| View previous topic :: View next topic |
| Author |
Message |
zaiyon
Apprentice
Joined: 19 May 2004
Posts: 219
Location: Germany
|
 Posted: Tue Dec 14, 2004 11:16 am Post subject: (solved) pptpclient and ppp-2.4.3-mppe-mppc-1.1.patch.gz |
 |
|
Hi, I'm having problems with pptpclient connecting to a microsoft vpn server.
The ebuild of ppp-2.4.3 said it's using ppp-2.4.3-mppe-mppc-1.1.patch.gz if I enabled the use flag mppe-mppc, so I did it and einfo said it patched successfully.
I also patched my kernel for mppe and compiled it as a module.
first of all my config files:
| Code: |
# cat /etc/ppp/peers/vpn
pty "pptp $VPN_SERVER --nolaunchpppd"
name $VPN_USER
remotename PPTP
#require-mppe-128
mppe required
file /etc/ppp/options.pptp
ipparam vpn
|
The commented line require-mppe-128 does not work, I followed the gentoo howto from pptpclient.sourceforge.net and searched the web, this should really work. And that is the reason why I believe that my problem is related to my ppp mppe patch.
replacing: mppe required with the line commented out delivers me the following output:
| Code: |
# pon vpn debug dump logfd 2 nodetach
/usr/sbin/pppd: In file /etc/ppp/peers/vpn: unrecognized option 'require-mppe-128'
|
So I wasn't able to follow the howto in detail.
| Code: |
# cat /etc/ppp/options.pptp
lock
noauth
nobsdcomp
nodeflate
|
[edit]
I'll post the relevant part of my chap-secrets too, but I don't think it's wrong.
| Code: |
# Secrets for authentication using CHAP
# client server secret IP addresses
$VPN_USER PPTP $VPN_PASSWD *
PPTP $VPN_USER $VPN_PASSWD *
|
[/edit]
This happens when I try to connect via vpn:
| Code: |
# pon vpn debug dump logfd 2 nodetach
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
name $VPN_USER # (from /etc/ppp/peers/vpn)
remotename PPTP # (from /etc/ppp/peers/vpn)
# (from /etc/ppp/options.pptp)
pty pptp $VPN_SERVER --nolaunchpppd # (from /etc/ppp/peers/vpn)
ipparam vpn # (from /etc/ppp/peers/vpn)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
mppe xxx # [don't know how to print value] # (from /etc/ppp/peerspn)
using channel 29
Using interface ppp0
Connect: ppp0 <--> /dev/pts/3
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xd28223e8> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0x4cc29f> <pcomp> <accomp> <mrru 1400> <endpoint [MAC:00:06:5b:f8:26:ef]>]
sent [LCP ConfRej id=0x1 <mrru 1400>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xd28223e8> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x2 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0x4cc29f> <pcomp> <accomp> <endpoint [MAC:00:06:5b:f8:26:ef]>]
sent [LCP ConfAck id=0x2 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0x4cc29f> <pcomp> <accomp> <endpoint [MAC:00:06:5b:f8:26:ef]>]
rcvd [LCP EchoReq id=0x0 magic=0xef4cc29f]
sent [LCP EchoRep id=0x0 magic=0xd28223e8]
rcvd [CHAP Challenge id=0x70 <4bb6d7b78b62f4b55fb8c695dd94d76d>, name = "pptp"
sent [CHAP Response id=0x70 <1f60eb645fc9dbcb1ecf3de1c770d3670000000000000000df2f35024bcf1a81dbb3648e3f9f32f0164f9712c9c04300>, name = "$VPN_USER"]
rcvd [CHAP Success id=0x70 "S=E9A0157EF3B98EB6501BA6B4D3A9C6CDF508FAF8"]
sent [CCP ConfReq id=0x1 <mppe -H +M +S +L -D +C>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>]
rcvd [LCP TermReq id=0x3 "MPPE required but peer negotiation failed"]
LCP terminated by peer (MPPE required but peer negotiation failed)
sent [LCP TermAck id=0x3]
rcvd [CCP ConfRej id=0x1 <mppe -H +M +S +L -D +C>]
Discarded non-LCP packet when LCP not open
Script pptp $VPN_SERVER --nolaunchpppd finished (pid 3852), status = 0x0
Connection terminated.
tcflush failed: Input/output error
using channel 30
Using interface ppp0
Connect: ppp0 <--> /dev/pts/5
Waiting for 1 child processes...
script pptp $VPN_SERVER --nolaunchpppd, pid 3889
sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xe6ccbc2c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xe6ccbc2c> <pcomp> <accomp>]
sending SIGTERM to process 3889
Script pptp $VPN_SERVER --nolaunchpppd finished (pid 3889), status = 0x0
tcflush failed: Bad file descriptor
|
| Code: |
sent [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>]
rcvd [LCP TermReq id=0x3 "MPPE required but peer negotiation failed"]
|
Sorry, but I just don't understand this message, I've been searching the web a lot, without beeing able to figure it out.
But I found a lot of people having similair problems, in their case, it was an issue with the patch.
Thx for help in advance
_________________
What do you have when you have six lawyers buried up to their necks in sand? Not enough sand.
My Project - open Outcast
Last edited by zaiyon on Wed Dec 15, 2004 8:31 am; edited 1 time in total |
|
| Back to top |
|
 |
zaiyon
Apprentice
Joined: 19 May 2004
Posts: 219
Location: Germany
|
| Posted: Wed Dec 15, 2004 8:31 am Post subject: |
|
|
Well, I somehow solved it myself. It are the new ppp mppe options, wich work like this:
mppe required,stateless,no128 (e.g)
well, I just had to activate "stateless" too, so if anyone has problems like this...
_________________
What do you have when you have six lawyers buried up to their necks in sand? Not enough sand.
My Project - open Outcast |
|
| Back to top |
|
|
ekoontz
n00b
Joined: 18 Apr 2002
Posts: 67
Location: San Francisco, California
|
| Posted: Fri Jan 28, 2005 10:25 am Post subject: |
|
|
Thanks, your long description and log output was very helpful! I successfully patched my 2.6.10 kernel (got the patch from http://www.gfxcafe.com/VPN%20Howto.html) ,
Patched the kernel with :
| Code: |
cd /usr/src
ln -s linux-2.6.10-gentoo-r6 linux-2.6.10
patch -p0 < linux-2.6.10-mppe-mppc-1.2.patch
|
Then did "make menuconfig" and enabled the "Microsoft PPP compression/encryption (MPPC/MPPE)" and then saved the config and "make modules && make modules install" and then "modprobe ppp_mppe_mppc".
emerged pppd with :
| Code: | | USE="mppe-mppc" emerge ppp |
(note that portage calls it ppp, not pppd)
set up my /etc/ppp/peers/vpn as :
| Code: |
pty "pptp vpn.mycompany.com --nolaunchpppd"
name ekoontz
mppe stateless
file /etc/ppp/options.pptp
ipparam vpn
refuse-eap
usepeerdns
|
set up my /etc/ppp/chap-secrets as :
| Code: |
# Secrets for authentication using CHAP
# client server secret IP addresses
ekoontz PAVPN mypassword
|
And then I invoked "pon" as you showed :
| Code: |
root@localhost # pon vpn debug dump logfd 2 nodetach
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
refuse-eap # (from /etc/ppp/peers/vpn)
name ekoontz # (from /etc/ppp/peers/vpn)
# (from /etc/ppp/options.pptp)
pty pptp vpn.mycompany.com --nolaunchpppd # (from /etc/ppp/peers/vpn)
mru 1000 # (from /etc/ppp/options.pptp)
mtu 1000 # (from /etc/ppp/options.pptp)
lcp-echo-failure 10 # (from /etc/ppp/options.pptp)
lcp-echo-interval 10 # (from /etc/ppp/options.pptp)
ipparam vpn # (from /etc/ppp/peers/vpn)
usepeerdns # (from /etc/ppp/peers/vpn)
mppe xxx # [don't know how to print value] # (from /etc/ppp/peers/vpn)
using channel 4
Using interface ppp0
Connect: ppp0 <--> /dev/pts/4
sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x46a40bb3> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x60982538> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:9f.13.b9.5c.21.cf.42.25.ac.49.c5.0d.b0.3b.97.be.00.00.00.00]> < 17 04 10 89>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 10 89>]
rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x46a40bb3> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x60982538> <pcomp> <accomp> <endpoint [local:9f.13.b9.5c.21.cf.42.25.ac.49.c5.0d.b0.3b.97.be.00.00.00.00]>]
sent [LCP ConfNak id=0x1 <auth chap 07>]
rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x60982538> <pcomp> <accomp> <endpoint [local:9f.13.b9.5c.21.cf.42.25.ac.49.c5.0d.b0.3b.97.be.00.00.00.00]>]
sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x60982538> <pcomp> <accomp> <endpoint [local:9f.13.b9.5c.21.cf.42.25.ac.49.c5.0d.b0.3b.97.be.00.00.00.00]>]
sent [LCP EchoReq id=0x0 magic=0x46a40bb3]
rcvd [CHAP Challenge id=0x0 <7552c9edafdbcac8951fe708f2c35b3b>, name = "PAVPN"]
sent [CHAP Response id=0x0 <c0fde9e2c192fe687361ccc59918d84f00000000000000007a4d7eeebef26c7edf843b4e98f8264729c7cc4d0bb988cb00>, name = "ekoontz"]
rcvd [LCP EchoRep id=0x0 magic=0x60982538]
rcvd [CHAP Success id=0x0 "S=35D2AF2593102C328A2CF0609DBBD0F9FEF1AE9C"]
sent [CCP ConfReq id=0x1 <mppe +H +M +S +L -D +C> <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L -D +C>]
sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D +C>]
rcvd [IPCP ConfReq id=0x5 <addr 10.1.3.50>]
sent [IPCP ConfAck id=0x5 <addr 10.1.3.50>]
rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [CCP ConfReq id=0x2 <mppe +H +M +S +L -D +C>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D +C>]
sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D +C>]
rcvd [CCP ConfNak id=0x2 <mppe +H -M +S -L -D +C>]
sent [CCP ConfReq id=0x3 <mppe +H -M +S -L -D +C>]
rcvd [IPCP ConfNak id=0x2 <addr 10.1.3.64> <ms-dns1 10.1.5.2> <ms-dns3 10.1.5.1>]
sent [IPCP ConfReq id=0x3 <addr 10.1.3.64> <ms-dns1 10.1.5.2> <ms-dns3 10.1.5.1>]
rcvd [CCP ConfAck id=0x3 <mppe +H -M +S -L -D +C>]
MPPC/MPPE 128-bit stateless compression enabled
rcvd [IPCP ConfAck id=0x3 <addr 10.1.3.64> <ms-dns1 10.1.5.2> <ms-dns3 10.1.5.1>]
local IP address 10.1.3.64
remote IP address 10.1.3.50
primary DNS address 10.1.5.2
secondary DNS address 10.1.5.1
Script /etc/ppp/ip-up started (pid 9068)
Script /etc/ppp/ip-up finished (pid 9068), status = 0x1
|
Voila..success at last!! 
(Getting the options right in /etc/ppp/peers/vpn was just pure trial and error and luck..)
Next task : figure out how to set up routing..
_________________
In Soviet Gentoo, portage emerges -u!
Last edited by ekoontz on Thu Feb 17, 2005 8:37 pm; edited 1 time in total |
|
| Back to top |
|
|
ekoontz
n00b
Joined: 18 Apr 2002
Posts: 67
Location: San Francisco, California
|
| Posted: Sat Jan 29, 2005 4:54 pm Post subject: |
|
|
figured out routing; with reference to http://pptpclient.sourceforge.net/routing.phtml, "Client to LAN" section :
| Code: |
route add -net 10.1.0.0 netmask 255.255.0.0 dev ppp0
|
End result :
| Code: |
hiros-item ekoontz # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.3.50 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 ath0
10.1.0.0 * 255.255.0.0 U 0 0 0 ppp0
loopback localhost 255.0.0.0 UG 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 ath0
hiros-item ekoontz # ifconfig
ath0 Link encap:Ethernet HWaddr 00:80:C8:17:A2:2C
inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12414 errors:3981 dropped:0 overruns:0 frame:3981
TX packets:11057 errors:1 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:199
RX bytes:11572520 (11.0 Mb) TX bytes:1186443 (1.1 Mb)
Interrupt:5 Memory:d0b40000-d0b50000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:98 errors:0 dropped:0 overruns:0 frame:0
TX packets:98 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6836 (6.6 Kb) TX bytes:6836 (6.6 Kb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.1.3.62 P-t-P:10.1.3.50 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1000 Metric:1
RX packets:1115 errors:0 dropped:0 overruns:0 frame:0
TX packets:950 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:351120 (342.8 Kb) TX bytes:52668 (51.4 Kb)
|
_________________
In Soviet Gentoo, portage emerges -u! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
