Hey folks,
I've been having trouble getting a VPN working into my employer's
network. I assume that it's a routing problem. Some forum trolling
hasn't turned up much - but it's kinda hard to describe and search
for. Also worth mentioning that I'm sure it's at my end - as I can
VPN from my Windows box.
Here's what I've done (Using Ubuntu 6.10 - Edgy Eft):
- I have installed, and am using pptpconfig (running as root with "sudo")
- I've got a tunnel configured with a name, IP address (confirmed
correct), username, and password. I did not specify a domain, as when
I use the one I think correct - I get disconnected.
- I've got three routes configured as "Client to LAN" under
pptpconfig's Routing tab:
- 192.168.1.0/24 for the "regular" network at my employer's
- 192.168.0.0/24 for the "admin" network at my employer's (DNS
servers and such)
- 10.2.0.0/24 for the "lab" network
- We'll say my home LAN is 192.168.256.x (not 256, obviously, but not
0 or 1 either).
- The encryption tab has "Require Microsoft Point-to-Point Encryption"
and "Refuse to Authenticate with EAP" checked - I believe these are
the defaults.
- I have enabled debugging as well.
When I launch the tunnel - I get the following in the log window
(names changed to protect the innocent):
pptpconfig: debug information dump begins
WARNING: security sensitive information follows
pptpconfig 1.12 2006/08/21 06:19:12
# pptp --version
pptp: unrecognized option `--version'
pptp version 1.7.0
Usage:
pptp <hostname> [<pptp options>] [[--] <pppd options>]
Or using pppd's pty option:
pppd pty "pptp <hostname> --nolaunchpppd <pptp options>"
Available pptp options:
--phone <number> Pass <number> to remote host as phone number
--nolaunchpppd Do not launch pppd, for use as a pppd pty
--quirks <quirk> Work around a buggy PPTP implementation
Currently recognised values are BEZEQ_ISRAEL only
--debug Run in foreground (for debugging with gdb)
--sync Enable Synchronous HDLC (pppd must use it too)
--timeout <secs> Time to wait for reordered packets (0.01 to 10 secs)
--nobuffer Disable packet buffering and reordering completely
--idle-wait Time to wait before sending echo request
--max-echo-wait Time to wait before giving up on lack of reply
--logstring <name> Use <name> instead of 'anon' in syslog messages
--localbind <addr> Bind to specified IP address instead of wildcard
--loglevel <level> Sets the debugging level (0=low, 1=default, 2=high)
# pppd --version
pppd version 2.4.4
# uname -a
Linux pippin 2.6.17-11-generic #2 SMP Thu Feb 1 19:52:28 UTC 2007 i686 GNU/Linux
# modinfo ppp_mppe || modinfo ppp_mppe_mppc
filename: /lib/modules/2.6.17-11-generic/kernel/drivers/net/ppp_mppe.ko
author: Frank Cusack <fcusack [ at ] fcusack [ dot ] com>
description: Point-to-Point Protocol Microsoft Point-to-Point
Encryption support
license: Dual BSD/GPL
alias: ppp-compress-18
version: 1.0.2
vermagic: 2.6.17-11-generic SMP mod_unload 586 REGPARM gcc-4.1
depends: ppp_generic
srcversion: 6B88E623CA7C4D7FE2F11FA
# grep mppe /proc/modules
ppp_mppe 8452 0 - Live 0xd0aac000
ppp_generic 30612 2 ppp_mppe,ppp_async, Live 0xd0aeb000
Array
(
[name] => MyCo VPN
[server] => www.xxx.yyy.zzz
[domain] =>
[username] => myusername
[password] => (hidden by pptpconfig)
[pppd-options] =>
[pptp-options] =>
[resolv] =>
[dns-options] =>
[routing] => routing_client_to_lan
[usepeerdns] => 1
[require-mppe] => 1
[nomppe-40] =>
[nomppe-128] =>
[refuse-eap] => 1
[mppe-stateful] =>
[autostart] => 1
[iconify] =>
[persist] =>
[debug] => 1
[client-to-lan] => a:3:{s:14:"192.168.1.0/24";s:19:"MyCo Main
Network";s:11:"10.2.0.0/24";s:18:"MyCo Lab
Network";s:14:"192.168.0.0/24";s:20:"MyCo Admin Network";}
)
# route -n (before pppd)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.256.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.256.1 0.0.0.0 UG 0 0 0 eth0
pptpconfig: debug information dump ends, starting pppd
pppd options in effect:
debug # (from /etc/ppp/peers/MyCo%20VPN)
updetach # (from command line)
logfd 1 # (from command line)
linkname MyCo%20VPN # (from /etc/ppp/peers/MyCo%20VPN)
dump # (from /etc/ppp/peers/MyCo%20VPN)
noauth # (from /etc/ppp/options.pptp)
refuse-chap # (from /etc/ppp/options.pptp)
refuse-mschap # (from /etc/ppp/options.pptp)
refuse-eap # (from /etc/ppp/options.pptp)
name myusername # (from /etc/ppp/peers/MyCo%20VPN)
remotename MyCo%20VPN # (from /etc/ppp/peers/MyCo%20VPN)
# (from /etc/ppp/options.pptp)
pty pptp 209.217.82.98 --nolaunchpppd # (from /etc/ppp/peers/MyCo%20VPN)
crtscts # (from /etc/ppp/options)
# (from /etc/ppp/options)
asyncmap 0 # (from /etc/ppp/options)
lcp-echo-failure 4 # (from /etc/ppp/options)
lcp-echo-interval 30 # (from /etc/ppp/options)
hide-password # (from /etc/ppp/options)
ipparam MyCo%20VPN # (from /etc/ppp/peers/MyCo%20VPN)
proxyarp # (from /etc/ppp/options)
usepeerdns # (from /etc/ppp/peers/MyCo%20VPN)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
require-mppe # (from /etc/ppp/peers/MyCo%20VPN)
require-mppe-128 # (from /etc/ppp/options.pptp)
noipx # (from /etc/ppp/options)
using channel 13
Using interface ppp0pptpconfig: monitoring interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x22d531ea> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x72b41d37>
<pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint
[local:mac.address.redacted]> < 17 04 02 b9>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 02 b9>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x22d531ea> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x72b41d37>
<pcomp> <accomp> <endpoint [local:mac.address.redacted]>]
sent [LCP ConfNak id=0x1 <auth chap MS-v2>]
rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic
0x72b41d37> <pcomp> <accomp> <endpoint [local:mac.address.redacted]>]
sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic
0x72b41d37> <pcomp> <accomp> <endpoint [local:mac.address.redacted]>]
sent [LCP EchoReq id=0x0 magic=0x22d531ea]
rcvd [CHAP Challenge id=0x0 <hexcode redacted>, name = "MyCo-DC01"]
sent [CHAP Response id=0x0 <hexcode redacted>, name = "myusername"]
rcvd [LCP EchoRep id=0x0 magic=0x72b41d37]
rcvd [CHAP Success id=0x0 "S=hexcode redacted"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L -D +C>]
sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x5 <addr 192.168.1.105>]
sent [IPCP TermAck id=0x5]
rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1
0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr 192.168.1.119> <ms-dns1 192.168.0.8>
<ms-dns3 192.168.0.3>]
sent [IPCP ConfReq id=0x3 <addr 192.168.1.119> <ms-dns1 192.168.0.8>
<ms-dns3 192.168.0.3>]
rcvd [IPCP ConfAck id=0x3 <addr 192.168.1.119> <ms-dns1 192.168.0.8>
<ms-dns3 192.168.0.3>]
rcvd [IPCP ConfReq id=0x7 <addr 192.168.1.105>]
At this point - I would appear connected. An "ifconfig -a" shows that
the ppp interface has the address 192.168.1.119. Nonetheless, I can
not ping/access the machines I would expect inside the corporate
network, and I can not access the internet.
Any advice? Thanks.
--
"My country is the world, and my religion is to do good."
-- Thomas Paine