Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
PPTP tunnels with kernel 2.6
View unanswered posts
View posts from last 24 hours

Goto page 1, 2, 3  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
minaguib
n00b
n00b


Joined: 03 Nov 2003
Posts: 35
Location: Montréal

PostPosted: Wed May 26, 2004 7:28 pm    Post subject: PPTP tunnels with kernel 2.6 Reply with quote

It took me all day to get this PPTP tunnel to my office working under the 2.6 kernel so I decided to document it here:

1. Use the 2.6 kernel. Current version in portage is 2.6.5-gentoo-r1

2. Download the appropriate MPPE/MPPC patch from here - In case of the 2.6.5 kernel it's linux-2.6.5-mppe-mppc-1.0.patch.gz

3. Patch your kernel source tree with the downloaded patch

4. Configure your kernel, make sure all these are enabled/compiled as modules:
Code:


#Device Drivers ---> Networking support --->

<M> PPP (point-to-point protocol) support
<M>   PPP support for async serial ports
<M>   Microsoft PPP compression/encryption (MPPC/MPPE)

#Cryptographic options  --->

[*] Cryptographic API
<M>   ARC4 cipher algorithm


5. Install your kernel, install modules, reboot if necessary, run modules-update

6. Download this file and save it ontop of (override) /usr/portage/net-dialup/ppp/files/2.4.2/stdopt-mppe-mppc-0.82.patch.gz

7. Install/re-install ppp: emerge /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild

8. Install/re-install pptpclient if necessary

9. Modify /etc/ppp/options.conf - Change these lines:
Code:

mppe-40
mppe-128
mppe-stateless

to so:
Code:

#mppe-40
#mppe-128
#mppe-stateless


10. NOW you can finally follow all the docs out there:

10a. Edit /etc/ppp/chap-secrets, add:
Code:

DOMAINNAME\\username ANYVPNNAME password
ANYVPNNAME DOMAINNAME\\username password


10b. Edit/create /etc/ppp/peers/ANYVPNNAME :
Code:

# Server IP: XX.YY.ZZ.AA
# Route: add -net XX.YY.0.0 netmask 255.255.0.0 dev TUNNEL_DEV

name DOMAINNAME\\username
remotename ANYVPNNAME

file /etc/ppp/options.pptp


11. If all goes well, you can start your tunnel: pptp-command start ANYVPNNAME


Last edited by minaguib on Mon Jun 28, 2004 2:15 am; edited 1 time in total
Back to top
View user's profile Send private message
hununu
n00b
n00b


Joined: 24 Dec 2003
Posts: 6

PostPosted: Fri Jun 04, 2004 9:24 pm    Post subject: Reply with quote

Has anyone been using the patches for the kernel and ppp on a kernel 2.6.6 to connect to a Windows VPN ? I'm gettin a kernel does not support MPPE :-(
Back to top
View user's profile Send private message
jammerJ
n00b
n00b


Joined: 04 Jun 2004
Posts: 21
Location: California

PostPosted: Sat Jun 05, 2004 6:57 pm    Post subject: Reply with quote

I've tried pretty much every tutorial and patch out there.
I always end up with the following after modprobe ppp_mppe_mppc (from dmesg)
Code:

PPP generic driver version 2.4.2
devfs_mk_dev: could not append to parent for ppp
failed to register PPP device (-17)
ppp_mppe_mppc: Unknown symbol ppp_register_compressor
ppp_mppe_mppc: Unknown symbol ppp_unregister_compressor


I figure that it's not related to any of the patches, because I don't get errormessages during compile.
Any ideas are greatly appreciated.
_________________
Don't need no stinkin' signature
Back to top
View user's profile Send private message
hununu
n00b
n00b


Joined: 24 Dec 2003
Posts: 6

PostPosted: Sun Jun 06, 2004 3:32 am    Post subject: Reply with quote

I can successfully compile and load the module using development-sources and the patches for 2.6.6 kernel. My problem is not being able to make ppp see it :|
Back to top
View user's profile Send private message
Sinneh
n00b
n00b


Joined: 17 May 2004
Posts: 3

PostPosted: Sun Jun 13, 2004 2:50 pm    Post subject: Reply with quote

hununu wrote:
I can successfully compile and load the module using development-sources and the patches for 2.6.6 kernel. My problem is not being able to make ppp see it :|


where do you get these patches? the site mentioned in the first post seems to be down or moved or smtg, googled for it but no success.

i need mppe support :(
Back to top
View user's profile Send private message
mamash
n00b
n00b


Joined: 06 May 2004
Posts: 7

PostPosted: Mon Jun 14, 2004 12:41 am    Post subject: Reply with quote

Me too. The whole polbox.com server seems to be down for a couple of days and no mirror anywhere. Does anybody have the patch at hand?
Back to top
View user's profile Send private message
Brandoo
n00b
n00b


Joined: 22 Mar 2003
Posts: 4
Location: NZ

PostPosted: Sun Jun 20, 2004 11:08 am    Post subject: Reply with quote

OK, Have spent quite a lot of time today checking this out.

I have got to the point where the tunnel is created - so I guess its a great start :)

You will need to familiarise (spelling??) yourself with the site http://www.polbox.com/h/hs001/

Also, this has been great for a rough guide - follow it.

There were 3 things that had me stumped and this page provided lots of help!

Problem #1: remote system is required to authenticate itself
Easily fixed from the above link
Quote:
Make sure that noauth option is in the options file, or given to pppd via the command line. Make sure that require-mschap-v2 require-mschap require-chap require-pap require-eap options are not used.


Problem #2: MPPE required, but kernel has no support.
This was the major problem I had - my kernel was patched, I was absolutly positive ppp was also patched, so what was the problem.

I noticed this from the above link:
Quote:
Ensure the versions of PPP and PPP's MPPE kernel support match.


I patched the kernel with the recommended patch from the MPPE patch site, PPP was patched through the ebuild. I checked the kerlen patch version (I used linux-2.4.26-mppe-mppc-1.0.patch.gz) and found I was using the latest 1.0 patch.

Looking at /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild I saw
Quote:
epatch ${FILESDIR}/${PV}stdopt-mppe-mppc-0.82.patch.gz


The Kernel version and PPP patch version need to be consistent, PPP patch was 0.82.

Through the IRC channel and some help from marienz (Cheers!) I worked out how to apply the correct patch to the ebuild I was using (was using the unstable ebuild).

Change dir to /usr/portage/net-dialup/ppp/files/2.4.2/

Download the latest required patch to match the kernel patch
Code:
wget http://www.polbox.com/h/hs001/ppp-2.4.2-mppe-mppc-1.0.patch.gz


Edit the ebuild
Code:
nano /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild


Change the epatch line to use the correct patch
Code:
epatch ${FILESDIR}/${PV}/ppp-2.4.2-mppe-mppc-1.0.patch.gz


Build ppp again
Code:
ACCEPT_KEYWORDS="~x86" emerge ppp


Reboot and try reconnecting

Problem #3: More peer/option errors
I had to remove the option require-mppe from both the peer and options file - this is my current options.pptp file that I can now connect with:
Code:
lock
 
noauth
nobsdcomp
nodeflate
 
refuse-pap
refuse-chap
refuse-mschap
#refuse eap
#require-mppe


Hope this may help some of you ppl struggling through this - at the least understand the problem(s).
Back to top
View user's profile Send private message
BeFalou
n00b
n00b


Joined: 26 May 2003
Posts: 45
Location: Madrid

PostPosted: Mon Jun 21, 2004 4:29 pm    Post subject: Reply with quote

jammerJ wrote:
I've tried pretty much every tutorial and patch out there.
I always end up with the following after modprobe ppp_mppe_mppc (from dmesg)
Code:

PPP generic driver version 2.4.2
devfs_mk_dev: could not append to parent for ppp
failed to register PPP device (-17)
ppp_mppe_mppc: Unknown symbol ppp_register_compressor
ppp_mppe_mppc: Unknown symbol ppp_unregister_compressor


I figure that it's not related to any of the patches, because I don't get errormessages during compile.
Any ideas are greatly appreciated.


I've exactly the same problem, and i can't find a way to fix it... I'm using kernel 2.6.7+mppe1.0 patch.
Back to top
View user's profile Send private message
BeFalou
n00b
n00b


Joined: 26 May 2003
Posts: 45
Location: Madrid

PostPosted: Mon Jun 21, 2004 6:25 pm    Post subject: Reply with quote

Fixed: https://bugs.gentoo.org/show_bug.cgi?id=47519

Hope this helps.
Back to top
View user's profile Send private message
castrik
n00b
n00b


Joined: 16 Apr 2004
Posts: 31

PostPosted: Wed Jun 23, 2004 2:01 pm    Post subject: Reply with quote

Brandoo wrote:

I had to remove the option require-mppe from both the peer and options file


Doesn't this mean that your tunnel has no encryption now, well at least when communicating with windows clients?
Back to top
View user's profile Send private message
Brandoo
n00b
n00b


Joined: 22 Mar 2003
Posts: 4
Location: NZ

PostPosted: Thu Jun 24, 2004 4:11 am    Post subject: Reply with quote

You would think - but with this error message, pppd will return an error Re: unrecognised command.

The VPN I'm connecting to requires encrytion, will not connect without it - without this option I connect fine.
Back to top
View user's profile Send private message
minaguib
n00b
n00b


Joined: 03 Nov 2003
Posts: 35
Location: Montréal

PostPosted: Fri Jun 25, 2004 4:22 pm    Post subject: Reply with quote

castrik wrote:
Brandoo wrote:

I had to remove the option require-mppe from both the peer and options file


Doesn't this mean that your tunnel has no encryption now, well at least when communicating with windows clients?



man ppp/man pppd for details.

Basically the newer ppp/pppd implementations automatically try to negotiate MPPC if the peer supports it (from my understanding) so these options in the conf file have been deprecated, hence the error you get if you leave them there.

Just my $0.02
Back to top
View user's profile Send private message
castrik
n00b
n00b


Joined: 16 Apr 2004
Posts: 31

PostPosted: Sun Jun 27, 2004 1:10 pm    Post subject: Reply with quote

we worked out that the problem with our configuration was fixed by

Code:
modprobe conntrack
modprobe ip_gre
Back to top
View user's profile Send private message
OptimusP
n00b
n00b


Joined: 27 Apr 2003
Posts: 42

PostPosted: Mon Jun 28, 2004 10:23 am    Post subject: Reply with quote

Im trying to get a pptp server up

Ive patched the kernel and patched ppp

this is what im getting from my log

Jun 28 20:53:39 X pptpd[29800]: CTRL: Client 192.168.1.2 control connection sta$
Jun 28 20:53:39 X pptpd[29800]: CTRL: Starting call (launching pppd, opening GR$
Jun 28 20:53:39 X pppd[29801]: pppd 2.4.2 started by root, uid 0
Jun 28 20:53:39 X pppd[29801]: Using interface ppp0
Jun 28 20:53:39 X pppd[29801]: Connect: ppp0 <--> /dev/pts/40
Jun 28 20:53:39 X pptpd[29800]: GRE: Discarding duplicate packet
Jun 28 20:53:41 X pptpd[29800]: CTRL: Ignored a SET LINK INFO packet with real $
Jun 28 20:53:41 X pppd[29801]: kernel does not support PPP filtering
Jun 28 20:53:41 X pppd[29801]: MPPE required, but kernel has no support.
Jun 28 20:53:41 X pptpd[29800]: CTRL: Closing child BCrelay with pid 0
Jun 28 20:53:41 X pptpd[29800]: CTRL: Closing child ppp with pid 29801
Jun 28 20:53:41 X pptpd[29800]: CTRL: Client 192.168.1.2 control connection fin$
Jun 28 20:53:41 X pppd[29801]: Terminating on signal 2.
Jun 28 20:53:41 X pppd[29801]: Connection terminated.
Jun 28 20:53:41 X pppd[29801]: Connect time 0.1 minutes.
Jun 28 20:53:41 X pppd[29801]: Sent 0 bytes, received 44 bytes.
Jun 28 20:53:41 X pppd[29801]: tcflush failed: Input/output error
Jun 28 20:53:41 X pppd[29801]: Connect time 0.1 minutes.
Jun 28 20:53:41 X pppd[29801]: Sent 0 bytes, received 44 bytes.

Can anyone help?
Back to top
View user's profile Send private message
dmitrio
Tux's lil' helper
Tux's lil' helper


Joined: 10 Dec 2002
Posts: 108
Location: DFW

PostPosted: Mon Jun 28, 2004 3:21 pm    Post subject: :. copied to gentoo-wiki.com Reply with quote

I have copied this, with permission of minaguib, to gentoo-wiki.com
http://gentoo-wiki.com/HOWTO_PPTP_tunnels_with_kernel_2.6
If you see anything that should be added or changed, feel free to do so.

Thank you for a great HOWTO.
_________________

... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ...
Back to top
View user's profile Send private message
Hendry
n00b
n00b


Joined: 29 Oct 2003
Posts: 28
Location: Apeldoorn, The Netherlands

PostPosted: Mon Jun 28, 2004 3:26 pm    Post subject: Reply with quote

Stupid Question, but can anyone tell me how to patch a kernel? Never did it before and there must be a first time! I want to patch the 2.6.7-r1 kernel version. :oops:
Back to top
View user's profile Send private message
dmitrio
Tux's lil' helper
Tux's lil' helper


Joined: 10 Dec 2002
Posts: 108
Location: DFW

PostPosted: Mon Jun 28, 2004 4:18 pm    Post subject: Reply with quote

Hendry wrote:
Stupid Question, but can anyone tell me how to patch a kernel? Never did it before and there must be a first time! I want to patch the 2.6.7-r1 kernel version. :oops:

look here http://gentoo-wiki.com/HOWTO_Install_a_Kernel_Patch
_________________

... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ...
Back to top
View user's profile Send private message
OptimusP
n00b
n00b


Joined: 27 Apr 2003
Posts: 42

PostPosted: Tue Jun 29, 2004 1:02 am    Post subject: Reply with quote

Has anyone successfully patched and got a pptp server working with the 2.6.7-r5 gentoo dev kernel?

Mine just doesnt seem to want to work.
Back to top
View user's profile Send private message
hununu
n00b
n00b


Joined: 24 Dec 2003
Posts: 6

PostPosted: Tue Jun 29, 2004 1:25 am    Post subject: Reply with quote

OptimusP wrote:
Has anyone successfully patched and got a pptp server working with the 2.6.7-r5 gentoo dev kernel?

Mine just doesnt seem to want to work.


Ok, i was going to try 2.6.7 out but now I'm losing hope :-) I'll try it tomorrow...
Back to top
View user's profile Send private message
jammerJ
n00b
n00b


Joined: 04 Jun 2004
Posts: 21
Location: California

PostPosted: Thu Jul 01, 2004 8:27 am    Post subject: Reply with quote

Quote:
Ok, i was going to try 2.6.7 out but now I'm losing hope I'll try it tomorrow...

Thanks to BeFalou's bug report, I am now able to connect, using 2.6.7-gentoo
Unfortunately still have some authentication issues, though...
But it's late...
_________________
Don't need no stinkin' signature
Back to top
View user's profile Send private message
veezi
Apprentice
Apprentice


Joined: 10 Nov 2003
Posts: 226

PostPosted: Thu Jul 08, 2004 8:08 pm    Post subject: Reply with quote

I'm at the verge of banging my head against the wall :x I'm trying to get mppe-mppc to work. Tried it all, all the tips everywhere .. I always end up with :
Code:

MPPE required, but kernel has no support


Tried:
1. compile ppp_* as modules, builtin .. no difference
2. modified ppp ebuild for exact ppp patche (1.0) for mppe_mppc .. no difference
3. clean out all and re-emerge .. no difference

I'm using development-sources 2.6.6

Anyone? any ideas ?

Thanks,
Back to top
View user's profile Send private message
castrik
n00b
n00b


Joined: 16 Apr 2004
Posts: 31

PostPosted: Thu Jul 08, 2004 11:27 pm    Post subject: Reply with quote

So you've tried everything,

Quote:

Tried:
1. compile ppp_* as modules, builtin .. no difference
2. modified ppp ebuild for exact ppp patche (1.0) for mppe_mppc .. no difference
3. clean out all and re-emerge .. no difference


Did you apply the kernel patch for your kernel? and have you modprobe'd ip_gre and conntrack?
Back to top
View user's profile Send private message
veezi
Apprentice
Apprentice


Joined: 10 Nov 2003
Posts: 226

PostPosted: Fri Jul 09, 2004 1:17 am    Post subject: Reply with quote

castrik wrote:
So you've tried everything,

Quote:

Tried:
1. compile ppp_* as modules, builtin .. no difference
2. modified ppp ebuild for exact ppp patche (1.0) for mppe_mppc .. no difference
3. clean out all and re-emerge .. no difference


Did you apply the kernel patch for your kernel? and have you modprobe'd ip_gre and conntrack?

kernel patch applied. tried this also, but same:
Code:

modprobe arc4
modprobe ip_conntrack
modprobe ip_gre


I even tried kernel-2.6.7, same thing always gives me:
Code:

MPPE required, but kernel has no support


Any other ideas?

Thanks,
Back to top
View user's profile Send private message
Deathscythe
n00b
n00b


Joined: 04 May 2004
Posts: 65

PostPosted: Sun Jul 11, 2004 10:07 am    Post subject: Reply with quote

Thats weird. I am sure I have patched the kernel and compile it correctly. When I try to load the following modules.

Code:
modprobe ip_conntrack
modprobe ip_gre


It said

Code:
FATAL: Module ip_conntrack not found.
FATAL: Module ip_gre not found.

_________________
Deathscythe

http://www.revster.com
Back to top
View user's profile Send private message
veezi
Apprentice
Apprentice


Joined: 10 Nov 2003
Posts: 226

PostPosted: Sun Jul 11, 2004 12:14 pm    Post subject: Reply with quote

A quick question: What do these modules do (conntrack, gre)? And why do we need them for MPPE/MPPC connections?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum