From postmaster at crazywebbys.com Mon Jul 1 03:48:57 2002 From: postmaster at crazywebbys.com (postmaster at crazywebbys.com) Date: Mon, 01 Jul 2002 04:48:57 -0400 Subject: [pptp-server] MDaemon Warning - Virus Found Message-ID: The following message had attachment(s) which contained the viruses: From SNguyen at pdit.com Mon Jul 1 03:48:59 2002 From: SNguyen at pdit.com (SNguyen) Date: Mon, 1 Jul 2002 03:48:59 -0500 (CDT) Subject: [pptp-server] W32.Elkern removal tools Message-ID: <20020701084859.0B67E243BE@clink.schulte.org> An HTML attachment was scrubbed... URL: -------------- next part -------------- ****************************** WARNING ******************************* This message has been scanned by MDaemon/DKAV and was found to contain infected attachment(s). Please review the list below. Attachment Virus name Action taken ---------------------------------------------------------------------- install.exe I-Worm.Klez.h Removed ********************************************************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: eBayISAPI[1].htm Type: application/octet-stream Size: 13276 bytes Desc: not available URL: From andersjk at sol-invictus.org Mon Jul 1 08:31:20 2002 From: andersjk at sol-invictus.org (Kevin Anderson) Date: Mon, 1 Jul 2002 15:31:20 +0200 (CEST) Subject: [pptp-server] static ip Message-ID: first off i am sure i saw a mail regarding assigning a static ip address to a certain user, secondly i deleted.. i apologize... um, how can i assign a static ip address to a certain user?? thanks for your help! kevin -- @ _____________________________________________ chaos, panic and disorder... my job is done... From r.devroede at linvision.com Mon Jul 1 08:42:36 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 01 Jul 2002 15:42:36 +0200 Subject: [pptp-server] static ip In-Reply-To: References: Message-ID: <1025530958.1737.22.camel@richard> > first off i am sure i saw a mail regarding assigning a static ip address > to a certain user, secondly i deleted.. i apologize... Don't appologize, a good Operator deletes before looking > um, how can i assign a static ip address to a certain user?? In the /etc/ppp/chapsecrets # client server secret IP addresses luser pptpd verysecretpassword 192.168.0.2 > thanks for your help! No problem. Regards, Richard -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From christopher at schulte.org Mon Jul 1 11:25:47 2002 From: christopher at schulte.org (Christopher Schulte) Date: Mon, 01 Jul 2002 11:25:47 -0500 Subject: [pptp-server] FYI: interesting virus/spam stats Message-ID: <5.1.1.6.2.20020701112308.01afa0c8@pop3s.schulte.org> Since the end of April 2002, the virus software on the lists.schulte.org MTA has blocked over 30 messages with viruses sent to this list. Spamassassin has also stopped a fair number of identified SPAM messages, as has the list software itself. -- Christopher Schulte christopher at schulte.org http://www.schulte.org/ i won't let you fall apart -Trent Reznor, Nine Inch Nails, Halo 14, the fragile From vinceto at jys.org Tue Jul 2 11:00:39 2002 From: vinceto at jys.org (Vincet Osterhout) Date: Tue, 02 Jul 2002 08:00:39 -0800 Subject: [pptp-server] unsubscribe please Message-ID: Vincet Osterhout Network Admin Juneau Youth Services, Inc. PH: (907)-796-4100 -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Vincet Osterhout.vcf URL: From christopher at schulte.org Tue Jul 2 11:06:16 2002 From: christopher at schulte.org (Christopher Schulte) Date: Tue, 02 Jul 2002 11:06:16 -0500 Subject: [pptp-server] unsubscribe please In-Reply-To: Message-ID: <5.1.1.6.2.20020702110518.03c0c0c8@pop3s.schulte.org> See http://lists.schulte.org/mailman/listinfo/pptp-server please. At 08:00 AM 7/2/2002 -0800, Vincet Osterhout wrote: >Vincet Osterhout >Network Admin >Juneau Youth Services, Inc. >PH: (907)-796-4100 -- Christopher Schulte christopher at schulte.org http://www.schulte.org/ Pizza: it's what's for dinner. From carnt at intellissence.com.br Thu Jul 4 04:05:15 2002 From: carnt at intellissence.com.br (Carlos Arnt) Date: Thu, 4 Jul 2002 02:05:15 -0700 Subject: [pptp-server] Multiple VPN . Message-ID: <001401c22339$ea030650$0101a8c0@carlosa> Hi , Could someone explain how can i do this : At one side have a 2.4.18 kernel with mppe and poptop. Running very well , with some Win2000 and XP clients . Now the boss want to put some Masq machines to comunicate with this poptop server . Then i think in this way : The server continues with his true IP 200.222.x.x etc I put a Linux PPTP client in the other hand using a cable connection. Then the cliente connect to the server and receive a ip something like . 192.168.1.40 I put this client linux to be my gateway and put all others machines to comunicate with that . In the server side all my pc's have the same 192.168.1.x ( 1 to 35) And in the client 192.168.1.42-200 My question is the machines in both sides can talk together ? Can someone have a dummy how to pptp in linux !! Thanks for helping . Just for explain better in one side (server side) have a network with 30 pc's . and in the other (client side) have 40 pc's . I need over this vpn communicate all this mess =). Carlos Arnt -------------- next part -------------- An HTML attachment was scrubbed... URL: From w.powisch at adcon.at Wed Jul 3 08:31:30 2002 From: w.powisch at adcon.at (Wolfgang Powisch) Date: Wed, 3 Jul 2002 15:31:30 +0200 Subject: [pptp-server] pptp-server connected via adsl+pptp Message-ID: <20020703153129.A1254@adcon.at> Hi, I've installed poptop, and it works fine with mppe and mschapv2 on a firewall-box connected to a dedicated line. Now the dedicated line should be replaced with a ADSL-link. To connect to the Modem, the box also needs to be a pptp-client. Is this possible? The box also acts as masquerading gateway to the internet, and I also have the problem, that it isn't possible to establish a pptp-connection from the LAN to a external pptp server. -- +-------------------------------+ .--. | Wolfgang Powisch | |o_o | | powo at chello.at | |:_/ | | | // \ \ | sysadmin @ ADCON Telemetry AG | (| | ) | w.powisch at adcon.at | /'\_ _/`\ +-------------------------------+ \___)=(___/ From r.devroede at linvision.com Wed Jul 3 09:35:41 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 03 Jul 2002 16:35:41 +0200 Subject: [pptp-server] pptp-server connected via adsl+pptp In-Reply-To: <20020703153129.A1254@adcon.at> References: <20020703153129.A1254@adcon.at> Message-ID: <1025706942.2792.23.camel@richard> Wolfgang, It is possible to use both pptpc and pptpd, but beware: when pptpc starts, pptpd should not run. When pptpc stops, pptpd should not run. I've experienced very nasty kernelpanics. So the way to go is: start pptpc start pptpd --regular operation of server-- stop pptpd stop pptpc Your problem with making a pptp-connection through a masquerading gateway should disappear when you apply the pptp netfilter helper patch to the gateway's kernel. see: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html for more information. Regards, Richard de Vroede > Hi, > > I've installed poptop, and it works fine with mppe and mschapv2 on a > firewall-box connected to a dedicated line. > Now the dedicated line should be replaced with a ADSL-link. > To connect to the Modem, the box also needs to be a pptp-client. > > Is this possible? > > The box also acts as masquerading gateway to the internet, and I > also have the problem, that it isn't possible to establish a > pptp-connection from the LAN to a external pptp server. > > -- > +-------------------------------+ .--. > | Wolfgang Powisch | |o_o | > | powo at chello.at | |:_/ | > | | // \ \ > | sysadmin @ ADCON Telemetry AG | (| | ) > | w.powisch at adcon.at | /'\_ _/`\ > +-------------------------------+ \___)=(___/ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From barjunk at attglobal.net Wed Jul 3 18:13:52 2002 From: barjunk at attglobal.net (barjunk) Date: 03 Jul 2002 15:13:52 -0800 Subject: [pptp-server] MPPE patches for the 2.4.18 kernel Message-ID: <1025738033.12446.14.camel@pantherlx.aidea.org> I saw the ones ofr 2.4.16, do these work for 2.4.18 as well? Mike From steve at netwaynetworks.com.au Wed Jul 3 18:27:38 2002 From: steve at netwaynetworks.com.au (Steven Evans) Date: Thu, 4 Jul 2002 09:27:38 +1000 Subject: [pptp-server] MPPE patches for the 2.4.18 kernel Message-ID: <118DC586DF4FD311948800A0247C044D01638FE8@NTSVR1> Good question. And where can one aquire these patches as well? Cheers, Steve -----Original Message----- From: barjunk [mailto:barjunk at attglobal.net] Sent: Thursday, 4 July 2002 9:14 AM To: pptp Subject: [pptp-server] MPPE patches for the 2.4.18 kernel I saw the ones ofr 2.4.16, do these work for 2.4.18 as well? Mike _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From MJBarsalou at attglobal.net Thu Jul 4 00:35:37 2002 From: MJBarsalou at attglobal.net (Barsalou) Date: Thu, 4 Jul 2002 00:35:37 -9:00 Subject: [pptp-server] MPPE patches for the 2.4.18 kernel In-Reply-To: <118DC586DF4FD311948800A0247C044D01638FE8@NTSVR1> Message-ID: <3D239859.15787.342DD8D@localhost> Steve, The patches are on the sourceforge site. When you go to the patches area you have to change the search criteria so it displays any instead of open. Mike From: Steven Evans To: "'barjunk'" , pptp Subject: RE: [pptp-server] MPPE patches for the 2.4.18 kernel Date sent: Thu, 4 Jul 2002 09:27:38 +1000 Good question. And where can one aquire these patches as well? Cheers, Steve -----Original Message----- From: barjunk [mailto:barjunk at attglobal.net] Sent: Thursday, 4 July 2002 9:14 AM To: pptp Subject: [pptp-server] MPPE patches for the 2.4.18 kernel I saw the ones ofr 2.4.16, do these work for 2.4.18 as well? Mike _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From r.devroede at linvision.com Thu Jul 4 04:44:28 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 04 Jul 2002 11:44:28 +0200 Subject: [pptp-server] MPPE patches for the 2.4.18 kernel In-Reply-To: <3D239859.15787.342DD8D@localhost> References: <3D239859.15787.342DD8D@localhost> Message-ID: <1025775868.1808.43.camel@richard> All patches are indeed on Sourceforge. You have to set status to Closed (patches which work) and Category to Any (pptpd, ppp, and kernel) And yes, the 2.4.16 kernelpatch works on 2.4.18 Regards, Richard Poptop Project Admin On Thu, 2002-07-04 at 02:44, Barsalou wrote: > Steve, > > The patches are on the sourceforge site. When you go to the patches area > you have to change the search criteria so it displays any instead of open. > > Mike > > From: Steven Evans > To: "'barjunk'" , > pptp > > Subject: RE: [pptp-server] MPPE patches for the 2.4.18 kernel > Date sent: Thu, 4 Jul 2002 09:27:38 +1000 > > Good question. And where can one aquire these patches as well? > > Cheers, > Steve > > -----Original Message----- > From: barjunk [mailto:barjunk at attglobal.net] > Sent: Thursday, 4 July 2002 9:14 AM > To: pptp > Subject: [pptp-server] MPPE patches for the 2.4.18 kernel > > > I saw the ones ofr 2.4.16, do these work for 2.4.18 as well? > > Mike > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From r.devroede at linvision.com Thu Jul 4 06:59:48 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 04 Jul 2002 13:59:48 +0200 Subject: [pptp-server] Multiple VPN . In-Reply-To: <001401c22339$ea030650$0101a8c0@carlosa> References: <001401c22339$ea030650$0101a8c0@carlosa> Message-ID: <1025783990.1808.50.camel@richard> checkout the documentation at https://sourceforge.net/docman/?group_id=44827 Regards, Richard Poptop Project Admin On Thu, 2002-07-04 at 11:05, Carlos Arnt wrote: > Hi , > > Could someone explain how can i do this : > > At one side have a 2.4.18 kernel with mppe and poptop. > Running very well , with some Win2000 and XP clients . > > Now the boss want to put some Masq machines to comunicate with this poptop server . > > Then i think in this way : > > The server continues with his true IP 200.222.x.x etc > I put a Linux PPTP client in the other hand using a cable connection. > > Then the cliente connect to the server and receive a ip something like . > > 192.168.1.40 > > I put this client linux to be my gateway and put all others machines to comunicate with that . > > In the server side all my pc's have the same 192.168.1.x ( 1 to 35) > > And in the client 192.168.1.42-200 > > My question is the machines in both sides can talk together ? > > Can someone have a dummy how to pptp in linux !! > > Thanks for helping . > > Just for explain better in one side (server side) have a network with 30 pc's . and in the other (client side) have 40 pc's . > I need over this vpn communicate all this mess =). > > > > > Carlos Arnt > -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From Sebastien.Georget at sophia.inria.fr Thu Jul 4 07:07:57 2002 From: Sebastien.Georget at sophia.inria.fr (Sebastien Georget) Date: Thu, 04 Jul 2002 14:07:57 +0200 Subject: [pptp-server] user authentification Message-ID: <3D243A9D.4010800@sophia.inria.fr> Hi, I've installed poptop which is running but I'd like to use a NIS database to authentificate the users. Does anybody has a such installation or a good starting point ? I've seen that pppd can use PAM but it seems to work only with PAP (I use CHAP-MSv2), I'm also interested in a good faq on that point. thx PS. no, english is not my mother language :) From Remi at Cohen-Scali.com Thu Jul 4 08:45:24 2002 From: Remi at Cohen-Scali.com (=?ISO-8859-1?Q?R=E9mi_Cohen-Scali?=) Date: Thu, 04 Jul 2002 15:45:24 +0200 Subject: [pptp-server] Masquarading clients - linux 2.4 References: Message-ID: <3D245174.6070900@Cohen-Scali.com> Joey Coco wrote: >Hello, > >Does the linux kernel still need patches to masquarade client connections >properly? We're running 2.4.18 on all our firewalls, and it appears the >gre tunnels aren't establishing correctly.. I was under the impression >that 2.4 by default worked, but I couldn't find any reference to iptables >in the poptop faq.. ?? > their is also a userspace pptp proxy that handles all magic needed to masquerade pptp. Search pptpproxy on freshmeat.net > >Thanks! > >-- Joe > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- > > > -- [Photo] Remi Cohen-Scali -o) /\\ _\_v ---- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3385 bytes Desc: S/MIME Cryptographic Signature URL: From r.devroede at linvision.com Thu Jul 4 10:56:59 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 04 Jul 2002 17:56:59 +0200 Subject: [pptp-server] ppp-mppe-2.4.1-5 RPM released Message-ID: <1025798220.2287.64.camel@richard> Changes: ppp-mppe-2.4.1-4 --> ppp-mppe-2.4.1-5 ---------------------------------------------------------------------------- * Thu Jul 04 2002 Richard de Vroede - Fixed libsmbpw. It was in the package, but not in the filelist - Fixed conflict with original ppp rpm ---------------------------------------------------------------------------- Regards, Richard -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From carnt at intellissence.com.br Fri Jul 5 16:09:25 2002 From: carnt at intellissence.com.br (Carlos Arnt) Date: Fri, 5 Jul 2002 14:09:25 -0700 Subject: [pptp-server] Routes. References: <001401c22339$ea030650$0101a8c0@carlosa> <1025783990.1808.50.camel@richard> Message-ID: <001601c22468$3ecbaf50$0101a8c0@carlosa> Help . This is the scenario . PPTPD Server . Eth0 cable modem . Ie. 200.215.128.1 Eth1 Internal net . Ie 192.168.1.1 Machines at : 192.168.1.14, 192.168.1.15 (gw 192.168.1.1) Mask 255.255.255.0 -- PPtpd.conf Internal 192.168.1.1 external 192.168.1.5-10 ------------------------------------ PPTP Client eth0 192.168.2.1 Machines: 192.168.2.2 , 192.168.2.3 mask 255.255.255.0 - ppp0 (Modem conection) Ie. 200.222.10.5 ppp1 (VPN) Ie. 192.168.1.5 ------------------------------------- Mask 255.255.255.0 ------------------------------------- How then can my network in the client side 192.168.2.x talk with the VPNServer side and communicate with the others machines in the 192.168.1.x !!?? I need all talk and communicate .. Bidiretional way. Can someone help-me with the routes please !!! Thanks . Carlos. From fabio at ipway.com.br Thu Jul 4 12:51:34 2002 From: fabio at ipway.com.br (Fabio Oliveira) Date: Thu, 4 Jul 2002 14:51:34 -0300 Subject: RES: [pptp-server] Routes. In-Reply-To: <001601c22468$3ecbaf50$0101a8c0@carlosa> Message-ID: Carlos, You need declare in your remote gateway PPTP Client (192.168.2.1) one route to network 192.168.1.0/24 via 192.168.1.1. (Of course you need have any capacity of routing in that machine, like Windows NT - 2000, Linux, or even W98-Me with tcp/ip stack third party) /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 For a better management/control I think you should change the VPN range in pptpd.conf, that can to avoid some confusing in the future. Example: PPtpd.conf Internal 192.168.1.200 external 192.168.1.205-10 With that the command would be: /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.200 Verify also at VPN server if the packet forwarding is enabled. Good luck!!! Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br (o- (o- (o- (o- (o- //\ //\ //\ //\ //\ V_/_ V_/_ V_/_ V_/_ V_/_ Live with freedom, choice Linux -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Carlos Arnt Enviada em: sexta-feira, 5 de julho de 2002 18:09 Para: pptp-server at lists.schulte.org Assunto: [pptp-server] Routes. Help . This is the scenario . PPTPD Server . Eth0 cable modem . Ie. 200.215.128.1 Eth1 Internal net . Ie 192.168.1.1 Machines at : 192.168.1.14, 192.168.1.15 (gw 192.168.1.1) Mask 255.255.255.0 -- PPtpd.conf Internal 192.168.1.1 external 192.168.1.5-10 ------------------------------------ PPTP Client eth0 192.168.2.1 Machines: 192.168.2.2 , 192.168.2.3 mask 255.255.255.0 - ppp0 (Modem conection) Ie. 200.222.10.5 ppp1 (VPN) Ie. 192.168.1.5 ------------------------------------- Mask 255.255.255.0 ------------------------------------- How then can my network in the client side 192.168.2.x talk with the VPNServer side and communicate with the others machines in the 192.168.1.x !!?? I need all talk and communicate .. Bidiretional way. Can someone help-me with the routes please !!! Thanks . Carlos. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From fcusack at fcusack.com Thu Jul 4 17:59:11 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Thu, 4 Jul 2002 15:59:11 -0700 Subject: [pptp-server] user authentification In-Reply-To: <3D243A9D.4010800@sophia.inria.fr>; from Sebastien.Georget@sophia.inria.fr on Thu, Jul 04, 2002 at 02:07:57PM +0200 References: <3D243A9D.4010800@sophia.inria.fr> Message-ID: <20020704155911.B12925@google.com> On Thu, Jul 04, 2002 at 02:07:57PM +0200, Sebastien Georget wrote: > Hi, > > I've installed poptop which is running but I'd like to use a NIS > database to authentificate the users. > Does anybody has a such installation or a good starting point ? > I've seen that pppd can use PAM but it seems to work only with PAP (I > use CHAP-MSv2), I'm also interested in a good faq on that point. You can't use CHAP (or MS-CHAP) without access to plaintext passwords. NIS does not provide that, so it's impossible. /fc From r.devroede at linvision.com Fri Jul 5 06:32:52 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 05 Jul 2002 13:32:52 +0200 Subject: [pptp-server] user authentification In-Reply-To: <20020704155911.B12925@google.com> References: <3D243A9D.4010800@sophia.inria.fr> <20020704155911.B12925@google.com> Message-ID: <1025868773.1756.17.camel@richard> It should be possible, but it would imply patching ppp authentication, much like the patch for smb-auth (which is also non-plaintext). So you would have to rip the authentication mechanism out of a NIS-library and patch it into ppp, or something like that. Maybe there is an unofficial patch out the. Google is your friend. Regards, Richard > On Thu, Jul 04, 2002 at 02:07:57PM +0200, Sebastien Georget wrote: > > Hi, > > > > I've installed poptop which is running but I'd like to use a NIS > > database to authentificate the users. > > Does anybody has a such installation or a good starting point ? > > I've seen that pppd can use PAM but it seems to work only with PAP (I > > use CHAP-MSv2), I'm also interested in a good faq on that point. > > You can't use CHAP (or MS-CHAP) without access to plaintext passwords. > NIS does not provide that, so it's impossible. > > /fc > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From fcusack at fcusack.com Fri Jul 5 12:53:38 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Fri, 5 Jul 2002 10:53:38 -0700 Subject: [pptp-server] user authentification In-Reply-To: <1025868773.1756.17.camel@richard>; from r.devroede@linvision.com on Fri, Jul 05, 2002 at 01:32:52PM +0200 References: <3D243A9D.4010800@sophia.inria.fr> <20020704155911.B12925@google.com> <1025868773.1756.17.camel@richard> Message-ID: <20020705105338.D13792@google.com> On Fri, Jul 05, 2002 at 01:32:52PM +0200, R. de Vroede wrote: > It should be possible, but it would imply patching ppp authentication, > much like the patch for smb-auth (which is also non-plaintext). smb passwords are plaintext equivalent. /fc From mkirk at sonic.net Mon Jul 8 02:23:30 2002 From: mkirk at sonic.net (Matt Kirk) Date: Mon, 8 Jul 2002 00:23:30 -0700 Subject: [pptp-server] PPTP mppe woes Message-ID: I am having a problem passing traffic to a pptp server (Watchguard Firebox). I can connect fine, but as soon as the first packet tries to go across the connection I get no gre response from the server. I have included the log file, an lsmod, a tcpdump and top info. I wasn't able to find ppp_mppe.o anywhere but mppe.o is loaded... What am I doing wrong? -- lsmod [root at egg ppp-2.4.1]# lsmod Module Size Used by Tainted: P mppe 24992 0 (autoclean) ppp_async 7488 0 (autoclean) ppp_generic 17608 0 [mppe ppp_async] slhc 5880 0 [ppp_generic] tulip 39200 1 -- Start and end info from log file [root at egg ppp-2.4.1]# /opt/src/pptp-linux-1.1.0-1/pptp-command start Jul 7 12:08:16 egg pptp[23708]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:580]: Client connection established. Jul 7 12:08:17 egg pptp[23708]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:707]: Outgoing call established (call ID 0, peer's call ID 1). Jul 7 12:08:17 egg pppd[23710]: pppd 2.4.1 started by root, uid 0 Jul 7 12:08:17 egg pppd[23710]: Using interface ppp0 Jul 7 12:08:17 egg pppd[23710]: Connect: ppp0 <--> /dev/pts/5 Jul 7 12:08:20 egg pppd[23710]: Remote message: S=2aa343c8173d023bd125398d093cea3b71387705 Jul 7 12:08:21 egg pppd[23710]: MPPE 128 bit, stateless compression enabled Jul 7 12:08:21 egg pppd[23710]: local IP address 208.204.117.91 Jul 7 12:08:21 egg pppd[23710]: remote IP address 208.204.117.119 Route: add -net 209.204.177.0/25 dev ppp0 added All routes added. Tunnel Sonic.net-VPN is active on ppp0. IP Address: 208.204.117.91 Installed /etc/resolv.conf.pptp as /etc/resolv.conf [root at egg ppp-2.4.1]# Jul 7 12:08:56 egg kernel: device ppp0 entered promiscuous mode Jul 7 12:10:17 egg pptp[23708]: log[pptp_conn_close:pptp_ctrl.c:307]: Closing PPTP connection Jul 7 12:10:17 egg pptp[23708]: log[call_callback:pptp_callmgr.c:88]: Closing connection Jul 7 12:10:19 egg pppd[23710]: Hangup (SIGHUP) Jul 7 12:10:19 egg pppd[23710]: Modem hangup Jul 7 12:10:19 egg pppd[23710]: Connection terminated. Jul 7 12:10:19 egg pppd[23710]: Connect time 2.1 minutes. Jul 7 12:10:19 egg pppd[23710]: Sent 310494120 bytes, received 70 bytes. Jul 7 12:10:19 egg kernel: device ppp0 left promiscuous mode Jul 7 12:10:19 egg kernel: device ppp0 entered promiscuous mode Jul 7 12:10:19 egg pppd[23710]: Exit. This is not right: Sent 310494120 bytes, received 70 bytes. It is always 2.1 minutes. ---tcpdump results after first ping packet is sent. 12:09:17.193992 208.204.159.47.33909 > 208.204.117.119.1723: P 2373538781:237353 8797(16) ack 3196192242 win 5840: pptp CTRL_MSGTYPE=ECHORQ [|pptp] (DF) 12:09:17.194137 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:13 ppp: (DF) 12:09:17.194181 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:14 ppp: (DF) 12:09:17.194219 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:15 ppp: (DF) 12:09:17.194260 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:16 ppp: (DF) 12:09:17.194304 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:17 ppp: (DF) 12:09:17.194350 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:18 ppp: (DF) 12:09:17.194397 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:19 ppp: (DF) 12:09:17.194452 208.204.159.47 > 208.204.117.119: (frag 33673:28 at 312) 12:09:17.194477 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:20 ppp: (frag 33673:312 at 0+) 12:09:17.194521 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:21 ppp: (DF) 12:09:17.194555 208.204.159.47 > 208.204.117.119: (frag 33674:38 at 312) 12:09:17.194579 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:22 ppp: ... This continues until the connection is dropped. While the above is happening, pptp uses the CPU like mad (not supprising). PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 23706 root 15 0 488 488 428 R 98.1 0.0 0:25 pptp 23725 root 9 0 2392 2392 1640 S 0.9 0.4 0:00 vim 1078 root 10 0 98.9M 34M 2756 R 0.3 6.8 114:02 X 23602 root 11 0 1052 1052 836 R 0.3 0.2 0:02 top 1 root 8 0 480 480 420 S 0.0 0.0 0:04 init 2 root 9 0 0 0 0 SW 0.0 0.0 0:00 keventd 3 root 19 19 0 0 0 RWN 0.0 0.0 0:00 ksoftirqd_CPU0 4 root 9 0 0 0 0 SW 0.0 0.0 0:00 kswapd 5 root 9 0 0 0 0 SW 0.0 0.0 0:00 bdflush 6 root 9 0 0 0 0 SW 0.0 0.0 0:06 kupdated 7 root 9 0 0 0 0 SW 0.0 0.0 0:00 khubd 8 root 9 0 0 0 0 SW 0.0 0.0 0:29 kjournald 135 root 9 0 0 0 0 SW 0.0 0.0 0:00 kjournald 136 root 9 0 0 0 0 SW 0.0 0.0 0:09 kjournald -- Matt Kirk - mkirk at sonic.net Fingerprint = 4B8F 0AB9 63B2 A782 5E46 52C1 79D5 D2F6 A7F8 6F5E From neale at lowendale.com.au Mon Jul 8 03:26:43 2002 From: neale at lowendale.com.au (Neale Banks) Date: Mon, 8 Jul 2002 18:26:43 +1000 (EST) Subject: [pptp-server] Debian woody ppp-mppe source packages Message-ID: Greetings, FWIW, I've put the Debian source-package files from my attempt to integrate mppe into woody's current ppp package. The files are at: http://www.planet.net.au/~neale/crypto/testing/ "test and/or use at your own risk" and please tell me if you find any problems etc. Regards, Neale. From jvonau at shaw.ca Mon Jul 8 08:15:19 2002 From: jvonau at shaw.ca (Jerry Vonau) Date: Mon, 08 Jul 2002 08:15:19 -0500 Subject: [pptp-server] PPTP mppe woes Message-ID: <01C22657.995526E0.jvonau@shaw.ca> Matt: Looks like pppd is trying to do call back. Can you add 'debug' to the options file, and capture the " ipcp handshake". What is the client? Is callback turned on in the client? root at egg ppp-2.4.1]# Jul 7 12:08:56 egg kernel: device ppp0 entered promiscuous mode Jul 7 12:10:17 egg pptp[23708]: log[pptp_conn_close:pptp_ctrl.c:307]: Closing PPTP connection Jul 7 12:10:17 egg pptp[23708]: log[call_callback:pptp_callmgr.c:88]: Closing connection Jerry Vonau -----Original Message----- From: Matt Kirk [SMTP:mkirk at sonic.net] Sent: Monday, July 08, 2002 02:24 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] PPTP mppe woes I am having a problem passing traffic to a pptp server (Watchguard Firebox). I can connect fine, but as soon as the first packet tries to go across the connection I get no gre response from the server. I have included the log file, an lsmod, a tcpdump and top info. I wasn't able to find ppp_mppe.o anywhere but mppe.o is loaded... What am I doing wrong? -- lsmod [root at egg ppp-2.4.1]# lsmod Module Size Used by Tainted: P mppe 24992 0 (autoclean) ppp_async 7488 0 (autoclean) ppp_generic 17608 0 [mppe ppp_async] slhc 5880 0 [ppp_generic] tulip 39200 1 -- Start and end info from log file [root at egg ppp-2.4.1]# /opt/src/pptp-linux-1.1.0-1/pptp-command start Jul 7 12:08:16 egg pptp[23708]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:580]: Client connection established. Jul 7 12:08:17 egg pptp[23708]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:707]: Outgoing call established (call ID 0, peer's call ID 1). Jul 7 12:08:17 egg pppd[23710]: pppd 2.4.1 started by root, uid 0 Jul 7 12:08:17 egg pppd[23710]: Using interface ppp0 Jul 7 12:08:17 egg pppd[23710]: Connect: ppp0 <--> /dev/pts/5 Jul 7 12:08:20 egg pppd[23710]: Remote message: S=2aa343c8173d023bd125398d093cea3b71387705 Jul 7 12:08:21 egg pppd[23710]: MPPE 128 bit, stateless compression enabled Jul 7 12:08:21 egg pppd[23710]: local IP address 208.204.117.91 Jul 7 12:08:21 egg pppd[23710]: remote IP address 208.204.117.119 Route: add -net 209.204.177.0/25 dev ppp0 added All routes added. Tunnel Sonic.net-VPN is active on ppp0. IP Address: 208.204.117.91 Installed /etc/resolv.conf.pptp as /etc/resolv.conf [root at egg ppp-2.4.1]# Jul 7 12:08:56 egg kernel: device ppp0 entered promiscuous mode Jul 7 12:10:17 egg pptp[23708]: log[pptp_conn_close:pptp_ctrl.c:307]: Closing PPTP connection Jul 7 12:10:17 egg pptp[23708]: log[call_callback:pptp_callmgr.c:88]: Closing connection Jul 7 12:10:19 egg pppd[23710]: Hangup (SIGHUP) Jul 7 12:10:19 egg pppd[23710]: Modem hangup Jul 7 12:10:19 egg pppd[23710]: Connection terminated. Jul 7 12:10:19 egg pppd[23710]: Connect time 2.1 minutes. Jul 7 12:10:19 egg pppd[23710]: Sent 310494120 bytes, received 70 bytes. Jul 7 12:10:19 egg kernel: device ppp0 left promiscuous mode Jul 7 12:10:19 egg kernel: device ppp0 entered promiscuous mode Jul 7 12:10:19 egg pppd[23710]: Exit. This is not right: Sent 310494120 bytes, received 70 bytes. It is always 2.1 minutes. ---tcpdump results after first ping packet is sent. 12:09:17.193992 208.204.159.47.33909 > 208.204.117.119.1723: P 2373538781:237353 8797(16) ack 3196192242 win 5840: pptp CTRL_MSGTYPE=ECHORQ [|pptp] (DF) 12:09:17.194137 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:13 ppp: (DF) 12:09:17.194181 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:14 ppp: (DF) 12:09:17.194219 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:15 ppp: (DF) 12:09:17.194260 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:16 ppp: (DF) 12:09:17.194304 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:17 ppp: (DF) 12:09:17.194350 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:18 ppp: (DF) 12:09:17.194397 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:19 ppp: (DF) 12:09:17.194452 208.204.159.47 > 208.204.117.119: (frag 33673:28 at 312) 12:09:17.194477 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:20 ppp: (frag 33673:312 at 0+) 12:09:17.194521 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:21 ppp: (DF) 12:09:17.194555 208.204.159.47 > 208.204.117.119: (frag 33674:38 at 312) 12:09:17.194579 208.204.159.47 > 208.204.117.119: gre [KSv1] ID:0001 S:22 ppp: ... This continues until the connection is dropped. While the above is happening, pptp uses the CPU like mad (not supprising). PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 23706 root 15 0 488 488 428 R 98.1 0.0 0:25 pptp 23725 root 9 0 2392 2392 1640 S 0.9 0.4 0:00 vim 1078 root 10 0 98.9M 34M 2756 R 0.3 6.8 114:02 X 23602 root 11 0 1052 1052 836 R 0.3 0.2 0:02 top 1 root 8 0 480 480 420 S 0.0 0.0 0:04 init 2 root 9 0 0 0 0 SW 0.0 0.0 0:00 keventd 3 root 19 19 0 0 0 RWN 0.0 0.0 0:00 ksoftirqd_CPU0 4 root 9 0 0 0 0 SW 0.0 0.0 0:00 kswapd 5 root 9 0 0 0 0 SW 0.0 0.0 0:00 bdflush 6 root 9 0 0 0 0 SW 0.0 0.0 0:06 kupdated 7 root 9 0 0 0 0 SW 0.0 0.0 0:00 khubd 8 root 9 0 0 0 0 SW 0.0 0.0 0:29 kjournald 135 root 9 0 0 0 0 SW 0.0 0.0 0:00 kjournald 136 root 9 0 0 0 0 SW 0.0 0.0 0:09 kjournald -- Matt Kirk - mkirk at sonic.net Fingerprint = 4B8F 0AB9 63B2 A782 5E46 52C1 79D5 D2F6 A7F8 6F5E _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From chandan.amin at philips.com Tue Jul 9 03:45:45 2002 From: chandan.amin at philips.com (chandan.amin at philips.com) Date: Tue, 9 Jul 2002 14:15:45 +0530 Subject: [pptp-server] pptp client config Message-ID: hi, i have a doubt in the linux implementation of pptp, can we configure dail on demand with pptp. If can which is the file to be edited, thanking you, Regards Chandan Amin Philips Components Email:chandan.amin at philips.com From postmaster at crazywebbys.com Tue Jul 9 04:28:32 2002 From: postmaster at crazywebbys.com (postmaster at crazywebbys.com) Date: Tue, 09 Jul 2002 05:28:32 -0400 Subject: [pptp-server] MDaemon Warning - Virus Found Message-ID: The following message had attachment(s) which contained viruses: From p.conti at praticx.it Tue Jul 9 09:27:34 2002 From: p.conti at praticx.it (Pierluigi Conti) Date: Tue, 9 Jul 2002 16:27:34 +0200 Subject: [pptp-server] I have a problem with multi user policies Message-ID: Hello to all the ml. I'm having a problem with my pptpd server. I'm using pptpd v 1.0.1 on red hat 7.1 with ppp 2.4 ecnrypted, kernel 2.4.16 encrypted. So when only one client try to log in and ping some machines it goes, but when ohter users from the same ip try to get in, the connection goes, but when he tries to ping some machine it don't work. I'd like to know if there are some options in pptpd.conf or options of ppp that allow this... Or, as I seen in your FAQ, how can I increase this limit? Here you are my confs: pptpd.conf: #PPTPD conf file, presente in /etc #PPTPD CONFIGURATION speed 115200 debug localip 192.168.101.199-220 remoteip 192.168.100.199-220 pidfile /var/run/pptpd.pid chap-secrets #CHAP SECRET, utenti vpn, presente in /etc/ppp # Secrets for authentication using CHAP # client server secret IP addresses sergio redhat password 192.168.100.210 ppp options: #ppp options, file presente in /etc/ppp lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp require-chap name redhat Thank you very much. From richard at nairnconsulting.ca Tue Jul 9 11:24:10 2002 From: richard at nairnconsulting.ca (richard at nairnconsulting.ca) Date: Tue, 9 Jul 2002 10:24:10 -0600 Subject: [pptp-server] Multiple users coming in on VPN Message-ID: <20020709102410.F9515@taurus.nairnconsulting.ca> Hi All, I have not been successful with getting pptpd on Redhat 7.2 yet, so I was trying to port forward to a windows machine inside the network. I have 1723 and GRE being forwarded in and it seems to work. The only problem is it only lets one user come in. Is there any solution to this? -- | Richard Nairn Specializing in Linux | Nairn Consulting Web / Database Solutions | Calgary, AB | Richard at NairnConsulting.ca From doc at nettech.net Tue Jul 9 17:05:20 2002 From: doc at nettech.net (Christopher Aedo) Date: Tue, 09 Jul 2002 15:05:20 -0700 Subject: [pptp-server] I have a problem with multi user policies References: Message-ID: <3D2B5E20.9040907@nettech.net> Pierluigi, seems like you're really close to a working config. In your pptpd.conf file, try using these two lines instead of what you currently have: localip 192.168.101.199 remoteip 192.168.100.200-220 You might need to have ppp.conf (I believe, I am doing this with bsd, but I think things should act the same on linux) serve out the matching addresses as well. With this setup, your VPN host would listen to 192.168.101.199 for connection requests. It would give the first client 192.168.100.200 for its IP address, and that client should list 192.168.101.199 as its gateway to the internal network. The next client to connect concurrently should get 192.168.100.201, etc. Good luck! -Christopher Pierluigi Conti wrote: >Hello to all the ml. >I'm having a problem with my pptpd server. >I'm using pptpd v 1.0.1 on red hat 7.1 with ppp 2.4 ecnrypted, kernel 2.4.16 >encrypted. >So when only one client try to log in and ping some machines it goes, but >when ohter users from the same ip try to get in, the connection goes, but >when he tries to ping some machine it don't work. >I'd like to know if there are some options in pptpd.conf or options of ppp >that allow this... >Or, as I seen in your FAQ, how can I increase this limit? > >Here you are my confs: > > > > > >pptpd.conf: >#PPTPD conf file, presente in /etc >#PPTPD CONFIGURATION >speed 115200 >debug >localip 192.168.101.199-220 >remoteip 192.168.100.199-220 >pidfile /var/run/pptpd.pid > > >chap-secrets >#CHAP SECRET, utenti vpn, presente in /etc/ppp ># Secrets for authentication using CHAP ># client server secret IP addresses >sergio redhat password 192.168.100.210 > > >ppp options: >#ppp options, file presente in /etc/ppp >lock >debug >auth >+chap >+chapms >+chapms-v2 >mppe-40 >mppe-128 >mppe-stateless >proxyarp >require-chap >name redhat > > > >Thank you very much. > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- > > From matt at tempo.com.au Wed Jul 10 00:13:49 2002 From: matt at tempo.com.au (Matthew Gavin) Date: Wed, 10 Jul 2002 15:13:49 +1000 Subject: [pptp-server] HELP pptpd shat itself. Message-ID: Without going into too much detail, we yesterday had one of our Techs run: # rpm -Uvh pptpd-1.1.3-1.rpm This was apparently downloaded from http://sourceforge.net/projects/poptop/ The above command did not affect pptpd until we restarted the server this morning for an unrelated issue. We had a perfectly working PoPToP version 1.0.0 before this. Now when I try to connect to the VPN, all I am seeing in /var/log/messages is: pptpd[7136]: CTRL: Client 63.xx.xx.xx control connection started pptpd[7136]: CTRL: Starting call (launching pppd, opening GRE) pptpd[7136]: GRE: read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = Input/output error pptpd[7136]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) pptpd[7136]: CTRL: Client 63.xx.xx.xx control connection finished Specs on the Server: OS: Red Hat 7.1 Kernel: 2.4.2-3 #1 SMP PPP: ppp-2.4.0-3mpp Does anyone have a quick answer, I have not been following pptpd for months and have no idea where to start... I have users screaming at me! Tia, M@ From matt at tempo.com.au Wed Jul 10 01:24:10 2002 From: matt at tempo.com.au (Matthew Gavin) Date: Wed, 10 Jul 2002 16:24:10 +1000 Subject: [pptp-server] HELP pptpd shat itself. In-Reply-To: Message-ID: > Without going into too much detail, we yesterday had one of our Techs run: > > # rpm -Uvh pptpd-1.1.3-1.rpm > > This was apparently downloaded from http://sourceforge.net/projects/poptop/ > > The above command did not affect pptpd until we restarted the server this morning for an > unrelated issue. We had a perfectly working PoPToP version 1.0.0 before this. Ok further to my above frantic email, I found that PPPD was not running correctly. All is ok, for now... M@ From Administrator at josims.com Wed Jul 10 02:40:43 2002 From: Administrator at josims.com (Andrew Lyon) Date: Wed, 10 Jul 2002 08:40:43 +0100 Subject: [pptp-server] HELP pptpd shat itself. Message-ID: <592F914D209FD942908826DFF2277A2DE902@COMMSSERVER> I also had this problem (messages.2:Jun 26 14:40:59 Gateway pptpd[3384]: GRE: read(fd=5,buffer=804d940,len=8196) from PTY failed: status = -1 error = Input/output error) when using the pppd rpm (ppp-mppe-2.4.1-4.i386.rpm) from http://sourceforge.net/projects/poptop/, I went back to a pppd rpm I found elsewhere (ppp-2.4.1-3mppe.i386.rpm) and it works ok again now, I notice the latest pppd rpm on sourceforge page is now ppp-mppe-2.4.1-5.i386.rpm (notice the -5) , perhaps that version fixes the problem? How did you fix it ? Andy -----Original Message----- From: Matthew Gavin [mailto:matt at tempo.com.au] Sent: 10 July 2002 07:24 To: PPTPD User Group Subject: RE: [pptp-server] HELP pptpd shat itself. > Without going into too much detail, we yesterday had one of our Techs > run: > > # rpm -Uvh pptpd-1.1.3-1.rpm > > This was apparently downloaded from > http://sourceforge.net/projects/poptop/ > > The above command did not affect pptpd until we restarted the server > this morning for an unrelated issue. We had a perfectly working PoPToP > version 1.0.0 before this. Ok further to my above frantic email, I found that PPPD was not running correctly. All is ok, for now... M@ _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. From r.devroede at linvision.com Wed Jul 10 04:05:20 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 10 Jul 2002 11:05:20 +0200 Subject: [pptp-server] Multiple users coming in on VPN In-Reply-To: <20020709102410.F9515@taurus.nairnconsulting.ca> References: <20020709102410.F9515@taurus.nairnconsulting.ca> Message-ID: <1026291921.1742.9.camel@richard> I think it's a netfilter/GRE problem. Try this patch: http://netfilter.samba.org/documentation/pomlist/pom-extra.html#pptp-conntrack-nat Regards, Richard On Tue, 2002-07-09 at 18:24, richard at nairnconsulting.ca wrote: > Hi All, > > I have not been successful with getting pptpd on Redhat 7.2 yet, so I was > trying to port forward to a windows machine inside the network. I have > 1723 and GRE being forwarded in and it seems to work. The only problem is > it only lets one user come in. Is there any solution to this? > > > -- > | Richard Nairn Specializing in Linux > | Nairn Consulting Web / Database Solutions > | Calgary, AB > | Richard at NairnConsulting.ca > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From fernando at stts.com.br Wed Jul 10 16:09:06 2002 From: fernando at stts.com.br (=?iso-8859-1?Q?Lu=EDs_Fernando?=) Date: Wed, 10 Jul 2002 18:09:06 -0300 Subject: [pptp-server] Many clients using the same IP ???? Message-ID: <001001c22856$09fa6ae0$2de9abc8@LFS2K> Hi All. Is there any patch that would permit us to have many clients accessing a PPTP server using the same connection IP ? I know that there is a RFC saying this is not valid but even so, we need it ! Thanks in advance, Fernando. From matt at tempo.com.au Wed Jul 10 17:39:49 2002 From: matt at tempo.com.au (Matthew Gavin) Date: Thu, 11 Jul 2002 08:39:49 +1000 Subject: [pptp-server] HELP pptpd shat itself. In-Reply-To: <592F914D209FD942908826DFF2277A2DE902@COMMSSERVER> Message-ID: > I also had this problem (messages.2:Jun 26 14:40:59 Gateway pptpd[3384]: > GRE: read(fd=5,buffer=804d940,len=8196) from PTY failed: status = -1 error = > Input/output error) when using the pppd rpm (ppp-mppe-2.4.1-4.i386.rpm) from > http://sourceforge.net/projects/poptop/, I went back to a pppd rpm I found > elsewhere (ppp-2.4.1-3mppe.i386.rpm) and it works ok again now, I notice the > latest pppd rpm on sourceforge page is now ppp-mppe-2.4.1-5.i386.rpm (notice > the -5) , perhaps that version fixes the problem? How did you fix it ? > > Andy I tried a number of different ppp RPM's. The only one that worked for me was ppp-2.4.1-3mppe which is very simmilar to what you used... The new rpm at http://sourceforge.net/projects/poptop/ - ppp-mppe-2.4.1-5.i386.rpm did not work at all. From isamar at oaklawn.co.jp Thu Jul 11 20:12:32 2002 From: isamar at oaklawn.co.jp (Isamar Maia) Date: Fri, 12 Jul 2002 10:12:32 +0900 Subject: [pptp-server] Line drops out Message-ID: Hello, I already configured all the VPN(pptpd) stuff to receive remote Windows connections to my LAN. I can connect from my home and can ping to LAN (192.168.*) hosts from there. There problem is that the Windows VPN connection drops out when I try to transfer a big data flow(ftp, SQL, etc..) Ping and telnet works perfectly. I searched on Google to try to find out some reference about that, but no success. This PPTPD server is a Firewall too. Isamar Maia IT Team Oaklawn - Japan From steve at netwaynetworks.com.au Thu Jul 11 20:24:34 2002 From: steve at netwaynetworks.com.au (Steven Evans) Date: Fri, 12 Jul 2002 11:24:34 +1000 Subject: [pptp-server] Line drops out Message-ID: <118DC586DF4FD311948800A0247C044D0163901F@NTSVR1> inside your /etc/ppp/options.pptp, add: mru 1400 mtu 1400 Cheers, Steve -----Original Message----- From: Isamar Maia [mailto:isamar at oaklawn.co.jp] Sent: Friday, 12 July 2002 11:13 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Line drops out Hello, I already configured all the VPN(pptpd) stuff to receive remote Windows connections to my LAN. I can connect from my home and can ping to LAN (192.168.*) hosts from there. There problem is that the Windows VPN connection drops out when I try to transfer a big data flow(ftp, SQL, etc..) Ping and telnet works perfectly. I searched on Google to try to find out some reference about that, but no success. This PPTPD server is a Firewall too. Isamar Maia IT Team Oaklawn - Japan _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From isamar at oaklawn.co.jp Thu Jul 11 20:51:14 2002 From: isamar at oaklawn.co.jp (Isamar Maia) Date: Fri, 12 Jul 2002 10:51:14 +0900 Subject: [pptp-server] Line drops out In-Reply-To: <118DC586DF4FD311948800A0247C044D0163901F@NTSVR1> Message-ID: I did that change but the problems persists. Any thoughts? -----Original Message----- From: Steven Evans [mailto:steve at netwaynetworks.com.au] Sent: Friday, July 12, 2002 10:25 AM To: 'Isamar Maia' Cc: pptp-server at lists.schulte.org Subject: RE: [pptp-server] Line drops out inside your /etc/ppp/options.pptp, add: mru 1400 mtu 1400 Cheers, Steve -----Original Message----- From: Isamar Maia [mailto:isamar at oaklawn.co.jp] Sent: Friday, 12 July 2002 11:13 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Line drops out Hello, I already configured all the VPN(pptpd) stuff to receive remote Windows connections to my LAN. I can connect from my home and can ping to LAN (192.168.*) hosts from there. There problem is that the Windows VPN connection drops out when I try to transfer a big data flow(ftp, SQL, etc..) Ping and telnet works perfectly. I searched on Google to try to find out some reference about that, but no success. This PPTPD server is a Firewall too. Isamar Maia IT Team Oaklawn - Japan _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From r.devroede at linvision.com Fri Jul 12 11:16:59 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 12 Jul 2002 18:16:59 +0200 Subject: [pptp-server] New ppp-mppe RPM released Message-ID: <1026490621.1908.0.camel@richard> ppp-mppe-2.4.1-5 --> ppp-mppe-2.4.1-6 ---------------------------------------------------------------------------- * Fri Jul 12 2002 Richard de Vroede - Removed dependency for libsafe, which creaped in - replaces %config in specfile for %config(noreplace), so configfiles don't get overwritten anymore ---------------------------------------------------------------------------- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From sean at www.globalbizintros.ca Fri Jul 12 14:20:28 2002 From: sean at www.globalbizintros.ca (sean) Date: Fri, 12 Jul 2002 15:20:28 -0400 (EDT) Subject: [pptp-server] This is new to me Message-ID: <20020712192028.EB685198CD@globalbizintros.ca> I have installed pptpd server on a mandrake 8.2 system. Using a win2k client, I can't connect becuase it says the server did not assign an IP address. Logs show as follows: Jul 12 15:17:05 gate pptpd[2935]: CTRL: Starting call (launching pppd, opening GRE) Jul 12 15:17:05 gate pppd[2936]: pppd 2.4.1 started by root, uid 0 Jul 12 15:17:05 gate pppd[2936]: Using interface ppp0 Jul 12 15:17:05 gate pppd[2936]: Connect: ppp0 <--> /dev/pts/4 Jul 12 15:17:05 gate /etc/hotplug/net.agent: assuming ppp0 is already up Jul 12 15:17:08 gate pptpd[2935]: CTRL: Ignored a SET LINK INFO packet with real ACCM s! Jul 12 15:17:08 gate pptpd[2935]: CTRL: Ignored a SET LINK INFO packet with real ACCM s! Jul 12 15:17:08 gate pppd[2936]: LCP terminated by peer (:M-+_9^@ The part that is new to me is the line reading /etc/hotplug/net.agent: assuming ppp0 is already up. From r.devroede at linvision.com Sat Jul 13 06:24:38 2002 From: r.devroede at linvision.com (R. de Vroede) Date: Sat, 13 Jul 2002 13:24:38 +0200 Subject: [pptp-server] This is new to me In-Reply-To: <20020712192028.EB685198CD@globalbizintros.ca> Message-ID: <5.1.0.14.0.20020713131041.00ba6e38@ssl.hq.linvision.com> From the hotplug website: --------------------------------------------------------------------------------------------------------------------------------------- Starting with kernel 2.4 (in January 2001), hotplugging is a standard feature of GNU/Linux. Its goal is letting you plug in new devices and use them immediately. That means that users won't need to learn so much system administration; systems will at least partially autoconfigure themselves. Initially, hotplug included support for USB and PCI (Cardbus) devices, and could automatically configure some common network interfaces. Updated versions include IEEE 1394 (Firewire/i.Link) support and can download firmware to USB devices that need it. On mainframes, S/390 channel devices uses hotplugging to report device attach and other state change events. For laptops, newer kernels also include support for reporting docking station activity. Upcoming work will likely involve integration with other Linux subsystems such as input, pcmcia_cs, disk/storage (starting with SCSI), networking, printing, power management such as APM and ACPI, and more. Kernel 2.5 work will improve autoconfiguration support for Linux, likely including more unified support for stable device names and user mode device management tools. Basic hotplug support is included in current RedHat and Debian distributions of GNU/Linux. Newer SuSE distributions will be converting from "usbmgr" (for USB) to hotplugging. --------------------------------------------------------------------------------------------------------------------------------------- So it's not just for USB. Also from the website: --------------------------------------------------------------------------------------------------------------------------------------- Note that Linux does not currently have a unified model for initializing network devices. In particular, some interface types (such as Ethernet devices) are registered before they are configured, while others (such as PPP devices) effectively do it the other way around. This means that the network agent needs to avoid doing anything for PPP (and similar) style devices. Only name-based heuristics are available to distinguish these cases. --------------------------------------------------------------------------------------------------------------------------------------- Their website for more info on the subject: http://linux-hotplug.sourceforge.net/ Hope this helps you get on the way. Regards, Richard At 15:20 12-7-2002 -0400, sean wrote: >I have installed pptpd server on a mandrake 8.2 system. >Using a win2k client, I can't connect becuase it says the server did not >assign an IP address. > >Logs show as follows: > >Jul 12 15:17:05 gate pptpd[2935]: CTRL: Starting call (launching pppd, opening >GRE) >Jul 12 15:17:05 gate pppd[2936]: pppd 2.4.1 started by root, uid 0 >Jul 12 15:17:05 gate pppd[2936]: Using interface ppp0 >Jul 12 15:17:05 gate pppd[2936]: Connect: ppp0 <--> /dev/pts/4 >Jul 12 15:17:05 gate /etc/hotplug/net.agent: assuming ppp0 is already up >Jul 12 15:17:08 gate pptpd[2935]: CTRL: Ignored a SET LINK INFO packet with >real ACCM s! Jul 12 15:17:08 gate pptpd[2935]: CTRL: Ignored a SET LINK INFO >packet with real ACCM s! >Jul 12 15:17:08 gate pppd[2936]: LCP terminated by peer (:M-+_9^@ > >The part that is new to me is the line reading /etc/hotplug/net.agent: >assuming ppp0 is already up. > > From what I understand, the hotplug/net.agent is for managing USB > devices. Why >is it managing my ppp connections and why does it assume ppp0 is already up? > >Any help is appreciated. > >Thanks. > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- From sean at www.globalbizintros.ca Sat Jul 13 09:57:32 2002 From: sean at www.globalbizintros.ca (sean) Date: Sat, 13 Jul 2002 10:57:32 -0400 (EDT) Subject: [pptp-server] This is new to me Message-ID: <20020713145732.EF638198D0@globalbizintros.ca> That helps a lot in better understanding the hotplugging. Thank you. On the pptpd side, the problem has been solved. It seems the RPM provided with the Mandrake distribution is broken. Afetr downloading and compiling the source, it worked the first time. Again, I appreciate the information and support. > From the hotplug website: > --------------------------------------------------------------------------------------------------------------------------------------- > Starting with kernel 2.4 (in January 2001), hotplugging is a standard > feature of GNU/Linux. Its goal is letting you plug in new devices and use > them immediately. That means that users won't need to learn so much system > administration; systems will at least partially autoconfigure themselves. > Initially, hotplug included support for USB and PCI (Cardbus) devices, and > could automatically configure some common network interfaces. Updated > versions include IEEE 1394 (Firewire/i.Link) support and can download > firmware to USB devices that need it. On mainframes, S/390 channel devices > uses hotplugging to report device attach and other state change events. For > laptops, newer kernels also include support for reporting docking station > activity. > > Upcoming work will likely involve integration with other Linux subsystems > such as input, pcmcia_cs, disk/storage (starting with SCSI), networking, > printing, power management such as APM and ACPI, and more. Kernel 2.5 work > will improve autoconfiguration support for Linux, likely including more > unified support for stable device names and user mode device management tools. > > Basic hotplug support is included in current RedHat and Debian > distributions of GNU/Linux. Newer SuSE distributions will be converting > from "usbmgr" (for USB) to hotplugging. > --------------------------------------------------------------------------------------------------------------------------------------- > So it's not just for USB. > Also from the website: > --------------------------------------------------------------------------------------------------------------------------------------- > Note that Linux does not currently have a unified model for initializing > network devices. In particular, some interface types (such as Ethernet > devices) are registered before they are configured, while others (such as > PPP devices) effectively do it the other way around. This means that the > network agent needs to avoid doing anything for PPP (and similar) style > devices. Only name-based heuristics are available to distinguish these cases. > --------------------------------------------------------------------------------------------------------------------------------------- > > Their website for more info on the subject: > http://linux-hotplug.sourceforge.net/ > > Hope this helps you get on the way. > > Regards, > Richard > > At 15:20 12-7-2002 -0400, sean wrote: > >I have installed pptpd server on a mandrake 8.2 system. > >Using a win2k client, I can't connect becuase it says the server did not > >assign an IP address. > > > >Logs show as follows: > > > >Jul 12 15:17:05 gate pptpd[2935]: CTRL: Starting call (launching pppd, opening > >GRE) > >Jul 12 15:17:05 gate pppd[2936]: pppd 2.4.1 started by root, uid 0 > >Jul 12 15:17:05 gate pppd[2936]: Using interface ppp0 > >Jul 12 15:17:05 gate pppd[2936]: Connect: ppp0 <--> /dev/pts/4 > >Jul 12 15:17:05 gate /etc/hotplug/net.agent: assuming ppp0 is already up > >Jul 12 15:17:08 gate pptpd[2935]: CTRL: Ignored a SET LINK INFO packet with > >real ACCM s! Jul 12 15:17:08 gate pptpd[2935]: CTRL: Ignored a SET LINK INFO > >packet with real ACCM s! > >Jul 12 15:17:08 gate pppd[2936]: LCP terminated by peer (:M-+_9^@ > > > >The part that is new to me is the line reading /etc/hotplug/net.agent: > >assuming ppp0 is already up. > > > > From what I understand, the hotplug/net.agent is for managing USB > > devices. Why > >is it managing my ppp connections and why does it assume ppp0 is already up? > > > >Any help is appreciated. > > > >Thanks. > > > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >--- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From matt at tempo.com.au Sun Jul 14 16:59:24 2002 From: matt at tempo.com.au (Matthew Gavin) Date: Mon, 15 Jul 2002 07:59:24 +1000 Subject: [pptp-server] RE: [Poptop-server] New ppp-mppe RPM released In-Reply-To: <1026490621.1908.0.camel@richard> Message-ID: > ppp-mppe-2.4.1-5 --> ppp-mppe-2.4.1-6 > ---------------------------------------------------------------------------- > * Fri Jul 12 2002 Richard de Vroede > - Removed dependency for libsafe, which creaped in > - replaces %config in specfile for %config(noreplace), so configfiles > don't get overwritten anymore > ---------------------------------------------------------------------------- Thanx Richard! Your timing is impeccable. M@ From macaubas at br.inter.net Mon Jul 15 15:15:22 2002 From: macaubas at br.inter.net (Igor Maciel Macaubas) Date: Mon, 15 Jul 2002 17:15:22 -0300 Subject: [pptp-server] Problems with multi-pptpd sessions trought NAT - GRE error Message-ID: <002001c22c3c$5b52fb20$6400a8c0@igor> Hi all, I bought a DLink 604I, wich is a cable/xdsl router with "VPN (PPTP/IPsec) multi-session support". I'm doing some tests with it, and I can't make two connections work at the same time with it. Bellow is my network structure: ---------------------- | | | 192.168.1.100 | -----------| | | | ---------------------- | Computer 1 | ----------------------------- |------------------ | |-----------------| |---->| LAN: 192.168.1.1 | | | |192.100.254.6 | | WAN: 192.100.254.14 | ----------> | 192.100.254.6 | ---------> |-----------------| ---------------------- |-----> | | |-------------------| BOX 1 | | | ------------------------------ VPNServer | 192.168.1.101 |---------| DLink | | ---------------------- Computer 2 The objective of this session is get a valid address to the network 192.168.254.0 and access another server wich is located at 192.168.254.251 The dlink hardware has a 4-port fast switch built-in. We have two networks - 192.168.1.0 and 192.100.254.0. Without a tunnel, I can go from the Computer 1, pass trought the DLink and get to the BOX 1 server, using DLink's native NAT. Then I try to open a tunnel from Computer 1 to the VPNServer, passing trought the DLink hardware - and I get connected without problems. And I can reach the BOX 1, and access the webserver wich runs there. After that, I keep the Computer 1 connected, and go to Computer 2. Try to connect, and connect well. But after that, I can't access the network 192.100.254.0. It seems like I've never connected. At my VPN Server log files, I have tons of this message: Jul 15 16:32:01 vpn pptpd[31528]: GRE: Discarding out of order packet Jul 15 16:32:02 vpn pptpd[31359]: GRE: Discarding out of order packet Jul 15 16:32:02 vpn pptpd[31528]: GRE: Discarding out of order packet Jul 15 16:32:02 vpn pptpd[31359]: GRE: Discarding out of order packet Jul 15 16:32:02 vpn pptpd[31528]: GRE: Discarding out of order packet Jul 15 16:32:03 vpn pptpd[31359]: GRE: Discarding out of order packet Jul 15 16:32:03 vpn pptpd[31528]: GRE: Discarding out of order packet Jul 15 16:32:03 vpn pptpd[31359]: GRE: Discarding out of order packet Jul 15 16:32:03 vpn pptpd[31528]: GRE: Discarding out of order packet Jul 15 16:32:04 vpn pptpd[31359]: GRE: Discarding out of order packet Jul 15 16:32:04 vpn pptpd[31528]: GRE: Discarding out of order packet Jul 15 16:32:05 vpn pptpd[31359]: GRE: Discarding out of order packet Jul 15 16:32:05 vpn pptpd[31528]: GRE: Discarding out of order packet And I did another test: Connected Computer 1, and starting the download a heavy file (redhat 7.3 iso) from BOX 1. When I try to connect from Computer 2, I can't. I get an error message 'the remote port is not connected' and tons of the "GRE: Discarding out of order packet" messages at my log files. I read at http://www.linuxsecurity.com/resource_files/network_security/2.4_Kernel_PPTPD-HOWTO.txt about this problem, and I tryied to downsize the mru/mtu number in /etc/ppp/options file, but It didn't work. Bellow is the configuration of my server: Pentium III 1Ghz 256MB of RAM RedHat 7.2 Kernel 2.4.18 (original, no mppe pach applied). PPPd 2.4.2b1 PPTPd 1.0.1 / 1.1.3 (tested with both versions). The config files: /etc/ppp/options: lock debug auth require-pap refuse-chap proxyarp plugin radius.so /etc/pptpd.conf speed 115200 debug localip 192.100.254.6 remoteip 192.100.254.70-74 RADIUS auth working fine. Connection working fine. I'd like to know if the problem is with the PPTPd server (any problem with GRE or something like this was reported?), or if the problem is with my dlink router - wich says that support multiple sessions but in reallity it doesn't support. Anyone can help me? Regards, Igor -- macaubas at br.inter.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From macaubas at br.inter.net Mon Jul 15 15:59:25 2002 From: macaubas at br.inter.net (Igor Maciel Macaubas) Date: Mon, 15 Jul 2002 17:59:25 -0300 Subject: [pptp-server] Another implementation of PPTPd for Linux? Message-ID: <004201c22c42$8794e120$6400a8c0@igor> Hi there, I was walking around the internet, and found this "project". It seems to be another implementation of PPTPd server for Linux. Has anynone ever tasted it? It's real ? http://project.terminus.sk/wmpptpd/ Regards, Igor -- macaubas at br.inter.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From aleksey_poptop at yahoo.com Mon Jul 15 18:18:07 2002 From: aleksey_poptop at yahoo.com (aleksey zakharov) Date: Mon, 15 Jul 2002 16:18:07 -0700 (PDT) Subject: [pptp-server] PoPToP on Mandrake 8.2 Message-ID: <20020715231807.1333.qmail@web20210.mail.yahoo.com> I have sucessfully set up PPTPD on a RedHat 7.2 system. my setup uses a 128bit encryption with ChapV2 authentication. Also I pathced my PPP so that it uses a /etc/samba/smbpasswd file for user authentication as apposed to /etc/ppp/chapsecrets. The instructions i followed wore documented very well by Jason Marrow, http://jara.cc Although this setup was targeted to RedHat systems (and it works great on RH) I tried the setup on the Mandrake 8.2 distribution. Unfortunately the setup didn't go as smooth. In particular I had problems with PPP and smbpw-mppe-strpdom-requiremppe.diff patch. After i patched the PPP I wasn't able to make the PPP and thus install it. PPP would not install only if I apply the patch to it. I was wondering if anybody have any suggestions on how to fix this problem under Mandrake 8.2 distribution. Or is the patch only for RH? Thank you very much. Regards, Aleksey --------------------------------- Do You Yahoo!? Yahoo! Autos - Get free new car price quotes -------------- next part -------------- An HTML attachment was scrubbed... URL: From carnt at intellissence.com.br Wed Jul 17 10:51:50 2002 From: carnt at intellissence.com.br (Carlos Arnt) Date: Wed, 17 Jul 2002 12:51:50 -0300 Subject: [pptp-server] PPtpd-Ms-Chap- name variable used. References: <20020715231807.1333.qmail@web20210.mail.yahoo.com> Message-ID: <001001c22da9$ded529f0$0901a8c0@carlosa> Hi , Just one question , if you put pptpd to log over syslog , all his logs onto a file let say pptpd.log When one user connect and authenticate, his/her name appears . Like this : MSCHAP-v2 peer authentication succeeded for carlos How can i take this kind of varible that pptpd use and grab only the names ? I wanna put over my linux a Who's connected list . It's must be inserted and taked out every time that the user connect and disconnect . I think pptpd know but how then i pass this to my system ? Can someone help ? Thanks . Carlos. -------------- next part -------------- An HTML attachment was scrubbed... URL: From r.devroede at linvision.com Wed Jul 17 03:46:37 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 17 Jul 2002 10:46:37 +0200 Subject: [pptp-server] PPtpd-Ms-Chap- name variable used. In-Reply-To: <001001c22da9$ded529f0$0901a8c0@carlosa> References: <20020715231807.1333.qmail@web20210.mail.yahoo.com> <001001c22da9$ded529f0$0901a8c0@carlosa> Message-ID: <1026895598.1709.28.camel@richard> Checkout the Sourceforge site under the section Add-ons. There is a bash script and a perl script which analyze the logfile. They're based on /var/log/messages, but should be easy to change. Regards, Richard On Wed, 2002-07-17 at 17:51, Carlos Arnt wrote: > Hi , > > Just one question , if you put pptpd to log over syslog , all his logs onto a file let say pptpd.log > When one user connect and authenticate, his/her name appears . > > Like this : > > MSCHAP-v2 peer authentication succeeded for carlos > > How can i take this kind of varible that pptpd use and grab only the names ? I wanna put over my linux a Who's connected list . > > It's must be inserted and taked out every time that the user connect and disconnect . > I think pptpd know but how then i pass this to my system ? > > Can someone help ? > > Thanks . > > Carlos. > -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From Administrator at josims.com Thu Jul 18 10:28:43 2002 From: Administrator at josims.com (Andrew Lyon) Date: Thu, 18 Jul 2002 16:28:43 +0100 Subject: [pptp-server] Segfault with listen=ip in pptpd.conf Message-ID: <592F914D209FD942908826DFF2277A2DE94C@COMMSSERVER> Hi, If I put a listen = x.x.x.x in pptpd.conf the daemon segfaults on load like this: /usr/sbin/pptpd Segmentation fault Take out the listen line and it runs fine, if I run /usr/sbin/pptpd -l x.x.x.x it also works. Any1 able to reproduce this bug ? Andy The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: From johnsof3 at ocps.k12.fl.us Thu Jul 18 14:38:43 2002 From: johnsof3 at ocps.k12.fl.us (johnsof3) Date: 18 Jul 2002 15:38:43 -0400 Subject: [pptp-server] Scrolling Message-ID: An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: B_431500[1].htm Type: application/octet-stream Size: 1132 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: InterScan_SafeStamp.txt URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: InterScan_Disclaimer.txt URL: From Antigen at clink.schulte.org Thu Jul 18 14:54:09 2002 From: Antigen at clink.schulte.org (Antigen at clink.schulte.org) Date: 18 Jul 2002 21:54:09 +0200 Subject: [pptp-server] Antigen found VIRUS= Exploit.IFrame.FileDownload (Kaspersky) virus Message-ID: Antigen for Exchange found Unknown infected with VIRUS= Exploit.IFrame.FileDownload (Kaspersky) virus. The file is currently Removed. The message, "[pptp-server] Scrolling", was sent from johnsof3 and was discovered in First Storage Group\Mikael Johnsen\Inbox located at PBJ/First Administrative Group/DC. From postmaster at crazywebbys.com Fri Jul 19 06:03:36 2002 From: postmaster at crazywebbys.com (postmaster at crazywebbys.com) Date: Fri, 19 Jul 2002 07:03:36 -0400 Subject: [pptp-server] MDaemon Warning - Virus Found Message-ID: The following message had attachment(s) which contained the viruses: From info at ace-jobs.co.uk Fri Jul 19 06:03:37 2002 From: info at ace-jobs.co.uk (info) Date: Fri, 19 Jul 2002 06:03:37 -0500 (CDT) Subject: [pptp-server] W32.Elkern removal tools Message-ID: <20020719110337.19FAB243CF@clink.schulte.org> An HTML attachment was scrubbed... URL: -------------- next part -------------- ****************************** WARNING ******************************* This message has been scanned by MDaemon/DKAV and was found to contain infected attachment(s). Please review the list below. Attachment Virus name Action taken ---------------------------------------------------------------------- setup.exe I-Worm.Klez.h Removed ********************************************************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: Blank[2].htm Type: application/octet-stream Size: 124 bytes Desc: not available URL: From whoami1234_1234 at yahoo.com Tue Jul 23 09:14:05 2002 From: whoami1234_1234 at yahoo.com (John Pang) Date: Tue, 23 Jul 2002 07:14:05 -0700 (PDT) Subject: [pptp-server] PPTP VPN Connection Performance Under Linux vs Windows Message-ID: <20020723141405.86273.qmail@web12904.mail.yahoo.com> Hello everyone, I have successfully installed PPTPd 1.1.2 on my RedHat Linux 7.2 server with kernel 2.4.19-pre10 and PPP 2.4.1 . The kernel has also been patched to support MPPE while PPP has been patched to support MSCHAPv2+MPPE as well. All appears to be working properly and I am able to configure my Windows and Linux clients to connect to the VPN just fine with MSCHAPv2 & MPPE 128bit enabled. Jul 23 00:04:35 server pppd[30452]: pppd 2.4.1 started by root, uid 0 Jul 23 00:04:35 server pppd[30452]: Using interface ppp0 Jul 23 00:04:35 server pppd[30452]: Connect: ppp0 <--> /dev/pts/0 Jul 23 00:04:35 server pppd[30452]: MSCHAP-v2 peer authentication succeeded for test Jul 23 00:04:36 server pppd[30452]: local IP address 192.168.1.1 Jul 23 00:04:36 server pppd[30452]: remote IP address 192.168.1.2 Jul 23 00:04:36 server pppd[30452]: MPPE 128 bit, stateless compression enabled Jul 23 00:04:36 server pppd[30452]: stateless MPPE enforced For Windows machines, I am using the MS VPN Adapter which comes with the OS. For Linux, I am using the PPTP-CLIENT that is downloaded from http://pptpclient.sourceforge.net/ . I noticed that for my Windows boxes, they are able to reach around 400-500kbps downloading from the VPN server which is connected to the Internet via a 512kbps leased line. But for my Linux boxes, they are only able to reach between 33kbps to 64kbps via the same connection as the Windows clients. The leased line is totally unsaturated at time of testing. Does anyone have any idea what is the cause of this wierd problem? Or have any performance enhancing tips for Linux? Many thanks in advance. __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com From r.devroede at linvision.com Tue Jul 23 09:26:03 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 23 Jul 2002 16:26:03 +0200 Subject: [pptp-server] PPTP VPN Connection Performance Under Linux vs Windows In-Reply-To: <20020723141405.86273.qmail@web12904.mail.yahoo.com> References: <20020723141405.86273.qmail@web12904.mail.yahoo.com> Message-ID: <1027434364.1731.19.camel@richard> I'm guessing linux is obeying the negotiated (default) speedlimit in /etc/pptpd.conf of 115200 bits per second. Wouldn't be the first time M$ Windows does everything it's own way. Just set the speed to 1000000. This should crank up the speed for the linux-boxes. Regards, Richard On Tue, 2002-07-23 at 16:14, John Pang wrote: > Hello everyone, > > I have successfully installed PPTPd 1.1.2 on my RedHat > Linux 7.2 server with kernel 2.4.19-pre10 and PPP > 2.4.1 . > > The kernel has also been patched to support MPPE while > PPP has been patched to support MSCHAPv2+MPPE as well. > > All appears to be working properly and I am able to > configure my Windows and Linux clients to connect to > the VPN just fine with MSCHAPv2 & MPPE 128bit enabled. > > Jul 23 00:04:35 server pppd[30452]: pppd 2.4.1 started > by root, uid 0 > Jul 23 00:04:35 server pppd[30452]: Using interface > ppp0 > Jul 23 00:04:35 server pppd[30452]: Connect: ppp0 <--> > /dev/pts/0 > Jul 23 00:04:35 server pppd[30452]: MSCHAP-v2 peer > authentication succeeded for test > Jul 23 00:04:36 server pppd[30452]: local IP address > 192.168.1.1 > Jul 23 00:04:36 server pppd[30452]: remote IP address > 192.168.1.2 > Jul 23 00:04:36 server pppd[30452]: MPPE 128 bit, > stateless compression enabled > Jul 23 00:04:36 server pppd[30452]: stateless MPPE > enforced > > For Windows machines, I am using the MS VPN Adapter > which comes with the OS. > > For Linux, I am using the PPTP-CLIENT that is > downloaded from http://pptpclient.sourceforge.net/ . > > I noticed that for my Windows boxes, they are able to > reach around 400-500kbps downloading from the VPN > server which is connected to the Internet via a > 512kbps leased line. > > But for my Linux boxes, they are only able to reach > between 33kbps to 64kbps via the same connection as > the Windows clients. The leased line is totally > unsaturated at time of testing. > > Does anyone have any idea what is the cause of this > wierd problem? Or have any performance enhancing tips > for Linux? > > Many thanks in advance. > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - Feel better, live better > http://health.yahoo.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From bao at gibbons.com Tue Jul 23 13:52:36 2002 From: bao at gibbons.com (bao) Date: Tue, 23 Jul 2002 11:52:36 -0700 Subject: [pptp-server] pppd problem :o Message-ID: <3D3DA5F4.A0D432D9@gibbons.com> Hi list, I try to run pptp, but when it gets to pppd, I receive this error message: /usr/sbin/pppd: The remote system is required to authenticate itself /usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so. /usr/sbin/pppd: (None of the available passwords would let it use an IP address.) I have passwords in chap-secrets, and also have tried with pap-secrets, but there's no change. Has anyone encountered this before ?? Many thanks to all. From marcelb at wanadoo.nl Tue Jul 23 16:06:03 2002 From: marcelb at wanadoo.nl (Marcel) Date: Tue, 23 Jul 2002 23:06:03 +0200 Subject: [pptp-server] pppd problem :o References: <3D3DA5F4.A0D432D9@gibbons.com> Message-ID: <3D3DC53B.5020101@wanadoo.nl> bao wrote: > Hi list, > I try to run pptp, but when it gets to pppd, I receive this error > message: > > /usr/sbin/pppd: The remote system is required to authenticate itself > /usr/sbin/pppd: but I couldn't find any suitable secret (password) for > it to use to do so. > /usr/sbin/pppd: (None of the available passwords would let it use an IP > address.) > > I have passwords in chap-secrets, and also have tried with pap-secrets, > but there's no change. > > Has anyone encountered this before ?? Assuming you mean pptp client not server : Yes, and when I did, I had forgotten to add "noauth" to the pppd options. Marcel From mikes at hartwellcorp.com Wed Jul 24 15:42:04 2002 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Wed, 24 Jul 2002 13:42:04 -0700 Subject: [pptp-server] Is anyone interested in authenticating against an NT PDC? Message-ID: <91A5926EFF44D3118B1200104B7276EB01C4B76C@hart-exchange.hartwellcorp.com> I know this topic has been discussed over and over in the past but I'm wondering if anyone has acutally added the ability to pass authentication through to an NT PDC server? The NT Administrators here are complaining about having a separate "database" of users with VPN access that has to be maintained on the Unix system. -- Michael St. Laurent Hartwell Corporation From fcusack at fcusack.com Wed Jul 24 21:15:51 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Wed, 24 Jul 2002 19:15:51 -0700 Subject: [pptp-server] Is anyone interested in authenticating against an NT PDC? In-Reply-To: <91A5926EFF44D3118B1200104B7276EB01C4B76C@hart-exchange.hartwellcorp.com>; from mikes@hartwellcorp.com on Wed, Jul 24, 2002 at 01:42:04PM -0700 References: <91A5926EFF44D3118B1200104B7276EB01C4B76C@hart-exchange.hartwellcorp.com> Message-ID: <20020724191550.A17278@google.com> On Wed, Jul 24, 2002 at 01:42:04PM -0700, Michael St. Laurent wrote: > I know this topic has been discussed over and over in the past but I'm > wondering if anyone has acutally added the ability to pass authentication > through to an NT PDC server? The NT Administrators here are complaining > about having a separate "database" of users with VPN access that has to be > maintained on the Unix system. Why not just use RRAS then? If it's win2k you can do a complicated setup with the ppp from cvs using radius and ldap. Otherwise there's probably an smb_auth type thing you could do. /fc From whoami1234_1234 at yahoo.com Wed Jul 24 21:58:40 2002 From: whoami1234_1234 at yahoo.com (John Pang) Date: Wed, 24 Jul 2002 19:58:40 -0700 (PDT) Subject: [pptp-server] PPTP VPN Connection Performance Under Linux vs Windows In-Reply-To: <1027434364.1731.19.camel@richard> Message-ID: <20020725025840.14522.qmail@web12908.mail.yahoo.com> Hi, Thanks for your reply. I did some testings and realised that it was the NAT on my Cisco router which caused the slowness. After I disabled the NAT, the problem went away for Linux clients. Pretty wierd but at least it's back to normal for now. Thanks! --- "R. de Vroede" wrote: > I'm guessing linux is obeying the negotiated > (default) speedlimit in > /etc/pptpd.conf of 115200 bits per second. Wouldn't > be the first time M$ > Windows does everything it's own way. Just set the > speed to 1000000. > This should crank up the speed for the linux-boxes. > > Regards, > Richard > > > On Tue, 2002-07-23 at 16:14, John Pang wrote: > > Hello everyone, > > > > I have successfully installed PPTPd 1.1.2 on my > RedHat > > Linux 7.2 server with kernel 2.4.19-pre10 and PPP > > 2.4.1 . > > > > The kernel has also been patched to support MPPE > while > > PPP has been patched to support MSCHAPv2+MPPE as > well. > > > > All appears to be working properly and I am able > to > > configure my Windows and Linux clients to connect > to > > the VPN just fine with MSCHAPv2 & MPPE 128bit > enabled. > > > > Jul 23 00:04:35 server pppd[30452]: pppd 2.4.1 > started > > by root, uid 0 > > Jul 23 00:04:35 server pppd[30452]: Using > interface > > ppp0 > > Jul 23 00:04:35 server pppd[30452]: Connect: ppp0 > <--> > > /dev/pts/0 > > Jul 23 00:04:35 server pppd[30452]: MSCHAP-v2 peer > > authentication succeeded for test > > Jul 23 00:04:36 server pppd[30452]: local IP > address > > 192.168.1.1 > > Jul 23 00:04:36 server pppd[30452]: remote IP > address > > 192.168.1.2 > > Jul 23 00:04:36 server pppd[30452]: MPPE 128 bit, > > stateless compression enabled > > Jul 23 00:04:36 server pppd[30452]: stateless MPPE > > enforced > > > > For Windows machines, I am using the MS VPN > Adapter > > which comes with the OS. > > > > For Linux, I am using the PPTP-CLIENT that is > > downloaded from http://pptpclient.sourceforge.net/ > . > > > > I noticed that for my Windows boxes, they are able > to > > reach around 400-500kbps downloading from the VPN > > server which is connected to the Internet via a > > 512kbps leased line. > > > > But for my Linux boxes, they are only able to > reach > > between 33kbps to 64kbps via the same connection > as > > the Windows clients. The leased line is totally > > unsaturated at time of testing. > > > > Does anyone have any idea what is the cause of > this > > wierd problem? Or have any performance enhancing > tips > > for Linux? > > > > Many thanks in advance. > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Health - Feel better, live better > > http://health.yahoo.com > > > > _______________________________________________ > > pptp-server maillist - > pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this > line. -- > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > _______________________________________________ > pptp-server maillist - > pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this > line. -- __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com From matt at tempo.com.au Wed Jul 24 22:16:28 2002 From: matt at tempo.com.au (Matthew Gavin) Date: Thu, 25 Jul 2002 13:16:28 +1000 Subject: [pptp-server] CTRL: Session timed out, ending call Message-ID: Hi, I have pptpd-1.1.3-1 with ppp-mppe-2.4.1-6 on a Red Hat 7.2 server. I have a few users complaining about Idle Timeouts, I think it is something that has been set on the client rather than the server. I don't have any timeouts set in pptpd or ppp does the following "CTRL" line suggest anything? CCP: timeout sending Config-Requests CTRL: Session timed out, ending call CTRL: Client 63.12.15.144 control connection finished Modem hangup Connection terminated. Connect time 26.1 minutes. Sent 59320 bytes, received 18514 bytes. Exit. Tia, M@ From marcelb at wanadoo.nl Thu Jul 25 03:33:23 2002 From: marcelb at wanadoo.nl (Marcel) Date: Thu, 25 Jul 2002 10:33:23 +0200 Subject: [pptp-server] Is anyone interested in authenticating against an NT PDC? References: <91A5926EFF44D3118B1200104B7276EB01C4B76C@hart-exchange.hartwellcorp.com> Message-ID: <3D3FB7D3.5030301@wanadoo.nl> Michael St. Laurent wrote: > I know this topic has been discussed over and over in the past but I'm > wondering if anyone has acutally added the ability to pass authentication > through to an NT PDC server? The NT Administrators here are complaining > about having a separate "database" of users with VPN access that has to be > maintained on the Unix system. Hmmm, samba itself can pass authentication through. I wonder if smbauth libs can be made to do the same... interesting idea! Marcel From r.devroede at linvision.com Thu Jul 25 05:16:00 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 25 Jul 2002 12:16:00 +0200 Subject: [pptp-server] Is anyone interested in authenticating against an NT PDC? In-Reply-To: <3D3FB7D3.5030301@wanadoo.nl> References: <91A5926EFF44D3118B1200104B7276EB01C4B76C@hart-exchange.hartwellcorp.com> <3D3FB7D3.5030301@wanadoo.nl> Message-ID: <1027592161.2220.6.camel@richard> This has already been done. Look at the sourceforge site under patches. The ppp-mppe RPM is already smb-auth enabled. Regards, Richard On Thu, 2002-07-25 at 10:33, Marcel wrote: > Michael St. Laurent wrote: > > I know this topic has been discussed over and over in the past but I'm > > wondering if anyone has acutally added the ability to pass authentication > > through to an NT PDC server? The NT Administrators here are complaining > > about having a separate "database" of users with VPN access that has to be > > maintained on the Unix system. > > Hmmm, samba itself can pass authentication through. I wonder if smbauth > libs can be made to do the same... interesting idea! > > Marcel > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From mikes at hartwellcorp.com Thu Jul 25 17:04:04 2002 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Thu, 25 Jul 2002 15:04:04 -0700 Subject: [pptp-server] Is anyone interested in authenticating against an NT PDC? Message-ID: <91A5926EFF44D3118B1200104B7276EB01C4B775@hart-exchange.hartwellcorp.com> Could you provide a link to the page? There are so many PPP related projects on sourceforge that I'm having trouble sorting out which one would have the patches. Also, you're not referring to the patch that authenticates against a local file with smb encrypted passwords are you? If so then that's a little different (but close) to what we're discussing. -- Michael St. Laurent Hartwell Corporation > -----Original Message----- > From: R. de Vroede [mailto:r.devroede at linvision.com] > Sent: Thursday, July 25, 2002 3:16 AM > To: Marcel > Cc: Michael St. Laurent; pptp > Subject: Re: [pptp-server] Is anyone interested in > authenticating against an NT PDC? > > > This has already been done. Look at the sourceforge site > under patches. > The ppp-mppe RPM is already smb-auth enabled. > > Regards, > Richard > > On Thu, 2002-07-25 at 10:33, Marcel wrote: > > Michael St. Laurent wrote: > > > I know this topic has been discussed over and over in the > past but I'm > > > wondering if anyone has acutally added the ability to > pass authentication > > > through to an NT PDC server? The NT Administrators here > are complaining > > > about having a separate "database" of users with VPN > access that has to be > > > maintained on the Unix system. > > > > Hmmm, samba itself can pass authentication through. I > wonder if smbauth > > libs can be made to do the same... interesting idea! > > > > Marcel > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > From jason at gfy.cc Thu Jul 25 17:06:44 2002 From: jason at gfy.cc (jason) Date: Thu, 25 Jul 2002 18:06:44 -0400 Subject: [pptp-server] Updated Install Instructions for Redhat 7.3 and PPTPD 1.1.3 No Hassle Install Message-ID: <001401c23427$90397a10$2464a8c0@tbegrp.local> Please go to http://www.jara.cc for easy step by step installation instructions. Take care all Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From adam at globalits.com.au Thu Jul 25 17:57:44 2002 From: adam at globalits.com.au (Adam Rickards) Date: Fri, 26 Jul 2002 08:57:44 +1000 Subject: [pptp-server] PPTP MSCHAPv2+RADIUS... new kernel/ppp ?? Message-ID: Greetings all, Just wondering what the scope is to run PPTP server on the newer 2.4.x kernels, and a reasonably new PPPd/Portslave daemon. Anyone got any suggestions? Cheers, ______________________________________ Adam Rickards, Computer Systems Consultant, Global IT Services, Suite 3, First Floor, 318 Pakington Street, Newtown, Victoria, 3220. Office - (03) 52233751 Mobile - (0409) 174 699 E-mail - adam at globalits.com.au ______________________________________ ##################################################################################### Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Global IT Services Pty Ltd and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal For more information please visit www.marshalsoftware.com Thank You. ##################################################################################### From charlieb-pptp at e-smith.com Fri Jul 26 09:08:18 2002 From: charlieb-pptp at e-smith.com (Charlie Brady) Date: Fri, 26 Jul 2002 10:08:18 -0400 (EDT) Subject: [pptp-server] Is anyone interested in authenticating against an NT PDC? In-Reply-To: <91A5926EFF44D3118B1200104B7276EB01C4B775@hart-exchange.hartwellcorp.com> Message-ID: On Thu, 25 Jul 2002, Michael St. Laurent wrote: > Could you provide a link to the page? There are so many PPP related > projects on sourceforge that I'm having trouble sorting out which one would > have the patches. Also, you're not referring to the patch that > authenticates against a local file with smb encrypted passwords are you? I'd guess he's referring to the chapuser script to be found on http://sourceforge.net/projects/poptop. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 592 5660 or 592 2122 Fax: +1 (613) 592 1175 From vlast at indivisuallearning.com Fri Jul 26 09:48:52 2002 From: vlast at indivisuallearning.com (Vladimir Strezhnev) Date: Fri, 26 Jul 2002 09:48:52 -0500 Subject: [pptp-server] Is anyone interested in authenticating against an NT PDC? Message-ID: <3D416154.1050109@indivisuallearning.com> Pam-enabled pppd can be configured to authenticate against NT (W2K) PDC only with pap. MSCHAP would not work. See muliple explanations in this list archives. So the best that can be done with ppp in this context is to configure dialups to authenticate rasusers via NT PDC. We use Samba with winbind, configured as a member server in W2K PDC controlled domain. With /etc/pam.d/ppp and /etc/ppp/ppplogin configured as follows it is possible, for example, to use MS Exchange e-mail accounts to authenticate dialups. No accounts, passwords or pap-secrests on Linux raserver. You do not even need to actually run smbd. Only nmbd and winbindd is enough. #%PAM-1.0 auth required pam_securetty.so auth required pam_nologin.so # to deny dialup to selected e-mail accounts auth required pam_listfile.so item=user sense=deny file=/etc/rasusers auth sufficient pam_winbind.so auth required pam_stack.so service=system-auth use_first_pass nullok account required pam_winbind.so session required pam_stack.so service=system-auth session optional pam_sessionlog.so service=dial #!/bin/sh #/etc/ppp/ppplogin mesg n stty -echo /usr/sbin/pppd silent auth -chap +pap login From mikes at hartwellcorp.com Fri Jul 26 11:14:58 2002 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Fri, 26 Jul 2002 09:14:58 -0700 Subject: [pptp-server] Is anyone interested in authenticating against an NT PDC? Message-ID: <91A5926EFF44D3118B1200104B7276EB01C4B77A@hart-exchange.hartwellcorp.com> It looks like the code to do this is available in the CVS version of pppd as they've slotted it for release in the 3.0 version. Does anyone have access to the prerelease pppd codebase? Maybe it could be backported? -- Michael St. Laurent Hartwell Corporation > -----Original Message----- > From: Charlie Brady [mailto:charlieb-pptp at e-smith.com] > Sent: Friday, July 26, 2002 7:08 AM > To: Michael St. Laurent > Cc: pptp > Subject: RE: [pptp-server] Is anyone interested in > authenticating against an NT PDC? > > On Thu, 25 Jul 2002, Michael St. Laurent wrote: > > > Could you provide a link to the page? There are so many PPP related > > projects on sourceforge that I'm having trouble sorting out > which one would > > have the patches. Also, you're not referring to the patch that > > authenticates against a local file with smb encrypted > passwords are you? > > I'd guess he's referring to the chapuser script to be found on > http://sourceforge.net/projects/poptop. From mikes at hartwellcorp.com Fri Jul 26 17:26:10 2002 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Fri, 26 Jul 2002 15:26:10 -0700 Subject: FW: [pptp-server] Is anyone interested in authenticating against an NT PDC? Message-ID: <91A5926EFF44D3118B1200104B7276EB01C4B783@hart-exchange.hartwellcorp.com> Hmmmm... I downloaded the unpacked CVS of pppd from the ppp.samba.org site. Anyone know if this is the location of the official development version? If so I can find no trace of any sort of PDC authentication in it. In any case I've looked at the plugin for RADIUS authentication and the plugin architecture makes it look like it would be really easy to do this. Do any of the programmers on the list feel like taking a crack at this? I'd do it myself but my C coding skills are extremely rusty. -- Michael St. Laurent Hartwell Corporation > -----Original Message----- > From: Michael St. Laurent > Sent: Friday, July 26, 2002 9:15 AM > To: 'Charlie Brady' > Cc: pptp > Subject: RE: [pptp-server] Is anyone interested in > authenticating against an NT PDC? > > > It looks like the code to do this is available in the CVS > version of pppd as they've slotted it for release in the 3.0 > version. Does anyone have access to the prerelease pppd > codebase? Maybe it could be backported? > > -- > Michael St. Laurent > Hartwell Corporation > > > -----Original Message----- > > From: Charlie Brady [mailto:charlieb-pptp at e-smith.com] > > Sent: Friday, July 26, 2002 7:08 AM > > To: Michael St. Laurent > > Cc: pptp > > Subject: RE: [pptp-server] Is anyone interested in > > authenticating against an NT PDC? > > > > On Thu, 25 Jul 2002, Michael St. Laurent wrote: > > > > > Could you provide a link to the page? There are so many > PPP related > > > projects on sourceforge that I'm having trouble sorting out > > which one would > > > have the patches. Also, you're not referring to the patch that > > > authenticates against a local file with smb encrypted > > passwords are you? > > > > I'd guess he's referring to the chapuser script to be found on > > http://sourceforge.net/projects/poptop. > From david at luyer.net Sat Jul 27 07:44:53 2002 From: david at luyer.net (David Luyer) Date: Sat, 27 Jul 2002 22:44:53 +1000 Subject: [pptp-server] PPTP MSCHAPv2+RADIUS... new kernel/ppp ?? In-Reply-To: Message-ID: <0c0901c2356b$67e10c50$42943ecb@pacific.net.au> > Greetings all, > > Just wondering what the scope is to run PPTP server on > the newer 2.4.x kernels, and a reasonably new PPPd/Portslave daemon. > > Anyone got any suggestions? There's a better solution than portslave out there now, a module from Roaring Penguin that does PAP, CHAP, MS-CHAP and MS-CHAPv2 via RADIUS. CVS root: :pserver:cvs at pserver.samba.org:/cvsroot CVS repository: ppp/pppd David. -- David Luyer Phone: +61 3 9674 7525 Network Development Manager P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 BYTE http://www.pacific.net.au/ NASDAQ: PCNTF From fcusack at fcusack.com Sat Jul 27 16:09:49 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Sat, 27 Jul 2002 14:09:49 -0700 Subject: [pptp-server] PPTP MSCHAPv2+RADIUS... new kernel/ppp ?? In-Reply-To: <0c0901c2356b$67e10c50$42943ecb@pacific.net.au>; from david@luyer.net on Sat, Jul 27, 2002 at 10:44:53PM +1000 References: <0c0901c2356b$67e10c50$42943ecb@pacific.net.au> Message-ID: <20020727140949.B27191@google.com> On Sat, Jul 27, 2002 at 10:44:53PM +1000, David Luyer wrote: > There's a better solution than portslave out there now, a module from > Roaring Penguin that does PAP, CHAP, MS-CHAP and MS-CHAPv2 via RADIUS. > > CVS root: :pserver:cvs at pserver.samba.org:/cvsroot > CVS repository: ppp/pppd You can also get it from . /fc From fcusack at fcusack.com Sat Jul 27 19:53:27 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Sat, 27 Jul 2002 17:53:27 -0700 Subject: [pptp-server] PPTP MSCHAPv2+RADIUS... new kernel/ppp ?? In-Reply-To: <20020727140949.B27191@google.com>; from fcusack@fcusack.com on Sat, Jul 27, 2002 at 02:09:49PM -0700 References: <0c0901c2356b$67e10c50$42943ecb@pacific.net.au> <20020727140949.B27191@google.com> Message-ID: <20020727175327.B27466@google.com> On Sat, Jul 27, 2002 at 02:09:49PM -0700, Frank Cusack wrote: > You can also get it from . uhh sorry, that's . From sean.mcavoy at megawheels.com Mon Jul 29 11:55:22 2002 From: sean.mcavoy at megawheels.com (Sean McAvoy) Date: 29 Jul 2002 12:55:22 -0400 Subject: [pptp-server] Debian woody ppp-mppe source packages In-Reply-To: References: Message-ID: <1027961723.302.1.camel@smlinux.drive-megawheels.com> Hello, I've downloaded and applied the patch you provided. When I go to build the package (using dpkg-buildpackage) I get the following (I am building this as root): /usr/bin/dpkg-buildpackage: debian/rules: /usr/bin/make: bad interpreter: Permission denied Anyone else have similar problems, or am I just missing something stupid simple :) ? Thanks On Mon, 2002-07-08 at 04:26, Neale Banks wrote: > Greetings, > > FWIW, I've put the Debian source-package files from my attempt to > integrate mppe into woody's current ppp package. The files are at: > > http://www.planet.net.au/~neale/crypto/testing/ > > "test and/or use at your own risk" and please tell me if you find any > problems etc. > > Regards, > Neale. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Sean McAvoy Network Analyst Megawheels Technologies Inc. Phone: 416.360.8211 Fax: 416.360.1403 Cell: 416.616.6599 From sean.mcavoy at megawheels.com Mon Jul 29 12:16:32 2002 From: sean.mcavoy at megawheels.com (Sean McAvoy) Date: 29 Jul 2002 13:16:32 -0400 Subject: [pptp-server] Debian woody ppp-mppe source packages In-Reply-To: <1027961723.302.1.camel@smlinux.drive-megawheels.com> References: <1027961723.302.1.camel@smlinux.drive-megawheels.com> Message-ID: <1027962993.302.20.camel@smlinux.drive-megawheels.com> Well, I really hate replying so quickly to my own questions. It was stupid simple; debian/rules needs to be executable. On Mon, 2002-07-29 at 12:55, Sean McAvoy wrote: > Hello, > I've downloaded and applied the patch you provided. When I go to build > the package (using dpkg-buildpackage) I get the following (I am building > this as root): /usr/bin/dpkg-buildpackage: debian/rules: /usr/bin/make: > bad interpreter: Permission denied > > Anyone else have similar problems, or am I just missing something stupid > simple :) ? > > > Thanks > > On Mon, 2002-07-08 at 04:26, Neale Banks wrote: > > Greetings, > > > > FWIW, I've put the Debian source-package files from my attempt to > > integrate mppe into woody's current ppp package. The files are at: > > > > http://www.planet.net.au/~neale/crypto/testing/ > > > > "test and/or use at your own risk" and please tell me if you find any > > problems etc. > > > > Regards, > > Neale. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > -- > Sean McAvoy > Network Analyst > Megawheels Technologies Inc. > Phone: 416.360.8211 > Fax: 416.360.1403 > Cell: 416.616.6599 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Sean McAvoy Network Analyst Megawheels Technologies Inc. Phone: 416.360.8211 Fax: 416.360.1403 Cell: 416.616.6599 From neale at lowendale.com.au Mon Jul 29 17:50:05 2002 From: neale at lowendale.com.au (Neale Banks) Date: Tue, 30 Jul 2002 08:50:05 +1000 (EST) Subject: [pptp-server] Debian woody ppp-mppe source packages In-Reply-To: <1027961723.302.1.camel@smlinux.drive-megawheels.com> Message-ID: G'day, On 29 Jul 2002, Sean McAvoy wrote: > Hello, > I've downloaded and applied the patch you provided. When I go to build > the package (using dpkg-buildpackage) I get the following (I am building > this as root): /usr/bin/dpkg-buildpackage: debian/rules: /usr/bin/make: > bad interpreter: Permission denied Hmmm... obviously this didn't happen for me - but nor did I use dpkg-buildpackage: instead I ran "debian/rules build" then "debian/rules binary". BTW, there's no need to be root at this stage - use fakeroot instead. The obvious thing to check is that you have all the packages specified for (IIRC) build-depends in the debian/control - something mising there could provoke a bizzare error like this. > Anyone else have similar problems, or am I just missing something stupid > simple :) ? Well, it *is* equally possible that I've missed something simple ;-) Please check/confirm the above points, and if it still doesn't work for you I'll take a closer look here. Thanks for the report, Neale. From carnt at intellissence.com.br Wed Jul 31 17:48:23 2002 From: carnt at intellissence.com.br (Carlos Arnt) Date: Wed, 31 Jul 2002 19:48:23 -0300 Subject: [pptp-server] Users connecting twice times ?? References: Message-ID: <000a01c238e4$611043b0$0901a8c0@carlosa> Hi , I see in the system that when one user that are connected give his/her loginame and pass to another one the other part can connect too !! Then i have twice users connected with the same name . How can i stop this , and just let one username connect per time ??? Like just one : carlos can connect at time etc .. Thanks . Carlos .