VPN - Win clients Linux server - link fails with MPPE active - PPP

This is a discussion on VPN - Win clients Linux server - link fails with MPPE active - PPP ; Hello Although I'm already seeking help in the Poptop list, I'm hoping there might be someone here who isn't watching that list who can help me. Sorry if that's frowned upon. My problem is with connections from Windows clients to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: VPN - Win clients Linux server - link fails with MPPE active

  1. VPN - Win clients Linux server - link fails with MPPE active

    Hello

    Although I'm already seeking help in the Poptop list, I'm hoping there
    might be someone here who isn't watching that list who can help me.
    Sorry if that's frowned upon.

    My problem is with connections from Windows clients to a Poptop server
    (2.4.19 kernel patched with kernelmod MPPE; Potop 1.1.4; ppp 2.4.2b3).
    PPTP works perfectly unless I try to use MPPE, in which case I get no
    comms - pings in either direction time out.

    Below is a copy of my most recent post to Poptop. Progress prior to
    that, and other info, is on the www.poptop.org list. I am really
    desperate to get this working. If anyone has this working I'd
    appreciate very much the opportunity to compare setups.

    Thanks in advance
    Bill

    ----------------------------------

    Ok - I've now managed to get kernelmod to work. There was just one
    error:

    Building module ppp_generic.o
    ppp_generic.c: In function `ppp_read':
    ppp_generic.c:381: warning: `ret' might be used uninitialized in this
    function

    Can someone say whether I need worry?

    I still do not have pptp working though. I've installed latest ppp
    and
    pptpd and the latter fires up ok (just the License warning) but I
    still
    have no comms when MPPE is enabled. I've tried various combinations
    of
    settings. I get in the log "Unsupported protocol ..... received"
    errors
    whenever I attempt to ping from the client. The first byte of each
    packet
    increments. This effect is mentioned in James Cameron's PPTP Client
    Diagnosis doc, but maybe the reason for it is different in my case
    and I
    can't seem to overcome it. Can anyone suggest what's wrong based on
    the
    config and log below? I feel I'm very close to getting this working
    and
    to anyone who can put an end to my sleepless nights, well, I'll just
    love
    you to bits...

    /etc/ppp/options.poptop
    -----------------------
    debug
    show-password
    name *
    ipparam PoPToP
    lock
    mtu 1490
    mru 1490
    ms-wins 192.0.1.102
    ms-dns 192.0.1.113
    multilink
    proxyarp
    noauth
    ipcp-accept-local
    ipcp-accept-remote
    lcp-echo-failure 30
    lcp-echo-interval 5
    deflate 0
    # Options for ppp 2.4.2
    #refuse-pap
    #refuse-chap
    #refuse-mschap
    require-mppe-128
    require-mschap-v2
    # Options for ppp 2.4.1
    #-chap
    #-chapms
    #+chapms-v2
    #mppe-128
    #mppe-stateless
    #require-mppe
    #require-mppe-stateless
    -------------------------------------------------
    Aug 8 11:35:57 firewall kernel: PPP MPPE Compression module
    registered
    Aug 8 11:35:57 firewall pptpd[5066]: MGR: Manager process started
    Aug 8 11:35:57 firewall pptpd[5066]: MGR: Maximum of 30 connections
    available
    Aug 8 11:37:06 firewall pptpd[5070]: MGR: Launching
    /usr/local/sbin/pptpctrl to handle client
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: local address =
    192.0.1.124
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: remote address =
    192.0.1.170
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: pppd speed = 115200
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: pppd options file =
    /etc/ppp/options.poptop
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: Client 80.40.69.19
    control
    connection started
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: Received PPTP Control
    Message
    (type: 1)
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: Made a START CTRL CONN
    RPLY
    packet
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: I wrote 156 bytes to the
    client.
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: Sent packet to client
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: Received PPTP Control
    Message
    (type: 7)
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: Set parameters to 152
    maxbps,
    32 window size
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: Made a OUT CALL RPLY
    packet
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: Starting call (launching
    pppd, opening GRE)
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: pty_fd = 5
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: tty_fd = 6
    Aug 8 11:37:06 firewall pptpd[5071]: CTRL (PPPD Launcher):
    Connection
    speed = 115200
    Aug 8 11:37:06 firewall pptpd[5071]: CTRL (PPPD Launcher): local
    address
    = 192.0.1.124
    Aug 8 11:37:06 firewall pptpd[5071]: CTRL (PPPD Launcher): remote
    address = 192.0.1.170
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: I wrote 32 bytes to the
    client.
    Aug 8 11:37:06 firewall pptpd[5070]: CTRL: Sent packet to client
    Aug 8 11:37:06 firewall pppd[5071]: pppd 2.4.2b3 started by root,
    uid 0
    Aug 8 11:37:06 firewall pppd[5071]: using channel 214
    Aug 8 11:37:06 firewall pppd[5071]: Starting negotiation on
    /dev/pts/2
    Aug 8 11:37:06 firewall pppd[5071]: sent [LCP ConfReq id=0x1 1490>
    <
    pcomp> ]
    Aug 8 11:37:07 firewall pptpd[5070]: CTRL: Received PPTP Control
    Message
    (type: 15)
    Aug 8 11:37:07 firewall pptpd[5070]: CTRL: Got a SET LINK INFO
    packet
    with standard ACCMs
    Aug 8 11:37:07 firewall pppd[5071]: rcvd [LCP ConfReq id=0x0 0x3b6e> ]
    Aug 8 11:37:07 firewall pppd[5071]: sent [LCP ConfRej id=0x0
    CBCP>]
    Aug 8 11:37:07 firewall pppd[5071]: rcvd [LCP ConfReq id=0x1 0x3b6e> ]
    Aug 8 11:37:07 firewall pppd[5071]: sent [LCP ConfAck id=0x1 0x3b6e> ]
    Aug 8 11:37:08 firewall pppd[5071]: sent [LCP ConfReq id=0x1 1490>
    <
    pcomp> ]
    Aug 8 11:37:09 firewall pppd[5071]: rcvd [LCP ConfRej id=0x1 1490>
    ]
    Aug 8 11:37:09 firewall pppd[5071]: sent [LCP ConfReq id=0x2 1490>
    <
    pcomp> ]
    Aug 8 11:37:09 firewall pppd[5071]: rcvd [LCP ConfNak id=0x2 1500>]
    Aug 8 11:37:09 firewall pppd[5071]: sent [LCP ConfReq id=0x3
    0x0> omp>]
    Aug 8 11:37:09 firewall pptpd[5070]: CTRL: Received PPTP Control
    Message
    (type: 15)
    Aug 8 11:37:09 firewall pptpd[5070]: CTRL: Ignored a SET LINK INFO
    packet with real ACCMs!
    Aug 8 11:37:09 firewall pppd[5071]: rcvd [LCP ConfAck id=0x3
    0x0> omp>]
    Aug 8 11:37:09 firewall pppd[5071]: sent [LCP EchoReq id=0x0
    magic=0x66947fb6]
    Aug 8 11:37:09 firewall pppd[5071]: sent [CHAP Challenge id=0x1
    , name = "*"]
    Aug 8 11:37:09 firewall pppd[5071]: rcvd [LCP code=0xc id=0x2 00 00
    3b
    6e 4d 53 52 41 53 56 34 2e 30 30]
    Aug 8 11:37:09 firewall pppd[5071]: sent [LCP CodeRej id=0x4 0c 02
    00 12
    00 00 3b 6e 4d 53 52 41 53 56 34 2e 30 30]
    Aug 8 11:37:09 firewall pppd[5071]: rcvd [LCP code=0xc id=0x3 00 00
    3b
    6e 4d 53 52 41 53 2d 31 2d 49 54 2d 48 50 37 31 30 30]
    Aug 8 11:37:09 firewall pppd[5071]: sent [LCP CodeRej id=0x5 0c 03
    00 19
    00 00 3b 6e 4d 53 52 41 53 2d 31 2d 49 54 2d 48 50 3
    7 31 30 30]
    Aug 8 11:37:09 firewall pppd[5071]: rcvd [LCP EchoRep id=0x0
    magic=0x3b6e]
    Aug 8 11:37:09 firewall pppd[5071]: rcvd [CHAP Response id=0x1
    <19782d69cc1cd359c19f38891389674d0000000000000000cc 50389604b01
    053122f6ae0d5cf4c34ef3aa28c578f5e1400>, name = "BSWHQ\\aamike"]
    Aug 8 11:37:09 firewall pppd[5071]: sent [CHAP Success id=0x1
    "S=ACA2E7FA4EC129DCB578B86D4187C0BFE4E138FD M=Welcome to firewa
    ll."]
    Aug 8 11:37:09 firewall pppd[5071]: Script /etc/ppp/auth-up started
    (pid
    5072)
    Aug 8 11:37:09 firewall pppd[5071]: Couldn't set MRRU: Inappropriate
    ioctl for device
    Aug 8 11:37:09 firewall pppd[5071]: Using interface ppp0
    Aug 8 11:37:09 firewall pppd[5071]: sent [CCP ConfReq id=0x1 +H -M
    +S +L -D -C>]
    Aug 8 11:37:09 firewall pppd[5071]: CHAP peer authentication
    succeeded
    for BSWHQ\\aamike
    Aug 8 11:37:09 firewall pppd[5071]: Script /etc/ppp/auth-up finished
    (pid 5072), status = 0x0
    Aug 8 11:37:09 firewall pppd[5071]: rcvd [CCP ConfReq id=0x4 +H -M
    +S +L -D -C>]
    Aug 8 11:37:09 firewall pppd[5071]: sent [CCP ConfNak id=0x4 +H -M
    +S -L -D -C>]
    Aug 8 11:37:09 firewall pppd[5071]: rcvd [IPCP ConfReq id=0x5 0.0.0.0> .0.0> ]
    Aug 8 11:37:09 firewall pppd[5071]: sent [IPCP TermAck id=0x5]
    Aug 8 11:37:10 firewall pppd[5071]: rcvd [CCP ConfReq id=0x6 +H -M
    +S -L -D -C>]
    Aug 8 11:37:10 firewall pppd[5071]: sent [CCP ConfAck id=0x6 +H -M
    +S -L -D -C>]
    Aug 8 11:37:11 firewall pppd[5071]: rcvd [IPCP ConfReq id=0x5 0.0.0.0> .0.0> ]
    Aug 8 11:37:11 firewall pppd[5071]: sent [IPCP TermAck id=0x5]
    Aug 8 11:37:12 firewall pppd[5071]: sent [CCP ConfReq id=0x1 +H -M
    +S +L -D -C>]
    Aug 8 11:37:12 firewall pppd[5071]: rcvd [CCP ConfNak id=0x1 +H -M
    +S -L -D -C>]
    Aug 8 11:37:12 firewall pppd[5071]: sent [CCP ConfReq id=0x2 +H -M
    +S -L -D -C>]
    Aug 8 11:37:12 firewall pppd[5071]: rcvd [CCP ConfAck id=0x2 +H -M
    +S -L -D -C>]
    Aug 8 11:37:12 firewall pppd[5071]: MPPE 128-bit stateless
    compression
    enabled
    Aug 8 11:37:12 firewall pppd[5071]: sent [IPCP ConfReq id=0x1
    VJ 0f 01> ]
    Aug 8 11:37:12 firewall pppd[5071]: rcvd [IPCP ConfRej id=0x1
    VJ 0f 01>]
    Aug 8 11:37:12 firewall pppd[5071]: sent [IPCP ConfReq id=0x2 192.0.1.124>]
    Aug 8 11:37:13 firewall pppd[5071]: rcvd [IPCP ConfAck id=0x2 192.0.1.124>]
    Aug 8 11:37:14 firewall pppd[5071]: rcvd [IPCP ConfReq id=0x5 0.0.0.0> .0.0> ]
    Aug 8 11:37:14 firewall pppd[5071]: sent [IPCP ConfNak id=0x5 192.0.1.170>
    ]
    Aug 8 11:37:14 firewall pppd[5071]: rcvd [IPCP ConfReq id=0x7 192.0.1.170>
    ]
    Aug 8 11:37:14 firewall pppd[5071]: sent [IPCP ConfAck id=0x7 192.0.1.170>
    ]
    Aug 8 11:37:14 firewall pppd[5071]: found interface eth0 for proxy
    arp
    Aug 8 11:37:14 firewall pppd[5071]: local IP address 192.0.1.124
    Aug 8 11:37:14 firewall pppd[5071]: remote IP address 192.0.1.170
    Aug 8 11:37:14 firewall pppd[5071]: Script /etc/ppp/ip-up started
    (pid
    5089)
    Aug 8 11:37:14 firewall pppd[5071]: Script /etc/ppp/ip-up finished
    (pid
    5089), status = 0x0
    Aug 8 11:37:14 firewall pppd[5071]: rcvd [proto=0x28bf] 46 c5 44 5b
    81
    20 ff 16 b1 37 cd 4a 53 c1 1d 84 6d 56 54 3a ab b0 70
    bf bb f7 40 53 e0 8a fe 87 ...
    Aug 8 11:37:14 firewall pppd[5071]: Unsupported protocol 0x28bf
    received
    Aug 8 11:37:14 firewall pppd[5071]: sent [LCP ProtRej id=0x6 28 bf
    46 c5
    44 5b 81 20 ff 16 b1 37 cd 4a 53 c1 1d 84 6d 56 54 3
    a ab b0 70 bf bb f7 40 53 e0 8a ...]
    Aug 8 11:37:16 firewall pppd[5071]: rcvd [proto=0x1bc2] 12 07 08 1b
    7c
    69 05 2a 08 34 5b 62 94 ef be 06 7a a5 d9 d0 0c 4f 13
    4d 3f 3f e3 54 8e c0 bc de ...
    Aug 8 11:37:16 firewall pppd[5071]: Unsupported protocol 0x1bc2
    received
    Aug 8 11:37:16 firewall pppd[5071]: sent [LCP ProtRej id=0x7 1b c2
    12 07
    08 1b 7c 69 05 2a 08 34 5b 62 94 ef be 06 7a a5 d9 d
    0 0c 4f 13 4d 3f 3f e3 54 8e c0 ...]
    Aug 8 11:37:17 firewall pppd[5071]: rcvd [proto=0xc701] 8d f4 95 12
    35
    b4 9e 30 17 98 34 34 0b 2d 96 9b 65 46 10 69 9a e3 9a
    1b 19 a2 5e 38 53 50 69 fd ...
    Aug 8 11:37:17 firewall pppd[5071]: Unsupported protocol 0xc701
    received
    Aug 8 11:37:17 firewall pppd[5071]: sent [LCP ProtRej id=0x8 c7 01
    8d f4
    95 12 35 b4 9e 30 17 98 34 34 0b 2d 96 9b 65 46 10 6
    9 9a e3 9a 1b 19 a2 5e 38 53 50 ...]

  2. Possible clue?

    Hi

    FWIW, with encrytpion off tcpdump shows the traffic one would expect
    on ppp0 when pinging in either direction, but with encryption on,
    nothing shows up when pinging from client to server and when pinging
    from server to client, only the outgoing pings are seen. At the same
    time, when pinging from the client, Dial-up monitor for the VPN entry
    shows pings and replies (presumably the ProtRej frames) accumulating,
    and when pinging from server to client, Dial-up monitor on the client
    shows packets arriving but no replies going out.

    To me this "feels" like a compression / decompression or
    encryption/decryption problem on the server, but I'm struggling to
    confirm that, or to find out why.

    Is anyone out there successfully using PopTop 1.1.4 with MPPE? If so I
    would really like to compare notes.... Over the past week I've tried
    everything I can think of and I have to get this going and do *NOT*
    want to have to revert to using a Windows box!!!

    Thanks in advance
    Bill A.
    +44(0)1896 849255

    bill.allison@bsw.co.uk (Bill Allison) wrote in message news:<9dc3cc73.0308091448.15c85fd1@posting.google.com>...
    > Hello
    >
    > Although I'm already seeking help in the Poptop list, I'm hoping there
    > might be someone here who isn't watching that list who can help me.
    > Sorry if that's frowned upon.
    >
    > My problem is with connections from Windows clients to a Poptop server
    > (2.4.19 kernel patched with kernelmod MPPE; Potop 1.1.4; ppp 2.4.2b3).
    > PPTP works perfectly unless I try to use MPPE, in which case I get no
    > comms - pings in either direction time out.
    >
    > Below is a copy of my most recent post to Poptop. Progress prior to
    > that, and other info, is on the www.poptop.org list. I am really
    > desperate to get this working. If anyone has this working I'd
    > appreciate very much the opportunity to compare setups.
    >
    > Thanks in advance
    > Bill
    >
    > ----------------------------------
    >
    > Ok - I've now managed to get kernelmod to work. There was just one
    > error:
    >
    > Building module ppp_generic.o
    > ppp_generic.c: In function `ppp_read':
    > ppp_generic.c:381: warning: `ret' might be used uninitialized in this
    > function
    >
    > Can someone say whether I need worry?
    >
    > I still do not have pptp working though. I've installed latest ppp
    > and


    for the rest see previous post, for further info please see
    thread on poptop list (or if it's still down please ask)

+ Reply to Thread