vpn pptpconfig problems. Please help.

[nlayo]

Hi. I have been trying for some time to get the vpn client working on gentoo. Let me describe my setup.

I tried to follow the guide from https://forums.gentoo.org/viewtopic.php?t=211334&highlight=vpn+pptp

to patch the kernel, but I didn't patch ppp since the latest version of ppp seems to already appy the ppp patch in the ebuild.

host ~ # emerge -v ppp
Calculating dependencies ...done!
>>> emerge (1 of 1) net-dialup/ppp-2.4.2-r10 to /
>>> md5 src_uri ppp-2.4.2.tar.gz
>>> md5 src_uri ppp-2.4.2-mppe-mppc-1.1.patch.gz
>>> md5 src_uri ppp-dhcpc.tgz
>>> Unpacking source...
>>> Unpacking ppp-2.4.2.tar.gz to /var/tmp/portage/ppp-2.4.2-r10/work
>>> Unpacking ppp-2.4.2-mppe-mppc-1.1.patch.gz to /var/tmp/portage/ppp-2.4.2-r10/work
>>> Unpacking ppp-dhcpc.tgz to /var/tmp/portage/ppp-2.4.2-r10/work
* Applying cbcp-dosfix.patch ... [ ok ]
* Applying mpls.patch.gz ... [ ok ]
* Applying killaddr-smarter.patch.gz ... [ ok ]
* Applying cflags.patch ... [ ok ]
* Applying control_c.patch ... [ ok ]
mppe-mppc
* Enabling mppe-mppc support
* Applying ppp-2.4.2-mppe-mppc-1.1.patch.gz ... [ ok ]

I also emerged pptpclient and pptpconfig. Whenever I use pptpconfig to connect to the VPN server, it appears a connection is made and that things are working correctly, but in the pptpconfig tunnel window, the bytes out and packets out grows incredibly fast while any attempt to ping the VPN server fails.

5 packets transmitted, 0 received, 100% packet loss, time 3998ms

In the pptp tunnel window it says:
MPPE 128-bit stateless compression enabled

so, it appears that MPPE is working.

I turned off my iptables and I still have this problem. The bytes in and the packets in is a tiny number and never goes up. If anyone has any suggestions for pptpconfig or another way to access a VPN server over PPTP, I'd really appreciate it.. Thanks.

nlayo

[asiobob]

Hi,

My comments are based on my own mind, I have not read the guide that you have refereneced.

A few things to note:

1. patches from http://www.polbox.com/h/hs001/#AEN55 had a nasty encryption bug when using the kernels API, it would cause VPN connections not to work. There is a workaround by using their own encryption patch as well. this problem has been fixed in the latest MPPE 1.2 patch for kernel 2.6.9. My suggestion is upgrade to this kernel, then apply the MPPE 1.2 patch from the url above.

2. The mppe patches for PPP in portage are valid, so just install ppp with USE="mppe-mppc" emerge ppp

3. Make sure your routing is correct. In my case I use the "route all to tunnel" which is similar to what windows does when connected to VPN. Normally pptpclient sets it up correctly when you tell it to do do. Make sure your VPN server is NOT passing through the VPN tunnel, else you go in circles and get "big" numbers flowing around as you suggest.

to look at your route table, as root enter "route" or "netstat -rn" both show hte same thing, make sure you VPN server is NOT going via the VPN connection, rather your normal interface connection

[nlayo]

Thanks for the quick response. I am using the MPPE 1.2 patch for 2.6.8, should be quite similar and I had emerged ppp with the USE="mppe-mppc". I tried the "route all to tunnel" suggestion and seemed to still have the same problem. Here is my pptpconfig debug output.

MPPE 128-bit stateless compression enabled

local IP address 165.124.160.xxx
remote IP address 129.105.253.xxx
primary DNS address 129.105.49.1
secondary DNS address 165.124.49.21
# route -n (after pppd exit)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
129.105.253.xxx 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth1
pptpconfig: pppd process exit status 0 (started)
ip route add 129.105.253.xxx via 192.168.0.1 dev eth1 src 192.168.0.104
RTNETLINK answers: File exists

pptpconfig: command failed, exit code 2
pptpconfig: routes added to remote networks
ip route replace default dev 'ppp0'
pptpconfig: default route changed to use tunnel
pptpconfig: DNS changes made to /etc/resolv.conf
pptpconfig: connected
# route -n (after completion)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
129.105.253.xxx 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0

bytes in: 269 bytes out: 6302566354
packets in: 13 packets out: 1537457

Here's the weird bytes out story.......

Does this look correct? I'm not an expert on route. Thanks for the suggestions you offered. Did you ever get VPN working? I'm surprised at how much touble I've been having.

nlayo

[asiobob]

this is a quick reply, I've got a flight soon,

My quick glance the routing doesn;t look right
it seems your VPN server is going thru ppp0 (ie your vpn is going thru the vpn) hence a loop. I would have thought if 129.105.253.xxx is your VPN server then that data goes thru your network card (eth1) it seems.

I suggest posting on the mailing list at http://pptpclient.sf.net if you don't get anywhere here. Also try irc.freenode.net #pptpclient (I think) and look for a guy called Quzol (or similar)

Seeya