VPN Access Problem Win2K to Linux PPTP

VPN Access Problem Win2K to Linux PPTP

Post by eshg.. » Sat, 25 Nov 2000 15:37:06



Hello,

I tried the whole night to do a pptp connection, but the result ist: It
doesnt want to work.

I have an Win2K Client trying to connect to a linux machine. I tried it
through internet connection onto my machine and also over my LAN

Uname-a:
Linux esh 2.2.13 #1 Mon Nov 8 15:23:05 CET 1999 i586 unknown

May be you can see the problem.

Here is my messages-file:

Nov 24 07:56:08 esh pptpd[3230]: MGR: Manager process started
Nov 24 07:56:08 esh pptpd[3230]: MGR: Couldn't create host socket
Nov 24 07:56:25 esh pptpd[3235]: MGR: Manager process started
Nov 24 07:56:31 esh pptpd[3237]: MGR: Launching /usr/sbin/pptpctrl to
handle client
Nov 24 07:56:31 esh pptpd[3237]: CTRL: local address = 192.168.100.234
Nov 24 07:56:31 esh pptpd[3237]: CTRL: remote address = 192.168.200.234
Nov 24 07:56:31 esh pptpd[3237]: CTRL: Client 192.168.0.25 control
connection started
Nov 24 07:56:31 esh pptpd[3237]: CTRL: Received PPTP Control Message
(type: 1)
Nov 24 07:56:31 esh pptpd[3237]: CTRL: Made a START CTRL CONN RPLY
packet
Nov 24 07:56:31 esh pptpd[3237]: CTRL: I wrote 156 bytes to the client.
Nov 24 07:56:31 esh pptpd[3237]: CTRL: Sent packet to client
Nov 24 07:56:34 esh pptpd[3237]: CTRL: Received PPTP Control Message
(type: 7)
Nov 24 07:56:34 esh pptpd[3237]: CTRL: Set parameters to 1525 maxbps,
64 window size
Nov 24 07:56:34 esh pptpd[3237]: CTRL: Made a OUT CALL RPLY packet
Nov 24 07:56:34 esh pptpd[3237]: CTRL: Starting call (launching pppd,
opening GRE)
Nov 24 07:56:34 esh pptpd[3237]: CTRL: pty_fd = 4
Nov 24 07:56:34 esh pptpd[3237]: CTRL: tty_fd = 5
Nov 24 07:56:34 esh pptpd[3237]: CTRL: I wrote 32 bytes to the client.
Nov 24 07:56:34 esh pptpd[3238]: CTRL (PPPD Launcher): Connection speed
= 115200
Nov 24 07:56:34 esh pptpd[3238]: CTRL (PPPD Launcher): local address =
192.168.100.234
Nov 24 07:56:34 esh pptpd[3238]: CTRL (PPPD Launcher): remote address =
192.168.200.234
Nov 24 07:56:34 esh pptpd[3237]: CTRL: Sent packet to client
Nov 24 07:56:34 esh pppd[3238]: The remote system is required to
authenticate itself but I
Nov 24 07:56:34 esh pppd[3238]: couldn't find any secret (password)
which would let it use an IP address.
Nov 24 07:56:34 esh pptpd[3237]: GRE: read
(fd=4,buffer=804d8c0,len=8196) from PTY failed: status = -1 error =
Input/out
Nov 24 07:56:34 esh pptpd[3237]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
Nov 24 07:56:34 esh pptpd[3237]: CTRL: Client 192.168.0.25 control
connection finished
Nov 24 07:56:34 esh pptpd[3237]: CTRL: Exiting now
Nov 24 07:56:34 esh pptpd[3235]: MGR: Reaped child 3237

My Pptp.conf:
localip 192.168.100.234-238
remoteip 192.168.200.234-238

I am trying to login with username and password david/test, and here
ist my chap-secrets (the last line was for debugging):

NBOUND CONNECTIONS
#client         hostname        <password>      192.168.1.1
"david" *       "test"        *
*       *       *       *

And now my pap-secrets:

"david" *       "test"        *

The following is the /etc/ppp/options

name esh
noipdefault
ipcp-accept-local
ipcp-accept-remote
ms-dns  62.225.250.201
nodefaultroute
debug
noauth
require-chap
crtscts
asyncmap 0
nodetach
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
idle 600
noipx

I am normally a linux- enthusiastic, but I can do what ever I want, it
dont work. I have tried many VPN solutions but they all dont run. May
be you have an idea.

THANK  YOU VERY MUCH FOR YOUR HELP!!!

David

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

VPN Access Problem Win2K to Linux PPTP

Post by James Carlso » Sat, 25 Nov 2000 04:00:00



> Nov 24 07:56:34 esh pppd[3238]: The remote system is required to
> authenticate itself but I
> Nov 24 07:56:34 esh pppd[3238]: couldn't find any secret (password)
> which would let it use an IP address.

That's the problem.  Something -- perhaps your pptp implementation --
is telling pppd to authenticate the peer, but pppd can't find an entry
that allows the peer to authenticate and use an IP address.

Quote:> I am trying to login with username and password david/test, and here
> ist my chap-secrets (the last line was for debugging):

> NBOUND CONNECTIONS
> #client         hostname        <password>      192.168.1.1
> "david" *       "test"        *
> *       *       *       *

> And now my pap-secrets:

> "david" *       "test"        *

There are a couple of ways to assign an IP address to a peer.  That's
what you need to do here, and it's the reason the link isn't working.

One is by placing this in your chap-secrets:

david   esh     test    192.168.1.1     # specify a single IP address

Another is by putting the IP addresses in your configuration file;
like this:

        192.168.1.2:192.168.1.1

Still another is to configure the L2TP daemon so that it supplies the
addresses on the pppd command line that it invokes.  I don't know
anything about your L2TP implementation, so I can't give any hints
there.

(On regular serial ports, you'd also have the option of using the
options.ttyname file to specify remote addresses for each port.
That's not possible for virtual links.)

Quote:> noipdefault
> ipcp-accept-local
> ipcp-accept-remote

You don't want those options.  If you're the "server" end, then you
have to actively supply an IP address to the peer for it to use.
Remove these options.

Quote:> debug

You don't have syslog set up right.  It doesn't have daemon.debug
directed to that log file, so the actual debug messages aren't being
logged at all.

--

"PPP Design and Debugging" --- http://people.ne.mediaone.net/carlson/ppp

 
 
 

VPN Access Problem Win2K to Linux PPTP

Post by Clifford Kit » Sat, 25 Nov 2000 04:00:00



> Nov 24 07:56:34 esh pppd[3238]: The remote system is required to
> authenticate itself but I
> Nov 24 07:56:34 esh pppd[3238]: couldn't find any secret (password)
> which would let it use an IP address.

You are using a pppd version greater than 2.3.5 and less than 2.3.11.
From 2.3.7 to 2.3.10 there was some buggy security code (I don't know
whether 2.3.6 was that way).  I'd suggest updating to 2.4.0 available
via ftp from linuxcare.com.au as well as following James Carlson's
advice.

--

/* Speak softly and carry a +6 two-handed sword. */

 
 
 

VPN Access Problem Win2K to Linux PPTP

Post by CtRi » Sat, 25 Nov 2000 04:00:00


Also, specify an IP address to assign to the client in chap-secrets!
 
 
 

1. Masq'g a pptp win2k vpn server through linux - need help...

Hi everybody,

As the subject says I'm trying to masq connections to a win2k vpn
server that is behind a linux router/firewall.  I'm having trouble
getting it to work through even though I've spent the last week
studying everything I could find on how to do it on the net.  Any help
would be greatly appreciated....

The network is as follows;

                          Linux Server;
eth0 (192.168.1.254) connects to the local lan  
eth1 (192.168.3.1) connects to another business that shares the same
net connection
eth2 (x.x.x.x) connects to the internet (public ip address via a high
speed connection - I won't display the ip here as I don't want to
advertise that it has (well will do) a pptp server running on it)
eth3 (192.168.2.1) connects to the win2k vpn server

The ip of the win2k vpn server is 192.168.2.2 (plus a second interface
192.168.1.2 that connects to the LAN)

I'm using Debian woody 3.0r0, I downloaded a clean 2.2.19 kernel from
kernel.org (had problems patching the one that came with debian.) and
applied the pptp masq patch to it.  I compiled the kernel successfully
and modprobed in the ip_masq_pptp module successfully to give pptp
masq support into the kernel.

I got the source and compiled ipfwd successfully, I followed the docs
on the net and managed after two days of trying various rules to get
the pptp masq'g to work on a test private ip network (masqing from one
192.168.x,.x network to another via a linux box the two cards in it)
but when I tried today to get the same setup running on a public ip
address I couldn't get it to work and I'm really lost as to why it's
not going, here is the settings I used.  Any suggestions/comments on
what may be wrong with them or suggestions on how to trace the fault
would be greatly appreciated.

My firewall script is as follows (with various port forwardings to
other computers such as mail servers cut out for simplicities sake)

ipchains -P input accept
ipchains -P output accept
ipchains -P forward DENY

# enable ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward

ipchains -M -S 7200 10 160

# masq subnets to net to enable net access
ipchains -A forward -i eth2 -s 192.168.1.0/24 -j MASQ
ipchains -A forward -i eth2 -s 192.168.2.0/24 -j MASQ
ipchains -A forward -i eth2 -s 192.168.3.0/24 -j MASQ

#forward incoming control connections to the vpn box
ipmasqadm portfw -a -P tcp -L <external ip> 1723 -R 192.168.2.2 1723

#masq incoming control and data vpn connections
ipchains -A forward -p tcp -s 0.0.0.0/0 -d 192.168.2.2/24 1723 -i eth3
-j MASQ
ipchains -A forward -p 47 -s 0.0.0.0/0 -d 192.168.2.2/24 -i eth3 -j
MASQ

# forwards initial data connections to the vpn box
ipfwd --masq 192.168.2.2 47 &

The above commands look right to me, any ideas would be greatly
appreciated.... I'm really lost and I really need to have this working
by tomorrow by the latest...  

-Thanks Jason

2. Win 95 is not a "stable" OS/environment was Re: ARGGGGGGGGGGHHHH!!! etc. etc.

3. windows VPN users to connect to openbsd with pptp and authenticate on radius(WIN2K)

4. Linux-Pentium-System

5. Win2k to Win2k VPN failing via ipchains

6. init: cannot execute "/etc/rc.d/rc.S"

7. access to a PPTP VPN through IPChains (lots of data)

8. tkined segmentation fault

9. VPN PPTP ACCESS

10. VPN to W2k with PPTP over Linux firewall Problem

11. Trying again with my linux pptp client problem to Microsoft vpn.

12. Linux Firewall & Microsoft PPTP (VPN) Problem.

13. linux pptp client to win2k server using mschapv2