home | list info | list archive | date index | thread index

[OCLUG-Tech] Re: Linux/Ubuntu VPN Woes (with pptpconfig)

I neglected to mention that pinging other members of my home LAN
worked fine when the tunnel was up.

On 21/03/07, C.T. Paterson <i [ dot ] adore [ dot ] my [ dot ] 64 [ at ] gmail [ dot ] com> wrote:
Hey folks,

I've been having trouble getting a VPN working into my employer's
network.  I assume that it's a routing problem.  Some forum trolling
hasn't turned up much - but it's kinda hard to describe and search
for.  Also worth mentioning that I'm sure it's at my end - as I can
VPN from my Windows box.

Here's what I've done (Using Ubuntu 6.10 - Edgy Eft):

- I have installed, and am using pptpconfig (running as root with "sudo")
- I've got a tunnel configured with a name, IP address (confirmed
correct), username, and password.  I did not specify a domain, as when
I use the one I think correct - I get disconnected.
- I've got three routes configured as "Client to LAN" under
pptpconfig's Routing tab:
    - 192.168.1.0/24 for the "regular" network at my employer's
    - 192.168.0.0/24 for the "admin" network at my employer's (DNS
servers and such)
    - 10.2.0.0/24 for the "lab" network
- We'll say my home LAN is 192.168.256.x (not 256, obviously, but not
0 or 1 either).
- The encryption tab has "Require Microsoft Point-to-Point Encryption"
and "Refuse to Authenticate with EAP" checked - I believe these are
the defaults.
- I have enabled debugging as well.

When I launch the tunnel - I get the following in the log window
(names changed to protect the innocent):
pptpconfig: debug information dump begins
WARNING: security sensitive information follows
pptpconfig 1.12 2006/08/21 06:19:12
# pptp --version
pptp: unrecognized option `--version'
pptp version 1.7.0
Usage:
  pptp <hostname> [<pptp options>] [[--] <pppd options>]

Or using pppd's pty option:
  pppd pty "pptp <hostname> --nolaunchpppd <pptp options>"

Available pptp options:
  --phone <number>      Pass <number> to remote host as phone number
  --nolaunchpppd        Do not launch pppd, for use as a pppd pty
  --quirks <quirk>      Work around a buggy PPTP implementation
                        Currently recognised values are BEZEQ_ISRAEL only
  --debug               Run in foreground (for debugging with gdb)
  --sync                Enable Synchronous HDLC (pppd must use it too)
  --timeout <secs>      Time to wait for reordered packets (0.01 to 10 secs)
  --nobuffer            Disable packet buffering and reordering completely
  --idle-wait           Time to wait before sending echo request
  --max-echo-wait               Time to wait before giving up on lack of reply
  --logstring <name>    Use <name> instead of 'anon' in syslog messages
  --localbind <addr>    Bind to specified IP address instead of wildcard
  --loglevel <level>    Sets the debugging level (0=low, 1=default, 2=high)
# pppd --version
pppd version 2.4.4
# uname -a
Linux pippin 2.6.17-11-generic #2 SMP Thu Feb 1 19:52:28 UTC 2007 i686 GNU/Linux
# modinfo ppp_mppe || modinfo ppp_mppe_mppc
filename:       /lib/modules/2.6.17-11-generic/kernel/drivers/net/ppp_mppe.ko
author:         Frank Cusack <fcusack [ at ] fcusack [ dot ] com>
description:    Point-to-Point Protocol Microsoft Point-to-Point
Encryption support
license:        Dual BSD/GPL
alias:          ppp-compress-18
version:        1.0.2
vermagic:       2.6.17-11-generic SMP mod_unload 586 REGPARM gcc-4.1
depends:        ppp_generic
srcversion:     6B88E623CA7C4D7FE2F11FA
# grep mppe /proc/modules
ppp_mppe 8452 0 - Live 0xd0aac000
ppp_generic 30612 2 ppp_mppe,ppp_async, Live 0xd0aeb000
Array
(
    [name] => MyCo VPN
    [server] => www.xxx.yyy.zzz
    [domain] =>
    [username] => myusername
    [password] => (hidden by pptpconfig)
    [pppd-options] =>
    [pptp-options] =>
    [resolv] =>
    [dns-options] =>
    [routing] => routing_client_to_lan
    [usepeerdns] => 1
    [require-mppe] => 1
    [nomppe-40] =>
    [nomppe-128] =>
    [refuse-eap] => 1
    [mppe-stateful] =>
    [autostart] => 1
    [iconify] =>
    [persist] =>
    [debug] => 1
    [client-to-lan] => a:3:{s:14:"192.168.1.0/24";s:19:"MyCo Main
Network";s:11:"10.2.0.0/24";s:18:"MyCo Lab
Network";s:14:"192.168.0.0/24";s:20:"MyCo Admin Network";}
)
# route -n (before pppd)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.256.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.256.1    0.0.0.0         UG    0      0        0 eth0
pptpconfig: debug information dump ends, starting pppd
pppd options in effect:
debug           # (from /etc/ppp/peers/MyCo%20VPN)
updetach                # (from command line)
logfd 1         # (from command line)
linkname MyCo%20VPN             # (from /etc/ppp/peers/MyCo%20VPN)
dump            # (from /etc/ppp/peers/MyCo%20VPN)
noauth          # (from /etc/ppp/options.pptp)
refuse-chap             # (from /etc/ppp/options.pptp)
refuse-mschap           # (from /etc/ppp/options.pptp)
refuse-eap              # (from /etc/ppp/options.pptp)
name myusername         # (from /etc/ppp/peers/MyCo%20VPN)
remotename MyCo%20VPN           # (from /etc/ppp/peers/MyCo%20VPN)
                # (from /etc/ppp/options.pptp)
pty pptp 209.217.82.98 --nolaunchpppd           # (from /etc/ppp/peers/MyCo%20VPN)
crtscts         # (from /etc/ppp/options)
                # (from /etc/ppp/options)
asyncmap 0              # (from /etc/ppp/options)
lcp-echo-failure 4              # (from /etc/ppp/options)
lcp-echo-interval 30            # (from /etc/ppp/options)
hide-password           # (from /etc/ppp/options)
ipparam MyCo%20VPN              # (from /etc/ppp/peers/MyCo%20VPN)
proxyarp                # (from /etc/ppp/options)
usepeerdns              # (from /etc/ppp/peers/MyCo%20VPN)
nobsdcomp               # (from /etc/ppp/options.pptp)
nodeflate               # (from /etc/ppp/options.pptp)
require-mppe            # (from /etc/ppp/peers/MyCo%20VPN)
require-mppe-128                # (from /etc/ppp/options.pptp)
noipx           # (from /etc/ppp/options)
using channel 13
Using interface ppp0pptpconfig: monitoring interface ppp0

Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x22d531ea> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x72b41d37>
<pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint
[local:mac.address.redacted]> < 17 04 02 b9>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 02 b9>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x22d531ea> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x72b41d37>
<pcomp> <accomp> <endpoint [local:mac.address.redacted]>]
sent [LCP ConfNak id=0x1 <auth chap MS-v2>]
rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic
0x72b41d37> <pcomp> <accomp> <endpoint [local:mac.address.redacted]>]
sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic
0x72b41d37> <pcomp> <accomp> <endpoint [local:mac.address.redacted]>]
sent [LCP EchoReq id=0x0 magic=0x22d531ea]
rcvd [CHAP Challenge id=0x0 <hexcode redacted>, name = "MyCo-DC01"]
sent [CHAP Response id=0x0 <hexcode redacted>, name = "myusername"]
rcvd [LCP EchoRep id=0x0 magic=0x72b41d37]
rcvd [CHAP Success id=0x0 "S=hexcode redacted"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L -D +C>]
sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x5 <addr 192.168.1.105>]
sent [IPCP TermAck id=0x5]
rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1
0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr 192.168.1.119> <ms-dns1 192.168.0.8>
<ms-dns3 192.168.0.3>]
sent [IPCP ConfReq id=0x3 <addr 192.168.1.119> <ms-dns1 192.168.0.8>
<ms-dns3 192.168.0.3>]
rcvd [IPCP ConfAck id=0x3 <addr 192.168.1.119> <ms-dns1 192.168.0.8>
<ms-dns3 192.168.0.3>]
rcvd [IPCP ConfReq id=0x7 <addr 192.168.1.105>]


At this point - I would appear connected.  An "ifconfig -a" shows that
the ppp interface has the address 192.168.1.119.  Nonetheless, I can
not ping/access the machines I would expect inside the corporate
network, and I can not access the internet.

Any advice?   Thanks.

--
"My country is the world, and my religion is to do good."
                                        -- Thomas Paine



--
"My country is the world, and my religion is to do good."
                                       -- Thomas Paine