| View previous topic :: View next topic |
| Author |
Message |
minaguib
n00b
Joined: 03 Nov 2003
Posts: 35
Location: Montréal
|
 Posted: Wed May 26, 2004 7:28 pm Post subject: PPTP tunnels with kernel 2.6 |
 |
|
It took me all day to get this PPTP tunnel to my office working under the 2.6 kernel so I decided to document it here:
1. Use the 2.6 kernel. Current version in portage is 2.6.5-gentoo-r1
2. Download the appropriate MPPE/MPPC patch from here - In case of the 2.6.5 kernel it's linux-2.6.5-mppe-mppc-1.0.patch.gz
3. Patch your kernel source tree with the downloaded patch
4. Configure your kernel, make sure all these are enabled/compiled as modules:
| Code: |
#Device Drivers ---> Networking support --->
<M> PPP (point-to-point protocol) support
<M> PPP support for async serial ports
<M> Microsoft PPP compression/encryption (MPPC/MPPE)
#Cryptographic options --->
[*] Cryptographic API
<M> ARC4 cipher algorithm
|
5. Install your kernel, install modules, reboot if necessary, run modules-update
6. Download this file and save it ontop of (override) /usr/portage/net-dialup/ppp/files/2.4.2/stdopt-mppe-mppc-0.82.patch.gz
7. Install/re-install ppp: emerge /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild
8. Install/re-install pptpclient if necessary
9. Modify /etc/ppp/options.conf - Change these lines:
| Code: |
mppe-40
mppe-128
mppe-stateless
|
to so:
| Code: |
#mppe-40
#mppe-128
#mppe-stateless
|
10. NOW you can finally follow all the docs out there:
10a. Edit /etc/ppp/chap-secrets, add:
| Code: |
DOMAINNAME\\username ANYVPNNAME password
ANYVPNNAME DOMAINNAME\\username password
|
10b. Edit/create /etc/ppp/peers/ANYVPNNAME :
| Code: |
# Server IP: XX.YY.ZZ.AA
# Route: add -net XX.YY.0.0 netmask 255.255.0.0 dev TUNNEL_DEV
name DOMAINNAME\\username
remotename ANYVPNNAME
file /etc/ppp/options.pptp
|
11. If all goes well, you can start your tunnel: pptp-command start ANYVPNNAME
Last edited by minaguib on Mon Jun 28, 2004 2:15 am; edited 1 time in total |
|
| Back to top |
|
 |
hununu
n00b
Joined: 24 Dec 2003
Posts: 6
|
| Posted: Fri Jun 04, 2004 9:24 pm Post subject: |
|
|
Has anyone been using the patches for the kernel and ppp on a kernel 2.6.6 to connect to a Windows VPN ? I'm gettin a kernel does not support MPPE  |
|
| Back to top |
|
|
jammerJ
n00b
Joined: 04 Jun 2004
Posts: 21
Location: California
|
| Posted: Sat Jun 05, 2004 6:57 pm Post subject: |
|
|
I've tried pretty much every tutorial and patch out there.
I always end up with the following after modprobe ppp_mppe_mppc (from dmesg)
| Code: |
PPP generic driver version 2.4.2
devfs_mk_dev: could not append to parent for ppp
failed to register PPP device (-17)
ppp_mppe_mppc: Unknown symbol ppp_register_compressor
ppp_mppe_mppc: Unknown symbol ppp_unregister_compressor
|
I figure that it's not related to any of the patches, because I don't get errormessages during compile.
Any ideas are greatly appreciated.
_________________
Don't need no stinkin' signature |
|
| Back to top |
|
|
hununu
n00b
Joined: 24 Dec 2003
Posts: 6
|
| Posted: Sun Jun 06, 2004 3:32 am Post subject: |
|
|
I can successfully compile and load the module using development-sources and the patches for 2.6.6 kernel. My problem is not being able to make ppp see it  |
|
| Back to top |
|
|
Sinneh
n00b
Joined: 17 May 2004
Posts: 3
|
| Posted: Sun Jun 13, 2004 2:50 pm Post subject: |
|
|
| hununu wrote: | | I can successfully compile and load the module using development-sources and the patches for 2.6.6 kernel. My problem is not being able to make ppp see it |
where do you get these patches? the site mentioned in the first post seems to be down or moved or smtg, googled for it but no success.
i need mppe support |
|
| Back to top |
|
|
mamash
n00b
Joined: 06 May 2004
Posts: 7
|
| Posted: Mon Jun 14, 2004 12:41 am Post subject: |
|
|
| Me too. The whole polbox.com server seems to be down for a couple of days and no mirror anywhere. Does anybody have the patch at hand? |
|
| Back to top |
|
|
Brandoo
n00b
Joined: 22 Mar 2003
Posts: 4
Location: NZ
|
| Posted: Sun Jun 20, 2004 11:08 am Post subject: |
|
|
OK, Have spent quite a lot of time today checking this out.
I have got to the point where the tunnel is created - so I guess its a great start 
You will need to familiarise (spelling??) yourself with the site http://www.polbox.com/h/hs001/
Also, this has been great for a rough guide - follow it.
There were 3 things that had me stumped and this page provided lots of help!
Problem #1: remote system is required to authenticate itself
Easily fixed from the above link | Quote: | | Make sure that noauth option is in the options file, or given to pppd via the command line. Make sure that require-mschap-v2 require-mschap require-chap require-pap require-eap options are not used. |
Problem #2: MPPE required, but kernel has no support.
This was the major problem I had - my kernel was patched, I was absolutly positive ppp was also patched, so what was the problem.
I noticed this from the above link: | Quote: | | Ensure the versions of PPP and PPP's MPPE kernel support match. |
I patched the kernel with the recommended patch from the MPPE patch site, PPP was patched through the ebuild. I checked the kerlen patch version (I used linux-2.4.26-mppe-mppc-1.0.patch.gz) and found I was using the latest 1.0 patch.
Looking at /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild I saw | Quote: | | epatch ${FILESDIR}/${PV}stdopt-mppe-mppc-0.82.patch.gz |
The Kernel version and PPP patch version need to be consistent, PPP patch was 0.82.
Through the IRC channel and some help from marienz (Cheers!) I worked out how to apply the correct patch to the ebuild I was using (was using the unstable ebuild).
Change dir to /usr/portage/net-dialup/ppp/files/2.4.2/
Download the latest required patch to match the kernel patch
| Code: | | wget http://www.polbox.com/h/hs001/ppp-2.4.2-mppe-mppc-1.0.patch.gz |
Edit the ebuild
| Code: | | nano /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild |
Change the epatch line to use the correct patch
| Code: | | epatch ${FILESDIR}/${PV}/ppp-2.4.2-mppe-mppc-1.0.patch.gz |
Build ppp again
| Code: | | ACCEPT_KEYWORDS="~x86" emerge ppp |
Reboot and try reconnecting
Problem #3: More peer/option errors
I had to remove the option require-mppe from both the peer and options file - this is my current options.pptp file that I can now connect with:
| Code: | lock
noauth
nobsdcomp
nodeflate
refuse-pap
refuse-chap
refuse-mschap
#refuse eap
#require-mppe
|
Hope this may help some of you ppl struggling through this - at the least understand the problem(s). |
|
| Back to top |
|
|
BeFalou
n00b
Joined: 26 May 2003
Posts: 45
Location: Madrid
|
| Posted: Mon Jun 21, 2004 4:29 pm Post subject: |
|
|
| jammerJ wrote: | I've tried pretty much every tutorial and patch out there.
I always end up with the following after modprobe ppp_mppe_mppc (from dmesg)
| Code: |
PPP generic driver version 2.4.2
devfs_mk_dev: could not append to parent for ppp
failed to register PPP device (-17)
ppp_mppe_mppc: Unknown symbol ppp_register_compressor
ppp_mppe_mppc: Unknown symbol ppp_unregister_compressor
|
I figure that it's not related to any of the patches, because I don't get errormessages during compile.
Any ideas are greatly appreciated. |
I've exactly the same problem, and i can't find a way to fix it... I'm using kernel 2.6.7+mppe1.0 patch. |
|
| Back to top |
|
|
BeFalou
n00b
Joined: 26 May 2003
Posts: 45
Location: Madrid
|
|
| Back to top |
|
|
castrik
n00b
Joined: 16 Apr 2004
Posts: 31
|
| Posted: Wed Jun 23, 2004 2:01 pm Post subject: |
|
|
| Brandoo wrote: |
I had to remove the option require-mppe from both the peer and options file |
Doesn't this mean that your tunnel has no encryption now, well at least when communicating with windows clients? |
|
| Back to top |
|
|
Brandoo
n00b
Joined: 22 Mar 2003
Posts: 4
Location: NZ
|
| Posted: Thu Jun 24, 2004 4:11 am Post subject: |
|
|
You would think - but with this error message, pppd will return an error Re: unrecognised command.
The VPN I'm connecting to requires encrytion, will not connect without it - without this option I connect fine. |
|
| Back to top |
|
|
minaguib
n00b
Joined: 03 Nov 2003
Posts: 35
Location: Montréal
|
| Posted: Fri Jun 25, 2004 4:22 pm Post subject: |
|
|
| castrik wrote: | | Brandoo wrote: |
I had to remove the option require-mppe from both the peer and options file |
Doesn't this mean that your tunnel has no encryption now, well at least when communicating with windows clients? |
man ppp/man pppd for details.
Basically the newer ppp/pppd implementations automatically try to negotiate MPPC if the peer supports it (from my understanding) so these options in the conf file have been deprecated, hence the error you get if you leave them there.
Just my $0.02 |
|
| Back to top |
|
|
castrik
n00b
Joined: 16 Apr 2004
Posts: 31
|
| Posted: Sun Jun 27, 2004 1:10 pm Post subject: |
|
|
we worked out that the problem with our configuration was fixed by
| Code: | modprobe conntrack
modprobe ip_gre |
|
|
| Back to top |
|
|
OptimusP
n00b
Joined: 27 Apr 2003
Posts: 42
|
| Posted: Mon Jun 28, 2004 10:23 am Post subject: |
|
|
Im trying to get a pptp server up
Ive patched the kernel and patched ppp
this is what im getting from my log
Jun 28 20:53:39 X pptpd[29800]: CTRL: Client 192.168.1.2 control connection sta$
Jun 28 20:53:39 X pptpd[29800]: CTRL: Starting call (launching pppd, opening GR$
Jun 28 20:53:39 X pppd[29801]: pppd 2.4.2 started by root, uid 0
Jun 28 20:53:39 X pppd[29801]: Using interface ppp0
Jun 28 20:53:39 X pppd[29801]: Connect: ppp0 <--> /dev/pts/40
Jun 28 20:53:39 X pptpd[29800]: GRE: Discarding duplicate packet
Jun 28 20:53:41 X pptpd[29800]: CTRL: Ignored a SET LINK INFO packet with real $
Jun 28 20:53:41 X pppd[29801]: kernel does not support PPP filtering
Jun 28 20:53:41 X pppd[29801]: MPPE required, but kernel has no support.
Jun 28 20:53:41 X pptpd[29800]: CTRL: Closing child BCrelay with pid 0
Jun 28 20:53:41 X pptpd[29800]: CTRL: Closing child ppp with pid 29801
Jun 28 20:53:41 X pptpd[29800]: CTRL: Client 192.168.1.2 control connection fin$
Jun 28 20:53:41 X pppd[29801]: Terminating on signal 2.
Jun 28 20:53:41 X pppd[29801]: Connection terminated.
Jun 28 20:53:41 X pppd[29801]: Connect time 0.1 minutes.
Jun 28 20:53:41 X pppd[29801]: Sent 0 bytes, received 44 bytes.
Jun 28 20:53:41 X pppd[29801]: tcflush failed: Input/output error
Jun 28 20:53:41 X pppd[29801]: Connect time 0.1 minutes.
Jun 28 20:53:41 X pppd[29801]: Sent 0 bytes, received 44 bytes.
Can anyone help? |
|
| Back to top |
|
|
dmitrio
Tux's lil' helper
Joined: 10 Dec 2002
Posts: 115
Location: Pago Pago
|
| Posted: Mon Jun 28, 2004 3:21 pm Post subject: :. copied to gentoo-wiki.com |
|
|
I have copied this, with permission of minaguib, to gentoo-wiki.com
http://gentoo-wiki.com/HOWTO_PPTP_tunnels_with_kernel_2.6
If you see anything that should be added or changed, feel free to do so.
Thank you for a great HOWTO.
_________________
... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ... |
|
| Back to top |
|
|
Hendry
n00b
Joined: 29 Oct 2003
Posts: 28
Location: Apeldoorn, The Netherlands
|
| Posted: Mon Jun 28, 2004 3:26 pm Post subject: |
|
|
Stupid Question, but can anyone tell me how to patch a kernel? Never did it before and there must be a first time! I want to patch the 2.6.7-r1 kernel version.  |
|
| Back to top |
|
|
dmitrio
Tux's lil' helper
Joined: 10 Dec 2002
Posts: 115
Location: Pago Pago
|
| Posted: Mon Jun 28, 2004 4:18 pm Post subject: |
|
|
| Hendry wrote: | | Stupid Question, but can anyone tell me how to patch a kernel? Never did it before and there must be a first time! I want to patch the 2.6.7-r1 kernel version. |
look here http://gentoo-wiki.com/HOWTO_Install_a_Kernel_Patch
_________________
... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ... |
|
| Back to top |
|
|
OptimusP
n00b
Joined: 27 Apr 2003
Posts: 42
|
| Posted: Tue Jun 29, 2004 1:02 am Post subject: |
|
|
Has anyone successfully patched and got a pptp server working with the 2.6.7-r5 gentoo dev kernel?
Mine just doesnt seem to want to work. |
|
| Back to top |
|
|
hununu
n00b
Joined: 24 Dec 2003
Posts: 6
|
| Posted: Tue Jun 29, 2004 1:25 am Post subject: |
|
|
| OptimusP wrote: | Has anyone successfully patched and got a pptp server working with the 2.6.7-r5 gentoo dev kernel?
Mine just doesnt seem to want to work. |
Ok, i was going to try 2.6.7 out but now I'm losing hope I'll try it tomorrow... |
|
| Back to top |
|
|
jammerJ
n00b
Joined: 04 Jun 2004
Posts: 21
Location: California
|
| Posted: Thu Jul 01, 2004 8:27 am Post subject: |
|
|
| Quote: | | Ok, i was going to try 2.6.7 out but now I'm losing hope I'll try it tomorrow... |
Thanks to BeFalou's bug report, I am now able to connect, using 2.6.7-gentoo
Unfortunately still have some authentication issues, though...
But it's late...
_________________
Don't need no stinkin' signature |
|
| Back to top |
|
|
veezi
Apprentice
Joined: 10 Nov 2003
Posts: 226
|
| Posted: Thu Jul 08, 2004 8:08 pm Post subject: |
|
|
I'm at the verge of banging my head against the wall  I'm trying to get mppe-mppc to work. Tried it all, all the tips everywhere .. I always end up with :
| Code: |
MPPE required, but kernel has no support
|
Tried:
1. compile ppp_* as modules, builtin .. no difference
2. modified ppp ebuild for exact ppp patche (1.0) for mppe_mppc .. no difference
3. clean out all and re-emerge .. no difference
I'm using development-sources 2.6.6
Anyone? any ideas ?
Thanks, |
|
| Back to top |
|
|
castrik
n00b
Joined: 16 Apr 2004
Posts: 31
|
| Posted: Thu Jul 08, 2004 11:27 pm Post subject: |
|
|
So you've tried everything,
| Quote: |
Tried:
1. compile ppp_* as modules, builtin .. no difference
2. modified ppp ebuild for exact ppp patche (1.0) for mppe_mppc .. no difference
3. clean out all and re-emerge .. no difference |
Did you apply the kernel patch for your kernel? and have you modprobe'd ip_gre and conntrack? |
|
| Back to top |
|
|
veezi
Apprentice
Joined: 10 Nov 2003
Posts: 226
|
| Posted: Fri Jul 09, 2004 1:17 am Post subject: |
|
|
| castrik wrote: | So you've tried everything,
| Quote: |
Tried:
1. compile ppp_* as modules, builtin .. no difference
2. modified ppp ebuild for exact ppp patche (1.0) for mppe_mppc .. no difference
3. clean out all and re-emerge .. no difference |
Did you apply the kernel patch for your kernel? and have you modprobe'd ip_gre and conntrack? |
kernel patch applied. tried this also, but same:
| Code: |
modprobe arc4
modprobe ip_conntrack
modprobe ip_gre
|
I even tried kernel-2.6.7, same thing always gives me:
| Code: |
MPPE required, but kernel has no support
|
Any other ideas?
Thanks, |
|
| Back to top |
|
|
Deathscythe
n00b
Joined: 04 May 2004
Posts: 65
|
| Posted: Sun Jul 11, 2004 10:07 am Post subject: |
|
|
Thats weird. I am sure I have patched the kernel and compile it correctly. When I try to load the following modules.
| Code: | modprobe ip_conntrack
modprobe ip_gre |
It said
| Code: | FATAL: Module ip_conntrack not found.
FATAL: Module ip_gre not found. |
_________________
Deathscythe
http://www.revster.com |
|
| Back to top |
|
|
veezi
Apprentice
Joined: 10 Nov 2003
Posts: 226
|
| Posted: Sun Jul 11, 2004 12:14 pm Post subject: |
|
|
| A quick question: What do these modules do (conntrack, gre)? And why do we need them for MPPE/MPPC connections? |
|
| Back to top |
|
|
|
Documentation, Tips & Tricks
