From ASKUS at QVC.COM Sat Jun 1 13:50:51 2002 From: ASKUS at QVC.COM (AskUs) Date: Sat, 01 Jun 2002 14:50:51 -0400 Subject: [pptp-server] RE: Here to find out more! File attachment blocked per QVC's Data SecurityPolicy. Message-ID: <20020601184428.BC145243BE@clink.schulte.org> Thank you for your recent e-mail to ASKUS at QVC.COM. While we're unable to read every question on-air, we'll try to get to as many as possible in a timely fashion. This will be the only e-mail you will receive in reference to your question. Please, keep in mind, e-mailing ASKUS at QVC.COM, is meant to request specifics related to products the show hosts mentioned. If you need assistance with Customer Service related issues (for example, did your order ship; did your order return; give feedback on products, show hosts, services, etc.), you need to e-mail WEBMASTER at QVC.COM and they will be happy to assist you. If you prefer immediate assistance, you can either contact our QVC LiveOnline agents 24 hours a day, 7 days a week, by going to http://www.qvc.com, click on "Customer Service", then, click the QVC LiveOnline icon. Or, you can call 1-888-345-5788, daily from 8 A.M. to Midnight, ET and they will be happy to assist you. Thank you for your interest. Original Message Follows: ------------------------ [ Attachment 1.2 Type: audio/x-wav] From fedelman at claxson.com Mon Jun 3 08:46:09 2002 From: fedelman at claxson.com (Federico Edelman) Date: Mon, 3 Jun 2002 10:46:09 -0300 Subject: [pptp-server] pptp + PAM Message-ID: Hi, But, I don't understand. How can I do for pptp (or pppd) auth through /etc/passwd and support PAM options? > -----Mensaje original----- > De: bao [mailto:bao at gibbons.com] > Enviado el: viernes, 31 de mayo de 2002 20:06 > Para: Federico Edelman > Asunto: Re: [pptp-server] pptp + PAM > > i'm running pptp with Chap. However, I think setting up pap will be > similar > > I don't know exactly what the options should be, but look into the > options.pptpd. There are options to enable chap, pap, or ms-chap. Then > try to establish a pptp session and monitor the log at the same time. If > you can't log on, and the log says the client refuses to authenticate, > you're on the right path. The next thing to do is to set up the account > in /etc/ppp/pap-secrets. > For each user account, put in the username, the server name, the > password (in double quote), and the IP > > Hope it helps. > > Federico Edelman wrote: > > > > > > > I'm running a pptp on Linux Debian 2.2rev3, ppp-4.1, PoPToP-v1.0.1. > > > > How can I setting pppd authenticate over PAM. > > > > I need a unique simultaneus login per user. I think that?s possible > > with PAM. > > > > Thanks for advance, > > Federico > > > > =-=-= > > Federico Edelman Anaya > > Internet Systems Administrator > > Claxson - (+54-11) 4339-3848 -------------- next part -------------- An HTML attachment was scrubbed... URL: From fedelman at claxson.com Mon Jun 3 12:23:00 2002 From: fedelman at claxson.com (Federico Edelman) Date: Mon, 3 Jun 2002 14:23:00 -0300 Subject: [pptp-server] pptp + PAM Message-ID: Umm.. Where can I find information about how configure pptp + pam? I put in /etc/pptpd.conf: speed 115200 option /etc/ppp/pptpd-options debug localip 192.168.0.3-200 remoteip 192.168.0.3-200 I put in /etc/ppp/pptpd-options: debug name myhost auth login netmask 255.255.255.0 nodefaultroute proxyarp lock The /etc/ppp/chap-secrets and /etc/ppp/pap-secrets are empty, because I will authenticate through PAM only. I compile pppd with USE_PAM=y, HAS_SHADOW=y, CHAPMS=y, USE_CRYPT=y, but If I put in /etc/ppp/pptpd-options '+chapms' or 'require-chapms' I get 'unrecognized option require-pam'. What's wrong? > -----Mensaje original----- > De: bao [mailto:bao at gibbons.com] > Enviado el: lunes, 03 de junio de 2002 14:07 > Para: Federico Edelman > Asunto: Re: [pptp-server] pptp + PAM > > For better understanding, do a "man pppd", it shows what the available > options for pppd are. > One is auth, another is require-pam or something like that. Also, > there's +/-chap, +/-pam, > +/-chapms-v2. These 3 are not in the man page, so you need to read the > pptpd doc. > > These options will go into the options file for pptpd. > > Hope it helps > > Federico Edelman wrote: > > > > > > > Hi, > > > > But, I don't understand. How can I do for pptp (or pppd) auth > > through /etc/passwd and support PAM options? > > > > > -----Mensaje original----- > > > De: bao [mailto:bao at gibbons.com] > > > Enviado el: viernes, 31 de mayo de 2002 20:06 > > > Para: Federico Edelman > > > Asunto: Re: [pptp-server] pptp + PAM > > > > > > i'm running pptp with Chap. However, I think setting up pap will be > > > similar > > > > > > I don't know exactly what the options should be, but look into the > > > options.pptpd. There are options to enable chap, pap, or ms-chap. > > Then > > > try to establish a pptp session and monitor the log at the same > > time. If > > > you can't log on, and the log says the client refuses to > > authenticate, > > > you're on the right path. The next thing to do is to set up the > > account > > > in /etc/ppp/pap-secrets. > > > For each user account, put in the username, the server name, the > > > password (in double quote), and the IP > > > > > > Hope it helps. > > > > > > Federico Edelman wrote: > > > > > > > > > > > > > > > I'm running a pptp on Linux Debian 2.2rev3, ppp-4.1, > > PoPToP-v1.0.1. > > > > > > > > How can I setting pppd authenticate over PAM. > > > > > > > > I need a unique simultaneus login per user. I think that?s > > possible > > > > with PAM. > > > > > > > > Thanks for advance, > > > > Federico > > > > > > > > =-=-= > > > > Federico Edelman Anaya > > > > Internet Systems Administrator > > > > Claxson - (+54-11) 4339-3848 -------------- next part -------------- An HTML attachment was scrubbed... URL: From vorlon at netexpress.net Mon Jun 3 13:00:37 2002 From: vorlon at netexpress.net (Steve Langasek) Date: Mon, 3 Jun 2002 13:00:37 -0500 Subject: [pptp-server] pptp + PAM In-Reply-To: References: Message-ID: <20020603180037.GJ12434@netexpress.net> On Mon, Jun 03, 2002 at 02:23:00PM -0300, Federico Edelman wrote: > Umm.. Where can I find information about how configure pptp + pam? > I put in /etc/pptpd.conf: > speed 115200 > option /etc/ppp/pptpd-options > debug > localip 192.168.0.3-200 > remoteip 192.168.0.3-200 > I put in /etc/ppp/pptpd-options: > debug > name myhost > auth > login > netmask 255.255.255.0 > nodefaultroute > proxyarp > lock > The /etc/ppp/chap-secrets and /etc/ppp/pap-secrets are empty, because I will > authenticate through PAM only. > I compile pppd with USE_PAM=y, HAS_SHADOW=y, CHAPMS=y, USE_CRYPT=y, but If I > put in /etc/ppp/pptpd-options '+chapms' or 'require-chapms' I get > 'unrecognized option require-pam'. > What's wrong? You misunderstand how MS-CHAP and PAM work. You will never be able to use these two technologies together, as they have incompatible designs. Steve Langasek postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From fedelman at claxson.com Mon Jun 3 13:09:15 2002 From: fedelman at claxson.com (Federico Edelman) Date: Mon, 3 Jun 2002 15:09:15 -0300 Subject: [pptp-server] pptp + PAM Message-ID: Steve: Yes, but I was only compiled with these options. In pptpd-options I don't put none of these options. How can I'll must setting for PAM support? > -----Mensaje original----- > De: Steve Langasek [mailto:vorlon at netexpress.net] > Enviado el: lunes, 03 de junio de 2002 15:01 > Para: Federico Edelman > CC: 'bao'; 'pptp-server at lists.schulte.org' > Asunto: Re: [pptp-server] pptp + PAM > > On Mon, Jun 03, 2002 at 02:23:00PM -0300, Federico Edelman wrote: > > Umm.. Where can I find information about how configure pptp + pam? > > > I put in /etc/pptpd.conf: > > speed 115200 > > option /etc/ppp/pptpd-options > > debug > > localip 192.168.0.3-200 > > remoteip 192.168.0.3-200 > > > I put in /etc/ppp/pptpd-options: > > debug > > name myhost > > auth > > login > > netmask 255.255.255.0 > > nodefaultroute > > proxyarp > > lock > > > The /etc/ppp/chap-secrets and /etc/ppp/pap-secrets are empty, because I > will > > authenticate through PAM only. > > > I compile pppd with USE_PAM=y, HAS_SHADOW=y, CHAPMS=y, USE_CRYPT=y, but > If I > > put in /etc/ppp/pptpd-options '+chapms' or 'require-chapms' I get > > 'unrecognized option require-pam'. > > > What's wrong? > > You misunderstand how MS-CHAP and PAM work. You will never be able to > use these two technologies together, as they have incompatible designs. > > Steve Langasek > postmodern programmer -------------- next part -------------- An HTML attachment was scrubbed... URL: From vorlon at netexpress.net Mon Jun 3 13:16:40 2002 From: vorlon at netexpress.net (Steve Langasek) Date: Mon, 3 Jun 2002 13:16:40 -0500 Subject: [pptp-server] pptp + PAM In-Reply-To: References: Message-ID: <20020603181640.GL12434@netexpress.net> On Mon, Jun 03, 2002 at 03:09:15PM -0300, Federico Edelman wrote: > Steve: > Yes, but I was only compiled with these options. In pptpd-options I > don't put none of these options. > How can I'll must setting for PAM support? If you can't use MS-CHAP and PAM together, then clearly, having both 'require-pam' and 'require-chapms' in your config is an error. PPP happens to express this error by saying "unrecognized option require-pam". Do you have 'require-pam' set in /etc/ppp/options? Steve Langasek postmodern programmer > > -----Mensaje original----- > > De: Steve Langasek [mailto:vorlon at netexpress.net] > > Enviado el: lunes, 03 de junio de 2002 15:01 > > Para: Federico Edelman > > CC: 'bao'; 'pptp-server at lists.schulte.org' > > Asunto: Re: [pptp-server] pptp + PAM > > > > On Mon, Jun 03, 2002 at 02:23:00PM -0300, Federico Edelman wrote: > > > Umm.. Where can I find information about how configure pptp + pam? > > > > > I put in /etc/pptpd.conf: > > > speed 115200 > > > option /etc/ppp/pptpd-options > > > debug > > > localip 192.168.0.3-200 > > > remoteip 192.168.0.3-200 > > > > > I put in /etc/ppp/pptpd-options: > > > debug > > > name myhost > > > auth > > > login > > > netmask 255.255.255.0 > > > nodefaultroute > > > proxyarp > > > lock > > > > > The /etc/ppp/chap-secrets and /etc/ppp/pap-secrets are empty, because I > > will > > > authenticate through PAM only. > > > > > I compile pppd with USE_PAM=y, HAS_SHADOW=y, CHAPMS=y, USE_CRYPT=y, but > > If I > > > put in /etc/ppp/pptpd-options '+chapms' or 'require-chapms' I get > > > 'unrecognized option require-pam'. > > > > > What's wrong? > > > > You misunderstand how MS-CHAP and PAM work. You will never be able to > > use these two technologies together, as they have incompatible designs. > > > > Steve Langasek > > postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From fedelman at claxson.com Mon Jun 3 13:26:03 2002 From: fedelman at claxson.com (Federico Edelman) Date: Mon, 3 Jun 2002 15:26:03 -0300 Subject: [pptp-server] pptp + PAM Message-ID: I put in /etc/pptpd.conf: speed 115200 option /etc/ppp/pptpd-options debug localip 192.168.0.3-200 remoteip 192.168.0.3-200 I put in /etc/ppp/pptpd-options: debug name myhost auth login require-pam netmask 255.255.255.0 nodefaultroute proxyarp lock I get "unrecognized option require-pam". > -----Mensaje original----- > De: Steve Langasek [mailto:vorlon at netexpress.net] > Enviado el: lunes, 03 de junio de 2002 15:17 > Para: Federico Edelman > CC: 'bao'; 'pptp-server at lists.schulte.org' > Asunto: Re: [pptp-server] pptp + PAM > > On Mon, Jun 03, 2002 at 03:09:15PM -0300, Federico Edelman wrote: > > Steve: > > Yes, but I was only compiled with these options. In pptpd-options I > > don't put none of these options. > > > How can I'll must setting for PAM support? > > If you can't use MS-CHAP and PAM together, then clearly, having both > 'require-pam' and 'require-chapms' in your config is an error. PPP > happens to express this error by saying "unrecognized option require-pam". > > Do you have 'require-pam' set in /etc/ppp/options? > > Steve Langasek > postmodern programmer > > > > -----Mensaje original----- > > > De: Steve Langasek [mailto:vorlon at netexpress.net] > > > Enviado el: lunes, 03 de junio de 2002 15:01 > > > Para: Federico Edelman > > > CC: 'bao'; 'pptp-server at lists.schulte.org' > > > Asunto: Re: [pptp-server] pptp + PAM > > > > > > On Mon, Jun 03, 2002 at 02:23:00PM -0300, Federico Edelman wrote: > > > > Umm.. Where can I find information about how configure pptp + pam? > > > > > > > I put in /etc/pptpd.conf: > > > > speed 115200 > > > > option /etc/ppp/pptpd-options > > > > debug > > > > localip 192.168.0.3-200 > > > > remoteip 192.168.0.3-200 > > > > > > > I put in /etc/ppp/pptpd-options: > > > > debug > > > > name myhost > > > > auth > > > > login > > > > netmask 255.255.255.0 > > > > nodefaultroute > > > > proxyarp > > > > lock > > > > > > > The /etc/ppp/chap-secrets and /etc/ppp/pap-secrets are empty, > because I > > > will > > > > authenticate through PAM only. > > > > > > > I compile pppd with USE_PAM=y, HAS_SHADOW=y, CHAPMS=y, USE_CRYPT=y, > but > > > If I > > > > put in /etc/ppp/pptpd-options '+chapms' or 'require-chapms' I get > > > > 'unrecognized option require-pam'. > > > > > > > What's wrong? > > > > > > You misunderstand how MS-CHAP and PAM work. You will never be able to > > > use these two technologies together, as they have incompatible > designs. > > > > > > Steve Langasek > > > postmodern programmer -------------- next part -------------- An HTML attachment was scrubbed... URL: From vorlon at netexpress.net Mon Jun 3 13:47:35 2002 From: vorlon at netexpress.net (Steve Langasek) Date: Mon, 3 Jun 2002 13:47:35 -0500 Subject: [pptp-server] pptp + PAM In-Reply-To: References: Message-ID: <20020603184734.GO12434@netexpress.net> On Mon, Jun 03, 2002 at 03:26:03PM -0300, Federico Edelman wrote: > I put in /etc/pptpd.conf: > speed 115200 > option /etc/ppp/pptpd-options > debug > localip 192.168.0.3-200 > remoteip 192.168.0.3-200 > I put in /etc/ppp/pptpd-options: > debug > name myhost > auth > login > require-pam > netmask 255.255.255.0 > nodefaultroute > proxyarp > lock > I get "unrecognized option require-pam". Ok, so you get this error even when you *don't* have 'require-chapms' in your config? In that case, it seems to be a problem with the PAM support in pppd, which is not something I've ever used. Steve Langasek postmodern programmer > > -----Mensaje original----- > > De: Steve Langasek [mailto:vorlon at netexpress.net] > > Enviado el: lunes, 03 de junio de 2002 15:17 > > Para: Federico Edelman > > CC: 'bao'; 'pptp-server at lists.schulte.org' > > Asunto: Re: [pptp-server] pptp + PAM > > > > On Mon, Jun 03, 2002 at 03:09:15PM -0300, Federico Edelman wrote: > > > Steve: > > > Yes, but I was only compiled with these options. In pptpd-options I > > > don't put none of these options. > > > > > How can I'll must setting for PAM support? > > > > If you can't use MS-CHAP and PAM together, then clearly, having both > > 'require-pam' and 'require-chapms' in your config is an error. PPP > > happens to express this error by saying "unrecognized option require-pam". > > > > Do you have 'require-pam' set in /etc/ppp/options? > > > > Steve Langasek > > postmodern programmer > > > > > > -----Mensaje original----- > > > > De: Steve Langasek [mailto:vorlon at netexpress.net] > > > > Enviado el: lunes, 03 de junio de 2002 15:01 > > > > Para: Federico Edelman > > > > CC: 'bao'; 'pptp-server at lists.schulte.org' > > > > Asunto: Re: [pptp-server] pptp + PAM > > > > > > > > On Mon, Jun 03, 2002 at 02:23:00PM -0300, Federico Edelman wrote: > > > > > Umm.. Where can I find information about how configure pptp + pam? > > > > > > > > > I put in /etc/pptpd.conf: > > > > > speed 115200 > > > > > option /etc/ppp/pptpd-options > > > > > debug > > > > > localip 192.168.0.3-200 > > > > > remoteip 192.168.0.3-200 > > > > > > > > > I put in /etc/ppp/pptpd-options: > > > > > debug > > > > > name myhost > > > > > auth > > > > > login > > > > > netmask 255.255.255.0 > > > > > nodefaultroute > > > > > proxyarp > > > > > lock > > > > > > > > > The /etc/ppp/chap-secrets and /etc/ppp/pap-secrets are empty, > > because I > > > > will > > > > > authenticate through PAM only. > > > > > > > > > I compile pppd with USE_PAM=y, HAS_SHADOW=y, CHAPMS=y, USE_CRYPT=y, > > but > > > > If I > > > > > put in /etc/ppp/pptpd-options '+chapms' or 'require-chapms' I get > > > > > 'unrecognized option require-pam'. > > > > > > > > > What's wrong? > > > > > > > > You misunderstand how MS-CHAP and PAM work. You will never be able to > > > > use these two technologies together, as they have incompatible > > designs. > > > > > > > > Steve Langasek > > > > postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From fedelman at claxson.com Mon Jun 3 13:55:59 2002 From: fedelman at claxson.com (Federico Edelman) Date: Mon, 3 Jun 2002 15:55:59 -0300 Subject: [pptp-server] pptp + PAM Message-ID: No.. I've not chap-ms in my pptp-options. Does anybody run pppd with pam support? > -----Mensaje original----- > De: Steve Langasek [mailto:vorlon at netexpress.net] > Enviado el: lunes, 03 de junio de 2002 15:48 > Para: Federico Edelman > CC: 'bao'; 'pptp-server at lists.schulte.org' > Asunto: Re: [pptp-server] pptp + PAM > > On Mon, Jun 03, 2002 at 03:26:03PM -0300, Federico Edelman wrote: > > I put in /etc/pptpd.conf: > > speed 115200 > > option /etc/ppp/pptpd-options > > debug > > localip 192.168.0.3-200 > > remoteip 192.168.0.3-200 > > > I put in /etc/ppp/pptpd-options: > > debug > > name myhost > > auth > > login > > require-pam > > netmask 255.255.255.0 > > nodefaultroute > > proxyarp > > lock > > > I get "unrecognized option require-pam". > > Ok, so you get this error even when you *don't* have 'require-chapms' in > your config? In that case, it seems to be a problem with the PAM > support in pppd, which is not something I've ever used. > > Steve Langasek > postmodern programmer > > > > -----Mensaje original----- > > > De: Steve Langasek [mailto:vorlon at netexpress.net] > > > Enviado el: lunes, 03 de junio de 2002 15:17 > > > Para: Federico Edelman > > > CC: 'bao'; 'pptp-server at lists.schulte.org' > > > Asunto: Re: [pptp-server] pptp + PAM > > > > > > On Mon, Jun 03, 2002 at 03:09:15PM -0300, Federico Edelman wrote: > > > > Steve: > > > > Yes, but I was only compiled with these options. In pptpd- > options I > > > > don't put none of these options. > > > > > > > How can I'll must setting for PAM support? > > > > > > If you can't use MS-CHAP and PAM together, then clearly, having both > > > 'require-pam' and 'require-chapms' in your config is an error. PPP > > > happens to express this error by saying "unrecognized option require- > pam". > > > > > > Do you have 'require-pam' set in /etc/ppp/options? > > > > > > Steve Langasek > > > postmodern programmer > > > > > > > > -----Mensaje original----- > > > > > De: Steve Langasek [mailto:vorlon at netexpress.net] > > > > > Enviado el: lunes, 03 de junio de 2002 15:01 > > > > > Para: Federico Edelman > > > > > CC: 'bao'; 'pptp-server at lists.schulte.org' > > > > > Asunto: Re: [pptp-server] pptp + PAM > > > > > > > > > > On Mon, Jun 03, 2002 at 02:23:00PM -0300, Federico Edelman wrote: > > > > > > Umm.. Where can I find information about how configure pptp + > pam? > > > > > > > > > > > I put in /etc/pptpd.conf: > > > > > > speed 115200 > > > > > > option /etc/ppp/pptpd-options > > > > > > debug > > > > > > localip 192.168.0.3-200 > > > > > > remoteip 192.168.0.3-200 > > > > > > > > > > > I put in /etc/ppp/pptpd-options: > > > > > > debug > > > > > > name myhost > > > > > > auth > > > > > > login > > > > > > netmask 255.255.255.0 > > > > > > nodefaultroute > > > > > > proxyarp > > > > > > lock > > > > > > > > > > > The /etc/ppp/chap-secrets and /etc/ppp/pap-secrets are empty, > > > because I > > > > > will > > > > > > authenticate through PAM only. > > > > > > > > > > > I compile pppd with USE_PAM=y, HAS_SHADOW=y, CHAPMS=y, > USE_CRYPT=y, > > > but > > > > > If I > > > > > > put in /etc/ppp/pptpd-options '+chapms' or 'require-chapms' I > get > > > > > > 'unrecognized option require-pam'. > > > > > > > > > > > What's wrong? > > > > > > > > > > You misunderstand how MS-CHAP and PAM work. You will never be > able to > > > > > use these two technologies together, as they have incompatible > > > designs. > > > > > > > > > > Steve Langasek > > > > > postmodern programmer -------------- next part -------------- An HTML attachment was scrubbed... URL: From adam at morrison-ind.com Mon Jun 3 14:22:31 2002 From: adam at morrison-ind.com (Adam Williams) Date: Mon, 3 Jun 2002 15:22:31 -0400 (EDT) Subject: [pptp-server] pptp + PAM In-Reply-To: Message-ID: >Steve: >Yes, but I was only compiled with these options. In pptpd-options I >How can I'll must setting for PAM support? Just setup PPP to use PAP and make no encryption requirements in your options file. So long as you understand that it pretty much takes the "P" out of VPN. From danield at snapgear.com Tue Jun 4 00:24:37 2002 From: danield at snapgear.com (Daniel Djamaludin) Date: Tue, 04 Jun 2002 15:24:37 +1000 Subject: [pptp-server] PopTop Maintainer Message-ID: <3CFC4F15.AA477132@snapgear.com> Hi Everyone, First of all, sorry to resurface again after a few months silence without having the latest development release of PopTop. Unfortunately SnapGear has had higher priority tasks to undertake and maintaining the PopTop has not been one them. SnapGear has continued to develop PopTop though and are very happy to release to someone who wants to package it for distribution and can put it on the PopTop website. I can give them access to the sourceforge website and of course they'll receive recognition for their efforts. Please let me know if you are interested. Also, Igor Maciel Macaubas has volunteered to take care of the documentation side and will maintain this aspect of the project. Regards, Daniel From Administrator at josims.com Tue Jun 4 04:54:19 2002 From: Administrator at josims.com (Andrew Lyon) Date: Tue, 4 Jun 2002 10:54:19 +0100 Subject: [pptp-server] PopTop Maintainer Message-ID: <592F914D209FD942908826DFF2277A2DE819@COMMSSERVER> Forgive my ignorance but what exactly would be involved in packaging it up ? Andy -----Original Message----- From: Daniel Djamaludin [mailto:danield at snapgear.com] Sent: 04 June 2002 06:25 To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] PopTop Maintainer Hi Everyone, First of all, sorry to resurface again after a few months silence without having the latest development release of PopTop. Unfortunately SnapGear has had higher priority tasks to undertake and maintaining the PopTop has not been one them. SnapGear has continued to develop PopTop though and are very happy to release to someone who wants to package it for distribution and can put it on the PopTop website. I can give them access to the sourceforge website and of course they'll receive recognition for their efforts. Please let me know if you are interested. Also, Igor Maciel Macaubas has volunteered to take care of the documentation side and will maintain this aspect of the project. Regards, Daniel _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. From danield at snapgear.com Tue Jun 4 17:50:07 2002 From: danield at snapgear.com (Daniel Djamaludin) Date: Wed, 05 Jun 2002 08:50:07 +1000 Subject: [pptp-server] PopTop Maintainer References: <592F914D209FD942908826DFF2277A2DE819@COMMSSERVER> Message-ID: <3CFD441F.1FB30CB@snapgear.com> Hi Andrew, The latest PopTop version we have is built for embedded platforms. It is included in the uClinux distribution (www.uclinux.org). "Packaging it up" would include getting it working for mainstream linux distributions. Regards, Daniel Andrew Lyon wrote: > Forgive my ignorance but what exactly would be involved in packaging it up ? > > Andy From rditto at EARTHLINK.NET Wed Jun 5 08:36:56 2002 From: rditto at EARTHLINK.NET (rlditto&assoc) Date: Wed, 5 Jun 2002 09:36:56 -0400 Subject: [pptp-server] where to get? Message-ID: <000c01c20c96$103176a0$1000a8c0@iserve> could someone tell me where i can download the latest poptop? -------------- next part -------------- An HTML attachment was scrubbed... URL: From robert at dvns.com Wed Jun 5 08:37:13 2002 From: robert at dvns.com (Robert Green) Date: Wed, 5 Jun 2002 08:37:13 -0500 Subject: [pptp-server] Having trouble getting encryption working. Message-ID: <20020605083713.D6080@vortex.dvns.com> OK, I have been having a lot of trouble getting encryption working with a RH6.2 box and a win98 box. I have the following setup: RH 6.2 box running with a 2.2.20 kernel pptp-1.0.1 pppd-2.4.1 and I had to go here to find the kernel patches for ppp and mppe http://ftp.samba.org/ftp/unpacked/ppp/ (pppd compiles from this archive but does not work right. The kernel modules seem to work though) The problem is I turn on encryption on the windows box and then try connecting. I get the dreaded Error 742 message. I look at my linux box and all of the modules are present (ppp_deflate, bsd_comp, ppp_mppe, ppp, slhc). My options file looks like this: lock debug name flame procyarp +chapms-v2 mppe-40 mppe-128 mppe-stateless I have tried several combinations of removing the mppe lines with no success. What am I doing wrong? Also is there a cononoical archive of all the right patches/kernel modules/etc that I need to be looking at? I can't help but think that there might be something that didn't compile right. TIA, Robert From macaubas at br.inter.net Wed Jun 5 08:51:30 2002 From: macaubas at br.inter.net (Igor Maciel Macaubas) Date: Wed, 5 Jun 2002 10:51:30 -0300 Subject: [pptp-server] where to get? References: <000c01c20c96$103176a0$1000a8c0@iserve> Message-ID: <001101c20c98$1abad790$01fea8c0@igor> Using our official site: http://www.poptop.org Regards, Igor -- igor at br.inter.net ----- Original Message ----- From: rlditto&assoc To: PPTP LIST Sent: Wednesday, June 05, 2002 10:36 AM Subject: [pptp-server] where to get? could someone tell me where i can download the latest poptop? -------------- next part -------------- An HTML attachment was scrubbed... URL: From r.devroede at linvision.com Wed Jun 5 09:43:34 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 05 Jun 2002 16:43:34 +0200 Subject: [pptp-server] Having trouble getting encryption working. In-Reply-To: <20020605083713.D6080@vortex.dvns.com> References: <20020605083713.D6080@vortex.dvns.com> Message-ID: <1023288214.2504.11.camel@richard> First of all: > My options file looks like this: > > lock > debug > name flame > procyarp <-- should be proxyarp > +chapms-v2 > mppe-40 <--+ both 40 & 128 bits is bad. Choose either one > mppe-128 <--+ > mppe-stateless Regards, Richard -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From robert at dvns.com Wed Jun 5 10:17:34 2002 From: robert at dvns.com (Robert Green) Date: Wed, 5 Jun 2002 10:17:34 -0500 Subject: [pptp-server] Having trouble getting encryption working. In-Reply-To: <1023288214.2504.11.camel@richard>; from r.devroede@linvision.com on Wed, Jun 05, 2002 at 04:43:34PM +0200 References: <20020605083713.D6080@vortex.dvns.com> <1023288214.2504.11.camel@richard> Message-ID: <20020605101734.G6080@vortex.dvns.com> I have tried just mppe-40 or mppe-128 to no avail. Any other areas that I might need to look at? Robert On Wed, Jun 05, 2002 at 04:43:34PM +0200, R. de Vroede wrote: > First of all: > > > My options file looks like this: > > > > lock > > debug > > name flame > > procyarp <-- should be proxyarp > > +chapms-v2 > > mppe-40 <--+ both 40 & 128 bits is bad. Choose either one > > mppe-128 <--+ > > mppe-stateless > > Regards, > Richard > > > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From r.devroede at linvision.com Wed Jun 5 10:38:36 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 05 Jun 2002 17:38:36 +0200 Subject: [pptp-server] Having trouble getting encryption working. In-Reply-To: <20020605100427.F6080@vortex.dvns.com> References: <20020605083713.D6080@vortex.dvns.com> <1023288214.2504.11.camel@richard> <20020605100427.F6080@vortex.dvns.com> Message-ID: <1023291516.2504.16.camel@richard> Maybe you could post logs from the server to the list. Makes debugging easier. Regards, Richard > I have tried just one or the other mppe-40/-128 to no avail. > > Robert > > On Wed, Jun 05, 2002 at 04:43:34PM +0200, R. de Vroede wrote: > > First of all: > > > > > My options file looks like this: > > > > > > lock > > > debug > > > name flame > > > procyarp <-- should be proxyarp -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From robert at dvns.com Wed Jun 5 12:51:14 2002 From: robert at dvns.com (Robert Green) Date: Wed, 5 Jun 2002 12:51:14 -0500 Subject: [pptp-server] Having trouble getting encryption working. In-Reply-To: <1023291516.2504.16.camel@richard>; from r.devroede@linvision.com on Wed, Jun 05, 2002 at 05:38:36PM +0200 References: <20020605083713.D6080@vortex.dvns.com> <1023288214.2504.11.camel@richard> <20020605100427.F6080@vortex.dvns.com> <1023291516.2504.16.camel@richard> Message-ID: <20020605125114.H6080@vortex.dvns.com> Here is my log file: Jun 4 12:46:49 flame pptpd[1432]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Jun 4 12:46:49 flame pptpd[1432]: CTRL: local address = 192.168.0.2 Jun 4 12:46:49 flame pptpd[1432]: CTRL: remote address = 192.168.1.2 Jun 4 12:46:49 flame pptpd[1432]: CTRL: pppd speed = 115200 Jun 4 12:46:49 flame pptpd[1432]: CTRL: pppd options file = /etc/ppp/options.pptp Jun 4 12:46:49 flame pptpd[1432]: CTRL: Client 192.168.101.50 control connection started Jun 4 12:46:49 flame pptpd[1432]: CTRL: Received PPTP Control Message (type: 1)Jun 4 12:46:49 flame pptpd[1432]: CTRL: Made a START CTRL CONN RPLY packet Jun 4 12:46:49 flame pptpd[1432]: CTRL: I wrote 156 bytes to the client. Jun 4 12:46:49 flame pptpd[1432]: CTRL: Sent packet to client Jun 4 12:46:49 flame pptpd[1432]: CTRL: Received PPTP Control Message (type: 7)Jun 4 12:46:49 flame pptpd[1432]: CTRL: Set parameters to 0 maxbps, 16 window size Jun 4 12:46:49 flame pptpd[1432]: CTRL: Made a OUT CALL RPLY packet Jun 4 12:46:49 flame pptpd[1432]: CTRL: Starting call (launching pppd, opening GRE) Jun 4 12:46:49 flame pptpd[1432]: CTRL: pty_fd = 5 Jun 4 12:46:49 flame pptpd[1432]: CTRL: tty_fd = 6 Jun 4 12:46:49 flame pptpd[1433]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 4 12:46:49 flame pptpd[1433]: CTRL (PPPD Launcher): local address = 192.168.0.2 Jun 4 12:46:49 flame pptpd[1433]: CTRL (PPPD Launcher): remote address = 192.168.1.2 Jun 4 12:46:49 flame pppd[1433]: pppd 2.4.1 started by root, uid 0 Jun 4 12:46:49 flame pptpd[1432]: CTRL: I wrote 32 bytes to the client. Jun 4 12:46:49 flame pptpd[1432]: CTRL: Sent packet to client Jun 4 12:46:49 flame pppd[1433]: Using interface ppp0 Jun 4 12:46:49 flame pppd[1433]: Connect: ppp0 <--> /dev/pts/0 Jun 4 12:46:49 flame pppd[1433]: sent [LCP ConfReq id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: rcvd [LCP ConfReq id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: sent [LCP ConfAck id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: rcvd [LCP ConfAck id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: sent [CHAP Challenge id=0x1 <77a348ec6adc3a6af9bc537e040f13a5>, name = "flame"] Jun 4 12:46:49 flame pppd[1433]: rcvd [CHAP Response id=0x1 <2f70dc4e0f5472f35b51a28dc01af4d100000000000000007c24bd2cc54f210ead2ad77f69298fced8888b253a3611c704>, name = "rng"] Jun 4 12:46:49 flame pppd[1433]: sent [CHAP Success id=0x1 "S=AA0FC23404A4CA8E9CEED5FB76B4049059A8D790"] Jun 4 12:46:49 flame pppd[1433]: sent [IPCP ConfReq id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: sent [CCP ConfReq id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: MSCHAP-v2 peer authentication succeeded for rng Jun 4 12:46:49 flame pppd[1433]: rcvd [IPCP ConfReq id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: sent [IPCP ConfRej id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: rcvd [CCP ConfReq id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: sent [CCP ConfRej id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: rcvd [IPCP ConfRej id=0x1 ]Jun 4 12:46:49 flame pppd[1433]: sent [IPCP ConfReq id=0x2 ] Jun 4 12:46:49 flame pppd[1433]: rcvd [CCP ConfRej id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: sent [CCP ConfReq id=0x2] Jun 4 12:46:49 flame pppd[1433]: rcvd [IPCP ConfReq id=0x2 ] Jun 4 12:46:49 flame pppd[1433]: sent [IPCP ConfNak id=0x2 ] Jun 4 12:46:49 flame pppd[1433]: rcvd [CCP ConfReq id=0x2] Jun 4 12:46:49 flame pppd[1433]: sent [CCP ConfAck id=0x2] Jun 4 12:46:49 flame pppd[1433]: rcvd [IPCP ConfAck id=0x2 ] Jun 4 12:46:49 flame pppd[1433]: rcvd [CCP ConfAck id=0x2] Jun 4 12:46:49 flame pppd[1433]: rcvd [IPCP ConfReq id=0x3 ] Jun 4 12:46:49 flame pppd[1433]: sent [IPCP ConfAck id=0x3 ] Jun 4 12:46:49 flame pppd[1433]: found interface eth0 for proxy arp Jun 4 12:46:49 flame pppd[1433]: local IP address 192.168.0.2 Jun 4 12:46:49 flame pppd[1433]: remote IP address 192.168.201.240 Jun 4 12:46:49 flame pppd[1433]: Script /etc/ppp/ip-up started (pid 1434) Jun 4 12:46:49 flame pppd[1433]: rcvd [CCP TermReq id=0x3] Jun 4 12:46:49 flame pppd[1433]: CCP terminated by peer Jun 4 12:46:49 flame pppd[1433]: sent [CCP TermAck id=0x3] Jun 4 12:46:49 flame pppd[1433]: Compression disabled by peer. Jun 4 12:46:49 flame pppd[1433]: Script /etc/ppp/ip-up finished (pid 1434), status = 0x0 Jun 4 12:46:51 flame pppd[1433]: rcvd [LCP TermReq id=0x2] Jun 4 12:46:51 flame pppd[1433]: LCP terminated by peer Jun 4 12:46:51 flame pppd[1433]: Script /etc/ppp/ip-down started (pid 1464) Jun 4 12:46:51 flame pppd[1433]: sent [LCP TermAck id=0x2] Jun 4 12:46:51 flame pptpd[1432]: CTRL: Received PPTP Control Message (type: 12) Jun 4 12:46:51 flame pptpd[1432]: CTRL: Made a CALL DISCONNECT RPLY packet Jun 4 12:46:51 flame pptpd[1432]: CTRL: Received CALL CLR request (closing call) Jun 4 12:46:51 flame pptpd[1432]: CTRL: I wrote 148 bytes to the client. Jun 4 12:46:51 flame pptpd[1432]: CTRL: Sent packet to client Jun 4 12:46:51 flame pptpd[1432]: CTRL: Error with select(), quitting Jun 4 12:46:51 flame pptpd[1432]: CTRL: Client 192.168.101.50 control connection finished Jun 4 12:46:51 flame pptpd[1432]: CTRL: Exiting now Jun 4 12:46:51 flame pptpd[1198]: MGR: Reaped child 1432 Jun 4 12:46:51 flame pppd[1433]: Modem hangup Jun 4 12:46:51 flame pppd[1433]: Connection terminated. Jun 4 12:46:51 flame pppd[1433]: Connect time 0.1 minutes. Jun 4 12:46:51 flame pppd[1433]: Sent 437 bytes, received 453 bytes. Jun 4 12:46:51 flame pppd[1433]: Waiting for 1 child processes... Jun 4 12:46:51 flame pppd[1433]: script /etc/ppp/ip-down, pid 1464 Jun 4 12:46:51 flame pppd[1433]: Script /etc/ppp/ip-down finished (pid 1464), status = 0x0 Jun 4 12:46:51 flame pppd[1433]: Exit. The lines that I am worried about are these: Jun 4 12:46:49 flame pppd[1433]: rcvd [CCP ConfReq id=0x1 ] Jun 4 12:46:49 flame pppd[1433]: sent [CCP ConfRej id=0x1 ] This seems to be rejecting the encryption. Thanks Robert On Wed, Jun 05, 2002 at 05:38:36PM +0200, R. de Vroede wrote: > Maybe you could post logs from the server to the list. Makes debugging > easier. > > Regards, > Richard > > > I have tried just one or the other mppe-40/-128 to no avail. > > > > Robert > > > > On Wed, Jun 05, 2002 at 04:43:34PM +0200, R. de Vroede wrote: > > > First of all: > > > > > > > My options file looks like this: > > > > > > > > lock > > > > debug > > > > name flame > > > > procyarp <-- should be proxyarp > > > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From hawke.robinson at dev2dev.biz Thu Jun 6 09:04:51 2002 From: hawke.robinson at dev2dev.biz (Hawke) Date: Thu, 6 Jun 2002 08:04:51 -0600 Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect Message-ID: I'm already aware of the option in the client side (windows) vpn connection option to use default route. However, unless I want all their Internet traffic to run through my vpn server that is not a good option. Everything works fine in that the vpn client connects, is given an ip, etc. I want to be able to add (as many as needed) routes to the client upon connection. Currently I have to manually type the add route command from the command line after the client connects to get the desired results. Sure, I can script that on the client side, but when there can be scores of different people connecting that is inefficient to have to distribute and setup this script for everyone. I want the server to assign the routes in typical ISP fashion. Since pptp is based on ppp isn't there some simple script I can add somewhere that will do this? Any help is most appreciated. Thanks, -Art From j.bowen at CYPROTEX.com Thu Jun 6 09:15:52 2002 From: j.bowen at CYPROTEX.com (Jim Bowen) Date: Thu, 6 Jun 2002 15:15:52 +0100 Subject: [pptp-server] mschap-v2 auth against en-hashed secrets Message-ID: Hi, Does anyone know of a way to get ppp to auth against either a separate NT (or samba) server, or against NT password hashes instead of plaintext passwords in the /etc/ppp/chap-secrets file. I tried the obvious one of just putting the LM hash into the secret field (works with unix-crypt in pap-secrets), but all I got for that was a segfault :( Our domain controller is on NT, but I've managed to convince everyone to run the VPN server on linux instead, using PoPtoP (great app), but I don't like keeping plaintext secrets on a server that has an internet connection. I'm stuck with...um.... reverse-engineering their passwords at the moment, which can take a couple of days for the better users :) Jim -- Email : j.bowen at cyprotex.com Tel : 01625 505112 Fax : 01625 505199 This E-Mail is sent in confidence for the addressee only. Unauthorised recipients must preserve this confidentiality and should please advise the sender immediately by telephone (+44 (0)870 241 6492) and return the original E-Mail to the sender without taking a copy. Cyprotex has taken all reasonable precautions to ensure that no viruses are transmitted from Cyprotex to any third party. Cyprotex accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this E-Mail or the contents. -------------- next part -------------- An HTML attachment was scrubbed... URL: From robert at dvns.com Thu Jun 6 10:07:59 2002 From: robert at dvns.com (Robert Green) Date: Thu, 6 Jun 2002 10:07:59 -0500 Subject: [pptp-server] Having trouble getting encryption working. In-Reply-To: <1023352820.4748.5.camel@richard>; from r.devroede@linvision.com on Thu, Jun 06, 2002 at 10:40:19AM +0200 References: <20020605083713.D6080@vortex.dvns.com> <1023352820.4748.5.camel@richard> Message-ID: <20020606100759.A29073@vortex.dvns.com> I went ahead and tried the pptpd-1.1.2 and that didn't help. I am posting the log. Jun 5 10:07:57 flame pptpd[3271]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Jun 5 10:07:57 flame pptpd[3271]: CTRL: local address = 192.168.0.2 Jun 5 10:07:57 flame pptpd[3271]: CTRL: remote address = 192.168.1.2 Jun 5 10:07:57 flame pptpd[3271]: CTRL: pppd speed = 115200 Jun 5 10:07:57 flame pptpd[3271]: CTRL: pppd options file = /etc/ppp/options.pptp Jun 5 10:07:57 flame pptpd[3271]: CTRL: Client 192.168.101.50 control connection started Jun 5 10:07:57 flame pptpd[3271]: CTRL: Received PPTP Control Message (type: 1) Jun 5 10:07:57 flame pptpd[3271]: CTRL: Made a START CTRL CONN RPLY packet Jun 5 10:07:57 flame pptpd[3271]: CTRL: I wrote 156 bytes to the client. Jun 5 10:07:57 flame pptpd[3271]: CTRL: Sent packet to client Jun 5 10:07:57 flame pptpd[3271]: CTRL: Received PPTP Control Message (type: 7) Jun 5 10:07:57 flame pptpd[3271]: CTRL: 0 min_bps, 0 max_bps, 32 window size Jun 5 10:07:57 flame pptpd[3271]: CTRL: Made a OUT CALL RPLY packet Jun 5 10:07:57 flame pptpd[3271]: CTRL: Starting call (launching pppd, opening GRE) Jun 5 10:07:57 flame pptpd[3271]: CTRL: pty_fd = 5 Jun 5 10:07:57 flame pptpd[3271]: CTRL: tty_fd = 6 Jun 5 10:07:57 flame pptpd[3272]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 5 10:07:57 flame pptpd[3272]: CTRL (PPPD Launcher): local address = 192.168.0.2 Jun 5 10:07:57 flame pptpd[3272]: CTRL (PPPD Launcher): remote address = 192.168.1.2 Jun 5 10:07:57 flame pppd[3272]: pppd 2.4.1 started by root, uid 0 Jun 5 10:07:57 flame pppd[3272]: Using interface ppp0 Jun 5 10:07:57 flame pppd[3272]: Connect: ppp0 <--> /dev/pts/1 Jun 5 10:07:57 flame pppd[3272]: sent [LCP ConfReq id=0x1 ] Jun 5 10:07:57 flame pptpd[3271]: CTRL: I wrote 32 bytes to the client. Jun 5 10:07:57 flame pptpd[3271]: CTRL: Sent packet to client Jun 5 10:07:57 flame pptpd[3271]: Buffering out-of-order packet; got 1 after 4294967295 Jun 5 10:08:00 flame pppd[3272]: sent [LCP ConfReq id=0x1 ] Jun 5 10:08:00 flame pptpd[3271]: Packet reorder timeout waiting for 0 Jun 5 10:08:00 flame pptpd[3271]: Buffering out-of-order packet; got 2 after 0 Jun 5 10:08:00 flame pppd[3272]: rcvd [LCP ConfReq id=0x1 ] Jun 5 10:08:00 flame pppd[3272]: sent [LCP ConfAck id=0x1 ] Jun 5 10:08:00 flame pppd[3272]: rcvd [LCP ConfAck id=0x1 ] Jun 5 10:08:00 flame pppd[3272]: sent [CHAP Challenge id=0x1 <572811b06969278d3b9ff2b6ad10718b>, name = "flame"] Jun 5 10:08:00 flame pppd[3272]: rcvd [CHAP Response id=0x1 <8958847f34663961012a2bfd2e4c004f00000000000000003b7cafb23f5f4088abd6f79046d785ea16631f7c42bffb9304>, name = "rng"] Jun 5 10:08:00 flame pppd[3272]: sent [CHAP Success id=0x1 "S=9FE5ED19EB9ED845C90B076550BDCF47E216621C"] Jun 5 10:08:00 flame pppd[3272]: sent [IPCP ConfReq id=0x1 ] Jun 5 10:08:00 flame kernel: PPP BSD Compression module registered Jun 5 10:08:00 flame kernel: PPP Deflate Compression module registered Jun 5 10:08:00 flame pppd[3272]: sent [CCP ConfReq id=0x1 ] Jun 5 10:08:00 flame pppd[3272]: MSCHAP-v2 peer authentication succeeded for rng Jun 5 10:08:00 flame pppd[3272]: rcvd [IPCP ConfReq id=0x1 ] Jun 5 10:08:00 flame pppd[3272]: sent [IPCP ConfRej id=0x1 ] Jun 5 10:08:00 flame pppd[3272]: rcvd [CCP ConfReq id=0x1 ] Jun 5 10:08:00 flame pppd[3272]: sent [CCP ConfRej id=0x1 ] Jun 5 10:08:00 flame pppd[3272]: rcvd [IPCP ConfRej id=0x1 ] Jun 5 10:08:00 flame pppd[3272]: sent [IPCP ConfReq id=0x2 ] Jun 5 10:08:00 flame pppd[3272]: rcvd [CCP ConfRej id=0x1 ] Jun 5 10:08:00 flame pppd[3272]: sent [CCP ConfReq id=0x2] Jun 5 10:08:00 flame pppd[3272]: rcvd [IPCP ConfReq id=0x2 ] Jun 5 10:08:00 flame pppd[3272]: sent [IPCP ConfNak id=0x2 ] Jun 5 10:08:00 flame pppd[3272]: rcvd [CCP ConfReq id=0x2] Jun 5 10:08:00 flame pppd[3272]: sent [CCP ConfAck id=0x2] Jun 5 10:08:00 flame pppd[3272]: rcvd [IPCP ConfAck id=0x2 ] Jun 5 10:08:00 flame pppd[3272]: rcvd [CCP ConfAck id=0x2] Jun 5 10:08:00 flame pppd[3272]: rcvd [IPCP ConfReq id=0x3 ] Jun 5 10:08:00 flame pppd[3272]: sent [IPCP ConfAck id=0x3 ] Jun 5 10:08:00 flame pppd[3272]: found interface eth0 for proxy arp Jun 5 10:08:00 flame pppd[3272]: local IP address 192.168.0.2 Jun 5 10:08:00 flame pppd[3272]: remote IP address 192.168.201.240 Jun 5 10:08:00 flame pppd[3272]: Script /etc/ppp/ip-up started (pid 3275) Jun 5 10:08:00 flame pppd[3272]: rcvd [CCP TermReq id=0x3] Jun 5 10:08:00 flame pppd[3272]: CCP terminated by peer Jun 5 10:08:00 flame pppd[3272]: sent [CCP TermAck id=0x3] Jun 5 10:08:00 flame pppd[3272]: Compression disabled by peer. Jun 5 10:08:01 flame pppd[3272]: Script /etc/ppp/ip-up finished (pid 3275), status = 0x0 Jun 5 10:08:05 flame pppd[3272]: rcvd [LCP TermReq id=0x2] Jun 5 10:08:05 flame pppd[3272]: LCP terminated by peer Jun 5 10:08:05 flame pppd[3272]: Script /etc/ppp/ip-down started (pid 3305) Jun 5 10:08:05 flame pppd[3272]: sent [LCP TermAck id=0x2] Jun 5 10:08:05 flame pptpd[3271]: CTRL: Received PPTP Control Message (type: 12) Jun 5 10:08:05 flame pptpd[3271]: CTRL: Made a CALL DISCONNECT RPLY packet Jun 5 10:08:05 flame pptpd[3271]: CTRL: Received CALL CLR request (closing call) Jun 5 10:08:05 flame pptpd[3271]: CTRL: I wrote 148 bytes to the client. Jun 5 10:08:05 flame pptpd[3271]: CTRL: Sent packet to client Jun 5 10:08:05 flame pppd[3272]: Modem hangup Jun 5 10:08:05 flame pppd[3272]: Connection terminated. Jun 5 10:08:05 flame pppd[3272]: Connect time 0.2 minutes. Jun 5 10:08:05 flame pppd[3272]: Sent 499 bytes, received 452 bytes. Jun 5 10:08:05 flame pppd[3272]: Waiting for 1 child processes... Jun 5 10:08:05 flame pppd[3272]: script /etc/ppp/ip-down, pid 3305 Jun 5 10:08:05 flame pppd[3272]: Script /etc/ppp/ip-down finished (pid 3305), status = 0x0 Jun 5 10:08:05 flame pppd[3272]: Exit. Jun 5 10:08:10 flame pptpd[3271]: GRE: read error: Bad file descriptor Jun 5 10:08:10 flame pptpd[3271]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Jun 5 10:08:10 flame pptpd[3271]: CTRL: Client 192.168.101.50 control connection finished Jun 5 10:08:10 flame pptpd[3271]: CTRL: Exiting now Jun 5 10:08:10 flame pptpd[3154]: MGR: Reaped child 3271 On Thu, Jun 06, 2002 at 10:40:19AM +0200, R. de Vroede wrote: > That log looks fishy.. > The reaped child problem was fixed in 1.1.2. > http://planetmirror.com/pub/mppe > You should get it. > > Regards, > Richard > > > > OK, I have been having a lot of trouble getting encryption working with a > > RH6.2 box and a win98 box. > > > > I have the following setup: > > RH 6.2 box running with a 2.2.20 kernel > > pptp-1.0.1 > > pppd-2.4.1 > > and I had to go here to find the kernel patches for ppp and mppe > > http://ftp.samba.org/ftp/unpacked/ppp/ > > (pppd compiles from this archive but does not work right. The kernel > > modules seem to work though) > > > > The problem is I turn on encryption on the windows box and then try > > connecting. I get the dreaded Error 742 message. I look at my linux box > > and all of the modules are present (ppp_deflate, bsd_comp, ppp_mppe, ppp, > > slhc). > > > > My options file looks like this: > > > > lock > > debug > > name flame > > procyarp > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > > > I have tried several combinations of removing the mppe lines with no > > success. > > > > What am I doing wrong? Also is there a cononoical archive of all the right > > patches/kernel modules/etc that I need to be looking at? I can't help but > > think that there might be something that didn't compile right. > > > > TIA, > > Robert > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > From igor.maciel at mailbr.com.br Thu Jun 6 10:46:38 2002 From: igor.maciel at mailbr.com.br (Igor Maciel Macaubas) Date: Thu, 6 Jun 2002 12:46:38 -0300 Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect References: Message-ID: <00cd01c20d71$5a8730b0$01fea8c0@igor> Hello, Well, let me see if I understand what you want to do: You want to add a route to your clients when they connect, at Server side? If is this what you want, you can use the ip-up.local script, that depending of the version of your pppd, may be located in /etc/ppp/ or /etc/ppp/scripts. This is script is executed imediatly after the connection of the client - so you can make a bash script to add this routes dinamically. But if you want to add a route at client side, I don't think that pppd/pptpd can carry this. I think that you want to make some really crazy system to do it. If you want any help in seting-up this script (ip-up.local), please send me e-mails in private and be sure that i'll help as I can! Regards, Igor -- igor.maciel at mailbr.com.br ----- Original Message ----- From: "Hawke" To: Sent: Thursday, June 06, 2002 11:04 AM Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect > I'm already aware of the option in the client side (windows) vpn connection > option to use default route. However, unless I want all their Internet > traffic to run through my vpn server that is not a good option. > Everything works fine in that the vpn client connects, is given an ip, etc. > I want to be able to add (as many as needed) routes to the client upon > connection. > Currently I have to manually type the add route command from the command > line after the client connects to get the desired results. Sure, I can > script that on the client side, but when there can be scores of different > people connecting that is inefficient to have to distribute and setup this > script for everyone. I want the server to assign the routes in typical ISP > fashion. Since pptp is based on ppp isn't there some simple script I can add > somewhere that will do this? > Any help is most appreciated. > Thanks, > -Art > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From webmaster at lotr.ws Thu Jun 6 12:22:00 2002 From: webmaster at lotr.ws (Webmaster) Date: Thu, 6 Jun 2002 11:22:00 -0600 Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect In-Reply-To: <00cd01c20d71$5a8730b0$01fea8c0@igor> Message-ID: You have it right in the second part. I want the server to assign routes to the client when the client connects to the server. Currently after the client connects to the pptpd server, I have to (from the client, in this case windows) type something along the lines of: route add 192.168.3.0 192.168.1.0 (shortened for brevity, don't worry about this syntax). Then everything works fine for the client to access that network. I need some way for the server to do that for the client when the client connects. It might be simple, but I suspect it is more involved otherwise it would seem that it would be more readily available. Any suggestions on how to pull this off anyone? Thanks, -Art -----Original Message----- From: Igor Maciel Macaubas [mailto:igor.maciel at mailbr.com.br] Sent: Thursday, June 06, 2002 9:47 AM To: Hawke; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when then connect Hello, Well, let me see if I understand what you want to do: You want to add a route to your clients when they connect, at Server side? If is this what you want, you can use the ip-up.local script, that depending of the version of your pppd, may be located in /etc/ppp/ or /etc/ppp/scripts. This is script is executed imediatly after the connection of the client - so you can make a bash script to add this routes dinamically. But if you want to add a route at client side, I don't think that pppd/pptpd can carry this. I think that you want to make some really crazy system to do it. If you want any help in seting-up this script (ip-up.local), please send me e-mails in private and be sure that i'll help as I can! Regards, Igor -- igor.maciel at mailbr.com.br ----- Original Message ----- From: "Hawke" To: Sent: Thursday, June 06, 2002 11:04 AM Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect > I'm already aware of the option in the client side (windows) vpn connection > option to use default route. However, unless I want all their Internet > traffic to run through my vpn server that is not a good option. > Everything works fine in that the vpn client connects, is given an ip, etc. > I want to be able to add (as many as needed) routes to the client upon > connection. > Currently I have to manually type the add route command from the command > line after the client connects to get the desired results. Sure, I can > script that on the client side, but when there can be scores of different > people connecting that is inefficient to have to distribute and setup this > script for everyone. I want the server to assign the routes in typical ISP > fashion. Since pptp is based on ppp isn't there some simple script I can add > somewhere that will do this? > Any help is most appreciated. > Thanks, > -Art > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From igor.maciel at mailbr.com.br Thu Jun 6 12:52:44 2002 From: igor.maciel at mailbr.com.br (Igor Maciel Macaubas) Date: Thu, 6 Jun 2002 14:52:44 -0300 Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect References: Message-ID: <017801c20d82$fb7b0c10$01fea8c0@igor> Hum, In this case, I really don't know what you have to do. Since that you want to add this route at client side, it's not trivial. You can try to put at the server side some type of script to be executed in the client when it connects.. but I've never done something like that. Regards, Igor -- igor.maciel at mailbr.com.br ----- Original Message ----- From: "Webmaster" To: Sent: Thursday, June 06, 2002 2:22 PM Subject: RE: [pptp-server] Want pptpd server to assign routes to clients when then connect > You have it right in the second part. I want the server to assign routes to > the client when the client connects to the server. > Currently after the client connects to the pptpd server, I have to (from the > client, in this case windows) type something along the lines of: > route add 192.168.3.0 192.168.1.0 (shortened for brevity, don't worry about > this syntax). > Then everything works fine for the client to access that network. > I need some way for the server to do that for the client when the client > connects. > It might be simple, but I suspect it is more involved otherwise it would > seem that it would be more readily available. > Any suggestions on how to pull this off anyone? > Thanks, > -Art > > -----Original Message----- > From: Igor Maciel Macaubas [mailto:igor.maciel at mailbr.com.br] > Sent: Thursday, June 06, 2002 9:47 AM > To: Hawke; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients > when then connect > > > Hello, > > Well, let me see if I understand what you want to do: > You want to add a route to your clients when they connect, at Server side? > If is this what you want, you can use the ip-up.local script, that depending > of the version of your pppd, may be located in /etc/ppp/ or > /etc/ppp/scripts. > This is script is executed imediatly after the connection of the client - so > you can make a bash script to add this routes dinamically. > But if you want to add a route at client side, I don't think that pppd/pptpd > can carry this. I think that you want to make some really crazy system to do > it. > If you want any help in seting-up this script (ip-up.local), please send me > e-mails in private and be sure that i'll help as I can! > > Regards, > Igor > -- > igor.maciel at mailbr.com.br > > > ----- Original Message ----- > From: "Hawke" > To: > Sent: Thursday, June 06, 2002 11:04 AM > Subject: [pptp-server] Want pptpd server to assign routes to clients when > then connect > > > > I'm already aware of the option in the client side (windows) vpn > connection > > option to use default route. However, unless I want all their Internet > > traffic to run through my vpn server that is not a good option. > > Everything works fine in that the vpn client connects, is given an ip, > etc. > > I want to be able to add (as many as needed) routes to the client upon > > connection. > > Currently I have to manually type the add route command from the command > > line after the client connects to get the desired results. Sure, I can > > script that on the client side, but when there can be scores of different > > people connecting that is inefficient to have to distribute and setup this > > script for everyone. I want the server to assign the routes in typical ISP > > fashion. Since pptp is based on ppp isn't there some simple script I can > add > > somewhere that will do this? > > Any help is most appreciated. > > Thanks, > > -Art > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From fcusack at fcusack.com Thu Jun 6 15:01:57 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Thu, 6 Jun 2002 13:01:57 -0700 Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect In-Reply-To: ; from hawke.robinson@dev2dev.biz on Thu, Jun 06, 2002 at 08:04:51AM -0600 References: Message-ID: <20020606130157.D19393@google.com> On Thu, Jun 06, 2002 at 08:04:51AM -0600, Hawke wrote: > script for everyone. I want the server to assign the routes in typical ISP > fashion. Since pptp is based on ppp isn't there some simple script I can add > somewhere that will do this? pptp is not based on ppp. Neither pptp nor ppp can do this, sorry. It's also a sore spot with me. :-( /fc From jvonau at shaw.ca Thu Jun 6 18:23:21 2002 From: jvonau at shaw.ca (fxgh) Date: Thu, 06 Jun 2002 18:23:21 -0500 Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect Message-ID: <01C20D87.3DA402A0.jvonau@shaw.ca> Hi all: I'm using my wife's machine, so if this comes out HTML, I'm sorry inadvance..... Mine is getting upgraded, woo hoo I recall someone suggesting to use a ms tool.... ah here it is: http://lists.schulte.org/pipermail/pptp-server/2002-March/007867.html Just to let everybody know you can still get to the old archives at: http://lists.schulte.org/pipermail/pptp-server/ You can search them at: http://lists.schulte.org/search/search-pptp-server.html Maybe a link from the new website would be helpful ;-) Just my 2 cents worth... Jerry Vonau -----Original Message----- From: Igor Maciel Macaubas [SMTP:igor.maciel at mailbr.com.br] Sent: Thursday, June 06, 2002 12:53 PM To: Webmaster; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when then connect Hum, In this case, I really don't know what you have to do. Since that you want to add this route at client side, it's not trivial. You can try to put at the server side some type of script to be executed in the client when it connects.. but I've never done something like that. Regards, Igor -- igor.maciel at mailbr.com.br ----- Original Message ----- From: "Webmaster" To: Sent: Thursday, June 06, 2002 2:22 PM Subject: RE: [pptp-server] Want pptpd server to assign routes to clients when then connect > You have it right in the second part. I want the server to assign routes to > the client when the client connects to the server. > Currently after the client connects to the pptpd server, I have to (from the > client, in this case windows) type something along the lines of: > route add 192.168.3.0 192.168.1.0 (shortened for brevity, don't worry about > this syntax). > Then everything works fine for the client to access that network. > I need some way for the server to do that for the client when the client > connects. > It might be simple, but I suspect it is more involved otherwise it would > seem that it would be more readily available. > Any suggestions on how to pull this off anyone? > Thanks, > -Art > > -----Original Message----- > From: Igor Maciel Macaubas [mailto:igor.maciel at mailbr.com.br] > Sent: Thursday, June 06, 2002 9:47 AM > To: Hawke; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients > when then connect > > > Hello, > > Well, let me see if I understand what you want to do: > You want to add a route to your clients when they connect, at Server side? > If is this what you want, you can use the ip-up.local script, that depending > of the version of your pppd, may be located in /etc/ppp/ or > /etc/ppp/scripts. > This is script is executed imediatly after the connection of the client - so > you can make a bash script to add this routes dinamically. > But if you want to add a route at client side, I don't think that pppd/pptpd > can carry this. I think that you want to make some really crazy system to do > it. > If you want any help in seting-up this script (ip-up.local), please send me > e-mails in private and be sure that i'll help as I can! > > Regards, > Igor > -- > igor.maciel at mailbr.com.br > > > ----- Original Message ----- > From: "Hawke" > To: > Sent: Thursday, June 06, 2002 11:04 AM > Subject: [pptp-server] Want pptpd server to assign routes to clients when > then connect > > > > I'm already aware of the option in the client side (windows) vpn > connection > > option to use default route. However, unless I want all their Internet > > traffic to run through my vpn server that is not a good option. > > Everything works fine in that the vpn client connects, is given an ip, > etc. > > I want to be able to add (as many as needed) routes to the client upon > > connection. > > Currently I have to manually type the add route command from the command > > line after the client connects to get the desired results. Sure, I can > > script that on the client side, but when there can be scores of different > > people connecting that is inefficient to have to distribute and setup this > > script for everyone. I want the server to assign the routes in typical ISP > > fashion. Since pptp is based on ppp isn't there some simple script I can > add > > somewhere that will do this? > > Any help is most appreciated. > > Thanks, > > -Art > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From webmaster at lotr.ws Thu Jun 6 18:39:10 2002 From: webmaster at lotr.ws (Webmaster) Date: Thu, 6 Jun 2002 17:39:10 -0600 Subject: FW: [pptp-server] Want pptpd server to assign routes to clients when then connect Message-ID: -----Original Message----- From: Frank Cusack [mailto:fcusack at fcusack.com] Sent: Thursday, June 06, 2002 2:55 PM To: Webmaster Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when then connect Oh, sorry. Yes, they do PPP and the ppp software on the user side installs a default route pointing to the other side of the ppp link. That's what I was referring to --- ppp provides no way to communicate a route to the peer. /fc On Thu, Jun 06, 2002 at 02:44:21PM -0600, Webmaster wrote: > They don't do PPP (not pptp)? The old days were SLIP and such, but I thought > they went to ppp these days? > I know the protocol of pptp itself doesn't cover this, there was nothing in > the RFC, but I had hoped that in the poptop implementation which uses ppp > portions there would be something. > Hmmm. Well. That's a real bummer. I'll keep searching, I guess if all else > fails our team will have to build it ourselves, I just wanted to make sure > we weren't reinventing the wheel. > Thanks, > -Art > > -----Original Message----- > From: Frank Cusack [mailto:fcusack at fcusack.com] > Sent: Thursday, June 06, 2002 2:38 PM > To: Webmaster > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients > when then connect > > > ISPs don't do pptp; if they do they have users 'use default gateway > on remote network'. > > I thought the same thing as you; SOMEONE must have done SOMETHING about > this, but the protocols do not provide for this. If you do find something > out, please let me know about it ... it will save me some grief. > > /fc > > On Thu, Jun 06, 2002 at 02:11:10PM -0600, Webmaster wrote: > > I'm sorry, I misphrased that. I meant since it uses some of ppp > components. > > So, how do ISPs using PPP for users solve this issue for dial-ups and > such? > > So, surely SOMEONE has done something to address this issue? PPTP has been > > around for many years, and poptop for quite a few. Doesn't anyone know of > > some scripts or patches or anything that has been created to do this? > > Thanks, > > -Art > > > > -----Original Message----- > > From: Frank Cusack [mailto:fcusack at fcusack.com] > > Sent: Thursday, June 06, 2002 2:02 PM > > To: Hawke > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients > > when then connect > > > > > > On Thu, Jun 06, 2002 at 08:04:51AM -0600, Hawke wrote: > > > script for everyone. I want the server to assign the routes in typical > ISP > > > fashion. Since pptp is based on ppp isn't there some simple script I can > > add > > > somewhere that will do this? > > > > pptp is not based on ppp. Neither pptp nor ppp can do this, sorry. It's > > also a sore spot with me. :-( > > > > /fc > > > > > > > > > From webmaster at lotr.ws Thu Jun 6 18:39:43 2002 From: webmaster at lotr.ws (Webmaster) Date: Thu, 6 Jun 2002 17:39:43 -0600 Subject: FW: [pptp-server] Want pptpd server to assign routes to clients when then connect Message-ID: -----Original Message----- From: Frank Cusack [mailto:fcusack at fcusack.com] Sent: Thursday, June 06, 2002 3:26 PM To: Webmaster Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when then connect Correct On Thu, Jun 06, 2002 at 03:01:51PM -0600, Webmaster wrote: > Hmmm. Ok. So, there isn't any chance during the dialogue when the client is > assigned let's say an IP, netmask, DNS, and such (I'm talking PPP now, not > PPTP yet), to give the client machine anything other than one default route? From doc at aedo.net Thu Jun 6 22:15:11 2002 From: doc at aedo.net (Christopher Aedo) Date: Thu, 06 Jun 2002 20:15:11 -0700 Subject: [pptp-server] pptpd routing issues Message-ID: <3D00253F.3000608@aedo.net> Hello, I recently installed poptop on an openBSD 3.1 machine (which has net.inet.ip.forwarding=1 in sysctl.conf.) I looked through the mailing list archive and could not find an answer to my problem. Please excuse me if this comes up frequently, I really have tried to solve this via google searches, honest! Everything seems to have gone as smooth as possible, and I am able to connect to this machine from a client machine (my home pc running windows XP.) I connect to the internet on a DSL behind a NAT gateway. The VPN server is behind a firewall/NAT gateway, which is actually port-forwarding gre and rcp/1723. From the VPN server, I am able to connect to anything on the internet network as expected (so at least from the console, routing on the VPN box seems fine.) Connecting and authenticating work prefectly. Once connected I am able to ping the VPN IP and the tunnel IP from the client machine. The two route tables are: [CLIENT] Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.81 192.168.0.81 1 0.0.0.0 0.0.0.0 192.168.123.254 192.168.123.167 21 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.81 255.255.255.255 127.0.0.1 127.0.0.1 50 192.168.0.255 255.255.255.255 192.168.0.81 192.168.0.81 50 192.168.123.0 255.255.255.0 192.168.123.167 192.168.123.167 20 192.168.123.167 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.123.255 255.255.255.255 192.168.123.167 192.168.123.167 20 207.136.138.29 255.255.255.255 192.168.123.254 192.168.123.167 20 224.0.0.0 240.0.0.0 192.168.123.167 192.168.123.167 20 224.0.0.0 240.0.0.0 192.168.0.81 192.168.0.81 1 255.255.255.255 255.255.255.255 192.168.123.167 192.168.123.167 1 Default Gateway: 192.168.0.81 [VPN SERVER] Destination Gateway Flags Refs Use Mtu Interface default 192.168.0.1 UGS 3 452 1500 dc0 127/8 127.0.0.1 UGRS 0 0 33224 lo0 127.0.0.1 127.0.0.1 UH 1 8 33224 lo0 192.168.0/23 link#1 UC 0 0 1500 dc0 192.168.0.1 0:d0:b7:c7:23:22 UHL 2 1240 1500 dc0 192.168.0.10 0:b0:d0:21:3f:63 UHL 1 33 1500 dc0 192.168.0.80 127.0.0.1 UH 0 0 33224 lo0 192.168.0.81 192.168.0.80 UH 0 87 1398 tun0 224/4 127.0.0.1 URS 0 3 33224 lo0 However, I can not ping PAST the VPN FROM the client machine. (i.e. timeout when pinging 192.168.0.1, which is the NAT machine gateway.) Pinging any other IP on the remote network also fails from the client machine. This seems to me like a very simple routing issue, or maybe a ppp.conf or pptpd.conf config issue? Also below you will find these files, in case they can help figure out what has gone wrong here. (I feel like it's SOOOO close, it's just killing me!!) pptpd.conf: option /etc/ppp/ppp.conf localip 192.168.0.80 remoteip 192.168.0.81-83 pidfile /var/run/pptpd.pid ================================= ppp.conf: loop: set timeout 0 set log phase chat connect lcp ipcp command set device localhost:pptp set dial set login set mppe * stateful set ifaddr 192.168.0.80 192.168.0.81-192.168.0.83 255.255.255.255 set server /tmp/loop "" 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: load loop disable pap disable chap enable mschapv2 disable deflate pred1 deny deflate pred1 accept mppe enable proxy accept dns set dns 192.168.0.5 set nbns 192.168.0.10 set device !/etc/ppp/secure ================================= Any and all help will be greatly appreciated. Thanks in advance! -Christopher From fcusack at fcusack.com Fri Jun 7 00:52:59 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Thu, 6 Jun 2002 22:52:59 -0700 Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect In-Reply-To: <01C20D87.3DA402A0.jvonau@shaw.ca>; from jvonau@shaw.ca on Thu, Jun 06, 2002 at 06:23:21PM -0500 References: <01C20D87.3DA402A0.jvonau@shaw.ca> Message-ID: <20020606225259.E21661@google.com> What does this have to do with client side routes? Or are you suggesting that the answer is in the archives? /fc On Thu, Jun 06, 2002 at 06:23:21PM -0500, fxgh wrote: > Hi all: > > I'm using my wife's machine, so if this comes out HTML, > I'm sorry inadvance..... Mine is getting upgraded, woo hoo > > I recall someone suggesting to use a ms tool.... > ah here it is: > > http://lists.schulte.org/pipermail/pptp-server/2002-March/007867.html > > Just to let everybody know you can still get to the old archives at: > > http://lists.schulte.org/pipermail/pptp-server/ > > You can search them at: > > http://lists.schulte.org/search/search-pptp-server.html > > Maybe a link from the new website would be helpful ;-) > Just my 2 cents worth... > > Jerry Vonau > > > -----Original Message----- > From: Igor Maciel Macaubas [SMTP:igor.maciel at mailbr.com.br] > Sent: Thursday, June 06, 2002 12:53 PM > To: Webmaster; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when > then connect > > Hum, > In this case, I really don't know what you have to do. > Since that you want to add this route at client side, it's not trivial. > You can try to put at the server side some type of script to be executed in > the client when it connects.. but I've never done something like that. > > > Regards, > Igor > -- > igor.maciel at mailbr.com.br > > > ----- Original Message ----- > From: "Webmaster" > To: > Sent: Thursday, June 06, 2002 2:22 PM > Subject: RE: [pptp-server] Want pptpd server to assign routes to clients > when then connect > > > > You have it right in the second part. I want the server to assign routes > to > > the client when the client connects to the server. > > Currently after the client connects to the pptpd server, I have to (from > the > > client, in this case windows) type something along the lines of: > > route add 192.168.3.0 192.168.1.0 (shortened for brevity, don't worry > about > > this syntax). > > Then everything works fine for the client to access that network. > > I need some way for the server to do that for the client when the client > > connects. > > It might be simple, but I suspect it is more involved otherwise it would > > seem that it would be more readily available. > > Any suggestions on how to pull this off anyone? > > Thanks, > > -Art > > > > -----Original Message----- > > From: Igor Maciel Macaubas [mailto:igor.maciel at mailbr.com.br] > > Sent: Thursday, June 06, 2002 9:47 AM > > To: Hawke; pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients > > when then connect > > > > > > Hello, > > > > Well, let me see if I understand what you want to do: > > You want to add a route to your clients when they connect, at Server side? > > If is this what you want, you can use the ip-up.local script, that > depending > > of the version of your pppd, may be located in /etc/ppp/ or > > /etc/ppp/scripts. > > This is script is executed imediatly after the connection of the client - > so > > you can make a bash script to add this routes dinamically. > > But if you want to add a route at client side, I don't think that > pppd/pptpd > > can carry this. I think that you want to make some really crazy system to > do > > it. > > If you want any help in seting-up this script (ip-up.local), please send > me > > e-mails in private and be sure that i'll help as I can! > > > > Regards, > > Igor > > -- > > igor.maciel at mailbr.com.br > > > > > > ----- Original Message ----- > > From: "Hawke" > > To: > > Sent: Thursday, June 06, 2002 11:04 AM > > Subject: [pptp-server] Want pptpd server to assign routes to clients when > > then connect > > > > > > > I'm already aware of the option in the client side (windows) vpn > > connection > > > option to use default route. However, unless I want all their Internet > > > traffic to run through my vpn server that is not a good option. > > > Everything works fine in that the vpn client connects, is given an ip, > > etc. > > > I want to be able to add (as many as needed) routes to the client upon > > > connection. > > > Currently I have to manually type the add route command from the > command > > > line after the client connects to get the desired results. Sure, I can > > > script that on the client side, but when there can be scores of > different > > > people connecting that is inefficient to have to distribute and setup > this > > > script for everyone. I want the server to assign the routes in typical > ISP > > > fashion. Since pptp is based on ppp isn't there some simple script I can > > add > > > somewhere that will do this? > > > Any help is most appreciated. > > > Thanks, > > > -Art > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From fcusack at fcusack.com Fri Jun 7 01:16:05 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Thu, 6 Jun 2002 23:16:05 -0700 Subject: [pptp-server] pptpd routing issues In-Reply-To: <3D00253F.3000608@aedo.net>; from doc@aedo.net on Thu, Jun 06, 2002 at 08:15:11PM -0700 References: <3D00253F.3000608@aedo.net> Message-ID: <20020606231604.F21661@google.com> On Thu, Jun 06, 2002 at 08:15:11PM -0700, Christopher Aedo wrote: > Connecting and authenticating work prefectly. Once connected I am able > to ping the VPN IP and the tunnel IP from the client machine. Meaning 192.168.0.81 and 192.168.0.80? > The two route tables are: > [CLIENT] > Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 192.168.0.81 192.168.0.81 1 > 0.0.0.0 0.0.0.0 192.168.123.254 192.168.123.167 21 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 192.168.0.81 255.255.255.255 127.0.0.1 127.0.0.1 50 > 192.168.0.255 255.255.255.255 192.168.0.81 192.168.0.81 50 > 192.168.123.0 255.255.255.0 192.168.123.167 192.168.123.167 20 > 192.168.123.167 255.255.255.255 127.0.0.1 127.0.0.1 20 > 192.168.123.255 255.255.255.255 192.168.123.167 192.168.123.167 20 > 207.136.138.29 255.255.255.255 192.168.123.254 192.168.123.167 20 > 224.0.0.0 240.0.0.0 192.168.123.167 192.168.123.167 20 > 224.0.0.0 240.0.0.0 192.168.0.81 192.168.0.81 1 > 255.255.255.255 255.255.255.255 192.168.123.167 192.168.123.167 1 > Default Gateway: 192.168.0.81 I would expect you to have a /32 route for 192.168.0.80, but it may be that it didn't get added b/c you have the default route via ppp. > [VPN SERVER] [ looks ok ] > However, I can not ping PAST the VPN FROM the client machine. (i.e. > timeout when pinging 192.168.0.1, which is the NAT machine gateway.) > Pinging any other IP on the remote network also fails from the client > machine. I would expect that ppp on the VPN server side is not doing proxy arp. > ppp.conf: > loop: > set timeout 0 > set log phase chat connect lcp ipcp command > set device localhost:pptp > set dial > set login > set mppe * stateful I would disable stateful mode, it's a giant security hole. > enable proxy Does this enable proxy arp? I am unable to find documentation for this flavor of ppp on www.openbsd.org. Get on another machine on 192.168.0/23 and see if you can ping 192.168.0.81 (or whatever IP the client gets). Check the arp table after the ping to see what it says for 192.168.0.81. If it looks like ? (192.168.0.81) at then your VPN server is not doing proxy arp. If there is a MAC, verify that its the VPN server's MAC. If not, you have an IP conflict. If so, the pptp tunnel isn't working correctly. /fc From r.devroede at linvision.com Fri Jun 7 04:06:20 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 07 Jun 2002 11:06:20 +0200 Subject: [pptp-server] mschap-v2 auth against en-hashed secrets In-Reply-To: References: Message-ID: <1023440781.4847.11.camel@richard> There is a patch out there for ppp to authenticate against Samba. If you use RedHat 7.x, you're in luck. You can use my test RPM on http://devel.linvision.com/source/ppp.html Regards, Richard de Vroede On Thu, 2002-06-06 at 16:15, Jim Bowen wrote: > Hi, > > Does anyone know of a way to get ppp to auth against either a separate NT > (or samba) server, or against NT password hashes instead of plaintext > passwords in the /etc/ppp/chap-secrets file. > > I tried the obvious one of just putting the LM hash into the secret field > (works with unix-crypt in pap-secrets), but all I got for that was a > segfault :( > > Our domain controller is on NT, but I've managed to convince everyone to run > the VPN server on linux instead, using PoPtoP (great app), but I don't like > keeping plaintext secrets on a server that has an internet connection. I'm > stuck with...um.... reverse-engineering their passwords at the moment, which > can take a couple of days for the better users :) > > > Jim > -- > Email : j.bowen at cyprotex.com > Tel : 01625 505112 > Fax : 01625 505199 > > > > This E-Mail is sent in confidence for the addressee only. Unauthorised recipients must preserve this confidentiality and should please advise the sender immediately by telephone (+44 (0)870 241 6492) and return the original E-Mail to the sender without taking a copy. Cyprotex has taken all reasonable precautions to ensure that no viruses are transmitted from Cyprotex to any third party. Cyprotex accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this E-Mail or the contents. -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From r.devroede at linvision.com Fri Jun 7 04:10:09 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 07 Jun 2002 11:10:09 +0200 Subject: [pptp-server] Having trouble getting encryption working. In-Reply-To: <20020606100759.A29073@vortex.dvns.com> References: <20020605083713.D6080@vortex.dvns.com> <1023352820.4748.5.camel@richard> <20020606100759.A29073@vortex.dvns.com> Message-ID: <1023441009.4748.14.camel@richard> Did I mention that you should use MSDun-1.4 for win9x to get it to do 128-bits encryption? Also you could try Windows XP, to see if that works, if it doesn't damned if I know what then... Regards, Richard On Thu, 2002-06-06 at 17:07, Robert Green wrote: > I went ahead and tried the pptpd-1.1.2 and that didn't help. I am posting > the log. > > Jun 5 10:07:57 flame pptpd[3271]: MGR: Launching /usr/local/sbin/pptpctrl > to handle client > Jun 5 10:07:57 flame pptpd[3271]: CTRL: local address = 192.168.0.2 > Jun 5 10:07:57 flame pptpd[3271]: CTRL: remote address = 192.168.1.2 > Jun 5 10:07:57 flame pptpd[3271]: CTRL: pppd speed = 115200 > Jun 5 10:07:57 flame pptpd[3271]: CTRL: pppd options file = > /etc/ppp/options.pptp > Jun 5 10:07:57 flame pptpd[3271]: CTRL: Client 192.168.101.50 control > connection started > Jun 5 10:07:57 flame pptpd[3271]: CTRL: Received PPTP Control Message > (type: 1) > Jun 5 10:07:57 flame pptpd[3271]: CTRL: Made a START CTRL CONN RPLY packet > Jun 5 10:07:57 flame pptpd[3271]: CTRL: I wrote 156 bytes to the client. > Jun 5 10:07:57 flame pptpd[3271]: CTRL: Sent packet to client > Jun 5 10:07:57 flame pptpd[3271]: CTRL: Received PPTP Control Message > (type: 7) > Jun 5 10:07:57 flame pptpd[3271]: CTRL: 0 min_bps, 0 max_bps, 32 window > size > Jun 5 10:07:57 flame pptpd[3271]: CTRL: Made a OUT CALL RPLY packet > Jun 5 10:07:57 flame pptpd[3271]: CTRL: Starting call (launching pppd, > opening GRE) > Jun 5 10:07:57 flame pptpd[3271]: CTRL: pty_fd = 5 > Jun 5 10:07:57 flame pptpd[3271]: CTRL: tty_fd = 6 > Jun 5 10:07:57 flame pptpd[3272]: CTRL (PPPD Launcher): Connection speed = > 115200 > Jun 5 10:07:57 flame pptpd[3272]: CTRL (PPPD Launcher): local address = > 192.168.0.2 > Jun 5 10:07:57 flame pptpd[3272]: CTRL (PPPD Launcher): remote address = > 192.168.1.2 > Jun 5 10:07:57 flame pppd[3272]: pppd 2.4.1 started by root, uid 0 > Jun 5 10:07:57 flame pppd[3272]: Using interface ppp0 > Jun 5 10:07:57 flame pppd[3272]: Connect: ppp0 <--> /dev/pts/1 > Jun 5 10:07:57 flame pppd[3272]: sent [LCP ConfReq id=0x1 > ] > Jun 5 10:07:57 flame pptpd[3271]: CTRL: I wrote 32 bytes to the client. > Jun 5 10:07:57 flame pptpd[3271]: CTRL: Sent packet to client > Jun 5 10:07:57 flame pptpd[3271]: Buffering out-of-order packet; got 1 > after 4294967295 > Jun 5 10:08:00 flame pppd[3272]: sent [LCP ConfReq id=0x1 > ] > Jun 5 10:08:00 flame pptpd[3271]: Packet reorder timeout waiting for 0 > Jun 5 10:08:00 flame pptpd[3271]: Buffering out-of-order packet; got 2 > after 0 > Jun 5 10:08:00 flame pppd[3272]: rcvd [LCP ConfReq id=0x1 > ] > Jun 5 10:08:00 flame pppd[3272]: sent [LCP ConfAck id=0x1 > ] > Jun 5 10:08:00 flame pppd[3272]: rcvd [LCP ConfAck id=0x1 > ] > Jun 5 10:08:00 flame pppd[3272]: sent [CHAP Challenge id=0x1 > <572811b06969278d3b9ff2b6ad10718b>, name = "flame"] > Jun 5 10:08:00 flame pppd[3272]: rcvd [CHAP Response id=0x1 > <8958847f34663961012a2bfd2e4c004f00000000000000003b7cafb23f5f4088abd6f79046d785ea16631f7c42bffb9304>, > name = "rng"] > Jun 5 10:08:00 flame pppd[3272]: sent [CHAP Success id=0x1 > "S=9FE5ED19EB9ED845C90B076550BDCF47E216621C"] > Jun 5 10:08:00 flame pppd[3272]: sent [IPCP ConfReq id=0x1 192.168.0.2> ] > Jun 5 10:08:00 flame kernel: PPP BSD Compression module registered > Jun 5 10:08:00 flame kernel: PPP Deflate Compression module registered > Jun 5 10:08:00 flame pppd[3272]: sent [CCP ConfReq id=0x1 > ] > Jun 5 10:08:00 flame pppd[3272]: MSCHAP-v2 peer authentication succeeded > for rng > Jun 5 10:08:00 flame pppd[3272]: rcvd [IPCP ConfReq id=0x1 > ] > Jun 5 10:08:00 flame pppd[3272]: sent [IPCP ConfRej id=0x1 0.0.0.0> ] > Jun 5 10:08:00 flame pppd[3272]: rcvd [CCP ConfReq id=0x1 ] > Jun 5 10:08:00 flame pppd[3272]: sent [CCP ConfRej id=0x1 ] > Jun 5 10:08:00 flame pppd[3272]: rcvd [IPCP ConfRej id=0x1 01>] > Jun 5 10:08:00 flame pppd[3272]: sent [IPCP ConfReq id=0x2 192.168.0.2>] > Jun 5 10:08:00 flame pppd[3272]: rcvd [CCP ConfRej id=0x1 > ] > Jun 5 10:08:00 flame pppd[3272]: sent [CCP ConfReq id=0x2] > Jun 5 10:08:00 flame pppd[3272]: rcvd [IPCP ConfReq id=0x2 ] > Jun 5 10:08:00 flame pppd[3272]: sent [IPCP ConfNak id=0x2 192.168.201.240>] > Jun 5 10:08:00 flame pppd[3272]: rcvd [CCP ConfReq id=0x2] > Jun 5 10:08:00 flame pppd[3272]: sent [CCP ConfAck id=0x2] > Jun 5 10:08:00 flame pppd[3272]: rcvd [IPCP ConfAck id=0x2 192.168.0.2>] > Jun 5 10:08:00 flame pppd[3272]: rcvd [CCP ConfAck id=0x2] > Jun 5 10:08:00 flame pppd[3272]: rcvd [IPCP ConfReq id=0x3 192.168.201.240>] > Jun 5 10:08:00 flame pppd[3272]: sent [IPCP ConfAck id=0x3 192.168.201.240>] > Jun 5 10:08:00 flame pppd[3272]: found interface eth0 for proxy arp > Jun 5 10:08:00 flame pppd[3272]: local IP address 192.168.0.2 > Jun 5 10:08:00 flame pppd[3272]: remote IP address 192.168.201.240 > Jun 5 10:08:00 flame pppd[3272]: Script /etc/ppp/ip-up started (pid 3275) > Jun 5 10:08:00 flame pppd[3272]: rcvd [CCP TermReq id=0x3] > Jun 5 10:08:00 flame pppd[3272]: CCP terminated by peer > Jun 5 10:08:00 flame pppd[3272]: sent [CCP TermAck id=0x3] > Jun 5 10:08:00 flame pppd[3272]: Compression disabled by peer. > Jun 5 10:08:01 flame pppd[3272]: Script /etc/ppp/ip-up finished (pid 3275), > status = 0x0 > Jun 5 10:08:05 flame pppd[3272]: rcvd [LCP TermReq id=0x2] > Jun 5 10:08:05 flame pppd[3272]: LCP terminated by peer > Jun 5 10:08:05 flame pppd[3272]: Script /etc/ppp/ip-down started (pid 3305) > Jun 5 10:08:05 flame pppd[3272]: sent [LCP TermAck id=0x2] > Jun 5 10:08:05 flame pptpd[3271]: CTRL: Received PPTP Control Message > (type: 12) > Jun 5 10:08:05 flame pptpd[3271]: CTRL: Made a CALL DISCONNECT RPLY packet > Jun 5 10:08:05 flame pptpd[3271]: CTRL: Received CALL CLR request (closing > call) > Jun 5 10:08:05 flame pptpd[3271]: CTRL: I wrote 148 bytes to the client. > Jun 5 10:08:05 flame pptpd[3271]: CTRL: Sent packet to client > Jun 5 10:08:05 flame pppd[3272]: Modem hangup > Jun 5 10:08:05 flame pppd[3272]: Connection terminated. > Jun 5 10:08:05 flame pppd[3272]: Connect time 0.2 minutes. > Jun 5 10:08:05 flame pppd[3272]: Sent 499 bytes, received 452 bytes. > Jun 5 10:08:05 flame pppd[3272]: Waiting for 1 child processes... > Jun 5 10:08:05 flame pppd[3272]: script /etc/ppp/ip-down, pid 3305 > Jun 5 10:08:05 flame pppd[3272]: Script /etc/ppp/ip-down finished (pid > 3305), status = 0x0 > Jun 5 10:08:05 flame pppd[3272]: Exit. > Jun 5 10:08:10 flame pptpd[3271]: GRE: read error: Bad file descriptor > Jun 5 10:08:10 flame pptpd[3271]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Jun 5 10:08:10 flame pptpd[3271]: CTRL: Client 192.168.101.50 control > connection finished > Jun 5 10:08:10 flame pptpd[3271]: CTRL: Exiting now > Jun 5 10:08:10 flame pptpd[3154]: MGR: Reaped child 3271 > > > On Thu, Jun 06, 2002 at 10:40:19AM +0200, R. de Vroede wrote: > > That log looks fishy.. > > The reaped child problem was fixed in 1.1.2. > > http://planetmirror.com/pub/mppe > > You should get it. > > > > Regards, > > Richard > > > > > > > OK, I have been having a lot of trouble getting encryption working with a > > > RH6.2 box and a win98 box. > > > > > > I have the following setup: > > > RH 6.2 box running with a 2.2.20 kernel > > > pptp-1.0.1 > > > pppd-2.4.1 > > > and I had to go here to find the kernel patches for ppp and mppe > > > http://ftp.samba.org/ftp/unpacked/ppp/ > > > (pppd compiles from this archive but does not work right. The kernel > > > modules seem to work though) > > > > > > The problem is I turn on encryption on the windows box and then try > > > connecting. I get the dreaded Error 742 message. I look at my linux box > > > and all of the modules are present (ppp_deflate, bsd_comp, ppp_mppe, ppp, > > > slhc). > > > > > > My options file looks like this: > > > > > > lock > > > debug > > > name flame > > > procyarp > > > +chapms-v2 > > > mppe-40 > > > mppe-128 > > > mppe-stateless > > > > > > I have tried several combinations of removing the mppe lines with no > > > success. > > > > > > What am I doing wrong? Also is there a cononoical archive of all the right > > > patches/kernel modules/etc that I need to be looking at? I can't help but > > > think that there might be something that didn't compile right. > > > > > > TIA, > > > Robert > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > -- > > Richard de Vroede > > (r.devroede at linvision.com) > > ------------------------------------------------ > > Linvision BV Provides Linux Solutions > > Elektronicaweg 16D > > 2628 XG Delft > > T: +31157502310 info at linvision.com > > F: +31157502319 http://devel.linvision.com > > ------------------------------------------------ > > -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From tr at atracit.dk Fri Jun 7 05:08:50 2002 From: tr at atracit.dk (Thomas Rasmussen) Date: Fri, 7 Jun 2002 12:08:50 +0200 Subject: [pptp-server] dns problem. In-Reply-To: <002001c1fc31$be192300$2101a8c0@customrollforming.com> Message-ID: <000201c20e0b$52a52920$0200000a@proofficepark.dk> I got a Freebsd running with 128 des and so on.. Wins works and it is giving away the right ip?s but i have one problem, the clients get 127.0.0.1 as there dns my ppp.conf loop: set timeout 0 set log phase chat connect lcp ipcp command set device localhost:pptp set dial set login # Server (local) IP address, Range for Clients, and Netmask set ifaddr 10.10.10.254 10.10.10.220-10.10.10.230 255.255.255.255 set server /tmp/loop "" 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: load loop enable proxy enable dns enable chap81 disable pap disable deflate pred1 deny deflate pred1 set ms-wins 10.10.10.254 set dns 10.10.10.254 set nbns 10.10.10.254 set device !/etc/ppp/secure ------------------------------- PPP adapter geofysik: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface Physical Address. . . . . . . . . : 00-53-45-00-00-00 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 10.10.10.225 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 10.10.10.225 DNS Servers . . . . . . . . . . . : 127.0.0.1 Primary WINS Server . . . . . . . : 10.10.10.254 -regards Thomas From r.devroede at linvision.com Fri Jun 7 05:53:07 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 07 Jun 2002 12:53:07 +0200 Subject: [pptp-server] dns problem. In-Reply-To: <000201c20e0b$52a52920$0200000a@proofficepark.dk> References: <000201c20e0b$52a52920$0200000a@proofficepark.dk> Message-ID: <1023447188.4847.18.camel@richard> try: set ms-dns 10.10.10.254 On Fri, 2002-06-07 at 12:08, Thomas Rasmussen wrote: > I got a Freebsd running with 128 des and so on.. > > Wins works > > and it is giving away the right ip?s > > > but i have one problem, the clients get 127.0.0.1 as there dns > > my ppp.conf > > loop: > set timeout 0 > set log phase chat connect lcp ipcp command > set device localhost:pptp > set dial > set login > # Server (local) IP address, Range for Clients, and Netmask > set ifaddr 10.10.10.254 10.10.10.220-10.10.10.230 255.255.255.255 > set server /tmp/loop "" 0177 > > loop-in: > set timeout 0 > set log phase lcp ipcp command > allow mode direct > pptp: > load loop > enable proxy > enable dns > > enable chap81 > disable pap > disable deflate pred1 > deny deflate pred1 > > set ms-wins 10.10.10.254 > set dns 10.10.10.254 > set nbns 10.10.10.254 > > set device !/etc/ppp/secure > > ------------------------------- > PPP adapter geofysik: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface > Physical Address. . . . . . . . . : 00-53-45-00-00-00 > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 10.10.10.225 > Subnet Mask . . . . . . . . . . . : 255.255.255.255 > Default Gateway . . . . . . . . . : 10.10.10.225 > DNS Servers . . . . . . . . . . . : 127.0.0.1 > Primary WINS Server . . . . . . . : 10.10.10.254 > > > -regards Thomas > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From jvonau at shaw.ca Fri Jun 7 08:23:20 2002 From: jvonau at shaw.ca (Jerry Vonau) Date: Fri, 07 Jun 2002 08:23:20 -0500 Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect Message-ID: <01C20DFC.95E7A0A0.jvonau@shaw.ca> Frank: Art asked if there was "Any suggestions on how to pull this off anyone?" Did you even read the thread at the archives? Don't know, or care if the tool works. I recalled, seeing that email, so I found it in the archives for him. Most of the questions asked on this list have been dealt with before. New users may not be aware of the archives, going back to May 1999, hence the links. Have a nice day. Jerry -----Original Message----- From: Frank Cusack [SMTP:fcusack at fcusack.com] Sent: Friday, June 07, 2002 12:53 AM To: fxgh Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when then connect What does this have to do with client side routes? Or are you suggesting that the answer is in the archives? /fc On Thu, Jun 06, 2002 at 06:23:21PM -0500, fxgh wrote: > Hi all: > > I'm using my wife's machine, so if this comes out HTML, > I'm sorry inadvance..... Mine is getting upgraded, woo hoo > > I recall someone suggesting to use a ms tool.... > ah here it is: > > http://lists.schulte.org/pipermail/pptp-server/2002-March/007867.html > > Just to let everybody know you can still get to the old archives at: > > http://lists.schulte.org/pipermail/pptp-server/ > > You can search them at: > > http://lists.schulte.org/search/search-pptp-server.html > > Maybe a link from the new website would be helpful ;-) > Just my 2 cents worth... > > Jerry Vonau > > > -----Original Message----- > From: Igor Maciel Macaubas [SMTP:igor.maciel at mailbr.com.br] > Sent: Thursday, June 06, 2002 12:53 PM > To: Webmaster; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when > then connect > > Hum, > In this case, I really don't know what you have to do. > Since that you want to add this route at client side, it's not trivial. > You can try to put at the server side some type of script to be executed in > the client when it connects.. but I've never done something like that. > > > Regards, > Igor > -- > igor.maciel at mailbr.com.br > > > ----- Original Message ----- > From: "Webmaster" > To: > Sent: Thursday, June 06, 2002 2:22 PM > Subject: RE: [pptp-server] Want pptpd server to assign routes to clients > when then connect > > > > You have it right in the second part. I want the server to assign routes > to > > the client when the client connects to the server. > > Currently after the client connects to the pptpd server, I have to (from > the > > client, in this case windows) type something along the lines of: > > route add 192.168.3.0 192.168.1.0 (shortened for brevity, don't worry > about > > this syntax). > > Then everything works fine for the client to access that network. > > I need some way for the server to do that for the client when the client > > connects. > > It might be simple, but I suspect it is more involved otherwise it would > > seem that it would be more readily available. > > Any suggestions on how to pull this off anyone? > > Thanks, > > -Art > > > > -----Original Message----- > > From: Igor Maciel Macaubas [mailto:igor.maciel at mailbr.com.br] > > Sent: Thursday, June 06, 2002 9:47 AM > > To: Hawke; pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients > > when then connect > > > > > > Hello, > > > > Well, let me see if I understand what you want to do: > > You want to add a route to your clients when they connect, at Server side? > > If is this what you want, you can use the ip-up.local script, that > depending > > of the version of your pppd, may be located in /etc/ppp/ or > > /etc/ppp/scripts. > > This is script is executed imediatly after the connection of the client - > so > > you can make a bash script to add this routes dinamically. > > But if you want to add a route at client side, I don't think that > pppd/pptpd > > can carry this. I think that you want to make some really crazy system to > do > > it. > > If you want any help in seting-up this script (ip-up.local), please send > me > > e-mails in private and be sure that i'll help as I can! > > > > Regards, > > Igor > > -- > > igor.maciel at mailbr.com.br > > > > > > ----- Original Message ----- > > From: "Hawke" > > To: > > Sent: Thursday, June 06, 2002 11:04 AM > > Subject: [pptp-server] Want pptpd server to assign routes to clients when > > then connect > > > > > > > I'm already aware of the option in the client side (windows) vpn > > connection > > > option to use default route. However, unless I want all their Internet > > > traffic to run through my vpn server that is not a good option. > > > Everything works fine in that the vpn client connects, is given an ip, > > etc. > > > I want to be able to add (as many as needed) routes to the client upon > > > connection. > > > Currently I have to manually type the add route command from the > command > > > line after the client connects to get the desired results. Sure, I can > > > script that on the client side, but when there can be scores of > different > > > people connecting that is inefficient to have to distribute and setup > this > > > script for everyone. I want the server to assign the routes in typical > ISP > > > fashion. Since pptp is based on ppp isn't there some simple script I can > > add > > > somewhere that will do this? > > > Any help is most appreciated. > > > Thanks, > > > -Art > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From tr at atracit.dk Fri Jun 7 08:40:41 2002 From: tr at atracit.dk (Thomas Rasmussen) Date: Fri, 7 Jun 2002 15:40:41 +0200 Subject: SV: [pptp-server] dns problem. In-Reply-To: <1023447188.4847.18.camel@richard> Message-ID: <000301c20e28$eae370d0$0200000a@proofficepark.dk> that did not help. it still gives away 127.0.0.1 -Thomas -----Oprindelig meddelelse----- Fra: R. de Vroede [mailto:r.devroede at linvision.com] Sendt: 7. juni 2002 12:53 Til: Thomas Rasmussen Cc: pptp-server at lists.schulte.org Emne: Re: [pptp-server] dns problem. try: set ms-dns 10.10.10.254 On Fri, 2002-06-07 at 12:08, Thomas Rasmussen wrote: > I got a Freebsd running with 128 des and so on.. > > Wins works > > and it is giving away the right ip?s > > > but i have one problem, the clients get 127.0.0.1 as there dns > > my ppp.conf > > loop: > set timeout 0 > set log phase chat connect lcp ipcp command > set device localhost:pptp > set dial > set login > # Server (local) IP address, Range for Clients, and Netmask > set ifaddr 10.10.10.254 10.10.10.220-10.10.10.230 255.255.255.255 > set server /tmp/loop "" 0177 > > loop-in: > set timeout 0 > set log phase lcp ipcp command > allow mode direct > pptp: > load loop > enable proxy > enable dns > > enable chap81 > disable pap > disable deflate pred1 > deny deflate pred1 > > set ms-wins 10.10.10.254 > set dns 10.10.10.254 > set nbns 10.10.10.254 > > set device !/etc/ppp/secure > > ------------------------------- > PPP adapter geofysik: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface > Physical Address. . . . . . . . . : 00-53-45-00-00-00 > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 10.10.10.225 > Subnet Mask . . . . . . . . . . . : 255.255.255.255 > Default Gateway . . . . . . . . . : 10.10.10.225 > DNS Servers . . . . . . . . . . . : 127.0.0.1 > Primary WINS Server . . . . . . . : 10.10.10.254 > > > -regards Thomas > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From tr at atracit.dk Fri Jun 7 08:41:38 2002 From: tr at atracit.dk (Thomas Rasmussen) Date: Fri, 7 Jun 2002 15:41:38 +0200 Subject: SV: [pptp-server] dns problem. In-Reply-To: <1023447188.4847.18.camel@richard> Message-ID: <000401c20e29$0d0080e0$0200000a@proofficepark.dk> look here. Jun 7 16:56:53 brandmur ppp[35285]: Warning: set ms-wins: Invalid command Jun 7 16:56:53 brandmur ppp[35285]: Warning: set ms-wins: Failed 1 Jun 7 16:56:53 brandmur ppp[35285]: Warning: set ms-dns: Invalid command Jun 7 16:56:53 brandmur ppp[35285]: Warning: set ms-dns: Failed 1 -----Oprindelig meddelelse----- Fra: R. de Vroede [mailto:r.devroede at linvision.com] Sendt: 7. juni 2002 12:53 Til: Thomas Rasmussen Cc: pptp-server at lists.schulte.org Emne: Re: [pptp-server] dns problem. try: set ms-dns 10.10.10.254 On Fri, 2002-06-07 at 12:08, Thomas Rasmussen wrote: > I got a Freebsd running with 128 des and so on.. > > Wins works > > and it is giving away the right ip?s > > > but i have one problem, the clients get 127.0.0.1 as there dns > > my ppp.conf > > loop: > set timeout 0 > set log phase chat connect lcp ipcp command > set device localhost:pptp > set dial > set login > # Server (local) IP address, Range for Clients, and Netmask > set ifaddr 10.10.10.254 10.10.10.220-10.10.10.230 255.255.255.255 > set server /tmp/loop "" 0177 > > loop-in: > set timeout 0 > set log phase lcp ipcp command > allow mode direct > pptp: > load loop > enable proxy > enable dns > > enable chap81 > disable pap > disable deflate pred1 > deny deflate pred1 > > set ms-wins 10.10.10.254 > set dns 10.10.10.254 > set nbns 10.10.10.254 > > set device !/etc/ppp/secure > > ------------------------------- > PPP adapter geofysik: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface > Physical Address. . . . . . . . . : 00-53-45-00-00-00 > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 10.10.10.225 > Subnet Mask . . . . . . . . . . . : 255.255.255.255 > Default Gateway . . . . . . . . . : 10.10.10.225 > DNS Servers . . . . . . . . . . . : 127.0.0.1 > Primary WINS Server . . . . . . . : 10.10.10.254 > > > -regards Thomas > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From webmaster at lotr.ws Fri Jun 7 10:25:58 2002 From: webmaster at lotr.ws (Art) Date: Fri, 7 Jun 2002 09:25:58 -0600 Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect In-Reply-To: <01C20DFC.95E7A0A0.jvonau@shaw.ca> References: <01C20DFC.95E7A0A0.jvonau@shaw.ca> Message-ID: <200206070925.58176.webmaster@lotr.ws> Yes, I spent hours perusing the web as well as both versions of this list's archives long before posting. I found plenty of references for adding things from scripts on the client's machine (which we've known and done for years), but nothing helping out to try to figure out how to take the burden off the client/user, and just take care of things from the server/admin side. I had already come across the IEAK option though I hadn't heard of the CMAK option before, it still is too windoze centric and over 60% of our clients use platforms other than MS based so unfortunately those MS options doesn't do any good for many of the *nix, Mac, and other client/users we have to support. We've done things in the past such as put scripts from the domain login etc to get things working,but that's always seemed a clumsy kludge, and I would just like to either find (or if no other choice create) a more elegant (from the user's experience at least) and effecient solution. So far it seems no one has addressed this (which is quite surprising), I just wanted to make sure that it wasn't already addressed before deciding to commit significant man hours of our team to creating a solution. So I'm still giving it another day or two before giving up, then if there's still no other option, because we HAVE to find this solution from the server side, then we'll try to figure something out to create, though I don't look forward to it. So, again, if anyone has anyone suggestions on how to (from the server's side) configure routes for the client when they connect so they can get to multiple different networks after connecting to the VPN, it would be great to hear, even just some theoretical stuff might be helpful. Thanks all, -Art On Friday 07 June 2002 07:23 am, Jerry Vonau wrote: > Frank: > > Art asked if there was "Any suggestions on how to pull this off anyone?" > Did you even read the thread at the archives? Don't know, or care if the > tool works. > I recalled, seeing that email, so I found it in the archives for him. > Most of the questions asked on this list have been dealt with before. > New users may not be aware of the archives, going back to May 1999, hence > the links. > Have a nice day. > Jerry > > > > > -----Original Message----- > From: Frank Cusack [SMTP:fcusack at fcusack.com] > Sent: Friday, June 07, 2002 12:53 AM > To: fxgh > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients > when then connect > > What does this have to do with client side routes? Or are you suggesting > that the answer is in the archives? > > /fc > > On Thu, Jun 06, 2002 at 06:23:21PM -0500, fxgh wrote: > > Hi all: > > > > I'm using my wife's machine, so if this comes out HTML, > > I'm sorry inadvance..... Mine is getting upgraded, woo hoo > > > > I recall someone suggesting to use a ms tool.... > > ah here it is: > > > > http://lists.schulte.org/pipermail/pptp-server/2002-March/007867.html > > > > Just to let everybody know you can still get to the old archives at: > > > > http://lists.schulte.org/pipermail/pptp-server/ > > > > You can search them at: > > > > http://lists.schulte.org/search/search-pptp-server.html > > > > Maybe a link from the new website would be helpful ;-) > > Just my 2 cents worth... > > > > Jerry Vonau > > > > > > -----Original Message----- > > From: Igor Maciel Macaubas [SMTP:igor.maciel at mailbr.com.br] > > Sent: Thursday, June 06, 2002 12:53 PM > > To: Webmaster; pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients > > when > > > > then connect > > > > Hum, > > In this case, I really don't know what you have to do. > > Since that you want to add this route at client side, it's not trivial. > > You can try to put at the server side some type of script to be executed > > in the client when it connects.. but I've never done something like that. > > > > > > Regards, > > Igor > > -- > > igor.maciel at mailbr.com.br > > > > > > ----- Original Message ----- > > From: "Webmaster" > > To: > > Sent: Thursday, June 06, 2002 2:22 PM > > Subject: RE: [pptp-server] Want pptpd server to assign routes to clients > > when then connect > > > > > You have it right in the second part. I want the server to assign > > > routes > > > > to > > > > > the client when the client connects to the server. > > > Currently after the client connects to the pptpd server, I have to > > > (from > > > > the > > > > > client, in this case windows) type something along the lines of: > > > route add 192.168.3.0 192.168.1.0 (shortened for brevity, don't worry > > > > about > > > > > this syntax). > > > Then everything works fine for the client to access that network. > > > I need some way for the server to do that for the client when the > > > client connects. > > > It might be simple, but I suspect it is more involved otherwise it > > > would seem that it would be more readily available. > > > Any suggestions on how to pull this off anyone? > > > Thanks, > > > -Art > > > > > > -----Original Message----- > > > From: Igor Maciel Macaubas [mailto:igor.maciel at mailbr.com.br] > > > Sent: Thursday, June 06, 2002 9:47 AM > > > To: Hawke; pptp-server at lists.schulte.org > > > Subject: Re: [pptp-server] Want pptpd server to assign routes to > > > clients when then connect > > > > > > > > > Hello, > > > > > > Well, let me see if I understand what you want to do: > > > You want to add a route to your clients when they connect, at Server > > > side? If is this what you want, you can use the ip-up.local script, > > > that > > > > depending > > > > > of the version of your pppd, may be located in /etc/ppp/ or > > > /etc/ppp/scripts. > > > This is script is executed imediatly after the connection of the client > > > - > > > > so > > > > > you can make a bash script to add this routes dinamically. > > > But if you want to add a route at client side, I don't think that > > > > pppd/pptpd > > > > > can carry this. I think that you want to make some really crazy system > > > to > > > > do > > > > > it. > > > If you want any help in seting-up this script (ip-up.local), please > > > send > > > > me > > > > > e-mails in private and be sure that i'll help as I can! > > > > > > Regards, > > > Igor > > > -- > > > igor.maciel at mailbr.com.br > > > > > > > > > ----- Original Message ----- > > > From: "Hawke" > > > To: > > > Sent: Thursday, June 06, 2002 11:04 AM > > > Subject: [pptp-server] Want pptpd server to assign routes to clients > > > when then connect > > > > > > > I'm already aware of the option in the client side (windows) vpn > > > > > > connection > > > > > > > option to use default route. However, unless I want all their > > > > Internet traffic to run through my vpn server that is not a good > > > > option. Everything works fine in that the vpn client connects, is > > > > given an ip, > > > > > > etc. > > > > > > > I want to be able to add (as many as needed) routes to the client > > > > upon connection. > > > > Currently I have to manually type the add route command from the > > > > command > > > > > > line after the client connects to get the desired results. Sure, I > > > > can script that on the client side, but when there can be scores of > > > > different > > > > > > people connecting that is inefficient to have to distribute and setup > > > > this > > > > > > script for everyone. I want the server to assign the routes in > > > > typical > > > > ISP > > > > > > fashion. Since pptp is based on ppp isn't there some simple script I > > > > can > > > > > > add > > > > > > > somewhere that will do this? > > > > Any help is most appreciated. > > > > Thanks, > > > > -Art > > > > > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From bao at gibbons.com Fri Jun 7 14:30:25 2002 From: bao at gibbons.com (bao) Date: Fri, 07 Jun 2002 12:30:25 -0700 Subject: [pptp-server] network browsing Message-ID: <3D0109D1.D479EF@gibbons.com> I know I had seen a post similar to this long ago, but I can't find it now. The pptp server works. I can ping the server and other nodes on the Lan. I can share resources (samba servers) on any of the internal servers, but I'm not able to see any machines on the network. Could someone give me some pointers?? Thanks Regards, From s.rankin at rfxinc.com Fri Jun 7 16:13:57 2002 From: s.rankin at rfxinc.com (Steve Rankin) Date: Fri, 7 Jun 2002 17:13:57 -0400 Subject: [pptp-server] ISP Message-ID: <000a01c20e68$3fcbbe60$0a01a8c0@rankin.rfxinc.com> Looking for a dial-up ISP provider that supports PPTP and IPSEC protocols. Many thanks for your help. Steve Rankin Refrigerated Food Express, Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Steve at SteveCowles.com Fri Jun 7 16:59:06 2002 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 7 Jun 2002 16:59:06 -0500 Subject: [pptp-server] network browsing Message-ID: <90769AF04F76D41186C700A0C90AFC3EEB61@defiant.infohiiway.com> > -----Original Message----- > From: bao [mailto:bao at gibbons.com] > Sent: Friday, June 07, 2002 2:30 PM > To: pptp > Subject: [pptp-server] network browsing > > > I know I had seen a post similar to this long ago, but I can't find it > now. > > The pptp server works. I can ping the server and other nodes > on the Lan. I can share resources (samba servers) on any of the > internal servers, but I'm not able to see any machines on the > network. > > Could someone give me some pointers?? 1) Install a WINS server on your LAN. 2) Configure all your hosts/servers on your LAN to register with that WINS server. 3) Add ms-wins parameter in your ppp options file. Steve Cowles From fcusack at fcusack.com Fri Jun 7 18:00:32 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Fri, 7 Jun 2002 16:00:32 -0700 Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect In-Reply-To: <01C20DFC.95E7A0A0.jvonau@shaw.ca>; from jvonau@shaw.ca on Fri, Jun 07, 2002 at 08:23:20AM -0500 References: <01C20DFC.95E7A0A0.jvonau@shaw.ca> Message-ID: <20020607160032.J23636@google.com> Thanks Jerrry. I had no idea you were talking about the answer to his specific question as your email just said "archives are here". It is of course always a good idea to point people to archives. :-) Sorry, didn't mean to be so rude. /fc On Fri, Jun 07, 2002 at 08:23:20AM -0500, Jerry Vonau wrote: > Frank: > > Art asked if there was "Any suggestions on how to pull this off anyone?" > Did you even read the thread at the archives? Don't know, or care if the tool > works. > I recalled, seeing that email, so I found it in the archives for him. > Most of the questions asked on this list have been dealt with before. > New users may not be aware of the archives, going back to May 1999, hence the > links. > Have a nice day. > Jerry > > > > > -----Original Message----- > From: Frank Cusack [SMTP:fcusack at fcusack.com] > Sent: Friday, June 07, 2002 12:53 AM > To: fxgh > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when > then connect > > What does this have to do with client side routes? Or are you suggesting > that the answer is in the archives? > > /fc > > On Thu, Jun 06, 2002 at 06:23:21PM -0500, fxgh wrote: > > Hi all: > > > > I'm using my wife's machine, so if this comes out HTML, > > I'm sorry inadvance..... Mine is getting upgraded, woo hoo > > > > I recall someone suggesting to use a ms tool.... > > ah here it is: > > > > http://lists.schulte.org/pipermail/pptp-server/2002-March/007867.html > > > > Just to let everybody know you can still get to the old archives at: > > > > http://lists.schulte.org/pipermail/pptp-server/ > > > > You can search them at: > > > > http://lists.schulte.org/search/search-pptp-server.html > > > > Maybe a link from the new website would be helpful ;-) > > Just my 2 cents worth... > > > > Jerry Vonau > > > > > > -----Original Message----- > > From: Igor Maciel Macaubas [SMTP:igor.maciel at mailbr.com.br] > > Sent: Thursday, June 06, 2002 12:53 PM > > To: Webmaster; pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when > > > then connect > > > > Hum, > > In this case, I really don't know what you have to do. > > Since that you want to add this route at client side, it's not trivial. > > You can try to put at the server side some type of script to be executed in > > the client when it connects.. but I've never done something like that. > > > > > > Regards, > > Igor > > -- > > igor.maciel at mailbr.com.br > > > > > > ----- Original Message ----- > > From: "Webmaster" > > To: > > Sent: Thursday, June 06, 2002 2:22 PM > > Subject: RE: [pptp-server] Want pptpd server to assign routes to clients > > when then connect > > > > > > > You have it right in the second part. I want the server to assign routes > > to > > > the client when the client connects to the server. > > > Currently after the client connects to the pptpd server, I have to (from > > the > > > client, in this case windows) type something along the lines of: > > > route add 192.168.3.0 192.168.1.0 (shortened for brevity, don't worry > > about > > > this syntax). > > > Then everything works fine for the client to access that network. > > > I need some way for the server to do that for the client when the client > > > connects. > > > It might be simple, but I suspect it is more involved otherwise it would > > > seem that it would be more readily available. > > > Any suggestions on how to pull this off anyone? > > > Thanks, > > > -Art > > > > > > -----Original Message----- > > > From: Igor Maciel Macaubas [mailto:igor.maciel at mailbr.com.br] > > > Sent: Thursday, June 06, 2002 9:47 AM > > > To: Hawke; pptp-server at lists.schulte.org > > > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients > > > when then connect > > > > > > > > > Hello, > > > > > > Well, let me see if I understand what you want to do: > > > You want to add a route to your clients when they connect, at Server side? > > > If is this what you want, you can use the ip-up.local script, that > > depending > > > of the version of your pppd, may be located in /etc/ppp/ or > > > /etc/ppp/scripts. > > > This is script is executed imediatly after the connection of the client - > > so > > > you can make a bash script to add this routes dinamically. > > > But if you want to add a route at client side, I don't think that > > pppd/pptpd > > > can carry this. I think that you want to make some really crazy system to > > do > > > it. > > > If you want any help in seting-up this script (ip-up.local), please send > > me > > > e-mails in private and be sure that i'll help as I can! > > > > > > Regards, > > > Igor > > > -- > > > igor.maciel at mailbr.com.br > > > > > > > > > ----- Original Message ----- > > > From: "Hawke" > > > To: > > > Sent: Thursday, June 06, 2002 11:04 AM > > > Subject: [pptp-server] Want pptpd server to assign routes to clients when > > > then connect > > > > > > > > > > I'm already aware of the option in the client side (windows) vpn > > > connection > > > > option to use default route. However, unless I want all their Internet > > > > traffic to run through my vpn server that is not a good option. > > > > Everything works fine in that the vpn client connects, is given an ip, > > > etc. > > > > I want to be able to add (as many as needed) routes to the client upon > > > > connection. > > > > Currently I have to manually type the add route command from the > > command > > > > line after the client connects to get the desired results. Sure, I can > > > > script that on the client side, but when there can be scores of > > different > > > > people connecting that is inefficient to have to distribute and setup > > this > > > > script for everyone. I want the server to assign the routes in typical > > ISP > > > > fashion. Since pptp is based on ppp isn't there some simple script I can > > > add > > > > somewhere that will do this? > > > > Any help is most appreciated. > > > > Thanks, > > > > -Art > > > > > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From doc at aedo.net Fri Jun 7 18:47:52 2002 From: doc at aedo.net (Christopher Aedo) Date: Fri, 07 Jun 2002 16:47:52 -0700 Subject: [pptp-server] pptpd routing issues References: <3D00253F.3000608@aedo.net> <20020606231604.F21661@google.com> Message-ID: <3D014628.8040607@aedo.net> Frank Cusack wrote: >Meaning 192.168.0.81 and 192.168.0.80? > Correct, I can ping the VPN machine, and the IP address the VPN assigns to the client, FROM the client. >I would expect that ppp on the VPN server side is not doing proxy arp. > > enable proxy > >Does this enable proxy arp? I am unable to find documentation for this >flavor of ppp on www.openbsd.org. > According to the man pages for openbsd ppp, this is supposed to enable proxy arp. >Get on another machine on 192.168.0/23 and see if you can ping 192.168.0.81 >(or whatever IP the client gets). Check the arp table after the ping to >see what it says for 192.168.0.81. If it looks like > > ? (192.168.0.81) at > >then your VPN server is not doing proxy arp. > >If there is a MAC, verify that its the VPN server's MAC. If not, you >have an IP conflict. If so, the pptp tunnel isn't working correctly. > > Tried that, no good. Other machines are not able to ping the VPN-assigned IP address (in this case .81). There was one strange change between before connecting and after, when checking arp on the VPN server: [BEFORE CONNECTION] ? (192.168.0.1) at 00:d0:b7:c7:23:22 ? (192.168.0.5) at (incomplete) ? (192.168.1.4) at 00:b0:d0:41:ea:dc [AFTER CONNECTION] ? (192.168.0.1) at 00:d0:b7:c7:23:22 ? (192.168.0.5) at 00:03:6d:16:24:e6 ? (192.168.1.4) at 00:b0:d0:41:ea:dc 192.168.0.5 is the DNS server that is being sent to the VPN client. That IP is NOT in the pool of possible IPs. It is not pingable from the client side after connecting. -Christopher From jvonau at shaw.ca Fri Jun 7 19:57:34 2002 From: jvonau at shaw.ca (Jerry Vonau) Date: Fri, 07 Jun 2002 19:57:34 -0500 Subject: [pptp-server] Want pptpd server to assign routes to clients when then connect Message-ID: <01C20E5D.9197FE80.jvonau@shaw.ca> No problem, I got off on the wrong foot in the morning with the 6am "my mouse isn't woking" phone call..... Darn cell phones.... ;-) The top link was for the ms tool..... Have a good weekend all.... Time for a beer or three.... Jerry -----Original Message----- From: Frank Cusack [SMTP:fcusack at fcusack.com] Sent: Friday, June 07, 2002 06:01 PM To: Jerry Vonau Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when then connect Thanks Jerrry. I had no idea you were talking about the answer to his specific question as your email just said "archives are here". It is of course always a good idea to point people to archives. :-) Sorry, didn't mean to be so rude. From fcusack at fcusack.com Sat Jun 8 11:00:40 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Sat, 8 Jun 2002 09:00:40 -0700 Subject: [pptp-server] pptpd routing issues In-Reply-To: <3D014628.8040607@aedo.net>; from doc@aedo.net on Fri, Jun 07, 2002 at 04:47:52PM -0700 References: <3D00253F.3000608@aedo.net> <20020606231604.F21661@google.com> <3D014628.8040607@aedo.net> Message-ID: <20020608090040.A1863@google.com> On Fri, Jun 07, 2002 at 04:47:52PM -0700, Christopher Aedo wrote: > Frank Cusack wrote: > > >Get on another machine on 192.168.0/23 and see if you can ping 192.168.0.81 > >(or whatever IP the client gets). Check the arp table after the ping to > >see what it says for 192.168.0.81. If it looks like > > > > ? (192.168.0.81) at > > > >then your VPN server is not doing proxy arp. > > > Tried that, no good. Other machines are not able to ping the > VPN-assigned IP address (in this case .81). And if those machines' arp table shows then the problem is that you're not actually doing proxy arp. A wild guess is that if you are not running ppp as root (on the server side) it cannot do the magic to make it work. /fc From kidzrus2 at san.rr.com Sat Jun 8 12:52:25 2002 From: kidzrus2 at san.rr.com (Mike M.) Date: Sat, 8 Jun 2002 10:52:25 -0700 Subject: [pptp-server] i don't care how but you beter remove me from you e-mail list References: <20020608170003.1318.64463.Mailman@clink.schulte.org> Message-ID: <000501c20f15$3fd44140$d4871e18@WORKGROUP> i don't care how but you beter remove me from you e-mail list and not tell me how to you will ----- Original Message ----- From: To: Sent: Saturday, June 08, 2002 10:00 AM Subject: pptp-server digest, Vol 1 #750 - 8 msgs > Send pptp-server mailing list submissions to > pptp-server at lists.schulte.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.schulte.org/mailman/listinfo/pptp-server > or, via email, send a message with subject or body 'help' to > pptp-server-request at lists.schulte.org > > You can reach the person managing the list at > pptp-server-admin at lists.schulte.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of pptp-server digest..." > > > Today's Topics: > > 1. network browsing (bao) > 2. ISP (Steve Rankin) > 3. RE: network browsing (Cowles, Steve) > 4. Re: Want pptpd server to assign routes to clients when then connect (Frank Cusack) > 5. Re: pptpd routing issues (Christopher Aedo) > 6. RE: Want pptpd server to assign routes to clients when > then connect (Jerry Vonau) > 7. Re: pptpd routing issues (Frank Cusack) > > --__--__-- > > Message: 1 > Date: Fri, 07 Jun 2002 12:30:25 -0700 > From: bao > To: pptp > Subject: [pptp-server] network browsing > > I know I had seen a post similar to this long ago, but I can't find it > now. > > The pptp server works. I can ping the server and other nodes on the Lan. > I can share resources (samba servers) on any of the internal servers, > but I'm not able to see any machines on the network. > > Could someone give me some pointers?? > > Thanks > > > Regards, > > > --__--__-- > > Message: 2 > From: "Steve Rankin" > To: > Cc: "Jim Morse" > Date: Fri, 7 Jun 2002 17:13:57 -0400 > Subject: [pptp-server] ISP > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0007_01C20E46.B5B78CC0 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > Looking for a dial-up ISP provider that supports PPTP and IPSEC = > protocols. Many thanks for your help. > > Steve Rankin > Refrigerated Food Express, Inc. > > ------=_NextPart_000_0007_01C20E46.B5B78CC0 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > charset=3Diso-8859-1"> > > > > >
size=3D2>Looking for a=20 > dial-up ISP provider that supports PPTP and IPSEC protocols.  Many = > thanks=20 > for your help.
>
size=3D2> 
>
size=3D2>Steve=20 > Rankin
>
size=3D2>Refrigerated=20 > Food Express, Inc.
> > ------=_NextPart_000_0007_01C20E46.B5B78CC0-- > > > --__--__-- > > Message: 3 > From: "Cowles, Steve" > To: pptp > Subject: RE: [pptp-server] network browsing > Date: Fri, 7 Jun 2002 16:59:06 -0500 > > > -----Original Message----- > > From: bao [mailto:bao at gibbons.com] > > Sent: Friday, June 07, 2002 2:30 PM > > To: pptp > > Subject: [pptp-server] network browsing > > > > > > I know I had seen a post similar to this long ago, but I can't find it > > now. > > > > The pptp server works. I can ping the server and other nodes > > on the Lan. I can share resources (samba servers) on any of the > > internal servers, but I'm not able to see any machines on the > > network. > > > > Could someone give me some pointers?? > > 1) Install a WINS server on your LAN. > 2) Configure all your hosts/servers on your LAN to register with that WINS > server. > 3) Add ms-wins parameter in your ppp options file. > > Steve Cowles > > > --__--__-- > > Message: 4 > Date: Fri, 7 Jun 2002 16:00:32 -0700 > From: Frank Cusack > To: Jerry Vonau > Cc: "pptp-server at lists.schulte.org" > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when then connect > > Thanks Jerrry. I had no idea you were talking about the answer to his > specific question as your email just said "archives are here". It is > of course always a good idea to point people to archives. :-) > > Sorry, didn't mean to be so rude. > > /fc > > On Fri, Jun 07, 2002 at 08:23:20AM -0500, Jerry Vonau wrote: > > Frank: > > > > Art asked if there was "Any suggestions on how to pull this off anyone?" > > Did you even read the thread at the archives? Don't know, or care if the tool > > works. > > I recalled, seeing that email, so I found it in the archives for him. > > Most of the questions asked on this list have been dealt with before. > > New users may not be aware of the archives, going back to May 1999, hence the > > links. > > Have a nice day. > > Jerry > > > > > > > > > > -----Original Message----- > > From: Frank Cusack [SMTP:fcusack at fcusack.com] > > Sent: Friday, June 07, 2002 12:53 AM > > To: fxgh > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when > > then connect > > > > What does this have to do with client side routes? Or are you suggesting > > that the answer is in the archives? > > > > /fc > > > > On Thu, Jun 06, 2002 at 06:23:21PM -0500, fxgh wrote: > > > Hi all: > > > > > > I'm using my wife's machine, so if this comes out HTML, > > > I'm sorry inadvance..... Mine is getting upgraded, woo hoo > > > > > > I recall someone suggesting to use a ms tool.... > > > ah here it is: > > > > > > http://lists.schulte.org/pipermail/pptp-server/2002-March/007867.html > > > > > > Just to let everybody know you can still get to the old archives at: > > > > > > http://lists.schulte.org/pipermail/pptp-server/ > > > > > > You can search them at: > > > > > > http://lists.schulte.org/search/search-pptp-server.html > > > > > > Maybe a link from the new website would be helpful ;-) > > > Just my 2 cents worth... > > > > > > Jerry Vonau > > > > > > > > > -----Original Message----- > > > From: Igor Maciel Macaubas [SMTP:igor.maciel at mailbr.com.br] > > > Sent: Thursday, June 06, 2002 12:53 PM > > > To: Webmaster; pptp-server at lists.schulte.org > > > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when > > > > > then connect > > > > > > Hum, > > > In this case, I really don't know what you have to do. > > > Since that you want to add this route at client side, it's not trivial. > > > You can try to put at the server side some type of script to be executed in > > > the client when it connects.. but I've never done something like that. > > > > > > > > > Regards, > > > Igor > > > -- > > > igor.maciel at mailbr.com.br > > > > > > > > > ----- Original Message ----- > > > From: "Webmaster" > > > To: > > > Sent: Thursday, June 06, 2002 2:22 PM > > > Subject: RE: [pptp-server] Want pptpd server to assign routes to clients > > > when then connect > > > > > > > > > > You have it right in the second part. I want the server to assign routes > > > to > > > > the client when the client connects to the server. > > > > Currently after the client connects to the pptpd server, I have to (from > > > the > > > > client, in this case windows) type something along the lines of: > > > > route add 192.168.3.0 192.168.1.0 (shortened for brevity, don't worry > > > about > > > > this syntax). > > > > Then everything works fine for the client to access that network. > > > > I need some way for the server to do that for the client when the client > > > > connects. > > > > It might be simple, but I suspect it is more involved otherwise it would > > > > seem that it would be more readily available. > > > > Any suggestions on how to pull this off anyone? > > > > Thanks, > > > > -Art > > > > > > > > -----Original Message----- > > > > From: Igor Maciel Macaubas [mailto:igor.maciel at mailbr.com.br] > > > > Sent: Thursday, June 06, 2002 9:47 AM > > > > To: Hawke; pptp-server at lists.schulte.org > > > > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients > > > > when then connect > > > > > > > > > > > > Hello, > > > > > > > > Well, let me see if I understand what you want to do: > > > > You want to add a route to your clients when they connect, at Server side? > > > > If is this what you want, you can use the ip-up.local script, that > > > depending > > > > of the version of your pppd, may be located in /etc/ppp/ or > > > > /etc/ppp/scripts. > > > > This is script is executed imediatly after the connection of the client - > > > so > > > > you can make a bash script to add this routes dinamically. > > > > But if you want to add a route at client side, I don't think that > > > pppd/pptpd > > > > can carry this. I think that you want to make some really crazy system to > > > do > > > > it. > > > > If you want any help in seting-up this script (ip-up.local), please send > > > me > > > > e-mails in private and be sure that i'll help as I can! > > > > > > > > Regards, > > > > Igor > > > > -- > > > > igor.maciel at mailbr.com.br > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Hawke" > > > > To: > > > > Sent: Thursday, June 06, 2002 11:04 AM > > > > Subject: [pptp-server] Want pptpd server to assign routes to clients when > > > > then connect > > > > > > > > > > > > > I'm already aware of the option in the client side (windows) vpn > > > > connection > > > > > option to use default route. However, unless I want all their Internet > > > > > traffic to run through my vpn server that is not a good option. > > > > > Everything works fine in that the vpn client connects, is given an ip, > > > > etc. > > > > > I want to be able to add (as many as needed) routes to the client upon > > > > > connection. > > > > > Currently I have to manually type the add route command from the > > > command > > > > > line after the client connects to get the desired results. Sure, I can > > > > > script that on the client side, but when there can be scores of > > > different > > > > > people connecting that is inefficient to have to distribute and setup > > > this > > > > > script for everyone. I want the server to assign the routes in typical > > > ISP > > > > > fashion. Since pptp is based on ppp isn't there some simple script I can > > > > add > > > > > somewhere that will do this? > > > > > Any help is most appreciated. > > > > > Thanks, > > > > > -Art > > > > > > > > > > > > > > > _______________________________________________ > > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > > --__--__-- > > Message: 5 > Date: Fri, 07 Jun 2002 16:47:52 -0700 > From: Christopher Aedo > To: Frank Cusack > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] pptpd routing issues > > Frank Cusack wrote: > > >Meaning 192.168.0.81 and 192.168.0.80? > > > Correct, I can ping the VPN machine, and the IP address the VPN assigns > to the client, FROM the client. > > >I would expect that ppp on the VPN server side is not doing proxy arp. > > > > enable proxy > > > >Does this enable proxy arp? I am unable to find documentation for this > >flavor of ppp on www.openbsd.org. > > > According to the man pages for openbsd ppp, this is supposed to enable > proxy arp. > > >Get on another machine on 192.168.0/23 and see if you can ping 192.168.0.81 > >(or whatever IP the client gets). Check the arp table after the ping to > >see what it says for 192.168.0.81. If it looks like > > > > ? (192.168.0.81) at > > > >then your VPN server is not doing proxy arp. > > > >If there is a MAC, verify that its the VPN server's MAC. If not, you > >have an IP conflict. If so, the pptp tunnel isn't working correctly. > > > > > Tried that, no good. Other machines are not able to ping the > VPN-assigned IP address (in this case .81). There was one strange > change between before connecting and after, when checking arp on the VPN > server: > > [BEFORE CONNECTION] > ? (192.168.0.1) at 00:d0:b7:c7:23:22 > ? (192.168.0.5) at (incomplete) > ? (192.168.1.4) at 00:b0:d0:41:ea:dc > > [AFTER CONNECTION] > ? (192.168.0.1) at 00:d0:b7:c7:23:22 > ? (192.168.0.5) at 00:03:6d:16:24:e6 > ? (192.168.1.4) at 00:b0:d0:41:ea:dc > > 192.168.0.5 is the DNS server that is being sent to the VPN client. > That IP is NOT in the pool of possible IPs. It is not pingable from > the client side after connecting. > > -Christopher > > > --__--__-- > > Message: 6 > Date: Fri, 07 Jun 2002 19:57:34 -0500 > From: Jerry Vonau > Subject: RE: [pptp-server] Want pptpd server to assign routes to clients when > then connect > To: 'Frank Cusack' > Cc: "pptp-server at lists.schulte.org" > Reply-To: "jvonau at shaw.ca" > Organization: xfdh > > > No problem, I got off on the wrong foot in the morning with the 6am > "my mouse isn't woking" phone call..... Darn cell phones.... ;-) > The top link was for the ms tool..... Have a good weekend all.... > Time for a beer or three.... > > Jerry > > > -----Original Message----- > From: Frank Cusack [SMTP:fcusack at fcusack.com] > Sent: Friday, June 07, 2002 06:01 PM > To: Jerry Vonau > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Want pptpd server to assign routes to clients when > then connect > > Thanks Jerrry. I had no idea you were talking about the answer to his > specific question as your email just said "archives are here". It is > of course always a good idea to point people to archives. :-) > > Sorry, didn't mean to be so rude. > > > > --__--__-- > > Message: 7 > Date: Sat, 8 Jun 2002 09:00:40 -0700 > From: Frank Cusack > To: Christopher Aedo > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] pptpd routing issues > > On Fri, Jun 07, 2002 at 04:47:52PM -0700, Christopher Aedo wrote: > > Frank Cusack wrote: > > > > >Get on another machine on 192.168.0/23 and see if you can ping 192.168.0.81 > > >(or whatever IP the client gets). Check the arp table after the ping to > > >see what it says for 192.168.0.81. If it looks like > > > > > > ? (192.168.0.81) at > > > > > >then your VPN server is not doing proxy arp. > > > > > Tried that, no good. Other machines are not able to ping the > > VPN-assigned IP address (in this case .81). > > And if those machines' arp table shows then the problem > is that you're not actually doing proxy arp. A wild guess is that > if you are not running ppp as root (on the server side) it cannot do > the magic to make it work. > > /fc > > > > --__--__-- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > End of pptp-server Digest > From christopher at schulte.org Sat Jun 8 18:28:33 2002 From: christopher at schulte.org (Christopher Schulte) Date: Sat, 08 Jun 2002 18:28:33 -0500 Subject: [pptp-server] i don't care how but you beter remove me from you e-mail list In-Reply-To: <000501c20f15$3fd44140$d4871e18@WORKGROUP> References: <20020608170003.1318.64463.Mailman@clink.schulte.org> Message-ID: <5.1.1.6.2.20020608182604.03b934d0@pop3s.schulte.org> The person who cannot read/write, nor follow directions has been removed. At 10:52 AM 6/8/2002 -0700, Mike M. wrote: >i don't care how but you beter remove me from you e-mail list and not tell >me how to you will > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > End of pptp-server Digest From kukuk at suse.de Mon Jun 10 13:24:02 2002 From: kukuk at suse.de (Thorsten Kukuk) Date: Mon, 10 Jun 2002 20:24:02 +0200 (CEST) Subject: [pptp-server] Out of the office Message-ID: <20020610182402.19F3E9F2F9@wotan.suse.de> I am out of the office and will not read my mail until Tuesday, second of July 2002. Your mail concerning "Here to find out more!" will be read when I'm back. If you have questions about NIS or NIS+ look at http://www.linux-nis.org, please. Bug reports about SuSE Linux should be send to feedback at suse.de. Ich werde bis zum 2. Juli 2002 nicht im B?ro sein und keine Mail lesen. Ihre Nachricht bzgl. "Here to find out more!" wird mich also erst nach meiner R?ckkehr erreichen. Wenn Sie fragen zu NIS or NIS+ haben, schauen Sie bitte auf http://www.linux-nis.org. Bug-Reports zu SuSE Linux sollten an feedback at suse.de geschickt werden. From doc at aedo.net Wed Jun 12 13:46:57 2002 From: doc at aedo.net (Christopher Aedo) Date: Wed, 12 Jun 2002 11:46:57 -0700 Subject: [pptp-server] pptpd routing issues [FIXED] References: <3D00253F.3000608@aedo.net> <20020606231604.F21661@google.com> Message-ID: <3D079721.7040402@aedo.net> Well, fixed SORT of. Many great thanks to Niall Keegan who wrote the OpenBSD/PoPToP howto that got me easily through at least the first stages. He also helped track down at least part of what my problem was. OpenBSD 3.1 has broken proxy-arp code, and was not responding to ARP requests the way it should have been. The bug is known and the fix is in CVS I believe. More information on this BSD specific issue can be found at: http://cvs.openbsd.org/cgi-bin/wwwgnats.pl/full/2635 I was able to get things working properly by manually adding static ARP routes on our router, pointing the right way for the IP addresses PPP serves out, on the VPN host machine. Not the best solution by a long shot, but it got things working at least. The REAL problem (and I wish I had realized this before) is the netmask/multiple networks issue with PPP. Reading through the mailing list archives indicates stumble against this nearly constantly. I am able to route properly to all internal networks after establishing PPTP connection only by adding a route on the windows client (i.e. "route add 192.168.0.0 mask 255.255.254.0 192.168.0.83" for instance.) While this problem could easily be solved on the windows clients by either running a post-connect script or using a wrapper that starts the connection then runs the script, it doesn't solve the larger problem of allowing multiple platforms to easily create a VPN connection to our network. Though this question is off-topic for the list, does anyone have any suggestions for a free open-source solution? Ideally I would like to run VPN host software on an OpenBSD machine, and allow windows, linux, mac and BSD machines to route to our network from the outside securely. (It's such a shame that poptop might not be the answer -- in my few days of working with it, I'm practically in love.) I'm still hoping to come up with a server-side hack for this, but I'm afraid it may not be possible. (The freeswan - windows solution is very low on my list of alternate solutions due to a fairly unpleasant client side setup process...) Ideas? This list is full of smart people who have dealt with this before or at least thought about it. Technology is always changing, new things always emerging -- what's the best way to solve this problem today? -Christopher p.s. Thanks also to all the people on this list who helped me get to this point. From doc at aedo.net Wed Jun 12 17:14:30 2002 From: doc at aedo.net (Christopher Aedo) Date: Wed, 12 Jun 2002 15:14:30 -0700 Subject: [pptp-server] PoPToP wins! (routing issues resolved) Message-ID: <3D07C7C6.7090906@aedo.net> I realized the sensible way to deal with the routing issues I discuss (routing over diverse networks) was just to allow the new PPP connection to be the default gateway. It does introduce the issue of potentially routing ALL internet traffic through the VPN connection, but that is something that we can overcome easily. This allows us to have routes as wacky as we like on our internal side, and not have to try pushing this out through PPP. Again, thanks everyone for all the help. And a special thanks goes out to all the people who have worked on improving PPTPD over the last few years. Now that I'm past the few initial bumps and scrapes, I'm wildly happy with it! -Christopher From fcusack at fcusack.com Wed Jun 12 22:31:42 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Wed, 12 Jun 2002 20:31:42 -0700 Subject: [pptp-server] PoPToP wins! (routing issues resolved) In-Reply-To: <3D07C7C6.7090906@aedo.net>; from doc@aedo.net on Wed, Jun 12, 2002 at 03:14:30PM -0700 References: <3D07C7C6.7090906@aedo.net> Message-ID: <20020612203141.E22696@google.com> On Wed, Jun 12, 2002 at 03:14:30PM -0700, Christopher Aedo wrote: > I realized the sensible way to deal with the routing issues I discuss > (routing over diverse networks) was just to allow the new PPP connection > to be the default gateway. It does introduce the issue of potentially > routing ALL internet traffic through the VPN connection, but that is > something that we can overcome easily. This allows us to have routes as > wacky as we like on our internal side, and not have to try pushing this > out through PPP. Well, not potentially. You WILL route all internet traffic through the VPN. I'm not sure what you mean by "overcome", but if you mean "avoid" I for one would love to hear about it if you get a solution. The problem I've found with "use default gateway on remote network" is if the user is far from the VPN endpoint (say, east coast or international users connecting to a single west coast VPN server) it's a significant penalty to have all traffic make the extra round trip. My solution is to use the 10 network. When the ppp client connects, it cannot know the netmask of the remote ip. So if adds a network route for the remote ip, it must use the natural mask, 10/8 in this case. All the services that VPN users have to get to are on the 10 network, those that aren't are natted by the firewall the vpn server is attached to. You could do this for 192.168 also, but not nearly as easily. It might not be possible at all depending on how many clients connect and how many services you make available. This restricts users to other than the 10 network for their local IP, which hasn't been a problem -- most (all?) home firewalls give out 192.168 dhcp addresses by default, and ISPs will give them a real (Internet routable) IP. Also, if you use 192.168 addresses it is more likely you will conflict with a user's local IP network. I guess in reality as long as you stay away from 192.168.0 and .1 you should be OK. /fc From Josh.Howlett at bristol.ac.uk Thu Jun 13 08:14:27 2002 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Thu, 13 Jun 2002 14:14:27 +0100 (BST) Subject: [pptp-server] Win 2K/XP - mppe-40 works, mppe-128 doesn't Message-ID: Hi all, My problem is that under Windows 2K or XP, MPPE @ 128 bits does not work correctly. The link goes "up" but the encryption appears to fail in some way. I get the following in my logs: pppd[5312]: Unsupported protocol 0x3a20 received pppd[5312]: Unsupported protocol 0x8719 received pppd[5312]: Unsupported protocol 0x3dc received etc. If I *don't* specify "Require data encryption (disconnect if none)" in the connection properties, then the link is negotiated at 40 bits MPPE and works fine. It works fine under Windows 98. Any ideas? TIA, josh. ------------------------------------------------------------ Josh Howlett, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: josh.howlett at bris.ac.uk ------------------------------------------------------------ From r.devroede at linvision.com Thu Jun 13 08:30:36 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 13 Jun 2002 15:30:36 +0200 Subject: [pptp-server] Win 2K/XP - mppe-40 works, mppe-128 doesn't In-Reply-To: References: Message-ID: <1023975037.2340.27.camel@richard> DON'T use both 40 & 128 bits! It causes weird behaviour. Win98 works because that one allways uses 40-bits, UNLESS you install MSDun-1.4. More info would be nifty: OS, versions of pptpd, ppp, kernel, Patches applied, etc. Dump of both /etc/pptpd.conf and /etc/ppp/options(.pptp[d]) Regards, Richard On Thu, 2002-06-13 at 15:14, Josh Howlett wrote: > Hi all, > > My problem is that under Windows 2K or XP, MPPE @ 128 bits does not > work correctly. The link goes "up" but the encryption appears to fail > in some way. I get the following in my logs: > > pppd[5312]: Unsupported protocol 0x3a20 received > pppd[5312]: Unsupported protocol 0x8719 received > pppd[5312]: Unsupported protocol 0x3dc received > > etc. > > If I *don't* specify "Require data encryption (disconnect if none)" in > the connection properties, then the link is negotiated at 40 bits > MPPE and works fine. > > It works fine under Windows 98. > > Any ideas? > > TIA, josh. > > ------------------------------------------------------------ > Josh Howlett, Networking & Digital Communications, > Information Systems & Computing, University of Bristol, U.K. > 'phone: 0117 928 7850 email: josh.howlett at bris.ac.uk > ------------------------------------------------------------ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From Josh.Howlett at bristol.ac.uk Thu Jun 13 08:43:51 2002 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Thu, 13 Jun 2002 14:43:51 +0100 (BST) Subject: [pptp-server] Win 2K/XP - mppe-40 works, mppe-128 doesn't In-Reply-To: <1023975037.2340.27.camel@richard> Message-ID: > DON'T use both 40 & 128 bits! It causes weird behaviour. If I don't specify mppe-40 the connection negotiates 128-bit MPPE, but fails in the manner described below. > More info would be nifty: > OS, versions of pptpd, ppp, kernel, Patches applied, etc. > Dump of both /etc/pptpd.conf and /etc/ppp/options(.pptp[d]) I have tried various kernels: 2.4.10, 2.4.16 and 2.4.18; patched with linux-2.4.4-openssl-0.9.6a-mppe.patch.gz and linux-2.4.16-openssl-0.9.6b-mppe.patch.gz. I'm using ppp-2.4.1 patched with ppp-2.4.1-openssl-0.9.6-mppe-patch.gz. options: name server auth +chapms-v2 mppe-128 mppe-40 mppe-stateless deflate 0 ms-dns **** lcp-echo-failure 3 lcp-echo-interval 30 many thanks, josh. > On Thu, 2002-06-13 at 15:14, Josh Howlett wrote: > > Hi all, > > > > My problem is that under Windows 2K or XP, MPPE @ 128 bits does not > > work correctly. The link goes "up" but the encryption appears to fail > > in some way. I get the following in my logs: > > > > pppd[5312]: Unsupported protocol 0x3a20 received > > pppd[5312]: Unsupported protocol 0x8719 received > > pppd[5312]: Unsupported protocol 0x3dc received > > > > etc. > > > > If I *don't* specify "Require data encryption (disconnect if none)" in > > the connection properties, then the link is negotiated at 40 bits > > MPPE and works fine. > > > > It works fine under Windows 98. > > > > Any ideas? > > > > TIA, josh. > > > > ------------------------------------------------------------ > > Josh Howlett, Networking & Digital Communications, > > Information Systems & Computing, University of Bristol, U.K. > > 'phone: 0117 928 7850 email: josh.howlett at bris.ac.uk > > ------------------------------------------------------------ > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > ------------------------------------------------------------ Josh Howlett, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: josh.howlett at bris.ac.uk ------------------------------------------------------------ From r.devroede at linvision.com Thu Jun 13 09:30:19 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 13 Jun 2002 16:30:19 +0200 Subject: [pptp-server] Win 2K/XP - mppe-40 works, mppe-128 doesn't In-Reply-To: References: Message-ID: <1023978619.2340.33.camel@richard> > I have tried various kernels: 2.4.10, 2.4.16 and 2.4.18; patched with > linux-2.4.4-openssl-0.9.6a-mppe.patch.gz and > linux-2.4.16-openssl-0.9.6b-mppe.patch.gz. You only need the latter. It does nothing with openssl, it only adds code from it to the kernel. > I'm using ppp-2.4.1 patched with ppp-2.4.1-openssl-0.9.6-mppe-patch.gz. That's ok. I use: lock debug proxyarp -chap -chapms +chapms-v2 mppe-128 mppe-stateless ms-wins ***** ms-dns ****** This works for me.. For ALL Winblows clients.. (Win9x patched to MSdun-1.4) Regards, Richard -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From ctooley at amoa.org Thu Jun 13 09:32:15 2002 From: ctooley at amoa.org (Chris Tooley) Date: 13 Jun 2002 09:32:15 -0500 Subject: [pptp-server] PoPToP wins! (routing issues resolved) In-Reply-To: <20020612203141.E22696@google.com> References: <3D07C7C6.7090906@aedo.net> <20020612203141.E22696@google.com> Message-ID: <1023978735.3041.7.camel@itspec.amoa.org> On Wed, 2002-06-12 at 22:31, Frank Cusack wrote: > On Wed, Jun 12, 2002 at 03:14:30PM -0700, Christopher Aedo wrote: > > I realized the sensible way to deal with the routing issues I discuss > > (routing over diverse networks) was just to allow the new PPP connection > > to be the default gateway. It does introduce the issue of potentially > > routing ALL internet traffic through the VPN connection, but that is > > something that we can overcome easily. This allows us to have routes as > > wacky as we like on our internal side, and not have to try pushing this > > out through PPP. > > Well, not potentially. You WILL route all internet traffic through the > VPN. I'm not sure what you mean by "overcome", but if you mean "avoid" I > for one would love to hear about it if you get a solution. Having two default routes (or really two routes to 0.0.0.0/0) is not that big of an issue. If you have the VPN Server be a default route and don't want all of your internet traffic going through it, you set your other gateway (or real gateway) up as a route to 0.0.0.0/0 as well, and make rules on your VPN Server to only route the traffic you want routed. For instance, if the traffic is to yahoo you drop the packet. That way the client rolls over to their "other route" to the internet. > > The problem I've found with "use default gateway on remote network" is if > the user is far from the VPN endpoint (say, east coast or international > users connecting to a single west coast VPN server) it's a significant > penalty to have all traffic make the extra round trip. > > My solution is to use the 10 network. When the ppp client connects, > it cannot know the netmask of the remote ip. So if adds a network route > for the remote ip, it must use the natural mask, 10/8 in this case. > > All the services that VPN users have to get to are on the 10 network, > those that aren't are natted by the firewall the vpn server is attached > to. You could do this for 192.168 also, but not nearly as easily. It > might not be possible at all depending on how many clients connect and > how many services you make available. > > This restricts users to other than the 10 network for their local IP, which > hasn't been a problem -- most (all?) home firewalls give out 192.168 dhcp > addresses by default, and ISPs will give them a real (Internet routable) IP. > > Also, if you use 192.168 addresses it is more likely you will conflict > with a user's local IP network. I guess in reality as long as you stay > away from 192.168.0 and .1 you should be OK. > > /fc > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From fcusack at fcusack.com Thu Jun 13 20:26:20 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Thu, 13 Jun 2002 18:26:20 -0700 Subject: [pptp-server] PoPToP wins! (routing issues resolved) In-Reply-To: <1023978735.3041.7.camel@itspec.amoa.org>; from ctooley@amoa.org on Thu, Jun 13, 2002 at 09:32:15AM -0500 References: <3D07C7C6.7090906@aedo.net> <20020612203141.E22696@google.com> <1023978735.3041.7.camel@itspec.amoa.org> Message-ID: <20020613182620.V24515@google.com> On Thu, Jun 13, 2002 at 09:32:15AM -0500, Chris Tooley wrote: > On Wed, 2002-06-12 at 22:31, Frank Cusack wrote: > > On Wed, Jun 12, 2002 at 03:14:30PM -0700, Christopher Aedo wrote: > > > I realized the sensible way to deal with the routing issues I discuss > > > (routing over diverse networks) was just to allow the new PPP connection > > > to be the default gateway. It does introduce the issue of potentially > > > routing ALL internet traffic through the VPN connection, but that is > > > something that we can overcome easily. This allows us to have routes as > > > wacky as we like on our internal side, and not have to try pushing this > > > out through PPP. > > > > Well, not potentially. You WILL route all internet traffic through the > > VPN. I'm not sure what you mean by "overcome", but if you mean "avoid" I > > for one would love to hear about it if you get a solution. > > Having two default routes (or really two routes to 0.0.0.0/0) is not > that big of an issue. If you have the VPN Server be a default route and > don't want all of your internet traffic going through it, you set your > other gateway (or real gateway) up as a route to 0.0.0.0/0 as well, and > make rules on your VPN Server to only route the traffic you want > routed. For instance, if the traffic is to yahoo you drop the packet. > That way the client rolls over to their "other route" to the internet. No it doesn't. If it does, you STILL incur the extra round trip penalty. That's based on unix with equal cost multiple default routes. With 'use remote default', windows does not add an equal cost default, it changes the old default to a high metric and so what it SHOULD do is send all traffic to the vpn server. ICMP network unreachable should NOT cause it to then try the other default (but it may if Windows routing is broken). I wouldn't expect it to be broken in this way, but I haven't actually verified it. I do know that when I had this setup, folks didn't like it. /fc From rpyne at shopsite.com Fri Jun 14 14:28:20 2002 From: rpyne at shopsite.com (Richard Pyne) Date: Fri, 14 Jun 2002 13:28:20 -0600 Subject: [pptp-server] Passwords Message-ID: <3D09EF74.12648.152E2A0@localhost> Is there a way to 1)Allow users to change their own password, and 2)Keep the passwords in an encrypted form on the server? These are the two big obsticles to my company allowing me to get rid of those blasted MicroSlop domain controller and tunnel machines. Thanks, --Richard ---------- Richard Pyne rpyne at shopsite.com Software Engineer ShopSite, Inc http://www.ShopSite.com From tr at atracit.dk Fri Jun 14 15:48:46 2002 From: tr at atracit.dk (Thomas Rasmussen) Date: Fri, 14 Jun 2002 22:48:46 +0200 Subject: SV: [pptp-server] Passwords In-Reply-To: <3D09EF74.12648.152E2A0@localhost> Message-ID: <000001c213e4$e124c5f0$0200000a@proofficepark.dk> easy.. do it in php and make a webinterface that writes the ppp.secret file -Thomas -----Oprindelig meddelelse----- Fra: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Pa vegne af Richard Pyne Sendt: 14. juni 2002 21:28 Til: pptp-server at lists.schulte.org Emne: [pptp-server] Passwords Is there a way to 1)Allow users to change their own password, and 2)Keep the passwords in an encrypted form on the server? These are the two big obsticles to my company allowing me to get rid of those blasted MicroSlop domain controller and tunnel machines. Thanks, --Richard ---------- Richard Pyne rpyne at shopsite.com Software Engineer ShopSite, Inc http://www.ShopSite.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From jurr at tref.nl Sun Jun 16 06:15:04 2002 From: jurr at tref.nl (Jurrie Overgoor) Date: Sun, 16 Jun 2002 13:15:04 +0200 Subject: [pptp-server] How safe is Chap? Message-ID: <004101c21527$79337b00$0200a8c0@a800> Hello, I currently have a box set up to be vpn server. It doesn't support data encryption, and only chap is supported. Now I am worried about how safe my vpn is. Should I switch to MSCHAP v2? And data encryption? This will be a lot of work.... Greetz -- Jurrie jurr at tref.nl From r.devroede at linvision.com Mon Jun 17 03:30:10 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 17 Jun 2002 10:30:10 +0200 Subject: [pptp-server] How safe is Chap? In-Reply-To: <004101c21527$79337b00$0200a8c0@a800> References: <004101c21527$79337b00$0200a8c0@a800> Message-ID: <1024302611.1851.8.camel@richard> Jurrie, > I currently have a box set up to be vpn server. It doesn't support data > encryption, and only chap is supported. Now I am worried about how safe my > vpn is. If I was interested in that box I could sniff your data, break in and wreak havoc on your box, maybe even the rest of your network. This would be a sucky situation.. > Should I switch to MSCHAP v2? And data encryption? Hmmm.. Let me think... Uh-huh!!! > This will be a lot of work.... Neh... There are out of the box RedHat packages on http://devel.linvision.com/ Regards, Richard -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From fcusack at fcusack.com Mon Jun 17 03:52:55 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Mon, 17 Jun 2002 01:52:55 -0700 Subject: [pptp-server] How safe is Chap? In-Reply-To: <004101c21527$79337b00$0200a8c0@a800>; from jurr@tref.nl on Sun, Jun 16, 2002 at 01:15:04PM +0200 References: <004101c21527$79337b00$0200a8c0@a800> Message-ID: <20020617015255.C7633@google.com> On Sun, Jun 16, 2002 at 01:15:04PM +0200, Jurrie Overgoor wrote: > I currently have a box set up to be vpn server. It doesn't support data > encryption, and only chap is supported. Now I am worried about how safe my > vpn is. Should I switch to MSCHAP v2? And data encryption? This will be a > lot of work.... That depends on whether or not your data is sensitive enough to require encryption. If it is, you need it. Without encryption, data is subject to monitoring (and alteration). It's not *that hard* to setup encryption. Without encryption, pap/chap/mschap/mschap-v2 are all subject to attack. If an attacker can monitor network traffic, pap is subject to sniffing. If they can also inject traffic, chap/mschap/mschap-v2 allow an attacker to login using a connected client as an oracle. (They login to the server as the user, and send the challenge from the server to the connected client, replaying the answer.) With encryption, you are still subject to attacks against weak passwords. With a strong password and encryption, mschap-v2 is probably "good enough" (your security needs can't be that much if you don't even know if you need encryption). mschap (v1) is pretty poor, don't use it. /fc From j.bowen at CYPROTEX.com Mon Jun 17 05:33:45 2002 From: j.bowen at CYPROTEX.com (Jim Bowen) Date: Mon, 17 Jun 2002 11:33:45 +0100 Subject: [pptp-server] mschap-v2 auth against en-hashed secrets Message-ID: Well, I tried your RPM, but no luck :( With chap-secrets containing the plain-text secret, it works perfectly. With chap-secrets containing the hex string lifted from smbpasswd, I get a segfault. With chap-secrets containing &/etc/samba/smbpasswd, I get an authentication fail message, but the access time stamp on /etc/samba/smbpasswd is not updated, so it doesn't appear to be reading the file? I've even tried moving the smbpasswd file to /etc/smbpasswd and opening up the access rights to it (eep), but no change. My options.pptpd file has lock ## turn pppd syslog debugging on debug ## change 'pptpd' to whatever you specify as your server name in chap-secrets name pptpd auth require-chap proxyarp -chap -chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ms-wins 192.168.1.7 ms-dns 192.168.1.1 Am I missing something obvious? Thanks Jim -----Original Message----- From: R. de Vroede [mailto:r.devroede at linvision.com] Sent: 07 June 2002 10:06 To: Jim Bowen Cc: 'pptp-server at lists.schulte.org' Subject: Re: [pptp-server] mschap-v2 auth against en-hashed secrets There is a patch out there for ppp to authenticate against Samba. If you use RedHat 7.x, you're in luck. You can use my test RPM on http://devel.linvision.com/source/ppp.html Regards, Richard de Vroede On Thu, 2002-06-06 at 16:15, Jim Bowen wrote: > Hi, > > Does anyone know of a way to get ppp to auth against either a separate NT > (or samba) server, or against NT password hashes instead of plaintext > passwords in the /etc/ppp/chap-secrets file. > > I tried the obvious one of just putting the LM hash into the secret field > (works with unix-crypt in pap-secrets), but all I got for that was a > segfault :( > > Our domain controller is on NT, but I've managed to convince everyone to run > the VPN server on linux instead, using PoPtoP (great app), but I don't like > keeping plaintext secrets on a server that has an internet connection. I'm > stuck with...um.... reverse-engineering their passwords at the moment, which > can take a couple of days for the better users :) > > > Jim > -- > Email : j.bowen at cyprotex.com > Tel : 01625 505112 > Fax : 01625 505199 > > > > This E-Mail is sent in confidence for the addressee only. Unauthorised recipients must preserve this confidentiality and should please advise the sender immediately by telephone (+44 (0)870 241 6492) and return the original E-Mail to the sender without taking a copy. Cyprotex has taken all reasonable precautions to ensure that no viruses are transmitted from Cyprotex to any third party. Cyprotex accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this E-Mail or the contents. -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ This E-Mail is sent in confidence for the addressee only. Unauthorised recipients must preserve this confidentiality and should please advise the sender immediately by telephone (+44 (0)870 241 6492) and return the original E-Mail to the sender without taking a copy. Cyprotex has taken all reasonable precautions to ensure that no viruses are transmitted from Cyprotex to any third party. Cyprotex accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this E-Mail or the contents. From r.devroede at linvision.com Mon Jun 17 05:55:11 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 17 Jun 2002 12:55:11 +0200 Subject: [pptp-server] mschap-v2 auth against en-hashed secrets In-Reply-To: References: Message-ID: <1024311312.1851.16.camel@richard> First of all, thank you for the feedback. You're the first. The SMB authentication incorporated in that RPM is in testphase. chap-secrets containing the hex-string is definately not the way it was meant to be. So offcourse that doen't work. The code looks for the &/etc/samba/smbpasswd string and then should do SMB auth. Maybe it still looks for /etc/smbpasswd (RH6.2). It was a quick and dirty of an old patch. I will look into it when I have the time. Thanks again. I'll post change to this list. Regards, Richard On Mon, 2002-06-17 at 12:33, Jim Bowen wrote: > Well, I tried your RPM, but no luck :( > > With chap-secrets containing the plain-text secret, it works perfectly. > > With chap-secrets containing the hex string lifted from smbpasswd, I get a > segfault. > > With chap-secrets containing &/etc/samba/smbpasswd, I get an authentication > fail message, but the access time stamp on /etc/samba/smbpasswd is not > updated, so it doesn't appear to be reading the file? > > I've even tried moving the smbpasswd file to /etc/smbpasswd and opening up > the access rights to it (eep), but no change. > > My options.pptpd file has > > > > lock > > ## turn pppd syslog debugging on > debug > > ## change 'pptpd' to whatever you specify as your server name in > chap-secrets > name pptpd > > auth > require-chap > proxyarp > -chap > -chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > ms-wins 192.168.1.7 > ms-dns 192.168.1.1 > > > Am I missing something obvious? > > Thanks > > Jim > > > > -----Original Message----- > From: R. de Vroede [mailto:r.devroede at linvision.com] > Sent: 07 June 2002 10:06 > To: Jim Bowen > Cc: 'pptp-server at lists.schulte.org' > Subject: Re: [pptp-server] mschap-v2 auth against en-hashed secrets > > There is a patch out there for ppp to authenticate against Samba. > If you use RedHat 7.x, you're in luck. You can use my test RPM on > http://devel.linvision.com/source/ppp.html > > Regards, > Richard de Vroede > > > On Thu, 2002-06-06 at 16:15, Jim Bowen wrote: > > Hi, > > > > Does anyone know of a way to get ppp to auth against either a separate NT > > (or samba) server, or against NT password hashes instead of plaintext > > passwords in the /etc/ppp/chap-secrets file. > > > > I tried the obvious one of just putting the LM hash into the secret field > > (works with unix-crypt in pap-secrets), but all I got for that was a > > segfault :( > > > > Our domain controller is on NT, but I've managed to convince everyone to > run > > the VPN server on linux instead, using PoPtoP (great app), but I don't > like > > keeping plaintext secrets on a server that has an internet connection. I'm > > stuck with...um.... reverse-engineering their passwords at the moment, > which > > can take a couple of days for the better users :) > > > > > > Jim > > -- > > Email : j.bowen at cyprotex.com > > Tel : 01625 505112 > > Fax : 01625 505199 > > > > > > > > This E-Mail is sent in confidence for the addressee only. Unauthorised > recipients must preserve this confidentiality and should please advise the > sender immediately by telephone (+44 (0)870 241 6492) and return the > original E-Mail to the sender without taking a copy. Cyprotex has taken all > reasonable precautions to ensure that no viruses are transmitted from > Cyprotex to any third party. Cyprotex accepts no responsibility for any > loss or damage resulting directly or indirectly from the use of this E-Mail > or the contents. > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > > ________________________________________________________________________ > This email has been scanned for all viruses by the MessageLabs SkyScan > service. For more information on a proactive anti-virus service working > around the clock, around the globe, visit http://www.messagelabs.com > ________________________________________________________________________ > > This E-Mail is sent in confidence for the addressee only. Unauthorised recipients must preserve this confidentiality and should please advise the sender immediately by telephone (+44 (0)870 241 6492) and return the original E-Mail to the sender without taking a copy. Cyprotex has taken all reasonable precautions to ensure that no viruses are transmitted from Cyprotex to any third party. Cyprotex accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this E-Mail or the contents. -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From r.devroede at linvision.com Mon Jun 17 17:03:59 2002 From: r.devroede at linvision.com (R. de Vroede) Date: Tue, 18 Jun 2002 00:03:59 +0200 Subject: [pptp-server] Logging question In-Reply-To: <20020524112635.F16555@google.com> References: <20020523155136.B5984@google.com> Message-ID: <5.1.0.14.0.20020618000244.02007250@ssl.hq.linvision.com> > > btw, ip-[up|down] doesn't record, use, or work with the username in any > way. > > I wish it did.... Would make my script easier ;) It does use IP, so if you put static IP's/user combo in the chap-secrets, you can script it. Regards, Richard From r.devroede at linvision.com Mon Jun 17 17:03:59 2002 From: r.devroede at linvision.com (R. de Vroede) Date: Tue, 18 Jun 2002 00:03:59 +0200 Subject: [pptp-server] Logging question In-Reply-To: <20020524112635.F16555@google.com> References: <20020523155136.B5984@google.com> Message-ID: <5.1.0.14.0.20020618000244.02007250@ssl.hq.linvision.com> > > btw, ip-[up|down] doesn't record, use, or work with the username in any > way. > > I wish it did.... Would make my script easier ;) It does use IP, so if you put static IP's/user combo in the chap-secrets, you can script it. Regards, Richard From fabio at ipway.com.br Tue Jun 18 10:14:35 2002 From: fabio at ipway.com.br (Fabio Oliveira) Date: Tue, 18 Jun 2002 12:14:35 -0300 Subject: [pptp-server] PPTP Linux Client (out-of-topic) In-Reply-To: <5.1.0.14.0.20020618000244.02007250@ssl.hq.linvision.com> Message-ID: Hi, I need a help about PPTP client on Linux. I am using Linux pptp client to connect lan --to -- lan in a small net at customer (4 pc.s in each side). But when the connection goes down sometimes it's not reestablished auto, so I need do manually ( pptp server . Has anyone any script for that? If not, where can I find? Thanks. ** Sorry, if the question is out-of-topic. But I trust in answers here. ;-) regards, Fabio Oliveira From r.devroede at linvision.com Tue Jun 18 10:26:33 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 18 Jun 2002 17:26:33 +0200 Subject: [pptp-server] PPTP Linux Client (out-of-topic) In-Reply-To: References: Message-ID: <1024413993.18866.1.camel@richard> Why don't you use tinc? It's perfect for lan-to-lan. http://tinc.nl.linux.org/ Regards, Richard On Tue, 2002-06-18 at 17:14, Fabio Oliveira wrote: > Hi, > > I need a help about PPTP client on Linux. > > I am using Linux pptp client to connect lan --to -- lan in a small net at > customer (4 pc.s in each side). > But when the connection goes down sometimes it's not reestablished auto, so > I need do manually ( pptp server . > > Has anyone any script for that? > If not, where can I find? > > Thanks. > > ** Sorry, if the question is out-of-topic. But I trust in answers here. ;-) > > regards, > > Fabio Oliveira > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From J-lit at planet.nl Tue Jun 18 12:34:54 2002 From: J-lit at planet.nl (John van Lit) Date: Tue, 18 Jun 2002 19:34:54 +0200 Subject: [pptp-server] VPN Response Message-ID: All, I'm using poptop for a short time now. But i have preformans problems. is there a specific amount off memory nessary to run poptop? The problems i the clients that connect true the vpn tunnel are: Outlook stops responding, some times the drive mappings aren't made or doesn't respond. I'm using Trustix secure linux. it is running on a P133 with 16 MB of internal memory. Can somebody help here Thanks, John van Lit From adam at morrison-ind.com Tue Jun 18 12:39:49 2002 From: adam at morrison-ind.com (Adam Williams) Date: Tue, 18 Jun 2002 13:39:49 -0400 (EDT) Subject: [pptp-server] VPN Response In-Reply-To: Message-ID: >I'm using poptop for a short time now. >But i have preformans problems. >is there a specific amount off memory nessary to run poptop? >The problems i the clients that connect true the vpn tunnel are: >Outlook stops responding, some times the drive mappings aren't made or >doesn't respond. >I'm using Trustix secure linux. it is running on a P133 with 16 MB of >internal memory. Using an IBM PS/1 486DX66 w/20Mb of RAM on RH6.0 We support up to 10 VPN connections over a T1. The box is also a NAT server for ~200 internal clients. Been up for 461 days. Some of the VPN users keep there connection open for as long as three days. Works flawlessly. From anesthes at cisdi.com Wed Jun 19 08:57:03 2002 From: anesthes at cisdi.com (Joey Coco) Date: Wed, 19 Jun 2002 08:57:03 -0500 (EST) Subject: [pptp-server] Masquarading clients - linux 2.4 Message-ID: Hello, Does the linux kernel still need patches to masquarade client connections properly? We're running 2.4.18 on all our firewalls, and it appears the gre tunnels aren't establishing correctly.. I was under the impression that 2.4 by default worked, but I couldn't find any reference to iptables in the poptop faq.. ?? Thanks! -- Joe From jvonau at shaw.ca Wed Jun 19 08:09:36 2002 From: jvonau at shaw.ca (Jerry Vonau) Date: Wed, 19 Jun 2002 08:09:36 -0500 Subject: [pptp-server] Masquarading clients - linux 2.4 Message-ID: <01C21768.A7B09380.jvonau@shaw.ca> Joe: I works for a single connection only, for multiple masq'd clients, you need a patch..... http://www.impsec.org/linux/masquerade/ip_masq_vpn.html http://www.e-infomax.com/ipmasq/ (2.4 module matrix link) has links to the patches that you need. Jerry Vonau -----Original Message----- From: Joey Coco [SMTP:anesthes at cisdi.com] Sent: Wednesday, June 19, 2002 08:57 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Masquarading clients - linux 2.4 Hello, Does the linux kernel still need patches to masquarade client connections properly? We're running 2.4.18 on all our firewalls, and it appears the gre tunnels aren't establishing correctly.. I was under the impression that 2.4 by default worked, but I couldn't find any reference to iptables in the poptop faq.. ?? Thanks! -- Joe _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From anesthes at cisdi.com Wed Jun 19 10:20:04 2002 From: anesthes at cisdi.com (Joey Coco) Date: Wed, 19 Jun 2002 10:20:04 -0500 (EST) Subject: [pptp-server] Masquarading clients - linux 2.4 In-Reply-To: <01C21768.A7B09380.jvonau@shaw.ca> Message-ID: Hi Jerry, Strange.. I wonder why it wasn't working then. I'll apply the patch anyway. Thank you for your help. -- Joe On Wed, 19 Jun 2002, Jerry Vonau wrote: > Joe: > > I works for a single connection only, for multiple masq'd clients, you need a > patch..... > > http://www.impsec.org/linux/masquerade/ip_masq_vpn.html > > http://www.e-infomax.com/ipmasq/ (2.4 module matrix link) > > has links to the patches that you need. > > Jerry Vonau > > > > -----Original Message----- > From: Joey Coco [SMTP:anesthes at cisdi.com] > Sent: Wednesday, June 19, 2002 08:57 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Masquarading clients - linux 2.4 > > > Hello, > > Does the linux kernel still need patches to masquarade client connections > properly? We're running 2.4.18 on all our firewalls, and it appears the > gre tunnels aren't establishing correctly.. I was under the impression > that 2.4 by default worked, but I couldn't find any reference to iptables > in the poptop faq.. ?? > > Thanks! > > -- Joe > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From pptp at szczepanek.de Wed Jun 19 10:39:18 2002 From: pptp at szczepanek.de (Torge Szczepanek) Date: 19 Jun 2002 17:39:18 +0200 Subject: [pptp-server] Masquarading clients - linux 2.4 In-Reply-To: <01C21768.A7B09380.jvonau@shaw.ca> References: <01C21768.A7B09380.jvonau@shaw.ca> Message-ID: <1024501160.1808.1.camel@cygnus> Am Mit, 2002-06-19 um 15.09 schrieb Jerry Vonau: > you need a > patch..... > > http://www.impsec.org/linux/masquerade/ip_masq_vpn.html > > http://www.e-infomax.com/ipmasq/ (2.4 module matrix link) > > has links to the patches that you need. There is also a pptp patch in the iptables patch-o-matic. I didn't try it yet. It depends on the newnat code. See http://netfilter.samba.org/ From barjunk at attglobal.net Wed Jun 19 17:22:18 2002 From: barjunk at attglobal.net (barjunk) Date: 19 Jun 2002 14:22:18 -0800 Subject: [pptp-server] Where is everything now Message-ID: <1024525339.1509.23.camel@pantherlx.aidea.org> I am looking on the wwww.poptop.org site and hit downloads, I get sent to sourceforge, but there aren't any files. It has been a while since I have stayed up to date with this I guess. Can someone please direct me to where I might get the source, etc. Mike Barsalou From james.cameron at hp.com Wed Jun 19 18:52:17 2002 From: james.cameron at hp.com (James Cameron) Date: 20 Jun 2002 09:52:17 +1000 Subject: [pptp-server] PPTP Linux Client (out-of-topic) In-Reply-To: References: Message-ID: <1024530746.27028.20.camel@jander> On Wed, 2002-06-19 at 01:14, Fabio Oliveira wrote: > I need a help about PPTP client on Linux. Your question is also welcome on the PPTP Client mailing list. > But when the connection goes down sometimes it's not reestablished auto, so > I need do manually ( pptp server . Use pptp-linux 1.1 which starts pptp from within pppd, and then use pppd's features for keeping the link up. persist, demand, whatever you need. -- James Cameron (james.cameron at hp.com) http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part URL: From fcusack at fcusack.com Thu Jun 20 05:32:57 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Thu, 20 Jun 2002 03:32:57 -0700 Subject: [pptp-server] Where is everything now In-Reply-To: <1024525339.1509.23.camel@pantherlx.aidea.org>; from barjunk@attglobal.net on Wed, Jun 19, 2002 at 02:22:18PM -0800 References: <1024525339.1509.23.camel@pantherlx.aidea.org> Message-ID: <20020620033257.B32251@google.com> On Wed, Jun 19, 2002 at 02:22:18PM -0800, barjunk wrote: > I am looking on the wwww.poptop.org site and hit downloads, I get sent > to sourceforge, but there aren't any files. > > It has been a while since I have stayed up to date with this I guess. > > Can someone please direct me to where I might get the source, etc. I grabbed the PLD rpm from speakeasy.rpmfind.net (search for pptpd). Daniel from snapgear asked for maintainers a cpl of weeks ago; I replied but have not heard back from him. /fc From r.devroede at linvision.com Thu Jun 20 07:52:18 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 20 Jun 2002 14:52:18 +0200 Subject: [pptp-server] Where is everything now In-Reply-To: <20020620033257.B32251@google.com> References: <1024525339.1509.23.camel@pantherlx.aidea.org> <20020620033257.B32251@google.com> Message-ID: <1024577538.1724.30.camel@richard> Today files were released on Poptop's SourceForge page! http://sourceforge.net/projects/poptop/ Happy birthday to you, dear Poptop, happy birthday to youououou.... We've got the new source tarball, RedHat RPM's, patches and Add-ons. Now all we need is bunches of testers, documentation, and a whole lot of happy campers... I will commit the source to CVS ASAP. All contributions to the Poptop project should go though SourceForge from now on. People wanting to mirror the software are ofcourse welcome to do so, but please refer to SourceForge as the main site, so we can keep it centralized. Thank you for your time, and .... Have fun! Regards, Richard de Vroede From matt at tempo.com.au Thu Jun 20 18:02:41 2002 From: matt at tempo.com.au (Matt Gavin) Date: Fri, 21 Jun 2002 09:02:41 +1000 Subject: [pptp-server] Where is everything now In-Reply-To: <1024577538.1724.30.camel@richard> Message-ID: > Today files were released on Poptop's SourceForge page! > http://sourceforge.net/projects/poptop/ This is great news! Well done guys... Will the mailing list remain with lists.schulte.org or is it to be replaced by lists.sourceforge.net? M@ From fcusack at fcusack.com Fri Jun 21 02:40:23 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Fri, 21 Jun 2002 00:40:23 -0700 Subject: [pptp-server] Where is everything now In-Reply-To: <1024577538.1724.30.camel@richard>; from r.devroede@linvision.com on Thu, Jun 20, 2002 at 02:52:18PM +0200 References: <1024525339.1509.23.camel@pantherlx.aidea.org> <20020620033257.B32251@google.com> <1024577538.1724.30.camel@richard> Message-ID: <20020621004023.B4047@google.com> Excellent! On Thu, Jun 20, 2002 at 02:52:18PM +0200, R. de Vroede wrote: > Today files were released on Poptop's SourceForge page! > http://sourceforge.net/projects/poptop/ From changchunteng at vip.sina.com Fri Jun 21 07:00:28 2002 From: changchunteng at vip.sina.com (Scott Teng) Date: Fri, 21 Jun 2002 20:00:28 +0800 Subject: [pptp-server] multiple concurrent users access pptp through nat Message-ID: as title, how to do so? platform: linux 2.4+iptables+pptpd Thanks in advance ;-) From rmarlow at library.uwa.edu.au Mon Jun 24 01:57:55 2002 From: rmarlow at library.uwa.edu.au (Rob Marlow) Date: Mon, 24 Jun 2002 14:57:55 +0800 Subject: [pptp-server] PoPToP w/MPPE vs Macintosh OSX Message-ID: Hi people. My colleagues and I have been having quite a lot of trouble attempting to get oup PoPToP PPTP server using MPPE and MS-CHAPv2 to work with a suitable Macintosh client. I've attempted to use DigiTunnel and PiePants both to no avail. The problem appears to lie in some problem with authentication challenges. Basically, both clients ignore these challenges and the exchange of CCP auth challenges eventually dies out and LCP termreq's. I know many people have been having this trouble so no doubt it's been looked into. Can anybody tell me where this problem lies and whether it's anywhere near being fixed? Thanks. From fcusack at fcusack.com Mon Jun 24 03:01:00 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Mon, 24 Jun 2002 01:01:00 -0700 Subject: [pptp-server] PoPToP w/MPPE vs Macintosh OSX In-Reply-To: ; from rmarlow@library.uwa.edu.au on Mon, Jun 24, 2002 at 02:57:55PM +0800 References: Message-ID: <20020624010100.C22031@google.com> On Mon, Jun 24, 2002 at 02:57:55PM +0800, Rob Marlow wrote: > My colleagues and I have been having quite a lot of trouble attempting > to get oup PoPToP PPTP server using MPPE and MS-CHAPv2 to work with a > suitable Macintosh client. I've attempted to use DigiTunnel and PiePants > both to no avail. The problem appears to lie in some problem with > authentication challenges. Basically, both clients ignore these > challenges and the exchange of CCP auth challenges eventually dies out > and LCP termreq's. > > I know many people have been having this trouble so no doubt it's been > looked into. Can anybody tell me where this problem lies and whether > it's anywhere near being fixed? This is the first I've heard of any such problems, so I would not say it's being looked into on the pptpd side. I have to guess at this point that the problem is with the mac clients. Have you gotten either to work against a MS RRAS server that only accepts MS-CHAPv2? Does it work without MPPE? Can you add 'debug' and 'dump' to the ppp options file and send a log? /fc From jurr at tref.nl Mon Jun 24 13:03:17 2002 From: jurr at tref.nl (Jurrie Overgoor) Date: Mon, 24 Jun 2002 20:03:17 +0200 Subject: [pptp-server] Multiple users Message-ID: <001a01c21baa$990de490$0200a8c0@a800> Hello, I have two vpn users who have problems connecting together. Both can connect ok alone, but when user 1 has esthablished a connection and user 2 tries to connect, both machines start doing wierd, forcing the users to reboot. I'm using PoPToP with MSCHAP-V2 on RH7.1. I connect over adsl. This machine is only for vpn connections. After the connection is esthablished, the users log on to the domain by adressing a windows NT machine. The two users use Windows 2000, and connect over the same wireless lan (adsl). They have no problem internetting together. My config file includes proxyarp, +mschap-v2 and the whole bunch. I have reserved a range of IP adresses (in the same subnet mask as the linux machine and the windows machine) for the clients. Am I the only one having this problem? Would the problem be my linux machine, or the windows machine? Any reply is apprieciated, Greetz -- Jurrie jurr at tref.nl From fcusack at fcusack.com Mon Jun 24 18:02:34 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Mon, 24 Jun 2002 16:02:34 -0700 Subject: [pptp-server] Multiple users In-Reply-To: <001a01c21baa$990de490$0200a8c0@a800>; from jurr@tref.nl on Mon, Jun 24, 2002 at 08:03:17PM +0200 References: <001a01c21baa$990de490$0200a8c0@a800> Message-ID: <20020624160233.V23163@google.com> Many (most?) home firewalls support only a single pptp user. Are your two users behind a (the same) firewall? /fc On Mon, Jun 24, 2002 at 08:03:17PM +0200, Jurrie Overgoor wrote: > Hello, > > I have two vpn users who have problems connecting together. Both can connect > ok alone, but when user 1 has esthablished a connection and user 2 tries to > connect, both machines start doing wierd, forcing the users to reboot. > > I'm using PoPToP with MSCHAP-V2 on RH7.1. I connect over adsl. This machine > is only for vpn connections. After the connection is esthablished, the users > log on to the domain by adressing a windows NT machine. > The two users use Windows 2000, and connect over the same wireless lan > (adsl). They have no problem internetting together. > > My config file includes proxyarp, +mschap-v2 and the whole bunch. I have > reserved a range of IP adresses (in the same subnet mask as the linux > machine and the windows machine) for the clients. > > Am I the only one having this problem? Would the problem be my linux > machine, or the windows machine? > > Any reply is apprieciated, > > Greetz -- Jurrie > jurr at tref.nl > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From rmarlow at library.uwa.edu.au Mon Jun 24 20:52:05 2002 From: rmarlow at library.uwa.edu.au (Rob Marlow) Date: Tue, 25 Jun 2002 09:52:05 +0800 Subject: [pptp-server] PoPToP w/MPPE vs Macintosh OSX Message-ID: > -----Original Message----- > From: Frank Cusack [mailto:fcusack at fcusack.com] > Sent: Monday, 24 June 2002 4:01 PM > To: Rob Marlow > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] PoPToP w/MPPE vs Macintosh OSX > > > This is the first I've heard of any such problems, so I would > not say it's being looked into on the pptpd side. I have to > guess at this point that the problem is with the mac clients. > Have you gotten either to work against a MS RRAS server that > only accepts MS-CHAPv2? Does it work without MPPE? Oh poop. I thought one of the developers at least may have said something about it. Nevermind. I don't have access to a MS RRAS server. My ability to test is further limited by the fact that I have to book any macintosh equipment off the arts department (I work in a university) for testing and don't have root access on the PPTP server. Unfortunately this severely limits my ability to play around with this thing as you can imagine. > Can you add 'debug' and 'dump' to the ppp options file and send a log? Again I don't have access to the equipment to provide an up to date log of the problem but I did prepare one several months earlier. Here's the PPTP server sending its auth challenge: --start log segment-- Mar 20 09:46:49 phlegethon pppd[27267]: sent [LCP ConfReq id=0x1 ] Mar 20 09:46:49 phlegethon pppd[27267]: Timeout 0x80519e8:0x8084220 in 3 seconds. --end log segment-- My mistake: the auth challenges are LCP, not CCP of course. Gracion posted something about a Linux CCP bug on their compatibility page for DigiTunnel and I thought it was related. Here's the PPTP server giving up after challenging too many times with no response: --start log segment-- Mar 20 09:46:55 phlegethon pppd[27267]: LCP: timeout sending Config-Requests Mar 20 09:46:55 phlegethon pppd[27267]: Connection terminated. Mar 20 09:46:55 phlegethon pppd[27267]: Exit. --end log segment-- I couldn't make much sense out of the logs on the client end to figure out where the relevant info was. That may or may not be helpful (I imagine it's probably not that helpful). If you do need more information I'll see what I can do about borrowing that macintosh again and getting the log verbosity increased. From fcusack at fcusack.com Mon Jun 24 21:59:42 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Mon, 24 Jun 2002 19:59:42 -0700 Subject: [pptp-server] PoPToP w/MPPE vs Macintosh OSX In-Reply-To: ; from rmarlow@library.uwa.edu.au on Tue, Jun 25, 2002 at 09:52:05AM +0800 References: Message-ID: <20020624195942.H23163@google.com> On Tue, Jun 25, 2002 at 09:52:05AM +0800, Rob Marlow wrote: > That may or may not be helpful (I imagine it's probably not that > helpful). If you do need more information I'll see what I can do about > borrowing that macintosh again and getting the log verbosity increased. Yeah, not that useful. My mac is dead :-( but I will hopefully have another in maybe a month at which time I'd be happy to look at it (in fact I would need to get this working myself). If you are able to logs sooner and will have the Mac and a pptp server at your disposal to tweak for the back and forth of email debugging, then please do borrow the Mac. I am surprised that no one else has chimed in, I would have thought there were more Mac users. /fc From rmarlow at library.uwa.edu.au Mon Jun 24 22:09:20 2002 From: rmarlow at library.uwa.edu.au (Rob Marlow) Date: Tue, 25 Jun 2002 11:09:20 +0800 Subject: [pptp-server] PoPToP w/MPPE vs Macintosh OSX Message-ID: > -----Original Message----- > From: Frank Cusack [mailto:fcusack at fcusack.com] > Sent: Tuesday, 25 June 2002 11:00 AM > To: Rob Marlow > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] PoPToP w/MPPE vs Macintosh OSX > > Yeah, not that useful. My mac is dead :-( but I will > hopefully have another in maybe a month at which time I'd be > happy to look at it (in fact I would need to get this working > myself). If you are able to logs sooner and will have the > Mac and a pptp server at your disposal to tweak for the back > and forth of email debugging, then please do borrow the Mac. I got tired of all the walls I'm hitting so I've convinced my supervisor to let me have an older machine to put a PPTP server on so I have full access to playing around with it without having to worry about disrupting current services. If all goes well I'll then go borrow that Mac and see if I can get some useful logging happening. > I am surprised that no one else has chimed in, I would have > thought there were more Mac users. Yeah, there appears to be some digitunnel developers/users on this list. I'd assumed they would have already brought this up and I could just carry on where they left off. Ah well. Thanks, Frank. I'll be back when I have more to report. From fcusack at fcusack.com Tue Jun 25 23:03:23 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Tue, 25 Jun 2002 21:03:23 -0700 Subject: [pptp-server] cvs ppp users Message-ID: <20020625210323.F26891@google.com> If you're using the cvs ppp (not pptp) code, you should update. Various fixes have gone in over the last few weeks. What's in there now is release-ready. (But I have no control over and no idea when 2.4.2 might be released.) ftp://pserver.samba.org/pub/unpacked/ppp/ /fc From fcusack at fcusack.com Tue Jun 25 23:05:19 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Tue, 25 Jun 2002 21:05:19 -0700 Subject: [pptp-server] [some useful pptp-1.1.2 patches] Message-ID: <20020625210519.G26891@google.com> So now that poptop is being maintained (yay!) can these patches make it into cvs? /fc -------------- next part -------------- An embedded message was scrubbed... From: Frank Cusack Subject: [pptp-server] some useful pptp-1.1.2 patches Date: Mon, 25 Mar 2002 06:34:27 -0800 Size: 10652 URL: From barjunk at attglobal.net Wed Jun 26 13:27:45 2002 From: barjunk at attglobal.net (barjunk) Date: 26 Jun 2002 10:27:45 -0800 Subject: [pptp-server] routing and pptp Message-ID: <1025116066.1496.44.camel@pantherlx.aidea.org> I have setup pptp to work well on the same range as my internal network. Things are great there. When I change the network ranges in pptpd.conf to a different network it doesn't work any more. What things should I be checking for to find out why it doesn't work. My internal addreses are 192.168.2.0 - 255 The ones that i give to the client is 192.168.3.0 - 255 What other information do I need to provide? Mike From Steve at SteveCowles.com Wed Jun 26 15:02:15 2002 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 26 Jun 2002 15:02:15 -0500 Subject: [pptp-server] routing and pptp Message-ID: <90769AF04F76D41186C700A0C90AFC3EEB8D@defiant.infohiiway.com> > -----Original Message----- > From: barjunk [mailto:barjunk at attglobal.net] > Sent: Wednesday, June 26, 2002 1:28 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] routing and pptp > > > > > I have setup pptp to work well on the same range as my internal > network. Things are great there. > > When I change the network ranges in pptpd.conf to a different > network it doesn't work any more. Sounds about right! > > What things should I be checking for to find out why it doesn't work. Are you now getting a message logged stating "Cannot determine Ethernet address for proxy ARP" ? > > My internal addreses are 192.168.2.0 - 255 > > The ones that i give to the client is 192.168.3.0 - 255 > > What other information do I need to provide? None! I think you have described the problem pretty well. Now consider either reading about implementing ip aliasing or editing the ip-up script to manually add an ARP entry for each pptp client. Steve Cowles From barjunk at attglobal.net Wed Jun 26 15:43:24 2002 From: barjunk at attglobal.net (barjunk) Date: 26 Jun 2002 12:43:24 -0800 Subject: [pptp-server] routing problem solved Message-ID: <1025124204.1499.52.camel@pantherlx.aidea.org> I think I figured out what the problem was for my earlier question, however it generates a new one. The answer to my earlier question is that if you have: localip 192.168.3.60-70 remoteip 192.168.4.70-80 In order for the client to reach the 192.168.3.0 network, he has to have a route added to be able to go there. If I use the ip address that was given to the client (192.168.4.70) as the gateway address, I can add this by hand on a WIN2k client by issuing: route add 192.168.3.0 mask 255.255.255.0 192.168.4.70 Is there any way to have this be done automatically on the Win2k client? Mike From r.devroede at linvision.com Thu Jun 27 08:16:09 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 27 Jun 2002 15:16:09 +0200 Subject: [pptp-server] routing problem solved In-Reply-To: <1025124204.1499.52.camel@pantherlx.aidea.org> References: <1025124204.1499.52.camel@pantherlx.aidea.org> Message-ID: <1025183771.1787.72.camel@richard> Mike, This question has been posted a couple of times and I haven't heard a decent solution. You could distribute a batchfile with the route add to your users and let them place it in startup or execute it every time they connect. Regards, Richard > If I use the ip address that was given to the client (192.168.4.70) as > the gateway address, I can add this by hand on a WIN2k client by > issuing: > > route add 192.168.3.0 mask 255.255.255.0 192.168.4.70 > > Is there any way to have this be done automatically on the Win2k client? > > Mike -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From fedelman at claxson.com Thu Jun 27 08:57:10 2002 From: fedelman at claxson.com (Federico Edelman) Date: Thu, 27 Jun 2002 10:57:10 -0300 Subject: [pptp-server] chap_auth_hook Message-ID: I trying to create a plugin for ppp to authenticate with a MySQL. I don't understand how can I get the password. Where can I find the password on the negotiation? Thanks =-=-= Federico Edelman Anaya Internet Systems Administrator Claxson - (+54-11) 4339-3848 -------------- next part -------------- An HTML attachment was scrubbed... URL: From barjunk at attglobal.net Thu Jun 27 11:16:33 2002 From: barjunk at attglobal.net (barjunk) Date: 27 Jun 2002 08:16:33 -0800 Subject: [pptp-server] routing problem solved In-Reply-To: <1025183771.1787.72.camel@richard> References: <1025124204.1499.52.camel@pantherlx.aidea.org> <1025183771.1787.72.camel@richard> Message-ID: <1025194594.1496.66.camel@pantherlx.aidea.org> Richard, That is exactly what I did. This may only work for Win2k and XP. Here is the batch file: --- cut here -- @echo off rem Change the quoted entry below to match your VPN connection name rem Change the * to an actual password to bypass prompt although rem this is not recommended rasdial "VPN" * erase route.txt > nul route print | find "" >> route.txt for /f "tokens=3" %%1 in ('type route.txt') do set GATEWAY=%%1 route add 192.168.1.0 mask 255.255.255.0 %GATEWAY% set GATEWAY= --- cut here --- A couple of notes: - the remote client net would be the network associated with the remoteip setting in the pptpd.conf file - in the case where the client has a natted connection behind, for example a linksys firewall, you may have to change the route command and add other route commands to the specific hosts the client needs to connect to. This is because the linksys (at least the one I was using) doesn't have the ability to change the internal private network. All you can change is the last numbers in the IP address. If anyone does come up with a good solution, please let us know! OTHER IDEAS: it is possible to set up static routing entries in the Registry, however I find this solution to be kludgy. Mike On Thu, 2002-06-27 at 05:16, R. de Vroede wrote: > Mike, > > This question has been posted a couple of times and I haven't heard > a decent solution. You could distribute a batchfile with the route add > to your users and let them place it in startup or execute it every time > they connect. > > Regards, > Richard > > > If I use the ip address that was given to the client (192.168.4.70) as > > the gateway address, I can add this by hand on a WIN2k client by > > issuing: > > > > route add 192.168.3.0 mask 255.255.255.0 192.168.4.70 > > > > Is there any way to have this be done automatically on the Win2k client? > > > > Mike > > > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ >