From poptop at ncfirewalls.net Fri Mar 1 12:01:28 2002 From: poptop at ncfirewalls.net (poptop) Date: Fri, 1 Mar 2002 13:01:28 -0500 (EST) Subject: [pptp-server] NAT'd Clients with PoPToP Message-ID: Greetings! We are using PoPToP 1.1.2 in daemon mode on a 2.0.39 Linux box to allow cablemodem-based Win32 clients to VPN into the private net that sits behind the Linux box. It works great. No problems. All of the cablemodem clients have unique live IP addresses. We are considering NATing the clients with Linksys routers. Will PoPToP support multiple NAT'd connections from the same IP address? And if so, can someone point me in the right direction, configuration-wise? Thanks in advance! Niles Mills poptop at ncfirewalls.net From david_luyer at pacific.net.au Fri Mar 1 18:51:38 2002 From: david_luyer at pacific.net.au (David Luyer) Date: Sat, 2 Mar 2002 11:51:38 +1100 Subject: [pptp-server] NAT'd Clients with PoPToP In-Reply-To: Message-ID: <00a901c1c184$698d8250$46943ecb@pacific.net.au> > Will PoPToP support multiple NAT'd connections from the > same IP address? Not at present. It requires the same work as is required to do the other side of the PPTP protocol (multi call per IP work) which nobody has done. David. From olivier.thomas at inexbee.com Fri Mar 1 19:07:30 2002 From: olivier.thomas at inexbee.com (Olivier Thomas) Date: Sat, 2 Mar 2002 02:07:30 +0100 Subject: [pptp-server] PPTP is so slow ! Message-ID: Hi, I am using a linux box as PPTP server to connect to my LAN from outside with W2K client. I want to access a W2K file server on the LAN and I connect with a regular 56K modem. I don't need to install Samba on the linux box because I access the server directly by entering it's IP. Doing ftp and telnet is OK but as soon as I want to browse the folders with windows explorer it becomes very very slow. It takes more than 25 seconds to make files appear in the right pane ! And when it's working, explorer is freezing of course. I tried different things to solve that : - First I upgraded to PoPTpop 1.1.2 but it didn't change. - I ping the linux box from W2K with -f and -l option and I detected that MTU more than 1370 didn't for fragmented packets/ So I added the two lines MTU 1370 and MTU 1370 to my pppd.conf file. I even tried with smaller MTUs. So I really don't know what the problem is or if it's a normal behaviour due to the poor nature of SMB protocol. My linux box is just a P100 with 48Mb RAM running RH6.2 and PoPToP 1.1.2 with MPPE CHAPMS-v2 (I applied the patch). Could some of you report me some success with the same configuration ? All advises are welcome. If I can not fix that I am thinking about 2 other alternatives: - mounting the W2K file server shares directly on PPTP server and installing samba. - using directly the PPTP server of W2K server (if there is one). Some firewall/NAT issues may however occured. Are they good ideas ? Thanks for your comments, O. From charlieb at e-smith.com Fri Mar 1 22:00:04 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 1 Mar 2002 23:00:04 -0500 (EST) Subject: [pptp-server] PPTP is so slow ! In-Reply-To: Message-ID: On Sat, 2 Mar 2002, Olivier Thomas wrote: > Doing ftp and telnet is OK but as soon as I want to browse the folders with > windows explorer it becomes very very slow. In that case, PPTP is not slow, but Windows file sharing (SMB or CIFS) is slow. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From beeby at transfar.com Sat Mar 2 01:16:07 2002 From: beeby at transfar.com (beeby) Date: Sat, 02 Mar 2002 15:16:07 +0800 Subject: [pptp-server] PPPD seems do nothing References: <002c01c1c034$71f81280$4f806dca@transfar.com> <002001c1c092$a90638c0$dd1c79c3@p266> <001101c1c0c1$204e7b80$4f806dca@lxy> <002301c1c16a$5ee14400$ce9479c3@p266> Message-ID: <002e01c1c1ba$2130ab00$4f806dca@transfar.com> Thanks for all, I had opened the protocol 47, & the server works well now. :"). ----- Original Message ----- From: Jurrie Overgoor To: Beeby Sent: Saturday, March 02, 2002 5:45 AM Subject: Re: [pptp-server] PPPD seems do nothing > Hello, > > You need to open protocol (not port - protocol) 47. This is (I presume) for > sending data... > I don't know if this causes your problems though... But I didn't update my > client at first, and I got exactly this error, so therefor I asked you if > you already updated. > > Did you read the poptop faq and other documents? > http://poptop.lineo.com/setup_pptp_server.html > http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt > > Greetz -- Jurrie > jurr at tref.nl > > ----- Oorspronkelijk bericht ----- > Van: Beeby > Aan: > Verzonden: vrijdag 1 maart 2002 2:33 > Onderwerp: Re: [pptp-server] PPPD seems do nothing > > > > Hi, Jurrie, > > I'm so glad to get your words. The DUN 1.4 had been installed for my > win98se, > > there are some ACLs exist in my router in front of my server. with the > ACLs, > > the client can access the port 1723 only, is it enough? > > Need I open more port for it? > > thanks for your kind. > > > > Beeby > > > > ----- Original Message ----- > > From: "Jurrie Overgoor" > > To: "beeby" > > Sent: Friday, March 01, 2002 4:01 AM > > Subject: Re: [pptp-server] PPPD seems do nothing > > > > > > > Did you update your Win98 client? > > > > > > Greetz -- Jurrie > > > jurr at tref.nl > > > ----- Oorspronkelijk bericht ----- > > > Van: beeby > > > Aan: > > > Verzonden: donderdag 28 februari 2002 9:46 > > > Onderwerp: [pptp-server] PPPD seems do nothing > > > > > > > > > > I have a RH 7.1 server, ppp 2.4.1+mppe patch, pptpd 1.1.2 > > > > When I connect it with a win98 client, then I got the follow > > > > Who can tell me how to resolve it? > > > > > > > > Feb 28 16:33:02 firewall pptpd[25253]: CTRL: Starting call (launching > > > pppd, opening GRE) > > > > Feb 28 16:33:02 firewall pppd[25254]: pppd 2.4.1 started by root, uid > 0 > > > > Feb 28 16:33:02 firewall pppd[25254]: Using interface ppp0 > > > > Feb 28 16:33:02 firewall pppd[25254]: Connect: ppp0 <--> /dev/pts/2 > > > > Feb 28 16:33:32 firewall pppd[25254]: Modem hangup > > > > Feb 28 16:33:32 firewall pppd[25254]: Connection terminated. > > > > Feb 28 16:33:32 firewall pppd[25254]: Exit. > > > > Feb 28 16:33:37 firewall pptpd[25253]: GRE: read error: Bad file > > > descriptor > > > > Feb 28 16:33:37 firewall pptpd[25253]: CTRL: PTY read or GRE write > failed > > > (pty,gre)=(-1,-1) > > > > Feb 28 16:33:37 firewall pptpd[25253]: CTRL: Client 202.109.128.79 > control > > > connection finished > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > From poptop at ncfirewalls.net Sat Mar 2 08:59:29 2002 From: poptop at ncfirewalls.net (poptop) Date: Sat, 2 Mar 2002 09:59:29 -0500 (EST) Subject: [pptp-server] NAT'd Clients with PoPToP In-Reply-To: <00a901c1c184$698d8250$46943ecb@pacific.net.au> Message-ID: > > Will PoPToP support multiple NAT'd connections from the > > same IP address? > > Not at present. It requires the same work as is required > to do the other side of the PPTP protocol (multi call > per IP work) which nobody has done. Thanks for the quick reply David. I think we'll solve the problem by adding external IP adddresses to the Linux server and running extra PopTop daemons against those addresses. It will require a little more management at the remote client side to ensure that each client behind the same NAT device uses a unique server IP address, but it should work out okay. Thanks again! Niles Mills poptop at ncfirewalls.net From gduodu at dot.state.tx.us Sat Mar 2 13:30:40 2002 From: gduodu at dot.state.tx.us (Godfried Duodu) Date: Sat, 02 Mar 2002 13:30:40 -0600 Subject: [pptp-server] PPTP error Message-ID: I have installed pptpd-1.0.1 and attempted a connection from a Win98 box but received a connection refused error message. The log mesage is shown below. Any help will be appreciated. Mar 2 13:18:57 ltspserver pptpd[1409]: CTRL: Client 192.168.0.136 control connection started Mar 2 13:18:57 ltspserver pptpd[1409]: CTRL: Starting call (launching pppd, opening GRE) Mar 2 13:18:57 ltspserver pptpd[1410]: CTRL (PPPD Launcher): Failed to launch PPP daemon. Mar 2 13:18:57 ltspserver pptpd[1410]: CTRL: PPPD launch failed! Mar 2 13:18:57 ltspserver pptpd[1409]: GRE: read(fd=5,buffer=804daa0,len=8196) from PTY failed: status = -1 error = Input/output error Mar 2 13:18:57 ltspserver pptpd[1409]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Mar 2 13:18:57 ltspserver pptpd[1409]: CTRL: Client 192.168.0.136 control connection finished Mar 2 13:21:44 ltspserver pptpd[1418]: MGR: Manager process started Mar 2 13:21:44 ltspserver pptpd[1418]: MGR: Couldn't create host socket Mar 2 13:22:05 ltspserver pptpd[1421]: MGR: Manager process started From lonnie at outstep.com Sat Mar 2 17:35:35 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sat, 2 Mar 2002 18:35:35 -0500 (EST) Subject: [pptp-server] missing modules? Message-ID: <4382.192.168.1.12.1015112135.squirrel@192.168.1.2> Hello All, I am using the redhat 7.2 linux but still cannot seem to get the PPTP to work. In looking at the error in /var/log/messages I can see that there seems to be some kind of module missing. -------------------------------------------------------------- Mar 2 13:41:41 tarus pptpd[29384]: CTRL: Client 192.168.1.12 control connection started Mar 2 13:41:41 tarus pptpd[29384]: CTRL: Starting call (launching pppd, opening GRE) Mar 2 13:41:41 tarus pppd[29385]: pppd 2.4.1 started by root, uid 0 Mar 2 13:41:41 tarus modprobe: modprobe: Can't locate module tty- ldisc-3 Mar 2 13:41:41 tarus pppd[29385]: Couldn't set tty to PPP discipline: Invalid argument Mar 2 13:41:41 tarus pppd[29385]: Exit. Mar 2 13:41:41 tarus pptpd[29384]: GRE: read (fd=4,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output error Mar 2 13:41:41 tarus pptpd[29384]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Mar 2 13:41:41 tarus pptpd[29384]: CTRL: Client 192.168.1.12 control connection finished --------------------------------------------------------------- does anyone have any ideas what this "tty-ldisc-2" module is and where it comes from? Cheers, Lonnie -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From Steve at SteveCowles.com Sat Mar 2 22:20:09 2002 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sat, 2 Mar 2002 22:20:09 -0600 Subject: [pptp-server] missing modules? Message-ID: <90769AF04F76D41186C700A0C90AFC3EEA67@defiant.infohiiway.com> > -----Original Message----- > From: Lonnie Cumberland [mailto:lonnie at outstep.com] > Sent: Saturday, March 02, 2002 5:36 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] missing modules? > > > Hello All, > > I am using the redhat 7.2 linux but still cannot seem to get the PPTP > to work. In looking at the error in /var/log/messages I can see that > there seems to be some kind of module missing. > > -------------------------------------------------------------- > Mar 2 13:41:41 tarus pptpd[29384]: CTRL: Client 192.168.1.12 control > connection started > Mar 2 13:41:41 tarus pptpd[29384]: CTRL: Starting call (launching > pppd, opening GRE) > Mar 2 13:41:41 tarus pppd[29385]: pppd 2.4.1 started by root, uid 0 > Mar 2 13:41:41 tarus modprobe: modprobe: Can't locate module tty- > ldisc-3 Did you add the following aliases to /etc/modules.conf ?? alias char-major-108 ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate Do the following modules exist ?? [root at firewall net]# pwd /lib/modules/2.4./kernel/drivers/net [root at firewall net]# ls pp* bs* bsd_comp.o ppp_deflate.o ppp_mppe.o pppox.o ppp_async.o ppp_generic.o pppoe.o ppp_synctty.o Steve Cowles From trygvel at hotmail.com Sun Mar 3 03:36:39 2002 From: trygvel at hotmail.com (Trygve Lorentzen) Date: Sun, 03 Mar 2002 10:36:39 +0100 Subject: [pptp-server] Cannot connect to pptpd server Message-ID: I get this error when I try to connect to my RedHat 7.2 (ClarkConnect distro) from a Win2000 box. I am 99% sure I have set up the windows client connection parameters correctly following the guide at http://poptop.lineo.com/help.html I also believe that things are setup correctly on the server and the firewall has been configured to allow pptpd port and protocol 47 Mar 3 09:43:02 clarkconnect pptpd[10208]: MGR: Launching /usr/sbin/pptpctrl to handle client Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: local address = 192.168.1.200 Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: remote address = 192.168.1.221 Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: pppd speed = 115200 Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: pppd options file = /etc/ppp/options.pptpd Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: Client 192.168.1.16 control connection started Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: Received PPTP Control Message (type: 1) Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: Made a START CTRL CONN RPLY packet Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: I wrote 156 bytes to the client. Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: Sent packet to client Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: Received PPTP Control Message (type: 7) Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: Set parameters to 1525 maxbps, 64 window size Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: Made a OUT CALL RPLY packet Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: Starting call (launching pppd, opening GRE) Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: pty_fd = 5 Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: tty_fd = 6 Mar 3 09:43:02 clarkconnect pptpd[10208]: CTRL: I wrote 32 bytes to the client. Mar 3 09:43:02 clarkconnect pptpd[10209]: CTRL (PPPD Launcher): Connection speed = 115200 Mar 3 09:43:03 clarkconnect pptpd[10208]: CTRL: Sent packet to client Mar 3 09:43:03 clarkconnect pptpd[10209]: CTRL (PPPD Launcher): local address = 192.168.1.200 Mar 3 09:43:03 clarkconnect pptpd[10208]: CTRL: Received PPTP Control Message (type: 15) Mar 3 09:43:03 clarkconnect pptpd[10209]: CTRL (PPPD Launcher): remote address = 192.168.1.221 Mar 3 09:43:03 clarkconnect pptpd[10208]: CTRL: Got a SET LINK INFO packet with standard ACCMs Mar 3 09:43:03 clarkconnect pptpd[10208]: GRE: read(fd=5,buffer=804daa0,len=8196) from PTY failed: status = -1 error = Input/output error Mar 3 09:43:03 clarkconnect pptpd[10208]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Mar 3 09:43:03 clarkconnect pptpd[10208]: CTRL: Client 192.168.1.16 control connection finished Mar 3 09:43:03 clarkconnect pptpd[10208]: CTRL: Exiting now Mar 3 09:43:03 clarkconnect pptpd[1017]: MGR: Reaped child 10208 --------------------------------------------------------------------------------------- Trygve Lorentzen Private mailing adress: Mob: +47 92 89 40 71 Margrethe Schweigaardsgate 3 1776 HALDEN N-NORWAY Company mailing adress: ?sveien 7 1778 HALDEN N-NORWAY _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. From timw at distinction.co.nz Sun Mar 3 03:41:00 2002 From: timw at distinction.co.nz (Timothy Wilkes) Date: Sun, 03 Mar 2002 22:41:00 +1300 Subject: [pptp-server] Connection Trouble - Burn XP!!!!! Message-ID: <3C81EFAC.3000804@distinction.co.nz> Hi, I've set up a pptp server on SuSE Linux, using their pre built packages with all the patches for mppe etc, saving me some time :) I can successfully connect a Windows 2000 Professional and even Linux client with the mppe-128 encryption and transfer data back and forth. But here comes problem... When I tried it with Micro$ofts Windows XP Professional it establishes the connection, it claims to use MPPE 128, My Network Neighborhood or My network places or whatever they call it somehow display a list of machines on the Domain but I can't connect to any shares, the log on the Linux Server came up with a error with the XP connection, I also get the same error for MPPE 48: "Not enough space to encrypt packet: 1404<1404+4!" To my limited knowledge I think this means that the 128 mppe patch isn't there, but when I try with Win2k or Linux I get the happy message "PPP MPPE compression module registered". Low and behold I then tried XP with the encryption disabled and shock! gasp! horror!!!!! it worked perfectly. Any ideas? Thanks Tim P.S Have Micro$oft just rewritten their MPPE protocol to piss us of, I say we go over and bash Bill good... I shouldn't be surprised I guess they do rewrite the protocols every service pack and new release of windows... From timw at paradise.net.nz Sun Mar 3 03:47:05 2002 From: timw at paradise.net.nz (Timothy Wilkes) Date: Sun, 03 Mar 2002 22:47:05 +1300 Subject: [pptp-server] Connection Trouble - Burn XP!!!!!!! Message-ID: <3C81F119.6060302@paradise.net.nz> Hi, I've set up a pptp server on SuSE Linux, using their pre built packages with all the patches for mppe etc, saving me some time :) I can successfully connect a Windows 2000 Professional and even Linux client with the mppe-128 encryption and transfer data back and forth. But here comes problem... When I tried it with Micro$ofts Windows XP Professional it establishes the connection, it claims to use MPPE 128, My Network Neighborhood or My network places or whatever they call it somehow display a list of machines on the Domain but I can't connect to any shares, the log on the Linux Server came up with a error with the XP connection, I also get the same error for MPPE 48: "Not enough space to encrypt packet: 1404<1404+4!" To my limited knowledge I think this means that the 128 mppe patch isn't there, but when I try with Win2k or Linux I get the happy message "PPP MPPE compression module registered". Low and behold I then tried XP with the encryption disabled and shock! gasp! horror!!!!! it worked perfectly. Any ideas? Thanks Tim P.S Have Micro$oft just rewritten their MPPE protocol to piss us of, I say we go over and bash Bill good... I shouldn't be surprised I guess they do rewrite the protocols every service pack and new release of windows... From jvonau at shaw.ca Sun Mar 3 08:12:20 2002 From: jvonau at shaw.ca (Jerry Vonau) Date: Sun, 03 Mar 2002 08:12:20 -0600 Subject: [pptp-server] Connection Trouble - Burn XP!!!!!!! References: <3C81F119.6060302@paradise.net.nz> Message-ID: <3C822F44.744A45F4@shaw.ca> Timothy: ------ I've set up a pptp server on SuSE Linux, using their pre built packages > with all the patches for mppe etc, saving me some time :) ------ Does this include a new kernel? Maybe your missing a one of the kernel upgrades that has the patch installed... Found this in my mail: -------quote---------- On Monday 07 January 2002 10:03 am, Gustav Jansen wrote: > Hi! > > I've been running pptpd for some time now, and I've suddenly started > experiencing some weird problems. I get the following message in my kernel > logs: > > Not enough space to encrypt packet: 1404<1404+4! > > I'm using PoPToP v1.1.2 and pppd version 2.4.1 on a Linux 2.4.9 box. I've > set up MPPE 128 and this has been working fine. But now, all of a sudden, > I can't connect to shares, or connect to the Internet through the > VPN-link, and these messages are popping up in my logs. Any ideas anyone? The howto lists this answer: 5.58 Q: I'm getting errors: "Not enough space to encrypt packet: [some number]<[somenumber]+4" A: You didn't apply the linux-2.4.4-openssl-0.9.6a-mppe.patch.gz patch. The problem is that ppp_generic.c assumes that no "compression" method will ever cause a frame to grow. However, MPPE causes every frame to grow by four bytes. This only generates the above error message when you are trying to send a frame that is within four bytes of the MTU. Reducing the MTU will not help because if you reduce the MTU, ppp_generic.c will just reduce the size of the buffer that it passes. Since it was working before, I'm guessing its one of two things: a problem with your kernel (did you switch to a new one, did a module get corrupted, etc) or you were never actually *USING* the encryption until now. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- -------end quote--------- Jerry Vonau ps This is why the search function is important at the archives.... From lonnie at outstep.com Sun Mar 3 08:41:25 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 09:41:25 -0500 (EST) Subject: [pptp-server] almost success, I think Message-ID: <4847.192.168.1.12.1015166485.squirrel@192.168.1.2> Hello All, I think think that I almost have my pptpd daemon working, but I am not sure. The error that I am getting on my Win2000 test machine is: "Verifying Username and Password" Error 741: The local computer does not support the required data encryption. I think that this must be a setting in the dialup VPN on my Win2000. does anyone have any ideas on what I need to do? Thanks for the help, Lonnie -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From lonnie at outstep.com Sun Mar 3 08:49:01 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 09:49:01 -0500 (EST) Subject: [pptp-server] missing modules? In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EEA67@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EEA67@defiant.infohiiway.com> Message-ID: <4849.192.168.1.12.1015166941.squirrel@192.168.1.2> Hello Steve, I just recompiled the kernel and found out that I did not have the ppp setting correct. I also added the stuff to the modules.conf and have found that the only file missing from the drivers/net is the ppp_mppe.o Do I need to do a re-compile again? Actuall, I am now just getting an error message 741 on my Win2000 that says that the local computer does not support the data encryption. I have just posted another message to the group regarding this. Cheers, Lonnie > > Did you add the following aliases to /etc/modules.conf ?? > > alias char-major-108 ppp_generic > alias tty-ldisc-3 ppp_async > alias tty-ldisc-14 ppp_synctty > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > > Do the following modules exist ?? > > [root at firewall net]# pwd > /lib/modules/2.4./kernel/drivers/net > [root at firewall net]# ls pp* bs* > bsd_comp.o ppp_deflate.o ppp_mppe.o pppox.o > ppp_async.o ppp_generic.o pppoe.o ppp_synctty.o > > Steve Cowles > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From Steve at SteveCowles.com Sun Mar 3 09:32:36 2002 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sun, 3 Mar 2002 09:32:36 -0600 Subject: [pptp-server] missing modules? Message-ID: <90769AF04F76D41186C700A0C90AFC3EEA68@defiant.infohiiway.com> > -----Original Message----- > From: Lonnie Cumberland [mailto:lonnie at outstep.com] > Sent: Sunday, March 03, 2002 8:49 AM > To: Cowles, Steve > Cc: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] missing modules? > > > Hello Steve, > > I just recompiled the kernel and found out that I did not have the > ppp setting correct. > > I also added the stuff to the modules.conf and have found that the > only file missing from the drivers/net is the ppp_mppe.o > > Do I need to do a re-compile again? > > Actuall, I am now just getting an error message 741 on my Win2000 > that says that the local computer does not support the data > encryption. > You can either turn off data encryption in your pptp profile (at your W2K box) -or- you will have to apply the mppe patches to ppp and your kernel to support data encryption. Checkout: http://www.infohiiway.com/download/pptp/2.4.x/patches for the required patches. Steve Cowles From lonnie at outstep.com Sun Mar 3 09:49:20 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 10:49:20 -0500 (EST) Subject: [pptp-server] missing modules? In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EEA68@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EEA68@defiant.infohiiway.com> Message-ID: <4864.192.168.1.12.1015170560.squirrel@192.168.1.2> Hi Steve, Thanks for the info and I have tried to go out to get the patch but the url does not seem to work. Are you sure that it is correct? Cheers, Lonnie >> -----Original Message----- >> From: Lonnie Cumberland [mailto:lonnie at outstep.com] >> Sent: Sunday, March 03, 2002 8:49 AM >> To: Cowles, Steve >> Cc: pptp-server at lists.schulte.org >> Subject: RE: [pptp-server] missing modules? >> >> >> Hello Steve, >> >> I just recompiled the kernel and found out that I did not have >> the ppp setting correct. >> >> I also added the stuff to the modules.conf and have found that >> the only file missing from the drivers/net is the ppp_mppe.o >> >> Do I need to do a re-compile again? >> >> Actuall, I am now just getting an error message 741 on my >> Win2000 that says that the local computer does not support the >> data >> encryption. >> > > You can either turn off data encryption in your pptp profile (at > your W2K box) -or- you will have to apply the mppe patches to ppp > and your kernel to support data encryption. Checkout: > http://www.infohiiway.com/download/pptp/2.4.x/patches for the > required patches. > > Steve Cowles > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From lonnie at outstep.com Sun Mar 3 09:50:27 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 10:50:27 -0500 (EST) Subject: [pptp-server] missing modules? In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EEA68@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EEA68@defiant.infohiiway.com> Message-ID: <4871.192.168.1.12.1015170627.squirrel@192.168.1.2> My mistake!!! the URL seems to be connecting now. Thanks, Lonnie >> -----Original Message----- >> From: Lonnie Cumberland [mailto:lonnie at outstep.com] >> Sent: Sunday, March 03, 2002 8:49 AM >> To: Cowles, Steve >> Cc: pptp-server at lists.schulte.org >> Subject: RE: [pptp-server] missing modules? >> >> >> Hello Steve, >> >> I just recompiled the kernel and found out that I did not have >> the ppp setting correct. >> >> I also added the stuff to the modules.conf and have found that >> the only file missing from the drivers/net is the ppp_mppe.o >> >> Do I need to do a re-compile again? >> >> Actuall, I am now just getting an error message 741 on my >> Win2000 that says that the local computer does not support the >> data >> encryption. >> > > You can either turn off data encryption in your pptp profile (at > your W2K box) -or- you will have to apply the mppe patches to ppp > and your kernel to support data encryption. Checkout: > http://www.infohiiway.com/download/pptp/2.4.x/patches for the > required patches. > > Steve Cowles -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From georgec at dyb.com Sun Mar 3 09:37:50 2002 From: georgec at dyb.com (George Csahanin) Date: Sun, 03 Mar 2002 09:37:50 -0600 Subject: [pptp-server] almost success, I think References: <4847.192.168.1.12.1015166485.squirrel@192.168.1.2> Message-ID: <079701c1c2c9$609b4c90$0501a8c0@goofy933> I get the exact same thing on Win2000 to any VPN requiring encryption. Did service packs, encryption upgrades...still no good. I gave up. Microsoft problem, I suspect...or is it a "feature". -GC ----- Original Message ----- From: "Lonnie Cumberland" To: Sent: Sunday, March 03, 2002 08:41 Subject: [pptp-server] almost success, I think > Hello All, > > I think think that I almost have my pptpd daemon working, but I am > not sure. > > The error that I am getting on my Win2000 test machine is: > > "Verifying Username and Password" > Error 741: The local computer does not support the required data > encryption. > > I think that this must be a setting in the dialup VPN on my Win2000. > > does anyone have any ideas on what I need to do? > > Thanks for the help, > Lonnie > > -- > Lonnie Cumberland > OutStep Technologies Incorporated > EMAIL: Lonnie at OutStep.com > : Lonnie_Cumberland at yahoo.com > > The Basis Express Virtual Office > & > Data Backup and Recovery Services > > URL: http://www.basis-express.com > > "The Virtual Office without boundries!!!" > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From lonnie at outstep.com Sun Mar 3 10:37:55 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 11:37:55 -0500 (EST) Subject: [pptp-server] module present now, but same results on win2000 In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EEA68@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EEA68@defiant.infohiiway.com> Message-ID: <4936.192.168.1.12.1015173475.squirrel@192.168.1.2> Hi Steve, I appreciate you telling me about the patches and I was able to compile them in an get the ppp_mppe.o in my drivers/net directory. After rebooting and then trying to connect with my Win2000 machine again, I am still getting the same message. did I miss a step? cheers, Lonnie >> >> Do I need to do a re-compile again? >> >> Actuall, I am now just getting an error message 741 on my >> Win2000 that says that the local computer does not support the >> data >> encryption. >> > > You can either turn off data encryption in your pptp profile (at > your W2K box) -or- you will have to apply the mppe patches to ppp > and your kernel to support data encryption. Checkout: > http://www.infohiiway.com/download/pptp/2.4.x/patches for the > required patches. > > Steve Cowles -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From Steve at SteveCowles.com Sun Mar 3 10:53:36 2002 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sun, 3 Mar 2002 10:53:36 -0600 Subject: [pptp-server] almost success, I think Message-ID: <90769AF04F76D41186C700A0C90AFC3EEA69@defiant.infohiiway.com> > -----Original Message----- > From: George Csahanin [mailto:georgec at dyb.com] > Sent: Sunday, March 03, 2002 9:38 AM > To: Lonnie Cumberland; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] almost success, I think > > > I get the exact same thing on Win2000 to any VPN requiring > encryption. Did service packs, encryption upgrades...still > no good. I gave up. Microsoft problem, I suspect...or is it > a "feature". There are two steps: 1) apply kernel patches, then recompile/install kernel. 2) apply mppe/mschap ppp patches to ppp-2.4.1 source, then recompile ppp/install. I have ppp-2.4.1 source (with patches already applied) at: http://www.infohiiway.com/download/pptp/2.4.x/ppp Steve Cowles From lonnie at outstep.com Sun Mar 3 10:51:34 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 11:51:34 -0500 (EST) Subject: [pptp-server] pptp on MAC? In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EEA68@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EEA68@defiant.infohiiway.com> Message-ID: <4960.192.168.1.12.1015174294.squirrel@192.168.1.2> Hello All, Could someone please tell me if it is possible to set up a VPN to my Linux Server running AppleTalk and Netatalk to a MAC using pptp? Cheers, Lonnie -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From lonnie at outstep.com Sun Mar 3 11:08:06 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 12:08:06 -0500 (EST) Subject: [pptp-server] almost success, I think In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EEA69@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EEA69@defiant.infohiiway.com> Message-ID: <4980.192.168.1.12.1015175286.squirrel@192.168.1.2> Hello Steve, I compiled the ppp sources and installed them from the link that you just gave me, but now I am getting a "No answer" message from my Win2000 client? Cheers, Lonnie >> -----Original Message----- >> From: George Csahanin [mailto:georgec at dyb.com] >> Sent: Sunday, March 03, 2002 9:38 AM >> To: Lonnie Cumberland; pptp-server at lists.schulte.org >> Subject: Re: [pptp-server] almost success, I think >> >> >> I get the exact same thing on Win2000 to any VPN requiring >> encryption. Did service packs, encryption upgrades...still >> no good. I gave up. Microsoft problem, I suspect...or is it >> a "feature". > > There are two steps: > 1) apply kernel patches, then recompile/install kernel. > > 2) apply mppe/mschap ppp patches to ppp-2.4.1 source, then > recompile ppp/install. > > I have ppp-2.4.1 source (with patches already applied) at: > http://www.infohiiway.com/download/pptp/2.4.x/ppp > > Steve Cowles > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From berzerke at swbell.net Sun Mar 3 11:20:21 2002 From: berzerke at swbell.net (robert) Date: Sun, 03 Mar 2002 11:20:21 -0600 Subject: [pptp-server] module present now, but same results on win2000 In-Reply-To: <4936.192.168.1.12.1015173475.squirrel@192.168.1.2> References: <90769AF04F76D41186C700A0C90AFC3EEA68@defiant.infohiiway.com> <4936.192.168.1.12.1015173475.squirrel@192.168.1.2> Message-ID: <0GSE00DCHQTXGE@mta4.rcsntx.swbell.net> The config files for 2000 are tricky. From the howto: 5.23 Q: I'm having problems with Windows 98SE/ME or Windows 2K running at the proper encryption level. What's going on? A: For Windows 2K, problems have been reported if you have the line [mppe-40] in the options file. Commenting it out seems to fix the problem. You can also try the alterative options file listed above. On Sunday 03 March 2002 10:37 am, Lonnie Cumberland wrote: > Hi Steve, > > I appreciate you telling me about the patches and I was able to > compile them in an get the ppp_mppe.o in my drivers/net directory. > > After rebooting and then trying to connect with my Win2000 machine > again, I am still getting the same message. > > did I miss a step? > > cheers, > Lonnie > > >> Do I need to do a re-compile again? > >> > >> Actuall, I am now just getting an error message 741 on my > >> Win2000 that says that the local computer does not support the > >> data > >> encryption. > > > > You can either turn off data encryption in your pptp profile (at > > your W2K box) -or- you will have to apply the mppe patches to ppp > > and your kernel to support data encryption. Checkout: > > http://www.infohiiway.com/download/pptp/2.4.x/patches for the > > required patches. > > > > Steve Cowles From lists at earthling.2y.net Sun Mar 3 11:25:47 2002 From: lists at earthling.2y.net (lists at earthling.2y.net) Date: Sun, 3 Mar 2002 12:25:47 -0500 (EST) Subject: [pptp-server] pptp on MAC? In-Reply-To: <4960.192.168.1.12.1015174294.squirrel@192.168.1.2> Message-ID: Nope. pppd will only support tcp/ip and ipx. Appletalk will not work, thus netatalk will not work. Now, if somebody has a pppd patch to allow it, then maybe. On Sun, 3 Mar 2002, Lonnie Cumberland wrote: > Hello All, > > Could someone please tell me if it is possible to set up a VPN to my > Linux Server running AppleTalk and Netatalk to a MAC using pptp? > > Cheers, > Lonnie > > -- Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net From lonnie at outstep.com Sun Mar 3 11:17:03 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 12:17:03 -0500 (EST) Subject: [pptp-server] pptp on MAC? In-Reply-To: References: Message-ID: <1037.192.168.1.12.1015175823.squirrel@192.168.1.2> Thanks for this info. That solves one issue for me regarding the MACs. Cheers, Lonnie > Nope. pppd will only support tcp/ip and ipx. Appletalk will not > work, thus netatalk will not work. Now, if somebody has a pppd > patch to allow it, then maybe. > > > On Sun, 3 Mar 2002, Lonnie Cumberland wrote: > >> Hello All, >> >> Could someone please tell me if it is possible to set up a VPN >> to my Linux Server running AppleTalk and Netatalk to a MAC using >> pptp? >> >> Cheers, >> Lonnie >> >> > > -- > Justin Kreger, MCP MCSE CCNA > jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From lonnie at outstep.com Sun Mar 3 11:20:19 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 12:20:19 -0500 (EST) Subject: [pptp-server] module present now, but same results on win2000 In-Reply-To: <0GSE00DCHQTXGE@mta4.rcsntx.swbell.net> References: <0GSE00DCHQTXGE@mta4.rcsntx.swbell.net> Message-ID: <1041.192.168.1.12.1015176019.squirrel@192.168.1.2> But isn't the point that we want the mppe encryption? Or, is it really not needed? Cheers, Lonnie > The config files for 2000 are tricky. From the howto: > > 5.23 Q: I'm having problems with Windows 98SE/ME or Windows 2K > running at the proper encryption level. What's going on? > > A: For Windows 2K, problems have been reported if you have > the > line [mppe-40] in the options file. Commenting it out seems to > fix the problem. You can also try the alterative options file > listed above. > > On Sunday 03 March 2002 10:37 am, Lonnie Cumberland wrote: >> Hi Steve, >> >> I appreciate you telling me about the patches and I was able to >> compile them in an get the ppp_mppe.o in my drivers/net >> directory. >> >> After rebooting and then trying to connect with my Win2000 >> machine again, I am still getting the same message. >> >> did I miss a step? >> >> cheers, >> Lonnie >> >> >> Do I need to do a re-compile again? >> >> >> >> Actuall, I am now just getting an error message 741 on my >> >> Win2000 that says that the local computer does not support >> >> the data >> >> encryption. >> > >> > You can either turn off data encryption in your pptp profile >> > (at your W2K box) -or- you will have to apply the mppe patches >> > to ppp and your kernel to support data encryption. Checkout: >> > http://www.infohiiway.com/download/pptp/2.4.x/patches for the >> > required patches. >> > >> > Steve Cowles > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From charlieb at e-smith.com Sun Mar 3 11:30:50 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Sun, 3 Mar 2002 12:30:50 -0500 (EST) Subject: [pptp-server] pptp on MAC? In-Reply-To: Message-ID: On Sun, 3 Mar 2002 lists at earthling.2y.net wrote: > Nope. pppd will only support tcp/ip and ipx. Appletalk will not work, > thus netatalk will not work. Now, if somebody has a pppd patch to allow > it, then maybe. Netatalk is appletalk over IP, is it not? -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From lists at earthling.2y.net Sun Mar 3 11:38:26 2002 From: lists at earthling.2y.net (lists at earthling.2y.net) Date: Sun, 3 Mar 2002 12:38:26 -0500 (EST) Subject: [pptp-server] pptp on MAC? In-Reply-To: Message-ID: According to what I read... its an application protocol that is in the user space, and plugs directly into the kernel appletalk stack. On Sun, 3 Mar 2002, Charlie Brady wrote: > > On Sun, 3 Mar 2002 lists at earthling.2y.net wrote: > > > Nope. pppd will only support tcp/ip and ipx. Appletalk will not work, > > thus netatalk will not work. Now, if somebody has a pppd patch to allow > > it, then maybe. > > Netatalk is appletalk over IP, is it not? > > -- > Charlie Brady charlieb at e-smith.com > Lead Product Developer > Network Server Solutions Group http://www.e-smith.com/ > Mitel Networks Corporation http://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > > -- Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net From lonnie at outstep.com Sun Mar 3 11:38:32 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 12:38:32 -0500 (EST) Subject: [pptp-server] almost success, I think In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EEA69@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EEA69@defiant.infohiiway.com> Message-ID: <1060.192.168.1.12.1015177112.squirrel@192.168.1.2> Hi Steve, If I turn off the "Require Data Encryption" in the security option on my win2000 then I can make athe connection, but does this mean that the VPN is not secure? Cheers, Lonnie >> -----Original Message----- >> From: George Csahanin [mailto:georgec at dyb.com] >> Sent: Sunday, March 03, 2002 9:38 AM >> To: Lonnie Cumberland; pptp-server at lists.schulte.org >> Subject: Re: [pptp-server] almost success, I think >> >> >> I get the exact same thing on Win2000 to any VPN requiring >> encryption. Did service packs, encryption upgrades...still >> no good. I gave up. Microsoft problem, I suspect...or is it >> a "feature". > > There are two steps: > 1) apply kernel patches, then recompile/install kernel. > > 2) apply mppe/mschap ppp patches to ppp-2.4.1 source, then > recompile ppp/install. > > I have ppp-2.4.1 source (with patches already applied) at: > http://www.infohiiway.com/download/pptp/2.4.x/ppp > > Steve Cowles > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From lonnie at outstep.com Sun Mar 3 11:51:43 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 12:51:43 -0500 (EST) Subject: [pptp-server] connection mostly Message-ID: <1071.192.168.1.12.1015177903.squirrel@192.168.1.2> Hello All, I have found out that if I turn of the "Require Data Encryption" on my Win2000 VPN settings in "Security" then I can connect, but I am still wondering if the VPN is secure? I also get a message from Windows that: 1. TCP/IP CP connected ok 2. IPX/SPX CP -- Error 773 ....the computers could not agree on a PPP control 3. NetBEUI CP -- Error 773 ....the computers could not agree on a PPP control I am wanting to to "map network drive" from my Samba server running on my Linux server to the Win2000 client and am not clear if I am able to do it from these settings. The reason that I am asking is that my Linux server is behind a firewall along with this test machine behind the firewall as well and I can already make a Samba connection from the Win2000 client so it is a little hard to test. I will need to figure out which port to forward through my firewall as well. Cheers and thanks for all of the help everyone. Lonnie -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From lonnie at outstep.com Sun Mar 3 12:49:36 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 13:49:36 -0500 (EST) Subject: [pptp-server] pptp port? Message-ID: <1261.192.168.1.12.1015181376.squirrel@192.168.1.2> Hello All, Does someone know the port(s) that pptp runs on so that I can forward them through my firewall? cheers, Lonnie -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From charlieb at e-smith.com Sun Mar 3 13:07:00 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Sun, 3 Mar 2002 14:07:00 -0500 (EST) Subject: [pptp-server] pptp port? In-Reply-To: <1261.192.168.1.12.1015181376.squirrel@192.168.1.2> Message-ID: On Sun, 3 Mar 2002, Lonnie Cumberland wrote: > Does someone know the port(s) that pptp runs on so that I can forward > them through my firewall? Google is your friend: http://www.google.ca/search?q=port+pptp&hl=en&meta= -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From berzerke at swbell.net Sun Mar 3 13:50:54 2002 From: berzerke at swbell.net (robert) Date: Sun, 03 Mar 2002 13:50:54 -0600 Subject: [pptp-server] module present now, but same results on win2000 In-Reply-To: <1041.192.168.1.12.1015176019.squirrel@192.168.1.2> References: <0GSE00DCHQTXGE@mta4.rcsntx.swbell.net> <1041.192.168.1.12.1015176019.squirrel@192.168.1.2> Message-ID: <0GSE00D0MXSXKG@mta5.rcsntx.swbell.net> You misunderstand. Dropping 40 bit, but keeping 128 bit encryption, is one fix for W2K. Of course, if you do that, you will have trouble with Win98 clients, unless you use the config from the howto. On Sunday 03 March 2002 11:20 am, Lonnie Cumberland wrote: > But isn't the point that we want the mppe encryption? > > Or, is it really not needed? > > Cheers, > Lonnie > > > The config files for 2000 are tricky. From the howto: > > > > 5.23 Q: I'm having problems with Windows 98SE/ME or Windows 2K > > running at the proper encryption level. What's going on? > > > > A: For Windows 2K, problems have been reported if you have > > the > > line [mppe-40] in the options file. Commenting it out seems to > > fix the problem. You can also try the alterative options file > > listed above. > > > > On Sunday 03 March 2002 10:37 am, Lonnie Cumberland wrote: > >> Hi Steve, > >> > >> I appreciate you telling me about the patches and I was able to > >> compile them in an get the ppp_mppe.o in my drivers/net > >> directory. > >> > >> After rebooting and then trying to connect with my Win2000 > >> machine again, I am still getting the same message. > >> > >> did I miss a step? > >> > >> cheers, > >> Lonnie > >> > >> >> Do I need to do a re-compile again? > >> >> > >> >> Actuall, I am now just getting an error message 741 on my > >> >> Win2000 that says that the local computer does not support > >> >> the data > >> >> encryption. From lonnie at outstep.com Sun Mar 3 14:20:36 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 15:20:36 -0500 (EST) Subject: [pptp-server] only port 1723/tcp needed Message-ID: <1328.192.168.1.12.1015186836.squirrel@192.168.1.2> Hello All, I came across this document on the needed port for pptp that some of you might be interested in. It says that you do not need 47 gre. http://www.adamswann.com/library/2001/netgearvpn.html Thanks for all of the help everyone. Lonnie -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From lists at earthling.2y.net Sun Mar 3 14:43:18 2002 From: lists at earthling.2y.net (lists at earthling.2y.net) Date: Sun, 3 Mar 2002 15:43:18 -0500 (EST) Subject: [pptp-server] only port 1723/tcp needed In-Reply-To: <1328.192.168.1.12.1015186836.squirrel@192.168.1.2> Message-ID: You need gre. On Sun, 3 Mar 2002, Lonnie Cumberland wrote: > Hello All, > > I came across this document on the needed port for pptp that some of > you might be interested in. It says that you do not need 47 gre. > > http://www.adamswann.com/library/2001/netgearvpn.html > > Thanks for all of the help everyone. > Lonnie > -- Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net From georgec at dyb.com Sun Mar 3 14:16:53 2002 From: georgec at dyb.com (George Csahanin) Date: Sun, 03 Mar 2002 14:16:53 -0600 Subject: [pptp-server] almost success, I think References: <90769AF04F76D41186C700A0C90AFC3EEA69@defiant.infohiiway.com> <1060.192.168.1.12.1015177112.squirrel@192.168.1.2> Message-ID: <07f401c1c2f0$5c8fc4b0$0501a8c0@goofy933> Lonnie- Same here on all. It really looks like a Win2000 problem to me, which is why I gave up. I have Win98 and WinNT4.0 clients that can access with encryption just fine, but trying the Win2000 box, no can do. I wish I had words of wisdom, but maybe there is comfort in just knowing it isn't you. -GC ----- Original Message ----- From: "Lonnie Cumberland" To: Cc: Sent: Sunday, March 03, 2002 11:38 Subject: RE: [pptp-server] almost success, I think > Hi Steve, > > If I turn off the "Require Data Encryption" in the security option on > my win2000 then I can make athe connection, but does this mean that > the VPN is not secure? > > Cheers, > Lonnie > > >> -----Original Message----- > >> From: George Csahanin [mailto:georgec at dyb.com] > >> Sent: Sunday, March 03, 2002 9:38 AM > >> To: Lonnie Cumberland; pptp-server at lists.schulte.org > >> Subject: Re: [pptp-server] almost success, I think > >> > >> > >> I get the exact same thing on Win2000 to any VPN requiring > >> encryption. Did service packs, encryption upgrades...still > >> no good. I gave up. Microsoft problem, I suspect...or is it > >> a "feature". > > > > There are two steps: > > 1) apply kernel patches, then recompile/install kernel. > > > > 2) apply mppe/mschap ppp patches to ppp-2.4.1 source, then > > recompile ppp/install. > > > > I have ppp-2.4.1 source (with patches already applied) at: > > http://www.infohiiway.com/download/pptp/2.4.x/ppp > > > > Steve Cowles > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > -- > Lonnie Cumberland > OutStep Technologies Incorporated > EMAIL: Lonnie at OutStep.com > : Lonnie_Cumberland at yahoo.com > > The Basis Express Virtual Office > & > Data Backup and Recovery Services > > URL: http://www.basis-express.com > > "The Virtual Office without boundries!!!" > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From Steve at SteveCowles.com Sun Mar 3 15:28:04 2002 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sun, 3 Mar 2002 15:28:04 -0600 Subject: [pptp-server] almost success, I think Message-ID: <90769AF04F76D41186C700A0C90AFC3EEA6A@defiant.infohiiway.com> > -----Original Message----- > From: George Csahanin [mailto:georgec at dyb.com] > Sent: Sunday, March 03, 2002 2:17 PM > To: Lonnie Cumberland; Cowles, Steve > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] almost success, I think > > > Lonnie- > > Same here on all. It really looks like a Win2000 problem to > me, which is why I gave up. I have Win98 and WinNT4.0 clients > that can access with encryption just fine, but trying the > Win2000 box, no can do. I wish I had words of wisdom, but > maybe there is comfort in just knowing it isn't you. Odd... The following logfile entries (see below) are from my W2K box connecting to my PoPToP server. I have tested both Win9x and W2K and have not had the problems you have described. I have not had a chance to try XP though. I am using kernel 2.4.17/iptables with the patches that I referenced earlier. i.e. My website. http://www.infohiiway.com/download/pptp BTW: PPTP connections use tcp port 1723 and protocol 47 (gre) Steve Cowles Mar 3 15:15:09 firewall kernel: PPP generic driver version 2.4.1 Mar 3 15:15:09 firewall pppd[8263]: pppd 2.4.1 started by scowles, uid 0 Mar 3 15:15:09 firewall pppd[8263]: Using interface ppp0 Mar 3 15:15:09 firewall pppd[8263]: Connect: ppp0 <--> /dev/pts/1 Mar 3 15:15:11 firewall pptpd[8262]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 3 15:15:11 firewall kernel: PPP BSD Compression module registered Mar 3 15:15:11 firewall kernel: PPP MPPE compression module registered Mar 3 15:15:11 firewall pppd[8263]: MSCHAP-v2 peer authentication succeeded for scowles Mar 3 15:15:11 firewall pppd[8263]: found interface eth2 for proxy arp Mar 3 15:15:11 firewall pppd[8263]: local IP address 192.168.8.1 Mar 3 15:15:11 firewall pppd[8263]: remote IP address 192.168.8.235 Mar 3 15:15:11 firewall pppd[8263]: MPPE 128 bit, stateless compression enabled The following is my ppp options file. name * lock mtu 1492 mru 1492 proxyarp auth +chap +chapms +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-40 mppe-stateless From mikael.lonnroth at advancevpn.com Sun Mar 3 15:32:34 2002 From: mikael.lonnroth at advancevpn.com (=?iso-8859-1?Q?Mikael_L=F6nnroth?=) Date: Sun, 3 Mar 2002 23:32:34 +0200 Subject: [pptp-server] almost success, I think References: <90769AF04F76D41186C700A0C90AFC3EEA69@defiant.infohiiway.com> <1060.192.168.1.12.1015177112.squirrel@192.168.1.2> <07f401c1c2f0$5c8fc4b0$0501a8c0@goofy933> Message-ID: <03e701c1c2fa$eed036c0$131b7d0a@advancehome> From: "George Csahanin" >Same here on all. It really looks like a Win2000 problem to me, which is why >I gave up. I have Win98 and WinNT4.0 clients that can access with encryption >just fine, but trying the Win2000 box, no can do. I wish I had words of >wisdom, but maybe there is comfort in just knowing it isn't you. Don't despair though :-) I have a VPN server that happily (?) accepts Windows 95, 98, NT 4.0, ME, XP, 2000 and Mac OS X -clients all at the same time (both 40 and 128 bit MPPE), so it is not impossible. Regards, Mikael L?nnroth From margol at beamartyr.net Sun Mar 3 15:45:43 2002 From: margol at beamartyr.net (Issac Goldstand) Date: Sun, 3 Mar 2002 23:45:43 +0200 Subject: [pptp-server] newbie question: pptp server chokes after authentication Message-ID: <003c01c1c2fd$b8f6eff0$020aa8c0@deepthought> Hi all, I've got my pptp server authenticating me using CHAP (I'm not using any encryption until I get it working without it). I'm not sure what it's supposed to be doing beyond that point... The lient end seems to hang on the authentication, and eventually gives me a "PPP control connection closed". The server logs, however, show that CHAP authentication succeeded, and they seem to claim that the CLIENT is what timed out! Help! Issac -------------- next part -------------- An HTML attachment was scrubbed... URL: From lonnie at outstep.com Sun Mar 3 16:56:04 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 17:56:04 -0500 (EST) Subject: [pptp-server] almost success, I think In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EEA6A@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EEA6A@defiant.infohiiway.com> Message-ID: <1382.192.168.1.12.1015196164.squirrel@192.168.1.2> Well that's interesting!!! Just for fun, I copied your options information into mine and turned back on the security option of the Win2000 and it worked!!! > > The following is my ppp options file. > > name * > lock > mtu 1492 > mru 1492 > proxyarp > auth > +chap > +chapms > +chapms-v2 > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > deflate 0 > mppe-128 > mppe-40 > mppe-stateless > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- the only problem that I am getting now is that I cannot seem to connect to the outside world after I have made the connection to the VPN adapter, but I also saw this when I had data encryption turned off. Not clear why that is happening. and the NetBEUI and IPX/SPX CP are not working, just TCP/IP CP which is ALL that I guess that I need, right? Cheers, Lonnie -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From Joe at Polcari.com Sun Mar 3 18:06:10 2002 From: Joe at Polcari.com (Joe Polcari) Date: Sun, 03 Mar 2002 19:06:10 -0500 Subject: [pptp-server] only port 1723/tcp needed References: <1328.192.168.1.12.1015186836.squirrel@192.168.1.2> Message-ID: <3C82BA72.8BEFEF5C@Polcari.com> Lonnie, The article is pointing out the fact that PROTOCOL 47 (GRE) and PORT 47 are 2 different things. You need to allow protocol 47, gre, to go through your firewall. Joe Lonnie Cumberland wrote: > Hello All, > > I came across this document on the needed port for pptp that some of > you might be interested in. It says that you do not need 47 gre. > > http://www.adamswann.com/library/2001/netgearvpn.html > > Thanks for all of the help everyone. > Lonnie > -- > Lonnie Cumberland > OutStep Technologies Incorporated > EMAIL: Lonnie at OutStep.com > : Lonnie_Cumberland at yahoo.com > > The Basis Express Virtual Office > & > Data Backup and Recovery Services > > URL: http://www.basis-express.com > > "The Virtual Office without boundries!!!" > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From truin at enterprise.truin.com Sun Mar 3 17:15:57 2002 From: truin at enterprise.truin.com (truin at enterprise.truin.com) Date: Sun, 3 Mar 2002 16:15:57 -0700 (MST) Subject: [pptp-server] almost success, I think In-Reply-To: <1382.192.168.1.12.1015196164.squirrel@192.168.1.2> Message-ID: turn off the "use default gateway on remote network" option in the TCP/IP stack, and then you should be able to access the outside world, and the VPN. If you don't turn off that option, your TCP/IP stack will try to use the VPN gateway as the default gateway for all traffic. -=truin=- aka Jason Johnson On Sun, 3 Mar 2002, Lonnie Cumberland wrote: > Well that's interesting!!! > > Just for fun, I copied your options information into mine and turned > back on the security option of the Win2000 and it worked!!! > > > > > The following is my ppp options file. > > > > name * > > lock > > mtu 1492 > > mru 1492 > > proxyarp > > auth > > +chap > > +chapms > > +chapms-v2 > > ipcp-accept-local > > ipcp-accept-remote > > lcp-echo-failure 3 > > lcp-echo-interval 5 > > deflate 0 > > mppe-128 > > mppe-40 > > mppe-stateless > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > the only problem that I am getting now is that I cannot seem to > connect to the outside world after I have made the connection to the > VPN adapter, but I also saw this when I had data encryption turned > off. > > Not clear why that is happening. > > and the NetBEUI and IPX/SPX CP are not working, just TCP/IP CP which > is ALL that I guess that I need, right? > > Cheers, > Lonnie > > From lonnie at outstep.com Sun Mar 3 17:23:54 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Sun, 3 Mar 2002 18:23:54 -0500 (EST) Subject: [pptp-server] almost success, I think In-Reply-To: References: Message-ID: <1486.192.168.1.12.1015197834.squirrel@192.168.1.2> That did the trick!!!! Thanks All for the amazing amount of help that you have all provided to me. It is REALLY appreciated!!!!! My last task for the immediate time being is to get my Eigerstein LRP firewall to forward this Protocal 47 GRE but I think that is a LRP mailing list issue. Thanks again and our users also thank you, Lonnie :) > turn off the "use default gateway on remote network" option in > the TCP/IP stack, and then you should be able to access the > outside world, and the VPN. If you don't turn off that option, > your TCP/IP stack will try to use the VPN gateway as the default > gateway for all traffic. > > -=truin=- > aka Jason Johnson > > On Sun, 3 Mar 2002, Lonnie Cumberland wrote: > >> Well that's interesting!!! >> >> Just for fun, I copied your options information into mine and >> turned back on the security option of the Win2000 and it >> worked!!! >> >> > >> > The following is my ppp options file. >> > >> > name * >> > lock >> > mtu 1492 >> > mru 1492 >> > proxyarp >> > auth >> > +chap >> > +chapms >> > +chapms-v2 >> > ipcp-accept-local >> > ipcp-accept-remote >> > lcp-echo-failure 3 >> > lcp-echo-interval 5 >> > deflate 0 >> > mppe-128 >> > mppe-40 >> > mppe-stateless >> > _______________________________________________ >> > pptp-server maillist - pptp-server at lists.schulte.org >> > http://lists.schulte.org/mailman/listinfo/pptp-server >> > --- To unsubscribe, go to the url just above this line. -- >> >> the only problem that I am getting now is that I cannot seem to >> connect to the outside world after I have made the connection to >> the VPN adapter, but I also saw this when I had data encryption >> turned off. >> >> Not clear why that is happening. >> >> and the NetBEUI and IPX/SPX CP are not working, just TCP/IP CP >> which is ALL that I guess that I need, right? >> >> Cheers, >> Lonnie >> >> > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From timw at distinction.co.nz Sun Mar 3 22:22:21 2002 From: timw at distinction.co.nz (Timothy Wilkes) Date: Mon, 04 Mar 2002 17:22:21 +1300 Subject: [pptp-server] Connection Trouble - Burn XP!!!!!!! References: <3C81F119.6060302@paradise.net.nz> <3C822F44.744A45F4@shaw.ca> Message-ID: <3C82F67D.7060401@distinction.co.nz> Thanks for the reply, The SuSE kernel is only 2.4.4, I'm sure I've read somewhere that they have applied the patches. But I will compile a knew kernel with the patches myself and see what happens. I did search but I was sure that the linux-2.4.4-openssl-0.9.6a-mppe.patch.gz was applied :):) Plus Win2K defiantly was using MPPE 128. Tim Jerry Vonau wrote: >Timothy: >------ >I've set up a pptp server on SuSE Linux, using their pre >built packages > >>with all the patches for mppe etc, saving me some time :) >> >------ > >Does this include a new kernel? > >Maybe your missing a one of the kernel upgrades that >has the patch installed... > >Found this in my mail: > >-------quote---------- > >On Monday 07 January 2002 10:03 am, Gustav Jansen wrote: > >>Hi! >> >>I've been running pptpd for some time now, and I've suddenly started >>experiencing some weird problems. I get the following message in my kernel >>logs: >> >>Not enough space to encrypt packet: 1404<1404+4! >> >>I'm using PoPToP v1.1.2 and pppd version 2.4.1 on a Linux 2.4.9 box. I've >>set up MPPE 128 and this has been working fine. But now, all of a sudden, >>I can't connect to shares, or connect to the Internet through the >>VPN-link, and these messages are popping up in my logs. Any ideas anyone? >> > >The howto lists this answer: > >5.58 Q: I'm getting errors: "Not enough space to encrypt >packet: [some >number]<[somenumber]+4" > A: You didn't apply the >linux-2.4.4-openssl-0.9.6a-mppe.patch.gz >patch. The problem is that ppp_generic.c assumes that no >"compression" method >will ever cause a frame to grow. However, MPPE causes every >frame to grow by >four bytes. This only generates the above error message >when you are trying >to send a frame that is within four bytes of the MTU. > >Reducing the MTU will not help because if you reduce the >MTU, ppp_generic.c >will just reduce the size of the buffer that it passes. > >Since it was working before, I'm guessing its one of two >things: a problem >with your kernel (did you switch to a new one, did a module >get corrupted, >etc) or you were never actually *USING* the encryption until >now. >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- > >-------end quote--------- > > >Jerry Vonau > >ps > >This is why the search function is important at the >archives.... > From muralivemuri at multitech.co.in Mon Mar 4 00:29:02 2002 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Mon, 04 Mar 2002 11:59:02 +0530 Subject: [pptp-server] problem in invoking the daemon Message-ID: <3C83142E.39381EB7@multitech.co.in> hi, i have a strange problem. i have web based UI for my VPN box and the pages are PHP. the PHP calls a perl script by name 'setpptp' and the perl script invokes the daemon. when i run the perl script from the shell, i can run the daemon and everything is fine. but, when i do the same from the PHP, the browser hangs. curiously, i checked the processes with 'ps -e | grep pptp' and to stunn me, pptp is invoked and there is another process 'setpptp ' so, checked the permissions, user name, group etc....etc....etc.... everything is fine then i went and wrote a shell script in place of a perl script. still the same thing ..... no progress and the browser still hangs. and to add, here also, if i try to kill 'setpptp' process, i cound never do it. and if i kill 'pptpd', setpptp also comes out. so, i tried to invoke the daemon as a background process with an '&' .... still .....nope! any ideas? -- regards & thanks for your time, Murali Krishna Vemuri --All blue, I write with a Blue Pencil on a Blue Sky. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bcearth at hanmail.net Mon Mar 4 02:12:22 2002 From: bcearth at hanmail.net (=?EUC-KR?B?teW3obDv?=) Date: Mon, 04 Mar 2002 17:12:22 +0900 (KST) Subject: [pptp-server] (no subject) Message-ID: <20020304171222.HM.H0000000003ztBn@www18.hanmail.net> An HTML attachment was scrubbed... URL: From lists at earthling.2y.net Mon Mar 4 05:56:13 2002 From: lists at earthling.2y.net (lists at earthling.2y.net) Date: Mon, 4 Mar 2002 06:56:13 -0500 (EST) Subject: [pptp-server] (no subject) In-Reply-To: <20020304171222.HM.H0000000003ztBn@www18.hanmail.net> Message-ID: read the bottom of the emails.... On Mon, 4 Mar 2002, [EUC-KR] ?????? wrote: > hi > > i do not want to receive e-mail. > please inform me how i can do it. > > bye > > > > [box1_c1.gif] [box1_upbg.gif] [box1_c2.gif] > [box1_c11.gif] ? ?????? ? [box1_rbg.gif] > [box1_c3.gif] [box1_dwbg.gif] [box1_c4.gif] ???[chkcmail?from=bcearth&rcpt=pptp%2Dserver%40lists%2Eschulte%2Eorg&msgid=20020304171222%2EHM%2EH0000000003ztBn%40www18%2Ehan > ail%2Enet] > ============================================================================= > "???? ??????, Daum" http://www.daum.net > [trans.gif] > - Daum?????? ???? ?????????? + ???? ???????? ?? ???? ???????? > - Daum?? ???????? 100% ???? ???? ?????? ?? ???? ???????? > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- > -- Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net From berzerke at swbell.net Mon Mar 4 08:36:35 2002 From: berzerke at swbell.net (robert) Date: Mon, 04 Mar 2002 08:36:35 -0600 Subject: [pptp-server] (no subject) In-Reply-To: <20020304171222.HM.H0000000003ztBn@www18.hanmail.net> References: <20020304171222.HM.H0000000003ztBn@www18.hanmail.net> Message-ID: <0GSG006GGDWZ3O@mta4.rcsntx.swbell.net> On Monday 04 March 2002 02:12 am, ??? wrote: > hi >
> >
> i do not want to receive e-mail. >
> please inform me how i can do it. >
> _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- Here's how to unsubscribe: First, ask your Internet Provider to mail you an Unsubscribing Kit. Then follow these directions. The kit will most likely be the standard no-fault type. Depending on requirements, System A and/or System B can be used. When operating System A, depress lever and a plastic dalkron unsubscriber will be dispensed through the slot immediately underneath. When you have fastened the adhesive lip, attach connection marked by the large "X" outlet hose. Twist the silver- coloured ring one inch below the connection point until you feel it lock. The kit is now ready for use. The Cin-Eliminator is activated by the small switch on the lip. When securing, twist the ring back to its initial condition, so that the two orange lines meet. Disconnect. Place the dalkron unsubscriber in the vacuum receptacle to the rear. Activate by pressing the blue button. The controls for System B are located on the opposite side. The red release switch places the Cin-Eliminator into position; it can be adjusted manually up or down by pressing the blue manual release button. The opening is self- adjusting. To secure after use, press the green button, which simultaneously activates the evaporator and returns the Cin-Eliminator to its storage position. You may log off if the green exit light is on over the evaporator. If the red light is illuminated, one of the Cin-Eliminator requirements has not been properly implemented. Press the "List Guy" call button on the right of the evaporator. He will secure all facilities from his control panel. To use the Auto-Unsub, first undress and place all your clothes in the clothes rack. Put on the velcro slippers located in the cabinet immediately below. Enter the shower, taking the entire kit with you. On the control panel to your upper right upon entering you will see a "Shower seal" button. Press to activate. A green light will then be illuminated immediately below. On the intensity knob, select the desired setting. Now depress the Auto-Unsub activation lever. Bathe normally. The Auto-Unsub will automatically go off after three minutes unless you activate the "Manual off" override switch by flipping it up. When you are ready to leave, press the blue "Shower seal" release button. The door will open and you may leave. Please remove the velcro slippers and place them in their container. If you prefer the ultrasonic log-off mode, press the indicated blue button. When the twin panels open, pull forward by rings A & B. The knob to the left, just below the blue light, has three settings, low, medium or high. For normal use, the medium setting is suggested. After these settings have been made, you can activate the device by switching to the "ON" position the clearly marked red switch. If during the unsubscribing operation you wish to change the settings, place the "manual off" override switch in the "OFF" position. You may now make the change and repeat the cycle. When the green exit light goes on, you may log off and have lunch. Please close the door behind you. From cameron at fax.sno.cpqcorp.net Mon Mar 4 15:37:46 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Tue, 05 Mar 2002 08:37:46 +1100 Subject: [pptp-server] problem in invoking the daemon References: <3C83142E.39381EB7@multitech.co.in> Message-ID: <3C83E92A.78A84F04@fax.sno.cpqcorp.net> PHP will wait until the subprocess has closed stdin, stdout and stderr. If you want the PHP process to continue, close those file descriptors in your perl or shell script that calls pptp. -- James Cameron From bill at limelightnetworks.COM Mon Mar 4 19:10:28 2002 From: bill at limelightnetworks.COM (Bill Petrisko) Date: Mon, 4 Mar 2002 18:10:28 -0700 Subject: [pptp-server] Win2k client route wrong- how to manually add client route? Message-ID: <002301c1c3e2$8a4bc050$6a8d30d0@phx.axient.com> Ok.. i've got two issues. The first is probably an unsolvable Win2k issue: Upon establishing a pptp connection, Win2k puts a route in the routing table that is the classful (/24 in this case) route for the network of the assigned IP address. Note that "use default gateway on remote server" is not checked in the Win2k vpn config. I only want to route the local company nets via the vpn tunnel. Example 1 (proxy arp, using local/remoteip on same network): PPTP server eth0 address 208.1.0.40/26 PPTP localip 208.1.0.40 PPTP remoteip 208.1.0.42-49 My pptp server assigns the user 208.1.0.43 Win2k puts a route in the routing table for 208.1.0.0/24 -> 208.1.0.43 This should be a /26 route! Network Destination Netmask Gateway Interface Metric 208.1.0.0 255.255.255.0 208.1.0.193 208.1.0.193 1 208.1.0.40 255.255.255.255 208.1.0.193 208.1.0.193 1 Example 2 (using routed network for ppp side): PPTP server eth0 address 208.1.0.40/26 PPTP localip 208.1.0.40 PPTP remoteip 208.1.1.193-254 My pptp server assigns the user 208.1.1.43 Win2k puts a route in the routing table for 208.1.1.0/24 -> 208.1.1.4 Again, this should be a /26 route! Network Destination Netmask Gateway Interface Metric 208.1.1.0 255.255.255.0 208.1.1.193 208.48.141.193 1 208.1.0.40 255.255.255.255 208.1.1.193 208.48.141.193 1 Does Win2k only do classful routing on automatically installed routes when a VPN connection comes up? Is there any way to change that behavior? Second issue: VPN CLIENT PPTP SERVER ROUTER 208.1.1.193---------208.1.0.40/26-------208.1.0.1/26 HOST 208.55.55.0/24----208.55.55.10 I only want to route to networks behind my firewall over the VPN tunnel. "Use default gateway on remote server" is not checked in the Win2k vpn config. Once the VPN tunnel comes up, the vpn client installs a route "208.1.1.0/24 -> 208.1.1.193"- so far, so good. Is there a way to "push" more routes to the VPN client (from the PPTP server) that will get installed when this connection comes up? I'd like to route 208.1.0.0/24 and 208.55.55.0/24 via the vpn/ppp connection as well, without having to install manual routes on the vpn client. This configuration is tested and working, but I have to do a: route add 208.1.0.0 mask 255.255.255.0 208.1.1.193 route add 208.55.55.0 mask 255.255.255.0 208.1.1.193 on the client side, every time the connection is established, in order for it to work. Does pptpd have a way to push more routes (or a script) to the Win2k client once the tunnel is established? Does MS have a way to run a script or add routes automatically once the tunnel is established? Any suggestions appreciated. thanks bill From lonnie at outstep.com Mon Mar 4 19:55:24 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Mon, 4 Mar 2002 20:55:24 -0500 (EST) Subject: [pptp-server] Win util or batch file Message-ID: <2713.192.168.1.12.1015293324.squirrel@192.168.1.2> Hello All, I hope that you are all doing well tonight. I was just wondering if someone had any information on where I might find a windows commandline application or possibly batch file that would set up the VPN parameters on a Windows client. I was hoping to automate the process for the users to as much degree as possible. Cheers, Lonnie -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From htdconsultingsvs at hotmail.com Mon Mar 4 21:10:30 2002 From: htdconsultingsvs at hotmail.com (Haruhiko Davis) Date: Mon, 04 Mar 2002 22:10:30 -0500 Subject: [pptp-server] Win util or batch file Message-ID: Have you tried using Connection Manager Administration Kit (CMAK)? >Hello All, > >I hope that you are all doing well tonight. > >I was just wondering if someone had any information on where I might >find a windows commandline application or possibly batch file that >would set up the VPN parameters on a Windows client. > >I was hoping to automate the process for the users to as much degree >as possible. > >Cheers, >Lonnie > >-- > Lonnie Cumberland > OutStep Technologies Incorporated > EMAIL: Lonnie at OutStep.com > : Lonnie_Cumberland at yahoo.com > > The Basis Express Virtual Office > & > Data Backup and Recovery Services > > URL: http://www.basis-express.com > >"The Virtual Office without boundries!!!" > > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com From fabio at ipway.com.br Mon Mar 4 21:17:01 2002 From: fabio at ipway.com.br (Fabio Oliveira) Date: Tue, 5 Mar 2002 00:17:01 -0300 Subject: [pptp-server] Authentication fails against password encrypted Message-ID: Hello all, I am using pptp w/ mppe and everything was running fine until I encrypt the password in the chap-secrets file via a cgi script, so now when I try connect I get the message user and/or password invalid in domain. Is there any issue to use encrypted password in the chap-secrets file? Anybody knows if it's possible or not.... Thanks in advance for any help. Fabio From muralivemuri at multitech.co.in Mon Mar 4 21:35:24 2002 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Tue, 05 Mar 2002 09:05:24 +0530 Subject: [pptp-server] Authentication fails against password encrypted References: Message-ID: <3C843CFB.BFDE2825@multitech.co.in> well... i have two quick check points here. 1.from the CHAP rfc (1994) , "chap needs that the password be in the plain text format." " one way encryption algorithms like md5 cannot be used with chap" 2. use the option "chapms-strip-domain" in your /etc/ppp/options file. cheers murali Fabio Oliveira wrote: > Hello all, > > I am using pptp w/ mppe and everything was running fine until I encrypt the > password in the chap-secrets file via a cgi script, so now when I try > connect I get the message user and/or password invalid in domain. > > Is there any issue to use encrypted password in the chap-secrets file? > Anybody knows if it's possible or not.... > > Thanks in advance for any help. > > Fabio > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- regards & thanks for your time, Murali Krishna Vemuri --All blue, I write with a Blue Pencil on a Blue Sky. -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlieb at e-smith.com Mon Mar 4 21:35:26 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 4 Mar 2002 22:35:26 -0500 (EST) Subject: [pptp-server] Authentication fails against password encrypted In-Reply-To: Message-ID: On Tue, 5 Mar 2002, Fabio Oliveira wrote: > Hello all, > > I am using pptp w/ mppe and everything was running fine until I encrypt the > password in the chap-secrets file via a cgi script, so now when I try > connect I get the message user and/or password invalid in domain. > > Is there any issue to use encrypted password in the chap-secrets file? Depends on how they are encrypted. As long as you use the NT password hash algorithm (as used, for example, by smbpasswd from the samba program) encrypted passwords should be OK. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From lonnie at outstep.com Mon Mar 4 21:41:58 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Mon, 4 Mar 2002 22:41:58 -0500 (EST) Subject: [pptp-server] Win util or batch file In-Reply-To: References: Message-ID: <2984.192.168.1.12.1015299718.squirrel@192.168.1.2> No, I have not heard of this. Where can i get more info and do they have some applications that might do the job? Thanks, Lonnie > Have you tried using Connection Manager Administration Kit > (CMAK)? > > >>Hello All, >> >>I hope that you are all doing well tonight. >> >>I was just wondering if someone had any information on where I >>might find a windows commandline application or possibly batch >>file that would set up the VPN parameters on a Windows client. >> >>I was hoping to automate the process for the users to as much >>degree as possible. >> >>Cheers, >>Lonnie >> >>-- >> Lonnie Cumberland >> OutStep Technologies Incorporated >> EMAIL: Lonnie at OutStep.com >> : Lonnie_Cumberland at yahoo.com >> >> The Basis Express Virtual Office >> & >> Data Backup and Recovery Services >> >> URL: http://www.basis-express.com >> >>"The Virtual Office without boundries!!!" >> >> >> >> >>_______________________________________________ >>pptp-server maillist - pptp-server at lists.schulte.org >>http://lists.schulte.org/mailman/listinfo/pptp-server >>--- To unsubscribe, go to the url just above this line. -- > > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: > http://mobile.msn.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From cameron at fax.sno.cpqcorp.net Mon Mar 4 21:54:03 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Tue, 05 Mar 2002 14:54:03 +1100 Subject: [pptp-server] Win util or batch file References: <2984.192.168.1.12.1015299718.squirrel@192.168.1.2> Message-ID: <3C84415B.8865268B@fax.sno.cpqcorp.net> Lonnie Cumberland wrote: > Where can i get more info and do they have some applications that > might do the job? Google gave me http://www.microsoft.com/windows2000/en/server/help/sag_cmaktopnode.htm (I must admit I'd never heard of it, but that's just because I've not been exposed to this sort of thing). -- James Cameron From htdconsultingsvs at hotmail.com Mon Mar 4 22:02:56 2002 From: htdconsultingsvs at hotmail.com (Haruhiko Davis) Date: Mon, 04 Mar 2002 23:02:56 -0500 Subject: [pptp-server] Win util or batch file Message-ID: Go to MS TechNet @ http://search.support.microsoft.com/kb/c.asp?FR=0&SD=TECH&LN=EN-US Do a search for these Q articles: Q271310 Q211327 Q265264 Q265264 Q259356 The first article tells you how to install CMAK. >Lonnie Cumberland wrote: > > Where can i get more info and do they have some applications that > > might do the job? > >Google gave me >http://www.microsoft.com/windows2000/en/server/help/sag_cmaktopnode.htm > >(I must admit I'd never heard of it, but that's just because I've not >been exposed to this sort of thing). > >-- >James Cameron >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. From michiel at mind.be Tue Mar 5 09:28:59 2002 From: michiel at mind.be (michiel at mind.be) Date: Tue, 5 Mar 2002 16:28:59 +0100 Subject: [pptp-server] GRE read or PTY write failed (gre,pty)=(5,4) Message-ID: <20020305162859.C20404@mind.be> Hi folks, im trying to setup the pptp server the error message i get (pptpd running in debugmode) is : Mar 5 16:13:17 thunderbird pptpd[11781]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4) i have the modules ppp_generic ip_gre loaded in my 2.4.17 kernel can someone help me on this tnx, -- Michiel Van Opstal ----------------------------------------------- Gnupg public key at http://thev0ke.be/public.gpg From zeus at smtp.titanvision.com Tue Mar 5 10:46:07 2002 From: zeus at smtp.titanvision.com (zeus) Date: Tue, 5 Mar 2002 19:46:07 +0300 Subject: [pptp-server] (no subject) Message-ID: <000e01c1c465$519959b0$cd01a8c0@ernestoc> Hello there Im trying to get pptpd running on freebsd Im having these lines on the log files [pptpd] CTRL: PTY read or GRE write failed (pty.gre)=(5,6) Any sugestions tia -------------- next part -------------- An HTML attachment was scrubbed... URL: From lonnie at outstep.com Tue Mar 5 15:05:30 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Tue, 5 Mar 2002 16:05:30 -0500 (EST) Subject: [pptp-server] setup documents Message-ID: <4335.192.168.1.12.1015362330.squirrel@192.168.1.2> Hello All, could someone please tell me who I would have to talk to in order to see about using the Windows VPN setup documents on our website so that the users can easily set up thier VPN to our server. Cheers, Lonnie -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From john at brewtown.net Tue Mar 5 15:40:10 2002 From: john at brewtown.net (John Stetter) Date: Tue, 5 Mar 2002 15:40:10 -0600 Subject: [pptp-server] setup documents Message-ID: <001e01c1c48e$535712a0$7301000a@bwmmortgage.com> Well, since http://poptop.lineo.com/help.html seems to have the documents that you want, and Mattthew Ramsay is listed as the contact, I'd try and contact him (matthewr at lineo.com). From mrg at sigpro.com Tue Mar 5 15:44:58 2002 From: mrg at sigpro.com (Matt Good) Date: Tue, 5 Mar 2002 13:44:58 -0800 Subject: [pptp-server] (no subject) pptpd on freebsd In-Reply-To: <000e01c1c465$519959b0$cd01a8c0@ernestoc> Message-ID: I followed these instructions on this page http://heyer.supranet.net/pptp/ after i was getting the same error messages. the only thing had to add was mppe to the ppp.conf file like below loop: set timeout 0 set log phase chat connect lcp ipcp command mppe -matt -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of zeus Sent: Tuesday, March 05, 2002 8:46 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] (no subject) Hello there Im trying to get pptpd running on freebsd Im having these lines on the log files [pptpd] CTRL: PTY read or GRE write failed (pty.gre)=(5,6) Any sugestions tia From lonnie at outstep.com Tue Mar 5 15:38:55 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Tue, 5 Mar 2002 16:38:55 -0500 (EST) Subject: [pptp-server] setup documents In-Reply-To: <001e01c1c48e$535712a0$7301000a@bwmmortgage.com> References: <001e01c1c48e$535712a0$7301000a@bwmmortgage.com> Message-ID: <4495.192.168.1.12.1015364335.squirrel@192.168.1.2> Yes, I tried to contact him as well, but the email address just seems to bounce when I try it. --Lonnie > Well, since http://poptop.lineo.com/help.html seems to have the > documents that you want, and Mattthew Ramsay is listed as the > contact, I'd try and contact him (matthewr at lineo.com). > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From cameron at fax.sno.cpqcorp.net Tue Mar 5 15:49:46 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Wed, 06 Mar 2002 08:49:46 +1100 Subject: [pptp-server] setup documents References: <4335.192.168.1.12.1015362330.squirrel@192.168.1.2> Message-ID: <3C853D7A.56E4C641@fax.sno.cpqcorp.net> Lonnie Cumberland wrote: > could someone please tell me who I would have to talk to in order to > see about using the Windows VPN setup documents on our website so > that the users can easily set up thier VPN to our server. The author and copyright owner of the documents. Check to see if they include a license or usage permissions. -- James Cameron From john at brewtown.net Tue Mar 5 15:55:01 2002 From: john at brewtown.net (John Stetter) Date: Tue, 5 Mar 2002 15:55:01 -0600 Subject: [pptp-server] setup documents References: <4335.192.168.1.12.1015362330.squirrel@192.168.1.2> <3C853D7A.56E4C641@fax.sno.cpqcorp.net> Message-ID: <005001c1c490$66912ed0$7301000a@bwmmortgage.com> There is no copyright information for these documents, it is impossible to contact the creators of the docs due to an invalid return mail address. It looks like these docs were compiled by Greg Luck, but there is no email for him to be found. I assume that these people, people like ourselves, created these documents to be useful to others, and if there were copyright issues, they would be listed somewhere on the pages. None to be found. John ----- Original Message ----- From: "James Cameron" To: "Lonnie Cumberland" Cc: Sent: Tuesday, March 05, 2002 3:49 PM Subject: Re: [pptp-server] setup documents > Lonnie Cumberland wrote: > > could someone please tell me who I would have to talk to in order to > > see about using the Windows VPN setup documents on our website so > > that the users can easily set up thier VPN to our server. > > The author and copyright owner of the documents. Check to see if they > include a license or usage permissions. > > -- > James Cameron > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From mattgav at tempo.com.au Tue Mar 5 16:02:17 2002 From: mattgav at tempo.com.au (Matt Gavin) Date: Wed, 6 Mar 2002 09:02:17 +1100 Subject: [pptp-server] setup documents In-Reply-To: <001e01c1c48e$535712a0$7301000a@bwmmortgage.com> Message-ID: One of my Helpdesk staff wrote these two documents almost two years ago now: http://poptop.lineo.com/releases/vpn98.doc.gz http://poptop.lineo.com/releases/vpnNT4.doc.gz It is scary how neglected http://poptop.lineo.com is! Matt. From lonnie at outstep.com Tue Mar 5 15:57:04 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Tue, 5 Mar 2002 16:57:04 -0500 (EST) Subject: [pptp-server] setup documents In-Reply-To: <005001c1c490$66912ed0$7301000a@bwmmortgage.com> References: <005001c1c490$66912ed0$7301000a@bwmmortgage.com> Message-ID: <4509.192.168.1.12.1015365424.squirrel@192.168.1.2> That's what I thought as well, but just wanted to check. Another issue solved!!!! Now I am going to try and figure out what will be needed to set up a vpn connection on MAC's so that they can talk through the pptp channel. Thanks All. ---Lonnie > There is no copyright information for these documents, it is > impossible to contact the creators of the docs due to an invalid > return mail address. It looks like these docs were compiled by > Greg Luck, but there is no email for him to be found. > > I assume that these people, people like ourselves, created these > documents to be useful to others, and if there were copyright > issues, they would be listed somewhere on the pages. None to be > found. > > John > > > ----- Original Message ----- > From: "James Cameron" > To: "Lonnie Cumberland" > Cc: > Sent: Tuesday, March 05, 2002 3:49 PM > Subject: Re: [pptp-server] setup documents > > >> Lonnie Cumberland wrote: >> > could someone please tell me who I would have to talk to in >> > order to see about using the Windows VPN setup documents on >> > our website so that the users can easily set up thier VPN to >> > our server. >> >> The author and copyright owner of the documents. Check to see >> if they include a license or usage permissions. >> >> -- >> James Cameron >> _______________________________________________ >> pptp-server maillist - pptp-server at lists.schulte.org >> http://lists.schulte.org/mailman/listinfo/pptp-server >> --- To unsubscribe, go to the url just above this line. -- >> > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From mattgav at tempo.com.au Tue Mar 5 16:07:09 2002 From: mattgav at tempo.com.au (Matt Gavin) Date: Wed, 6 Mar 2002 09:07:09 +1100 Subject: [pptp-server] setup documents In-Reply-To: <005001c1c490$66912ed0$7301000a@bwmmortgage.com> Message-ID: Greg Luck was my old IT Manager, he has moved on since then. He did not write them, he just took credit for them... I have no problem with these documents being reproduced and possibly even updated. They were uploaded through Matthew Ramsey for exactly this, free distribution. We had written them for our internal staff, mainly Remote dial up users who needed to get to the Intranet, Payroll and Accounting. You will see that we masked many images to protect our network. Matt. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of John Stetter Sent: Wednesday, 6 March 2002 8:55 AM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] setup documents There is no copyright information for these documents, it is impossible to contact the creators of the docs due to an invalid return mail address. It looks like these docs were compiled by Greg Luck, but there is no email for him to be found. I assume that these people, people like ourselves, created these documents to be useful to others, and if there were copyright issues, they would be listed somewhere on the pages. None to be found. John ----- Original Message ----- From: "James Cameron" To: "Lonnie Cumberland" Cc: Sent: Tuesday, March 05, 2002 3:49 PM Subject: Re: [pptp-server] setup documents > Lonnie Cumberland wrote: > > could someone please tell me who I would have to talk to in order to > > see about using the Windows VPN setup documents on our website so > > that the users can easily set up thier VPN to our server. > > The author and copyright owner of the documents. Check to see if they > include a license or usage permissions. > > -- > James Cameron > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From John.Stephens at smithscity.co.nz Tue Mar 5 21:34:33 2002 From: John.Stephens at smithscity.co.nz (John Stephens) Date: Wed, 6 Mar 2002 16:34:33 +1300 Subject: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. Message-ID: <71B0CA071AC4D411BA2800C0DF2604E379F61B@HAMMER> Hi I have looked at all the how to's and been through the archives but I must have missed something. I am trying to connect from win2k dial up to an ISP via a VPN to a Linux PoPToP 2.4 on an intranet I can get it to work across the intranet so I presume the security and logon settings are correct. This is the set up. Linux box Running PoPToP 2.4 with gateway pointing to Firewall Router which then passes it on to an internal address to our ISP's Linux firewall which does NAT and passes it on to the outside world. TCP 1723 and GRE are allowed to pass on both routers. The Firewall Routers logs indicate both are passing through it and it seems from the linux log to be getting 70% through verification and authentication before deciding that it does not want to continue. The Win2K side gives me a 619 error Specified port is not connected. and the helpful advice of try restarting. Normal Windows Solution. Linux log Mar 6 16:04:14 slinux pptpd[832]: MGR: Launching /usr/sbin/pptpctrl to handle client Mar 6 16:04:14 slinux pptpd[832]: CTRL: local address = 172.16.0.50 Mar 6 16:04:14 slinux pptpd[832]: CTRL: remote address = 192.168.0.1 Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd speed = 115200 Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd options file = /etc/ppp/options Mar 6 16:04:14 slinux pptpd[832]: CTRL: Client 203.96.149.75 control connection started Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP Control Message (type: 1) Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a START CTRL CONN RPLY packet Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 156 bytes to the client. Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP Control Message (type: 7) Mar 6 16:04:14 slinux pptpd[832]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a OUT CALL RPLY packet Mar 6 16:04:14 slinux pptpd[832]: CTRL: Starting call (launching pppd, opening GRE) Mar 6 16:04:14 slinux pptpd[832]: CTRL: pty_fd = 5 Mar 6 16:04:14 slinux pptpd[832]: CTRL: tty_fd = 6 Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 32 bytes to the client. Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): Connection speed = 115200 Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): local address = 172.16.0.50 Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): remote address = 192.168.0.1 Mar 6 16:04:14 slinux pppd[833]: pppd 2.4.0 started by root, uid 0 Mar 6 16:04:14 slinux pppd[833]: using channel 3 Mar 6 16:04:14 slinux pppd[833]: Using interface ppp0 Mar 6 16:04:14 slinux pppd[833]: Connect: ppp0 <--> /dev/pts/1 Mar 6 16:04:14 slinux pppd[833]: sent [LCP ConfReq id=0x1 ] Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP Control Message (type: 15) Mar 6 16:04:14 slinux pptpd[832]: CTRL: Got a SET LINK INFO packet with standard ACCMs Mar 6 16:04:17 slinux pppd[833]: sent [LCP ConfReq id=0x1 ] Mar 6 16:04:41 slinux last message repeated 8 times Mar 6 16:04:44 slinux pppd[833]: LCP: timeout sending Config-Requests Mar 6 16:04:44 slinux pppd[833]: Connection terminated. Mar 6 16:04:44 slinux pppd[833]: Couldn't release PPP unit: Inappropriate ioctl for device Mar 6 16:04:44 slinux pppd[833]: Exit. Mar 6 16:04:44 slinux pptpd[832]: Error reading from pppd: Input/output error Mar 6 16:04:44 slinux pptpd[832]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Mar 6 16:04:44 slinux pptpd[832]: CTRL: Client 203.96.149.75 control connection finished Mar 6 16:04:44 slinux pptpd[832]: CTRL: Exiting now Mar 6 16:04:44 slinux pptpd[249]: MGR: Reaped child 832 The 203.96.149.75 address is the one given to the Win2K PC dialing in to the Internet. As there is no modem ISDN etc connection is there something that I have missed with the PPP setup I'm relatively new to Linux so more detail than less would be helpful. Thanks John From htdconsultingsvs at hotmail.com Tue Mar 5 21:56:27 2002 From: htdconsultingsvs at hotmail.com (Haruhiko Davis) Date: Tue, 05 Mar 2002 22:56:27 -0500 Subject: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. Message-ID: Take a look at MS article Q227747. And contrary to popular belief, you don't need to reboot W2K (unlike the Win9x clients). LOL >Hi > >I have looked at all the how to's and been through the archives but I must >have missed something. >I am trying to connect from win2k dial up to an ISP via a VPN to a Linux >PoPToP 2.4 on an intranet >I can get it to work across the intranet so I presume the security and >logon >settings are correct. > >This is the set up. > >Linux box Running PoPToP 2.4 with gateway pointing to Firewall Router which >then passes it on to an internal address to our ISP's Linux firewall which >does NAT and passes it on to the outside world. >TCP 1723 and GRE are allowed to pass on both routers. >The Firewall Routers logs indicate both are passing through it and it seems >from the linux log to be getting 70% through verification and >authentication >before deciding that it does not want to continue. > >The Win2K side gives me a 619 error Specified port is not connected. and >the helpful advice of try restarting. Normal Windows Solution. > >Linux log > >Mar 6 16:04:14 slinux pptpd[832]: MGR: Launching /usr/sbin/pptpctrl to >handle client >Mar 6 16:04:14 slinux pptpd[832]: CTRL: local address = 172.16.0.50 >Mar 6 16:04:14 slinux pptpd[832]: CTRL: remote address = 192.168.0.1 >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd speed = 115200 >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd options file = >/etc/ppp/options >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Client 203.96.149.75 control >connection started >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP Control Message >(type: 1) >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a START CTRL CONN RPLY packet >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 156 bytes to the client. >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP Control Message >(type: 7) >Mar 6 16:04:14 slinux pptpd[832]: CTRL: 0 min_bps, 1525 max_bps, 32 window >size >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a OUT CALL RPLY packet >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Starting call (launching pppd, >opening GRE) >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pty_fd = 5 >Mar 6 16:04:14 slinux pptpd[832]: CTRL: tty_fd = 6 >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 32 bytes to the client. >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): Connection speed = >115200 >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): local address = >172.16.0.50 >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): remote address = >192.168.0.1 >Mar 6 16:04:14 slinux pppd[833]: pppd 2.4.0 started by root, uid 0 >Mar 6 16:04:14 slinux pppd[833]: using channel 3 >Mar 6 16:04:14 slinux pppd[833]: Using interface ppp0 >Mar 6 16:04:14 slinux pppd[833]: Connect: ppp0 <--> /dev/pts/1 >Mar 6 16:04:14 slinux pppd[833]: sent [LCP ConfReq id=0x1 > ] >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP Control Message >(type: 15) >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Got a SET LINK INFO packet with >standard ACCMs >Mar 6 16:04:17 slinux pppd[833]: sent [LCP ConfReq id=0x1 > ] >Mar 6 16:04:41 slinux last message repeated 8 times >Mar 6 16:04:44 slinux pppd[833]: LCP: timeout sending Config-Requests >Mar 6 16:04:44 slinux pppd[833]: Connection terminated. >Mar 6 16:04:44 slinux pppd[833]: Couldn't release PPP unit: Inappropriate >ioctl for device >Mar 6 16:04:44 slinux pppd[833]: Exit. >Mar 6 16:04:44 slinux pptpd[832]: Error reading from pppd: Input/output >error >Mar 6 16:04:44 slinux pptpd[832]: CTRL: GRE read or PTY write failed >(gre,pty)=(6,5) >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Client 203.96.149.75 control >connection finished >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Exiting now >Mar 6 16:04:44 slinux pptpd[249]: MGR: Reaped child 832 > >The 203.96.149.75 address is the one given to the Win2K PC dialing in to >the >Internet. > >As there is no modem ISDN etc connection is there something that I have >missed with the PPP setup > >I'm relatively new to Linux so more detail than less would be helpful. > >Thanks John > > > > > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. From jason at jara.cc Wed Mar 6 08:11:47 2002 From: jason at jara.cc (jason marrow) Date: Wed, 6 Mar 2002 09:11:47 -0500 Subject: [pptp-server] Easy Install Message-ID: <1015423907.3c8623a39c277@www.jara.cc> If you need any easy way to get your VPN server up and running email me I have the files that are necessary to get everything working properly. Also the patch that I have allows domain stripping and using smbpasswd file for authentication. The patches I have are for ppp 2.40 and Redhat 7.2. I am running the latest kernel from Redhat. Jason ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From Joe at Polcari.com Wed Mar 6 10:34:44 2002 From: Joe at Polcari.com (Joe Polcari) Date: Wed, 06 Mar 2002 11:34:44 -0500 Subject: [pptp-server] Easy Install References: <1015423907.3c8623a39c277@www.jara.cc> Message-ID: <3C864524.6FF5C906@Polcari.com> Jason, If you want to send them to me along with instructions (or a web page), I can make them available to everyone on a website. Joe jason marrow wrote: > If you need any easy way to get your VPN server up and running email me I have > the files that are necessary to get everything working properly. Also the patch > that I have allows domain stripping and using smbpasswd file for > authentication. The patches I have are for ppp 2.40 and Redhat 7.2. I am > running the latest kernel from Redhat. > Jason > > ------------------------------------------------- > This mail sent through IMP: http://horde.org/imp/ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From Benny.Geys at ordina-denkart.com Wed Mar 6 09:40:33 2002 From: Benny.Geys at ordina-denkart.com (Benny.Geys at ordina-denkart.com) Date: Wed, 6 Mar 2002 16:40:33 +0100 Subject: [pptp-server] OT : pppd default idle value? Message-ID: Hi all, Some of our users are experiencing disconnects when they are idle for a certain amount of time. I am guessing that this is perfectly normal behaviour caused by pppd. When I look at the manpage for pppd, I see that there is an 'idle' option but I can't find any mention of it's default value. Any ideas? Greetings, Benny -------------- next part -------------- A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/ms-tnef Size: 1539 bytes Desc: not available URL: From sagar at cwlglobal.com Wed Mar 6 09:56:13 2002 From: sagar at cwlglobal.com (Sagar Srivastava) Date: Wed, 6 Mar 2002 21:26:13 +0530 Subject: [pptp-server] module ppp-compress-18 error! Message-ID: <02c601c1c527$717b58b0$de5fa4a4@qs1905> Actually this is the link for installing the ppp updated package which supports MSCHAPv2, http://www.infohiiway.com/download/pptp/2.4.x/patches/ppp-2.4.1-MSCHAPv2-fix .patch.gz The following is my ppp options file which now works fine I guess. ==================== name * lock mtu 1492 mru 1492 proxyarp auth +chap +chapms +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-40 mppe-stateless ========================= My VPN connection finishes with TCP/IP successfull and NETbeui failed, but it still gives errors like: ================================== Mar 6 21:17:43 deepblue modprobe: modprobe: Can't locate module ppp-compress-18 Mar 6 21:17:43 deepblue pppd[2716]: sent [CCP ConfRej id=0x36 ] Mar 6 21:17:44 deepblue pppd[2716]: sent [CCP ConfReq id=0x2] Mar 6 21:17:44 deepblue pppd[2716]: rcvd [CCP ConfAck id=0x2] Mar 6 21:17:46 deepblue pppd[2716]: sent [LCP EchoReq id=0x27 magic=0x8e7c3f92] Mar 6 21:17:46 deepblue pppd[2716]: rcvd [LCP EchoRep id=0x27 magic=0x37062fe8] Mar 6 21:17:47 deepblue pppd[2716]: rcvd [CCP ConfReq id=0x37 ] Mar 6 21:17:47 deepblue modprobe: modprobe: Can't locate module ppp-compress-18 Mar 6 21:17:47 deepblue pppd[2716]: sent [CCP ConfRej id=0x37 ] Mar 6 21:17:47 deepblue pppd[2716]: sent [CCP ConfReq id=0x2] Mar 6 21:17:47 deepblue pppd[2716]: rcvd [CCP ConfAck id=0x2] Mar 6 21:17:50 deepblue pppd[2716]: sent [CCP ConfReq id=0x2] Mar 6 21:17:50 deepblue pppd[2716]: rcvd [CCP ConfAck id=0x2] Mar 6 21:17:51 deepblue pppd[2716]: rcvd [CCP ConfReq id=0x38 ] Mar 6 21:17:51 deepblue modprobe: modprobe: Can't locate module ppp-compress-18 Mar 6 21:17:51 deepblue pppd[2716]: sent [CCP ConfRej id=0x38 ] Mar 6 21:17:51 deepblue pppd[2716]: sent [LCP EchoReq id=0x28 magic=0x8e7c3f92] Mar 6 21:17:51 deepblue pppd[2716]: rcvd [LCP EchoRep id=0x28 magic=0x37062fe8] Mar 6 21:17:53 deepblue pppd[2716]: sent [CCP ConfReq id=0x2] Mar 6 21:17:53 deepblue pppd[2716]: rcvd [CCP ConfAck id=0x2] Mar 6 21:17:55 deepblue pppd[2716]: rcvd [CCP ConfReq id=0x39 ] Mar 6 21:17:55 deepblue modprobe: modprobe: Can't locate module ppp-compress-18 Mar 6 21:17:55 deepblue pppd[2716]: sent [CCP ConfRej id=0x39 ] ================================= ANY SUJJESTIONS????? Thanks, Sagar CWLGLOBAL Bangalore INDIA From Steve at SteveCowles.com Wed Mar 6 10:32:10 2002 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 6 Mar 2002 10:32:10 -0600 Subject: [pptp-server] module ppp-compress-18 error! Message-ID: <90769AF04F76D41186C700A0C90AFC3EEA72@defiant.infohiiway.com> > -----Original Message----- > From: Sagar Srivastava [mailto:sagar at cwlglobal.com] > Sent: Wednesday, March 06, 2002 9:56 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] module ppp-compress-18 error! > > options file looks OK. > > My VPN connection finishes with TCP/IP successful and NETbeui failed, Netbeui??? Netbeui has nothing to do with establishing a ppp/pptp based tunnel. Besides, netbeui is a non routable protocol. ppp/pptp establishes a tcp/ip based tunnel. > > but it still gives errors like: > ================================== > Mar 6 21:17:43 deepblue modprobe: modprobe: Can't locate module > ppp-compress-18 Have you added the following to your /etc/modules.conf file??? alias char-major-108 ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate Does your linux kernel/ppp support mppe. i.e. Does the ppp_mppe.o module exist? Steve Cowles From jimmc at irobot.com Wed Mar 6 12:51:53 2002 From: jimmc at irobot.com (Jim McCormack) Date: Wed, 06 Mar 2002 13:51:53 -0500 Subject: [pptp-server] Tunnel Builder MAC Client Message-ID: <3C866549.4EA7D8BD@irobot.com> Hello All: I have been running a PopTop server successfully for many months now (thanks to the helpful archives of this mailing list and all the documentation people have provided). I am now having great difficulty getting a Mac Client to work with the TunnelBuilder pptp client software (the first mac client I have attempted). I have searched the archives of the mailing list and do not have a clear idea of whether anything "special" is required to support a TunnelBuilder client. I am not attempting to use appletalk over the vpn, just ip. I saw one thread that indicated that someone had made a patch to ppp to allow the Tunnel Builder client to work. However the patch was for version ppp-2.3.10 and I believe I am running 2.3.11. Does anyone know if a patch would be necessary? Thanks for any guidance. Cheers! Jim McCormack From ChartP at integratedbarcoding.com Wed Mar 6 13:36:54 2002 From: ChartP at integratedbarcoding.com (Chart P.) Date: Wed, 6 Mar 2002 14:36:54 -0500 Subject: [pptp-server] help setting up PPTP server Message-ID: Hi all, I need help for setting up the VPN server using pptp protocol. I have redhat 7.2 with kernel version: 2.4.7-10. Right now I'm testing in the same LAN. I got the following error in from windows 2000: "Error 734: The PPP link control protocol was terminated" I think my setup is not right. I'm new in linux system. Do you have any advice for the instruction how to setup the VPN server that provides connection from windows clients ? Thanks in advance, Chart Phatt Integrated Barcoding Systems -------------- next part -------------- An HTML attachment was scrubbed... URL: From truin at enterprise.truin.com Wed Mar 6 13:49:35 2002 From: truin at enterprise.truin.com (truin at enterprise.truin.com) Date: Wed, 6 Mar 2002 12:49:35 -0700 (MST) Subject: [pptp-server] help setting up PPTP server In-Reply-To: Message-ID: It would help if you provide the contents of your /etc/ppp/options file, the /etc/ppp/options.pptp file, your /etc/pptpd.conf (without the comments), and the version of pptpd that you're using. I'm using pptpd on the same kernel, and have successfully accessed my private network, through the VPN, with Win98/Me, 2k, and XP, so it's possible (and not too hard) -=Truin=- aka Jason Johnson On Wed, 6 Mar 2002, Chart P. wrote: > Hi all, > > I need help for setting up the VPN server using pptp protocol. I have redhat > 7.2 with kernel version: 2.4.7-10. Right now I'm testing in the same LAN. > > I got the following error in from windows 2000: > "Error 734: The PPP link control protocol was terminated" > > I think my setup is not right. I'm new in linux system. Do you have any > advice for the instruction how to setup the VPN server that provides > connection from windows clients ? > > Thanks in advance, > > Chart Phatt > Integrated Barcoding Systems > From lonnie at outstep.com Wed Mar 6 14:07:42 2002 From: lonnie at outstep.com (Lonnie Cumberland) Date: Wed, 6 Mar 2002 15:07:42 -0500 (EST) Subject: [pptp-server] help setting up PPTP server In-Reply-To: References: Message-ID: <1741.192.168.1.12.1015445262.squirrel@192.168.1.2> Hi chart, what does your options file and pptp.conf look like? Also, on my Redhat 7.2 which I also have Samba running, I had to recompile the kernel to make sure that the ppp stuff was enabled. Cheers, Lonnie > Hi all, > > I need help for setting up the VPN server using pptp protocol. I > have redhat 7.2 with kernel version: 2.4.7-10. Right now I'm > testing in the same LAN. > > I got the following error in from windows 2000: > "Error 734: The PPP link control protocol was terminated" > > I think my setup is not right. I'm new in linux system. Do you > have any advice for the instruction how to setup the VPN server > that provides connection from windows clients ? > > Thanks in advance, > > Chart Phatt > Integrated Barcoding Systems -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" From ChartP at integratedbarcoding.com Wed Mar 6 15:03:30 2002 From: ChartP at integratedbarcoding.com (Chart P.) Date: Wed, 6 Mar 2002 16:03:30 -0500 Subject: [pptp-server] help setting up PPTP server Message-ID: Hi, This my config file. =============================================================== speed 115200 # I put install ppp-mppe in other location instead of default. option /opt/pkgs/ppp-mppe/etc/ppp/options debug localip 192.168.200.200-254 remoteip 192.168.201.1-254 listen 192.168.200.2 =============================================================== I haven't recompiled my kernel. Because when I test the VPN, and check in the process running, I found the pppd process was running automatically. Do I have to install ppp-mppe into my pptp server? Or I can use the default from original? Thanks, Chart Phatt Integrated Barcoding Systems -----Original Message----- From: Lonnie Cumberland To: ChartP at integratedbarcoding.com Cc: pptp-server at lists.schulte.org Sent: 3/6/02 3:07 PM Subject: Re: [pptp-server] help setting up PPTP server Hi chart, what does your options file and pptp.conf look like? Also, on my Redhat 7.2 which I also have Samba running, I had to recompile the kernel to make sure that the ppp stuff was enabled. Cheers, Lonnie > Hi all, > > I need help for setting up the VPN server using pptp protocol. I > have redhat 7.2 with kernel version: 2.4.7-10. Right now I'm > testing in the same LAN. > > I got the following error in from windows 2000: > "Error 734: The PPP link control protocol was terminated" > > I think my setup is not right. I'm new in linux system. Do you > have any advice for the instruction how to setup the VPN server > that provides connection from windows clients ? > > Thanks in advance, > > Chart Phatt > Integrated Barcoding Systems -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: Lonnie at OutStep.com : Lonnie_Cumberland at yahoo.com The Basis Express Virtual Office & Data Backup and Recovery Services URL: http://www.basis-express.com "The Virtual Office without boundries!!!" -------------- next part -------------- An HTML attachment was scrubbed... URL: From cameron at fax.sno.cpqcorp.net Wed Mar 6 15:37:58 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Thu, 07 Mar 2002 08:37:58 +1100 Subject: [pptp-server] help setting up PPTP server References: Message-ID: <3C868C36.E1EB2DFF@fax.sno.cpqcorp.net> "Chart P." wrote: > I haven't recompiled my kernel. Because when I test the VPN, and check > in the process running, I found the pppd process was running > automatically. > > Do I have to install ppp-mppe into my pptp server? Or I can use the > default from original? Yes, no. If you wish to use mppe, you must install ppp-mppe. pppd will start without it, but the connection will fail with an error message in the logs that mentions ppp-compress-18 or something. (Wish: pptp-linux and pptpd to probe for the module ;-) -- James Cameron From John.Stephens at smithscity.co.nz Wed Mar 6 16:33:59 2002 From: John.Stephens at smithscity.co.nz (John Stephens) Date: Thu, 7 Mar 2002 11:33:59 +1300 Subject: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. Message-ID: <71B0CA071AC4D411BA2800C0DF2604E379F61C@HAMMER> I am not trying to get to an NT RRAS Server. The Win2K is the client and Linux is Running POPToP Server with all the authentication done there. As I said I can connect to it accross the local network but when I go via the internet I get halfway through the connection but the tunnel isn't created. I think it is a routing problem as I am using only one interface eth0. The linux logs seem to indicate that there is something coming in from the address that my ISP gave me when I dialed in (the 203 address) but then it seems to lose track after the 192 address is given out to create the tunnel. The server localhost ip is the 172 address. Any further thoughs -----Original Message----- From: Haruhiko Davis [mailto:htdconsultingsvs at hotmail.com] Sent: Wednesday, 6 March 2002 4:56 p.m. To: John.Stephens at smithscity.co.nz; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. Take a look at MS article Q227747. And contrary to popular belief, you don't need to reboot W2K (unlike the Win9x clients). LOL >Hi > >I have looked at all the how to's and been through the archives but I must >have missed something. >I am trying to connect from win2k dial up to an ISP via a VPN to a Linux >PoPToP 2.4 on an intranet >I can get it to work across the intranet so I presume the security and >logon >settings are correct. > >This is the set up. > >Linux box Running PoPToP 2.4 with gateway pointing to Firewall Router which >then passes it on to an internal address to our ISP's Linux firewall which >does NAT and passes it on to the outside world. >TCP 1723 and GRE are allowed to pass on both routers. >The Firewall Routers logs indicate both are passing through it and it seems >from the linux log to be getting 70% through verification and >authentication >before deciding that it does not want to continue. > >The Win2K side gives me a 619 error Specified port is not connected. and >the helpful advice of try restarting. Normal Windows Solution. > >Linux log > >Mar 6 16:04:14 slinux pptpd[832]: MGR: Launching /usr/sbin/pptpctrl to >handle client >Mar 6 16:04:14 slinux pptpd[832]: CTRL: local address = 172.16.0.50 >Mar 6 16:04:14 slinux pptpd[832]: CTRL: remote address = 192.168.0.1 >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd speed = 115200 >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd options file = >/etc/ppp/options >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Client 203.96.149.75 control >connection started >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP Control Message >(type: 1) >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a START CTRL CONN RPLY packet >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 156 bytes to the client. >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP Control Message >(type: 7) >Mar 6 16:04:14 slinux pptpd[832]: CTRL: 0 min_bps, 1525 max_bps, 32 window >size >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a OUT CALL RPLY packet >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Starting call (launching pppd, >opening GRE) >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pty_fd = 5 >Mar 6 16:04:14 slinux pptpd[832]: CTRL: tty_fd = 6 >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 32 bytes to the client. >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): Connection speed = >115200 >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): local address = >172.16.0.50 >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): remote address = >192.168.0.1 >Mar 6 16:04:14 slinux pppd[833]: pppd 2.4.0 started by root, uid 0 >Mar 6 16:04:14 slinux pppd[833]: using channel 3 >Mar 6 16:04:14 slinux pppd[833]: Using interface ppp0 >Mar 6 16:04:14 slinux pppd[833]: Connect: ppp0 <--> /dev/pts/1 >Mar 6 16:04:14 slinux pppd[833]: sent [LCP ConfReq id=0x1 > ] >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP Control Message >(type: 15) >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Got a SET LINK INFO packet with >standard ACCMs >Mar 6 16:04:17 slinux pppd[833]: sent [LCP ConfReq id=0x1 > ] >Mar 6 16:04:41 slinux last message repeated 8 times >Mar 6 16:04:44 slinux pppd[833]: LCP: timeout sending Config-Requests >Mar 6 16:04:44 slinux pppd[833]: Connection terminated. >Mar 6 16:04:44 slinux pppd[833]: Couldn't release PPP unit: Inappropriate >ioctl for device >Mar 6 16:04:44 slinux pppd[833]: Exit. >Mar 6 16:04:44 slinux pptpd[832]: Error reading from pppd: Input/output >error >Mar 6 16:04:44 slinux pptpd[832]: CTRL: GRE read or PTY write failed >(gre,pty)=(6,5) >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Client 203.96.149.75 control >connection finished >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Exiting now >Mar 6 16:04:44 slinux pptpd[249]: MGR: Reaped child 832 > >The 203.96.149.75 address is the one given to the Win2K PC dialing in to >the >Internet. > >As there is no modem ISDN etc connection is there something that I have >missed with the PPP setup > >I'm relatively new to Linux so more detail than less would be helpful. > >Thanks John > > > > > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. From allanc at caldera.com Wed Mar 6 16:50:58 2002 From: allanc at caldera.com (Allan Clark) Date: Wed, 06 Mar 2002 17:50:58 -0500 Subject: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. References: <71B0CA071AC4D411BA2800C0DF2604E379F61C@HAMMER> Message-ID: <3C869D52.EB2815AF@caldera.com> John; From mikes at hartwellcorp.com Wed Mar 6 17:01:06 2002 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Wed, 6 Mar 2002 15:01:06 -0800 Subject: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. Message-ID: <91A5926EFF44D3118B1200104B7276EB01085183@hart-exchange.hartwellcorp.com> The Linux side is trying to setup the GRE connection but the other side isn't responding to the parameter configuration requests. The LCP ConfReq packets should be getting back LCP ConfAck or LCP ConfNak packets but instead nothing is received. The call setup is not being completed and that's why you never see any GRE. Something appears to be wrong at the other end. -- Michael St. Laurent Hartwell Corporation > -----Original Message----- > From: Allan Clark [mailto:allanc at caldera.com] > Sent: Wednesday, March 06, 2002 2:51 PM > To: John Stephens > Cc: PPTP List (E-mail) > Subject: Re: [pptp-server] Linux PoPToP 2.4 with LAN Internet > connection. > > > John; > > From a quick look, it seems as though GRE packets are not being > transferred. I'm just going through the state machine in an idle > manner, but you might want to see if there's a GRE-based ping > around... > I think someone mentioned one a while ago. It's as though GREs are > being dropped by one of the "toasters" between you and the > PPTP server. > > > My logic is as follows: > 1) a connection is detected, pptpd becomes active > > 2) pppd is launched, and pseudottys are created > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Starting call > (launching pppd, > > >opening GRE) > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pty_fd = 5 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: tty_fd = 6 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 32 bytes > to the client. > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > Connection speed = > > >115200 > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > local address = > > >172.16.0.50 > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > remote address = > > >192.168.0.1 > > >Mar 6 16:04:14 slinux pppd[833]: pppd 2.4.0 started by root, uid 0 > > >Mar 6 16:04:14 slinux pppd[833]: using channel 3 > > >Mar 6 16:04:14 slinux pppd[833]: Using interface ppp0 > > >Mar 6 16:04:14 slinux pppd[833]: Connect: ppp0 <--> /dev/pts/1 > > 3) pppd is connected via a pseudo tty, and begins sending information: > > >Mar 6 16:04:14 slinux pppd[833]: sent [LCP ConfReq id=0x1 > > > this last line is actually done 10 times (twice and 8 repeats, if you > skip the pptpd log messages in the syslog). This is a > typical PPP setup > failure: 10 LCPs. It's acting just as though pppd is talking > to a modem > that isn't connected anywhere. > > There's no indication that any GRE traffic is received and > unpacked for > the pppd process -- only that GRE traffic is being sent. > ...so far as I > know. I don't think any GRE traffic has to be received before pppd is > actually initiated. > > Is it possible that intervening hosts are discarding GREs? > > Allan > > > John Stephens wrote: > > > > I am not trying to get to an NT RRAS Server. The Win2K is > the client and > > Linux is Running POPToP Server with all the authentication > done there. As I > > said I can connect to it accross the local network but when > I go via the > > internet I get halfway through the connection but the > tunnel isn't created. > > I think it is a routing problem as I am using only one > interface eth0. The > > linux logs seem to indicate that there is something coming > in from the > > address that my ISP gave me when I dialed in (the 203 > address) but then it > > seems to lose track after the 192 address is given out to > create the tunnel. > > The server localhost ip is the 172 address. > > Any further thoughs > > > > -----Original Message----- > > From: Haruhiko Davis [mailto:htdconsultingsvs at hotmail.com] > > Sent: Wednesday, 6 March 2002 4:56 p.m. > > To: John.Stephens at smithscity.co.nz; pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] Linux PoPToP 2.4 with LAN Internet > > connection. > > > > Take a look at MS article Q227747. > > > > And contrary to popular belief, you don't need to reboot > W2K (unlike the > > Win9x clients). LOL > > > > >Hi > > > > > >I have looked at all the how to's and been through the > archives but I must > > >have missed something. > > >I am trying to connect from win2k dial up to an ISP via a > VPN to a Linux > > >PoPToP 2.4 on an intranet > > >I can get it to work across the intranet so I presume the > security and > > >logon > > >settings are correct. > > > > > >This is the set up. > > > > > >Linux box Running PoPToP 2.4 with gateway pointing to > Firewall Router which > > >then passes it on to an internal address to our ISP's > Linux firewall which > > >does NAT and passes it on to the outside world. > > >TCP 1723 and GRE are allowed to pass on both routers. > > >The Firewall Routers logs indicate both are passing > through it and it seems > > >from the linux log to be getting 70% through verification and > > >authentication > > >before deciding that it does not want to continue. > > > > > >The Win2K side gives me a 619 error Specified port is not > connected. and > > >the helpful advice of try restarting. Normal Windows Solution. > > > > > >Linux log > > > > > >Mar 6 16:04:14 slinux pptpd[832]: MGR: Launching > /usr/sbin/pptpctrl to > > >handle client > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: local address = > 172.16.0.50 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: remote address = > 192.168.0.1 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd speed = 115200 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd options file = > > >/etc/ppp/options > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Client > 203.96.149.75 control > > >connection started > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > Control Message > > >(type: 1) > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a START CTRL > CONN RPLY packet > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 156 bytes > to the client. > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > Control Message > > >(type: 7) > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: 0 min_bps, 1525 > max_bps, 32 window > > >size > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a OUT CALL > RPLY packet > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Starting call > (launching pppd, > > >opening GRE) > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pty_fd = 5 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: tty_fd = 6 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 32 bytes > to the client. > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > Connection speed = > > >115200 > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > local address = > > >172.16.0.50 > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > remote address = > > >192.168.0.1 > > >Mar 6 16:04:14 slinux pppd[833]: pppd 2.4.0 started by root, uid 0 > > >Mar 6 16:04:14 slinux pppd[833]: using channel 3 > > >Mar 6 16:04:14 slinux pppd[833]: Using interface ppp0 > > >Mar 6 16:04:14 slinux pppd[833]: Connect: ppp0 <--> /dev/pts/1 > > >Mar 6 16:04:14 slinux pppd[833]: sent [LCP ConfReq id=0x1 > > > > ] > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > Control Message > > >(type: 15) > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Got a SET LINK > INFO packet with > > >standard ACCMs > > >Mar 6 16:04:17 slinux pppd[833]: sent [LCP ConfReq id=0x1 > > > > ] > > >Mar 6 16:04:41 slinux last message repeated 8 times > > >Mar 6 16:04:44 slinux pppd[833]: LCP: timeout sending > Config-Requests > > >Mar 6 16:04:44 slinux pppd[833]: Connection terminated. > > >Mar 6 16:04:44 slinux pppd[833]: Couldn't release PPP > unit: Inappropriate > > >ioctl for device > > >Mar 6 16:04:44 slinux pppd[833]: Exit. > > >Mar 6 16:04:44 slinux pptpd[832]: Error reading from > pppd: Input/output > > >error > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: GRE read or PTY > write failed > > >(gre,pty)=(6,5) > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Client > 203.96.149.75 control > > >connection finished > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Exiting now > > >Mar 6 16:04:44 slinux pptpd[249]: MGR: Reaped child 832 > > > > > >The 203.96.149.75 address is the one given to the Win2K PC > dialing in to > > >the > > >Internet. > > > > > >As there is no modem ISDN etc connection is there > something that I have > > >missed with the PPP setup > > > > > >I'm relatively new to Linux so more detail than less would > be helpful. > > > > > >Thanks John > > > > > > > > > > > > > > > > > > > > > > > >_______________________________________________ > > >pptp-server maillist - pptp-server at lists.schulte.org > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > >--- To unsubscribe, go to the url just above this line. -- > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp. > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From danield at snapgear.com Wed Mar 6 17:09:00 2002 From: danield at snapgear.com (Daniel Djamaludin) Date: Thu, 07 Mar 2002 09:09:00 +1000 Subject: [pptp-server] Current Plans for PoPToP Message-ID: <3C86A18C.1D2F034F@snapgear.com> Hi Everyone, Let me introduce myself. My name is Daniel Djamaludin and I work with Matthew Ramsay at SnapGear. We were once working for Lineo prior that Moreton Bay Ventures. We have been using and developing PoPToP in our SnapGear and SecureEdge VPN router products. As a result we feel that we have the latest developed version of PoPToP and plan to release this in about a months time. We are about to go through extensive testing which should fine tune PoPToP even further. Please feel free to send me feedback on anything. Best Regards, Daniel Djamaludin -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Daniel Djamaludin - Software Engineer EMAIL: danield at snapgear.com SnapGear Inc. PHONE: +61 7 34352823 825 Stanley St Woolloongabba FAX: +61 7 38913630 Brisbane, QLD, 4102, Australia WEB: www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cameron at fax.sno.cpqcorp.net Wed Mar 6 18:06:50 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Thu, 07 Mar 2002 11:06:50 +1100 Subject: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. References: <71B0CA071AC4D411BA2800C0DF2604E379F61C@HAMMER> <3C869D52.EB2815AF@caldera.com> Message-ID: <3C86AF1A.F340D749@fax.sno.cpqcorp.net> While it probably doesn't relate to the thread directly, I have been testing the new release of the PPTP Client on Linux and found that I can cause the 'no GRE from server' symptom if I accidentally start the pppd in such a way that it sends diagnostic messages through the GRE pipe. The pppd logging file descriptor was attached to the psuedo-tty that was attached to the GRE encapsulator. Indicator 1: if you have considerably more GRE packets sent by the client than there are LCP packets logged by the client. Indicator 2: examining GRE packets using tcpdump -X shows they contain text messages that pppd would normally emit. -- James Cameron From John.Stephens at smithscity.co.nz Wed Mar 6 21:05:49 2002 From: John.Stephens at smithscity.co.nz (John Stephens) Date: Thu, 7 Mar 2002 16:05:49 +1300 Subject: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. Message-ID: <71B0CA071AC4D411BA2800C0DF2604E379F61F@HAMMER> Havn't got it working yet but found out why it isn't. GRE dosn't like NAT http://nsupport.elronsoftware.com/support/fwweb.nsf/c9629841688f08070525656b 0044511b/172d0da90a220ced85256840007cc235?OpenDocument Thanks for the responses John Stephens > > John Stephens wrote: > > > > I am not trying to get to an NT RRAS Server. The Win2K is > the client and > > Linux is Running POPToP Server with all the authentication > done there. As I > > said I can connect to it accross the local network but when > I go via the > > internet I get halfway through the connection but the > tunnel isn't created. > > I think it is a routing problem as I am using only one > interface eth0. The > > linux logs seem to indicate that there is something coming > in from the > > address that my ISP gave me when I dialed in (the 203 > address) but then it > > seems to lose track after the 192 address is given out to > create the tunnel. > > The server localhost ip is the 172 address. > > Any further thoughs > > > > > >I have looked at all the how to's and been through the > archives but I must > > >have missed something. > > >I am trying to connect from win2k dial up to an ISP via a > VPN to a Linux > > >PoPToP 2.4 on an intranet > > >I can get it to work across the intranet so I presume the > security and > > >logon > > >settings are correct. > > > > > >This is the set up. > > > > > >Linux box Running PoPToP 2.4 with gateway pointing to > Firewall Router which > > >then passes it on to an internal address to our ISP's > Linux firewall which > > >does NAT and passes it on to the outside world. > > >TCP 1723 and GRE are allowed to pass on both routers. > > >The Firewall Routers logs indicate both are passing > through it and it seems > > >from the linux log to be getting 70% through verification and > > >authentication > > >before deciding that it does not want to continue. > > > > > >The Win2K side gives me a 619 error Specified port is not > connected. and > > >the helpful advice of try restarting. Normal Windows Solution. > > > > > >Linux log > > > > > >Mar 6 16:04:14 slinux pptpd[832]: MGR: Launching > /usr/sbin/pptpctrl to > > >handle client > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: local address = > 172.16.0.50 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: remote address = > 192.168.0.1 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd speed = 115200 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd options file = > > >/etc/ppp/options > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Client > 203.96.149.75 control > > >connection started > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > Control Message > > >(type: 1) > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a START CTRL > CONN RPLY packet > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 156 bytes > to the client. > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > Control Message > > >(type: 7) > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: 0 min_bps, 1525 > max_bps, 32 window > > >size > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a OUT CALL > RPLY packet > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Starting call > (launching pppd, > > >opening GRE) > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pty_fd = 5 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: tty_fd = 6 > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 32 bytes > to the client. > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > Connection speed = > > >115200 > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > local address = > > >172.16.0.50 > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > remote address = > > >192.168.0.1 > > >Mar 6 16:04:14 slinux pppd[833]: pppd 2.4.0 started by root, uid 0 > > >Mar 6 16:04:14 slinux pppd[833]: using channel 3 > > >Mar 6 16:04:14 slinux pppd[833]: Using interface ppp0 > > >Mar 6 16:04:14 slinux pppd[833]: Connect: ppp0 <--> /dev/pts/1 > > >Mar 6 16:04:14 slinux pppd[833]: sent [LCP ConfReq id=0x1 > > > > ] > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > Control Message > > >(type: 15) > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Got a SET LINK > INFO packet with > > >standard ACCMs > > >Mar 6 16:04:17 slinux pppd[833]: sent [LCP ConfReq id=0x1 > > > > ] > > >Mar 6 16:04:41 slinux last message repeated 8 times > > >Mar 6 16:04:44 slinux pppd[833]: LCP: timeout sending > Config-Requests > > >Mar 6 16:04:44 slinux pppd[833]: Connection terminated. > > >Mar 6 16:04:44 slinux pppd[833]: Couldn't release PPP > unit: Inappropriate > > >ioctl for device > > >Mar 6 16:04:44 slinux pppd[833]: Exit. > > >Mar 6 16:04:44 slinux pptpd[832]: Error reading from > pppd: Input/output > > >error > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: GRE read or PTY > write failed > > >(gre,pty)=(6,5) > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Client > 203.96.149.75 control > > >connection finished > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Exiting now > > >Mar 6 16:04:44 slinux pptpd[249]: MGR: Reaped child 832 > > > > > >The 203.96.149.75 address is the one given to the Win2K PC > dialing in to > > >the > > >Internet. > > > > > >As there is no modem ISDN etc connection is there > something that I have > > >missed with the PPP setup > > > > > >I'm relatively new to Linux so more detail than less would > be helpful. > > > > > >Thanks John > > > > > > > > > > > > > > > > > > > > > > > >_______________________________________________ > > >pptp-server maillist - pptp-server at lists.schulte.org > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > >--- To unsubscribe, go to the url just above this line. -- > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp. > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From charlieb at e-smith.com Wed Mar 6 22:58:47 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 6 Mar 2002 23:58:47 -0500 (EST) Subject: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. In-Reply-To: <71B0CA071AC4D411BA2800C0DF2604E379F61F@HAMMER> Message-ID: On Thu, 7 Mar 2002, John Stephens wrote: > Havn't got it working yet but found out why it isn't. > GRE dosn't like NAT > http://nsupport.elronsoftware.com/support/fwweb.nsf/c9629841688f08070525656b > 0044511b/172d0da90a220ced85256840007cc235?OpenDocument This just means that elronsoftware don't know how to do NAT properly. As I understand it, GRE (http://www.faqs.org/rfcs/rfc2784.html) does not encrypt packets, but does include an optional ones complement checksum over the grep header and payload packet. Any NAT scheme should be able to fiddle the checksum after translating addresses. [IPSEC, OTOH, if authentication headers (AH) are used, does encrypt packets, including the original IP heads. These cannot be successfully NATed.] -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From truin at enterprise.truin.com Thu Mar 7 00:32:13 2002 From: truin at enterprise.truin.com (truin at enterprise.truin.com) Date: Wed, 6 Mar 2002 23:32:13 -0700 (MST) Subject: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. In-Reply-To: <71B0CA071AC4D411BA2800C0DF2604E379F61F@HAMMER> Message-ID: Oh yes, NAT and GRE are nasty enemies, from what I've found. :( If anyone has any ideas on how to get a VPN client on a NAT'd IP (behind linux 2.4.7-10 and ipchains 1.3.10) to a PoPToP server out on the 'net, suggestions or URL's for reference would be appreciated. -=Truin=- aka Jason Johnon On Thu, 7 Mar 2002, John Stephens wrote: > Havn't got it working yet but found out why it isn't. > GRE dosn't like NAT > http://nsupport.elronsoftware.com/support/fwweb.nsf/c9629841688f08070525656b > 0044511b/172d0da90a220ced85256840007cc235?OpenDocument > Thanks for the responses > > John Stephens > > > > > John Stephens wrote: > > > > > > I am not trying to get to an NT RRAS Server. The Win2K is > > the client and > > > Linux is Running POPToP Server with all the authentication > > done there. As I > > > said I can connect to it accross the local network but when > > I go via the > > > internet I get halfway through the connection but the > > tunnel isn't created. > > > I think it is a routing problem as I am using only one > > interface eth0. The > > > linux logs seem to indicate that there is something coming > > in from the > > > address that my ISP gave me when I dialed in (the 203 > > address) but then it > > > seems to lose track after the 192 address is given out to > > create the tunnel. > > > The server localhost ip is the 172 address. > > > Any further thoughs > > > > > > > > >I have looked at all the how to's and been through the > > archives but I must > > > >have missed something. > > > >I am trying to connect from win2k dial up to an ISP via a > > VPN to a Linux > > > >PoPToP 2.4 on an intranet > > > >I can get it to work across the intranet so I presume the > > security and > > > >logon > > > >settings are correct. > > > > > > > >This is the set up. > > > > > > > >Linux box Running PoPToP 2.4 with gateway pointing to > > Firewall Router which > > > >then passes it on to an internal address to our ISP's > > Linux firewall which > > > >does NAT and passes it on to the outside world. > > > >TCP 1723 and GRE are allowed to pass on both routers. > > > >The Firewall Routers logs indicate both are passing > > through it and it seems > > > >from the linux log to be getting 70% through verification and > > > >authentication > > > >before deciding that it does not want to continue. > > > > > > > >The Win2K side gives me a 619 error Specified port is not > > connected. and > > > >the helpful advice of try restarting. Normal Windows Solution. > > > > > > > >Linux log > > > > > > > >Mar 6 16:04:14 slinux pptpd[832]: MGR: Launching > > /usr/sbin/pptpctrl to > > > >handle client > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: local address = > > 172.16.0.50 > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: remote address = > > 192.168.0.1 > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd speed = 115200 > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd options file = > > > >/etc/ppp/options > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Client > > 203.96.149.75 control > > > >connection started > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > > Control Message > > > >(type: 1) > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a START CTRL > > CONN RPLY packet > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 156 bytes > > to the client. > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > > Control Message > > > >(type: 7) > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: 0 min_bps, 1525 > > max_bps, 32 window > > > >size > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a OUT CALL > > RPLY packet > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Starting call > > (launching pppd, > > > >opening GRE) > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pty_fd = 5 > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: tty_fd = 6 > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 32 bytes > > to the client. > > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > > Connection speed = > > > >115200 > > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > > local address = > > > >172.16.0.50 > > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > > remote address = > > > >192.168.0.1 > > > >Mar 6 16:04:14 slinux pppd[833]: pppd 2.4.0 started by root, uid 0 > > > >Mar 6 16:04:14 slinux pppd[833]: using channel 3 > > > >Mar 6 16:04:14 slinux pppd[833]: Using interface ppp0 > > > >Mar 6 16:04:14 slinux pppd[833]: Connect: ppp0 <--> /dev/pts/1 > > > >Mar 6 16:04:14 slinux pppd[833]: sent [LCP ConfReq id=0x1 > > > > > > ] > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > > Control Message > > > >(type: 15) > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Got a SET LINK > > INFO packet with > > > >standard ACCMs > > > >Mar 6 16:04:17 slinux pppd[833]: sent [LCP ConfReq id=0x1 > > > > > > ] > > > >Mar 6 16:04:41 slinux last message repeated 8 times > > > >Mar 6 16:04:44 slinux pppd[833]: LCP: timeout sending > > Config-Requests > > > >Mar 6 16:04:44 slinux pppd[833]: Connection terminated. > > > >Mar 6 16:04:44 slinux pppd[833]: Couldn't release PPP > > unit: Inappropriate > > > >ioctl for device > > > >Mar 6 16:04:44 slinux pppd[833]: Exit. > > > >Mar 6 16:04:44 slinux pptpd[832]: Error reading from > > pppd: Input/output > > > >error > > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: GRE read or PTY > > write failed > > > >(gre,pty)=(6,5) > > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Client > > 203.96.149.75 control > > > >connection finished > > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Exiting now > > > >Mar 6 16:04:44 slinux pptpd[249]: MGR: Reaped child 832 > > > > > > > >The 203.96.149.75 address is the one given to the Win2K PC > > dialing in to > > > >the > > > >Internet. > > > > > > > >As there is no modem ISDN etc connection is there > > something that I have > > > >missed with the PPP setup > > > > > > > >I'm relatively new to Linux so more detail than less would > > be helpful. > > > > > > > >Thanks John > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >_______________________________________________ > > > >pptp-server maillist - pptp-server at lists.schulte.org > > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > > >--- To unsubscribe, go to the url just above this line. -- > > > > > > _________________________________________________________________ > > > Get your FREE download of MSN Explorer at > > http://explorer.msn.com/intl.asp. > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From poptop at ncfirewalls.net Thu Mar 7 01:03:31 2002 From: poptop at ncfirewalls.net (poptop) Date: Thu, 7 Mar 2002 02:03:31 -0500 (EST) Subject: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. In-Reply-To: Message-ID: > If anyone has any ideas on how to get a VPN client on a NAT'd IP (behind > linux 2.4.7-10 and ipchains 1.3.10) to a PoPToP server out on the 'net, > suggestions or URL's for reference would be appreciated. According to one of the original authors, David Luyer, NAT'd clients won't currently work. Here's email from last week: My original question: > > Will PoPToP support multiple NAT'd connections from the > > same IP address? David's reply: > Not at present. It requires the same work as is required > to do the other side of the PPTP protocol (multi call > per IP work) which nobody has done. David was also kind enough to describe what work needs to be done to get NAT'd client IPs working, offering several solutions. I am considering doing the work and am currently reviewing the code. Anyone who is interested is welcome to contact me directly and I'll be happy to forward David's comments in this regard. And, of course, I'm sure he'll see this thread. In the interim, I have solved our problem with NAT'd clients by running multiple instances of pptpd on the same Linux server, assigning each pptpd process to a unique server IP address via IP aliasing. So far, so good. Niles Mills poptop at dnsppp.net From Administrator at josims.com Thu Mar 7 02:38:16 2002 From: Administrator at josims.com (Andrew Lyon) Date: Thu, 7 Mar 2002 08:38:16 -0000 Subject: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. Message-ID: Indeed NAT'ed clients wont work normally, perhaps you could encapsulate GRE within a UDP tunnel ? That's what I do to pass IPSEC through NAT. Andy -----Original Message----- From: truin at enterprise.truin.com [mailto:truin at enterprise.truin.com] Sent: 07 March 2002 06:32 To: John Stephens Cc: PPTP List (E-mail) Subject: RE: [pptp-server] Linux PoPToP 2.4 with LAN Internet connection. Oh yes, NAT and GRE are nasty enemies, from what I've found. :( If anyone has any ideas on how to get a VPN client on a NAT'd IP (behind linux 2.4.7-10 and ipchains 1.3.10) to a PoPToP server out on the 'net, suggestions or URL's for reference would be appreciated. -=Truin=- aka Jason Johnon On Thu, 7 Mar 2002, John Stephens wrote: > Havn't got it working yet but found out why it isn't. > GRE dosn't like NAT > http://nsupport.elronsoftware.com/support/fwweb.nsf/c9629841688f080705 > 25656b > 0044511b/172d0da90a220ced85256840007cc235?OpenDocument > Thanks for the responses > > John Stephens > > > > > John Stephens wrote: > > > > > > I am not trying to get to an NT RRAS Server. The Win2K is > > the client and > > > Linux is Running POPToP Server with all the authentication > > done there. As I > > > said I can connect to it accross the local network but when > > I go via the > > > internet I get halfway through the connection but the > > tunnel isn't created. > > > I think it is a routing problem as I am using only one > > interface eth0. The > > > linux logs seem to indicate that there is something coming > > in from the > > > address that my ISP gave me when I dialed in (the 203 > > address) but then it > > > seems to lose track after the 192 address is given out to > > create the tunnel. > > > The server localhost ip is the 172 address. > > > Any further thoughs > > > > > > > > >I have looked at all the how to's and been through the > > archives but I must > > > >have missed something. > > > >I am trying to connect from win2k dial up to an ISP via a > > VPN to a Linux > > > >PoPToP 2.4 on an intranet > > > >I can get it to work across the intranet so I presume the > > security and > > > >logon > > > >settings are correct. > > > > > > > >This is the set up. > > > > > > > >Linux box Running PoPToP 2.4 with gateway pointing to > > Firewall Router which > > > >then passes it on to an internal address to our ISP's > > Linux firewall which > > > >does NAT and passes it on to the outside world. > > > >TCP 1723 and GRE are allowed to pass on both routers. The > > > >Firewall Routers logs indicate both are passing > > through it and it seems > > > >from the linux log to be getting 70% through verification and > > > >authentication before deciding that it does not want to continue. > > > > > > > >The Win2K side gives me a 619 error Specified port is not > > connected. and > > > >the helpful advice of try restarting. Normal Windows Solution. > > > > > > > >Linux log > > > > > > > >Mar 6 16:04:14 slinux pptpd[832]: MGR: Launching > > /usr/sbin/pptpctrl to > > > >handle client > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: local address = > > 172.16.0.50 > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: remote address = > > 192.168.0.1 > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pppd speed = 115200 Mar > > > >6 16:04:14 slinux pptpd[832]: CTRL: pppd options file = > > > >/etc/ppp/options Mar 6 16:04:14 slinux pptpd[832]: CTRL: Client > > 203.96.149.75 control > > > >connection started > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > > Control Message > > > >(type: 1) > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a START CTRL > > CONN RPLY packet > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 156 bytes > > to the client. > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > > Control Message > > > >(type: 7) > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: 0 min_bps, 1525 > > max_bps, 32 window > > > >size > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Made a OUT CALL > > RPLY packet > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Starting call > > (launching pppd, > > > >opening GRE) > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: pty_fd = 5 > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: tty_fd = 6 > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: I wrote 32 bytes > > to the client. > > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > > Connection speed = > > > >115200 > > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > > local address = > > > >172.16.0.50 > > > >Mar 6 16:04:14 slinux pptpd[833]: CTRL (PPPD Launcher): > > remote address = > > > >192.168.0.1 > > > >Mar 6 16:04:14 slinux pppd[833]: pppd 2.4.0 started by root, uid > > > >0 Mar 6 16:04:14 slinux pppd[833]: using channel 3 Mar 6 > > > >16:04:14 slinux pppd[833]: Using interface ppp0 Mar 6 16:04:14 > > > >slinux pppd[833]: Connect: ppp0 <--> /dev/pts/1 Mar 6 16:04:14 > > > >slinux pppd[833]: sent [LCP ConfReq id=0x1 > > > > > > ] > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Sent packet to client > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Received PPTP > > Control Message > > > >(type: 15) > > > >Mar 6 16:04:14 slinux pptpd[832]: CTRL: Got a SET LINK > > INFO packet with > > > >standard ACCMs > > > >Mar 6 16:04:17 slinux pppd[833]: sent [LCP ConfReq id=0x1 > > > > > > ] > > > >Mar 6 16:04:41 slinux last message repeated 8 times > > > >Mar 6 16:04:44 slinux pppd[833]: LCP: timeout sending > > Config-Requests > > > >Mar 6 16:04:44 slinux pppd[833]: Connection terminated. Mar 6 > > > >16:04:44 slinux pppd[833]: Couldn't release PPP > > unit: Inappropriate > > > >ioctl for device > > > >Mar 6 16:04:44 slinux pppd[833]: Exit. > > > >Mar 6 16:04:44 slinux pptpd[832]: Error reading from > > pppd: Input/output > > > >error > > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: GRE read or PTY > > write failed > > > >(gre,pty)=(6,5) > > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Client > > 203.96.149.75 control > > > >connection finished > > > >Mar 6 16:04:44 slinux pptpd[832]: CTRL: Exiting now > > > >Mar 6 16:04:44 slinux pptpd[249]: MGR: Reaped child 832 > > > > > > > >The 203.96.149.75 address is the one given to the Win2K PC > > dialing in to > > > >the > > > >Internet. > > > > > > > >As there is no modem ISDN etc connection is there > > something that I have > > > >missed with the PPP setup > > > > > > > >I'm relatively new to Linux so more detail than less would > > be helpful. > > > > > > > >Thanks John > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >_______________________________________________ > > > >pptp-server maillist - pptp-server at lists.schulte.org > > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > > >--- To unsubscribe, go to the url just above this line. -- > > > > > > _________________________________________________________________ > > > Get your FREE download of MSN Explorer at > > http://explorer.msn.com/intl.asp. > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- Registered Office: J.O. Sims Ltd, Pudding Lane, Pinchbeck, Spalding, Lincs. PE11 3TJ Company reg No: 2084187 Vat reg No: GB 437 4621 47 Tel: +44 (0) 1775 842100 Fax: +44 (0) 1775 842101 Web: www.josims.com Email: enquiries at josims.com The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. From jason at gfy.cc Thu Mar 7 09:24:44 2002 From: jason at gfy.cc (jason) Date: Thu, 7 Mar 2002 10:24:44 -0500 Subject: [pptp-server] East Install Explicit Instructions Rehat 7.2 Message-ID: <006501c1c5ec$3581fe70$2464a8c0@tbe0426> Ok here is the web link I wrote up very explicit instructions. If you follow these it will work everytime. Please let me know how things turn out. http://www.jara.cc Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From pgrace at rtdcs.com Fri Mar 8 08:44:08 2002 From: pgrace at rtdcs.com (Peter Grace) Date: Fri, 8 Mar 2002 09:44:08 -0500 Subject: [pptp-server] kernel panic with poptop 1.0.1 and 1.1.2 -- Only with broadband clients (?) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello list, First of all, I would like to say that I've successfully had PoPToP installed and running for almost two months, and I am extremely impressed with how it works. I do happen to have a problem, though. In the normal course of the day, we'll have maybe 2-3 modem users vpn'd in (not necessarily at the same time). We have one user who has DSL at his home, and when he connects to the poptop daemon, pptpctrl (intermittently) causes a kernel panic. I've tried both 1.0.1 and 1.1.2 and its happened with both versions. It's one of those situations where I dont have time to write down all of the text of the stack trace, because this machine is also the gateway/router for our lan. Within a few weeks, however, we will be putting a second linux server in as a dedicated vpn/modem pool box and I will probably have a lot more ability to paste stack traces and preceeding kernel errors. In the meantime, is there something I can do to perhaps buffer pptpctrl from beating the kernel down? Could pptpctrl be run as a user rather than root? Is this a common problem with other users? Any help would be appreciated! (I'm using kernel 2.4.17 with the rmap12b patch.) - --- /------------------------------------------- |Peter Grace Phone: 484-875-9462 |Technical Services Fax: 484-875-9461 |RTDCS, Inc. Cell: 484-919-1400 |835 Springdale Drive, Suite 101 |Exton, PA 19341 \------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use Comment: Download PGP at http://www.pgp.com iQA/AwUBPIjON7zldGJZqFN6EQLxrwCgu1C4HJjVpUQJ1wfYZBCuEalNtZEAnRbl GTw3V33ryVmuYwJPgnj9GyWC =dgq3 -----END PGP SIGNATURE----- --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.332 / Virus Database: 186 - Release Date: 3/6/2002 From binesh-dated-1016039047.02b257 at hex21.com Fri Mar 8 11:03:44 2002 From: binesh-dated-1016039047.02b257 at hex21.com (Binesh Bannerjee) Date: Fri, 8 Mar 2002 12:03:44 -0500 (EST) Subject: [pptp-server] kernel panic with poptop 1.0.1 and 1.1.2 -- Only with broadband clients (?) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I sent this directly to Peter, so apologies to him for reposting to the list, but... Hi Peter, I saw your message on the pptp mailing list... I've been having similar problems with 2.2.20, and I guess I wanted to compare notes with you to see if it's the same problem... I've set up pptp for a company I work with as well, and unfortunately for me ALL of the clients are broadband, so, it's been crashing quite regularly. The interesting thing is, that this exact same configuration worked fine while it was on a slow slow 133 Mhz Pentium, but, I switched it to a dual 1Ghz P III, and then it crashes nearly every day. When you get a chance to look at your logs, if you could check for the following, maybe we have the same problem. Here's my log file a few mins before the crash. (It seems not to crash the box IMMEDIATELY, but soon after it receives this.) First off, grep 'Kernel: Ooops' /var/log/messages* yields: messages:Mar 5 13:12:46 gunther kernel: Oops: 0002 messages:Mar 5 14:40:01 gunther kernel: Oops: 0002 messages:Mar 6 10:18:27 gunther kernel: Oops: 0002 messages:Mar 8 04:05:18 gunther kernel: Oops: 0002 (I upgraded the box on March 4th, and tail -1 /var/log/messages.6 shows Jan 27 04:02:01 gunther anacron[30293]: Updated timestamp for job `cron.daily' to 2002-01-27 So, I'm quite sure this is related to the new box...) I'm attaching the relevant sections of the log to this mail. I've chopped logs from the 3 times I've had to reboot since installing the box. Binesh /tmp/gunther/oops1: Mar 5 13:12:46 gunther kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000070 Mar 5 13:12:46 gunther kernel: current->tss.cr3 = 71198000, %cr3 = 71198000 Mar 5 13:12:46 gunther kernel: *pde = 00000000 Mar 5 13:12:46 gunther kernel: Oops: 0002 Mar 5 13:12:46 gunther kernel: CPU: 0 Mar 5 13:12:46 gunther kernel: EIP: 0010:[] Mar 5 13:12:46 gunther kernel: EFLAGS: 00010282 Mar 5 13:12:46 gunther kernel: eax: f8482800 ebx: 00000077 ecx: 00000017 edx: 00000000 Mar 5 13:12:46 gunther kernel: esi: f8482848 edi: f8482a85 ebp: ffff7723 esp: f1171e1c Mar 5 13:12:46 gunther kernel: ds: 0018 es: 0018 ss: 0018 Mar 5 13:12:46 gunther kernel: Process pptpctrl (pid: 6300, process nr: 99, stackpage=f1171000) Mar 5 13:12:46 gunther kernel: Stack: ee199000 00000000 f8482800 000000fa f8482848 f8482848 00000000 f8699800 Mar 5 13:12:46 gunther kernel: f8482b2e 00000580 1b34c5cb 00000000 f8629980 fcd76fb3 f8482800 00000000 Mar 5 13:12:46 gunther kernel: f8482a34 000000fa f8482800 ee199000 00000000 0804dae0 00000292 f48a8f40 Mar 5 13:12:46 gunther kernel: Call Trace: [] [] [pty_unthrottle+44/96] [free_pages+39/44] [check_unthrottle+48/56] [read_chan+1659/2000] [tty_read+192/228] Mar 5 13:12:46 gunther kernel: [sys_read+198/248] [system_call+52/64] [stext+43/169] Mar 5 13:12:46 gunther kernel: Code: f0 ff 4a 70 0f 94 c0 84 c0 74 0c 83 c4 f4 52 e8 6d ad 42 83 Mar 5 13:13:09 gunther pptpd[6504]: CTRL: Client 203.197.52.27 control connection started Mar 5 13:13:09 gunther pptpd[6504]: CTRL: Starting call (launching pppd, opening GRE) Mar 5 13:13:09 gunther pppd[6505]: pppd 2.3.11 started by root, uid 0 Mar 5 13:13:09 gunther pppd[6505]: Using interface ppp0 Mar 5 13:13:09 gunther pppd[6505]: Connect: ppp0 <--> /dev/pts/0 Mar 5 13:13:10 gunther pptpd[6504]: GRE: Discarding duplicate packet Mar 5 13:13:13 gunther pptpd[6504]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 5 13:13:13 gunther pppd[6505]: MSCHAP-v2 peer authentication succeeded for anil Mar 5 13:13:14 gunther pppd[6505]: found interface eth0 for proxy arp Mar 5 13:13:14 gunther pppd[6505]: local IP address 192.168.103.4 Mar 5 13:13:14 gunther pppd[6505]: remote IP address 192.168.103.160 Mar 5 13:13:21 gunther pppd[6505]: MPPE 40 bit, stateless compression enabled Mar 5 13:13:21 gunther pppd[6505]: stateless MPPE enforced Mar 5 13:16:20 gunther pptpd[6504]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 5 13:16:20 gunther pppd[6505]: LCP terminated by peer (91J8^@ /dev/pts/0 Mar 5 13:16:32 gunther pptpd[6594]: GRE: Discarding duplicate packet Mar 5 13:16:35 gunther pptpd[6594]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 5 13:16:36 gunther pppd[6595]: MSCHAP-v2 peer authentication succeeded for anil Mar 5 13:16:37 gunther pppd[6595]: found interface eth0 for proxy arp Mar 5 13:16:37 gunther pppd[6595]: local IP address 192.168.103.4 Mar 5 13:16:37 gunther pppd[6595]: remote IP address 192.168.103.160 Mar 5 13:16:43 gunther pppd[6595]: MPPE 40 bit, stateless compression enabled Mar 5 13:16:43 gunther pppd[6595]: stateless MPPE enforced Mar 5 13:27:41 gunther pptpd[6594]: CTRL: Session timed out, ending call Mar 5 13:27:41 gunther pptpd[6594]: CTRL: Client 203.197.52.27 control connection finished Mar 5 13:27:41 gunther pppd[6595]: Modem hangup Mar 5 13:27:41 gunther pppd[6595]: Connection terminated. Mar 5 13:27:41 gunther pppd[6595]: Connect time 11.2 minutes. Mar 5 13:27:41 gunther pppd[6595]: Exit. Mar 5 13:35:56 gunther pptpd[6912]: CTRL: Client 203.197.51.208 control connection started Mar 5 13:35:56 gunther pptpd[6912]: CTRL: Starting call (launching pppd, opening GRE) Mar 5 13:35:56 gunther pppd[6913]: pppd 2.3.11 started by root, uid 0 Mar 5 13:35:56 gunther pppd[6913]: Using interface ppp0 Mar 5 13:35:56 gunther pppd[6913]: Connect: ppp0 <--> /dev/pts/0 Mar 5 13:35:57 gunther pptpd[6912]: GRE: Discarding duplicate packet Mar 5 13:36:00 gunther pptpd[6912]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 5 13:36:00 gunther kernel: PPP BSD Compression module registered Mar 5 13:36:00 gunther kernel: PPP Deflate Compression module registered Mar 5 13:36:00 gunther pppd[6913]: MSCHAP-v2 peer authentication succeeded for anil Mar 5 13:36:01 gunther pppd[6913]: found interface eth0 for proxy arp Mar 5 13:36:01 gunther pppd[6913]: local IP address 192.168.103.4 Mar 5 13:36:01 gunther pppd[6913]: remote IP address 192.168.103.160 Mar 5 13:36:08 gunther pppd[6913]: MPPE 40 bit, stateless compression enabled Mar 5 13:36:08 gunther pppd[6913]: stateless MPPE enforced Mar 5 14:01:30 gunther pptpd[6912]: CTRL: Session timed out, ending call Mar 5 14:01:30 gunther pptpd[6912]: CTRL: Client 203.197.51.208 control connection finished Mar 5 14:01:30 gunther pppd[6913]: Modem hangup Mar 5 14:01:30 gunther pppd[6913]: Connection terminated. Mar 5 14:01:30 gunther pppd[6913]: Connect time 25.6 minutes. Mar 5 14:01:30 gunther pppd[6913]: Exit. Mar 5 14:01:30 gunther pptpd[6912]: CTRL: Unexpected control message 6 in disconnect sequence Mar 5 14:01:30 gunther ntpdate[7399]: step time server 192.5.41.41 offset 0.037010 sec Mar 5 14:21:36 gunther pptpd[7714]: CTRL: Client 24.191.82.21 control connection started Mar 5 14:21:36 gunther pptpd[7714]: CTRL: Starting call (launching pppd, opening GRE) Mar 5 14:21:37 gunther pppd[7715]: pppd 2.3.11 started by root, uid 0 Mar 5 14:21:37 gunther pppd[7715]: Using interface ppp0 Mar 5 14:21:37 gunther pppd[7715]: Connect: ppp0 <--> /dev/pts/0 Mar 5 14:21:37 gunther pptpd[7714]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 5 14:21:37 gunther kernel: PPP BSD Compression module registered Mar 5 14:21:37 gunther kernel: PPP Deflate Compression module registered Mar 5 14:21:37 gunther pppd[7715]: MSCHAP-v2 peer authentication succeeded for florence Mar 5 14:21:37 gunther pppd[7715]: found interface eth0 for proxy arp Mar 5 14:21:37 gunther pppd[7715]: local IP address 192.168.103.4 Mar 5 14:21:37 gunther pppd[7715]: remote IP address 192.168.103.162 Mar 5 14:21:40 gunther pppd[7715]: MPPE 128 bit, stateless compression enabled Mar 5 14:21:40 gunther pppd[7715]: stateless MPPE enforced Mar 5 14:40:01 gunther kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000070 Mar 5 14:40:01 gunther kernel: current->tss.cr3 = 73b86000, %cr3 = 73b86000 Mar 5 14:40:01 gunther kernel: *pde = 00000000 Mar 5 14:40:01 gunther kernel: Oops: 0002 Mar 5 14:40:01 gunther kernel: CPU: 1 Mar 5 14:40:01 gunther kernel: EIP: 0010:[] Mar 5 14:40:01 gunther kernel: EFLAGS: 00010286 Mar 5 14:40:01 gunther kernel: eax: f8482000 ebx: 000000c2 ecx: 00000002 edx: 00000000 Mar 5 14:40:01 gunther kernel: esi: f8482048 edi: f84822c9 ebp: ffffc2e4 esp: ef37be1c Mar 5 14:40:01 gunther kernel: ds: 0018 es: 0018 ss: 0018 Mar 5 14:40:01 gunther kernel: Process pptpctrl (pid: 7714, process nr: 89, stackpage=ef37b000) Mar 5 14:40:01 gunther kernel: Stack: f483d000 00000000 f8629340 00000000 f8482048 f8482048 00000000 f1cdf000 Mar 5 14:40:01 gunther kernel: f848232e 00000084 f8629340 f4a93c20 00000020 fcd76fb3 f8482000 f9f935e0 Mar 5 14:40:01 gunther kernel: 80303620 801c09b9 f8482000 f483d000 00000000 0804dae0 00000292 f5dcd600 Mar 5 14:40:01 gunther kernel: Call Trace: [] [raw_recvmsg+253/276] [] [pty_unthrottle+44/96] [free_pages+39/44] [check_unthrottle+48/56] [read_chan+1659/2000] Mar 5 14:40:01 gunther kernel: [tty_read+192/228] [sys_read+198/248] [common_interrupt+24/32] [system_call+52/64] [stext+43/169] Mar 5 14:40:01 gunther kernel: Code: f0 ff 4a 70 0f 94 c0 84 c0 74 0c 83 c4 f4 52 e8 6d ad 42 83 Mar 5 14:48:10 gunther pptpd[8134]: CTRL: Client 24.191.82.21 control connection started Mar 5 14:48:10 gunther pptpd[8134]: CTRL: Starting call (launching pppd, opening GRE) Mar 5 14:48:10 gunther pppd[8135]: pppd 2.3.11 started by root, uid 0 Mar 5 14:48:10 gunther kernel: registered device ppp2 Mar 5 14:48:10 gunther pppd[8135]: Using interface ppp2 Mar 5 14:48:10 gunther pppd[8135]: Connect: ppp2 <--> /dev/pts/2 Mar 5 14:48:10 gunther pptpd[8134]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 5 14:48:10 gunther kernel: PPP BSD Compression module registered Mar 5 14:48:10 gunther kernel: PPP Deflate Compression module registered Mar 5 14:48:10 gunther pppd[8135]: MSCHAP-v2 peer authentication succeeded for florence Mar 5 14:48:10 gunther pppd[8135]: found interface eth0 for proxy arp Mar 5 14:48:10 gunther pppd[8135]: local IP address 192.168.103.4 Mar 5 14:48:10 gunther pppd[8135]: remote IP address 192.168.103.162 Mar 5 14:48:10 gunther pppd[8135]: MPPE 128 bit, stateless compression enabled Mar 5 14:48:10 gunther pppd[8135]: stateless MPPE enforced Rebooted here. -- Binesh Mar 5 22:27:08 gunther syslogd 1.3-3: restart. Mar 5 22:27:08 gunther syslog: syslogd startup succeeded Mar 5 22:27:08 gunther syslog: klogd startup succeeded Mar 5 22:27:08 gunther kernel: klogd 1.3-3, log source = /proc/kmsg started. Mar 5 22:27:08 gunther kernel: Inspecting /boot/System.map-2.2.20 /tmp/gunther/oops2: Mar 6 10:18:27 gunther kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000070 Mar 6 10:18:27 gunther kernel: current->tss.cr3 = 2f86f000, %cr3 = 2f86f000 Mar 6 10:18:27 gunther kernel: *pde = 00000000 Mar 6 10:18:27 gunther kernel: Oops: 0002 Mar 6 10:18:27 gunther kernel: CPU: 0 Mar 6 10:18:27 gunther kernel: EIP: 0010:[] Mar 6 10:18:27 gunther kernel: EFLAGS: 00010286 Mar 6 10:18:27 gunther kernel: eax: f84cf000 ebx: 00000027 ecx: 00000007 edx: 00000000 Mar 6 10:18:27 gunther kernel: esi: f84cf048 edi: f84cf293 ebp: ffff274b esp: f8a6fe1c Mar 6 10:18:27 gunther kernel: ds: 0018 es: 0018 ss: 0018 Mar 6 10:18:27 gunther kernel: Process pptpctrl (pid: 24957, process nr: 89, stackpage=f8a6f000) Mar 6 10:18:27 gunther kernel: Stack: f89b2000 00000000 f84cf000 000000fa f84cf048 f84cf048 00000000 9cf73800 Mar 6 10:18:27 gunther kernel: f84cf32e 00000580 1552bf18 f8a6febc 8010c018 fcfb6fb3 f84cf000 00000000 Mar 6 10:18:27 gunther kernel: f84cf234 000000fa f84cf000 f89b2000 00000000 0804dae0 00000292 fb470640 Mar 6 10:18:27 gunther kernel: Call Trace: [common_interrupt+24/32] [] [] [pty_unthrottle+44/96] [free_pages+39/44] [check_unthrottle+48/56] [read_chan+1659/2000] Mar 6 10:18:27 gunther kernel: [tty_read+192/228] [sys_read+198/248] [system_call+52/64] [stext+43/169] Mar 6 10:18:27 gunther kernel: Code: f0 ff 4a 70 0f 94 c0 84 c0 74 0c 83 c4 f4 52 e8 6d ad 1e 83 Mar 6 11:01:24 gunther ntpdate[25712]: step time server 192.5.41.40 offset 0.033584 sec Mar 6 11:16:31 gunther pptpd[25943]: CTRL: Client 24.191.82.21 control connection started Mar 6 11:16:31 gunther pptpd[25943]: CTRL: Starting call (launching pppd, opening GRE) Mar 6 11:16:31 gunther pppd[25944]: pppd 2.3.11 started by root, uid 0 Mar 6 11:16:31 gunther kernel: registered device ppp1 Mar 6 11:16:31 gunther pppd[25944]: Using interface ppp1 Mar 6 11:16:31 gunther pppd[25944]: Connect: ppp1 <--> /dev/pts/1 Mar 6 11:16:31 gunther pptpd[25943]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 6 11:16:31 gunther kernel: PPP BSD Compression module registered Mar 6 11:16:31 gunther kernel: PPP Deflate Compression module registered Mar 6 11:16:31 gunther pppd[25944]: MSCHAP-v2 peer authentication succeeded for florence Mar 6 11:16:31 gunther pppd[25944]: MPPE 128 bit, stateless compression enabled Mar 6 11:16:31 gunther pppd[25944]: stateless MPPE enforced Mar 6 11:16:34 gunther pppd[25944]: found interface eth0 for proxy arp Mar 6 11:16:34 gunther pppd[25944]: local IP address 192.168.103.4 Mar 6 11:16:34 gunther pppd[25944]: remote IP address 192.168.103.162 Mar 6 11:22:07 gunther PAM_pwdb[26055]: (sshd2) session opened for user root by (uid=0) Mar 6 11:22:37 gunther pppd[25944]: Modem hangup Mar 6 11:22:37 gunther pppd[25944]: Connection terminated. Mar 6 11:22:37 gunther pppd[25944]: Connect time 6.1 minutes. Mar 6 11:22:37 gunther pppd[25944]: Sent 659 bytes, received 1448 bytes. Mar 6 11:22:37 gunther pptpd[25943]: CTRL: Error with select(), quitting Mar 6 11:22:37 gunther pptpd[25943]: CTRL: Client 24.191.82.21 control connection finished Mar 6 11:22:38 gunther pppd[25944]: Exit. Mar 6 11:24:31 gunther pppd[24958]: Terminating on signal 15. Mar 6 11:24:31 gunther pppd[24958]: ioctl(SIOCDARP): No such file or directory(2) # Rebooted here -- Binesh Mar 6 11:48:45 gunther syslogd 1.3-3: restart. Mar 6 11:48:45 gunther syslog: syslogd startup succeeded Mar 6 11:48:45 gunther kernel: klogd 1.3-3, log source = /proc/kmsg started. Mar 6 11:48:45 gunther kernel: Inspecting /boot/System.map-2.2.20 Mar 6 11:48:45 gunther syslog: klogd startup succeeded Mar 6 11:48:45 gunther kernel: Loaded 10958 symbols from /boot/System.map-2.2.20. /tmp/gunther/oops3: Mar 8 04:05:18 gunther kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000070 Mar 8 04:05:18 gunther kernel: current->tss.cr3 = 36adb000, %cr3 = 36adb000 Mar 8 04:05:18 gunther kernel: *pde = 00000000 Mar 8 04:05:18 gunther kernel: Oops: 0002 Mar 8 04:05:18 gunther kernel: CPU: 1 Mar 8 04:05:18 gunther kernel: EIP: 0010:[] Mar 8 04:05:18 gunther kernel: EFLAGS: 00010286 Mar 8 04:05:18 gunther kernel: eax: c08dd000 ebx: 000000eb ecx: 0000000b edx: 00000000 Mar 8 04:05:18 gunther kernel: esi: c08dd048 edi: c08dd296 ebp: ffffebee esp: b7a5be1c Mar 8 04:05:18 gunther kernel: ds: 0018 es: 0018 ss: 0018 Mar 8 04:05:18 gunther kernel: Process pptpctrl (pid: 17498, process nr: 137, stackpage=b7a5b000) Mar 8 04:05:18 gunther kernel: Stack: c3da8000 00000000 c08dd000 000000fa c08dd048 c08dd048 00000000 fa552800 Mar 8 04:05:18 gunther kernel: c08dd32e 00000580 10eaedcf 00000000 fb472540 fcfb6fb3 c08dd000 00000000 Mar 8 04:05:18 gunther kernel: c08dd234 000000fa c08dd000 c3da8000 00000000 0804dae0 00000292 fb463cc0 Mar 8 04:05:18 gunther kernel: Call Trace: [] [] [pty_unthrottle+44/96] [free_pages+39/44] [check_unthrottle+48/56] [read_chan+1659/2000] [tty_read+192/228] Mar 8 04:05:18 gunther kernel: [sys_read+198/248] [apic_timer_interrupt+29/40] [system_call+52/64] [stext+43/169] Mar 8 04:05:18 gunther kernel: Code: f0 ff 4a 70 0f 94 c0 84 c0 74 0c 83 c4 f4 52 e8 1d 9d 1e 83 Mar 8 04:07:19 gunther pptpd[22902]: CTRL: Client 206.214.147.95 control connection started Mar 8 04:07:19 gunther pptpd[22902]: CTRL: Starting call (launching pppd, opening GRE) Mar 8 04:07:19 gunther pppd[22903]: pppd 2.3.11 started by root, uid 0 Mar 8 04:07:19 gunther kernel: registered device ppp1 Mar 8 04:07:19 gunther pppd[22903]: Using interface ppp1 Mar 8 04:07:19 gunther pppd[22903]: Connect: ppp1 <--> /dev/pts/8 Mar 8 04:07:20 gunther pptpd[22902]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 8 04:07:20 gunther kernel: PPP BSD Compression module registered Mar 8 04:07:20 gunther kernel: PPP Deflate Compression module registered Mar 8 04:07:20 gunther pppd[22903]: MSCHAP-v2 peer authentication succeeded for binesh Mar 8 04:07:20 gunther pppd[22903]: found interface eth0 for proxy arp Mar 8 04:07:20 gunther pppd[22903]: local IP address 192.168.103.4 Mar 8 04:07:20 gunther pppd[22903]: remote IP address 192.168.103.161 Mar 8 04:07:20 gunther pppd[22903]: MPPE 128 bit, stateless compression enabled Mar 8 04:07:20 gunther pppd[22903]: stateless MPPE enforced Mar 8 04:08:21 gunther kernel: device ppp0 left promiscuous mode Mar 8 04:08:22 gunther kernel: device ppp0 entered promiscuous mode Mar 8 04:11:15 gunther kernel: device ppp0 left promiscuous mode Mar 8 04:11:34 gunther xntpd: ntpd shutdown succeeded Mar 8 04:11:34 gunther mysql: Killing mysqld with pid 1416 Mar 8 04:11:35 gunther rc: Stopping mysql succeeded Mar 8 04:11:35 gunther rc: Stopping pksd succeeded Mar 8 04:11:35 gunther rc: Stopping keytable succeeded Mar 8 04:11:35 gunther xfs: xfs startup succeeded Mar 8 04:11:36 gunther xfs: xfs shutdown succeeded Mar 8 04:11:36 gunther gpm: gpm shutdown succeeded Mar 8 04:11:36 gunther pptpd: Shutting down pptpd: Mar 8 04:11:36 gunther rc: Stopping pptpd succeeded Mar 8 04:11:36 gunther sshd.2222: Shutting down sshd.2222: Mar 8 04:11:36 gunther sshd.2222: Mar 8 04:11:36 gunther rc: Stopping sshd.2222 succeeded Mar 8 04:11:37 gunther inet: inetd shutdown succeeded Mar 8 04:11:37 gunther atd: atd shutdown succeeded Mar 8 04:11:38 gunther crond: crond shutdown succeeded Mar 8 04:11:38 gunther lpd: lpd shutdown succeeded Mar 8 04:11:38 gunther qmail: Shutting down qmail: Mar 8 04:11:38 gunther qmail: Mar 8 04:11:38 gunther rc: Stopping qmail succeeded Mar 8 04:11:38 gunther dd: 1+0 records in Mar 8 04:11:38 gunther dd: 1+0 records out Mar 8 04:11:38 gunther random: Saving random seed succeeded Mar 8 04:11:39 gunther nfslock: rpc.statd shutdown succeeded Mar 8 04:11:39 gunther named: named shutdown succeeded Mar 8 04:11:40 gunther portmap: portmap shutdown succeeded Mar 8 04:11:40 gunther network: Shutting down interface eth0 succeeded Mar 8 04:11:40 gunther sysctl: net.ipv4.ip_forward = 0 Mar 8 04:11:40 gunther network: Disabling IPv4 packet forwarding succeeded Mar 8 04:11:40 gunther sysctl: net.ipv4.ip_always_defrag = 0 Mar 8 04:11:40 gunther network: Disabling IPv4 automatic defragmentation succeeded Mar 8 04:11:40 gunther kernel: Kernel logging (proc) stopped. Mar 8 04:11:40 gunther kernel: Kernel log daemon terminating. Mar 8 04:11:42 gunther syslog: klogd shutdown succeeded Mar 8 04:11:42 gunther exiting on signal 15 # On this one, I saw the message above, suspected that that was the cause # so I tried to shutdown. Obviously, it failed at some later point, because # I had to call up the office to tell them to reboot the box. *sigh* # After touting Linux' uptime to them all over the place. # anyhow, Rebooted here -- Binesh Mar 8 11:04:40 gunther syslogd 1.3-3: restart. Mar 8 11:04:40 gunther syslog: syslogd startup succeeded Mar 8 11:04:40 gunther syslog: klogd startup succeeded Mar 8 11:04:40 gunther kernel: klogd 1.3-3, log source = /proc/kmsg started. Mar 8 11:04:40 gunther kernel: Inspecting /boot/System.map-2.2.20 - -- "Probability of being in the delta quadrant, over 70,000 light years away from last known location is negligible." -- Dreadnought to Torres "Voyager" PGP Key: http://www.hex21.com/~binesh/binesh-public.asc SSH2 Key: http://www.hex21.com/~binesh/binesh-ssh2.pub SSH1 Key: http://www.hex21.com/~binesh/binesh-ssh1.pub OpenSSH Key: http://www.hex21.com/~binesh/binesh-openssh.pub -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iD8DBQE8iO78tC/nHH/DrZYRArnZAJ0dd+yTRk7NTCWMkVhSbFMf3BjzOgCeNesa IB3EZqh+oHRWDazlFkfAPiw= =QLhu -----END PGP SIGNATURE----- From charlieb at e-smith.com Fri Mar 8 11:21:56 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 8 Mar 2002 12:21:56 -0500 (EST) Subject: [pptp-server] kernel panic with poptop 1.0.1 and 1.1.2 -- Only with broadband clients (?) In-Reply-To: Message-ID: On Fri, 8 Mar 2002, Binesh Bannerjee wrote: > /tmp/gunther/oops1: > Mar 5 13:12:46 gunther kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000070 > Mar 5 13:12:46 gunther kernel: current->tss.cr3 = 71198000, %cr3 = 71198000 > Mar 5 13:12:46 gunther kernel: *pde = 00000000 > Mar 5 13:12:46 gunther kernel: Oops: 0002 > Mar 5 13:12:46 gunther kernel: CPU: 0 > Mar 5 13:12:46 gunther kernel: EIP: 0010:[] > Mar 5 13:12:46 gunther kernel: EFLAGS: 00010282 > Mar 5 13:12:46 gunther kernel: eax: f8482800 ebx: 00000077 ecx: 00000017 edx: 00000000 > Mar 5 13:12:46 gunther kernel: esi: f8482848 edi: f8482a85 ebp: ffff7723 esp: f1171e1c > Mar 5 13:12:46 gunther kernel: ds: 0018 es: 0018 ss: 0018 > Mar 5 13:12:46 gunther kernel: Process pptpctrl (pid: 6300, process nr: 99, stackpage=f1171000) > Mar 5 13:12:46 gunther kernel: Stack: ee199000 00000000 f8482800 000000fa f8482848 f8482848 00000000 f8699800 > Mar 5 13:12:46 gunther kernel: f8482b2e 00000580 1b34c5cb 00000000 f8629980 fcd76fb3 f8482800 00000000 > Mar 5 13:12:46 gunther kernel: f8482a34 000000fa f8482800 ee199000 00000000 0804dae0 00000292 f48a8f40 > Mar 5 13:12:46 gunther kernel: Call Trace: [] [] [pty_unthrottle+44/96] [free_pages+39/44] [check_unthrottle+48/56] [read_chan+1659/2000] [tty_read+192/228] > Mar 5 13:12:46 gunther kernel: [sys_read+198/248] [system_call+52/64] [stext+43/169] > Mar 5 13:12:46 gunther kernel: Code: f0 ff 4a 70 0f 94 c0 84 c0 74 0c 83 c4 f4 52 e8 6d ad 42 83 That is a kernel problem in the pty_unthrottle function. It just happens to be tickled by pptpctrl, but that doesn't mean that it is a problem with pptpctrl. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From binesh-dated-1016052200.292c35 at hex21.com Fri Mar 8 14:43:01 2002 From: binesh-dated-1016052200.292c35 at hex21.com (Binesh Bannerjee) Date: Fri, 8 Mar 2002 15:43:01 -0500 (EST) Subject: [pptp-server] kernel panic with poptop 1.0.1 and 1.1.2 -- Only with broadband clients (?) In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 8 Mar 2002, Charlie Brady wrote: > That is a kernel problem in the pty_unthrottle function. It just happens > to be tickled by pptpctrl, but that doesn't mean that it is a problem with > pptpctrl. Cool! So, how do I fix it? Or where do I go to find out how to fix it? Binesh > > -- > Charlie Brady charlieb at e-smith.com > Lead Product Developer > Network Server Solutions Group http://www.e-smith.com/ > Mitel Networks Corporation http://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > > - -- "Go back to your virgin pink daiquiri and just mind your own god-damned business." -- Clint Eastwood as Frank Corvin in "Space Cowboys" PGP Key: http://www.hex21.com/~binesh/binesh-public.asc SSH2 Key: http://www.hex21.com/~binesh/binesh-ssh2.pub SSH1 Key: http://www.hex21.com/~binesh/binesh-ssh1.pub OpenSSH Key: http://www.hex21.com/~binesh/binesh-openssh.pub -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iD8DBQE8iSJotC/nHH/DrZYRAkkfAKDKWLJ+5CdWnBamulhFg3cdq6daxACdHbNO WfSTuwMIN3+VApoFVyxfcbc= =qz0n -----END PGP SIGNATURE----- From pgrace at rtdcs.com Fri Mar 8 14:49:02 2002 From: pgrace at rtdcs.com (Peter Grace) Date: Fri, 8 Mar 2002 15:49:02 -0500 Subject: [pptp-server] kernel panic with poptop 1.0.1 and 1.1.2 -- Only with broadband clients (?) In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Charlie, If this is also the case for me, is there a way to make pptp/pppd not use pty? Would that be efficient? Any other ideas as to how to work around the problem? Since my box doesnt survive the oops, I never get a log of the crash. Once I get it on a screen that I can transcribe it with, I'll probably post my oops as well as Binesh's in a hope to have someone fix the problem. Thanks, Peter >That is a kernel problem in the pty_unthrottle function. It just >happens to be tickled by pptpctrl, but that doesn't mean that it is >a problem with pptpctrl. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use Comment: Download PGP at http://www.pgp.com iQA/AwUBPIkju7zldGJZqFN6EQLzxgCfXwgQMRVJyGWI1N8b9MJB5g/szI8AnjIy iGaHTBgquZs5a7LuuafFj3np =Zq3n -----END PGP SIGNATURE----- --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.332 / Virus Database: 186 - Release Date: 3/6/2002 From charlieb at e-smith.com Fri Mar 8 14:55:01 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 8 Mar 2002 15:55:01 -0500 (EST) Subject: [pptp-server] kernel panic with poptop 1.0.1 and 1.1.2 -- Only with broadband clients (?) In-Reply-To: Message-ID: On Fri, 8 Mar 2002, Binesh Bannerjee wrote: > So, how do I fix it? Diagnose it first. > Or where do I go to find out how to fix it? The kernel mailing list. There is an FAQ somewhere, possibly in the Documentation directory of the kernel source, saying what you should do if you see a kernel OOPs. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From charlieb at e-smith.com Fri Mar 8 14:55:53 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 8 Mar 2002 15:55:53 -0500 (EST) Subject: [pptp-server] kernel panic with poptop 1.0.1 and 1.1.2 -- Only with broadband clients (?) In-Reply-To: Message-ID: On Fri, 8 Mar 2002, Peter Grace wrote: > If this is also the case for me, is there a way to make pptp/pppd > not use pty? Would that be efficient? Any other ideas as to how to > work around the problem? No idea, for all questions. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From empty at ispnet.ca Sat Mar 9 08:18:34 2002 From: empty at ispnet.ca (Mike Todd) Date: Sat, 9 Mar 2002 09:18:34 -0500 Subject: [pptp-server] Compile problems with pppd. Message-ID: <00e001c1c775$4c625ba0$034080a7@EMPTY> Good day, I am having a problem compiling pppd. I've patched it with ppp-2.3.11-openssl-0.9.5-mppe/ppp_mppe_compressed_data_fix. I am running slackware 8.0. Below is the output: extra_crypto.o: In function `DesEncrypt': /root/ppp/ppp-2.3.11/pppd/extra_crypto.c:141: undefined reference to `setkey' /root/ppp/ppp-2.3.11/pppd/extra_crypto.c:144: undefined reference to `encrypt' collect2: ld returned 1 exit status make[1]: *** [pppd] Error 1 make[1]: Leaving directory `/root/ppp/ppp-2.3.11/pppd' make: *** [all] Error 2 Any ideas? Thanks, Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From igor at br.inter.net Sat Mar 9 09:46:52 2002 From: igor at br.inter.net (=?iso-8859-1?Q?Igor_Maciel_Maca=FAbas?=) Date: Sat, 9 Mar 2002 12:46:52 -0300 Subject: [pptp-server] pppd + pptp + radius Message-ID: <004601c1c781$a3173400$2770b8c8@igor> Hi all, I use a VPN Solution in my company with pppd / pptp to make Windows machine access some restricted areas of my network. Since the number of users using this solution is increasing, I need to make the VPNServer authenticate into my company radius server. I was looking at the internet, and didn't find a lot of solutions .. so I need to know if it's possible, and how can I do that. If someone have anything that can help me, send :) I've been researching this question about 8 months and didn't have any answer. Thanks, Igor -- igor at br.inter.net From werner.klocker at cable.vol.at Sat Mar 9 17:44:39 2002 From: werner.klocker at cable.vol.at (werner.klocker at cable.vol.at) Date: 10 Mar 2002 00:44:39 +0100 Subject: [pptp-server] (no subject) Message-ID: <200203092336.g29NaW428865@sendnix.tele.net> Can you send me, how to get your list??? Protect your PC with McAfee.com Clinic! http://www.mcafee.com/neoplanet From christopher at schulte.org Sat Mar 9 18:11:15 2002 From: christopher at schulte.org (Christopher Schulte) Date: Sat, 09 Mar 2002 18:11:15 -0600 Subject: [pptp-server] (no subject) In-Reply-To: <200203092336.g29NaW428865@sendnix.tele.net> Message-ID: <5.1.0.14.0.20020309181019.04edd570@pop3s.schulte.org> At 12:44 AM 3/10/2002 +0100, you wrote: >Can you send me, how to get your list??? See http://lists.schulte.org/mailman/listinfo/pptp-server then look for 'Subscribing to pptp-server' -- Christopher Schulte christopher at schulte.org http://noc.schulte.org/ From david_luyer at pacific.net.au Sat Mar 9 22:16:47 2002 From: david_luyer at pacific.net.au (David Luyer) Date: Sun, 10 Mar 2002 15:16:47 +1100 Subject: [pptp-server] pppd + pptp + radius In-Reply-To: <004601c1c781$a3173400$2770b8c8@igor> Message-ID: <002701c1c7ea$657362e0$46943ecb@pacific.net.au> There are two solutions. 1. Using PAM and one of the two PAM RADIUS modules, authenticate via RADIUS (one module is pam-lradius, the other is in the base PAM distro) Caveat: this doesn't get static IPs from RADIUS or do accounting via RADIUS. 2. Using one of the two PortSlave distributions, do authentication, IP address allocation, etc from RADIUS. Combined with something like gated, this can mean your users can authenticate via either the VPN or a dialup NAS and get the same IP address. Accounting is also via RADIUS as per dialup NAS's. Caveat: you may need to look at the code carefully to ensure reliable traffic accounting and run an exact version of pppd. I haven't ever tried using a PortSlave PPPd and adding the MSCHAP patches. I've done both of these at different places I've worked as well as using a third option - authenticating via a Bay ERPCD. David. -- David Luyer Phone: +61 3 9674 7525 Network Development Manager P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 BYTE http://www.pacific.net.au/ NASDAQ: PCNTF > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of > Igor Maciel Maca?bas > Sent: Sunday, 10 March 2002 2:47 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pppd + pptp + radius > > > Hi all, > I use a VPN Solution in my company with pppd / pptp to make > Windows machine > access some restricted areas of my network. > Since the number of users using this solution is increasing, > I need to make > the VPNServer authenticate into my company radius server. > I was looking at the internet, and didn't find a lot of > solutions .. so I > need to know if it's possible, and how can I do that. > If someone have anything that can help me, send :) > I've been researching this question about 8 months and didn't have any > answer. > > Thanks, > Igor > -- > igor at br.inter.net > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From fabio at ipway.com.br Sun Mar 10 08:14:04 2002 From: fabio at ipway.com.br (Fabio Oliveira) Date: Sun, 10 Mar 2002 11:14:04 -0300 Subject: [pptp-server] PPTP client behind Linux Masq. (NAT) In-Reply-To: <002701c1c7ea$657362e0$46943ecb@pacific.net.au> Message-ID: Hi all, I have a doubt on using PPTP client behind of Gateway/NAT as bellow: PPTP Client ---> Linux Masq. Gateway --> Public Net. (Internet) --> Linux PPTP Server I hear something how only one connection per time is possible in that configuration. I would like to know if is it true??? If yes, Is there any alternative w/ that topology to connect client simultaneously? Considering that system is Linux 7.x w/ kernel 2.4.x. Thanks, Fabio Oliveira _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From igor at br.inter.net Sun Mar 10 20:17:51 2002 From: igor at br.inter.net (=?iso-8859-1?Q?Igor_Maciel_Maca=FAbas?=) Date: Sun, 10 Mar 2002 23:17:51 -0300 Subject: [pptp-server] pppd + pptp + radius References: <002701c1c7ea$657362e0$46943ecb@pacific.net.au> Message-ID: <00f501c1c8a2$f53ff0b0$2670b8c8@igor> Hi David, I would like to know more details about the first solution; I don't need accounting, get static ip from radius and this stuff. I use accouting with a propertary software in PHP that analyzes the PPP log.. so I just need one solution to authenticate via RADIUS. Just auth. Can you give me more details? I was looking at my RADIUS server page (freeradius - www.freeradius.org) and I saw that there's a PAM module inside this RADIUS distro. So, how can I use it to authenticate my pptpd / pppd into my RADIUS server? How can I proceed to make the pam-lradius module to do the auth in my system? Thanks a lot for helping me. Regards, Igor -- igor at br.inter.net ----- Original Message ----- From: "David Luyer" To: "'Igor Maciel Maca?bas'" ; Sent: Sunday, March 10, 2002 1:16 AM Subject: RE: [pptp-server] pppd + pptp + radius > There are two solutions. > > 1. Using PAM and one of the two PAM RADIUS modules, authenticate via > RADIUS (one module is pam-lradius, the other is in the base PAM > distro) > > Caveat: this doesn't get static IPs from RADIUS or do accounting > via RADIUS. > > 2. Using one of the two PortSlave distributions, do authentication, > IP address allocation, etc from RADIUS. Combined with something > like > gated, this can mean your users can authenticate via either the VPN > or a dialup NAS and get the same IP address. Accounting is also via > RADIUS as per dialup NAS's. > > Caveat: you may need to look at the code carefully to ensure > reliable > traffic accounting and run an exact version of pppd. I > haven't > ever tried using a PortSlave PPPd and adding the MSCHAP > patches. > > I've done both of these at different places I've worked as well as using > a third option - authenticating via a Bay ERPCD. > > David. > -- > David Luyer Phone: +61 3 9674 7525 > Network Development Manager P A C I F I C Fax: +61 3 9699 8693 > Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 BYTE > http://www.pacific.net.au/ NASDAQ: PCNTF > > > > -----Original Message----- > > From: pptp-server-admin at lists.schulte.org > > [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of > > Igor Maciel Maca?bas > > Sent: Sunday, 10 March 2002 2:47 AM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] pppd + pptp + radius > > > > > > Hi all, > > I use a VPN Solution in my company with pppd / pptp to make > > Windows machine > > access some restricted areas of my network. > > Since the number of users using this solution is increasing, > > I need to make > > the VPNServer authenticate into my company radius server. > > I was looking at the internet, and didn't find a lot of > > solutions .. so I > > need to know if it's possible, and how can I do that. > > If someone have anything that can help me, send :) > > I've been researching this question about 8 months and didn't have any > > answer. > > > > Thanks, > > Igor > > -- > > igor at br.inter.net > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > > From zeus at smtp.titanvision.com Mon Mar 11 01:17:56 2002 From: zeus at smtp.titanvision.com (zeus) Date: Mon, 11 Mar 2002 10:17:56 +0300 Subject: [pptp-server] PPTP & PPP on FreeBSD Message-ID: <004401c1c8cc$e6eb2be0$cd01a8c0@ernestoc> Hello Does anybody have PPTP & PPP running on FreeBSD and supporting Microsoft MPPE encryption ? The last releases of ppp does not support FreeBSD at all. Whre can I get a version of ppp supporting mppe to compile under freebsd ? Thanks From kszymanski at bs-networks.de Mon Mar 11 14:20:36 2002 From: kszymanski at bs-networks.de (Kai Szymanski) Date: Mon, 11 Mar 2002 21:20:36 +0100 Subject: [pptp-server] pptpd & kernel 2.4.16 Message-ID: <200203112005.g2BK55p21895@www.bs-networks.de> Hello, i use the following: Kernel 2.4.16 with linux-2.4.16-openssl-0.9.6b-mppe.patch) pppd 2.4.1 with ppp-2.4.1-MSCHAPv2-fix.patch and ppp-2.4.1-openssl-0.9.6-mppe-patch and require-mppe.diff PoPToP v1.1.2 Before i install 2.4.16 i use 2.4.10 (this works fine). After upgrading i get the following messages in our logfile: --- CUT HERE pptpd[21716]: CTRL: Client 1.2.3.4 control connection finished pptpd[21716]: CTRL: Exiting now pptpd[21312]: MGR: Reaped child 21716 pptpd[21734]: MGR: Launching /usr/sbin/pptpctrl to handle client pptpd[21734]: CTRL: local address = 10.4.0.1 pptpd[21734]: CTRL: remote address = 10.4.1.2 pptpd[21734]: CTRL: pppd speed = 115200 pptpd[21734]: CTRL: pppd options file = /etc/ppp/options.pptpd pptpd[21734]: CTRL: Client 1.2.3.4 control connection started pptpd[21734]: CTRL: Received PPTP Control Message (type: 1) pptpd[21734]: CTRL: Made a START CTRL CONN RPLY packet pptpd[21734]: CTRL: I wrote 156 bytes to the client. pptpd[21734]: CTRL: Sent packet to client pptpd[21734]: CTRL: Received PPTP Control Message (type: 7) pptpd[21734]: CTRL: 0 min_bps, 152 max_bps, 32 window size pptpd[21734]: CTRL: Made a OUT CALL RPLY packet pptpd[21734]: CTRL: Starting call (launching pppd, opening GRE) pptpd[21734]: CTRL: pty_fd = 5 pptpd[21734]: CTRL: tty_fd = 6 pptpd[21734]: CTRL: I wrote 32 bytes to the client. pptpd[21734]: CTRL: Sent packet to client pptpd[21735]: CTRL (PPPD Launcher): Connection speed = 115200 pptpd[21735]: CTRL (PPPD Launcher): local address = 10.4.0.1 pptpd[21735]: CTRL (PPPD Launcher): remote address = 10.4.1.2 pppd[21735]: pppd 2.4.1 started by root, uid 0 pppd[21735]: using channel 1042 pppd[21735]: Using interface ppp0 pppd[21735]: Connect: ppp0 <--> /dev/pts/1 pppd[21735]: sent [LCP ConfReq id=0x1 ] pptpd[21734]: GRE: read error: Protocol not available pptpd[21734]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) pptpd[21734]: CTRL: Client 1.2.3.4 control connection finished pptpd[21734]: CTRL: Exiting now pptpd[21312]: MGR: Reaped child 21734 pppd[21735]: Modem hangup pppd[21735]: Connection terminated. pppd[21735]: Exit. --- CUT HERE Is this a know 'bug' ? If so, have i to downgrade to 2.4.10 or better upgrade to 2.4.18 (if it works with pptpd) ? Thanks for your help! Best regards, Kai. -- Kai Szymanski BS Networks http://www.bs-networks.de From david at vanvyfeyken.nl Mon Mar 11 19:41:44 2002 From: david at vanvyfeyken.nl (David van Vyfeyken) Date: Tue, 12 Mar 2002 02:41:44 +0100 Subject: [pptp-server] pptpd & kernel 2.4.16 In-Reply-To: <200203112005.g2BK55p21895@www.bs-networks.de> Message-ID: <000e01c1c967$118d9370$8265a8c0@voyager> Hi Kai, You should check if you have ip_gre.o build with your kernel. And when it's a module, that it is loaded. If you have to rebuild your kernel, I suggest upgrading to 2.4.18. The linux-2.4.16-openssl-0.9.6b-mppe.patch will work ... Regards, David van Vyfeyken -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Kai Szymanski Sent: Monday, March 11, 2002 9:21 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] pptpd & kernel 2.4.16 Hello, i use the following: Kernel 2.4.16 with linux-2.4.16-openssl-0.9.6b-mppe.patch) pppd 2.4.1 with ppp-2.4.1-MSCHAPv2-fix.patch and ppp-2.4.1-openssl-0.9.6-mppe-patch and require-mppe.diff PoPToP v1.1.2 Before i install 2.4.16 i use 2.4.10 (this works fine). After upgrading i get the following messages in our logfile: --- CUT HERE pptpd[21716]: CTRL: Client 1.2.3.4 control connection finished pptpd[21716]: CTRL: Exiting now pptpd[21312]: MGR: Reaped child 21716 pptpd[21734]: MGR: Launching /usr/sbin/pptpctrl to handle client pptpd[21734]: CTRL: local address = 10.4.0.1 pptpd[21734]: CTRL: remote address = 10.4.1.2 pptpd[21734]: CTRL: pppd speed = 115200 pptpd[21734]: CTRL: pppd options file = /etc/ppp/options.pptpd pptpd[21734]: CTRL: Client 1.2.3.4 control connection started pptpd[21734]: CTRL: Received PPTP Control Message (type: 1) pptpd[21734]: CTRL: Made a START CTRL CONN RPLY packet pptpd[21734]: CTRL: I wrote 156 bytes to the client. pptpd[21734]: CTRL: Sent packet to client pptpd[21734]: CTRL: Received PPTP Control Message (type: 7) pptpd[21734]: CTRL: 0 min_bps, 152 max_bps, 32 window size pptpd[21734]: CTRL: Made a OUT CALL RPLY packet pptpd[21734]: CTRL: Starting call (launching pppd, opening GRE) pptpd[21734]: CTRL: pty_fd = 5 pptpd[21734]: CTRL: tty_fd = 6 pptpd[21734]: CTRL: I wrote 32 bytes to the client. pptpd[21734]: CTRL: Sent packet to client pptpd[21735]: CTRL (PPPD Launcher): Connection speed = 115200 pptpd[21735]: CTRL (PPPD Launcher): local address = 10.4.0.1 pptpd[21735]: CTRL (PPPD Launcher): remote address = 10.4.1.2 pppd[21735]: pppd 2.4.1 started by root, uid 0 pppd[21735]: using channel 1042 pppd[21735]: Using interface ppp0 pppd[21735]: Connect: ppp0 <--> /dev/pts/1 pppd[21735]: sent [LCP ConfReq id=0x1 ] pptpd[21734]: GRE: read error: Protocol not available pptpd[21734]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) pptpd[21734]: CTRL: Client 1.2.3.4 control connection finished pptpd[21734]: CTRL: Exiting now pptpd[21312]: MGR: Reaped child 21734 pppd[21735]: Modem hangup pppd[21735]: Connection terminated. pppd[21735]: Exit. --- CUT HERE Is this a know 'bug' ? If so, have i to downgrade to 2.4.10 or better upgrade to 2.4.18 (if it works with pptpd) ? Thanks for your help! Best regards, Kai. -- Kai Szymanski BS Networks http://www.bs-networks.de _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From fcusack at fcusack.com Mon Mar 11 21:38:02 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Mon, 11 Mar 2002 19:38:02 -0800 Subject: [pptp-server] pppd + pptp + radius In-Reply-To: <004601c1c781$a3173400$2770b8c8@igor>; from igor@br.inter.net on Sat, Mar 09, 2002 at 12:46:52PM -0300 References: <004601c1c781$a3173400$2770b8c8@igor> Message-ID: <20020311193802.J27876@google.com> On Sat, Mar 09, 2002 at 12:46:52PM -0300, Igor Maciel Maca?bas wrote: > Hi all, > I use a VPN Solution in my company with pppd / pptp to make Windows machine > access some restricted areas of my network. > Since the number of users using this solution is increasing, I need to make > the VPNServer authenticate into my company radius server. > I was looking at the internet, and didn't find a lot of solutions .. so I > need to know if it's possible, and how can I do that. > If someone have anything that can help me, send :) > I've been researching this question about 8 months and didn't have any > answer. In addition to other answers already posted, you could wait until pppd-2.4.2 comes out. It will have support for radius. If you don't need MPPE (encryption) you can do this today -- you need to grab the CVS sources. When will 2.4.2 come out? Who knows. /fc From Benny.Geys at ordina-denkart.com Tue Mar 12 05:11:56 2002 From: Benny.Geys at ordina-denkart.com (Benny.Geys at ordina-denkart.com) Date: Tue, 12 Mar 2002 12:11:56 +0100 Subject: [pptp-server] Can't browse the internet while connected to our PPTP server Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all! I've been looking into this for quite some time now and I can't seem to find a solution. The problem is that when I (or other people from our company) can't browse the internet when connected to our PoPToP server. ICQ, mail, ... works fine, it's just browsing that doesn't work anymore. All the people affected use Win2000 clients and all have the same (cable) ISP. This ISP only allows surfing through a proxy server. Other people at our company, using the very same setup but using another ISP (one who doesn't force its customers to use a proxy server) can connect to the internet without a problem. _No_ clients use the 'Use default gateway on remote server' option. Is there somebody who has had the same problem? Greetings, Benny -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 Comment: DEAR IRS, Please cancel my subscription. iQA/AwUBPI3idwPrgn4F1j+REQKafQCggJdpm3z7kke6dg9HpuDlgju45ugAoJPK gK8y3DbnLlUSGOoygaBDDwNT =5o/3 -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/ms-tnef Size: 1929 bytes Desc: not available URL: From grj at lincom.no Tue Mar 12 05:21:43 2002 From: grj at lincom.no (Gustav Jansen) Date: Tue, 12 Mar 2002 12:21:43 +0100 Subject: [pptp-server] pptp and pppoe References: <004601c1c781$a3173400$2770b8c8@igor> <20020311193802.J27876@google.com> Message-ID: <3C8DE4C7.5050103@lincom.no> Hi! I'm going to set up a pptp vpn server on a gateway that have a *DSL link to a service provider using pppoe. Is there something I have to look out for, or is the procedure straight forward. I'm using different ppp-option files, but the same chap-secrets file. -- Gustav Jansen Linux Communications AS From sagar at cwlglobal.com Tue Mar 12 07:37:52 2002 From: sagar at cwlglobal.com (Sagar Srivastava) Date: Tue, 12 Mar 2002 19:07:52 +0530 Subject: [pptp-server] module ppp-compress-18 error! References: <90769AF04F76D41186C700A0C90AFC3EEA72@defiant.infohiiway.com> Message-ID: <003a01c1c9cb$1c674ac0$de5fa4a4@qs1905> I dont have these modules in my machine at all. please tell me how and where to obtain them. I am using Red Hat 7.2 with http://www.infohiiway.com/download/pptp/2.4.x/patches/ppp-2.4.1-MSCHAPv2-fix .patch.gz Thanks, Sagar, India > > Have you added the following to your /etc/modules.conf file??? > > alias char-major-108 ppp_generic > alias tty-ldisc-3 ppp_async > alias tty-ldisc-14 ppp_synctty > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > > Does your linux kernel/ppp support mppe. i.e. Does the ppp_mppe.o module > exist? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From r.devroede at linvision.com Tue Mar 12 08:13:04 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 12 Mar 2002 15:13:04 +0100 Subject: [pptp-server] module ppp-compress-18 error! In-Reply-To: <003a01c1c9cb$1c674ac0$de5fa4a4@qs1905> References: <90769AF04F76D41186C700A0C90AFC3EEA72@defiant.infohiiway.com> <003a01c1c9cb$1c674ac0$de5fa4a4@qs1905> Message-ID: <1015942384.1767.17.camel@richard> RedHat 7.2. That's nice, because now you can go to http://devel.linvision.com and get the kernel-2.4.9-31mppe, kernel-headers-2.4.9-31mppe, pppd-2.4.1-3mppe and pptpd-1.1.2-2 RPMS. Just install them, the modules.conf file will be automagically adapted. Tweak the configfile /etc/pptpd.conf and add some users to your chap-secrets file either manually or with the vpnuser script and you're ready to go. Have fun! Richard de Vroede > I dont have these modules in my machine at all. please tell me how and where > to obtain them. I am using Red Hat 7.2 with > http://www.infohiiway.com/download/pptp/2.4.x/patches/ppp-2.4.1-MSCHAPv2-fix > .patch.gz > > > Thanks, > Sagar, India > > > > > > Have you added the following to your /etc/modules.conf file??? > > > > alias char-major-108 ppp_generic > > alias tty-ldisc-3 ppp_async > > alias tty-ldisc-14 ppp_synctty > > alias ppp-compress-18 ppp_mppe > > alias ppp-compress-21 bsd_comp > > alias ppp-compress-24 ppp_deflate > > alias ppp-compress-26 ppp_deflate > > > > Does your linux kernel/ppp support mppe. i.e. Does the ppp_mppe.o module > > exist? > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From sagar at cwlglobal.com Tue Mar 12 08:31:38 2002 From: sagar at cwlglobal.com (Sagar Srivastava) Date: Tue, 12 Mar 2002 20:01:38 +0530 Subject: [pptp-server] module ppp-compress-18 error! References: <90769AF04F76D41186C700A0C90AFC3EEA72@defiant.infohiiway.com> <003a01c1c9cb$1c674ac0$de5fa4a4@qs1905> <1015942384.1767.17.camel@richard> Message-ID: <008e01c1c9d2$9eb91790$de5fa4a4@qs1905> Dear Vroede, Does that mean I have to compile the kernel? I am already running important configuration/servers on this machine. It is an SMP kernel that I am using. Thanks Sagar > RedHat 7.2. That's nice, because now you can go to > http://devel.linvision.com and get the kernel-2.4.9-31mppe, > kernel-headers-2.4.9-31mppe, pppd-2.4.1-3mppe and pptpd-1.1.2-2 RPMS. > Just install them, the modules.conf file will be automagically adapted. > Tweak the configfile /etc/pptpd.conf and add some users to your > chap-secrets file either manually or with the vpnuser script and you're > ready to go. From sagar at cwlglobal.com Tue Mar 12 08:33:11 2002 From: sagar at cwlglobal.com (Sagar Srivastava) Date: Tue, 12 Mar 2002 20:03:11 +0530 Subject: [pptp-server] module ppp-compress-18 error! References: <90769AF04F76D41186C700A0C90AFC3EEA72@defiant.infohiiway.com> <003a01c1c9cb$1c674ac0$de5fa4a4@qs1905> <1015942384.1767.17.camel@richard> Message-ID: <009201c1c9d2$d6255310$de5fa4a4@qs1905> And my kernel is actually 2.4.7-10. Sorry for my ignorance. Sagar > RedHat 7.2. That's nice, because now you can go to > http://devel.linvision.com and get the kernel-2.4.9-31mppe, > kernel-headers-2.4.9-31mppe, pppd-2.4.1-3mppe and pptpd-1.1.2-2 RPMS. > Just install them, the modules.conf file will be automagically adapted. > Tweak the configfile /etc/pptpd.conf and add some users to your > chap-secrets file either manually or with the vpnuser script and you're > ready to go. From r.devroede at linvision.com Tue Mar 12 08:48:24 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 12 Mar 2002 15:48:24 +0100 Subject: [pptp-server] module ppp-compress-18 error! In-Reply-To: <008e01c1c9d2$9eb91790$de5fa4a4@qs1905> References: <90769AF04F76D41186C700A0C90AFC3EEA72@defiant.infohiiway.com> <003a01c1c9cb$1c674ac0$de5fa4a4@qs1905> <1015942384.1767.17.camel@richard> <008e01c1c9d2$9eb91790$de5fa4a4@qs1905> Message-ID: <1015944504.2148.39.camel@richard> Dear Sagar, Then get the kernel-2.4.9-31mppe Source RPM, "install" it and rpmbuild it to your needs (SMP, patches other than mppe or RedHat defaults) then install it. or patch your old kernel with http://mirror.binarix.com/ppp-mppe/linux-2.4.16-openssl-0.9.6b-mppe.patch.gz and recompile that. Either way, you have to do some work. You do have to get and install the pppd-2.4.1 and pptpd-1.1.2 RPMS though. They make your modules.conf happy ;-) Regards, Richard > Dear Vroede, > > Does that mean I have to compile the kernel? I am already running important > configuration/servers on this machine. It is an SMP kernel that I am using. > > Thanks > Sagar > > > > RedHat 7.2. That's nice, because now you can go to > > http://devel.linvision.com and get the kernel-2.4.9-31mppe, > > kernel-headers-2.4.9-31mppe, pppd-2.4.1-3mppe and pptpd-1.1.2-2 RPMS. > > Just install them, the modules.conf file will be automagically adapted. > > Tweak the configfile /etc/pptpd.conf and add some users to your > > chap-secrets file either manually or with the vpnuser script and you're > > ready to go. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From pignoloni at osratoscana.it Tue Mar 12 09:20:26 2002 From: pignoloni at osratoscana.it (Massimo Pignoloni) Date: Tue, 12 Mar 2002 16:20:26 +0100 Subject: [pptp-server] Need a fixed ip for a windows client. Message-ID: <5BB14CE8BF4F13438C4D1599786E4E170E56B7@NT2.arpel.mail2000.it> I have a problem to configure a Poptop to assign a fix ip to a client. Help me Tanks Massimo From r.devroede at linvision.com Tue Mar 12 09:33:31 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 12 Mar 2002 16:33:31 +0100 Subject: [pptp-server] Need a fixed ip for a windows client. In-Reply-To: <5BB14CE8BF4F13438C4D1599786E4E170E56B7@NT2.arpel.mail2000.it> References: <5BB14CE8BF4F13438C4D1599786E4E170E56B7@NT2.arpel.mail2000.it> Message-ID: <1015947211.2148.49.camel@richard> In your /etc/pptpd.conf you specified the range of ip's for the clients. In your chap-secrets file you use: username server password ip so do this: * Regards, Richard > I have a problem to configure a Poptop > to assign a fix ip to a client. > Help me > Tanks > Massimo > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From kszymanski at bs-networks.de Tue Mar 12 14:20:03 2002 From: kszymanski at bs-networks.de (Kai Szymanski) Date: Tue, 12 Mar 2002 21:20:03 +0100 Subject: [pptp-server] pptpd & kernel 2.4.16 In-Reply-To: <000e01c1c967$118d9370$8265a8c0@voyager> References: <000e01c1c967$118d9370$8265a8c0@voyager> Message-ID: <200203122004.g2CK4Zp04468@www.bs-networks.de> Hi David, thanks for your answer. > You should check if you have ip_gre.o build with your kernel. > And when it's a module, that it is loaded. www:/home/kai # lsmod Module Size Used by Tainted: P ppp_mppe 20160 0 (unused) ipip 5760 0 (unused) ppp_deflate 39456 0 (autoclean) bsd_comp 4032 0 (autoclean) ppp_async 6080 0 (autoclean) ipv6 124480 -1 (autoclean) ppp_generic 17704 0 [ppp_mppe ppp_deflate bsd_comp ppp_async] slhc 4416 0 [ppp_generic] evdev 3904 0 (unused) input 3072 0 [evdev] uhci 23624 0 (unused) usbcore 47584 1 [uhci] dmfe 13564 1 (autoclean) 8139too 12896 1 (autoclean) iptable_nat 12564 0 (autoclean) (unused) ip_conntrack 12620 1 (autoclean) [iptable_nat] ipt_LOG 3200 13 (autoclean) ipt_limit 960 2 (autoclean) iptable_filter 1728 0 (autoclean) (unused) ip_tables 10304 6 [iptable_nat ipt_LOG ipt_limit iptable_filter] ip_gre 7616 0 (unused) ext3 58432 3 jbd 41684 3 [ext3] > If you have to rebuild your kernel, I suggest upgrading to 2.4.18. > The linux-2.4.16-openssl-0.9.6b-mppe.patch will work ... I allways rebuild my kernel with patch installed :) But this have no affect. Also my modules.conf is ok (i check this several times). Does it work with kernel 2.4.18 right (if i apply the patch) ? Thanks! > Regards, > > David van Vyfeyken Best regards, Kai. -- Kai Szymanski BS Networks http://www.bs-networks.de From david at vanvyfeyken.nl Tue Mar 12 15:42:38 2002 From: david at vanvyfeyken.nl (David van Vyfeyken) Date: Tue, 12 Mar 2002 22:42:38 +0100 Subject: [pptp-server] pptpd & kernel 2.4.16 In-Reply-To: <200203122004.g2CK4Zp04468@www.bs-networks.de> Message-ID: <008c01c1ca0e$d4a9df60$8265a8c0@voyager> Hi Kai, Looks oke to me ... Does your server allow incoming traffic to ports 47 and 1723 ? And I am using pptp with ppp_mppe on linux-2.4.18 and it works great .. Including autoloading the modules and everything. Regards, David -----Original Message----- From: Kai Szymanski [mailto:kszymanski at bs-networks.de] Sent: Tuesday, March 12, 2002 9:20 PM To: David van Vyfeyken; pptp-server at lists.schulte.org Subject: Re: [pptp-server] pptpd & kernel 2.4.16 Hi David, thanks for your answer. > You should check if you have ip_gre.o build with your kernel. And when > it's a module, that it is loaded. www:/home/kai # lsmod Module Size Used by Tainted: P ppp_mppe 20160 0 (unused) ipip 5760 0 (unused) ppp_deflate 39456 0 (autoclean) bsd_comp 4032 0 (autoclean) ppp_async 6080 0 (autoclean) ipv6 124480 -1 (autoclean) ppp_generic 17704 0 [ppp_mppe ppp_deflate bsd_comp ppp_async] slhc 4416 0 [ppp_generic] evdev 3904 0 (unused) input 3072 0 [evdev] uhci 23624 0 (unused) usbcore 47584 1 [uhci] dmfe 13564 1 (autoclean) 8139too 12896 1 (autoclean) iptable_nat 12564 0 (autoclean) (unused) ip_conntrack 12620 1 (autoclean) [iptable_nat] ipt_LOG 3200 13 (autoclean) ipt_limit 960 2 (autoclean) iptable_filter 1728 0 (autoclean) (unused) ip_tables 10304 6 [iptable_nat ipt_LOG ipt_limit iptable_filter] ip_gre 7616 0 (unused) ext3 58432 3 jbd 41684 3 [ext3] > If you have to rebuild your kernel, I suggest upgrading to 2.4.18. The > linux-2.4.16-openssl-0.9.6b-mppe.patch will work ... I allways rebuild my kernel with patch installed :) But this have no affect. Also my modules.conf is ok (i check this several times). Does it work with kernel 2.4.18 right (if i apply the patch) ? Thanks! > Regards, > > David van Vyfeyken Best regards, Kai. -- Kai Szymanski BS Networks http://www.bs-networks.de From truin at enterprise.truin.com Tue Mar 12 16:17:25 2002 From: truin at enterprise.truin.com (truin at enterprise.truin.com) Date: Tue, 12 Mar 2002 15:17:25 -0700 (MST) Subject: [pptp-server] pptpd & kernel 2.4.16 In-Reply-To: <008c01c1ca0e$d4a9df60$8265a8c0@voyager> Message-ID: Port 47? Um, PPTPd only needs port 1723, and GRE (which is *protocol* 47, like TCP is protocl 6 and UDP is protocl 17)... -=T=- On Tue, 12 Mar 2002, David van Vyfeyken wrote: > Hi Kai, > > Looks oke to me ... > Does your server allow incoming traffic to ports 47 and 1723 ? > > And I am using pptp with ppp_mppe on linux-2.4.18 and it works great .. > Including autoloading the modules and everything. > > Regards, > David > > > -----Original Message----- > From: Kai Szymanski [mailto:kszymanski at bs-networks.de] > Sent: Tuesday, March 12, 2002 9:20 PM > To: David van Vyfeyken; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] pptpd & kernel 2.4.16 > > > Hi David, > > thanks for your answer. > > > You should check if you have ip_gre.o build with your kernel. And when > > it's a module, that it is loaded. > > www:/home/kai # lsmod > > Module Size Used by Tainted: P > ppp_mppe 20160 0 (unused) > ipip 5760 0 (unused) > ppp_deflate 39456 0 (autoclean) > bsd_comp 4032 0 (autoclean) > ppp_async 6080 0 (autoclean) > ipv6 124480 -1 (autoclean) > ppp_generic 17704 0 [ppp_mppe ppp_deflate bsd_comp > ppp_async] > slhc 4416 0 [ppp_generic] > evdev 3904 0 (unused) > input 3072 0 [evdev] > uhci 23624 0 (unused) > usbcore 47584 1 [uhci] > dmfe 13564 1 (autoclean) > 8139too 12896 1 (autoclean) > iptable_nat 12564 0 (autoclean) (unused) > ip_conntrack 12620 1 (autoclean) [iptable_nat] > ipt_LOG 3200 13 (autoclean) > ipt_limit 960 2 (autoclean) > iptable_filter 1728 0 (autoclean) (unused) > ip_tables 10304 6 [iptable_nat ipt_LOG ipt_limit > iptable_filter] > ip_gre 7616 0 (unused) > ext3 58432 3 > jbd 41684 3 [ext3] > > > If you have to rebuild your kernel, I suggest upgrading to 2.4.18. The > > linux-2.4.16-openssl-0.9.6b-mppe.patch will work ... > > I allways rebuild my kernel with patch installed :) But this have no > affect. > Also my modules.conf is ok (i check this several times). > > Does it work with kernel 2.4.18 right (if i apply the patch) ? > > Thanks! > > > Regards, > > > > David van Vyfeyken > > Best regards, > Kai. > > From kszymanski at bs-networks.de Tue Mar 12 16:47:22 2002 From: kszymanski at bs-networks.de (Kai Szymanski) Date: Tue, 12 Mar 2002 23:47:22 +0100 Subject: [pptp-server] pptpd & kernel 2.4.16 In-Reply-To: <008c01c1ca0e$d4a9df60$8265a8c0@voyager> References: <008c01c1ca0e$d4a9df60$8265a8c0@voyager> Message-ID: <200203122231.g2CMVtp09480@www.bs-networks.de> Hi David, > Looks oke to me ... > Does your server allow incoming traffic to ports 47 and 1723 ? Jep (on Port 1723 ;). I try do shutdown the firewall and connect...same affect. As i said in the next message a connect with windows clients works well (urgs... :). > And I am using pptp with ppp_mppe on linux-2.4.18 and it works great .. > Including autoloading the modules and everything. With patches installed for kernel and pppd 2.4.1 ? > Regards, > David Best regards, Kai. -- Kai Szymanski BS Networks http://www.bs-networks.de From bnegrao at engepel.com.br Wed Mar 13 13:56:16 2002 From: bnegrao at engepel.com.br (=?iso-8859-1?Q?Bruno_Negr=E3o?=) Date: Wed, 13 Mar 2002 16:56:16 -0300 Subject: [pptp-server] module ppp-compress-18 error! References: <90769AF04F76D41186C700A0C90AFC3EEA72@defiant.infohiiway.com> <003a01c1c9cb$1c674ac0$de5fa4a4@qs1905> <1015942384.1767.17.camel@richard> Message-ID: <001301c1cac9$22cbbfa0$5100a8c0@plugway.com.br> Hi Richard, Will these rpms work with the 2.4.9-18 kernel from Red Hat? ???? ----- Original Message ----- From: "R. de Vroede" To: "Sagar Srivastava" Cc: "Cowles, Steve" ; Sent: Tuesday, March 12, 2002 11:13 AM Subject: Re: [pptp-server] module ppp-compress-18 error! > RedHat 7.2. That's nice, because now you can go to > http://devel.linvision.com and get the kernel-2.4.9-31mppe, > kernel-headers-2.4.9-31mppe, pppd-2.4.1-3mppe and pptpd-1.1.2-2 RPMS. > Just install them, the modules.conf file will be automagically adapted. > Tweak the configfile /etc/pptpd.conf and add some users to your > chap-secrets file either manually or with the vpnuser script and you're > ready to go. > > > Have fun! > Richard de Vroede > > > I dont have these modules in my machine at all. please tell me how and where > > to obtain them. I am using Red Hat 7.2 with > > http://www.infohiiway.com/download/pptp/2.4.x/patches/ppp-2.4.1-MSCHAPv2-fix > > .patch.gz > > > > > > Thanks, > > Sagar, India > > > > > > > > > > Have you added the following to your /etc/modules.conf file??? > > > > > > alias char-major-108 ppp_generic > > > alias tty-ldisc-3 ppp_async > > > alias tty-ldisc-14 ppp_synctty > > > alias ppp-compress-18 ppp_mppe > > > alias ppp-compress-21 bsd_comp > > > alias ppp-compress-24 ppp_deflate > > > alias ppp-compress-26 ppp_deflate > > > > > > Does your linux kernel/ppp support mppe. i.e. Does the ppp_mppe.o module > > > exist? > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From byrdr at corp.earthlink.net Wed Mar 13 14:55:55 2002 From: byrdr at corp.earthlink.net (Bo Byrd) Date: Wed, 13 Mar 2002 15:55:55 -0500 Subject: [pptp-server] pptpd.init?? Message-ID: <000d01c1cad1$7af02a60$0345a8c0@bbyrd> I installed pptpd-inittab-1.0.1-1.i386.rpm on my mandrake machine....I can connect and am working without any encrpytion right now, but I have a few questions. How many simultaneous users can pptpd support? I didn't find a pptpd.init file anywhere and a "ps -auwx" shows "/usr/sbin/pptpd -f" in the list....right now my pptpd is getting run by inittab but there were some instructions on #ing that entry in innittab and making it run as a daemon by modifying the pptpd.init file but I don't see that file anywhere. Basically I need pptpd to restart itself in event something closes it down. I'm sure I'll have some more as I attempt to get M$-CHAPv2 encryption support added...im off to recompile wish me luck! Thanks, Bo From allanc at caldera.com Wed Mar 13 15:04:35 2002 From: allanc at caldera.com (Allan Clark) Date: Wed, 13 Mar 2002 16:04:35 -0500 Subject: [pptp-server] pptpd.init?? References: <000d01c1cad1$7af02a60$0345a8c0@bbyrd> Message-ID: <3C8FBEE3.D755605C@caldera.com> Bo; I'm the guy that originally wrote the inittab stuff (originally on redhat). I'm a big proponent of inittab, and hate the /etc/rc.d/blah/blah fire-and-forget scripts. > I didn't find a pptpd.init file anywhere and a "ps -auwx" shows > "/usr/sbin/pptpd -f" in the list....right now my pptpd is getting run by > inittab but there were some instructions on #ing that entry in innittab > and making it run as a daemon by modifying the pptpd.init file but I > don't see that file anywhere. The changes are made directly into the inittab as opposed to changing a file that would get read into or incorporated into /etc/inittab... I tihnk I was using a RH-6.2 to do this, which didn't include directories at the time. > Basically I need pptpd to restart itself in event something closes it down. init will restart pptpd if it stops. Plain and simple. If you're not sure, kill it, and watch it come back. Allan Bo Byrd wrote: > > I installed pptpd-inittab-1.0.1-1.i386.rpm on my mandrake machine....I > can connect and am working without any encrpytion right now, but I have > a few questions. > > How many simultaneous users can pptpd support? > > I didn't find a pptpd.init file anywhere and a "ps -auwx" shows > "/usr/sbin/pptpd -f" in the list....right now my pptpd is getting run by > inittab but there were some instructions on #ing that entry in innittab > and making it run as a daemon by modifying the pptpd.init file but I > don't see that file anywhere. Basically I need pptpd to restart itself > in event something closes it down. > > I'm sure I'll have some more as I attempt to get M$-CHAPv2 encryption > support added...im off to recompile wish me luck! > > Thanks, > Bo > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From agarcia at igalia.com Thu Mar 14 06:43:40 2002 From: agarcia at igalia.com (Alberto =?iso-8859-1?Q?Garc=EDa?=) Date: Thu, 14 Mar 2002 13:43:40 +0100 Subject: [pptp-server] Emulating a LAN over Internet Message-ID: <20020314124340.GA1854@idefix.local.igalia.com> Hi, I'd like to know the problems of this setup: ,---------. Priv ,--------. ,--------. | Windows | LAN | NAT | (Internet) | PoPToP | | Client |--------| Router |- - - - - - - - - - - -| Server | `---------' `--------' `--------' | |Private |LAN | ,---------. | Windows | | Client | `---------' I tested this and it works: both Windows client establish a PPP connection with the PoPToP server, and both can see each other using the virtual IP addresses. Now I have some questions: - Broadcast traffic from one Windows host doesn't reach the other, but it does reach the PPTP server (tested with tcpdump). Is there any generic way for achieving this? Could it be possible to do some kind of PPP bridge so that both clients behave as if they were in the same LAN? - At this moment, when a client connects to the PoPToP server, the server chooses a free IP from the range specified in the configuration. I'd like to know if this could be more configurable: the server chooses an address depending on which client establishes the connection. Could it be possible? - Is there any problem if two or more NAT'd clients on the same subnet connect to the PoPToP server using the same public IP? Well, I think that's all :-) Thanks in advance. From natecars at real-time.com Thu Mar 14 14:51:13 2002 From: natecars at real-time.com (Nate Carlson) Date: Thu, 14 Mar 2002 14:51:13 -0600 (CST) Subject: [pptp-server] Kernel panic with 2.4.17-2.4.19pre2 + Win98 client Message-ID: Hey guys, Been having a really weird issue with one of our clients. We've got PPTPD (tried both 1.0.1 and 1.1.2) running on a gateway box we put out at a client site, and whenever a client connects to it with Windows 98 or Windows 98se and transfers a big file, the Linux box goes into a kernel panic with the process 'pptpctrl', and locks hard. Kernel is fairly vanilla. The kernel we are running right now is 2.4.19pre2 with the 'linux-2.4.16-openssl-0.9.6b-mppe.patch' patch. We've tried 2.4.17 with much older patches, and 2.4.18 with the above patches; neither works. We're running PPPD v2.4.1 with the following patches: ppp-2.4.1-openssl-0.9.6-mppe-patch ppp-2.3.11-require_mppe.patch ppp-2.3.10-strip_domain.patch ppp-2.4.1-MSCHAPv2-fix.patch If we turn off encryption, everything works fine, and if we connect from a Windows 2000 or Windows XP system, everything works fine (with encryption turned on). We've swapped the machine running pptpd out; exact same symptoms. Nothing weird running on the box, except for typical iptables modules and such. I've attached the ksymoops output of the kernel panic; anyone have any ideas on what could possibly cause this? -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From natecars at real-time.com Thu Mar 14 14:52:40 2002 From: natecars at real-time.com (Nate Carlson) Date: Thu, 14 Mar 2002 14:52:40 -0600 (CST) Subject: [pptp-server] Re: Kernel panic with 2.4.17-2.4.19pre2 + Win98 client In-Reply-To: Message-ID: On Thu, 14 Mar 2002, Nate Carlson wrote: > I've attached the ksymoops output of the kernel panic; anyone have any > ideas on what could possibly cause this? Ugh, no I didn't. :) Here it is. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: pptpctrl-oops.txt URL: From charlieb at e-smith.com Thu Mar 14 15:02:44 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 14 Mar 2002 16:02:44 -0500 (EST) Subject: [pptp-server] Kernel panic with 2.4.17-2.4.19pre2 + Win98 client In-Reply-To: Message-ID: On Thu, 14 Mar 2002, Nate Carlson wrote: > We've got PPTPD (tried both 1.0.1 and 1.1.2) running on a gateway box we > put out at a client site, and whenever a client connects to it with > Windows 98 or Windows 98se and transfers a big file, the Linux box goes > into a kernel panic with the process 'pptpctrl', and locks hard. ... > If we turn off encryption, everything works fine, and if we connect from a > Windows 2000 or Windows XP system, everything works fine (with encryption > turned on). We've swapped the machine running pptpd out; exact same > symptoms. Nothing weird running on the box, except for typical iptables > modules and such. > > I've attached the ksymoops output of the kernel panic; anyone have any > ideas on what could possibly cause this? I think that you'd have more chance of getting useful help on a list populated by folk used to doing kernel debugging. Obviously the encryption module is the chief suspect, but it could be a bug elsewhere in the kernel. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From natecars at real-time.com Thu Mar 14 15:08:14 2002 From: natecars at real-time.com (Nate Carlson) Date: Thu, 14 Mar 2002 15:08:14 -0600 (CST) Subject: [pptp-server] Kernel panic with 2.4.17-2.4.19pre2 + Win98 client In-Reply-To: Message-ID: On Thu, 14 Mar 2002, Charlie Brady wrote: > I think that you'd have more chance of getting useful help on a list > populated by folk used to doing kernel debugging. Obviously the > encryption module is the chief suspect, but it could be a bug > elsewhere in the kernel. Already posted to LKML; no response, as usual. :( -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From igor at br.inter.net Thu Mar 14 21:12:16 2002 From: igor at br.inter.net (=?iso-8859-1?Q?Igor_Maciel_Maca=FAbas?=) Date: Fri, 15 Mar 2002 00:12:16 -0300 Subject: [pptp-server] MAXCONNECTIONS Message-ID: <00bd01c1cbcf$36ecec50$6470b8c8@igor> Hello all, Usually, when I compile pptpd, I go to the file pptpd-1.x.x/defaults.h and set the MAXCONNECTIONS variable to whathever I want. Sometimes it's lower than 100, and other times it's higher of 250. How can I see the number of the MAXCONNECTIONS that was setted at compile time? I guess that is something like ./pptpd -- .. but what's ? Is there any way of seeing it? Regards, Igor -- igor at br.inter.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From r.devroede at linvision.com Fri Mar 15 04:08:24 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 15 Mar 2002 11:08:24 +0100 Subject: [pptp-server] Kernel panic with 2.4.17-2.4.19pre2 + Win98 client In-Reply-To: References: Message-ID: <1016186904.2106.24.camel@richard> Hmm. Just maybe.... Check this out (Quote-malformed set of compressed data-Unquote): *** {02.10.014} Cross - zlib double free decompression bug zlib library prior to version 1.1.4 contains a bug that could allow a particularly malformed set of compressed data to execute arbitrary code. All programs that use zlib are vulnerable. Programs could include SSH, GPG and VNC. Updated source is available at: http://www.zlib.org Updated EnGarde RPMs: http://archives.neohapsis.com/archives/linux/engarde/2002-q1/0014.html Updated RedHat RPMs: http://archives.neohapsis.com/archives/linux/redhat/2002-q1/0107.html Updated SuSE RPMs: http://archives.neohapsis.com/archives/linux/suse/2002-q1/1636.html Updated Debian DEBs: http://archives.neohapsis.com/archives/vendor/2002-q1/0062.html Source: EnGarde, RedHat, SuSE, Debian, SecurityFocus Bugtraq http://archives.neohapsis.com/archives/bugtraq/2002-03/0111.html http://archives.neohapsis.com/archives/linux/engarde/2002-q1/0014.html http://archives.neohapsis.com/archives/linux/redhat/2002-q1/0107.html http://archives.neohapsis.com/archives/linux/suse/2002-q1/1636.html http://archives.neohapsis.com/archives/vendor/2002-q1/0062.html > On Thu, 14 Mar 2002, Charlie Brady wrote: > > I think that you'd have more chance of getting useful help on a list > > populated by folk used to doing kernel debugging. Obviously the > > encryption module is the chief suspect, but it could be a bug > > elsewhere in the kernel. > > Already posted to LKML; no response, as usual. :( > > -- > Nate Carlson | Phone : (952)943-8700 > http://www.real-time.com | Fax : (952)943-8500 > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From natecars at real-time.com Fri Mar 15 10:35:24 2002 From: natecars at real-time.com (Nate Carlson) Date: Fri, 15 Mar 2002 10:35:24 -0600 (CST) Subject: [pptp-server] Kernel panic with 2.4.17-2.4.19pre2 + Win98 client In-Reply-To: <1016186904.2106.24.camel@richard> Message-ID: On 15 Mar 2002, R. de Vroede wrote: > Hmm. Just maybe.... Check this out (Quote-malformed set of compressed > data-Unquote): *** {02.10.014} Cross - zlib double free decompression > bug > > zlib library prior to version 1.1.4 contains a bug that could allow a > particularly malformed set of compressed data to execute arbitrary > code. All programs that use zlib are vulnerable. Programs could > include SSH, GPG and VNC. *snip* Hmm, yeah, it's a possiblity. I'll try patching the kernel and such, see if it makes a difference.. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From byrdr at corp.earthlink.net Fri Mar 15 14:33:41 2002 From: byrdr at corp.earthlink.net (Bo Byrd) Date: Fri, 15 Mar 2002 15:33:41 -0500 Subject: [pptp-server] Adding support for MS-CHAPv2 and MPPE In-Reply-To: <000d01c1cad1$7af02a60$0345a8c0@bbyrd> Message-ID: <000201c1cc60$b4c635a0$0345a8c0@bbyrd> Ok I just installed a stock Mandrake8.1 (2.4.8-26mdk) kernel and installed the pptpd-inittab-1.0.1-1.i386.rpm package and things are working fine with CHAP but I'm trying to get MSCHAPv2 and encryption. So far ive compiled the kernel twice, both times after screwing up I've just reinstalled a fresh OS from scratch, but im not ready to give up yet... Basically the instrctions given for adding MSCHASv2 and MPPE encryption are for old redhat 2.2 kernels.....Im sure things have changed since then Since Im using a 2.4 kernel do I still need to uupgrade my kernel to anything and use the kernel sources and headers for anything like the doc said for the 2.2 kernel? Also I got an error message when trying to patch with the .diff file some files were missing I suspect they werent there cause I'm using a newer version of ppp (2.4.1). Can someone point me in the right direction as far as a getting a 2.4 kernel set up as a poptop server with encryption? Cause Im lost and the reloading the os is getting frustrating... Thanks, Bo Byrd From fcusack at fcusack.com Sat Mar 16 03:26:49 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Sat, 16 Mar 2002 01:26:49 -0800 Subject: [pptp-server] Kernel panic with 2.4.17-2.4.19pre2 + Win98 client In-Reply-To: ; from natecars@real-time.com on Fri, Mar 15, 2002 at 10:35:24AM -0600 References: <1016186904.2106.24.camel@richard> Message-ID: <20020316012649.A18205@google.com> On Fri, Mar 15, 2002 at 10:35:24AM -0600, Nate Carlson wrote: > On 15 Mar 2002, R. de Vroede wrote: > > Hmm. Just maybe.... Check this out (Quote-malformed set of compressed > > data-Unquote): *** {02.10.014} Cross - zlib double free decompression > > bug > > > > zlib library prior to version 1.1.4 contains a bug that could allow a > > particularly malformed set of compressed data to execute arbitrary > > code. All programs that use zlib are vulnerable. Programs could > > include SSH, GPG and VNC. > > *snip* > > Hmm, yeah, it's a possiblity. Not really. You didn't mention if you were forcing MPPE or not. Assuming you are, the MPPE code path does not use zlib. It could only be an issue if your clients negotiate deflate compression. /fc From charlieb at e-smith.com Sat Mar 16 10:35:55 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Sat, 16 Mar 2002 11:35:55 -0500 (EST) Subject: [pptp-server] Kernel panic with 2.4.17-2.4.19pre2 + Win98 client In-Reply-To: <20020316012649.A18205@google.com> Message-ID: On Sat, 16 Mar 2002, Frank Cusack wrote: > Not really. You didn't mention if you were forcing MPPE or not. Assuming > you are, the MPPE code path does not use zlib. It could only be an issue if > your clients negotiate deflate compression. If I understand correctly, MPPE and deflate are mutually exclusive. So if you force MPPE then deflate won't be used. BTW, if you are using kernel modules, then you can build a new deflate module with corrected zlib code without rebuilding the whole kernel. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From aleksey_poptop at yahoo.com Sat Mar 16 22:55:50 2002 From: aleksey_poptop at yahoo.com (aleksey zakharov) Date: Sat, 16 Mar 2002 20:55:50 -0800 (PST) Subject: [pptp-server] PoPTop and iptables Message-ID: <20020317045550.71755.qmail@web20202.mail.yahoo.com> Hello, I have successfully set up PoPToP on my Red Hat 7.2 system. However this system is also my firewall that is using iptables. I have changed some of my iptables rules to work with VPN. It seems to be working but not exactly as I need it, because I can only VPN into my PoPTop server/firewall but not my LAN. I am pretty sure that it is because of my firewall settings. If anyone has sucessfully set up PoPTop on iptables firewall please help. Thanks allot in advance. --------------------------------- Do You Yahoo!? Yahoo! Sports - live college hoops coverage -------------- next part -------------- An HTML attachment was scrubbed... URL: From truin at enterprise.truin.com Sat Mar 16 23:13:41 2002 From: truin at enterprise.truin.com (truin at enterprise.truin.com) Date: Sat, 16 Mar 2002 22:13:41 -0700 (MST) Subject: [pptp-server] PoPTop and iptables In-Reply-To: <20020317045550.71755.qmail@web20202.mail.yahoo.com> Message-ID: I'm sure it can't be that different from ipchains. Note - you won't be able to "browse" the LAN unless you setup a WINS server, or add the nodes to your /etc/hosts (or c:\windows\hosts). At any rate, make sure your iptables are set up to forward packets from the vpn interface (ppp0) or the vpn IP network to the local LAN interface/network. That should do the trick - at least, it works for me! -=Jason=- On Sat, 16 Mar 2002, aleksey zakharov wrote: > Hello, I have successfully set up PoPToP on my Red Hat 7.2 system. However this system is also my firewall that is using iptables. I have changed some of my iptables rules to work with VPN. It seems to be working but not exactly as I need it, because I can only VPN into my PoPTop server/firewall but not my LAN. I am pretty sure that it is because of my firewall settings. If anyone has sucessfully set up PoPTop on iptables firewall please help. Thanks allot in advance. > > > --------------------------------- > Do You Yahoo!? > Yahoo! Sports - live college hoops coverage From Joe at Polcari.com Sun Mar 17 01:48:45 2002 From: Joe at Polcari.com (Joe Polcari) Date: Sun, 17 Mar 2002 02:48:45 -0500 Subject: [pptp-server] PoPTop and iptables References: <20020317045550.71755.qmail@web20202.mail.yahoo.com> Message-ID: <3C944A5D.5F7986E@Polcari.com> Aleksey, I'm using it with no problem, or was until I got laid off. I should be more specific. My home lan is using pptp to connect itself to my work lan. Home lan firewall and pptp server is multihomed. eth1 to internet via an SMC barrier to a cable modem. The SMC is also doing NAT. I am invisible to the outside. eth0 goes to my home lan on 192.168.1 network. work lan gives out addresses in 192.168.0 network. I don't think my rules have anything specific to the VPN. pptp just adds routing to the work lan on 192.168.0, when connected. The work lan gateway is 192.168.2.3 and there is also a vpn on that gateway on a 10.1.1.0 net which I get to through the same gateway (as you'll see in my pptp files) Knowing the address of the SMC and running the ssh daemon on a non-standard port (9985) allows me to get to my home lan from anywhere on the internet. You may want to leave that single rule out. (I changed the work lan addresses and the ssh port to fictional ones, but these are all still valid entries.) Hope this helps. Joe Here's my /etc/sysconfig/iptables: # /etc/sysconfig/iptables *nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] -A INPUT -m state --state INVALID -j DROP -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -s 192.168.1.0/255.255.255.0 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9985 -j ACCEPT -A INPUT -p udp -m udp --sport 53 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type fragmentation-needed -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT -A INPUT -j LOG --log-prefix DroppedINPUT: -A FORWARD -m state --state INVALID -j DROP -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -i eth0 -j ACCEPT -A FORWARD -s 192.168.1.0/255.255.255.0 -j ACCEPT -A FORWARD -d 224.0.0.1 -i ! eth0 -p 2 -j ACCEPT -A FORWARD -j LOG --log-prefix DropUnknownFwd: COMMIT Here's my pptp files which probably show some redundancy #/etc/pppd.conf noccp persist noauth lock debug multi-link proxyarp mppe-128 mppe-40 mppe-stateless lcp-echo-failure 1000 lcp-echo-interval 1000 ipcp-accept-local ipcp-accept-remote defaultroute -am kdebug 7 ktune bsdcomp 15 deflate 15 ms-wins 192.168.0.122 mtu 1392 mru 1364 # /etc/ppp/chap-secrets # client server secret IP addresses jpolcari PPTP xxxxxx * PPTP jpolcari xxxxxx * #/etc/ppp/options is a link to /etc/ppp/options.pptp #/etc/ppp/options noccp persist noauth lock debug #proxyarp #chap #chapms #chapms-v2 mppe-128 mppe-40 mppe-stateless lcp-echo-failure 1000 lcp-echo-interval 1000 ipcp-accept-local ipcp-accept-remote defaultroute #noipdefault kdebug 7 name jpolcari remotename PPTP -am ms-dns 192.168.0.122 ms-wins 192.168.0.122 mtu 1400 # /etc/ppp/peers/TilionVPN # there is also a link from __default to this file in the same directory # PPTP Tunnel configuration for tunnel TilionVPN # Server IP: 12.40.48.225 # Route: add -net 192.168.0.0/24 gw 192.168.2.3 # Route: add -net 10.1.1.0/24 gw 192.168.2.3 ######## Route: del default ######## Route: add -net 0/0 gw 192.168.2.3 # # Tags for CHAP secret selection # name jpolcari remotename PPTP # # Include the main PPTP configuration file # file /etc/ppp/options.pptp I bring ther vpn up and down with pptp-command [start|stop] I hope all this helps. Joe aleksey zakharov wrote: > Hello, I have successfully set up PoPToP on my Red Hat 7.2 system. > However this system is also my firewall that is using iptables. I have > changed some of my iptables rules to work with VPN. It seems to be > working but not exactly as I need it, because I can only VPN into my > PoPTop server/firewall but not my LAN. I am pretty sure that it is > because of my firewall settings. If anyone has sucessfully set up > PoPTop on iptables firewall please help. Thanks allot in advance. > > > ----------------------------------------------------------------------- > Do You Yahoo!? > Yahoo! Sports - live college hoops coverage -------------- next part -------------- An HTML attachment was scrubbed... URL: From fcusack at fcusack.com Sun Mar 17 07:29:27 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Sun, 17 Mar 2002 05:29:27 -0800 Subject: [pptp-server] Kernel panic with 2.4.17-2.4.19pre2 + Win98 client In-Reply-To: ; from charlieb@e-smith.com on Sat, Mar 16, 2002 at 11:35:55AM -0500 References: <20020316012649.A18205@google.com> Message-ID: <20020317052927.E5266@google.com> On Sat, Mar 16, 2002 at 11:35:55AM -0500, Charlie Brady wrote: > > On Sat, 16 Mar 2002, Frank Cusack wrote: > > > Not really. You didn't mention if you were forcing MPPE or not. Assuming > > you are, the MPPE code path does not use zlib. It could only be an issue if > > your clients negotiate deflate compression. > > If I understand correctly, MPPE and deflate are mutually exclusive. So if > you force MPPE then deflate won't be used. Correct. /fc From Joe at Polcari.com Sun Mar 17 14:43:18 2002 From: Joe at Polcari.com (Joe Polcari) Date: Sun, 17 Mar 2002 15:43:18 -0500 Subject: [pptp-server] PoPTop and iptables References: <20020317192830.44312.qmail@web20201.mail.yahoo.com> Message-ID: <3C94FFE5.6ABC8BFE@Polcari.com> W?????????\?g????j??y?h???{???,?w ??y????z??q?"??Z?W???-????)??v?4@??????Z??)?+a??????!???&???s??v?^??'}*&z?n}???????????z???G??????&r& -------------- next part -------------- An HTML attachment was scrubbed... URL: From r.devroede at linvision.com Mon Mar 18 02:40:54 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 18 Mar 2002 09:40:54 +0100 Subject: [pptp-server] Adding support for MS-CHAPv2 and MPPE In-Reply-To: <000201c1cc60$b4c635a0$0345a8c0@bbyrd> References: <000201c1cc60$b4c635a0$0345a8c0@bbyrd> Message-ID: <1016440854.1794.2.camel@richard> Go to http://mirror.binarix.com/ppp-mppe/ and get Charles Howes' linux-2.4.16-openssl-0.9.6b-mppe.patch.gz Should work for kernel 2.4.x And it doesn't mean you have to install openssl-0.9.6b, but it's based on it. Regards, Richard de Vroede On Fri, 2002-03-15 at 21:33, Bo Byrd wrote: > Ok I just installed a stock Mandrake8.1 (2.4.8-26mdk) kernel and > installed the pptpd-inittab-1.0.1-1.i386.rpm package and things are > working fine with CHAP but I'm trying to get MSCHAPv2 and encryption. > > So far ive compiled the kernel twice, both times after screwing up I've > just reinstalled a fresh OS from scratch, but im not ready to give up > yet... > > Basically the instrctions given for adding MSCHASv2 and MPPE encryption > are for old redhat 2.2 kernels.....Im sure things have changed since > then > > Since Im using a 2.4 kernel do I still need to uupgrade my kernel to > anything and use the kernel sources and headers for anything like the > doc said for the 2.2 kernel? > > Also I got an error message when trying to patch with the .diff file > some files were missing I suspect they werent there cause I'm using a > newer version of ppp (2.4.1). > > Can someone point me in the right direction as far as a getting a 2.4 > kernel set up as a poptop server with encryption? Cause Im lost and the > reloading the os is getting frustrating... > > > Thanks, > Bo Byrd > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From aaractingi at libertysurf.fr Mon Mar 18 06:09:41 2002 From: aaractingi at libertysurf.fr (Alexandre Aractingi) Date: Mon, 18 Mar 2002 12:09:41 +0000 Subject: [pptp-server] Dynamic routes when mounting a PPTP tunnel Message-ID: Hi, I use the PPTP server on a Debian system. It works wonderfully (thanks!) and I'd like to be able to establish dynamic routes as clients establish tunnels, in order to route trafic for machines that are behind the client... I assign static IP addresses in /etc/ppp/chap-secrets, is there a way to also specify routes to be mounted? Thanks a lot to everyone, Alex -------------- Profitez de l'offre sp?ciale Tiscali Liberty Surf ! 50% de temps en plus pendant 3 mois sur tous les forfaits Internet. http://register.libertysurf.fr/subscribe_fr/signup.php3 From lists at earthling.2y.net Mon Mar 18 06:41:48 2002 From: lists at earthling.2y.net (lists at earthling.2y.net) Date: Mon, 18 Mar 2002 07:41:48 -0500 (EST) Subject: [pptp-server] Dynamic routes when mounting a PPTP tunnel In-Reply-To: Message-ID: see http://lwolenczak.net/LinkingNets.html It boils down to you will need some shell scripts and/or a routing protocol. The deal is.... there is no EASY way to do it, but it can be done. On Mon, 18 Mar 2002, Alexandre Aractingi wrote: > Hi, > I use the PPTP server on a Debian system. It works > wonderfully (thanks!) and I'd like to be able to > establish dynamic routes as clients establish tunnels, in > order to route trafic for machines that are behind the > client... > I assign static IP addresses in /etc/ppp/chap-secrets, is > there a way to also specify routes to be mounted? > Thanks a lot to everyone, > Alex > > -------------- > Profitez de l'offre sp?ciale Tiscali Liberty Surf ! > 50% de temps en plus pendant 3 mois sur tous les forfaits Internet. > > http://register.libertysurf.fr/subscribe_fr/signup.php3 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > -- Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net From Joe at Polcari.com Mon Mar 18 08:08:03 2002 From: Joe at Polcari.com (Joe Polcari) Date: Mon, 18 Mar 2002 09:08:03 -0500 Subject: [pptp-server] Dynamic routes when mounting a PPTP tunnel References: Message-ID: <3C95F4C3.8C216BD4@Polcari.com> Do a search for pptp-command this should help you, if not, edit the script and see what he does. Alexandre Aractingi wrote: > Hi, > I use the PPTP server on a Debian system. It works > wonderfully (thanks!) and I'd like to be able to > establish dynamic routes as clients establish tunnels, in > order to route trafic for machines that are behind the > client... > I assign static IP addresses in /etc/ppp/chap-secrets, is > there a way to also specify routes to be mounted? > Thanks a lot to everyone, > Alex > > -------------- > Profitez de l'offre sp?ciale Tiscali Liberty Surf ! > 50% de temps en plus pendant 3 mois sur tous les forfaits Internet. > > http://register.libertysurf.fr/subscribe_fr/signup.php3 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From jvonau at shaw.ca Mon Mar 18 07:37:19 2002 From: jvonau at shaw.ca (Jerry Vonau) Date: Mon, 18 Mar 2002 07:37:19 -0600 Subject: [pptp-server] Dynamic routes when mounting a PPTP tunnel References: Message-ID: <3C95ED8F.2710E2F9@shaw.ca> In RH I use /etc/ppp/ip-up.local: case $5 in 10.2.0.140) /sbin/route add -net 10.1.0.0 netmask 255.255.255.0 dev $1 ... ;; 10.2.0.141) /sbin/route add -net 10.3.0.0 netmask 255.255.255.0 dev $1 ... ;; esac Hope it helps. Jerry Vonau Alexandre Aractingi wrote: > > Hi, > I use the PPTP server on a Debian system. It works > wonderfully (thanks!) and I'd like to be able to > establish dynamic routes as clients establish tunnels, in > order to route trafic for machines that are behind the > client... > I assign static IP addresses in /etc/ppp/chap-secrets, is > there a way to also specify routes to be mounted? > Thanks a lot to everyone, > Alex > > -------------- > Profitez de l'offre sp?ciale Tiscali Liberty Surf ! > 50% de temps en plus pendant 3 mois sur tous les forfaits Internet. > > http://register.libertysurf.fr/subscribe_fr/signup.php3 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From byrdr at corp.earthlink.net Mon Mar 18 08:59:33 2002 From: byrdr at corp.earthlink.net (Bo Byrd) Date: Mon, 18 Mar 2002 09:59:33 -0500 Subject: [pptp-server] Adding support for MS-CHAPv2 and MPPE In-Reply-To: <1016440854.1794.2.camel@richard> Message-ID: <003b01c1ce8d$86955a10$0345a8c0@bbyrd> Hey from the looks of the readme at the binarix site it seems that you have compiled for rh72 a ppp rpm and a pptp rpm that includes support for mschapv2 and mppe....if I just loaded rh72 would that work for me? Thanks, Bo -----Original Message----- From: R. de Vroede [mailto:r.devroede at linvision.com] Sent: Monday, March 18, 2002 3:41 AM To: Bo Byrd Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Adding support for MS-CHAPv2 and MPPE Go to http://mirror.binarix.com/ppp-mppe/ and get Charles Howes' linux-2.4.16-openssl-0.9.6b-mppe.patch.gz Should work for kernel 2.4.x And it doesn't mean you have to install openssl-0.9.6b, but it's based on it. Regards, Richard de Vroede On Fri, 2002-03-15 at 21:33, Bo Byrd wrote: > Ok I just installed a stock Mandrake8.1 (2.4.8-26mdk) kernel and > installed the pptpd-inittab-1.0.1-1.i386.rpm package and things are > working fine with CHAP but I'm trying to get MSCHAPv2 and encryption. > > So far ive compiled the kernel twice, both times after screwing up > I've just reinstalled a fresh OS from scratch, but im not ready to > give up yet... > > Basically the instrctions given for adding MSCHASv2 and MPPE > encryption are for old redhat 2.2 kernels.....Im sure things have > changed since then > > Since Im using a 2.4 kernel do I still need to uupgrade my kernel to > anything and use the kernel sources and headers for anything like the > doc said for the 2.2 kernel? > > Also I got an error message when trying to patch with the .diff file > some files were missing I suspect they werent there cause I'm using a > newer version of ppp (2.4.1). > > Can someone point me in the right direction as far as a getting a 2.4 > kernel set up as a poptop server with encryption? Cause Im lost and > the reloading the os is getting frustrating... > > > Thanks, > Bo Byrd > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From fabio at ipway.com.br Mon Mar 18 10:03:18 2002 From: fabio at ipway.com.br (Fabio Oliveira) Date: Mon, 18 Mar 2002 13:03:18 -0300 Subject: RES: [pptp-server] Adding support for MS-CHAPv2 and MPPE In-Reply-To: <003b01c1ce8d$86955a10$0345a8c0@bbyrd> Message-ID: Bo, My understanding is to get only the linux-2.4.16-openssl-0.9.6b-mppe.patch.gz and compile that for your system. If you use rpm compatible system, then download the rpm package available there as well. Another option is to upgrade or install the kernel done (kernel-2.4.9-31mppe.i386.rpm), that was my choice to install mppe support in the Linux server. Is it correct people? regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Bo Byrd Enviada em: segunda-feira, 18 de mar?o de 2002 12:00 Para: pptp-server at lists.schulte.org Assunto: RE: [pptp-server] Adding support for MS-CHAPv2 and MPPE Hey from the looks of the readme at the binarix site it seems that you have compiled for rh72 a ppp rpm and a pptp rpm that includes support for mschapv2 and mppe....if I just loaded rh72 would that work for me? Thanks, Bo -----Original Message----- From: R. de Vroede [mailto:r.devroede at linvision.com] Sent: Monday, March 18, 2002 3:41 AM To: Bo Byrd Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Adding support for MS-CHAPv2 and MPPE Go to http://mirror.binarix.com/ppp-mppe/ and get Charles Howes' linux-2.4.16-openssl-0.9.6b-mppe.patch.gz Should work for kernel 2.4.x And it doesn't mean you have to install openssl-0.9.6b, but it's based on it. Regards, Richard de Vroede On Fri, 2002-03-15 at 21:33, Bo Byrd wrote: > Ok I just installed a stock Mandrake8.1 (2.4.8-26mdk) kernel and > installed the pptpd-inittab-1.0.1-1.i386.rpm package and things are > working fine with CHAP but I'm trying to get MSCHAPv2 and encryption. > > So far ive compiled the kernel twice, both times after screwing up > I've just reinstalled a fresh OS from scratch, but im not ready to > give up yet... > > Basically the instrctions given for adding MSCHASv2 and MPPE > encryption are for old redhat 2.2 kernels.....Im sure things have > changed since then > > Since Im using a 2.4 kernel do I still need to uupgrade my kernel to > anything and use the kernel sources and headers for anything like the > doc said for the 2.2 kernel? > > Also I got an error message when trying to patch with the .diff file > some files were missing I suspect they werent there cause I'm using a > newer version of ppp (2.4.1). > > Can someone point me in the right direction as far as a getting a 2.4 > kernel set up as a poptop server with encryption? Cause Im lost and > the reloading the os is getting frustrating... > > > Thanks, > Bo Byrd > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From collini at colliniconsulting.it Mon Mar 18 12:10:02 2002 From: collini at colliniconsulting.it (Collini Consulting s.a.s.) Date: Mon, 18 Mar 2002 19:10:02 +0100 Subject: [pptp-server] multiple clients from the same ip Message-ID: Hello, it some days i got this problem, and i think there is no easy way to solve it. I have a VPN poptop pptp server which listen on a refistered ip address. Everything works fine; i can connect from a windows 9x/NT/2000/XP client without any problem. My problems start when more than one client connect to the vpn server from the SAME ip; the gre protocol i think get lost and from two or more clients it doesn't work. I read in the mailing-list archive that poptop "respect" the rfc and it cannot create more than one tunnel from the same ip. Are there some new solutions continuing using poptop? If i put, on the client side, a pptp-linux-client which acts as a router for the windows client to the vpn server, do you think it should work? Thank you in advance for your kind interest, hoping hear from you soon! Francesco Collini (from Italy) From lists at colliniconsulting.it Mon Mar 18 12:13:36 2002 From: lists at colliniconsulting.it (Francesco) Date: Mon, 18 Mar 2002 19:13:36 +0100 Subject: [pptp-server] multiple clients from the same ip Message-ID: Hello, it some days i got this problem, and i think there is no easy way to solve it. I have a VPN poptop pptp server which listen on a refistered ip address. Everything works fine; i can connect from a windows 9x/NT/2000/XP client without any problem. My problems start when more than one client connect to the vpn server from the SAME ip; the gre protocol i think get lost and from two or more clients it doesn't work. I read in the mailing-list archive that poptop "respect" the rfc and it cannot create more than one tunnel from the same ip. Are there some new solutions continuing using poptop? If i put, on the client side, a pptp-linux-client which acts as a router for the windows client to the vpn server, do you think it should work? Thank you in advance for your kind interest, hoping hear from you soon! Francesco Collini (from Italy) From aleksey_poptop at yahoo.com Mon Mar 18 12:47:05 2002 From: aleksey_poptop at yahoo.com (aleksey zakharov) Date: Mon, 18 Mar 2002 10:47:05 -0800 (PST) Subject: [pptp-server] Linux Backup Solution Message-ID: <20020318184705.46373.qmail@web20205.mail.yahoo.com> Hello, this question is off the topic, however since allot of you "gurus" may have experience with this maybe you can help me as well. I am trying to implement a backup solution on our Linux R.H. 7.1 system. Since we don't have the funding to buy some thing like Veritas Net Backup, I am forced to set up some possibly Share ware backup solution. If any one had any experience implementing a stable and effective backup/restore solution either to a not too expansive tape drive or CDR w please give me some suggestions. Thanks allot in advance. --------------------------------- Do You Yahoo!? Yahoo! Sports - live college hoops coverage -------------- next part -------------- An HTML attachment was scrubbed... URL: From gstammw at gmx.net Mon Mar 18 12:56:45 2002 From: gstammw at gmx.net (Gunther Stammwitz) Date: Mon, 18 Mar 2002 19:56:45 +0100 Subject: AW: [pptp-server] multiple clients from the same ip In-Reply-To: Message-ID: give several ips to the pptp-server and let each client connect to it's "own" server. (different server ip per client) its so simple :-) -----Urspr?ngliche Nachricht----- Von: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Im Auftrag von Francesco Gesendet: Montag, 18. M?rz 2002 19:14 An: pptp-server at lists.schulte.org Betreff: [pptp-server] multiple clients from the same ip Hello, it some days i got this problem, and i think there is no easy way to solve it. I have a VPN poptop pptp server which listen on a refistered ip address. Everything works fine; i can connect from a windows 9x/NT/2000/XP client without any problem. My problems start when more than one client connect to the vpn server from the SAME ip; the gre protocol i think get lost and from two or more clients it doesn't work. I read in the mailing-list archive that poptop "respect" the rfc and it cannot create more than one tunnel from the same ip. Are there some new solutions continuing using poptop? If i put, on the client side, a pptp-linux-client which acts as a router for the windows client to the vpn server, do you think it should work? Thank you in advance for your kind interest, hoping hear from you soon! Francesco Collini (from Italy) _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From steve at ware-solutions.com Mon Mar 18 13:10:39 2002 From: steve at ware-solutions.com (Steve Williams) Date: Mon, 18 Mar 2002 12:10:39 -0700 Subject: [pptp-server] Linux Backup Solution References: <20020318184705.46373.qmail@web20205.mail.yahoo.com> Message-ID: <3C963BAF.9BA03DA3@ware-solutions.com> http://www.mondorescue.org/ aleksey zakharov wrote: > > Hello, this question is off the topic, however since allot of you "gurus" > may have experience with this maybe you can help me as well. I am trying > to implement a backup solution on our Linux R.H. 7.1 system. Since we > don't have the funding to buy some thing like Veritas Net Backup, I am > forced to set up some possibly Share ware backup solution. If any one had > any experience implementing a stable and effective backup/restore > solution either to a not too expansive tape drive or CDR w please give me > some suggestions. > > Thanks allot in advance. > > ------------------------------------------------------------------------- > Do You Yahoo!? > Yahoo! Sports - live college hoops coverage From akohlsmith at benshaw.com Mon Mar 18 13:30:41 2002 From: akohlsmith at benshaw.com (Andrew Kohlsmith) Date: Mon, 18 Mar 2002 14:30:41 -0500 Subject: [pptp-server] Linux Backup Solution In-Reply-To: <20020318184705.46373.qmail@web20205.mail.yahoo.com> References: <20020318184705.46373.qmail@web20205.mail.yahoo.com> Message-ID: <200203181430.41812@-mixdown.ca> > Hello, this question is off the topic, however since allot of you "gurus" > may have experience with this maybe you can help me as well. I am trying to > implement a backup solution on our Linux R.H. 7.1 system. Since we don't > have the funding to buy some thing like Veritas Net Backup, I am forced to > set up some possibly Share ware backup solution. If any one had any > experience implementing a stable and effective backup/restore solution > either to a not too expansive tape drive or CDR w please give me some > suggestions. I use FlexBackup (google it) -- it seems to have fallen to unmaintained code but I've never ever had a problem with it. works across networks, does incrementals, good logging. Regards, Andrew From gstammw at gmx.net Mon Mar 18 13:50:54 2002 From: gstammw at gmx.net (Gunther Stammwitz) Date: Mon, 18 Mar 2002 20:50:54 +0100 Subject: AW: [pptp-server] multiple clients from the same ip In-Reply-To: Message-ID: Hello, looks like there's no way :-(( I've tried many many hours to get it working but had no success... Looks like you need more ips. Ask your provider for a class-c-network for vpn-connections. This should work with ripe. Bye, Gunther -----Urspr?ngliche Nachricht----- Von: Fabio Oliveira [mailto:fabio at ipway.com.br] Gesendet: Montag, 18. M?rz 2002 19:59 An: Gunther Stammwitz; Francesco Betreff: RES: [pptp-server] multiple clients from the same ip Guther, But in most cases we have just one valid IP to the server. How do we do so? regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Gunther Stammwitz Enviada em: segunda-feira, 18 de mar?o de 2002 15:57 Para: Francesco; pptp-server at lists.schulte.org Assunto: AW: [pptp-server] multiple clients from the same ip give several ips to the pptp-server and let each client connect to it's "own" server. (different server ip per client) its so simple :-) -----Urspr?ngliche Nachricht----- Von: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Im Auftrag von Francesco Gesendet: Montag, 18. M?rz 2002 19:14 An: pptp-server at lists.schulte.org Betreff: [pptp-server] multiple clients from the same ip Hello, it some days i got this problem, and i think there is no easy way to solve it. I have a VPN poptop pptp server which listen on a refistered ip address. Everything works fine; i can connect from a windows 9x/NT/2000/XP client without any problem. My problems start when more than one client connect to the vpn server from the SAME ip; the gre protocol i think get lost and from two or more clients it doesn't work. I read in the mailing-list archive that poptop "respect" the rfc and it cannot create more than one tunnel from the same ip. Are there some new solutions continuing using poptop? If i put, on the client side, a pptp-linux-client which acts as a router for the windows client to the vpn server, do you think it should work? Thank you in advance for your kind interest, hoping hear from you soon! Francesco Collini (from Italy) _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From fabio at ipway.com.br Mon Mar 18 14:07:20 2002 From: fabio at ipway.com.br (Fabio Oliveira) Date: Mon, 18 Mar 2002 17:07:20 -0300 Subject: RES: [pptp-server] multiple clients from the same ip In-Reply-To: Message-ID: There is one way that is use Linux or WinNT/2000 how pptp client and make the forwarding of packets between LAN (eth0) and VPN (eth1 - pppXXX), thus every client can access another side over the VPN. Right??? suppose that model : client W9x --> Linux/WNT (PPTP Client) --> (( Internet )) --> Linux VPN server --> LAN (192.168.0.3) --> (192.168.0.1) : (200.204.53.46) ------ (200.230.76.54) : (192.168.2.1) after vpn established: (192.168.0.3) --> (192.168.0.1) :: (192.168.1.3)---- (192.168.1.2) : (192.168.2.1) ---> LAN The Linux or Win NT PPTP client needs forward packets from 192.168.0.0 /24 to 192.168.2.0/24 via VPN tunnel (192.168.1.0). You still need set up your ip-up file in the /etc/ppp directory. I think is that. regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br phone: 13-97024714 -----Mensagem original----- De: Gunther Stammwitz [mailto:gstammw at gmx.net] Enviada em: segunda-feira, 18 de mar?o de 2002 16:51 Para: Fabio Oliveira; Francesco; pptp-server at lists.schulte.org Assunto: AW: [pptp-server] multiple clients from the same ip Hello, looks like there's no way :-(( I've tried many many hours to get it working but had no success... Looks like you need more ips. Ask your provider for a class-c-network for vpn-connections. This should work with ripe. Bye, Gunther -----Urspr?ngliche Nachricht----- Von: Fabio Oliveira [mailto:fabio at ipway.com.br] Gesendet: Montag, 18. M?rz 2002 19:59 An: Gunther Stammwitz; Francesco Betreff: RES: [pptp-server] multiple clients from the same ip Guther, But in most cases we have just one valid IP to the server. How do we do so? regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Gunther Stammwitz Enviada em: segunda-feira, 18 de mar?o de 2002 15:57 Para: Francesco; pptp-server at lists.schulte.org Assunto: AW: [pptp-server] multiple clients from the same ip give several ips to the pptp-server and let each client connect to it's "own" server. (different server ip per client) its so simple :-) -----Urspr?ngliche Nachricht----- Von: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Im Auftrag von Francesco Gesendet: Montag, 18. M?rz 2002 19:14 An: pptp-server at lists.schulte.org Betreff: [pptp-server] multiple clients from the same ip Hello, it some days i got this problem, and i think there is no easy way to solve it. I have a VPN poptop pptp server which listen on a refistered ip address. Everything works fine; i can connect from a windows 9x/NT/2000/XP client without any problem. My problems start when more than one client connect to the vpn server from the SAME ip; the gre protocol i think get lost and from two or more clients it doesn't work. I read in the mailing-list archive that poptop "respect" the rfc and it cannot create more than one tunnel from the same ip. Are there some new solutions continuing using poptop? If i put, on the client side, a pptp-linux-client which acts as a router for the windows client to the vpn server, do you think it should work? Thank you in advance for your kind interest, hoping hear from you soon! Francesco Collini (from Italy) _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From lists at earthling.2y.net Mon Mar 18 15:48:49 2002 From: lists at earthling.2y.net (lists at earthling.2y.net) Date: Mon, 18 Mar 2002 16:48:49 -0500 (EST) Subject: [pptp-server] multiple clients from the same ip In-Reply-To: Message-ID: On Mon, 18 Mar 2002, Francesco wrote: > > > I read in the mailing-list archive that poptop "respect" the rfc and it > cannot create more than one tunnel from the same ip. The rfc defines a mechanism for multiple tunnels between the same two addresses. The issue is that microsoft never implmented that part of the rfc in their client. From fernando at stts.com.br Mon Mar 18 15:46:50 2002 From: fernando at stts.com.br (=?iso-8859-1?Q?Lu=EDs_Fernando?=) Date: Mon, 18 Mar 2002 18:46:50 -0300 Subject: [pptp-server] multiple clients from the same ip References: Message-ID: <008201c1cec6$6f080e90$2de9abc8@LFS2K> Fabio is absolutely right. I have this stuff running just like that way. It looks like: Site 1 ------ Windows NT Server working as a router and doing IP forwarding for many W9X/2K clients..... ....connection over the internet.... Site 2 ------ RH 7.2 serving PPTP, forwarding local IPs, being the local firewall and many others things.... It works ok. Note that you will need to take care seting the route to your "calling" site using the /etc/ppp/ip-up.local file. Hope this help a little. Regards, Fernando. ----- Original Message ----- From: "Fabio Oliveira" To: "Gunther Stammwitz" ; "Francesco" ; Sent: Monday, March 18, 2002 5:07 PM Subject: RES: [pptp-server] multiple clients from the same ip > There is one way that is use Linux or WinNT/2000 how pptp client and make > the forwarding of packets between LAN (eth0) and VPN (eth1 - pppXXX), thus > every client can access another side over the VPN. Right??? > > suppose that model : > > client W9x --> Linux/WNT (PPTP Client) --> (( Internet )) --> Linux VPN > server --> LAN > (192.168.0.3) --> (192.168.0.1) : (200.204.53.46) ------ (200.230.76.54) : > (192.168.2.1) > > after vpn established: > > (192.168.0.3) --> (192.168.0.1) :: (192.168.1.3)---- (192.168.1.2) : > (192.168.2.1) ---> LAN > > The Linux or Win NT PPTP client needs forward packets from 192.168.0.0 /24 > to 192.168.2.0/24 via VPN tunnel (192.168.1.0). > You still need set up your ip-up file in the /etc/ppp directory. > > I think is that. > > regards, > > Fabio Oliveira > IPWay - Internet Services > http://www.ipway.com.br > phone: 13-97024714 > > -----Mensagem original----- > De: Gunther Stammwitz [mailto:gstammw at gmx.net] > Enviada em: segunda-feira, 18 de mar?o de 2002 16:51 > Para: Fabio Oliveira; Francesco; pptp-server at lists.schulte.org > Assunto: AW: [pptp-server] multiple clients from the same ip > > > Hello, > > looks like there's no way :-(( > > I've tried many many hours to get it working but had no success... Looks > like you need more ips. Ask your provider for a class-c-network for > vpn-connections. This should work with ripe. > > Bye, > Gunther > > > -----Urspr?ngliche Nachricht----- > Von: Fabio Oliveira [mailto:fabio at ipway.com.br] > Gesendet: Montag, 18. M?rz 2002 19:59 > An: Gunther Stammwitz; Francesco > Betreff: RES: [pptp-server] multiple clients from the same ip > > > Guther, > > But in most cases we have just one valid IP to the server. > How do we do so? > > regards, > > Fabio Oliveira > IPWay - Internet Services > http://www.ipway.com.br > > > -----Mensagem original----- > De: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]Em nome de Gunther Stammwitz > Enviada em: segunda-feira, 18 de mar?o de 2002 15:57 > Para: Francesco; pptp-server at lists.schulte.org > Assunto: AW: [pptp-server] multiple clients from the same ip > > > give several ips to the pptp-server and let each client connect to it's > "own" server. (different server ip per client) > > its so simple :-) > > > > > -----Urspr?ngliche Nachricht----- > Von: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]Im Auftrag von Francesco > Gesendet: Montag, 18. M?rz 2002 19:14 > An: pptp-server at lists.schulte.org > Betreff: [pptp-server] multiple clients from the same ip > > > > Hello, > > it some days i got this problem, and i think there is no easy way to solve > it. > > I have a VPN poptop pptp server which listen on a refistered ip address. > Everything works fine; i can connect from a windows 9x/NT/2000/XP client > without any problem. > > My problems start when more than one client connect to the vpn server from > the SAME ip; the gre protocol i think get lost and from two or more clients > it doesn't work. > > I read in the mailing-list archive that poptop "respect" the rfc and it > cannot create more than one tunnel from the same ip. > > Are there some new solutions continuing using poptop? If i put, on the > client side, a pptp-linux-client which acts as a router for the windows > client to the vpn server, do you think it should work? > > Thank you in advance for your kind interest, hoping hear from you soon! > > Francesco Collini > (from Italy) > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From cameron at fax.sno.cpqcorp.net Mon Mar 18 15:48:43 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Tue, 19 Mar 2002 08:48:43 +1100 Subject: [pptp-server] Dynamic routes when mounting a PPTP tunnel References: <3C95ED8F.2710E2F9@shaw.ca> Message-ID: <3C9660BB.92815556@fax.sno.cpqcorp.net> On Debian, add scripts to /etc/ppp/ip-up.d/ that test the ipparam given to pppd, or the IP address. For instance, my VPN in to work has this sort of script to fix the routes ... #!/bin/sh if [ $PPP_IPPARAM == "sno" ]; then route add -net 1.2.3.0/8 dev ${IFNAME} fi -- James Cameron (james.cameron at compaq.com) http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ From Joe at Polcari.com Mon Mar 18 17:00:28 2002 From: Joe at Polcari.com (Joe Polcari) Date: Mon, 18 Mar 2002 18:00:28 -0500 Subject: [pptp-server] Linux Backup Solution References: <20020318184705.46373.qmail@web20205.mail.yahoo.com> Message-ID: <3C96718C.C194B242@Polcari.com> Use google, search for arkeia aleksey zakharov wrote: > Hello, this question is off the topic, however since allot of you > "gurus" may have experience with this maybe you can help me as well. I > am trying to implement a backup solution on our Linux R.H. 7.1 system. > Since we don't have the funding to buy some thing like Veritas Net > Backup, I am forced to set up some possibly Share ware backup > solution. If any one had any experience implementing a stable and > effective backup/restore solution either to a not too expansive tape > drive or CDR w please give me some suggestions. > > Thanks allot in advance. > > > ----------------------------------------------------------------------- > Do You Yahoo!? > Yahoo! Sports - live college hoops coverage -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielk at audioprecision.com Mon Mar 18 16:02:18 2002 From: danielk at audioprecision.com (Daniel Knighten) Date: Mon, 18 Mar 2002 14:02:18 -0800 Subject: [pptp-server] Is PoPToP dead? Message-ID: <3C9663EA.3EB1E7C2@audioprecision.com> Uhm... I noticed that the Poptop page, http://poptop.lineo.com/, has not changed in well over a year. Has development moved elsewhere? Dan From fabio at ipway.com.br Mon Mar 18 16:05:28 2002 From: fabio at ipway.com.br (Fabio Oliveira) Date: Mon, 18 Mar 2002 19:05:28 -0300 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <3C9663EA.3EB1E7C2@audioprecision.com> Message-ID: Dan, I dont know if it was moved. But about PoPToP is dead, I think is not true because I know there are people programming new features for the software. regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Daniel Knighten Enviada em: segunda-feira, 18 de mar?o de 2002 19:02 Para: pptp-server at lists.schulte.org Assunto: [pptp-server] Is PoPToP dead? Uhm... I noticed that the Poptop page, http://poptop.lineo.com/, has not changed in well over a year. Has development moved elsewhere? Dan _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From allanc at caldera.com Mon Mar 18 16:15:36 2002 From: allanc at caldera.com (Allan Clark) Date: Mon, 18 Mar 2002 17:15:36 -0500 Subject: RES: [pptp-server] Is PoPToP dead? References: Message-ID: <3C966708.EBD263C@caldera.com> I could set up a new place if people want... if lineo has gone silent, it'll take but a day. I have a personal server 1 hop from MAE West, North America, with space-o-plenty. Allan Fabio Oliveira wrote: > > Dan, > I dont know if it was moved. > > But about PoPToP is dead, I think is not true because I know there are > people programming new features for the software. > > regards, > > Fabio Oliveira > IPWay - Internet Services > http://www.ipway.com.br > > -----Mensagem original----- > De: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]Em nome de Daniel Knighten > Enviada em: segunda-feira, 18 de margo de 2002 19:02 > Para: pptp-server at lists.schulte.org > Assunto: [pptp-server] Is PoPToP dead? > > Uhm... I noticed that the Poptop page, http://poptop.lineo.com/, has not > changed in well over a year. Has development moved elsewhere? > > Dan > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From christopher at schulte.org Mon Mar 18 16:27:26 2002 From: christopher at schulte.org (Christopher Schulte) Date: Mon, 18 Mar 2002 16:27:26 -0600 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <3C966708.EBD263C@caldera.com> References: Message-ID: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> At 05:15 PM 3/18/2002 -0500, Allan Clark wrote: >I could set up a new place if people want... if lineo has gone silent, >it'll take but a day. > >I have a personal server 1 hop from MAE West, North America, with >space-o-plenty. If you have space, I can setup something like http://pptp.schulte.org/ or http://poptop.schulte.org/ no problemo, that can be updated by the active list members. That way the list archives and page would maintain uniformity. This should only be done if the old page has been abandoned. No need to yank control prematurely. Comments? >Allan --Chris From mattgav at tempo.com.au Mon Mar 18 16:58:25 2002 From: mattgav at tempo.com.au (Matt Gavin) Date: Tue, 19 Mar 2002 09:58:25 +1100 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> Message-ID: There is clearly a large interest/following of PoPToP. If there was an up to date web source, content on this list would be reduced dramatically matters of interest rather than repeating the same solutions to the same problems over and over. Matt. From danield at snapgear.com Mon Mar 18 17:10:42 2002 From: danield at snapgear.com (Daniel Djamaludin) Date: Tue, 19 Mar 2002 09:10:42 +1000 Subject: RES: [pptp-server] Is PoPToP dead? References: Message-ID: <3C9673F1.3C6BE7E5@snapgear.com> Hi Fabio, That is indeed correct. As I emailed previously to the list about the current plans for PoPToP, I am looking to release the next version within the next month. Matthew Ramsey and I are now working at SnapGear (www.snapgear.com) which was a spin off from Lineo. We have developed PoPToP since we use it in our VPN routers. Best Regards, Daniel Djamaludin Fabio Oliveira wrote: > Dan, > I dont know if it was moved. > > But about PoPToP is dead, I think is not true because I know there are > people programming new features for the software. > > regards, > > Fabio Oliveira > IPWay - Internet Services > http://www.ipway.com.br > > -----Mensagem original----- > De: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]Em nome de Daniel Knighten > Enviada em: segunda-feira, 18 de mar?o de 2002 19:02 > Para: pptp-server at lists.schulte.org > Assunto: [pptp-server] Is PoPToP dead? > > Uhm... I noticed that the Poptop page, http://poptop.lineo.com/, has not > changed in well over a year. Has development moved elsewhere? > > Dan > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Daniel Djamaludin - Software Engineer EMAIL: danield at snapgear.com SnapGear Inc. PHONE: +61 7 34352823 825 Stanley St Woolloongabba FAX: +61 7 38913630 Brisbane, QLD, 4102, Australia WEB: www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cameron at fax.sno.cpqcorp.net Mon Mar 18 17:08:44 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Tue, 19 Mar 2002 10:08:44 +1100 Subject: RES: [pptp-server] Is PoPToP dead? References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> Message-ID: <3C96737C.618D9FDC@fax.sno.cpqcorp.net> Christopher Schulte wrote: > This should only be done if the old page has been abandoned. No need to > yank control prematurely. Comments? I agree. It makes sense to place it within the same domain as the mailing list, at least for consistency. Presumably you can provide the ability for your contributing developers to update the content? I think pptp.schulte.org should be pptpserver.schulte.org though. Otherwise a naming scope conflict exists ... I'm the release engineer for the PPTP client project[1]. We've used the name pptpclient, though we used to be pptp-linux. The name change is because the software works on FreeBSD as well. We're using SourceForge for the web site, bug tracker, mailing lists, and CVS. The main benefit is ease of maintaining the developer list. Creating a project pptpserver on SourceForge and adopting the code from PoPToP is an option I would prefer, if you are truly committed to forking. To fork successfully, you need to; - give good reasons (e.g. development cannot easily continue, web site very out of date, etc) - make every effort to contact the previous maintainers, and document that effort, - rename if possible (the name PoPToP is hard to type!) [2]. References: [1] Testers wanted for release candidate 5 of pptp-linux 1.1.0! http://pptpclient.sourceforge.net/ [2] Good project naming practice ... http://www.linuxdoc.org/HOWTO/Software-Release-Practice-HOWTO/naming.html [3] Taboos against forking open source projects http://www.tuxedo.org/~esr/writings/homesteading/homesteading/x97.html -- James Cameron From listen at spuky.de Mon Mar 18 17:14:09 2002 From: listen at spuky.de (Spuky) Date: Tue, 19 Mar 2002 00:14:09 +0100 Subject: [pptp-server] Newbee Question... Message-ID: <323712546.20020319001409@spuky.de> I playing with the idea to set up a VPN with some of my bodys, I have a webserver on linux, which is housed by an housing provider.... I have to pay for the Traffic from and to this server, so my question: Is ALL the Data going over the server or is the server just managing ip addresses, and the tunnels go from user to user....? Thanks for helping out. From allanc at caldera.com Mon Mar 18 17:14:42 2002 From: allanc at caldera.com (Allan Clark) Date: Mon, 18 Mar 2002 18:14:42 -0500 Subject: RES: [pptp-server] Is PoPToP dead? References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> Message-ID: <3C9674E2.A192EDDD@caldera.com> James; > Creating a project pptpserver on SourceForge and adopting the code > from PoPToP is an option I would prefer, if you are truly committed to > forking. OK, if you can answer me one thing: On sourceforge, where is the button to say "remove my project"? As I recall, there's no way to move it *off* sourceforge if their policies continue to move towards the commercial side of things. (he says, sitting at Caldera) Allan From charlieb at e-smith.com Mon Mar 18 17:23:07 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 18 Mar 2002 18:23:07 -0500 (EST) Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <3C96737C.618D9FDC@fax.sno.cpqcorp.net> Message-ID: On Tue, 19 Mar 2002, James Cameron wrote: > We're using SourceForge for the web site, bug tracker, mailing lists, > and CVS. The main benefit is ease of maintaining the developer list. I've rarely found a SourceForge based web site which invites revisit. > Creating a project pptpserver on SourceForge and adopting the code > from PoPToP is an option I would prefer, if you are truly committed to > forking. I didn't think anyone was suggesting forking. It's only a fork if both projects continue to develop. Hence a dead project cannot be forked. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From cameron at fax.sno.cpqcorp.net Mon Mar 18 17:30:08 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Tue, 19 Mar 2002 10:30:08 +1100 Subject: RES: [pptp-server] Is PoPToP dead? References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> Message-ID: <3C967880.A267869D@fax.sno.cpqcorp.net> Allan Clark wrote: > OK, if you can answer me one thing: > On sourceforge, where is the button to say "remove my project"? Yes, that lack of control is distasteful. It prevents me putting my personal projects there. It seems reasonable that to prevent data loss, and to encourage continued use of the service, that project removal is a support request. Compaq has been able to delete projects in order to rename them. I do not recall being able to remove one. > As I recall, there's no way to move it *off* sourceforge if their > policies continue to move towards the commercial side of things. Yes, that is certainly a risk. In the Netrek serve project, we have maintained our CVS tree and web site separate to SourceForge at my recommendation. But Netrek is in maintenance mode, and pptpclient is more recent. The needs of the projects differ. The pptpclient project on SourceForge is sponsored by Compaq. That may have involved a contract ... I cannot say myself, because I do not know. -- James Cameron (james.cameron at compaq.com) http://www.linux.org/ http://www.linux.org.au/ http://www.freshmeat.net/ From cameron at fax.sno.cpqcorp.net Mon Mar 18 17:38:04 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Tue, 19 Mar 2002 10:38:04 +1100 Subject: [pptp-server] Newbee Question... References: <323712546.20020319001409@spuky.de> Message-ID: <3C967A5C.B68CBB22@fax.sno.cpqcorp.net> You wish to set up a VPN between you and a group of other hosts. You have a choice of using a central server, or run a VPN between each host. If you use a central server, the traffic will be to and from that server, and so you will have to pay for it through your housing provider. There would be one link between each host and the server, regardless of the number of hosts. If you use VPN links between each host, the tunnel will be user to user. There would be one link between each host and each other host. For two hosts, one link. For three hosts, three links. For four hosts, six links. As the number of hosts grows, the complexity increases. You could still use the central server to help with temporarily recording the IP address of each host. -- James Cameron (james.cameron at compaq.com) "Think of it as evolution in action." -- Larry Niven From aleksey_poptop at yahoo.com Mon Mar 18 17:58:25 2002 From: aleksey_poptop at yahoo.com (aleksey zakharov) Date: Mon, 18 Mar 2002 15:58:25 -0800 (PST) Subject: Fwd: [pptp-server] Linux Backup Solution Message-ID: <20020318235825.92618.qmail@web20208.mail.yahoo.com> What about hardware? Can anyone recomand a good tape drive in a price range 200-300. Thanks... Note: forwarded message attached. --------------------------------- Do You Yahoo!? Yahoo! Sports - live college hoops coverage -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded message was scrubbed... From: aleksey zakharov Subject: [pptp-server] Linux Backup Solution Date: Mon, 18 Mar 2002 10:47:05 -0800 (PST) Size: 3657 URL: From listen at spuky.de Mon Mar 18 18:05:29 2002 From: listen at spuky.de (Spuky) Date: Tue, 19 Mar 2002 01:05:29 +0100 Subject: [pptp-server] Newbee Question... In-Reply-To: <3C967A5C.B68CBB22@fax.sno.cpqcorp.net> References: <323712546.20020319001409@spuky.de> <3C967A5C.B68CBB22@fax.sno.cpqcorp.net> Message-ID: <4226791704.20020319010529@spuky.de> The problem is that we all use dsl connections which are reset by the ISP every 24h so the IP addresses of the clients are changing every day. Is there a way to manage this without using a central server that is getting all the traffic and without having to set up new connections every day? Any solutions? Thanks Spuky From charlieb at e-smith.com Mon Mar 18 18:14:43 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 18 Mar 2002 19:14:43 -0500 (EST) Subject: Fwd: [pptp-server] Linux Backup Solution In-Reply-To: <20020318235825.92618.qmail@web20208.mail.yahoo.com> Message-ID: On Mon, 18 Mar 2002, aleksey zakharov wrote: > What about hardware? Can anyone recomand a good tape drive in a price > range 200-300. Thanks... Please go to an appropriate forum. Or at the very least, ask for replies direct to you, and you can summarize for the list (if you must). It's snowing here today. About time that winter arrived, don't you think? Has anyone got good suggestions for bulbs to plant? Isn't it terrible the way the Pentagon is talking about first strike nuclear attack? -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From ctooley at amoa.org Mon Mar 18 19:05:14 2002 From: ctooley at amoa.org (Chris Tooley) Date: 19 Mar 2002 01:05:14 +0000 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <3C967880.A267869D@fax.sno.cpqcorp.net> References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> Message-ID: <1016499914.20837.3.camel@filecabinet.amoa.org> As was mentioned almost a year ago, I will be happy to help do updates, and maintenance on a website. If the site were moved to Allen's server I'd be happy to mirror it (100 Mbit pipe, Dual 450 PIII's, 1 gig RAM, lotso disk space, etc.). I don't have a problem with whoever hosts, it, but it's next to impossible to go to the website, download usable source and install it anymore. The source has changed drastically the HOWTO's are old (and for old distributions/kernels) and the installation procedure in general is too difficult. I would be happy to to help with some of these things. On an aside, the pptpclient uses ppp-mppe as well, is it the same code or do we have dueling efforts going on (and also conflicting packages)? Chris Tooley On Mon, 2002-03-18 at 23:30, James Cameron wrote: > Allan Clark wrote: > > OK, if you can answer me one thing: > > On sourceforge, where is the button to say "remove my project"? > > Yes, that lack of control is distasteful. It prevents me putting my > personal projects there. > > It seems reasonable that to prevent data loss, and to encourage > continued use of the service, that project removal is a support > request. Compaq has been able to delete projects in order to rename > them. I do not recall being able to remove one. > > > As I recall, there's no way to move it *off* sourceforge if their > > policies continue to move towards the commercial side of things. > > Yes, that is certainly a risk. In the Netrek serve project, we have > maintained our CVS tree and web site separate to SourceForge at my > recommendation. But Netrek is in maintenance mode, and pptpclient is > more recent. The needs of the projects differ. > > The pptpclient project on SourceForge is sponsored by Compaq. That may > have involved a contract ... I cannot say myself, because I do not know. > > -- > James Cameron (james.cameron at compaq.com) > > http://www.linux.org/ http://www.linux.org.au/ http://www.freshmeat.net/ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From cameron at fax.sno.cpqcorp.net Mon Mar 18 19:12:55 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Tue, 19 Mar 2002 12:12:55 +1100 Subject: RES: [pptp-server] Is PoPToP dead? References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> <1016499914.20837.3.camel@filecabinet.amoa.org> Message-ID: <3C969097.F1E3CBC8@fax.sno.cpqcorp.net> Chris Tooley wrote: > On an aside, the pptpclient uses ppp-mppe as well, is it the same code > or do we have dueling efforts going on (and also conflicting packages)? We grab ppp and the mppe patches from somewhere else, maintaining the source as a vendor branch in our CVS repository, and we produced ppp-mppe RPMs. Now that we are aware of the work that has gone into http://mirror.binarix.com/ppp-mppe/ it makes more sense to use that instead. Both projects need MPPE. -- James Cameron From cameron at fax.sno.cpqcorp.net Mon Mar 18 19:20:12 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Tue, 19 Mar 2002 12:20:12 +1100 Subject: [pptp-server] Newbee Question... References: <323712546.20020319001409@spuky.de> <3C967A5C.B68CBB22@fax.sno.cpqcorp.net> <4226791704.20020319010529@spuky.de> Message-ID: <3C96924C.DC667923@fax.sno.cpqcorp.net> Spuky wrote: > The problem is that we all use dsl connections which are reset by > the ISP every 24h so the IP addresses of the clients are changing > every day. Assuming your group is small enough to do multiple peer to peer tunnels: Use a central server to maintain the list of IP addresses as they change. When a change is detected, stop and restart each tunnel. Active connections over the tunnel should not be affected by the momentary outage, if it is done right. The tunnel IP address will not change. Consider PPP over SSH for greater security than PPTP. Latency may increase, however. -- James Cameron (james.cameron at compaq.com) http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ From ctooley at amoa.org Mon Mar 18 19:23:44 2002 From: ctooley at amoa.org (Chris Tooley) Date: 19 Mar 2002 01:23:44 +0000 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <3C9673F1.3C6BE7E5@snapgear.com> References: <3C9673F1.3C6BE7E5@snapgear.com> Message-ID: <1016501024.21497.11.camel@filecabinet.amoa.org> It does appear that there is a poptop project at sourceforge already, is it being used? Chris Tooley On Mon, 2002-03-18 at 23:10, Daniel Djamaludin wrote: > Hi Fabio, > > That is indeed correct. As I emailed previously to the list about the > current plans for PoPToP, I am looking to release the next version within > the next month. Matthew Ramsey and I are now working at SnapGear > (www.snapgear.com) which was a spin off from Lineo. We have developed > PoPToP since we use it in our VPN routers. > > Best Regards, > > Daniel Djamaludin > > Fabio Oliveira wrote: > > > Dan, > > I dont know if it was moved. > > > > But about PoPToP is dead, I think is not true because I know there are > > people programming new features for the software. > > > > regards, > > > > Fabio Oliveira > > IPWay - Internet Services > > http://www.ipway.com.br > > > > -----Mensagem original----- > > De: pptp-server-admin at lists.schulte.org > > [mailto:pptp-server-admin at lists.schulte.org]Em nome de Daniel Knighten > > Enviada em: segunda-feira, 18 de mar?o de 2002 19:02 > > Para: pptp-server at lists.schulte.org > > Assunto: [pptp-server] Is PoPToP dead? > > > > Uhm... I noticed that the Poptop page, http://poptop.lineo.com/, has not > > changed in well over a year. Has development moved elsewhere? > > > > Dan > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Daniel Djamaludin - Software Engineer EMAIL: danield at snapgear.com > SnapGear Inc. PHONE: +61 7 34352823 > 825 Stanley St Woolloongabba FAX: +61 7 38913630 > Brisbane, QLD, 4102, Australia WEB: www.snapgear.com > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From cameron at fax.sno.cpqcorp.net Mon Mar 18 19:38:23 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Tue, 19 Mar 2002 12:38:23 +1100 Subject: RES: [pptp-server] Is PoPToP dead? References: <3C9673F1.3C6BE7E5@snapgear.com> <1016501024.21497.11.camel@filecabinet.amoa.org> Message-ID: <3C96968F.36389717@fax.sno.cpqcorp.net> Chris Tooley wrote: > It does appear that there is a poptop project at sourceforge already, is > it being used? Activity percentile of 0%. But it does say it provides a client for PPTP, which is something I wasn't aware of. Have to look into it. ;-) -- James Cameron From ctooley at amoa.org Mon Mar 18 19:47:51 2002 From: ctooley at amoa.org (Chris Tooley) Date: 19 Mar 2002 01:47:51 +0000 Subject: RES: [pptp-server] Is PoPToP dead? (Plus addins from PPTP-Client) In-Reply-To: <3C969490.7EF46E17@fax.sno.cpqcorp.net> References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> <1016499914.20837.3.camel@filecabinet.amoa.org> <3C969097.F1E3CBC8@fax.sno.cpqcorp.net> <1016500839.20681.9.camel@filecabinet.amoa.org> <3C969490.7EF46E17@fax.sno.cpqcorp.net> Message-ID: <1016502471.21497.19.camel@filecabinet.amoa.org> On Tue, 2002-03-19 at 01:29, James Cameron wrote: > Chris Tooley wrote: > > Since you seem to be compaqadm at the pptpclient.sourceforge.net (if I'm > > wrong, I apologize) > > I'm quozl. > > > I'd like to give writing a HOWTO for a more recent version of RedHat > > (specifically 7.2) a try. > > Great! I am maintaining the http://pptpclient.sourceforge.net/ content. > > The current Red Hat 7.2 workaround on the pptpclient-devel mailing list > is to rebuild the RPM from source before installing it. > > Are you on the mailing list? If not, please join. > > > Only I don't want to use ppp 2.4.0, I want to use the 2.4.1 that came > > with redhat. Any pointers on getting the 2.4.1 stuff in CVS to compile > > right? I can't even seem to get it downloaded to start compiling it. > > I'm still struggling through this myself. My procedure for building > from CVS looks like this; > > use CVS to checkout the scripts directory from SourceForge > cd scripts > ./mkdist-ppp-mppe ppp=2.4.1 ssl=0.9.6 > tar xvfz ppp-mppe-2.4.1-rc1.tar.gz > cd ppp-mppe-2.4.1-rc1/ > cp ppp-2.4.1.tar.gz openssl-mppe-0.9.6.tar.gz ppp-2.4.1-mppe.patch \ > mppe-kernel-modules-i386.tar.gz mppe-kernel.tar.gz \ > ppp-2.4.1-mppe.patch openssl-0.9.6-mppe.patch /usr/src/rpm/SOURCES/ > rpm -ba ppp-mppe.spec Or it appears that there is a better way: wget http://mirror.binarix.com/ppp-mppe/kernel-source-2.4.9-31mppe.i386.rpm Configure kernel (for me this means applying XFS patches, which I forgot and I installed the kernel-2.4.9-31mppe.i386.rpm, only to find out that it overwrote my working kernel with a kernel that couldn't mount my XFS partitions, and so my laptop no booty no more.) and compile. wget http://mirror.binarix.com/ppp-mppe/ppp-2.4.1-3mppe.i386.rpm rpm -Uvh ppp-2.4.1-3mppe.i386.rpm To install poptop: wget http://mirror.binarix.com/ppp-mppe/pptpd-1.1.2-2.i386.rpm rpm -Uvh pptpd-1.1.2-2.i386.rpm To install pptp-client: Build pptp-client as per your instructions and go to town. Maybe there should really be some collaboration going on between these three projects/sites/entities (poptop, pptp-client, ppp-mppe at Binarix). They seem to fit together so snugly and yet are impossible to put together without monthes of research and effort. :) > > > On an aside the RPMs won't install because they conflict with kernel > > ppp. Should I include a .config and possibly a kernel RPM, with PPP > > turned off being the only difference, in my HOWTO? > > I'm not sure I understand the issue. I think we fixed something in the > spec file for 2.4.1 which may have changed this situation. If I > misunderstand, could we take it to the mailing list? > > -- > James Cameron (james.cameron at compaq.com) > > http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ From fcusack at fcusack.com Mon Mar 18 20:31:35 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Mon, 18 Mar 2002 18:31:35 -0800 Subject: [pptp-server] Dynamic routes when mounting a PPTP tunnel In-Reply-To: ; from aaractingi@libertysurf.fr on Mon, Mar 18, 2002 at 12:09:41PM +0000 References: Message-ID: <20020318183134.S15780@google.com> On Mon, Mar 18, 2002 at 12:09:41PM +0000, Alexandre Aractingi wrote: > Hi, > I use the PPTP server on a Debian system. It works > wonderfully (thanks!) and I'd like to be able to > establish dynamic routes as clients establish tunnels, in > order to route trafic for machines that are behind the > client... > I assign static IP addresses in /etc/ppp/chap-secrets, is > there a way to also specify routes to be mounted? No. You need to do client-side configuration. I've been dying for this feature myself. It would be fairly easy to implement, but no windows clients would understand/use it. /fc From cameron at fax.sno.cpqcorp.net Mon Mar 18 20:36:47 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Tue, 19 Mar 2002 13:36:47 +1100 Subject: RES: [pptp-server] Is PoPToP dead? (Plus addins fromPPTP-Client) References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> <1016499914.20837.3.camel@filecabinet.amoa.org> <3C969097.F1E3CBC8@fax.sno.cpqcorp.net> <1016500839.20681.9.camel@filecabinet.amoa.org> <3C969490.7EF46E17@fax.sno.cpqcorp.net> <1016502471.21497.19.camel@filecabinet.amoa.org> Message-ID: <3C96A43F.A18E12B3@fax.sno.cpqcorp.net> Chris Tooley wrote: > Maybe there should really be some collaboration going on between these > three projects/sites/entities (poptop, pptp-client, ppp-mppe at > Binarix). They seem to fit together so snugly and yet are impossible to > put together without monthes of research and effort. :) Well, if you derive a HOWTO for me that happens to reference the binarix site, I'll still put it up on the pptp-client web site. ;-) -- James Cameron (james.cameron at compaq.com) http://quozl.linux.org.au/ (or) http://quozl.netrek.org/ From danield at snapgear.com Mon Mar 18 20:57:56 2002 From: danield at snapgear.com (Daniel Djamaludin) Date: Tue, 19 Mar 2002 12:57:56 +1000 Subject: RES: [pptp-server] Is PoPToP dead? References: <3C9673F1.3C6BE7E5@snapgear.com> <1016501024.21497.11.camel@filecabinet.amoa.org> Message-ID: <3C96A934.289FD1DA@snapgear.com> Hi Chris, PoPToP (henceforth known as "Poptop") has been relocated to http://poptop.sourceforge.net. Lineo are in the process of pointing poptop.lineo.com at this new location. This seemed the best course of action to get onto relatively neutral ground (concerns about future SourceForge commercialization aside). The core team within Lineo that worked on Poptop left in the SnapGear spin-out and Lineo have just not had the resources to keep it going. The intent is to get Poptop back on track in an accessible open forum and take advantage of the immediate infrastructure that SourceForge provide. We can either stay with the existing mailing list, but a poptop-server mailing list is in the process of being set up by Source Forge. The CVS files are still in the process of being set up but the home page is not as broken and as outdated as it was. Best Regards, Daniel Djamaludin Chris Tooley wrote: > It does appear that there is a poptop project at sourceforge already, is > it being used? > > Chris Tooley > > On Mon, 2002-03-18 at 23:10, Daniel Djamaludin wrote: > > Hi Fabio, > > > > That is indeed correct. As I emailed previously to the list about the > > current plans for PoPToP, I am looking to release the next version within > > the next month. Matthew Ramsey and I are now working at SnapGear > > (www.snapgear.com) which was a spin off from Lineo. We have developed > > PoPToP since we use it in our VPN routers. > > > > Best Regards, > > > > Daniel Djamaludin > > > > Fabio Oliveira wrote: > > > > > Dan, > > > I dont know if it was moved. > > > > > > But about PoPToP is dead, I think is not true because I know there are > > > people programming new features for the software. > > > > > > regards, > > > > > > Fabio Oliveira > > > IPWay - Internet Services > > > http://www.ipway.com.br > > > > > > -----Mensagem original----- > > > De: pptp-server-admin at lists.schulte.org > > > [mailto:pptp-server-admin at lists.schulte.org]Em nome de Daniel Knighten > > > Enviada em: segunda-feira, 18 de mar?o de 2002 19:02 > > > Para: pptp-server at lists.schulte.org > > > Assunto: [pptp-server] Is PoPToP dead? > > > > > > Uhm... I noticed that the Poptop page, http://poptop.lineo.com/, has not > > > changed in well over a year. Has development moved elsewhere? > > > > > > Dan > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > -- > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Daniel Djamaludin - Software Engineer EMAIL: danield at snapgear.com > > SnapGear Inc. PHONE: +61 7 34352823 > > 825 Stanley St Woolloongabba FAX: +61 7 38913630 > > Brisbane, QLD, 4102, Australia WEB: www.snapgear.com > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Daniel Djamaludin - Software Engineer EMAIL: danield at snapgear.com SnapGear Inc. PHONE: +61 7 34352823 825 Stanley St Woolloongabba FAX: +61 7 38913630 Brisbane, QLD, 4102, Australia WEB: www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------- next part -------------- An HTML attachment was scrubbed... URL: From ctooley at amoa.org Mon Mar 18 21:00:04 2002 From: ctooley at amoa.org (Chris Tooley) Date: 19 Mar 2002 03:00:04 +0000 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <3C96A934.289FD1DA@snapgear.com> References: <3C9673F1.3C6BE7E5@snapgear.com> <1016501024.21497.11.camel@filecabinet.amoa.org> <3C96A934.289FD1DA@snapgear.com> Message-ID: <1016506805.21497.26.camel@filecabinet.amoa.org> Great to hear. The point being that there doesn't have to be duplicate work going on or even distant projects working on similar things. I was ecstatic to see the RPMs at mirror.binarix.com/ppp-mppe for pptpd-1.1.2 and all the other things, (I'm still trying to get a kernel RPM for the XFS kernel). I'd really like to put a RedHat 7.2 PPTP HOWTO together with sections for server and client. These things seem to be rather inter-related. Chris Tooley On Tue, 2002-03-19 at 02:57, Daniel Djamaludin wrote: > Hi Chris, > > PoPToP (henceforth known as "Poptop") has been relocated to > http://poptop.sourceforge.net. Lineo are in the process of pointing > poptop.lineo.com at this new location. This seemed the best course of action > to get onto relatively neutral ground (concerns about future SourceForge > commercialization aside). The core team within Lineo that worked on Poptop > left in the SnapGear spin-out and Lineo have just not had the resources to > keep it going. The intent is to get Poptop back on track in an accessible > open forum and take advantage of the immediate infrastructure that > SourceForge provide. We can either stay with the existing mailing list, but > a poptop-server mailing list is in the process of being set up by Source > Forge. > > The CVS files are still in the process of being set up but the home page is > not as broken and as outdated as it was. > > Best Regards, > > Daniel Djamaludin > > Chris Tooley wrote: > > > It does appear that there is a poptop project at sourceforge already, is > > it being used? > > > > Chris Tooley > > > > On Mon, 2002-03-18 at 23:10, Daniel Djamaludin wrote: > > > Hi Fabio, > > > > > > That is indeed correct. As I emailed previously to the list about the > > > current plans for PoPToP, I am looking to release the next version within > > > the next month. Matthew Ramsey and I are now working at SnapGear > > > (www.snapgear.com) which was a spin off from Lineo. We have developed > > > PoPToP since we use it in our VPN routers. > > > > > > Best Regards, > > > > > > Daniel Djamaludin > > > > > > Fabio Oliveira wrote: > > > > > > > Dan, > > > > I dont know if it was moved. > > > > > > > > But about PoPToP is dead, I think is not true because I know there are > > > > people programming new features for the software. > > > > > > > > regards, > > > > > > > > Fabio Oliveira > > > > IPWay - Internet Services > > > > http://www.ipway.com.br > > > > > > > > -----Mensagem original----- > > > > De: pptp-server-admin at lists.schulte.org > > > > [mailto:pptp-server-admin at lists.schulte.org]Em nome de Daniel Knighten > > > > Enviada em: segunda-feira, 18 de mar?o de 2002 19:02 > > > > Para: pptp-server at lists.schulte.org > > > > Assunto: [pptp-server] Is PoPToP dead? > > > > > > > > Uhm... I noticed that the Poptop page, http://poptop.lineo.com/, has not > > > > changed in well over a year. Has development moved elsewhere? > > > > > > > > Dan > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > -- > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > Daniel Djamaludin - Software Engineer EMAIL: danield at snapgear.com > > > SnapGear Inc. PHONE: +61 7 34352823 > > > 825 Stanley St Woolloongabba FAX: +61 7 38913630 > > > Brisbane, QLD, 4102, Australia WEB: www.snapgear.com > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Daniel Djamaludin - Software Engineer EMAIL: danield at snapgear.com > SnapGear Inc. PHONE: +61 7 34352823 > 825 Stanley St Woolloongabba FAX: +61 7 38913630 > Brisbane, QLD, 4102, Australia WEB: www.snapgear.com > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > From lists at earthling.2y.net Mon Mar 18 21:13:25 2002 From: lists at earthling.2y.net (lists at earthling.2y.net) Date: Mon, 18 Mar 2002 22:13:25 -0500 (EST) Subject: [pptp-server] Dynamic routes when mounting a PPTP tunnel In-Reply-To: <20020318183134.S15780@google.com> Message-ID: Stealheat/RRAS would work wonders with a static ip on the tunnel. -LW On Mon, 18 Mar 2002, Frank Cusack wrote: > On Mon, Mar 18, 2002 at 12:09:41PM +0000, Alexandre Aractingi wrote: > > Hi, > > I use the PPTP server on a Debian system. It works > > wonderfully (thanks!) and I'd like to be able to > > establish dynamic routes as clients establish tunnels, in > > order to route trafic for machines that are behind the > > client... > > I assign static IP addresses in /etc/ppp/chap-secrets, is > > there a way to also specify routes to be mounted? > > No. You need to do client-side configuration. I've been dying for this > feature myself. It would be fairly easy to implement, but no windows > clients would understand/use it. > > /fc > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > -- Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net From cameron at fax.sno.cpqcorp.net Mon Mar 18 21:18:07 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Tue, 19 Mar 2002 14:18:07 +1100 Subject: RES: [pptp-server] Is PoPToP dead? References: <3C9673F1.3C6BE7E5@snapgear.com> <1016501024.21497.11.camel@filecabinet.amoa.org> <3C96A934.289FD1DA@snapgear.com> Message-ID: <3C96ADEF.C0F31F8A@fax.sno.cpqcorp.net> I've added a link on pptpclient.sourceforge.net to poptop, to cover the people who arrive at the client project looking for a server. Requests to Poptop project admins ... - Please add quozl to list of developers for poptop.sourceforge.net - Could you fix the link for the PPTP client? It points to Scott Ananian's page, which points to an older client development page. I've asked Scott just then to change his link. - Could you add a link to the binarix file repository? http://mirror.binarix.com/ppp-mppe/ -- James Cameron From charlieb at e-smith.com Mon Mar 18 21:41:51 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 18 Mar 2002 22:41:51 -0500 (EST) Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <1016506805.21497.26.camel@filecabinet.amoa.org> Message-ID: On 19 Mar 2002, Chris Tooley wrote: > Great to hear. The point being that there doesn't have to be duplicate > work going on or even distant projects working on similar things. I was > ecstatic to see the RPMs at mirror.binarix.com/ppp-mppe for pptpd-1.1.2 > and all the other things, (I'm still trying to get a kernel RPM for the > XFS kernel). I don't see why you need a whole kernel RPM, in relation to PPTP issues. All you need kernel wise is an mppe module, and a ppp/ppp_generic module which allows 64byte parameter blocks (which requires a recompile). You could remove the ppp/ppp_generic module from the mix if either the standard kernel allowed 64byte parameter blocks, or the mppe module interface passed a pointer to NT hash rather than the NT hash to the kernel. The module could then do a copy from user to kernel space to get hold of the hash, which is used as to initialise the encryption key. So all you'd need is an mppe module. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From fcusack at fcusack.com Mon Mar 18 22:05:17 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Mon, 18 Mar 2002 20:05:17 -0800 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <1016499914.20837.3.camel@filecabinet.amoa.org>; from ctooley@amoa.org on Tue, Mar 19, 2002 at 01:05:14AM +0000 References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> <1016499914.20837.3.camel@filecabinet.amoa.org> Message-ID: <20020318200516.A15467@google.com> On Tue, Mar 19, 2002 at 01:05:14AM +0000, Chris Tooley wrote: > On an aside, the pptpclient uses ppp-mppe as well, is it the same code > or do we have dueling efforts going on (and also conflicting packages)? I expect (hope) that pppd-2.4.2 userland will have mppe integrated. There are various problems with the existing patches. I also hope that the kernel component will be integrated, I imagine this will largely depend on whether kernel maintainers are comfortable including rc4. /fc From fcusack at fcusack.com Mon Mar 18 22:19:03 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Mon, 18 Mar 2002 20:19:03 -0800 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: ; from charlieb@e-smith.com on Mon, Mar 18, 2002 at 10:41:51PM -0500 References: <1016506805.21497.26.camel@filecabinet.amoa.org> Message-ID: <20020318201903.B15467@google.com> On Mon, Mar 18, 2002 at 10:41:51PM -0500, Charlie Brady wrote: > All you need kernel wise is an mppe module, and a ppp/ppp_generic module > which allows 64byte parameter blocks (which requires a recompile). Even that's not needed; that's one of the ways the existing mppe mechanism is broken. (not broken as in nonfunctional, broken as in not "correct") > You could remove the ppp/ppp_generic module from the mix if either the > standard kernel allowed 64byte parameter blocks, or the mppe module > interface passed a pointer to NT hash rather than the NT hash to the > kernel. The module could then do a copy from user to kernel space to get > hold of the hash, which is used as to initialise the encryption key. So > all you'd need is an mppe module. userland does not pass the hash, it passes the keys. I expect to make mppe support for 2.2 publically available in ~ 2 weeks (it's mostly done, need to do integration and testing). 2.4 -- dunno, but I expect 1-2 weeks after that. That's based on whether the pppd guys accept my mppe changes (I think they will -- the userland side has no questionable bits). BTW Charlie, hi. :-) While doing some research on stateful mode I saw your post about tolerating out of order packets (from nearly a year ago). It's a good idea, except that RFC 1661 sec. 1, RFC 3078 sec. 3, and RFC 2637 sec. 4.3 all agree that PPP MUST receive packets in order. Any patch to tolerate out-of-order packets MUST go into pptpd (either queue or drop). I understand that pptpd 1.1.2 (?) does queue them. If 1.0.x sends them to PPP, it's broken. /fc From lists at colliniconsulting.it Tue Mar 19 00:40:47 2002 From: lists at colliniconsulting.it (Francesco) Date: Tue, 19 Mar 2002 07:40:47 +0100 Subject: [pptp-server] turning around the problem to solve the... In-Reply-To: Message-ID: multiple ip connections to a vpn pptp server from some pc sharing the same ip: i would like to try to put a vpn client pptp in order to act as vpn client for every windows machine which would like to join the remote network instead making the pptp connection on every pc that, as talked yesterday, doesn't work, i think. The situation could be the following: VPN SERVER -----> INTERNET -----> VPN CLIENT ------> PC1, PC2, PC3, ecc. The only thing i would like to ask: in the client network i am behing an adsl router which masquerade traffic to the outside world; with a single windows pptp client connection everything works fine: do you think it will works the same if the connection comes from a linux pptp client? The latest pptp client version, is the 1.0.2 linked in poptop.lineo.com? Thank you again to everybody, hope a nice day! Bye, Francesco Collini -----Messaggio originale----- Da: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Per conto di Fabio Oliveira Inviato: luned? 18 marzo 2002 21.07 A: Gunther Stammwitz; Francesco; pptp-server at lists.schulte.org Oggetto: RES: [pptp-server] multiple clients from the same ip There is one way that is use Linux or WinNT/2000 how pptp client and make the forwarding of packets between LAN (eth0) and VPN (eth1 - pppXXX), thus every client can access another side over the VPN. Right??? suppose that model : client W9x --> Linux/WNT (PPTP Client) --> (( Internet )) --> Linux VPN server --> LAN (192.168.0.3) --> (192.168.0.1) : (200.204.53.46) ------ (200.230.76.54) : (192.168.2.1) after vpn established: (192.168.0.3) --> (192.168.0.1) :: (192.168.1.3)---- (192.168.1.2) : (192.168.2.1) ---> LAN The Linux or Win NT PPTP client needs forward packets from 192.168.0.0 /24 to 192.168.2.0/24 via VPN tunnel (192.168.1.0). You still need set up your ip-up file in the /etc/ppp directory. I think is that. regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br phone: 13-97024714 -----Mensagem original----- De: Gunther Stammwitz [mailto:gstammw at gmx.net] Enviada em: segunda-feira, 18 de mar?o de 2002 16:51 Para: Fabio Oliveira; Francesco; pptp-server at lists.schulte.org Assunto: AW: [pptp-server] multiple clients from the same ip Hello, looks like there's no way :-(( I've tried many many hours to get it working but had no success... Looks like you need more ips. Ask your provider for a class-c-network for vpn-connections. This should work with ripe. Bye, Gunther -----Urspr?ngliche Nachricht----- Von: Fabio Oliveira [mailto:fabio at ipway.com.br] Gesendet: Montag, 18. M?rz 2002 19:59 An: Gunther Stammwitz; Francesco Betreff: RES: [pptp-server] multiple clients from the same ip Guther, But in most cases we have just one valid IP to the server. How do we do so? regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Gunther Stammwitz Enviada em: segunda-feira, 18 de mar?o de 2002 15:57 Para: Francesco; pptp-server at lists.schulte.org Assunto: AW: [pptp-server] multiple clients from the same ip give several ips to the pptp-server and let each client connect to it's "own" server. (different server ip per client) its so simple :-) -----Urspr?ngliche Nachricht----- Von: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Im Auftrag von Francesco Gesendet: Montag, 18. M?rz 2002 19:14 An: pptp-server at lists.schulte.org Betreff: [pptp-server] multiple clients from the same ip Hello, it some days i got this problem, and i think there is no easy way to solve it. I have a VPN poptop pptp server which listen on a refistered ip address. Everything works fine; i can connect from a windows 9x/NT/2000/XP client without any problem. My problems start when more than one client connect to the vpn server from the SAME ip; the gre protocol i think get lost and from two or more clients it doesn't work. I read in the mailing-list archive that poptop "respect" the rfc and it cannot create more than one tunnel from the same ip. Are there some new solutions continuing using poptop? If i put, on the client side, a pptp-linux-client which acts as a router for the windows client to the vpn server, do you think it should work? Thank you in advance for your kind interest, hoping hear from you soon! Francesco Collini (from Italy) _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From orjan at mind.com Tue Mar 19 03:51:35 2002 From: orjan at mind.com (=?iso-8859-1?Q?=D6rjan_Johansson?=) Date: Tue, 19 Mar 2002 10:51:35 +0100 Subject: [pptp-server] Patching ppp Message-ID: <2B70E28ADA1D484D99C64C5BC6B9959F02D64FB1@STOEXCH.mind.com> Hi all! I''ve read the instructions on http://www.shorewall.net/PPTP.htm where it says to get pppd ver.2.4.1 or later and patch it with the ppp-2.4.0-openssl-0.9.6-mppe.patch.gz and ppp-2.4.1-MSCHAPv2-fix.patch.gz patches, then install it. I checked out my Redhat 7.2 installation and saw that ppp-2.4.1-2 is already installed. I'm wondering if there's a way to patch an already installed version of ppp? I could uninstall the rpm, patch the tarball and install that, but when I try and uninstall the rpm, tons of dependencies bug me.... Any input on this, or any other hints on good instructions for setting up pppd/poptop for someone new to this would be extremely appreciated! TIA, Orjan ........................... MIND AB ................................................ ?rjan Johansson Phone: +46-(0)8-410 211 24 orjan at mind.com Mobile: +46-(0)733-61 11 24 http://www.mind.com/ Fax: +46-(0)733-63 11 24 -------- Karlbergsv?gen 77-81, S-113 84 Stockholm, Sweden ---------- From fabio at ipway.com.br Tue Mar 19 07:30:10 2002 From: fabio at ipway.com.br (Fabio Oliveira) Date: Tue, 19 Mar 2002 10:30:10 -0300 Subject: RES: [pptp-server] turning around the problem to solve the... In-Reply-To: Message-ID: Francesco, In my understanding you have a 1483-B ADSL connection for your Internet provider (lets no deep in that issue), offcourse your ADSL modem has DHCP resource so when you use a Windows machine. To resume simply put the IP address of ADSL (same that Windows gain above) in your Linux server and the gateway address (from your provider) after that everything runs fine. Keep in mind whatever the access method connection, the first rule is you need to reach your VPN server and hence you need obtain a valid IP anyhow...!!! :-) regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Francesco Enviada em: ter?a-feira, 19 de mar?o de 2002 03:41 Para: pptp-server at lists.schulte.org Assunto: [pptp-server] turning around the problem to solve the... multiple ip connections to a vpn pptp server from some pc sharing the same ip: i would like to try to put a vpn client pptp in order to act as vpn client for every windows machine which would like to join the remote network instead making the pptp connection on every pc that, as talked yesterday, doesn't work, i think. The situation could be the following: VPN SERVER -----> INTERNET -----> VPN CLIENT ------> PC1, PC2, PC3, ecc. The only thing i would like to ask: in the client network i am behing an adsl router which masquerade traffic to the outside world; with a single windows pptp client connection everything works fine: do you think it will works the same if the connection comes from a linux pptp client? The latest pptp client version, is the 1.0.2 linked in poptop.lineo.com? Thank you again to everybody, hope a nice day! Bye, Francesco Collini -----Messaggio originale----- Da: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Per conto di Fabio Oliveira Inviato: luned? 18 marzo 2002 21.07 A: Gunther Stammwitz; Francesco; pptp-server at lists.schulte.org Oggetto: RES: [pptp-server] multiple clients from the same ip There is one way that is use Linux or WinNT/2000 how pptp client and make the forwarding of packets between LAN (eth0) and VPN (eth1 - pppXXX), thus every client can access another side over the VPN. Right??? suppose that model : client W9x --> Linux/WNT (PPTP Client) --> (( Internet )) --> Linux VPN server --> LAN (192.168.0.3) --> (192.168.0.1) : (200.204.53.46) ------ (200.230.76.54) : (192.168.2.1) after vpn established: (192.168.0.3) --> (192.168.0.1) :: (192.168.1.3)---- (192.168.1.2) : (192.168.2.1) ---> LAN The Linux or Win NT PPTP client needs forward packets from 192.168.0.0 /24 to 192.168.2.0/24 via VPN tunnel (192.168.1.0). You still need set up your ip-up file in the /etc/ppp directory. I think is that. regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br phone: 13-97024714 -----Mensagem original----- De: Gunther Stammwitz [mailto:gstammw at gmx.net] Enviada em: segunda-feira, 18 de mar?o de 2002 16:51 Para: Fabio Oliveira; Francesco; pptp-server at lists.schulte.org Assunto: AW: [pptp-server] multiple clients from the same ip Hello, looks like there's no way :-(( I've tried many many hours to get it working but had no success... Looks like you need more ips. Ask your provider for a class-c-network for vpn-connections. This should work with ripe. Bye, Gunther -----Urspr?ngliche Nachricht----- Von: Fabio Oliveira [mailto:fabio at ipway.com.br] Gesendet: Montag, 18. M?rz 2002 19:59 An: Gunther Stammwitz; Francesco Betreff: RES: [pptp-server] multiple clients from the same ip Guther, But in most cases we have just one valid IP to the server. How do we do so? regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Gunther Stammwitz Enviada em: segunda-feira, 18 de mar?o de 2002 15:57 Para: Francesco; pptp-server at lists.schulte.org Assunto: AW: [pptp-server] multiple clients from the same ip give several ips to the pptp-server and let each client connect to it's "own" server. (different server ip per client) its so simple :-) -----Urspr?ngliche Nachricht----- Von: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Im Auftrag von Francesco Gesendet: Montag, 18. M?rz 2002 19:14 An: pptp-server at lists.schulte.org Betreff: [pptp-server] multiple clients from the same ip Hello, it some days i got this problem, and i think there is no easy way to solve it. I have a VPN poptop pptp server which listen on a refistered ip address. Everything works fine; i can connect from a windows 9x/NT/2000/XP client without any problem. My problems start when more than one client connect to the vpn server from the SAME ip; the gre protocol i think get lost and from two or more clients it doesn't work. I read in the mailing-list archive that poptop "respect" the rfc and it cannot create more than one tunnel from the same ip. Are there some new solutions continuing using poptop? If i put, on the client side, a pptp-linux-client which acts as a router for the windows client to the vpn server, do you think it should work? Thank you in advance for your kind interest, hoping hear from you soon! Francesco Collini (from Italy) _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From akohlsmith at benshaw.com Tue Mar 19 08:03:18 2002 From: akohlsmith at benshaw.com (Andrew Kohlsmith) Date: Tue, 19 Mar 2002 09:03:18 -0500 Subject: [pptp-server] turning around the problem to solve the... In-Reply-To: References: Message-ID: <200203190903.18825@-mixdown.ca> > The situation could be the following: > VPN SERVER -----> INTERNET -----> VPN CLIENT ------> PC1, PC2, PC3, ecc. I'm pretty sure that you want to replace "VPN SERVER" and "VPN CLIENT" with nice 100% standard IPSec endpoints. My understanding is that PPTP is meant for single computer access, and IPSec to connect two networks in an encrypted manner. Of course there are implementations for each that do the other's job, but my reccolection suggests that this is how it was originally intended to be. :-) Regards, Andrew From byrdr at corp.earthlink.net Tue Mar 19 08:43:50 2002 From: byrdr at corp.earthlink.net (Bo Byrd) Date: Tue, 19 Mar 2002 09:43:50 -0500 Subject: [pptp-server] /etc/ppp/options file In-Reply-To: <200203190903.18825@-mixdown.ca> Message-ID: <002401c1cf54$7f0808c0$0345a8c0@bbyrd> Ive been studying poptop for about 3 weeks now and havent found a file describing all the options available for this file, especially since after adding mppe and mschapv2 support....basically I want to only allow clients to connect using mschapv2 with 128bit mppe....but the instructions would be best to have. Anyone know where they are? Thanks, Bo From charlieb at e-smith.com Tue Mar 19 08:58:56 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 19 Mar 2002 09:58:56 -0500 (EST) Subject: [pptp-server] /etc/ppp/options file In-Reply-To: <002401c1cf54$7f0808c0$0345a8c0@bbyrd> Message-ID: On Tue, 19 Mar 2002, Bo Byrd wrote: > Ive been studying poptop for about 3 weeks now and havent found a file > describing all the options available for this file, especially since > after adding mppe and mschapv2 support....basically I want to only allow > clients to connect using mschapv2 with 128bit mppe....but the > instructions would be best to have. Anyone know where they are? The options available are descibed in the pppd man page, after the various patches are applied. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From byrdr at corp.earthlink.net Tue Mar 19 09:18:41 2002 From: byrdr at corp.earthlink.net (Bo Byrd) Date: Tue, 19 Mar 2002 10:18:41 -0500 Subject: [pptp-server] /etc/ppp/options file In-Reply-To: Message-ID: <002701c1cf59$5d76cbb0$0345a8c0@bbyrd> debug lock mtu 1490 mru 1490 proxyarp auth refuse-pap refuse-chap refuse-chapms require-chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-stateless This is what I'm using for my options file, but users can still connect with CHAP. MS-CHAP doesn't work, but MS-CHAPv2 does work... I also tried adding "require-mppe-128" and "require-mppe-stateless" (I found these commands in a file on the internet, there is a lot of commands out on the internet that arent in the pppd man page) but those give errors when users try to connect. If I set up my client to use MS-CHAPv2 and MPPE-128 then everything works, but I am wanting to have poptop refuse anything else but that combination. Im using RH71 with stock rh71 2.4.2-2 kernel and I've downloaded the pppd-2.4.1 source and the pptpd-1.1.2 src and the ppp-2.4.1-openssl-0.9.6-mppe-patch and the linux-2.4.4-openssl-0.9.6a-mppe.patch. Im not sure if I did all the patches and recompiled the kernel in the exactly correct order, but I can now connect with mppe-128 and mschapv2, so I think I did it right. The only thing is I can connect but I cant ping the other interface on the linux poptop server with a client after its connected. Previously when I was trying Mandrake I had only installed pptpd and hadnt done any patches or recompiles and clients could connect with chap and could ping the other interface on the poptop server....so how critical was the order in which I did everything? The reason I switched to rh71 from mandrake was Ive never been able to do a successful kernel recompile with anything other than rh71. Actually when I just did rh71 yesterday it was flawless with no missing module deps or any other error msgs during a reboot. Thanks, Bo -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Charlie Brady Sent: Tuesday, March 19, 2002 9:59 AM To: Bo Byrd Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] /etc/ppp/options file On Tue, 19 Mar 2002, Bo Byrd wrote: > Ive been studying poptop for about 3 weeks now and havent found a file > describing all the options available for this file, especially since > after adding mppe and mschapv2 support....basically I want to only > allow clients to connect using mschapv2 with 128bit mppe....but the > instructions would be best to have. Anyone know where they are? The options available are descibed in the pppd man page, after the various patches are applied. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From fabio at ipway.com.br Tue Mar 19 10:04:22 2002 From: fabio at ipway.com.br (Fabio Oliveira) Date: Tue, 19 Mar 2002 13:04:22 -0300 Subject: RES: [pptp-server] /etc/ppp/options file In-Reply-To: <002701c1cf59$5d76cbb0$0345a8c0@bbyrd> Message-ID: Bo, My options.pptp file is simple as that: debug lock auth idle 300 maxfail 3 proxyarp refuse-pap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name servervpn regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Bo Byrd Enviada em: ter?a-feira, 19 de mar?o de 2002 12:19 Para: pptp-server at lists.schulte.org Assunto: RE: [pptp-server] /etc/ppp/options file debug lock mtu 1490 mru 1490 proxyarp auth refuse-pap refuse-chap refuse-chapms require-chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-stateless This is what I'm using for my options file, but users can still connect with CHAP. MS-CHAP doesn't work, but MS-CHAPv2 does work... I also tried adding "require-mppe-128" and "require-mppe-stateless" (I found these commands in a file on the internet, there is a lot of commands out on the internet that arent in the pppd man page) but those give errors when users try to connect. If I set up my client to use MS-CHAPv2 and MPPE-128 then everything works, but I am wanting to have poptop refuse anything else but that combination. Im using RH71 with stock rh71 2.4.2-2 kernel and I've downloaded the pppd-2.4.1 source and the pptpd-1.1.2 src and the ppp-2.4.1-openssl-0.9.6-mppe-patch and the linux-2.4.4-openssl-0.9.6a-mppe.patch. Im not sure if I did all the patches and recompiled the kernel in the exactly correct order, but I can now connect with mppe-128 and mschapv2, so I think I did it right. The only thing is I can connect but I cant ping the other interface on the linux poptop server with a client after its connected. Previously when I was trying Mandrake I had only installed pptpd and hadnt done any patches or recompiles and clients could connect with chap and could ping the other interface on the poptop server....so how critical was the order in which I did everything? The reason I switched to rh71 from mandrake was Ive never been able to do a successful kernel recompile with anything other than rh71. Actually when I just did rh71 yesterday it was flawless with no missing module deps or any other error msgs during a reboot. Thanks, Bo -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Charlie Brady Sent: Tuesday, March 19, 2002 9:59 AM To: Bo Byrd Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] /etc/ppp/options file On Tue, 19 Mar 2002, Bo Byrd wrote: > Ive been studying poptop for about 3 weeks now and havent found a file > describing all the options available for this file, especially since > after adding mppe and mschapv2 support....basically I want to only > allow clients to connect using mschapv2 with 128bit mppe....but the > instructions would be best to have. Anyone know where they are? The options available are descibed in the pppd man page, after the various patches are applied. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From listen at spuky.de Tue Mar 19 11:35:14 2002 From: listen at spuky.de (Spuky) Date: Tue, 19 Mar 2002 18:35:14 +0100 Subject: [pptp-server] Newbee Question... In-Reply-To: <3C96924C.DC667923@fax.sno.cpqcorp.net> References: <323712546.20020319001409@spuky.de> <3C967A5C.B68CBB22@fax.sno.cpqcorp.net> <4226791704.20020319010529@spuky.de> <3C96924C.DC667923@fax.sno.cpqcorp.net> Message-ID: <9689777403.20020319183514@spuky.de> > Use a central server to maintain the list of IP addresses as they > change. is there any software available to do this? Or has every user to set up the new connections everyday? Thanks for answers Thomas From byrdr at corp.earthlink.net Tue Mar 19 11:40:23 2002 From: byrdr at corp.earthlink.net (Bo Byrd) Date: Tue, 19 Mar 2002 12:40:23 -0500 Subject: [pptp-server] RADIUS? In-Reply-To: <9689777403.20020319183514@spuky.de> Message-ID: <000401c1cf6d$2943ab10$0345a8c0@bbyrd> Is it possible to have the PopTop system authenticate subscribers via radius instead of chap-secrets? -Bo From orjan at whyevenbother.com Tue Mar 19 13:49:04 2002 From: orjan at whyevenbother.com (=?Windows-1252?Q?=D6rjan_Johansson?=) Date: Tue, 19 Mar 2002 20:49:04 +0100 Subject: [pptp-server] Total frustration - help pls! Message-ID: OK, I must admit I'm probably a total moron, but here's my problem: I've been using Linux for quite some time for routing and firewalling, so when it's time to start messing with VPN's I thought I'd just look around the net to find the answers and just go nuts - guess this was tougher than that... I have a Redhat 7.2 with a 2.4.9-31 kernel. I've patched and recompiled the kernel with the openssl patch. I've patched the pppd-2.4.1 sources and installed those. Also installed the latest poptop. Now comes the questions - stupid or not: * After installing everything I notice there's no /etc/pptpd.conf file. I created it myself instead. Did my install fail, or is that as it should be? * Does pptpd make use, and start, pppd or should pppd be started also? Good scripts to autostart these? * Any comprehensive docs out there? I noticed poptop seems to be moving to sourceforge, and I can't find any docs. * Anyone else out there who's gone through this recently? I want to set up a server that accepts Win2k pptp clients, but would also like to try out connecting two networks through two linux boxes. Any hints, ideas desperately welcome! Any archives out there where I can find similar questions and their answers? And go easy on me please.... TIA, Orjan From byrdr at corp.earthlink.net Tue Mar 19 14:00:12 2002 From: byrdr at corp.earthlink.net (Bo Byrd) Date: Tue, 19 Mar 2002 15:00:12 -0500 Subject: [pptp-server] Total frustration - help pls! In-Reply-To: Message-ID: <000f01c1cf80$b0d4bca0$0345a8c0@bbyrd> I got mine running just a few days ago...I had to create /etc/pptpd.conf and /ppp/options as well. You don?t hgave to worry about pppd. I just use inittab to start pptpd by the following: s2:35:respawn:/usr/src/sbin/pptpd -f Heres the links that got mine working: http://www.advancevpn.com/en/download_other.html http://jefe.org/Newschool/Projects/PPTP/newHOWTO-PoPToP.html http://www.shorewall.net/PPTP.htm If you want to connect a network behind a linux router to another network behind another linux router then you will probably rather want to use FreeSWAN. It uses IPSec (SHA1/3DES) instead of MPPE-128 which is RC-4 based. Good luck (I guess I was lucky it tooke me a few recompiles and OS reloads experimenting with both rh71 and mdk81 till I finally got it right) -Bo -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of ?rjan Johansson Sent: Tuesday, March 19, 2002 2:49 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Total frustration - help pls! OK, I must admit I'm probably a total moron, but here's my problem: I've been using Linux for quite some time for routing and firewalling, so when it's time to start messing with VPN's I thought I'd just look around the net to find the answers and just go nuts - guess this was tougher than that... I have a Redhat 7.2 with a 2.4.9-31 kernel. I've patched and recompiled the kernel with the openssl patch. I've patched the pppd-2.4.1 sources and installed those. Also installed the latest poptop. Now comes the questions - stupid or not: * After installing everything I notice there's no /etc/pptpd.conf file. I created it myself instead. Did my install fail, or is that as it should be? * Does pptpd make use, and start, pppd or should pppd be started also? Good scripts to autostart these? * Any comprehensive docs out there? I noticed poptop seems to be moving to sourceforge, and I can't find any docs. * Anyone else out there who's gone through this recently? I want to set up a server that accepts Win2k pptp clients, but would also like to try out connecting two networks through two linux boxes. Any hints, ideas desperately welcome! Any archives out there where I can find similar questions and their answers? And go easy on me please.... TIA, Orjan _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From mikael.lonnroth at advancevpn.com Tue Mar 19 14:07:00 2002 From: mikael.lonnroth at advancevpn.com (=?Windows-1252?Q?Mikael_L=F6nnroth?=) Date: Tue, 19 Mar 2002 22:07:00 +0200 Subject: [pptp-server] Total frustration - help pls! References: Message-ID: <00e201c1cf81$a19f3160$131b7d0a@advancehome> >From: "?rjan Johansson" >Subject: [pptp-server] Total frustration - help pls! Hi, Since your frustration level is high, here's a quick link to some short instructions that may be of some help: http://www.advancevpn.com/en/download_other.html >* After installing everything I notice there's no /etc/pptpd.conf file. >I created it myself instead. Did my install fail, or is that as it >should be? At least I create the file myself every time. The bare minimum you need is a localip and remoteip line. >* Does pptpd make use, and start, pppd or should pppd be started also? >Good scripts to autostart these? pptpd starts pppd automatically, you just have to specify the right ppp options in /etc/ppp/options >* Any comprehensive docs out there? I noticed poptop seems to be moving >to sourceforge, and I can't find any docs. Search the pptpd archive for the FAQ address. >* Anyone else out there who's gone through this recently? I want to set >up a server that accepts Win2k pptp clients, but would also like to try >out connecting two networks through two linux boxes. Yes yes, it works brilliantly so keep at it :) Kindly, Mikael L?nnroth gml at advancevpn.com From orjan at whyevenbother.com Tue Mar 19 15:21:05 2002 From: orjan at whyevenbother.com (=?Windows-1252?Q?=D6rjan_Johansson?=) Date: Tue, 19 Mar 2002 22:21:05 +0100 Subject: [pptp-server] The frustration thang - almost there! Message-ID: Thanks guys!! Quick response. Now I'm at least up and running, almost getting a connection through. I do get weird errors though: Mar 19 21:59:45 howdy pptpd[6192]: MGR: Manager process started Mar 19 22:00:34 howdy pptpd[6197]: CTRL: Client xxx.xxx.xxx.xxx control connection started Mar 19 22:00:34 howdy pptpd[6197]: CTRL: Starting call (launching pppd, opening GRE) Mar 19 22:00:34 howdy pppd[6198]: In file /etc/ppp/options.poptop: unrecognized option '+chapms-v2' Mar 19 22:00:34 howdy pptpd[6197]: GRE: read(fd=5,buffer=804daa0,len=8196) from PTY failed: status = -1 error = Input/output error Mar 19 22:00:34 howdy pptpd[6197]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Mar 19 22:00:34 howdy pptpd[6197]: CTRL: Client xxx.xxx.xxx.xxx control connection finished The GRE thing seems weird, and the option error even more so. I've also toyed around with 'require-chapms-v2' and some other variants on chap, mschap and mschapv2. Any ideas? /?rjan From cameron at fax.sno.cpqcorp.net Tue Mar 19 16:52:31 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Wed, 20 Mar 2002 09:52:31 +1100 Subject: [pptp-server] Newbee Question... References: <323712546.20020319001409@spuky.de> <3C967A5C.B68CBB22@fax.sno.cpqcorp.net> <4226791704.20020319010529@spuky.de> <3C96924C.DC667923@fax.sno.cpqcorp.net> <9689777403.20020319183514@spuky.de> Message-ID: <3C97C12F.2678B7F5@fax.sno.cpqcorp.net> Spuky wrote: > James wrote: > > Use a central server to maintain the list of IP addresses as they > > change. > is there any software available to do this? Yes, I've seen such software to record the new IP for a dynamic IP user, but I have no specific recommendations. Dynamic DNS servers with a web page script front end seem to be popular. If a DNS server isn't used, all that is needed is a script that collects the latest known IP address for a client. This could be via HTTP and a scripting language, or something else. An alternative and secure means of collecting the IPs; grant a special purpose account on the server to each user, and require them to provide their ssh host key to you, then insert it into the .ssh/authorized_keys file along with a command that saves the value of environment variable $SSH_CLIENT ... but this might require a lot of research and effort on your part. I know of no software that will automate the whole thing for you. But that just means I haven't found it yet. -- James Cameron (james.cameron at compaq.com) OpenVMS, Linux, Firewalls, Software Engineering, CGI, HTTP, X, C, FORTH, COBOL, BASIC, DCL, csh, bash, ksh, sh, Electronics, Microcontrollers, Disability Engineering, Netrek, Bicycles, Pedant, Farming, Home Control, Remote Area Power, Greek Scholar, Tenor Vocalist, Church Sound, Husband. "Specialisation is for insects." -- Robert Heinlein. From orjan at whyevenbother.com Tue Mar 19 19:35:37 2002 From: orjan at whyevenbother.com (=?Windows-1252?Q?=D6rjan_Johansson?=) Date: Wed, 20 Mar 2002 02:35:37 +0100 Subject: [pptp-server] LCP: time out Message-ID: Thanx for your help guys! I'm one step closer now. I applied the require mppe patch, so skipping the '+chapms-v2' got me through without warnings about unrecognized options. Now when I try and connect the client semms to connect. It stops and waits at the 'verifying username and password'. When I look at the log it says : Mar 20 01:44:37 howdy pptpd[8063]: CTRL: Starting call (launching pppd, opening GRE) Mar 20 01:44:37 howdy pppd[8064]: pppd 2.4.1 started by root, uid 0 Mar 20 01:44:37 howdy pppd[8064]: Using interface ppp0 Mar 20 01:44:37 howdy pppd[8064]: Connect: ppp0 <--> /dev/pts/2 Mar 20 01:45:08 howdy pppd[8064]: LCP: timeout sending Config-Requests Mar 20 01:45:08 howdy pppd[8064]: Connection terminated. Mar 20 01:45:08 howdy pppd[8064]: Exit. The negotiation/lcp should go over tcp/1723 right? And the data over protocol 47? I've made sure my shorewall lets all this through. Any chance I could see some sample options files? I'm running RH7.2, patched 2.4.9-31 kernel, pppd 2.4.1 with the three patches, and poptop 1.0.1. My options file looks like this (at the moment, it changes every five seconds testing...:-): debug lock mtu 1490 mru 1490 auth idle 300 maxfail 3 proxyarp #refuse-pap #refuse-chap #refuse-chapms ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 #chapms #chapms-v2 mppe-40 mppe-128 mppe-stateless My clients (2k pro and xp pro) are configured to require encryption, set to pptp, and set to use mschapv2. Any ideas extremely appreciated! I gotta be at work in a few hours, but can't give up just yet. How come frustrating things like these are also so much fun...? :-) Cheers, ?rjan From neale at lowendale.com.au Tue Mar 19 20:21:34 2002 From: neale at lowendale.com.au (Neale Banks) Date: Wed, 20 Mar 2002 13:21:34 +1100 (EST) Subject: [pptp-server] LCP: time out In-Reply-To: Message-ID: On Wed, 20 Mar 2002, [Windows-1252] ?rjan Johansson wrote: [...] > Now when I try and connect the client semms to connect. It stops and > waits at the 'verifying username and password'. When I look at the log > it says : > Mar 20 01:44:37 howdy pptpd[8063]: CTRL: Starting call (launching pppd, > opening GRE) > Mar 20 01:44:37 howdy pppd[8064]: pppd 2.4.1 started by root, uid 0 > Mar 20 01:44:37 howdy pppd[8064]: Using interface ppp0 > Mar 20 01:44:37 howdy pppd[8064]: Connect: ppp0 <--> /dev/pts/2 > Mar 20 01:45:08 howdy pppd[8064]: LCP: timeout sending Config-Requests > Mar 20 01:45:08 howdy pppd[8064]: Connection terminated. > Mar 20 01:45:08 howdy pppd[8064]: Exit. That "smells like" GRE being blocked somewhere. > The negotiation/lcp should go over tcp/1723 right? And the data over > protocol 47? I've made sure my shorewall lets all this through. > Any chance I could see some sample options files? I'm running RH7.2, > patched 2.4.9-31 kernel, pppd 2.4.1 with the three patches, and poptop > 1.0.1. Not quite. Initial control info ovet tcp/1723 but all ppp (including LCP) over GRE (i.e. IP protocol 47). > My options file looks like this (at the moment, it changes every > five seconds testing...:-): > debug [...] Hmm... you've got debug turned on, but we aren't seeing pppd's debug messages??? Is there more info in debug.log? Usually you can work out which path has GRE blocked from the LCP debug messages. HTH, Neale. From berzerke at swbell.net Tue Mar 19 20:13:01 2002 From: berzerke at swbell.net (robert) Date: Tue, 19 Mar 2002 20:13:01 -0600 Subject: [pptp-server] Total frustration - help pls! In-Reply-To: References: Message-ID: <0GT90037B25UC6@mta5.rcsntx.swbell.net> A howto for the 2.4 kernels is at http://home.swbell.net/berzerke . On Tuesday 19 March 2002 01:49 pm, ?rjan Johansson wrote: > OK, I must admit I'm probably a total moron, but here's my problem: > > I've been using Linux for quite some time for routing and firewalling, > so when it's time to start messing with VPN's I thought I'd just look > around the net to find the answers and just go nuts - guess this was > tougher than that... > > I have a Redhat 7.2 with a 2.4.9-31 kernel. I've patched and recompiled > the kernel with the openssl patch. I've patched the pppd-2.4.1 sources > and installed those. Also installed the latest poptop. Now comes the > questions - stupid or not: > > * After installing everything I notice there's no /etc/pptpd.conf file. > I created it myself instead. Did my install fail, or is that as it > should be? > > * Does pptpd make use, and start, pppd or should pppd be started also? > Good scripts to autostart these? > > * Any comprehensive docs out there? I noticed poptop seems to be moving > to sourceforge, and I can't find any docs. > > * Anyone else out there who's gone through this recently? I want to set > up a server that accepts Win2k pptp clients, but would also like to try > out connecting two networks through two linux boxes. > > Any hints, ideas desperately welcome! Any archives out there where I can > find similar questions and their answers? And go easy on me please.... > > TIA, > Orjan From muralivemuri at multitech.co.in Tue Mar 19 22:54:51 2002 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Wed, 20 Mar 2002 10:24:51 +0530 Subject: [pptp-server] problem Message-ID: <3C98161B.9671A70E@multitech.co.in> hi there, i have a funny problem. well... to start with i am able to make a pptp link and get ip addresses for the link. everything is fine. i tested with clients win98, win2k and winXP. the clients are not able to ping the server end of the link. my pptpd.conf file is like this speed 56000 localip 192.168.7.1 remoteip 192.168.7.2-100 the client get addresses properly but are not able to ping even 192.168.7.1 . any ideas? murali -- --engineers 'MAKE' the world. -------------- next part -------------- An HTML attachment was scrubbed... URL: From truin at enterprise.truin.com Tue Mar 19 22:56:51 2002 From: truin at enterprise.truin.com (truin at enterprise.truin.com) Date: Tue, 19 Mar 2002 21:56:51 -0700 (MST) Subject: [pptp-server] problem In-Reply-To: <3C98161B.9671A70E@multitech.co.in> Message-ID: did you setup your iptables/ipchains rules to forwards packets across the interfaces? that seemed to do the trick for me, but it may have been something else in my many re-installs of pptpd. ;-) -=Jason=- On Wed, 20 Mar 2002, Murali K. Vemuri wrote: > hi there, > > > i have a funny problem. > well... to start with i am able to make a pptp link and get ip addresses > for the link. > everything is fine. i tested with clients win98, win2k and winXP. > the clients are not able to ping the server end of the link. > my pptpd.conf file is like this > > speed 56000 > localip 192.168.7.1 > remoteip 192.168.7.2-100 > > the client get addresses properly but are not able to ping even > 192.168.7.1 . > any ideas? > murali > > -- > --engineers 'MAKE' the world. > > > From mattgav at tempo.com.au Tue Mar 19 23:18:31 2002 From: mattgav at tempo.com.au (Matt Gavin) Date: Wed, 20 Mar 2002 16:18:31 +1100 Subject: [pptp-server] WTF, my PoPToP Server is posessed!!! Message-ID: Somehow my PoPToP Server in the last couple of days has decided to allocate a new "local IP" I can't figure out what's wrong here or where it is getting this the new "local IP" from... pppd[6123]: local IP address 192.168.0.1 pppd[6123]: remote IP address 203.41.xxx.xxx But this is my /etc/pptpd.conf file: option /etc/ppp/options.pptp Localip 203.41.xxx.xxx remoteip 203.41.xxx.192-253 pidfile /var/run/pptpd.pid debug Can anyone suggest anything... Please! Tia Matt From mattgav at tempo.com.au Tue Mar 19 23:41:14 2002 From: mattgav at tempo.com.au (Matt Gavin) Date: Wed, 20 Mar 2002 16:41:14 +1100 Subject: [pptp-server] WTF, my PoPToP Server is posessed!!! In-Reply-To: Message-ID: Please dis-regard my last email... Problem is now fixed. For those interested, a line in my /etc/pptpd.conf file: Localip 203.41.xxx.xxx should have been: localip 203.41.xxx.xxx ie: Upercase "L" = BAD!!! Ciao Matt. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Matt Gavin Sent: Wednesday, 20 March 2002 4:19 PM To: PPTPD User Group Subject: [pptp-server] WTF, my PoPToP Server is posessed!!! Somehow my PoPToP Server in the last couple of days has decided to allocate a new "local IP" I can't figure out what's wrong here or where it is getting this the new "local IP" from... pppd[6123]: local IP address 192.168.0.1 pppd[6123]: remote IP address 203.41.xxx.xxx But this is my /etc/pptpd.conf file: option /etc/ppp/options.pptp Localip 203.41.xxx.xxx remoteip 203.41.xxx.192-253 pidfile /var/run/pptpd.pid debug Can anyone suggest anything... Please! Tia Matt _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From fcusack at fcusack.com Wed Mar 20 04:44:20 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Wed, 20 Mar 2002 02:44:20 -0800 Subject: [pptp-server] poptop.sourceforge.net is empty Message-ID: <20020320024420.B16469@google.com> Can someone tell me where to get the latest 1.1.x version? thanks /fc From fcusack at fcusack.com Wed Mar 20 04:48:00 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Wed, 20 Mar 2002 02:48:00 -0800 Subject: [pptp-server] poptop.sourceforge.net is empty In-Reply-To: <20020320024420.B16469@google.com>; from fcusack@fcusack.com on Wed, Mar 20, 2002 at 02:44:20AM -0800 References: <20020320024420.B16469@google.com> Message-ID: <20020320024759.C16469@google.com> On Wed, Mar 20, 2002 at 02:44:20AM -0800, Frank Cusack wrote: > Can someone tell me where to get the latest 1.1.x version? nevermind ... found it on rpmfind.net /fc From r.devroede at linvision.com Wed Mar 20 06:19:23 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 20 Mar 2002 13:19:23 +0100 Subject: [pptp-server] Adding support for MS-CHAPv2 and MPPE In-Reply-To: <003b01c1ce8d$86955a10$0345a8c0@bbyrd> References: <003b01c1ce8d$86955a10$0345a8c0@bbyrd> Message-ID: <1016626763.1758.3.camel@richard> If you want to use RPMs, you need the kernel, kernel-headers and ppp RPMS. For ease of install you could also use the pptpd RPM. Regards, Richard > Hey from the looks of the readme at the binarix site it seems that you > have compiled for rh72 a ppp rpm and a pptp rpm that includes support > for mschapv2 and mppe....if I just loaded rh72 would that work for me? > > Thanks, > Bo > > -----Original Message----- > From: R. de Vroede [mailto:r.devroede at linvision.com] > Sent: Monday, March 18, 2002 3:41 AM > To: Bo Byrd > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Adding support for MS-CHAPv2 and MPPE > > > Go to http://mirror.binarix.com/ppp-mppe/ and get Charles Howes' > linux-2.4.16-openssl-0.9.6b-mppe.patch.gz > > Should work for kernel 2.4.x > And it doesn't mean you have to install openssl-0.9.6b, but it's based > on it. > > Regards, > Richard de Vroede > > On Fri, 2002-03-15 at 21:33, Bo Byrd wrote: > > Ok I just installed a stock Mandrake8.1 (2.4.8-26mdk) kernel and > > installed the pptpd-inittab-1.0.1-1.i386.rpm package and things are > > working fine with CHAP but I'm trying to get MSCHAPv2 and encryption. > > > > So far ive compiled the kernel twice, both times after screwing up > > I've just reinstalled a fresh OS from scratch, but im not ready to > > give up yet... > > > > Basically the instrctions given for adding MSCHASv2 and MPPE > > encryption are for old redhat 2.2 kernels.....Im sure things have > > changed since then > > > > Since Im using a 2.4 kernel do I still need to uupgrade my kernel to > > anything and use the kernel sources and headers for anything like the > > doc said for the 2.2 kernel? > > > > Also I got an error message when trying to patch with the .diff file > > some files were missing I suspect they werent there cause I'm using a > > newer version of ppp (2.4.1). > > > > Can someone point me in the right direction as far as a getting a 2.4 > > kernel set up as a poptop server with encryption? Cause Im lost and > > the reloading the os is getting frustrating... > > > > > > Thanks, > > Bo Byrd > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From r.devroede at linvision.com Wed Mar 20 09:54:39 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 20 Mar 2002 16:54:39 +0100 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <20020318200516.A15467@google.com> References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> <1016499914.20837.3.camel@filecabinet.amoa.org> <20020318200516.A15467@google.com> Message-ID: <1016639679.2760.166.camel@richard> I hope so too, Frank. I mailed them about it, but still no answer. Anyways, all we can do is cross our finger and hope. In the mean time all those lucky RedHat users can use the RPM's I built Regards, Richard > I expect (hope) that pppd-2.4.2 userland will have mppe integrated. There > are various problems with the existing patches. I also hope that the > kernel component will be integrated, I imagine this will largely depend > on whether kernel maintainers are comfortable including rc4. -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From martin at mh57.net Wed Mar 20 10:07:52 2002 From: martin at mh57.net (Martin Hermanowski) Date: Wed, 20 Mar 2002 17:07:52 +0100 Subject: [pptp-server] Packet corruption using pptp/mppe over wlan Message-ID: <20020320160752.GD4911@mh57.net> Hi! pptp via ethernet is no problem, as is direkt access via the wlan. But if I connect using pptp over the wlan, I get recv-errors and corrupted data (only single bits). scp aborts copies with `Corrupted MAC'. The Accesspoint is an ELSA LANCOM Wireless IL-11 2.16.0001 / 06.03.2001 The wlan-card is a Prism2 build in an IBM A30. The problem arises with WinXP and Linux 2.4.17pre9 (different Notebooks). The Server is running Linux 2.4.17. Any ideas? MfG Martin -- PGP/GPG encrypted mail preferred, see header ,-- | Nur tote Fische schwimmen mit dem Strom `-- From allanc at caldera.com Wed Mar 20 10:11:52 2002 From: allanc at caldera.com (Allan Clark) Date: Wed, 20 Mar 2002 11:11:52 -0500 Subject: RES: [pptp-server] Is PoPToP dead? References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> <1016499914.20837.3.camel@filecabinet.amoa.org> <20020318200516.A15467@google.com> <1016639679.2760.166.camel@richard> Message-ID: <3C98B4C8.A10C7BF4@caldera.com> I also mailed the pppd maint a wile ago, before 2.4.1 came out. No response. "Is pppd dead?" :) Allan "R. de Vroede" wrote: > > I hope so too, Frank. I mailed them about it, but still no answer. > Anyways, all we can do is cross our finger and hope. > In the mean time all those lucky RedHat users can use the RPM's I built > > > Regards, > Richard > > > I expect (hope) that pppd-2.4.2 userland will have mppe integrated. There > > are various problems with the existing patches. I also hope that the > > kernel component will be integrated, I imagine this will largely depend > > on whether kernel maintainers are comfortable including rc4. > > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From r.devroede at linvision.com Wed Mar 20 10:15:07 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 20 Mar 2002 17:15:07 +0100 Subject: [pptp-server] Is PoPToP dead? In-Reply-To: <1016499914.20837.3.camel@filecabinet.amoa.org> References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> <1016499914.20837.3.camel@filecabinet.amoa.org> Message-ID: <1016640907.2760.189.camel@richard> As you might know, I maintain the RedHat packages on Binarix. Here's my two cents about the future of PPtP. Facts: * Daniel and Matthew from Lineo went to Snapgear and are still developing PoPToP and will soon release a new version * PPTP client project is going well on SourceForge. * Bojan Smojver maintains the Binarix mirror * I maintain devel.linvision.com where my company hosts custom RedHat RPMs (like kernel, ppp, pptpd). * SourceForge sucks major with the lack of control * Allan and Chris offered to host/mirror * Chris offered to help with documentation (as do I) * Christopher offered to host the DNS entry People, I think we have a nice set of ingredients to make PPTP for linux a wonderful recipe. All we need is one good cook. Regards, Richard -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From r.devroede at linvision.com Wed Mar 20 10:20:09 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 20 Mar 2002 17:20:09 +0100 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <3C98B4C8.A10C7BF4@caldera.com> References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> <1016499914.20837.3.camel@filecabinet.amoa.org> <20020318200516.A15467@google.com> <1016639679.2760.166.camel@richard> <3C98B4C8.A10C7BF4@caldera.com> Message-ID: <1016641209.2183.192.camel@richard> Heh! I think they're struggling to get mppe to work ;-p > I also mailed the pppd maint a wile ago, before 2.4.1 came out. No > response. > > "Is pppd dead?" :) > > Allan > > > "R. de Vroede" wrote: > > > > I hope so too, Frank. I mailed them about it, but still no answer. > > Anyways, all we can do is cross our finger and hope. > > In the mean time all those lucky RedHat users can use the RPM's I built > > > > > > Regards, > > Richard > > > > > I expect (hope) that pppd-2.4.2 userland will have mppe integrated. There > > > are various problems with the existing patches. I also hope that the > > > kernel component will be integrated, I imagine this will largely depend > > > on whether kernel maintainers are comfortable including rc4. > > > > -- > > Richard de Vroede > > (r.devroede at linvision.com) > > ------------------------------------------------ > > Linvision BV Provides Linux Solutions > > Elektronicaweg 16D > > 2628 XG Delft > > T: +31157502310 info at linvision.com > > F: +31157502319 http://devel.linvision.com > > ------------------------------------------------ > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From vlast at indivisuallearning.com Wed Mar 20 10:40:43 2002 From: vlast at indivisuallearning.com (Vladimir Strezhnev) Date: Wed, 20 Mar 2002 10:40:43 -0600 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <3C98B4C8.A10C7BF4@caldera.com> Message-ID: <000001c1d02d$fa490640$6700000a@Vlast> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After recent improvements of freeswan and availability of support for Windows ipsec clients this alternative to freeware pptp is becoming more and more vialble. Just browse the 300 pages of freeswan documentation! After discovering that 2.2 kernel based pptp client is incompatible with 2.4 kernel based pptp server and there is no apparent interest in fixing it, we also switched our VPN - both for remote offices and roadwarriors from PopTop to freeswan. Live happily after... VLADIMIR STREZHNEV System Engineer IndiVisual Learning, LLC St.Paul, MN -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPJi7Vb5tPDt+Qc/uEQJwnACgrKS/YwrG1duzddGHltLi1Wxj5I4AoNH9 GcYUawoslirVlK2Vvv+RQVch =1J6W -----END PGP SIGNATURE----- -------------- next part -------------- An embedded message was scrubbed... From: "Allan Clark" Subject: Re: RES: [pptp-server] Is PoPToP dead? Date: Wed, 20 Mar 2002 10:11:52 -0600 Size: 3095 URL: From byrdr at corp.earthlink.net Wed Mar 20 10:38:27 2002 From: byrdr at corp.earthlink.net (Bo Byrd) Date: Wed, 20 Mar 2002 11:38:27 -0500 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <000001c1d02d$fa490640$6700000a@Vlast> Message-ID: <004201c1d02d$ac72b970$0345a8c0@bbyrd> What windows2000/xp client software are you using??? -Bo -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Vladimir Strezhnev Sent: Wednesday, March 20, 2002 11:41 AM To: pptp-server at lists.schulte.org Subject: RE: RES: [pptp-server] Is PoPToP dead? ***[3/20/2002 11:37:17 AM] PGP Signature Status: unknown ***[3/20/2002 11:37:17 AM] Hash: SHA1 ***[3/20/2002 11:37:17 AM] Signer: Unknown ***[3/20/2002 11:37:17 AM] Signer Key ID:0x7E41CFEE ***[3/20/2002 11:37:17 AM] Signed: 3/20/2002 11:39:49 AM ***[3/20/2002 11:37:17 AM] Verified: 3/20/2002 11:37:17 AM ***[3/20/2002 11:37:17 AM] BEGIN PGP VERIFIED MESSAGE *** After recent improvements of freeswan and availability of support for Windows ipsec clients this alternative to freeware pptp is becoming more and more vialble. Just browse the 300 pages of freeswan documentation! After discovering that 2.2 kernel based pptp client is incompatible with 2.4 kernel based pptp server and there is no apparent interest in fixing it, we also switched our VPN - both for remote offices and roadwarriors from PopTop to freeswan. Live happily after... VLADIMIR STREZHNEV System Engineer IndiVisual Learning, LLC St.Paul, MN ***[3/20/2002 11:37:17 AM] END PGP VERIFIED MESSAGE *** From collini at colliniconsulting.it Wed Mar 20 11:53:52 2002 From: collini at colliniconsulting.it (Collini Consulting s.a.s.) Date: Wed, 20 Mar 2002 18:53:52 +0100 Subject: [pptp-server] pptp stability Message-ID: Hello, as i am implementating a pptp vpn client in order to solve some problems due to multiple connections from the same ip, i would like to know the kind of stability of the poptop solution. One installed and right working, is it stable? Thank you in advance for your interest, bye! Francesco Collini From allanc at caldera.com Wed Mar 20 12:57:52 2002 From: allanc at caldera.com (Allan Clark) Date: Wed, 20 Mar 2002 13:57:52 -0500 Subject: RES: [pptp-server] Is PoPToP dead? References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> <1016499914.20837.3.camel@filecabinet.amoa.org> <20020318200516.A15467@google.com> <1016639679.2760.166.camel@richard> <3C98B4C8.A10C7BF4@caldera.com> <1016641209.2183.192.camel@richard> Message-ID: <3C98DBB0.7A3600F9@caldera.com> Actually, you may be joking, but look at ppp/ppp/auth.c: > ---------------------------- > revision 1.75 > date: 2002/03/05 15:14:04; author: dfs; state: Exp; lines: +21 -4 > Patch from Frank Cusack to add support for MSCHAPv2. > Enhanced radiusclient to support INCLUDE lines in dictionary. > ---------------------------- > revision 1.74 > date: 2002/03/01 14:39:18; author: dfs; state: Exp; lines: +45 -17 > Large patch from Frank Cusack to add proper > support for MS-CHAP (client and server are now supported.) So it seems that while they are ignoring us, they might actually be putting MPPE into the main ppp release. Default ./configure activates #define CHAPMS which brings in similar, but not quite the same config parameters. ...and while I'm here: > Working file: pppd/auth.c > head: 1.75 > branch: > locks: strict > access list: > symbolic names: > RELEASE_2_3_7: 1.50 > RELEASE_2_3_6: 1.44 > PPP_NODEMAND: 1.20 > RELEASE-2-2: 1.17 > PPP_NEW_START: 1.15.0.2 > ppp-2-1-2a: 1.6 Jeez, ppp-guys, how about keeping the symbolic names (tags) updated ? Yeah, I know PPP guys won't be reading this, but I couldn't resist :) Allan "R. de Vroede" wrote: > > Heh! I think they're struggling to get mppe to work ;-p > > > I also mailed the pppd maint a wile ago, before 2.4.1 came out. No > > response. > > > > "Is pppd dead?" :) > > > > Allan > > > > > > "R. de Vroede" wrote: > > > > > > I hope so too, Frank. I mailed them about it, but still no answer. > > > Anyways, all we can do is cross our finger and hope. > > > In the mean time all those lucky RedHat users can use the RPM's I built > > > > > > > > > Regards, > > > Richard > > > > > > > I expect (hope) that pppd-2.4.2 userland will have mppe integrated. There > > > > are various problems with the existing patches. I also hope that the > > > > kernel component will be integrated, I imagine this will largely depend > > > > on whether kernel maintainers are comfortable including rc4. > > > > > > -- > > > Richard de Vroede > > > (r.devroede at linvision.com) > > > ------------------------------------------------ > > > Linvision BV Provides Linux Solutions > > > Elektronicaweg 16D > > > 2628 XG Delft > > > T: +31157502310 info at linvision.com > > > F: +31157502319 http://devel.linvision.com > > > ------------------------------------------------ > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From ctooley at amoa.org Wed Mar 20 13:14:44 2002 From: ctooley at amoa.org (Chris Tooley) Date: 20 Mar 2002 19:14:44 +0000 Subject: [pptp-server] Is PoPToP dead? In-Reply-To: <1016640907.2760.189.camel@richard> References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> <1016499914.20837.3.camel@filecabinet.amoa.org> <1016640907.2760.189.camel@richard> Message-ID: <1016651684.9948.40.camel@filecabinet.amoa.org> As you might well know, I took your kernel RPMs and integrated them with the SGI XFS kernel RPMs submitted to that project by Simon Matter . The only difference between your RPMs and mine are the XFS support (which is a much larger patch to apply to your kernel than the mppe patches were to apply to his, I took the path of least resistence). They are available at my site and I think Bojan was going to e-mail the mirror maintainer (is that you Richard) at mirror.binarix.com to see if you wanted those kernels. I've also put a RedHat 7.2 HOWTO start on my site (http://www.thetooleys.org/pptp/) and it's enough to get PoPToP or pptp-client either one working. I was very happy to see that the kernel patches for mppe worked for both projects. Let me know where to go from here. I'd certainly like to see something happen. I'm probably in the minority, but I don't mind using SourceForge at all. There are some problems with it but the infrastructure is there, and the price is right. Chris Tooley On Wed, 2002-03-20 at 16:15, R. de Vroede wrote: > As you might know, I maintain the RedHat packages on Binarix. > Here's my two cents about the future of PPtP. > > Facts: > * Daniel and Matthew from Lineo went to Snapgear and are still > developing PoPToP and will soon release a new version > * PPTP client project is going well on SourceForge. > * Bojan Smojver maintains the Binarix mirror > * I maintain devel.linvision.com where my company hosts custom RedHat > RPMs (like kernel, ppp, pptpd). > * SourceForge sucks major with the lack of control > * Allan and Chris offered to host/mirror > * Chris offered to help with documentation (as do I) > * Christopher offered to host the DNS entry > > People, I think we have a nice set of ingredients to make PPTP for linux > a wonderful recipe. All we need is one good cook. > > Regards, > Richard > > -- > Richard de Vroede > (r.devroede at linvision.com) > ------------------------------------------------ > Linvision BV Provides Linux Solutions > Elektronicaweg 16D > 2628 XG Delft > T: +31157502310 info at linvision.com > F: +31157502319 http://devel.linvision.com > ------------------------------------------------ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From vodo_baas at hotmail.com Wed Mar 20 13:23:02 2002 From: vodo_baas at hotmail.com (Vodo Baas) Date: Wed, 20 Mar 2002 14:23:02 -0500 Subject: [pptp-server] Connection Options Message-ID: Is there a way to control the speed of one of the tunnels estalished through PoPToP? Either to adjust it to permit better performance for large transfers or to throttle the amount of bandwidth taken by individual users? Thanks Jason _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. From fabio at ipway.com.br Wed Mar 20 15:31:45 2002 From: fabio at ipway.com.br (Fabio Oliveira) Date: Wed, 20 Mar 2002 18:31:45 -0300 Subject: RES: [pptp-server] Connection Options In-Reply-To: Message-ID: Jason, To measure speed, try the command [pppstats -c 10000 -w 1 ppp] As performance you can improve by using TCP/IP to transfer data, because it was designed to WAN use. Also you can remove the debug option in your pptp files (report unconfirmed by doc. PPTPD-HOWTO). regards, Fabio Oliveira IPWay - Internet Services http://www.ipway.com.br -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Vodo Baas Enviada em: quarta-feira, 20 de mar?o de 2002 16:23 Para: pptp-server at lists.schulte.org Assunto: [pptp-server] Connection Options Is there a way to control the speed of one of the tunnels estalished through PoPToP? Either to adjust it to permit better performance for large transfers or to throttle the amount of bandwidth taken by individual users? Thanks Jason _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From mikes at hartwellcorp.com Wed Mar 20 17:23:20 2002 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Wed, 20 Mar 2002 15:23:20 -0800 Subject: [pptp-server] Encryption is getting NAKed by e-smith ppp-2.4.0-15 Message-ID: <91A5926EFF44D3118B1200104B7276EB01085210@hart-exchange.hartwellcorp.com> I'm using the e-smith ppp-2.4.0-15 package built by Charlie Brady (nice work!) but for some reason it's NAKing the encryption requests. The CHAP authentication completes sucessfully but encryption negotiation fails. The ppp_mppe module is loaded and I'm using the following in my options file: ## pppd options file for pptp connections name guardian lock debug asyncmap 0x0a0000 auth mru 1490 netmask 255.255.0.0 proxyarp nodefaultroute noipx -ac -pc -vj -pap require-chap -chap -chapms +chapms-v2 chapms-strip-domain mppe-40 mppe-128 mppe-stateless require-mppe require-mppe-stateless nodeflate nobsdcomp ms-wins 10.11.10.5 ms-wins 10.11.10.6 Any suggestions/hints would be most welcome. -- Michael St. Laurent Hartwell Corporation From fcusack at fcusack.com Wed Mar 20 17:25:23 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Wed, 20 Mar 2002 15:25:23 -0800 Subject: RES: [pptp-server] Is PoPToP dead? In-Reply-To: <3C98DBB0.7A3600F9@caldera.com>; from allanc@caldera.com on Wed, Mar 20, 2002 at 01:57:52PM -0500 References: <5.1.0.14.0.20020318162349.05505ba0@pop3s.schulte.org> <3C96737C.618D9FDC@fax.sno.cpqcorp.net> <3C9674E2.A192EDDD@caldera.com> <3C967880.A267869D@fax.sno.cpqcorp.net> <1016499914.20837.3.camel@filecabinet.amoa.org> <20020318200516.A15467@google.com> <1016639679.2760.166.camel@richard> <3C98B4C8.A10C7BF4@caldera.com> <1016641209.2183.192.camel@richard> <3C98DBB0.7A3600F9@caldera.com> Message-ID: <20020320152522.D23300@google.com> On Wed, Mar 20, 2002 at 01:57:52PM -0500, Allan Clark wrote: > So it seems that while they are ignoring us, they might actually be > putting MPPE into the main ppp release. Default ./configure activates > #define CHAPMS which brings in similar, but not quite the same config > parameters. I think they are the same. The documented ones follow the pppd conventions, there are also aliases which are not documented (again following convention). eg require-mschap +mschap are the same thing. Only require-mschap is documented. /fc From cameron at fax.sno.cpqcorp.net Wed Mar 20 17:40:25 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Thu, 21 Mar 2002 10:40:25 +1100 Subject: [pptp-server] Encryption is getting NAKed by e-smith ppp-2.4.0-15 References: <91A5926EFF44D3118B1200104B7276EB01085210@hart-exchange.hartwellcorp.com> Message-ID: <3C991DE9.3B3B54A8@fax.sno.cpqcorp.net> "Michael St. Laurent" wrote: > I'm using the e-smith ppp-2.4.0-15 package built by Charlie Brady (nice > work!) but for some reason it's NAKing the encryption requests. The > CHAP authentication completes sucessfully but encryption negotiation > fails. The ppp_mppe module is loaded and I'm using the following in my > options file: Can I have a look at the debug log? I think you've already tested for the two known causes I have listed for MPPE negotiation failure ... (a) no ppp_mppe module, (b) pppd does not have mppe support. So I'm interested in learning why this fails. -- James Cameron From mikes at hartwellcorp.com Wed Mar 20 17:51:37 2002 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Wed, 20 Mar 2002 15:51:37 -0800 Subject: [pptp-server] Encryption is getting NAKed by e-smith ppp-2.4. 0-15 Message-ID: <91A5926EFF44D3118B1200104B7276EB01085213@hart-exchange.hartwellcorp.com> Sure. I've attached it as it's a little large. -- Michael St. Laurent Hartwell Corporation > -----Original Message----- > From: James Cameron [mailto:cameron at fax.sno.cpqcorp.net] > Sent: Wednesday, March 20, 2002 3:40 PM > To: Michael St. Laurent > Cc: PPTP Mailing List ('pptp-server at lists.schulte.org') > Subject: Re: [pptp-server] Encryption is getting NAKed by > e-smith ppp-2.4.0-15 > > > "Michael St. Laurent" wrote: > > I'm using the e-smith ppp-2.4.0-15 package built by Charlie > Brady (nice > > work!) but for some reason it's NAKing the encryption requests. The > > CHAP authentication completes sucessfully but encryption negotiation > > fails. The ppp_mppe module is loaded and I'm using the > following in my > > options file: > > Can I have a look at the debug log? > > I think you've already tested for the two known causes I have > listed for > MPPE negotiation failure ... (a) no ppp_mppe module, (b) pppd does not > have mppe support. So I'm interested in learning why this fails. > > -- > James Cameron > -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: daemon.log.txt URL: From fcusack at fcusack.com Wed Mar 20 18:55:09 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Wed, 20 Mar 2002 16:55:09 -0800 Subject: [pptp-server] Encryption is getting NAKed by e-smith ppp-2.4. 0-15 In-Reply-To: <91A5926EFF44D3118B1200104B7276EB01085213@hart-exchange.hartwellcorp.com>; from mikes@hartwellcorp.com on Wed, Mar 20, 2002 at 03:51:37PM -0800 References: <91A5926EFF44D3118B1200104B7276EB01085213@hart-exchange.hartwellcorp.com> Message-ID: <20020320165509.G23300@google.com> On Wed, Mar 20, 2002 at 03:51:37PM -0800, Michael St. Laurent wrote: > sentinel pppd[20521]: sent [CCP ConfReq id=0x1 ] > sentinel pppd[20521]: rcvd [CCP ConfReq id=0x4 ] > sentinel pppd[20521]: sent [CCP ConfNak id=0x4 ] << (1) > sentinel pppd[20521]: rcvd [CCP ConfNak id=0x1 ] > sentinel pppd[20521]: rcvd [CCP ConfReq id=0x6 ] << (2) > sentinel pppd[20521]: sent [CCP ConfRej id=0x6 ] > sentinel pppd[20521]: LCP terminated by peer (El^G3^@ Message-ID: <00c501c1d0aa$097a6b00$02ffa8c0@cygnus> Hi! > as i am implementating a pptp vpn client in order to solve some problems due > to multiple connections from the same ip, i would like to know the kind of > stability of the poptop solution. > > One installed and right working, is it stable? I am currently using it for authenticating all our users in our student hostel network. We have a maximum of 320 concurrent users logged in on one single machine using poptop and I never had ANY stability problems besides some problems with a specific kernel version (2.4.10 SuSe Linux kernel is instable, 2.4.16 works fine for us). Torge Szczepanek From jacintajenny at yahoo.com Thu Mar 21 03:09:56 2002 From: jacintajenny at yahoo.com (jenny jacinta) Date: Thu, 21 Mar 2002 01:09:56 -0800 (PST) Subject: [pptp-server] Problems connecting pptp linux client to pptpd linux server Message-ID: <20020321090956.53793.qmail@web20506.mail.yahoo.com> Hi, I having the some of the problems that Michael encountered. I am running on kernel 2.4.18 and the rest of the configuration is the same as Michael. These configuration are setup on both the Linux client and server machines: 1) Linux kernel 2.4.18 2) Linux-2.4.4-openssl-0.9.6a-mppe.patch applied to the kernel 3) PPP-2.4.1 4) ppp-2.4.1-MSCHAPv2-fix.patch applied to PPP-2.4.1 5) ppp-2.4.1-openssl-0.9.6-mppe-patch applied to PPP-2.4.1 6) pptpd-1.1.2.tar.gz (development) 7) pptp-linux-1.0.3-1 This is my 'pptpd.conf' on the Linux server machine. option /etc/options localip 172.16.1.1 remoteip 172.16.1.2 pidfile /var/run/pptpd.pid This is the Linux Server '/etc/options' file. debug lock auth +chap +chapms +chapms-v2 mppe-128 mppe-40 mppe-stateless This is the '/etc/ppp/options' file in the Client machine. lock debug noauth mppe-40 mppe-128 mppe-stateless I started 'pptp' with the following parameters: pptp debug name This is my log file: [root at jenny root]# tail -f /var/log/messages Mar 21 16:32:50 jenny kernel: PPP generic driver version 2.4.1 Mar 21 16:32:50 jenny kernel: Linux agpgart interface v0.99 Mar 21 16:32:50 jenny kernel: agpgart: Maximum main memory to use for agpmemory: 439M Mar 21 16:32:50 jenny kernel: agpgart: Unsupported Intel chipset (devicem id: 25 01), you might want to try agp_try_unsupported=1. Mar 21 16:32:51 jenny kernel: [drm:drm_init] *ERROR* Cannot initialize the agpgart module. Mar 21 16:32:59 jenny kde(pam_unix)[2501]: authentication failure; logname=uid=0 euid=0 tty=:0 ruser= rhost= user=root Mar 21 16:33:08 jenny kde(pam_unix)[2501]: session opened for user root by(uid=0) Mar 21 16:33:29 jenny gnome-name-server[2772]: starting Mar 21 16:33:29 jenny gnome-name-server[2772]: name server starting Mar 21 16:34:27 jenny pptpd[2839]: MGR: Manager process started Mar 21 16:34:37 jenny pptp[2842]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:548]: Client connection established. Mar 21 16:34:38 jenny pptp[2842]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:654]: Outgoing call established (call ID 0, peer's call ID 0). Mar 21 16:34:38 jenny pppd[2845]: pppd 2.4.1 started by root, uid 0 Mar 21 16:34:38 jenny pppd[2845]: Using interface ppp0 Mar 21 16:34:38 jenny pppd[2845]: Connect: ppp0 <--> /dev/pts/3 Mar 21 16:35:08 jenny pppd[2845]: LCP: timeout sending Config-Requests Mar 21 16:35:08 jenny pppd[2845]: Connection terminated. Mar 21 16:35:09 jenny pppd[2845]: Exit. Mar 21 16:35:09 jenny pptp[2842]: log[callmgr_main:pptp_callmgr.c:240]: Closing connection Mar 21 16:35:09 jenny pptp[2842]: log[pptp_conn_close:pptp_ctrl.c:285]: Closing PPTP connection Mar 21 16:35:09 jenny pptp[2842]: log[pptp_write_some:pptp_ctrl.c:354]: write error: Broken pipe Mar 21 16:35:09 jenny pptp[2842]: log[call_callback:pptp_callmgr.c:88]: Closing connection any ideas? regards, jacinta --------------------------------- Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rlditto at bright.net Thu Mar 21 09:52:43 2002 From: rlditto at bright.net (rlditto&assoc) Date: Thu, 21 Mar 2002 10:52:43 -0500 Subject: [pptp-server] Problems connecting pptp linux client to pptpd linux server Message-ID: <001401c1d0f0$70a0cf40$6602a8c0@iserve> go to http://mirror.binarix.com/ppp-mppe/ get linux-2.4.16-openssl-0.9.6b-mppe.patch.gz and patch your kernel with this. it worked for me. i downloaded kernel source from kernel.org, and i am running mandrake 8.1 and i only have had to apply two patches one for mppe, and the other for ipvs, and everything is working great for me. if this doesn't get everything working for you let me know, and i'll tell you what else i did(in case you didn't do it already). -------------- next part -------------- An HTML attachment was scrubbed... URL: From andersjk at sol-invictus.org Thu Mar 21 12:24:08 2002 From: andersjk at sol-invictus.org (andersjk at sol-invictus.org) Date: Thu, 21 Mar 2002 19:24:08 +0100 (CET) Subject: [pptp-server] win2k and the new security rollout package Message-ID: HI, i have had with success the pptpd running with no problem, mandrake 8.1 kernel 2.4.16 and mschap etc etc. now a new problem has came up that maybe you all could help with me... connecting with win2k and the new security rollout package won't connect to the server the error is "MSCHAP-v2 peer authentication failed" using another host no problem.... anyone have any similiar issues... thanks, k From charlieb at e-smith.com Thu Mar 21 14:14:16 2002 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 21 Mar 2002 15:14:16 -0500 (EST) Subject: [pptp-server] Encryption is getting NAKed by e-smith ppp-2.4. 0-15 In-Reply-To: <20020320165509.G23300@google.com> Message-ID: On Wed, 20 Mar 2002, Frank Cusack wrote: > On Wed, Mar 20, 2002 at 03:51:37PM -0800, Michael St. Laurent wrote: > > sentinel pppd[20521]: sent [CCP ConfReq id=0x1 ] > > sentinel pppd[20521]: rcvd [CCP ConfReq id=0x4 ] > > sentinel pppd[20521]: sent [CCP ConfNak id=0x4 ] << (1) > > sentinel pppd[20521]: rcvd [CCP ConfNak id=0x1 ] > > sentinel pppd[20521]: rcvd [CCP ConfReq id=0x6 ] << (2) > > sentinel pppd[20521]: sent [CCP ConfRej id=0x6 ] > > sentinel pppd[20521]: LCP terminated by peer (El^G3^@ > Looks like a bug in ppp_mppe. The CCP negotiation is done by pppd, not the ppp_mpppe module. > In line (1), ppp_mppe is Nak'ing with > multiple enc options (40+128), it's supposed to Nak with one choice. Are you sure? Should it not Nak with anything that it can do which the peer has requested. > Also, it's Nak includes an option not in the original ConfReq. Which one? > The client seems to handle this fine, but then ppp_mppe decides for > some reason it doesn't like the clients new ConfReq (line (2), Line 2 is from client to server. And yes, the server then says it doesn't like it. > where the client requests a subset of what the server said it would > support). Yep, it looks OK, but then so does the server's initial NAK to me (60 in response to e1). > Maybe since the Nak went out bad, the server wants the next request to > be the same as it's Nak. > > The client disconnects after ppp_mppe rejects MPPE. Specifically, when it rejects the final offer of CCP negotiation. > Since the client support 128, you can probably workaround this by disabling > 40-bit support in ppp_mppe. Which is recommended in any case. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From kai at bs-networks.de Thu Mar 21 15:29:17 2002 From: kai at bs-networks.de (Kai Szymanski) Date: Thu, 21 Mar 2002 22:29:17 +0100 (CET) Subject: [pptp-server] Problems connecting pptp linux client to pptpd linux server In-Reply-To: <20020321090956.53793.qmail@web20506.mail.yahoo.com> Message-ID: Hi Jenny, On Thu, 21 Mar 2002, jenny jacinta wrote: > 1) Linux kernel 2.4.18 > 2) Linux-2.4.4-openssl-0.9.6a-mppe.patch applied to the kernel > 3) PPP-2.4.1 > 4) ppp-2.4.1-MSCHAPv2-fix.patch applied to PPP-2.4.1 > 5) ppp-2.4.1-openssl-0.9.6-mppe-patch applied to PPP-2.4.1 > 6) pptpd-1.1.2.tar.gz (development) > 7) pptp-linux-1.0.3-1 If have the same problem with kernel 2.4.16 (all the above patches installed). Windowsclients can connect, Linuxclients not. Tomorrow i will install 2.4.10 cause i know that pptp Linux<->Linux works with these kernel (i also get the answer to patch the kernel and do so...with no affect). > any ideas? Not me :)) > regards, > jacinta Best regards, Kai. From fcusack at fcusack.com Thu Mar 21 15:42:29 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Thu, 21 Mar 2002 13:42:29 -0800 Subject: [pptp-server] Encryption is getting NAKed by e-smith ppp-2.4. 0-15 In-Reply-To: ; from charlieb@e-smith.com on Thu, Mar 21, 2002 at 03:14:16PM -0500 References: <20020320165509.G23300@google.com> Message-ID: <20020321134229.G25620@google.com> On Thu, Mar 21, 2002 at 03:14:16PM -0500, Charlie Brady wrote: > > On Wed, 20 Mar 2002, Frank Cusack wrote: > > > On Wed, Mar 20, 2002 at 03:51:37PM -0800, Michael St. Laurent wrote: > > > sentinel pppd[20521]: sent [CCP ConfReq id=0x1 ] > > > sentinel pppd[20521]: rcvd [CCP ConfReq id=0x4 ] > > > sentinel pppd[20521]: sent [CCP ConfNak id=0x4 ] << (1) > > > sentinel pppd[20521]: rcvd [CCP ConfNak id=0x1 ] > > > sentinel pppd[20521]: rcvd [CCP ConfReq id=0x6 ] << (2) > > > sentinel pppd[20521]: sent [CCP ConfRej id=0x6 ] > > > sentinel pppd[20521]: LCP terminated by peer (El^G3^@ > > > Looks like a bug in ppp_mppe. > > The CCP negotiation is done by pppd, not the ppp_mpppe module. Yup, that's what I meant. :-) Thanks for the clarification. > > In line (1), ppp_mppe is Nak'ing with > > multiple enc options (40+128), it's supposed to Nak with one choice. > > Are you sure? Should it not Nak with anything that it can do which the > peer has requested. No, the standard PPP ack/nak sequence is to Nak with only *one* option, the one you will do based on what the peer suggests. Although I really hate to quote such a poor document as RFC 3078, in sec 2.1 it says "the responder SHOULD NAK with a single encryption option". > > Also, it's Nak includes an option not in the original ConfReq. > > Which one? Damn, sorry I misread that one. (I thought e1 wasn't including 40 bit.) It's puzzling why pppd would fail here. /fc From cameron at fax.sno.cpqcorp.net Thu Mar 21 21:19:38 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Fri, 22 Mar 2002 14:19:38 +1100 Subject: [pptp-server] win2k and the new security rollout package References: Message-ID: <3C9AA2CA.C45D2017@fax.sno.cpqcorp.net> Haven't heard of this one myself, but it would probably be worth investigating carefully. Microsoft do change the details of their protocols and probably would not have had the chance to check for interoperability with pptpd. ;-) -- James Cameron From cameron at fax.sno.cpqcorp.net Thu Mar 21 22:58:10 2002 From: cameron at fax.sno.cpqcorp.net (James Cameron) Date: Fri, 22 Mar 2002 15:58:10 +1100 Subject: [pptp-server] pptp-linux-1.1.0-1 released Message-ID: <3C9AB9E2.DCA4DFE8@fax.sno.cpqcorp.net> G'day, PPTP Client 1.1.0 has been released. Packages have been built for Debian and Red Hat on Alpha and Intel and uploaded to a staging area ... http://quozl.netrek.org/pptp/ http://quozl.linux.org.au/pptp/ Could I please have test reports ... which file you used, what operating system distribution and version you used, and if you know it the version of the PPTP server involved. Changes since 1.0.3 are: - new release engineer. - allow activation as a psuedo-tty child process from pppd, supporting on-demand or persistent pptp links. - ADSL modem quirks handler by mulix at actcom.co.il. - workaround for Orckit ADSL modem. - workaround for Cisco PIX connection drop after 60 seconds. - ported to FreeBSD and NetBSD. - integrated call manager into pptp binary. - many bugfixes improving stability. -- James Cameron From vivek_s7 at yahoo.com Fri Mar 22 00:53:44 2002 From: vivek_s7 at yahoo.com (Vivek) Date: Fri, 22 Mar 2002 12:23:44 +0530 Subject: [pptp-server] pptp stability References: <00c501c1d0aa$097a6b00$02ffa8c0@cygnus> Message-ID: <003b01c1d16f$a0ec4ba0$4602010a@satyam.net.in> Hi , Did have to do any tweaking to accept 320 concurrent connections ? And if you dont mind what is the hardware configuration of this machine ? I am looking at poptop for a situaton where number of connects will be around 300+ Thanks in advance .. Vivek ----- Original Message ----- From: "Torge Szczepanek" To: Sent: Thursday, March 21, 2002 12:58 PM Subject: Re: [pptp-server] pptp stability > Hi! > > > as i am implementating a pptp vpn client in order to solve some problems > due > > to multiple connections from the same ip, i would like to know the kind of > > stability of the poptop solution. > > > > One installed and right working, is it stable? > > I am currently using it for authenticating all our users in our student > hostel network. We have a maximum of 320 concurrent users logged in on one > single machine using poptop and I never had ANY stability problems besides > some problems with a specific kernel version (2.4.10 SuSe Linux kernel is > instable, 2.4.16 works fine for us). > > Torge Szczepanek > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From banta17us at yahoo.com Fri Mar 22 01:49:01 2002 From: banta17us at yahoo.com (basant singh) Date: Thu, 21 Mar 2002 23:49:01 -0800 (PST) Subject: [pptp-server] PPTPD and NAT Message-ID: <20020322074901.36551.qmail@web11904.mail.yahoo.com> Hi John, I am using PPTPD for quite along time and seems to be working fine i have installed the pptpd on redhat 7.1 it is having a private ip 10.32.3.112 and it is NATed on my check point firewall to 202.x.x.x and this is a static NAT. Now I try connect to it from Internet or local network it work fine. Now the problem is that i having one more site it is also behind a check point firewall network address of my this site 2 is 10.33.30.0 and whole of my network is nated to one ip 202.64.x.x. When i try to connect from this site 2 it fails.Ports 1723 and gre 47 are open on both the firewalls.Even i open all the ports on both the firewalls no help. I m attaching the error msg also. If you have any suggestion and any idea to solve this issue please help me. Thanks in advance. Bsn Mar 22 14:50:51 ns pptpd[12178]: CTRL: Client 202.x.x.x control connection started Mar 22 14:50:51 ns pptpd[12178]: CTRL: Received PPTP Control Message (type: 1) Mar 22 14:50:51 ns pptpd[12178]: CTRL: Made a START CTRL CONN RPLY packet Mar 22 14:50:51 ns pptpd[12178]: CTRL: I wrote 156 bytes to the client. Mar 22 14:50:51 ns pptpd[12178]: CTRL: Sent packet to client Mar 22 14:50:51 ns pptpd[12178]: CTRL: Received PPTP Control Message (type: 7) Mar 22 14:50:51 ns pptpd[12178]: CTRL: Set parameters to 152 maxbps, 32 window s ize Mar 22 14:50:51 ns pptpd[12178]: CTRL: Made a OUT CALL RPLY packet Mar 22 14:50:51 ns pptpd[12178]: CTRL: Starting call (launching pppd, opening GR E) Mar 22 14:50:51 ns pptpd[12178]: CTRL: pty_fd = 5 Mar 22 14:50:51 ns pptpd[12178]: CTRL: tty_fd = 6 Mar 22 14:50:51 ns pptpd[12178]: CTRL: I wrote 32 bytes to the client. Mar 22 14:50:51 ns pptpd[12178]: CTRL: Sent packet to client Mar 22 14:50:51 ns pptpd[12179]: CTRL (PPPD Launcher): Connection speed = 115200 Mar 22 14:50:51 ns pptpd[12179]: CTRL (PPPD Launcher): local address = 10.32.3.1 13 Mar 22 14:50:51 ns pptpd[12179]: CTRL (PPPD Launcher): remote address = 10.32.3.114 Mar 22 14:50:51 ns pppd[12179]: pppd 2.4.1 started by root, uid 0 Mar 22 14:50:51 ns pppd[12179]: using channel 2 Mar 22 14:50:51 ns pptpd[12178]: CTRL: Received PPTP Control Message (type: 15) Mar 22 14:50:51 ns pppd[12179]: Using interface ppp0 Mar 22 14:50:51 ns pptpd[12178]: CTRL: Got a SET LINK INFO packet with standard ACCMs Mar 22 14:50:51 ns pppd[12179]: Connect: ppp0 <--> /dev/pts/2 Mar 22 14:50:51 ns modprobe: modprobe: Can't locate module net-pf-4 Mar 22 14:50:51 ns pppd[12179]: sent [LCP ConfReq id=0x1 ] Mar 22 14:50:51 ns modprobe: modprobe: Can't locate module net-pf-5 Mar 22 14:50:54 ns pppd[12179]: sent [LCP ConfReq id=0x1 ] Mar 22 14:51:19 ns last message repeated 8 times Mar 22 14:51:22 ns pppd[12179]: LCP: timeout sending Config-Requests Mar 22 14:51:22 ns pppd[12179]: Connection terminated. Mar 22 14:51:22 ns pppd[12179]: Exit. Mar 22 14:51:22 ns pptpd[12178]: GRE: read(fd=5,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output error Mar 22 14:51:22 ns pptpd[12178]: CTRL: PTY read or GRE write failed (pty,gre)=(5 ,6) Mar 22 14:51:22 ns pptpd[12178]: CTRL: Client 202.x.x.x control connection finished Mar 22 14:51:22 ns pptpd[12178]: CTRL: Exiting now Mar 22 14:51:22 ns pptpd[4135]: MGR: Reaped child 12178 __________________________________________________ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards? http://movies.yahoo.com/ From fcusack at fcusack.com Fri Mar 22 02:26:52 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Fri, 22 Mar 2002 00:26:52 -0800 Subject: [pptp-server] pptp-linux-1.1.0-1 released In-Reply-To: <3C9AB9E2.DCA4DFE8@fax.sno.cpqcorp.net>; from cameron@fax.sno.cpqcorp.net on Fri, Mar 22, 2002 at 03:58:10PM +1100 References: <3C9AB9E2.DCA4DFE8@fax.sno.cpqcorp.net> Message-ID: <20020322002652.C25620@google.com> On Fri, Mar 22, 2002 at 03:58:10PM +1100, James Cameron wrote: > PPTP Client 1.1.0 has been released. > Changes since 1.0.3 are: > > - new release engineer. > - allow activation as a psuedo-tty child process from pppd, > supporting on-demand or persistent pptp links. > - ADSL modem quirks handler by mulix at actcom.co.il. > - workaround for Orckit ADSL modem. > - workaround for Cisco PIX connection drop after 60 seconds. > - ported to FreeBSD and NetBSD. > - integrated call manager into pptp binary. > - many bugfixes improving stability. The 1.1.2 out-of-order buffering isn't there? How does 1.1.0 compare with 1.1.2? thanks /fc From michiel at mind.be Fri Mar 22 02:40:55 2002 From: michiel at mind.be (michiel at mind.be) Date: Fri, 22 Mar 2002 09:40:55 +0100 Subject: [pptp-server] MGR: Max connections reached, extra IP addresses ignored Message-ID: <20020322094055.A12283@mind.be> Hi , im running pptpd 1.1.2-1.2 (debian package). now after running a few tests it starts giving me Mar 22 09:29:17 thunderbird pptpd[15676]: MGR: Max connections reached, extra IP addresses ignored Mar 22 09:29:17 thunderbird pptpd[15677]: MGR: Manager process started while im not have any open pptp session to that box. my config files : --------------------------------------- # pptpd.conf speed 115200 option /etc/ppp/pptpd-options localip 192.168.0.1-134,192.168.0.134 remoteip 192.168.1.1-134,192.168.1.134 #pptpd-options name vpn domain my.be auth require-chap netmask 255.255.255.0 nodefaultroute proxyarp lock -------------------------------------- and i have the nodefaultroute option defined in my pptpd-options but still when the pptp sessions establish (what it did before). it added a default route -- Tnx, Michiel Van Opstal Gnupg public key at http://thev0ke.be/public.gpg From michiel at mind.be Fri Mar 22 02:57:56 2002 From: michiel at mind.be (michiel at mind.be) Date: Fri, 22 Mar 2002 09:57:56 +0100 Subject: [pptp-server] MGR: Max connections reached, extra IP addresses ignored In-Reply-To: <20020322094055.A12283@mind.be>; from michiel@mind.be on Fri, Mar 22, 2002 at 09:40:55AM +0100 References: <20020322094055.A12283@mind.be> Message-ID: <20020322095756.B12283@mind.be> On Fri, Mar 22, 2002 at 09:40:55AM +0100, michiel at mind.be wrote: > Hi , > > im running pptpd 1.1.2-1.2 (debian package). > > now after running a few tests it starts giving me > Mar 22 09:29:17 thunderbird pptpd[15676]: MGR: Max connections reached, extra IP addresses ignored > Mar 22 09:29:17 thunderbird pptpd[15677]: MGR: Manager process started > while im not have any open pptp session to that box. > > my config files : > --------------------------------------- > # pptpd.conf > speed 115200 > > option /etc/ppp/pptpd-options > > localip 192.168.0.1-134,192.168.0.134 > remoteip 192.168.1.1-134,192.168.1.134 ok i fixed this by changing this to localip 192.168.1.1 remoteip 192.168.0.1-254 > > #pptpd-options > > name vpn > domain my.be > auth > require-chap > netmask 255.255.255.0 > nodefaultroute but still i get the default route of my pptp address > proxyarp > lock > > > -------------------------------------- > and i have the nodefaultroute option defined in my pptpd-options > but still when the pptp sessions establish (what it did before). > it added a default route > > -- > > > Tnx, > > Michiel Van Opstal > > Gnupg public key at http://thev0ke.be/public.gpg > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Michiel Van Opstal Mind Linux Solutions NV Vaartkom 11 B-3000 Leuven, Belgium Main Tel: +32 (0)16 309 666 Main Fax: +32 (0)16 309 644 GSM: +32 (0)478 504 403 ----------------------------------------------- Gnupg public key at http://thev0ke.be/public.gpg From giulioo at pobox.com Fri Mar 22 02:58:07 2002 From: giulioo at pobox.com (Giulio Orsero) Date: Fri, 22 Mar 2002 09:58:07 +0100 Subject: [pptp-server] pptp-linux-1.1.0-1 released In-Reply-To: <3C9AB9E2.DCA4DFE8@fax.sno.cpqcorp.net> References: <3C9AB9E2.DCA4DFE8@fax.sno.cpqcorp.net> Message-ID: <20020322085807.7630D276AA@i3.golden.dom> On Fri, 22 Mar 2002 15:58:10 +1100, James Cameron wrote: >Could I please have test reports ... which file you used, what operating >system distribution and version you used, and if you know it the version >of the PPTP server involved. Problem: cpu times 31415 ttyp6 R 0:14 pptp pptp: GRE-to-PPP gateway on (null) 31417 ttyp6 S 0:00 pptp pptp: call manager for 192.168.1.10 cpu times rapidly increasing (the above was just in 20 seconds) After login it seems no data will pass, I'll do more tests in next days. This is just to see if my problems is something known (I remember in the past I had similar cpu times problems with past versions 1.0.x and I solved using a slightly different patched version, but riight now I don't remember details, sorry) Client: linux/2.2.19.something rh6x pptp user file /etc/ppp/options.pptp (unchanged default) == log pptp[31417]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:580]: Client connection established. pptp[31417]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:708]: Outgoing call established (call ID 0, peer's call ID 0). pptp[31417]: log[callmgr_main:pptp_callmgr.c:267]: Closing connection pptp[31417]: log[pptp_conn_close:pptp_ctrl.c:307]: Closing PPTP connection pptp[31417]: log[call_callback:pptp_callmgr.c:88]: Closing connection == Server: linux/2.2.19-something/pptpd-1.1.2 rh6x == log pppd[28616]: pppd 2.3.11 started by root, uid 0 pppd[28616]: Using interface ppp0 pppd[28616]: Connect: ppp0 <--> /dev/ttyq6 pppd[28616]: MSCHAP-v2 peer authentication succeeded for pppd[28616]: found interface eth0 for proxy arp pppd[28616]: local IP address 192.168.1.10 pppd[28616]: remote IP address 192.168.1.91 pppd[28616]: MPPE 128 bit, stateless compression enabled pppd[28616]: stateless MPPE enforced == -- giulioo at pobox.com From fcusack at fcusack.com Fri Mar 22 03:26:16 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Fri, 22 Mar 2002 01:26:16 -0800 Subject: [pptp-server] pptp-linux-1.1.0-1 released In-Reply-To: <20020322002652.C25620@google.com>; from fcusack@fcusack.com on Fri, Mar 22, 2002 at 12:26:52AM -0800 References: <3C9AB9E2.DCA4DFE8@fax.sno.cpqcorp.net> <20020322002652.C25620@google.com> Message-ID: <20020322012616.K25620@google.com> On Fri, Mar 22, 2002 at 12:26:52AM -0800, Frank Cusack wrote: > On Fri, Mar 22, 2002 at 03:58:10PM +1100, James Cameron wrote: > > PPTP Client 1.1.0 has been released. ^^^^^^ duh. Ignore my question. thanks. > The 1.1.2 out-of-order buffering isn't there? How does 1.1.0 compare > with 1.1.2? /fc From lists at colliniconsulting.it Fri Mar 22 05:07:21 2002 From: lists at colliniconsulting.it (Francesco) Date: Fri, 22 Mar 2002 12:07:21 +0100 Subject: [pptp-server] periodically check a pptp client connections Message-ID: Hello, as i need a linux pptp VPN client to connect to a poptop pptp vpn linux server in order to link a little remote office branch to the main office quarter because multiple client connections FROM THE SAME IP do not work, i would like to automatically, by crontab, check, for example, every 5/10 minutes if the pptp link is up and, if down, automatically run the pptp client command. Is there a script to check the link status? Thank you to everybody! Bye, Francesco Collini (from Italy) From teastep at shorewall.net Fri Mar 22 08:20:52 2002 From: teastep at shorewall.net (Tom Eastep) Date: Fri, 22 Mar 2002 06:20:52 -0800 Subject: [pptp-server] periodically check a pptp client connections References: Message-ID: <019501c1d1ac$c5b5ca50$0501a8c0@ursa> Look at http://www.shorewall.net/PPTP.htm#ClientFW -- the scripts found there are the one's I use and don't depend on Shorewall. I run the check script at 5-minute intervals. -Tom ----- Original Message ----- From: "Francesco" To: Sent: Friday, March 22, 2002 3:07 AM Subject: [pptp-server] periodically check a pptp client connections > Hello, > > as i need a linux pptp VPN client to connect to a poptop pptp vpn linux > server in order to link a little remote office branch to the main office > quarter because multiple client connections FROM THE SAME IP do not work, i > would like to automatically, by crontab, check, for example, every 5/10 > minutes if the pptp link is up and, if down, automatically run the pptp > client command. > > Is there a script to check the link status? > > Thank you to everybody! > > Bye, > > Francesco Collini (from Italy) > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From vlast at indivisuallearning.com Fri Mar 22 11:36:08 2002 From: vlast at indivisuallearning.com (Vladimir Strezhnev) Date: Fri, 22 Mar 2002 11:36:08 -0600 Subject: [pptp-server] periodically check a pptp client connections In-Reply-To: References: Message-ID: <02032211360801.06024@ivl-devel.indivisuallearning.com> I found this script a while ago in this list archives. Sorry, can not supply the original author credentials. Hope his posting is still in the archives and can be traced. ###### #!/bin/bash ans1=`ps -ef | grep pptp | grep -v grep | grep -v query | wc -l | /bin/awk '{print $1}'` tim=`date | awk '{print $4}'` dat=`date | awk '{print $1 " " $2 " " $3 }'` if [ "$ans1" = "0" ] then echo "pptp is down!" echo "cleaning up pptp" ifconfig ppp0 down if [ -e /var/run/ppp0.pid ] then kill HUP `cat /var/run/ppp0.pid` fi if [ -e /var/run/pptp/* ] then rm /var/run/pptp/* fi echo "re-initiating link on $dat at $tim" /usr/sbin/pptp-command start fi ##### Sometimes the script failed to make a total cleen-up, so we used slightly modified one for about a year without problems. It was run by cron every min. ##### #!/bin/bash ans1=`route -n | grep ppp0 | grep -v grep | grep -v query | wc -l | /bin/awk '{print $1}'` tim=`date | awk '{print $4}'` dat=`date | awk '{print $1 " " $2 " " $3 }'` if [ "$ans1" != "3" ] then echo "pptp is down!" echo "cleaning up pptp" ifconfig ppp0 down if [ -e /var/run/ppp0.pid ] then kill HUP `cat /var/run/ppp0.pid` fi if [ -e /var/run/pptp/* ] then rm /var/run/pptp/* fi echo "re-initiating link on $dat at $tim" /usr/sbin/pptp-command stop sleep 5 /usr/sbin/pptp-command start fi ##### On Friday 22 March 2002 05:07, you wrote: > Hello, > > as i need a linux pptp VPN client to connect to a poptop pptp vpn linux > server in order to link a little remote office branch to the main office > quarter because multiple client connections FROM THE SAME IP do not work, i > would like to automatically, by crontab, check, for example, every 5/10 > minutes if the pptp link is up and, if down, automatically run the pptp > client command. > > Is there a script to check the link status? > > Thank you to everybody! > > Bye, > > Francesco Collini (from Italy) > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- VLADIMIR STREZHNEV System Engineer IndiVisual Learning, LLC St. Paul, MN From marcel_hauser at gmx.ch Fri Mar 22 15:27:14 2002 From: marcel_hauser at gmx.ch (Hauser Marcel) Date: Fri, 22 Mar 2002 20:27:14 -0100 Subject: [pptp-server] Accessing the poptop Server Message-ID: <1016832434.3c9ba1b2e17d3@webmail3.webfluxation.com> Hi everyone I'am having a lot of connectivity Problems with poptop and W2k Client's. For example: - I can connect with winXP/2000 through my external interface at the firewall where poptop is running. - I can connect from another location through the internet, but only once, then i have to reboot the pc (the client) in order to be able to reconnect to poptop. - I had no success from many other locations (OK.. some have firewalls but some not)... even with normal Modem Dialup's to an isp, i was NOT able to connect to poptop. I always endup with the logentries (on those times where to connection was failing): send LCP ConfReq last messages repeated 8 times LCP: Timeout sending Config-Request I'am just asking, if somebody else has this Problem too. OK... it looks like GRE is blocked somewhere through the internet... but hey !.. if it's so hard to get a connection from Everywhere over the internet (let's say through ISP Dialup Connections) ...the the whole vpn thing is just useless. Or am i just doing something wrong ? maybe there is a timeout setting or something like that ? Thanks for any Hints Cheers Marcel From byrdr at corp.earthlink.net Fri Mar 22 13:37:28 2002 From: byrdr at corp.earthlink.net (Bo Byrd) Date: Fri, 22 Mar 2002 14:37:28 -0500 Subject: [pptp-server] IP Masq and IP Tables In-Reply-To: <02032211360801.06024@ivl-devel.indivisuallearning.com> Message-ID: <002801c1d1d9$0387e2b0$0345a8c0@bbyrd> OK I got mschapv2 and mppe128 working...now im trying to get IP Masq set up so all the pptp clients can access the internet. The problem is that users get connected to the poptop server as ppp0, ppp1, ppp2, etc and the rc.firewall script needs EXTIF="eth0" and INTIF"=eth1" or vice versa and I want to use the ppp interfaces.....has anyone else been able to masq the clients connecting to the vpn server??? Heres how I want my setup to work... Clients will connect to the VPN POPTOP server and get an address from a range of 192.168.100.2-254 for their PPTP dial up adapter. I have the VPN server allocated only 1 address, 192.168.100.1 INTERNET | | External Network card (209.12.x.x) POPTOP RH7.1 VPN SERVER Internal Network card (192.168.10.1) | | Wireless AccessPoint (802.3 to 802.11b bridge) | | | Wireless NIC card (192.168.10.10) LAPTOP COMPUTER Any help is much appreciated. Thanks! Bo From jason at gfy.cc Fri Mar 22 14:18:40 2002 From: jason at gfy.cc (jason) Date: Fri, 22 Mar 2002 15:18:40 -0500 Subject: [pptp-server] ********************* IF YOU WANT EASY INSTALL FOR REDHAT 7.2 GO HERE ************************ Message-ID: <001c01c1d1de$c1ef87d0$2464a8c0@tbegrp.local> http://www.jara.cc -------------- next part -------------- An HTML attachment was scrubbed... URL: From collini at colliniconsulting.it Fri Mar 22 14:23:36 2002 From: collini at colliniconsulting.it (Collini Consulting s.a.s.) Date: Fri, 22 Mar 2002 21:23:36 +0100 Subject: [pptp-server] pptp client Message-ID: In order to avoid the problem of multiple ip connections from the same ip, i am setting up a linux pptp client, which sould act as a vpn router to the vpn remote server for three windows pc. Do you think there will be some problems? The tunnel created is only one, and the gre protocol is only one, which should transport the packets. Furthermore, do you think an windows nt 4.0 workstation can run pptp connections + rras to forward other's machine's ip instead of making a pptp client linux server? Thank you again, bye! Francesco Collini From orjan at whyevenbother.com Fri Mar 22 15:58:18 2002 From: orjan at whyevenbother.com (=?Windows-1252?Q?=D6rjan_Johansson?=) Date: Fri, 22 Mar 2002 22:58:18 +0100 Subject: [pptp-server] Frustration gone! Message-ID: Hi all! Redhat 7.2, poptop server - Win client setup. After patching, re-compiling, testing, swearing, re-patching, crying, kicking and screaming I've got everything working great. Since my problem wasn't one, but several, it made it pretty hard to troubleshoot. I just wanted to say a big THANX! to all you fantastic people on this list for all the assistance. Quick answers, and all of them insightful and relevant - my setup would not work today if it wasn't for the 'love-all help-all' attitude of the Linux community - I just hope I can help some people with their problems too! Cheers, ?rjan From orjan at whyevenbother.com Fri Mar 22 16:02:45 2002 From: orjan at whyevenbother.com (=?Windows-1252?Q?=D6rjan_Johansson?=) Date: Fri, 22 Mar 2002 23:02:45 +0100 Subject: [pptp-server] Ip address assignment Message-ID: Hi! I'm a little confused when it comes to the files pptpd.conf and /etc/ppp/chap-secrets. How do I design the chap-secrets file without explicitly assigning addresses for aech user entry? I want the server to use the pptpd.conf file's span of addresses and assign them as clients connect and authenticate. Help appreciated! TIA, Orjan From ctooley at amoa.org Fri Mar 22 16:08:23 2002 From: ctooley at amoa.org (Chris Tooley) Date: 22 Mar 2002 22:08:23 +0000 Subject: [pptp-server] Ip address assignment In-Reply-To: References: Message-ID: <1016834903.10707.21.camel@filecabinet.amoa.org> A star can be used as a wild card (meaning anything is accepted). For instance the example below will allow open authentication (meaning none performed) and anyone to connect to any of your span of addresses. Client Server Secret IP Address * * * * Chris Tooley On Fri, 2002-03-22 at 22:02, ?rjan Johansson wrote: > Hi! > > I'm a little confused when it comes to the files pptpd.conf and > /etc/ppp/chap-secrets. How do I design the chap-secrets file without > explicitly assigning addresses for aech user entry? I want the server to > use the pptpd.conf file's span of addresses and assign them as clients > connect and authenticate. > > Help appreciated! > > TIA, > Orjan > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From lists at colliniconsulting.it Sat Mar 23 00:55:08 2002 From: lists at colliniconsulting.it (Francesco) Date: Sat, 23 Mar 2002 07:55:08 +0100 Subject: [pptp-server] pptp client Message-ID: Hello, i have installed a poptop pptpd server and connection from windows clients it's all right. Now i am setting up a pptp client linux gateway in order to act as a vpn client router for a remote network. I have installed pppd with mppe patches and it is fine; i issue the pptp command to connect to the remote host but it doesn't work; the username and password, are to be put in /etc/chap.secrets or i can pass them in the command line? Thank you, bye! Francesco Collini From ctooley at amoa.org Sat Mar 23 07:10:29 2002 From: ctooley at amoa.org (Chris Tooley) Date: 23 Mar 2002 07:10:29 -0600 Subject: [pptp-server] pptp client In-Reply-To: References: Message-ID: <1016889029.31278.8.camel@christooley.cjb.net> At the moment you need to put the user and password in the chap-secrets on both the server and client. You can't pass the password on the command-line, I'm still working on that. You can however pass the user on the command line (and probably should). If you choose not to do that you need to use the hostname as your "Client" in the chap-secrets. Here is an example: For passing username at run time: Client Server Secret IP Address ctooley filecabinet superpass * For accepting default user: Client Server Secret IP Address incandescent * superpass * If you are on dhcp like me host based passwords can be a pain to managed on the server. To use a real username enter your command like so: pptp filecabinet user ctooley pptp user There is a pptpclient mailing list as well if that helps. Good luck. Chris Tooley On Sat, 2002-03-23 at 00:55, Francesco wrote: > Hello, > > i have installed a poptop pptpd server and connection from windows clients > it's all right. > > Now i am setting up a pptp client linux gateway in order to act as a vpn > client router for a remote network. > > I have installed pppd with mppe patches and it is fine; i issue the pptp > command to connect to the remote host but it doesn't work; the username and > password, are to be put in /etc/chap.secrets or i can pass them in the > command line? > > Thank you, bye! > > Francesco Collini > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From orjan at whyevenbother.com Sat Mar 23 09:04:11 2002 From: orjan at whyevenbother.com (=?Windows-1252?Q?=D6rjan_Johansson?=) Date: Sat, 23 Mar 2002 16:04:11 +0100 Subject: FW: [pptp-server] Frustration gone! Message-ID: Richard, -----Original Message----- From: nairnr at nairnconsult.hn.org Sent: Sat 2002-03-23 00:05 To: ?rjan Johansson Cc: Subject: Re: [pptp-server] Frustration gone! >Hi There, >I saw your success story... I am also in the RH7.2 boat kicking and >screaming. Could you perchance tell me what you did to get it running? >Thanks. I'm attaching a document explaining how I got everything working on my system. Hope it can help you out. Get back to me if anything is unclear and I'll try and help out. Cheers, ?rjan 22, 2002 at 10:58:18PM +0100, ?rjan Johansson wrote: > Hi all! > > Redhat 7.2, poptop server - Win client setup. > > After patching, re-compiling, testing, swearing, re-patching, crying, > kicking and screaming I've got everything working great. Since my > problem wasn't one, but several, it made it pretty hard to troubleshoot. > > I just wanted to say a big THANX! to all you fantastic people on this > list for all the assistance. Quick answers, and all of them insightful > and relevant - my setup would not work today if it wasn't for the > 'love-all help-all' attitude of the Linux community - I just hope I can > help some people with their problems too! > > Cheers, > ?rjan > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- ---end quoted text--- -- | Richard Nairn Specializing in Linux | Nairn Consulting Web / Database Solutions | Calgary, AB | nairnr at nairnconsult.hn.org -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: pptp-rh72-setup.txt URL: From vishal at merlin-is.net Sat Mar 23 07:07:44 2002 From: vishal at merlin-is.net (Vishal Bhangdia) Date: Sat, 23 Mar 2002 13:07:44 -0000 Subject: [pptp-server] Kernel-2.4.18-0.4 and PPTP Problem. Message-ID: <003a01c1d26b$b98f6280$0301015a@ust.net> Hi All, I install RedHat Linux 7.2 on my system and upgrade the kernel to Kernel-2.4.18-0.4. I applied the patch linux-2.4.16-openssl-0.9.6b-mppe.patch.gz to it. I compiled the kernel and Installed it. I also applied the patch to PPP for MPPE support and mschap-v2 support and installed it. The Problem is when I VPN to my server it reboot I looked in syslog I am unable to find any problem. I got other box running with kernel-2.4.15 and it work fine with same configuration. I want to know is there any bug in kernel-2.4.18. The resion I want to upgrade kernel as I want to install IPSEC and freeS/WAN reported kernel-2.4.15 has some bugs. Pl. Help me in solving my problem. Sorry for my English. Thanks --- Vishal Bhangdia Here is the syslog Mar 22 15:29:05 fire pptpd[1067]: CTRL: Client X.X.X.X control connection started Mar 22 15:29:05 fire pptpd[1067]: CTRL: Starting call (launching pppd, opening GRE) Mar 22 15:29:05 fire pppd[1068]: pppd 2.4.1 started by root, uid 0 Mar 22 15:29:05 fire pppd[1068]: Using interface ppp0 Mar 22 15:29:05 fire pppd[1068]: Connect: ppp0 <--> /dev/pts/1 Mar 22 15:29:05 fire pptpd[1067]: Buffering out-of-order packet; got 1 after 4294967295 Mar 22 15:29:05 fire pptpd[1067]: Packet reorder timeout waiting for 0 Mar 22 15:29:05 fire pptpd[1067]: Buffering out-of-order packet; got 2 after 0 Mar 22 15:32:28 fire syslogd 1.4.1: restart. I turn on Debug in /etc/ppp/option. Here is the debug Mar 22 15:29:05 fire pppd[1068]: pppd 2.4.1 started by root, uid 0 Mar 22 15:29:05 fire pppd[1068]: using channel 1 Mar 22 15:29:05 fire pppd[1068]: Using interface ppp0 Mar 22 15:29:05 fire pppd[1068]: Connect: ppp0 <--> /dev/pts/1 Mar 22 15:29:05 fire pppd[1068]: sent [LCP ConfReq id=0x1 ] Mar 22 15:29:05 fire pppd[1068]: rcvd [LCP ConfReq id=0x1 ] Mar 22 15:29:05 fire pppd[1068]: sent [LCP ConfAck id=0x1 ] Mar 22 15:29:05 fire pppd[1068]: rcvd [LCP ConfAck id=0x1 ] Mar 22 15:29:05 fire pppd[1068]: cbcp_lowerup Mar 22 15:29:05 fire pppd[1068]: want: 2 Mar 22 15:29:05 fire pppd[1068]: sent [CHAP Challenge id=0x1 , name = "fire.XXXXX.com"] Mar 22 15:29:05 fire pppd[1068]: rcvd [CHAP Response id=0x1 <1e9fe6a317042db9c66b6482c53784fa00000000000000004d6d8b86e259daf50932e9584dede41c85e7ef090376959204>, name = "DOMAIN01\\test"] Mar 22 15:29:05 fire pppd[1068]: sent [CHAP Success id=0x1 "S=491CA83502A9043505FB731E52CBAB5EED080D14"] Mar 22 15:29:05 fire pppd[1068]: sent [IPCP ConfReq id=0x1 ] Here is my /etc/ppp/options lock debug 6 -chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ms-wins 10.1.1.1 ms-wins 10.1.1.2 ms-dns 10.1.1.1 Here is my /etc/pptpd.conf option /etc/ppp/options.pptp debug localip 10.1.254.254 remoteip 10.1.3.1-50 -------------- next part -------------- An HTML attachment was scrubbed... URL: From thorvald at natvig.com Sun Mar 24 08:48:59 2002 From: thorvald at natvig.com (Thorvald Natvig) Date: Sun, 24 Mar 2002 15:48:59 +0100 Subject: [pptp-server] Kernel oops with 2.4.18 + mppe -- patch included Message-ID: <000a01c1d343$0ba07820$04722780@surfer> Hi, I recently upgraded from 2.2.19 to 2.4.18 for our main VPN server. I downloaded the stock 2.4.18 kernel and applied the mppe-openssl patch for 2.4.16 I found on http://mirror.binarix.com Unfortunately, this combination has a crash bug. The remote end client will occationally send packets that are larger than the MRU. The mppe decompressor doesn't check the size of it's output buffer... This results in it both overwriting a few buffers and returning a decompressed length longer than 'osize', which makes the skb_put call in ppp_generic:decompress_frame produce an kernel oops. I haven't had time to properly investigate the problem, but I noticed that 2.2.19 allocates a few bytes extra for it's decompression buffer, so I just copied that trick and added a quick and dirty osize check to the mppe module. If someone else has already fixed this and made a more proper patch, please let me know ;) Patch: --- drivers/net/ppp_generic.c.prefix Sun Mar 24 15:31:44 2002 +++ drivers/net/ppp_generic.c Sun Mar 24 14:57:12 2002 @@ -1519,14 +1519,14 @@ int len; if (proto == PPP_COMP) { - ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN); + ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN + 256); if (ns == 0) { printk(KERN_ERR "ppp_decompress_frame: no memory\n"); goto err; } /* the decompressor still expects the A/C bytes in the hdr */ len = ppp->rcomp->decompress(ppp->rc_state, skb->data - 2, - skb->len + 2, ns->data, ppp->mru + PPP_HDRLEN); + skb->len + 2, ns->data, ppp->mru + PPP_HDRLEN + 256); if (len < 0) { /* Pass the compressed frame to pppd as an error indication. */ --- drivers/net/ppp_mppe.c.prefix Sun Mar 24 14:54:51 2002 +++ drivers/net/ppp_mppe.c Sun Mar 24 14:56:25 2002 @@ -530,6 +530,15 @@ return DECOMP_ERROR; } + if (osize < isize - MPPE_OVHD) { + if (state->debug) { + printk(KERN_DEBUG "mppe_decompress%d: long packet (len=%d)\n", + state->unit, isize); + } + + return DECOMP_ERROR; + } + /* Check the sequence number. */ seq = MPPE_CCOUNT_FROM_PACKET(ibuf); From anesthes at cisdi.com Sun Mar 24 15:49:20 2002 From: anesthes at cisdi.com (Joey Coco) Date: Sun, 24 Mar 2002 16:49:20 -0500 (EST) Subject: [pptp-server] Kernel oops with 2.4.18 + mppe -- patch included In-Reply-To: <000a01c1d343$0ba07820$04722780@surfer> Message-ID: Hi, Odd. My distro has standardized on 2.4.17 for a while now and not had this problem. Perhaps its unique to 2.4.18. -- Joe On Sun, 24 Mar 2002, Thorvald Natvig wrote: > Hi, > > I recently upgraded from 2.2.19 to 2.4.18 for our main VPN server. I > downloaded the stock 2.4.18 kernel and applied the mppe-openssl patch > for 2.4.16 I found on http://mirror.binarix.com > > Unfortunately, this combination has a crash bug. The remote end client > will occationally send packets that are larger than the MRU. The mppe > decompressor doesn't check the size of it's output buffer... This > results in it both overwriting a few buffers and returning a > decompressed length longer than 'osize', which makes the skb_put call in > ppp_generic:decompress_frame produce an kernel oops. > > I haven't had time to properly investigate the problem, but I noticed > that 2.2.19 allocates a few bytes extra for it's decompression buffer, > so I just copied that trick and added a quick and dirty osize check to > the mppe module. > > If someone else has already fixed this and made a more proper patch, > please let me know ;) > > Patch: > > --- drivers/net/ppp_generic.c.prefix Sun Mar 24 15:31:44 2002 > +++ drivers/net/ppp_generic.c Sun Mar 24 14:57:12 2002 > @@ -1519,14 +1519,14 @@ > int len; > > if (proto == PPP_COMP) { > - ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN); > + ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN + 256); > if (ns == 0) { > printk(KERN_ERR "ppp_decompress_frame: no > memory\n"); > goto err; > } > /* the decompressor still expects the A/C bytes in the > hdr */ > len = ppp->rcomp->decompress(ppp->rc_state, skb->data - > 2, > - skb->len + 2, ns->data, ppp->mru + > PPP_HDRLEN); > + skb->len + 2, ns->data, ppp->mru + > PPP_HDRLEN + 256); > if (len < 0) { > /* Pass the compressed frame to pppd as an > error indication. */ > --- drivers/net/ppp_mppe.c.prefix Sun Mar 24 14:54:51 2002 > +++ drivers/net/ppp_mppe.c Sun Mar 24 14:56:25 2002 > @@ -530,6 +530,15 @@ > return DECOMP_ERROR; > } > > + if (osize < isize - MPPE_OVHD) { > + if (state->debug) { > + printk(KERN_DEBUG "mppe_decompress%d: long packet > (len=%d)\n", > + state->unit, isize); > + } > + > + return DECOMP_ERROR; > + } > + > /* Check the sequence number. */ > seq = MPPE_CCOUNT_FROM_PACKET(ibuf); > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From thorvald at natvig.com Sun Mar 24 16:38:09 2002 From: thorvald at natvig.com (Thorvald Natvig) Date: Sun, 24 Mar 2002 23:38:09 +0100 Subject: [pptp-server] Kernel oops with 2.4.18 + mppe -- patch included In-Reply-To: Message-ID: <000f01c1d384$95ed3860$04722780@surfer> Mar 23rd [pptp-server] Kernel-2.4.18-0.4 and PPTP Problem. Mar 14th [pptp-server] Kernel panic with 2.4.17-2.4.19pre2 + Win98 client So it seems I'm not the only one with the problem. In the Mar 14th post, Nate Carlson has tracked the problem down to Win98 and 98SE clients, so it may well be that if you only connect with the "newer" microsoft OSes this won't be a problem. With the patch, the problem goes away, and I've now successfully transferred multiple GB to and from most of the MS OSes. .. On a sidenote, I have also ported and finetuned the pppd.authexec patch for 2.4.1 if anyone is interrested. On our setup here, we use that together with prehashed passwords to have a large and somewhat secure userdatabase... More secure than plaintext passowords anyway ;) > Odd. My distro has standardized on 2.4.17 for a while now and > not had this problem. Perhaps its unique to 2.4.18. From anesthes at cisdi.com Sun Mar 24 17:30:57 2002 From: anesthes at cisdi.com (Joey Coco) Date: Sun, 24 Mar 2002 18:30:57 -0500 (EST) Subject: [pptp-server] Kernel oops with 2.4.18 + mppe -- patch included In-Reply-To: <000f01c1d384$95ed3860$04722780@surfer> Message-ID: Interesting. I'll do some testing in the AM. None of our customers have complained since we stabalized on 2.4.17 back in October. Mind you this is over 1,000 commercial instalations alone. -- Joe On Sun, 24 Mar 2002, Thorvald Natvig wrote: > Mar 23rd [pptp-server] Kernel-2.4.18-0.4 and PPTP Problem. > Mar 14th [pptp-server] Kernel panic with 2.4.17-2.4.19pre2 + Win98 > client > > So it seems I'm not the only one with the problem. In the Mar 14th post, > Nate Carlson has tracked the problem down to Win98 and 98SE clients, so > it may well be that if you only connect with the "newer" microsoft OSes > this won't be a problem. > > With the patch, the problem goes away, and I've now successfully > transferred multiple GB to and from most of the MS OSes. > > .. On a sidenote, I have also ported and finetuned the pppd.authexec > patch for 2.4.1 if anyone is interrested. On our setup here, we use that > together with prehashed passwords to have a large and somewhat secure > userdatabase... More secure than plaintext passowords anyway ;) > > > Odd. My distro has standardized on 2.4.17 for a while now and > > not had this problem. Perhaps its unique to 2.4.18. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From r.devroede at linvision.com Mon Mar 25 03:04:13 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 25 Mar 2002 10:04:13 +0100 Subject: [pptp-server] IP Masq and IP Tables In-Reply-To: <002801c1d1d9$0387e2b0$0345a8c0@bbyrd> References: <002801c1d1d9$0387e2b0$0345a8c0@bbyrd> Message-ID: <1017047053.1750.67.camel@richard> For interface just put "-i ppp+" in your rc.firewall. This is a reference to all ppp connections on the server. Regards, Richard On Fri, 2002-03-22 at 20:37, Bo Byrd wrote: > OK I got mschapv2 and mppe128 working...now im trying to get IP Masq set > up so all the pptp clients can access the internet. The problem is that > users get connected to the poptop server as ppp0, ppp1, ppp2, etc and > the rc.firewall script needs EXTIF="eth0" and INTIF"=eth1" or vice versa > and I want to use the ppp interfaces.....has anyone else been able to > masq the clients connecting to the vpn server??? Heres how I want my > setup to work... -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From r.devroede at linvision.com Mon Mar 25 03:12:01 2002 From: r.devroede at linvision.com (R. de Vroede) Date: 25 Mar 2002 10:12:01 +0100 Subject: FW: [pptp-server] Frustration gone! In-Reply-To: References: Message-ID: <1017047521.2767.71.camel@richard> > http://mirror.binarix.com/ppp-me/ This should be mirror.binarix.com/ppp-mppe/, but anyways, it's no longer maintained due to bandwidth reasons. Go to http://planetmirror.com/ppp-mppe or home of the RPM's for RedHat: http://devel.linvision.com/ Regards, Richard -- Richard de Vroede (r.devroede at linvision.com) ------------------------------------------------ Linvision BV Provides Linux Solutions Elektronicaweg 16D 2628 XG Delft T: +31157502310 info at linvision.com F: +31157502319 http://devel.linvision.com ------------------------------------------------ From fcusack at fcusack.com Mon Mar 25 08:34:27 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Mon, 25 Mar 2002 06:34:27 -0800 Subject: [pptp-server] some useful pptp-1.1.2 patches Message-ID: <20020325063426.I23937@google.com> I guess pptpd isn't maintained these days, so this seems as good a place as any to send some patches. Hopefully they make it into the sources. 1: log tcp_wrappers denies. This should be considered security critical. 2: properly daemonize (close stdin/stdout/stderr). This is important! 3: don't log those silly GRE read/write problems when it's normal. I can't believe all you folks can tolerate this! :-) 4: an init script for redhat. If someone wants to host rpm's I can send them. I'm not able to send rpm's around to everyone though, just apply the patches please. Patch 3 isn't done very well, I just brute forced it. I would suggest to the pptpd maintainer that you define error macros instead. /fc -------------- next part -------------- Common subdirectories: pptpd-1.1.2.orig/html and pptpd-1.1.2/html diff -u pptpd-1.1.2.orig/pptpmanager.c pptpd-1.1.2/pptpmanager.c --- pptpd-1.1.2.orig/pptpmanager.c Fri Dec 17 08:30:14 1999 +++ pptpd-1.1.2/pptpmanager.c Sun Mar 24 05:51:16 2002 @@ -178,29 +178,11 @@ addrsize = sizeof(client_addr); clientSocket = accept(hostSocket, (struct sockaddr *) &client_addr, &addrsize); -#if HAVE_LIBWRAP - if (clientSocket != -1) { - struct request_info r; - request_init(&r, RQ_DAEMON, "pptpd", RQ_FILE, clientSocket, NULL); - fromhost(&r); - if (!hosts_access(&r)) { - /* send a permission denied message? this is a tcp wrapper - * type deny so probably best to just drop it immediately like - * this, as tcp wrappers usually do. - */ - close(clientSocket); - /* this would never be file descriptor 0, so use it as a error - * value - */ - clientSocket = 0; - } - } -#endif if (clientSocket == -1) { /* accept failed, but life goes on... */ syslog(LOG_ERR, "MGR: accept() failed"); perror("accept"); - } else if (clientSocket != 0) { + } else { #ifndef HAVE_FORK switch (ctrl_pid = vfork()) { @@ -214,6 +196,24 @@ case 0: /* child */ close(hostSocket); +#if HAVE_LIBWRAP + { + struct request_info r; + request_init(&r, RQ_DAEMON, "pptpd", RQ_FILE, clientSocket, NULL); + fromhost(&r); + if (!hosts_access(&r)) { + /* send a permission denied message? this is a tcp wrapper + * type deny so probably best to just drop it immediately like + * this, as tcp wrappers usually do. + */ + close(clientSocket); + if (pptp_debug) + syslog(LOG_DEBUG, "MGR: connection refused by tcp_wrappers"); + refuse(&r); + /* NOTREACHED */ + } + } +#endif if (pptp_debug) syslog(LOG_DEBUG, "MGR: Launching " PPTP_CTRL_BIN " to handle client"); #if !defined(PPPD_IP_ALLOC) Common subdirectories: pptpd-1.1.2.orig/samples and pptpd-1.1.2/samples -------------- next part -------------- Common subdirectories: pptpd-1.1.2.orig/html and pptpd-1.1.2/html diff -u pptpd-1.1.2.orig/pptpd.c pptpd-1.1.2/pptpd.c --- pptpd-1.1.2.orig/pptpd.c Fri Dec 17 10:57:30 1999 +++ pptpd-1.1.2/pptpd.c Sun Mar 24 06:02:38 2002 @@ -290,9 +290,7 @@ if (!foreground) { #if HAVE_DAEMON closelog(); - freopen("/dev/null", "r", stdin); - /* set noclose, we want stdout/stderr still attached if we can */ - daemon(0, 1); + daemon(0, 0); /* returns to child only */ /* pid will have changed */ openlog("pptpd", LOG_PID, LOG_PPTP); @@ -339,10 +337,10 @@ char **new_argv; int pid; syslog(LOG_INFO, "MGR: Option parse OK, re-execing as daemon"); - fprintf(stderr, "pptpd: option parse OK, re-execing as daemon\n"); - fflush(stderr); if ((pid = vfork()) == 0) { freopen("/dev/null", "r", stdin); + freopen("/dev/null", "w", stdout); + freopen("/dev/null", "w", stderr); SETSIDPGRP(); chdir("/"); umask(0); @@ -369,6 +367,8 @@ } else if (pid) exit(0); freopen("/dev/null", "r", stdin); + freopen("/dev/null", "w", stdout); + freopen("/dev/null", "w", stderr); SETSIDPGRP(); chdir("/"); umask(0); Only in pptpd-1.1.2.orig: pptpmanager.c.libwrap Common subdirectories: pptpd-1.1.2.orig/samples and pptpd-1.1.2/samples -------------- next part -------------- diff -ur pptpd-1.1.2.orig/pptpctrl.c pptpd-1.1.2/pptpctrl.c --- pptpd-1.1.2.orig/pptpctrl.c Mon Oct 2 14:30:52 2000 +++ pptpd-1.1.2/pptpctrl.c Mon Mar 25 05:30:11 2002 @@ -300,17 +300,21 @@ /* send from pty off via GRE */ if (gre) { - if (do_gre_to_pty (gre) < 0) { - syslog(LOG_ERR, - "CTRL: PTY read or GRE write failed (pty,gre)=(%d,%d)", - gre->pty_fd, gre->gre_fd); + int r; + + if ((r = do_gre_to_pty (gre)) < 0) { + if (r != -2) + syslog(LOG_ERR, + "CTRL: PTY read or GRE write failed (pty,gre)=(%d,%d)", + gre->pty_fd, gre->gre_fd); break; } - if (do_pty_to_gre (gre) < 0) { - syslog(LOG_ERR, - "CTRL: GRE read or PTY write failed (gre,pty)=(%d,%d)", - gre->gre_fd, gre->pty_fd); + if ((r = do_pty_to_gre (gre)) < 0) { + if (r != -2) + syslog(LOG_ERR, + "CTRL: GRE read or PTY write failed (gre,pty)=(%d,%d)", + gre->gre_fd, gre->pty_fd); break; } } diff -ur pptpd-1.1.2.orig/pptpgre.c pptpd-1.1.2/pptpgre.c --- pptpd-1.1.2.orig/pptpgre.c Mon Oct 2 14:30:52 2000 +++ pptpd-1.1.2/pptpgre.c Mon Mar 25 05:34:00 2002 @@ -392,9 +392,12 @@ return 0; } - syslog (LOG_ERR, - "Error writing GRE packet: %s", strerror (errno)); - return -1; + if (errno != EBADF) { + syslog (LOG_ERR, "Error writing GRE packet: %s", strerror (errno)); + return -1; + } else + /* closed, normal */ + return -2; } int @@ -414,6 +417,9 @@ maybe_make_ack (gre); switch (write_gre (gre)) { + case -2: + return -2; + case -1: return -1; @@ -458,8 +464,12 @@ return 0; } - syslog (LOG_ERR, "GRE: read error: %s", strerror (errno)); - return -1; + if (errno != EBADF) { + syslog (LOG_ERR, "GRE: read error: %s", strerror (errno)); + return -1; + } else + /* closed, normal */ + return -2; } else if (status == 0) { @@ -806,6 +816,9 @@ read_packet = 0; switch (read_gre (gre)) { + case -2: + return -2; + case -1: return -1; -------------- next part -------------- #!/bin/sh # # chkconfig: 345 88 10 # description: Start/Stop pptpd # # Source function library. . /etc/rc.d/init.d/functions PPTPD=/usr/sbin/pptpd LOCKF=/var/lock/subsys/radiusd CONFIG=/etc/pptpd.conf [ -f $PPTPD ] || exit 0 [ -f $CONFIG ] || exit 0 RETVAL=0 case "$1" in start) echo -n "Starting pptpd: " daemon $PPTPD RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $LOCKF ;; stop) echo -n "Stopping pptpd: " killproc $PPTPD RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $LOCKF ;; restart) $0 stop sleep 3 $0 start RETVAL=$? ;; condrestart) if [ -f $LOCKF ]; then $0 stop sleep 3 $0 start RETVAL=$? fi ;; *) echo $"Usage: $0 {start|stop|restart|condrestart}" exit 1 esac exit $RETVAL From luismi at adpsoft.com Mon Mar 25 08:52:10 2002 From: luismi at adpsoft.com (LuisMi) Date: Mon, 25 Mar 2002 15:52:10 +0100 (CET) Subject: [pptp-server] some useful pptp-1.1.2 patches In-Reply-To: <20020325063426.I23937@google.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 25 Mar 2002, Frank Cusack wrote: > I guess pptpd isn't maintained these days, so this seems as good a place > as any to send some patches. Hopefully they make it into the sources. > > 1: log tcp_wrappers denies. This should be considered security critical. Another way is to use logger command from /etc/hosts.deny, remember 'spawn' option for tcp wrappers :-) Example.. # cat /etc/hosts.deny pptpd: .microsoft.com : spawn (/usr/bin/logger blablabla...) Try 'logger' command > 2: properly daemonize (close stdin/stdout/stderr). This is important! > 3: don't log those silly GRE read/write problems when it's normal. I > can't believe all you folks can tolerate this! :-) > 4: an init script for redhat. Yeah, an init script!!! :-) LuisMi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyfOZ4ACgkQvQHLTzrFJld3CQCeP0/ohlTaCITSJqaZxj+i22Sy hP0An0ctUFxz2A9dbW3ZsGv28N26pENO =dlz7 -----END PGP SIGNATURE----- From cfast at alliedbuilding.com Mon Mar 25 11:34:22 2002 From: cfast at alliedbuilding.com (Clint Fast) Date: Mon, 25 Mar 2002 12:34:22 -0500 Subject: [pptp-server] Wireless Palm Pilot and PPTP?? Message-ID: <3C9F5F9D.9FE80E3C@alliedbuilding.com> Has anyone seen/used a wireless palm pilot (like the i705, etc.) software that can run PPTP?? I've seen movianVPN software that allows an IPSec connection from a Palm, but not PPTP. Any help? Sorry if this is too off-topic, but someone here might know. Thanks, --Clint Fast cfast at alliedbuilding.com From j.ward at docwardo.net Mon Mar 25 21:59:39 2002 From: j.ward at docwardo.net (Joe Ward) Date: Mon, 25 Mar 2002 22:59:39 -0500 Subject: [pptp-server] mandrake 8.2 and pptpd In-Reply-To: <3C9F5F9D.9FE80E3C@alliedbuilding.com> Message-ID: I just had to replace my router/server with a new box. after much frustration I also dumped redhat in favor of mandrake 8.2 only thing left for me to do is to install pptpd so I can vpn back to my home network while I'm on the road. anyone do this yet with mandrake 8.2? I'm going to look though howto on http://home.swbell.net/berzerke/ but since this is the first time I'll do this for a 2.4 kernel and since mandrake 8.2 is new release I just wanted to find out if anyone out there has done this yet? if noone has any pointers and pitfalls to avoid? I remeber when I patched my redhat 6.2 system I had a heck of a time getting ppp patched. -Joe Ward From barjunk at attglobal.net Mon Mar 25 21:55:16 2002 From: barjunk at attglobal.net (Barsalou) Date: Mon, 25 Mar 2002 21:55:16 -9:00 Subject: [pptp-server] speed issues Message-ID: <3C9F9CC4.30742.2FAF325@localhost> We did a test and I am wondering if others are experiencing the same. When downloading a file (size doesn't seem to matter it takes about 6 times as long using the VPN link as doing same via http or ftp. What are some things that I can do to possibly speed things up? That seems like way more overhead than there should be. I have played with the MTU's and stuff with out much effect. I do get a lot of out of order packets. Wouldn't that affect http and ftp the same though? Mike From fcusack at fcusack.com Tue Mar 26 03:57:06 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Tue, 26 Mar 2002 01:57:06 -0800 Subject: [pptp-server] speed issues In-Reply-To: <3C9F9CC4.30742.2FAF325@localhost>; from barjunk@attglobal.net on Mon, Mar 25, 2002 at 09:55:16PM +0000 References: <3C9F9CC4.30742.2FAF325@localhost> Message-ID: <20020326015705.C21411@google.com> On Mon, Mar 25, 2002 at 09:55:16PM +0000, Barsalou wrote: > > We did a test and I am wondering if others are experiencing the > same. When downloading a file (size doesn't seem to matter it > takes about 6 times as long using the VPN link as doing same via > http or ftp. How are you downloading over the VPN link? What version of pptpd? What link speeds are we talking about here? > What are some things that I can do to possibly speed things up? > That seems like way more overhead than there should be. I have > played with the MTU's and stuff with out much effect. > > I do get a lot of out of order packets. That's to be expected. > Wouldn't that affect http and ftp the same though? No. And it shouldn't affect pptp; the server *should* queue out of order packets. However if your IP stack does TCP-SACK then it could make a big difference. I have to guess it is unlikely this is a factor. If pptpd's windowing is simplistic or naive (I understand it to be at least one of these) you will likely have problems with performance. Looking through list archives, Patric Sandberg seems to be the man that would know about these things, if he's still hanging around. /fc From fcusack at fcusack.com Tue Mar 26 04:28:29 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Tue, 26 Mar 2002 02:28:29 -0800 Subject: [pptp-server] speed issues In-Reply-To: <3C9F9CC4.30742.2FAF325@localhost>; from barjunk@attglobal.net on Mon, Mar 25, 2002 at 09:55:16PM +0000 References: <3C9F9CC4.30742.2FAF325@localhost> Message-ID: <20020326022829.A21436@google.com> Also, what MTU/MRU are you using? Try setting it to 1500-16-4=1480. This is to account for GRE overhead (16) and MPPE overhead (4 -- which the MPPE patches you are using (assuming you're doing MPPE) don't account for). GRE unfortunately has no way to do pmtu discovery so you need to manually tweak the MTU/MRU to avoid fragmentation. You can't completely avoid it since you can't to pmtu, but I think it's reasonable to assume a 1500 mtu. /fc From jordy at napster.com Tue Mar 26 05:25:06 2002 From: jordy at napster.com (Jordan Mendelson) Date: Tue, 26 Mar 2002 03:25:06 -0800 Subject: [pptp-server] Bug in PPPD CCP Negotiation/change_key bug Message-ID: (I'm not on this mailing list, so please reply to me directly) Hello all, After three hours of attempting to get a MacOS X version of PPTP to work (based on FreeBSD's userspace ppp which is terribly difficult to find the source for without a FBSD machine), I finally figured out what was wrong. In FreeBSD's MPPE implementation both the input and output sides have two different states with different coherency counts and separate options including stateless/stateful. Unfortunately, it appears that the Linux PPPD daemon will happily negotiate stateful MPPE outbound and stateless MPPE inbound (may have that reversed.) This obviously causes a problem because when trying to communicate with the FreeBSD ppp daemon as it changes it's key for only one side of the connection every packet whereas the Linux end flips both keys. I finally was able to the world from my MacOS X machine using 128 bit encryption and MSCHAPv2 through my Linux box when I changed ppd's ccp_reqci() function to always NAK packets with p[2] (stateless specification) set to 0. I'd submit a patch however, this is not the correct way to fix this problem. As I'm unfamiliar with the official PPTP spec (and PPP in general), I do not know whether FreeBSD's ppp daemon is doing it the correct way. It is certainly wasting more CPU than the Linux ppp daemon (since it has two sets of state, it seems to flip both sets of keys independently), but if the spec says they can be negotiated separately.. well I'm not sure what to do. It will be necessary to fix this if anyone wants to connect a FreeBSD, MacOS X or NetBSD machine to a Linux box. I'm not sure what other platforms this might affect... But if it's part of the spec, there is a good chance that other vendors might do the exact same thing. Again, please tack my address onto the CC list as I'm not on this list. I'm going to sleep now. Jordan From fcusack at fcusack.com Tue Mar 26 16:18:21 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Tue, 26 Mar 2002 14:18:21 -0800 Subject: [pptp-server] Bug in PPPD CCP Negotiation/change_key bug In-Reply-To: ; from jordy@napster.com on Tue, Mar 26, 2002 at 03:25:06AM -0800 References: Message-ID: <20020326141821.E22417@google.com> On Tue, Mar 26, 2002 at 03:25:06AM -0800, Jordan Mendelson wrote: > After three hours of attempting to get a MacOS X version of PPTP to work > (based on FreeBSD's userspace ppp which is terribly difficult to find the > source for without a FBSD machine), I finally figured out what was wrong. > > In FreeBSD's MPPE implementation both the input and output sides have two > different states with different coherency counts and separate options > including stateless/stateful. > > Unfortunately, it appears that the Linux PPPD daemon will happily negotiate > stateful MPPE outbound and stateless MPPE inbound (may have that reversed.) > This obviously causes a problem because when trying to communicate with the > FreeBSD ppp daemon as it changes it's key for only one side of the > connection every packet whereas the Linux end flips both keys. Linux bug -- should be fixed shortly. > I finally was able to the world from my MacOS X machine using 128 bit > encryption and MSCHAPv2 through my Linux box when I changed ppd's > ccp_reqci() function to always NAK packets with p[2] (stateless > specification) set to 0. > > I'd submit a patch however, this is not the correct way to fix this problem. > As I'm unfamiliar with the official PPTP spec (and PPP in general), I do not > know whether FreeBSD's ppp daemon is doing it the correct way. It is FreeBSD is correct. CCP is unidirectional. Your patch is incorrect in either case as simply denying stateful mode is not a good solution. > certainly wasting more CPU than the Linux ppp daemon (since it has two sets > of state, it seems to flip both sets of keys independently), but if the spec > says they can be negotiated separately.. well I'm not sure what to do. > > It will be necessary to fix this if anyone wants to connect a FreeBSD, MacOS > X or NetBSD machine to a Linux box. I'm not sure what other platforms this > might affect... But if it's part of the spec, there is a good chance that > other vendors might do the exact same thing. > > Again, please tack my address onto the CC list as I'm not on this list. I'm > going to sleep now. /fc From byrdr at corp.earthlink.net Wed Mar 27 08:48:01 2002 From: byrdr at corp.earthlink.net (Bo Byrd) Date: Wed, 27 Mar 2002 09:48:01 -0500 Subject: [pptp-server] FreeBSD and MS-CHAPv2/MPPE-128 In-Reply-To: <3C9F9CC4.30742.2FAF325@localhost> Message-ID: <003701c1d59e$64a5a190$0345a8c0@bbyrd> Do all the patches to make MS-CHAPv2 and MPPE-128 work with Poptop also apply to the FreeBSD version of poptop? All the instructions ive seen are for a linux based version of poptop. Thanks, Bo Byrd -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Barsalou Sent: Tuesday, March 26, 2002 1:55 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] speed issues We did a test and I am wondering if others are experiencing the same. When downloading a file (size doesn't seem to matter it takes about 6 times as long using the VPN link as doing same via http or ftp. What are some things that I can do to possibly speed things up? That seems like way more overhead than there should be. I have played with the MTU's and stuff with out much effect. I do get a lot of out of order packets. Wouldn't that affect http and ftp the same though? Mike _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From jward at cem.msu.edu Wed Mar 27 10:33:24 2002 From: jward at cem.msu.edu (Joe Ward) Date: Wed, 27 Mar 2002 11:33:24 -0500 Subject: [pptp-server] ppp_mppe not loading mandrake 8.2 In-Reply-To: <20020326141821.E22417@google.com> Message-ID: okay thanks to richard I have finally got mandrake 8.2 to patch and compile. I dindt' have any errors in the compile or making and installing the modules. using 2.4.18-6mdk kernel from mandrake. also using the pppd and pptpd sources and the patches which were downloaded from: http://www.advancevpn.com/en/download_other.html I have a huge problem though ppp_mppe is NOT loading!!!!!! I know the module is in the proper location (using modprobe -l |grep ppp) I have even gone so far as to us insmod to load it (I get a warning about tainting the kernel, but that's it). but still no encrption. I can get my win2k client to connect if I turn off encryption but I get a 741 error if I have encription on. I cannot find any errors relating to ppp in the boot.log nore do I see anything that tells me I have a miscompiled module. below are the file snipets that may or may not help. -Joe Ward here is a session from my messages log: Mar 27 11:28:30 cobalt pptpd[2796]: CTRL: Client 35.10.50.119 control connection started Mar 27 11:28:30 cobalt pptpd[2796]: CTRL: Starting call (launching pppd, opening GRE) Mar 27 11:28:30 cobalt pppd[2797]: pppd 2.4.1 started by root, uid 0 Mar 27 11:28:30 cobalt pppd[2797]: Using interface ppp0 Mar 27 11:28:30 cobalt pppd[2797]: Connect: ppp0 <--> /dev/pts/2 Mar 27 11:28:30 cobalt /etc/hotplug/net.agent: assuming ppp0 is already up Mar 27 11:28:30 cobalt pptpd[2796]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 27 11:28:30 cobalt pppd[2797]: LCP terminated by peer (^Pl%G^@ Message-ID: Sorry guys, sometimes I honestly think my brain is kept in a bucket next to my desk. I was playing around with this all day and finally decided I really needed a file from the network this box is a gateway to so I ran pptpd without encryption. then I found I had proxy-arp problems. It all boils down to the fact I forgot to define the options file in the pptpd.conf file. it all works fine now. thanks for those who helped. it's nice to have my VPN back up and running. now I just have to edit out those silly out of order packet error messages again. -Joe -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Joe Ward Sent: Wednesday, March 27, 2002 11:33 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] ppp_mppe not loading mandrake 8.2 okay thanks to richard I have finally got mandrake 8.2 to patch and compile. I dindt' have any errors in the compile or making and installing the modules. using 2.4.18-6mdk kernel from mandrake. also using the pppd and pptpd sources and the patches which were downloaded from: http://www.advancevpn.com/en/download_other.html I have a huge problem though ppp_mppe is NOT loading!!!!!! I know the module is in the proper location (using modprobe -l |grep ppp) I have even gone so far as to us insmod to load it (I get a warning about tainting the kernel, but that's it). but still no encrption. I can get my win2k client to connect if I turn off encryption but I get a 741 error if I have encription on. I cannot find any errors relating to ppp in the boot.log nore do I see anything that tells me I have a miscompiled module. below are the file snipets that may or may not help. -Joe Ward here is a session from my messages log: Mar 27 11:28:30 cobalt pptpd[2796]: CTRL: Client 35.10.50.119 control connection started Mar 27 11:28:30 cobalt pptpd[2796]: CTRL: Starting call (launching pppd, opening GRE) Mar 27 11:28:30 cobalt pppd[2797]: pppd 2.4.1 started by root, uid 0 Mar 27 11:28:30 cobalt pppd[2797]: Using interface ppp0 Mar 27 11:28:30 cobalt pppd[2797]: Connect: ppp0 <--> /dev/pts/2 Mar 27 11:28:30 cobalt /etc/hotplug/net.agent: assuming ppp0 is already up Mar 27 11:28:30 cobalt pptpd[2796]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 27 11:28:30 cobalt pppd[2797]: LCP terminated by peer (^Pl%G^@; from byrdr@corp.earthlink.net on Wed, Mar 27, 2002 at 09:48:01AM -0500 References: <3C9F9CC4.30742.2FAF325@localhost> <003701c1d59e$64a5a190$0345a8c0@bbyrd> Message-ID: <20020327144738.G30887@google.com> On Wed, Mar 27, 2002 at 09:48:01AM -0500, Bo Byrd wrote: > Do all the patches to make MS-CHAPv2 and MPPE-128 work with Poptop also > apply to the FreeBSD version of poptop? All the instructions ive seen > are for a linux based version of poptop. The patches for ms-chapv2 and mppe-128 are to pppd, not to pptpd (poptop). FreeBSD already has this support in the userland ppp. I don't believe the kernel pppd supports it. I am not familiar enough with it to know why you might not want to use the userland ppp. /fc From fcusack at fcusack.com Fri Mar 29 03:15:23 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Fri, 29 Mar 2002 01:15:23 -0800 Subject: [pptp-server] speed issues In-Reply-To: <3C9F9CC4.30742.2FAF325@localhost>; from barjunk@attglobal.net on Mon, Mar 25, 2002 at 09:55:16PM +0000 References: <3C9F9CC4.30742.2FAF325@localhost> Message-ID: <20020329011522.A3375@google.com> Mike, I'm wondering if you've had any luck improving pptpd performance, and what tweaks you've made. thanks /fc From bo at bbyrd.net Fri Mar 29 09:02:06 2002 From: bo at bbyrd.net (Bo Byrd) Date: Fri, 29 Mar 2002 10:02:06 -0500 Subject: [pptp-server] FreeBSD4.5 In-Reply-To: <20020329011522.A3375@google.com> Message-ID: <000b01c1d732$b4459440$e3b445cf@bbyrd> With FreeBSD4.5 everything worked piece of cake....the 4.5 ppp already includes support for MPPE-128 and mschapv2 (its called chap81 though)..it was so easy too I got all my info from http://heyer.supranet.net/pptp/ so that's where the credit should go. With FreeBSD4.5 you don't have to do anything with the mpd or pppopie like the webpage says...all yougotta do after installing poptop is make your config files. The only thing is you'll have to learn how FreeBSD ppp works...it wasn't all that hard. The thing to know is that when you install it the way im saying then poptop will call the "pptp" profile in the /etc/ppp/ppp.conf file, so you'll have to add that in. ill show you all my conf files. After you install freebsd4.5 just goto the /usr/ports/poptop directory (this directory gets installed for you if you tell the install program to install ports) And enter the "make" command Itll go download pptpd-1.1.2 and itll also do the "./configure --with-bsdppp" for you Then just do the "make install" command That's it all you gotta do then is make your config file Heres my "/etc/pptpd.conf" file: option /etc/ppp/ppp.conf pidfile /var/run/pptpd.pid Now add this section at the bottom of the /etc/ppp/ppp.conf file: pptp: set timeout 0 set log all #Use set device to tell what port to listen on, #ie "set device IPADDRESS:port" set device 192.168.69.100:pptp #use set ifaddr to tell what address to use as a local address, #what range to use for ppp clients, and the netmask for clients set ifaddr 10.10.10.1 192.168.0.2-192.168.0.254 255.255.255.255 enable proxy allow mode direct disable pap deny pap disable chap deny chap disable LANMan deny LANMan enable mppe accept mppe disable MSChap deny MSChap accept chap81 enable chap81 enable dns set dns 207.69.188.187 207.69.188.186 set mppe 128 This "pptp:" entry in the /etc/ppp/ppp.conf only allows MS-CHAP-v2 with MPPE-128 Now just add usernames and passwords to the /etc/ppp/ppp.secret file: With tabs between the username and the corresponding password: User1 password for user1 User2 password for user2 User3 passowrd for user3 This is what I had to do to get it all to work....I never could get it to work with the configs shown on that webpage.... Usually it wouldn't connect....when it did ocnnect it would give out ip addresses that I guess it just pulled out of its ass cause they definitly werent any ip addresses on my network....so I came up with the above configs.... The only thing is that I cant get NAT to work....ppp has support for nat but I couldn't get it so work. Ive tried "nat enable yes" and "nat target" and "nat target IPADDRESS_OF_MY_EXTERNAL_INTERFACE" I various combos but couldn't get it to work....also I cant seem to get mppe stateless to work either.....ie "set mppe 128 stateless|stateful" Any ideas from some more experienced BSD poptop users? Thanks, Bo Byrd From byrdr at corp.earthlink.net Fri Mar 29 10:19:03 2002 From: byrdr at corp.earthlink.net (Bo Byrd) Date: Fri, 29 Mar 2002 11:19:03 -0500 Subject: [pptp-server] FreeBSD4.5 In-Reply-To: <000b01c1d732$b4459440$e3b445cf@bbyrd> Message-ID: <000201c1d73d$7400a220$e3b445cf@bbyrd> OK sorry guys.....please disregard my previous email.....actually it doesn't work.....you think it does but im getting some really weird results............maybe its just the config files.......ill monkey with them some more next week...... Damn! Sorry..... Bo -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Bo Byrd Sent: Friday, March 29, 2002 10:02 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] FreeBSD4.5 With FreeBSD4.5 everything worked piece of cake....the 4.5 ppp already includes support for MPPE-128 and mschapv2 (its called chap81 though)..it was so easy too I got all my info from http://heyer.supranet.net/pptp/ so that's where the credit should go. With FreeBSD4.5 you don't have to do anything with the mpd or pppopie like the webpage says...all yougotta do after installing poptop is make your config files. The only thing is you'll have to learn how FreeBSD ppp works...it wasn't all that hard. The thing to know is that when you install it the way im saying then poptop will call the "pptp" profile in the /etc/ppp/ppp.conf file, so you'll have to add that in. ill show you all my conf files. After you install freebsd4.5 just goto the /usr/ports/poptop directory (this directory gets installed for you if you tell the install program to install ports) And enter the "make" command Itll go download pptpd-1.1.2 and itll also do the "./configure --with-bsdppp" for you Then just do the "make install" command That's it all you gotta do then is make your config file Heres my "/etc/pptpd.conf" file: option /etc/ppp/ppp.conf pidfile /var/run/pptpd.pid Now add this section at the bottom of the /etc/ppp/ppp.conf file: pptp: set timeout 0 set log all #Use set device to tell what port to listen on, #ie "set device IPADDRESS:port" set device 192.168.69.100:pptp #use set ifaddr to tell what address to use as a local address, #what range to use for ppp clients, and the netmask for clients set ifaddr 10.10.10.1 192.168.0.2-192.168.0.254 255.255.255.255 enable proxy allow mode direct disable pap deny pap disable chap deny chap disable LANMan deny LANMan enable mppe accept mppe disable MSChap deny MSChap accept chap81 enable chap81 enable dns set dns 207.69.188.187 207.69.188.186 set mppe 128 This "pptp:" entry in the /etc/ppp/ppp.conf only allows MS-CHAP-v2 with MPPE-128 Now just add usernames and passwords to the /etc/ppp/ppp.secret file: With tabs between the username and the corresponding password: User1 password for user1 User2 password for user2 User3 passowrd for user3 This is what I had to do to get it all to work....I never could get it to work with the configs shown on that webpage.... Usually it wouldn't connect....when it did ocnnect it would give out ip addresses that I guess it just pulled out of its ass cause they definitly werent any ip addresses on my network....so I came up with the above configs.... The only thing is that I cant get NAT to work....ppp has support for nat but I couldn't get it so work. Ive tried "nat enable yes" and "nat target" and "nat target IPADDRESS_OF_MY_EXTERNAL_INTERFACE" I various combos but couldn't get it to work....also I cant seem to get mppe stateless to work either.....ie "set mppe 128 stateless|stateful" Any ideas from some more experienced BSD poptop users? Thanks, Bo Byrd _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From lists at colliniconsulting.it Fri Mar 29 17:16:59 2002 From: lists at colliniconsulting.it (Francesco) Date: Sat, 30 Mar 2002 00:16:59 +0100 Subject: [pptp-server] linux pptp client Message-ID: Hello, excuse me in advance if i repeat two times the question i ask some times ago... i have a poptop linux server working fine when connection from Window$ clients; now i have to setup a linux client gateway with pptp in order to act as a tunnel router for the remote branch office. I would like to ask you two questions: what's the latest STABLE version and how can i configure the pptp command line connections; i have tried for some days in everyway but the server always gives me the "peer refuse to autenthicate" error... Thank you again, best wishes for Happy easter 2002! Francesco Collini From fcusack at fcusack.com Sun Mar 31 01:40:28 2002 From: fcusack at fcusack.com (Frank Cusack) Date: Sat, 30 Mar 2002 23:40:28 -0800 Subject: [pptp-server] linux pptp client In-Reply-To: ; from lists@colliniconsulting.it on Sat, Mar 30, 2002 at 12:16:59AM +0100 References: Message-ID: <20020330234028.B10277@google.com> On Sat, Mar 30, 2002 at 12:16:59AM +0100, Francesco wrote: > i have a poptop linux server working fine when connection from Window$ > clients; now i have to setup a linux client gateway with pptp in order to > act as a tunnel router for the remote branch office. > > I would like to ask you two questions: what's the latest STABLE version and > how can i configure the pptp command line connections; i have tried for some > days in everyway but the server always gives me the "peer refuse to > autenthicate" error... It sounds like you are asking on the wrong mailing list. Try visiting pptpclient.sourceforge.net. As for poptop, the latest and probably best version to use is 1.1.2. As for what you are trying to do, pptp is IMO not a suitable method for doing site-to-site tunnels. You should investigate linux s/wan. I would also highly recommend getting a pair of cheap (<$500) netscreen 5xp boxes, which is likely to be cheaper than the hardware cost of two linux gateways. /fc From lists at colliniconsulting.it Sun Mar 31 04:20:15 2002 From: lists at colliniconsulting.it (Francesco) Date: Sun, 31 Mar 2002 12:20:15 +0200 Subject: [pptp-server] site to site pptp connections Message-ID: Hello, i have just setup a LAN to LAN pptp connections between a poptop server and a pptp client. Everything seems to work fine, but, someone told me it is not a good solution for site to site VPN; frees/wan is better, someone told me. What do you think about? Is there someone using a lan to lan pptp connection with success? Thank you again, happy easter, bye! Francesco Collini From lists at colliniconsulting.it Sun Mar 31 04:27:51 2002 From: lists at colliniconsulting.it (Francesco) Date: Sun, 31 Mar 2002 12:27:51 +0200 Subject: [pptp-server] refusing clear text autenthication Message-ID: Hello, i have just patched ppp to work with ms-chap v2 autenthication; everything works fine; i also would like to tell to the poptop pptp server to REFUSE any clear text passowrd authentication, because sometimes users may forget configuring criptography options on their windows VPN connection. Thank you, bye. Francesco Collini