Connecting to an MS VPN from a laptop running debian etch.

colin davidson colinpdavidson-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Sun Jan 4 20:48:55 UTC 2009


In case anyone is listening and interested...

It turns out that all I needed to do to open the tunnel was add
"refuse-eap" to the "/etc/ppp/options.pptp" file. However, that did
not open a route to the remote network and ARP traffic (or, I assume,
IP traffic) was not forwarded. This showed up as not being able to
"ping" hosts on the remote network. To solve this issue, I had to
create a file, "/etc/ppp/ip-up.d/vpnroute" file containing:

#!/bin/sh
if [ "${PPP_IPPARAM}" = "to-work" ]; then
   route add -net  <network IP address> netmask 255.255.255.0 dev ppp0
fi

Where the network IP address class-significant portion followed by
zeros. (And, of course, make the script executable).

This creates the needed route and I was able to ping remote hosts by
IP address, but I still could not access them by name. To do this, I
had to add "usepeerdns" to the "/etc/ppp/options.pptp", to get access
to the remote DNS servers.

Now I have a fully working VPN (I think).

Cheers, Colin

On Tue, Dec 30, 2008 at 12:42 AM, colin davidson
<colinpdavidson-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Hi Everyone,
>
> I'm trying to connect to my work machine which is running XP and is
> accessible via an MS VPN (I don't have any choice in the matter, so
> please hold the heckling :). Anyway, I followed the instructions in:
>
> http://pptpclient.sourceforge.net/howto-debian.phtml
>
> As far as I can see, I've done everything suggested. My
> "/etc/ppp/options.pptp" is:
>
> lock noauth nobsdcomp nodeflate
>
> Let's say that connecting via XP/Vista I connect to "vpn" on
> "domain.com", my account is "user" and password is "pwd". There are no
> problems connecting thus. (This is all just to anonymize my work
> account - I trust you'll all understand why I can't share the real
> thing).
>
> On the debian system my "/etc/ppp/chap-secrets" file is
>
> # Secrets for authentication using CHAP
> # client        server  secret                  IP addresses
>
> user PPTP pwd *
>
> I have a "/etc/ppp/peers/to-work" file which contains:
>
> pty "pptp vpn.domain.com --nolaunchpppd"
> name user
> remotename PPTP
> require-mppe-128
> file /etc/ppp/options.pptp
> ipparam to-work
>
> When I run "pon to-work debug dump logfd 2 nodetach" the screen output is:
>
> pppd options in effect:
> debug           # (from command line)
> nodetach                # (from command line)
> logfd 2         # (from command line)
> dump            # (from command line)
> noauth          # (from /etc/ppp/options.pptp)
> name user          # (from /etc/ppp/peers/to-work)
> remotename PPTP         # (from /etc/ppp/peers/to-work)
>                # (from /etc/ppp/options.pptp)
> pty pptp vpn.domain.com --nolaunchpppd          # (from /etc/ppp/peers/to-work)
> crtscts         # (from /etc/ppp/options)
>                # (from /etc/ppp/options)
> asyncmap 0              # (from /etc/ppp/options)
> lcp-echo-failure 4              # (from /etc/ppp/options)
> lcp-echo-interval 30            # (from /etc/ppp/options)
> hide-password           # (from /etc/ppp/options)
> ipparam to-work         # (from /etc/ppp/peers/to-work)
> proxyarp                # (from /etc/ppp/options)
> nobsdcomp               # (from /etc/ppp/options.pptp)
> nodeflate               # (from /etc/ppp/options.pptp)
> require-mppe-128                # (from /etc/ppp/peers/to-work)
> noipx           # (from /etc/ppp/options)
> using channel 12
> Using interface ppp0
> Connect: ppp0 <--> /dev/pts/13
> sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8395b784> <pcomp> <accomp>]
> rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x1cc54d5e>
> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint
> [local:2e.35.da.60.ac.e0.4f.57.ac.4c.b9.e3.81.97.dd.3a.00.00.00.00]> <
> 17 04 07 ff>]
> sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 07 ff>]
> rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x8395b784> <pcomp> <accomp>]
> rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x1cc54d5e>
> <pcomp> <accomp> <endpoint
> [local:2e.35.da.60.ac.e0.4f.57.ac.4c.b9.e3.81.97.dd.3a.00.00.00.00]>]
> sent [LCP ConfAck id=0x1 <mru 1400> <auth eap> <magic 0x1cc54d5e>
> <pcomp> <accomp> <endpoint
> [local:2e.35.da.60.ac.e0.4f.57.ac.4c.b9.e3.81.97.dd.3a.00.00.00.00]>]
> sent [LCP EchoReq id=0x0 magic=0x8395b784]
> rcvd [EAP Request id=0x17 Identity <No message>]
> sent [EAP Response id=0x17 Identity <Name "user">]
> rcvd [LCP EchoRep id=0x0 magic=0x1cc54d5e]
> rcvd [LCP TermReq id=0x3 1c c5 4d 5e 00 3c cd 74 00 00 03 ae]
> LCP terminated by peer (^\M-EM^^@<M-Mt^@^@^CM-.)
> sent [LCP TermAck id=0x3]
> Connection terminated.
> Modem hangup
> Waiting for 1 child processes...
>  script pptp vpn.domain.com --nolaunchpppd, pid 9847
> Script pptp vpn.domain.com --nolaunchpppd finished (pid 9847), status = 0x0
>
> I also tried "domain.com\\user" everywhere "user" appears above, with
> much the same result.
>
> If I recall it correctly, there was a delay after the EAP Name message
> or the LCP message following it.
>
> I also tried refusing EAP and got a similar hangup, again after
> sending the name.
>
> Any help/suggestions very welcome.
>
> Thanks, Colin
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list