| View previous topic :: View next topic |
| Author |
Message |
nevil
n00b
Joined: 07 Jul 2002
Posts: 11
|
 Posted: Thu Nov 11, 2004 11:34 pm Post subject: VPN problems |
 |
|
Hi,
I'm trying to set up a vpn connection to my work Lan. They are using MS-Vpn so I have patched my 2.6.9 kernel with mppe-patches and pppd.
I run pon TUNNEL and it seems to work. Authentication is accepted and I receive an ip address.
The problem starts now.
I try reaching the vpn server with ping but I get no answer.
The ppp0 interface sends huge amounts of data, like 500 Mb in 30 seconds. No traffic is going out through my LAn interface though (eth0).
I used tcpdump to sniff ppp0 and I see gre-ppp-payload traffic. Nothing on eth0.
I then modprobed ip_gre. No change.
My conclusion is that the tunneling isn't working correctly. Any pointers of what to try next?
Regards |
|
| Back to top |
|
 |
tuxmin
l33t
Joined: 24 Apr 2004
Posts: 838
Location: Heidelberg
|
| Posted: Fri Nov 12, 2004 8:14 am Post subject: |
|
|
I had a similar problem some weeks ago. The mppe-1.0 patch wouldn't work with my companies PPTP gw.
I then used the CVS version of ppp and everything worked fine...
http://cvs.samba.org/cgi-bin/cvsweb/ppp/
I simply patched the kernel did a make in the pppd directory and copied pppd over my gentoo build.
Hth, Alex!!!
_________________
ALT-F4 |
|
| Back to top |
|
|
nevil
n00b
Joined: 07 Jul 2002
Posts: 11
|
| Posted: Fri Nov 12, 2004 11:16 am Post subject: |
|
|
Could you still log on when using the mppe-1.0 patch?
I get "CHAP authentication succeeded" and
"MPPE 128-bit stateless compression enabled" amongst others. So session init seems to go OK.
What did the cvs patch help you with? |
|
| Back to top |
|
|
tuxmin
l33t
Joined: 24 Apr 2004
Posts: 838
Location: Heidelberg
|
| Posted: Fri Nov 12, 2004 11:29 am Post subject: |
|
|
Exactly,
the session was established, I got an IP from the server, DNS paramaters and all this stuff but no packet would pass the tunnel...
I have quite some experience with Linux networking and I'm totally convinced that it was *not* an configuration error like a faulty route or such stuff.
With the ppp CVS version and the same setup it worked out of the box...
(well, the mppe parameters to pppd are somewhat different, read the man page that comes with the CVS release). If you like I can post you my settings.
Alex!!!
_________________
ALT-F4 |
|
| Back to top |
|
|
nevil
n00b
Joined: 07 Jul 2002
Posts: 11
|
| Posted: Fri Nov 12, 2004 8:48 pm Post subject: |
|
|
Please do post your settings. I think it would help me.
Just upgrading pppd to 2.4.3b1 didn't help.
Thanks for your help! |
|
| Back to top |
|
|
tuxmin
l33t
Joined: 24 Apr 2004
Posts: 838
Location: Heidelberg
|
| Posted: Sat Nov 13, 2004 7:49 am Post subject: |
|
|
Just to put it clear: you need to fetch ppp from cvs (or if you like I can send you a tarball if you drop me your email).
cd to ppp-cvs/linux/mppe and run
| Code: |
./mppeinstall.sh /usr/src/linux-2.4.27
|
(or whatever kernel you have, works as well for 2.6.x). Build the kernel and modules. Put the following into /etc/modules/ppp
| Code: |
alias ppp-compress-18 ppp_mppe
|
and run modules-update
Next cd to ppp-cvs/pppd
| Code: |
ln -s Makefile.linux Makefile
make
make install
|
The last step will overwrite your Gentoo pppd, so you might want to do a backup first.
And here comes my config:
/etc/ppp/peers/tunnel:
| Code: |
# name of tunnel, used to select lines in secrets files
remotename pptpd
# name of tunnel, used to name /var/run pid file
linkname tunnel
# name of tunnel, passed to ip-up scripts
ipparam tunnel
# data stream for pppd to use
# Put your peer's IP here!
pty "pptp 10.10.10.10 --nolaunchpppd "
# domain and username, used to select lines in secrets files
name johndoe
usepeerdns
defaultroute
nomppe-40
require-mppe-128
#refuse-eap
#require-mschap
#require-mschap-v2
#persist
# do not require the server to authenticate to our client
noauth
connect /bin/true
# adopt defaults from the pptp-linux package
file /etc/ppp/options.pptp
|
And my /etc/ppp/options.pptp:
| Code: |
# Lock the port
lock
# We don't need the tunnel server to authenticate itself
noauth
# Turn off transmission protocols we know won't be used
nobsdcomp
nodeflate
# We want a sane mtu/mru
#
#mtu 1000
#mru 1000
# Time this thing out of it goes poof
#
#ilcp-echo-failure 10
#lcp-echo-interval 10
|
Just in case it makes any difference: I have emerged pptpclient-1.5 which is masked in portage. The stable version is 1.3.1 as of this writing.
Having this setup I simply call "pon tunnel" and everything works as it should.
Greetz,
Alex!!!
_________________
ALT-F4 |
|
| Back to top |
|
|
|
Networking & Security
