# Need help setting up VPN to work network

## Adamal

I am having the hardest time trying to connect to my network at work on my linux partition.  Its a Windows VPN at work that is extremely easy to setup in windows.

I've installed both pptpclient v. 1.3.1 and ppp v. 2.4.1_r14 with crypt.

my options.pptp file looks like this:

```
#

# Lock the port

#

lock

#

# We don't need the tunnel server to authenticate itself

#

noauth

#

# Turn off transmission protocols we know won't be used

#

nobsdcomp

nodeflate

#

# We want MPPE

#

mppe-40

mppe-128

mppe-stateless

#

# We want a sane mtu/mru

#

mtu 1000

mru 1000

#

# Time this thing out of it goes poof

#

lcp-echo-failure 10

lcp-echo-interval 10
```

here is whats happening in my log. 

```
Mar  7 01:46:26 [pppd] pppd 2.4.1 started by root, uid 0

Mar  7 01:46:26 [pppd] Using interface ppp0

Mar  7 01:46:26 [pppd] Connect: ppp0 <--> /dev/pts/1

Mar  7 01:46:26 [pptp] anon log[main:pptp.c:219]: The synchronous pptp option is NOT activated_

Mar  7 01:46:27 [pptp] anon log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:630]: Client connection established.

Mar  7 01:46:27 [pptp] anon log[decaps_hdlc:pptp_gre.c:217]: PPP mode seems to be Asynchronous._

Mar  7 01:46:27 [pptp] anon log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:759]: Outgoing call established (call ID 0, peer's call ID 41347)._

Mar  7 01:46:28 [pptp] anon log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:823]: PPTP_SET_LINK_INFO received from peer_callid 0

Mar  7 01:46:28 [pptp] anon log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:826]:   send_accm is 00000000, recv_accm is FFFFFFFF

Mar  7 01:46:28 [pppd] Remote message: S=38456CD9276DE1B07368308443711F8A97D70B1E

Mar  7 01:46:28 [pppd] local  IP address 192.168.110.9

Mar  7 01:46:28 [pppd] remote IP address 192.168.110.1

Mar  7 01:46:28 [pptp] anon log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:823]: PPTP_SET_LINK_INFO received from peer_callid 0

Mar  7 01:46:28 [pptp] anon log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:826]:   send_accm is FFFFFFFF, recv_accm is FFFFFFFF

Mar  7 01:46:28 [pppd] LCP terminated by peer (s^]"M-n^@<M-Mt^@^@^BM-f)

Mar  7 01:46:31 [pppd] Connection terminated.

Mar  7 01:46:31 [pppd] Connect time 0.1 minutes.

Mar  7 01:46:31 [pppd] Sent 100 bytes, received 150 bytes.

Mar  7 01:46:31 [pptp] anon warn[decaps_hdlc:pptp_gre.c:209]: short read (-1): Input/output error

Mar  7 01:46:31 [pptp] anon warn[decaps_hdlc:pptp_gre.c:210]: pppd may have shutdown, see pppd log

Mar  7 01:46:31 [pptp] anon log[callmgr_main:pptp_callmgr.c:236]: Closing connection

Mar  7 01:46:31 [pptp] anon log[pptp_conn_close:pptp_ctrl.c:357]: Closing PPTP connection

Mar  7 01:46:33 [pptp] anon log[call_callback:pptp_callmgr.c:76]: Closing connection

Mar  7 01:46:34 [pppd] Exit.

```

 I really want to get this vpn to work so I no longer have to use my windows box to do my work.  Please help

----------

## froke

What does your kernel configuration look like as far as PPP ?

```

grep -i ppp /usr/src/linux/.config

```

Also, add this line to your options file in order to get more debugging information

```

debug dump logfd 2 nodetach

```

Please post your results.

----------

## Adamal

Ok here is my .config file

```
CONFIG_PPP=y

# CONFIG_PPP_MULTILINK is not set

CONFIG_PPP_FILTER=y

CONFIG_PPP_ASYNC=m

CONFIG_PPP_SYNC_TTY=m

CONFIG_PPP_DEFLATE=m

CONFIG_PPP_BSDCOMP=m

CONFIG_PPP_MPPE_MPPC=m

CONFIG_PPPOE=m
```

and here is my log with the extra debug info:

(I've changed a few variables to protect my companies vpn - Such as changing the domain and login to $DOMAIN\\$USERNAME...)

```
root@Nomad-Lin peers # pon rti

pppd options in effect:

debug           # (from /etc/ppp/options.pptp)

nodetach                # (from /etc/ppp/options.pptp)

logfd 2         # (from /etc/ppp/options.pptp)

dump            # (from /etc/ppp/options.pptp)

noauth          # (from /etc/ppp/options.pptp)

name $DOMAIN\\$USERNAME               # (from /etc/ppp/peers/rti)

remotename PPTP         # (from /etc/ppp/peers/rti)

                # (from /etc/ppp/options.pptp)

pty pptp $SERVERIP --nolaunchpppd              # (from /etc/ppp/peers/rti)

mru 1000                # (from /etc/ppp/options.pptp)

mtu 1000                # (from /etc/ppp/options.pptp)

lcp-echo-failure 10             # (from /etc/ppp/options.pptp)

lcp-echo-interval 10            # (from /etc/ppp/options.pptp)

ipparam rti             # (from /etc/ppp/peers/rti)

nobsdcomp               # (from /etc/ppp/options.pptp)

nodeflate               # (from /etc/ppp/options.pptp)

mppe-40         # (from /etc/ppp/options.pptp)

mppe-128                # (from /etc/ppp/options.pptp)

mppe-stateless          # (from /etc/ppp/options.pptp)

using channel 1

Using interface ppp0

Connect: ppp0 <--> /dev/pts/3

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xd20b499a> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <mru 1400> <auth 0xc227> <magic 0x76562558> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:18.f3.92.7d.f6.ce.47.36.82.c5.dc.f6.64.9b.7d.1f.00.00.00.00]> < 17 04 00 db>]

sent [LCP ConfRej id=0x0 <mrru 1614> < 17 04 00 db>]

rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xd20b499a> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1400> <auth 0xc227> <magic 0x76562558> <pcomp> <accomp> <callback CBCP> <endpoint [local:18.f3.92.7d.f6.ce.47.36.82.c5.dc.f6.64.9b.7d.1f.00.00.00.00]>]

sent [LCP ConfNak id=0x1 <auth chap 81>]

rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap 81> <magic 0x76562558> <pcomp> <accomp> <callback CBCP> <endpoint [local:18.f3.92.7d.f6.ce.47.36.82.c5.dc.f6.64.9b.7d.1f.00.00.00.00]>]

sent [LCP ConfAck id=0x2 <mru 1400> <auth chap 81> <magic 0x76562558> <pcomp> <accomp> <callback CBCP> <endpoint [local:18.f3.92.7d.f6.ce.47.36.82.c5.dc.f6.64.9b.7d.1f.00.00.00.00]>]

sent [LCP EchoReq id=0x0 magic=0xd20b499a]

cbcp_lowerup

want: 2

rcvd [CHAP Challenge id=0x0 <b50db18151ac23dbb3511cc879426010>, name = "VPN01"]

sent [CHAP Response id=0x0 <8dea40cd32d34b5348a98555b320800e00000000000000002fd040f9b9478f0295896e3fe096b5b45884141b9d08af7b00>, name = "$DOMAIN\\$USERNAME"]

rcvd [LCP EchoRep id=0x0 magic=0x76562558]

rcvd [CHAP Success id=0x0 "S=C82DDBB93CD84512A74D106A38681ABD367F2F01"]

Remote message: S=C82DDBB93CD84512A74D106A38681ABD367F2F01

cbcp_open

cbcp_req CONF_NO

sent [CBCP Request id=0x1 < NoCallback>]

rcvd [CBCP Request id=0x1 < NoCallback>]

length: 2

Callback: none

cbcp_resp cb_type=2

cbcp_resp CONF_NO

sent [CBCP Response id=0x1 < NoCallback>]

sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]

rcvd [CBCP Ack id=0x1 < NoCallback>]

rcvd [CCP ConfReq id=0x4 <mppe 1 0 0 e1>]

sent [CCP ConfReq id=0x1]

sent [CCP ConfRej id=0x4 <mppe 1 0 0 60>]

rcvd [IPCP ConfReq id=0x5 <addr 192.168.110.1>]

sent [IPCP ConfAck id=0x5 <addr 192.168.110.1>]

rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]

sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]

rcvd [CCP ConfNak id=0x1 <mppe 0 0 0 0>]

sent [CCP ConfReq id=0x2]

rcvd [IPCP ConfNak id=0x2 <addr 192.168.110.7>]

sent [IPCP ConfReq id=0x3 <addr 192.168.110.7>]

rcvd [CCP ConfNak id=0x2 <mppe 0 0 0 0>]

sent [CCP ConfReq id=0x3]

rcvd [IPCP ConfAck id=0x3 <addr 192.168.110.7>]

local  IP address 192.168.110.7

remote IP address 192.168.110.1

Script /etc/ppp/ip-up started (pid 5001)

Script /etc/ppp/ip-up finished (pid 5001), status = 0x0

rcvd [CCP ConfNak id=0x3 <mppe 0 0 0 0>]

sent [CCP ConfReq id=0x4]

rcvd [CCP ConfNak id=0x4 <mppe 0 0 0 0>]

sent [CCP ConfReq id=0x5]

rcvd [CCP ConfNak id=0x5 <mppe 0 0 0 0>]

sent [CCP ConfReq id=0x6]

rcvd [CCP ConfNak id=0x6 <mppe 0 0 0 0>]

sent [CCP ConfReq id=0x7]

rcvd [CCP ConfNak id=0x7 <mppe 0 0 0 0>]

sent [CCP ConfReq id=0x8]

rcvd [CCP ConfNak id=0x8 <mppe 0 0 0 0>]

sent [CCP ConfReq id=0x9]

rcvd [CCP ConfNak id=0x9 <mppe 0 0 0 0>]

sent [CCP ConfReq id=0xa]

rcvd [CCP ConfNak id=0xa <mppe 0 0 0 0>]

sent [CCP ConfReq id=0xb]

rcvd [LCP TermReq id=0x6 "vV%X\000<\37777777715t\000\000\002\37777777746"]

LCP terminated by peer (vV%X^@<M-Mt^@^@^BM-f)

cbcp_lowerdown

Script /etc/ppp/ip-down started (pid 5002)

sent [LCP TermAck id=0x6]

Script /etc/ppp/ip-down finished (pid 5002), status = 0x0

Connection terminated.

Connect time 0.1 minutes.

Sent 100 bytes, received 150 bytes.

Waiting for 1 child processes...

  script pptp $SERVERIP --nolaunchpppd, pid 4979

Script pptp $SERVERIP --nolaunchpppd finished (pid 4979), status = 0x0

```

----------

## froke

You may want to try upgrading to ppp-2.4.2

```
ACCEPT_KEYWORDS="~x86" emerge ppp
```

If you upgrade to ppp-2.4.2 the options change, you will not be able to use the same options.  Look at `man pppd` to review the options or http://pptpclient.sourceforge.net/howto-diagnosis.phtml#pppd_options

Also, connect in windows and then look at the details for the connection.  It should tell you the authentication being used and compression (if any) and some more useful information.

Also here is a good page http://pptpclient.sourceforge.net/howto-diagnosis.phtml#lcp_term_garbled

And google for "LCP terminated by peer site:sourceforge.net" if you are still stuck.

----------

## Adamal

ppp-2.4.2 in portage does not seem to have mppe.  When I searched the man pages for pppd it said there was an mppe-required option but when I tried to use it in the options.pptp it didn't work.

I don't understand a thing about VPN's so I'm really at a loss on how to get this working.

----------

## froke

You may need a form of compression called MPPC (Microsoft's Point to Point Compression)  There is an implementation of this at http://www.polbox.com/h/hs001 It requires a kernel patch and patching ppp, which is easier if you download the source and do it yourself, otherwise you have to edit the ebuild.

Or you could stick with ppp-2.4.1 and keep trying different options.  Also, if you have access to the VPN server, see what kind of options you can turn on/off on that side.

----------

## Adamal

 *froke wrote:*   

> You may need a form of compression called MPPC (Microsoft's Point to Point Compression)  There is an implementation of this at http://www.polbox.com/h/hs001 It requires a kernel patch and patching ppp, which is easier if you download the source and do it yourself, otherwise you have to edit the ebuild.
> 
> Or you could stick with ppp-2.4.1 and keep trying different options.  Also, if you have access to the VPN server, see what kind of options you can turn on/off on that side.

 

I'm pretty sure I do need compression.  I already compiled in the kernel patch from that site and I've even unmerged the ppp from gentoo and installed the ppp from that site adding the mppe_mppc patch.  But I still cannot figure out how to turn those options on.

----------

## froke

You don't need to turn on MPPC, it is enabled by default, you can only turn it off if you know you won't need it.

As far as MPPE, you will just want the option "mppe required" and the rest should hopefully be negotiated correctly with the server.

Could you post an updated debug log from ppp-2.4.2 ?

Also, could you post your output of `lsmod`

----------

## Adamal

new log running the compiled ppp-2.4.2 with the mppe_mppc patch:

```
Start a tunnel to which server?: 1

pppd options in effect:

debug           # (from /etc/ppp/options.pptp)

nodetach                # (from /etc/ppp/options.pptp)

logfd 2         # (from /etc/ppp/options.pptp)

dump            # (from /etc/ppp/options.pptp)

noauth          # (from /etc/ppp/options.pptp)

name $DOMAIN\\$USERNAME               # (from /etc/ppp/peers/rti2)

remotename PPTP         # (from /etc/ppp/peers/rti2)

/dev/pts/1              # (from command line)

38400           # (from command line)

lock            # (from /etc/ppp/options.pptp)

mru 1000                # (from /etc/ppp/options.pptp)

mtu 1000                # (from /etc/ppp/options.pptp)

lcp-echo-failure 10             # (from /etc/ppp/options.pptp)

lcp-echo-interval 10            # (from /etc/ppp/options.pptp)

nobsdcomp               # (from /etc/ppp/options.pptp)

nodeflate               # (from /etc/ppp/options.pptp)

mppe xxx # [don't know how to print value]              # (from /etc/ppp/options.pptp)

using channel 1

Using interface ppp0

Connect: ppp0 <--> /dev/pts/1

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x3dedff63> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x3b8c25cd> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:18.f3.92.7d.f6.ce.47.36.82.c5.dc.f6.64.9b.7d.1f.00.00.00.00]> < 17 04 00 e9>]

sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 00 e9>]

rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x3dedff63> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x3b8c25cd> <pcomp> <accomp> <endpoint [local:18.f3.92.7d.f6.ce.47.36.82.c5.dc.f6.64.9b.7d.1f.00.00.00.00]>]

sent [LCP ConfAck id=0x1 <mru 1400> <auth eap> <magic 0x3b8c25cd> <pcomp> <accomp> <endpoint [local:18.f3.92.7d.f6.ce.47.36.82.c5.dc.f6.64.9b.7d.1f.00.00.00.00]>]

sent [LCP EchoReq id=0x0 magic=0x3dedff63]

rcvd [EAP Request id=0xb Identity <No message>]

sent [EAP Response id=0xb Identity <Name "$DOMAIN\\$USERNAME">]

rcvd [LCP EchoRep id=0x0 magic=0x3b8c25cd]

rcvd [LCP TermReq id=0x3 ";\37777777614%\37777777715\000<\37777777715t\000\000\003\37777777656"]

LCP terminated by peer (;M-^L%M-M^@<M-Mt^@^@^CM-.)

sent [LCP TermAck id=0x3]

Connection terminated.

```

forgot to add lsmod:

```
root@Nomad-Lin adam # lsmod

Module                  Size  Used by

ppp_async               9344  0

ndiswrapper            62216  0

radeonfb               21640  0

```

----------

## froke

Your output of lsmod shows that you do not have a mppe module loaded.  If you have the mppe/mppc implementation, try running

```
modprobe ppp_mppe_mppc
```

Also you may need to add or modify a line in /etc/modules.conf where is says "alias ppp-compress-18 ppp_mppe" or if you are using mppe/mppc then it should read "alias ppp-compress-18 ppp_mppe_mppc"

----------

## Adamal

 *froke wrote:*   

> Your output of lsmod shows that you do not have a mppe module loaded.  If you have the mppe/mppc implementation, try running
> 
> ```
> modprobe ppp_mppe_mppc
> ```
> ...

 

I already setup the alias and if I type modprobe ppp-compress-18 it loads ppp_mppe_mppc just fine.

----------

## froke

OK, maybe your output of lsmod was without the mppe/mppc module loaded.  You may want to try manually loading that module before trying to connect to the vpn, just to ensure that it is indeed loaded correctly.

----------

## Corpse2

Hi,

I have also been struggling with ppp and mppe but I couldn't get it to work.   :Sad: 

Then I started this topic (in dutch though) where someone told me about the Cisco vpn client. In that topic there is a link to the program: here which includes also a manual.  :Very Happy: 

I installed it, configured my profile for the vpn server and it worked at once. You should give it a try.

----------

## Adamal

 *Corpse2 wrote:*   

> Hi,
> 
> I have also been struggling with ppp and mppe but I couldn't get it to work.  
> 
> Then I started this topic (in dutch though) where someone told me about the Cisco vpn client. In that topic there is a link to the program: here which includes also a manual. 
> ...

 

Thanks I'll give it a shot tonight.

froke... I've already tried manually loading the module and it loads fine but the output is the same.

----------

## Adamal

 *Corpse2 wrote:*   

> Hi,
> 
> I have also been struggling with ppp and mppe but I couldn't get it to work.  
> 
> Then I started this topic (in dutch though) where someone told me about the Cisco vpn client. In that topic there is a link to the program: here which includes also a manual. 
> ...

 

Did you try this vpn software with the 2.6 kernel?  It doesn't seem to want to compile.

----------

## Adamal

Ok I was able to install the Cisco VPN software from portage.  The question I have now is how do I configure Profile file to connect with a Microsoft VPN server?

----------

## Adamal

Ok well I finally got this thing working... just incase I have others follow in my footsteps I'll post what I had to do to get it to work.

First I installed pptp-php-gtk and ppp from portage.  I used the ACCEPT_KEYWORDS="~x86" for ppp.

After that I downloaded pptp-linux-1.4.0.tar.gz from http://pptpclient.sourceforge.net/#download and installed it from source.

Now here comes the trickey part.  I couldn't find the ppp_mppe.o module patch for my 2.6.1 kernel.  So I went here http://www.polbox.com/h/hs001/#AEN55 and downloaded the kernel patch for the 2.6.1 kernel.  Now because I was using that kernel patch I had to install the ppp from that site as well.  The reason I did not run emerge -C ppp is because I still need the pon and poff scripts which for some reason do not seem to be included from that site.  After I did all of that install I had to finish configuring my options.pptp and my tunnel file.

options.pptp:

```
lock

noauth
```

tunnel file:

```
# data stream for pppd to use

pty "pptp $VPNSERVERIP --nolaunchpppd"

                                                                                

# domain and username, used to select lines in secrets files

name $DOMAIN\\$USERNAME

                                                                                

# name of tunnel, used to select lines in secrets files

remotename PPTP

                                                                                

# do not require the server to authenticate to our client

#noauth

                                                                                

require-mschap-v2

#require-mppe

refuse-eap

                                                                                

# adopt defaults from the pptp-linux package

file /etc/ppp/options.pptp

                                                                                

# name of tunnel, passed to ip-up scripts

ipparam rti

```

and of course setup my chap-secrets file which their are instructions on the http://pptpclient.sourceforge.net website.

The only thing I have left to figure out is how to setup the routing...  If anyone knows how to setup the routing please post it here

----------

## froke

Glad to hear of your success.

The pptpclient.sourceforge.net site has some very good documentation on routing. 

The way I set up my routing for VPN is to set all to the ppp0 tunnel. This is done with the following commands (after connecting to the vpn of course):

```

route add -host $IP_SERVER $DEV_INITIAL

route del default $DEV_INITIAL

route add default dev $DEV_PPP

```

Where $IP_SERVER is the IP adderss of the VPN server I initially connected to (you may be able to use a host name, but I had problems resolving it in my case).

$DEV_INITIAL is the device used to initially connect to the vpn, like eth0

$DEV_PPP is the new ppp tunnel that is created after connecting to the vpn

Of course these can be added to a script that runs automatically so you dont have to type them every time (but it's a good idea to know them in case the script fails for some reason).

If you have any problems, please include the output of `route -n` in your post.

Good luck.

----------

## Adamal

 *froke wrote:*   

> Glad to hear of your success.
> 
> The pptpclient.sourceforge.net site has some very good documentation on routing. 
> 
> The way I set up my routing for VPN is to set all to the ppp0 tunnel. This is done with the following commands (after connecting to the vpn of course):
> ...

 

Thanks... I'll give that a shot tonight and I will post my results.

----------

## Corpse2

 *Adamal wrote:*   

>  *Corpse2 wrote:*   
> 
> ...
> 
> Did you try this vpn software with the 2.6 kernel?  It doesn't seem to want to compile. 

 

No, I didn't try kernel 2.6 yet, but I saw another thread about problems with 2.6 and the cisco vpn client. There seems to be a patch.

----------

## ekoontz

I configured pptp-php-gtk-setup and patched pppd and my 2.6.5 kernel with the mmtp stuff, but I get : 

Couldn't set tty to PPP discipline: Invalid argument

In /var/log/syslog I see

```

May  6 23:54:03 hiros-item pppd[24757]: Couldn't set tty to PPP discipline: Invalid argum\

ent

May  6 23:54:03 hiros-item pppd[24757]: Waiting for 1 child processes...

May  6 23:54:03 hiros-item pppd[24757]:   script pptp vpn.mycompany.com --nolaunchpppd\

, pid 24758

May  6 23:54:03 hiros-item pptp[24758]: anon log[main:pptp.c:237]: The synchronous pptp o\

ption is NOT activated

May  6 23:54:03 hiros-item pptp[24609]: anon log[ctrlp_rep:pptp_ctrl.c:243]: Sent control\

 packet type is 7 'Outgoing-Call-Request'

May  6 23:54:03 hiros-item pptp[24609]: anon log[ctrlp_disp:pptp_ctrl.c:834]: Received Ou\

tgoing Call Reply.

May  6 23:54:03 hiros-item pptp[24609]: anon warn[ctrlp_disp:pptp_ctrl.c:846]: Unexpected\

(?) Outgoing Call Reply will be ignored.

```

----------

## oldan

After having read through this entire thread, I have to go back to the top and notice something that Adamal said at the beginning.

 *Adamal wrote:*   

> I am having the hardest time trying to connect to my network at work on my linux partition.  Its a Windows VPN at work that is extremely easy to setup in windows.

 

This is all too hard. I installed pptpclient as well so I can connect to my work network while at home. However, I telnet'ed into a FreeBSD box to get the script I used to use daily to do the same thing -- it's very easy to do in FreeBSD *and* in Windows. Somebody make this easy in Gentoo!!! Please!

--Oldan

----------

## ekoontz

Oldan, maybe I'll try BSD - I'll bet portage runs just fine on it  :Wink: 

----------

