Poptop

When I try to open tunnel from XP machine I see in /var/log/messages:

Dec 23 16:59:41 ns pptpd[25067]: CTRL: Ignored a SET LINK INFO packet with real 
ACCMs!
Dec 23 16:59:41 ns pppd[25068]: rc_avpair_new: unknown attribute 6
Dec 23 16:59:41 ns pppd[25068]: rc_avpair_new: unknown attribute 7
Dec 23 16:59:41 ns pppd[25068]: rc_avpair_new: unknown attribute 1
Dec 23 16:59:41 ns pppd[25068]: rc_avpair_new: unknown attribute 31
Dec 23 16:59:41 ns pppd[25068]: rc_avpair_new: unknown attribute 4
Dec 23 16:59:41 ns pppd[25068]: Peer agostini failed CHAP authentication

In freeradius forums and on site 
http://wiki.freeradius.org/PopTop#The_radiusclient_setup_part_.28on_the_Poptop_server.29

explain is that there is a problem with dictionary.microsoft.
I have tried to copy it from the site but the problem is the same.

This is my pptpd.conf file:
ppp /usr/sbin/pppd
option /etc/ppp/options.pptpd
debug
logwtmp
delegate
localip 192.168.0.1
remoteip 192.168.0.234-238

and this /etc/ppp/options.pptpd:
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 10.0.0.1
ms-wins 10.0.0.3
proxyarp
debug
lock
nobsdcomp
novj
novjccomp
nologfd
plugin radius.so
plugin radattr.so

Can you help me?
Thanks and Merry Christmas!
Alessandro
-- 
Servizio informatica e comunicazioni
CNR - Istituto Fisica Applicata "N.Carrara"
Via Madonna del Piano,10 Sesto Fiorentino (FI)
---------------------------------------------
http://www.ifac.cnr.it - tel. 055 5226406

Hello everybody,

I am trying to connect with a Windows XP machine to my Debian pptpd
systems and it seems to fail somehow. I had a similar set-up working a
few weeks back but I can't seem to repeat it.

Does somebody have some hints, I already tried stripping down the
firewall to simpler more permissive rules but no joy.

Please see the attachment for the full error session and the iptable
firewall.

I think this is the key error:
Dec 22 01:52:04 sammy pptpd[7755]: GRE:
read(fd=7,buffer=80505a0,len=8260) from network failed: status = -1
error = Protocol not available

I found this info (http://poptop.sourceforge.net/dox/qna.html) so
added the /sbin/modprobe ip_gre to my iptable if-up script, but also
no joy.

Any help would be welcome,

Thanks in advance,

Kind regards,

Jelle

I have a problem with my pptpd installation, that started happening when my 
users connect from far away locations with a really slow link (the server is 
in california, the clients are in europe on a DSL link with some packet 
drops every now and then).

The pptpd connection works for a bit and then it stops. This seems to happen 
more frequently when the client is downloading/uploading big files on the 
VPN.

The log is below.

As you can see, after a certain time pppd receives garbage and sends LCP 
ProtRej packets.

Server:
pptpd 1.3.4
pppd  2.4.4
Kernel 2.6.18-6-686

Client
Windows XP SP3 and Windows Vista

Any ideas what could cause this problem?

Have a nice day
GV



Dec 19 00:21:46 evilside pppd[27039]: using channel 326
Dec 19 00:21:46 evilside pppd[27039]: sent [LCP ConfReq id=0x1 <asyncmap 
0x0> <auth chap MS-v2> <magic 0x2c017766> <pcomp> <accomp>]
Dec 19 00:21:46 evilside pppd[27039]: rcvd [LCP ConfReq id=0x0 <mru 1400> 
<magic 0x522857e4> <pcomp> <accomp> <callback CBCP>]
Dec 19 00:21:46 evilside pppd[27039]: sent [LCP ConfRej id=0x0 <callback 
CBCP>]
Dec 19 00:21:47 evilside pppd[27039]: rcvd [LCP ConfReq id=0x1 <mru 1400> 
<magic 0x522857e4> <pcomp> <accomp>]
Dec 19 00:21:47 evilside pppd[27039]: sent [LCP ConfAck id=0x1 <mru 1400> 
<magic 0x522857e4> <pcomp> <accomp>]
Dec 19 00:21:49 evilside pppd[27039]: sent [LCP ConfReq id=0x1 <asyncmap 
0x0> <auth chap MS-v2> <magic 0x2c017766> <pcomp> <accomp>]
Dec 19 00:21:49 evilside pppd[27039]: rcvd [LCP ConfAck id=0x1 <asyncmap 
0x0> <auth chap MS-v2> <magic 0x2c017766> <pcomp> <accomp>]
Dec 19 00:21:49 evilside pppd[27039]: sent [LCP EchoReq id=0x0 
magic=0x2c017766]
Dec 19 00:21:49 evilside pppd[27039]: sent [CHAP Challenge id=0xdc 
<f6f7816fc775bd1039244bb862b6340a>, name = "pptpd"]
Dec 19 00:21:49 evilside pppd[27039]: rcvd [LCP Ident id=0x2 
magic=0x522857e4 "MSRASV5.20"]
Dec 19 00:21:49 evilside pppd[27039]: rcvd [LCP Ident id=0x3 
magic=0x522857e4 "MSRAS-0-TEST"]
Dec 19 00:21:49 evilside pppd[27039]: rcvd [LCP Ident id=0x4 
magic=0x522857e4 
"\037\025D\023A\37777777621IL\37777777600\37777777611\37777777731\024 
\37777777710\022\37777777753"]
Dec 19 00:21:52 evilside pppd[27039]: sent [CHAP Challenge id=0xdc 
<f6f7816fc775bd1039244bb862b6340a>, name = "pptpd"]
Dec 19 00:21:53 evilside pppd[27039]: rcvd [CHAP Response id=0xdc 
<81ef9788b072f454b85ee5d46177e97b0000000000000000c89d2eaccae4c457bc4c9c602f5335c9784a7f435f23fa4e00>, 
name = "USERXXX"]
Dec 19 00:21:53 evilside pppd[27039]: RADATTR plugin wrote 8 line(s) to file 
/var/run/radattr.ppp3.
Dec 19 00:21:53 evilside pppd[27039]: sent [CHAP Success id=0xdc 
"S=05095606B26E93C608D0C64E4B827EFFB75DE695"]
Dec 19 00:21:53 evilside pppd[27039]: sent [CCP ConfReq id=0x1 <mppe +H -M 
+S -L -D -C>]
Dec 19 00:21:53 evilside pppd[27039]: rcvd [IPV6CP ConfReq id=0x5 <addr 
fe80::b836:207a:8b56:f500>]
Dec 19 00:21:53 evilside pppd[27039]: sent [LCP ProtRej id=0x2 80 57 01 05 
00 0e 01 0a b8 36 20 7a 8b 56 f5 00]
Dec 19 00:21:53 evilside pppd[27039]: rcvd [CCP ConfReq id=0x6 <mppe +H -M 
+S -L -D -C>]
Dec 19 00:21:53 evilside pppd[27039]: sent [CCP ConfAck id=0x6 <mppe +H -M 
+S -L -D -C>]
Dec 19 00:21:53 evilside pppd[27039]: rcvd [IPCP ConfReq id=0x7 <addr 
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 
0.0.0.0>]
Dec 19 00:21:53 evilside pppd[27039]: sent [IPCP TermAck id=0x7]
Dec 19 00:21:53 evilside pppd[27039]: rcvd [CCP ConfAck id=0x1 <mppe +H -M 
+S -L -D -C>]
Dec 19 00:21:53 evilside pppd[27039]: sent [IPCP ConfReq id=0x1 <compress VJ 
0f 01> <addr 192.168.77.67>]
Dec 19 00:21:54 evilside pppd[27039]: rcvd [IPCP ConfRej id=0x1 <compress VJ 
0f 01>]
Dec 19 00:21:54 evilside pppd[27039]: sent [IPCP ConfReq id=0x2 <addr 
X.X.X.X>]
Dec 19 00:21:54 evilside pppd[27039]: rcvd [IPCP ConfAck id=0x2 <addr 
X.X.X.X>]
Dec 19 00:21:57 evilside pppd[27039]: sent [IPCP ConfReq id=0x2 <addr 
X.X.X.X>]
Dec 19 00:21:57 evilside pppd[27039]: rcvd [IPCP ConfReq id=0x8 <addr 
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 
0.0.0.0>]
Dec 19 00:21:57 evilside pppd[27039]: sent [IPCP ConfNak id=0x8 <addr 
y.y.y.y> <ms-dns1 z.z.z.z> <ms-wins z.z.z.z> <ms-dns3 z.z.z.z> <ms-wins 
z.z.z.z>]
Dec 19 00:21:57 evilside pppd[27039]: rcvd [IPCP ConfAck id=0x2 <addr 
X.X.X.X>]
Dec 19 00:21:57 evilside pppd[27039]: rcvd [IPCP ConfReq id=0x9 <addr 
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 
0.0.0.0>]
Dec 19 00:21:57 evilside pppd[27039]: sent [IPCP ConfNak id=0x9 <addr 
y.y.y.y> <ms-dns1 z.z.z.z> <ms-wins z.z.z.z> <ms-dns3 z.z.z.z> <ms-wins 
z.z.z.z>]
Dec 19 00:21:57 evilside pppd[27039]: rcvd [IPCP ConfReq id=0xa <addr 
y.y.y.y> <ms-dns1 z.z.z.z> <ms-wins z.z.z.z> <ms-dns3 z.z.z.z> <ms-wins 
z.z.z.z>]
Dec 19 00:21:57 evilside pppd[27039]: sent [IPCP ConfAck id=0xa <addr 
y.y.y.y> <ms-dns1 z.z.z.z> <ms-wins z.z.z.z> <ms-dns3 z.z.z.z> <ms-wins 
z.z.z.z>]
Dec 19 00:21:57 evilside pppd[27039]: Script /etc/ppp/ip-up started (pid 
27043)
Dec 19 00:21:57 evilside pppd[27039]: Script /etc/ppp/ip-up finished (pid 
27043), status = 0x0
Dec 19 00:36:16 evilside pppd[27039]: rcvd [proto=0x1e77] 30 04 48 7d a5 f2 
60 46 3b 02 7c be 51 ce 2d 06 a6 a2 3a 8a 4b e9 93 dc 75 e5 f6 c4 3c 79 f9 
07 ...
Dec 19 00:36:16 evilside pppd[27039]: sent [LCP ProtRej id=0x3 1e 77 30 04 
48 7d a5 f2 60 46 3b 02 7c be 51 ce 2d 06 a6 a2 3a 8a 4b e9 93 dc 75 e5 f6 
c4 3c 79 ...]
Dec 19 00:36:17 evilside pppd[27039]: rcvd [proto=0xde3d] 57 c7 2b aa dc 1b 
e5 f4 cd 40 19 11 66 0c 21 db 57 9a 72 72 d4 ee 3c 05 ad e9 7b ae ec ff ae 
92 ...
Dec 19 00:36:17 evilside pppd[27039]: sent [LCP ProtRej id=0x4 de 3d 57 c7 
2b aa dc 1b e5 f4 cd 40 19 11 66 0c 21 db 57 9a 72 72 d4 ee 3c 05 ad e9 7b 
ae ec ff ...]
Dec 19 00:36:17 evilside pppd[27039]: rcvd [proto=0xd637] e5 74 ce 7d 01 67 
89 e1 5a 31 2a c3 b1 88 a5 15 95 ed 55 6c 79 18 07 bd 82 40 72 bc 2f 63 9d 
da ...
Dec 19 00:36:17 evilside pppd[27039]: sent [LCP ProtRej id=0x5 d6 37 e5 74 
ce 7d 01 67 89 e1 5a 31 2a c3 b1 88 a5 15 95 ed 55 6c 79 18 07 bd 82 40 72 
bc 2f 63 ...]
Dec 19 00:36:17 evilside pppd[27039]: rcvd [proto=0x4c08] 4d 2d 08 4d d9 13 
d7 23 ec 3f 9a e7 19 f6 3a 61 97 ed 45 99 ed e0 2c fd de 75 cf 0c cc 38 55 
9c ...
Dec 19 00:36:17 evilside pppd[27039]: sent [LCP ProtRej id=0x6 4c 08 4d 2d 
08 4d d9 13 d7 23 ec 3f 9a e7 19 f6 3a 61 97 ed 45 99 ed e0 2c fd de 75 cf 
0c cc 38 ...]
Dec 19 00:36:17 evilside pppd[27039]: rcvd [proto=0x4a97] dc a5 2e 6a 39 e0 
0b 5a 02 74 af 3e d1 b6 f4 8f fd 48 11 ff ce 94 7a 83 4e a3 03 4f 8c 51 fb 
78 ...
Dec 19 00:36:17 evilside pppd[27039]: sent [LCP ProtRej id=0x7 4a 97 dc a5 
2e 6a 39 e0 0b 5a 02 74 af 3e d1 b6 f4 8f fd 48 11 ff ce 94 7a 83 4e a3 03 
4f 8c 51 ...]

Le 26/11/2009 11:41, philippe gracia a écrit :
> hi!
>
> I have the same problem described here :
> http://sourceforge.net/mailarchive/message.php?msg_id=484FC86A.9020404%40wavenet.at
>
>
> Here is a small explanation:
>
> - XP3 sp3/vista/seven connect to a ppptpd-server, but cannot ping any
> machine on the network, but all 98/200/xp client does.
>
> To make it work, You must disable encryption in the connexion properties.
>
> here is a cut/paste of the vista log :
> Nov 26 11:24:12 mailhost pptpd[1463]: CTRL: Client xx.xx.xx.xx control
> connection started
> Nov 26 11:24:12 mailhost pptpd[1463]: CTRL: Starting call (launching
> pppd, opening GRE)
> Nov 26 11:24:12 mailhost pppd[1464]: Plugin
> /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
> Nov 26 11:24:12 mailhost pppd[1464]: pppd 2.4.4 started by root, uid 0
> Nov 26 11:24:12 mailhost pppd[1464]: Starting negotiation on /dev/pts/3
> Nov 26 11:24:15 mailhost pptpd[1463]: CTRL: Ignored a SET LINK INFO
> packet with real ACCMs!
> Nov 26 11:24:15 mailhost pppd[1464]: Using interface ppp1
> Nov 26 11:24:15 mailhost pppd[1464]: MPPE 128-bit stateful compression
> enabled
> Nov 26 11:24:17 mailhost pppd[1464]: found interface eth1 for proxy arp
> Nov 26 11:24:17 mailhost pppd[1464]: local  IP address 10.33.1.250
> Nov 26 11:24:17 mailhost pppd[1464]: remote IP address 10.33.1.75
>
>
> my options.pptpd:
>
> name pptpd
> lock
> mtu 1400
> mru 1400
> proxyarp
> auth
> #debug
> multilink
>
> # Strip the domain prefix from the username before authentication.
> # (applies if you use pppd with chapms-strip-domain patch)
> #chapms-strip-domain
>
>
> # Encryption
> # (There have been multiple versions of PPP with encryption support,
> # choose with of the following sections you will use.)
>
>
> # BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
> # {{{
> refuse-pap
> refuse-chap
> refuse-mschap
> # Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
> # Challenge Handshake Authentication Protocol, Version 2] authentication.
> require-mschap-v2
> # Require MPPE 128-bit encryption
> # (note that MPPE requires the use of MSCHAP-V2 during authentication)
> #require-mppe-128
> #mppe no128,no56
> mppe required
>
> # Miscellaneous
>
> # Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
> # access.
> lock
>
> # Disable BSD-Compress compression
> nobsdcomp
>
> # Disable Van Jacobson compression
> # (needed on some networks with Windows 9x/ME/XP clients, see posting to
> # poptop-server on 14th April 2005 by Pawel Pokrywka and followups,
> # http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 )
> novj
> novjccomp
>
> # turn off logging to stderr, since this may be redirected to pptpd
> nologfd
>
>
>
>
>
>
> I have a strange kernel error message :
>
> Nov 25 15:31:14 mailhost kernel: mppe_comp_init[1]: unknown key length
> Nov 25 17:04:34 mailhost kernel: mppe_decomp_init[1]: unknown key length
>
>
> can someone help me resolve this ?
>
> thanks by advance
>
>    


Hello.
Tried to resolve by myself, but it's far away of my knowledge.

Really no idea ?

I'm feeling alone ...

thanks...

i'm setting up a new poptop instance and i'm running into with gre  
getting some read error. the connection is running between an office  
and a datacenter with acl's on the routers allowing gre through and an  
ip traffic between the two sites through.

  I'm getting the following in my logs:

Dec 16 18:41:43 sjc-log1 pptpd[23829]: CTRL: Client *.*.*.* control  
connection started
Dec 16 18:41:43 sjc-log1 pptpd[23829]: CTRL: Starting call (launching  
pppd, opening GRE)
Dec 16 18:41:43 sjc-log1 pppd[23830]: pppd options in effect:
Dec 16 18:41:43 sjc-log1 pppd[23830]: debug             # (from /etc/ 
ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: nologfd           # (from /etc/ 
ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: dump              # (from /etc/ 
ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: require-mschap-v2         #  
(from /etc/ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: refuse-pap                #  
(from /etc/ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: refuse-chap               #  
(from /etc/ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: refuse-mschap             #  
(from /etc/ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: name pptpd                #  
(from /etc/ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: 115200            # (from  
command line)
Dec 16 18:41:43 sjc-log1 pppd[23830]: lock              # (from /etc/ 
ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: local             # (from  
command line)
Dec 16 18:41:43 sjc-log1 pppd[23830]: novj              # (from /etc/ 
ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: novjccomp         # (from /etc/ 
ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: ipparam  
64.244.66.2               # (from command line)
Dec 16 18:41:43 sjc-log1 pppd[23830]:  
192.168.30.26:192.168.30.115              # (from command line)
Dec 16 18:41:43 sjc-log1 pppd[23830]: nobsdcomp         # (from /etc/ 
ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: require-mppe-128          #  
(from /etc/ppp/options.pptpd)
Dec 16 18:41:43 sjc-log1 pppd[23830]: pppd 2.4.4 started by root, uid 0
Dec 16 18:41:43 sjc-log1 pppd[23830]: Using interface ppp0
Dec 16 18:41:43 sjc-log1 pppd[23830]: Connect: ppp0 <--> /dev/pts/2Dec  
16 18:42:13 sjc-log1 pppd[23830]: LCP: timeout sending Config-Requests
Dec 16 18:42:13 sjc-log1 pppd[23830]: Connection terminated.
Dec 16 18:42:13 sjc-log1 pppd[23830]: Modem hangupDec 16 18:42:13 sjc- 
log1 pppd[23830]: Exit.
Dec 16 18:42:13 sjc-log1 pptpd[23829]: GRE: read 
(fd=6,buffer=610860,len=8196) from PTY failed: status = -1 error =  
Input/output error, usually caused by unexpected termination of pppd,  
check option syntax and pppd logs
Dec 16 18:42:13 sjc-log1 pptpd[23829]: CTRL: PTY read or GRE write  
failed (pty,gre)=(6,7)
Dec 16 18:42:13 sjc-log1 pptpd[23829]: CTRL: Client *.*.*.* control  
connection finished


Jon Heise
Systems Engineer
Genius, Inc
1400 Fashion Island Blvd, Suite 500
650 703 8615 (C)

Hi everyone,

I'm at a lost why combination of  poptop radius plugin is only passing  
the last 4 digits of the callingstationid and in reverse order.

I would also like to capture MAC address, but this does not seem to be  
possible?

Any ideas, pointers?

Kind Regards,

Nev

CentOS 5.4
pptp 2.4.4
Poptop 1.3.4

I figured out the first problem.
The additional dictionary packets (windows one) has the same ID with
default dictionary file ..So freeradius was assuming a 4 digit dictionary
parameters instead of full ip stack.
I just changed the ID of clientipaddress and it worked.
But still couldnt find anything about disconnect
:(

> Hi, Oguzhan
>
> I checked my radacct table, there no problem. My radacct table like that:
> +------------------+-----------------+
> | callingstationid | framedipaddress |
> +------------------+-----------------+
> | XXX.42.176.XXX    | 192.168.10.234  |
>
> I think that you maybe not configure your radiusclient correct. Check that
> if you create dictionary for pptp protocol correctly.
>
> I couldn't help you the  2nd problem, I am also confused with radius
> disconnect packet.
>
> On Tue, Nov 24, 2009 at 7:30 PM, Oguzhan Kayhan
> <oguzhank@...:
>
>> Hello,
>> I made a configuration for freeradius+pptp+mysql
>>
>> Everythings working great..Except some minor problems..
>> Here's follows..
>>
>> I am checking radacct table on mysql to see the logs..
>> Ok. i can see connection dates..total data trasnfers.. username
>> etc..but..
>> it doesnt show callingstationid for the user that connects to vpn..
>> Just the framedIpAddress that user gets..
>> Does anybody had such problem.. or is there any way to log the callingip
>> addresses on mysql also???
>>
>> Second problem..
>> Is there a way to disconnect pptp user via radius disconnect packet??
>>
>>
>> Thanks..
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>> 30-Day
>> trial. Simplify your report design, integration and deployment - and
>> focus
>> on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> _______________________________________________
>> Poptop-server mailing list
>> Poptop-server@...
>> https://lists.sourceforge.net/lists/listinfo/poptop-server
>>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
> 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.
> http://p.sf.net/sfu/bobj-july_______________________________________________
> Poptop-server mailing list
> Poptop-server@...
> https://lists.sourceforge.net/lists/listinfo/poptop-server
>