Re: VPN PPP-SSH questions - PPP

This is a discussion on Re: VPN PPP-SSH questions - PPP ; New update! I've just run the script again. I got the screen: Warning: couldn't open ppp database /var/run/ppp.tdb Using interface ppp0 Connect: ppp0 /dev/pts/0 found interface eth0 for proxy arp local IP address 192.168.0.0 remote IP addres 192.168.0.202 The file ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Re: VPN PPP-SSH questions

  1. Re: VPN PPP-SSH questions

    New update!

    I've just run the script again. I got the screen:

    Warning: couldn't open ppp database /var/run/ppp.tdb
    Using interface ppp0
    Connect: ppp0 <--> /dev/pts/0
    found interface eth0 for proxy arp
    local IP address 192.168.0.0
    remote IP addres 192.168.0.202

    The file indeed exists in the system but it is a link. Below is the detail
    information:

    lrwxrwxrwxr 1 root root /var/run/ppp.tdb ->
    /KNOPPIX//var/run/pppd.tdb

    The access right of ppp.tdb in /KNOPPIX//var/run/pppd.tdb is -rw-r--r--.

    There is no error in syslog.

    When I ran ifconfig, I saw ppp0 running in the client but there was no ppp0
    running in the server.
    Below is the information of ppp0 in the client:
    Link encap: Point-to-Point Protocol
    inet addr: 192.168.0.9 P-t-P: 192.168.0.202 Mask: 255.255.255.255
    up POINTOPOINT RUNNING NOARP MUTICAST MTU:1500 Metric: 1
    RX Packets: 4 errors: 0 dropped: 0 overruns: 0 frame: 0
    TX Packets: 10 errors: 0 dropped: 0 overruns: 0 carrier: 0
    Collisions: 0 txqueuelen:3
    RX bytes: 59(59.0 B) TX bytes: 554(554.0 B)

    Finally, the versions of PPP and SSH are:
    Client Server
    PPP 2.4.1.uus-5 2.4.1-7
    SSH 3.6.1P2-9 2.4P1-2

    Too much information? I still cannot "ping" the server. Any advice?

    "charleswong" 在郵件
    news:c9heks$1ov4@imsp212.netvigator.com 中撰寫...
    > Hi,
    >
    > I'm following this howto: http://tldp.org/HOWTO/ppp-ssh/index.html to

    build
    > a VPN on my Linux distro called: DamnSmallLinux (DSL):
    > http://www.damnsmalllinux.org. DSL is a samll size version of cd-rom
    > bootable Linux distro: Knoppix. And the server is running on Redhat.
    >
    > In other words, I have a client running on DSL and the server is running

    on
    > Redhat. Client and server are connected via router.
    >
    > Client and server can talk to each other well by using ping, ssh and even
    > scp to transmit file to each other.
    >
    > Then I ran the script below, the client could connect the server
    > successfully. The screen looked like something like this:
    >
    > Using interface ppp0
    > Connect: ppp0 <--> /dev/pts/0
    > local IP address 192.168.0.0
    > remote IP addres 192.168.0.202
    >
    > Then I tried to ping the client, it worked. However, I could not ping the
    > server (no matter by ip address nor hostname) anymore.
    >
    > How can I trace what the problem is? Please contact me freely if I have to
    > provide more about my network information.
    >
    > #!/bin/sh
    >
    > SERVER_HOSTNAME=rams.syshk.com
    > SERVER_USERNAME=vpn
    > SERVER_IFIPADDR=192.168.0.202
    > CLIENT_IFIPADDR=192.168.0.9
    > LOCAL_SSH_OPTS="-P"
    > PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/:
    >
    > PPPD=/usr/sbin/pppd
    > SSH=/usr/bin/ssh
    >
    > if [ ! -f $PPPD ]; then
    > echo "can't find $PPPD"
    > exit 3
    > fi
    >
    > if [ ! -f $ SSH ]; then
    > echo "can't find $SSH
    > exit 3
    > fi
    >
    > case "$1" in
    > start)
    > # echo -n "Starting vpn to $SERVER_HOSTNAME: "
    > ${PPPD} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS}
    > ${SERVER_HOSTNAME} -l{SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD}
    > nodetach notty noauth" ipparm vpn ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR}
    > # echo "connected."
    > ;;
    > stop)
    > # echo -n "Stopping vpn to $SERVER_HOSTNAME: "
    > PID=`ps ax | grep "${SSH} ${LOCAL_SSH_OPTS}
    > ${SERVER_HOSTNAME} -l${SERVER_USERNAME -o | grep -v 'passive ' | grep -v
    > 'grep' | awk '{print $1}'`
    > if [ "${PID}" != "" ]; then
    > kill $PID
    > echo "disconnected."
    > else
    > echo "Failed to find PID for the connection"
    > fi
    > ;;
    > config)
    > echo "SERVER_HOSTNAME=$SERVER_HOSTNAME"
    > echo "SERVER_USERNAME=$SERVER_USERNAME"
    > echo "SERVER_IFIPADDR=$SERVER_IFIPADDR"
    > echo "CLIENT_IFIPADDR=$CLIENT_IFIPADDR"
    > ;;
    > *)
    > echo "Usage: vpn {start|stop|config}"
    > exit 1
    > ;;
    > esac
    > exit 0
    >
    >
    >
    >
    >
    >
    >




  2. Re: VPN PPP-SSH questions

    "charleswong" writes:
    > Warning: couldn't open ppp database /var/run/ppp.tdb
    > Using interface ppp0
    > Connect: ppp0 <--> /dev/pts/0
    > found interface eth0 for proxy arp
    > local IP address 192.168.0.0
    > remote IP addres 192.168.0.202


    Your local IP address is 192.168.0.0? Really?

    > The file indeed exists in the system but it is a link. Below is the detail
    > information:
    >
    > lrwxrwxrwxr 1 root root /var/run/ppp.tdb ->
    > /KNOPPIX//var/run/pppd.tdb


    Unless you're trying to do Multilink PPP, that's just irrelevant.
    Don't worry about the ppp.tdb file.

    > There is no error in syslog.


    There's also not much information because pppd was run without the
    'debug' option. If you suspect that there's a problem with PPP
    itself, then you need to run pppd with the debug option, make sure
    that daemon.debug is directed to a file, and post *all* of the output.

    > inet addr: 192.168.0.9 P-t-P: 192.168.0.202 Mask: 255.255.255.255


    That doesn't match the logs above. What are we looking at?

    > Too much information? I still cannot "ping" the server. Any advice?


    It sounds like you might have some sort of name server and/or routing
    problems. I don't see anything here that looks like a PPP problem.

    --
    James Carlson, IP Systems Group
    Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

  3. Re: VPN PPP-SSH questions

    I might mislead you all.

    In the previous mail, I said the process in the server was not removed
    automatically when the VPN stopped.

    Actually, I mean the routing table entry, which was not removed
    automatically.

    For example, interface links are added to both client and server
    respectively after I have run the VPN script. I can see these entries in the
    routing table in the client and server. When I stopped the vpn script, the
    interface link and routing table entry were removed in the client side. But
    the interface link and routing table entry in the server are still there.

    How can I stop/remove the interface link and routing table entry from the
    client side? Should I post this question here or to the network news group?


    "charleswong" 在郵件
    news:c9hpm3$1om4@imsp212.netvigator.com 中撰寫...
    > Thanks James.
    >
    > I almost solve the problem.
    >
    > The real IPs of the client and server are 192.168.0.9 and 192.168.0.202
    > respectively. In the script, I chose these IPs as client and server. I've
    > just found out that I have to choose another set of IP addresses. Then I
    > changed IP addresses to 192.168.3.1 and 192.168.3.2 respectively in the
    > script. Finally, the vpn works now.
    >
    > However, another problem occurs (last problem I think).
    >
    > When I run the stop option in the script, the ssh-ppp process in the

    client
    > side is killed successfully. But the process in the server is still there.
    > How can I kill the process in the server?
    >
    > Ah! If this problem is not related to PPP. Do you know where I can post my
    > question?
    >
    >
    > "James Carlson" ???

    news:xoavr7szlf1z.fsf@sun.com
    > ???...
    > > "charleswong" writes:
    > > > Warning: couldn't open ppp database /var/run/ppp.tdb
    > > > Using interface ppp0
    > > > Connect: ppp0 <--> /dev/pts/0
    > > > found interface eth0 for proxy arp
    > > > local IP address 192.168.0.0
    > > > remote IP addres 192.168.0.202

    > >
    > > Your local IP address is 192.168.0.0? Really?
    > >
    > > > The file indeed exists in the system but it is a link. Below is the

    > detail
    > > > information:
    > > >
    > > > lrwxrwxrwxr 1 root root /var/run/ppp.tdb ->
    > > > /KNOPPIX//var/run/pppd.tdb

    > >
    > > Unless you're trying to do Multilink PPP, that's just irrelevant.
    > > Don't worry about the ppp.tdb file.
    > >
    > > > There is no error in syslog.

    > >
    > > There's also not much information because pppd was run without the
    > > 'debug' option. If you suspect that there's a problem with PPP
    > > itself, then you need to run pppd with the debug option, make sure
    > > that daemon.debug is directed to a file, and post *all* of the output.
    > >
    > > > inet addr: 192.168.0.9 P-t-P: 192.168.0.202 Mask: 255.255.255.255

    > >
    > > That doesn't match the logs above. What are we looking at?
    > >
    > > > Too much information? I still cannot "ping" the server. Any advice?

    > >
    > > It sounds like you might have some sort of name server and/or routing
    > > problems. I don't see anything here that looks like a PPP problem.
    > >
    > > --
    > > James Carlson, IP Systems Group
    > > Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    > > MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

    >
    >




  4. Re: VPN PPP-SSH questions

    charleswong wrote:
    > New update!


    Where/when was the old update?

    > I've just run the script again. I got the screen:


    > Warning: couldn't open ppp database /var/run/ppp.tdb


    If you are using the setup I think you are then that's no surprise.
    This link appears to be a link to a file on a Knoppix CD (from what
    you say below), so writing to the file is not possible.

    > Using interface ppp0
    > Connect: ppp0 <--> /dev/pts/0
    > found interface eth0 for proxy arp
    > local IP address 192.168.0.0
    > remote IP addres 192.168.0.202


    The local IP address makes no sense. I have no idea as to how the
    pppd gets 192.168.0.0. Of course you did say "I got from the screen:"
    so maybe that IP address has a typo. Hand copies are not reliable.

    If you've got IP addresses then the PPP link negotiations between the
    "client" and server completed.

    > The file indeed exists in the system but it is a link. Below is the detail
    > information:


    > lrwxrwxrwxr 1 root root /var/run/ppp.tdb ->
    > /KNOPPIX//var/run/pppd.tdb


    That doesn't make much sense either, unless the Knoppix CD is mounted
    on the /KNOPPIX directory. Even then I don't know why there would be
    two /'s between X and var.

    > The access right of ppp.tdb in /KNOPPIX//var/run/pppd.tdb is -rw-r--r--.


    What good does a write permission do for a file on a CD? Regardless of
    the write permission nothing can be written to it.

    > There is no error in syslog.


    It's a warning, not an error - and anyway it's *not* part of the problem.

    > When I ran ifconfig, I saw ppp0 running in the client but there
    > was no ppp0 running in the server.


    Did it occur to you that the problem might be on the "server"? There
    should be a PPP interface there since IP addresses where negotiated.
    Although the "server" pppd might have died for some reason before you
    looked for a PPP interface.

    > Below is the information of ppp0 in the client:
    > Link encap: Point-to-Point Protocol
    > inet addr: 192.168.0.9 P-t-P: 192.168.0.202 Mask: 255.255.255.255
    > up POINTOPOINT RUNNING NOARP MUTICAST MTU:1500 Metric: 1
    > RX Packets: 4 errors: 0 dropped: 0 overruns: 0 frame: 0
    > TX Packets: 10 errors: 0 dropped: 0 overruns: 0 carrier: 0
    > Collisions: 0 txqueuelen:3
    > RX bytes: 59(59.0 B) TX bytes: 554(554.0 B)


    Here the local IP address is shown as 192.168.0.9, so I guess the local
    IP address shown previously was a typo. This shows bytes received and
    transmitted through the PPP interface, rather strange in view of your
    assertion that "no ppp0 was running in the server." That seems to
    imply that the "server" interface was up for a short time but died
    for some reason.

    > Finally, the versions of PPP and SSH are:
    > Client Server
    > PPP 2.4.1.uus-5 2.4.1-7
    > SSH 3.6.1P2-9 2.4P1-2


    It looks like both the "client" and "server" distributors have modified
    pppd and ssh.

    > Too much information? I still cannot "ping" the server. Any advice?


    Adding the pppd debug option to both sides and posting exact copies
    (not hand copies), including timestamps, of relevant information from
    the logs of each would be a good idea.

    Moving to the COLN newsgroup might be an even better idea.

    --
    Clifford Kite Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
    PPP-Q&A links, downloads: http://ckite.no-ip.net/
    /* Editing with vi is a lot better than using a huge swiss army knife.
    Use =} to wrap paragraphs in vi. Or put map ^] !}fmt -72^M in
    ~/.exrc and use ^] to wrap to 72 columns or whatever you choose. */

  5. Re: VPN PPP-SSH questions

    Clifford,

    Thanks for your detail reply.

    Old update? Please see my previous mails?

    In addition, I have almost solved all my problem. Please see my last mail in
    this news group.


    "Clifford Kite" 在郵件
    news:edpk9c.6g.ln@corncob.localhost.tld 中撰寫...
    > charleswong wrote:
    > > New update!

    >
    > Where/when was the old update?
    >
    > > I've just run the script again. I got the screen:

    >
    > > Warning: couldn't open ppp database /var/run/ppp.tdb

    >
    > If you are using the setup I think you are then that's no surprise.
    > This link appears to be a link to a file on a Knoppix CD (from what
    > you say below), so writing to the file is not possible.
    >
    > > Using interface ppp0
    > > Connect: ppp0 <--> /dev/pts/0
    > > found interface eth0 for proxy arp
    > > local IP address 192.168.0.0
    > > remote IP addres 192.168.0.202

    >
    > The local IP address makes no sense. I have no idea as to how the
    > pppd gets 192.168.0.0. Of course you did say "I got from the screen:"
    > so maybe that IP address has a typo. Hand copies are not reliable.
    >
    > If you've got IP addresses then the PPP link negotiations between the
    > "client" and server completed.
    >
    > > The file indeed exists in the system but it is a link. Below is the

    detail
    > > information:

    >
    > > lrwxrwxrwxr 1 root root /var/run/ppp.tdb ->
    > > /KNOPPIX//var/run/pppd.tdb

    >
    > That doesn't make much sense either, unless the Knoppix CD is mounted
    > on the /KNOPPIX directory. Even then I don't know why there would be
    > two /'s between X and var.
    >
    > > The access right of ppp.tdb in /KNOPPIX//var/run/pppd.tdb is -rw-r--r--.

    >
    > What good does a write permission do for a file on a CD? Regardless of
    > the write permission nothing can be written to it.
    >
    > > There is no error in syslog.

    >
    > It's a warning, not an error - and anyway it's *not* part of the problem.
    >
    > > When I ran ifconfig, I saw ppp0 running in the client but there
    > > was no ppp0 running in the server.

    >
    > Did it occur to you that the problem might be on the "server"? There
    > should be a PPP interface there since IP addresses where negotiated.
    > Although the "server" pppd might have died for some reason before you
    > looked for a PPP interface.
    >
    > > Below is the information of ppp0 in the client:
    > > Link encap: Point-to-Point Protocol
    > > inet addr: 192.168.0.9 P-t-P: 192.168.0.202 Mask: 255.255.255.255
    > > up POINTOPOINT RUNNING NOARP MUTICAST MTU:1500 Metric: 1
    > > RX Packets: 4 errors: 0 dropped: 0 overruns: 0 frame: 0
    > > TX Packets: 10 errors: 0 dropped: 0 overruns: 0 carrier: 0
    > > Collisions: 0 txqueuelen:3
    > > RX bytes: 59(59.0 B) TX bytes: 554(554.0 B)

    >
    > Here the local IP address is shown as 192.168.0.9, so I guess the local
    > IP address shown previously was a typo. This shows bytes received and
    > transmitted through the PPP interface, rather strange in view of your
    > assertion that "no ppp0 was running in the server." That seems to
    > imply that the "server" interface was up for a short time but died
    > for some reason.
    >
    > > Finally, the versions of PPP and SSH are:
    > > Client Server
    > > PPP 2.4.1.uus-5 2.4.1-7
    > > SSH 3.6.1P2-9 2.4P1-2

    >
    > It looks like both the "client" and "server" distributors have modified
    > pppd and ssh.
    >
    > > Too much information? I still cannot "ping" the server. Any advice?

    >
    > Adding the pppd debug option to both sides and posting exact copies
    > (not hand copies), including timestamps, of relevant information from
    > the logs of each would be a good idea.
    >
    > Moving to the COLN newsgroup might be an even better idea.
    >
    > --
    > Clifford Kite Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
    > PPP-Q&A links, downloads: http://ckite.no-ip.net/
    > /* Editing with vi is a lot better than using a huge swiss army knife.
    > Use =} to wrap paragraphs in vi. Or put map ^] !}fmt -72^M in
    > ~/.exrc and use ^] to wrap to 72 columns or whatever you choose. */




  6. Re: VPN PPP-SSH questions

    charleswong wrote:

    > Old update? Please see my previous mails?


    Believe it or not, my newserver only delivered your first post of this
    thread today.

    --
    Clifford Kite Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
    PPP-Q&A links, downloads: http://ckite.no-ip.net/
    /* I hear and I forget. I see and I remember. I do and I understand.
    --Confucius, 551-479 BC */

  7. Re: VPN PPP-SSH questions

    Clifford,

    Has you contact your ISP for missing mails?

    My first question was posted on June 01. There are totally ten mails
    (including this mail and replying mails) now.



    "Clifford Kite" 在郵件
    news:kmqq9c.ov2.ln@corncob.localhost.tld 中撰寫...
    > charleswong wrote:
    >
    > > Old update? Please see my previous mails?

    >
    > Believe it or not, my newserver only delivered your first post of this
    > thread today.
    >
    > --
    > Clifford Kite Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
    > PPP-Q&A links, downloads: http://ckite.no-ip.net/
    > /* I hear and I forget. I see and I remember. I do and I understand.
    > --Confucius, 551-479 BC */




  8. Re: VPN PPP-SSH questions

    "charleswong" writes:
    > The real IPs of the client and server are 192.168.0.9 and 192.168.0.202
    > respectively. In the script, I chose these IPs as client and server. I've
    > just found out that I have to choose another set of IP addresses. Then I
    > changed IP addresses to 192.168.3.1 and 192.168.3.2 respectively in the
    > script. Finally, the vpn works now.


    I'm not sure I understand that, but if it works, ok.

    > However, another problem occurs (last problem I think).
    >
    > When I run the stop option in the script, the ssh-ppp process in the client
    > side is killed successfully. But the process in the server is still there.
    > How can I kill the process in the server?


    There have been a few bugs related to notifying the peer about
    shutdown, and the ones I know about are fixed in the current CVS
    sources from samba.org.

    If you can't use those sources, then you might want to debug why the
    tunnel isn't getting shut down when pppd exits. I don't think that
    part is a problem with pppd.

    > Ah! If this problem is not related to PPP. Do you know where I can post my
    > question?


    A newsgroup related to the operating system(s) you're using might be a
    fair start.

    --
    James Carlson, IP Systems Group
    Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

+ Reply to Thread