Re: pptpd problems

To: <debian-firewall@lists.debian.org>
Subject: Re: pptpd problems
From: Tzafrir Cohen <tzafrir@technion.ac.il>
Date: Fri, 31 Aug 2001 08:40:23 +0300 (IDT)
Message-id: <[🔎] Pine.GSO.4.33_heb2.09.0108310813480.1730-100000@techunix.technion.ac.il>
In-reply-to: <[🔎] Pine.GSO.4.33_heb2.09.0108301011300.12775-100000@techunix.technion.ac.il>
OK. Got this tip in private mail:

  Add the following to /etc/modules.conf

  alias ppp-compress-18 ppp_mppe

  it works for me.

Thanks. It also worked for me. What I'm trying to figure out is why.
Does MS really consider mppe some sort of compression?

I still can't get the routing working properly...

On Thu, 30 Aug 2001, Tzafrir Cohen wrote:

> Hi
>
> A third post, but I still can't make things work properly:
>
> On Wed, 29 Aug 2001, Tzafrir Cohen wrote:
>
> > On Wed, 29 Aug 2001, Tzafrir Cohen wrote:
> >
> > > Hi
> > >
> > > I'm trying to set up pptpd on a woody system to enable MS clients to
> > > connect. I wanted to enable the ssl-mppe patch. Generally I needed to
> > > patch the kernel a bit, and to patch the ppp package (patching pppd with
> > > ppp-2.4.1-openssl-0.9.6-mppe-patch.gz was not entirely trivial, as I also
> > > needed to remove one of the patches of the original debian package - patch
> > > 003 (bppc or something similar)). I must say, though, that applying
> > > patches to packages sees to involve a bit less black magic than applying
> > > patches to RPM packages.
> > >
> > > I got an errormessage about not being able to load module
> > > 'char-major-108' . I saw that there is an alias of 'char-major-108' to
> > > 'ppp_generic'. However, I could not figure out what 'ppp_generic' is.
> > > further aliasing 'ppp_generic' to 'ppp' seems to have allowed this module
> > > to load, but I'm not really sure that this is a smart move.
> > >
> > > I'm currently trying to figure out exactly what I need towrite in the
> > > pptpd_options file and how I need to configure the clients.
> > >
> >
> > [syslog snipped]
> >
> > > What bothers me here is that I can't see anything from pppd in the logs. I have
> > > 'debug' set in pptpd-options . Even if I run 'pppd debug' (as root') I get
> > > a couple of lines of garbage, but I see nothing in this log. Yet the man
> > > page claims that pppd debugging goes to syslog as deamon.debug . What am I
> > > doing wrong here?
> >
> > Sorry, I needed to read README.Debian to see that ppd logging is logged as
> > local2 , so currently my syslog entry has 'local2,daemon.=debug'
> >
> > I needed some more messing (it turns out some things weren't installed
> > properly) but pptp now works. I'll just have to see how to fit it into the
> > packet-filtering rules...
>
> * Is there anything else I need to do, besides enabling "ip_forward" to be
> able to route packets through the ppp interface? I can ping from a windows
> client to the server's interface, but I can't seem to connect any further.
>
> Running 'ipconfig' on the windows client I see that the gateway's IP
> address is the same as the "VPN adapter"'s IP address.
>
> * I can't get "encryption" to work. When I tried using a plain win98,
> enabling "software compression" would have resulten in an established
> connection, but no data transfered.
> I have download MS's latest update (DUN14-98 - Dial-Up Networking 1.4 for
> win98. Supposed to give 128bit encryption), and now it doesn't even
> establish a connection.
>
> After applying DUN14 I was also able to use "software compression", which
> I was not able to use before.
>
> Relevant modules that are loaded when a connection is active:
> ppp_deflate          39456   1 (autoclean)
> bsd_comp              3936   0 (autoclean)
> ppp                  20048   2 (autoclean) [ppp_deflate bsd_comp]
> slhc                  4304   0 (autoclean) [ppp]
>
> ppp_mppe is also availble and can be loaded by 'modprobe ppp_mppe' .
> Should I give it some alias? (I don't see an error about a module failing
> to load).
>
> Here is the log (with failed encryption):
> Aug 30 10:36:50 naftali pppd[5944]: rcvd [LCP TermReq id=0x2]
> Aug 30 10:36:50 naftali pppd[5944]: Script /etc/ppp/ip-down started (pid 5972)
> Aug 30 10:36:50 naftali pppd[5944]: sent [LCP TermAck id=0x2]
> Aug 30 10:36:50 naftali pptpd[5943]: CTRL: Received PPTP Control Message (type: 12)
> Aug 30 10:36:50 naftali pptpd[5943]: CTRL: Made a CALL DISCONNECT RPLY packet
> Aug 30 10:36:50 naftali pptpd[5943]: CTRL: Received CALL CLR request (closing call)
> Aug 30 10:36:50 naftali pptpd[5943]: CTRL: I wrote 148 bytes to the client.
> Aug 30 10:36:50 naftali pptpd[5943]: CTRL: Sent packet to client
> Aug 30 10:36:50 naftali pptpd[5943]: CTRL: Exiting now
> Aug 30 10:36:50 naftali pptpd[5688]: MGR: Reaped child 5943
> Aug 30 10:36:50 naftali pppd[5944]: Waiting for 1 child processes...
> Aug 30 10:36:50 naftali pppd[5944]: script /etc/ppp/ip-down, pid 5972
> Aug 30 10:36:50 naftali pppd[5944]: Script /etc/ppp/ip-down finished (pid 5972), status = 0x0
> Aug 30 10:36:52 naftali pptpd[5992]: MGR: Launching /usr/sbin/pptpctrl to handle client
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: local address = 192.168.8.254
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: remote address = 192.168.8.2
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: pppd speed = 115200
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: pppd options file = /etc/ppp/pptpd-options
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: Received PPTP Control Message (type: 1)
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: Made a START CTRL CONN RPLY packet
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: I wrote 156 bytes to the client.
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: Sent packet to client
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: Received PPTP Control Message (type: 7)
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: Set parameters to 0 maxbps, 16 window size
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: Made a OUT CALL RPLY packet
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: pty_fd = 5
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: tty_fd = 6
> Aug 30 10:36:52 naftali pptpd[5993]: CTRL (PPPD Launcher): Connection speed = 115200
> Aug 30 10:36:52 naftali pptpd[5993]: CTRL (PPPD Launcher): local address = 192.168.8.254
> Aug 30 10:36:52 naftali pptpd[5993]: CTRL (PPPD Launcher): remote address = 192.168.8.2
> Aug 30 10:36:52 naftali pptpd[5992]: CTRL: I wrote 32 bytes to the client.
> Aug 30 10:36:53 naftali pptpd[5992]: CTRL: Sent packet to client
> Aug 30 10:36:53 naftali pppd[5993]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap 81> <magic 0xa0e10aa8> <pcomp> <accomp>]
> Aug 30 10:36:53 naftali pppd[5993]: rcvd [LCP ConfReq id=0x1 <magic 0x215b72> <pcomp> <accomp>]
> Aug 30 10:36:53 naftali pppd[5993]: sent [LCP ConfAck id=0x1 <magic 0x215b72> <pcomp> <accomp>]
> Aug 30 10:36:53 naftali pppd[5993]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap 81> <magic 0xa0e10aa8> <pcomp> <accomp>]
> Aug 30 10:36:53 naftali pppd[5993]: sent [LCP EchoReq id=0x0 magic=0xa0e10aa8]
> Aug 30 10:36:53 naftali pppd[5993]: sent [CHAP Challenge id=0x1 <0df9b0fef5df625082010e14d7582c6a>, name = "naftali"]
> Aug 30 10:36:53 naftali pppd[5993]: rcvd [LCP EchoRep id=0x0magic=0x215b72]
> Aug 30 10:36:53 naftali pppd[5993]: rcvd [CHAP Response id=0x1 <189d0798df9a33047a18b69ed04c5b5c00000000000000008e08983dc667b56c64d0df2513b9621109c952c4d8ac42fc04>, name = "yedida"]
> Aug 30 10:36:53 naftali pppd[5993]: sent [CHAP Successid=0x1 "S=235784DCBD39959D77CE46D2F75C29E1E85E5C82"]
> Aug 30 10:36:53 naftali pppd[5993]: sent [IPCP ConfReq id=0x1 <addr 192.168.8.254> <compress VJ 0f 01>]
> Aug 30 10:36:53 naftali pppd[5993]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <mppe 1 0 0 60> <bsd v1 15>]
> Aug 30 10:36:53 naftali pppd[5993]: rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
> Aug 30 10:36:53 naftali pppd[5993]: sent [IPCP ConfNak id=0x1 <addr 192.168.8.2> <ms-dns1 192.168.1.200> <ms-wins 192.168.1.200> <ms-dns3 192.168.1.200> <ms-wins 192.168.1.200>]
> Aug 30 10:36:53 naftali pppd[5993]: sent [CCP ConfNak id=0x1 <mppe 1 0 0 60>]
> Aug 30 10:36:53 naftali pppd[5993]: rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
> Aug 30 10:36:53 naftali pppd[5993]: sent [IPCP ConfReq id=0x2 <addr 192.168.8.254>]
> Aug 30 10:36:53 naftali pppd[5993]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
> Aug 30 10:36:53 naftali pppd[5993]: sent [CCP ConfReq id=0x2 <mppe 1 0 0 60>]
> Aug 30 10:36:53 naftali pppd[5993]: rcvd [IPCP ConfReq id=0x2 <addr 192.168.8.2> <ms-dns1 192.168.1.200> <ms-wins 192.168.1.200> <ms-dns3 192.168.1.200> <ms-wins 192.168.1.200>]
> Aug 30 10:36:53 naftali pppd[5993]: sent [IPCP ConfAck id=0x2 <addr 192.168.8.2> <ms-dns1 192.168.1.200> <ms-wins 192.168.1.200> <ms-dns3 192.168.1.200> <ms-wins 192.168.1.200>]
> Aug 30 10:36:53 naftali pppd[5993]: rcvd [CCP ConfReq id=0x2 <mppe 1 0 0 40>]
> Aug 30 10:36:53 naftali pppd[5993]: sent [CCP ConfRej id=0x2 <mppe 1 0 0 40>]
> Aug 30 10:36:53 naftali pppd[5993]: rcvd [IPCP ConfAck id=0x2 <addr 192.168.8.254>]
> Aug 30 10:36:54 naftali pppd[5993]: Script /etc/ppp/ip-up started (pid 5995)
> Aug 30 10:36:54 naftali pppd[5993]: rcvd [CCP ConfNak id=0x2 <mppe 1 0 0 40>]
> Aug 30 10:36:54 naftali pppd[5993]: sent [CCP ConfReq id=0x3]
> Aug 30 10:36:54 naftali pppd[5993]: rcvd [CCP ConfReq id=0x3]
> Aug 30 10:36:54 naftali pppd[5993]: sent [CCP ConfAck id=0x3]
> Aug 30 10:36:54 naftali pppd[5993]: rcvd [CCP ConfAck id=0x3]
> Aug 30 10:36:54 naftali pppd[5993]: rcvd [CCP TermReq id=0x4]
> Aug 30 10:36:54 naftali pppd[5993]: sent [CCP TermAck id=0x4]
> Aug 30 10:36:55 naftali pppd[5993]: Script /etc/ppp/ip-up finished (pid 5995), status = 0x0
> Aug 30 10:36:57 naftali pppd[5993]: sent [CCP ConfReq id=0x3]
> Aug 30 10:36:57 naftali pppd[5993]: rcvd [CCP TermAck id=0x3]
> Aug 30 10:36:58 naftali pppd[5993]: rcvd [LCP TermReq id=0x2]
> Aug 30 10:36:58 naftali pppd[5993]: Script /etc/ppp/ip-down started (pid 6018)
> Aug 30 10:36:58 naftali pppd[5993]: sent [LCP TermAck id=0x2]
> Aug 30 10:36:58 naftali pptpd[5992]: CTRL: Received PPTP Control Message (type: 12)
> Aug 30 10:36:58 naftali pptpd[5992]: CTRL: Made a CALL DISCONNECT RPLY packet
> Aug 30 10:36:58 naftali pptpd[5992]: CTRL: Received CALL CLR request (closing call)
> Aug 30 10:36:58 naftali pptpd[5992]: CTRL: I wrote 148 bytes to the client.
> Aug 30 10:36:58 naftali pptpd[5992]: CTRL: Sent packet to client
> Aug 30 10:36:58 naftali pptpd[5992]: CTRL: Exiting now
> Aug 30 10:36:58 naftali pptpd[5688]: MGR: Reaped child 5992
> Aug 30 10:36:58 naftali pppd[5993]: Waiting for 1 child processes...
> Aug 30 10:36:58 naftali pppd[5993]: script /etc/ppp/ip-down, pid 6018
> Aug 30 10:36:59 naftali pppd[5993]: Script /etc/ppp/ip-down finished (pid 6018), status = 0x0
>
> (f the chap secret can be guessed from here: don't bother, it is 'secret')
>
>
>
> /etc/pptp.conf (without some comments and empty lines)
>
> --------------
> speed 115200
> option /etc/ppp/pptpd-options
> debug
> localip 192.168.8.254
> #localip 192.168.9.1-50
> remoteip 192.168.8.1-50
> --------------
>
>
> The address of the ethernet interface of this machine is 192.168.1.250
> (I'm still using a test machine with one ethernet adapter)
>
> My pptpd-options file:
> --------------
> debug
> name naftali
> domain gadot
>
> auth
> #require-chap
> #require-chapms
> require-chapms-v2
> #+chap
> #+chapms
> +chapms-v2
> mppe-40
> mppe-128
> mppe-stateless
>
> ms-dns 192.168.1.200
> ms-wins 192.168.1.200
> netmask 255.255.255.0
>
> #nodefaultroute
> proxyarp
> lock
> --------------
>
>
>
>

-- 
Tzafrir Cohen
mailto:tzafrir@technion.ac.il
http://www.technion.ac.il/~tzafrir
Reply to:
References:
- Re: pptpd problems
  - From: Tzafrir Cohen <tzafrir@technion.ac.il>
Prev by Date: Question about Netfilter and Connection tracking
Next by Date: Re: Request For Information
Previous by thread: Re: pptpd problems
Next by thread: PPTP and IPchains
Index(es):
- Date
- Thread