exe.
> > any ideas..............?
> > any check points.....?
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

--
regards & thanks for your time,

Murali Krishna Vemuri


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020104/e6c98ae0/attachment.html>

From mikael.lonnroth at advancevpn.com  Fri Jan  4 11:11:40 2002
From: mikael.lonnroth at advancevpn.com (=?iso-8859-1?Q?Mikael_L=F6nnroth?=)
Date: Fri, 4 Jan 2002 09:11:40 -0800
Subject: [pptp-server] strange problem...
References: <C5F838DB189FD411974E0002555815BE93C807@atgemail.melbaind.com.au>
Message-ID: <008201c19542$e2c891a0$121b7d0a@advancehome>

strange problem...Hi there, 

This is also just guessing, but I have notice that something like this can happen when you use several PPTP clients behind a NAT router. 

Briefly, when you connect your first client everything works nicely. When the second client connects, the actual connection can be established ok but after this no data seems to go through (at least for the second client) . 

To the VPN server, the first client has sent a number of GRE packets, and now the second client starts sending packets using the same source IP address (because it is natted), but with new packet order numbers. The VPN server can't distinguish between the connections... and things fail... 

Well, like I said, this is just guessing. 

Regards,
Mikael L?nnroth
www.advancevpn.com

  ----- Original Message ----- 
  From: Timothy Findlay 
  To: 'pptp-server at lists.schulte.org' 
  Sent: Thursday, January 03, 2002 2:46 PM
  Subject: [pptp-server] strange problem...


  Hi, 

  I know this proberly isn't the right place for this question, but not quite sure where to go with it. 

  I've installed PPTPD on a hacked up RH 7.1 box and the clients connect to it fine (works like a charm!). However with 2-3 laptops(running Win98 SE), after installing the Microsoft VPN Adapter (which works cool) regular internet connections bugger up. When we dial Joe Bloggs service provider (which used to work fine) it connects, authenticates, looks fine, but when we fire up a web browser it only transfers a tiny bit of information and then stops. 

  It's almost like it disables the connection, no pings or traceroutes work after been connected to the provider for more than say 10-15 seconds.

  I'm wondering if adding the VPN support (in the Add/Remove Windows bits) is overwriting some file somewhere in windows for the TCP/IP stack or something.... but I just dont know, most systems work fine after adding the VPN stuff, but only these 2-3 Acer laptops seem to bugger up.

  Any thoughts ?? Anything I should be looking at ?? 

  Thanks, 
  Tim. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020104/8f9f3f49/attachment.html>

From timothy.findlay at austrimtextiles.com.au  Fri Jan  4 02:49:30 2002
From: timothy.findlay at austrimtextiles.com.au (Timothy Findlay)
Date: Fri, 4 Jan 2002 19:49:30 +1100 (EST)
Subject: [pptp-server] strange problem...
In-Reply-To: <008201c19542$e2c891a0$121b7d0a@advancehome>
References: <008201c19542$e2c891a0$121b7d0a@advancehome>
Message-ID: <1041.203.44.1.230.1010134170.squirrel@www.melbaind.com.au>

Hi,

Sorry, I think I missed the point explaining the problem, from the laptop,
stage 1 (Internet connection) initially appears ok, then if we goto stage 2
(open the VPN to the office) it works great... and we can stay connected to
the VPN for however many hours without a problem, the issue is if we open
stage 1 (Internet connection) and then open a web browser to look around
the web (forgetting about the VPN to the office) it doesn't go anywhere!

It's almost like the dialup internet connection expects a VPN connection,
and wont do anything by itself. It's not actually the VPN part that is
faulty, its the Internet part.

The crazy part is it was working fine before I installed the VPN support in
Win98, after the Internet+VPN works, but not just Internet.

Does that make any sense ??

Thanks anyway tho,
Tim.

> Hi there,
>
> This is also just guessing, but I have notice that something like this
> can happen when you use several PPTP clients behind a NAT router.
>
> Briefly, when you connect your first client everything works nicely.
> When the second client connects, the actual connection can be
> established ok but after this no data seems to go through (at least for
> the second client) .
>
> To the VPN server, the first client has sent a number of GRE packets,
> and now the second client starts sending packets using the same source
> IP address (because it is natted), but with new packet order numbers.
> The VPN server can't distinguish between the connections... and things
> fail...
>
> Well, like I said, this is just guessing.
>
> Regards,
> Mikael L?nnroth
> www.advancevpn.com <http://www.advancevpn.com>
>
>
> ----- Original Message -----
> From: Timothy Findlay <mailto:Timothy.Findlay at austrimtextiles.com.au>
> To: 'pptp-server at lists.schulte.org'
> <mailto:'pptp-server at lists.schulte.org'>
> Sent: Thursday, January 03, 2002 2:46 PM
> Subject: [pptp-server] strange problem...
>
>
> Hi,
>
> I know this proberly isn't the right place for this question, but not
> quite sure where to go with it.
>
> I've installed PPTPD on a hacked up RH 7.1 box and the clients connect
> to it fine (works like a charm!). However with 2-3 laptops(running
> Win98 SE), after installing the Microsoft VPN Adapter (which works
> cool) regular internet connections bugger up. When we dial Joe Bloggs
> service provider (which used to work fine) it connects, authenticates,
> looks fine, but when we fire up a web browser it only transfers a tiny
> bit of information and then stops.
>
> It's almost like it disables the connection, no pings or traceroutes
> work after been connected to the provider for more than say 10-15
> seconds.
>
> I'm wondering if adding the VPN support (in the Add/Remove Windows
> bits) is overwriting some file somewhere in windows for the TCP/IP
> stack or something.... but I just dont know, most systems work fine
> after adding the VPN stuff, but only these 2-3 Acer laptops seem to
> bugger up.
>
> Any thoughts ?? Anything I should be looking at ??
>
> Thanks,
> Tim.





From mikael.lonnroth at advancevpn.com  Fri Jan  4 13:54:47 2002
From: mikael.lonnroth at advancevpn.com (=?iso-8859-1?Q?Mikael_L=F6nnroth?=)
Date: Fri, 4 Jan 2002 11:54:47 -0800
Subject: [pptp-server] strange problem...
References: <008201c19542$e2c891a0$121b7d0a@advancehome> <1041.203.44.1.230.1010134170.squirrel@www.melbaind.com.au>
Message-ID: <009901c19559$aaab1010$121b7d0a@advancehome>

Ah ok, I found a problem that didn't even exist :)

By default, I think, Windows 98 will route ALL your traffic through the PPTP
connection. That is, when you try to browse the Internet (and before that,
resolve some DNS address to an IP address), all these actions are routed

    *your computer* >> *VPN server* >> *Internet*

    and not

    *your computer* >> *Internet*

There are two solutions to this problem (I hope I got the problem right this
time):

1) Uncheck the "Use default gateway on remote network" checkbox. Should be
somewhere close to the TCP/IP settings on your VPN Dial-up properties.

or

2) Allow your VPN server to forward (and probably masquerade) your traffic
also to the public Internet (also, company firewalls should allow this)

If you use option 1, you might have to manually insert a routing entry for
your company network using the "route" tool.

Regards,
Mikael L?nnroth
www.advancevpn.com



----- Original Message -----
From: "Timothy Findlay" <timothy.findlay at austrimtextiles.com.au>
To: <mikael.lonnroth at advancevpn.com>
Cc: <pptp-server at lists.schulte.org>
Sent: Friday, January 04, 2002 12:49 AM
Subject: Re: [pptp-server] strange problem...


> Hi,
>
> Sorry, I think I missed the point explaining the problem, from the laptop,
> stage 1 (Internet connection) initially appears ok, then if we goto stage
2
> (open the VPN to the office) it works great... and we can stay connected
to
> the VPN for however many hours without a problem, the issue is if we open
> stage 1 (Internet connection) and then open a web browser to look around
> the web (forgetting about the VPN to the office) it doesn't go anywhere!
>
> It's almost like the dialup internet connection expects a VPN connection,
> and wont do anything by itself. It's not actually the VPN part that is
> faulty, its the Internet part.
>
> The crazy part is it was working fine before I installed the VPN support
in
> Win98, after the Internet+VPN works, but not just Internet.
>
> Does that make any sense ??
>
> Thanks anyway tho,
> Tim.
>
> > Hi there,
> >
> > This is also just guessing, but I have notice that something like this
> > can happen when you use several PPTP clients behind a NAT router.
> >
> > Briefly, when you connect your first client everything works nicely.
> > When the second client connects, the actual connection can be
> > established ok but after this no data seems to go through (at least for
> > the second client) .
> >
> > To the VPN server, the first client has sent a number of GRE packets,
> > and now the second client starts sending packets using the same source
> > IP address (because it is natted), but with new packet order numbers.
> > The VPN server can't distinguish between the connections... and things
> > fail...
> >
> > Well, like I said, this is just guessing.
> >
> > Regards,
> > Mikael L?nnroth
> > www.advancevpn.com <http://www.advancevpn.com>
> >
> >
> > ----- Original Message -----
> > From: Timothy Findlay <mailto:Timothy.Findlay at austrimtextiles.com.au>
> > To: 'pptp-server at lists.schulte.org'
> > <mailto:'pptp-server at lists.schulte.org'>
> > Sent: Thursday, January 03, 2002 2:46 PM
> > Subject: [pptp-server] strange problem...
> >
> >
> > Hi,
> >
> > I know this proberly isn't the right place for this question, but not
> > quite sure where to go with it.
> >
> > I've installed PPTPD on a hacked up RH 7.1 box and the clients connect
> > to it fine (works like a charm!). However with 2-3 laptops(running
> > Win98 SE), after installing the Microsoft VPN Adapter (which works
> > cool) regular internet connections bugger up. When we dial Joe Bloggs
> > service provider (which used to work fine) it connects, authenticates,
> > looks fine, but when we fire up a web browser it only transfers a tiny
> > bit of information and then stops.
> >
> > It's almost like it disables the connection, no pings or traceroutes
> > work after been connected to the provider for more than say 10-15
> > seconds.
> >
> > I'm wondering if adding the VPN support (in the Add/Remove Windows
> > bits) is overwriting some file somewhere in windows for the TCP/IP
> > stack or something.... but I just dont know, most systems work fine
> > after adding the VPN stuff, but only these 2-3 Acer laptops seem to
> > bugger up.
> >
> > Any thoughts ?? Anything I should be looking at ??
> >
> > Thanks,
> > Tim.
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>



From alex at saers.com  Fri Jan  4 10:34:26 2002
From: alex at saers.com (ACEAlex)
Date: Fri, 4 Jan 2002 17:34:26 +0100
Subject: [pptp-server] Login to domain
Message-ID: <000c01c1953d$b8fa2730$e4d22fc2@acealex>

Hello.

Things are beginning to look bright for me. Thanx to this list :)

Ok, i got the following working

I have a linux server in Stockholm that i want to run vpn to. Its
configurated with pptp and it works great :)

I have a windows xp client in Lund that i want to connect to the pdc with.

Ok, everything works. Im able to connect to the linux server with user billy
password bob. I can also connect to the samba pdc server that is running on
the linux box. But now i want it to login to the domain that you can chose.
So that i can make som login scripts.

I get some funne things. The wins server that i have specified in pptp
doesnt provide names. For example, running \\linuxserver doesnt work. But
ping linuxserver works?

Has anybody got this to work?

/Alexander




From sean at cyberfarer.com  Fri Jan  4 10:52:45 2002
From: sean at cyberfarer.com (Sean)
Date: Fri, 4 Jan 2002 11:52:45 -0500
Subject: [pptp-server] Login to domain
References: <000c01c1953d$b8fa2730$e4d22fc2@acealex>
Message-ID: <003701c19540$4e1c2f00$0802a8c0@sympatico.ca>

Okay, I do not know if this accurately describes your issue or not but here
goes:

My problem was that remotely from network places I could see Server (linux
pptp server) Bob (workstation 1) and Rob (workstation 2). I could not access
Bob or Rob by mapping with \\Bob or by doubleclicking within network places.
I could access both Bob and Rob with thier IP's or \\192.168.1.x

The solution for me was an lmhosts. I placed an lmhosts file on both the
pptpd server and locally on the remote station I was connecting from. On win
XP I believe the location is C:\windows\System32\Drivers\ETC

You will need to rename lmhosts.sam to just lmhosts.

I then used the following entries:

192.168.1.1        Server        #PRE
192.168.1.2        Bob            #PRE
192.168.1.2        Rob            #PRE

Followed by running the command nbtstat -R I was able to access Bob and Rob
with \\Bob or \\Rob.

I hope that helps.

Sean.


----- Original Message -----
From: "ACEAlex" <alex at saers.com>
To: <pptp-server at lists.schulte.org>
Sent: Friday, January 04, 2002 11:34 AM
Subject: [pptp-server] Login to domain


> Hello.
>
> Things are beginning to look bright for me. Thanx to this list :)
>
> Ok, i got the following working
>
> I have a linux server in Stockholm that i want to run vpn to. Its
> configurated with pptp and it works great :)
>
> I have a windows xp client in Lund that i want to connect to the pdc with.
>
> Ok, everything works. Im able to connect to the linux server with user
billy
> password bob. I can also connect to the samba pdc server that is running
on
> the linux box. But now i want it to login to the domain that you can
chose.
> So that i can make som login scripts.
>
> I get some funne things. The wins server that i have specified in pptp
> doesnt provide names. For example, running \\linuxserver doesnt work. But
> ping linuxserver works?
>
> Has anybody got this to work?
>
> /Alexander
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>



From alex at saers.com  Fri Jan  4 11:19:01 2002
From: alex at saers.com (ACEAlex)
Date: Fri, 4 Jan 2002 18:19:01 +0100
Subject: [pptp-server] Login to domain
References: <000c01c1953d$b8fa2730$e4d22fc2@acealex> <003701c19540$4e1c2f00$0802a8c0@sympatico.ca>
Message-ID: <000901c19543$f02e2cf0$e4d22fc2@acealex>

Ok Thanx
I now got the name lookup to work :)

Here is my lmhosts file
192.168.0.20    linux #PRE #DOM:WORKGROUP
192.168.0.10    paul  #PRE

But I still cant get it to work with the domain logon :(. Any idees?

/Alexander

----- Original Message -----
From: "Sean" <sean at cyberfarer.com>
To: "ACEAlex" <alex at saers.com>; <pptp-server at lists.schulte.org>
Sent: Friday, January 04, 2002 5:52 PM
Subject: Re: [pptp-server] Login to domain


> Okay, I do not know if this accurately describes your issue or not but
here
> goes:
>
> My problem was that remotely from network places I could see Server (linux
> pptp server) Bob (workstation 1) and Rob (workstation 2). I could not
access
> Bob or Rob by mapping with \\Bob or by doubleclicking within network
places.
> I could access both Bob and Rob with thier IP's or \\192.168.1.x
>
> The solution for me was an lmhosts. I placed an lmhosts file on both the
> pptpd server and locally on the remote station I was connecting from. On
win
> XP I believe the location is C:\windows\System32\Drivers\ETC
>
> You will need to rename lmhosts.sam to just lmhosts.
>
> I then used the following entries:
>
> 192.168.1.1        Server        #PRE
> 192.168.1.2        Bob            #PRE
> 192.168.1.2        Rob            #PRE
>
> Followed by running the command nbtstat -R I was able to access Bob and
Rob
> with \\Bob or \\Rob.
>
> I hope that helps.
>
> Sean.
>
>
> ----- Original Message -----
> From: "ACEAlex" <alex at saers.com>
> To: <pptp-server at lists.schulte.org>
> Sent: Friday, January 04, 2002 11:34 AM
> Subject: [pptp-server] Login to domain
>
>
> > Hello.
> >
> > Things are beginning to look bright for me. Thanx to this list :)
> >
> > Ok, i got the following working
> >
> > I have a linux server in Stockholm that i want to run vpn to. Its
> > configurated with pptp and it works great :)
> >
> > I have a windows xp client in Lund that i want to connect to the pdc
with.
> >
> > Ok, everything works. Im able to connect to the linux server with user
> billy
> > password bob. I can also connect to the samba pdc server that is running
> on
> > the linux box. But now i want it to login to the domain that you can
> chose.
> > So that i can make som login scripts.
> >
> > I get some funne things. The wins server that i have specified in pptp
> > doesnt provide names. For example, running \\linuxserver doesnt work.
But
> > ping linuxserver works?
> >
> > Has anybody got this to work?
> >
> > /Alexander
> >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> >
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --



From jrmann1999 at yahoo.com  Fri Jan  4 12:11:51 2002
From: jrmann1999 at yahoo.com (Jeremy Mann)
Date: Fri, 4 Jan 2002 10:11:51 -0800 (PST)
Subject: [pptp-server] Login to domain
In-Reply-To: <003701c19540$4e1c2f00$0802a8c0@sympatico.ca>
Message-ID: <20020104181151.17617.qmail@web14102.mail.yahoo.com>

If either of you have a true WINS server
running(whether it be Samba or an NT PDC/BDC) just put
those IP addresses into your VPN dialer(unless you're
dialing FROM a linux box, then samba should handle
it).  If you leave the IP/Netmask as 0.0.0.0 and just
fill in the primary and secondary WINS servers it'll
work just fine.  Don't forget to change your machine
to logon to the domain in Control
Panel->System(2k/w98).  I have this working from my
Home to my work domain.



=====
Jeremy Mann
"To learn cobol is an injustice, therefore it should be a crime to teach it."

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com


From alex at saers.com  Fri Jan  4 14:24:18 2002
From: alex at saers.com (ACEAlex)
Date: Fri, 4 Jan 2002 21:24:18 +0100
Subject: [pptp-server] Login to domain
References: <20020104181151.17617.qmail@web14102.mail.yahoo.com>
Message-ID: <000501c1955d$c98eca40$e4d22fc2@acealex>

Ok
Now i got the wins part to work. I have missspelled wins in smb.conf :)..
Dahh, and i also got it to login with a domain specified on the win xp
computer. But it never runs the login script. In fact, it never tuches the
nt domain. Cause when i do \\linux i have to specify a username and
password?

Is it possible for pptp to get the client to run a script when you connect
to it?

/Alexander

----- Original Message -----
From: "Jeremy Mann" <jrmann1999 at yahoo.com>
To: <pptp-server at lists.schulte.org>
Sent: Friday, January 04, 2002 7:11 PM
Subject: Re: [pptp-server] Login to domain


> If either of you have a true WINS server
> running(whether it be Samba or an NT PDC/BDC) just put
> those IP addresses into your VPN dialer(unless you're
> dialing FROM a linux box, then samba should handle
> it).  If you leave the IP/Netmask as 0.0.0.0 and just
> fill in the primary and secondary WINS servers it'll
> work just fine.  Don't forget to change your machine
> to logon to the domain in Control
> Panel->System(2k/w98).  I have this working from my
> Home to my work domain.
>
>
>
> =====
> Jeremy Mann
> "To learn cobol is an injustice, therefore it should be a crime to teach
it."
>
> __________________________________________________
> Do You Yahoo!?
> Send your FREE holiday greetings online!
> http://greetings.yahoo.com
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>



From chris at logics.co.uk  Sat Jan  5 16:36:40 2002
From: chris at logics.co.uk (Chris Bond)
Date: Sat, 5 Jan 2002 22:36:40 -0000
Subject: [pptp-server] pppd and redhat 7.2
Message-ID: <002201c19639$73076010$0200a8c0@chyna>

Hi,

Before I go recompiling pppd on my redhat 7.2 system, does anybody know
if it has the proper patches for chap etc to get PoPToP working?

Kind Regards,
Chris Bond



From charlieb at e-smith.com  Sat Jan  5 16:54:57 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Sat, 5 Jan 2002 17:54:57 -0500 (EST)
Subject: [pptp-server] pppd and redhat 7.2
In-Reply-To: <002201c19639$73076010$0200a8c0@chyna>
Message-ID: <Pine.LNX.4.33.0201051754360.1616-100000@allspice.ottawa.e-smith.com>

On Sat, 5 Jan 2002, Chris Bond wrote:

> Before I go recompiling pppd on my redhat 7.2 system, does anybody know
> if it has the proper patches for chap etc to get PoPToP working?

Yes, and no.

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From chris at logics.co.uk  Sun Jan  6 09:50:51 2002
From: chris at logics.co.uk (Chris Bond)
Date: Sun, 6 Jan 2002 15:50:51 -0000
Subject: [pptp-server] pppd and redhat 7.2
In-Reply-To: <Pine.LNX.4.33.0201051754360.1616-100000@allspice.ottawa.e-smith.com>
Message-ID: <001501c196c9$eb6e93d0$0200a8c0@chyna>

Just setup pptpd - I have not updated pppd or the kernel with the mschap
patches.  Connect from a Windows XP VPN Client and I get the following -
I've configured it to just use CHAP, Optional encryption, PPTP VPN.

For some reason it will not connect, I've got  the following
/etc/ppp/options.pptp file:

lock
debug
auth
+chap
proxyarp
nobsdcomp
nodeflate

/etc/pptpd.conf is:
speed 115200
option /etc/ppp/options.pptp
localip 192.168.0.1
remoteip 192.168.0.240-245

The error logs when I connect are as follows:

Jan  6 15:39:13 vibe pppd[6087]: rcvd [CHAP Response id=0x1
<aaa8f4e2c9f52a073a321ab7a4c835b8>, name = "chris"]
Jan  6 15:39:13 vibe pppd[6087]: sent [CHAP Success id=0x1 "Welcome to
vibe."]
Jan  6 15:39:13 vibe pppd[6087]: sent [IPCP ConfReq id=0x1 <addr
192.168.0.1> <compress VJ 0f 01>]
Jan  6 15:39:13 vibe pppd[6087]: CHAP peer authentication succeeded for
chris
Jan  6 15:39:16 vibe pppd[6087]: sent [IPCP ConfReq id=0x1 <addr
192.168.0.1> <compress VJ 0f 01>]
Jan  6 15:39:40 vibe last message repeated 8 times
Jan  6 15:39:43 vibe pppd[6087]: IPCP: timeout sending Config-Requests
Jan  6 15:39:43 vibe pppd[6087]: sent [LCP TermReq id=0x4 "No network
protocols
running"]
Jan  6 15:39:43 vibe pppd[6087]: rcvd [LCP TermAck id=0x4 "No network
protocols
running"]
Jan  6 15:39:43 vibe pppd[6087]: Connection terminated.
Jan  6 15:39:43 vibe pppd[6087]: Connect time 0.6 minutes.
Jan  6 15:39:43 vibe pppd[6087]: Sent 160 bytes, received 0 bytes.
Jan  6 15:39:43 vibe pptpd[6086]: CTRL: Error with select(), quitting
Jan  6 15:39:43 vibe pptpd[6086]: CTRL: Client 192.168.0.2 control
connection finished

It authenticates the client with CHAP successfully but fails to set the
network protocols.

I think it maybe something to do with Compression but there is no option
to disable it on the VPN client.  I've tried enabling them by taking the
options out of options.pptp and it just sends LCP requests for deflate
and then disconnects eventually. The VPN Client gives a Error 734: The
PPP link control protocol was terminated messages.

Any ideas how to sort this out without recompiling the kernel or pppd?

Kind Regards,
Chris Bond

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-
> admin at lists.schulte.org] On Behalf Of Charlie Brady
> Sent: 05 January 2002 10:55 PM
> To: Chris Bond
> Cc: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] pppd and redhat 7.2
> 
> 
> On Sat, 5 Jan 2002, Chris Bond wrote:
> 
> > Before I go recompiling pppd on my redhat 7.2 system, does anybody
know
> > if it has the proper patches for chap etc to get PoPToP working?
> 
> Yes, and no.
> 
> --
> Charlie Brady                         charlieb at e-smith.com
> Lead Product Developer
> Network Server Solutions Group        http://www.e-smith.com/
> Mitel Networks Corporation            http://www.mitel.com/
> Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --



From jvonau at home.com  Sun Jan  6 10:28:08 2002
From: jvonau at home.com (Jerry Vonau)
Date: Sun, 06 Jan 2002 10:28:08 -0600
Subject: [pptp-server] pppd and redhat 7.2
References: <001501c196c9$eb6e93d0$0200a8c0@chyna>
Message-ID: <3C387B18.7D9D879F@home.com>

Chris:
---------
I've configured it to just use CHAP, Optional encryption,
PPTP VPN.
---------

If you have not patched pppd/kernel, then set the client up
to be able
to use no encryption, that is the level of the server at
this point.

With win2000, there is an option to use "no encryption
allowed"
I'm not sure if that is available with XP, might be KB at MS
for 
that sort if thing if it is not present. 

What version of pppd is installed? You may have to upgrade
2.4.1 
anyway, as others people on the newsgroup comp.protocols.ppp
have
said that redhat's version is a little broken out of the
box.
I think it has problems parsing any options.xxx files.
Hope it helps.....

Jerry Vonau




Chris Bond wrote:
> 
> Just setup pptpd - I have not updated pppd or the kernel with the mschap
> patches.  Connect from a Windows XP VPN Client and I get the following -
> I've configured it to just use CHAP, Optional encryption, PPTP VPN.
> 
> For some reason it will not connect, I've got  the following
> /etc/ppp/options.pptp file:
> 
> lock
> debug
> auth
> +chap
> proxyarp
> nobsdcomp
> nodeflate
> 
> /etc/pptpd.conf is:
> speed 115200
> option /etc/ppp/options.pptp
> localip 192.168.0.1
> remoteip 192.168.0.240-245
> 
> The error logs when I connect are as follows:
> 
> Jan  6 15:39:13 vibe pppd[6087]: rcvd [CHAP Response id=0x1
> <aaa8f4e2c9f52a073a321ab7a4c835b8>, name = "chris"]
> Jan  6 15:39:13 vibe pppd[6087]: sent [CHAP Success id=0x1 "Welcome to
> vibe."]
> Jan  6 15:39:13 vibe pppd[6087]: sent [IPCP ConfReq id=0x1 <addr
> 192.168.0.1> <compress VJ 0f 01>]
> Jan  6 15:39:13 vibe pppd[6087]: CHAP peer authentication succeeded for
> chris
> Jan  6 15:39:16 vibe pppd[6087]: sent [IPCP ConfReq id=0x1 <addr
> 192.168.0.1> <compress VJ 0f 01>]
> Jan  6 15:39:40 vibe last message repeated 8 times
> Jan  6 15:39:43 vibe pppd[6087]: IPCP: timeout sending Config-Requests
> Jan  6 15:39:43 vibe pppd[6087]: sent [LCP TermReq id=0x4 "No network
> protocols
> running"]
> Jan  6 15:39:43 vibe pppd[6087]: rcvd [LCP TermAck id=0x4 "No network
> protocols
> running"]
> Jan  6 15:39:43 vibe pppd[6087]: Connection terminated.
> Jan  6 15:39:43 vibe pppd[6087]: Connect time 0.6 minutes.
> Jan  6 15:39:43 vibe pppd[6087]: Sent 160 bytes, received 0 bytes.
> Jan  6 15:39:43 vibe pptpd[6086]: CTRL: Error with select(), quitting
> Jan  6 15:39:43 vibe pptpd[6086]: CTRL: Client 192.168.0.2 control
> connection finished
> 
> It authenticates the client with CHAP successfully but fails to set the
> network protocols.
> 
> I think it maybe something to do with Compression but there is no option
> to disable it on the VPN client.  I've tried enabling them by taking the
> options out of options.pptp and it just sends LCP requests for deflate
> and then disconnects eventually. The VPN Client gives a Error 734: The
> PPP link control protocol was terminated messages.
> 
> Any ideas how to sort this out without recompiling the kernel or pppd?
> 
> Kind Regards,
> Chris Bond
> 
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-
> > admin at lists.schulte.org] On Behalf Of Charlie Brady
> > Sent: 05 January 2002 10:55 PM
> > To: Chris Bond
> > Cc: pptp-server at lists.schulte.org
> > Subject: Re: [pptp-server] pppd and redhat 7.2
> >
> >
> > On Sat, 5 Jan 2002, Chris Bond wrote:
> >
> > > Before I go recompiling pppd on my redhat 7.2 system, does anybody
> know
> > > if it has the proper patches for chap etc to get PoPToP working?
> >
> > Yes, and no.
> >
> > --
> > Charlie Brady                         charlieb at e-smith.com
> > Lead Product Developer
> > Network Server Solutions Group        http://www.e-smith.com/
> > Mitel Networks Corporation            http://www.mitel.com/
> > Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
> >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From jvonau at home.com  Sun Jan  6 10:46:54 2002
From: jvonau at home.com (Jerry Vonau)
Date: Sun, 06 Jan 2002 10:46:54 -0600
Subject: [pptp-server] pppd and redhat 7.2
References: <001501c196c9$eb6e93d0$0200a8c0@chyna> <3C387B18.7D9D879F@home.com>
Message-ID: <3C387F7E.FDF09C92@home.com>

Chris:


In your log just above the snip that you posted is there
a line like this?
----from the newsgroup------ 

]Jan  1 17:06:51 clarkconnect pppd[5393]: rcvd [LCP ConfReq
id=0x1 <asyncmap
]0xa0000> <magic 0x10cc4f5> <pcomp> <accomp> <callback
CBCP>]

The Win machine asks for callback (CBCP)

Jan  1 17:06:51 clarkconnect pppd[5393]: sent [LCP ConfAck
id=0x1 <asyncmap
0xa0000> <magic 0x10cc4f5> <pcomp> <accomp> <callback CBCP>]

The Linux machine accepts ( ConfAck= Configuration
acknowledged) but
Linux ppp cannot do server side callback and has no
intention of doing
so in this case.
The authentication proceeds as per the standard for CBCP and
then the
Win machine hangs up. HOwever Linux keeps trying to
negotiate which is
just wrong. The Win machine never answers since it has hung
up waiting
for the callback. 


]Jan  1 17:06:52 clarkconnect pppd[5393]: sent [IPCP ConfReq
id=0x1 <addr
]192.168.1.200> <compress VJ 0f 01>]
]Jan  1 17:06:52 clarkconnect pppd[5393]: sent [CCP ConfReq
id=0x1 <deflate
]15> <deflate(old#) 15> <bsd v1 15>]
]Jan  1 17:06:52 clarkconnect pppd[5393]: CHAP peer
authentication succeeded
]for janne
]Jan  1 17:06:55 clarkconnect pppd[5393]: sent [IPCP ConfReq
id=0x1 <addr
]192.168.1.200> <compress VJ 0f 01>]
]Jan  1 17:06:55 clarkconnect pppd[5393]: sent [CCP ConfReq
id=0x1 <deflate
]15> <deflate(old#) 15> <bsd v1 15>]
]Jan  1 17:06:58 clarkconnect pppd[5393]: sent [IPCP ConfReq
id=0x1 <addr

... 
and so on till the Linux ppp gives up never gettinga
response.

..

]I really am a newbie both with vpn and linux so i hope you
can tell me
]what's going wrong exactly and how to fix it.

I did. What is wrong is that RedHat screwed up, and they
refuse to fix
their screw up. Their cbcp patch is just wrong, and is
causeing this. 
I also told you how to fix it-- get either the original ppp
2.4.1 from
ftp.samba.org/pub/ppp or get the Mandrake ppp 2.4.1 rpm from
their 8.1
distribution. ( they did not install that bad patch that
RedHat did.)

-----thanks to Bill Unruh for the post----------

The callback is the problem, if your pppd is 2.4.1 from
redhat, 
then it is broken. 

Jerry Vonau


Jerry Vonau wrote:
> 
> Chris:
> ---------
> I've configured it to just use CHAP, Optional encryption,
> PPTP VPN.
> ---------
> 
> If you have not patched pppd/kernel, then set the client up
> to be able
> to use no encryption, that is the level of the server at
> this point.
> 
> With win2000, there is an option to use "no encryption
> allowed"
> I'm not sure if that is available with XP, might be KB at MS
> for
> that sort if thing if it is not present.
> 
> What version of pppd is installed? You may have to upgrade
> 2.4.1
> anyway, as others people on the newsgroup comp.protocols.ppp
> have
> said that redhat's version is a little broken out of the
> box.
> I think it has problems parsing any options.xxx files.
> Hope it helps.....
> 
> Jerry Vonau
> 
> Chris Bond wrote:
> >
> > Just setup pptpd - I have not updated pppd or the kernel with the mschap
> > patches.  Connect from a Windows XP VPN Client and I get the following -
> > I've configured it to just use CHAP, Optional encryption, PPTP VPN.
> >
> > For some reason it will not connect, I've got  the following
> > /etc/ppp/options.pptp file:
> >
> > lock
> > debug
> > auth
> > +chap
> > proxyarp
> > nobsdcomp
> > nodeflate
> >
> > /etc/pptpd.conf is:
> > speed 115200
> > option /etc/ppp/options.pptp
> > localip 192.168.0.1
> > remoteip 192.168.0.240-245
> >
> > The error logs when I connect are as follows:
> >
> > Jan  6 15:39:13 vibe pppd[6087]: rcvd [CHAP Response id=0x1
> > <aaa8f4e2c9f52a073a321ab7a4c835b8>, name = "chris"]
> > Jan  6 15:39:13 vibe pppd[6087]: sent [CHAP Success id=0x1 "Welcome to
> > vibe."]
> > Jan  6 15:39:13 vibe pppd[6087]: sent [IPCP ConfReq id=0x1 <addr
> > 192.168.0.1> <compress VJ 0f 01>]
> > Jan  6 15:39:13 vibe pppd[6087]: CHAP peer authentication succeeded for
> > chris
> > Jan  6 15:39:16 vibe pppd[6087]: sent [IPCP ConfReq id=0x1 <addr
> > 192.168.0.1> <compress VJ 0f 01>]
> > Jan  6 15:39:40 vibe last message repeated 8 times
> > Jan  6 15:39:43 vibe pppd[6087]: IPCP: timeout sending Config-Requests
> > Jan  6 15:39:43 vibe pppd[6087]: sent [LCP TermReq id=0x4 "No network
> > protocols
> > running"]
> > Jan  6 15:39:43 vibe pppd[6087]: rcvd [LCP TermAck id=0x4 "No network
> > protocols
> > running"]
> > Jan  6 15:39:43 vibe pppd[6087]: Connection terminated.
> > Jan  6 15:39:43 vibe pppd[6087]: Connect time 0.6 minutes.
> > Jan  6 15:39:43 vibe pppd[6087]: Sent 160 bytes, received 0 bytes.
> > Jan  6 15:39:43 vibe pptpd[6086]: CTRL: Error with select(), quitting
> > Jan  6 15:39:43 vibe pptpd[6086]: CTRL: Client 192.168.0.2 control
> > connection finished
> >
> > It authenticates the client with CHAP successfully but fails to set the
> > network protocols.
> >
> > I think it maybe something to do with Compression but there is no option
> > to disable it on the VPN client.  I've tried enabling them by taking the
> > options out of options.pptp and it just sends LCP requests for deflate
> > and then disconnects eventually. The VPN Client gives a Error 734: The
> > PPP link control protocol was terminated messages.
> >
> > Any ideas how to sort this out without recompiling the kernel or pppd?
> >
> > Kind Regards,
> > Chris Bond
> >
> > > -----Original Message-----
> > > From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-
> > > admin at lists.schulte.org] On Behalf Of Charlie Brady
> > > Sent: 05 January 2002 10:55 PM
> > > To: Chris Bond
> > > Cc: pptp-server at lists.schulte.org
> > > Subject: Re: [pptp-server] pppd and redhat 7.2
> > >
> > >
> > > On Sat, 5 Jan 2002, Chris Bond wrote:
> > >
> > > > Before I go recompiling pppd on my redhat 7.2 system, does anybody
> > know
> > > > if it has the proper patches for chap etc to get PoPToP working?
> > >
> > > Yes, and no.
> > >
> > > --
> > > Charlie Brady                         charlieb at e-smith.com
> > > Lead Product Developer
> > > Network Server Solutions Group        http://www.e-smith.com/
> > > Mitel Networks Corporation            http://www.mitel.com/
> > > Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
> > >
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > --- To unsubscribe, go to the url just above this line. --
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --


From chris at logics.co.uk  Sun Jan  6 12:34:34 2002
From: chris at logics.co.uk (Chris Bond)
Date: Sun, 6 Jan 2002 18:34:34 -0000
Subject: [pptp-server] pppd and redhat 7.2
In-Reply-To: <3C387F7E.FDF09C92@home.com>
Message-ID: <001801c196e0$ca525a80$0200a8c0@chyna>

Yup it had that their, gonna try the mandrake rpm for pppd see what that
causes

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-
> admin at lists.schulte.org] On Behalf Of Jerry Vonau
> Sent: 06 January 2002 4:47 PM
> To: chris at logics.co.uk; pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] pppd and redhat 7.2
> 
> Chris:
> 
> 
> In your log just above the snip that you posted is there
> a line like this?
> ----from the newsgroup------
> 
> ]Jan  1 17:06:51 clarkconnect pppd[5393]: rcvd [LCP ConfReq
> id=0x1 <asyncmap
> ]0xa0000> <magic 0x10cc4f5> <pcomp> <accomp> <callback
> CBCP>]
> 
> The Win machine asks for callback (CBCP)
> 
> Jan  1 17:06:51 clarkconnect pppd[5393]: sent [LCP ConfAck
> id=0x1 <asyncmap
> 0xa0000> <magic 0x10cc4f5> <pcomp> <accomp> <callback CBCP>]
> 
> The Linux machine accepts ( ConfAck= Configuration
> acknowledged) but
> Linux ppp cannot do server side callback and has no
> intention of doing
> so in this case.
> The authentication proceeds as per the standard for CBCP and
> then the
> Win machine hangs up. HOwever Linux keeps trying to
> negotiate which is
> just wrong. The Win machine never answers since it has hung
> up waiting
> for the callback.
> 
> 
> ]Jan  1 17:06:52 clarkconnect pppd[5393]: sent [IPCP ConfReq
> id=0x1 <addr
> ]192.168.1.200> <compress VJ 0f 01>]
> ]Jan  1 17:06:52 clarkconnect pppd[5393]: sent [CCP ConfReq
> id=0x1 <deflate
> ]15> <deflate(old#) 15> <bsd v1 15>]
> ]Jan  1 17:06:52 clarkconnect pppd[5393]: CHAP peer
> authentication succeeded
> ]for janne
> ]Jan  1 17:06:55 clarkconnect pppd[5393]: sent [IPCP ConfReq
> id=0x1 <addr
> ]192.168.1.200> <compress VJ 0f 01>]
> ]Jan  1 17:06:55 clarkconnect pppd[5393]: sent [CCP ConfReq
> id=0x1 <deflate
> ]15> <deflate(old#) 15> <bsd v1 15>]
> ]Jan  1 17:06:58 clarkconnect pppd[5393]: sent [IPCP ConfReq
> id=0x1 <addr
> 
> ...
> and so on till the Linux ppp gives up never gettinga
> response.
> 
> ..
> 
> ]I really am a newbie both with vpn and linux so i hope you
> can tell me
> ]what's going wrong exactly and how to fix it.
> 
> I did. What is wrong is that RedHat screwed up, and they
> refuse to fix
> their screw up. Their cbcp patch is just wrong, and is
> causeing this.
> I also told you how to fix it-- get either the original ppp
> 2.4.1 from
> ftp.samba.org/pub/ppp or get the Mandrake ppp 2.4.1 rpm from
> their 8.1
> distribution. ( they did not install that bad patch that
> RedHat did.)
> 
> -----thanks to Bill Unruh for the post----------
> 
> The callback is the problem, if your pppd is 2.4.1 from
> redhat,
> then it is broken.
> 
> Jerry Vonau
> 
> 
> Jerry Vonau wrote:
> >
> > Chris:
> > ---------
> > I've configured it to just use CHAP, Optional encryption,
> > PPTP VPN.
> > ---------
> >
> > If you have not patched pppd/kernel, then set the client up
> > to be able
> > to use no encryption, that is the level of the server at
> > this point.
> >
> > With win2000, there is an option to use "no encryption
> > allowed"
> > I'm not sure if that is available with XP, might be KB at MS
> > for
> > that sort if thing if it is not present.
> >
> > What version of pppd is installed? You may have to upgrade
> > 2.4.1
> > anyway, as others people on the newsgroup comp.protocols.ppp
> > have
> > said that redhat's version is a little broken out of the
> > box.
> > I think it has problems parsing any options.xxx files.
> > Hope it helps.....
> >
> > Jerry Vonau
> >
> > Chris Bond wrote:
> > >
> > > Just setup pptpd - I have not updated pppd or the kernel with the
> mschap
> > > patches.  Connect from a Windows XP VPN Client and I get the
following
> -
> > > I've configured it to just use CHAP, Optional encryption, PPTP
VPN.
> > >
> > > For some reason it will not connect, I've got  the following
> > > /etc/ppp/options.pptp file:
> > >
> > > lock
> > > debug
> > > auth
> > > +chap
> > > proxyarp
> > > nobsdcomp
> > > nodeflate
> > >
> > > /etc/pptpd.conf is:
> > > speed 115200
> > > option /etc/ppp/options.pptp
> > > localip 192.168.0.1
> > > remoteip 192.168.0.240-245
> > >
> > > The error logs when I connect are as follows:
> > >
> > > Jan  6 15:39:13 vibe pppd[6087]: rcvd [CHAP Response id=0x1
> > > <aaa8f4e2c9f52a073a321ab7a4c835b8>, name = "chris"]
> > > Jan  6 15:39:13 vibe pppd[6087]: sent [CHAP Success id=0x1
"Welcome to
> > > vibe."]
> > > Jan  6 15:39:13 vibe pppd[6087]: sent [IPCP ConfReq id=0x1 <addr
> > > 192.168.0.1> <compress VJ 0f 01>]
> > > Jan  6 15:39:13 vibe pppd[6087]: CHAP peer authentication
succeeded
> for
> > > chris
> > > Jan  6 15:39:16 vibe pppd[6087]: sent [IPCP ConfReq id=0x1 <addr
> > > 192.168.0.1> <compress VJ 0f 01>]
> > > Jan  6 15:39:40 vibe last message repeated 8 times
> > > Jan  6 15:39:43 vibe pppd[6087]: IPCP: timeout sending
Config-Requests
> > > Jan  6 15:39:43 vibe pppd[6087]: sent [LCP TermReq id=0x4 "No
network
> > > protocols
> > > running"]
> > > Jan  6 15:39:43 vibe pppd[6087]: rcvd [LCP TermAck id=0x4 "No
network
> > > protocols
> > > running"]
> > > Jan  6 15:39:43 vibe pppd[6087]: Connection terminated.
> > > Jan  6 15:39:43 vibe pppd[6087]: Connect time 0.6 minutes.
> > > Jan  6 15:39:43 vibe pppd[6087]: Sent 160 bytes, received 0 bytes.
> > > Jan  6 15:39:43 vibe pptpd[6086]: CTRL: Error with select(),
quitting
> > > Jan  6 15:39:43 vibe pptpd[6086]: CTRL: Client 192.168.0.2 control
> > > connection finished
> > >
> > > It authenticates the client with CHAP successfully but fails to
set
> the
> > > network protocols.
> > >
> > > I think it maybe something to do with Compression but there is no
> option
> > > to disable it on the VPN client.  I've tried enabling them by
taking
> the
> > > options out of options.pptp and it just sends LCP requests for
deflate
> > > and then disconnects eventually. The VPN Client gives a Error 734:
The
> > > PPP link control protocol was terminated messages.
> > >
> > > Any ideas how to sort this out without recompiling the kernel or
pppd?
> > >
> > > Kind Regards,
> > > Chris Bond
> > >
> > > > -----Original Message-----
> > > > From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-
> > > > admin at lists.schulte.org] On Behalf Of Charlie Brady
> > > > Sent: 05 January 2002 10:55 PM
> > > > To: Chris Bond
> > > > Cc: pptp-server at lists.schulte.org
> > > > Subject: Re: [pptp-server] pppd and redhat 7.2
> > > >
> > > >
> > > > On Sat, 5 Jan 2002, Chris Bond wrote:
> > > >
> > > > > Before I go recompiling pppd on my redhat 7.2 system, does
anybody
> > > know
> > > > > if it has the proper patches for chap etc to get PoPToP
working?
> > > >
> > > > Yes, and no.
> > > >
> > > > --
> > > > Charlie Brady                         charlieb at e-smith.com
> > > > Lead Product Developer
> > > > Network Server Solutions Group        http://www.e-smith.com/
> > > > Mitel Networks Corporation            http://www.mitel.com/
> > > > Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
> > > >
> > > >
> > > > _______________________________________________
> > > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > > --- To unsubscribe, go to the url just above this line. --
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > --- To unsubscribe, go to the url just above this line. --
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --



From tonypang at dmx.com.hk  Sun Jan  6 20:00:00 2002
From: tonypang at dmx.com.hk (Tony Pang)
Date: Mon, 7 Jan 2002 10:00:00 +0800
Subject: [pptp-server] pppd and radius
Message-ID: <004c01c1971f$03a8f7b0$1ac8a8c0@tony2k>

Is it possible to use authentication from radius in pppd? I am now using pppd 2.4.1. I have heard that pppd can be pamified but I can't find the patch. I have patch the pppd with MS-ChapV2 and MPPE. Can I apply a patch to pamified it?

Best Regards,
Tony Pang
Network System Engineer
DMX Technologies (HK) Ltd.
tonypang at dmx.com.hk
+852 2520 2660
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020107/5484d3b4/attachment.html>

From lists at earthling.2y.net  Sun Jan  6 23:05:02 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Mon, 7 Jan 2002 00:05:02 -0500 (EST)
Subject: [pptp-server] pppd and radius
In-Reply-To: <004c01c1971f$03a8f7b0$1ac8a8c0@tony2k>
Message-ID: <Pine.LNX.4.33.0201062331070.13713-100000@earthling.2y.net>

PPPd will support pam, all you have to do is edit the makefile.  *kicks
slow wireless link for give me a multi-second delay while typing this
email*  But, pam can only work with cleartext logins and passwords. there
is no way to efficently take the ntlm password hash, and convert it to
clear text password.  I don't know about any patches to support a current
pppd, but the authentication code in pppd has not changed much from 2.3 to
2.4, so an old patch may still apply.  One problem though, MS may have
written an ietf draft on how to do mschapv2 with radius, but it requires
diffrent authentication behaviour, and the radius server, i think, needs
to be an NT box.  My memory of that is a bit hazy.  *kicks 802.11b*

-Justin

On Mon, 7 Jan 2002, Tony Pang wrote:

> Is it possible to use authentication from radius in pppd? I am now using pppd 2.4.1. I have heard that pppd can be pamified but I can't find the patch. I have patch the pppd with MS-ChapV2 and MPPE. Can I apply a patch to pamified it?
>
> Best Regards,
> Tony Pang
> Network System Engineer
> DMX Technologies (HK) Ltd.
> tonypang at dmx.com.hk
> +852 2520 2660
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From admin at fontanus.com  Sun Jan  6 22:45:47 2002
From: admin at fontanus.com (Dwight Lee)
Date: 06 Jan 2002 23:45:47 -0500
Subject: [pptp-server] Help setting up PPTP
Message-ID: <1010378748.4909.6.camel@localhost.localdomain>

Hi all,

I was wondering if anyone out there might know how to solve this
problem.  I'm trying to set up the following server:

Redhat Linux 7.2 with:
Kernel Version 2.4.16 with linux-2.4.16-openssl-0.9.6b-mppe.patch.gz
and PPP-2.4.1 with ppp-2.4.1-openssl-0.9.6-mppe-patch.gz
and pptpd-1.1.2 server.

I'm also using IPTables version 1.2.4-2.  I get the following log output
when I attempt to make a connection from a windows 2000 workstation. 
The error on the workstation is 619, however I do have the Unix98 PTYs
built into the kernel with 256 Maximum number Unix98 PTY's.

If there is any additional information you guys need to help me, just
ask and I'll see if I can get that to you asap.

Thanks in advance.

Dwight Lee
Fontanus, Inc.



---------------- Log File Output --------------------------
Jan  4 13:05:03 pluto kernel: PPP generic driver version 2.4.1
Jan  4 13:05:03 pluto pppd[3539]: The remote system is required to
authenticate itself
Jan  4 13:05:03 pluto pppd[3539]: but I couldn't find any suitable
secret (password) for it to use to do so.
Jan  4 13:05:03 pluto pptpd[3538]: Error reading from pppd: Input/output
error
Jan  4 13:05:03 pluto pptpd[3538]: CTRL: GRE read or PTY write failed
(gre,pty)=(6,5)
Jan  4 13:05:03 pluto pptpd[3538]: CTRL: Client xx.xxx.xxx.xx control
connection finished
Jan  4 13:05:09 pluto pptpd[3541]: CTRL: Client xx.xxx.xxx.xx control
connection started
Jan  4 13:05:09 pluto pptpd[3541]: CTRL: Starting call (launching pppd,
opening GRE)
Jan  4 13:05:09 pluto pppd[3542]: The remote system is required to
authenticate itself
Jan  4 13:05:09 pluto pppd[3542]: but I couldn't find any suitable
secret (password) for it to use to do so.
Jan  4 13:05:09 pluto pptpd[3541]: Error reading from pppd: Input/output
error
Jan  4 13:05:09 pluto pptpd[3541]: CTRL: GRE read or PTY write failed
(gre,pty)=(6,5)
Jan  4 13:05:09 pluto pptpd[3541]: CTRL: Client xx.xxx.xxx.xx control
connection finished
Jan  4 13:05:10 pluto pptpd[3543]: CTRL: Client xx.xxx.xxx.xx control
connection started
Jan  4 13:05:10 pluto pptpd[3543]: CTRL: Starting call (launching pppd,
opening GRE)
Jan  4 13:05:10 pluto pppd[3544]: The remote system is required to
authenticate itself
Jan  4 13:05:10 pluto pppd[3544]: but I couldn't find any suitable
secret (password) for it to use to do so.
Jan  4 13:05:10 pluto pptpd[3543]: Error reading from pppd: Input/output
error
Jan  4 13:05:10 pluto pptpd[3543]: CTRL: GRE read or PTY write failed
(gre,pty)=(6,5)
Jan  4 13:05:10 pluto pptpd[3543]: CTRL: Client xx.xxx.xxx.xx control
connection finished






From Steve at SteveCowles.com  Sun Jan  6 23:19:39 2002
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Sun, 6 Jan 2002 23:19:39 -0600 
Subject: [pptp-server] Help setting up PPTP
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9D4@defiant.infohiiway.com>

> -----Original Message-----
> From: Dwight Lee [mailto:admin at fontanus.com]
> Sent: Sunday, January 06, 2002 10:46 PM
> To: pptp-server at lists.schulte.org
> Cc: dwight at fontanus.com
> Subject: [pptp-server] Help setting up PPTP
> 
> 
> Hi all,
> 
> I was wondering if anyone out there might know how to solve this
> problem.  I'm trying to set up the following server:
> 
> ---------------- Log File Output --------------------------
> Jan  4 13:05:03 pluto kernel: PPP generic driver version 2.4.1
> Jan  4 13:05:03 pluto pppd[3539]: The remote system is required to
> authenticate itself
> Jan  4 13:05:03 pluto pppd[3539]: but I couldn't find any suitable
> secret (password) for it to use to do so.

Have you added your username/password to /etc/ppp/chap-secrets????

> Jan  4 13:05:03 pluto pptpd[3538]: Error reading from pppd: 
> Input/output error
> Jan  4 13:05:03 pluto pptpd[3538]: CTRL: GRE read or PTY write failed
> (gre,pty)=(6,5)

Is there possibly a firewall rule blocking the GRE protocol (47)?

Steve Cowles


From mikko.erkkila at kolumbus.fi  Mon Jan  7 01:50:21 2002
From: mikko.erkkila at kolumbus.fi (mikko.erkkila at kolumbus.fi)
Date: Mon, 7 Jan 2002 9:50:21 +0200
Subject: [pptp-server] pptp-server -- confirmation of subscription -- request 255050
Message-ID: <20020107075021.FCGR24037.fep02-app.kolumbus.fi@[193.229.5.108]>

pptp-server -- confirmation of subscription -- request 255050





From dwight at fontanus.com  Mon Jan  7 09:58:12 2002
From: dwight at fontanus.com (Dwight Lee)
Date: Mon, 7 Jan 2002 10:58:12 -0500
Subject: [pptp-server] Help setting up PPTP
Message-ID: <HIEDJDBKJCJPHDHBDCIJEEKLCAAA.dwight@fontanus.com>

Hey Steve,

Thanks for the reply.  I do have users and passwords listed in my
/etc/ppp/chap-secrets file.  I'll play with the firewall configuration some
to see if that helps, but I was curious why I would get that error about not
being able to find a suitable password.


Dwight Lee
Fontanus, Inc.

Phone:  201-239-7770 ext. 101         155 2nd Street
Fax:  201-239-7771                    Jersey City, NJ 07302
Mobile:  718-930-7644                 URL:  http://www.fontanus.com

> -----Original Message-----
> From: Dwight Lee [mailto:admin at fontanus.com]
> Sent: Sunday, January 06, 2002 10:46 PM
> To: pptp-server at lists.schulte.org
> Cc: dwight at fontanus.com
> Subject: [pptp-server] Help setting up PPTP
>
>
> Hi all,
>
> I was wondering if anyone out there might know how to solve this
> problem.  I'm trying to set up the following server:
>
> ---------------- Log File Output --------------------------
> Jan  4 13:05:03 pluto kernel: PPP generic driver version 2.4.1
> Jan  4 13:05:03 pluto pppd[3539]: The remote system is required to
> authenticate itself
> Jan  4 13:05:03 pluto pppd[3539]: but I couldn't find any suitable
> secret (password) for it to use to do so.

Have you added your username/password to /etc/ppp/chap-secrets????

> Jan  4 13:05:03 pluto pptpd[3538]: Error reading from pppd:
> Input/output error
> Jan  4 13:05:03 pluto pptpd[3538]: CTRL: GRE read or PTY write failed
> (gre,pty)=(6,5)

Is there possibly a firewall rule blocking the GRE protocol (47)?

Steve Cowles




From grj at lincom.no  Mon Jan  7 10:03:23 2002
From: grj at lincom.no (Gustav Jansen)
Date: Mon, 7 Jan 2002 17:03:23 +0100 (CET)
Subject: [pptp-server] packet sizes
Message-ID: <Pine.LNX.4.33.0201071657540.28165-100000@umbriel.lincom.no>

Hi!

I've been running pptpd for some time now, and I've suddenly started
experiencing some weird problems. I get the following message in my kernel
logs:

Not enough space to encrypt packet: 1404<1404+4!

I'm using PoPToP v1.1.2 and pppd version 2.4.1 on a Linux 2.4.9 box. I've
set up MPPE 128 and this has been working fine. But now, all of a sudden,
I can't connect to shares, or connect to the Internet through the
VPN-link, and these messages are popping up in my logs. Any ideas anyone?

--

Gustav

1AB5 1DD3 4412 9F03 1A4D  9C64 4763 DD26 62DA 54BF



From Steve at SteveCowles.com  Mon Jan  7 10:04:46 2002
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Mon, 7 Jan 2002 10:04:46 -0600 
Subject: [pptp-server] Help setting up PPTP
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9D7@defiant.infohiiway.com>

> -----Original Message-----
> From: Dwight Lee [mailto:dwight at fontanus.com]
> Sent: Monday, January 07, 2002 9:58 AM
> To: pptp-server at lists.schulte.org
> Cc: dwight at fontanus.com
> Subject: [pptp-server] Help setting up PPTP
> 
> 
> Hey Steve,
> 
> Thanks for the reply.  I do have users and passwords listed in my
> /etc/ppp/chap-secrets file.  I'll play with the firewall 
> configuration some to see if that helps, but I was curious why
> I would get that error about not being able to find a suitable
> password.
>

The server field in chap-secrets is usually the culprit. Try:

username * password *


Steve Cowles 


From admin at fontanus.com  Mon Jan  7 11:04:01 2002
From: admin at fontanus.com (Dwight Lee)
Date: Mon, 7 Jan 2002 12:04:01 -0500
Subject: [pptp-server] Help setting up PPTP
Message-ID: <HIEDJDBKJCJPHDHBDCIJIEKLCAAA.admin@fontanus.com>

Hey Steve,

Thanks for the reply.  I do have users and passwords listed in my
/etc/ppp/chap-secrets file.  I'll play with the firewall configuration some
to see if that helps, but I was curious why I would get that error about not
being able to find a suitable password.


Dwight Lee
Fontanus, Inc.

Phone:  201-239-7770 ext. 101         155 2nd Street
Fax:  201-239-7771                    Jersey City, NJ 07302
Mobile:  718-930-7644                 URL:  http://www.fontanus.com

> -----Original Message-----
> From: Dwight Lee [mailto:admin at fontanus.com]
> Sent: Sunday, January 06, 2002 10:46 PM
> To: pptp-server at lists.schulte.org
> Cc: dwight at fontanus.com
> Subject: [pptp-server] Help setting up PPTP
>
>
> Hi all,
>
> I was wondering if anyone out there might know how to solve this
> problem.  I'm trying to set up the following server:
>
> ---------------- Log File Output --------------------------
> Jan  4 13:05:03 pluto kernel: PPP generic driver version 2.4.1
> Jan  4 13:05:03 pluto pppd[3539]: The remote system is required to
> authenticate itself
> Jan  4 13:05:03 pluto pppd[3539]: but I couldn't find any suitable
> secret (password) for it to use to do so.

Have you added your username/password to /etc/ppp/chap-secrets????

> Jan  4 13:05:03 pluto pptpd[3538]: Error reading from pppd:
> Input/output error
> Jan  4 13:05:03 pluto pptpd[3538]: CTRL: GRE read or PTY write failed
> (gre,pty)=(6,5)

Is there possibly a firewall rule blocking the GRE protocol (47)?

Steve Cowles



From dwight at fontanus.com  Mon Jan  7 11:15:48 2002
From: dwight at fontanus.com (Dwight Lee)
Date: Mon, 7 Jan 2002 12:15:48 -0500
Subject: [pptp-server] Help setting up PPTP
Message-ID: <HIEDJDBKJCJPHDHBDCIJMEKLCAAA.dwight@fontanus.com>

Thanks Steve,

Turns out the the chap-secrets file was the culprit after all.  I was just
rebuilding this server and reused my chap-secrets file from the last working
build.  In that build, I was using the server name in the server field.
Changing it to '*' seemed to solve my problem.

I'd like to know why this is, but I'm really just happy that it works now.

Thanks again.

Dwight Lee
Fontanus, Inc.

Phone:  201-239-7770 ext. 101         155 2nd Street
Fax:  201-239-7771                    Jersey City, NJ 07302
Mobile:  718-930-7644                 URL:  http://www.fontanus.com



From Steve at SteveCowles.com  Mon Jan  7 11:46:41 2002
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Mon, 7 Jan 2002 11:46:41 -0600 
Subject: [pptp-server] Help setting up PPTP
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9DB@defiant.infohiiway.com>

> -----Original Message-----
> From: Dwight Lee [mailto:dwight at fontanus.com]
> Sent: Monday, January 07, 2002 11:16 AM
> To: pptp-server at lists.schulte.org
> Cc: dwight at fontanus.com
> Subject: [pptp-server] Help setting up PPTP
> 
> 
> Thanks Steve,
> 
> Turns out the the chap-secrets file was the culprit after 
> all.  I was just rebuilding this server and reused my chap-
> secrets file from the last working build.  In that build,
> I was using the server name in the server field.
> Changing it to '*' seemed to solve my problem.
> 
> I'd like to know why this is, but I'm really just happy that 
> it works now.
> 

If I remember correctly, the "server" field in chap-secrets must match the
"name" of the pptp server. Especially if you override the server name with
the "name" directive in /etc/ppp/options.

It can even get more complicated... from man pppd on the name directive

  name name
      Set the name of the local system for authentication
      purposes to name.  This  is  a  privileged  option.
      With  this  option,  pppd  will  use  lines  in the
      secrets files which have name as the  second  field
      when  looking for a secret to use in authenticating
      the peer.  In addition, unless overridden with  the
      user  option, name will be used as the name to send
      to the peer when authenticating the local system to
      the  peer.   (Note  that  pppd  does not append the
      domain name to name.)

Steve Cowles


From berzerke at swbell.net  Mon Jan  7 16:15:39 2002
From: berzerke at swbell.net (robert)
Date: Mon, 07 Jan 2002 16:15:39 -0600
Subject: [pptp-server] packet sizes
In-Reply-To: <Pine.LNX.4.33.0201071657540.28165-100000@umbriel.lincom.no>
References: <Pine.LNX.4.33.0201071657540.28165-100000@umbriel.lincom.no>
Message-ID: <0GPL000879QCUB@mta5.rcsntx.swbell.net>

On Monday 07 January 2002 10:03 am, Gustav Jansen wrote:
> Hi!
>
> I've been running pptpd for some time now, and I've suddenly started
> experiencing some weird problems. I get the following message in my kernel
> logs:
>
> Not enough space to encrypt packet: 1404<1404+4!
>
> I'm using PoPToP v1.1.2 and pppd version 2.4.1 on a Linux 2.4.9 box. I've
> set up MPPE 128 and this has been working fine. But now, all of a sudden,
> I can't connect to shares, or connect to the Internet through the
> VPN-link, and these messages are popping up in my logs. Any ideas anyone?

The howto lists this answer:

5.58    Q: I'm getting errors: "Not enough space to encrypt packet: [some 
number]<[somenumber]+4"
        A: You didn't apply the linux-2.4.4-openssl-0.9.6a-mppe.patch.gz 
patch. The problem is that ppp_generic.c assumes that no "compression" method 
will ever cause a frame to grow.  However, MPPE causes every frame to grow by 
four bytes.  This only generates the above error message when you are trying 
to send a frame that is within four bytes of the MTU.

Reducing the MTU will not help because if you reduce the MTU, ppp_generic.c 
will just reduce the size of the buffer that it passes.

Since it was working before, I'm guessing its one of two things: a problem 
with your kernel (did you switch to a new one, did a module get corrupted, 
etc) or you were never actually *USING* the encryption until now.


From py at gte.net  Mon Jan  7 14:10:56 2002
From: py at gte.net (py at gte.net)
Date: Mon, 7 Jan 2002 14:10:56
Subject: [pptp-server] Python Video Promotion!
Message-ID: <GPLCMK00.P51@mail.ctsho.com>

An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020107/b50ab4f3/attachment.html>

From andersjk at sol-invictus.org  Tue Jan  8 08:23:20 2002
From: andersjk at sol-invictus.org (andersjk at sol-invictus.org)
Date: Tue, 08 Jan 2002 15:23:20 +0100 (CET)
Subject: [pptp-server] default gateway again....
Message-ID: <E16Nx9s-0000Fv-00@webpool.strohe.de>

Hi Hi,

i know some have answered my question in the past few weeks but i am still confused.  here is a description of what i want to do.

pptp server on a real network with one network card-> gateway is 10.0.0.1 (has real address) pptpd setup and running encryption is running authentication is running no problems, i can ping the machines on the network and the gateway 
while connected to the vpn server.

what i want after i free up the port on the firewall (cisco) is to allow users on the internet to connect to the vpn server and allow them access to the lan+wan which is internal cisco tunnels from office to office... but when i connect to the vpn and receive the 192.x.x.x address i can only ping the gateway and don't get any farther.... 

any ideas??? 

thanks,
kevin 


From ATruong at kaval.com  Tue Jan  8 11:38:14 2002
From: ATruong at kaval.com (Alison Truong)
Date: Tue, 8 Jan 2002 12:38:14 -0500 
Subject: [pptp-server] how to set up linux and adsl
Message-ID: <D49495C1E3C0D511BFFB00508B4A8BD1243F4C@MARKHAM2>

I am currently trying to set up a VPN from my home to my corporate internal
network.  The internal network at work is protected by a firewall, but I
know enough about it to set up the appropriate rules.  At home, I'm using
ADSL to access the internet on a Windows 98 box.  I have read a little about
the VPN PPTP linux client, but don't really know much about it.  If anyone
could help me with this, it would be greatly appreciated.  
Thanks,
Alison



From spebyspam at mindspring.com  Tue Jan  8 16:32:05 2002
From: spebyspam at mindspring.com (Sean Eby)
Date: Tue, 8 Jan 2002 16:32:05 -0600
Subject: [pptp-server] OpenBSD 3.0
Message-ID: <000701c19894$4d037ae0$0f00a8c0@seby>

Okay,
    I am noticing a pattern here for people with 619 errors connecting to
poptop from Windows clients.

    1) There seems to be mention of the GRE protocol and its requirement.
    2) The setup of the pppd daemon and its configuration file,
/etc/ppp/ppp.conf (or is /etc/ppp/pppd.conf?)
    3) 'configure' options like --with-bsdppp and --with-ip-alloc
    4) And error in the pptpd.log file such as: 'PTY read or GRE write
failed'

    I am also seeing people with OpenBSD machines submitting their logs and
config files with varying options, some there, some aren't.
    My question boils down to this:

    HOW do you setup PoPToP in OpenBSD 3.0? And any version prior? The
HOWTO's on the PoPToP website do not contain the correct instructions for
setting up PoPToP on machines other than what is listed, which is Linux
apparently.
    I am having the same kinds of problems as other people with the 619
Windows VPN client errors, as well as confusion as to what settings and what
config files need to be set up as well as any compile-time options that need
to be set in order to get this thing working. I don't even need encryption
right now, nor firewall rules, just how to get Windows client Dial-UP VPN
client to work with PoPToP on an OpenBSD server.

Sean Eby
-----------------
"In my day, we had to smash together hydrogen and oxygen atoms for water."




From alex at saers.com  Tue Jan  8 17:01:20 2002
From: alex at saers.com (ACEAlex)
Date: Wed, 9 Jan 2002 00:01:20 +0100
Subject: [pptp-server] pptp to log in to domain
Message-ID: <001601c19898$63325b20$e4d22fc2@acealex>

Hello

I asked a question a time ago about running a login script after an vpn
connection has been made on a m$ client. The reson i want this is that the
client should call in with vpn to the office and be able to map all the
network drives and other office enviroment when connected.

So is there a way to do this with pptp or was the silent respons a way of
telling me that it doesnt work :)

/Alexander




From jeff at inetb.com  Tue Jan  8 18:09:55 2002
From: jeff at inetb.com (Jeff Wiegley, Ph.D.)
Date: 08 Jan 2002 16:09:55 -0800
Subject: [pptp-server] Shouldn't I be able to see WIndows servers in Network Neighborhood?
Message-ID: <1010535000.613.4.camel@stingray>

I *finally* got PPTP/VPN working.  Some suggestions...

  1) The kernel people need to add the MPPE stuff into at least
     the 2.5 kernels. I would also suggest incorporating the
     FreeSwan items as well. Having a kernel that does not
     provide for VPN services at this point in time only
     prevents linux from being accepted in enterprise environments.
     This is of particular concern because this is the exact market
     that linux should be dominating.

  2) PPP maintainers should include the openssl and MPPE support items.
     
  3) PoPToP documentation needs to focus more on troubleshooting
     procedures and general configuration. All of this per distribution
     hints/tricks/traps/howtos and FAQs makes this project look
     incredibly disorganized and unfocused.

     Though I will say that a lot of this is due to the lack of 1) and
     2).

     Assuming 1) and 2) existed the documentation would only have to
     be limited to discussing /etc/pptp.conf and /etc/ppp/options.pptp.

     A very helpful documentation toppic would be examples of various
     network topologies, how VPN connections relate to the topologies
     and what the VPN offers (or what you can expect from a VPN
     connection) that the topologies cannot provide without the VPN.

It took me all week to get PoPToP to a point where a Windows Me VPN
dial-up connection could connect to the server and get established.

Now I'm stuck. I guess I figured the VPN connection would provide
me some functionality that it doesn't seem to.

I have an office of 10 windows workstations, 1 WindowsNT server
(for file sharing) and 1 linux server with two NICs for providing
NATted internet connections to all the windows machines through a DSL
line. (The internet side IP for the linux box is static.) For
illustration lets say that all of these machines are on the
SOMEWORKGROUP as far as Microsoft Clients are concerned.

I would think this to be an incredibly ubiquitous topology.

The whole reason I embarked on this project is that I have machines
at external locations that need access to files on the WindowsNT
box back at the main office. These remote computers are in other
offices, on other physical networks and already belong to some
OTHERWORKGROUP.

I assumed that by establishing PoPToP VPN connection from one of
these remote servers to the main office linux box I would be able
to accomplish this.

However it doesn't work and I was hoping somebody has some insight
as to why.

After Connecting the VPN I only see OTHERWORKGROUPS under network
neighborhood and I do not see SOMEWORKGROUP at all. The PPTP
connection specifies a ms-wins server but as far as can tell no
WINS resolution is happening because I can't even manually type
into network neighborhood an machinename such as
\\goofy which is the name of the windows NT machine.

further more, I can't even type in the direct ip to network
neightborhood.  \\192.168.0.2 doesn't show goofy's shares either.

but the VPN is connected and working. ping 192.168.0.2 works fine.
The linux box is a firewall but forwarding is on and all packets
between machines on the 192.168.0.6 network are allowed. The
firewall also logs all dropped packets but nothing is logged from
the time I connect and test my setups.

I mean if this doesn't work then I'd consider Microsoft VPN
connections to be a useless waste of time.

Does anybody have any ideas about this? Am I off base about this
whole topic and VPNs are used for some other, completely different,
task?

For the purposes of helping to debug this all heres some
configuration information:

/etc/pptp.copnf
-------------------------------------
option /etc/ppp/options.pptp
debug
localip 192.168.0.1
remoteip 192.168.0.3-9

/etc/ppp/options.pptp
-------------------------------------
lock
debug
dump
proxyarp
+chap
+chapms     
+chapms-v2     
mppe-40     
mppe-128     
mppe-stateless   
# Uncomment to use
ms-wins 192.168.10.2

The VPN connection item properties are as follows:

General Tab:
   VPN Server
       Host name or IP address:     <static DSL IP of linux server>
   Connect using 
       "Microsoft VPN Adapter" is the only option available.
Networking Tab:
   Type of Dial-up Server:
       PPP: Internet, Windows 2000/NT, Windows ME
   Advanced Option
      Enable Software compression is checked
      Record a log file for this connection is NOT checked
   Allowed Network Protocols
      NetBEUI            is NOT checked
      IPX/SPX compatible is NOT checked
      TCP/IP             is checked
           Anvanced TCP/IP settings:
             Sever assigned IP address             is selected
             Server assigned name server address   is selected
             use IP header compression             is checked
             use default gateway on remote network is checked
Security Tab:
   Authentication:
      Username:               <general username>
      password:               *******
      domain:                 SOMEWORKGROUP
      connect automatically   is not checked
   Advanced Security Options:
      log on to network            is checked
      Require encrypted password   is checked
      Require data encryption      is checked
Dialing Tab:
   This is the default Internet connection is not checked
   Redial settings:
      Try to connect to 10 times
      wait 5 seconds between attempts
   Disconnect when connection may not be needed is checked

Anybody have some hints?

- Jeff




From dholmes at bigpond.net.au  Tue Jan  8 18:24:55 2002
From: dholmes at bigpond.net.au (Dougal Holmes)
Date: Wed, 9 Jan 2002 11:24:55 +1100
Subject: [pptp-server] pptp to log in to domain
References: <001601c19898$63325b20$e4d22fc2@acealex>
Message-ID: <000c01c198a4$10ed2500$1103a8c0@mel.watsonwyatt.com.au>

The short answer is sometimes you can.

If the client is Windows 95/98 and does not do a domain login before
launching the PPTP connection, then you can tick the "Login to a Domain"
option in the PPTP connectoid, and assuming you have configured WINS servers
in your PPP options, the login script _should_ run. However if the PC has
already attempted to do a domain login (even if it has failed), then the
login script will never run.

If the client in Windows 2000/XP, then the only way to run the login script
is to login to Windows and tick the "Login using Dial-Up networking" option
in the login screen, then select the PPTP connection (I haven't done this,
so I am assuming it will work with PPTP - it does work with a modem (PPP)
connection). Again if the PC had already attempted to do a domain login, or
a cached domain login, then the script will never run.

It's so unreliable that I have put a pointer to the login script on our
user's desktop, and tell them to run it manually after they have made the
PPTP connection.......

Dougal
--
Dougal Holmes (at home)
mailto://dholmes at bigpond.net.au
----- Original Message -----
From: "ACEAlex" <alex at saers.com>
To: <pptp-server at lists.schulte.org>
Sent: Wednesday, January 09, 2002 10:01 AM
Subject: [pptp-server] pptp to log in to domain


> Hello
>
> I asked a question a time ago about running a login script after an vpn
> connection has been made on a m$ client. The reson i want this is that the
> client should call in with vpn to the office and be able to map all the
> network drives and other office enviroment when connected.
>
> So is there a way to do this with pptp or was the silent respons a way of
> telling me that it doesnt work :)
>
> /Alexander
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --



From alex at saers.com  Tue Jan  8 18:36:49 2002
From: alex at saers.com (ACEAlex)
Date: Wed, 9 Jan 2002 01:36:49 +0100
Subject: [pptp-server] Shouldn't I be able to see WIndows servers in Network Neighborhood?
References: <1010535000.613.4.camel@stingray>
Message-ID: <002f01c198a5$b9bc8490$e4d22fc2@acealex>

Hi, i think i know what your problem is. You linux "gw computer" had a nat
masqrade setup? Am I right? Whats the firewall rules of that. If you are
using iptables and have copied the script from the masq howto all trafic
from the ppp0 device that you are using are droped. You need to specify some
rules for that.

Here is my solotion that i added to the firewall script
<snip>
IPTABLES=/usr/local/sbin/iptables
EXTIF=eth1
INTIF=eth0
PPPIF=ppp0
$IPTABLES -A FORWARD -i $EXTIF -o $PPPIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $PPPIF -o $EXTIF -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF -o $PPPIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $PPPIF -o $INTIF -j ACCEPT
</snip>

I dont know if this is the best way of doing it. But it is worth a try. I
dont even know if it solves your problem. By the way. Can you ping the
computer.

I think you are right about the kernel and ppp merge thing. Wounder what
linus tovard thinks of that?

/Alexander

----- Original Message -----
From: "Jeff Wiegley, Ph.D." <jeff at inetb.com>
To: "PoPToP list" <pptp-server at lists.schulte.org>
Sent: Wednesday, January 09, 2002 1:09 AM
Subject: [pptp-server] Shouldn't I be able to see WIndows servers in Network
Neighborhood?


> I *finally* got PPTP/VPN working.  Some suggestions...
>
>   1) The kernel people need to add the MPPE stuff into at least
>      the 2.5 kernels. I would also suggest incorporating the
>      FreeSwan items as well. Having a kernel that does not
>      provide for VPN services at this point in time only
>      prevents linux from being accepted in enterprise environments.
>      This is of particular concern because this is the exact market
>      that linux should be dominating.
>
>   2) PPP maintainers should include the openssl and MPPE support items.
>
>   3) PoPToP documentation needs to focus more on troubleshooting
>      procedures and general configuration. All of this per distribution
>      hints/tricks/traps/howtos and FAQs makes this project look
>      incredibly disorganized and unfocused.
>
>      Though I will say that a lot of this is due to the lack of 1) and
>      2).
>
>      Assuming 1) and 2) existed the documentation would only have to
>      be limited to discussing /etc/pptp.conf and /etc/ppp/options.pptp.
>
>      A very helpful documentation toppic would be examples of various
>      network topologies, how VPN connections relate to the topologies
>      and what the VPN offers (or what you can expect from a VPN
>      connection) that the topologies cannot provide without the VPN.
>
> It took me all week to get PoPToP to a point where a Windows Me VPN
> dial-up connection could connect to the server and get established.
>
> Now I'm stuck. I guess I figured the VPN connection would provide
> me some functionality that it doesn't seem to.
>
> I have an office of 10 windows workstations, 1 WindowsNT server
> (for file sharing) and 1 linux server with two NICs for providing
> NATted internet connections to all the windows machines through a DSL
> line. (The internet side IP for the linux box is static.) For
> illustration lets say that all of these machines are on the
> SOMEWORKGROUP as far as Microsoft Clients are concerned.
>
> I would think this to be an incredibly ubiquitous topology.
>
> The whole reason I embarked on this project is that I have machines
> at external locations that need access to files on the WindowsNT
> box back at the main office. These remote computers are in other
> offices, on other physical networks and already belong to some
> OTHERWORKGROUP.
>
> I assumed that by establishing PoPToP VPN connection from one of
> these remote servers to the main office linux box I would be able
> to accomplish this.
>
> However it doesn't work and I was hoping somebody has some insight
> as to why.
>
> After Connecting the VPN I only see OTHERWORKGROUPS under network
> neighborhood and I do not see SOMEWORKGROUP at all. The PPTP
> connection specifies a ms-wins server but as far as can tell no
> WINS resolution is happening because I can't even manually type
> into network neighborhood an machinename such as
> \\goofy which is the name of the windows NT machine.
>
> further more, I can't even type in the direct ip to network
> neightborhood.  \\192.168.0.2 doesn't show goofy's shares either.
>
> but the VPN is connected and working. ping 192.168.0.2 works fine.
> The linux box is a firewall but forwarding is on and all packets
> between machines on the 192.168.0.6 network are allowed. The
> firewall also logs all dropped packets but nothing is logged from
> the time I connect and test my setups.
>
> I mean if this doesn't work then I'd consider Microsoft VPN
> connections to be a useless waste of time.
>
> Does anybody have any ideas about this? Am I off base about this
> whole topic and VPNs are used for some other, completely different,
> task?
>
> For the purposes of helping to debug this all heres some
> configuration information:
>
> /etc/pptp.copnf
> -------------------------------------
> option /etc/ppp/options.pptp
> debug
> localip 192.168.0.1
> remoteip 192.168.0.3-9
>
> /etc/ppp/options.pptp
> -------------------------------------
> lock
> debug
> dump
> proxyarp
> +chap
> +chapms
> +chapms-v2
> mppe-40
> mppe-128
> mppe-stateless
> # Uncomment to use
> ms-wins 192.168.10.2
>
> The VPN connection item properties are as follows:
>
> General Tab:
>    VPN Server
>        Host name or IP address:     <static DSL IP of linux server>
>    Connect using
>        "Microsoft VPN Adapter" is the only option available.
> Networking Tab:
>    Type of Dial-up Server:
>        PPP: Internet, Windows 2000/NT, Windows ME
>    Advanced Option
>       Enable Software compression is checked
>       Record a log file for this connection is NOT checked
>    Allowed Network Protocols
>       NetBEUI            is NOT checked
>       IPX/SPX compatible is NOT checked
>       TCP/IP             is checked
>            Anvanced TCP/IP settings:
>              Sever assigned IP address             is selected
>              Server assigned name server address   is selected
>              use IP header compression             is checked
>              use default gateway on remote network is checked
> Security Tab:
>    Authentication:
>       Username:               <general username>
>       password:               *******
>       domain:                 SOMEWORKGROUP
>       connect automatically   is not checked
>    Advanced Security Options:
>       log on to network            is checked
>       Require encrypted password   is checked
>       Require data encryption      is checked
> Dialing Tab:
>    This is the default Internet connection is not checked
>    Redial settings:
>       Try to connect to 10 times
>       wait 5 seconds between attempts
>    Disconnect when connection may not be needed is checked
>
> Anybody have some hints?
>
> - Jeff
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --



From jeff at inetb.com  Tue Jan  8 18:58:57 2002
From: jeff at inetb.com (Jeff Wiegley, Ph.D.)
Date: 08 Jan 2002 16:58:57 -0800
Subject: [pptp-server] Shouldn't I be able to see WIndows servers in
	Network Neighborhood?
In-Reply-To: <002f01c198a5$b9bc8490$e4d22fc2@acealex>
References: <1010535000.613.4.camel@stingray> 
	<002f01c198a5$b9bc8490$e4d22fc2@acealex>
Message-ID: <1010537942.613.7.camel@stingray>

I don't think this is it.

I didn't copy the rules from the masq howto. I use SNAT instead of
MASQUERADE anyways since the IP is static. (according to the Netfilter
howto this is the correct method.)

The line from my script for this is:

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $EXTERNALIP

Yes. I can ping all the machines in the office from the remote machine
ping 192.168.0.2 works as well (the IP of the "goofy" file server)

I don't think I'm dropping any packets at all in anyway regarding
this. At any point where I have a --jump DROP on my filter rules
I have preceeded it with a --jump LOG target.  I should be seeing
any and all packets that are dropped regardless of their destination
or source or other filter criteria.

The only thoughts I have going are:

The remote machine has an ethernet local area network that it is on
and this network has had a WINS server assigned by DHCP; this WINS
server is also on the same physical ethernet network as the remote
VPN client. The VPN service also has assigned a different WINS
server to the client.  Does the client just do the stupid thing
and only query the first assigned, local WINS server?

I can't tell if its querying goofy for netbios name resolution or
not. I can't even tell if goofy is properly acting as a WINS server
either so I don't know if goofy's list is correct and available.

Microsoft really needs to chuck netbios. Its a horrible, horrible
system mapping computers.

But even if netbios is all screwed up and regardless of whether the
WINS servers are responding I still I thought I should be able to
just type in \\192.168.0.2 into the network neighborhood address
and get to the machine without having to rely on WINS resolution.

- Jeff

On Tue, 2002-01-08 at 16:36, ACEAlex wrote:
> Hi, i think i know what your problem is. You linux "gw computer" had a nat
> masqrade setup? Am I right? Whats the firewall rules of that. If you are
> using iptables and have copied the script from the masq howto all trafic
> from the ppp0 device that you are using are droped. You need to specify some
> rules for that.
> 
> Here is my solotion that i added to the firewall script
> <snip>
> IPTABLES=/usr/local/sbin/iptables
> EXTIF=eth1
> INTIF=eth0
> PPPIF=ppp0
> $IPTABLES -A FORWARD -i $EXTIF -o $PPPIF -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -i $PPPIF -o $EXTIF -j ACCEPT
> 
> $IPTABLES -A FORWARD -i $INTIF -o $PPPIF -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -i $PPPIF -o $INTIF -j ACCEPT
> </snip>
> 
> I dont know if this is the best way of doing it. But it is worth a try. I
> dont even know if it solves your problem. By the way. Can you ping the
> computer.
> 
> I think you are right about the kernel and ppp merge thing. Wounder what
> linus tovard thinks of that?
> 
> /Alexander
> 
> ----- Original Message -----
> From: "Jeff Wiegley, Ph.D." <jeff at inetb.com>
> To: "PoPToP list" <pptp-server at lists.schulte.org>
> Sent: Wednesday, January 09, 2002 1:09 AM
> Subject: [pptp-server] Shouldn't I be able to see WIndows servers in Network
> Neighborhood?
> 
> 
> > I *finally* got PPTP/VPN working.  Some suggestions...
> >
> >   1) The kernel people need to add the MPPE stuff into at least
> >      the 2.5 kernels. I would also suggest incorporating the
> >      FreeSwan items as well. Having a kernel that does not
> >      provide for VPN services at this point in time only
> >      prevents linux from being accepted in enterprise environments.
> >      This is of particular concern because this is the exact market
> >      that linux should be dominating.
> >
> >   2) PPP maintainers should include the openssl and MPPE support items.
> >
> >   3) PoPToP documentation needs to focus more on troubleshooting
> >      procedures and general configuration. All of this per distribution
> >      hints/tricks/traps/howtos and FAQs makes this project look
> >      incredibly disorganized and unfocused.
> >
> >      Though I will say that a lot of this is due to the lack of 1) and
> >      2).
> >
> >      Assuming 1) and 2) existed the documentation would only have to
> >      be limited to discussing /etc/pptp.conf and /etc/ppp/options.pptp.
> >
> >      A very helpful documentation toppic would be examples of various
> >      network topologies, how VPN connections relate to the topologies
> >      and what the VPN offers (or what you can expect from a VPN
> >      connection) that the topologies cannot provide without the VPN.
> >
> > It took me all week to get PoPToP to a point where a Windows Me VPN
> > dial-up connection could connect to the server and get established.
> >
> > Now I'm stuck. I guess I figured the VPN connection would provide
> > me some functionality that it doesn't seem to.
> >
> > I have an office of 10 windows workstations, 1 WindowsNT server
> > (for file sharing) and 1 linux server with two NICs for providing
> > NATted internet connections to all the windows machines through a DSL
> > line. (The internet side IP for the linux box is static.) For
> > illustration lets say that all of these machines are on the
> > SOMEWORKGROUP as far as Microsoft Clients are concerned.
> >
> > I would think this to be an incredibly ubiquitous topology.
> >
> > The whole reason I embarked on this project is that I have machines
> > at external locations that need access to files on the WindowsNT
> > box back at the main office. These remote computers are in other
> > offices, on other physical networks and already belong to some
> > OTHERWORKGROUP.
> >
> > I assumed that by establishing PoPToP VPN connection from one of
> > these remote servers to the main office linux box I would be able
> > to accomplish this.
> >
> > However it doesn't work and I was hoping somebody has some insight
> > as to why.
> >
> > After Connecting the VPN I only see OTHERWORKGROUPS under network
> > neighborhood and I do not see SOMEWORKGROUP at all. The PPTP
> > connection specifies a ms-wins server but as far as can tell no
> > WINS resolution is happening because I can't even manually type
> > into network neighborhood an machinename such as
> > \\goofy which is the name of the windows NT machine.
> >
> > further more, I can't even type in the direct ip to network
> > neightborhood.  \\192.168.0.2 doesn't show goofy's shares either.
> >
> > but the VPN is connected and working. ping 192.168.0.2 works fine.
> > The linux box is a firewall but forwarding is on and all packets
> > between machines on the 192.168.0.6 network are allowed. The
> > firewall also logs all dropped packets but nothing is logged from
> > the time I connect and test my setups.
> >
> > I mean if this doesn't work then I'd consider Microsoft VPN
> > connections to be a useless waste of time.
> >
> > Does anybody have any ideas about this? Am I off base about this
> > whole topic and VPNs are used for some other, completely different,
> > task?
> >
> > For the purposes of helping to debug this all heres some
> > configuration information:
> >
> > /etc/pptp.copnf
> > -------------------------------------
> > option /etc/ppp/options.pptp
> > debug
> > localip 192.168.0.1
> > remoteip 192.168.0.3-9
> >
> > /etc/ppp/options.pptp
> > -------------------------------------
> > lock
> > debug
> > dump
> > proxyarp
> > +chap
> > +chapms
> > +chapms-v2
> > mppe-40
> > mppe-128
> > mppe-stateless
> > # Uncomment to use
> > ms-wins 192.168.10.2
> >
> > The VPN connection item properties are as follows:
> >
> > General Tab:
> >    VPN Server
> >        Host name or IP address:     <static DSL IP of linux server>
> >    Connect using
> >        "Microsoft VPN Adapter" is the only option available.
> > Networking Tab:
> >    Type of Dial-up Server:
> >        PPP: Internet, Windows 2000/NT, Windows ME
> >    Advanced Option
> >       Enable Software compression is checked
> >       Record a log file for this connection is NOT checked
> >    Allowed Network Protocols
> >       NetBEUI            is NOT checked
> >       IPX/SPX compatible is NOT checked
> >       TCP/IP             is checked
> >            Anvanced TCP/IP settings:
> >              Sever assigned IP address             is selected
> >              Server assigned name server address   is selected
> >              use IP header compression             is checked
> >              use default gateway on remote network is checked
> > Security Tab:
> >    Authentication:
> >       Username:               <general username>
> >       password:               *******
> >       domain:                 SOMEWORKGROUP
> >       connect automatically   is not checked
> >    Advanced Security Options:
> >       log on to network            is checked
> >       Require encrypted password   is checked
> >       Require data encryption      is checked
> > Dialing Tab:
> >    This is the default Internet connection is not checked
> >    Redial settings:
> >       Try to connect to 10 times
> >       wait 5 seconds between attempts
> >    Disconnect when connection may not be needed is checked
> >
> > Anybody have some hints?
> >
> > - Jeff
> >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --




From dholmes at bigpond.net.au  Tue Jan  8 19:15:59 2002
From: dholmes at bigpond.net.au (Dougal Holmes)
Date: Wed, 9 Jan 2002 12:15:59 +1100
Subject: [pptp-server] Shouldn't I be able to see WIndows servers inNetwork Neighborhood?
References: <1010535000.613.4.camel@stingray> <002f01c198a5$b9bc8490$e4d22fc2@acealex> <1010537942.613.7.camel@stingray>
Message-ID: <002201c198ab$329a09f0$1103a8c0@mel.watsonwyatt.com.au>

> I don't think this is it.
>
> I didn't copy the rules from the masq howto. I use SNAT instead of
> MASQUERADE anyways since the IP is static. (according to the Netfilter
> howto this is the correct method.)
>
> The line from my script for this is:
>
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $EXTERNALIP
>
> Yes. I can ping all the machines in the office from the remote machine
> ping 192.168.0.2 works as well (the IP of the "goofy" file server)
>
> I don't think I'm dropping any packets at all in anyway regarding
> this. At any point where I have a --jump DROP on my filter rules
> I have preceeded it with a --jump LOG target.  I should be seeing
> any and all packets that are dropped regardless of their destination
> or source or other filter criteria.
>
> The only thoughts I have going are:
>
> The remote machine has an ethernet local area network that it is on
> and this network has had a WINS server assigned by DHCP; this WINS
> server is also on the same physical ethernet network as the remote
> VPN client. The VPN service also has assigned a different WINS
> server to the client.  Does the client just do the stupid thing
> and only query the first assigned, local WINS server?
>

Exactly. If you have multiple WINS servers, you need to setup WINS
replication between the two servers.

> I can't tell if its querying goofy for netbios name resolution or
> not. I can't even tell if goofy is properly acting as a WINS server
> either so I don't know if goofy's list is correct and available.
>
> Microsoft really needs to chuck netbios. Its a horrible, horrible
> system mapping computers.
>

Agreed. But we have to live with it.

> But even if netbios is all screwed up and regardless of whether the
> WINS servers are responding I still I thought I should be able to
> just type in \\192.168.0.2 into the network neighborhood address
> and get to the machine without having to rely on WINS resolution.
>

That only works if the client is WinNT or later, and there is a trust
relationship between the two domains. I think your main problem is the two
domains which do not have a trust relationship between them......

Dougal
--
Dougal Holmes (at home)
mailto://dholmes at bigpond.net.au



From jvonau at home.com  Tue Jan  8 18:41:53 2002
From: jvonau at home.com (Jerry Vonau)
Date: Tue, 08 Jan 2002 18:41:53 -0600
Subject: [pptp-server] Shouldn't I be able to see WIndows servers inNetwork 
 Neighborhood?
References: <1010535000.613.4.camel@stingray> 
		<002f01c198a5$b9bc8490$e4d22fc2@acealex> <1010537942.613.7.camel@stingray>
Message-ID: <3C3B91D1.C30B1E00@home.com>

Jeff:


>> But even if netbios is all screwed up and regardless of whether the
>> WINS servers are responding I still I thought I should be able to
>> just type in \\192.168.0.2 into the network neighborhood address
>> and get to the machine without having to rely on WINS resolution.
>>

>That only works if the client is WinNT or later, and there is a trust
>relationship between the two domains. I think your main problem is the two
>domains which do not have a trust relationship between them......

This works with my 95 machine.......

Sounds like your firewall has some rules to drop SMB traffic
before the rules 
to allow the traffic to/from ppp/lan are read. Check the
order of the rules in
the forward chain with iptables -L 


Jerry Vonau

 

"Jeff Wiegley, Ph.D." wrote:
> 
> I don't think this is it.
> 
> I didn't copy the rules from the masq howto. I use SNAT instead of
> MASQUERADE anyways since the IP is static. (according to the Netfilter
> howto this is the correct method.)
> 
> The line from my script for this is:
> 
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $EXTERNALIP
> 
> Yes. I can ping all the machines in the office from the remote machine
> ping 192.168.0.2 works as well (the IP of the "goofy" file server)
> 
> I don't think I'm dropping any packets at all in anyway regarding
> this. At any point where I have a --jump DROP on my filter rules
> I have preceeded it with a --jump LOG target.  I should be seeing
> any and all packets that are dropped regardless of their destination
> or source or other filter criteria.
> 
> The only thoughts I have going are:
> 
> The remote machine has an ethernet local area network that it is on
> and this network has had a WINS server assigned by DHCP; this WINS
> server is also on the same physical ethernet network as the remote
> VPN client. The VPN service also has assigned a different WINS
> server to the client.  Does the client just do the stupid thing
> and only query the first assigned, local WINS server?
> 
> I can't tell if its querying goofy for netbios name resolution or
> not. I can't even tell if goofy is properly acting as a WINS server
> either so I don't know if goofy's list is correct and available.
> 
> Microsoft really needs to chuck netbios. Its a horrible, horrible
> system mapping computers.
> 
> But even if netbios is all screwed up and regardless of whether the
> WINS servers are responding I still I thought I should be able to
> just type in \\192.168.0.2 into the network neighborhood address
> and get to the machine without having to rely on WINS resolution.
> 
> - Jeff
> 
> On Tue, 2002-01-08 at 16:36, ACEAlex wrote:
> > Hi, i think i know what your problem is. You linux "gw computer" had a nat
> > masqrade setup? Am I right? Whats the firewall rules of that. If you are
> > using iptables and have copied the script from the masq howto all trafic
> > from the ppp0 device that you are using are droped. You need to specify some
> > rules for that.
> >
> > Here is my solotion that i added to the firewall script
> > <snip>
> > IPTABLES=/usr/local/sbin/iptables
> > EXTIF=eth1
> > INTIF=eth0
> > PPPIF=ppp0
> > $IPTABLES -A FORWARD -i $EXTIF -o $PPPIF -m state --state
> > ESTABLISHED,RELATED -j ACCEPT
> > $IPTABLES -A FORWARD -i $PPPIF -o $EXTIF -j ACCEPT
> >
> > $IPTABLES -A FORWARD -i $INTIF -o $PPPIF -m state --state
> > ESTABLISHED,RELATED -j ACCEPT
> > $IPTABLES -A FORWARD -i $PPPIF -o $INTIF -j ACCEPT
> > </snip>
> >
> > I dont know if this is the best way of doing it. But it is worth a try. I
> > dont even know if it solves your problem. By the way. Can you ping the
> > computer.
> >
> > I think you are right about the kernel and ppp merge thing. Wounder what
> > linus tovard thinks of that?
> >
> > /Alexander
> >
> > ----- Original Message -----
> > From: "Jeff Wiegley, Ph.D." <jeff at inetb.com>
> > To: "PoPToP list" <pptp-server at lists.schulte.org>
> > Sent: Wednesday, January 09, 2002 1:09 AM
> > Subject: [pptp-server] Shouldn't I be able to see WIndows servers in Network
> > Neighborhood?
> >
> >
> > > I *finally* got PPTP/VPN working.  Some suggestions...
> > >
> > >   1) The kernel people need to add the MPPE stuff into at least
> > >      the 2.5 kernels. I would also suggest incorporating the
> > >      FreeSwan items as well. Having a kernel that does not
> > >      provide for VPN services at this point in time only
> > >      prevents linux from being accepted in enterprise environments.
> > >      This is of particular concern because this is the exact market
> > >      that linux should be dominating.
> > >
> > >   2) PPP maintainers should include the openssl and MPPE support items.
> > >
> > >   3) PoPToP documentation needs to focus more on troubleshooting
> > >      procedures and general configuration. All of this per distribution
> > >      hints/tricks/traps/howtos and FAQs makes this project look
> > >      incredibly disorganized and unfocused.
> > >
> > >      Though I will say that a lot of this is due to the lack of 1) and
> > >      2).
> > >
> > >      Assuming 1) and 2) existed the documentation would only have to
> > >      be limited to discussing /etc/pptp.conf and /etc/ppp/options.pptp.
> > >
> > >      A very helpful documentation toppic would be examples of various
> > >      network topologies, how VPN connections relate to the topologies
> > >      and what the VPN offers (or what you can expect from a VPN
> > >      connection) that the topologies cannot provide without the VPN.
> > >
> > > It took me all week to get PoPToP to a point where a Windows Me VPN
> > > dial-up connection could connect to the server and get established.
> > >
> > > Now I'm stuck. I guess I figured the VPN connection would provide
> > > me some functionality that it doesn't seem to.
> > >
> > > I have an office of 10 windows workstations, 1 WindowsNT server
> > > (for file sharing) and 1 linux server with two NICs for providing
> > > NATted internet connections to all the windows machines through a DSL
> > > line. (The internet side IP for the linux box is static.) For
> > > illustration lets say that all of these machines are on the
> > > SOMEWORKGROUP as far as Microsoft Clients are concerned.
> > >
> > > I would think this to be an incredibly ubiquitous topology.
> > >
> > > The whole reason I embarked on this project is that I have machines
> > > at external locations that need access to files on the WindowsNT
> > > box back at the main office. These remote computers are in other
> > > offices, on other physical networks and already belong to some
> > > OTHERWORKGROUP.
> > >
> > > I assumed that by establishing PoPToP VPN connection from one of
> > > these remote servers to the main office linux box I would be able
> > > to accomplish this.
> > >
> > > However it doesn't work and I was hoping somebody has some insight
> > > as to why.
> > >
> > > After Connecting the VPN I only see OTHERWORKGROUPS under network
> > > neighborhood and I do not see SOMEWORKGROUP at all. The PPTP
> > > connection specifies a ms-wins server but as far as can tell no
> > > WINS resolution is happening because I can't even manually type
> > > into network neighborhood an machinename such as
> > > \\goofy which is the name of the windows NT machine.
> > >
> > > further more, I can't even type in the direct ip to network
> > > neightborhood.  \\192.168.0.2 doesn't show goofy's shares either.
> > >
> > > but the VPN is connected and working. ping 192.168.0.2 works fine.
> > > The linux box is a firewall but forwarding is on and all packets
> > > between machines on the 192.168.0.6 network are allowed. The
> > > firewall also logs all dropped packets but nothing is logged from
> > > the time I connect and test my setups.
> > >
> > > I mean if this doesn't work then I'd consider Microsoft VPN
> > > connections to be a useless waste of time.
> > >
> > > Does anybody have any ideas about this? Am I off base about this
> > > whole topic and VPNs are used for some other, completely different,
> > > task?
> > >
> > > For the purposes of helping to debug this all heres some
> > > configuration information:
> > >
> > > /etc/pptp.copnf
> > > -------------------------------------
> > > option /etc/ppp/options.pptp
> > > debug
> > > localip 192.168.0.1
> > > remoteip 192.168.0.3-9
> > >
> > > /etc/ppp/options.pptp
> > > -------------------------------------
> > > lock
> > > debug
> > > dump
> > > proxyarp
> > > +chap
> > > +chapms
> > > +chapms-v2
> > > mppe-40
> > > mppe-128
> > > mppe-stateless
> > > # Uncomment to use
> > > ms-wins 192.168.10.2
> > >
> > > The VPN connection item properties are as follows:
> > >
> > > General Tab:
> > >    VPN Server
> > >        Host name or IP address:     <static DSL IP of linux server>
> > >    Connect using
> > >        "Microsoft VPN Adapter" is the only option available.
> > > Networking Tab:
> > >    Type of Dial-up Server:
> > >        PPP: Internet, Windows 2000/NT, Windows ME
> > >    Advanced Option
> > >       Enable Software compression is checked
> > >       Record a log file for this connection is NOT checked
> > >    Allowed Network Protocols
> > >       NetBEUI            is NOT checked
> > >       IPX/SPX compatible is NOT checked
> > >       TCP/IP             is checked
> > >            Anvanced TCP/IP settings:
> > >              Sever assigned IP address             is selected
> > >              Server assigned name server address   is selected
> > >              use IP header compression             is checked
> > >              use default gateway on remote network is checked
> > > Security Tab:
> > >    Authentication:
> > >       Username:               <general username>
> > >       password:               *******
> > >       domain:                 SOMEWORKGROUP
> > >       connect automatically   is not checked
> > >    Advanced Security Options:
> > >       log on to network            is checked
> > >       Require encrypted password   is checked
> > >       Require data encryption      is checked
> > > Dialing Tab:
> > >    This is the default Internet connection is not checked
> > >    Redial settings:
> > >       Try to connect to 10 times
> > >       wait 5 seconds between attempts
> > >    Disconnect when connection may not be needed is checked
> > >
> > > Anybody have some hints?
> > >
> > > - Jeff
> > >
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > --- To unsubscribe, go to the url just above this line. --
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From jeff at inetb.com  Tue Jan  8 19:48:15 2002
From: jeff at inetb.com (Jeff Wiegley, Ph.D.)
Date: 08 Jan 2002 17:48:15 -0800
Subject: [pptp-server] Shouldn't I be able to see WIndows servers
	inNetwork Neighborhood?
In-Reply-To: <002201c198ab$329a09f0$1103a8c0@mel.watsonwyatt.com.au>
References: <1010535000.613.4.camel@stingray>
	<002f01c198a5$b9bc8490$e4d22fc2@acealex> <1010537942.613.7.camel@stingray> 
	<002201c198ab$329a09f0$1103a8c0@mel.watsonwyatt.com.au>
Message-ID: <1010540900.612.9.camel@stingray>

How does one configuration a "trust" relationship between the
two domains?

I have never heard of this.

So the summary of your argument is:
   Only the first WINS server if more than one are know is
   queries for WINS resolution attempts.

   Only Windows NT clients or later clients can
   browse an SMB share by ip address specification such as
   \\192.168.0.2.
   To which I say... Is Windows Me later than WinNT?
   It works on my Windows ME box to a samba server.
   (different network than what I am on.) In fact all the
   machines I am attempting this on are Windows 98SE or later
   which was released after WinNT.

I can accept the first argument but the second doesn't make sense
since All machines in question are post-WinNT. Therefore \\192.168.0.2
should work and should avoid the complications of the first argument.

If the first argument is accurate I can work around it through
scripts that attach the necessary drives by specifying \\192.168.0.2
type destinations.

- Jeff

On Tue, 2002-01-08 at 17:15, Dougal Holmes wrote:
> > I don't think this is it.
> >
> > I didn't copy the rules from the masq howto. I use SNAT instead of
> > MASQUERADE anyways since the IP is static. (according to the Netfilter
> > howto this is the correct method.)
> >
> > The line from my script for this is:
> >
> > /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $EXTERNALIP
> >
> > Yes. I can ping all the machines in the office from the remote machine
> > ping 192.168.0.2 works as well (the IP of the "goofy" file server)
> >
> > I don't think I'm dropping any packets at all in anyway regarding
> > this. At any point where I have a --jump DROP on my filter rules
> > I have preceeded it with a --jump LOG target.  I should be seeing
> > any and all packets that are dropped regardless of their destination
> > or source or other filter criteria.
> >
> > The only thoughts I have going are:
> >
> > The remote machine has an ethernet local area network that it is on
> > and this network has had a WINS server assigned by DHCP; this WINS
> > server is also on the same physical ethernet network as the remote
> > VPN client. The VPN service also has assigned a different WINS
> > server to the client.  Does the client just do the stupid thing
> > and only query the first assigned, local WINS server?
> >
> 
> Exactly. If you have multiple WINS servers, you need to setup WINS
> replication between the two servers.
> 
> > I can't tell if its querying goofy for netbios name resolution or
> > not. I can't even tell if goofy is properly acting as a WINS server
> > either so I don't know if goofy's list is correct and available.
> >
> > Microsoft really needs to chuck netbios. Its a horrible, horrible
> > system mapping computers.
> >
> 
> Agreed. But we have to live with it.
> 
> > But even if netbios is all screwed up and regardless of whether the
> > WINS servers are responding I still I thought I should be able to
> > just type in \\192.168.0.2 into the network neighborhood address
> > and get to the machine without having to rely on WINS resolution.
> >
> 
> That only works if the client is WinNT or later, and there is a trust
> relationship between the two domains. I think your main problem is the two
> domains which do not have a trust relationship between them......
> 
> Dougal
> --
> Dougal Holmes (at home)
> mailto://dholmes at bigpond.net.au
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --




From Steve at SteveCowles.com  Tue Jan  8 21:02:36 2002
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Tue, 8 Jan 2002 21:02:36 -0600 
Subject: [pptp-server] Shouldn't I be able to see WIndows servers in N
	etwork Neighborhood?
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9E1@defiant.infohiiway.com>

> -----Original Message-----
> From: Jeff Wiegley, Ph.D. [mailto:jeff at inetb.com]
> Sent: Tuesday, January 08, 2002 6:10 PM
> To: PoPToP list
> Subject: [pptp-server] Shouldn't I be able to see WIndows servers in
> Network Neighborhood?
> 
> 
> I *finally* got PPTP/VPN working.  Some suggestions...
> 
>   1) The kernel people need to add the MPPE stuff into at least
>      the 2.5 kernels. I would also suggest incorporating the
>      FreeSwan items as well. Having a kernel that does not
>      provide for VPN services at this point in time only
>      prevents linux from being accepted in enterprise environments.
>      This is of particular concern because this is the exact market
>      that linux should be dominating.

I believe the encryption part of MPPE is the sticky point in terms of
licensing.

> 
>   2) PPP maintainers should include the openssl and MPPE 
> support items.

See above...

>      
>   3) PoPToP documentation needs to focus more on troubleshooting
>      procedures and general configuration. All of this per 
>      distribution hints/tricks/traps/howtos and FAQs makes this
>      project look incredibly disorganized and unfocused.
>      Though I will say that a lot of this is due to the lack of 1) and
>      2).
> 

Agreed!!!

>      Assuming 1) and 2) existed the documentation would only have to
>      be limited to discussing /etc/pptp.conf and /etc/ppp/options.pptp.
> 
>      A very helpful documentation toppic would be examples of various
>      network topologies, how VPN connections relate to the topologies
>      and what the VPN offers (or what you can expect from a VPN
>      connection) that the topologies cannot provide without the VPN.
> 
> It took me all week to get PoPToP to a point where a Windows Me VPN
> dial-up connection could connect to the server and get established.
> 
> Now I'm stuck. I guess I figured the VPN connection would provide
> me some functionality that it doesn't seem to.
> 
> I have an office of 10 windows workstations, 1 WindowsNT server
> (for file sharing) and 1 linux server with two NICs for providing
> NATted internet connections to all the windows machines through a DSL
> line. (The internet side IP for the linux box is static.) For
> illustration lets say that all of these machines are on the
> SOMEWORKGROUP as far as Microsoft Clients are concerned.
> 
> I would think this to be an incredibly ubiquitous topology.
> 
> The whole reason I embarked on this project is that I have machines
> at external locations that need access to files on the WindowsNT
> box back at the main office. These remote computers are in other
> offices, on other physical networks and already belong to some
> OTHERWORKGROUP.

Fairly typical starting point. Although is the NT Server configured as a
Domain Controller? -or- are have you configured MS Networking as
peer-to-peer with a common WORKGROUP name?

> 
> I assumed that by establishing PoPToP VPN connection from one of
> these remote servers to the main office linux box I would be able
> to accomplish this.
> 
> However it doesn't work and I was hoping somebody has some insight
> as to why.
> 
> After Connecting the VPN I only see OTHERWORKGROUPS under network
> neighborhood and I do not see SOMEWORKGROUP at all. The PPTP
> connection specifies a ms-wins server but as far as can tell no
> WINS resolution is happening because I can't even manually type
> into network neighborhood an machinename such as
> \\goofy which is the name of the windows NT machine.

1) Do you have a WINS server running on your NT server?

2) Have you configured the 10 client workstations on your LAN to register
their netbios name/workgroup affiliation with that WINS server.

> 
> further more, I can't even type in the direct ip to network
> neightborhood.  \\192.168.0.2 doesn't show goofy's shares either.

Exactly what error are you getting? Is it network related or permissions
related?

If your PPTP tunnel is working properly along with your firewall rules, you
should at least be able to view shares using the IP address regardless of
WINS.

> 
> but the VPN is connected and working. ping 192.168.0.2 works fine.
> The linux box is a firewall but forwarding is on and all packets
> between machines on the 192.168.0.6 network are allowed. 

192.168.0.6 network???? I hope the remote office has a different network
address than the local office. i.e.

local office = 192.168.0.0/24
remote office = 192.168.1.0/24


> The firewall also logs all dropped packets but nothing is logged
> from the time I connect and test my setups.
> 
> I mean if this doesn't work then I'd consider Microsoft VPN
> connections to be a useless waste of time.

MS VPN tunnels work fine. Your problem seems related to improperly
configuring Microsoft networking to span separate networks across a router.
i.e. WINS

> 
> Does anybody have any ideas about this? Am I off base about this
> whole topic and VPNs are used for some other, completely different,
> task?

Your going through the standard learning curve with reagrds to MS
Networking. Up until now, your MS Networking has built the Master Browser
list (Network Neighborhood) by using broadcast packets (default). But now
you have introduced a new requirement into the picture by adding VPN
tunnels. Because a tunnel is "routed", the netbios broadcast packets from
your PPTP client are not seen on your local network. Thus the reason
Microsoft developed WINS. But the precursor is -- all systems on your local
network MUST now be configured to register with a WINS server. Even your NT
server.

Steve Cowles


From marty at netwaynetworks.com.au  Tue Jan  8 22:39:47 2002
From: marty at netwaynetworks.com.au (Marty Richards)
Date: Wed, 9 Jan 2002 15:39:47 +1100 
Subject: [pptp-server] Shouldn't I be able to see WIndows servers inNe
	twork  Neighborhood?
Message-ID: <118DC586DF4FD311948800A0247C044D9A8936@ntsvr1.asgard.aus.tm>

>>> But even if netbios is all screwed up and regardless of whether the
>>> WINS servers are responding I still I thought I should be able to
>>> just type in \\192.168.0.2 into the network neighborhood address
>>> and get to the machine without having to rely on WINS resolution.
>>>
>
>>That only works if the client is WinNT or later, and there is a trust
>>relationship between the two domains. I think your main problem is the two
>>domains which do not have a trust relationship between them......
>
>
>This works with my 95 machine.......
>
>Sounds like your firewall has some rules to drop SMB traffic
>before the rules 
>to allow the traffic to/from ppp/lan are read. Check the
>order of the rules in
>the forward chain with iptables -L 
>

It should work providing the target Microsoft computer is actually sharing
something (and of course providing your firewall rules aren't breaking it
entirely). If sharing is disabled or not installed on the target it often
gives Windoze error 53, machine not found. 


From fernando at stts.com.br  Wed Jan  9 08:33:24 2002
From: fernando at stts.com.br (L.Fernando)
Date: Wed, 9 Jan 2002 12:33:24 -0200
Subject: [pptp-server] Help ! GRE: Protocol not available
Message-ID: <001f01c1991a$9bf504d0$c7eaa8c0@stts.com.br>

Hello all

I installed PoPToP v.1.1.2 with RedHat 7.2 (kernel 2.4.7-10) and have the
following error in my pptp.log file:

Jan  9 11:27:11 LFS pptpd[13270]: GRE: read error: Protocol not available
(Complete message included below....)

So, could you please help me with that matter ?

Thanks in advance,

Fernando.

Jan  9 11:27:08 LFS pptpd[13270]: MGR: Launching /usr/local/sbin/pptpctrl to
handle client
Jan  9 11:27:08 LFS pptpd[13270]: CTRL: local address = 192.168.0.131
Jan  9 11:27:08 LFS pptpd[13270]: CTRL: remote address = 192.168.0.141
Jan  9 11:27:08 LFS pptpd[13270]: CTRL: pppd options file =
/etc/ppp/options.pptpd
Jan  9 11:27:08 LFS pptpd[13270]: CTRL: Client 200.207.46.184 control
connection started
Jan  9 11:27:08 LFS pptpd[13270]: CTRL: Received PPTP Control Message (type:
1)
Jan  9 11:27:08 LFS pptpd[13270]: CTRL: Made a START CTRL CONN RPLY packet
Jan  9 11:27:08 LFS pptpd[13270]: CTRL: I wrote 156 bytes to the client.
Jan  9 11:27:08 LFS pptpd[13270]: CTRL: Sent packet to client
Jan  9 11:27:11 LFS pptpd[13270]: CTRL: Received PPTP Control Message (type:
7)
Jan  9 11:27:11 LFS pptpd[13270]: CTRL: 0 min_bps, 1525 max_bps, 32 window
size
Jan  9 11:27:11 LFS pptpd[13270]: CTRL: Made a OUT CALL RPLY packet
Jan  9 11:27:11 LFS pptpd[13270]: CTRL: Starting call (launching pppd,
opening GRE)
Jan  9 11:27:11 LFS pptpd[13270]: CTRL: pty_fd = 5
Jan  9 11:27:11 LFS pptpd[13270]: CTRL: tty_fd = 6
Jan  9 11:27:11 LFS pptpd[13270]: CTRL: I wrote 32 bytes to the client.
Jan  9 11:27:11 LFS pptpd[13270]: CTRL: Sent packet to client
Jan  9 11:27:11 LFS pptpd[13271]: CTRL (PPPD Launcher): Connection speed =
115200
Jan  9 11:27:11 LFS pptpd[13271]: CTRL (PPPD Launcher): local address =
192.168.0.131
Jan  9 11:27:11 LFS pptpd[13271]: CTRL (PPPD Launcher): remote address =
192.168.0.141
Jan  9 11:27:11 LFS pppd[13271]: pppd 2.4.1 started by root, uid 0
Jan  9 11:27:11 LFS pppd[13271]: using channel 18
Jan  9 11:27:11 LFS pppd[13271]: Using interface ppp0
Jan  9 11:27:11 LFS pptpd[13270]: CTRL: Received PPTP Control Message (type:
15)
Jan  9 11:27:11 LFS pptpd[13270]: CTRL: Got a SET LINK INFO packet with
standard ACCMs
Jan  9 11:27:11 LFS pppd[13271]: Connect: ppp0 <--> /dev/pts/0
Jan  9 11:27:11 LFS pppd[13271]: sent [LCP ConfReq id=0x1 <mru 1490>
<asyncmap 0x0> <auth chap
 81> <magic 0x5d7f1448> <pcomp> <accomp>]
Jan  9 11:27:11 LFS pptpd[13270]: GRE: read error: Protocol not available
Jan  9 11:27:11 LFS pptpd[13270]: CTRL: PTY read or GRE write failed
(pty,gre)=(5,6)





From scottt at soccer.com  Wed Jan  9 10:34:17 2002
From: scottt at soccer.com (Scott Taylor)
Date: Wed, 9 Jan 2002 08:34:17 -0800
Subject: [pptp-server] Shouldn't I be able to see WIndows servers in Network Neighborhood?
Message-ID: <6BA60570F9E2BA0419DC4876A15EF915@scottt.soccer.com>

An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020109/bd7abac3/attachment.html>

From arturo at descom.es  Wed Jan  9 13:04:47 2002
From: arturo at descom.es (Arturo Pina)
Date: Wed, 9 Jan 2002 20:04:47 +0100
Subject: [pptp-server] Failure in pptpgre.c compiling pptpd-1.1.2 under Solaris 7
Message-ID: <OAECIPKLAEBFCPMJFFIPAEMCCHAA.arturo@descom.es>

Hi!
I'm trying to compile pptp-1.1.2 under Solaris 7. Compilation fails! Please
could someone help me?
Thanks a lot!

Arturo

------

gcc -DHAVE_CONFIG_H -I. -I. -I. -I.    -O2 -fno-builtin -Wall -ansi -DSBINDI
R='"/usr/local/sbin"' -c pptpgre.c
pptpgre.c: In function `pptp_gre_init':
pptpgre.c:122: `SOL_IP' undeclared (first use in this function)
pptpgre.c:122: (Each undeclared identifier is reported only once
pptpgre.c:122: for each function it appears in.)
*** Error code 1
make: Fatal error: Command failed for target `pptpgre.o'




From jorgens at coho.net  Wed Jan  9 18:09:44 2002
From: jorgens at coho.net (Steve Jorgensen)
Date: Wed, 9 Jan 2002 16:09:44 -0800
Subject: [pptp-server] Status of RADIUS integration?
Message-ID: <01C19928.0DD63C10.jorgens@coho.net>

I'm still interested in trying to use PoPToP and authenticate against a 
Windows NT domain and use encrypted passwords.  From what I can tell, 
Microsoft IAS can be used for this job (The Cisco VPN 3000 Concentrator can 
make use of this).  I know there has been work done to make PoPToP able to 
use RADIUS, and I'm curious if there's any hope it will be able to use 
RADIUS to use IAS to validate MSCHAPv2.

Any news?

Thanks,

	Steve Jorgensen


From jhiggs at iprsystems.com  Thu Jan 10 05:39:33 2002
From: jhiggs at iprsystems.com (Jeremy Higgs)
Date: Thu, 10 Jan 2002 22:39:33 +1100
Subject: [pptp-server] Problems connecting to PPTP VPN server (still not resolved...)
Message-ID: <B863C8A5.6821%jhiggs@iprsystems.com>

Hi everyone!

I've been trying as of late to still connect to a PPTP VPN server running
PoPToP on a Debian system, but it just doesn't seem to be working...

Upon doing "pptp cata.mine.nu" on the client machine, I get the following on
the server in /var/log/daemon.log:

Jan 10 22:28:52 bluey pptpd[26826]: CTRL: Client 144.132.140.185 control
connection started
Jan 10 22:28:53 bluey pptpd[26826]: CTRL: Starting call (launching pppd,
opening GRE)
Jan 10 22:28:53 bluey modprobe: modprobe: Invalid line 82 in
/etc/modules.conf ^I/lib/modules/2.2.20/
Jan 10 22:28:55 bluey pptpd[26826]: GRE: Discarding duplicate packet
Jan 10 22:28:58 bluey pptpd[26826]: GRE: read(fd=5,buffer=10014e54,len=8196)
from PTY failed: status = -1 error = Input/output error
Jan 10 22:28:58 bluey pptpd[26826]: CTRL: PTY read or GRE write failed
(pty,gre)=(5,6)
Jan 10 22:28:58 bluey pptpd[26826]: CTRL: Client 144.132.140.185 control
connection finished
Jan 10 22:28:58 bluey pptpd[26826]: CTRL: Couldn't write packet to client.
Jan 10 22:28:58 bluey pptpd[26826]: CTRL: Couldn't write packet to client.

And this is /var/log/messages:

Jan 10 22:28:53 bluey pppd[26827]: pppd 2.4.1 started by root, uid 0
Jan 10 22:28:53 bluey pppd[26827]: Using interface ppp1
Jan 10 22:28:53 bluey pppd[26827]: Connect: ppp1 <--> /dev/pts/3
Jan 10 22:28:58 bluey pppd[26827]: Connection terminated.
Jan 10 22:28:58 bluey pppd[26827]: Exit.

The client seems to quit, however...

This is the /etc/pptpd.conf file:

cata:~# cat /etc/pptpd.conf
############################################################################
####
#
# Sample PoPToP configuration file
#
# for PoPToP version 0.9.12
#
############################################################################
####

# TAG: speed
#
#       Specifies the speed for the PPP daemon to talk at.
#
speed 115200

# TAG: option
#
#       Specifies the location of the PPP options file.
#       By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/pptpd-options

# TAG: debug
#
#       Turns on (more) debugging to syslog
#
#debug

# TAG: localip
# TAG: remoteip
#
#       Specifies the local and remote IP address ranges.
#
#       You can specify single IP addresses seperated by commas or you can
#       specify ranges, or both. For example:
#
#               192.168.0.234,192.168.0.245-249,192.168.0.254
#
#       IMPORTANT RESTRICTIONS:
#
#       1. No spaces are permitted between commas or within addresses.
#
#       2. If you give more IP addresses than MAX_CONNECTIONS, it will
#          start at the beginning of the list and go until it gets
#          MAX_CONNECTIONS IPs. Others will be ignored.
#
#       3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
#          you must type 234-238 if you mean this.
#
#       4. If you give a single localIP, that's ok - all local IPs will
#          be set to the given one. You MUST still give at least one remote
#          IP for each simultaneous client.
#
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
#localip 10.0.1.1
#remoteip 10.0.1.2-100
#localip 203.17.40.97
#remoteip 203.17.40.109,203.17.40.106
localip 192.168.1.1-100
remoteip 192.168.1.101-200

And the /etc/ppp/pptpd-options file:

cata:~# less /etc/ppp/pptpd-options
## SAMPLE ONLY
## CHANGE TO SUIT YOUR SYSTEM

## turn pppd syslog debugging on
#debug

## change 'servername' to whatever you specify as your server name in
chap-secre
ts
name bluey
## change the domainname to your local domain
domain cata.mine.nu

## these are reasonable defaults for WinXXXX clients
## for the security related settings
auth
require-chap
#require-chapms
#require-chapms-v2
+chap
#+chapms
#+chapms-v2
#mppe-40
#mppe-128
#mppe-stateless
#require-mppe
#require-mppe-stateless

## Fill in your addresses
#ms-dns 10.0.0.1
#ms-wins 10.0.0.1

## Fill in your netmask
netmask 255.255.255.0

## some defaults
nodefaultroute
proxyarp
lock

Can anyone help me?

Thanks...!



From scottt at soccer.com  Thu Jan 10 12:14:19 2002
From: scottt at soccer.com (Scott Taylor)
Date: Thu, 10 Jan 2002 10:14:19 -0800
Subject: [pptp-server] Logging shows up on the console
Message-ID: <A625EB9FC6D61C840B0C7B6AF89BF3E1@scottt.soccer.com>

Hello all, 
  I'm wondering if anyone else has experienced 
the following. I'm running redhat with a 2.4.15 
kernel with the VPN masq patches installed. When 
ever a VPN session is initiated the console 
fills up with the gre traffic messages of the 
session. I tried to change this via syslog.conf 
to no avail. Anyone have any suggestions? 

Cheers,

Scott

THERE IS ONLY ONE... 
SOCCER.COM, The Center of the Soccer Universe
http://www.soccer.com


From RLDITTO at BRIGHT.NET  Thu Jan 10 12:56:48 2002
From: RLDITTO at BRIGHT.NET (JOE)
Date: Thu, 10 Jan 2002 13:56:48 -0500
Subject: [pptp-server] Logging shows up on the console
References: <A625EB9FC6D61C840B0C7B6AF89BF3E1@scottt.soccer.com>
Message-ID: <001f01c19a08$8f735240$0b00a8c0@backdog>

I think that if you start pptpd daemon by leaving out the -d will get rid of
that as well as you may need to remove debug lines from options file and
/etc/pptpd.conf
----- Original Message -----
From: "Scott Taylor" <scottt at soccer.com>
To: <pptp-server at lists.schulte.org>
Sent: Thursday, January 10, 2002 1:14 PM
Subject: [pptp-server] Logging shows up on the console


> Hello all,
>   I'm wondering if anyone else has experienced
> the following. I'm running redhat with a 2.4.15
> kernel with the VPN masq patches installed. When
> ever a VPN session is initiated the console
> fills up with the gre traffic messages of the
> session. I tried to change this via syslog.conf
> to no avail. Anyone have any suggestions?
>
> Cheers,
>
> Scott
>
> THERE IS ONLY ONE...
> SOCCER.COM, The Center of the Soccer Universe
> http://www.soccer.com
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --



From jvaughan at maad.com  Thu Jan 10 16:55:57 2002
From: jvaughan at maad.com (John Vaughan)
Date: Thu, 10 Jan 2002 15:55:57 -0700
Subject: [pptp-server] PPTPD and kernel 2.4.16
Message-ID: <NDBBIBMBGFKCAFNDJMJPAEEMFHAA.jvaughan@maad.com>

Hello

I'm planning to install redhat 7.2 and upgrade the kernel to 2.4.16 in order
to make my Linux firewall a vpn server. I've noticed on the
http://mirror.binarix.com/ppp-mppe/ the following files exist

ppp-2.4.1-openssl-0.9.6-mppe-patch.gz
linux-2.4.16-openssl-0.9.6b-mppe.patch.gz

A couple of questions:

1.)  Am I moving in the right direction?

2.)  Does pptpd support kernel version 2.4.16??

3.)  Is the 2.4.16 kernel considered to be safe??

4.)  Where is the current website that discusses these issues (poptop
site)??

thanks

John Vaughan
Micro Analysis and Design, Inc.
4900 Pearl East Circle Ste 201E
Boulder Co
80301
303-442-6947 x143



From magnus at vonkoeller.de  Fri Jan 11 01:45:42 2002
From: magnus at vonkoeller.de (Magnus von Koeller)
Date: Fri, 11 Jan 2002 08:45:42 +0100
Subject: [pptp-server] PPTPD and kernel 2.4.16
In-Reply-To: <NDBBIBMBGFKCAFNDJMJPAEEMFHAA.jvaughan@maad.com>
References: <NDBBIBMBGFKCAFNDJMJPAEEMFHAA.jvaughan@maad.com>
Message-ID: <200201110844.17791@vonkoeller.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 10 January 2002 23:55, you wrote:
> 3.) ?Is the 2.4.16 kernel considered to be safe??

The 2.4.16 kernel is safe and usable but a lot of people complain 
that linux pptp _clients_ don't work if the version of the pptp 
server kernel is > 2.4.10.

- -- 
- -M

- -------  Magnus von Koeller  <magnus at vonkoeller.de> ------
 Georg-Westermann-Allee 76 / 38104 Braunschweig / Germany
      Phone: +49-531-2094886 Mobile: +49-179-4562940

 lp1 on fire (One of the more obfuscated kernel messages)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8PpgpUIvM6e6BgFARAiQmAJwJcT8RSRMQHFJesB/+38JCyV5+GQCg2tic
qAgLkHH3P6YuwZJGcxAIp4U=
=Ni5y
-----END PGP SIGNATURE-----


From jasonk at anasazi.cx  Sun Jan 13 01:43:15 2002
From: jasonk at anasazi.cx (JedTheHead)
Date: Sun, 13 Jan 2002 02:43:15 -0500
Subject: [pptp-server] PPP / IPX Frame Type Question
Message-ID: <001701c19c05$f8a83fb0$0a00a8c0@harpua>

Hi all!

How do I assign (auto-assign is fine) additional frame types to ppp interfaces for IPX ?

I have IPX working for PopTop and on both NICs in my pptpd server I have the 802.2 and 802.3 frame types bound to both NICs. (I also have ethernet II bound to them.)
When I connect to the server from my client machine (Windows XP) only the Ethernet II frame type is bound to the PPP interface.  I have everything set correctly on the client side using 802.2 as the default frame type and IPX for the NetWare Client, not IPX / IP as you can do since NetWare 5.  I can also communicate fine with my home NetWare server.  Currently I am using this:

/usr/bin/ipx_interface add ppp0 802.2
/usr/bin/ipx_interface add ppp0 802.3
 
in my /etc/ppp/ip-up script to bind the frame types to the ppp interface, but it doesn't assign IPX numbers to the frame types.  It gives me this:

=========================================================
ppp0   Link encap:Point-to-Point Protocol
          inet addr:192.168.1.32  P-t-P:192.168.1.51  Mask:255.255.255.255
          IPX/Ethernet II addr:000000BB:0000F8717FB9
          IPX/Ethernet 802.2 addr:  <-------------------------------
          IPX/Ethernet 802.3 addr:  <-------------------------------
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
          RX packets:32 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10
=========================================================

I can hit the network and login via the NetWare Client, but a lot of things (obviously) don't work.  

Here is a dump from ifconfig without the "/usr/bin/ipx_interface add ppp0 802.2" statements in the /etc/ppp/ip-up file: (eth0 is on the internal network and eth1 is the external interface)

=========================================================
eth0      Link encap:Ethernet  HWaddr 00:10:5A:23:69:A6
          inet addr:xxx.xxx.xxx.xxx  Bcast:xxx.xxx.xxx.255  Mask:255.255.255.0
          IPX/Ethernet 802.2 addr:DA6DB426:00105A2369A6
          IPX/Ethernet 802.3 addr:00065009:00105A2369A6
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:398780 errors:0 dropped:0 overruns:0 frame:0
          TX packets:131273 errors:0 dropped:0 overruns:0 carrier:0
          collisions:21789 txqueuelen:100
          Interrupt:5 Base address:0x210

eth1      Link encap:Ethernet  HWaddr 00:20:AF:31:8E:A2
          inet addr:xxx.xxx.xxx.xxx  Bcast xxx.xxx.xxx.255  Mask:255.255.255.0
          IPX/Ethernet 802.2 addr:00000666:0020AF318EA2
          IPX/Ethernet 802.3 addr:00000789:0020AF318EA2
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:252547 errors:1 dropped:0 overruns:1 frame:1
          TX packets:209776 errors:0 dropped:0 overruns:0 carrier:0
          collisions:26589 txqueuelen:100
          Interrupt:10 Base address:0x300

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:186 errors:0 dropped:0 overruns:0 frame:0
          TX packets:186 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

ppp0      Link encap:Point-to-Point Protocol
          inet addr:192.168.1.32  P-t-P:192.168.1.51  Mask:255.255.255.255
          IPX/Ethernet II addr:000000BB:0000F8717FB9  <--------------------------------NOTICE THIS IS THE ONLY FRAME TYPE ASSIGNED
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
          RX packets:32 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10
=========================================================

Here is my /etc/ppp/options file

=========================================================
lock
debug
proxyarp
auth
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
ipx
ipx-network bb
=========================================================


I am also running ipxripd.  It seems to be working fine, although I wish there was a way to see the IPX routing table.  (If there is, I am just not aware of it yet.)

Thanks in advance!!!!

JedTheHead


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020113/76eddb3d/attachment.html>

From jnc at empolis.co.uk  Mon Jan 14 10:07:03 2002
From: jnc at empolis.co.uk (Julian Cowell)
Date: Mon, 14 Jan 2002 16:07:03 -0000
Subject: [pptp-server] linux-2.4.16-openssl-0.9.6b-mppe.patch
Message-ID: <8FC4E7C302A6A64AAD5DB1FA0E825DEB158636@hendrix.empolisuk.com>

Has anyone else managed to successfully patch and compile a 2.4.16
kernel with this patch ?
It seems to patch OK, but "make modules" gets upset 
anyone else having issues ?

tar   joolls

_____________________________________________________________________
This message has been checked for all known viruses by the MessageLabs Virus Scanning Service.


From vlast at indivisuallearning.com  Mon Jan 14 10:14:40 2002
From: vlast at indivisuallearning.com (Vladimir Strezhnev)
Date: Mon, 14 Jan 2002 10:14:40 -0600
Subject: [pptp-server] linux-2.4.16-openssl-0.9.6b-mppe.patch
In-Reply-To: <8FC4E7C302A6A64AAD5DB1FA0E825DEB158636@hendrix.empolisuk.com>
References: <8FC4E7C302A6A64AAD5DB1FA0E825DEB158636@hendrix.empolisuk.com>
Message-ID: <02011410144003.17011@ivl-devel.indivisuallearning.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Were using 2.4.16 kernel patched with linux -2.4.4-openssl-0.9.6b-mppe.patch 
on RH7.1
Everything including modules compiled cleanly and pptp works OK
What changes were made to 2.4.16 patch compared to 2.4.4 patch
Is it crucial to recompile the 2.4.16 kernel with newer patch?


> Has anyone else managed to successfully patch and compile a 2.4.16
> kernel with this patch ?
> It seems to patch OK, but "make modules" gets upset
> anyone else having issues ?
>
> tar   joolls
>
> _____________________________________________________________________
> This message has been checked for all known viruses by the MessageLabs
> Virus Scanning Service. _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

- -- 
VLADIMIR STREZHNEV
System Engineer
IndiVisual Learning, LLC
St. Paul, MN 
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBPEMD8L5tPDt+Qc/uEQLuVwCeKLfVhnleM7dy8hRbP8lI9rsZh8AAn071
Cg1hsz63fxgHCV0xH8SKLKgy
=cVHU
-----END PGP SIGNATURE-----


From cota at avati.com.br  Mon Jan 14 08:30:57 2002
From: cota at avati.com.br (Leonardo =?iso-8859-15?q?Mour=E3o=20Cota?=)
Date: Mon, 14 Jan 2002 14:30:57 +0000
Subject: [pptp-server] miltiples logins
Message-ID: <20020114162220.45332D148C@poontang.schulte.org>


-------------- next part --------------
hi,

	I have a problem with pptpd-1.1.2. 

	The program connect 9 simultaneous users with no problem. But since the tenth user connects it starts to duplicate the ppp's interfaces. Here is an example of a duplicated interface:

ppp10   Link encap:Point-to-Point Protocol
		inet addr:192.168.8.11  P-t-P:192.168.9.55  Mask:255.255.255.255
		UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
		RX packets:377 errors:0 dropped:0 overruns:0 frame:0
		TX packets:460 errors:0 dropped:0 overruns:0 carrier:0
		collisions:0 txqueuelen:3
		RX bytes:21486 (20.9 Kb)  TX bytes:79582 (77.7 Kb)

ppp10   Link encap:Point-to-Point Protocol
        inet addr:192.168.8.11  P-t-P:192.168.9.55  Mask:255.255.255.255
		UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

	Is it a pptp problem? 

	I'm using kernel 2.4.14-grsec-1.8.6. 


Thanks,

From jnc at empolis.co.uk  Mon Jan 14 10:24:01 2002
From: jnc at empolis.co.uk (Julian Cowell)
Date: Mon, 14 Jan 2002 16:24:01 -0000
Subject: [pptp-server] linux-2.4.16-openssl-0.9.6b-mppe.patch
Message-ID: <8FC4E7C302A6A64AAD5DB1FA0E825DEB158638@hendrix.empolisuk.com>

yep, I've also compiled and working Ok with the 2.4.4 patch.
I've tried various other kernel versions as well,
Valid question 
"Is it crucial to recompile the 2.4.16 kernel with newer patch?"
May be I should of asked this first !

joolls

-----Original Message-----
From: Vladimir Strezhnev [mailto:vlast at indivisuallearning.com]
Sent: 14 January 2002 16:15
To: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] linux-2.4.16-openssl-0.9.6b-mppe.patch


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Were using 2.4.16 kernel patched with linux
-2.4.4-openssl-0.9.6b-mppe.patch 
on RH7.1
Everything including modules compiled cleanly and pptp works OK
What changes were made to 2.4.16 patch compared to 2.4.4 patch
Is it crucial to recompile the 2.4.16 kernel with newer patch?


> Has anyone else managed to successfully patch and compile a 2.4.16
> kernel with this patch ?
> It seems to patch OK, but "make modules" gets upset
> anyone else having issues ?
>
> tar   joolls
>
> _____________________________________________________________________
> This message has been checked for all known viruses by the MessageLabs
> Virus Scanning Service.
_______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

- -- 
VLADIMIR STREZHNEV
System Engineer
IndiVisual Learning, LLC
St. Paul, MN 
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBPEMD8L5tPDt+Qc/uEQLuVwCeKLfVhnleM7dy8hRbP8lI9rsZh8AAn071
Cg1hsz63fxgHCV0xH8SKLKgy
=cVHU
-----END PGP SIGNATURE-----
_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --

_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.

_____________________________________________________________________
This message has been checked for all known viruses by the MessageLabs Virus Scanning Service.


From cota at avati.com.br  Mon Jan 14 08:32:39 2002
From: cota at avati.com.br (Leonardo =?iso-8859-15?q?Mour=E3o=20Cota?=)
Date: Mon, 14 Jan 2002 14:32:39 +0000
Subject: [pptp-server] multiples logins
Message-ID: <20020114162403.56274D15D3@poontang.schulte.org>

hi, 
 
I have a problem with pptpd-1.1.2. 
 
The program connect 9 simultaneous users with no problem. But since the tenth 
user connects it starts to duplicate the ppp's interfaces. Here is an example 
of a duplicated interface: 
 
ppp10 Link encap:Point-to-Point Protocol inet addr:192.168.8.11 
P-t-P:192.168.9.55 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP 
MULTICAST MTU:1500 Metric:1 RX packets:377 errors:0 dropped:0 overruns:0 
frame:0 TX packets:460 errors:0 dropped:0 overruns:0 carrier:0 
collisions:0 txqueuelen:3 RX bytes:21486 (20.9 Kb) TX bytes:79582 (77.7 Kb) 
 
ppp10 Link encap:Point-to-Point Protocol inet addr:192.168.8.11 
P-t-P:192.168.9.55 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP 
MULTICAST MTU:1500 Metric:1 
 
Is it a pptp problem? 
 
I'm using kernel 2.4.14-grsec-1.8.6. 
 
 
Thanks, 


Leonardo



From GeorgeV at citadelcomputer.com.au  Mon Jan 14 15:04:05 2002
From: GeorgeV at citadelcomputer.com.au (George Vieira)
Date: Tue, 15 Jan 2002 08:04:05 +1100
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to Encryption???
Message-ID: <200FAA488DE0D41194F10010B597610D2B9569@JUPITER>

Hey People,

I finally got my new kernel (old now after so long trying to get it working)
to compile and boot with MPPE built in.
My problem is that I still get it coming up as MPPE 128 bit Compression and
not Encryption...

Why is this happening, what have I configured wrongly?

Jan 15 07:57:59 firewall pppd[1468]: pppd 2.4.1 started by root, uid 0
Jan 15 07:57:59 firewall pppd[1468]: Using interface ppp0
Jan 15 07:57:59 firewall pppd[1468]: Connect: ppp0 <--> /dev/pts/1
Jan 15 07:58:02 firewall pppd[1468]: MSCHAP-v2 peer authentication succeeded
for georgev
Jan 15 07:58:02 firewall pppd[1468]: found interface eth0 for proxy arp
Jan 15 07:58:02 firewall pppd[1468]: local  IP address 10.10.0.254
Jan 15 07:58:02 firewall pppd[1468]: remote IP address 10.10.0.97
Jan 15 07:58:02 firewall pppd[1468]: MPPE 128 bit, stateless receive
compression enabled

thanks,
George Vieira
Systems Manager
Citadel Computer Systems P/L
http://www.citadelcomputer.com.au



From teastep at shorewall.net  Mon Jan 14 15:47:06 2002
From: teastep at shorewall.net (Tom Eastep)
Date: Mon, 14 Jan 2002 13:47:06 -0800
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to Encryption???
In-Reply-To: <200FAA488DE0D41194F10010B597610D2B9569@JUPITER>
References: <200FAA488DE0D41194F10010B597610D2B9569@JUPITER>
Message-ID: <20020114214707.0D319ACF6@mail.shorewall.net>

On Monday 14 January 2002 01:04 pm, George Vieira wrote:
> Hey People,
>
> I finally got my new kernel (old now after so long trying to get it
> working) to compile and boot with MPPE built in.
> My problem is that I still get it coming up as MPPE 128 bit Compression and
> not Encryption...
>
> Why is this happening, what have I configured wrongly?
>
> Jan 15 07:57:59 firewall pppd[1468]: pppd 2.4.1 started by root, uid 0
> Jan 15 07:57:59 firewall pppd[1468]: Using interface ppp0
> Jan 15 07:57:59 firewall pppd[1468]: Connect: ppp0 <--> /dev/pts/1
> Jan 15 07:58:02 firewall pppd[1468]: MSCHAP-v2 peer authentication
> succeeded for georgev
> Jan 15 07:58:02 firewall pppd[1468]: found interface eth0 for proxy arp
> Jan 15 07:58:02 firewall pppd[1468]: local  IP address 10.10.0.254
> Jan 15 07:58:02 firewall pppd[1468]: remote IP address 10.10.0.97
> Jan 15 07:58:02 firewall pppd[1468]: MPPE 128 bit, stateless receive
> compression enabled
>

Architectually, MPPE is implemented as a ppp compressor -- it's working!

-Tom
-- 
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep at shorewall.net


From trader at simnet.is  Mon Jan 14 16:18:33 2002
From: trader at simnet.is (=?iso-8859-1?Q?Finnur_=D6._Gu=F0mundsson?=)
Date: Mon, 14 Jan 2002 22:18:33 -0000
Subject: [pptp-server] Problems, Win2000 and FreeBSD 4.3
Message-ID: <009201c19d49$67888c20$0501a8c0@dm.dom>

Hi all!

Im trying to setup PoPToP server on a FreeBSD 4.3 machine, but when i
connect thru my windows 2000 client i keep on getting DUN error: 619

Here is my setup (im using pap, not chap). Also i noticed that just before i
sent this mail that i get the same error (DUN: 619) when i try with wrong
pass....and the real pass ;/

FreeBSD 4.3

/etc/ppp/options:
debug
name ns1
auth
require-pap
proxyarp

/etc/pptpd.conf:
speed 115200
localip 192.168.163.240-242
remoteip 192.168.0.240-242
option /etc/ppp/options

/etc/ppp/pap-secrets:
user1    ns1    password    *

and the error on the freebsd machine is:
Jan 14 22:28:15 kex pptpd[61445]: EOF reading from pppd
Jan 14 22:28:15 kex pptpd[61445]: CTRL: GRE read or PTY write failed
(gre,pty)=(5,6)
Jan 14 22:28:31 kex ppp[61448]: Warning: Label pptp rejected -direct
connection: Configuration label not found
Jan 14 22:28:31 kex pptpd[61447]: EOF reading from pppd
Jan 14 22:28:31 kex pptpd[61447]: CTRL: GRE read or PTY write failed
(gre,pty)=(5,6)
Jan 14 22:29:16 kex ppp[61460]: Warning: Label pptp rejected -direct
connection: Configuration label not found
Jan 14 22:29:16 kex pptpd[61459]: EOF reading from pppd
Jan 14 22:29:16 kex pptpd[61459]: CTRL: GRE read or PTY write failed
(gre,pty)=(5,6)


Humm.....can anyone of you guys figure out my problems ;)?....

Also, i have spare "real" ip that is visible to the internet, and i was
hoping i could give my w2k machine at home this ip thru this poptop server.
Can anyone of you give me examples how i could do that?

Thanks for your time and support! :)


- Finnur







From mar-kolya at mail.ru  Mon Jan 14 16:38:13 2002
From: mar-kolya at mail.ru (Martynov Nikolay)
Date: Tue, 15 Jan 2002 01:38:13 +0300
Subject: [pptp-server] maximum of connections...
Message-ID: <002901c19d4c$277d8f60$0d40a8c0@home>

Hi, everybody.

  Can somebody tell me what is the maximum for connections to pptp server?
Does it depend on kernel version or server version?

  I read HOWTOs in pptpd distribution, but this quiestion is't clear there.
It says "So it seems that 2048 will be the limit, if you fix a few things
and with a minor kernel mod", but it doesn.t say what to fix... Above this
it says that 2.2.X kernels have limit of 100 ppp devices, so we can reach
2048 only on 2.4.X?

  And final questuion :)... How many connections have you practicly reached?

Thanks. Bye.



From neale at lowendale.com.au  Mon Jan 14 17:22:59 2002
From: neale at lowendale.com.au (Neale Banks)
Date: Tue, 15 Jan 2002 10:22:59 +1100 (EST)
Subject: [pptp-server] maximum of connections...
In-Reply-To: <002901c19d4c$277d8f60$0d40a8c0@home>
Message-ID: <Pine.LNX.4.05.10201151017470.17663-100000@marina.lowendale.com.au>

On Tue, 15 Jan 2002, Martynov Nikolay wrote:

>   Can somebody tell me what is the maximum for connections to pptp server?
> Does it depend on kernel version or server version?
> 
>   I read HOWTOs in pptpd distribution, but this quiestion is't clear there.
> It says "So it seems that 2048 will be the limit, if you fix a few things
> and with a minor kernel mod", but it doesn.t say what to fix... Above this
> it says that 2.2.X kernels have limit of 100 ppp devices, so we can reach
> 2048 only on 2.4.X?

Try the archives.  E.g. for some of the answer see:

http://lists.schulte.org/pipermail/pptp-server/2001-June/010726.html
http://lists.schulte.org/pipermail/pptp-server/2001-August/011373.html

and other items in those threads.

HTH,
Neale.



From berzerke at swbell.net  Mon Jan 14 17:22:24 2002
From: berzerke at swbell.net (robert)
Date: Mon, 14 Jan 2002 17:22:24 -0600
Subject: [pptp-server] Problems, Win2000 and FreeBSD 4.3
In-Reply-To: <009201c19d49$67888c20$0501a8c0@dm.dom>
References: <009201c19d49$67888c20$0501a8c0@dm.dom>
Message-ID: <0GPY007O5BKZDD@mta4.rcsntx.swbell.net>

A few things jumped out at me with just a glance.

1) require-pap: Very insecure.

2) Error 619: One cause of this is not having pty support compiled into the 
kernel (at least for Linux).

3) > localip 192.168.163.240-242
> remoteip 192.168.0.240-242
	These should NOT overlap and should be on the same subnet.  In any case, you 
only need one address for localip.

4) Examples: Well there is the 2.4 kernel howto (at 
http://home.swbell.net/berzerke), although that is for linux, not freebsd.  
Still, things may be close enough that it might be helpful.

On Monday 14 January 2002 04:18 pm, Finnur ?. Gu?mundsson wrote:
> Hi all!
>
> Im trying to setup PoPToP server on a FreeBSD 4.3 machine, but when i
> connect thru my windows 2000 client i keep on getting DUN error: 619
>
> Here is my setup (im using pap, not chap). Also i noticed that just before
> i sent this mail that i get the same error (DUN: 619) when i try with wrong
> pass....and the real pass ;/
>
> FreeBSD 4.3
>
> /etc/ppp/options:
> debug
> name ns1
> auth
> require-pap
> proxyarp
>
> /etc/pptpd.conf:
> speed 115200
> localip 192.168.163.240-242
> remoteip 192.168.0.240-242
> option /etc/ppp/options
>
> /etc/ppp/pap-secrets:
> user1    ns1    password    *
>
> and the error on the freebsd machine is:
> Jan 14 22:28:15 kex pptpd[61445]: EOF reading from pppd
> Jan 14 22:28:15 kex pptpd[61445]: CTRL: GRE read or PTY write failed
> (gre,pty)=(5,6)
> Jan 14 22:28:31 kex ppp[61448]: Warning: Label pptp rejected -direct
> connection: Configuration label not found
> Jan 14 22:28:31 kex pptpd[61447]: EOF reading from pppd
> Jan 14 22:28:31 kex pptpd[61447]: CTRL: GRE read or PTY write failed
> (gre,pty)=(5,6)
> Jan 14 22:29:16 kex ppp[61460]: Warning: Label pptp rejected -direct
> connection: Configuration label not found
> Jan 14 22:29:16 kex pptpd[61459]: EOF reading from pppd
> Jan 14 22:29:16 kex pptpd[61459]: CTRL: GRE read or PTY write failed
> (gre,pty)=(5,6)
>
>
> Humm.....can anyone of you guys figure out my problems ;)?....
>
> Also, i have spare "real" ip that is visible to the internet, and i was
> hoping i could give my w2k machine at home this ip thru this poptop server.
> Can anyone of you give me examples how i could do that?
>
> Thanks for your time and support! :)
>
>
> - Finnur
>
>
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From vorlon at netexpress.net  Mon Jan 14 15:35:06 2002
From: vorlon at netexpress.net (Steve Langasek)
Date: Mon, 14 Jan 2002 15:35:06 -0600
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to Encryption???
In-Reply-To: <200FAA488DE0D41194F10010B597610D2B9569@JUPITER>
References: <200FAA488DE0D41194F10010B597610D2B9569@JUPITER>
Message-ID: <20020114213459.GD1933@netexpress.net>

George,

On Tue, Jan 15, 2002 at 08:04:05AM +1100, George Vieira wrote:

> I finally got my new kernel (old now after so long trying to get it working)
> to compile and boot with MPPE built in.
> My problem is that I still get it coming up as MPPE 128 bit Compression and
> not Encryption...

> Why is this happening, what have I configured wrongly?

MPPE is by definition an encryption method, but when it hooks into the 
Linux kernel, it uses the API available for compression methods.  So it 
is actually giving you encryption, it's just called 'compression' in 
the logs because that's what the kernel and pppd think it is.

Steve Langasek
postmodern programmer

> Jan 15 07:57:59 firewall pppd[1468]: pppd 2.4.1 started by root, uid 0
> Jan 15 07:57:59 firewall pppd[1468]: Using interface ppp0
> Jan 15 07:57:59 firewall pppd[1468]: Connect: ppp0 <--> /dev/pts/1
> Jan 15 07:58:02 firewall pppd[1468]: MSCHAP-v2 peer authentication succeeded
> for georgev
> Jan 15 07:58:02 firewall pppd[1468]: found interface eth0 for proxy arp
> Jan 15 07:58:02 firewall pppd[1468]: local  IP address 10.10.0.254
> Jan 15 07:58:02 firewall pppd[1468]: remote IP address 10.10.0.97
> Jan 15 07:58:02 firewall pppd[1468]: MPPE 128 bit, stateless receive
> compression enabled
> 
> thanks,
> George Vieira
> Systems Manager
> Citadel Computer Systems P/L
> http://www.citadelcomputer.com.au
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From jvonau at home.com  Mon Jan 14 18:20:52 2002
From: jvonau at home.com (Jerry Vonau)
Date: Mon, 14 Jan 2002 18:20:52 -0600
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to 
 Encryption???
References: <200FAA488DE0D41194F10010B597610D2B9569@JUPITER> <20020114214707.0D319ACF6@mail.shorewall.net>
Message-ID: <3C4375E4.1B5E18D8@home.com>

Hey all:

>>MPPE 128 bit, stateless receive compression enabled<<

Is the receive part not an error?? That would suggest
that encryption is for receive only, not transmit....

Should it not be:

MPPE 128 bit, stateless compression enabled

Just a thought....

Jerry Vonau


Tom Eastep wrote:
> 
> On Monday 14 January 2002 01:04 pm, George Vieira wrote:
> > Hey People,
> >
> > I finally got my new kernel (old now after so long trying to get it
> > working) to compile and boot with MPPE built in.
> > My problem is that I still get it coming up as MPPE 128 bit Compression and
> > not Encryption...
> >
> > Why is this happening, what have I configured wrongly?
> >
> > Jan 15 07:57:59 firewall pppd[1468]: pppd 2.4.1 started by root, uid 0
> > Jan 15 07:57:59 firewall pppd[1468]: Using interface ppp0
> > Jan 15 07:57:59 firewall pppd[1468]: Connect: ppp0 <--> /dev/pts/1
> > Jan 15 07:58:02 firewall pppd[1468]: MSCHAP-v2 peer authentication
> > succeeded for georgev
> > Jan 15 07:58:02 firewall pppd[1468]: found interface eth0 for proxy arp
> > Jan 15 07:58:02 firewall pppd[1468]: local  IP address 10.10.0.254
> > Jan 15 07:58:02 firewall pppd[1468]: remote IP address 10.10.0.97
> > Jan 15 07:58:02 firewall pppd[1468]: MPPE 128 bit, stateless receive
> > compression enabled
> >
> 
> Architectually, MPPE is implemented as a ppp compressor -- it's working!
> 
> -Tom
> --
> Tom Eastep    \ A Firewall for Linux 2.4.*
> AIM: tmeastep  \ http://www.shorewall.net
> ICQ: #60745924  \ teastep at shorewall.net
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From teastep at shorewall.net  Mon Jan 14 18:51:06 2002
From: teastep at shorewall.net (Tom Eastep)
Date: Mon, 14 Jan 2002 16:51:06 -0800
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to  Encryption???
In-Reply-To: <3C4375E4.1B5E18D8@home.com>
References: <200FAA488DE0D41194F10010B597610D2B9569@JUPITER> <20020114214707.0D319ACF6@mail.shorewall.net> <3C4375E4.1B5E18D8@home.com>
Message-ID: <20020115005106.D3061ACF6@mail.shorewall.net>

On Monday 14 January 2002 04:20 pm, Jerry Vonau wrote:
> Hey all:
> >>MPPE 128 bit, stateless receive compression enabled<<
>
> Is the receive part not an error?? That would suggest
> that encryption is for receive only, not transmit....
>
> Should it not be:
>
> MPPE 128 bit, stateless compression enabled
>
> Just a thought....
>

Good catch Jerry -- none of the instances of this message in my logs contains 
the "receive" bit. George didn't say what version of the PPTP components he's 
running though...

-Tom
-- 
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep at shorewall.net


From jvonau at home.com  Mon Jan 14 19:14:28 2002
From: jvonau at home.com (Jerry Vonau)
Date: Mon, 14 Jan 2002 19:14:28 -0600
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to 
 Encryption???
References: <200FAA488DE0D41194F10010B597610D2B9569@JUPITER>
Message-ID: <3C438274.D8A2CA70@home.com>

George:

What type of client is connecting?
I saw that "receive", messing with 
the linux client. Can't recall
what the cause was, but I fiddled
with the options till it didn't have
the "receive" in there.....


Jerry Vonau



George Vieira wrote:
> 
> Hey People,
> 
> I finally got my new kernel (old now after so long trying to get it working)
> to compile and boot with MPPE built in.
> My problem is that I still get it coming up as MPPE 128 bit Compression and
> not Encryption...
> 
> Why is this happening, what have I configured wrongly?
> 
> Jan 15 07:57:59 firewall pppd[1468]: pppd 2.4.1 started by root, uid 0
> Jan 15 07:57:59 firewall pppd[1468]: Using interface ppp0
> Jan 15 07:57:59 firewall pppd[1468]: Connect: ppp0 <--> /dev/pts/1
> Jan 15 07:58:02 firewall pppd[1468]: MSCHAP-v2 peer authentication succeeded
> for georgev
> Jan 15 07:58:02 firewall pppd[1468]: found interface eth0 for proxy arp
> Jan 15 07:58:02 firewall pppd[1468]: local  IP address 10.10.0.254
> Jan 15 07:58:02 firewall pppd[1468]: remote IP address 10.10.0.97
> Jan 15 07:58:02 firewall pppd[1468]: MPPE 128 bit, stateless receive
> compression enabled
> 
> thanks,
> George Vieira
> Systems Manager
> Citadel Computer Systems P/L
> http://www.citadelcomputer.com.au
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From jvonau at home.com  Mon Jan 14 19:36:25 2002
From: jvonau at home.com (Jerry Vonau)
Date: Mon, 14 Jan 2002 19:36:25 -0600
Subject: [pptp-server] linux-2.4.16-openssl-0.9.6b-mppe.patch
References: <8FC4E7C302A6A64AAD5DB1FA0E825DEB158638@hendrix.empolisuk.com>
Message-ID: <3C438799.4F6B5A5C@home.com>

Julian:

I have the same setup as VLADIMIR...
Mine compiled fine.....

Might be looking for the mppe modules 
that are not there yet.

I patched and compiled pppd first.
Start with a fresh tarball to patch,
redhat's version of pppd is a little
strange... heard bad things..

Then the kernel patch and compile.

Might make a difference, not to sure....

Jerry Vonau


Julian Cowell wrote:
> 
> yep, I've also compiled and working Ok with the 2.4.4 patch.
> I've tried various other kernel versions as well,
> Valid question
> "Is it crucial to recompile the 2.4.16 kernel with newer patch?"
> May be I should of asked this first !
> 
> joolls
> 
> -----Original Message-----
> From: Vladimir Strezhnev [mailto:vlast at indivisuallearning.com]
> Sent: 14 January 2002 16:15
> To: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] linux-2.4.16-openssl-0.9.6b-mppe.patch
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Were using 2.4.16 kernel patched with linux
> -2.4.4-openssl-0.9.6b-mppe.patch
> on RH7.1
> Everything including modules compiled cleanly and pptp works OK
> What changes were made to 2.4.16 patch compared to 2.4.4 patch
> Is it crucial to recompile the 2.4.16 kernel with newer patch?
> 
> > Has anyone else managed to successfully patch and compile a 2.4.16
> > kernel with this patch ?
> > It seems to patch OK, but "make modules" gets upset
> > anyone else having issues ?
> >
> > tar   joolls


From rhelling at bechtel.com  Tue Jan 15 00:40:58 2002
From: rhelling at bechtel.com (Hellings, Ross)
Date: Tue, 15 Jan 2002 00:40:58 -0600
Subject: [pptp-server] PPTP, and windows PDCs
Message-ID: <15918AB0B8B3D411B56A00508BDD1039018FD1D9@SINS0088>

Does anybody know how to make PPTP get its usernames and password from a NT
server, eg. win2000 PDC, or from a windows domain.  The network that we want
to implement this on is a purely NT network (disgusting), and we dont really
want to have to add individually users for access to PPTP, and change there
passwords all the time, we need the synchronization in the entire domain
(containing over 50,000 users), and we want all users to be able to use
PPTP.

Any ideas?

Regards,

Ross


From rhelling at bechtel.com  Tue Jan 15 00:44:02 2002
From: rhelling at bechtel.com (Hellings, Ross)
Date: Tue, 15 Jan 2002 00:44:02 -0600
Subject: [pptp-server] Hello PPTP USERS
Message-ID: <15918AB0B8B3D411B56A00508BDD1039018FD1DC@SINS0088>



From pptp-server at szczepanek.de  Tue Jan 15 00:51:18 2002
From: pptp-server at szczepanek.de (Torge Szczepanek)
Date: Tue, 15 Jan 2002 07:51:18 +0100
Subject: [pptp-server] maximum of connections...
References: <002901c19d4c$277d8f60$0d40a8c0@home>
Message-ID: <007801c19d91$0980a890$02ffa8c0@cygnus>

Hi!
>   I read HOWTOs in pptpd distribution, but this quiestion is't clear
there.
> It says "So it seems that 2048 will be the limit, if you fix a few things
> and with a minor kernel mod", but it doesn.t say what to fix... Above this
> it says that 2.2.X kernels have limit of 100 ppp devices, so we can reach
> 2048 only on 2.4.X?

You can only reach 100 connections with the standard 2.2.x and 2.4.x kernel.
But you can simply patch both kernels to reach more than 100 connections.
Simply patch /usr/src/linux/net/core/dev.c and increase the number in the
mentioned for loop to 2048. According to Alan Cox this should be sufficient,
but is not the fasted look-up method for the devices. If you write a better
algo, please let me know. But it works fine for me. :-)
Also don't forget to increase the number of Unix 98 PTY to 2048 (can be
reached by simple running make menuconfig and enter 2048 instead of 256 for
the number of unix ptys).

>   And final questuion :)... How many connections have you practicly
reached?

I am currently using pptpd for user authentication for our students to get
internet access in our student hostel network. Nobody could tell me, whether
this gonna work and with how much users. So I set up a test in part of our
network. The test is working fine since 25th of november 2001. I reached up
to 280 simultaneos connections using just one machine, which is a AMD Duron
900MHz with 768MB of RAM. At a maximum of 280 users I reach a CPU usage of
about 25%. The machine is VPN/NAT/Firewall server and does Traffic-Accounts
for every VPN-User using iptables.

For every user you should have a little bit of CPU power and some memory. I
you have enough of both (Athlon XP 1700+ or higher and 2 Gigs of RAM) you
should be able to get up to 2048 simultaneous users. Thats my estimation.

I should say that our users are "normal" internet users. They are simply
surfing, are just connected to receive ICQ messages and not all users are
downloading much data at the same time. We have about 10% of
"hardcore-users", which are transferring much data.

So if your users are all transfering much data, you maybe end up with a
lower maximum number of users. I should also say that I do not force any
encryption. I leave it to the user to user no/40/128 Bit encryption.

I just estimated the number of encrypted and unencrypted connections at our
VPN-server: one third is using encryption. About 60% of this users are using
40Bit and 40% is using 128Bit.

We plan to set up 6 VPN-Server for our hole network, so that these servers
are not the bottleneck of our network connection (GBit to university
Backbone and 100MBit to the internet). Currently 1300 possible users are
using our VPN-Server. Our hole network includes about 4000 users.

Torge Szczepanek



From jnc at empolis.co.uk  Tue Jan 15 03:00:18 2002
From: jnc at empolis.co.uk (Julian Cowell)
Date: Tue, 15 Jan 2002 09:00:18 -0000
Subject: [pptp-server] linux-2.4.16-openssl-0.9.6b-mppe.patch
Message-ID: <8FC4E7C302A6A64AAD5DB1FA0E825DEB158639@hendrix.empolisuk.com>

Hi,
Some confusion here, he said,

linux-2.4.4-openssl-0.9.6b-mppe.patch

is that 0.9.6 "b" or "a" because  "2.4.4"

have to watch those tricky numbers

I wanted to know, really, what does 2.4.16 0.9.6 b give us ?

J


-----Original Message-----
From: Jerry Vonau [mailto:jvonau at home.com]
Sent: 15 January 2002 01:36
To: Julian Cowell
Cc: Pptp (E-mail)
Subject: Re: [pptp-server] linux-2.4.16-openssl-0.9.6b-mppe.patch


Julian:

I have the same setup as VLADIMIR...
Mine compiled fine.....

Might be looking for the mppe modules 
that are not there yet.

I patched and compiled pppd first.
Start with a fresh tarball to patch,
redhat's version of pppd is a little
strange... heard bad things..

Then the kernel patch and compile.

Might make a difference, not to sure....

Jerry Vonau


Julian Cowell wrote:
> 
> yep, I've also compiled and working Ok with the 2.4.4 patch.
> I've tried various other kernel versions as well,
> Valid question
> "Is it crucial to recompile the 2.4.16 kernel with newer patch?"
> May be I should of asked this first !
> 
> joolls
> 
> -----Original Message-----
> From: Vladimir Strezhnev [mailto:vlast at indivisuallearning.com]
> Sent: 14 January 2002 16:15
> To: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] linux-2.4.16-openssl-0.9.6b-mppe.patch
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Were using 2.4.16 kernel patched with linux
> -2.4.4-openssl-0.9.6b-mppe.patch
> on RH7.1
> Everything including modules compiled cleanly and pptp works OK
> What changes were made to 2.4.16 patch compared to 2.4.4 patch
> Is it crucial to recompile the 2.4.16 kernel with newer patch?
> 
> > Has anyone else managed to successfully patch and compile a 2.4.16
> > kernel with this patch ?
> > It seems to patch OK, but "make modules" gets upset
> > anyone else having issues ?
> >
> > tar   joolls

_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.

_____________________________________________________________________
This message has been checked for all known viruses by the MessageLabs Virus Scanning Service.


From Steve at SteveCowles.com  Tue Jan 15 06:39:31 2002
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Tue, 15 Jan 2002 06:39:31 -0600
Subject: [pptp-server] PPTP, and windows PDCs
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9E9@defiant.infohiiway.com>

> -----Original Message-----
> From: Hellings, Ross [mailto:rhelling at bechtel.com]
> Sent: Tuesday, January 15, 2002 12:41 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] PPTP, and windows PDCs
> 
> 
> Does anybody know how to make PPTP get its usernames and 
> password from a NT server, eg. win2000 PDC, or from a windows
> domain.  The network that we want to implement this on is a
> purely NT network (disgusting), and we dont really want to
> have to add individually users for access to PPTP, and change
> there passwords all the time, we need the synchronization in
> the entire domain (containing over 50,000 users), and we want
> all users to be able to use PPTP.
> 
> Any ideas?

Ross,

The short answer to your question is No, PoPToP (really pppd) cannot be
configured to authenticate against a Windows based PDC at this time. 

FWIW: There have been many discussions in the past on "how" to implement
PoPToP->NT authentication functionality, so if your interested, check the
archives.

Steve Cowles


From lists at earthling.2y.net  Tue Jan 15 14:32:28 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Tue, 15 Jan 2002 15:32:28 -0500 (EST)
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to 
 Encryption???
In-Reply-To: <20020115005106.D3061ACF6@mail.shorewall.net>
Message-ID: <Pine.LNX.4.33.0201151532220.5345-100000@earthling.2y.net>

For mppe stateless to work, I think (its been a while), you have to have
both sides supporting mppe for it to work at all because the next
packet's encryption is based off the previous packet.  I may be wrong, as
I said its been a while.  That is why when you start loosing packets with
stateless, the ppp session has to stop and renegotiate encryption.

On Mon, 14 Jan 2002, Tom Eastep wrote:

> On Monday 14 January 2002 04:20 pm, Jerry Vonau wrote:
> > Hey all:
> > >>MPPE 128 bit, stateless receive compression enabled<<
> >
> > Is the receive part not an error?? That would suggest
> > that encryption is for receive only, not transmit....
> >
> > Should it not be:
> >
> > MPPE 128 bit, stateless compression enabled
> >
> > Just a thought....
> >
>
> Good catch Jerry -- none of the instances of this message in my logs contains
> the "receive" bit. George didn't say what version of the PPTP components he's
> running though...
>
> -Tom
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From charlieb at e-smith.com  Tue Jan 15 14:25:52 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Tue, 15 Jan 2002 15:25:52 -0500 (EST)
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to 
 Encryption???
In-Reply-To: <Pine.LNX.4.33.0201151532220.5345-100000@earthling.2y.net>
Message-ID: <Pine.LNX.4.33.0201151518150.1900-100000@vegemite.ottawa.e-smith.com>

On Tue, 15 Jan 2002 lists at earthling.2y.net wrote:

> For mppe stateless to work, I think (its been a while), you have to have
> both sides supporting mppe for it to work at all because the next

You always need both sides supporting mppe for it to work.

The central issue here though is whether encryption is used in one
direction or in both. Usually you will want both.

> packet's encryption is based off the previous packet.  I may be wrong, as
> I said its been a while.  That is why when you start loosing packets with
> stateless, the ppp session has to stop and renegotiate encryption.
> 
> On Mon, 14 Jan 2002, Tom Eastep wrote:
> 
> > On Monday 14 January 2002 04:20 pm, Jerry Vonau wrote:
> > > Hey all:
> > > >>MPPE 128 bit, stateless receive compression enabled<<
> > >
> > > Is the receive part not an error?? That would suggest
> > > that encryption is for receive only, not transmit....
> > >
> > > Should it not be:
> > >
> > > MPPE 128 bit, stateless compression enabled

It depends entirely on what is negotiated, which in turn depends entirely 
on the options selected at each end of the link.

Here is the relevant code; as you can see there are three different 
possibilities:

...
    ccp_flags_set(f->unit, 1, 1);
    if (ANY_COMPRESS(*go)) {
        if (ANY_COMPRESS(*ho)) {
            if (go->method == ho->method) {
                notice("%s compression enabled", method_name(go, ho));
            } else {
                strlcpy(method1, method_name(go, NULL), sizeof(method1));
                notice("%s / %s compression enabled",
                       method1, method_name(ho, NULL));
            }
        } else
            notice("%s receive compression enabled", method_name(go, NULL));
    } else if (ANY_COMPRESS(*ho))
        notice("%s transmit compression enabled", method_name(ho, NULL));
...

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From GeorgeV at citadelcomputer.com.au  Tue Jan 15 15:35:28 2002
From: GeorgeV at citadelcomputer.com.au (George Vieira)
Date: Wed, 16 Jan 2002 08:35:28 +1100
Subject: [pptp-server] RE: [SLUG] PPPD and C source -Tracking that External IP....
Message-ID: <200FAA488DE0D41194F10010B597610D2B9588@JUPITER>

I've done a little more research and found that there is no link between
PPTP and PPPD which is traceable.. The only thing I can now think of is to
make PPTP to pass the ipparam parameter to PPPD then it can be tracked
back..eg.

1) VPN client connects from address 141.x.x.x
2) PPTPD accepts the connection
3) PPTPD creates a /var/run/pptpd-link0 and stores the external IP into it 
     (more client connections become -link1, -link2, etc)
4) PPTPD forks PPPD using: pppd blah blah blah ipparam ${ipparam}-link0
     (Note: Incase the user already uses ipparam it is passed and "-link0"
is added to it.ie. mypptp-link0)
5) PPPD starts up and uses the ipparam passed by PPTP and possibly anything
else the user sent ( ${ipparam} ).

PPPD ip-up.local can then determine from the ipparam parameter what the IP
address is from the file containing the true IP address of the client
(/var/run/pptp-link0) ...

#  ip-up.local  (example)

#!/bin/sh
LINK=`echo "$6" | cut -f 2 -d "-"`
REALIP=`cat /var/run/pptpd-$LINK`

This sounds like it'll work without modifying the PPPD source code but has
created alot more tweaking on the PPTPD source side... Worst thing is I have
not coded C in 10 years and it's changed alot to me..

Now for the hard part......

thanks,
George Vieira
Systems Manager
Citadel Computer Systems P/L
http://www.citadelcomputer.com.au


From jef at linuxbe.org  Tue Jan 15 15:45:02 2002
From: jef at linuxbe.org (Jean-Francois Dive)
Date: Wed, 16 Jan 2002 08:45:02 +1100 (EST)
Subject: [pptp-server] RE: [SLUG] PPPD and C source -Tracking that External IP....
In-Reply-To: <200FAA488DE0D41194F10010B597610D2B9588@JUPITER>
Message-ID: <Pine.LNX.4.33.0201160843510.874-100000@gardafou.k-net.eu.org>

what you look for is a serie like:

pid = fork();

if(pid != parentPid) {
// we are in the child
  excve(pppd);
}

probably.

JeF
On Wed, 16 Jan 2002, George Vieira wrote:

> I've done a little more research and found that there is no link between
> PPTP and PPPD which is traceable.. The only thing I can now think of is to
> make PPTP to pass the ipparam parameter to PPPD then it can be tracked
> back..eg.
>
> 1) VPN client connects from address 141.x.x.x
> 2) PPTPD accepts the connection
> 3) PPTPD creates a /var/run/pptpd-link0 and stores the external IP into it
>      (more client connections become -link1, -link2, etc)
> 4) PPTPD forks PPPD using: pppd blah blah blah ipparam ${ipparam}-link0
>      (Note: Incase the user already uses ipparam it is passed and "-link0"
> is added to it.ie. mypptp-link0)
> 5) PPPD starts up and uses the ipparam passed by PPTP and possibly anything
> else the user sent ( ${ipparam} ).
>
> PPPD ip-up.local can then determine from the ipparam parameter what the IP
> address is from the file containing the true IP address of the client
> (/var/run/pptp-link0) ...
>
> #  ip-up.local  (example)
>
> #!/bin/sh
> LINK=`echo "$6" | cut -f 2 -d "-"`
> REALIP=`cat /var/run/pptpd-$LINK`
>
> This sounds like it'll work without modifying the PPPD source code but has
> created alot more tweaking on the PPTPD source side... Worst thing is I have
> not coded C in 10 years and it's changed alot to me..
>
> Now for the hard part......
>
> thanks,
> George Vieira
> Systems Manager
> Citadel Computer Systems P/L
> http://www.citadelcomputer.com.au
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://lists.slug.org.au/listinfo/slug
>



From jvonau at home.com  Tue Jan 15 22:24:59 2002
From: jvonau at home.com (Jerry Vonau)
Date: Tue, 15 Jan 2002 22:24:59 -0600
Subject: [pptp-server] RE: [SLUG] PPPD and C source -Tracking that External 
 IP....
References: <200FAA488DE0D41194F10010B597610D2B9588@JUPITER>
Message-ID: <3C45009B.D66B3EA7@home.com>

George:

I found this little hack to work for me.

Try in /etc/ppp/ip-up.local:

sleep 1
EXTIP= tail /var/log/messages | grep Client | awk '{ print
$8}' 
echo $EXTIP > /var/run/$1.idip

In /ip-down.local:

rm /var/run/pptpd/$1.idip  

Should give you the ipaddress in a file /var/run/ppp?.idip 
The $8 controls which part of the string to view,
might need to be adjusted. The EXTIP can then be used 
elsewhere in the script.


if [ $EXTIP='xxx.xxx.xxx.xxx' ]; then
/sbin/route add -net 10.4.0.0 netmask 255.255.255.0 dev $1

fi                                                          

or maybe: 

case $EXTIP in
xxx.xxx.xxx.xxx)
/sbin/route add -net 10.4.0.0 netmask 255.255.255.0 dev $1
 ...
;;

yyy.yyy.yyy.yyy)
/sbin/route add -net 10.5.0.0 netmask 255.255.255.0 dev $1
 ...
;;

esac


should setup the routes... 

Hope it helps....

Jerry Vonau




George Vieira wrote:
> 
> I've done a little more research and found that there is no link between
> PPTP and PPPD which is traceable.. The only thing I can now think of is to
> make PPTP to pass the ipparam parameter to PPPD then it can be tracked
> back..eg.
> 
> 1) VPN client connects from address 141.x.x.x
> 2) PPTPD accepts the connection
> 3) PPTPD creates a /var/run/pptpd-link0 and stores the external IP into it
>      (more client connections become -link1, -link2, etc)
> 4) PPTPD forks PPPD using: pppd blah blah blah ipparam ${ipparam}-link0
>      (Note: Incase the user already uses ipparam it is passed and "-link0"
> is added to it.ie. mypptp-link0)
> 5) PPPD starts up and uses the ipparam passed by PPTP and possibly anything
> else the user sent ( ${ipparam} ).
> 
> PPPD ip-up.local can then determine from the ipparam parameter what the IP
> address is from the file containing the true IP address of the client
> (/var/run/pptp-link0) ...
> 
> #  ip-up.local  (example)
> 
> #!/bin/sh
> LINK=`echo "$6" | cut -f 2 -d "-"`
> REALIP=`cat /var/run/pptpd-$LINK`
> 
> This sounds like it'll work without modifying the PPPD source code but has
> created alot more tweaking on the PPTPD source side... Worst thing is I have
> not coded C in 10 years and it's changed alot to me..
> 
> Now for the hard part......
> 
> thanks,
> George Vieira
> Systems Manager
> Citadel Computer Systems P/L
> http://www.citadelcomputer.com.au
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From jvonau at home.com  Tue Jan 15 22:45:55 2002
From: jvonau at home.com (Jerry Vonau)
Date: Tue, 15 Jan 2002 22:45:55 -0600
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to 
 Encryption???
References: <Pine.LNX.4.33.0201151518150.1900-100000@vegemite.ottawa.e-smith.com>
Message-ID: <3C450583.DD3303AC@home.com>

Hey All:

I was able to duplicate the "receive" problem.

I was using a linux client that had the mppe 
support, but didn't state that on the command 
line or on the options file.

So there is something else to watch out for when
using the linux client.... 

On a different note, anybody have a require
encryption patch for 2.4.1?

Jerry Vonau    

Charlie Brady wrote:
> 
> On Tue, 15 Jan 2002 lists at earthling.2y.net wrote:
> 
> > For mppe stateless to work, I think (its been a while), you have to have
> > both sides supporting mppe for it to work at all because the next
> 
> You always need both sides supporting mppe for it to work.
> 
> The central issue here though is whether encryption is used in one
> direction or in both. Usually you will want both.
> 
> > packet's encryption is based off the previous packet.  I may be wrong, as
> > I said its been a while.  That is why when you start loosing packets with
> > stateless, the ppp session has to stop and renegotiate encryption.
> >
> > On Mon, 14 Jan 2002, Tom Eastep wrote:
> >
> > > On Monday 14 January 2002 04:20 pm, Jerry Vonau wrote:
> > > > Hey all:
> > > > >>MPPE 128 bit, stateless receive compression enabled<<
> > > >
> > > > Is the receive part not an error?? That would suggest
> > > > that encryption is for receive only, not transmit....
> > > >
> > > > Should it not be:
> > > >
> > > > MPPE 128 bit, stateless compression enabled
> 
> It depends entirely on what is negotiated, which in turn depends entirely
> on the options selected at each end of the link.
> 
> Here is the relevant code; as you can see there are three different
> possibilities:
> 
> ...
>     ccp_flags_set(f->unit, 1, 1);
>     if (ANY_COMPRESS(*go)) {
>         if (ANY_COMPRESS(*ho)) {
>             if (go->method == ho->method) {
>                 notice("%s compression enabled", method_name(go, ho));
>             } else {
>                 strlcpy(method1, method_name(go, NULL), sizeof(method1));
>                 notice("%s / %s compression enabled",
>                        method1, method_name(ho, NULL));
>             }
>         } else
>             notice("%s receive compression enabled", method_name(go, NULL));
>     } else if (ANY_COMPRESS(*ho))
>         notice("%s transmit compression enabled", method_name(ho, NULL));
> ...
> 
> --
> Charlie Brady                         charlieb at e-smith.com
> Lead Product Developer
> Network Server Solutions Group        http://www.e-smith.com/
> Mitel Networks Corporation            http://www.mitel.com/
> Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From GeorgeV at citadelcomputer.com.au  Tue Jan 15 22:50:33 2002
From: GeorgeV at citadelcomputer.com.au (George Vieira)
Date: Wed, 16 Jan 2002 15:50:33 +1100
Subject: [pptp-server] RE: [SLUG] PPPD and C source -Tracking that Ext
	ernal  IP....
Message-ID: <200FAA488DE0D41194F10010B597610D2B9591@JUPITER>

As much as this works for you it won't for me as I have more than one client
connecting.. your code can stuff up if you get 2 clients connecting almost
at the same time.. may never happen but it can happen..

The code I'm currently using and have posted (archives) before works well
which uses the PID of the PPPD running and then searches the parent who
called it which with a ps -ef it'll come up with the client IP there... this
works no matter how many people connect at the same time..

I was hoping to patch PPTPD to make it handle it alot better than bash
scripts.... that's all.. it's been 10 years since  coded C++ and I'm not
game enough to try it..


> -----Original Message-----
> From:	Jerry Vonau [SMTP:jvonau at home.com]
> Sent:	Wednesday, January 16, 2002 3:25 PM
> To:	George Vieira; pptp-server at lists.schulte.org
> Subject:	Re: [pptp-server] RE: [SLUG] PPPD and C source -Tracking
> that External  IP....
> 
> George:
> 
> I found this little hack to work for me.
> 
> Try in /etc/ppp/ip-up.local:
> 
> sleep 1
> EXTIP= tail /var/log/messages | grep Client | awk '{ print
> $8}' 
> echo $EXTIP > /var/run/$1.idip
> 
> In /ip-down.local:
> 
> rm /var/run/pptpd/$1.idip  
> 
> Should give you the ipaddress in a file /var/run/ppp?.idip 
> The $8 controls which part of the string to view,
> might need to be adjusted. The EXTIP can then be used 
> elsewhere in the script.
> 
> 
> if [ $EXTIP='xxx.xxx.xxx.xxx' ]; then
> /sbin/route add -net 10.4.0.0 netmask 255.255.255.0 dev $1
> 
> fi                                                          
> 
> or maybe: 
> 
> case $EXTIP in
> xxx.xxx.xxx.xxx)
> /sbin/route add -net 10.4.0.0 netmask 255.255.255.0 dev $1
>  ...
> ;;
> 
> yyy.yyy.yyy.yyy)
> /sbin/route add -net 10.5.0.0 netmask 255.255.255.0 dev $1
>  ...
> ;;
> 
> esac
> 
> 
> should setup the routes... 
> 
> Hope it helps....
> 
> Jerry Vonau
> 
> 
> 
> 
> George Vieira wrote:
> > 
> > I've done a little more research and found that there is no link between
> > PPTP and PPPD which is traceable.. The only thing I can now think of is
> to
> > make PPTP to pass the ipparam parameter to PPPD then it can be tracked
> > back..eg.
> > 
> > 1) VPN client connects from address 141.x.x.x
> > 2) PPTPD accepts the connection
> > 3) PPTPD creates a /var/run/pptpd-link0 and stores the external IP into
> it
> >      (more client connections become -link1, -link2, etc)
> > 4) PPTPD forks PPPD using: pppd blah blah blah ipparam ${ipparam}-link0
> >      (Note: Incase the user already uses ipparam it is passed and
> "-link0"
> > is added to it.ie. mypptp-link0)
> > 5) PPPD starts up and uses the ipparam passed by PPTP and possibly
> anything
> > else the user sent ( ${ipparam} ).
> > 
> > PPPD ip-up.local can then determine from the ipparam parameter what the
> IP
> > address is from the file containing the true IP address of the client
> > (/var/run/pptp-link0) ...
> > 
> > #  ip-up.local  (example)
> > 
> > #!/bin/sh
> > LINK=`echo "$6" | cut -f 2 -d "-"`
> > REALIP=`cat /var/run/pptpd-$LINK`
> > 
> > This sounds like it'll work without modifying the PPPD source code but
> has
> > created alot more tweaking on the PPTPD source side... Worst thing is I
> have
> > not coded C in 10 years and it's changed alot to me..
> > 
> > Now for the hard part......
> > 
> > thanks,
> > George Vieira
> > Systems Manager
> > Citadel Computer Systems P/L
> > http://www.citadelcomputer.com.au
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --


From lists at earthling.2y.net  Tue Jan 15 23:10:12 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Wed, 16 Jan 2002 00:10:12 -0500 (EST)
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to 
 Encryption???
In-Reply-To: <3C450583.DD3303AC@home.com>
Message-ID: <Pine.LNX.4.33.0201160009010.5345-100000@earthling.2y.net>

Sorry, No, I don't have the patch.  But, you could just delete the other
cases in the pppd source, and make the default case to drop the conn with
the desired error message.


 On Tue, 15 Jan 2002, Jerry Vonau wrote:

> Hey All:
>
> I was able to duplicate the "receive" problem.
>
> I was using a linux client that had the mppe
> support, but didn't state that on the command
> line or on the options file.
>
> So there is something else to watch out for when
> using the linux client....
>
> On a different note, anybody have a require
> encryption patch for 2.4.1?
>
> Jerry Vonau
>
> Charlie Brady wrote:
> >
> > On Tue, 15 Jan 2002 lists at earthling.2y.net wrote:
> >
> > > For mppe stateless to work, I think (its been a while), you have to have
> > > both sides supporting mppe for it to work at all because the next
> >
> > You always need both sides supporting mppe for it to work.
> >
> > The central issue here though is whether encryption is used in one
> > direction or in both. Usually you will want both.
> >
> > > packet's encryption is based off the previous packet.  I may be wrong, as
> > > I said its been a while.  That is why when you start loosing packets with
> > > stateless, the ppp session has to stop and renegotiate encryption.
> > >
> > > On Mon, 14 Jan 2002, Tom Eastep wrote:
> > >
> > > > On Monday 14 January 2002 04:20 pm, Jerry Vonau wrote:
> > > > > Hey all:
> > > > > >>MPPE 128 bit, stateless receive compression enabled<<
> > > > >
> > > > > Is the receive part not an error?? That would suggest
> > > > > that encryption is for receive only, not transmit....
> > > > >
> > > > > Should it not be:
> > > > >
> > > > > MPPE 128 bit, stateless compression enabled
> >
> > It depends entirely on what is negotiated, which in turn depends entirely
> > on the options selected at each end of the link.
> >
> > Here is the relevant code; as you can see there are three different
> > possibilities:
> >
> > ...
> >     ccp_flags_set(f->unit, 1, 1);
> >     if (ANY_COMPRESS(*go)) {
> >         if (ANY_COMPRESS(*ho)) {
> >             if (go->method == ho->method) {
> >                 notice("%s compression enabled", method_name(go, ho));
> >             } else {
> >                 strlcpy(method1, method_name(go, NULL), sizeof(method1));
> >                 notice("%s / %s compression enabled",
> >                        method1, method_name(ho, NULL));
> >             }
> >         } else
> >             notice("%s receive compression enabled", method_name(go, NULL));
> >     } else if (ANY_COMPRESS(*ho))
> >         notice("%s transmit compression enabled", method_name(ho, NULL));
> > ...
> >
> > --
> > Charlie Brady                         charlieb at e-smith.com
> > Lead Product Developer
> > Network Server Solutions Group        http://www.e-smith.com/
> > Mitel Networks Corporation            http://www.mitel.com/
> > Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From GeorgeV at citadelcomputer.com.au  Tue Jan 15 23:01:54 2002
From: GeorgeV at citadelcomputer.com.au (George Vieira)
Date: Wed, 16 Jan 2002 16:01:54 +1100
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to  Encr
	yption???
Message-ID: <200FAA488DE0D41194F10010B597610D2B9592@JUPITER>

Google.com is your friend

a search for   +pptpd +"require-mppe" +"2.4" gave me a few sites... one
looking promising was :


http://www.shorewall.net/PPTP.htm




> -----Original Message-----
> From:	lists at earthling.2y.net [SMTP:lists at earthling.2y.net]
> Sent:	Wednesday, January 16, 2002 4:10 PM
> To:	Jerry Vonau
> Cc:	Charlie Brady; Tom Eastep; PPTP List (E-mail); George Vieira
> Subject:	Re: [pptp-server] MPPE 128 Bit Compression?? What happen to
> Encryption???
> 
> Sorry, No, I don't have the patch.  But, you could just delete the other
> cases in the pppd source, and make the default case to drop the conn with
> the desired error message.
> 
> 
>  On Tue, 15 Jan 2002, Jerry Vonau wrote:
> 
> > Hey All:
> >
> > I was able to duplicate the "receive" problem.
> >
> > I was using a linux client that had the mppe
> > support, but didn't state that on the command
> > line or on the options file.
> >
> > So there is something else to watch out for when
> > using the linux client....
> >
> > On a different note, anybody have a require
> > encryption patch for 2.4.1?
> >
> > Jerry Vonau
> >
> > Charlie Brady wrote:
> > >
> > > On Tue, 15 Jan 2002 lists at earthling.2y.net wrote:
> > >
> > > > For mppe stateless to work, I think (its been a while), you have to
> have
> > > > both sides supporting mppe for it to work at all because the next
> > >
> > > You always need both sides supporting mppe for it to work.
> > >
> > > The central issue here though is whether encryption is used in one
> > > direction or in both. Usually you will want both.
> > >
> > > > packet's encryption is based off the previous packet.  I may be
> wrong, as
> > > > I said its been a while.  That is why when you start loosing packets
> with
> > > > stateless, the ppp session has to stop and renegotiate encryption.
> > > >
> > > > On Mon, 14 Jan 2002, Tom Eastep wrote:
> > > >
> > > > > On Monday 14 January 2002 04:20 pm, Jerry Vonau wrote:
> > > > > > Hey all:
> > > > > > >>MPPE 128 bit, stateless receive compression enabled<<
> > > > > >
> > > > > > Is the receive part not an error?? That would suggest
> > > > > > that encryption is for receive only, not transmit....
> > > > > >
> > > > > > Should it not be:
> > > > > >
> > > > > > MPPE 128 bit, stateless compression enabled
> > >
> > > It depends entirely on what is negotiated, which in turn depends
> entirely
> > > on the options selected at each end of the link.
> > >
> > > Here is the relevant code; as you can see there are three different
> > > possibilities:
> > >
> > > ...
> > >     ccp_flags_set(f->unit, 1, 1);
> > >     if (ANY_COMPRESS(*go)) {
> > >         if (ANY_COMPRESS(*ho)) {
> > >             if (go->method == ho->method) {
> > >                 notice("%s compression enabled", method_name(go, ho));
> > >             } else {
> > >                 strlcpy(method1, method_name(go, NULL),
> sizeof(method1));
> > >                 notice("%s / %s compression enabled",
> > >                        method1, method_name(ho, NULL));
> > >             }
> > >         } else
> > >             notice("%s receive compression enabled", method_name(go,
> NULL));
> > >     } else if (ANY_COMPRESS(*ho))
> > >         notice("%s transmit compression enabled", method_name(ho,
> NULL));
> > > ...
> > >
> > > --
> > > Charlie Brady                         charlieb at e-smith.com
> > > Lead Product Developer
> > > Network Server Solutions Group        http://www.e-smith.com/
> > > Mitel Networks Corporation            http://www.mitel.com/
> > > Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > --- To unsubscribe, go to the url just above this line. --
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> >
> 
> -- 
> Justin Kreger, MCP MCSE CCNA
> jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net
> 


From GeorgeV at citadelcomputer.com.au  Tue Jan 15 23:03:56 2002
From: GeorgeV at citadelcomputer.com.au (George Vieira)
Date: Wed, 16 Jan 2002 16:03:56 +1100
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to  Encr
	yption???
Message-ID: <200FAA488DE0D41194F10010B597610D2B9593@JUPITER>

Hmm.. just went through it and found they talk about 2.4 PPPD and yet it was
2.3.11 for require-mppe... bit dumb...

how hard would it be to make the changes manually... argh!!! I guess not.

> -----Original Message-----
> From:	lists at earthling.2y.net [SMTP:lists at earthling.2y.net]
> Sent:	Wednesday, January 16, 2002 4:10 PM
> To:	Jerry Vonau
> Cc:	Charlie Brady; Tom Eastep; PPTP List (E-mail); George Vieira
> Subject:	Re: [pptp-server] MPPE 128 Bit Compression?? What happen to
> Encryption???
> 
> Sorry, No, I don't have the patch.  But, you could just delete the other
> cases in the pppd source, and make the default case to drop the conn with
> the desired error message.
> 
> 
>  On Tue, 15 Jan 2002, Jerry Vonau wrote:
> 
> > Hey All:
> >
> > I was able to duplicate the "receive" problem.
> >
> > I was using a linux client that had the mppe
> > support, but didn't state that on the command
> > line or on the options file.
> >
> > So there is something else to watch out for when
> > using the linux client....
> >
> > On a different note, anybody have a require
> > encryption patch for 2.4.1?
> >
> > Jerry Vonau
> >
> > Charlie Brady wrote:
> > >
> > > On Tue, 15 Jan 2002 lists at earthling.2y.net wrote:
> > >
> > > > For mppe stateless to work, I think (its been a while), you have to
> have
> > > > both sides supporting mppe for it to work at all because the next
> > >
> > > You always need both sides supporting mppe for it to work.
> > >
> > > The central issue here though is whether encryption is used in one
> > > direction or in both. Usually you will want both.
> > >
> > > > packet's encryption is based off the previous packet.  I may be
> wrong, as
> > > > I said its been a while.  That is why when you start loosing packets
> with
> > > > stateless, the ppp session has to stop and renegotiate encryption.
> > > >
> > > > On Mon, 14 Jan 2002, Tom Eastep wrote:
> > > >
> > > > > On Monday 14 January 2002 04:20 pm, Jerry Vonau wrote:
> > > > > > Hey all:
> > > > > > >>MPPE 128 bit, stateless receive compression enabled<<
> > > > > >
> > > > > > Is the receive part not an error?? That would suggest
> > > > > > that encryption is for receive only, not transmit....
> > > > > >
> > > > > > Should it not be:
> > > > > >
> > > > > > MPPE 128 bit, stateless compression enabled
> > >
> > > It depends entirely on what is negotiated, which in turn depends
> entirely
> > > on the options selected at each end of the link.
> > >
> > > Here is the relevant code; as you can see there are three different
> > > possibilities:
> > >
> > > ...
> > >     ccp_flags_set(f->unit, 1, 1);
> > >     if (ANY_COMPRESS(*go)) {
> > >         if (ANY_COMPRESS(*ho)) {
> > >             if (go->method == ho->method) {
> > >                 notice("%s compression enabled", method_name(go, ho));
> > >             } else {
> > >                 strlcpy(method1, method_name(go, NULL),
> sizeof(method1));
> > >                 notice("%s / %s compression enabled",
> > >                        method1, method_name(ho, NULL));
> > >             }
> > >         } else
> > >             notice("%s receive compression enabled", method_name(go,
> NULL));
> > >     } else if (ANY_COMPRESS(*ho))
> > >         notice("%s transmit compression enabled", method_name(ho,
> NULL));
> > > ...
> > >
> > > --
> > > Charlie Brady                         charlieb at e-smith.com
> > > Lead Product Developer
> > > Network Server Solutions Group        http://www.e-smith.com/
> > > Mitel Networks Corporation            http://www.mitel.com/
> > > Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > --- To unsubscribe, go to the url just above this line. --
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> >
> 
> -- 
> Justin Kreger, MCP MCSE CCNA
> jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net
> 


From lists at earthling.2y.net  Tue Jan 15 23:35:48 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Wed, 16 Jan 2002 00:35:48 -0500 (EST)
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to  Encr
 yption???
In-Reply-To: <200FAA488DE0D41194F10010B597610D2B9593@JUPITER>
Message-ID: <Pine.LNX.4.33.0201160032480.5345-100000@earthling.2y.net>

Most likely, the same patch will work.  There are not many diffrences in
the areas that the patchs patch.

I would quickly generate a quick and dirty little patch, but i dont even
have mppe working right now because on my system, I set it up so one
has to establish a host-to-host ipsec connection before they can pptp,
so the data is allready encrypted by ipsec.

-Justin Kreger

 On Wed, 16 Jan 2002, George
Vieira wrote:

> Hmm.. just went through it and found they talk about 2.4 PPPD and yet it was
> 2.3.11 for require-mppe... bit dumb...
>
> how hard would it be to make the changes manually... argh!!! I guess not.
>
> > -----Original Message-----
> > From:	lists at earthling.2y.net [SMTP:lists at earthling.2y.net]
> > Sent:	Wednesday, January 16, 2002 4:10 PM
> > To:	Jerry Vonau
> > Cc:	Charlie Brady; Tom Eastep; PPTP List (E-mail); George Vieira
> > Subject:	Re: [pptp-server] MPPE 128 Bit Compression?? What happen to
> > Encryption???
> >
> > Sorry, No, I don't have the patch.  But, you could just delete the other
> > cases in the pppd source, and make the default case to drop the conn with
> > the desired error message.
> >
> >
> >  On Tue, 15 Jan 2002, Jerry Vonau wrote:
> >
> > > Hey All:
> > >
> > > I was able to duplicate the "receive" problem.
> > >
> > > I was using a linux client that had the mppe
> > > support, but didn't state that on the command
> > > line or on the options file.
> > >
> > > So there is something else to watch out for when
> > > using the linux client....
> > >
> > > On a different note, anybody have a require
> > > encryption patch for 2.4.1?
> > >
> > > Jerry Vonau
> > >
> > > Charlie Brady wrote:
> > > >
> > > > On Tue, 15 Jan 2002 lists at earthling.2y.net wrote:
> > > >
> > > > > For mppe stateless to work, I think (its been a while), you have to
> > have
> > > > > both sides supporting mppe for it to work at all because the next
> > > >
> > > > You always need both sides supporting mppe for it to work.
> > > >
> > > > The central issue here though is whether encryption is used in one
> > > > direction or in both. Usually you will want both.
> > > >
> > > > > packet's encryption is based off the previous packet.  I may be
> > wrong, as
> > > > > I said its been a while.  That is why when you start loosing packets
> > with
> > > > > stateless, the ppp session has to stop and renegotiate encryption.
> > > > >
> > > > > On Mon, 14 Jan 2002, Tom Eastep wrote:
> > > > >
> > > > > > On Monday 14 January 2002 04:20 pm, Jerry Vonau wrote:
> > > > > > > Hey all:
> > > > > > > >>MPPE 128 bit, stateless receive compression enabled<<
> > > > > > >
> > > > > > > Is the receive part not an error?? That would suggest
> > > > > > > that encryption is for receive only, not transmit....
> > > > > > >
> > > > > > > Should it not be:
> > > > > > >
> > > > > > > MPPE 128 bit, stateless compression enabled
> > > >
> > > > It depends entirely on what is negotiated, which in turn depends
> > entirely
> > > > on the options selected at each end of the link.
> > > >
> > > > Here is the relevant code; as you can see there are three different
> > > > possibilities:
> > > >
> > > > ...
> > > >     ccp_flags_set(f->unit, 1, 1);
> > > >     if (ANY_COMPRESS(*go)) {
> > > >         if (ANY_COMPRESS(*ho)) {
> > > >             if (go->method == ho->method) {
> > > >                 notice("%s compression enabled", method_name(go, ho));
> > > >             } else {
> > > >                 strlcpy(method1, method_name(go, NULL),
> > sizeof(method1));
> > > >                 notice("%s / %s compression enabled",
> > > >                        method1, method_name(ho, NULL));
> > > >             }
> > > >         } else
> > > >             notice("%s receive compression enabled", method_name(go,
> > NULL));
> > > >     } else if (ANY_COMPRESS(*ho))
> > > >         notice("%s transmit compression enabled", method_name(ho,
> > NULL));
> > > > ...
> > > >
> > > > --
> > > > Charlie Brady                         charlieb at e-smith.com
> > > > Lead Product Developer
> > > > Network Server Solutions Group        http://www.e-smith.com/
> > > > Mitel Networks Corporation            http://www.mitel.com/
> > > > Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
> > > >
> > > > _______________________________________________
> > > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > > --- To unsubscribe, go to the url just above this line. --
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > --- To unsubscribe, go to the url just above this line. --
> > >
> >
> > --
> > Justin Kreger, MCP MCSE CCNA
> > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net
> >
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From jhiggs at bigpond.net.au  Wed Jan 16 01:31:56 2002
From: jhiggs at bigpond.net.au (Jeremy Higgs)
Date: Wed, 16 Jan 2002 18:31:56 +1100
Subject: [pptp-server] PPTPD Authentication problems...
Message-ID: <B86B779C.6CF9%jhiggs@bigpond.net.au>

Hi everyone!

I'm still struggling with getting a PPTPD server going... I've been reading
up on a couple of things, and found that the error I found in my
/var/log/daemon.log file before was related to VPN Masquerading (could this
be because the IPs I have assigned in /etc/pptpd.conf are private? I'm
connecting from a firewall box on the client end [which has a public IP] to
another firewall box with a public IP), so I added the VPN MASQ patch to
both the server and client, enabling "CONFIG_IP_MASQUERADE_PPTP=y".

After rebooting both these boxes, I turned on 'debug' in /etc/ppp/options on
both machines, and also in /etc/pptpd.conf on the server.

When I connected with pptp from the client, machine, I got a whole lot of
errors in /var/log/daemon.log, /var/log/messages and /var/log/debug, which
I've reproduced below, as well as various (relevant) config files. (A little
warning... Lots of text below!)

For 'piglet', the client machine (piglet.shacknet.nu):

--- /var/log/messages

Jan 16 18:03:26 piglet pppd[3558]: pppd 2.4.1 started by root, uid 0
Jan 16 18:03:26 piglet pppd[3558]: Using interface ppp0
Jan 16 18:03:26 piglet pppd[3558]: Connect: ppp0 <--> /dev/pts/1
Jan 16 18:03:29 piglet pppd[3558]: Connection terminated.
Jan 16 18:03:30 piglet pppd[3558]: Exit.

--- /var/log/daemon.log

Jan 16 18:03:25 piglet pptp[3555]:
log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:548]: Client connection
established.
Jan 16 18:03:26 piglet pptp[3555]:
log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:655]: Outgoing call established
(call ID 0, peer's call ID 0).
Jan 16 18:03:26 piglet modprobe: modprobe: Invalid line 84 in
/etc/modules.conf ^I/lib/modules/2.2.20
Jan 16 18:03:30 piglet pptp[3555]: log[callmgr_main:pptp_callmgr.c:240]:
Closing connection
Jan 16 18:03:30 piglet pptp[3555]: log[pptp_conn_close:pptp_ctrl.c:285]:
Closing PPTP connection
Jan 16 18:03:32 piglet pptp[3555]: log[call_callback:pptp_callmgr.c:88]:
Closing connection

--- /var/log/debug

Jan 16 18:03:26 piglet pppd[3558]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x1945c36f> <pcomp> <accomp>]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0xb0c49677> <pcomp> <accomp>]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0xb0c49677> <pcomp> <accomp>]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x1945c36f> <pcomp> <accomp>]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x1945c36f> <pcomp> <accomp>]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP EchoReq id=0x0
magic=0x1945c36f]
Jan 16 18:03:29 piglet pppd[3558]: sent [CHAP Challenge id=0x1
<8010a1cd2078b257824ee8048ed01fa2a1599b3d0f>, name = "piglet"]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP EchoReq id=0x0
magic=0xb0c49677]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP EchoRep id=0x0
magic=0x1945c36f]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [CHAP Challenge id=0x1
<5b6cbe281bb476ca0598ddef09a134b74b5031be1b>, name = "bluey"]
Jan 16 18:03:29 piglet pppd[3558]: sent [CHAP Response id=0x1
<8b8bc4909689269721eb01dfa5ba7619>, name = "piglet"]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP EchoRep id=0x0
magic=0xb0c49677]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [CHAP Response id=0x1
<16dcead8779087f338a04cf17929c6a7>, name = "bluey"]
Jan 16 18:03:29 piglet pppd[3558]: sent [CHAP Failure id=0x1 "I don't like
you.  Go 'way."]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP TermReq id=0x2 "Authentication
failed"]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [CHAP Failure id=0x1 "I don't like
you.  Go 'way."]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP TermReq id=0x2 "Authentication
failed"]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP TermAck id=0x2]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP TermAck id=0x2]

--- /etc/ppp/options

root at piglet:~# cat /etc/ppp/options
# /etc/ppp/options
# 
# Originally created by Jim Knoble <jmknoble at mercury.interpath.net>
# Modified for Debian by alvar Bray <alvar at meiko.co.uk>
# Modified for PPP Server setup by Christoph Lameter <clameter at debian.org>
#
# To quickly see what options are active in this file, use this command:
#   egrep -v '#|^ *$' /etc/ppp/options

# Specify which DNS Servers the incoming Win95 or WinNT Connection should
use
# Two Servers can be remotely configured
# ms-dns 192.168.1.1
# ms-dns 192.168.1.2

# Specify which WINS Servers the incoming connection Win95 or WinNT should
use
# ms-wins 192.168.1.50
# ms-wins 192.168.1.51

# Run the executable or shell command specified after pppd has
# terminated the link.  This script could, for example, issue commands
# to the modem to cause it to hang up if hardware modem control signals
# were not available.
#disconnect "chat -- \d+++\d\c OK ath0 OK"

# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it.  0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
asyncmap 0

# Require the peer to authenticate itself before allowing network
# packets to be sent or received.
# Please do not disable this setting. It is expected to be standard in
# future releases of pppd. Use the call option (see manpage) to disable
# authentication for specific peers.
auth

# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
crtscts

# Use software flow control (i.e. XON/XOFF) to control the flow of data
# on the serial port.
#xonxoff

# Specifies that certain characters should be escaped on transmission
# (regardless of whether the peer requests them to be escaped with its
# async control character map).  The characters to be escaped are
# specified as a list of hex numbers separated by commas.  Note that
# almost any character can be specified for the escape option, unlike
# the asyncmap option which only allows control characters to be
# specified.  The characters which may not be escaped are those with hex
# values 0x20 - 0x3f or 0x5e.
#escape 11,13,ff

# Don't use the modem control lines.
#local

# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock

# Don't show the passwords when logging the contents of PAP packets.
# This is the default.
hide-password

# When logging the contents of PAP packets, this option causes pppd to
# show the password string in the log message.
#show-password

# Use the modem control lines.  On Ultrix, this option implies hardware
# flow control, as for the crtscts option.  (This option is not fully
# implemented.)
modem

# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128.  The default MRU value is 1500.  A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data).
#mru 542

# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0

# Disables the default behaviour when no local IP address is specified,
# which is to determine (if possible) the local IP address from the
# hostname. With this option, the peer will have to supply the local IP
# address during IPCP negotiation (unless it specified explicitly on the
# command line or in an options file).
#noipdefault

# Enables the "passive" option in the LCP.  With this option, pppd will
# attempt to initiate a connection; if no reply is received from the
# peer, pppd will then just wait passively for a valid LCP packet from
# the peer (instead of exiting, as it does without this option).
#passive

# With this option, pppd will not transmit LCP packets to initiate a
# connection until a valid LCP packet is received from the peer (as for
# the "passive" option with old versions of pppd).
#silent

# Don't request or allow negotiation of any options for LCP and IPCP
# (use default values).
#-all

# Disable Address/Control compression negotiation (use default, i.e.
# address/control field disabled).
#-ac

# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
# all control characters).
#-am

# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#-detach

# Disable IP address negotiation (with this option, the remote IP
# address must be specified with an option on the command line or in
# an options file).
#-ip

# Disable IPCP negotiation and IP communication. This option should
# only be required if the peer is buggy and gets confused by requests
# from pppd for IPCP negotiation.
#noip

# Disable magic number negotiation.  With this option, pppd cannot
# detect a looped-back line.
#-mn

# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
# 1500).
#-mru

# Disable protocol field compression negotiation (use default, i.e.
# protocol field compression disabled).
#-pc

# Require the peer to authenticate itself using PAP.
#+pap

# Don't agree to authenticate using PAP.
#-pap

# Require the peer to authenticate itself using CHAP [Cryptographic
# Handshake Authentication Protocol] authentication.
#+chap

# Don't agree to authenticate using CHAP.
#-chap

# Disable negotiation of Van Jacobson style IP header compression (use
# default, i.e. no compression).
#-vj

# Increase debugging level (same as -d).  If this option is given, pppd
# will log the contents of all control packets sent or received in a
# readable form.  The packets are logged through syslog with facility
# daemon and level debug. This information can be directed to a file by
# setting up /etc/syslog.conf appropriately (see syslog.conf(5)).  (If
# pppd is compiled with extra debugging enabled, it will log messages
# using facility local2 instead of daemon).
debug

# Append the domain name <d> to the local host name for authentication
# purposes.  For example, if gethostname() returns the name porsche,
# but the fully qualified domain name is porsche.Quotron.COM, you would
# use the domain option to set the domain name to Quotron.COM.
#domain <d>

# Enable debugging code in the kernel-level PPP driver.  The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n

# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface.
#mtu <n>

# Set the name of the local system for authentication purposes to <n>.
# This is a privileged option. With this option, pppd will use lines in the
# secrets files which have <n> as the second field when looking for a
# secret to use in authenticating the peer. In addition, unless overridden
# with the user option, <n> will be used as the name to send to the peer
# when authenticating the local system to the peer. (Note that pppd does
# not append the domain name to <n>.)
#name <n>
name piglet

# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname

# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>

# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system.
proxyarp

# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont
work.
# login

# If this option is given, pppd will send an LCP echo-request frame to the
# peer every n seconds. Normally the peer should respond to the echo-request
# by sending an echo-reply. This option can be used with the
# lcp-echo-failure option to detect that the peer is no longer connected.
lcp-echo-interval 30

# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection.  Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4

# Set the LCP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#lcp-restart <n>

# Set the maximum number of LCP terminate-request transmissions to <n>
# (default 3).
#lcp-max-terminate <n>

# Set the maximum number of LCP configure-request transmissions to <n>
# (default 10).
#lcp-max-configure <n>

# Set the maximum number of LCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#lcp-max-failure <n>

# Set the IPCP restart interval (retransmission timeout) to <n>
# seconds (default 3).
#ipcp-restart <n>

# Set the maximum number of IPCP terminate-request transmissions to <n>
# (default 3).
#ipcp-max-terminate <n>

# Set the maximum number of IPCP configure-request transmissions to <n>
# (default 10).
#ipcp-max-configure <n>

# Set the maximum number of IPCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#ipcp-max-failure <n>

# Set the PAP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#pap-restart <n>

# Set the maximum number of PAP authenticate-request transmissions to
# <n> (default 10).
#pap-max-authreq <n>

# Set the maximum time that pppd will wait for the peer to authenticate
# itself with PAP to <n> seconds (0 means no limit).
#pap-timeout <n>

# Set the CHAP restart interval (retransmission timeout for
# challenges) to <n> seconds (default 3).
#chap-restart <n>

# Set the maximum number of CHAP challenge transmissions to <n>
# (default 10).
#chap-max-challenge

# If this option is given, pppd will rechallenge the peer every <n>
# seconds.
#chap-interval <n>

# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local

# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote

# Disable the IPXCP and IPX protocols.
# To let pppd pass IPX packets comment this out --- you'll probably also
# want to install ipxripd, and have the Internal IPX Network option enabled
# in your kernel.  /usr/doc/HOWTO/IPX-HOWTO.gz contains more info.
noipx

# Exit once a connection has been made and terminated. This is the default,
# unless the `persist' or `demand' option has been specified.
#nopersist

# Do not exit after a connection is terminated; instead try to reopen
# the connection.
#persist

# Terminate after n consecutive failed connection attempts.
# A value of 0 means no limit. The default value is 10.
#maxfail <n>

# Initiate the link only on demand, i.e. when data traffic is present.
# With this option, the remote IP address must be specified by the user on
# the command line or in an options file.  Pppd will initially configure
# the interface and enable it for IP traffic without connecting to the peer.
# When traffic is available, pppd will connect to the peer and perform
# negotiation, authentication, etc.  When this is completed, pppd will
# commence passing data packets (i.e., IP packets) across the link.
#demand

# Specifies that pppd should disconnect if the link is idle for <n> seconds.
# The link is idle when no data packets (i.e. IP packets) are being sent or
# received.  Note: it is not advisable to use this option with the persist
# option without the demand option.  If the active-filter option is given,
# data packets which are rejected by the specified activity filter also
# count as the link being idle.
#idle <n>

# Specifies how many seconds to wait before re-initiating the link after
# it terminates.  This option only has any effect if the persist or demand
# option is used.  The holdoff period is not applied if the link was
# terminated because it was idle.
#holdoff <n>

# Wait for up n milliseconds after the connect script finishes for a valid
# PPP packet from the peer.  At the end of this time, or when a valid PPP
# packet is received from the peer, pppd will commence negotiation by
# sending its first LCP packet.  The default value is 1000 (1 second).
# This wait period only applies if the connect or pty option is used.
#connect-delay <n>

# ---<End of File>---

--- /etc/ppp/chap-secrets (note: no newline after final "*")

root at piglet:~# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
bluey           piglet  "password1"             *
piglet          bluey   "password2"              *

---

For 'bluey', the server machine (cata.mine.nu):

--- /var/log/messages

Jan 16 18:03:18 cata pppd[13824]: pppd 2.4.1 started by root, uid 0
Jan 16 18:03:18 cata pppd[13824]: Using interface ppp1
Jan 16 18:03:18 cata pppd[13824]: Connect: ppp1 <--> /dev/pts/6
Jan 16 18:03:22 cata pppd[13824]: Connection terminated.
Jan 16 18:03:22 cata pppd[13824]: Exit.

--- /var/log/daemon.log

Jan 16 18:03:17 cata pptpd[13823]: MGR: Launching /usr/sbin/pptpctrl to
handle client
Jan 16 18:03:17 cata pptpd[13823]: CTRL: local address = 192.168.1.1
Jan 16 18:03:17 cata pptpd[13823]: CTRL: remote address = 192.168.1.11
Jan 16 18:03:17 cata pptpd[13823]: CTRL: pppd speed = 115200
Jan 16 18:03:17 cata pptpd[13823]: CTRL: pppd options file =
/etc/ppp/pptpd-options
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Client 144.132.140.185 control
connection started
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Received PPTP Control Message
(type: 1)
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Made a START CTRL CONN RPLY packet
Jan 16 18:03:17 cata pptpd[13823]: CTRL: I wrote 156 bytes to the client.
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Sent packet to client
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Received PPTP Control Message
(type: 7)
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Set parameters to 10000000 maxbps,
3 window size
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Made a OUT CALL RPLY packet
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Starting call (launching pppd,
opening GRE)
Jan 16 18:03:18 cata pptpd[13823]: CTRL: pty_fd = 5
Jan 16 18:03:18 cata pptpd[13823]: CTRL: tty_fd = 6
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): Connection speed =
115200
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): local address =
192.168.1.1
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): remote address =
192.168.1.11
Jan 16 18:03:18 cata pptpd[13823]: CTRL: I wrote 32 bytes to the client.
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Sent packet to client
Jan 16 18:03:18 cata modprobe: modprobe: Invalid line 82 in
/etc/modules.conf ^I/lib/modules/2.2.20/
Jan 16 18:03:20 cata pptpd[13823]: GRE: Discarding duplicate packet
Jan 16 18:03:22 cata pptpd[13823]: GRE: read(fd=5,buffer=10014e54,len=8196)
from PTY failed: status = -1 error = Input/output error
Jan 16 18:03:22 cata pptpd[13823]: CTRL: PTY read or GRE write failed
(pty,gre)=(5,6)
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Client 144.132.140.185 control
connection finished
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Exiting with active call
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Made a CALL DISCONNECT RPLY packet
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Couldn't write packet to client.
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Made a STOP CTRL REQ packet
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Couldn't write packet to client.
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Exiting now
Jan 16 18:03:22 cata pptpd[13707]: MGR: Reaped child 13823

--- /var/log/debug

Jan 16 18:03:17 cata pptpd[13823]: MGR: Launching /usr/sbin/pptpctrl to
handle client
Jan 16 18:03:17 cata pptpd[13823]: CTRL: local address = 192.168.1.1
Jan 16 18:03:17 cata pptpd[13823]: CTRL: remote address = 192.168.1.11
Jan 16 18:03:17 cata pptpd[13823]: CTRL: pppd speed = 115200
Jan 16 18:03:17 cata pptpd[13823]: CTRL: pppd options file =
/etc/ppp/pptpd-options
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Received PPTP Control Message
(type: 1)
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Made a START CTRL CONN RPLY packet
Jan 16 18:03:17 cata pptpd[13823]: CTRL: I wrote 156 bytes to the client.
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Sent packet to client
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Received PPTP Control Message
(type: 7)
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Set parameters to 10000000 maxbps,
3 window size
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Made a OUT CALL RPLY packet
Jan 16 18:03:18 cata pptpd[13823]: CTRL: pty_fd = 5
Jan 16 18:03:18 cata pptpd[13823]: CTRL: tty_fd = 6
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): Connection speed =
115200
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): local address =
192.168.1.1
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): remote address =
192.168.1.11
Jan 16 18:03:18 cata pptpd[13823]: CTRL: I wrote 32 bytes to the client.
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Sent packet to client
Jan 16 18:03:18 cata pppd[13824]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0xb0c49677> <pcomp> <accomp>]
Jan 16 18:03:21 cata pppd[13824]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0xb0c49677> <pcomp> <accomp>]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0xb0c49677> <pcomp> <accomp>]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x1945c36f> <pcomp> <accomp>]
Jan 16 18:03:22 cata pppd[13824]: sent [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x1945c36f> <pcomp> <accomp>]
Jan 16 18:03:22 cata pppd[13824]: sent [LCP EchoReq id=0x0 magic=0xb0c49677]
Jan 16 18:03:22 cata pppd[13824]: sent [CHAP Challenge id=0x1
<5b6cbe281bb476ca0598ddef09a134b74b5031be1b>, name = "bluey"]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP EchoReq id=0x0 magic=0x1945c36f]
Jan 16 18:03:22 cata pppd[13824]: sent [LCP EchoRep id=0x0 magic=0xb0c49677]
Jan 16 18:03:22 cata pppd[13824]: rcvd [CHAP Challenge id=0x1
<8010a1cd2078b257824ee8048ed01fa2a1599b3d0f>, name = "piglet"]
Jan 16 18:03:22 cata pppd[13824]: sent [CHAP Response id=0x1
<16dcead8779087f338a04cf17929c6a7>, name = "bluey"]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP EchoRep id=0x0 magic=0x1945c36f]
Jan 16 18:03:22 cata pppd[13824]: rcvd [CHAP Response id=0x1
<8b8bc4909689269721eb01dfa5ba7619>, name = "piglet"]
Jan 16 18:03:22 cata pppd[13824]: sent [CHAP Failure id=0x1 "I don't like
you.  Go 'way."]
Jan 16 18:03:22 cata pppd[13824]: sent [LCP TermReq id=0x2 "Authentication
failed"]
Jan 16 18:03:22 cata pppd[13824]: rcvd [CHAP Failure id=0x1 "I don't like
you.  Go 'way."]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP TermReq id=0x2 "Authentication
failed"]
Jan 16 18:03:22 cata pppd[13824]: sent [LCP TermAck id=0x2]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP TermAck id=0x2]
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Exiting with active call
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Made a CALL DISCONNECT RPLY packet
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Made a STOP CTRL REQ packet
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Exiting now
Jan 16 18:03:22 cata pptpd[13707]: MGR: Reaped child 13823

--- /etc/ppp/options

cata:~# cat /etc/ppp/options
# /etc/ppp/options
# 
# Originally created by Jim Knoble <jmknoble at mercury.interpath.net>
# Modified for Debian by alvar Bray <alvar at meiko.co.uk>
# Modified for PPP Server setup by Christoph Lameter <clameter at debian.org>
#
# To quickly see what options are active in this file, use this command:
#   egrep -v '#|^ *$' /etc/ppp/options

# Specify which DNS Servers the incoming Win95 or WinNT Connection should
use
# Two Servers can be remotely configured
# ms-dns 192.168.1.1
# ms-dns 192.168.1.2

# Specify which WINS Servers the incoming connection Win95 or WinNT should
use
# ms-wins 192.168.1.50
# ms-wins 192.168.1.51

# Run the executable or shell command specified after pppd has
# terminated the link.  This script could, for example, issue commands
# to the modem to cause it to hang up if hardware modem control signals
# were not available.
#disconnect "chat -- \d+++\d\c OK ath0 OK"

# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it.  0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
asyncmap 0

# Require the peer to authenticate itself before allowing network
# packets to be sent or received.
# Please do not disable this setting. It is expected to be standard in
# future releases of pppd. Use the call option (see manpage) to disable
# authentication for specific peers.
auth

# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
crtscts

# Use software flow control (i.e. XON/XOFF) to control the flow of data
# on the serial port.
#xonxoff

# Specifies that certain characters should be escaped on transmission
# (regardless of whether the peer requests them to be escaped with its
# async control character map).  The characters to be escaped are
# specified as a list of hex numbers separated by commas.  Note that
# almost any character can be specified for the escape option, unlike
# the asyncmap option which only allows control characters to be
# specified.  The characters which may not be escaped are those with hex
# values 0x20 - 0x3f or 0x5e.
#escape 11,13,ff

# Don't use the modem control lines.
#local

# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock

# Don't show the passwords when logging the contents of PAP packets.
# This is the default.
hide-password

# When logging the contents of PAP packets, this option causes pppd to
# show the password string in the log message.
#show-password

# Use the modem control lines.  On Ultrix, this option implies hardware
# flow control, as for the crtscts option.  (This option is not fully
# implemented.)
modem

# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128.  The default MRU value is 1500.  A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data).
#mru 542

# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0

# Disables the default behaviour when no local IP address is specified,
# which is to determine (if possible) the local IP address from the
# hostname. With this option, the peer will have to supply the local IP
# address during IPCP negotiation (unless it specified explicitly on the
# command line or in an options file).
#noipdefault

# Enables the "passive" option in the LCP.  With this option, pppd will
# attempt to initiate a connection; if no reply is received from the
# peer, pppd will then just wait passively for a valid LCP packet from
# the peer (instead of exiting, as it does without this option).
#passive

# With this option, pppd will not transmit LCP packets to initiate a
# connection until a valid LCP packet is received from the peer (as for
# the "passive" option with old versions of pppd).
#silent

# Don't request or allow negotiation of any options for LCP and IPCP
# (use default values).
#-all

# Disable Address/Control compression negotiation (use default, i.e.
# address/control field disabled).
#-ac

# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
# all control characters).
#-am

# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#-detach

# Disable IP address negotiation (with this option, the remote IP
# address must be specified with an option on the command line or in
# an options file).
#-ip

# Disable IPCP negotiation and IP communication. This option should
# only be required if the peer is buggy and gets confused by requests
# from pppd for IPCP negotiation.
#noip

# Disable magic number negotiation.  With this option, pppd cannot
# detect a looped-back line.
#-mn

# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
# 1500).
#-mru

# Disable protocol field compression negotiation (use default, i.e.
# protocol field compression disabled).
#-pc

# Require the peer to authenticate itself using PAP.
#+pap

# Don't agree to authenticate using PAP.
#-pap

# Require the peer to authenticate itself using CHAP [Cryptographic
# Handshake Authentication Protocol] authentication.
#+chap

# Don't agree to authenticate using CHAP.
#-chap

# Disable negotiation of Van Jacobson style IP header compression (use
# default, i.e. no compression).
#-vj

# Increase debugging level (same as -d).  If this option is given, pppd
# will log the contents of all control packets sent or received in a
# readable form.  The packets are logged through syslog with facility
# daemon and level debug. This information can be directed to a file by
# setting up /etc/syslog.conf appropriately (see syslog.conf(5)).  (If
# pppd is compiled with extra debugging enabled, it will log messages
# using facility local2 instead of daemon).
debug

# Append the domain name <d> to the local host name for authentication
# purposes.  For example, if gethostname() returns the name porsche,
# but the fully qualified domain name is porsche.Quotron.COM, you would
# use the domain option to set the domain name to Quotron.COM.
#domain <d>

# Enable debugging code in the kernel-level PPP driver.  The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n

# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface.
#mtu <n>

# Set the name of the local system for authentication purposes to <n>.
# This is a privileged option. With this option, pppd will use lines in the
# secrets files which have <n> as the second field when looking for a
# secret to use in authenticating the peer. In addition, unless overridden
# with the user option, <n> will be used as the name to send to the peer
# when authenticating the local system to the peer. (Note that pppd does
# not append the domain name to <n>.)
#name <n>
name bluey

# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname

# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>

# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system.
proxyarp

# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont
work.
# login

# If this option is given, pppd will send an LCP echo-request frame to the
# peer every n seconds. Normally the peer should respond to the echo-request
# by sending an echo-reply. This option can be used with the
# lcp-echo-failure option to detect that the peer is no longer connected.
lcp-echo-interval 30

# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection.  Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4

# Set the LCP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#lcp-restart <n>

# Set the maximum number of LCP terminate-request transmissions to <n>
# (default 3).
#lcp-max-terminate <n>

# Set the maximum number of LCP configure-request transmissions to <n>
# (default 10).
#lcp-max-configure <n>

# Set the maximum number of LCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#lcp-max-failure <n>

# Set the IPCP restart interval (retransmission timeout) to <n>
# seconds (default 3).
#ipcp-restart <n>

# Set the maximum number of IPCP terminate-request transmissions to <n>
# (default 3).
#ipcp-max-terminate <n>

# Set the maximum number of IPCP configure-request transmissions to <n>
# (default 10).
#ipcp-max-configure <n>

# Set the maximum number of IPCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#ipcp-max-failure <n>

# Set the PAP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#pap-restart <n>

# Set the maximum number of PAP authenticate-request transmissions to
# <n> (default 10).
#pap-max-authreq <n>

# Set the maximum time that pppd will wait for the peer to authenticate
# itself with PAP to <n> seconds (0 means no limit).
#pap-timeout <n>

# Set the CHAP restart interval (retransmission timeout for
# challenges) to <n> seconds (default 3).
#chap-restart <n>

# Set the maximum number of CHAP challenge transmissions to <n>
# (default 10).
#chap-max-challenge

# If this option is given, pppd will rechallenge the peer every <n>
# seconds.
#chap-interval <n>

# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local

# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote

# Disable the IPXCP and IPX protocols.
# To let pppd pass IPX packets comment this out --- you'll probably also
# want to install ipxripd, and have the Internal IPX Network option enabled
# in your kernel.  /usr/doc/HOWTO/IPX-HOWTO.gz contains more info.
noipx

# Exit once a connection has been made and terminated. This is the default,
# unless the `persist' or `demand' option has been specified.
#nopersist

# Do not exit after a connection is terminated; instead try to reopen
# the connection.
#persist

# Terminate after n consecutive failed connection attempts.
# A value of 0 means no limit. The default value is 10.
#maxfail <n>

# Initiate the link only on demand, i.e. when data traffic is present.
# With this option, the remote IP address must be specified by the user on
# the command line or in an options file.  Pppd will initially configure
# the interface and enable it for IP traffic without connecting to the peer.
# When traffic is available, pppd will connect to the peer and perform
# negotiation, authentication, etc.  When this is completed, pppd will
# commence passing data packets (i.e., IP packets) across the link.
#demand

# Specifies that pppd should disconnect if the link is idle for <n> seconds.
# The link is idle when no data packets (i.e. IP packets) are being sent or
# received.  Note: it is not advisable to use this option with the persist
# option without the demand option.  If the active-filter option is given,
# data packets which are rejected by the specified activity filter also
# count as the link being idle.
#idle <n>

# Specifies how many seconds to wait before re-initiating the link after
# it terminates.  This option only has any effect if the persist or demand
# option is used.  The holdoff period is not applied if the link was
# terminated because it was idle.
#holdoff <n>

# Wait for up n milliseconds after the connect script finishes for a valid
# PPP packet from the peer.  At the end of this time, or when a valid PPP
# packet is received from the peer, pppd will commence negotiation by
# sending its first LCP packet.  The default value is 1000 (1 second).
# This wait period only applies if the connect or pty option is used.
#connect-delay <n>

# ---<End of File>---

--- /etc/pptpd.conf

cata:~# cat /etc/pptpd.conf
############################################################################
####
#
# Sample PoPToP configuration file
#
# for PoPToP version 0.9.12
#
############################################################################
####

# TAG: speed
#
#       Specifies the speed for the PPP daemon to talk at.
#
speed 115200

# TAG: option
#
#       Specifies the location of the PPP options file.
#       By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/pptpd-options

# TAG: debug
#
#       Turns on (more) debugging to syslog
#
debug

# TAG: localip
# TAG: remoteip
#
#       Specifies the local and remote IP address ranges.
#
#       You can specify single IP addresses seperated by commas or you can
#       specify ranges, or both. For example:
#
#               192.168.0.234,192.168.0.245-249,192.168.0.254
#
#       IMPORTANT RESTRICTIONS:
#
#       1. No spaces are permitted between commas or within addresses.
#
#       2. If you give more IP addresses than MAX_CONNECTIONS, it will
#          start at the beginning of the list and go until it gets
#          MAX_CONNECTIONS IPs. Others will be ignored.
#
#       3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
#          you must type 234-238 if you mean this.
#
#       4. If you give a single localIP, that's ok - all local IPs will
#          be set to the given one. You MUST still give at least one remote
#          IP for each simultaneous client.
#
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
#localip 10.0.1.1
#remoteip 10.0.1.2-100
#localip 203.17.40.97
#remoteip 203.17.40.109,203.17.40.106
localip 192.168.1.1-10
remoteip 192.168.1.11-20

/etc/ppp/pptpd-options

cata:~# cat /etc/ppp/pptpd-options
## SAMPLE ONLY
## CHANGE TO SUIT YOUR SYSTEM

## turn pppd syslog debugging on
#debug

## change 'servername' to whatever you specify as your server name in
chap-secrets
name bluey
## change the domainname to your local domain
domain foo.bar

## these are reasonable defaults for WinXXXX clients
## for the security related settings
auth
require-chap
#require-chapms
#require-chapms-v2
+chap
#+chapms
#+chapms-v2
#mppe-40
#mppe-128
#mppe-stateless
#require-mppe
#require-mppe-stateless

## Fill in your addresses
#ms-dns 10.0.0.1
#ms-wins 10.0.0.1

## Fill in your netmask
netmask 255.255.255.0

## some defaults
nodefaultroute
proxyarp
lock

--- /etc/ppp/chap-secrets (note: no newline after final "*")

cata:~# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
"paulnet at bigpond"       *       "xxxxxxxx"
piglet          bluey   "password1"             *
bluey           piglet  "password2"              *

---

I'm sorry about the length of this email, but I felt that it would be
beneficial to include whatever seemed relevant...

Can anyone help me through this? I'd really like to get this PPTP VPN server
working...

Any help would be GREATLY appreciated...

Thankyou!


P.S. If anyone feels the need to email me directly about this, please reply
to jhiggs at iprsystems.com and not the above address, as the iprsystems.com
server is currently listed on orbz as an open-relay (shouldn't be...
settings appear to be fine), and the pptp mail server rejects the mail from
me.... :-/



From GeorgeV at citadelcomputer.com.au  Wed Jan 16 05:45:51 2002
From: GeorgeV at citadelcomputer.com.au (George Vieira)
Date: Wed, 16 Jan 2002 22:45:51 +1100
Subject: [pptp-server] require-mppe  on pppd-2.4.1
Message-ID: <200FAA488DE0D41194F10010B597610D2B9599@JUPITER>

looks like the 2.3.11 patch does seem to patch OK against 2.4.1

Now for the ultimate test.... compile and use it..

[root at firewall ppp-2.4.1]# patch -p1 < ~georgev/require-mppe.diff 
patching file pppd/ccp.c
Hunk #2 succeeded at 121 (offset 17 lines).
Hunk #3 succeeded at 468 (offset 13 lines).
Hunk #4 succeeded at 1293 (offset 17 lines).
Hunk #5 succeeded at 1467 (offset 13 lines).
patching file pppd/ccp.h
patching file pppd/mppe.c
Hunk #1 succeeded at 227 (offset 1 line).
patching file pppd/mppe.h

Well starting the tunnel only gave me "Input/Ouput" and wouldn't start.. I
removed the require-mppe and it's working again..

something weird...


From lists at earthling.2y.net  Wed Jan 16 06:51:31 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Wed, 16 Jan 2002 07:51:31 -0500 (EST)
Subject: [pptp-server] require-mppe  on pppd-2.4.1
In-Reply-To: <200FAA488DE0D41194F10010B597610D2B9599@JUPITER>
Message-ID: <Pine.LNX.4.33.0201160749530.5345-100000@earthling.2y.net>

That patch looks like its patching a bit much to require mppe..... could
you send me the patch to justin at wss.net ?


I have a customer who is wanting their pptpd turned back on... 8 months after we shut it off... joy :(


On Wed, 16 Jan 2002, George Vieira wrote:

> looks like the 2.3.11 patch does seem to patch OK against 2.4.1
>
> Now for the ultimate test.... compile and use it..
>
> [root at firewall ppp-2.4.1]# patch -p1 < ~georgev/require-mppe.diff
> patching file pppd/ccp.c
> Hunk #2 succeeded at 121 (offset 17 lines).
> Hunk #3 succeeded at 468 (offset 13 lines).
> Hunk #4 succeeded at 1293 (offset 17 lines).
> Hunk #5 succeeded at 1467 (offset 13 lines).
> patching file pppd/ccp.h
> patching file pppd/mppe.c
> Hunk #1 succeeded at 227 (offset 1 line).
> patching file pppd/mppe.h
>
> Well starting the tunnel only gave me "Input/Ouput" and wouldn't start.. I
> removed the require-mppe and it's working again..
>
> something weird...
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From Josh.Howlett at bristol.ac.uk  Wed Jan 16 06:41:29 2002
From: Josh.Howlett at bristol.ac.uk (Josh Howlett)
Date: Wed, 16 Jan 2002 12:41:29 +0000 (GMT)
Subject: [pptp-server] Wierd latencies
Message-ID: <Pine.SOL.3.95q.1020115171728.28010I-100000@shark.cse.bris.ac.uk>

I have a poptop server running on Linux 2.4.10.  The VPN works fine,
which is good :-).  However, I am periodically getting very high
latencies over the VPN.  If I ping a host on the same subnet as the
poptop server, I find that the ping RTT values will stay constant at
10ms for a random number of pings, then suddently increase to about
800ms, sometimes peaking to 1000ms!  Then, after a random number of
pings it will suddenly change back to 10ms.

There usually aren't any intermediate values: it's either 10-12ms or
800-1000ms.

I've been testing this over a 100Mb/s network; the ping time between two
hosts on this network (without PPTP) is usually around 50us (not ms).
So, it looks like a software problem on the PPTP server.

Anyone got any ideas?

josh.

---------------------------------------
Josh Howlett, Network Support Officer,
Networking & Digital Communications,
Information Systems & Computing,
University of Bristol, U.K.
0117 928 7850 | josh.howlett at bris.ac.uk
---------------------------------------




From RLDITTO at BRIGHT.NET  Wed Jan 16 08:23:51 2002
From: RLDITTO at BRIGHT.NET (JOE)
Date: Wed, 16 Jan 2002 09:23:51 -0500
Subject: [pptp-server] SPEED AGAIN!
Message-ID: <009501c19e99$6c016460$0b00a8c0@backdog>

you know i've posted here before about speed issues, and went through a test using win98 (only) as the client.  and was reading  a prior post in my e-mail history.  and i come up with a question. is there anyone out there using windows 2000 as the client and if so, how is your performance with samba if your using samba?  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020116/e18aa748/attachment.html>

From teastep at shorewall.net  Wed Jan 16 10:16:28 2002
From: teastep at shorewall.net (Tom Eastep)
Date: Wed, 16 Jan 2002 08:16:28 -0800
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to  Encryption???
In-Reply-To: <3C450583.DD3303AC@home.com>
References: <Pine.LNX.4.33.0201151518150.1900-100000@vegemite.ottawa.e-smith.com> <3C450583.DD3303AC@home.com>
Message-ID: <20020116161629.229BCACF6@mail.shorewall.net>

On Tuesday 15 January 2002 08:45 pm, Jerry Vonau wrote:

>
> On a different note, anybody have a require
> encryption patch for 2.4.1?
>

ftp://www.shorewall.net/pub/shorewall/misc/require-mppe.diff

-Tom
-- 
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep at shorewall.net


From wilcox at CSZINC.COM  Wed Jan 16 14:44:09 2002
From: wilcox at CSZINC.COM (James Wilcox)
Date: Wed, 16 Jan 2002 15:44:09 -0500
Subject: [pptp-server] NT Authentication
Message-ID: <DD8369B64109D611928A00A0C98F19E9057007@EXCHANGESERVER>

I was wondering if there is a way to forward authentication requests from a
linux VPN server to a NT RAS server?

Thanks in advance,
James


From GeorgeV at citadelcomputer.com.au  Wed Jan 16 18:11:07 2002
From: GeorgeV at citadelcomputer.com.au (George Vieira)
Date: Thu, 17 Jan 2002 11:11:07 +1100
Subject: [pptp-server] RE: PPTP limitation
Message-ID: <200FAA488DE0D41194F10010B597610D2B95A3@JUPITER>

It's as limited as to how many PPPD sessions can run AFAIK. Usually the
answer on the list has been around 100. You could probably work on getting
this higher if you hack some code..
I thought it was 256 as the kernel is setup with 256 PTYs... but this may
not be related...

I would take it on another approach. I mean, if you were talking about huge
amount of clients wouldn't you split the load using load balancing and
forward it to 3-4 other PPTP servers... that way if one server goes down
then the others will handle the connections..

BTW: What's the problem with emailing the list? Are you on a blackhole
listed server or something...

thanks,
George Vieira
Systems Manager
Citadel Computer Systems P/L
http://www.citadelcomputer.com.au


-----Original Message-----
From: Dejan Jovanovic [mailto:dejanj at jaspur.com]
Sent: Thursday, January 17 2002 11:01 AM
To: George Vieira
Subject: PPTP limitation


Hi,

For some reason, I cannot send email to PPTP list.

I have one question related to the PPTP server - PoPTop.
How many simultaneous connections (tunnels) can my PPTP server accept? And
also what is the limitation factor?


Regards,
Dejan


From jvonau at home.com  Wed Jan 16 18:41:42 2002
From: jvonau at home.com (Jerry Vonau)
Date: Wed, 16 Jan 2002 18:41:42 -0600
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to  
 Encryption???
References: <Pine.LNX.4.33.0201151518150.1900-100000@vegemite.ottawa.e-smith.com> <3C450583.DD3303AC@home.com> <20020116161629.229BCACF6@mail.shorewall.net>
Message-ID: <3C461DC6.10C404AE@home.com>

Tom:

Thanks Tom, I had applied it before I asked, but was having
problems...
(banging head on table) Must run make install... ;-) long
day.....

Using the patch with the linux client resulted with +chapms
and +chapms-v2
not being recognized as valid for me. Is this normal? Does
this occur on 
a server? A quick # fixed that up and now there is a line 
"stateless MPPE enforced", so I guess all is well. Any
thoughts?

Jerry Vonau

     

Tom Eastep wrote:
> 
> On Tuesday 15 January 2002 08:45 pm, Jerry Vonau wrote:
> 
> >
> > On a different note, anybody have a require
> > encryption patch for 2.4.1?
> >
> 
> ftp://www.shorewall.net/pub/shorewall/misc/require-mppe.diff
> 
> -Tom
> --
> Tom Eastep    \ A Firewall for Linux 2.4.*
> AIM: tmeastep  \ http://www.shorewall.net
> ICQ: #60745924  \ teastep at shorewall.net


From teastep at shorewall.net  Wed Jan 16 19:06:58 2002
From: teastep at shorewall.net (Tom Eastep)
Date: Wed, 16 Jan 2002 17:06:58 -0800
Subject: [pptp-server] MPPE 128 Bit Compression?? What happen to   Encryption???
In-Reply-To: <3C461DC6.10C404AE@home.com>
References: <Pine.LNX.4.33.0201151518150.1900-100000@vegemite.ottawa.e-smith.com> <20020116161629.229BCACF6@mail.shorewall.net> <3C461DC6.10C404AE@home.com>
Message-ID: <20020117010658.705B9ACF6@mail.shorewall.net>

On Wednesday 16 January 2002 04:41 pm, Jerry Vonau wrote:

> Using the patch with the linux client resulted with +chapms
> and +chapms-v2
> not being recognized as valid for me. Is this normal?

No

> Does
> this occur on
> a server?

No -- I use the same pppd with both the client and server and both option 
files now have:

#
# Use mschap-v2
#
+chap
+chapms
+chapms-v2

> A quick # fixed that up and now there is a line
> "stateless MPPE enforced", so I guess all is well. Any
> thoughts?

None -- 

-Tom
-- 
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep at shorewall.net


From shost at intellimec.com  Fri Jan 18 09:12:26 2002
From: shost at intellimec.com (Steve Host)
Date: Fri, 18 Jan 2002 10:12:26 -0500
Subject: [pptp-server] PPTP, and windows PDCs
References: <15918AB0B8B3D411B56A00508BDD1039018FD1D9@SINS0088>
Message-ID: <006301c1a032$8a1dc3e0$5009630a@intellimec.com>

Actually, I have a solution to this problem:

Assuming you have the following:

[ remote user ] ----- ( internet ) --- (Poptop server/gateway) --- PDC

Say PDC is 192.168.1.5, and [remote user] correctly gets into your LAN with
address 192.168.2.10

One solution is to explicitly define the PDC's location in your lmhosts file
on Windows based clients. You set it up similar to the following:

192.168.1.5 PDC   #PRE    #DOM:DOMAIN
192.168.1.5 "DOMAIN        \0x1b" #PRE

PDC is the name of your Primary Domain Controller
DOMAIN is the name of your NT domain

Be careful, the number of charachters including spaces between the quotes in
Line 2 is very sensitive. Here are two links that will explain this in more
detail:

http://www.jsiinc.com/SUBF/TIP2900/rh2988.htm

Similarly, Q262655 on Microsoft's knowledge base.

I've had this working with remote login scripts, seems to work with no
problems thus far.

Hope this is helpful for you

- Steve



----- Original Message -----
From: "Hellings, Ross" <rhelling at bechtel.com>
To: <pptp-server at lists.schulte.org>
Sent: Tuesday, January 15, 2002 1:40 AM
Subject: [pptp-server] PPTP, and windows PDCs


> Does anybody know how to make PPTP get its usernames and password from a
NT
> server, eg. win2000 PDC, or from a windows domain.  The network that we
want
> to implement this on is a purely NT network (disgusting), and we dont
really
> want to have to add individually users for access to PPTP, and change
there
> passwords all the time, we need the synchronization in the entire domain
> (containing over 50,000 users), and we want all users to be able to use
> PPTP.
>
> Any ideas?
>
> Regards,
>
> Ross
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

----- Original Message -----
From: "Hellings, Ross" <rhelling at bechtel.com>
To: <pptp-server at lists.schulte.org>
Sent: Tuesday, January 15, 2002 1:40 AM
Subject: [pptp-server] PPTP, and windows PDCs


> Does anybody know how to make PPTP get its usernames and password from a
NT
> server, eg. win2000 PDC, or from a windows domain.  The network that we
want
> to implement this on is a purely NT network (disgusting), and we dont
really
> want to have to add individually users for access to PPTP, and change
there
> passwords all the time, we need the synchronization in the entire domain
> (containing over 50,000 users), and we want all users to be able to use
> PPTP.
>
> Any ideas?
>
> Regards,
>
> Ross
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>



From Steve at SteveCowles.com  Fri Jan 18 10:36:52 2002
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Fri, 18 Jan 2002 10:36:52 -0600
Subject: [pptp-server] PPTP, and windows PDCs
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9ED@defiant.infohiiway.com>

> -----Original Message-----
> From: Steve Host [mailto:shost at intellimec.com]
> Sent: Friday, January 18, 2002 9:12 AM
> To: Hellings, Ross; pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] PPTP, and windows PDCs
> 
> 
> Actually, I have a solution to this problem:
> 
> Assuming you have the following:
> 
> [ remote user ] ----- ( internet ) --- (Poptop server/gateway) --- PDC
> 
> Say PDC is 192.168.1.5, and [remote user] correctly gets into 
> your LAN with address 192.168.2.10
> 
> One solution is to explicitly define the PDC's location in 
> your lmhosts file on Windows based clients. You set it up
> similar to the following:
> 
> 192.168.1.5 PDC   #PRE    #DOM:DOMAIN
> 192.168.1.5 "DOMAIN        \0x1b" #PRE
> 
> PDC is the name of your Primary Domain Controller
> DOMAIN is the name of your NT domain
> 
> Be careful, the number of charachters including spaces 
> between the quotes in Line 2 is very sensitive. Here are
> two links that will explain this in more detail:
> 
> http://www.jsiinc.com/SUBF/TIP2900/rh2988.htm
> 
> Similarly, Q262655 on Microsoft's knowledge base.
> 
> I've had this working with remote login scripts, seems to work with no
> problems thus far.
> 
> Hope this is helpful for you
> 
> - Steve

The above addresses authenticating the MS Networking component of a Windows
based workstation to a PDC (when you don't have a WINS server), not
authenticating the PPTP tunnel itself. Which I believe is what the original
poster was asking. i.e. Using your example, before ip address 192.168.1.5
can be contacted by the remote PPTP client, it must first bring up the PPTP
tunnel, which also must be authenticated. (chap-secrets) 

Steve Cowles


From jky_terra at terra.es  Sat Jan 19 10:17:18 2002
From: jky_terra at terra.es (Juanky)
Date: Sat, 19 Jan 2002 17:17:18 +0100
Subject: [pptp-server] solution to connet multiples clients from a masq'd IP?
Message-ID: <017401c1a104$c49932c0$0101a8c0@iterdata.id>

Is there a solution to connet multiples clients from a masq'd IP? 
An easy workaround?

Thanx.



From lists at earthling.2y.net  Sat Jan 19 11:27:12 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Sat, 19 Jan 2002 12:27:12 -0500 (EST)
Subject: [pptp-server] solution to connet multiples clients from a masq'd
 IP?
In-Reply-To: <017401c1a104$c49932c0$0101a8c0@iterdata.id>
Message-ID: <Pine.LNX.4.33.0201191226250.13299-100000@earthling.2y.net>

To the same server?

If all to the same server, you cannot.  Optionally, you could bring up a
tunnel from the firewall/router to the other end point, and give access
through that.

 On Sat, 19 Jan 2002, Juanky wrote:

> Is there a solution to connet multiples clients from a masq'd IP?
> An easy workaround?
>
> Thanx.
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From Steve at SteveCowles.com  Sun Jan 20 13:40:25 2002
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Sun, 20 Jan 2002 13:40:25 -0600
Subject: [pptp-server] solution to connect multiples clients from a ma
	sq'd IP?
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9FE@defiant.infohiiway.com>

> -----Original Message-----
> From: lists at earthling.2y.net [mailto:lists at earthling.2y.net]
> Sent: Saturday, January 19, 2002 11:27 AM
> To: Juanky
> Cc: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] solution to connet multiples clients from a
> masq'd IP?
> 
> 
> To the same server?
> 
> If all to the same server, you cannot.  Optionally, you could 
> bring up a tunnel from the firewall/router to the other end
> point, and give access through that.

Configuring a single tunnel in a Lan-to-Lan configuration is the best
approach, but I believe there is now a patch available for the 2.4.x series
kernel that may address this issue. Although, I have heard varying reports
(pro and con) about its stability.

Checkout: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html

> 
>  On Sat, 19 Jan 2002, Juanky wrote:
> 
> > Is there a solution to connet multiples clients from a masq'd IP?
> > An easy workaround?
> >
> > Thanx.


From akohlsmith at benshaw.com  Mon Jan 21 10:23:44 2002
From: akohlsmith at benshaw.com (Andrew Kohlsmith)
Date: Mon, 21 Jan 2002 11:23:44 -0500
Subject: [pptp-server] Browsing Woes
Message-ID: <20020121162226.26B3ED148C@poontang.schulte.org>

The Problem:
VPN clients cannot see browse lists, but I can call up a computer with 
\\computername or \\ip.ip.ip.ip.

The Configuration:
The Firewall/VPN server:
- kernel 2.4.17
- samba 2.2.20
- ppp 2.4.1 with MSCHAPv2 and openssl-0.9.6-mppe patches
- pptpd 1.0.1
many network cards and modems:
eth0 - LAN
eth1 - DMZ
eth2 - WAN
eth3 - wireless
pppx+ - either dialup or VPN, depending on order

relevant bits of samba config:
======================================================
[global]
   workgroup = MYDOMAIN
   server string = gateway 

   interfaces = 192.168.1.0/24 192.168.3.0/24 
   hosts allow = 192.168.1. 127. 192.168.3.
   socket options = TCP_NODELAY
   getwd cache = Yes

   wins support = yes
   wins proxy = yes 

   security = domain
   password server = server1
   guest account = samba

   os level = 60
   local master = yes 
   domain master = no 
   preferred master = yes 
   domain logons = no 

   name resolve order = lmhosts wins bcast host
   dns proxy = no 
   locking = yes

  guest account = nobody 
  encrypt passwords = yes
======================================================

pptpd.conf:
======================================================
speed 115200
localip 192.168.1.234-238
remoteip 192.168.1.240-244
option /etc/ppp/options.pptp
======================================================

options.pptp:
======================================================
auth
asyncmap 0
nodetach
name vpn-ppp
ms-dns 192.168.1.1
ms-wins 192.168.1.1
proxyarp
require-chapms-v2
#chapms-strip-domain
refuse-chapms
refuse-chap
mppe-128
mppe-stateless
mtu 1000
mru 1000
======================================================

All LAN workstations use WINS, including PDC and BDC (both winnt4).  The main 
fileserver (bigmama) runs Samba 2.2.20 and works fine with LAN and VPN 
clients (barring this browse problem).

VPN users (from either wireless or modem, but I haven't begun testing modem 
yet) can log in to the domain just fine.  I'm doing my testing on a Win2k VPN 
client right now (the only one I have available at this time).  They can 
reach a SMB-sharing computer by name or by IP, but browsing gives timeouts 
("MYDOMAIN is not accessible. / The network path was not found") -- when 
browsing in a single window, the error comes up once each time I try to get 
into MYDOMAIN; when browsing in tree view the error comes up three times in a 
row for every computer/share/file you try to access (something to do with 
reading the tree).

These computers (dialup and wireless) are primarily used by sales staff and 
otherwise non-techies and I loathe mapping drives, but that *does* work.

I know those os level lines and such don't need to be there; I've been 
experimenting without much luck.  I'm 99.9% sure that nothing is being 
blocked by the firewall because I can get the data back and forth, and 
tcpdump'ing the pppx interface that the VPN is using seems to indicate that 
the traffic is flowing.  I can provide dumps if desired.

Can anyone see what I'm doing wrong?  This is *almost* working 100%.  It's 
that last little bit that's giving me trouble.  What's that they say about 
80% taking 20% of the time, and the last 20% taking 80% of the time?  :-)

Regards,
Andrew


From mgsilva at decidir.net  Mon Jan 21 12:56:13 2002
From: mgsilva at decidir.net (Maximiliano Garcia Silva - Decidir IT)
Date: Mon, 21 Jan 2002 15:56:13 -0300
Subject: [pptp-server] help me!
Message-ID: <0EF8394892B74144ACF999556D1FD6BB1F26D2@dexter.decidir.net>

please, I have these configuration, don't work :(

----my /etc/pptp.conf------
speed 115200
debug
localip 192.168.66.1
remoteip 192.168.66.200
-----------------------------------

---my /etc/ppp/options---
debug
name quilmes
auth
refuse-pap
require-chap
+chap
proxyarp
ms-wins 192.168.66.1
ms-dns 192.168.66.1
lcp-echo-failure 60
lcp-echo-interval 5
-----------------------------------

-----------syslog---------------
Jan 21 15:14:51 quilmes pptpd[4417]: MGR: Launching /usr/sbin/pptpctrl to
handle client
Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: local address = 192.168.66.1
Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: remote address = 192.168.66.201
Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: pppd speed = 115200
Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: Client 200.47.170.193 control
connection started
Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: Received PPTP Control Message
(type: 1)
Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: Made a START CTRL CONN RPLY
packet
Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: I wrote 156 bytes to the client.
Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: Sent packet to client
Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Received PPTP Control Message
(type: 7)
Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Set parameters to 152 maxbps, 3
window size
Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Made a OUT CALL RPLY packet
Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Starting call (launching pppd,
opening GRE)
Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: pty_fd = 5
Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: tty_fd = 6
Jan 21 15:14:52 quilmes pptpd[4418]: CTRL (PPPD Launcher): Connection speed
= 115200
Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: I wrote 32 bytes to the client.
Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Sent packet to client
Jan 21 15:14:52 quilmes pptpd[4418]: CTRL (PPPD Launcher): local address =
192.168.66.1
Jan 21 15:14:52 quilmes pptpd[4418]: CTRL (PPPD Launcher): remote address =
192.168.66.200
Jan 21 15:14:52 quilmes pptpd[4417]: GRE:
read(fd=6,buffer=bfffd768,len=8260) from network failed: status = -1 error =
Connection refused
Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: GRE read or PTY write failed
(gre,pty)=(6,5)
Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Client xxx.xxx.xxx.xxx control
connection finished
Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Exiting now
Jan 21 15:14:52 quilmes pptpd[4368]: MGR: Reaped child 4417




From awdavis at waretec.com  Mon Jan 21 13:21:38 2002
From: awdavis at waretec.com (Andrew W. Davis)
Date: Mon, 21 Jan 2002 13:21:38 -0600
Subject: [pptp-server] help me!
In-Reply-To: <0EF8394892B74144ACF999556D1FD6BB1F26D2@dexter.decidir.net>; from mgsilva@decidir.net on Mon, Jan 21, 2002 at 03:56:13PM -0300
References: <0EF8394892B74144ACF999556D1FD6BB1F26D2@dexter.decidir.net>
Message-ID: <20020121132138.A7551@falcon.waretec.com>

I'm not sure if "refuse-chap" is a valid option and I also believe that you
need to insert a "+chap-ms" and "chap-msv2" in your option files as well
as apply the appropriate patches to ppp.

hope this helps...

Andrew

On Mon, Jan 21, 2002 at 03:56:13PM -0300, Maximiliano Garcia Silva - Decidir IT wrote:
> 
> please, I have these configuration, don't work :(
> 
> ----my /etc/pptp.conf------
> speed 115200
> debug
> localip 192.168.66.1
> remoteip 192.168.66.200
> -----------------------------------
> 
> ---my /etc/ppp/options---
> debug
> name quilmes
> auth
> refuse-pap
> require-chap
> +chap
> proxyarp
> ms-wins 192.168.66.1
> ms-dns 192.168.66.1
> lcp-echo-failure 60
> lcp-echo-interval 5
> -----------------------------------
> 
> -----------syslog---------------
> Jan 21 15:14:51 quilmes pptpd[4417]: MGR: Launching /usr/sbin/pptpctrl to
> handle client
> Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: local address = 192.168.66.1
> Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: remote address = 192.168.66.201
> Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: pppd speed = 115200
> Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: Client 200.47.170.193 control
> connection started
> Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: Received PPTP Control Message
> (type: 1)
> Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: Made a START CTRL CONN RPLY
> packet
> Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: I wrote 156 bytes to the client.
> Jan 21 15:14:51 quilmes pptpd[4417]: CTRL: Sent packet to client
> Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Received PPTP Control Message
> (type: 7)
> Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Set parameters to 152 maxbps, 3
> window size
> Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Made a OUT CALL RPLY packet
> Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Starting call (launching pppd,
> opening GRE)
> Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: pty_fd = 5
> Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: tty_fd = 6
> Jan 21 15:14:52 quilmes pptpd[4418]: CTRL (PPPD Launcher): Connection speed
> = 115200
> Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: I wrote 32 bytes to the client.
> Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Sent packet to client
> Jan 21 15:14:52 quilmes pptpd[4418]: CTRL (PPPD Launcher): local address =
> 192.168.66.1
> Jan 21 15:14:52 quilmes pptpd[4418]: CTRL (PPPD Launcher): remote address =
> 192.168.66.200
> Jan 21 15:14:52 quilmes pptpd[4417]: GRE:
> read(fd=6,buffer=bfffd768,len=8260) from network failed: status = -1 error =
> Connection refused
> Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: GRE read or PTY write failed
> (gre,pty)=(6,5)
> Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Client xxx.xxx.xxx.xxx control
> connection finished
> Jan 21 15:14:52 quilmes pptpd[4417]: CTRL: Exiting now
> Jan 21 15:14:52 quilmes pptpd[4368]: MGR: Reaped child 4417
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
      The Day After Crew
    http://www.kcraves.com
mailto:thedayafter at kcraves.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


From John.vanLit at Ratio-IT.NL  Tue Jan 22 03:26:39 2002
From: John.vanLit at Ratio-IT.NL (Ratio-IT John van Lit)
Date: Tue, 22 Jan 2002 10:26:39 +0100
Subject: [pptp-server] Options file
Message-ID: <BD8E709ECF08D611A7B60030F105680D60E4@RATIO03-EXH>

Hi,

I'm new to this group also poptop is a new part for me.

Can any one tell me what the best way is to configure the options file.

The authentication for the pptp users is this done on the linux server or on
a NT server?
Can it be used toghter with a ADSL pptp Alcatel modem?

maybe it is possible that some one could send me an confiugred example file.


Rgds,

John van Lit
Ratio-it
Email: John.vanLIt at Ratio-IT.nl




From berzerke at swbell.net  Tue Jan 22 08:14:13 2002
From: berzerke at swbell.net (robert)
Date: Tue, 22 Jan 2002 08:14:13 -0600
Subject: [pptp-server] Options file
In-Reply-To: <BD8E709ECF08D611A7B60030F105680D60E4@RATIO03-EXH>
References: <BD8E709ECF08D611A7B60030F105680D60E4@RATIO03-EXH>
Message-ID: <0GQC00DD7FJB6N@mta5.rcsntx.swbell.net>

Howto is at http://home.swbell.net/berzerke

On Tuesday 22 January 2002 03:26 am, Ratio-IT John van Lit wrote:
> Hi,
>
> I'm new to this group also poptop is a new part for me.
>
> Can any one tell me what the best way is to configure the options file.
>
> The authentication for the pptp users is this done on the linux server or
> on a NT server?
> Can it be used toghter with a ADSL pptp Alcatel modem?
>
> maybe it is possible that some one could send me an confiugred example
> file.
>
>
> Rgds,
>
> John van Lit
> Ratio-it
> Email: John.vanLIt at Ratio-IT.nl
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From Josh.Howlett at bristol.ac.uk  Tue Jan 22 12:48:09 2002
From: Josh.Howlett at bristol.ac.uk (Josh Howlett)
Date: Tue, 22 Jan 2002 18:48:09 +0000 (GMT)
Subject: [pptp-server] Wierd Win 98 problem
Message-ID: <Pine.SOL.3.95q.1020122184204.26907W-100000@shark.cse.bris.ac.uk>

hi all,

I have a windows 98 laptop that was using MPPE-128 with no problems
until a few hours back.  Suddenly it started giving 720 error
(encryption not supported) errors for no obvious reason.  I was also
getting this is the logs:

pppd[383]: MPPE 40 bit, stateless transmit compression enabled

The connection would die with the 720 error.

I scratched my head trying to figure out what I had changed (if
anything) to the server config.  Finally, I added "mppe-40" to the
config out of desperation to see what happened.  It worked!  At least, I
got a connection with MPPE-40 (without the 720 error):

pppd[430]: MPPE 40 bit, stateless compression enabled

Does anyone have *any* idea why this would have happened?  I don't
recall changing the config on the laptop or the server...

Obviously, I'd like my MPPE-128 back, so if anyone has any bright ideas
about that I'd like to hear them :-)

cheers, josh.

---------------------------------------
Josh Howlett, Network Support Officer,
Networking & Digital Communications,
Information Systems & Computing,
University of Bristol, U.K.
0117 928 7850 | josh.howlett at bris.ac.uk
---------------------------------------



From mikael.lonnroth at advancevpn.com  Tue Jan 22 23:30:19 2002
From: mikael.lonnroth at advancevpn.com (=?iso-8859-1?Q?Mikael_L=F6nnroth?=)
Date: Tue, 22 Jan 2002 21:30:19 -0800
Subject: [pptp-server] PPTP+MPPE for Linux 2.4.16, VERY short instructions + downloads
References: <BD8E709ECF08D611A7B60030F105680D60E4@RATIO03-EXH> <0GQC00DD7FJB6N@mta5.rcsntx.swbell.net>
Message-ID: <005c01c1a3cf$0d0eb530$121b7d0a@advancehome>

I updated our mirror section a bit and included the downloads needed for
PPTP+MPPE with linux 2.4.16. These can be found at:

http://www.advancevpn.com/en/download_other.html

 I have provided my own quick install instructions, but instead of using
those, I recommend reading the excellent (and very up-to-date) HOWTO at:

http://home.swbell.net/berzerke/howto.html

Regards,
Mikael L?nnroth
www.advancevpn.com



From J-lit at planet.nl  Wed Jan 23 07:34:20 2002
From: J-lit at planet.nl (John)
Date: Wed, 23 Jan 2002 14:34:20 +0100
Subject: [pptp-server] Error amking a connection
Message-ID: <000801c1a412$c75e57e0$410aa8c0@LITWS>

all,

when i try to make a connection with my Windows 2000 client i recieve the following error (619 the specified port is not connected)

When i look into the log file in /var/log/messages i see the following message.

MGR: Launching /usr/sbin/pptpctrl to handle client

Jan 22 17:29:22 linux pptpd[4516]: CTRL: local address = 192.168.0.1

Jan 22 17:29:22 linux pptpd[4516]: CTRL: remote address = 192.168.1.100

Jan 22 17:29:22 linux pptpd[4516]: CTRL: pppd speed = 115200

Jan 22 17:29:22 linux pptpd[4516]: CTRL: pppd options file = /etc/ppp/options.ppp0

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Client 192.168.10.65 control connection started

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Received PPTP Control Message (type: 1)

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Made a START CTRL CONN RPLY packet

Jan 22 17:29:22 linux pptpd[4516]: CTRL: I wrote 156 bytes to the client.

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Sent packet to client

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Received PPTP Control Message (type: 7)

Jan 22 17:29:22 linux pptpd[4516]: CTRL: 0 min_bps, 1525 max_bps, 32 window size

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Made a OUT CALL RPLY packet

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Starting call (launching pppd, opening GRE)

Jan 22 17:29:22 linux pptpd[4516]: CTRL: pty_fd = 5

Jan 22 17:29:22 linux pptpd[4516]: CTRL: tty_fd = 6

Jan 22 17:29:22 linux pptpd[4517]: CTRL (PPPD Launcher): Connection speed = 115200

Jan 22 17:29:22 linux pptpd[4517]: CTRL (PPPD Launcher): local address = 192.168.0.1

Jan 22 17:29:22 linux pptpd[4517]: CTRL (PPPD Launcher): remote address = 192.168.1.100

Jan 22 17:29:22 linux pptpd[4516]: CTRL: I wrote 32 bytes to the client.

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Sent packet to client

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Received PPTP Control Message (type: 15)

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Got a SET LINK INFO packet with standard ACCMs

Jan 22 17:29:22 linux pppd[4517]: The remote system is required to authenticate itself

Jan 22 17:29:22 linux pppd[4517]: but I couldn't find any suitable secret (password) for it to use to do so.

Jan 22 17:29:22 linux pppd[4517]: (None of the available passwords would let it use an IP address.)

Jan 22 17:29:22 linux pptpd[4516]: Error reading from pppd: Input/output error

Jan 22 17:29:22 linux pptpd[4516]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5)

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Client 192.168.10.65 control connection finished

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Exiting now

Can any one help me solving this

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020123/94c1c751/attachment.html>

From J-lit at planet.nl  Wed Jan 23 07:37:37 2002
From: J-lit at planet.nl (John)
Date: Wed, 23 Jan 2002 14:37:37 +0100
Subject: [pptp-server] Error making connection
Message-ID: <001201c1a413$243791c0$410aa8c0@LITWS>

all,

when i try to make a connection with my Windows 2000 client i recieve the following error (619 the specified port is not connected)

When i look into the log file in /var/log/messages i see the following message.

MGR: Launching /usr/sbin/pptpctrl to handle client

Jan 22 17:29:22 linux pptpd[4516]: CTRL: local address = 192.168.0.1

Jan 22 17:29:22 linux pptpd[4516]: CTRL: remote address = 192.168.1.100

Jan 22 17:29:22 linux pptpd[4516]: CTRL: pppd speed = 115200

Jan 22 17:29:22 linux pptpd[4516]: CTRL: pppd options file = /etc/ppp/options.ppp0

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Client 192.168.10.65 control connection started

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Received PPTP Control Message (type: 1)

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Made a START CTRL CONN RPLY packet

Jan 22 17:29:22 linux pptpd[4516]: CTRL: I wrote 156 bytes to the client.

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Sent packet to client

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Received PPTP Control Message (type: 7)

Jan 22 17:29:22 linux pptpd[4516]: CTRL: 0 min_bps, 1525 max_bps, 32 window size

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Made a OUT CALL RPLY packet

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Starting call (launching pppd, opening GRE)

Jan 22 17:29:22 linux pptpd[4516]: CTRL: pty_fd = 5

Jan 22 17:29:22 linux pptpd[4516]: CTRL: tty_fd = 6

Jan 22 17:29:22 linux pptpd[4517]: CTRL (PPPD Launcher): Connection speed = 115200

Jan 22 17:29:22 linux pptpd[4517]: CTRL (PPPD Launcher): local address = 192.168.0.1

Jan 22 17:29:22 linux pptpd[4517]: CTRL (PPPD Launcher): remote address = 192.168.1.100

Jan 22 17:29:22 linux pptpd[4516]: CTRL: I wrote 32 bytes to the client.

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Sent packet to client

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Received PPTP Control Message (type: 15)

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Got a SET LINK INFO packet with standard ACCMs

Jan 22 17:29:22 linux pppd[4517]: The remote system is required to authenticate itself

Jan 22 17:29:22 linux pppd[4517]: but I couldn't find any suitable secret (password) for it to use to do so.

Jan 22 17:29:22 linux pppd[4517]: (None of the available passwords would let it use an IP address.)

Jan 22 17:29:22 linux pptpd[4516]: Error reading from pppd: Input/output error

Jan 22 17:29:22 linux pptpd[4516]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5)

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Client 192.168.10.65 control connection finished

Jan 22 17:29:22 linux pptpd[4516]: CTRL: Exiting now

Can any one help me solving this

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020123/fcd89809/attachment.html>

From John.vanLit at BuroRM.nl  Wed Jan 23 08:22:16 2002
From: John.vanLit at BuroRM.nl (Buro RM - John van Lit)
Date: Wed, 23 Jan 2002 15:22:16 +0100
Subject: [pptp-server] Error making connection
Message-ID: <81A684765505D411B04D00A0247B0694076537@BRMSRV01>

all,

when i try to make a connection with my Windows 2000 client i recieve the
following error (619 the specified port is not connected)

When i look into the log file in /var/log/messages i see the following
message.

 MGR: Launching /usr/sbin/pptpctrl to handle client
Jan 22 17:29:22 linux pptpd[4516]: CTRL: local address = 192.168.0.1
Jan 22 17:29:22 linux pptpd[4516]: CTRL: remote address = 192.168.1.100
Jan 22 17:29:22 linux pptpd[4516]: CTRL: pppd speed = 115200
Jan 22 17:29:22 linux pptpd[4516]: CTRL: pppd options file =
/etc/ppp/options.ppp0
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Client 192.168.10.65 control
connection started
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Received PPTP Control Message
(type: 1)
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Made a START CTRL CONN RPLY packet
Jan 22 17:29:22 linux pptpd[4516]: CTRL: I wrote 156 bytes to the client.
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Sent packet to client
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Received PPTP Control Message
(type: 7)
Jan 22 17:29:22 linux pptpd[4516]: CTRL: 0 min_bps, 1525 max_bps, 32 window
size
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Made a OUT CALL RPLY packet
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Starting call (launching pppd,
opening GRE)
Jan 22 17:29:22 linux pptpd[4516]: CTRL: pty_fd = 5
Jan 22 17:29:22 linux pptpd[4516]: CTRL: tty_fd = 6
Jan 22 17:29:22 linux pptpd[4517]: CTRL (PPPD Launcher): Connection speed =
115200
Jan 22 17:29:22 linux pptpd[4517]: CTRL (PPPD Launcher): local address =
192.168.0.1
Jan 22 17:29:22 linux pptpd[4517]: CTRL (PPPD Launcher): remote address =
192.168.1.100
Jan 22 17:29:22 linux pptpd[4516]: CTRL: I wrote 32 bytes to the client.
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Sent packet to client
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Received PPTP Control Message
(type: 15)
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Got a SET LINK INFO packet with
standard ACCMs
Jan 22 17:29:22 linux pppd[4517]: The remote system is required to
authenticate itself
Jan 22 17:29:22 linux pppd[4517]: but I couldn't find any suitable secret
(password) for it to use to do so.
Jan 22 17:29:22 linux pppd[4517]: (None of the available passwords would let
it use an IP address.)
Jan 22 17:29:22 linux pptpd[4516]: Error reading from pppd: Input/output
error
Jan 22 17:29:22 linux pptpd[4516]: CTRL: GRE read or PTY write failed
(gre,pty)=(6,5)
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Client 192.168.10.65 control
connection finished
Jan 22 17:29:22 linux pptpd[4516]: CTRL: Exiting now

Can any one help me solving this.

Rgds,

John van Lit


From Steve at SteveCowles.com  Wed Jan 23 09:03:57 2002
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Wed, 23 Jan 2002 09:03:57 -0600
Subject: [pptp-server] Error making connection
Message-ID: <90769AF04F76D41186C700A0C90AFC3EEA02@defiant.infohiiway.com>

> -----Original Message-----
> From: Buro RM - John van Lit [mailto:John.vanLit at BuroRM.nl]
> Sent: Wednesday, January 23, 2002 8:22 AM
> To: 'pptp-server at lists.schulte.org'
> Subject: [pptp-server] Error making connection
> 
> 
> all,
> 
> when i try to make a connection with my Windows 2000 client i 
> recieve the following error (619 the specified port is not connected)
> 
> When i look into the log file in /var/log/messages i see the following
> message.
>

Much log stuff deleted...
 
> Jan 22 17:29:22 linux pppd[4517]: The remote system is required to
> authenticate itself
> Jan 22 17:29:22 linux pppd[4517]: but I couldn't find any 
> suitable secret(password) for it to use to do so.

Have you added your username/password to your /etc/ppp/chap-secrets file???
i.e.

username   *   password   *

Steve Cowles


From rhelling at bechtel.com  Wed Jan 23 18:24:22 2002
From: rhelling at bechtel.com (Hellings, Ross)
Date: Wed, 23 Jan 2002 18:24:22 -0600
Subject: [pptp-server] PPTP in Multi National Companies
Message-ID: <15918AB0B8B3D411B56A00508BDD1039018FD75F@SINS0088>

I work in a Multi National Company, and we have been deploying PPTP servers
using the PoPoTp Server for some time now, running on Debian 'potato'
machines for some time now, and we are very happy with its functionality.
On a daily basis we have more than 10,000 people using our 10 servers
running the PPTP Daemon.  We use a Solaris NIS+ server to deal with the
chap-secrets file, so that any user on the Solaris chap-secrets file can log
into any of our VPN servers, the reasoning being, 1. we don't want to
manually update each server to add a new user, 2. I have this horrible thing
with centralization, and I think things are much easier to manage this way.

What we do currently is, that we give each user a list of all the VPN
servers, on a country basis, and they can then manually chose, which works
fine.  But then there are all those idiots 'users' who do things like
believe in proper grammar a IP address should end with another '.' when
setting up the connection, result, it doesn't work.  What we want to do is
essentially load balancing, what I envision is, we have one main, global
PPTP server, someone tries to logon to it, the main PPTP server then re
routes it to the closest available PPTP server, with the least lag, and then
it logs on there instead, it should also be based on user load on the PPTP
server.

Another problem I have noticed is that PPTP is reasonably slow, even if we
PPTP in over the LAN in one country  , with 100MB/s network connectivity,
then it will still take much longer to transfer a big file than normal, I
found this out by trying to move a 1GB file, big mistake.  Is this due to
the fact that the PPP daemon is designed for slow communications (e.g..
Modems), or is there some way to speed this up.

What do the rest of you think about this kind of 'Load Balancing' idea, and
what is the general consensus on centralization and PPTP?

Kind Regards, and thanks for you input.

Ross Hellings
IS&T Manager,
THK


From barjunk at attglobal.net  Wed Jan 23 18:27:48 2002
From: barjunk at attglobal.net (Michael Barsalou)
Date: Wed, 23 Jan 2002 15:27:48 -0900
Subject: [pptp-server] Windows XP and PPTP
Message-ID: <3C4ED674.26220.1BAD3AF@localhost>

We have a working PPTP setup using Win98 machines, however, 
when we try to setup a XP machine, we are having some difficulty 
getting connected.

Anyone have some good info on this?

Mike


Michael Barsalou
barjunk at attglobal.net


From poptop at kaiserdigital.com  Wed Jan 23 19:03:19 2002
From: poptop at kaiserdigital.com (poptop at kaiserdigital.com)
Date: Wed, 23 Jan 2002 17:03:19 -0800
Subject: [pptp-server] Installation problems
Message-ID: <000001c1a472$e9b254d0$0b00a8c0@mouse>

Hi

I've been unable to get poptop working. I keep keeping the following
error.

Couldn't set tty to PPP discipline: Invalid argument
GRE: read( ... ) error input:output error
PTY read or GRE write failed ...

I installed this on a Redhat 7.1 system with the Kernel Development and
Development modules installed

I compiled the kernel with the following three options

Monolithic Kernel
Unix PTY98 (this is on by default) 
PPP

I followed the following process (Outlook likes to mess with the case so
please excuse ignore those errors)

1) rpm -I ppp-2.4.0-2.i386.rpm
2) rpm -I pptpd-init-1.0.1-1.i386.rpm
3) Modify /etc/pptpd.conf

Speed 115200
Debug
Localip 192.168.0.234-238,192.168.0.245
remoteip 192.168.1.234-238,192.168.1.245

4) Modify /etc/ppp/options

Lock
Debug
Auth
+chap
Proxyarp

5) Modify /etc/ppp/chap-secrets

User	*	password	*

6) Start daemon /etc/rc.d/init/pptpd start

I then tried to connect from an XP client using the following
configuration

Include windows logon domain = false
Require data Encryption = false
Type of VPN  = PPTP
Protocols = IP, QOS (this can't be disabled)
PPP Settings = Disable LCP extensions, Disable Software Compression


 


What did I do wrong???

Thanks




From Josh.Howlett at bristol.ac.uk  Thu Jan 24 02:17:58 2002
From: Josh.Howlett at bristol.ac.uk (Josh Howlett)
Date: Thu, 24 Jan 2002 08:17:58 +0000 (GMT)
Subject: [pptp-server] Windows XP and PPTP
In-Reply-To: <3C4ED674.26220.1BAD3AF@localhost>
Message-ID: <Pine.SOL.3.95q.1020124081706.12767K-100000@shark.cse.bris.ac.uk>

Hi Mike,

I've had WinXP going fine with MPPE-128.  Make sure you disable
compression on the client end.

Failing that, post the logs.

josh.

On Wed, 23 Jan 2002, Michael Barsalou wrote:

> We have a working PPTP setup using Win98 machines, however, 
> when we try to setup a XP machine, we are having some difficulty 
> getting connected.
> 
> Anyone have some good info on this?
> 
> Mike
> 
> 
> Michael Barsalou
> barjunk at attglobal.net
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 
> 

---------------------------------------
Josh Howlett, Network Support Officer,
Networking & Digital Communications,
Information Systems & Computing,
University of Bristol, U.K.
0117 928 7850 | josh.howlett at bris.ac.uk
---------------------------------------



From Josh.Howlett at bristol.ac.uk  Thu Jan 24 02:43:00 2002
From: Josh.Howlett at bristol.ac.uk (Josh Howlett)
Date: Thu, 24 Jan 2002 08:43:00 +0000 (GMT)
Subject: [pptp-server] PPTP in Multi National Companies
In-Reply-To: <15918AB0B8B3D411B56A00508BDD1039018FD75F@SINS0088>
Message-ID: <Pine.SOL.3.95q.1020124082209.12767N-100000@shark.cse.bris.ac.uk>

Ross,

I can't think of any way of doing this simply using networking voodoo.

One possibility would be to design a web-page on your corporate website
displaying the list of country VPN servers.  A user could select the
appropriate country, which would download a DUN file pre-configured for
that VPN server.  The user could then double-click on the DUN file, only
having to enter username and password.

You might also want to experiment using DNS round-robin for
load-balancing your VPN servers.  For example, say you have two VPN
servers (192.168.1.1 and 192.168.1.2) in Europe.  You map both those IP
addresses to the same hostname (europe-vpn.megacorp.com).  Hence, if the
VPN clients are configured to connect to "europe-vpn.megacorp.com", 50%
will actually connect to 192.168.1.1 and 50% will connect to
192.168.1.2.

Needless to say, I haven't tried either of these so your mileage may
vary :-/

josh.

On Wed, 23 Jan 2002, Hellings, Ross wrote:

> I work in a Multi National Company, and we have been deploying PPTP servers
> using the PoPoTp Server for some time now, running on Debian 'potato'
> machines for some time now, and we are very happy with its functionality.
> On a daily basis we have more than 10,000 people using our 10 servers
> running the PPTP Daemon.  We use a Solaris NIS+ server to deal with the
> chap-secrets file, so that any user on the Solaris chap-secrets file can log
> into any of our VPN servers, the reasoning being, 1. we don't want to
> manually update each server to add a new user, 2. I have this horrible thing
> with centralization, and I think things are much easier to manage this way.
> 
> What we do currently is, that we give each user a list of all the VPN
> servers, on a country basis, and they can then manually chose, which works
> fine.  But then there are all those idiots 'users' who do things like
> believe in proper grammar a IP address should end with another '.' when
> setting up the connection, result, it doesn't work.  What we want to do is
> essentially load balancing, what I envision is, we have one main, global
> PPTP server, someone tries to logon to it, the main PPTP server then re
> routes it to the closest available PPTP server, with the least lag, and then
> it logs on there instead, it should also be based on user load on the PPTP
> server.
> 
> Another problem I have noticed is that PPTP is reasonably slow, even if we
> PPTP in over the LAN in one country  , with 100MB/s network connectivity,
> then it will still take much longer to transfer a big file than normal, I
> found this out by trying to move a 1GB file, big mistake.  Is this due to
> the fact that the PPP daemon is designed for slow communications (e.g..
> Modems), or is there some way to speed this up.
> 
> What do the rest of you think about this kind of 'Load Balancing' idea, and
> what is the general consensus on centralization and PPTP?
> 
> Kind Regards, and thanks for you input.
> 
> Ross Hellings
> IS&T Manager,
> THK
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 
> 

---------------------------------------
Josh Howlett, Network Support Officer,
Networking & Digital Communications,
Information Systems & Computing,
University of Bristol, U.K.
0117 928 7850 | josh.howlett at bris.ac.uk
---------------------------------------



From John.vanLit at BuroRM.nl  Thu Jan 24 03:13:08 2002
From: John.vanLit at BuroRM.nl (Buro RM - John van Lit)
Date: Thu, 24 Jan 2002 10:13:08 +0100
Subject: [pptp-server] Address Client site
Message-ID: <81A684765505D411B04D00A0247B0694076538@BRMSRV01>

Hi All,

I can make connection with my linux server CQ firewall from the local
netwerk. when i look at my IP configuration i see that i recieve the
following address. can i solve the routing problem simple by adding a static
route to my Firewall. or is there another way.

My firewall is stil closed for this traffic thats the reason that i do this
from the inside.

PPP adapter Test verbinding:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.101
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.101
        DNS Servers . . . . . . . . . . . :
        Primary WINS Server . . . . . . . : 192.168.10.1
        Secondary WINS Server . . . . . . : 192.168.10.1

pptp.conf

speed 115200'
localip 192.168.10.225-251
remoteip 182.168.10.225-251

Options file 

debug
name linux
auth
require-chap
proxyarp
ms-wins 192.168.10.1


Rgds,
John van Lit
Ratio-it
Email: John.vanLIt at Ratio-IT.nl






From barjunk at attglobal.net  Thu Jan 24 11:46:44 2002
From: barjunk at attglobal.net (Michael Barsalou)
Date: Thu, 24 Jan 2002 08:46:44 -0900
Subject: [pptp-server] Windows XP and PPTP
In-Reply-To: <Pine.SOL.3.95q.1020124120207.8976H-100000@shark.cse.bris.ac.uk>
References: <3C4F598C.6575.397C718@localhost>
Message-ID: <3C4FC9F4.1985.32BD49@localhost>

Josh,

that seems to have done it.  I found the route thing too...it is in the 
advanced button of the tcp/ip properties of the VPN icon. (not the 
dial-up Icon).

So why does turning off compression make things work?

Mike

Date sent:      	Thu, 24 Jan 2002 12:02:38 +0000 (GMT)
From:           	Josh Howlett <Josh.Howlett at bristol.ac.uk>
To:             	Barsalou <MJBarsalou at attglobal.net>
Subject:        	Re: [pptp-server] Windows XP and PPTP

> > Josh,
> > 
> > That would be software compression?  The box under the LCP box?
> 
> Yup.
> 
> > Do you have instructions on setting up XP client?  I am having
> > trouble with routes being set properly too!
> 
> Routes on the XP box or the VPN box?
> 
> josh.
> 
> ---------------------------------------
> Josh Howlett, Network Support Officer,
> Networking & Digital Communications,
> Information Systems & Computing,
> University of Bristol, U.K.
> 0117 928 7850 | josh.howlett at bris.ac.uk
> ---------------------------------------
> 




Michael Barsalou
barjunk at attglobal.net


From charlieb at e-smith.com  Thu Jan 24 11:51:40 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Thu, 24 Jan 2002 12:51:40 -0500 (EST)
Subject: [pptp-server] Windows XP and PPTP
In-Reply-To: <3C4FC9F4.1985.32BD49@localhost>
Message-ID: <Pine.LNX.4.33.0201241249210.17736-100000@vegemite.ottawa.e-smith.com>

On Thu, 24 Jan 2002, Michael Barsalou wrote:

> Josh,
> 
> that seems to have done it.  I found the route thing too...it is in the 
> advanced button of the tcp/ip properties of the VPN icon. (not the 
> dial-up Icon).
> 
> So why does turning off compression make things work?

Because PoPToP doesn't handle the compression protocol, which is a 
patented protocol (LSZ, ex STAC, now something else). If your client 
insists on using compression, then PoPToP has no option but to say no.

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From j-lit at planet.nl  Thu Jan 24 13:57:56 2002
From: j-lit at planet.nl (John van Lit)
Date: Thu, 24 Jan 2002 20:57:56 +0100
Subject: [pptp-server] connection problem
Message-ID: <003b01c1a511$6a89fe20$010aa8c0@prive.th>

Hi,

I'm running Suse 7.1 
My firewall is up and running. I can masq from my local network to the outside.
The mailserver is running on the inside and is recieving mail so far so good.
But when i try to logon with a vpn connection i recieve the following error. 
Peer is not authorized to use remote address 192.168.11.xx
Can any one tell we wat is wrong?

Rgds,
 
John van Lit

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020124/9ce72b60/attachment.html>

From lists at earthling.2y.net  Thu Jan 24 14:05:30 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Thu, 24 Jan 2002 15:05:30 -0500 (EST)
Subject: [pptp-server] Windows XP and PPTP
In-Reply-To: <Pine.LNX.4.33.0201241249210.17736-100000@vegemite.ottawa.e-smith.com>
Message-ID: <Pine.LNX.4.33.0201241504070.13299-100000@earthling.2y.net>

MPPC - Microsft Point to Point Compression Protocol.

It can be implmented in pppd, but the use of it can actually make
datagrams larger, so thats why the pppd people have never tried writing a
module for it.


-Justin

 On Thu, 24 Jan
2002, Charlie Brady wrote:

>
> On Thu, 24 Jan 2002, Michael Barsalou wrote:
>
> > Josh,
> >
> > that seems to have done it.  I found the route thing too...it is in the
> > advanced button of the tcp/ip properties of the VPN icon. (not the
> > dial-up Icon).
> >
> > So why does turning off compression make things work?
>
> Because PoPToP doesn't handle the compression protocol, which is a
> patented protocol (LSZ, ex STAC, now something else). If your client
> insists on using compression, then PoPToP has no option but to say no.
>
> --
> Charlie Brady                         charlieb at e-smith.com
> Lead Product Developer
> Network Server Solutions Group        http://www.e-smith.com/
> Mitel Networks Corporation            http://www.mitel.com/
> Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From charlieb at e-smith.com  Thu Jan 24 14:14:43 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Thu, 24 Jan 2002 15:14:43 -0500 (EST)
Subject: [pptp-server] Windows XP and PPTP
In-Reply-To: <Pine.LNX.4.33.0201241504070.13299-100000@earthling.2y.net>
Message-ID: <Pine.LNX.4.33.0201241511490.17736-100000@vegemite.ottawa.e-smith.com>

On Thu, 24 Jan 2002 lists at earthling.2y.net wrote:

> MPPC - Microsft Point to Point Compression Protocol.
> 
> It can be implmented in pppd, but the use of it can actually make
> datagrams larger, so thats why the pppd people have never tried writing a
> module for it.

The MPPE encryption already makes datagrams larger. And yes, that can be a 
problem.

Check again, you'll see that the compression protocol is patented. That's
at least an additional reason that it hasn't been implemented in
PoPToP/pppd, if not the main reason.

[And sure they call it a Microsoft protocol, even though they didn't 
invent it.]

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From mgix at nothingreal.com  Thu Jan 24 14:24:04 2002
From: mgix at nothingreal.com (Emmanuel Mogenet)
Date: Thu, 24 Jan 2002 12:24:04 -0800
Subject: [pptp-server] new release of pptp proxy
Message-ID: <000b01c1a515$115e1800$01a800c0@aloysius>

Release 1.3 of pptpproxy, a PPTP userland
forwarder for Unix firewalls is available
at http://www.mgix.com/pptpproxy





From berzerke at swbell.net  Thu Jan 24 18:18:42 2002
From: berzerke at swbell.net (robert)
Date: Thu, 24 Jan 2002 18:18:42 -0600
Subject: [pptp-server] Windows XP and PPTP
In-Reply-To: <3C4ED674.26220.1BAD3AF@localhost>
References: <3C4ED674.26220.1BAD3AF@localhost>
Message-ID: <0GQG00IE5WV08C@mta4.rcsntx.swbell.net>

I've only one report (so far), but following the instructions in the 2.4 
kernel howto, another has reported success with no problems with XP.

http://home.swbell.net/berzerke

On Wednesday 23 January 2002 06:27 pm, Michael Barsalou wrote:
> We have a working PPTP setup using Win98 machines, however,
> when we try to setup a XP machine, we are having some difficulty
> getting connected.
>
> Anyone have some good info on this?
>
> Mike
>
>
> Michael Barsalou
> barjunk at attglobal.net


From John.vanLit at BuroRM.nl  Fri Jan 25 05:56:56 2002
From: John.vanLit at BuroRM.nl (Buro RM - John van Lit)
Date: Fri, 25 Jan 2002 12:56:56 +0100
Subject: [pptp-server] HELP
Message-ID: <81A684765505D411B04D00A0247B0694076540@BRMSRV01>

Hi all,

When i make connection to my poptop server the connection is lost. The
following appears in my messages log.

the wierd part is that when i'm not connected to the internet my connection
is accepted and works it fine. When i'm connected to the internet and then
try to make the connection it doesn't work.

Jan 25 12:39:44 linux pptpd[1216]: CTRL: Client 192.168.10.53 control
connection started
Jan 25 12:39:44 linux pptpd[1216]: CTRL: Starting call (launching pppd,
opening GRE)
Jan 25 12:39:44 linux pppd[1217]: pppd 2.3.11 started by root, uid 0
Jan 25 12:39:44 linux pppd[1217]: Using interface ppp1
Jan 25 12:39:44 linux pppd[1217]: Connect: ppp1 <--> /dev/pts/3
Jan 25 12:39:46 linux pptpd[1216]: CTRL: Ignored a SET LINK INFO packet with
real ACCMs!
Jan 25 12:39:46 linux pppd[1217]: Peer is not authorized to use remote
address 192.168.11.226
Jan 25 12:39:53 linux pppd[1217]: Connection terminated.
Jan 25 12:39:53 linux pppd[1217]: Connect time 0.1 minutes.
Jan 25 12:39:53 linux pppd[1217]: Sent 458 bytes, received 485 bytes.
Jan 25 12:39:53 linux pppd[1217]: Exit.
Jan 25 12:39:53 linux pptpd[1216]: Error reading from pppd: Input/output
error
Jan 25 12:39:53 linux pptpd[1216]: CTRL: GRE read or PTY write failed
(gre,pty)=(5,4)
Jan 25 12:39:53 linux pptpd[1216]: CTRL: Client 192.168.10.53 control
connection finished

It doesnt matter if i use auth or noauth.

the config files look like this 

Options file
debug
name linux
auth
require-chap
proxyarp

pptpd.conf

speed 115200
localeip 192.168.10.225-251
remoteip 192.168.11.225-251

Who can help me with this 

Rgds,

John van LIt



From lantzen at alife.de  Fri Jan 25 11:06:15 2002
From: lantzen at alife.de (Michael Lantzen)
Date: Fri, 25 Jan 2002 18:06:15 +0100
Subject: [pptp-server] Windows XP
Message-ID: <LGEFJBCBBNBIINHPPCLBAEAICDAA.lantzen@alife.de>

our pptp server works fine with all windows as client beside win xp. It cant
get most webpages, pinging works fine. acts like a mtu problem. any ideas?



From jah at progress.com  Fri Jan 25 11:18:07 2002
From: jah at progress.com (Jari Ahonen)
Date: Fri, 25 Jan 2002 18:18:07 +0100
Subject: [pptp-server] Linux client to PPTP server (kernel > 2.4.10) success
Message-ID: <3C51934F.882C081@progress.com>

Hi,

I'm not on this list but thought to post my solution to the
problems with Linux clients getting error about GRE not being
available when server kernel is over version 2.4.10.

My client and server are both 2.4.16 with MPPE patches. I also
got the GRE: protocol not available error.

But if I load the ip_gre module on the client before connecting,
everything goes fine. So before starting pptp client, do
modprobe ip_gre

This worked for me, YMMV.

- Jari


From poptop at kaiserdigital.com  Fri Jan 25 11:30:35 2002
From: poptop at kaiserdigital.com (poptop at kaiserdigital.com)
Date: Fri, 25 Jan 2002 09:30:35 -0800
Subject: [pptp-server] Linux client to PPTP server (kernel > 2.4.10) success
In-Reply-To: <3C51934F.882C081@progress.com>
Message-ID: <002001c1a5c5$ff6a2010$0b00a8c0@mouse>

Hi

I've been trying to install PPTPD on Redhat 7.1 but I've been having
some problems.

You mentioned an MPPE patch. How did you apply this? What was the
command you executed? 

Thank you


-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Jari Ahonen
Sent: Friday, January 25, 2002 9:18 AM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] Linux client to PPTP server (kernel > 2.4.10)
success


Hi,

I'm not on this list but thought to post my solution to the problems
with Linux clients getting error about GRE not being available when
server kernel is over version 2.4.10.

My client and server are both 2.4.16 with MPPE patches. I also got the
GRE: protocol not available error.

But if I load the ip_gre module on the client before connecting,
everything goes fine. So before starting pptp client, do modprobe ip_gre

This worked for me, YMMV.

- Jari
_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --



From jah at progress.com  Fri Jan 25 13:03:43 2002
From: jah at progress.com (Jari Ahonen)
Date: Fri, 25 Jan 2002 20:03:43 +0100
Subject: [pptp-server] Linux client to PPTP server (kernel > 2.4.10) success
References: <002001c1a5c5$ff6a2010$0b00a8c0@mouse>
Message-ID: <3C51AC0F.93ACB9C2@progress.com>

poptop at kaiserdigital.com wrote:
> I've been trying to install PPTPD on Redhat 7.1 but I've been having
> some problems.
> 
> You mentioned an MPPE patch. How did you apply this? What was the
> command you executed?

You need the MPPE patch for encryption. But you don't need it
to run PPTPD. Of course you can only get unencrypted connections
without it.

The patch is available from http://mirror.binarix.com/ppp-mppe/
There are also precompiled kernel RPMs if you don't feel like
rebuilding your kernel yourself.

The whole process goes something like this:
- Get kernel sources.
- Get pppd sources.
- Get pptpd sources.
- Get the MPPE patch for both kernel and pppd.
- Patch kernel source with MPPE kernel patch and build it.
- Reboot with the new kernel.
- Patch pppd source with the MPPE pppd patch and build it.
- Replace system pppd with the one you built.
- Read pppd manual page for appropriate parameters and
  add them to your pppd options file.
- Build and install pptpd. Config file template is included with
  the sources, edit it to suit your needs.
- Start pptpd and try connecting.

There is a FAQ for all this somewhere... Link can be found from
the PoPToP home page.

- jah

-- 
------------------------------------------------------------------
| Jari Ahonen               | Progress Software Europe           |
| jah at progress.com          | Schorpioenstraat 67                |
| Tel: +31-10-2865 700      | 3067 GG Rotterdam                  |
| Fax: +31-10-2865 225      | The Netherlands                    |
|----------------------------------------------------------------|
|       "Once you've made the commitment to recreation,          |
|                 there is no turning back."                     |
------------------------------------------------------------------


From Progman2000 at usa.net  Fri Jan 25 21:20:09 2002
From: Progman2000 at usa.net (Daniel Johnson)
Date: Fri, 25 Jan 2002 21:20:09 -0600
Subject: [pptp-server] Forcing IPX network to be static
Message-ID: <001a01c1a618$5cb24f20$01d2a8c0@Progman>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is there a way to force all the client VPN connections to a single
IPX network number?  The IPX range isn't going to cut it with our
Netware login scripts, and ipxd is having a hard time updating the
IPX routing tables in time for Windoze to see the Netware servers. 
Any help would be much appreciated!

Weather1 (server)
  Slackware Linux 7.1
  Kernel 2.2.16 (out-of-the-box)
  pppd v2.3.11
Discovery (server)
  Slackware Linux 8.0
  Kernel 2.2.19 (custom recompiled with IPX and other stuff)
  pppd v2.4.1
Both servers:
  ipxripd v0.7
  ipx-tools v1.0
  PoPToP 1.0.1
Clients: Windows 98SEa

Through the modem, off the server, over the T1, past the frame-relay,
< < NOTHIN' BUT NET > >
 
Daniel Johnson
Progman2000 at usa.net
http://dannyj.come.to/
Public PGP Keys & other info: http://dannyj.come.to/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: http://dannyj.come.to/pgp
Comment: KeyID: 0xEAF19C50163E81EF

iQA/AwUBPFIgW+rxnFAWPoHvEQI+DgCggeiZwM78TxfhteHAQOHlIlHGP9YAn1M3
bBes+xWbH816GLl436YXC/uY
=7nna
-----END PGP SIGNATURE-----




From tr at atracit.dk  Sat Jan 26 09:43:17 2002
From: tr at atracit.dk (Thomas Rasmussen)
Date: Sat, 26 Jan 2002 16:43:17 +0100
Subject: [pptp-server] Freebsd + slirp + vpn :)
Message-ID: <002001c1a680$2c9d5e20$0200000a@t1>

i got freebsd and slirp and poptop working now

if i run in poptop+pppd combo it works great i can ping the other net

but if i use slirp ( 128 bit encryption works great )

PPP adapter Virtual Private Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.100

i get this ip

and i then cant ping the other hosts on the other lan

192.168.1.*
255.255.255.0

-Regards Thomas
Denmark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020126/339d5b97/attachment.html>

From charlieb at e-smith.com  Sat Jan 26 11:18:17 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Sat, 26 Jan 2002 12:18:17 -0500 (EST)
Subject: [pptp-server] Forcing IPX network to be static
In-Reply-To: <001a01c1a618$5cb24f20$01d2a8c0@Progman>
Message-ID: <Pine.LNX.4.33.0201261217280.883-100000@allspice.ottawa.e-smith.com>

On Fri, 25 Jan 2002, Daniel Johnson wrote:

> Is there a way to force all the client VPN connections to a single
> IPX network number?

I didn't know that PPTP tunneled anything other than IP.

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From Progman2000 at usa.net  Sat Jan 26 11:50:56 2002
From: Progman2000 at usa.net (Daniel Johnson)
Date: Sat, 26 Jan 2002 11:50:56 -0600
Subject: [pptp-server] Forcing IPX network to be static
References: <Pine.LNX.4.33.0201261217280.883-100000@allspice.ottawa.e-smith.com>
Message-ID: <000801c1a692$027f0780$01d2a8c0@Progman>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----- Original Message ----- 
From: "Charlie Brady" <charlieb at e-smith.com>
Sent: Saturday, January 26, 2002 11:18 AM
> On Fri, 25 Jan 2002, Daniel Johnson wrote:
> > Is there a way to force all the client VPN connections to a
> > single IPX network number?
> I didn't know that PPTP tunneled anything other than IP.

It does pretty well for a single client.  I am planning to test it as
a bridge between us and our remote offices.  If it works it'll save
us a ton of time and money.

As it is, each client gets its own IPX network number from a pool
specified in /etc/pptpd.conf:
ipxnets 09900C00-09900CFF
This makes ipxd have to update its routing tables and broadcast them
to the network, then the Netware servers have to pick up on it and
establish a route.  My current theory is that this usually takes so
long that when the Windows system checks for Netware servers, it
doesn't find any.  Sometimes it does see the servers and presents the
expected login window.  I think if I can set this to a certain
network number (0990000C) then I can establish a 24/7 connection from
a utility system to hold that route in place on the servers.  Then it
should work prefectly.

My next major goal is using another Linux system in a remote office
to VPN into the main office and establish an IP/IPX bridge between
them.  If the systems are both set as default gateways (or at least
static routes on the default gws), then IP traffic should be able to
cross transparently to the users, right?  IPX should be easier, as
ipxd handles the tables and broadcasts automatically.

Through the modem, off the server, over the T1, past the frame-relay,
< < NOTHIN' BUT NET > >
 
Daniel Johnson
Progman2000 at usa.net
http://dannyj.come.to/
Public PGP Keys & other info: http://dannyj.come.to/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: http://dannyj.come.to/pgp
Comment: KeyID: 0xEAF19C50163E81EF

iQA/AwUBPFLsfOrxnFAWPoHvEQICUACeLcJ9dW77/0i1Z9uxqwylPoh7fW0AoJQz
UKPKptwv7vOd/bIwhWpxHZLt
=j91f
-----END PGP SIGNATURE-----




From arturo at descom.es  Sat Jan 26 12:16:27 2002
From: arturo at descom.es (Arturo Pina)
Date: Sat, 26 Jan 2002 19:16:27 +0100
Subject: [pptp-server] Freebsd + slirp + vpn :)
In-Reply-To: <002001c1a680$2c9d5e20$0200000a@t1>
Message-ID: <OAECIPKLAEBFCPMJFFIPOEGMCIAA.arturo@descom.es>

Exactly the same happens to me running under Solaris 7 + slirp + pptp...
  -----Mensaje original-----
  De: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]En nombre de Thomas Rasmussen
  Enviado el: s?bado, 26 de enero de 2002 16:43
  Para: pptp-server at lists.schulte.org
  Asunto: [pptp-server] Freebsd + slirp + vpn :)


  i got freebsd and slirp and poptop working now

  if i run in poptop+pppd combo it works great i can ping the other net

  but if i use slirp ( 128 bit encryption works great )

  PPP adapter Virtual Private Connection:

          Connection-specific DNS Suffix  . :
          IP Address. . . . . . . . . . . . : 192.168.1.100
          Subnet Mask . . . . . . . . . . . : 255.255.255.255
          Default Gateway . . . . . . . . . : 192.168.1.100

  i get this ip

  and i then cant ping the other hosts on the other lan

  192.168.1.*
  255.255.255.0

  -Regards Thomas
  Denmark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020126/8006c0f2/attachment.html>

From lists at earthling.2y.net  Sat Jan 26 22:11:37 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Sat, 26 Jan 2002 23:11:37 -0500 (EST)
Subject: [pptp-server] HELP
In-Reply-To: <81A684765505D411B04D00A0247B0694076540@BRMSRV01>
Message-ID: <Pine.LNX.4.33.0201262310400.13299-100000@earthling.2y.net>

add ipcp-accept-remote to your ppp options file.

On Fri, 25 Jan 2002, Buro
RM - John van Lit wrote:

> Hi all,
>
> When i make connection to my poptop server the connection is lost. The
> following appears in my messages log.
>
> the wierd part is that when i'm not connected to the internet my connection
> is accepted and works it fine. When i'm connected to the internet and then
> try to make the connection it doesn't work.
>
> Jan 25 12:39:44 linux pptpd[1216]: CTRL: Client 192.168.10.53 control
> connection started
> Jan 25 12:39:44 linux pptpd[1216]: CTRL: Starting call (launching pppd,
> opening GRE)
> Jan 25 12:39:44 linux pppd[1217]: pppd 2.3.11 started by root, uid 0
> Jan 25 12:39:44 linux pppd[1217]: Using interface ppp1
> Jan 25 12:39:44 linux pppd[1217]: Connect: ppp1 <--> /dev/pts/3
> Jan 25 12:39:46 linux pptpd[1216]: CTRL: Ignored a SET LINK INFO packet with
> real ACCMs!
> Jan 25 12:39:46 linux pppd[1217]: Peer is not authorized to use remote
> address 192.168.11.226
> Jan 25 12:39:53 linux pppd[1217]: Connection terminated.
> Jan 25 12:39:53 linux pppd[1217]: Connect time 0.1 minutes.
> Jan 25 12:39:53 linux pppd[1217]: Sent 458 bytes, received 485 bytes.
> Jan 25 12:39:53 linux pppd[1217]: Exit.
> Jan 25 12:39:53 linux pptpd[1216]: Error reading from pppd: Input/output
> error
> Jan 25 12:39:53 linux pptpd[1216]: CTRL: GRE read or PTY write failed
> (gre,pty)=(5,4)
> Jan 25 12:39:53 linux pptpd[1216]: CTRL: Client 192.168.10.53 control
> connection finished
>
> It doesnt matter if i use auth or noauth.
>
> the config files look like this
>
> Options file
> debug
> name linux
> auth
> require-chap
> proxyarp
>
> pptpd.conf
>
> speed 115200
> localeip 192.168.10.225-251
> remoteip 192.168.11.225-251
>
> Who can help me with this
>
> Rgds,
>
> John van LIt
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From lists at earthling.2y.net  Sat Jan 26 22:12:51 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Sat, 26 Jan 2002 23:12:51 -0500 (EST)
Subject: [pptp-server] Windows XP
In-Reply-To: <LGEFJBCBBNBIINHPPCLBAEAICDAA.lantzen@alife.de>
Message-ID: <Pine.LNX.4.33.0201262311560.13299-100000@earthling.2y.net>

I have noticed that XP will not talk to another pptp server for a minute
or two after you disconnect it from one.  MTUs could be the problem, have
you tried tcpdumping the connection and watching it?



On Fri, 25 Jan 2002, Michael
Lantzen wrote:

> our pptp server works fine with all windows as client beside win xp. It cant
> get most webpages, pinging works fine. acts like a mtu problem. any ideas?
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From charlieb at e-smith.com  Sat Jan 26 23:17:59 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Sun, 27 Jan 2002 00:17:59 -0500 (EST)
Subject: [pptp-server] HELP
In-Reply-To: <Pine.LNX.4.33.0201262310400.13299-100000@earthling.2y.net>
Message-ID: <Pine.LNX.4.33.0201270016470.11744-100000@allspice.ottawa.e-smith.com>

> On Fri, 25 Jan 2002, Buro
> > Jan 25 12:39:46 linux pppd[1217]: Peer is not authorized to use remote
> > address 192.168.11.226

Check the contents of /etc/ppp/pap-secrets or /etc/ppp/chap-secrets. You
probably have a missing "*".

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From poptop at kaiserdigital.com  Sun Jan 27 18:38:22 2002
From: poptop at kaiserdigital.com (poptop at kaiserdigital.com)
Date: Sun, 27 Jan 2002 16:38:22 -0800
Subject: [pptp-server] PPTPD Problems
Message-ID: <000101c1a794$176cf6e0$0b00a8c0@mouse>

Hi

I've setup pptp and I'm able to connect to my pptp server but I'm unable
to communicate with the remote machine and vice versa.

/etc/pptpd.conf

Debug
Localip 192.168.0.200-209
Remoteip 192.168.0.210-219

The firewall is configured to route GRE (47) and the PPTP port.

The internal network is 192.168.0.0/24.

Does anyone know what I've done wrong?

Thanks



From charlieb at e-smith.com  Sun Jan 27 20:24:08 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Sun, 27 Jan 2002 21:24:08 -0500 (EST)
Subject: [pptp-server] PPTPD Problems
In-Reply-To: <000101c1a794$176cf6e0$0b00a8c0@mouse>
Message-ID: <Pine.LNX.4.33.0201272123050.9663-100000@allspice.ottawa.e-smith.com>


On Sun, 27 Jan 2002 poptop at kaiserdigital.com wrote:

> Hi
>
> I've setup pptp and I'm able to connect to my pptp server but I'm unable
> to communicate with the remote machine and vice versa.
>
> /etc/pptpd.conf
>
> Debug
> Localip 192.168.0.200-209
> Remoteip 192.168.0.210-219
>
> The firewall is configured to route GRE (47) and the PPTP port.
>
> The internal network is 192.168.0.0/24.
>
> Does anyone know what I've done wrong?

You should set Localip to a single IP address, which should match the LAN
address of your server. Make sure that proxyarp is set in your pppd
options.

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From lists at earthling.2y.net  Sun Jan 27 20:39:41 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Sun, 27 Jan 2002 21:39:41 -0500 (EST)
Subject: [pptp-server] PPTPD Problems
In-Reply-To: <Pine.LNX.4.33.0201272123050.9663-100000@allspice.ottawa.e-smith.com>
Message-ID: <Pine.LNX.4.33.0201272131520.13299-100000@earthling.2y.net>

>
> You should set Localip to a single IP address, which should match the LAN
> address of your server. Make sure that proxyarp is set in your pppd
> options.
Uhh... No.  This is not a good idea, it will confuse many many
applications, not to mention just about every routing daemon out there,
and freeswan.  I could probilly take a look into the code, but I'm willing
to bet that for proxyarp, it only cares about the remote endpoint IP
address being in the subnet of one of the network cards.

Potentially, you could set the localip to just about any ip, or the same
ip for all the interfaces, but things will still get confused, and
freeswan will wine.  Its best, just so your system dosent get confused to
use seperate addies for every endpoint.

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From Steve at SteveCowles.com  Sun Jan 27 21:47:25 2002
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Sun, 27 Jan 2002 21:47:25 -0600
Subject: [pptp-server] PPTPD Problems
Message-ID: <90769AF04F76D41186C700A0C90AFC3EEA17@defiant.infohiiway.com>

> -----Original Message-----
> From: lists at earthling.2y.net [mailto:lists at earthling.2y.net]
> Sent: Sunday, January 27, 2002 8:40 PM
> To: Charlie Brady
> Cc: poptop at kaiserdigital.com; pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] PPTPD Problems
> 
> 
> >
> > You should set Localip to a single IP address, which should 
> > match the LAN address of your server. Make sure that proxyarp
> > is set in your pppd options.
>
> Uhh... No.  This is not a good idea, it will confuse many many
> applications, not to mention just about every routing daemon 
> out there, and freeswan.  I could probilly take a look into the
> code, but I'm willing to bet that for proxyarp, it only cares
> about the remote endpoint IP address being in the subnet of one
> of the network cards.
> 
> Potentially, you could set the localip to just about any ip, 
> or the same ip for all the interfaces, but things will still
> get confused, and freeswan will wine.  Its best, just so your
> system dosent get confused to use seperate addies for every
> endpoint.

Huh! Care to elaborate on which applications/routing daemons get confused. I
haven't seen any problems at my end and I run PoPToP and IPSEC configured
the way Charlie mentioned. At least I have not seen or heard of any
wining!!!

Steve Cowles


From luismi at adpsoft.com  Mon Jan 28 06:56:12 2002
From: luismi at adpsoft.com (LuisMi)
Date: Mon, 28 Jan 2002 13:56:12 +0100 (CET)
Subject: [pptp-server] PPTP & kernel 2.4.17
Message-ID: <Pine.LNX.4.33.0201281355310.7760-100000@ns2.adpsoft.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can anyone tell if is possible to run pptp with a 2.4.17 kernel?

- -- 
+----------------------
| Luis Miguel Cruz.
|								   |
  Public Key: http://www.flcnet.es/tbe/luismi/nadie/luismi_adp.asc |
                                             ----------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjxVSm8ACgkQvQHLTzrFJlc2RQCgkvY9wCnZvRB/p5yjnjoaDarx
GEwAn3KGbv+u+DISBzVrVmrSNXEERM/8
=uJMa
-----END PGP SIGNATURE-----



From akohlsmith at benshaw.com  Mon Jan 28 07:56:37 2002
From: akohlsmith at benshaw.com (Andrew Kohlsmith)
Date: Mon, 28 Jan 2002 08:56:37 -0500
Subject: [pptp-server] PPTP & kernel 2.4.17
In-Reply-To: <Pine.LNX.4.33.0201281355310.7760-100000@ns2.adpsoft.com>
References: <Pine.LNX.4.33.0201281355310.7760-100000@ns2.adpsoft.com>
Message-ID: <20020128135845.68628D15E1@poontang.schulte.org>

On January 28, 2002 07:56 am, you wrote:
> Can anyone tell if is possible to run pptp with a 2.4.17 kernel?

Yup, works great.  Nothing special to do, just make sure you have the latest 
stable version of pppd.

Regards,
Andrew


From lists at earthling.2y.net  Mon Jan 28 08:42:44 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Mon, 28 Jan 2002 09:42:44 -0500 (EST)
Subject: [pptp-server] PPTPD Problems
In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EEA17@defiant.infohiiway.com>
Message-ID: <Pine.LNX.4.33.0201280926160.13299-100000@earthling.2y.net>

>
> Huh! Care to elaborate on which applications/routing daemons get confused. I
> haven't seen any problems at my end and I run PoPToP and IPSEC configured
> the way Charlie mentioned. At least I have not seen or heard of any
> wining!!!

What do you think an application that uses ip interfaces would do if all
of a sudden, it had two interfaces with the same address, or three
addresses, or four addresses.  I have seen freeswan complain about
duplicate ip addresses, I'm pritty sure that the duplicate addresses would
freak zebra out a bit more than it allready freaks when it is looking at
network interfaces that it cannot understand, but sees that their is a
duplicate address.  Poptop will run without problems, ppp will work, but
using the addresses that way can cause confusion.  The idea is to keep it
simple, by seting localip to your lan ip, I would hate to think how ip
connection tracking would react on a Linux 2.4 box.

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From luismi at adpsoft.com  Mon Jan 28 09:02:56 2002
From: luismi at adpsoft.com (LuisMi)
Date: Mon, 28 Jan 2002 16:02:56 +0100 (CET)
Subject: [pptp-server] PPTP & kernel 2.4.17
Message-ID: <Pine.LNX.4.33.0201281602120.8762-100000@ns2.adpsoft.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Do I need the same files (pathes? for the kernel 2.4.16?

- -- 
+----------------------
| Luis Miguel Cruz.
|								   |
  Public Key: http://www.flcnet.es/tbe/luismi/nadie/luismi_adp.asc |
                                             ----------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjxVaCEACgkQvQHLTzrFJldPxwCgh6hMW7+jVl1kyLakctIXvqI9
YBYAn1YKGoMnAN2DEKWiS5zcurnVWt/z
=n1z5
-----END PGP SIGNATURE-----



From akohlsmith at benshaw.com  Mon Jan 28 09:10:34 2002
From: akohlsmith at benshaw.com (Andrew Kohlsmith)
Date: Mon, 28 Jan 2002 10:10:34 -0500
Subject: [pptp-server] PPTP & kernel 2.4.17
In-Reply-To: <Pine.LNX.4.33.0201281602120.8762-100000@ns2.adpsoft.com>
References: <Pine.LNX.4.33.0201281602120.8762-100000@ns2.adpsoft.com>
Message-ID: <20020128151242.08627D161A@poontang.schulte.org>

> Do I need the same files (pathes? for the kernel 2.4.16?

I don't understand the question.  Get and compile kernel 2.4.17 like you would 
any other kernel.  Make sure you have PPP support enabled (in kernel or as 
module). Get the latest stable pppd and compile.  That should be all there is 
to it; just follow the normal pptp instructions.

Regards,
Andrew


From osiris at urbanna.net  Mon Jan 28 09:41:41 2002
From: osiris at urbanna.net (osiris at urbanna.net)
Date: Mon, 28 Jan 2002 10:41:41 -0500 (EST)
Subject: [pptp-server] PPTPD Problems
In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EEA17@defiant.infohiiway.com>
Message-ID: <Pine.LNX.4.21.0201281040240.8946-100000@vast.deltaville.net>

I think he just didn't write what he meant.  He likely means that the IP
address should be set to be in the same subnet as the RAS....  OTHO if the
service provider is doing his job and he has not paid for a static IP
address, he should be setup as a DHCP client.

-m-

On Sun, 27 Jan 2002, Cowles, Steve wrote:

> > -----Original Message-----
> > From: lists at earthling.2y.net [mailto:lists at earthling.2y.net]
> > Sent: Sunday, January 27, 2002 8:40 PM
> > To: Charlie Brady
> > Cc: poptop at kaiserdigital.com; pptp-server at lists.schulte.org
> > Subject: Re: [pptp-server] PPTPD Problems
> > 
> > 
> > >
> > > You should set Localip to a single IP address, which should 
> > > match the LAN address of your server. Make sure that proxyarp
> > > is set in your pppd options.
> >
> > Uhh... No.  This is not a good idea, it will confuse many many
> > applications, not to mention just about every routing daemon 
> > out there, and freeswan.  I could probilly take a look into the
> > code, but I'm willing to bet that for proxyarp, it only cares
> > about the remote endpoint IP address being in the subnet of one
> > of the network cards.
> > 
> > Potentially, you could set the localip to just about any ip, 
> > or the same ip for all the interfaces, but things will still
> > get confused, and freeswan will wine.  Its best, just so your
> > system dosent get confused to use seperate addies for every
> > endpoint.
> 
> Huh! Care to elaborate on which applications/routing daemons get confused. I
> haven't seen any problems at my end and I run PoPToP and IPSEC configured
> the way Charlie mentioned. At least I have not seen or heard of any
> wining!!!
> 
> Steve Cowles
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 

--




From charlieb at e-smith.com  Mon Jan 28 09:52:56 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Mon, 28 Jan 2002 10:52:56 -0500 (EST)
Subject: [pptp-server] PPTPD Problems
In-Reply-To: <Pine.LNX.4.21.0201281040240.8946-100000@vast.deltaville.net>
Message-ID: <Pine.LNX.4.33.0201281049200.31523-100000@allspice.ottawa.e-smith.com>

On Mon, 28 Jan 2002 osiris at urbanna.net wrote:

> I think he just didn't write what he meant.  He likely means that the IP
> address should be set to be in the same subnet as the RAS....

No, I meant what I wrote. The IP address of the local server end of a PPTP
tunnel can be the same as the LAN IP address of that server (and it may as
well be).

Any application that assumes that an IP address is unique to a single
interface is buggy - and I haven't seen those problems anyway.

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From akohlsmith at benshaw.com  Mon Jan 28 10:00:23 2002
From: akohlsmith at benshaw.com (Andrew Kohlsmith)
Date: Mon, 28 Jan 2002 11:00:23 -0500
Subject: [pptp-server] MPPE refused by pppd even when enabled?
Message-ID: <20020128160231.E9A97D1658@poontang.schulte.org>

Windows 98 client with "require data encryption" checked. 
ppp 2.4.1 with MPPE patch
PoPToP v1.1.2
kernel 2.1.17 with 2.4.16's MPPE patch (module verified to be loaded)
OpenSSL 0.96

When the client connects we reject MPPE.  Any idea why?

Jan 28 10:58:06 fw pppd[19916]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 31> <lzs 
0 1 4>]
Jan 28 10:58:06 fw pppd[19916]: sent [CCP ConfRej id=0x1 <mppe 1 0 0 31> <lzs 
0 1 4>]

ppp configuration:
debug
auth
show-password
asyncmap 0
nodetach
name benshaw-ppp
ms-dns 192.168.1.1
ms-wins 192.168.1.3
proxyarp
+chapms-v2
#chapms-strip-domain
-chapms
-chap
mppe-40
mppe-128
mppe-stateless
mtu 1400
mru 1400
192.168.1.1:

Regards,
Andrew


From charlieb at e-smith.com  Mon Jan 28 10:18:21 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Mon, 28 Jan 2002 11:18:21 -0500 (EST)
Subject: [pptp-server] MPPE refused by pppd even when enabled?
In-Reply-To: <20020128160231.E9A97D1658@poontang.schulte.org>
Message-ID: <Pine.LNX.4.33.0201281114190.31523-100000@allspice.ottawa.e-smith.com>

On Mon, 28 Jan 2002, Andrew Kohlsmith wrote:

> Windows 98 client with "require data encryption" checked.
> ppp 2.4.1 with MPPE patch
> PoPToP v1.1.2
> kernel 2.1.17 with 2.4.16's MPPE patch (module verified to be loaded)
> OpenSSL 0.96
>
> When the client connects we reject MPPE.  Any idea why?
>
> Jan 28 10:58:06 fw pppd[19916]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 31> <lzs
> 0 1 4>]
> Jan 28 10:58:06 fw pppd[19916]: sent [CCP ConfRej id=0x1 <mppe 1 0 0 31> <lzs
> 0 1 4>]

They are requesting compression - we don't do compression.

> Jan 28 10:58:06 fw pppd[19916]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 31> <lzs

      3                   2                   1
    1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |             |H|                               |M|S|L|D|     |C|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The 'C' bit is used by MPPC [4] and is not discussed further in this
   memo.  The 'D' bit is obsolete; although some older peers may attempt
   to negotiate this option, it SHOULD NOT be accepted.  If the 'L' bit
   is set (corresponding to a value of 0x20 in the least significant
   octet), this indicates the desire of the sender to negotiate the use
   of 40-bit session keys.  If the 'S' bit is set (corresponding to a
   value of 0x40 in the least significant octet), this indicates the
   desire of the sender to negotiate the use of 128-bit session keys.
   If the 'M' bit is set (corresponding to a value of 0x80 in the least
   significant octet), this indicates the desire of the sender to
   negotiate the use of 56-bit session keys.  If the 'H' bit is set
   (corresponding to a value of 0x01 in the most significant octet),
   this indicates that the sender wishes to negotiate the use of
   stateless mode, in which the session key is changed after the
   transmission of each packet (see section 10, below).  In the
   following discussion, the 'S', 'M' and 'L' bits are sometimes
   referred to collectively as "encryption options".

   All other bits are reserved and MUST be set to 0.

Hence they are requesting 40bit stateless encryption, with MPPC, and also
setting the obsolete D bit in the request.

They are also requesting lzs compression, which pppd doesn't do.

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From osiris at urbanna.net  Mon Jan 28 10:36:52 2002
From: osiris at urbanna.net (osiris at urbanna.net)
Date: Mon, 28 Jan 2002 11:36:52 -0500 (EST)
Subject: [pptp-server] PPTPD Problems
In-Reply-To: <Pine.LNX.4.33.0201281049200.31523-100000@allspice.ottawa.e-smith.com>
Message-ID: <Pine.LNX.4.21.0201281134310.9400-100000@vast.deltaville.net>

Ok, I think I am following you, mind you I have never set one of these up
and so I am hear to learn, not to teach.

You ARE saying the both ends of the tunnel *may* have the same address and
that if they don't one is actually *wasting* an address, is that correct?

In what situations would it be desirable for the local end of the tunnel
to have a *different* address than the RAS?

Elaborate on this a bit if you would.

Thanks
-m-


On Mon, 28 Jan 2002, Charlie Brady wrote:

> 
> On Mon, 28 Jan 2002 osiris at urbanna.net wrote:
> 
> > I think he just didn't write what he meant.  He likely means that the IP
> > address should be set to be in the same subnet as the RAS....
> 
> No, I meant what I wrote. The IP address of the local server end of a PPTP
> tunnel can be the same as the LAN IP address of that server (and it may as
> well be).
> 
> Any application that assumes that an IP address is unique to a single
> interface is buggy - and I haven't seen those problems anyway.
> 
> --
> Charlie Brady                         charlieb at e-smith.com
> Lead Product Developer
> Network Server Solutions Group        http://www.e-smith.com/
> Mitel Networks Corporation            http://www.mitel.com/
> Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 

--




From charlieb at e-smith.com  Mon Jan 28 10:44:47 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Mon, 28 Jan 2002 11:44:47 -0500 (EST)
Subject: [pptp-server] PPTPD Problems
In-Reply-To: <Pine.LNX.4.21.0201281134310.9400-100000@vast.deltaville.net>
Message-ID: <Pine.LNX.4.33.0201281140140.31523-100000@allspice.ottawa.e-smith.com>

On Mon, 28 Jan 2002 osiris at urbanna.net wrote:

> Ok, I think I am following you, mind you I have never set one of these up
> and so I am hear to learn, not to teach.
>
> You ARE saying the both ends of the tunnel *may* have the same address and
> that if they don't one is actually *wasting* an address, is that correct?

No, I am not saying that. I am saying that the server end of the tunnel
may use the same IP address as the server's ethernet interface IP address.

Justin is saying that you should not use the same IP address, but should
use some other IP address from the same network as the server's ethernet
interface IP address.

We all agree that the remote end of the tunnel (as seen by the server)
should have a distinct IP address from the same network as the server's
ethernet interface IP address.

For example,

server's ethernet IP address is 192.168.5.1

localip 192.168.5.x # where x may or may not be 1, depending on who you
                    # choose to agree with
remoteip 192.168.5.100-200

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739





From charlieb at e-smith.com  Mon Jan 28 10:48:31 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Mon, 28 Jan 2002 11:48:31 -0500 (EST)
Subject: [pptp-server] PPTPD Problems
In-Reply-To: <Pine.LNX.4.33.0201272131520.13299-100000@earthling.2y.net>
Message-ID: <Pine.LNX.4.33.0201281145130.31523-100000@allspice.ottawa.e-smith.com>

On Sun, 27 Jan 2002 lists at earthling.2y.net wrote:

> Uhh... No.  This is not a good idea, it will confuse many many
> applications,

Not in my experience, no.

> not to mention just about every routing daemon out there,

The routing daemon will always route using the destination IP address, not
the source IP address, so I do not agree with you that this will be a
problem.

> and freeswan.

Perhaps, but the freeswan developers freely admit that there have been
some problems with their routing code. Perhaps this isn't a problem with
current versions.

> I could probilly take a look into the code, but I'm willing
> to bet that for proxyarp, it only cares about the remote endpoint IP
> address being in the subnet of one of the network cards.

No disagreement there.

> Potentially, you could set the localip to just about any ip, or the same
> ip for all the interfaces, but things will still get confused, and
> freeswan will wine.  Its best, just so your system dosent get confused to
> use seperate addies for every endpoint.

This should not be necessary, and I haven't found it so. YMMV.

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From akohlsmith at benshaw.com  Mon Jan 28 10:50:07 2002
From: akohlsmith at benshaw.com (Andrew Kohlsmith)
Date: Mon, 28 Jan 2002 11:50:07 -0500
Subject: [pptp-server] MPPE refused by pppd even when enabled?
In-Reply-To: <Pine.LNX.4.33.0201281114190.31523-100000@allspice.ottawa.e-smith.com>
References: <Pine.LNX.4.33.0201281114190.31523-100000@allspice.ottawa.e-smith.com>
Message-ID: <20020128165215.69EA0D167A@poontang.schulte.org>

> Hence they are requesting 40bit stateless encryption, with MPPC, and also
> setting the obsolete D bit in the request.
>
> They are also requesting lzs compression, which pppd doesn't do.

Thank you for that very detailled explanation!  Where is this good stuff kept?

I am updating DUN on the win98 client to see if I can't get rid of the D bit; 
turning off compression got rid of the lzs message but as you said, pppd is 
correctly turning away the connection because Win98 wants whatever the D 
option is.

Thanks again, I love getting responses like this!

Regards,
Andrew


From charlieb at e-smith.com  Mon Jan 28 11:03:46 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Mon, 28 Jan 2002 12:03:46 -0500 (EST)
Subject: [pptp-server] MPPE refused by pppd even when enabled?
In-Reply-To: <20020128165233.24525.qmail@e-smith.com>
Message-ID: <Pine.LNX.4.33.0201281156110.31523-100000@allspice.ottawa.e-smith.com>

On Mon, 28 Jan 2002, Andrew Kohlsmith wrote:

> > Hence they are requesting 40bit stateless encryption, with MPPC, and also
> > setting the obsolete D bit in the request.
> >
> > They are also requesting lzs compression, which pppd doesn't do.
>
> Thank you for that very detailled explanation!  Where is this good stuff kept?

That came from draft-ietf-pppext-mppe-05.txt, which you can find via:

http://www.google.com/search?hl=en&q=draft-ietf-pppext-mppe-05

There's probably a newer document which says the same thing.

BTW, one of the hits you'll see in the google search is this one:

http://lists.schulte.org/pipermail/pptp-server/2001-April/010282.html

where I posted to the list a patch to correct some incompatibilities
between the PoPToP implementation of mppe and the protocol specification,
specifically related to stateful encryption mode. I'm still waiting for
anyone to agree or disagree with me that there is a problem, and this
patch fixes this problem. And this change hasn't been merged with the mppe
patches that are being used.

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From lists at earthling.2y.net  Mon Jan 28 11:25:22 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Mon, 28 Jan 2002 12:25:22 -0500 (EST)
Subject: [pptp-server] PPTPD Problems
In-Reply-To: <Pine.LNX.4.33.0201281145130.31523-100000@allspice.ottawa.e-smith.com>
Message-ID: <Pine.LNX.4.33.0201281218260.13299-100000@earthling.2y.net>

On Mon, 28 Jan 2002, Charlie Brady wrote:

>
> On Sun, 27 Jan 2002 lists at earthling.2y.net wrote:
>
> > Uhh... No.  This is not a good idea, it will confuse many many
> > applications,
>
> Not in my experience, no.

I have had problems before, and every once in a while I still see some
stuff have problems with more advanced setups.
>
> > not to mention just about every routing daemon out there,
>
> The routing daemon will always route using the destination IP address, not
> the source IP address, so I do not agree with you that this will be a
> problem.
>

Thats not an issue, the routing daemon setup understands that it
broadcasts onto X network, if X network appears on more than one
interface, it can freak, Another superuser on one of my secure gatways
often brings up an alias for the internal network, if ospfd is restarted
with that interface up, it dies.  To a degree this is unique because its
an alias, but its still an issue with duplicate addresses on the same
subnet.... its in a sence a diffrent issue, but its simulare in nature.

> > and freeswan.
>
> Perhaps, but the freeswan developers freely admit that there have been
> some problems with their routing code. Perhaps this isn't a problem with
> current versions.

Oh true, freeswan has many routing problems.  With the way that they plug
in, and then route with thier own routing table, somebody should have been
hurt for that.  I have noticed an bug with freeswan's internal routing
mechanism on alpha based systems, but the freeswan people don't really
listen, and blame it on setup, though I finally got them to admit there
was a problem.

It's not the routing code that complains.  The routing code does what you
tell it to do, but nobody likes how it was impmented.....  If memory
serves, its pluto that complains...  I have not started up freeswan on a
box with two distinct interfaces using the same ip in a while, so my
memory on this is fuzzy.

>
> > Potentially, you could set the localip to just about any ip, or the same
> > ip for all the interfaces, but things will still get confused, and
> > freeswan will wine.  Its best, just so your system dosent get confused to
> > use seperate addies for every endpoint.
>
> This should not be necessary, and I haven't found it so. YMMV.
>
True, it is not necessary, but I still hate it when freeswan would wine
about 20 diffrent interfaces with 10.0.0.7 as the ip......

*shrugs*

-Justin



-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From osiris at urbanna.net  Mon Jan 28 11:30:01 2002
From: osiris at urbanna.net (osiris at urbanna.net)
Date: Mon, 28 Jan 2002 12:30:01 -0500 (EST)
Subject: [pptp-server] PPTPD Problems
In-Reply-To: <Pine.LNX.4.33.0201281140140.31523-100000@allspice.ottawa.e-smith.com>
Message-ID: <Pine.LNX.4.21.0201281218460.9652-100000@vast.deltaville.net>

Charlie;

Ok, I completely *mis*understood which end of the tunnel you were
discussing.  Sorry for the mistake.  I run MPPP at one of my remote
sites to channel bond three dialups and I also ran Linux EQL
( http:\\osiris.urbanna.net ) until MPPP became mature enough on that
platform to switch to it. Therefore I follow the logic of re-using the
LOCAL PPTPD SERVER's address on that end of the link and see no reason why
the implementors would not have intended it be set up the way you
describe.  That is only supposition upon my part, I have not read the RFC.
It is, however; the way that EQL and MPPP work.

Thanks for taking the time to explain it.

-m-
http://www.urbanna.net/myresume.html

On Mon, 28 Jan 2002, Charlie
Brady wrote:

> 
> On Mon, 28 Jan 2002 osiris at urbanna.net wrote:
> 
> > Ok, I think I am following you, mind you I have never set one of these up
> > and so I am hear to learn, not to teach.
> >
> > You ARE saying the both ends of the tunnel *may* have the same address and
> > that if they don't one is actually *wasting* an address, is that correct?
> 
> No, I am not saying that. I am saying that the server end of the tunnel
> may use the same IP address as the server's ethernet interface IP address.
> 
> Justin is saying that you should not use the same IP address, but should
> use some other IP address from the same network as the server's ethernet
> interface IP address.
> 
> We all agree that the remote end of the tunnel (as seen by the server)
> should have a distinct IP address from the same network as the server's
> ethernet interface IP address.
> 
> For example,
> 
> server's ethernet IP address is 192.168.5.1
> 
> localip 192.168.5.x # where x may or may not be 1, depending on who you
>                     # choose to agree with
> remoteip 192.168.5.100-200
> 
> --
> Charlie Brady                         charlieb at e-smith.com
> Lead Product Developer
> Network Server Solutions Group        http://www.e-smith.com/
> Mitel Networks Corporation            http://www.mitel.com/
> Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
> 
> 
> 

--




From charlieb at e-smith.com  Mon Jan 28 11:35:11 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Mon, 28 Jan 2002 12:35:11 -0500 (EST)
Subject: [pptp-server] PPTPD Problems
In-Reply-To: <Pine.LNX.4.33.0201281218260.13299-100000@earthling.2y.net>
Message-ID: <Pine.LNX.4.33.0201281234160.31523-100000@allspice.ottawa.e-smith.com>

On Mon, 28 Jan 2002 lists at earthling.2y.net wrote:

> often brings up an alias for the internal network, if ospfd is restarted
> with that interface up, it dies.

Quite clearly a bug with ospfd :-)

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From vlast at indivisuallearning.com  Mon Jan 28 13:38:59 2002
From: vlast at indivisuallearning.com (Vladimir Strezhnev)
Date: Mon, 28 Jan 2002 13:38:59 -0600
Subject: [pptp-server] Linux client to PPTP server (kernel > 2.4.10) success
In-Reply-To: <3C51934F.882C081@progress.com>
References: <3C51934F.882C081@progress.com>
Message-ID: <02012813385901.25628@ivl-devel.indivisuallearning.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Did anybody succeed in connecting linux pptp client on 2.2 x kernels to pptpd 
server on  kernels > 2.4.10 ?
After upgrade to 2.4.16 our pptpd server can only handle Windows clients. 
According to recent postings on the Sourceforge, nobody cares of the issue :-(


On Friday 25 January 2002 11:18, you wrote:
> Hi,
>
> I'm not on this list but thought to post my solution to the
> problems with Linux clients getting error about GRE not being
> available when server kernel is over version 2.4.10.
>
> My client and server are both 2.4.16 with MPPE patches. I also
> got the GRE: protocol not available error.
>
> But if I load the ip_gre module on the client before connecting,
> everything goes fine. So before starting pptp client, do
> modprobe ip_gre
>
> This worked for me, YMMV.
>
> - Jari
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

- -- 

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBPFWo075tPDt+Qc/uEQIcSQCgmBEglCm7Qr1jYixajsQd9RVPTSMAoOgE
NOQP3JNJGs8U7W1S0HbHjEbj
=JPSi
-----END PGP SIGNATURE-----


From vodo_baas at hotmail.com  Mon Jan 28 18:27:29 2002
From: vodo_baas at hotmail.com (Vodo Baas)
Date: Mon, 28 Jan 2002 19:27:29 -0500
Subject: [pptp-server] 619 Error, problem with pppd
Message-ID: <F74eLYCT4aJ6pkNzPZr0000673f@hotmail.com>

I am running PoPToP version version 1.0.1 as a server and when I try to 
connect with a Win 2000 computer I get a 619 error stating that the port is 
not connected.  When I check the log I see this:

pptpd[2370]: MGR: Manager process started
pptpd[2379]: CTRL: Client 12.147.193.69 control connection started
pptpd[2379]: CTRL: Starting call (launching pppd, opening GRE)
pppd[2380]: pppd 2.4.0 started by root, uid 0
pppd[2380]: Couldn't set tty to PPP discipline: Invalid argument
pppd[2380]: Exit.
pptpd[2379]: GRE: read(fd=5,buffer=804da20,len=8196) from PTY failed: status 
= -1 error = Input/output error
pptpd[2379]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
pptpd[2379]: CTRL: Client 12.147.193.69 control connection finished

If I am reading this right, the call that pptpd uses to call pppd is 
incorrect and causing my connections to fail.

Here is the version information for what I am using:
Red Hat Linux 7.1
Linux Kernel 2.4.17 (From kernel.org)
PoPToP 1.0.1
ppp 2.4.0

I noticed that in the mailing list the version of ppp that most peopl use is 
2.3.8 through 2.3.11 is there a compatibility issue with 2.4.0?  Regardless, 
I have been searching for a while and have not been able to locate any other 
versions of ppp.

Under normal circumstances I do have a firewall in place (through ipchains) 
but when I test the VPN I disable it with this script:

ipchains -F
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward REJECT
ipchains -A forward -p 47 -j ACCEPT
ipchains -A forward -i eth1 -j MASQ
ipchains -A input -p 47 -j ACCEPT
ipchains -A output -p 47 -j ACCEPT

The last 2 lines dealing with the GRE protocol should be redundant with the 
ACCEPT policy, but I have them in there just to be safe.

The options.pptp (I have it named pptp.options though) file:

lock
debug
auth
+chap
proxyarp

The pptp.conf file:

debug
option /etc/ppp/pptp.options
localip 172.16.0.200
remoteip 172.16.0.225-250


From charlieb at e-smith.com  Mon Jan 28 18:39:01 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Mon, 28 Jan 2002 19:39:01 -0500 (EST)
Subject: [pptp-server] 619 Error, problem with pppd
In-Reply-To: <F74eLYCT4aJ6pkNzPZr0000673f@hotmail.com>
Message-ID: <Pine.LNX.4.33.0201281932440.28784-100000@vegemite.ottawa.e-smith.com>

On Mon, 28 Jan 2002, Vodo Baas wrote:

> I am running PoPToP version version 1.0.1 as a server and when I try to 
> connect with a Win 2000 computer I get a 619 error stating that the port is 
> not connected.  When I check the log I see this:
> 
> pptpd[2370]: MGR: Manager process started
> pptpd[2379]: CTRL: Client 12.147.193.69 control connection started
> pptpd[2379]: CTRL: Starting call (launching pppd, opening GRE)
> pppd[2380]: pppd 2.4.0 started by root, uid 0
> pppd[2380]: Couldn't set tty to PPP discipline: Invalid argument
> pppd[2380]: Exit.
> pptpd[2379]: GRE: read(fd=5,buffer=804da20,len=8196) from PTY failed: status 
> = -1 error = Input/output error
> pptpd[2379]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
> pptpd[2379]: CTRL: Client 12.147.193.69 control connection finished
> 
> If I am reading this right, the call that pptpd uses to call pppd is 
> incorrect and causing my connections to fail.

No. pppd is starting up, but then when it asks the kernel to enable PPP 
line discipline on its pseudoterminal connection, the kernel doesn't like 
a parameter being passed. I don't know enough about pppd and kernel 
internals to know why that is.

> Here is the version information for what I am using:
> Red Hat Linux 7.1
> Linux Kernel 2.4.17 (From kernel.org)
> PoPToP 1.0.1
> ppp 2.4.0
> 
> I noticed that in the mailing list the version of ppp that most peopl use is 
> 2.3.8 through 2.3.11 is there a compatibility issue with 2.4.0?

No. We've been using 2.4.0 in our product for ages (with 2.2.x kernels).

I'd recommend:

- using a RedHat standard kernel, and only build new ppp.o and mppe.o 
  modules.
- using PoPToP 1.1.2

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From berzerke at swbell.net  Mon Jan 28 19:03:29 2002
From: berzerke at swbell.net (robert)
Date: Mon, 28 Jan 2002 19:03:29 -0600
Subject: [pptp-server] 619 Error, problem with pppd
In-Reply-To: <F74eLYCT4aJ6pkNzPZr0000673f@hotmail.com>
References: <F74eLYCT4aJ6pkNzPZr0000673f@hotmail.com>
Message-ID: <0GQO00DX3DL19C@mta4.rcsntx.swbell.net>

The stock answer from the 2.4 howto is to make sure pty support compiled into 
your kernel.  Since you apparently rolled your own, that answer may be 
correct.

On Monday 28 January 2002 06:27 pm, Vodo Baas wrote:
> I am running PoPToP version version 1.0.1 as a server and when I try to
> connect with a Win 2000 computer I get a 619 error stating that the port is
> not connected.  When I check the log I see this:
>
> pptpd[2370]: MGR: Manager process started
> pptpd[2379]: CTRL: Client 12.147.193.69 control connection started
> pptpd[2379]: CTRL: Starting call (launching pppd, opening GRE)
> pppd[2380]: pppd 2.4.0 started by root, uid 0
> pppd[2380]: Couldn't set tty to PPP discipline: Invalid argument
> pppd[2380]: Exit.
> pptpd[2379]: GRE: read(fd=5,buffer=804da20,len=8196) from PTY failed:
> status = -1 error = Input/output error
> pptpd[2379]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
> pptpd[2379]: CTRL: Client 12.147.193.69 control connection finished
>
> If I am reading this right, the call that pptpd uses to call pppd is
> incorrect and causing my connections to fail.
>
> Here is the version information for what I am using:
> Red Hat Linux 7.1
> Linux Kernel 2.4.17 (From kernel.org)
> PoPToP 1.0.1
> ppp 2.4.0
>
> I noticed that in the mailing list the version of ppp that most peopl use
> is 2.3.8 through 2.3.11 is there a compatibility issue with 2.4.0? 
> Regardless, I have been searching for a while and have not been able to
> locate any other versions of ppp.
>
> Under normal circumstances I do have a firewall in place (through ipchains)
> but when I test the VPN I disable it with this script:
>
> ipchains -F
> ipchains -P input ACCEPT
> ipchains -P output ACCEPT
> ipchains -P forward REJECT
> ipchains -A forward -p 47 -j ACCEPT
> ipchains -A forward -i eth1 -j MASQ
> ipchains -A input -p 47 -j ACCEPT
> ipchains -A output -p 47 -j ACCEPT
>
> The last 2 lines dealing with the GRE protocol should be redundant with the
> ACCEPT policy, but I have them in there just to be safe.
>
> The options.pptp (I have it named pptp.options though) file:
>
> lock
> debug
> auth
> +chap
> proxyarp
>
> The pptp.conf file:
>
> debug
> option /etc/ppp/pptp.options
> localip 172.16.0.200
> remoteip 172.16.0.225-250
>
> From everything I read this setup should be fine (most of it was copied
> from examples), but I still haven't had any luck with it.  If anyone sees
> something I did wrong please let me know.
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


From muralivemuri at multitech.co.in  Mon Jan 28 22:35:01 2002
From: muralivemuri at multitech.co.in (Murali K. Vemuri)
Date: Tue, 29 Jan 2002 10:05:01 +0530
Subject: [pptp-server] NAT problem
Message-ID: <3C562675.9F87D086@multitech.co.in>

hi,

i have this problem and the setup is as follows:

Multiple PPTP clients behind a NAT box do not seem to work when trying
to connect to VPN box.

 Here is the setup:

 multitple PPTP sessions using Win2K ----- NAT box ----- internet
 ------ RF650VPN (ASL) box ------ private server

 The VPN box will not work when multiple PPTP clients come in from the
 same NAT box, I tested three different NAT boxes (Linksys, Draytek and
 Multi-Tech) and they all have the same problem.  If I replace the VPN
 box with Windows 2000 PPTP server, then I do NOT see the problem.

 The question now is, does the POPTOP support multiple PPTP clients
coming
 in from a NAT box that has only one public IP.?????

--
regards & thanks for your time,

Murali Krishna Vemuri


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020129/701f33ec/attachment.html>

From mikael.lonnroth at advancevpn.com  Tue Jan 29 10:52:32 2002
From: mikael.lonnroth at advancevpn.com (=?iso-8859-1?Q?Mikael_L=F6nnroth?=)
Date: Tue, 29 Jan 2002 08:52:32 -0800
Subject: [pptp-server] NAT problem / several clients behind one
References: <3C562675.9F87D086@multitech.co.in>
Message-ID: <001201c1a8e5$5b79ca50$121b7d0a@advancehome>

I believe this question has been answered a couple of times (notably I think Charlie Brady explained exactly which RFCs are involved), here is my simple version: 

Poptopop distinguishes clients only from their source IP address. Thus, when several clients connect from the same natted address, things stop working. With Windows it works although Microsoft's implementation does not conform with the RFCs.  

If you use Linux as your NAT box, you might have some luck (I've seen connection tracking patches/helpers for 2.2.* and 2.4.* kernels). 

MY REAL QUESTION: Is there any reason why we cannot add this same non-RFC functionality to Poptop?

Regards,
Mikael L?nnroth
www.advancevpn.com

----- Original Message ----- 
  From: Murali K. Vemuri 
  To: pptplist 
  Sent: Monday, January 28, 2002 8:35 PM
  Subject: [pptp-server] NAT problem


  hi, 
  i have this problem and the setup is as follows: 

  Multiple PPTP clients behind a NAT box do not seem to work when trying 
  to connect to VPN box. 

   Here is the setup: 

   multitple PPTP sessions using Win2K ----- NAT box ----- internet 
   ------ RF650VPN (ASL) box ------ private server 

   The VPN box will not work when multiple PPTP clients come in from the 
   same NAT box, I tested three different NAT boxes (Linksys, Draytek and 
   Multi-Tech) and they all have the same problem.  If I replace the VPN 
   box with Windows 2000 PPTP server, then I do NOT see the problem. 

   The question now is, does the POPTOP support multiple PPTP clients coming 
   in from a NAT box that has only one public IP.????? 

-- 
regards & thanks for your time,

Murali Krishna Vemuri
    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020129/d9a9879b/attachment.html>

From vogt at serc.nl  Tue Jan 29 03:33:37 2002
From: vogt at serc.nl (Harald Vogt)
Date: Tue, 29 Jan 2002 10:33:37 +0100
Subject: [pptp-server] Freebsd + slirp + vpn :)
References: <OAECIPKLAEBFCPMJFFIPOEGMCIAA.arturo@descom.es>
Message-ID: <3C566C71.9D32288@serc.nl>

Hello,

I use slirp here with the assumption that the IP address of
the Pc with the VPN (192.xx.yy.231) is in the same subnet as the ip address
of the slirp host (192.xx.yy.z), and then the subnet mask gets correctly set
to 255.255.255.0.

In your case the slirp address of the slirp host
is 130.225.33.68, so try to set the ip-address 
of the VPN client to 130.225.33.231

OR

promote the set_subnetmask or something like that
in the ppp code of slirp to an option of slirp
so that you can set it in the slirp settings
(yes, this means some coding around).

Hope this helps, 

-- 
  Dr. H.H. (Harald) Vogt         SERC (Software Engineering Research Centre)
  E-mail: vogt at serc.nl           P.O. Box 424, 3500 AK Utrecht, The Netherlands
  http://www.serc.nl/people/vogt tel: +31-30-2545412, fax: +31-30-2545948


From akohlsmith at benshaw.com  Tue Jan 29 09:01:55 2002
From: akohlsmith at benshaw.com (Andrew Kohlsmith)
Date: Tue, 29 Jan 2002 10:01:55 -0500
Subject: [pptp-server] NAT problem / several clients behind one
In-Reply-To: <001201c1a8e5$5b79ca50$121b7d0a@advancehome>
References: <3C562675.9F87D086@multitech.co.in> <001201c1a8e5$5b79ca50$121b7d0a@advancehome>
Message-ID: <20020129150421.3C484D169D@poontang.schulte.org>

> MY REAL QUESTION: Is there any reason why we cannot add this same non-RFC
> functionality to Poptop?

Is it not possible to use the ip_masq_vpn module (that's the 2.2.x name, I'm 
not sure what the 2.4.x name is) in this situation?

Regards,
Andrew


From wilcox at CSZINC.COM  Tue Jan 29 09:13:02 2002
From: wilcox at CSZINC.COM (James Wilcox)
Date: Tue, 29 Jan 2002 10:13:02 -0500
Subject: [pptp-server] VPN through  NAT
Message-ID: <3B346BD78B0FD611807700D0B7A9A6FC0F9282@EXCHANGESERVER>

My Question is:

When connecting to VPN through a NAT on Windows 2000 Server I do not get a
default gateway.  I was wondering if there is anything that I need to
specify when setting up my NAT to get the default gateway on the VPN
adapter.

Thanks in advance,
James


From charlieb at e-smith.com  Tue Jan 29 10:11:36 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Tue, 29 Jan 2002 11:11:36 -0500 (EST)
Subject: [pptp-server] VPN through  NAT
In-Reply-To: <3B346BD78B0FD611807700D0B7A9A6FC0F9282@EXCHANGESERVER>
Message-ID: <Pine.LNX.4.33.0201291110580.1334-100000@allspice.ottawa.e-smith.com>

On Tue, 29 Jan 2002, James Wilcox wrote:

> When connecting to VPN through a NAT on Windows 2000 Server I do not get a
> default gateway.  I was wondering if there is anything that I need to
> specify when setting up my NAT to get the default gateway on the VPN
> adapter.

That's not a NAT feature, that's a client configuration issue.

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739




From honor at axtronics.com.tw  Tue Jan 29 23:44:27 2002
From: honor at axtronics.com.tw (honor)
Date: Wed, 30 Jan 2002 13:44:27 +0800
Subject: [pptp-server] idle time have problem ?
Message-ID: <003e01c1a951$2df439f0$0507a8c0@honor1>


idle 1800
I set above argument in options file
but pppd don't terminate after timeout for 1800 seconds.

if the value is low, such as 60
it is ok.
 
why?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020130/bc5a96cd/attachment.html>

From berzerke at swbell.net  Wed Jan 30 00:48:01 2002
From: berzerke at swbell.net (robert)
Date: Wed, 30 Jan 2002 00:48:01 -0600
Subject: [pptp-server] idle time have problem ?
In-Reply-To: <003e01c1a951$2df439f0$0507a8c0@honor1>
References: <003e01c1a951$2df439f0$0507a8c0@honor1>
Message-ID: <0GQQ00IXFO73ZP@mta4.rcsntx.swbell.net>

As I guess, I'd saying something is keeping the line open.  For instance 
(example only; it could be something else), browse lists are supposed to be 
updated/synchronized every X number of minutes (I think X is 15, but it's 
been awhile).  It could be something else.

If I'm right (about the 15 minutes), then the line is never truly idle for 
1800 seconds (which is 30 minutes) at a stretch, but the line is idle for 60 
seconds (1 minute).

On Tuesday 29 January 2002 11:44 pm, honor wrote:
> idle 1800
> I set above argument in options file
> but pppd don't terminate after timeout for 1800 seconds.
>
> if the value is low, such as 60
> it is ok.
>
> why?


From honor at axtronics.com.tw  Wed Jan 30 00:46:16 2002
From: honor at axtronics.com.tw (honor)
Date: Wed, 30 Jan 2002 14:46:16 +0800
Subject: [pptp-server] How to configure that a User Name only can login a time when the User Name has been logined?
Message-ID: <001101c1a959$d105db50$0507a8c0@honor1>

for example:
if the User Name "king" has been logined PPTP server for machine "A"
and by default
the "king" can login once again for machine "B"
How to restrict this?

ps:I use dynamic ip range
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020130/8b2cdd56/attachment.html>

From honor at axtronics.com.tw  Wed Jan 30 00:58:54 2002
From: honor at axtronics.com.tw (honor)
Date: Wed, 30 Jan 2002 14:58:54 +0800
Subject: [pptp-server] idle time have problem ?
References: <003e01c1a951$2df439f0$0507a8c0@honor1> <0GQQ00IXFO73ZP@mta4.rcsntx.swbell.net>
Message-ID: <001e01c1a95b$94d994d0$0507a8c0@honor1>

I see the in and out packets of ppp interface in windows that increment in a while.
Thus pptp server reset the idle time to 0.
so if the "n" is too big ,
the termination for idle is impossible archieved.
right ?

The man page write:

idle n Specifies that pppd should disconnect if the  link
	          is  idle for  n seconds. The link is idle when no
	          data packets (i.e. IP packets) are  being sent  or
	          received.  Note: it  is not advisable to use this
	          option with the persist option without  the  demand
	          option.  If the active-filter option is given, data
	          packets which are rejected by the specified  activ
	          ity filter also count as the link being idle.



----- Original Message ----- 
From: "robert" <berzerke at swbell.net>
To: "honor" <honor at axtronics.com.tw>; <pptp-server at lists.schulte.org>
Sent: Wednesday, January 30, 2002 2:48 PM
Subject: Re: [pptp-server] idle time have problem ?


> As I guess, I'd saying something is keeping the line open.  For instance 
> (example only; it could be something else), browse lists are supposed to be 
> updated/synchronized every X number of minutes (I think X is 15, but it's 
> been awhile).  It could be something else.
> 
> If I'm right (about the 15 minutes), then the line is never truly idle for 
> 1800 seconds (which is 30 minutes) at a stretch, but the line is idle for 60 
> seconds (1 minute).
> 
> On Tuesday 29 January 2002 11:44 pm, honor wrote:
> > idle 1800
> > I set above argument in options file
> > but pppd don't terminate after timeout for 1800 seconds.
> >
> > if the value is low, such as 60
> > it is ok.
> >
> > why?
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020130/86392936/attachment.html>

From John.vanLit at BuroRM.nl  Wed Jan 30 04:34:10 2002
From: John.vanLit at BuroRM.nl (Buro RM - John van Lit)
Date: Wed, 30 Jan 2002 11:34:10 +0100
Subject: [pptp-server] Protocol 47
Message-ID: <81A684765505D411B04D00A0247B0694076541@BRMSRV01>

all,

I have my poptop server running in my private network. the firewall is is
allowd to point all the traffic that is comming on port 1723 to my poptop
server.
When i try to make a connection the session ends with the error code 619 the
specified port is not connected.
I have done a tcpdump on my ppp0 interface which gives me the following
information.

10:58:06.802676 195.121.230.19.unisys-lm 213.84.233.74.pptp: S
1582148474:1582148474(0) win 8760 (DF) 
10:58:06.804331 213.84.233.74.pptp 195.121.230.19.unisys-lm: S
3444247836:3444247836(0) ack 1582148475 win 32120 (DF) 
10:58:06.999409 195.121.230.19.unisys-lm 213.84.233.74.pptp: . 1:1(0) ack 1
win 8760 (DF) 
10:58:07.042582 195.121.230.19.unisys-lm 213.84.233.74.pptp: P 1:157(156)
ack 1 win 8760 (DF) 
10:58:07.043329 213.84.233.74.pptp 195.121.230.19.unisys-lm: . 1:1(0) ack
157 win 31964 (DF) 
10:58:07.044106 213.84.233.74.pptp 195.121.230.19.unisys-lm: P 1:157(156)
ack 157 win 32120 (DF) 
10:58:07.252835 195.121.230.19.unisys-lm 213.84.233.74.pptp: P 157:325(168)
ack 157 win 8604 (DF) 
10:58:07.256349 213.84.233.74.pptp 195.121.230.19.unisys-lm: P 157:189(32)
ack 325 win 32120 (DF) 
10:58:07.419128 195.121.230.19.unisys-lm 213.84.233.74.pptp: P 325:349(24)
ack 189 win 8572 (DF) 
10:58:07.436570 213.84.233.74.pptp 195.121.230.19.unisys-lm: . 189:189(0)
ack 349 win 32120 (DF) 10:58:07.495955 gre-proto-0x880B (gre encap) 
10:58:07.496353 213.84.233.74 195.121.230.19: icmp: 213.84.233.74 protocol
47 unreachable [tos 0xc0] 
10:58:09.190054 gre-proto-0x880B (gre encap) 
10:58:09.190411 213.84.233.74 195.121.230.19: icmp: 213.84.233.74 protocol
47 unreachable [tos 0xc0] 
10:58:12.144936 gre-proto-0x880B (gre encap) 
10:58:12.145302 213.84.233.74 195.121.230.19: icmp: 213.84.233.74 protocol
47 unreachable [tos 0xc0] 
10:58:17.325088 gre-proto-0x880B (gre encap) 
10:58:17.325451 213.84.233.74 195.121.230.19: icmp: 213.84.233.74 protocol
47 unreachable [tos 0xc0] 
10:58:20.146905 gre-proto-0x880B (gre encap) 
10:58:20.147255 213.84.233.74 195.121.230.19: icmp: 213.84.233.74 protocol
47 unreachable [tos 0xc0] 
10:58:24.151466 gre-proto-0x880B (gre encap) 
10:58:24.151824 213.84.233.74 195.121.230.19: icmp: 213.84.233.74 protocol
47 unreachable [tos 0xc0] 
10:58:28.149595 gre-proto-0x880B (gre encap) 
10:58:28.149951 213.84.233.74 195.121.230.19: icmp: 213.84.233.74 protocol
47 unreachable [tos 0xc0] 
10:58:32.154418 gre-proto-0x880B (gre encap) 
10:58:32.154785 213.84.233.74 195.121.230.19: icmp: 213.84.233.74 protocol
47 unreachable [tos 0xc0] 
10:58:36.158481 gre-proto-0x880B (gre encap) 
10:58:36.158850 213.84.233.74 195.121.230.19: icmp: 213.84.233.74 protocol
47 unreachable [tos 0xc0] 
10:58:37.403953 213.84.233.74.pptp 195.121.230.19.unisys-lm: F 189:189(0)
ack 349 win 32120 (DF) 
10:58:37.594457 195.121.230.19.unisys-lm 213.84.233.74.pptp: F 349:349(0)
ack 190 win 8572 (DF)
 10:58:37.595080 213.84.233.74.pptp 195.121.230.19.unisys-lm: . 190:190(0)
ack 350 win 32120 (DF) 
When i look at my ipchains rules protocol 47 is accepted.
this is the configuration of my poptop server
pptpd.conf
speed 115200
localip 192.168.10.225-250 
remoteip 192.168.1.225-250 

options
debug 
auth 
name poptop 
require-chap 
proxyarp 
ms-wins 192.168.10.1

chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses 
john poptop xxxx *

can anyone help me???
Rgds,

John


From honor at axtronics.com.tw  Wed Jan 30 06:45:11 2002
From: honor at axtronics.com.tw (honor)
Date: Wed, 30 Jan 2002 20:45:11 +0800
Subject: [pptp-server] Browsing Woes
References: <20020121162226.26B3ED148C@poontang.schulte.org>
Message-ID: <003501c1a98b$f4ad4930$0507a8c0@honor1>

I  have also the problem.

Has anybody help us?

----- Original Message -----
From: "Andrew Kohlsmith" <akohlsmith at benshaw.com>
To: <pptp-server at lists.schulte.org>
Sent: Tuesday, January 22, 2002 12:23 AM
Subject: [pptp-server] Browsing Woes


> The Problem:
> VPN clients cannot see browse lists, but I can call up a computer with
> \\computername or \\ip.ip.ip.ip.
>
> The Configuration:
> The Firewall/VPN server:
> - kernel 2.4.17
> - samba 2.2.20
> - ppp 2.4.1 with MSCHAPv2 and openssl-0.9.6-mppe patches
> - pptpd 1.0.1
> many network cards and modems:
> eth0 - LAN
> eth1 - DMZ
> eth2 - WAN
> eth3 - wireless
> pppx+ - either dialup or VPN, depending on order
>
> relevant bits of samba config:
> ======================================================
> [global]
>    workgroup = MYDOMAIN
>    server string = gateway
>
>    interfaces = 192.168.1.0/24 192.168.3.0/24
>    hosts allow = 192.168.1. 127. 192.168.3.
>    socket options = TCP_NODELAY
>    getwd cache = Yes
>
>    wins support = yes
>    wins proxy = yes
>
>    security = domain
>    password server = server1
>    guest account = samba
>
>    os level = 60
>    local master = yes
>    domain master = no
>    preferred master = yes
>    domain logons = no
>
>    name resolve order = lmhosts wins bcast host
>    dns proxy = no
>    locking = yes
>
>   guest account = nobody
>   encrypt passwords = yes
> ======================================================
>
> pptpd.conf:
> ======================================================
> speed 115200
> localip 192.168.1.234-238
> remoteip 192.168.1.240-244
> option /etc/ppp/options.pptp
> ======================================================
>
> options.pptp:
> ======================================================
> auth
> asyncmap 0
> nodetach
> name vpn-ppp
> ms-dns 192.168.1.1
> ms-wins 192.168.1.1
> proxyarp
> require-chapms-v2
> #chapms-strip-domain
> refuse-chapms
> refuse-chap
> mppe-128
> mppe-stateless
> mtu 1000
> mru 1000
> ======================================================
>
> All LAN workstations use WINS, including PDC and BDC (both winnt4).  The
main
> fileserver (bigmama) runs Samba 2.2.20 and works fine with LAN and VPN
> clients (barring this browse problem).
>
> VPN users (from either wireless or modem, but I haven't begun testing
modem
> yet) can log in to the domain just fine.  I'm doing my testing on a Win2k
VPN
> client right now (the only one I have available at this time).  They can
> reach a SMB-sharing computer by name or by IP, but browsing gives timeouts
> ("MYDOMAIN is not accessible. / The network path was not found") -- when
> browsing in a single window, the error comes up once each time I try to
get
> into MYDOMAIN; when browsing in tree view the error comes up three times
in a
> row for every computer/share/file you try to access (something to do with
> reading the tree).
>
> These computers (dialup and wireless) are primarily used by sales staff
and
> otherwise non-techies and I loathe mapping drives, but that *does* work.
>
> I know those os level lines and such don't need to be there; I've been
> experimenting without much luck.  I'm 99.9% sure that nothing is being
> blocked by the firewall because I can get the data back and forth, and
> tcpdump'ing the pppx interface that the VPN is using seems to indicate
that
> the traffic is flowing.  I can provide dumps if desired.
>
> Can anyone see what I'm doing wrong?  This is *almost* working 100%.  It's
> that last little bit that's giving me trouble.  What's that they say about
> 80% taking 20% of the time, and the last 20% taking 80% of the time?  :-)
>
> Regards,
> Andrew
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>
>



From Steve at SteveCowles.com  Wed Jan 30 07:18:35 2002
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Wed, 30 Jan 2002 07:18:35 -0600
Subject: [pptp-server] Browsing Woes
Message-ID: <90769AF04F76D41186C700A0C90AFC3EEA21@defiant.infohiiway.com>

> -----Original Message-----
> From: honor [mailto:honor at axtronics.com.tw]
> Sent: Wednesday, January 30, 2002 6:45 AM
> To: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] Browsing Woes
> 
> 
> I  have also the problem.
> 
> Has anybody help us?
> 

1) Do you have a WINS server running on your LAN?

2) Are all clients (not just the PPTP clients) on that LAN configured to
register with that WINS server?

Steve Cowles


From john at brewtown.net  Wed Jan 30 08:55:51 2002
From: john at brewtown.net (John Stetter)
Date: Wed, 30 Jan 2002 08:55:51 -0600
Subject: [pptp-server] Protocol 47
References: <81A684765505D411B04D00A0247B0694076541@BRMSRV01>
Message-ID: <003201c1a99e$35f9ba10$7301000a@bwmmortgage.com>

Do you also let everything with proto 47 (GRE) come through the firewall?
What output do you have from syslog?


----- Original Message -----
From: "Buro RM - John van Lit" <John.vanLit at BuroRM.nl>
To: <pptp-server at lists.schulte.org>
Sent: Wednesday, January 30, 2002 4:34 AM
Subject: [pptp-server] Protocol 47


> all,
>
> I have my poptop server running in my private network. the firewall is is
> allowd to point all the traffic that is comming on port 1723 to my poptop
> server.
> When i try to make a connection the session ends with the error code 619
the
> specified port is not connected.
> I have done a tcpdump on my ppp0 interface which gives me the following
> information.

<SNIP>



From charlieb at e-smith.com  Wed Jan 30 09:31:36 2002
From: charlieb at e-smith.com (Charlie Brady)
Date: Wed, 30 Jan 2002 10:31:36 -0500 (EST)
Subject: [pptp-server] 619 Error, problem with pppd (fwd)
Message-ID: <Pine.LNX.4.33.0201301031180.10014-100000@allspice.ottawa.e-smith.com>

FYI..

---------- Forwarded message ----------
Date: Wed, 30 Jan 2002 02:05:14 -0500
From: Vodo Baas <vodo_baas at hotmail.com>
Reply-To: vodobaas at mindlence.com
To: charlieb at e-smith.com
Subject: Re: [pptp-server] 619 Error, problem with pppd

I have resolved this one, thanks for the help.  I went back to the original
kernel that I installed from the Red Hat CD and everything worked fine.  I
went back and messed around with the 2.4.17 kernel again and these are the
options I set for the networking options and was able to PoPToP 1.0.1 to
work.

Networking support (CONFIG_NET) Y
Sysctl support (CONFIG_SYSCTL) Y
Packet socket (CONFIG_PACKET) Y
  Packet socket: mmapped IO (CONFIG_PACKET_MMAP) N
Netlink device emulation (CONFIG_NETLINK_DEV) Y
Network packet filtering (CONFIG_NETFILTER) Y
Socket Filtering (CONFIG_FILTER) N
Unix domain sockets (CONFIG_UNIX) Y
TCP/IP networking (CONFIG_INET) Y
  IP: advanced router (CONFIG_IP_ADVANCED_ROUTER) N
  IP: tunneling (CONFIG_NET_IPIP) Y
  IP: GRE tunnels over IP (CONFIG_NET_IPGRE) Y
Connection tracking (CONFIG_IP_NF_CONNTRACK) N
IP tables support (CONFIG_IP_NF_IPTABLES) N
ipchains (2.2-style) support (CONFIG_IP_NF_COMPAT_IPCHAINS) Y
PPP (point-to-point protocol) support (CONFIG_PPP) Y
  PPP support for async serial ports (CONFIG_PPP_ASYNC) Y
  PPP support for sync tty ports (CONFIG_PPP_SYNC_TTY) Y
  PPP Deflate compression (CONFIG_PPP_DEFLATE) N
  PPP BSD-Compress compression (CONFIG_PPP_BSDCOMP) N
  PPP over ATM (CONFIG_PPPOATM) N
SLIP (serial line) support (CONFIG_SLIP) N
Unix98 PTY support (CONFIG_UNIX98_PTYS) Y
/proc file system support (CONFIG_PROC_FS) Y
/dev/pts file system for Unix98 PTYs (CONFIG_DEVPTS_FS) Y

I don't know how much of that is actually required or not, and I know the
settings for IP routing, IP filtering, and ipchains and iptables I have set
specific to my needs (and that is keeping ipchains support and dropping
iptables), but regardless with that configuration everything worked fine.

> > I am running PoPToP version version 1.0.1 as a server and when I try to
> > connect with a Win 2000 computer I get a 619 error stating that the port
>is
> > not connected.  When I check the log I see this:
> >
> > pptpd[2370]: MGR: Manager process started
> > pptpd[2379]: CTRL: Client 12.147.193.69 control connection started
> > pptpd[2379]: CTRL: Starting call (launching pppd, opening GRE)
> > pppd[2380]: pppd 2.4.0 started by root, uid 0
> > pppd[2380]: Couldn't set tty to PPP discipline: Invalid argument
> > pppd[2380]: Exit.
> > pptpd[2379]: GRE: read(fd=5,buffer=804da20,len=8196) from PTY failed:
>status
> > = -1 error = Input/output error
> > pptpd[2379]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
> > pptpd[2379]: CTRL: Client 12.147.193.69 control connection finished
> >
> > If I am reading this right, the call that pptpd uses to call pppd is
> > incorrect and causing my connections to fail.
>
>No. pppd is starting up, but then when it asks the kernel to enable PPP
>line discipline on its pseudoterminal connection, the kernel doesn't like
>a parameter being passed. I don't know enough about pppd and kernel
>internals to know why that is.
>
> > Here is the version information for what I am using:
> > Red Hat Linux 7.1
> > Linux Kernel 2.4.17 (From kernel.org)
> > PoPToP 1.0.1
> > ppp 2.4.0
> >
> > I noticed that in the mailing list the version of ppp that most peopl
>use is
> > 2.3.8 through 2.3.11 is there a compatibility issue with 2.4.0?
>
>No. We've been using 2.4.0 in our product for ages (with 2.2.x kernels).
>
>I'd recommend:
>
>- using a RedHat standard kernel, and only build new ppp.o and mppe.o
>   modules.
>- using PoPToP 1.1.2


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.




From honor at axtronics.com.tw  Wed Jan 30 19:15:10 2002
From: honor at axtronics.com.tw (honor)
Date: Thu, 31 Jan 2002 09:15:10 +0800
Subject: [pptp-server] Browsing Woes
References: <90769AF04F76D41186C700A0C90AFC3EEA21@defiant.infohiiway.com>
Message-ID: <00ab01c1a9f4$ba9cff10$0507a8c0@honor1>

Yes.
as follow below


win98------linux------PPTP server----(internet)-----win2000
                  wins                                    ADSL


win98: 192.168.7.2    (wins server : 192.168.7.3)
linux:    192.168.7.3
PPTP:  192.168.7.254
             211.20.100.141

win2000:192.168.7.45  =>assigned   (wins server : 192.168.7.3)

all the same workgroup :samba

my options file have
ms-wins 192.168.7.3

This is my smb.conf file

[global]
   workgroup = samba
   server string = linux samba
   guest account = nobody
   log file = /var/log/samba/%m.log
   max log size = 0
   security = share
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = yes
   os level = 33
   domain master = yes 
   preferred master = yes
   name resolve order = wins lmhosts bcast
   wins support = yes

[tmp]
   comment = Temporary file space
   path = /tmp
   read only = no
   public = yes
   browseable = yes
   writable = yes

----- Original Message ----- 
From: "Cowles, Steve" <Steve at SteveCowles.com>
To: <pptp-server at lists.schulte.org>
Sent: Wednesday, January 30, 2002 9:18 PM
Subject: RE: [pptp-server] Browsing Woes


> > -----Original Message-----
> > From: honor [mailto:honor at axtronics.com.tw]
> > Sent: Wednesday, January 30, 2002 6:45 AM
> > To: pptp-server at lists.schulte.org
> > Subject: Re: [pptp-server] Browsing Woes
> > 
> > 
> > I  have also the problem.
> > 
> > Has anybody help us?
> > 
> 
> 1) Do you have a WINS server running on your LAN?
> 
> 2) Are all clients (not just the PPTP clients) on that LAN configured to
> register with that WINS server?
> 
> Steve Cowles
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 
> 



From John.vanLit at BuroRM.nl  Thu Jan 31 04:07:16 2002
From: John.vanLit at BuroRM.nl (Buro RM - John van Lit)
Date: Thu, 31 Jan 2002 11:07:16 +0100
Subject: [pptp-server] Error Proto 47
Message-ID: <81A684765505D411B04D00A0247B0694076542@BRMSRV01>

All,

"Error transmitting to destination: Message too long"
After pressing enter i recieve the following message
i get {5}+ exit 1 ipfwd --masq 192.168.10.251 47

How can I resolve this??

I'm using Suse 7.1
Kernel 2.2.18

Rgds,

John



From John.vanLit at BuroRM.nl  Thu Jan 31 07:50:37 2002
From: John.vanLit at BuroRM.nl (Buro RM - John van Lit)
Date: Thu, 31 Jan 2002 14:50:37 +0100
Subject: [pptp-server] Error Proto 47
Message-ID: <81A684765505D411B04D00A0247B0694076543@BRMSRV01>

All,

"Error transmitting to destination: Message too long"
After pressing enter i recieve the following message
i get {5}+ exit 1 ipfwd --masq 192.168.10.251 47

How can I resolve this??

I'm using Suse 7.1
Kernel 2.2.18

Rgds,

John



From Oswald.Knoppers at contrastmediagroep.nl  Thu Jan 31 08:28:39 2002
From: Oswald.Knoppers at contrastmediagroep.nl (Oswald Knoppers)
Date: Thu, 31 Jan 2002 15:28:39 +0100
Subject: [pptp-server] Routing problem.
Message-ID: <3C595497.5E91DA7E@contrastmediagroep.nl>

Hello,

I am trying to setup the following:


- Office network (192.168.1.0/24) with a firewall running the pptpd
server
- Home network (192.168.4.0/24) with a firewall running the pptp client.

I can make a connection and this works. From any host in the office
network i can ping the ppp0 (tunnel) interface of the home firewall, i
can also ping the eth0 interface of the home firewall. But i cannot ping
any of the systems at the home network. So it looks like the home
firewall is not forwarding the traffic.

This firewall is also used for general access of the Internet. And for
that type of traffic the forwarding works fine (in this case an isdn
interface).

Any suggestions on where to look?

Thanks,

Oswald


From lit00084 at planet.nl  Thu Jan 31 09:36:31 2002
From: lit00084 at planet.nl (lit00084 at planet.nl)
Date: Thu, 31 Jan 2002 09:36:31 -0600 (CST)
Subject: [pptp-server] Despired
Message-ID: <5961972.1012491388949.JavaMail.root@apps19.wxs.nl>

Hi,

Is there anyone who has poptop running in combination with a Alcatel ADSL Modem.

If there is What is the configuration that you are running.

Rgds,

John

From lit00084 at planet.nl  Thu Jan 31 09:39:15 2002
From: lit00084 at planet.nl (lit00084 at planet.nl)
Date: Thu, 31 Jan 2002 09:39:15 -0600 (CST)
Subject: [pptp-server] (no subject)
Message-ID: <3445416.1012491553102.JavaMail.root@apps19.wxs.nl>

All,

The following message i see after the session is terminated.
Error transmitting to destination: Message too long 
i get {5}+ exit 1 ipfwd --masq 192.168.10.251 47

Rgds,

John

From jvonau at ramwinn.com  Thu Jan 31 09:41:14 2002
From: jvonau at ramwinn.com (Jerry Vonau)
Date: Thu, 31 Jan 2002 09:41:14 -0600
Subject: [pptp-server] Routing problem.
Message-ID: <01C1AA3B.6DAF9360.jvonau@ramwinn.com>

Oswald:

You need to set the routes on both ends of the link, there is a couple of ways of doing this, 
I use ip-up.local for that purpose. On the client box you'll need to have rules that allow traffic 
to/from the lan and pppd interfaces. 

Some examples of ip-up.local are at:

http://www.shorewall.net/PPTP.htm
  
hope it helps...

Jerry Vonau


On Thursday, January 31, 2002 08:29, Oswald Knoppers [SMTP:Oswald.Knoppers at contrastmediagroep.nl] wrote:
> Hello,
> 
> I am trying to setup the following:
> 
> 
> - Office network (192.168.1.0/24) with a firewall running the pptpd
> server
> - Home network (192.168.4.0/24) with a firewall running the pptp client.
> 
> I can make a connection and this works. From any host in the office
> network i can ping the ppp0 (tunnel) interface of the home firewall, i
> can also ping the eth0 interface of the home firewall. But i cannot ping
> any of the systems at the home network. So it looks like the home
> firewall is not forwarding the traffic.
> 
> This firewall is also used for general access of the Internet. And for
> that type of traffic the forwarding works fine (in this case an isdn
> interface).
> 
> Any suggestions on where to look?
> 
> Thanks,
> 
> Oswald
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 


From lists at earthling.2y.net  Thu Jan 31 10:41:50 2002
From: lists at earthling.2y.net (lists at earthling.2y.net)
Date: Thu, 31 Jan 2002 11:41:50 -0500 (EST)
Subject: [pptp-server] Routing problem.
In-Reply-To: <3C595497.5E91DA7E@contrastmediagroep.nl>
Message-ID: <Pine.LNX.4.33.0201311136300.13299-100000@earthling.2y.net>

It sounds as if you have your routes established....

But you don't seem to be getting traffic back.

First thing I would do, is tcpdump the tunnel, and try pinging, or try
accessing a port on your home network, and seeing if the packets come back
or not.

Second, I would look at all the firewalling rules, make sure I'm
permitting forwarding for all the networks in the setup.

Maybe its time I update earthling.2y.net/LinkingNets.html with a FAQ/What
to test when it does not work....

Also, what OSes are on the firewalls?

On Thu, 31 Jan
2002, Oswald Knoppers wrote:

> Hello,
>
> I am trying to setup the following:
>
>
> - Office network (192.168.1.0/24) with a firewall running the pptpd
> server
> - Home network (192.168.4.0/24) with a firewall running the pptp client.
>
> I can make a connection and this works. From any host in the office
> network i can ping the ppp0 (tunnel) interface of the home firewall, i
> can also ping the eth0 interface of the home firewall. But i cannot ping
> any of the systems at the home network. So it looks like the home
> firewall is not forwarding the traffic.
>
> This firewall is also used for general access of the Internet. And for
> that type of traffic the forwarding works fine (in this case an isdn
> interface).
>
> Any suggestions on where to look?
>
> Thanks,
>
> Oswald
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

-- 
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net




From jsayer at zk3.dec.com  Thu Jan 31 10:54:01 2002
From: jsayer at zk3.dec.com (Jim Sayer)
Date: Thu, 31 Jan 2002 11:54:01 -0500
Subject: [pptp-server] LCP: timeout sending Config-Requests
Message-ID: <3C5976A9.934BAE3A@zk3.dec.com>

I am trying to use pptp to tunnel into where I work. I am running
Linux version 2.2.14-5.0smp 
pppd 2.4.0
pptp-linux-1.0.3-1
ppp-mppe-2.4.0-4
An lsmod shows all the modules get loaded.

Basically, pptp reports back ERROR!  Connection timed out.
The /var/log/messages is shown below, detailing an LCP: timeout sending
Config-Requests. It looks like I connect and then disconnect right away.

The pap and chap secret files have the same info and the options file
all look ok.

The processes that are kicked off when I run the pptp script are list
below.

I use cable modem, not a dial-up modem. Does pptp work with cable modem
and does anything special have to be set up? Any suggestions or try-me's
would be greatly appreciated.

Thanks,
Jim 

log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:548]: Client connection
established.
log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:655]: Outgoing call
established (call ID 0, peer's call ID 34729).
pppd 2.4.0 started by root, uid 0
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:704]: PPTP_SET_LINK_INFO
recieved from peer_callid 0
log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:707]:   send_accm is FFFFFFFF,
 recv_accm is FFFFFFFF
LCP: timeout sending Config-Requests
Connection terminated.
Exit.
log[callmgr_main:pptp_callmgr.c:240]: Closing connection
log[pptp_conn_close:pptp_ctrl.c:285]: Closing PPTP connection
log[call_callback:pptp_callmgr.c:88]: Closing connection




 root      1114   808  perl -w /usr/sbin/pptp-command
 root      1132  1114  [pppd <defunct>]
 root      1134     1  /usr/sbin/pptp pptp: call manager for <real ip
address> 
 root      1136     1  /usr/sbin/pptp pptp: GRE-to-PPP gateway on
/dev/pts/2
 root      1139     1  /usr/sbin/pppd /dev/pts/2 38400 call work-tunnel


From jsayer at zk3.dec.com  Thu Jan 31 12:34:38 2002
From: jsayer at zk3.dec.com (Jim Sayer)
Date: Thu, 31 Jan 2002 13:34:38 -0500
Subject: [pptp-server] LCP: timeout sending Config-Requests
References: <3C5976A9.934BAE3A@zk3.dec.com> <3C5979CA.D01EDFCA@multitech.co.in>
Message-ID: <3C598E3E.C1B8580B@zk3.dec.com>

Murali,

The client is my linux workstation and the server is an NT system.
Are you seeing a similar problem using win9x?

Jim

"Murali K. Vemuri" wrote:
> 
>    Part 1.1    Type: Plain Text (text/plain)
>            Encoding: 7bit
what is the client you are using ?
is it win9x?
murali

Jim Sayer wrote:

> I am trying to use pptp to tunnel into where I work. I am running
> Linux version 2.2.14-5.0smp
> pppd 2.4.0
> pptp-linux-1.0.3-1
> ppp-mppe-2.4.0-4
> An lsmod shows all the modules get loaded.
>
> Basically, pptp reports back ERROR!  Connection timed out.
> The /var/log/messages is shown below, detailing an LCP: timeout sending
> Config-Requests. It looks like I connect and then disconnect right away.
>
> The pap and chap secret files have the same info and the options file
> all look ok.
>
> The processes that are kicked off when I run the pptp script are list
> below.
>
> I use cable modem, not a dial-up modem. Does pptp work with cable modem
> and does anything special have to be set up? Any suggestions or try-me's
> would be greatly appreciated.
>
> Thanks,
> Jim
>
> log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:548]: Client connection
> established.
> log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:655]: Outgoing call
> established (call ID 0, peer's call ID 34729).
> pppd 2.4.0 started by root, uid 0
> Using interface ppp0
> Connect: ppp0 <--> /dev/pts/2
> log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:704]: PPTP_SET_LINK_INFO
> recieved from peer_callid 0
> log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:707]:   send_accm is FFFFFFFF,
>  recv_accm is FFFFFFFF
> LCP: timeout sending Config-Requests
> Connection terminated.
> Exit.
> log[callmgr_main:pptp_callmgr.c:240]: Closing connection
> log[pptp_conn_close:pptp_ctrl.c:285]: Closing PPTP connection
> log[call_callback:pptp_callmgr.c:88]: Closing connection
>
>  root      1114   808  perl -w /usr/sbin/pptp-command
>  root      1132  1114  [pppd <defunct>]
>  root      1134     1  /usr/sbin/pptp pptp: call manager for <real ip
> address>
>  root      1136     1  /usr/sbin/pptp pptp: GRE-to-PPP gateway on
> /dev/pts/2
>  root      1139     1  /usr/sbin/pppd /dev/pts/2 38400 call work-tunnel
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

--
regards & thanks for your time,

Murali Krishna Vemuri


From muralivemuri at multitech.co.in  Thu Jan 31 12:41:06 2002
From: muralivemuri at multitech.co.in (Murali K. Vemuri)
Date: Fri, 01 Feb 2002 00:11:06 +0530
Subject: [pptp-server] LCP: timeout sending Config-Requests
References: <3C5976A9.934BAE3A@zk3.dec.com> <3C5979CA.D01EDFCA@multitech.co.in> <3C598E3E.C1B8580B@zk3.dec.com>
Message-ID: <3C598FC2.5A0434EC@multitech.co.in>

hi,
i have seen a similar problem when i was having a setup of pptpserver on
linux and the client was win9x.
and the solution was to uninstall and install all the dialup adapters and vpn
adapters on win9x.
but, i am not much aware of winNT pptp server.
regds
murali
Jim Sayer wrote:

> Murali,
>
> The client is my linux workstation and the server is an NT system.
> Are you seeing a similar problem using win9x?
>
> Jim
>
> "Murali K. Vemuri" wrote:
> >
> >    Part 1.1    Type: Plain Text (text/plain)
> >            Encoding: 7bit
> what is the client you are using ?
> is it win9x?
> murali
>
> Jim Sayer wrote:
>
> > I am trying to use pptp to tunnel into where I work. I am running
> > Linux version 2.2.14-5.0smp
> > pppd 2.4.0
> > pptp-linux-1.0.3-1
> > ppp-mppe-2.4.0-4
> > An lsmod shows all the modules get loaded.
> >
> > Basically, pptp reports back ERROR!  Connection timed out.
> > The /var/log/messages is shown below, detailing an LCP: timeout sending
> > Config-Requests. It looks like I connect and then disconnect right away.
> >
> > The pap and chap secret files have the same info and the options file
> > all look ok.
> >
> > The processes that are kicked off when I run the pptp script are list
> > below.
> >
> > I use cable modem, not a dial-up modem. Does pptp work with cable modem
> > and does anything special have to be set up? Any suggestions or try-me's
> > would be greatly appreciated.
> >
> > Thanks,
> > Jim
> >
> > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:548]: Client connection
> > established.
> > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:655]: Outgoing call
> > established (call ID 0, peer's call ID 34729).
> > pppd 2.4.0 started by root, uid 0
> > Using interface ppp0
> > Connect: ppp0 <--> /dev/pts/2
> > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:704]: PPTP_SET_LINK_INFO
> > recieved from peer_callid 0
> > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:707]:   send_accm is FFFFFFFF,
> >  recv_accm is FFFFFFFF
> > LCP: timeout sending Config-Requests
> > Connection terminated.
> > Exit.
> > log[callmgr_main:pptp_callmgr.c:240]: Closing connection
> > log[pptp_conn_close:pptp_ctrl.c:285]: Closing PPTP connection
> > log[call_callback:pptp_callmgr.c:88]: Closing connection
> >
> >  root      1114   808  perl -w /usr/sbin/pptp-command
> >  root      1132  1114  [pppd <defunct>]
> >  root      1134     1  /usr/sbin/pptp pptp: call manager for <real ip
> > address>
> >  root      1136     1  /usr/sbin/pptp pptp: GRE-to-PPP gateway on
> > /dev/pts/2
> >  root      1139     1  /usr/sbin/pppd /dev/pts/2 38400 call work-tunnel
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
>
> --
> regards & thanks for your time,
>
> Murali Krishna Vemuri

--
regards & thanks for your time,

Murali Krishna Vemuri


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20020201/53a002b8/attachment.html>

From bara_zani at yahoo.com  Thu Jan 31 15:27:02 2002
From: bara_zani at yahoo.com (Barazani)
Date: Thu, 31 Jan 2002 16:27:02 -0500
Subject: [pptp-server] LCP: timeout sending Config-Requests
References: <3C5976A9.934BAE3A@zk3.dec.com> <3C5979CA.D01EDFCA@multitech.co.in> <3C598E3E.C1B8580B@zk3.dec.com>
Message-ID: <017701c1aa9e$06785a70$fd6e34c6@mlevy>

Any Firewall on the way ?

"UNIX was not designed to stop you from doing stupid things,
because that would also stop you from doing clever things."

----- Original Message -----
From: "Jim Sayer" <jsayer at zk3.dec.com>
To: "Murali K. Vemuri" <muralivemuri at multitech.co.in>;
<pptp-server at lists.schulte.org>
Sent: Thursday, January 31, 2002 1:34 PM
Subject: Re: [pptp-server] LCP: timeout sending Config-Requests


> Murali,
>
> The client is my linux workstation and the server is an NT system.
> Are you seeing a similar problem using win9x?
>
> Jim
>
> "Murali K. Vemuri" wrote:
> >
> >    Part 1.1    Type: Plain Text (text/plain)
> >            Encoding: 7bit
> what is the client you are using ?
> is it win9x?
> murali
>
> Jim Sayer wrote:
>
> > I am trying to use pptp to tunnel into where I work. I am running
> > Linux version 2.2.14-5.0smp
> > pppd 2.4.0
> > pptp-linux-1.0.3-1
> > ppp-mppe-2.4.0-4
> > An lsmod shows all the modules get loaded.
> >
> > Basically, pptp reports back ERROR!  Connection timed out.
> > The /var/log/messages is shown below, detailing an LCP: timeout sending
> > Config-Requests. It looks like I connect and then disconnect right away.
> >
> > The pap and chap secret files have the same info and the options file
> > all look ok.
> >
> > The processes that are kicked off when I run the pptp script are list
> > below.
> >
> > I use cable modem, not a dial-up modem. Does pptp work with cable modem
> > and does anything special have to be set up? Any suggestions or try-me's
> > would be greatly appreciated.
> >
> > Thanks,
> > Jim
> >
> > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:548]: Client connection
> > established.
> > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:655]: Outgoing call
> > established (call ID 0, peer's call ID 34729).
> > pppd 2.4.0 started by root, uid 0
> > Using interface ppp0
> > Connect: ppp0 <--> /dev/pts/2
> > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:704]: PPTP_SET_LINK_INFO
> > recieved from peer_callid 0
> > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:707]:   send_accm is FFFFFFFF,
> >  recv_accm is FFFFFFFF
> > LCP: timeout sending Config-Requests
> > Connection terminated.
> > Exit.
> > log[callmgr_main:pptp_callmgr.c:240]: Closing connection
> > log[pptp_conn_close:pptp_ctrl.c:285]: Closing PPTP connection
> > log[call_callback:pptp_callmgr.c:88]: Closing connection
> >
> >  root      1114   808  perl -w /usr/sbin/pptp-command
> >  root      1132  1114  [pppd <defunct>]
> >  root      1134     1  /usr/sbin/pptp pptp: call manager for <real ip
> > address>
> >  root      1136     1  /usr/sbin/pptp pptp: GRE-to-PPP gateway on
> > /dev/pts/2
> >  root      1139     1  /usr/sbin/pppd /dev/pts/2 38400 call work-tunnel
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
>
> --
> regards & thanks for your time,
>
> Murali Krishna Vemuri
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com