home | list info | list archive | date index | thread index

[OCLUG-Tech] Linux/Ubuntu VPN Woes (with pptpconfig)

Hey folks,

I've been having trouble getting a VPN working into my employer's
network.  I assume that it's a routing problem.  Some forum trolling
hasn't turned up much - but it's kinda hard to describe and search
for.  Also worth mentioning that I'm sure it's at my end - as I can
VPN from my Windows box.

Here's what I've done (Using Ubuntu 6.10 - Edgy Eft):

- I have installed, and am using pptpconfig (running as root with "sudo")
- I've got a tunnel configured with a name, IP address (confirmed
correct), username, and password.  I did not specify a domain, as when
I use the one I think correct - I get disconnected.
- I've got three routes configured as "Client to LAN" under
pptpconfig's Routing tab:
   - 192.168.1.0/24 for the "regular" network at my employer's
   - 192.168.0.0/24 for the "admin" network at my employer's (DNS
servers and such)
   - 10.2.0.0/24 for the "lab" network
- We'll say my home LAN is 192.168.256.x (not 256, obviously, but not
0 or 1 either).
- The encryption tab has "Require Microsoft Point-to-Point Encryption"
and "Refuse to Authenticate with EAP" checked - I believe these are
the defaults.
- I have enabled debugging as well.

When I launch the tunnel - I get the following in the log window
(names changed to protect the innocent):
pptpconfig: debug information dump begins
WARNING: security sensitive information follows
pptpconfig 1.12 2006/08/21 06:19:12
# pptp --version
pptp: unrecognized option `--version'
pptp version 1.7.0
Usage:
 pptp <hostname> [<pptp options>] [[--] <pppd options>]

Or using pppd's pty option:
 pppd pty "pptp <hostname> --nolaunchpppd <pptp options>"

Available pptp options:
 --phone <number>	Pass <number> to remote host as phone number
 --nolaunchpppd	Do not launch pppd, for use as a pppd pty
 --quirks <quirk>	Work around a buggy PPTP implementation
			Currently recognised values are BEZEQ_ISRAEL only
 --debug		Run in foreground (for debugging with gdb)
 --sync		Enable Synchronous HDLC (pppd must use it too)
 --timeout <secs>	Time to wait for reordered packets (0.01 to 10 secs)
 --nobuffer		Disable packet buffering and reordering completely
 --idle-wait		Time to wait before sending echo request
 --max-echo-wait		Time to wait before giving up on lack of reply
 --logstring <name>	Use <name> instead of 'anon' in syslog messages
 --localbind <addr>	Bind to specified IP address instead of wildcard
 --loglevel <level>	Sets the debugging level (0=low, 1=default, 2=high)
# pppd --version
pppd version 2.4.4
# uname -a
Linux pippin 2.6.17-11-generic #2 SMP Thu Feb 1 19:52:28 UTC 2007 i686 GNU/Linux
# modinfo ppp_mppe || modinfo ppp_mppe_mppc
filename:       /lib/modules/2.6.17-11-generic/kernel/drivers/net/ppp_mppe.ko
author:         Frank Cusack <fcusack [ at ] fcusack [ dot ] com>
description:    Point-to-Point Protocol Microsoft Point-to-Point
Encryption support
license:        Dual BSD/GPL
alias:          ppp-compress-18
version:        1.0.2
vermagic:       2.6.17-11-generic SMP mod_unload 586 REGPARM gcc-4.1
depends:        ppp_generic
srcversion:     6B88E623CA7C4D7FE2F11FA
# grep mppe /proc/modules
ppp_mppe 8452 0 - Live 0xd0aac000
ppp_generic 30612 2 ppp_mppe,ppp_async, Live 0xd0aeb000
Array
(
   [name] => MyCo VPN
   [server] => www.xxx.yyy.zzz
   [domain] =>
   [username] => myusername
   [password] => (hidden by pptpconfig)
   [pppd-options] =>
   [pptp-options] =>
   [resolv] =>
   [dns-options] =>
   [routing] => routing_client_to_lan
   [usepeerdns] => 1
   [require-mppe] => 1
   [nomppe-40] =>
   [nomppe-128] =>
   [refuse-eap] => 1
   [mppe-stateful] =>
   [autostart] => 1
   [iconify] =>
   [persist] =>
   [debug] => 1
   [client-to-lan] => a:3:{s:14:"192.168.1.0/24";s:19:"MyCo Main
Network";s:11:"10.2.0.0/24";s:18:"MyCo Lab
Network";s:14:"192.168.0.0/24";s:20:"MyCo Admin Network";}
)
# route -n (before pppd)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.256.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.256.1    0.0.0.0         UG    0      0        0 eth0
pptpconfig: debug information dump ends, starting pppd
pppd options in effect:
debug		# (from /etc/ppp/peers/MyCo%20VPN)
updetach		# (from command line)
logfd 1		# (from command line)
linkname MyCo%20VPN		# (from /etc/ppp/peers/MyCo%20VPN)
dump		# (from /etc/ppp/peers/MyCo%20VPN)
noauth		# (from /etc/ppp/options.pptp)
refuse-chap		# (from /etc/ppp/options.pptp)
refuse-mschap		# (from /etc/ppp/options.pptp)
refuse-eap		# (from /etc/ppp/options.pptp)
name myusername		# (from /etc/ppp/peers/MyCo%20VPN)
remotename MyCo%20VPN		# (from /etc/ppp/peers/MyCo%20VPN)
		# (from /etc/ppp/options.pptp)
pty pptp 209.217.82.98 --nolaunchpppd 		# (from /etc/ppp/peers/MyCo%20VPN)
crtscts		# (from /etc/ppp/options)
		# (from /etc/ppp/options)
asyncmap 0		# (from /etc/ppp/options)
lcp-echo-failure 4		# (from /etc/ppp/options)
lcp-echo-interval 30		# (from /etc/ppp/options)
hide-password		# (from /etc/ppp/options)
ipparam MyCo%20VPN		# (from /etc/ppp/peers/MyCo%20VPN)
proxyarp		# (from /etc/ppp/options)
usepeerdns		# (from /etc/ppp/peers/MyCo%20VPN)
nobsdcomp		# (from /etc/ppp/options.pptp)
nodeflate		# (from /etc/ppp/options.pptp)
require-mppe		# (from /etc/ppp/peers/MyCo%20VPN)
require-mppe-128		# (from /etc/ppp/options.pptp)
noipx		# (from /etc/ppp/options)
using channel 13
Using interface ppp0pptpconfig: monitoring interface ppp0

Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x22d531ea> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x72b41d37>
<pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint
[local:mac.address.redacted]> < 17 04 02 b9>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 02 b9>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x22d531ea> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x72b41d37>
<pcomp> <accomp> <endpoint [local:mac.address.redacted]>]
sent [LCP ConfNak id=0x1 <auth chap MS-v2>]
rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic
0x72b41d37> <pcomp> <accomp> <endpoint [local:mac.address.redacted]>]
sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic
0x72b41d37> <pcomp> <accomp> <endpoint [local:mac.address.redacted]>]
sent [LCP EchoReq id=0x0 magic=0x22d531ea]
rcvd [CHAP Challenge id=0x0 <hexcode redacted>, name = "MyCo-DC01"]
sent [CHAP Response id=0x0 <hexcode redacted>, name = "myusername"]
rcvd [LCP EchoRep id=0x0 magic=0x72b41d37]
rcvd [CHAP Success id=0x0 "S=hexcode redacted"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L -D +C>]
sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x5 <addr 192.168.1.105>]
sent [IPCP TermAck id=0x5]
rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1
0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr 192.168.1.119> <ms-dns1 192.168.0.8>
<ms-dns3 192.168.0.3>]
sent [IPCP ConfReq id=0x3 <addr 192.168.1.119> <ms-dns1 192.168.0.8>
<ms-dns3 192.168.0.3>]
rcvd [IPCP ConfAck id=0x3 <addr 192.168.1.119> <ms-dns1 192.168.0.8>
<ms-dns3 192.168.0.3>]
rcvd [IPCP ConfReq id=0x7 <addr 192.168.1.105>]


At this point - I would appear connected.  An "ifconfig -a" shows that
the ppp interface has the address 192.168.1.119.  Nonetheless, I can
not ping/access the machines I would expect inside the corporate
network, and I can not access the internet.

Any advice?   Thanks.

--
"My country is the world, and my religion is to do good."
                                       -- Thomas Paine