[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PoPToP, OpenBSD 3.0 and Windows 2000
Correcting my own typo in-line here:
> -----Original Message-----
> From: Robert Schwartz
> Sent: Thursday, March 28, 2002 9:45 AM
> To: misc@openbsd.org
> Subject: Re: PoPToP, OpenBSD 3.0 and Windows 2000
>
> Having spent a few days on this problem (seeking to use the built-in
VPN
> client in windows 2000 without having to pony up for a bunch of SSH
> Sentinel licenses) I'd recommend saving your time.
>
> However, if you want to proceed, you will have better luck and better
> security using slirp instead of pptp. This offshoot of slirp appears
to
Obviously I meant "using slirp instead of ppp"
Thanks for catching that mistake those who responded directly
> be stale/abandoned, but I did get it to work with encrypted
> authentication and PoPToP on OpenBSD and get windows clients to
> connects.
>
> The overall stability of the situation was lower then I desired, and
it
> took some manual fiddling with arp to get the PoPToP server
> proxy-arp'ing correctly.
>
> Here is where you can find the slirp beta for OpenBSD/PoPToP
>
> http://www.serc.nl/people/vogt/vpn/#113b
>
>
> > -----Original Message-----
> > From: Jyri Hovila [mailto:jyri.hovila@iki.fi]
> > Sent: Wednesday, March 27, 2002 5:27 AM
> > To: misc@openbsd.org
> > Subject: PoPToP, OpenBSD 3.0 and Windows 2000
> >
> > Hello, world!
> >
> > I'm looking for a way to establish a VPN connection between an
OpenBSD
> > 3.0 firewall and Windows 2000 laptop. IPSec is not an option because
> our
> > ISP is blocking the ESP protocol. PoPToP would be great if only I
> could
> > make it work. I have successfully compiled it using the configure
> option
> > '--with-bsd-ppp'. I'm stuck in the same (unresolved?) situation
> > described in this message:
> >
> > http://www.monkey.org/openbsd/archive/misc/0004/msg00594.html
> >
> > So, my Windows 2000 laptop does connect to the OpenBSD firewall but
> does
> > not manage to authenticate. I've verified that there is GRE traffic
> > going both ways between the firewall and the laptop. Below are my
> > configuration- and log files. I would be very very grateful if
someone
> > was able to tell me what's the problem here.
> >
> > Thanks in advance!
> >
> > - Jyri
> >
> >
> > -------------------- begin /etc/pptpd.conf --------------------
> > speed 115200
> > localip 192.168.11.129
> > remoteip 192.168.11.130-139
> > pidfile /var/run/pptpd.pid
> > -------------------- end /etc/pptpd.conf --------------------
> >
> >
> > -------------------- begin /etc/ppp.conf --------------------
> > loop:
> > set timeout 0
> > set log phase chat connect lcp ipcp command
> > set device localhost:pptp
> > set dial
> > set login
> > # Server (local) IP address, Range for Clients, and Netmask
> > set ifaddr 192.168.11.129 192.168.11.130-192.168.11.139
> 255.255.255.255
> > set server /tmp/loop "" 0177
> >
> > loop-in:
> > set timeout 0
> > set log phase lcp ipcp command
> > allow mode direct
> >
> > pptp:
> > load loop
> > enable chap
> > disable pap
> > # Authenticate against /etc/passwd
> > # enable passwdauth
> > enable proxy
> > accept dns
> > # DNS Servers to assign client
> > set dns 123.123.123.123
> > # NetBIOS/WINS Servers to assign client
> > # set nbns 192.168.0.15 192.168.0.16
> > set device !/etc/ppp/secure
> > -------------------- end /etc/ppp.conf --------------------
> >
> >
> > -------------------- begin /etc/ppp/chap-secrets
--------------------
> > billy * bob *
> > -------------------- end /etc/ppp/chap-secrets --------------------
> >
> >
> > -------------------- begin /etc/ppp/ppp.secret --------------------
> > billy * * * *
> > -------------------- end /etc/ppp/ppp.secret --------------------
> >
> >
> > -------------------- begin /var/log/daemon.log --------------------
> > Mar 27 15:02:34 gw pptpd[3291]: CTRL: Client 10.10.2.7 control
> > connection started
> > Mar 27 15:02:34 gw pptpd[3291]: CTRL: Starting call (launching pppd,
> > opening GRE)
> > Mar 27 15:02:34 gw ppp[26749]: Phase: Using interface: tun1
> > Mar 27 15:02:34 gw ppp[26749]: Phase: deflink: Created in closed
state
> > Mar 27 15:02:34 gw ppp[26749]: Command: loop: set device
> localhost:pptp
> > Mar 27 15:02:34 gw ppp[26749]: Command: loop: set dial
> > Mar 27 15:02:34 gw ppp[26749]: Command: loop: set login
> > Mar 27 15:02:34 gw ppp[26749]: Command: loop: set ifaddr
> 192.168.11.129
> > 192.168.11.130 255.255.255.255
> > Mar 27 15:02:34 gw ppp[26749]: Command: loop: set server /tmp/loop
> > ******** 0177
> > Mar 27 15:02:34 gw ppp[26749]: Phase: Listening at local socket
> > /tmp/loop.
> > Mar 27 15:02:34 gw ppp[26749]: Command: pptp: enable chap
> > Mar 27 15:02:34 gw ppp[26749]: Command: pptp: disable pap
> > Mar 27 15:02:34 gw ppp[26749]: Command: pptp: enable proxy
> > Mar 27 15:02:34 gw ppp[26749]: Command: pptp: accept dns
> > Mar 27 15:02:34 gw ppp[26749]: Command: pptp: set dns
123.123.123.123
> > Mar 27 15:02:34 gw ppp[26749]: Command: pptp: set device
> > !/etc/ppp/secure
> > Mar 27 15:02:34 gw ppp[26749]: Phase: PPP Started (direct mode).
> > Mar 27 15:02:34 gw ppp[26749]: Phase: bundle: Establish
> > Mar 27 15:02:34 gw ppp[26749]: Phase: deflink: closed -> opening
> > Mar 27 15:02:34 gw ppp[26749]: Phase: deflink: Connected!
> > Mar 27 15:02:34 gw ppp[26749]: Phase: deflink: opening -> carrier
> > Mar 27 15:02:34 gw ppp[26749]: Phase: deflink: carrier -> lcp
> > Mar 27 15:02:34 gw ppp[26749]: LCP: FSM: Using "deflink" as a
> transport
> > Mar 27 15:02:34 gw ppp[26749]: LCP: deflink: State change Initial
-->
> > Closed
> > Mar 27 15:02:34 gw ppp[26749]: LCP: deflink: State change Closed -->
> > Stopped
> > Mar 27 15:02:35 gw ppp[26749]: LCP: deflink: LayerStart
> > Mar 27 15:02:35 gw ppp[26749]: LCP: deflink: SendConfigReq(1) state
=
> > Stopped
> > Mar 27 15:02:35 gw ppp[26749]: LCP: ACFCOMP[2]
> > Mar 27 15:02:35 gw ppp[26749]: LCP: PROTOCOMP[2]
> > Mar 27 15:02:35 gw ppp[26749]: LCP: ACCMAP[6] 0x00000000
> > Mar 27 15:02:35 gw ppp[26749]: LCP: MRU[4] 1500
> > Mar 27 15:02:35 gw ppp[26749]: LCP: MAGICNUM[6] 0x361111d9
> > Mar 27 15:02:35 gw ppp[26749]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> > Mar 27 15:02:35 gw ppp[26749]: LCP: deflink: State change Stopped
-->
> > Req-Sent
> > Mar 27 15:02:38 gw ppp[26749]: LCP: deflink: SendConfigReq(1) state
=
> > Req-Sent
> > Mar 27 15:02:38 gw ppp[26749]: LCP: ACFCOMP[2]
> > Mar 27 15:02:38 gw ppp[26749]: LCP: PROTOCOMP[2]
> > Mar 27 15:02:38 gw ppp[26749]: LCP: ACCMAP[6] 0x00000000
> > Mar 27 15:02:38 gw ppp[26749]: LCP: MRU[4] 1500
> > Mar 27 15:02:38 gw ppp[26749]: LCP: MAGICNUM[6] 0x361111d9
> > Mar 27 15:02:38 gw ppp[26749]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> > Mar 27 15:02:41 gw ppp[26749]: LCP: deflink: SendConfigReq(1) state
=
> > Req-Sent
> > Mar 27 15:02:41 gw ppp[26749]: LCP: ACFCOMP[2]
> > Mar 27 15:02:41 gw ppp[26749]: LCP: PROTOCOMP[2]
> > Mar 27 15:02:41 gw ppp[26749]: LCP: ACCMAP[6] 0x00000000
> > Mar 27 15:02:41 gw ppp[26749]: LCP: MRU[4] 1500
> > Mar 27 15:02:41 gw ppp[26749]: LCP: MAGICNUM[6] 0x361111d9
> > Mar 27 15:02:41 gw ppp[26749]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> > Mar 27 15:02:44 gw ppp[26749]: LCP: deflink: SendConfigReq(1) state
=
> > Req-Sent
> > Mar 27 15:02:44 gw ppp[26749]: LCP: ACFCOMP[2]
> > Mar 27 15:02:44 gw ppp[26749]: LCP: PROTOCOMP[2]
> > Mar 27 15:02:44 gw ppp[26749]: LCP: ACCMAP[6] 0x00000000
> > Mar 27 15:02:44 gw ppp[26749]: LCP: MRU[4] 1500
> > Mar 27 15:02:44 gw ppp[26749]: LCP: MAGICNUM[6] 0x361111d9
> > Mar 27 15:02:44 gw ppp[26749]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> > Mar 27 15:02:47 gw ppp[26749]: LCP: deflink: SendConfigReq(1) state
=
> > Req-Sent
> > Mar 27 15:02:47 gw ppp[26749]: LCP: ACFCOMP[2]
> > Mar 27 15:02:47 gw ppp[26749]: LCP: PROTOCOMP[2]
> > Mar 27 15:02:47 gw ppp[26749]: LCP: ACCMAP[6] 0x00000000
> > Mar 27 15:02:47 gw ppp[26749]: LCP: MRU[4] 1500
> > Mar 27 15:02:47 gw ppp[26749]: LCP: MAGICNUM[6] 0x361111d9
> > Mar 27 15:02:47 gw ppp[26749]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> > Mar 27 15:02:50 gw ppp[26749]: LCP: deflink: LayerFinish
> > Mar 27 15:02:50 gw ppp[26749]: LCP: deflink: State change Req-Sent
-->
> > Stopped
> > Mar 27 15:02:50 gw ppp[26749]: LCP: deflink: State change Stopped
-->
> > Closed
> > Mar 27 15:02:50 gw ppp[26749]: LCP: deflink: State change Closed -->
> > Initial
> > Mar 27 15:02:50 gw ppp[26749]: Phase: deflink: Disconnected!
> > Mar 27 15:02:50 gw pptpd[3291]: GRE: read(fd=5,buffer=6544,len=8196)
> > from PTY failed: status = 0 error = No error
> > Mar 27 15:02:50 gw pptpd[3291]: CTRL: PTY read or GRE write failed
> > (pty,gre)=(5,4)
> > Mar 27 15:02:50 gw pptpd[3291]: CTRL: Client 10.10.2.7 control
> > connection finished
> > Mar 27 15:02:50 gw ppp[26749]: Phase: deflink: Connect time: 16
secs:
> 0
> > octets in, 310 octets out
> > Mar 27 15:02:50 gw ppp[26749]: Phase: deflink: : 0 packets in, 5
> packets
> > out
> > Mar 27 15:02:50 gw ppp[26749]: Phase: total 19 bytes/sec, peak 24
> > bytes/sec on Wed Mar 27 15:02:38 2002
> > Mar 27 15:02:50 gw ppp[26749]: Phase: deflink: lcp -> closed
> > Mar 27 15:02:50 gw ppp[26749]: Warning: Del route failed:
> > ff02::%tun1/32: Non-existent
> > Mar 27 15:02:50 gw ppp[26749]: Phase: bundle: Dead
> > Mar 27 15:02:50 gw ppp[26749]: Warning: ff02::%tun1/32: Change route
> > failed: errno: Network is unreachable
> > Mar 27 15:02:50 gw ppp[26749]: Phase: PPP Terminated (normal).
> > Mar 27 15:02:50 gw ppp[26749]: Warning: Del route failed:
> > ff02::%tun1/32: Non-existent
> > -------------------- end /var/log/daemon.log --------------------