| View previous topic :: View next topic |
| Author |
Message |
The Mad Crapper
Apprentice
Joined: 08 Aug 2005
Posts: 156
|
 Posted: Tue Dec 27, 2005 6:38 am Post subject: |
 |
|
I can't connect. I have tried to make this work on 3 different Gentoo machines, and i am tired of fighting with it.. Please help!
when i run
| Code: |
pon sonlight debug dump logfd 2 nodetach
|
i get
| Code: |
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.sonlight)
name myDOMAIN\\mySN # (from /etc/ppp/peers/sonlight)
remotename sonlight # (from /etc/ppp/peers/sonlight)
# (from /etc/ppp/options.sonlight)
pty pptp 69.15.62.54 --nolaunchpppd # (from /etc/ppp/peers/sonlight)
mru 1000 # (from /etc/ppp/options.sonlight)
mtu 1000 # (from /etc/ppp/options.sonlight)
lcp-echo-failure 10 # (from /etc/ppp/options.sonlight)
lcp-echo-interval 10 # (from /etc/ppp/options.sonlight)
ipparam sonlight # (from /etc/ppp/peers/sonlight)
nobsdcomp # (from /etc/ppp/options.sonlight)
nodeflate # (from /etc/ppp/options.sonlight)
mppe xxx # [don't know how to print value] # (from /etc/ppp/options.sonlight)
using channel 12
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x466162ef> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x79423b3b> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:a5.5b.8b.80.5c.4a.49.b9.8e.18.c3.e8.0d.5c.0f.c5.00.00.00.00]> < 17 04 00 6b>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 00 6b>]
rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x466162ef> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x79423b3b> <pcomp> <accomp> <endpoint [local:a5.5b.8b.80.5c.4a.49.b9.8e.18.c3.e8.0d.5c.0f.c5.00.00.00.00]>]
sent [LCP ConfAck id=0x1 <mru 1400> <auth eap> <magic 0x79423b3b> <pcomp> <accomp> <endpoint [local:a5.5b.8b.80.5c.4a.49.b9.8e.18.c3.e8.0d.5c.0f.c5.00.00.00.00]>]
sent [LCP EchoReq id=0x0 magic=0x466162ef]
rcvd [EAP Request id=0x13 Identity <No message>]
sent [EAP Response id=0x13 Identity <Name "myDOMAIN\\mySN">]
rcvd [LCP TermReq id=0x3 "yB;;\000<\37777777715t\000\000\002\37777777663"]
LCP terminated by peer (yB;;^@<M-Mt^@^@^BM-3)
sent [LCP TermAck id=0x3]
Connection terminated.
Waiting for 1 child processes...
script pptp myServerIP --nolaunchpppd, pid 8576
Script pptp myServerIP --nolaunchpppd finished (pid 8576), status = 0x0
|
I have been having a hard time finding any info on the 'LCP terminated by peer' error...
This is the howto i used http://gentoo-wiki.com/HOWTO_PPTP_VPN_client_(Microsoft-compatible_with_mppe)
Ideas? thank you so much |
|
| Back to top |
|
 |
saggating
n00b
Joined: 11 Apr 2004
Posts: 25
|
| Posted: Mon Jan 23, 2006 12:42 am Post subject: |
|
|
I'm having the exact same problem. I not sure but I was expecting to see an outcoing chapv2 response instead of a <auth eap>.
I'm still digging around at the meoment.
_________________
There is no gravity, The world sucks ! |
|
| Back to top |
|
|
Havin_it
Veteran
Joined: 17 Jul 2005
Posts: 1247
Location: Edinburgh, UK
|
| Posted: Mon Jan 23, 2006 9:49 am Post subject: |
|
|
Hey guys, not sure exactly what the problem may be, but you might want to try using pptpconfig (a GUI configuration app. for pptpclient) to do your setup. I used it and the connection went up first time.
Also, please note that as of kernel 2.6.15 the MPPE-MPPC patch is included in the kernel, so no patching required. If you have the new kernel and are still patching, that would most likely cause problems. |
|
| Back to top |
|
|
harryr
n00b
Joined: 23 Feb 2005
Posts: 42
Location: Broken Arrow, OK
|
| Posted: Mon Jan 23, 2006 6:07 pm Post subject: P-T-P tunnel set up but no traffic |
|
|
I can get the authentication to succeed and get P-T-P tunnel
set up, but there appears to be no traffic possible.
I have no firewall up.
One thing I did not check, I have ppp_mppe_mppc module
available but did not lsmod to see if it was loaded.
Do I need to manually modprobe this module?
I seem to have either a routing problem or encript-decrypt
problem once the tunnel is set up.
P.S. I did try from a WinXP box on the same local LAN and
VPN works. So, I know my home cable and WRT54G boxes
can handle WinXP VPN.
Thanks in advance for any help.
| Quote: |
eagle9 ~ # /usr/sbin/pppd call work logfd 2 nodetach debug dump
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
name WORK\\mylogin # (from /etc/ppp/peers/work)
remotename PPTP # (from /etc/ppp/peers/work)
# (from /etc/ppp/options.pptp)
pty pptp w.x.y.z --nolaunch pppd # (from /etc/ppp/peers/work)
mru 1000 # (from /etc/ppp/options.pptp)
mtu 1000 # (from /etc/ppp/options.pptp)
lcp-echo-failure 10 # (from /etc/ppp/options.pptp)
lcp-echo-interval 10 # (from /etc/ppp/options.pptp)
ipparam work # (from /etc/ppp/peers/work)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
mppe xxx # [don't know how to print value] # (from /etc/ppp/options.pptp)
using channel 1
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xcb1f2832> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 338> <auth chap MS-v2> <magic 0x6595a7bc> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <mru 338> <auth chap MS-v2> <magic 0x6595a7bc> <pcomp> <accomp>]
rcvd [LCP ConfRej id=0x1 <asyncmap 0x0>]
sent [LCP ConfReq id=0x2 <mru 1000> <magic 0xcb1f2832> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x2 <mru 1000> <magic 0xcb1f2832> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0xcb1f2832]
rcvd [CHAP Challenge id=0x1 <some_hex_number>, name = "challngname"]
sent [CHAP Response id=0x1 <another_nex_number>, name = "WORK\\mylogin"]
rcvd [CHAP Success id=0x1 "S=yet_another_hex_number"]
sent [CCP ConfReq id=0x1 <mppe -H +M +S +L -D +C>]
rcvd [IPCP ConfReq id=0x1 <addr 192.168.yy.z2>]
sent [IPCP TermAck id=0x1]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
sent [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>]
rcvd [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>]
sent [CCP ConfReq id=0x2 <mppe -H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x2 <mppe -H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x1 <addr 192.168.yy.z2>]
sent [IPCP TermAck id=0x1]
sent [CCP ConfReq id=0x2 <mppe -H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x2 <mppe -H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
sent [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x2 <mppe -H -M +S -L -D -C>]
sent [CCP ConfAck id=0x2 <mppe -H -M +S -L -D -C>]
MPPE 128-bit stateful compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr eth0_ip_address>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr eth0_ip_address>]
rcvd [IPCP ConfNak id=0x2 <addr 192.168.yy.z1>]
sent [IPCP ConfReq id=0x3 <addr 192.168.yy.z1>]
rcvd [IPCP ConfAck id=0x3 <addr 192.168.yy.z1>]
rcvd [IPCP ConfReq id=0x1 <addr 192.168.yy.z2>]
sent [IPCP ConfAck id=0x1 <addr 192.168.yy.z2>]
local IP address 192.168.yy.z1
remote IP address 192.168.yy.z2
Script /etc/ppp/ip-up started (pid 9248)
Script /etc/ppp/ip-up finished (pid 9248), status = 0x0
harryr@eagle9 ~ $ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr ...
inet addr:ip_address Bcast:.......255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:89979 errors:0 dropped:0 overruns:0 frame:0
TX packets:85580 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:134853045 (128.6 Mb) TX bytes:5914838 (5.6 Mb)
Interrupt:22 Base address:0xcc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:85 errors:0 dropped:0 overruns:0 frame:0
TX packets:85 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5376 (5.2 Kb) TX bytes:5376 (5.2 Kb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.yy.z1 P-t-P:192.168.yy.z2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:338 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:120 (120.0 b) TX bytes:114 (114.0 b)
harryr@eagle9 ~ $ ping 192.168.yy.z2
...
--- 192.168.yy.z2 ping statistics ---
66 packets transmitted, 0 received, 100% packet loss, time 65021ms
harryr@eagle9 ~ $ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr ...
inet addr:ip_address Bcast:......255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:91052 errors:0 dropped:0 overruns:0 frame:0
TX packets:86648 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:136439883 (130.1 Mb) TX bytes:5989725 (5.7 Mb)
Interrupt:22 Base address:0xcc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:85 errors:0 dropped:0 overruns:0 frame:0
TX packets:85 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5376 (5.2 Kb) TX bytes:5376 (5.2 Kb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.yy.z1 P-t-P:192.168.yy.z2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:338 Metric:1
RX packets:13 errors:1 dropped:0 overruns:0 frame:0
TX packets:79 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:207 (207.0 b) TX bytes:5662 (5.5 Kb)
harryr@eagle9 ~ $ /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.yy.z2 * 255.255.255.255 UH 0 0 0 ppp0
192.168.yy.0 * 255.255.255.0 U 0 0 0 ppp0
.......0.0 * 255.255.0.0 U 0 0 0 eth0
10.0.0.0 * 255.0.0.0 U 0 0 0 ppp0
loopback localhost.local 255.0.0.0 UG 0 0 0 lo
default homeport 0.0.0.0 UG 0 0 0 eth0
|
|
|
| Back to top |
|
|
Riekr
n00b
Joined: 21 Jun 2002
Posts: 47
Location: Italy
|
|
| Back to top |
|
|
wlchase
Tux's lil' helper
Joined: 04 Jul 2003
Posts: 81
Location: Texas
|
| Posted: Wed Feb 01, 2006 10:59 pm Post subject: |
|
|
This did it for me as well!
Basically, once you have a 2.6.15 kernel, and build it with mppe, the proper module to load is ppp_mppe. Then you pull references to ppp_mppe_mppc and ppp_compress_128 out of /etc/modules.conf, remove any mppe_mppc USE flags that may have been set in /etc/make.conf or /etc/portage/package.use, re-emerge net-dialup/ppp, and, since I use the GUI pptp client stuff, toggle the button for "Require Microsoft Point-to-Point Encryption (MPPE)" and I'm good to go!
Woo-hoo! 
Bill |
|
| Back to top |
|
|
harryr
n00b
Joined: 23 Feb 2005
Posts: 42
Location: Broken Arrow, OK
|
| Posted: Mon Feb 06, 2006 11:47 pm Post subject: |
|
|
 I followed the instructions given in the link.
The key was: logging said mppe not supported in kernel.
I manually modprobed ppp-mppe and it worked. This causes me
to ask if I needed to manually modprobe ppp-mppe-mppc when
I was running the patched 2.6.14 kernel. If so, why did the patched
kernel *not* complain about mppe not being supported in the kernel?
Hmmmm?
Well, anyway no sense going backward. It works now with 2.6.15.
Thanks again all. |
|
| Back to top |
|
|
BlakeJob
Tux's lil' helper
Joined: 23 May 2004
Posts: 80
|
| Posted: Wed Feb 08, 2006 1:22 am Post subject: |
|
|
I have it setup as the pages state, but I cannot use pptpconfig to do the configuration (I'm running 64bit Gentoo). Anyways the error i get:
| Code: |
rcvd [EAP Request id=0x1d Identity <No message>]
sent [EAP Response id=0x1d Identity <Name "$DOMAN\\$USER">]
rcvd [EAP Request id=0x1e Windows 2000...]
EAP: unknown authentication type 15; Naking
sent [EAP Response id=0x1e Nak <Suggested-type 13>]
rcvd [EAP Request id=0x1e Windows 2000...]
EAP: unknown authentication type 15; Naking
sent [EAP Response id=0x1e Nak <Suggested-type 13>]
rcvd [LCP TermReq id=0x7 "7=\000\37777777713\000<\37777777715t\000\000\002\37777777663"]
LCP terminated by peer (7=^@M-K^@<M-Mt^@^@^BM-3)
sent [LCP TermAck id=0x7]
Connection terminated.
|
$DOMAIN and $USER are the correct values, but I masked them for this posting. any ideas or do you think I should post to the mailing list? I'm running 2.6.15-gentoo-r1. |
|
| Back to top |
|
|
Tartan
n00b
Joined: 03 Aug 2004
Posts: 8
Location: Littleton, CO
|
| Posted: Mon Jun 05, 2006 10:44 pm Post subject: |
|
|
mppe != mppc
Yes, 2.6.15 now has mppe, but that is NOT the full implementation with any real compression.
This is straight out of options.pptp:
| Quote: | # Encryption
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use. Note that MPPE
# requires the use of MSCHAP-V2 during authentication)
# http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras
# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
# {{{
# Require MPPE 128-bit encryption
#require-mppe-128
# }}}
# http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec
# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
# {{{
# Require MPPE 128-bit encryption
#mppe required,stateless
# }}} |
What is in 2.6.15+ is the the former MPPE (ppp_mppe.o) -- the version WITHOUT MPPC. What I really hope we get is an updated version of Jan Dubiec's implemention of MPPE-MPPC (ppp_mppe_mppc.o) for 2.6.15+. The compression makes a huge difference.
From http://www.samba.org/ftp/unpacked/ppp/README.MPPE:
| Quote: | While PPP regards MPPE as a "compressor", it actually expands every frame
by 4 bytes, the MPPE overhead (encapsulation).
Because of the data expansion, you'll see that ppp interfaces get their
mtu reduced by 4 bytes whenever MPPE is negotiated. This is because
when MPPE is active, it is *required* that *every* packet be encrypted.
PPPD sets the mtu = MIN(peer mru, configured mtu). To ensure that
MPPE frames are not larger than the peer's mru, we reduce the mtu by 4
bytes so that the network layer never sends ppp a packet that's too large.
There is an option to compress the data before encrypting (MPPC), however
the algorithm is patented and requires execution of a license with Hifn.
MPPC as an RFC is a complete farce. I have no further details on MPPC. |
So for now, I may be forced to setup an old 2.6.13 box, so I can use Jan's latest kernel patch, linux-2.6.13-mppe-mppc-1.3.patch.gz.
Cheers.... |
|
| Back to top |
|
|
unaos
n00b
Joined: 06 Apr 2006
Posts: 64
Location: brovary,UA
|
| Posted: Sun Jun 18, 2006 10:03 am Post subject: |
|
|
hello! all is worked fine, but after some time passed connection is breaked up  the tunnel just goes down and that's all.
here is what he says
| Code: |
[color=red]Jun 18 04:09:30 konduktor pppd[30822]: rcvd [LCP TermReq id=0x2 "link inactive"][/color]
Jun 18 04:09:30 konduktor pppd[30822]: LCP terminated by peer (link inactive)
Jun 18 04:09:30 konduktor pppd[30822]: Script /etc/ppp/ip-down started (pid 11613)
Jun 18 04:09:30 konduktor pppd[30822]: sent [LCP TermAck id=0x2]
Jun 18 04:09:30 konduktor pptp[30808]: anon log[pptp_read_some:pptp_ctrl.c:543]: read returned zero, peer has closed
Jun 18 04:09:30 konduktor pptp[30808]: anon log[callmgr_main:pptp_callmgr.c:255]: Closing connection (shutdown)
Jun 18 04:09:30 konduktor pptp[30808]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
Jun 18 04:09:30 konduktor pptp[30808]: anon log[pptp_read_some:pptp_ctrl.c:543]: read returned zero, peer has closed
Jun 18 04:09:30 konduktor pptp[30808]: anon log[call_callback:pptp_callmgr.c:78]: Closing connection (call state)
Jun 18 04:09:30 konduktor pppd[30822]: Script /etc/ppp/ip-down finished (pid 11613), status = 0x1
Jun 18 04:09:33 konduktor pppd[30822]: Connection terminated.
Jun 18 04:09:33 konduktor pppd[30822]: Connect time 181.4 minutes.
|
i've thinked out that key-phrase is 'link inactive' and connection breaks if no data passin thru it and added "idle 0" to the options. not work. the commented out cp-echo-failure 10 É lcp-echo-interval 10. that's wont work either.
and here is options.pptp
| Code: |
lock
updetach
noauth
debug
nobsdcomp
nodeflate
mppe required,stateless
defaultroute
unit 0
persist
idle 0
|
and peer file
| Code: |
name talisman
remotename PPTP
file /etc/ppp/options.pptp
|
_________________
house of mystic lies |
|
| Back to top |
|
|
dustfinger
Guru
Joined: 15 Aug 2004
Posts: 449
|
| Posted: Mon Sep 04, 2006 11:25 pm Post subject: |
|
|
I almost got my VPN connection up and running, but then all of a sudden debug stopped being outputed to the screen. It happend when I tried adding require-mppe-128 to /etc/ppp/options.pptp. I have tried rebooting and removing the require-mppe-128 flag, but to no avail. When I run pppd with debug I the letters ATZ are outputed on the next line. Once it returns that line (The ATZ line) is cleared.
| Quote: |
# pppd call VPN_WORK logfd 2 nodetach debug dump
ATZ
|
Any ideas?
dustfinger.
*** EDIT ***
The problem was that my /etc/ppp/peers/VPN_WORK had only one line in it:
| Quote: | | connect '/usr/sbin/chat -f /etc/ppp/chat-VPN_WORK |
'
How the heck did that happen? Does this suggest that someone compromised my system while I was trying to connect to the VPN?
***********
_________________
Unanswered Post Initiative:
https://forums.gentoo.org/viewtopic.php?t=119906 |
|
| Back to top |
|
|
dustfinger
Guru
Joined: 15 Aug 2004
Posts: 449
|
| Posted: Tue Sep 05, 2006 12:21 am Post subject: |
|
|
| cat /etc/ppp/options.pptp wrote: |
lock
noauth
nobsdcomp
nodeflate
require-mppe
mtu 1000
mru 1000
lcp-echo-failure 10
lcp-echo-interval 10
|
| pppd call VPN_WORK logfd 2 nodetach debug dump wrote: |
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
name DOMAIN\\username # (from /etc/ppp/peers/VPN_WORK)
remotename VPN_WORK # (from /etc/ppp/peers/VPN_WORK)
# (from /etc/ppp/options.pptp)
pty pptp <ip-address> --nolaunchpppd # (from /etc/ppp/peers/VPN_WORK)
mru 1000 # (from /etc/ppp/options.pptp)
mtu 1000 # (from /etc/ppp/options.pptp)
lcp-echo-failure 10 # (from /etc/ppp/options.pptp)
lcp-echo-interval 10 # (from /etc/ppp/options.pptp)
ipparam VPN_WORK # (from /etc/ppp/peers/VPN_WORK)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
require-mppe-128 # (from /etc/ppp/options.pptp)
using channel 1
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x456e198d> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <auth chap MS-v2> <magic 0x710a01b1> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:0a.10.98.08.8f.96.4c.31.b8.eb.c9.30.e9.ac.8d.f7.00.00.00.00]> < 17 04 03 8a>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 03 8a>]
rcvd [LCP ConfNak id=0x1 <mru 1500>]
sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x456e198d> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <auth chap MS-v2> <magic 0x710a01b1> <pcomp> <accomp> <endpoint [local:0a.10.98.08.8f.96.4c.31.b8.eb.c9.30.e9.ac.8d.f7.00.00.00.00]>]
sent [LCP ConfAck id=0x1 <auth chap MS-v2> <magic 0x710a01b1> <pcomp> <accomp> <endpoint [local:0a.10.98.08.8f.96.4c.31.b8.eb.c9.30.e9.ac.8d.f7.00.00.00.00]>]
rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x456e198d> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0x456e198d]
rcvd [CHAP Challenge id=0x0 <fb3ffe69ed51edcfcd9a82c2c8ce30ac>, name = "PROXY"]
sent [CHAP Response id=0x0 <96dc3e8114fc33250f7a576d384f3d9b0842424242424242c2f4ea28ee630df6aa890cc44445c6aa1ac8223abadf228500>, name = "DOMAIN\\username"]
rcvd [LCP EchoRep id=0x0 magic=0x710a01b1]
rcvd [CHAP Success id=0x0 "S=01487156421872E8BE5462E55A7472A8E210691A"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x3 <mppe +H +M +S -L -D +C>]
sent [CCP ConfNak id=0x3 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x4 <addr 192.168.8.65>]
sent [IPCP TermAck id=0x4]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x5 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x5 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr 192.168.8.88>]
sent [IPCP ConfReq id=0x3 <addr 192.168.8.88>]
rcvd [IPCP ConfAck id=0x3 <addr 192.168.8.88>]
rcvd [IPCP ConfReq id=0x6 <addr 192.168.8.65>]
sent [IPCP ConfAck id=0x6 <addr 192.168.8.65>]
local IP address 192.168.8.88
remote IP address 192.168.8.65
Script /etc/ppp/ip-up started (pid 7867)
Script /etc/ppp/ip-up finished (pid 7867), status = 0x1
Script pptp <ip-address> --nolaunchpppd finished (pid 7854), status = 0x0
Modem hangup
Connect time 0.2 minutes.
Sent 0 bytes, received 0 bytes.
Script /etc/ppp/ip-down started (pid 7960)
MPPE disabled
sent [LCP TermReq id=0x3 "MPPE disabled"]
Connection terminated.
Waiting for 1 child processes...
script /etc/ppp/ip-down, pid 7960
Script /etc/ppp/ip-down finished (pid 7960), status = 0x1
|
Following the execution of pppd and the resulting debug output shown above, the content of chap-secrets and VPN_WORK were over written with the following text:
| cat /etc/ppp/chap-secrets wrote: |
"user" * "passwd"
|
| cat /etc/ppp/peers/VPN_WORK wrote: |
connect '/usr/sbin/chat -f /etc/ppp/chat-VPN_WORK'
|
So, the content that I placed in /etc/ppp/chap-secrets and /etc/ppp/peers/VPN_WORK was overwritten and so the next time that I try to connect using pppd I get the results mentioned in my previous post.
What the heck is going on?
dustfinger
_________________
Unanswered Post Initiative:
https://forums.gentoo.org/viewtopic.php?t=119906 |
|
| Back to top |
|
|
Havin_it
Veteran
Joined: 17 Jul 2005
Posts: 1247
Location: Edinburgh, UK
|
| Posted: Mon May 07, 2007 2:52 pm Post subject: |
|
|
| Tartan wrote: | mppe != mppc
Yes, 2.6.15 now has mppe, but that is NOT the full implementation with any real compression.
This is straight out of options.pptp:
| Quote: | # Encryption
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use. Note that MPPE
# requires the use of MSCHAP-V2 during authentication)
# http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras
# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
# {{{
# Require MPPE 128-bit encryption
#require-mppe-128
# }}}
# http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec
# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
# {{{
# Require MPPE 128-bit encryption
#mppe required,stateless
# }}} |
What is in 2.6.15+ is the the former MPPE (ppp_mppe.o) -- the version WITHOUT MPPC. What I really hope we get is an updated version of Jan Dubiec's implemention of MPPE-MPPC (ppp_mppe_mppc.o) for 2.6.15+. The compression makes a huge difference.
From http://www.samba.org/ftp/unpacked/ppp/README.MPPE:
| Quote: | While PPP regards MPPE as a "compressor", it actually expands every frame
by 4 bytes, the MPPE overhead (encapsulation).
Because of the data expansion, you'll see that ppp interfaces get their
mtu reduced by 4 bytes whenever MPPE is negotiated. This is because
when MPPE is active, it is *required* that *every* packet be encrypted.
PPPD sets the mtu = MIN(peer mru, configured mtu). To ensure that
MPPE frames are not larger than the peer's mru, we reduce the mtu by 4
bytes so that the network layer never sends ppp a packet that's too large.
There is an option to compress the data before encrypting (MPPC), however
the algorithm is patented and requires execution of a license with Hifn.
MPPC as an RFC is a complete farce. I have no further details on MPPC. |
So for now, I may be forced to setup an old 2.6.13 box, so I can use Jan's latest kernel patch, linux-2.6.13-mppe-mppc-1.3.patch.gz.
Cheers.... |
Apologies for the misinformation. I haven't been back to this thread in a while, but now that pptpconfig is dead (and the pptpclient devs don't seem to be interested in helping KDE users), when making the switch to KVPNC I got bitten by this myself. I can't recall where I got my 'facts', but obviously they were wrong. Sorry.
I guess the patent issues prevent the possibility of having ppp_mppe_mppc in the distro kernel, but I wonder if the module could be provided as a separate package? IANAKernel-dev, but provided the patch only affects the existing ppp_mppe module, then presumably an ebuild could just check that ppp_mppe wasn't built in the current config?
If this is feasible, I'd be willing to help in making it happen with whatever help I can provide. |
|
| Back to top |
|
|
hkfczrqj
n00b
Joined: 14 Dec 2004
Posts: 43
Location: Rochester, MN
|
| Posted: Wed Feb 20, 2008 7:05 pm Post subject: |
|
|
| I found this blog post about a patch for kernel 2.6.23, so there's hope. I haven't tried it yet. It was written by a fellow gentooist. I wonder why didn't he post it in the forums? |
|
| Back to top |
|
|
drzap
n00b
Joined: 20 Sep 2004
Posts: 23
|
| Posted: Wed Mar 19, 2008 9:20 pm Post subject: |
|
|
| hkfczrqj wrote: | | I found this blog post about a patch for kernel 2.6.23, so there's hope. I haven't tried it yet. It was written by a fellow gentooist. I wonder why didn't he post it in the forums? |
Hey ho, I manged to manually merge it into the 2.6.24 kernel as well and got working mppc on Arch linux. You can find the patches on: http://gaute.vetsj.com/?p=69
(now it is posted  )
- gaute |
|
| Back to top |
|
|
bfdi533
Tux's lil' helper
Joined: 11 Jun 2003
Posts: 133
|
| Posted: Mon Apr 28, 2008 2:47 pm Post subject: |
|
|
| hkfczrqj wrote: | | I found this blog post about a patch for kernel 2.6.23, so there's hope. I haven't tried it yet. It was written by a fellow gentooist. I wonder why didn't he post it in the forums? |
I tried those patches and for the first time was able to actually start the ppp/pptp software.
However, for some reason the connection is dropped.
Here is the debug output (cleaned of the address and username for security):
| Code: | # pon vpn-target debug dump logfd 2 nodetach
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
refuse-chap # (from /etc/ppp/options.pptp)
refuse-mschap # (from /etc/ppp/options.pptp)
refuse-eap # (from /etc/ppp/options.pptp)
name DOMAIN\\user # (from /etc/ppp/peers/vpn-target)
remotename PPTP # (from /etc/ppp/peers/vpn-target)
# (from /etc/ppp/options.pptp)
pty pptp vpn.target.com --nolaunchpppd # (from /etc/ppp/peers/vpn-target)
ipparam vpn-target # (from /etc/ppp/peers/vpn-target)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
using channel 10
Using interface ppp0
Connect: ppp0 <--> /dev/pts/4
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x541653a5> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x2abc044f> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:81.99.f3.6e.ea.22.44.dc.9e.4b.73.43.0a.83.08.d8.00.00.00.00]> < 17 04 00 4f>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 00 4f>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x541653a5> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x2abc044f> <pcomp> <accomp> <endpoint [local:81.99.f3.6e.ea.22.44.dc.9e.4b.73.43.0a.83.08.d8.00.00.00.00]>]
sent [LCP ConfNak id=0x1 <auth chap MS-v2>]
rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x2abc044f> <pcomp> <accomp> <endpoint [local:81.99.f3.6e.ea.22.44.dc.9e.4b.73.43.0a.83.08.d8.00.00.00.00]>]
sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x2abc044f> <pcomp> <accomp> <endpoint [local:81.99.f3.6e.ea.22.44.dc.9e.4b.73.43.0a.83.08.d8.00.00.00.00]>]
rcvd [CHAP Challenge id=0x0 <edbef32cd84e532d0dfba8833d17afff>, name = "SERVER"]
sent [CHAP Response id=0x0 <561b640cdeb5b9d217acbadfbf3148f7000000000000000026b4614da146a43f4a60db5b4e153c01240b2e2e6f753af900>, name = "DOMAIN\\user"]
rcvd [CHAP Success id=0x0 "S=E1F5E8020CB31462E6C34478C58B8B5378DD8B26"]
CHAP authentication succeeded
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.1.148>]
rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L -D +C>]
sent [CCP ConfReq id=0x1]
sent [CCP ConfRej id=0x4 <mppe +H +M +S +L -D +C>]
rcvd [IPCP ConfReq id=0x5 <addr 10.8.8.113>]
sent [IPCP ConfAck id=0x5 <addr 10.8.8.113>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 192.168.1.148>]
rcvd [CCP ConfNak id=0x1 <mppe -H -M -S -L -D -C>]
sent [CCP ConfReq id=0x2]
rcvd [LCP TermReq id=0x6 "*\37777777674\004O\000<\37777777715t\000\000\002\37777777746"]
LCP terminated by peer (*M-<^DO^@<M-Mt^@^@^BM-f)
sent [LCP TermAck id=0x6]
Connection terminated.
Modem hangup
Waiting for 1 child processes...
script pptp vpn.target.com --nolaunchpppd, pid 21974
Script pptp vpn.target.com --nolaunchpppd finished (pid 21974), status = 0x0
#
|
This happens with 2 different domains/endpoints that are totally unrelated to each other.
Any ideas on why this get dropped like that? |
|
| Back to top |
|
|
drzap
n00b
Joined: 20 Sep 2004
Posts: 23
|
| Posted: Tue Apr 29, 2008 1:33 am Post subject: |
|
|
well the patches was just manually merged and the alternations was not meant for this kernel.. i did not read up on what i did it just worked by luck, so there is a quite high probability that there is something wrong with the code.
- gaute |
|
| Back to top |
|
|
Beetle B.
Guru
Joined: 01 Mar 2003
Posts: 524
|
| Posted: Tue Dec 02, 2008 3:21 pm Post subject: |
|
|
I got the pptp connection going, but am stumbling on a much simpler problem.
Before pon, here's what route gives me:
| Code: |
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
|
Basically, I access the Internet via a router, which is the 192.168.0.1 gateway.
After pon, here's the situation.
| Code: |
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.17.144.2 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
|
Now what commands do I need to give route so that my network traffic goes through the PPTP connection? I had a bunch of ideas, but none worked.
_________________
Beetle B.
Please update the table of equivalents.
A Firefox guide. |
|
| Back to top |
|
|
drzap
n00b
Joined: 20 Sep 2004
Posts: 23
|
| Posted: Tue Dec 02, 2008 4:23 pm Post subject: |
|
|
| Quote: | | Code: |
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.17.144.2 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
|
|
If you want to redirect all traffic to the 192.17.144.* ([1-255] subnet through the ppp0 interface you need to do something like:
| Code: | | route add -net 192.17.144.0/24 ppp0 |
- gaute |
|
| Back to top |
|
|
Beetle B.
Guru
Joined: 01 Mar 2003
Posts: 524
|
| Posted: Tue Dec 02, 2008 5:31 pm Post subject: |
|
|
I don't think that will do it.
How do I check? Should my reported IP on various sites change?
I think the problem with that solution is that all traffic needs to go through my router (192.168.0.1 gateway) before it can get to the Internet. So shouldn't I need to set it so that all traffic first goes through 192.168.0.1 and from there will head to ppp0?
If my question sounds nonsensical, it's because I never figured out networking in Linux. Put another way, how do I guarantee that all network traffic goes through the router (i.e. all network traffic) should then head to the VPN (192.17.144.*)?
_________________
Beetle B.
Please update the table of equivalents.
A Firefox guide. |
|
| Back to top |
|
|
drzap
n00b
Joined: 20 Sep 2004
Posts: 23
|
| Posted: Tue Dec 02, 2008 5:45 pm Post subject: |
|
|
| Beetle B. wrote: | I don't think that will do it.
How do I check? Should my reported IP on various sites change? |
No it shouldn't. Only the output of 'route'
| Quote: |
I think the problem with that solution is that all traffic needs to go through my router (192.168.0.1 gateway) before it can get to the Internet. So shouldn't I need to set it so that all traffic first goes through 192.168.0.1 and from there will head to ppp0?
|
No. ppp0 is a virtual network interface - a connection between your computer and another through your other network interface, if this computer is outside your local lan it goes through your gateway. The virtual interface imitates a second network card with a cable to a different subnet (192.17.144.*).
When you try to send any data or make a connection, say ping a computer in the subnet of your ppp0 interface, ppp0 takes the data, puts it in a packet, sends it to the IP-address of the remote computer you set up your ppp0 interface to - since this new packet is for an IP-address _not_ in the subnet of ppp0 it is sent to the 'default' gw. Thus the remote machine gets a packet like always.. the remote machine realizes its a ppp packet, unpacks it and pretends it got it on _its_ ppp0 interface.
If you know the IP-address of another computer in the subnet of the VPN (192.17.144.xxx) and you are able to ping this one - you are connected.
For further confusion:
Your current setup _only_ sends packets for the _exact_ IP-address 192.17.144.2 through the ppp0 interface, do let your system know that _all_ traffic on the 192.17.144.0/24 (192.17.14.* with netmask 255.255.255.0) subnet should go through to the ppp0 interface you need to add the route from the previous post:
| Code: |
route add -net 192.17.144.0/24 ppp0 |
- gaute |
|
| Back to top |
|
|
Beetle B.
Guru
Joined: 01 Mar 2003
Posts: 524
|
| Posted: Wed Dec 03, 2008 4:32 pm Post subject: |
|
|
Thanks - that cleared it all up.
Turned out I was doing it correctly earlier. The problem was that the IP I was trying to reach was not 192.x. So I put a route command specific to the server I was trying to connect to.
_________________
Beetle B.
Please update the table of equivalents.
A Firefox guide. |
|
| Back to top |
|
|
|
Networking & Security
