From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: pppd over an encrypted ssh connection (as described in the Linux VPN Mini HOWTO) - and found that I was lucky to get 9600bps throughput going that route. I tried the TCP/IP tunnel module in the Linux kernel, and with the lack of documentation, was never able to get that to work at all. I've not tried pptp-client yet, and though I would ask this list first. Thanks for any advice you guys can offer! -- /------------------------------------------------\ | Jim Morris | Business: jmorris at rtc-group.com | | | Personal: Jim at Morris.net | |------------------------------------------------| | World Wide Web: http://Jim.Morris.net | \------------------------------------------------/ From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: New in 1.2: [...] * Conditionals in Makefile.am, from Ian Taylor So it can be taught to do so, and could be made to -Wall -ansi -pedantic under Linux gcc and do whatever is appropriate on other platforms. Don't know how though, since I haven't used automake in any other projects. David. From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: gre_fd = socket(AF_INET, SOCK_RAW, PPTP_PROTO); connect(gre_fd, (struct sockaddr *) &src_addr, sizeof(src_addr)); PPTP_PROTO is protocol 47. If you want to watch the pptp packets, try 'tcpdump proto 47' (but tcpdump doesn't understand them much = you just get meaningless stuff out of it). David. From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: extern __inline__ __const__ __u16 __fswab16(__u16 x) { return __arch__swab16(x); } The other definitions are quite similar. This header exists within the linux kernel source (2.2.6, BTW). Honestly, I don't understand this syntax. I thought extern was used to declare that an object that did not exist within the current scope would be linked in later to exist in the current scope (I'm using some pidgin OO stuff here. Funny. I'm even worse at OO), yet it then goes on to define the function __fswab16. Doesn't like it if I remove the extern either. But I can slap some prototypes in there and it works okay. From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: login Use the system password database for authenticating the peer using PAP, and record the user in the sys- tem wtmp file. Note that the peer must have an entry in the /etc/ppp/pap-secrets file as well as the system password database to be allowed access. I see no other reference to wtmp, but maybe it'll work for CHAP anyway. (This jives with my lack of CHAP knowledge. The password is probably transmitted in an incompatibly encrypted manner, huh?) If not, surely it would be an easy hack to copy over the wtmp-specific stuff, since it's already there. -Bitt From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: we are a PAC not a PNS and hence we shouldn't respond to Incoming-Call-Requests. The whole draft itself is confusing as it seems to be written with different goals it mind (specifically, with ISDN calls and so on being established which have nothing to do with PPTP as we know it). 2.7. Outgoing-Call-Request The Outgoing-Call-Request is a PPTP control message sent by the PNS to the PAC to indicate that an outbound call from the PAC is to be established. This request provides the PAC with information required to make the call. It also provides information to the PAC that is used to regulate the transmission of data to the PNS for this session once it is established. David. From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: special case where the client acts as a very simplified PNS and the server acts as a PAC, since the situation is much simpler in IP tunnelling than in full-blown PPTP (and PACs are simpler than PNSs). All the in-call and out-call stuff is really 99% irrelevant to the IP tunnelling case but is the core of the 'real' PPTP protocol. Anyway, I've made a lot of changes towards multi-call support (in the process made a number of improvements to things like ctrlpacket.c, but will not commit them since this is intertwined with my PNS-style stuff) but this is touching almost all the code, so I think we might want to get 0.9 out soon as 'stable version' then start a new 'development stream' so I can submit this code without worrying about breaking stuff. Also there are some bits I'm not sure how to do efficiently, and especially pptpctrl.c is going to end up looking nowhere near as elegant as we've got it now. David. From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: --- begin extract --- 4.3. Out-of-sequence Packets Occasionally packets lose their sequencing across a complicated internetwork. Say, for example that a PNS sends packets 0 to 5 to a PAC. Because of rerouting in the internetwork, packet 4 arrives at the PAC before packet 3. The PAC acknowledges packet 4, and may assume packet 3 is lost. This acknowledgment grants window credit beyond packet 4. When the PAC does receive packet 3, it MUST not attempt to transmit it to the corresponding PPP client. To do so could cause problems, as proper PPP protocol operation is premised upon receiving packets in sequence. PPP does properly deal with the loss of packets, but not with reordering so out of sequence packets between the PNS and PAC MUST be silently discarded, or they may be reordered by the receiver. When packet 5 comes in,packet 5 comes in, it is acknowledged by the PAC since it has a higher sequence number than 4, which was the last highest packet acknowledged by the PAC. Packets with duplicate sequence numbers should never occur since the PAC and PNS never retransmit GRE packets. A robust implementation will silently discard duplicate GRE packets, should it receive any. it is acknowledged by the PAC since it has a higher sequence number than 4, which was the last highest packet acknowledged by the PAC. Packets with duplicate sequence numbers should never occur since the PAC and PNS never retransmit GRE packets. A robust implementation will silently discard duplicate GRE packets, should it receive any. --- end extract --- So we could implement re-ordering with some kind of adaptive time-out but this is currently beyond what PoPToP does. Possibly your problem is more that we don't implement any kind of congestion control, etc, etc - I haven't worked on this since I basically have no use for it (all my 'clients' - the students - are on a minimum of 10Mbps ethernet, at a maximum of 1 router hop away). The draft describes how these things might be implemented. David. From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: netmask n Set the interface netmask to n, a 32 bit netmask in "decimal dot" notation (e.g. 255.255.255.0). If this option is given, the value specified is ORed with the default netmask. The default netmask is chosen based on the negotiated remote IP address; it is the appropriate network mask for the class of the remote IP address, ORed with the netmasks for any non point-to-point network interfaces in the system which are on the same network. I think it is this OR operation that is either flawed, or we just don't understand what it's doing properly. It would seem that pppd is trying to be smart about the netmask setting, but something's not right. Brian Here's the source code for setnetmask() in options.c from pppd (versions 2.3.5 thru 2.3.7-2): /* * setnetmask - set the netmask to be used on the interface. */ static int setnetmask(argv) char **argv; { u_int32_t mask, b; int n, ok; char *p, *endp; /* * Unfortunately, if we use inet_addr, we can't tell whether * a result of all 1s is an error or a valid 255.255.255.255. */ p = *argv; ok = 0; mask = 0; for (n = 3;; --n) { b = strtoul(p, &endp, 0); if (endp == p) break; if (b < 0 || b > 255) { if (n == 3) { /* accept e.g. 0xffffff00 */ p = endp; mask = b; } break; } mask |= b << (n * 8); p = endp; if (*p != '.' || n == 0) break; ++p; } mask = htonl(mask); if (*p != 0 || (netmask & ~mask) != 0) { option_error("invalid netmask value '%s'", *argv); return 0; } netmask = mask; return (1); } From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: "A new historyless mode for encryption and compression over PPTP connections has been enabled in this update. This new mode solves performance problems encountered using PPTP in high latency networks or networks that experience significant packet loss. This upgrade is fully compatible with legacy PPTP systems. However, in order to negotiate historyless mode, both the PPTP client and server must support it. If either client or server refuses the new mode, normal MPPE compression and encryption will be negotiated. To experience the full benefit of the PPTP performance update, this Update must be installed on both Windows NTclients and servers. " Please let us know if you get it working. water at labj.com wrote: > Has anybody tried PopTop w/ MPPE against WinNT clients? I tried, but no luck. > The connection can be successfully established, but both ends just don't > understand the encrypted frames from the other. Any hints to solve this > problem? Thanks > > Jim > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: > o Be sure to have a HOME variable set when you start > pptpd, because slirp reads the HOME/.chap-secrets file > for authentication > This file must be TAB-separated filled in as follows: > * 192.87.7.231 > Note the remote address at the end, it must be the same > as the one you edit into ctl.h of slirp. So the PopTop-slirp combo uses plain chap authentication. Slirp itself is based on pppd-2.veryold ppp code and does not support any kind of data encryption as far as I know. Correct me here if I am wrong. Theoretically it is possible to rewrite slirp to use the newest pppd-2.3.10+mppe patches code, but I had no time for doing this until now. Regards, -- Dr. H.H. (Harald) Vogt SERC (Software Engineering Research Centre) E-mail: vogt at serc.nl P.O. Box 424, 3500 AK Utrecht, The Netherlands http://www.serc.nl/people/vogt tel: +31-30-2545412, fax: +31-30-2545948 From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: Patrick -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jean-Paul Chavant Sent: December 7, 1999 4:18 AM To: Pptp-Server at Lists. Schulte. Org Subject: [pptp-server] 40 & 128 bits encryption Hello, I ve installed pptp-1.0.0 with SSL-0.6.0b (for rc4.h, ...) and ppp-2.3.8 with mppe patch. My data connexion is encrypted in 40 or 128 bits ? How I know if my connection is encrypted in 40 or 128 bits mode ? Thanks. Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: /etc/ppp/chap-secrets. I have been working on adding MS-CHAP-v2 authentication to ICradius, but do not have it ready for general consumption. I have not seen any radius servers that provide MS-Chap-v2 support. > Thanks in advance for whatever information you can provide. > Ken Hope this helps, JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: I don't know about a pppd DNS option (except maybe usepeerdns or something probably not really related.. it's been a while :-). cheers, -matt > Is it possible to set the IP address of a WINS server and also > internal DNS server into the options file. I assume it would be the > pppd options file (/etc/ppp/options). I have the OReilly pppd book > and I don't see any reference to setting up the WINS address - and I > have to admit that I haven't looked for the DNS stuff yet. > > Thanks, > > Phil Butler > butler at dii.net > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: and then do a recompile. Cheers, Dr Emett Brown :-) ----- Original Message ----- From: Martin McFlySr To: Sent: Wednesday, January 26, 2000 2:56 AM Subject: [pptp-server] how can i change name of ppp daemona, which run pptpd? > Hello pptp-server at lists.schulte.org, > > how can i change name of ppp daemona, which run pptpd? > > i want patching original ppp (freebsd), and want call it, ppp-n, for > example, and keep original - ppp. > > where must i change settings for pptpd run ppp-n instead ppp ? > > thank you, > > -- > Tuesday, January 25, 2000, > 21:55 > > Best regards from future, > Martin McFlySr, HillDale. > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: pptpd -d The RedHat HOWTO should be updated fairly soon. Check back in a few days: http://www.moretonbay.com/vpn/help.html Mike Michael Barsalou barjunk at attglobal.net From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: the GRE option then try tracing back to the client. From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: hack together even a rudimentary GRE traceroute for DOS/Win*? Better still, anyone got a pointer to an existing one? Thanks, Neale. From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: with PoPToP on SMP (2.2.15pre11 or pre12). David. ------- Forwarded Message [...] If things go OK I'll release 2.2.15 some point late next week. [...] 2.2.15pre11 [...] o PPP/SMP locking fixes (Paul Mackerras) [...] -- David Luyer ///// // ///// // // www.pacific.net.au Network Engineer // // // // // // // Pacific Internet Phone: +61 2 9253 5755 ///// // ///// // // Fast 'n Easy Fax: +61 2 9247 5276 // // // // //// NASDAQ: PCNTF From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: Linux box, I can't ping the NT box. It's like the connection doesn't really exist. >Does anyone know if IP forwarding has to be turned on on the NT >machine for this to work? I know it has to be turned on at the linux >box. On the Linux box do a: > >cat /proc/sys/net/ipv4/ip_forward -server The NT machine shouldn't need to have IP forwarding turned on, since it's the client in this case. On the Linux box, IP forwarding is turned on. In fact, the private network is all functioning quite well, getting to and from the internet, etc. I'm wondering if the firewalling rules on the Linux box are too restrictive somehow, although I would have expected the connection attempt to be rejected if that were the case. ============================================================= Thomas Koschate koschate at bigfoot.com For PGP Key, see http://keys.pgp.com:11371/pks/lookup?op=get&search=0xF45280AD ============================================================= "Sanity calms, but madness is more interesting." John Russell From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: get to > Right now, I'm beginning to think that the logical course of action is to > de-install ding-dang near everything and reinstall it using the latest > versions from M$'s website. However, I'm guessing this will be a long and > time consuming task, and would rather avoid it if possible. The catch is, it seems to depend on *how* you install some of these bits (darn MS: why do they let you do it a different way if it won't work that way? {:-( ) HTH, Neale. From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: VPN is restarted. Has anyone seen this problem before, or any hint for me how to solve it? I append a log-file of the session to the end of the message. BTW it doesn't matter which encryption I choose this happens just the same with any form of MPPE encryption, no matter of MPPE 40-bit or 128-bit or stateless or non-stateless ... bye Martin PGP-RSA key available from: http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm at lunetix.de ------------------------------------------------------------------------- Mar 13 15:52:43 mel pptpd[1865]: MGR: Launching /usr/sbin/pptpctrl to handle client Mar 13 15:52:43 mel pptpd[1865]: CTRL: local address = 192.168.100.254 Mar 13 15:52:43 mel pptpd[1865]: CTRL: remote address = 192.168.100.243 Mar 13 15:52:43 mel pptpd[1865]: CTRL: pppd speed = 115200 Mar 13 15:52:43 mel pptpd[1865]: CTRL: pppd options file = /etc/ppp/pptp.options Mar 13 15:52:43 mel pptpd[1865]: CTRL: Client xxx.xxx.xxx.xxx control connection started Mar 13 15:52:43 mel pptpd[1865]: CTRL: Received PPTP Control Message (type: 1) Mar 13 15:52:43 mel pptpd[1865]: CTRL: Made a START CTRL CONN RPLY packet Mar 13 15:52:43 mel pptpd[1865]: CTRL: I wrote 156 bytes to the client. Mar 13 15:52:43 mel pptpd[1865]: CTRL: Sent packet to client Mar 13 15:52:46 mel pptpd[1865]: CTRL: Received PPTP Control Message (type: 7) Mar 13 15:52:46 mel pptpd[1865]: CTRL: Set parameters to 0 maxbps, 16 window size Mar 13 15:52:46 mel pptpd[1865]: CTRL: Made a OUT CALL RPLY packet Mar 13 15:52:46 mel pptpd[1865]: CTRL: Starting call (launching pppd, opening GRE) Mar 13 15:52:46 mel pptpd[1865]: CTRL: pty_fd = 5 Mar 13 15:52:46 mel pptpd[1865]: CTRL: tty_fd = 6 Mar 13 15:52:46 mel pptpd[1865]: CTRL: I wrote 32 bytes to the client. Mar 13 15:52:46 mel pptpd[1865]: CTRL: Sent packet to client Mar 13 15:52:46 mel pptpd[1866]: CTRL (PPPD Launcher): Connection speed = 115200 Mar 13 15:52:46 mel pptpd[1866]: CTRL (PPPD Launcher): local address = 192.168.100.254 Mar 13 15:52:46 mel pptpd[1866]: CTRL (PPPD Launcher): remote address = 192.168.100.243 Mar 13 15:52:46 mel pppd[1866]: pppd 2.3.10 started by root, uid 0 Mar 13 15:52:46 mel pppd[1866]: Using interface ppp0 Mar 13 15:52:46 mel pppd[1866]: Connect: ppp0 <--> /dev/pts/0 Mar 13 15:52:46 mel pppd[1866]: sent [LCP ConfReq id=0x1 ] Mar 13 15:52:46 mel pppd[1866]: Timeout 0x8050164:0x8077660 in 3 seconds. Mar 13 15:52:47 mel pppd[1866]: rcvd [LCP ConfReq id=0x1 ] Mar 13 15:52:47 mel pppd[1866]: lcp_reqci: returning CONFACK. Mar 13 15:52:47 mel pppd[1866]: sent [LCP ConfAck id=0x1 ] Mar 13 15:52:47 mel pppd[1866]: rcvd [LCP ConfAck id=0x1 ] Mar 13 15:52:47 mel pppd[1866]: Untimeout 0x8050164:0x8077660. Mar 13 15:52:47 mel pppd[1866]: sent [CHAP Challenge id=0x1 , name = "fmnet"] Mar 13 15:52:47 mel pppd[1866]: Timeout 0x80558c0:0x8077940 in 3 seconds. Mar 13 15:52:48 mel pppd[1866]: rcvd [CHAP Response id=0x1 <4e0fcd46d0f0144cda90583534d0bd600000000000000000e840fe64ab9e1296b1c7500c62b3633Mar 13 15:52:48 mel pppd[1866]: Untimeout 0x80558c0:0x8077940. Mar 13 15:52:48 mel pppd[1866]: ChapReceiveResponse: rcvd type MS-CHAP-V2 Mar 13 15:52:48 mel pppd[1866]: sent [CHAP Success id=0x1 "S=1DF79A1F1D0632DEBA43D7E05CD3492A90550AAE"] Mar 13 15:52:48 mel pppd[1866]: sent [IPCP ConfReq id=0x1 ] Mar 13 15:52:48 mel pppd[1866]: Timeout 0x8050164:0x80778c0 in 3 seconds. Mar 13 15:52:48 mel pppd[1866]: sent [CCP ConfReq id=0x1 ] Mar 13 15:52:48 mel pppd[1866]: Timeout 0x8050164:0x8077a00 in 3 seconds. Mar 13 15:52:48 mel pppd[1866]: MSCHAP-v2 peer authentication succeeded for mnmuelle Mar 13 15:52:48 mel kernel: mppe_comp_alloc(): compress rejected: opt_len=19,o[0]=12,o[1]=6 Mar 13 15:52:48 mel last message repeated 2 times Mar 13 15:52:49 mel pppd[1866]: rcvd [CCP ConfReq id=0x1 ] Mar 13 15:52:49 mel kernel: mppe_comp_alloc(): compress rejected: opt_len=19,o[0]=12,o[1]=6 Mar 13 15:52:49 mel pppd[1866]: sent [CCP ConfNak id=0x1 ] Mar 13 15:52:49 mel pptpd[1865]: GRE: Discarding out of order packet Mar 13 15:52:49 mel pppd[1866]: rcvd [CCP ConfNak id=0x1 ] Mar 13 15:52:49 mel pppd[1866]: Untimeout 0x8050164:0x8077a00. Mar 13 15:52:49 mel pppd[1866]: sent [CCP ConfReq id=0x2 ] Mar 13 15:52:49 mel pppd[1866]: Timeout 0x8050164:0x8077a00 in 3 seconds. Mar 13 15:52:49 mel kernel: mppe_comp_alloc(): compress rejected: opt_len=35,o[0]=12,o[1]=6 Mar 13 15:52:49 mel pppd[1866]: rcvd [CCP ConfAck id=0x2 ] Mar 13 15:52:51 mel pppd[1866]: sent [IPCP ConfReq id=0x1 ] Mar 13 15:52:51 mel pppd[1866]: Timeout 0x8050164:0x80778c0 in 3 seconds. Mar 13 15:52:52 mel pppd[1866]: rcvd [IPCP ConfAck id=0x1 ] Mar 13 15:52:52 mel pppd[1866]: rcvd [CCP ConfReq id=0x2 ] Mar 13 15:52:52 mel pppd[1866]: sent [CCP ConfNak id=0x2 ] Mar 13 15:52:52 mel kernel: mppe_comp_alloc(): compress rejected: opt_len=19,o[0]=12,o[1]=6 Mar 13 15:52:52 mel pppd[1866]: rcvd [IPCP ConfReq id=0x2 ] Mar 13 15:52:52 mel pppd[1866]: Timeout 0x8050164:0x8077a00 in 3 seconds. Mar 13 15:52:52 mel kernel: mppe_comp_alloc(): compress rejected: opt_len=35,o[0]=12,o[1]=6 Mar 13 15:52:52 mel pppd[1866]: rcvd [CCP ConfReq id=0x3 ] Mar 13 15:52:52 mel pppd[1866]: sent [CCP ConfAck id=0x3 ] Mar 13 15:52:52 mel kernel: mppe_comp_alloc(): compress rejected: opt_len=35,o[0]=12,o[1]=6 Mar 13 15:52:52 mel kernel: mppe_comp_init(): compress rejected: opt_len=6,o[0]=12,o[1]=6 Mar 13 15:52:52 mel pppd[1866]: rcvd [IPCP ConfReq id=0x3 ] Mar 13 15:52:52 mel pppd[1866]: Untimeout 0x8050164:0x8077a00. Mar 13 15:52:52 mel pppd[1866]: MPPE 128 bit, stateless compression enabled Mar 13 15:52:52 mel pppd[1866]: Script /etc/ppp/ip-up finished (pid 1868), status = 0x0 Mar 13 15:52:57 mel pppd[1866]: rcvd [CCP ResetReq id=0x4] Mar 13 15:52:57 mel pppd[1866]: sent [CCP ResetAck id=0x4] Mar 13 15:52:57 mel kernel: mppe_comp_reset Mar 13 15:53:15 mel PAM_unix[917]: (login) session opened for user root by LOGIN(uid=0) Mar 13 15:53:15 mel login: ROOT LOGIN ON tty3 Mar 13 15:53:32 mel pppd[1866]: rcvd [CCP ResetReq id=0x5] Mar 13 15:53:32 mel pppd[1866]: sent [CCP ResetAck id=0x5] Mar 13 15:53:32 mel kernel: mppe_comp_reset Mar 13 15:53:43 mel pppd[1866]: rcvd [CCP ResetReq id=0x6] Mar 13 15:53:43 mel pppd[1866]: sent [CCP ResetAck id=0x6] Mar 13 15:53:43 mel kernel: mppe_comp_reset Mar 13 15:53:46 mel pptpd[1865]: CTRL: Received PPTP Control Message (type: 5) Mar 13 15:53:46 mel pptpd[1865]: CTRL: Made a ECHO RPLY packet Mar 13 15:53:46 mel pptpd[1865]: CTRL: I wrote 20 bytes to the client. Mar 13 15:53:46 mel pptpd[1865]: CTRL: Sent packet to client Mar 13 15:53:51 mel pppd[1866]: rcvd [CCP ResetReq id=0x7] Mar 13 15:53:51 mel pppd[1866]: sent [CCP ResetAck id=0x7] Mar 13 15:53:51 mel kernel: mppe_comp_reset Mar 13 15:54:02 mel pppd[1866]: rcvd [CCP ResetReq id=0x8] Mar 13 15:54:02 mel pppd[1866]: sent [CCP ResetAck id=0x8] Mar 13 15:54:02 mel kernel: mppe_comp_reset Mar 13 15:54:04 mel pppd[1866]: rcvd [CCP ResetReq id=0x9] Mar 13 15:54:04 mel pppd[1866]: sent [CCP ResetAck id=0x9] Mar 13 15:54:04 mel kernel: mppe_comp_reset Mar 13 15:54:12 mel pppd[1866]: rcvd [CCP ResetReq id=0xa] Mar 13 15:54:12 mel pppd[1866]: sent [CCP ResetAck id=0xa] Mar 13 15:54:12 mel kernel: mppe_comp_reset Mar 13 15:54:19 mel pppd[1866]: rcvd [CCP ResetReq id=0xb] Mar 13 15:54:19 mel pppd[1866]: sent [CCP ResetAck id=0xb] Mar 13 15:54:19 mel kernel: mppe_comp_reset Mar 13 15:54:19 mel pppd[1866]: rcvd [CCP ResetReq id=0xd] Mar 13 15:54:19 mel pppd[1866]: sent [CCP ResetAck id=0xd] Mar 13 15:54:19 mel kernel: mppe_comp_reset Mar 13 15:54:19 mel pptpd[1865]: GRE: Discarding out of order packet Mar 13 15:54:22 mel pppd[1866]: rcvd [CCP ResetReq id=0xe] Mar 13 15:54:22 mel pppd[1866]: sent [CCP ResetAck id=0xe] Mar 13 15:54:22 mel kernel: mppe_comp_reset Mar 13 15:54:23 mel pppd[1866]: rcvd [CCP ResetReq id=0xf] Mar 13 15:54:23 mel pppd[1866]: sent [CCP ResetAck id=0xf] Mar 13 15:54:23 mel kernel: mppe_comp_reset Mar 13 15:54:26 mel pppd[1866]: rcvd [CCP ResetReq id=0x10] Mar 13 15:54:26 mel pppd[1866]: sent [CCP ResetAck id=0x10] Mar 13 15:54:26 mel kernel: mppe_comp_reset Mar 13 15:54:28 mel pppd[1866]: rcvd [CCP ResetReq id=0x12] Mar 13 15:54:28 mel pppd[1866]: sent [CCP ResetAck id=0x12] Mar 13 15:54:28 mel kernel: mppe_comp_reset Mar 13 15:54:28 mel pptpd[1865]: GRE: Discarding out of order packet Mar 13 15:54:28 mel pppd[1866]: rcvd [CCP ResetReq id=0x13] Mar 13 15:54:28 mel pppd[1866]: sent [CCP ResetAck id=0x13] Mar 13 15:54:28 mel kernel: mppe_comp_reset Mar 13 15:54:38 mel pppd[1866]: rcvd [CCP ResetReq id=0x14] Mar 13 15:54:38 mel pppd[1866]: sent [CCP ResetAck id=0x14] Mar 13 15:54:38 mel kernel: mppe_comp_reset Mar 13 15:54:41 mel pppd[1866]: rcvd [CCP ResetReq id=0x15] Mar 13 15:54:41 mel pppd[1866]: sent [CCP ResetAck id=0x15] Mar 13 15:54:41 mel kernel: mppe_comp_reset Mar 13 15:54:41 mel pppd[1866]: rcvd [Compressed data] 90 50 71 8d ee d6 37 c8 ... Mar 13 15:54:42 mel pppd[1866]: rcvd [Compressed data] 90 51 2f 23 f2 04 06 df ... Mar 13 15:54:43 mel pppd[1866]: rcvd [Compressed data] 90 52 85 76 6b 80 b3 33 ... Mar 13 15:54:45 mel pppd[1866]: rcvd [CCP ResetReq id=0x16] Mar 13 15:54:45 mel pppd[1866]: sent [CCP ResetAck id=0x16] Mar 13 15:54:45 mel kernel: mppe_comp_reset Mar 13 15:54:45 mel pppd[1866]: rcvd [Compressed data] 90 53 06 9f 17 f9 69 c1 ... Mar 13 15:54:46 mel pppd[1866]: rcvd [Compressed data] 90 54 db 09 00 ec 54 4e ... Mar 13 15:54:47 mel pptpd[1865]: CTRL: Received PPTP Control Message (type: 5) Mar 13 15:54:47 mel pptpd[1865]: CTRL: Made a ECHO RPLY packet Mar 13 15:54:47 mel pptpd[1865]: CTRL: I wrote 20 bytes to the client. Mar 13 15:54:47 mel pptpd[1865]: CTRL: Sent packet to client Mar 13 15:54:48 mel pppd[1866]: rcvd [CCP ResetReq id=0x17] Mar 13 15:54:48 mel pppd[1866]: sent [CCP ResetAck id=0x17] Mar 13 15:54:48 mel kernel: mppe_comp_reset Mar 13 15:54:49 mel pppd[1866]: rcvd [Compressed data] 90 55 58 59 13 e4 a1 10 ... Mar 13 15:54:49 mel pppd[1866]: rcvd [Compressed data] 90 56 4b c6 15 e5 6d e1 ... Mar 13 15:54:50 mel pppd[1866]: rcvd [Compressed data] 90 57 c6 1f 98 c1 11 2a ... Mar 13 15:54:51 mel pppd[1866]: rcvd [Compressed data] 90 58 73 f4 5d e4 88 ca ... Mar 13 15:54:52 mel pppd[1866]: rcvd [Compressed data] 90 59 0a f5 5f ba a5 41 ... Mar 13 15:54:53 mel pppd[1866]: rcvd [Compressed data] 90 5a d5 23 15 6f 2d 82 ... Mar 13 15:54:55 mel pppd[1866]: rcvd [LCP TermReq id=0x2] Mar 13 15:54:55 mel pppd[1866]: LCP terminated by peer Mar 13 15:54:55 mel pppd[1866]: ipcp: down Mar 13 15:54:55 mel pppd[1866]: Untimeout 0x805957c:0x0. Mar 13 15:54:55 mel pppd[1866]: Script /etc/ppp/ip-down started (pid 1913) Mar 13 15:54:55 mel pppd[1866]: Timeout 0x8050164:0x8077660 in 3 seconds. Mar 13 15:54:55 mel pppd[1866]: sent [LCP TermAck id=0x2] Mar 13 15:54:55 mel pppd[1866]: Script /etc/ppp/ip-down finished (pid 1913), status = 0x0 Mar 13 15:54:56 mel pptpd[1865]: CTRL: Received PPTP Control Message (type: 12) Mar 13 15:54:56 mel pptpd[1865]: CTRL: Made a CALL DISCONNECT RPLY packet Mar 13 15:54:56 mel pptpd[1865]: CTRL: Received CALL CLR request (closing call) Mar 13 15:54:56 mel pptpd[1865]: CTRL: I wrote 148 bytes to the client. Mar 13 15:54:56 mel pptpd[1865]: CTRL: Sent packet to client Mar 13 15:54:56 mel pptpd[1865]: CTRL: Error with select(), quitting Mar 13 15:54:56 mel pptpd[1865]: CTRL: Client xxx.xxx.xxx.xxx control connection finished Mar 13 15:54:56 mel pptpd[1865]: CTRL: Exiting now Mar 13 15:54:56 mel pptpd[921]: MGR: Reaped child 1865 Mar 13 15:54:56 mel pppd[1866]: Modem hangup Mar 13 15:54:56 mel pppd[1866]: Untimeout 0x8050164:0x8077660. Mar 13 15:54:56 mel pppd[1866]: Connection terminated. Mar 13 15:54:56 mel pppd[1866]: Connect time 2.2 minutes. Mar 13 15:54:56 mel pppd[1866]: Sent 16521 bytes, received 10188 bytes. Mar 13 15:54:56 mel pppd[1866]: Exit. ------------------------------------------------------------------------- From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: I'm pretty sure that header compression has been turned off on the clients. Also a question about encryption. The clients have encrypted passwords turned on and auth just fine. When we turn data encrypt on, I get a message saying that the server does not support encryption. I installed the ppp-2.3.10-openssl-norc4-mppe.patch patch and SSLeay-0.6.6b as per the how-o and it all compiled just fine. Am I missing something??? Thanks in advance Brian --------------BC8B236F4ED5EFCCAFE90C21 Content-Type: text/x-vcard; charset=us-ascii; name="dimambro.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Brian L. DiMambro Content-Disposition: attachment; filename="dimambro.vcf" begin:vcard n:DiMambro;Brian L. tel;fax:413 tel;work:209.815.2374 x-mozilla-html:FALSE adr:;;;;;; version:2.1 email;internet:dimambro at pacbell.net fn:Brian L. DiMambro end:vcard --------------BC8B236F4ED5EFCCAFE90C21-- From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: EXTERNAL_INTERFACE="eth0" IPADDR="xxx.yy.zzz.aaa/28" ANYWHERE="any/0" UNPRIVPORTS="1024:65535" # # VPN server (22) # # --------------- ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ -s $ANYWHERE $UNPRIVPORTS \ -d $IPADDR 1723 -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \ -s $IPADDR 1723 \ -d $ANYWHERE $UNPRIVPORTS -j ACCEPT ipchains -A input -p 47 \ -s $ANYWHERE \ -d $IPADDR -j ACCEPT ipchains -A output -p 47 \ -s $IPADDR \ -d $ANYWHERE -j ACCEPT ipchains -A forward -i ppp+ \ -s $ANYWHERE \ -d $ANYWHERE -j ACCEPT ipchains -A input -i ppp+ \ -s $ANYWHERE \ -d $ANYWHERE -j ACCEPT ipchains -A output -i ppp+ \ -s $ANYWHERE \ -d $ANYWHERE -j ACCEPT Also tried the following with no luck ......... (looks wrong anyway) # ipchains -A forward -i $EXTERNAL_INTERFACE -p tcp \ # -s $ANYWHERE $UNPRIVPORTS \ # -d $IPADDR 1723 -j ACCEPT # ipchains -A forward -p 47 \ # -s $ANYWHERE \ # -d $IPADDR -j ACCEPT My routing table on the VPN/FW server xxx.yy.zzz.aaa = System registered IP xxx.yy.zzz.bbb = Registered network base address xxx.yy.zzz.ccc = Registered outside router address [root at XXXXX /root]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface xxx.yy.zzz.aaa 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.20.220 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.20.221 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1 192.168.20.246 0.0.0.0 255.255.255.255 UH 0 0 0 eth2 xxx.yyy.zzz.bbb 0.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 xxx.yy.zzz.ccc 0.0.0.0 UG 0 0 0 eth0 On PC Client Doing a ping through the VPN to the private network ... used to get request timed out prior to inserting rules for ppp interfaces. Reply from xxx.yy.zzz.aaa: Destination host unreachable. Reply from xxx.yy.zzz.aaa: Destination host unreachable. Reply from xxx.yy.zzz.aaa: Destination host unreachable. Reply from xxx.yy.zzz.aaa: Destination host unreachable. Reply from xxx.yy.zzz.aaa: Destination host unreachable. Reply from xxx.yy.zzz.aaa: Destination host unreachable. Reply from xxx.yy.zzz.aaa: Destination host unreachable. C:\WINDOWS>ipconfig /all Windows 98 IP Configuration Host Name . . . . . . . . . : my.systems.name DNS Servers . . . . . . . . : 206.13.31.12 206.13.28.12 Node Type . . . . . . . . . : Broadcast NetBIOS Scope ID. . . . . . : IP Routing Enabled. . . . . : No WINS Proxy Enabled. . . . . : No NetBIOS Resolution Uses DNS : Yes 0 Ethernet adapter : Description . . . . . . . . : PPP Adapter. Physical Address. . . . . . : 44-45-53-54-00-00 DHCP Enabled. . . . . . . . : Yes IP Address. . . . . . . . . : 192.168.20.222 Subnet Mask . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . : DHCP Server . . . . . . . . : 255.255.255.255 Primary WINS Server . . . . : Secondary WINS Server . . . : Lease Obtained. . . . . . . : 01 01 80 12:00:00 AM Lease Expires . . . . . . . : 01 01 80 12:00:00 AM 1 Ethernet adapter : Description . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapter Physical Address. . . . . . : 00-A0-CC-36-72-E2 DHCP Enabled. . . . . . . . : No IP Address. . . . . . . . . : 192.168.0.200 Subnet Mask . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . : 192.168.0.254 Primary WINS Server . . . . : Secondary WINS Server . . . : Lease Obtained. . . . . . . : Lease Expires . . . . . . . : C:\WINDOWS>netstat -rn Route Table Active Routes: Network Address Netmask Gateway Address Interface Metric 0.0.0.0 0.0.0.0 192.168.0.254 192.168.0.200 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.255.0 192.168.0.200 192.168.0.200 1 192.168.0.200 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.0.255 255.255.255.255 192.168.0.200 192.168.0.200 1 192.168.20.0 255.255.255.0 192.168.20.222 192.168.20.222 1 192.168.20.222 255.255.255.255 127.0.0.1 127.0.0.1 1 xxx.yy.zzz.aaa 255.255.255.255 192.168.0.254 192.168.0.200 1 224.0.0.0 224.0.0.0 192.168.0.200 192.168.0.200 1 224.0.0.0 224.0.0.0 192.168.20.222 192.168.20.222 1 255.255.255.255 255.255.255.255 192.168.20.222 192.168.20.222 1 Again, any help will be greately appreciated and thanks Brian --------------4EA6B1776E820B214D7104F1 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Hi all.

I'm still having a bit of a problem getting ppp to tunnel through a fairly restrictive set of firewall rules. I am using Robert Zeigler's FW config tool and have everything working except VPN. This is a deny all script that then allows only certain ports/protos through. I have a fairly open script that I am using at the present that works just fine. I kick in the new script and the VPN goes in the toilet. When I connect, I get no errors from ppptd in the syslog. I think I've got it mostly working except now it looks like I've got a routing problem. Prior to my latest attempt I was getting "request timed out" from my Windoze client if I tried to ping a system on the private network, now I get "destination host unreachable" ... looks like a routing/forwarding problem. I'm not seeing it. Everything looks the same in the routing tables prior to executing the rules script and after. I'm kind of running into a wall here and would appreciate any help given.

On this network we are only using tcp stuff .. no netbios/netbt/samba stuff. I only want to be able to ssh, http, ftp and ping. Along with ping ... ssh, ftp and http also stop working.

BTW: The VPN and firewall are the same system .....
 

On Linux VPN Server
 

From the firewall script

EXTERNAL_INTERFACE="eth0"
IPADDR="xxx.yy.zzz.aaa/28"
ANYWHERE="any/0"
UNPRIVPORTS="1024:65535"
 

#    # VPN server (22)
#    # ---------------
        ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
                -s $ANYWHERE $UNPRIVPORTS \
                -d $IPADDR 1723 -j ACCEPT

        ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
                -s $IPADDR 1723 \
                -d $ANYWHERE $UNPRIVPORTS -j ACCEPT

        ipchains -A input -p 47 \
                 -s $ANYWHERE \
                 -d $IPADDR -j ACCEPT

        ipchains -A output -p 47 \
                 -s $IPADDR \
                 -d $ANYWHERE -j ACCEPT

        ipchains -A forward -i ppp+ \
                 -s $ANYWHERE \
                 -d $ANYWHERE -j ACCEPT

        ipchains -A input -i ppp+ \
                 -s $ANYWHERE \
                 -d $ANYWHERE -j ACCEPT

        ipchains -A output -i ppp+ \
                 -s $ANYWHERE \
                 -d $ANYWHERE -j ACCEPT

Also tried the following with no luck ......... (looks wrong anyway)

#       ipchains -A forward -i $EXTERNAL_INTERFACE -p tcp \
#               -s $ANYWHERE $UNPRIVPORTS \
#               -d $IPADDR 1723 -j ACCEPT

#       ipchains -A forward -p 47 \
#                -s $ANYWHERE \
#                -d $IPADDR -j ACCEPT
 

My routing table on the VPN/FW server

xxx.yy.zzz.aaa = System registered IP
xxx.yy.zzz.bbb = Registered network base address
xxx.yy.zzz.ccc = Registered outside router address

[root at XXXXX /root]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
xxx.yy.zzz.aaa  0.0.0.0         255.255.255.255 UH        0 0          0 eth0
192.168.20.220  0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
192.168.20.221  0.0.0.0         255.255.255.255 UH        0 0          0 ppp1
192.168.20.246  0.0.0.0         255.255.255.255 UH        0 0          0 eth2
xxx.yyy.zzz.bbb  0.0.0.0        255.255.255.240 U         0 0          0 eth0
192.168.20.0    0.0.0.0         255.255.255.0   U         0 0          0 eth2
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         xxx.yy.zzz.ccc  0.0.0.0         UG        0 0          0 eth0
 
 

On PC Client
 

Doing a ping through the VPN to the private network ... used to get request timed out prior to inserting rules for ppp interfaces.

Reply from xxx.yy.zzz.aaa: Destination host unreachable.
Reply from xxx.yy.zzz.aaa: Destination host unreachable.
Reply from xxx.yy.zzz.aaa: Destination host unreachable.
Reply from xxx.yy.zzz.aaa: Destination host unreachable.
Reply from xxx.yy.zzz.aaa: Destination host unreachable.
Reply from xxx.yy.zzz.aaa: Destination host unreachable.
Reply from xxx.yy.zzz.aaa: Destination host unreachable.
 

C:\WINDOWS>ipconfig /all

Windows 98 IP Configuration

        Host Name . . . . . . . . . : my.systems.name
        DNS Servers . . . . . . . . : 206.13.31.12
                                      206.13.28.12
        Node Type . . . . . . . . . : Broadcast
        NetBIOS Scope ID. . . . . . :
        IP Routing Enabled. . . . . : No
        WINS Proxy Enabled. . . . . : No
        NetBIOS Resolution Uses DNS : Yes

0 Ethernet adapter :

        Description . . . . . . . . : PPP Adapter.
        Physical Address. . . . . . : 44-45-53-54-00-00
        DHCP Enabled. . . . . . . . : Yes
        IP Address. . . . . . . . . : 192.168.20.222
        Subnet Mask . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . :
        DHCP Server . . . . . . . . : 255.255.255.255
        Primary WINS Server . . . . :
        Secondary WINS Server . . . :
        Lease Obtained. . . . . . . : 01 01 80 12:00:00 AM
        Lease Expires . . . . . . . : 01 01 80 12:00:00 AM

1 Ethernet adapter :

        Description . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapter
        Physical Address. . . . . . : 00-A0-CC-36-72-E2
        DHCP Enabled. . . . . . . . : No
        IP Address. . . . . . . . . : 192.168.0.200
        Subnet Mask . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . : 192.168.0.254
        Primary WINS Server . . . . :
        Secondary WINS Server . . . :
        Lease Obtained. . . . . . . :
        Lease Expires . . . . . . . :

C:\WINDOWS>netstat -rn

Route Table

Active Routes:

  Network Address          Netmask  Gateway Address        Interface  Metric
          0.0.0.0          0.0.0.0    192.168.0.254    192.168.0.200       1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1       1
      192.168.0.0    255.255.255.0    192.168.0.200    192.168.0.200       1
    192.168.0.200  255.255.255.255        127.0.0.1        127.0.0.1       1
    192.168.0.255  255.255.255.255    192.168.0.200    192.168.0.200       1
     192.168.20.0    255.255.255.0   192.168.20.222   192.168.20.222       1
   192.168.20.222  255.255.255.255        127.0.0.1        127.0.0.1       1
   xxx.yy.zzz.aaa  255.255.255.255    192.168.0.254    192.168.0.200       1
        224.0.0.0        224.0.0.0    192.168.0.200    192.168.0.200       1
        224.0.0.0        224.0.0.0   192.168.20.222   192.168.20.222       1
  255.255.255.255  255.255.255.255   192.168.20.222   192.168.20.222       1
 
 

Again, any help will be greately appreciated and thanks

Brian --------------4EA6B1776E820B214D7104F1-- --------------CCCCA6DFB02C0B22BA5A6B2D Content-Type: text/x-vcard; charset=us-ascii; name="dimambro.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Brian L. DiMambro Content-Disposition: attachment; filename="dimambro.vcf" begin:vcard n:DiMambro;Brian L. tel;fax:413 tel;work:209.815.2374 x-mozilla-html:FALSE adr:;;;;;; version:2.1 email;internet:dimambro at pacbell.net fn:Brian L. DiMambro end:vcard --------------CCCCA6DFB02C0B22BA5A6B2D-- From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: 192.168.0.151 From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: I can't ping or access the local network in anyway. I've attached the files I believe are important. Hopefully someone can help me debug this. I believe I have IPForwarding on... I followed the How-To and just rpm'd a new kernal... so if the HOW-To told me to just type 'rpm -Uvvh kernal-2.2.12-20' then shouldn't that kernal include IPForwarding? Thanks for the help. -Chris Carella- ------=_NextPart_000_0029_01BFBF58.FDED0720 Content-Type: application/octet-stream; name="options" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="options" lock=0A= debug=0A= auth=0A= +chap=0A= proxyarp=0A= =0A= ------=_NextPart_000_0029_01BFBF58.FDED0720 Content-Type: application/octet-stream; name="pptpd.conf" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="pptpd.conf" #########################################################################= #######=0A= #=0A= # Sample PoPToP configuration file=0A= #=0A= # for PoPToP version 1.0.0=0A= #=0A= #########################################################################= #######=0A= =0A= # TAG: speed=0A= #=0A= # Specifies the speed for the PPP daemon to talk at.=0A= # Some PPP daemons will ignore this value.=0A= #=0A= speed 115200=0A= =0A= # TAG: option=0A= #=0A= # Specifies the location of the PPP options file.=0A= # By default PPP looks in '/etc/ppp/options'=0A= #=0A= option /etc/ppp/options=0A= =0A= # TAG: debug=0A= #=0A= # Turns on (more) debugging to syslog.=0A= #=0A= debug=0A= =0A= # TAG: localip=0A= # TAG: remoteip=0A= #=0A= # Specifies the local and remote IP address ranges.=0A= #=0A= # You can specify single IP addresses seperated by commas or you can=0A= # specify ranges, or both. For example:=0A= #=0A= # 192.168.0.234,192.168.0.245-249,192.168.0.254=0A= #=0A= # IMPORTANT RESTRICTIONS:=0A= #=0A= # 1. No spaces are permitted between commas or within addresses.=0A= #=0A= # 2. If you give more IP addresses than MAX_CONNECTIONS, it will=0A= # start at the beginning of the list and go until it gets =0A= # MAX_CONNECTIONS IPs. Others will be ignored.=0A= #=0A= # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,=0A= # you must type 234-238 if you mean this.=0A= #=0A= # 4. If you give a single localIP, that's ok - all local IPs will=0A= # be set to the given one. You MUST still give at least one remote=0A= # IP for each simultaneous client.=0A= #=0A= localip 192.168.0.234-238=0A= remoteip 192.168.0.154-158=0A= =0A= # TAG: ipxnets=0A= #=0A= # This gives the range of IPX networks to allocate to clients. By=0A= # default IPX network number allocation is not handled internally.=0A= # By putting a low and high network number here a pool of IPX networks=0A= # can be defined. If this is done then there must be one IPX network=0A= # per client.=0A= #=0A= # The format is a pair of hex numbers without any 0x prefix separated=0A= # by a hyphen.=0A= #=0A= #ipxnets 00001000-00001FFF=0A= =0A= # TAG: listen=0A= #=0A= # Defines the IP address of the local interface on which pptpd=0A= # should listen for connections. The default is to listen on all=0A= # local interfaces (even ones brought up by pptp connections, thus=0A= # permitting pptp tunnels inside the pptp tunnels).=0A= #=0A= #listen 192.168.0.151=0A= =0A= # TAG: pidfile=0A= #=0A= # This defines the file name in which pptpd should store its process=0A= # ID (or pid). The default is /var/run/pptpd.pid.=0A= #=0A= pidfile /var/run/pptpd.pid=0A= ------=_NextPart_000_0029_01BFBF58.FDED0720-- From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: gre 47 GRE # General Routing Encapsulation (name in protocols list, name on rfc1701 is Generic Routing Encapsulation) Most IP tunnels use some protocol other than TCP or UDP, simply to avoid the overheads of even UDP. GRE is lighter weight than UDP. In the case of PPTP, though, Microsoft added a completely broken congestion control algorithm that means it is no longer as lightweight as a pure GRE tunnel. However the sequencing part of the congestion control is required to implement guaranteed sequencing for the pppd (it's OK for ppp to lose packets, just like line noise on a modem line, but ppp is not designed to handle out of order packets). The "normal" use of GRE is between routers, tunnelling either 1476-byte MTU packets (14 byte overhead, prevent fragmentation on most links) or 1500-byte packets (which means you can't set the "do not fragment" flag on the actual GRE packets, and you will suffer a fragmentation penalty, but you won't die on broken TCP stacks). I'm surprised that RTP (VoIP transport) was implemented over UDP rather than as a separate protocol, as this makes the performance of VoIP that bit lower. If you want to know how much more light weight... a while 32-bit word more. Doesn't seem much? It's 15% of the headers on each packet, and then in the case of RTP you add another 12 bytes minimum. GRE: 12-bytes version, IHL, ToS, len, ID, flags, frag, TTL, prot, csum 4-byte src IP 4-byte dst IP 5-bits indicating presence of options 3-bits indicating tunnel depth permitted 5-bits flags 3-bits version (0) 2-bytes protocol being carried ============================== 24 bytes UDP: 12-bytes version, IHL, ToS, len, ID, flags, frag, TTL, prot, csum 4-byte src IP 4-byte dst IP 2-byte src port 2-byte dst port 2-byte length 2-byte checksum =============== 28 bytes (not including any options, which would add more) RTP: An example of trying to build a light-weight protocol on top of UDP, this sits on top of UDP and adds minimum 12 bytes, sometimes more, on top of the UDP header... note that in RFC793 (TCP, 1981) RTP was listed as side-by-side with TCP as a voice transport, rather than on top of UDP (not mentioned in that document). [a 1981 rfc mentioning VoIP... it's only taken almost 20 years to become viable...] Of course if you want things to be slow, you can always tunnel PPP over SSH. David. > Marcus > > Angus North schrieb: > > > > Hi everyone > > > > Just wondering - wasn't it a little silly to invent a new protocol for PPTP > > (# 47) > > given that it will be blocked by default by most firewall configurations? > > Remote users and PPTP administrators will often have no control over these > > firewalls > > e.g if an employee of company A visits company B, and whilst there, would > > like to > > connect via PPTP to company A's LAN from company B's LAN. In most > > cases,company B will not cater for PPTP, and the employee will have no > > control over company B's firewall. > > Since PPTP is all about making secure remote access easy, why not use > > unreserved TCP ports, that > > most firewalls let through? > > > > Cheers > > Angus -- ---------------------------------------------- David Luyer Senior Network Engineer Pacific Internet (Aust) Pty Ltd Phone: +61 3 9674 7525 Fax: +61 3 9699 8693 Mobile: +61 4 1064 2258, +61 4 1114 2258 http://www.pacific.net.au NASDAQ: PCNTF << fast 'n easy >> ---------------------------------------------- From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: Traceroute from host to client looks like this: >traceroute to cj369830-a.reston1.va.home.com (24.18.171.224), 30 hops max, 38 byte packets > 1 router (209.183.239.1) 0.852 ms 0.847 ms 0.815 ms > 2 25.e0b7d1.client.atlantech.net (209.183.224.37) 1373.663 ms 1824.948 ms 1697.663 ms > 3 main1-249-121.iad.above.net (209.249.121.4) 1252.968 ms * 2415.199 ms > 4 core3-main1-oc12.iad.above.net (209.249.203.57) 2306.019 ms 1641.936 ms 1917.992 ms > 5 athome-above-oc3.iad.above.net (209.249.203.82) 1891.989 ms 1672.884 ms 1596.815 ms > 6 bb1-pos2-0.pg1.md.home.net (24.7.72.58) 2051.103 ms 1566.377 ms 1788.442 ms > 7 ubr1.reston1.va.home.net (24.5.80.31) 1687.607 ms 1447.874 ms 1264.169 ms > 8 cj369830-a.reston1.va.home.com (24.18.171.224) 1229.936 ms 1004.121 ms * Can anyone suggest troubleshooting procedures to localize the dropping of GRE packets, if that's what it is? AFAIK, the router firewall is set up only to "block outgoing NetBIOS", which I presume is only outgoing packets on Ports 137 and 138 and should not affect 1723/GRE. Please feel free to try to get a password-failed login on the server (a strong password is set up). ----------- /etc/pptpd.conf: >debug >localip 10.0.0.80-89 >remoteip 10.0.0.70-79 I've also tried >localip 192.168.1.80-89 >remoteip 192.168.1.70-79 with the same local success and external failure. /etc/ppp/chap-secrets: >chris mail.ezmort.com XXXXXX * /etc/ppp/options: >lock >debug >name mail.ezmort.com >auth >+chap >+chapms >+chapms-v2 >mppe-40 >mppe-128 >mppe-stateless ># require-chap >proxyarp Logs from Error 650 session follow. Win98B client pptplog.txt: >05-18-2000 21:53:51.59 - Microsoft Dial Up Adapter log opened. >05-18-2000 21:53:51.59 - Server type is PPP (Point to Point Protocol). >05-18-2000 21:53:51.59 - FSA : Software compression disabled. >05-18-2000 21:53:51.59 - FSA : Protocol disabled by user - skipping control protocol 803f (NBFCP). >05-18-2000 21:53:51.59 - FSA : Adding Control Protocol 8021 (IPCP) to control protocol chain. >05-18-2000 21:53:51.59 - FSA : Protocol not bound - skipping control protocol 802b (IPXCP). >05-18-2000 21:53:51.59 - FSA : Adding Control Protocol c029 (CallbackCP) to control protocol chain. >05-18-2000 21:53:51.59 - FSA : Encrypted Password required. >05-18-2000 21:53:51.59 - FSA : Encrypted Password required. >05-18-2000 21:53:51.59 - FSA : Adding Control Protocol c223 (CHAP) to control protocol chain. >05-18-2000 21:53:51.59 - FSA : Adding Control Protocol c021 (LCP) to control protocol chain. >05-18-2000 21:53:51.59 - LCP : Layer started. >05-18-2000 21:53:51.59 - PPP : Transmitting Control Packet of length: 16 >05-18-2000 21:53:51.59 - Data 0000: c0 21 01 01 00 0e 05 06 | .!...... >05-18-2000 21:53:51.59 - Data 0008: 15 95 4b 57 07 02 08 02 | .KW.... >05-18-2000 21:53:54.59 - PPP : Transmitting Control Packet of length: 16 >05-18-2000 21:53:54.59 - Data 0000: c0 21 01 02 00 0e 05 06 | .!...... >05-18-2000 21:53:54.59 - Data 0008: 15 95 4b 57 07 02 08 02 | .KW.... >05-18-2000 21:53:57.59 - PPP : Transmitting Control Packet of length: 16 >05-18-2000 21:53:57.59 - Data 0000: c0 21 01 03 00 0e 05 06 | .!...... >05-18-2000 21:53:57.59 - Data 0008: 15 95 4b 57 07 02 08 02 | .KW.... >05-18-2000 21:54:00.60 - PPP : Transmitting Control Packet of length: 16 >05-18-2000 21:54:00.60 - Data 0000: c0 21 01 04 00 0e 05 06 | .!...... >05-18-2000 21:54:00.60 - Data 0008: 15 95 4b 57 07 02 08 02 | .KW.... >05-18-2000 21:54:03.60 - PPP : Transmitting Control Packet of length: 16 >05-18-2000 21:54:03.60 - Data 0000: c0 21 01 05 00 0e 05 06 | .!...... >05-18-2000 21:54:03.60 - Data 0008: 15 95 4b 57 07 02 08 02 | .KW.... >05-18-2000 21:54:06.60 - PPP : Transmitting Control Packet of length: 16 >05-18-2000 21:54:06.60 - Data 0000: c0 21 01 06 00 0e 05 06 | .!...... >05-18-2000 21:54:06.60 - Data 0008: 15 95 4b 57 07 02 08 02 | .KW.... >05-18-2000 21:54:09.60 - PPP : Transmitting Control Packet of length: 16 >05-18-2000 21:54:09.60 - Data 0000: c0 21 01 07 00 0e 05 06 | .!...... >05-18-2000 21:54:09.60 - Data 0008: 15 95 4b 57 07 02 08 02 | .KW.... >05-18-2000 21:54:12.60 - PPP : Transmitting Control Packet of length: 16 >05-18-2000 21:54:12.60 - Data 0000: c0 21 01 08 00 0e 05 06 | .!...... >05-18-2000 21:54:12.60 - Data 0008: 15 95 4b 57 07 02 08 02 | .KW.... >05-18-2000 21:54:15.60 - PPP : Transmitting Control Packet of length: 16 >05-18-2000 21:54:15.60 - Data 0000: c0 21 01 09 00 0e 05 06 | .!...... >05-18-2000 21:54:15.60 - Data 0008: 15 95 4b 57 07 02 08 02 | .KW.... >05-18-2000 21:54:18.60 - PPP : Transmitting Control Packet of length: 16 >05-18-2000 21:54:18.60 - Data 0000: c0 21 01 0a 00 0e 05 06 | .!...... >05-18-2000 21:54:18.60 - Data 0008: 15 95 4b 57 07 02 08 02 | .KW.... >05-18-2000 21:54:21.60 - LCP : Layer finished. >05-18-2000 21:54:21.61 - Remote access driver is shutting down. >05-18-2000 21:54:21.61 - CRC Errors 0 >05-18-2000 21:54:21.61 - Timeout Errors 0 >05-18-2000 21:54:21.61 - Alignment Errors 0 >05-18-2000 21:54:21.61 - Overrun Errors 0 >05-18-2000 21:54:21.61 - Framing Errors 0 >05-18-2000 21:54:21.61 - Buffer Overrun Errors 0 >05-18-2000 21:54:21.61 - Incomplete Packets 0 >05-18-2000 21:54:21.61 - Bytes Received 0 >05-18-2000 21:54:21.61 - Bytes Transmittted 180 >05-18-2000 21:54:21.61 - Frames Received 0 >05-18-2000 21:54:21.61 - Frames Transmitted 10 >05-18-2000 21:54:21.61 - LCP : Layer started. >05-18-2000 21:54:21.61 - Microsoft Dial Up Adapter log closed. /var/log/messages: >May 18 21:53:17 linux syslogd 1.3-3: restart. >May 18 21:53:41 linux dhcpd: DHCPACK on 10.0.0.202 to 00:40:05:41:5a:3d via eth0 >May 18 21:53:54 linux pptpd[2574]: CTRL: Client 24.18.171.224 control connection started >May 18 21:53:54 linux pptpd[2574]: CTRL: Starting call (launching pppd, opening GRE) >May 18 21:53:55 linux pppd[2575]: pppd 2.3.10 started by root, uid 0 >May 18 21:53:55 linux pppd[2575]: Using interface ppp0 >May 18 21:53:55 linux pppd[2575]: Connect: ppp0 <--> /dev/pts/1 >May 18 21:54:25 linux pptpd[2574]: CTRL: Error with select(), quitting >May 18 21:54:25 linux pptpd[2574]: CTRL: Client 24.18.171.224 control connection finished >May 18 21:54:25 linux pppd[2575]: Modem hangup >May 18 21:54:25 linux pppd[2575]: Connection terminated. >May 18 21:54:25 linux pppd[2575]: Exit. /var/log/pptpd.log: >May 18 21:53:54 linux pptpd[2574]: CTRL: local address = 192.168.1.81 >May 18 21:53:54 linux pptpd[2574]: CTRL: remote address = 192.168.1.71 >May 18 21:53:54 linux pptpd[2574]: CTRL: Client 24.18.171.224 control connection started >May 18 21:53:54 linux pptpd[2574]: CTRL: Received PPTP Control Message (type: 1) >May 18 21:53:54 linux pptpd[2574]: CTRL: Made a START CTRL CONN RPLY packet >May 18 21:53:54 linux pptpd[2574]: CTRL: I wrote 156 bytes to the client. >May 18 21:53:54 linux pptpd[2574]: CTRL: Sent packet to client >May 18 21:53:54 linux pptpd[2574]: CTRL: Received PPTP Control Message (type: 7) >May 18 21:53:54 linux pptpd[2574]: CTRL: Set parameters to 0 maxbps, 16 window size >May 18 21:53:54 linux pptpd[2574]: CTRL: Made a OUT CALL RPLY packet >May 18 21:53:54 linux pptpd[2574]: CTRL: Starting call (launching pppd, opening GRE) >May 18 21:53:54 linux pptpd[2574]: CTRL: pty_fd = 4 >May 18 21:53:54 linux pptpd[2574]: CTRL: tty_fd = 5 >May 18 21:53:54 linux pptpd[2574]: CTRL: I wrote 32 bytes to the client. >May 18 21:53:54 linux pptpd[2574]: CTRL: Sent packet to client >May 18 21:53:54 linux pptpd[2575]: CTRL (PPPD Launcher): Connection speed = 115200 >May 18 21:53:54 linux pptpd[2575]: CTRL (PPPD Launcher): local address = 192.168.1.81 >May 18 21:53:54 linux pptpd[2575]: CTRL (PPPD Launcher): remote address = 192.168.1.71 >May 18 21:54:25 linux pptpd[2574]: CTRL: Received PPTP Control Message (type: 12) >May 18 21:54:25 linux pptpd[2574]: CTRL: Made a CALL DISCONNECT RPLY packet >May 18 21:54:25 linux pptpd[2574]: CTRL: Received CALL CLR request (closing call) >May 18 21:54:25 linux pptpd[2574]: CTRL: I wrote 148 bytes to the client. >May 18 21:54:25 linux pptpd[2574]: CTRL: Sent packet to client >May 18 21:54:25 linux pptpd[2574]: CTRL: Error with select(), quitting >May 18 21:54:25 linux pptpd[2574]: CTRL: Client 24.18.171.224 control connection finished >May 18 21:54:25 linux pptpd[2574]: CTRL: Exiting now /var/log/pptpd.log if I telnet to mail.ezmort.com:1723; drops after any two chars sent: >May 18 22:05:54 linux pptpd[2628]: MGR: Launching /usr/sbin/pptpctrl to handle client >May 18 22:05:54 linux pptpd[2628]: CTRL: local address = 10.0.0.81 >May 18 22:05:54 linux pptpd[2628]: CTRL: remote address = 10.0.0.71 >May 18 22:05:54 linux pptpd[2628]: CTRL: Client 24.18.171.224 control connection started >May 18 22:05:57 linux pptpd[2628]: CTRL: Incomplete ctrl packet length, retry later >May 18 22:05:57 linux pptpd[2628]: CTRL: PPTP Control Message type -1073742884 not supported. >May 18 22:05:59 linux pptpd[2628]: CTRL: Read in previous incomplete ctrl packet >May 18 22:05:59 linux pptpd[2628]: CTRL: Control packet > PPTP_MAX_CTRL_PCKT_SIZE (length = 27243) >May 18 22:05:59 linux pptpd[2628]: CTRL: couldn't read packet header (exit) >May 18 22:05:59 linux pptpd[2628]: CTRL: CTRL read failed >May 18 22:05:59 linux pptpd[2628]: CTRL: Client 24.18.171.224 control connection finished >May 18 22:05:59 linux pptpd[2628]: CTRL: Exiting now >May 18 22:05:59 linux pptpd[2615]: MGR: Reaped child 2628 From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: with 128-mppe encryp. and have NT/98 clients connecting seamlessly. I thank you all for your help. I am trying something else out as well: I have the linux pptp client and I am, trying to connect to an NT PPTP server running 128bit encryption. I keep getting "peer refused to authenticate" even though I am specifying noauth in the options and the command line when launching the pptp client. Anyone have any ideas on this one? Thanks, Jeff From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: with 128-mppe encryp. and have NT/98 clients connecting seamlessly. I thank you all for your help. I am trying something else out as well: I have the linux pptp client and I am, trying to connect to an NT PPTP server running 128bit encryption. I keep getting "peer refused to authenticate" even though I am specifying noauth in the options and the command line when launching the pptp client. Anyone have any ideas on this one? Thanks, Jeff _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: PPTP with 128-mppe encryp. and have NT/98 clients connecting seamlessly. I thank you all for your help. I am trying something else out as well: I have the linux pptp client and I am, trying to connect to an NT PPTP server running 128bit encryption. I keep getting "peer refused to authenticate" even though I am specifying noauth in the options and the command line when launching the pptp client. Anyone have any ideas on this one? Thanks, Jeff _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From champ at vistech.net Sun Jul 8 18:14:56 2012 From: champ at vistech.net (Champ Clark III) Date: Tue, 6 Jun 100 16:31:27 -0400 (EDT) Subject: [pptp-server] "couldn't read packet header". Message-ID: <200006062031.QAA00176@44mag.vistech.net> I've installed poptop at a couple of sights, and its really worked well for me. I've run into a new error, that haven't encountered, and just wondered if anyone else has seen this one. The error occurs even if nobody is logged into the VPN. Users that do login remain connected for about 5 minutes, then it drops. Syslog continuely reports the following: Jun 6 16:03:36 fblx pptpd[2532]: CTRL: couldn't read packet header (exit) Jun 6 16:03:36 fblx pptpd[2532]: CTRL: EOF or bad error reading ctrl packet length. As I said, no matter if a user is connected or not, this error is generated 24/7. Nothing terrible special about the configuration, but I can include the configurations files if need be. - Champ Clark III Vistech Communications, Inc From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: works fine (and you are authenticated), check the /var/log/messages for entries: Jun 12 01:40:44 hostname pppd[569]: MSCHAP-v2 peer authentication succeeded for Jun 12 01:40:44 hostname pppd[569]: MPPE 128 bit, stateless compression enabled NOTE: If you don't have 'strong encryption pack' for Windows, it will report "MPPE 40 bit, stateless compression enabled". From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: ... 06-26-2000 11:46:20.94 - CHAP : Layer up. 06-26-2000 11:46:20.94 - FSA : No net control protocols started. ... From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: ... 06-26-2000 11:56:19.34 - CHAP : Layer up. 06-26-2000 11:56:19.34 - IPCP : Layer started. 06-26-2000 11:56:19.34 - IPCP : IP address is 0. ... From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: and connect to multiple domains.:) Mike > > Well I hope someone corrects me if I'm wrong on this, but here goes. > > As I understand it domain logins do work. At least they seem to work for me. > > I have chap-secrets set up like this (and nothing else, contrary to the > docs...) > > remote * pass * > > and options like this > > debug > auth > remotename remote > require-chap > proxyarp > +chapms-v2 > +chapms > mppe-40 > mppe-128 > mppe-stateless > ms-wins 192.168.0.6 > ms-dns 192.168.0.6 > lock > > The debug messages (I turned on verbose) indicate that the login name > entered into Windows DUN VPN dialup entry is being passed to the PPTP > client. > > Thus if the Windows DUN entry has; username: admin password: pass > > "admin" is suffixed onto the name of the DOMAIN the remote client belongs to > (when you created the DUN entry) and then passed to the PPTP client... supposing > that in this case the domain is called "Mydomain"... > > The debug logs show that pptp receives Mydomain\\admin which is used to > authenticate the client. This also supposedly gets passed onto the domain > controller when ppp is brought up. > > Thus because the name of the remote client is "forced" in the option file, > it does not matter what it's called. > > However the password (in this case "pass") is getting picked up from the > chap-secrets file, and NOT by what the user types in... (I've tried "*" in > the password field, which does not work from me...). > > By making the two the same as what the domain is expecting for the user, you get > a domain logon. > > I've also enabled "network logon" in the DUN entry. > > It -SEEMS- to work, as I can attach to any shares, and I seem to have the > correct permissions. > > I can also browse the remote network... BUT here is the caveat with this. > > The Windows CLIENT machine -MUST- have originally been set up to belong to > the SAME domain as the one you are trying to connect to... at the time > Networking was first installed. > > If you enter another domain, switch it to the correct one, then set up > DUN... you'll never see the remote shares! > > To fix this you must remove ALL networking components in Windows (including > protocol.* files in the C:\Windows directory) then re-install everything, > specifying the appropriate domain name. > > If you do this browsing works! > > I've gone as far as checking to see what is happening in the registry... > among other things windows INCLUDES the original domain name in the registry > entry created for the DUN... even if you have changed it! > > This in turn gets passed to the remote PDC. Since it sees that your machine is > not a member of your domain, you do not see the shares. > > Fixing the DUN entry in the registry (which I've done) is not enough of > itself to browse the remote LAN... > > You must do what I mentioned before, deleting all Networking setups, and > then re-install (after a reboot, this is windows folks...) using the correct > domain name. > > Finally set up your dun entries. Doing things this way, always gets me the > browse lists off the remote LAN. > > If you then change the client's domain membership, you start all over > again... and you have to fix it again... though you DO seem able to merely > switch the domain name to get VPN working properly... > > > > > > > --__--__-- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > End of pptp-server Digest_______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: w2k machine, otherwise you would get an error message saying: Jul 12 10:23:53 htcengineers pppd[752]: No CHAP secret found for authenticating domain\\billy which means that your chap-secret file should contain the following entry: billy * password * that should do the trick. if you had seen in the log file a domain name sent together with the username to the pptp server, you would need: domain\\billy * password * Hope it helps... lemme know Cheers, Patrick ================ Waleed Alrawi wrote: > Hi > > I went through all the how-to, still I am not sure what is the problem, I > was able to get pptpd serves up on the Linux box but have not been able to > connect using w2k box!!!! any ideas > > the chap-secret file format is not clear, specially the domain is that local > to the Linux box domain since I am running a Linux box as a server. > Thanks > > the following is partial out put of /var/log/messages > > Jul 12 10:23:51 htcengineers pppd[752]: Connect: ppp0 <--> /dev/pts/1 > Jul 12 10:23:51 htcengineers pptpd[751]: GRE: Discarding duplicate packet > Jul 12 10:23:53 htcengineers pptpd[751]: CTRL: Ignored a SET LINK INFO > packet with real ACCMs! > Jul 12 10:23:53 htcengineers pppd[752]: No CHAP secret found for > authenticating billy > Jul 12 10:23:53 htcengineers pppd[752]: CHAP peer authentication failed for > remote host billy > Jul 12 10:23:53 htcengineers pptpd[751]: CTRL: Ignored a SET LINK INFO > packet with real ACCMs! > Jul 12 10:23:53 htcengineers pppd[752]: Connection terminated. > Jul 12 10:23:53 htcengineers pppd[752]: Exit. > Jul 12 10:23:53 htcengineers pptpd[751]: GRE: > read(fd=4,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = > Input/output error > Jul 12 10:23:53 htcengineers pptpd[751]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jul 12 10:23:53 htcengineers pptpd[751]: CTRL: Client 192.168.1.2 control > connection finished > Jul 12 10:27:25 htcengineers pptpd[753]: CTRL: Client 192.168.1.2 control > connection started > Jul 12 10:27:27 htcengineers pptpd[753]: CTRL: Starting call (launching > pppd, opening GRE) > Jul 12 10:27:27 htcengineers pppd[754]: pppd 2.3.11 started by root, uid 0 > Jul 12 10:27:27 htcengineers pppd[754]: Using interface ppp0 > Jul 12 10:27:27 htcengineers pppd[754]: Connect: ppp0 <--> /dev/pts/1 > Jul 12 10:27:27 htcengineers pptpd[753]: GRE: Discarding duplicate packet > Jul 12 10:27:29 htcengineers pptpd[753]: CTRL: Ignored a SET LINK INFO > packet with real ACCMs! > Jul 12 10:27:29 htcengineers pppd[754]: No CHAP secret found for > authenticating SERVERNAME\\billy > Jul 12 10:27:29 htcengineers pppd[754]: CHAP peer authentication failed for > remote host SERVERNAME\\billy > Jul 12 10:27:29 htcengineers pptpd[753]: CTRL: Ignored a SET LINK INFO > packet with real ACCMs! > Jul 12 10:27:29 htcengineers pppd[754]: Connection terminated. > Jul 12 10:27:29 htcengineers pppd[754]: Exit. > Jul 12 10:27:29 htcengineers pptpd[753]: GRE: > read(fd=4,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = > Input/output error > Jul 12 10:27:29 htcengineers pptpd[753]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jul 12 10:27:29 htcengineers pptpd[753]: CTRL: Client 192.168.1.2 control > connection finished > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! --------------C2B5C7EEDF9528C97AB0A3F8 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Hey!

From what I can see, no domain name is being given to your pptp server by your w2k machine, otherwise you would get an error message saying:

Jul 12 10:23:53 htcengineers pppd[752]: No CHAP secret found for authenticating domain\\billy

which means that your chap-secret file should contain the following entry:

billy * password *

that should do the trick.
 

if you had seen in the log file a domain name sent together with the username to the pptp server, you would need:

domain\\billy * password *

Hope it helps... lemme know

Cheers,

Patrick

================

Waleed Alrawi wrote:

Hi

I went through all the how-to, still I am not sure what is the problem, I
was able to get pptpd serves up on the Linux box but have not been able to
connect using w2k box!!!! any ideas

the chap-secret file format is not clear, specially the domain is that local
to the Linux box domain since I am running a Linux box as a server.
Thanks

the following is partial out put of /var/log/messages

Jul 12 10:23:51 htcengineers pppd[752]: Connect: ppp0 <--> /dev/pts/1
Jul 12 10:23:51 htcengineers pptpd[751]: GRE: Discarding duplicate packet
Jul 12 10:23:53 htcengineers pptpd[751]: CTRL: Ignored a SET LINK INFO
packet with real ACCMs!
Jul 12 10:23:53 htcengineers pppd[752]: No CHAP secret found for
authenticating billy
Jul 12 10:23:53 htcengineers pppd[752]: CHAP peer authentication failed for
remote host billy
Jul 12 10:23:53 htcengineers pptpd[751]: CTRL: Ignored a SET LINK INFO
packet with real ACCMs!
Jul 12 10:23:53 htcengineers pppd[752]: Connection terminated.
Jul 12 10:23:53 htcengineers pppd[752]: Exit.
Jul 12 10:23:53 htcengineers pptpd[751]: GRE:
read(fd=4,buffer=804d7c0,len=8196) from PTY failed: status = -1 error =
Input/output error
Jul 12 10:23:53 htcengineers pptpd[751]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
Jul 12 10:23:53 htcengineers pptpd[751]: CTRL: Client 192.168.1.2 control
connection finished
Jul 12 10:27:25 htcengineers pptpd[753]: CTRL: Client 192.168.1.2 control
connection started
Jul 12 10:27:27 htcengineers pptpd[753]: CTRL: Starting call (launching
pppd, opening GRE)
Jul 12 10:27:27 htcengineers pppd[754]: pppd 2.3.11 started by root, uid 0
Jul 12 10:27:27 htcengineers pppd[754]: Using interface ppp0
Jul 12 10:27:27 htcengineers pppd[754]: Connect: ppp0 <--> /dev/pts/1
Jul 12 10:27:27 htcengineers pptpd[753]: GRE: Discarding duplicate packet
Jul 12 10:27:29 htcengineers pptpd[753]: CTRL: Ignored a SET LINK INFO
packet with real ACCMs!
Jul 12 10:27:29 htcengineers pppd[754]: No CHAP secret found for
authenticating SERVERNAME\\billy
Jul 12 10:27:29 htcengineers pppd[754]: CHAP peer authentication failed for
remote host SERVERNAME\\billy
Jul 12 10:27:29 htcengineers pptpd[753]: CTRL: Ignored a SET LINK INFO
packet with real ACCMs!
Jul 12 10:27:29 htcengineers pppd[754]: Connection terminated.
Jul 12 10:27:29 htcengineers pppd[754]: Exit.
Jul 12 10:27:29 htcengineers pptpd[753]: GRE:
read(fd=4,buffer=804d7c0,len=8196) from PTY failed: status = -1 error =
Input/output error
Jul 12 10:27:29 htcengineers pptpd[753]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
Jul 12 10:27:29 htcengineers pptpd[753]: CTRL: Client 192.168.1.2 control
connection finished

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!

--------------C2B5C7EEDF9528C97AB0A3F8-- From bogus@does.not.exist.com Sun Jul 8 18:14:56 2012 From: bogus@does.not.exist.com () Date: Sun, 08 Jul 2012 23:14:56 -0000 Subject: No subject Message-ID: send packets, receive packets, but after a variable period of time. I stop getting packets back. The last messages in /var/log/debug.log (where I put the debug info) are all of the form: