FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 04-29-2008, 01:48 PM
"Vladimir Rusinov"
 
Default pptp client under nat

Hello!

I'm trying to connect from my home box to my office network.
At home I have US Robotics ADSL modem (192.168.1.1) and gentoo host
192.168.1.3. 192.168.1.3 is set up as DMZ in modem (so, all ports are
open and all portmapped to 192.168.1.3). iptables is not set up (it
looks I haven't even module)
At office I have D-Link router with pptp server enabled. It's public
address is a.b.c.d and internal network is 192.168.5.0/24

I've setup chap-secrets and peer and when I'm doing #pon my_vpn I'm
getting following:
using channel 32
Using interface ppp0
Connect: ppp0 <--> /dev/pts/7
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x24770bb6> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1448> <auth chap MS-v2> <magic <snip>>]
sent [LCP ConfAck id=0x0 <mru 1448> <auth chap MS-v2> <magic <snip>>]
rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]
sent [LCP ConfReq id=0x2 <magic <snip>>]
rcvd [LCP ConfAck id=0x2 <magic <snip>>]
<snip>
rcvd [CHAP Success id=0x17 "<snip>"]
CHAP authentication succeeded
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.1.3>]
rcvd [CCP ConfReq id=0x0 <mppe +H +M +S +L -D -C>]
sent [CCP ConfReq id=0x1]
sent [CCP ConfRej id=0x0 <mppe +H +M +S +L -D -C>]
rcvd [IPCP ConfReq id=0x0 <addr 192.168.5.1>]
sent [IPCP ConfAck id=0x0 <addr 192.168.5.1>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 192.168.1.3>]
rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x2]
rcvd [CCP TermReq id=0x2]
sent [CCP TermAck id=0x2]
rcvd [LCP TermReq id=0x1]
LCP terminated by peer
sent [LCP TermAck id=0x1]
Script pptp --loglevel 1 a.b.c.d --nolaunchpppd finished (pid 27227),
status = 0x0
Modem hangup
Connection terminated.


May be problem is in "192.168.1.3", which is not my home external ip,
but internal?

Here is my peers/my_vpn:
name <user>
remotename <remotename>

pty "pptp --loglevel 1 a.b.c.d --nolaunchpppd"

#noauth
debug
nodetach
lock
defaultroute
#noccp

file /etc/ppp/options.pptp

--
Vladimir Rusinov
--
gentoo-user@lists.gentoo.org mailing list
 
Old 04-29-2008, 08:21 PM
Etaoin Shrdlu
 
Default pptp client under nat

On Tuesday 29 April 2008, 15:48, Vladimir Rusinov wrote:

> I've setup chap-secrets and peer and when I'm doing #pon my_vpn I'm
> getting following:
> using channel 32
> Using interface ppp0
> Connect: ppp0 <--> /dev/pts/7
> sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x24770bb6> <pcomp>
> <accomp>] rcvd [LCP ConfReq id=0x0 <mru 1448> <auth chap MS-v2> <magic
> <snip>>] sent [LCP ConfAck id=0x0 <mru 1448> <auth chap MS-v2> <magic
> <snip>>] rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]
> sent [LCP ConfReq id=0x2 <magic <snip>>]
> rcvd [LCP ConfAck id=0x2 <magic <snip>>]
> <snip>
> rcvd [CHAP Success id=0x17 "<snip>"]
> CHAP authentication succeeded
> sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.1.3>]
> rcvd [CCP ConfReq id=0x0 <mppe +H +M +S +L -D -C>]
> sent [CCP ConfReq id=0x1]
> sent [CCP ConfRej id=0x0 <mppe +H +M +S +L -D -C>]
> rcvd [IPCP ConfReq id=0x0 <addr 192.168.5.1>]
> sent [IPCP ConfAck id=0x0 <addr 192.168.5.1>]
> rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
> sent [IPCP ConfReq id=0x2 <addr 192.168.1.3>]
> rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
> sent [CCP ConfReq id=0x2]
> rcvd [CCP TermReq id=0x2]
> sent [CCP TermAck id=0x2]
> rcvd [LCP TermReq id=0x1]
> LCP terminated by peer
> sent [LCP TermAck id=0x1]
> Script pptp --loglevel 1 a.b.c.d --nolaunchpppd finished (pid 27227),
> status = 0x0
> Modem hangup
> Connection terminated.

It looks like a compression negotiation problem, since everything until
CHAP authentication works.
Your client rejects the mppe "+H +M +S +L -D -C" options it receives from
the server.
What's the content of your /etc/ppp/options.pptp file?

Also, did you read this doc:

http://pptpclient.sourceforge.net/howto-diagnosis.phtml
--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-02-2008, 08:22 AM
"Vladimir Rusinov"
 
Default pptp client under nat

On Wed, Apr 30, 2008 at 12:21 AM, Etaoin Shrdlu
<shrdlu@unlimitedmail.org> wrote:
>
> On Tuesday 29 April 2008, 15:48, Vladimir Rusinov wrote:
>
> > I've setup chap-secrets and peer and when I'm doing #pon my_vpn I'm
> > getting following:
> > using channel 32
> > Using interface ppp0
> > Connect: ppp0 <--> /dev/pts/7
> > sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x24770bb6> <pcomp>
> > <accomp>] rcvd [LCP ConfReq id=0x0 <mru 1448> <auth chap MS-v2> <magic
> > <snip>>] sent [LCP ConfAck id=0x0 <mru 1448> <auth chap MS-v2> <magic
> > <snip>>] rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]
> > sent [LCP ConfReq id=0x2 <magic <snip>>]
> > rcvd [LCP ConfAck id=0x2 <magic <snip>>]
> > <snip>
> > rcvd [CHAP Success id=0x17 "<snip>"]
> > CHAP authentication succeeded
> > sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.1.3>]
> > rcvd [CCP ConfReq id=0x0 <mppe +H +M +S +L -D -C>]
> > sent [CCP ConfReq id=0x1]
> > sent [CCP ConfRej id=0x0 <mppe +H +M +S +L -D -C>]
> > rcvd [IPCP ConfReq id=0x0 <addr 192.168.5.1>]
> > sent [IPCP ConfAck id=0x0 <addr 192.168.5.1>]
> > rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
> > sent [IPCP ConfReq id=0x2 <addr 192.168.1.3>]
> > rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
> > sent [CCP ConfReq id=0x2]
> > rcvd [CCP TermReq id=0x2]
> > sent [CCP TermAck id=0x2]
> > rcvd [LCP TermReq id=0x1]
> > LCP terminated by peer
> > sent [LCP TermAck id=0x1]
> > Script pptp --loglevel 1 a.b.c.d --nolaunchpppd finished (pid 27227),
> > status = 0x0
> > Modem hangup
> > Connection terminated.
>
> It looks like a compression negotiation problem, since everything until
> CHAP authentication works.
> Your client rejects the mppe "+H +M +S +L -D -C" options it receives from
> the server.
> What's the content of your /etc/ppp/options.pptp file?

Sorry, kernel module was not loaded and mppe was not enabled in options.pptp.
Thank you.

--
Vladimir Rusinov
Voronezh, Russia
UNIX Admin @ Murano Software
--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-02-2008, 08:50 AM
"Vladimir Rusinov"
 
Default pptp client under nat

On Fri, May 2, 2008 at 12:22 PM, Vladimir Rusinov
<vladimir@greenmice.info> wrote:

> Sorry, kernel module was not loaded and mppe was not enabled in options.pptp.
> Thank you.

Another problem: the tunnel is now up, but I'm not able to ping or telnet router

ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.5.253 P-t-P:192.168.5.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1448 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:149 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:90 (90.0 b) TX bytes:11064 (10.8 Kb)

# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.5.1 * 255.255.255.255 UH 0 0 0 ppp0
172.16.85.0 * 255.255.255.0 U 0 0 0 vmnet1
192.168.194.0 * 255.255.255.0 U 0 0 0 vmnet8
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

;(

--
Vladimir Rusinov
Voronezh, Russia
--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-02-2008, 08:55 AM
Etaoin Shrdlu
 
Default pptp client under nat

On Friday 2 May 2008, 10:50, Vladimir Rusinov wrote:

> On Fri, May 2, 2008 at 12:22 PM, Vladimir Rusinov
>
> <vladimir@greenmice.info> wrote:
> > Sorry, kernel module was not loaded and mppe was not enabled in
> > options.pptp. Thank you.
>
> Another problem: the tunnel is now up, but I'm not able to ping or
> telnet router

You have several network connections. You probably need to add some
static route(s). What's the IP address of the router?

> ppp0 Link encap:Point-to-Point Protocol
> inet addr:192.168.5.253 P-t-P:192.168.5.1
> Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1448
> Metric:1 RX packets:9 errors:0 dropped:0 overruns:0 frame:0
> TX packets:149 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:3
> RX bytes:90 (90.0 b) TX bytes:11064 (10.8 Kb)
>
> # route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> 192.168.5.1 * 255.255.255.255 UH 0 0 0
> ppp0
> 172.16.85.0 * 255.255.255.0 U 0 0 0
> vmnet1
> 192.168.194.0 * 255.255.255.0 U 0 0 0
> vmnet8
> 192.168.1.0 * 255.255.255.0 U 0 0 0
> eth0
> loopback * 255.0.0.0 U 0 0 0
> lo
> default 192.168.1.1 0.0.0.0 UG 0 0 0
> eth0
--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-02-2008, 09:39 AM
"Vladimir Rusinov"
 
Default pptp client under nat

On Fri, May 2, 2008 at 12:55 PM, Etaoin Shrdlu <shrdlu@unlimitedmail.org> wrote:
> On Friday 2 May 2008, 10:50, Vladimir Rusinov wrote:
>
> > On Fri, May 2, 2008 at 12:22 PM, Vladimir Rusinov
> >
> > <vladimir@greenmice.info> wrote:
> > > Sorry, kernel module was not loaded and mppe was not enabled in
> > > options.pptp. Thank you.
> >
> > Another problem: the tunnel is now up, but I'm not able to ping or
> > telnet router
>
> You have several network connections. You probably need to add some
> static route(s). What's the IP address of the router?

Yes, network structure is
(host 192.168.1.3) --ethernet--> (US Robotics ADSL 192.168.1.1,
dynamic wan ip, default route via dhcp) --internet--> (D-Link router
192.168.5.1, wan ip 1.2.3.4) --ethernet--> (office network)

I've trued to add `route add -net 192.168.5.0 netmask 255.255.255.0
dev ppp0`, but it does not help.

--
Vladimir Rusinov
Voronezh, Russia
--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-02-2008, 09:53 AM
Etaoin Shrdlu
 
Default pptp client under nat

On Friday 2 May 2008, 11:39, Vladimir Rusinov wrote:

> > You have several network connections. You probably need to add some
> > static route(s). What's the IP address of the router?
>
> Yes, network structure is
> (host 192.168.1.3) --ethernet--> (US Robotics ADSL 192.168.1.1,
> dynamic wan ip, default route via dhcp) --internet--> (D-Link router
> 192.168.5.1, wan ip 1.2.3.4) --ethernet--> (office network)
>
> I've trued to add `route add -net 192.168.5.0 netmask 255.255.255.0
> dev ppp0`, but it does not help.

But the tunnel is between ppp0 in your box and the D-link router, or
between ppp0 in your box and some internal box in the office network?
What's the network address of the office network?
--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-02-2008, 11:33 AM
"Vladimir Rusinov"
 
Default pptp client under nat

On Fri, May 2, 2008 at 1:53 PM, Etaoin Shrdlu <shrdlu@unlimitedmail.org> wrote:
> On Friday 2 May 2008, 11:39, Vladimir Rusinov wrote:
>
> > > You have several network connections. You probably need to add some
> > > static route(s). What's the IP address of the router?
> >
> > Yes, network structure is
> > (host 192.168.1.3) --ethernet--> (US Robotics ADSL 192.168.1.1,
> > dynamic wan ip, default route via dhcp) --internet--> (D-Link router
> > 192.168.5.1, wan ip 1.2.3.4) --ethernet--> (office network)
> >
> > I've trued to add `route add -net 192.168.5.0 netmask 255.255.255.0
> > dev ppp0`, but it does not help.
>
> But the tunnel is between ppp0 in your box and the D-link router, or
> between ppp0 in your box and some internal box in the office network?
> What's the network address of the office network?

It's between my box and d-link. The office network address is
192.168.5.0/24, my local network is 192.168.1.0/24.
Currenty I can't even ping or telnet to d-link router (I'm 100% shure
that https port is open on d-link).

--
Vladimir Rusinov
Voronezh, Russia
--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-02-2008, 12:04 PM
Etaoin Shrdlu
 
Default pptp client under nat

On Friday 2 May 2008, 13:33, Vladimir Rusinov wrote:

> > But the tunnel is between ppp0 in your box and the D-link router,
> > or between ppp0 in your box and some internal box in the office
> > network? What's the network address of the office network?
>
> It's between my box and d-link. The office network address is
> 192.168.5.0/24, my local network is 192.168.1.0/24.
> Currenty I can't even ping or telnet to d-link router (I'm 100% shure
> that https port is open on d-link).

If you can't ping or telnet to the d-link using its wan public IP, then
you should solve that problem first.

If you can reach the router through its public IP, then the problem may
be in the tunnel configuration.

I don't know what degree of control you have upon the remote router,
however, you could try using a different IP subnet for the tunnel (eg,
192.168.100.0/24), which is also a cleaner setup imho (the router needs
to be configured to forward IP packets, but that is hopefully already
so, otherwise it would be rather useless as a router).

ATM you are using, for the tunnel, addresses belonging to the same office
IP network. This can be done, but then you need to make sure the remote
pppd is doing proxy arp (ie, option "proxyarp" to pppd). You still need
a static route to 192.168.5.0/24 through ppp0, since by default only
the /32 entry to the peer is created.
--
gentoo-user@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 09:30 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org