[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PoPToP, OpenBSD 3.0 and Windows 2000
- To: <misc@openbsd.org>
- Subject: Re: PoPToP, OpenBSD 3.0 and Windows 2000
- From: "Robert Schwartz" <robert@newdigitalparadigm.com>
- Date: Thu, 28 Mar 2002 09:45:25 -0800
- content-class: urn:content-classes:message
- Thread-Index: AcHVlZ2AF+/zNPMKSYaj3l2qdb2+RAA6PHrA
- Thread-Topic: PoPToP, OpenBSD 3.0 and Windows 2000
Having spent a few days on this problem (seeking to use the built-in VPN
client in windows 2000 without having to pony up for a bunch of SSH
Sentinel licenses) I'd recommend saving your time.
However, if you want to proceed, you will have better luck and better
security using slirp instead of pptp. This offshoot of slirp appears to
be stale/abandoned, but I did get it to work with encrypted
authentication and PoPToP on OpenBSD and get windows clients to
connects.
The overall stability of the situation was lower then I desired, and it
took some manual fiddling with arp to get the PoPToP server
proxy-arp'ing correctly.
Here is where you can find the slirp beta for OpenBSD/PoPToP
http://www.serc.nl/people/vogt/vpn/#113b
> -----Original Message-----
> From: Jyri Hovila [mailto:jyri.hovila@iki.fi]
> Sent: Wednesday, March 27, 2002 5:27 AM
> To: misc@openbsd.org
> Subject: PoPToP, OpenBSD 3.0 and Windows 2000
>
> Hello, world!
>
> I'm looking for a way to establish a VPN connection between an OpenBSD
> 3.0 firewall and Windows 2000 laptop. IPSec is not an option because
our
> ISP is blocking the ESP protocol. PoPToP would be great if only I
could
> make it work. I have successfully compiled it using the configure
option
> '--with-bsd-ppp'. I'm stuck in the same (unresolved?) situation
> described in this message:
>
> http://www.monkey.org/openbsd/archive/misc/0004/msg00594.html
>
> So, my Windows 2000 laptop does connect to the OpenBSD firewall but
does
> not manage to authenticate. I've verified that there is GRE traffic
> going both ways between the firewall and the laptop. Below are my
> configuration- and log files. I would be very very grateful if someone
> was able to tell me what's the problem here.
>
> Thanks in advance!
>
> - Jyri
>
>
> -------------------- begin /etc/pptpd.conf --------------------
> speed 115200
> localip 192.168.11.129
> remoteip 192.168.11.130-139
> pidfile /var/run/pptpd.pid
> -------------------- end /etc/pptpd.conf --------------------
>
>
> -------------------- begin /etc/ppp.conf --------------------
> loop:
> set timeout 0
> set log phase chat connect lcp ipcp command
> set device localhost:pptp
> set dial
> set login
> # Server (local) IP address, Range for Clients, and Netmask
> set ifaddr 192.168.11.129 192.168.11.130-192.168.11.139
255.255.255.255
> set server /tmp/loop "" 0177
>
> loop-in:
> set timeout 0
> set log phase lcp ipcp command
> allow mode direct
>
> pptp:
> load loop
> enable chap
> disable pap
> # Authenticate against /etc/passwd
> # enable passwdauth
> enable proxy
> accept dns
> # DNS Servers to assign client
> set dns 123.123.123.123
> # NetBIOS/WINS Servers to assign client
> # set nbns 192.168.0.15 192.168.0.16
> set device !/etc/ppp/secure
> -------------------- end /etc/ppp.conf --------------------
>
>
> -------------------- begin /etc/ppp/chap-secrets --------------------
> billy * bob *
> -------------------- end /etc/ppp/chap-secrets --------------------
>
>
> -------------------- begin /etc/ppp/ppp.secret --------------------
> billy * * * *
> -------------------- end /etc/ppp/ppp.secret --------------------
>
>
> -------------------- begin /var/log/daemon.log --------------------
> Mar 27 15:02:34 gw pptpd[3291]: CTRL: Client 10.10.2.7 control
> connection started
> Mar 27 15:02:34 gw pptpd[3291]: CTRL: Starting call (launching pppd,
> opening GRE)
> Mar 27 15:02:34 gw ppp[26749]: Phase: Using interface: tun1
> Mar 27 15:02:34 gw ppp[26749]: Phase: deflink: Created in closed state
> Mar 27 15:02:34 gw ppp[26749]: Command: loop: set device
localhost:pptp
> Mar 27 15:02:34 gw ppp[26749]: Command: loop: set dial
> Mar 27 15:02:34 gw ppp[26749]: Command: loop: set login
> Mar 27 15:02:34 gw ppp[26749]: Command: loop: set ifaddr
192.168.11.129
> 192.168.11.130 255.255.255.255
> Mar 27 15:02:34 gw ppp[26749]: Command: loop: set server /tmp/loop
> ******** 0177
> Mar 27 15:02:34 gw ppp[26749]: Phase: Listening at local socket
> /tmp/loop.
> Mar 27 15:02:34 gw ppp[26749]: Command: pptp: enable chap
> Mar 27 15:02:34 gw ppp[26749]: Command: pptp: disable pap
> Mar 27 15:02:34 gw ppp[26749]: Command: pptp: enable proxy
> Mar 27 15:02:34 gw ppp[26749]: Command: pptp: accept dns
> Mar 27 15:02:34 gw ppp[26749]: Command: pptp: set dns 123.123.123.123
> Mar 27 15:02:34 gw ppp[26749]: Command: pptp: set device
> !/etc/ppp/secure
> Mar 27 15:02:34 gw ppp[26749]: Phase: PPP Started (direct mode).
> Mar 27 15:02:34 gw ppp[26749]: Phase: bundle: Establish
> Mar 27 15:02:34 gw ppp[26749]: Phase: deflink: closed -> opening
> Mar 27 15:02:34 gw ppp[26749]: Phase: deflink: Connected!
> Mar 27 15:02:34 gw ppp[26749]: Phase: deflink: opening -> carrier
> Mar 27 15:02:34 gw ppp[26749]: Phase: deflink: carrier -> lcp
> Mar 27 15:02:34 gw ppp[26749]: LCP: FSM: Using "deflink" as a
transport
> Mar 27 15:02:34 gw ppp[26749]: LCP: deflink: State change Initial -->
> Closed
> Mar 27 15:02:34 gw ppp[26749]: LCP: deflink: State change Closed -->
> Stopped
> Mar 27 15:02:35 gw ppp[26749]: LCP: deflink: LayerStart
> Mar 27 15:02:35 gw ppp[26749]: LCP: deflink: SendConfigReq(1) state =
> Stopped
> Mar 27 15:02:35 gw ppp[26749]: LCP: ACFCOMP[2]
> Mar 27 15:02:35 gw ppp[26749]: LCP: PROTOCOMP[2]
> Mar 27 15:02:35 gw ppp[26749]: LCP: ACCMAP[6] 0x00000000
> Mar 27 15:02:35 gw ppp[26749]: LCP: MRU[4] 1500
> Mar 27 15:02:35 gw ppp[26749]: LCP: MAGICNUM[6] 0x361111d9
> Mar 27 15:02:35 gw ppp[26749]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> Mar 27 15:02:35 gw ppp[26749]: LCP: deflink: State change Stopped -->
> Req-Sent
> Mar 27 15:02:38 gw ppp[26749]: LCP: deflink: SendConfigReq(1) state =
> Req-Sent
> Mar 27 15:02:38 gw ppp[26749]: LCP: ACFCOMP[2]
> Mar 27 15:02:38 gw ppp[26749]: LCP: PROTOCOMP[2]
> Mar 27 15:02:38 gw ppp[26749]: LCP: ACCMAP[6] 0x00000000
> Mar 27 15:02:38 gw ppp[26749]: LCP: MRU[4] 1500
> Mar 27 15:02:38 gw ppp[26749]: LCP: MAGICNUM[6] 0x361111d9
> Mar 27 15:02:38 gw ppp[26749]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> Mar 27 15:02:41 gw ppp[26749]: LCP: deflink: SendConfigReq(1) state =
> Req-Sent
> Mar 27 15:02:41 gw ppp[26749]: LCP: ACFCOMP[2]
> Mar 27 15:02:41 gw ppp[26749]: LCP: PROTOCOMP[2]
> Mar 27 15:02:41 gw ppp[26749]: LCP: ACCMAP[6] 0x00000000
> Mar 27 15:02:41 gw ppp[26749]: LCP: MRU[4] 1500
> Mar 27 15:02:41 gw ppp[26749]: LCP: MAGICNUM[6] 0x361111d9
> Mar 27 15:02:41 gw ppp[26749]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> Mar 27 15:02:44 gw ppp[26749]: LCP: deflink: SendConfigReq(1) state =
> Req-Sent
> Mar 27 15:02:44 gw ppp[26749]: LCP: ACFCOMP[2]
> Mar 27 15:02:44 gw ppp[26749]: LCP: PROTOCOMP[2]
> Mar 27 15:02:44 gw ppp[26749]: LCP: ACCMAP[6] 0x00000000
> Mar 27 15:02:44 gw ppp[26749]: LCP: MRU[4] 1500
> Mar 27 15:02:44 gw ppp[26749]: LCP: MAGICNUM[6] 0x361111d9
> Mar 27 15:02:44 gw ppp[26749]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> Mar 27 15:02:47 gw ppp[26749]: LCP: deflink: SendConfigReq(1) state =
> Req-Sent
> Mar 27 15:02:47 gw ppp[26749]: LCP: ACFCOMP[2]
> Mar 27 15:02:47 gw ppp[26749]: LCP: PROTOCOMP[2]
> Mar 27 15:02:47 gw ppp[26749]: LCP: ACCMAP[6] 0x00000000
> Mar 27 15:02:47 gw ppp[26749]: LCP: MRU[4] 1500
> Mar 27 15:02:47 gw ppp[26749]: LCP: MAGICNUM[6] 0x361111d9
> Mar 27 15:02:47 gw ppp[26749]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> Mar 27 15:02:50 gw ppp[26749]: LCP: deflink: LayerFinish
> Mar 27 15:02:50 gw ppp[26749]: LCP: deflink: State change Req-Sent -->
> Stopped
> Mar 27 15:02:50 gw ppp[26749]: LCP: deflink: State change Stopped -->
> Closed
> Mar 27 15:02:50 gw ppp[26749]: LCP: deflink: State change Closed -->
> Initial
> Mar 27 15:02:50 gw ppp[26749]: Phase: deflink: Disconnected!
> Mar 27 15:02:50 gw pptpd[3291]: GRE: read(fd=5,buffer=6544,len=8196)
> from PTY failed: status = 0 error = No error
> Mar 27 15:02:50 gw pptpd[3291]: CTRL: PTY read or GRE write failed
> (pty,gre)=(5,4)
> Mar 27 15:02:50 gw pptpd[3291]: CTRL: Client 10.10.2.7 control
> connection finished
> Mar 27 15:02:50 gw ppp[26749]: Phase: deflink: Connect time: 16 secs:
0
> octets in, 310 octets out
> Mar 27 15:02:50 gw ppp[26749]: Phase: deflink: : 0 packets in, 5
packets
> out
> Mar 27 15:02:50 gw ppp[26749]: Phase: total 19 bytes/sec, peak 24
> bytes/sec on Wed Mar 27 15:02:38 2002
> Mar 27 15:02:50 gw ppp[26749]: Phase: deflink: lcp -> closed
> Mar 27 15:02:50 gw ppp[26749]: Warning: Del route failed:
> ff02::%tun1/32: Non-existent
> Mar 27 15:02:50 gw ppp[26749]: Phase: bundle: Dead
> Mar 27 15:02:50 gw ppp[26749]: Warning: ff02::%tun1/32: Change route
> failed: errno: Network is unreachable
> Mar 27 15:02:50 gw ppp[26749]: Phase: PPP Terminated (normal).
> Mar 27 15:02:50 gw ppp[26749]: Warning: Del route failed:
> ff02::%tun1/32: Non-existent
> -------------------- end /var/log/daemon.log --------------------