PPTP VPN with MS encryption

asiobob · Posted: Wed Oct 29, 2003 8:27 am Post subject: PPTP VPN with MS encryption

Hello,
I'm atm a mandrake user looking to convert after college finishes (3 weeks for me :lol:

Like most college students I get internet access via VPN with MS "MPPE" encryption. On mandrake I used a script to build me a kernel mod for MPPE support (from pptp http://pptpclient.sourceforge.net/ followin Redhat instructions), then I installed the "pptp-client" app, then I installed pptp-php-gtk which is a nice GUI to create connections and it has an option to "assign DNS automatically" (otherwise a file has to be edited with the CMD version) and has most common routing schemes inbuilt.

All of the above works nicely on mdk. I'm new to linux, but I'm comfortable with the gentoo install instructions for a stage 2 install

Questions:

1. Does gentoo's kernel come with MPPE support? if not is there an emerge script for creating a kernel mod? if not I guess I can just use http://prdownloads.sourceforge.net/poptop/kernelmod-0.7.1.tar.gz?download the script in that URL to make a mod for me... just thought a emerge would be nice or is there other suggestions

2. installing pptp-client is easy as I believe there is an ebuild for it, but I can't find/see a ebuild for pptp-php-gtk (which is a GUI written in php/gtk) the actual source is found at http://prdownloads.sourceforge.net/pptpclient/pptp-php-gtk-20030505.tar.gz
is there an ebuild?

cheers for any help

djf_jeff · Apprentice Joined: 17 Feb 2003 Posts: 174 Location: Quebec

For the kernel mod, I think you must compile it yourself, but it is easy. Just follow the instruction here :

http://pptpclient.sourceforge.net/howto-redhat-90-build.phtml

Just dont make an rpm for this.

And for php-gtk, I think there is no ebuild for it. Maybe you can try make one or compile it yourself with the instruction included in the package.

dma · Posted: Thu Oct 30, 2003 2:46 am Post subject:

asiobob · Posted: Thu Oct 30, 2003 8:36 am Post subject:

oh excellent so doing

Wishmaster · Posted: Thu Oct 30, 2003 5:29 pm Post subject:

Hi,

at the moment i'm trying to connect to a vpn server with mppe.

I have a strange problem. The Connection establishes:

asiobob · Posted: Thu Oct 30, 2003 9:56 pm Post subject:

assuming your are routing everything to the tunnel make sure your connection to the VPN server is not been routed into itself as well!!

Wishmaster · Posted: Fri Oct 31, 2003 1:39 pm Post subject:

Yes, exactly that was the Problem. For further Details read out [1].
Thx for help!

Now the connection works, but only for a few minutes, then data transfers times out. The connections itself doesn't hang up.

Any further idea?

Bye,
Wishmaster

[1] http://pptpclient.sourceforge.net/howto-diagnosis.phtml#routing

asiobob · Posted: Fri Oct 31, 2003 2:36 pm Post subject:

okay that sounds like a MTU/MRU issue.

set the MTU and MTU to around 100 in pppd (point to point demon)

asiobob · Posted: Fri Oct 31, 2003 2:39 pm Post subject:

ahh you can set the two options in the "peers" file for the tunnel, or in the options file...

hope that helps. It happens because the data transfer is over the MTU/MRU units. if it stuffs up work only with the MTU part, a value of 1000 is meant to work, keep going higher if you want till the problem reappears

Wishmaster · Posted: Fri Oct 31, 2003 4:45 pm Post subject:

Yes, I've read about this on the Webpage, but these two values (i use webmin to configure the connection) are set as default (in '/etc/ppp/options.pptp').

Now I've set it in '/etc/ppp/peers/...' additionaly and try if it works.

Thx for the hint!

Bye,
Wishmaster

Wishmaster · Posted: Wed Nov 05, 2003 11:12 pm Post subject:

So, here is my Testresult:

The connection establishes, everything works find for a few minutes and then the connection times out. Theres no disconnect or output of an failure.

At first a ping works fine, but then pings and connections does not work through the tunnel.

Does anybody has an idea why?

Bye,
Wishmaster

asiobob · Posted: Wed Nov 05, 2003 11:43 pm Post subject:

if its not MTU/MRU problem discussed before have you tried the MTU discovery problem...

http://pptpclient.sourceforge.net/howto-diagnosis.phtml#connections_freeze

Wishmaster · Posted: Thu Nov 06, 2003 12:05 am Post subject:

Yes, i use an DSL connection. I've tried it with the iptables command and with setting the mtu to 1000 in the configuration file of the roaring penguin, which i use for my DSL connection. But nothing changes.

But you are right with your idea about problems when transmitting large amounts of data. I've made an ssh connection through the tunnel and tried to copy a file with scp, and after 50 KB the connection freezes.

But I don't know a solution!

I hope you hava another hint?

Bye,
Wishmaster

P.S.: Thx for your patient help!

asiobob · Posted: Thu Nov 06, 2003 12:21 am Post subject:

following the previous pptp link, I've come across
http://lartc.org/howto/lartc.cookbook.mtu-mss.html
which may be of some help...

For me the MTU setting fixed this connection.

You might also want to chat with the developer directly, he helped me heaps when I couldn't get it to work, get on IRC (FREENODE) and and join #pptp its his part of his job to provide support do he's in the channel from 8am to 5pm Australian Eastern Time

http://pptpclient.sourceforge.net/contact.phtml
the above page has the irc connection details + local time for the developer...

Wishmaster · Posted: Thu Nov 06, 2003 10:59 am Post subject:

Ok, thx for that tip, i will try to reach someone!

Bye,
Wishmaster

Oopsz · Guru Joined: 08 Oct 2002 Posts: 340