PPTP Client

Do you have you LAN nat'd via RRAS?  I had to play with those settings =
for awhile to make it work correctly but that was some time ago.
=20
Simple things to check.  Ping from the node to the server.  Ping from =
the server to the node.  Ping from the node to the remote gateway, =
etc...  Do you have any firewall rules in place on the node as well.  =
This could also be causing the problem.
=20
Gary

________________________________

From: pptpclient-devel-admin@... on behalf of Josh =
Close
Sent: Mon 2/14/2005 8:56 AM
To: pptpclient-devel@...
Subject: [pptp-devel] can't see network when connected to windows vpn =
server



I'm connecting to a windows vpn server, and I got the connection part
working. It connects and authenticates fine, but I can't see the
network I'm connected to. Here is some background.

## options.pptp
lock
noauth
nobsdcomp
nodeflate
mtu 1000
mru 1000
lcp-echo-failure 10
lcp-echo-interval 10

## peers/my_peer
pty "pptp <win vpn ip address> --nolaunchpppd"
name <domain>\\<user>
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam my_peer

My local network is 10.0.0.0/24 and the vpn network is 10.10.0.0/24.
When I'm connected it looks like this.

# ifconfig
ppp0      Link encap:Point-to-Point Protocol
          inet addr:10.10.0.75  P-t-P:10.10.0.74  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:996  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:80 (80.0 b)  TX bytes:80 (80.0 b)

I should be able to see the vpn network now through ppp0, right? So I
add this route.

# route add -net 10.10.0.0/24 dev ppp0

This still doesn't allow me to see it. Am I missing something? I'm
really lost on this.

-Josh


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick
_______________________________________________
pptpclient-devel mailing list
pptpclient-devel@...
https://lists.sourceforge.net/lists/listinfo/pptpclient-devel

Re: [pptp-devel] can't see network when connected to windows vpn server From: Josh Close <narshe@gm...> - 2005-02-14 19:07 I can ping the inet address (10.10.0.75) but not the p-t-p (10.10.0.74) address from the node. From the server I can ping 10.10.0.74, but not .75. Just the opposite. I had iptables going on the node, but I shut them off while testing this. -Josh On Mon, 14 Feb 2005 10:17:49 -0800, Gary W. Smith <gary@...> wrote: > Do you have you LAN nat'd via RRAS? I had to play with those settings for awhile to make it work correctly but that was some time ago. > > Simple things to check. Ping from the node to the server. Ping from the server to the node. Ping from the node to the remote gateway, etc... Do you have any firewall rules in place on the node as well. This could also be causing the problem. > > Gary > > ________________________________ > > From: pptpclient-devel-admin@... on behalf of Josh Close > Sent: Mon 2/14/2005 8:56 AM > To: pptpclient-devel@... > Subject: [pptp-devel] can't see network when connected to windows vpn server > > > I'm connecting to a windows vpn server, and I got the connection part > working. It connects and authenticates fine, but I can't see the > network I'm connected to. Here is some background. > > ## options.pptp > lock > noauth > nobsdcomp > nodeflate > mtu 1000 > mru 1000 > lcp-echo-failure 10 > lcp-echo-interval 10 > > ## peers/my_peer > pty "pptp <win vpn ip address> --nolaunchpppd" > name <domain>\\<user> > remotename PPTP > require-mppe-128 > file /etc/ppp/options.pptp > ipparam my_peer > > My local network is 10.0.0.0/24 and the vpn network is 10.10.0.0/24. > When I'm connected it looks like this. > > # ifconfig > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.10.0.75 P-t-P:10.10.0.74 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:996 Metric:1 > RX packets:8 errors:0 dropped:0 overruns:0 frame:0 > TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > RX bytes:80 (80.0 b) TX bytes:80 (80.0 b) > > I should be able to see the vpn network now through ppp0, right? So I > add this route. > > # route add -net 10.10.0.0/24 dev ppp0 > > This still doesn't allow me to see it. Am I missing something? I'm > really lost on this. > > -Josh > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > pptpclient-devel mailing list > pptpclient-devel@... > https://lists.sourceforge.net/lists/listinfo/pptpclient-devel > > >

Re: [pptp-devel] can't see network when connected to windows vpn server From: James Cameron <james.cameron@hp...> - 2005-02-14 21:39 On Mon, Feb 14, 2005 at 01:07:18PM -0600, Josh Close wrote: > I can ping the inet address (10.10.0.75) but not the p-t-p > (10.10.0.74) address from the node. Before or after adding that route? If pings don't work before adding that route, then you have a problem with the tunnel itself. If the pings stop working as a result of adding the route, then the route is wrong; e.g. by being too broad and covering the tunnel itself. Before the tunnel is started, the PPTP server has an address that you specified in the peers file. If this address is within the range covered by the route you added, then the tunnel will stop working. There are some problems that look the same as this; to diagnose further post the debug log to the mailing list as a reply to this thread. The support FAQ on the web site describes how to make a debug log. Edit it to remove any security critical information; but make your edits plain and consistent. -- James Cameron

Re: [pptp-devel] can't see network when connected to windows vpn server From: Josh Close <narshe@gm...> - 2005-02-14 22:10 On Tue, 15 Feb 2005 08:39:22 +1100, James Cameron <james.cameron@...> wrote: > Before or after adding that route? If pings don't work before adding > that route, then you have a problem with the tunnel itself. If the > pings stop working as a result of adding the route, then the route is > wrong; e.g. by being too broad and covering the tunnel itself. This is before I add the route, so there must be a problem with the tunnel itself. If it connected fine, how is there a problem with the tunnel? > > Before the tunnel is started, the PPTP server has an address that you > specified in the peers file. If this address is within the range > covered by the route you added, then the tunnel will stop working. The address I provided in the peers file is a public ip address, so 64.xxx.xxx.xxx. I connect to the public address to get to the internal 10.10.0.0/24 network. My network is a 10.0.0.0/24 network. > > There are some problems that look the same as this; to diagnose further > post the debug log to the mailing list as a reply to this thread. The > support FAQ on the web site describes how to make a debug log. Edit it > to remove any security critical information; but make your edits plain > and consistent. Ok. I ran it from the command line using # pppd call my_peer logfd 2 nodetach debug dump and this is the output it gave. pppd options in effect: debug # (from command line) nodetach # (from command line) logfd 2 # (from command line) dump # (from command line) noauth # (from /etc/ppp/options.pptp) name <domain>\\<user> # (from /etc/ppp/peers/my_peer) remotename PPTP # (from /etc/ppp/peers/my_peer) # (from /etc/ppp/options.pptp) pty pptp <public ip for vpn server> --nolaunchpppd # (from /etc/ppp/peers/my_peer) mru 1000 # (from /etc/ppp/options.pptp) mtu 1000 # (from /etc/ppp/options.pptp) lcp-echo-failure 10 # (from /etc/ppp/options.pptp) lcp-echo-interval 10 # (from /etc/ppp/options.pptp) ipparam my_peer # (from /etc/ppp/peers/my_peer) nobsdcomp # (from /etc/ppp/options.pptp) nodeflate # (from /etc/ppp/options.pptp) require-mppe-128 # (from /etc/ppp/peers/my_peer) using channel 15 Using interface ppp0 Connect: ppp0 <--> /dev/pts/1 sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x7c328a8f> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x0 <auth chap MS-v2> <magic 0x205e2161> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:<if this is needed, i can provide>]> < 17 04 03 16>] sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 03 16>] rcvd [LCP ConfNak id=0x1 <mru 1500>] sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x7c328a8f> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x1 <auth chap MS-v2> <magic 0x205e2161> <pcomp> <accomp> <endpoint [local:<if needed, can provide>]>] sent [LCP ConfAck id=0x1 <auth chap MS-v2> <magic 0x205e2161> <pcomp> <accomp> <endpoint [local:<if needed, can provide>]>] rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x7c328a8f> <pcomp> <accomp>] sent [LCP EchoReq id=0x0 magic=0x7c328a8f] rcvd [CHAP Challenge id=0x0 <looks like it should be removed>, name = "<vpn server name>"] Warning - secret file /etc/ppp/chap-secrets has world and/or group access sent [CHAP Response id=0x0 <looks like it should be removed>, name = "<domain>\\<user>"] rcvd [LCP EchoRep id=0x0 magic=0x205e2161] rcvd [CHAP Success id=0x0 "S=<removed>"] sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>] rcvd [CCP ConfReq id=0x3 <mppe +H +M +S +L -D +C>] sent [CCP ConfNak id=0x3 <mppe +H -M +S -L -D -C>] rcvd [IPCP ConfReq id=0x4 <addr 10.10.0.74>] sent [IPCP TermAck id=0x4] rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>] rcvd [CCP ConfReq id=0x5 <mppe +H -M +S -L -D -C>] sent [CCP ConfAck id=0x5 <mppe +H -M +S -L -D -C>] MPPE 128-bit stateless compression enabled sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>] rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>] sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>] rcvd [IPCP ConfNak id=0x2 <addr 10.10.0.89>] sent [IPCP ConfReq id=0x3 <addr 10.10.0.89>] rcvd [IPCP ConfAck id=0x3 <addr 10.10.0.89>] rcvd [IPCP ConfReq id=0x6 <addr 10.10.0.74>] sent [IPCP ConfAck id=0x6 <addr 10.10.0.74>] local IP address 10.10.0.89 remote IP address 10.10.0.74 Script /etc/ppp/ip-up started (pid 11420) Script /etc/ppp/ip-up finished (pid 11420), status = 0x1 My ifconfig shows this # ifconfig ppp0 Link encap:Point-to-Point Protocol inet addr:10.10.0.89 P-t-P:10.10.0.74 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:996 Metric:1 RX packets:11 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:177 (177.0 b) TX bytes:80 (80.0 b) I can ping the inet add, but not the p-t-p address. I add the route # route add -net 10.10.0.0/24 dev ppp0 and this doesn't help. -Josh

[pptp-devel] can't see network when connected to windows vpn server From: Josh Close <narshe@gm...> - 2005-02-15 20:43 Anyone know what's going on here? -Josh On Tue, 15 Feb 2005 08:39:22 +1100, James Cameron <james.cameron@...> wrote: > Before or after adding that route? If pings don't work before adding > that route, then you have a problem with the tunnel itself. If the > pings stop working as a result of adding the route, then the route is > wrong; e.g. by being too broad and covering the tunnel itself. This is before I add the route, so there must be a problem with the tunnel itself. If it connected fine, how is there a problem with the tunnel? > > Before the tunnel is started, the PPTP server has an address that you > specified in the peers file. If this address is within the range > covered by the route you added, then the tunnel will stop working. The address I provided in the peers file is a public ip address, so 64.xxx.xxx.xxx. I connect to the public address to get to the internal 10.10.0.0/24 network. My network is a 10.0.0.0/24 network. > > There are some problems that look the same as this; to diagnose further > post the debug log to the mailing list as a reply to this thread. The > support FAQ on the web site describes how to make a debug log. Edit it > to remove any security critical information; but make your edits plain > and consistent. Ok. I ran it from the command line using # pppd call my_peer logfd 2 nodetach debug dump and this is the output it gave. pppd options in effect: debug # (from command line) nodetach # (from command line) logfd 2 # (from command line) dump # (from command line) noauth # (from /etc/ppp/options.pptp) name <domain>\\<user> # (from /etc/ppp/peers/my_peer) remotename PPTP # (from /etc/ppp/peers/my_peer) # (from /etc/ppp/options.pptp) pty pptp <public ip for vpn server> --nolaunchpppd # (from /etc/ppp/peers/my_peer) mru 1000 # (from /etc/ppp/options.pptp) mtu 1000 # (from /etc/ppp/options.pptp) lcp-echo-failure 10 # (from /etc/ppp/options.pptp) lcp-echo-interval 10 # (from /etc/ppp/options.pptp) ipparam my_peer # (from /etc/ppp/peers/my_peer) nobsdcomp # (from /etc/ppp/options.pptp) nodeflate # (from /etc/ppp/options.pptp) require-mppe-128 # (from /etc/ppp/peers/my_peer) using channel 15 Using interface ppp0 Connect: ppp0 <--> /dev/pts/1 sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x7c328a8f> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x0 <auth chap MS-v2> <magic 0x205e2161> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:<if this is needed, i can provide>]> < 17 04 03 16>] sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 03 16>] rcvd [LCP ConfNak id=0x1 <mru 1500>] sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x7c328a8f> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x1 <auth chap MS-v2> <magic 0x205e2161> <pcomp> <accomp> <endpoint [local:<if needed, can provide>]>] sent [LCP ConfAck id=0x1 <auth chap MS-v2> <magic 0x205e2161> <pcomp> <accomp> <endpoint [local:<if needed, can provide>]>] rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x7c328a8f> <pcomp> <accomp>] sent [LCP EchoReq id=0x0 magic=0x7c328a8f] rcvd [CHAP Challenge id=0x0 <looks like it should be removed>, name = "<vpn server name>"] Warning - secret file /etc/ppp/chap-secrets has world and/or group access sent [CHAP Response id=0x0 <looks like it should be removed>, name = "<domain>\\<user>"] rcvd [LCP EchoRep id=0x0 magic=0x205e2161] rcvd [CHAP Success id=0x0 "S=<removed>"] sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>] rcvd [CCP ConfReq id=0x3 <mppe +H +M +S +L -D +C>] sent [CCP ConfNak id=0x3 <mppe +H -M +S -L -D -C>] rcvd [IPCP ConfReq id=0x4 <addr 10.10.0.74>] sent [IPCP TermAck id=0x4] rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>] rcvd [CCP ConfReq id=0x5 <mppe +H -M +S -L -D -C>] sent [CCP ConfAck id=0x5 <mppe +H -M +S -L -D -C>] MPPE 128-bit stateless compression enabled sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>] rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>] sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>] rcvd [IPCP ConfNak id=0x2 <addr 10.10.0.89>] sent [IPCP ConfReq id=0x3 <addr 10.10.0.89>] rcvd [IPCP ConfAck id=0x3 <addr 10.10.0.89>] rcvd [IPCP ConfReq id=0x6 <addr 10.10.0.74>] sent [IPCP ConfAck id=0x6 <addr 10.10.0.74>] local IP address 10.10.0.89 remote IP address 10.10.0.74 Script /etc/ppp/ip-up started (pid 11420) Script /etc/ppp/ip-up finished (pid 11420), status = 0x1 My ifconfig shows this # ifconfig ppp0 Link encap:Point-to-Point Protocol inet addr:10.10.0.89 P-t-P:10.10.0.74 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:996 Metric:1 RX packets:11 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:177 (177.0 b) TX bytes:80 (80.0 b) I can ping the inet add, but not the p-t-p address. I add the route # route add -net 10.10.0.0/24 dev ppp0 and this doesn't help. -Josh

Re: [pptp-devel] can't see network when connected to windows vpn server From: James Cameron <james.cameron@hp...> - 2005-02-15 23:29 On Mon, Feb 14, 2005 at 04:10:16PM -0600, Josh Close wrote: > This is before I add the route, so there must be a problem with the > tunnel itself. If it connected fine, how is there a problem with the > tunnel? Connecting fine and functioning are two different parts of the code, so it's no surprise. We seen such failures before. > Ok. I ran it from the command line using > # pppd call my_peer logfd 2 nodetach debug dump That's good. > [...] > MPPE 128-bit stateless compression enabled > [...] This all looks fine. The negotiation is faultless and normal. > local IP address 10.10.0.89 > remote IP address 10.10.0.74 > Script /etc/ppp/ip-up started (pid 11420) > Script /etc/ppp/ip-up finished (pid 11420), status = 0x1 Does anything else occur after this as a result of trying to ping the remote IP address shown above? This is where we have seen post-connection failures reported before. > I can ping the inet add, but not the p-t-p address. I add the route > # route add -net 10.10.0.0/24 dev ppp0 > and this doesn't help. No, that's right. Don't worry about the route until you can ping the remote IP address inside the tunnel. Now here's something more for you to try; it will gather information about what is happening on the tunnel data stream. From this we may be able to deduce which components are not behaving properly. Capture a complete tcpdump of the connection attempt followed by a ping of the remote IP address inside the tunnel. Our support FAQ shows how to use tcpdump ... http://pptpclient.sourceforge.net/howto-diagnosis.phtml#tcpdump I'd like you to run this command; tcpdump -i eth0 -w my.tcpdump -s 0 tcp port 1723 or proto 47 in parallel with the connection and two minutes of ping; then cancel the connection if it is still up. Then compress the my.tcpdump file using gzip, and send it to me directly as a reply to this message. Note the security warning. A prudent person would change their password after the test but before sending the tcpdump to someone else. If you choose to decode it to text, use "tcpdump -r my.tcpdump -n" and look for sensitive information to remove. -- James Cameron http://quozl.netrek.org/ HP Open Source, Volunteer http://opensource.hp.com/ PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/

Re: [pptp-devel] can't see network when connected to windows vpn server From: James Cameron <james.cameron@hp...> - 2005-02-17 00:24 Josh replied privately with tcpdump and pppd log, and the important part of the log was; On Wed, Feb 16, 2005 at 08:30:52AM -0600, Josh Close wrote: > sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>] > rcvd [CCP ConfReq id=0x3 <mppe +H +M +S +L -D +C>] > sent [CCP ConfNak id=0x3 <mppe +H -M +S -L -D -C>] > rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>] > rcvd [CCP ConfReq id=0x5 <mppe +H -M +S -L -D -C>] > sent [CCP ConfAck id=0x5 <mppe +H -M +S -L -D -C>] > MPPE 128-bit stateless compression enabled > [...] > rcvd [proto=0x9a4d] 16 b9 ed ...] > Unsupported protocol 0x9a4d received > sent [LCP ProtRej id=0x3 9a 4d ...] > rcvd [proto=0x11] 58 d9 6c ...] > Unsupported protocol 0x11 received > sent [LCP ProtRej id=0x4 00 11 ...] This shows that despite negotiating 128-bit stateless encryption without compression, the peer began to communicate in a form that was not recognised. What variant of pppd are you using? Can you tell us anything about the peer? Unfortunately, your version of tcpdump did not attempt to decode the GRE packets to analyse their PPP content. I'd need the binary form of the tcpdump to analyse the "unsupported protocol" data packets in more detail. -- James Cameron http://quozl.netrek.org/ HP Open Source, Volunteer http://opensource.hp.com/ PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/

Re: [pptp-devel] can't see network when connected to windows vpn server From: Josh Close <narshe@gm...> - 2005-02-17 14:11 On Thu, 17 Feb 2005 11:24:11 +1100, James Cameron <james.cameron@...> wrote: > [...] > This shows that despite negotiating 128-bit stateless encryption without > compression, the peer began to communicate in a form that was not > recognised. Do you think this might have something to do with my ppp configuration? > What variant of pppd are you using? Here is the info on the package I have installed. * net-dialup/ppp Latest version available: 2.4.2-r10 Latest version installed: 2.4.2-r10 Size of downloaded files: 801 kB Homepage: http://www.samba.org/ppp Description: Point-to-point protocol - patched for PPPOE License: BSD GPL-2 This is the version of pptpclient. * net-dialup/pptpclient Latest version available: 1.3.1 Latest version installed: 1.3.1 Size of downloaded files: 233 kB Homepage: http://pptpclient.sourceforge.net/ Description: Linux client for PPTP License: GPL-2 > Can you tell us anything about the peer? What would you like to know about the peer? It's running Gentoo Linux. I have the kernel patched with the patch located here: http://pptpclient.sourceforge.net/mppe/. The kernel I'm using is linux-2.6.9-gentoo-r1. It's the 2.6.9 with gentoo patches. What else would you like to know? > Unfortunately, your version of tcpdump did not attempt to decode the GRE > packets to analyse their PPP content. I'd need the binary form of the > tcpdump to analyse the "unsupported protocol" data packets in more > detail. Do you need the file before it was converted into plain text? Also, won't there be sensitive info in there? This is the version of tcpdump I'm using. * net-analyzer/tcpdump Latest version available: 3.8.3-r1 Latest version installed: 3.8.3-r1 Size of downloaded files: 553 kB Homepage: http://www.tcpdump.org/ Description: A Tool for network monitoring and data acquisition License: BSD Anything else you need, just let me know. -Josh

Re: [pptp-devel] can't see network when connected to windows vpn server From: Josh Close <narshe@gm...> - 2005-02-17 14:48 Also, I forgot to do step 3 in the gentoo config. 3. # Edit /etc/modules.d/ppp and add ppp-compress-18 ppp_mppe, then type modules-update. I did this, and nothing changed. This is what my /etc/modules.d/ppp file looks like alias char-major-108 ppp_generic alias /dev/ppp ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-13 n_hdlc alias tty-ldisc-14 ppp_synctty alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias net-pf-24 pppoe ## added by josh ppp-compress-18 ppp_mppe -Josh On Thu, 17 Feb 2005 08:11:07 -0600, Josh Close <narshe@...> wrote: > On Thu, 17 Feb 2005 11:24:11 +1100, James Cameron <james.cameron@...> wrote: > > [...] > > This shows that despite negotiating 128-bit stateless encryption without > > compression, the peer began to communicate in a form that was not > > recognised. > > Do you think this might have something to do with my ppp configuration? > > > What variant of pppd are you using? > > Here is the info on the package I have installed. > > * net-dialup/ppp > Latest version available: 2.4.2-r10 > Latest version installed: 2.4.2-r10 > Size of downloaded files: 801 kB > Homepage: http://www.samba.org/ppp > Description: Point-to-point protocol - patched for PPPOE > License: BSD GPL-2 > > This is the version of pptpclient. > > * net-dialup/pptpclient > Latest version available: 1.3.1 > Latest version installed: 1.3.1 > Size of downloaded files: 233 kB > Homepage: http://pptpclient.sourceforge.net/ > Description: Linux client for PPTP > License: GPL-2 > > > Can you tell us anything about the peer? > > What would you like to know about the peer? It's running Gentoo Linux. > I have the kernel patched with the patch located here: > http://pptpclient.sourceforge.net/mppe/. The kernel I'm using is > linux-2.6.9-gentoo-r1. It's the 2.6.9 with gentoo patches. What else > would you like to know? > > > Unfortunately, your version of tcpdump did not attempt to decode the GRE > > packets to analyse their PPP content. I'd need the binary form of the > > tcpdump to analyse the "unsupported protocol" data packets in more > > detail. > > Do you need the file before it was converted into plain text? Also, > won't there be sensitive info in there? > > This is the version of tcpdump I'm using. > > * net-analyzer/tcpdump > Latest version available: 3.8.3-r1 > Latest version installed: 3.8.3-r1 > Size of downloaded files: 553 kB > Homepage: http://www.tcpdump.org/ > Description: A Tool for network monitoring and data acquisition > License: BSD > > Anything else you need, just let me know. > > -Josh >

Re: [pptp-devel] can't see network when connected to windows vpn server From: James Cameron <james.cameron@hp...> - 2005-02-18 00:57 On Thu, Feb 17, 2005 at 08:11:07AM -0600, Josh Close wrote: > On Thu, 17 Feb 2005 11:24:11 +1100, James Cameron <james.cameron@...> wrote: > > [...] > > This shows that despite negotiating 128-bit stateless encryption without > > compression, the peer began to communicate in a form that was not > > recognised. > > Do you think this might have something to do with my ppp configuration? Yes, the negotiation and packet handling at this stage is exclusively within the PPP configuration, both the pppd binary and the kernel PPP modules. Your problem is purely a PPP problem. It's just that it's happening in the context of a PPTP connection. > > What variant of pppd are you using? > Here is the info on the package I have installed. > Latest version available: 2.4.2-r10 Try 2.4.3 from http://www.samba.org/ppp or Jan Dubiec's fork. > This is the version of pptpclient. Unimportant but interesting; the problem doesn't have anything to do with PPTP at this stage. You're using 1.3.1, but 1.5.0 is the latest version; and 1.6.0 is about to be released. > > Can you tell us anything about the peer? > What would you like to know about the peer? It's running Gentoo Linux. > I have the kernel patched with the patch located here: > http://pptpclient.sourceforge.net/mppe/. The kernel I'm using is > linux-2.6.9-gentoo-r1. It's the 2.6.9 with gentoo patches. What else > would you like to know? Version of pppd and kernel PPP support on the peer would be interesting. Is it 64-bit architecture or 32-bit? We had some problems at one stage with the crypto code on 64-bit. > Do you need the file before it was converted into plain text? Yes, but given that you have control over the peer (?) perhaps I won't really need it. Let's see the outcome of comparing the pppd implementations thoroughly. > won't there be sensitive info in there? Yes, there will. At least IP addresses, usernames and challenge-response form of the passwords. No plain-text passwords (unless the tunnel worked and you ran an FTP or non-SSL POP3 query). If the IP address is public, and someone wants to spend the time to brute force the crypto exchange, they could gain entry to the VPN server. Same risks as if they were able to listen on your network links. If you change the password after making the tcpdump, then there's much less risk of successful entry. Up to you to decide the risk and the level of trust you have in me and HP. Because I'm using HP's sponsorship of this project to deal with you, any existing contract you have with HP for software support would likely apply in terms of information security and privacy. We have standards of business conduct that I must apply; and these include privacy of information; even if the work is done on a volunteer basis. I can take GnuPG encrypted mail, or symmetric crypto if you send me the passphrase out of band (e.g. by telephone). By the way, the change to the module list in your subsequent post should have no impact on this particular problem. It only changes how the module is loaded when probed for by PPP. If the module couldn't be loaded, you'd be getting the "kernel has no support" message. -- James Cameron http://quozl.netrek.org/ HP Open Source, Volunteer http://opensource.hp.com/ PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/

Re: [pptp-devel] can't see network when connected to windows vpn server From: Josh Close <narshe@gm...> - 2005-02-18 17:44 I upgraded to the version you said and tried to start "pppd call my_peer....." and I get this error. pppd: In file /etc/ppp/peers/freeze: unrecognized option 'require-mppe-128' -Josh

Re: [pptp-devel] can't see network when connected to windows vpn server From: Josh Close <narshe@gm...> - 2005-02-20 05:02 What about the patches from polbox? Someone showed me this link here http://gentoo-wiki.com/HOWTO_PPTP_tunnels_with_kernel_2.6 Is this correct also? -Josh

Re: [pptp-devel] can't see network when connected to windows vpn server From: James Cameron <james.cameron@hp...> - 2005-02-20 21:43 On Fri, Feb 18, 2005 at 11:44:46AM -0600, Josh Close wrote: > I upgraded to the version you said and tried to start "pppd call > my_peer....." and I get this error. > pppd: In file /etc/ppp/peers/freeze: unrecognized option 'require-mppe-128' Remove the option; the version you upgraded to apparently uses a different option syntax. -- James Cameron http://quozl.netrek.org/ HP Open Source, Volunteer http://opensource.hp.com/ PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/

Re: [pptp-devel] can't see network when connected to windows vpn server From: James Cameron <james.cameron@hp...> - 2005-02-20 21:44 On Sat, Feb 19, 2005 at 11:02:24PM -0600, Josh Close wrote: > What about the patches from polbox? Someone showed me this link here > http://gentoo-wiki.com/HOWTO_PPTP_tunnels_with_kernel_2.6 > Is this correct also? Dunno, never tried it. -- James Cameron http://quozl.netrek.org/ HP Open Source, Volunteer http://opensource.hp.com/ PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/

Re: [pptp-devel] can't see network when connected to windows vpn server From: Josh Close <narshe@gm...> - 2005-02-21 00:29 I ended up figuring out how to get it all working. I wrote up a howto on it here http://forums.gentoo.org/viewtopic-t-298267-highlight-.html Thanks for all your help James. Couldn't have done this without you. -Josh

3 messages have been excluded from this view by a project administrator.