# HOWTO pptpclient with MS vpn server

## KsE

I thought I would write this 'cause it took me a while to get this working. I didn't find any posts on the forums, or docs, including the official at http://pptpclient.sourceforge.net/howto-gentoo.phtml that worked right to get gentoo to connect with MS vpn server.

We will assume the vpn is on network 10.10.0.0/24 and the client is on network 10.0.0.0/24.

First, add the use flag mppe-mppc for ppp.

```

# echo 'net-dialup/ppp mppe-mppc' >> /etc/portage/package.use

```

We'll probably want to use the newest versions of ppp and pptpclient.

```

# echo 'net-dialup/ppp ~x86' >> /etc/portage/package.keywords

# echo 'net-dialup/pptpclient ~x86' >> /etc/portage/package.keywords

```

Install pptpclient.

```

# emerge -v net-dialup/pptpclient

```

Now we need to patch our kernel with mppe support. You can get the patches from here http://www.polbox.com/h/hs001/. You need to use the patch that matches your kernel. We might as well get a current kernel also.

```

# emerge -v gentoo-dev-sources

# cd /usr/src

# rm linux

# ln -s linux-2.6.10-gentoo-r6 linux

# cd linux

# wget http://www.polbox.com/h/hs001/linux-2.6.10-mppe-mppc-1.2.patch.gz

# gzip -d linux-2.6.10-mppe-mppc-1.2.patch.gz

# patch -p1 < linux-2.6.10-mppe-mppc-1.2.patch

```

Be sure to copy your old .config over to your new kernel.

Now we need to configure our kernel.

```

Cryptographic options --->

[*] Cryptographic API

[*] HMAC support

<M> MD5 digest algorithm

--- SHA1 digest algorithm

<M> SHA256 digest algorithm

<M> SHA384 and SHA512 digest algorithms

<M> DES and Triple DES EDE cipher algorithms

<M> ARC4 cipher algorithm

<M> Deflate compression algorithm

Device Drivers --->

Networking support --->

<*> PPP (point-to-point protocol) support

[ ] PPP multilink support (EXPERIMENTAL)

[*] PPP filtering

<M> PPP support for async serial ports

<M> PPP support for sync tty ports

<M> PPP Deflate compression

<M> PPP BSD-Compress compression

<M> Microsoft PPP compression/encryption (MPPC/MPPE)

```

Compile and install.

```

# make && make modules_install

# mount /boot

# cp arch/i386/boot/bzImage /boot

# mv /boot/bzImage /boot/gentoo-dev-sources-2.6.10-r6

```

Add this in your grub/lilo config file.

Add this to modules.d.

```

# nano -w /etc/modules.d/ppp

ppp-compress-18

ppp_mppe

```

Now we need to configure pptpclient and pppd.

```

# nano -w /etc/ppp/chap-secrets

<domain>\\<user> PPTP <pass> *

PPTP <domain>\\<user> <pass> *

```

```

# nano -w /etc/ppp/options.pptp

lock

noauth

nobsdcomp

nodeflate

```

```

# nano -w /etc/ppp/peers/my_peer

pty "pptp <vpn ip addr> --nolaunchpppd"

name <domain>\\<user>

remotename PPTP

#require-mppe-128

file /etc/ppp/options.pptp

ipparam my_peer

```

You don't need "require-mppe-128". If you have it, ppp will complain. It's already been built in.

This should be all we need for it to run. We start/stop is with pon/poff respectively.

```

# pon my_peer

```

You should be able to see if you're connected now.

```

# ifconfig

ppp0      Link encap:Point-to-Point Protocol

          inet addr:10.10.0.86  P-t-P:10.10.0.74  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:3250 errors:6 dropped:0 overruns:0 frame:0

          TX packets:3048 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3

          RX bytes:3484232 (3.3 Mb)  TX bytes:242834 (237.1 Kb)

```

You should also be able to ping both the inet addr, and the P-t-P.

Now we need to make routes.

```

# route add -net 10.10.0.0/24 dev ppp0

```

Add this to ip-up also.

```

# echo 'route add -net 10.10.0.0/24 dev ppp0' >> /etc/ppp/ip-up

```

If you have iptables running, we'll need to add statements for that.

```

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

iptables -A FORWARD -i eth1 -o ppp0 -s 10.0.0.0/24 -m state --state NEW -j ACCEPT

```

If you can't ping the other side, you can start pppd with logging to see what's going on.

```

pppd call my_peer logfd 2 nodetach debug dump

```

Last edited by KsE on Fri Apr 01, 2005 3:49 am; edited 2 times in total

----------

## rookbluff

 *Quote:*   

> Add this in your grub/lilo config file. 

 

Hey, is there a missing param I need to pass to the kernel in my grub.conf, because when I patched my kernel and added the various modules and then tried to reboot I got a kernel panic.  I may try to compile the kernel patch from source if I can't fix the problem.

If anyone has any suggestions just let me know.

Thanks!   :Wink: 

----------

## KsE

Can you post more of the error?

Do you have a raid controller?

Were you using genkernel before?

Did you emerge a new kernel? If so, did you copy the .config file from the old one?

When you start up the live cd on that computer, does it recognize your hdd's right away? Or do you need to modprobe something first?

...just need some more information.

----------

## rev138

 *KsE wrote:*   

> Add this to ip-up also.
> 
> ```
> # echo 'route add -net 10.10.0.0/24 dev ppp0' >> /etc/ppp/ip-up
> ```
> ...

 

I've added the above to my /etc/ppp/ip-up script, as shown here, but it doesn't actually add that to the routing table when I connect. I have to do it manually. Other than that, it works fine.

Any ideas?

Thanks in advance!

----------

## rev138

Nevermind.... I needed to a '/sbin/' before the route command in the script. Works now  :Smile: 

----------

## jingo

I seem not to be able to connect!

```
Connect: ppp0 <--> /dev/pts/1

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x151e7e2f> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:ab.31.1e.be.eb.ad.4e.d0.b1.a2.ae.e7.24.52.f5.e8.00.00.00.00]> < 17 04 05 4d>]

No auth is possible

sent [LCP ConfRej id=0x0 <auth eap> <callback CBCP> <mrru 1614> < 17 04 05 4d>]

rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

rcvd [LCP TermReq id=0x1 15 1e 7e 2f 00 3c cd 74 00 00 03 97]

sent [LCP TermAck id=0x1]

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d83e5d6> <pcomp> <accomp>]

Script pptp <IP_OF_THE_VPN_SERVER> --nolaunchpppd finished (pid 11545), status = 0x0

Modem hangup

Connection terminated.
```

Any ideas?

/Jingo

----------

## KsE

Are you connecting to a MS vpn server?

Can you post your configs? (take out sensitive info)

It doesn't look like it's trying to authenticate.

----------

## jingo

/etc/ppp/peers/my_peer:

```

pty "pptp <server_name> --nolaunchpppd"

name <domain>\\<user>

remotename PPTP

#require-mppe-128

refuse-eap

file /etc/ppp/options.pptp

ipparam my_peer

```

/etc/ppp/options.pptp

```

lock

noauth

nobsdcomp

nodeflate

#require-mppe

#refuse-eap

#mppe required,stateless

```

"refuse-eap" and "mppe required,stateless" didn't help the problem! Tried with and without them, same output.

found this link http://64.179.4.149/questions/history/231909 but it didn't help me!

how does eap authentication work?

What does "LCP Term.req" mean?

Help apreciated

/Jingo

----------

## KsE

Hmm, you might want to email the pptpclient mailing list.

http://pptpclient.sourceforge.net/contact.phtml

The developers of pptpclient will be able to help you there. I'm not sure what's going on there.

----------

## RypPn

Hi there,

When I originally worked on the documentation for the pptp.sourceforge site in January it became evident that Copyright Issues were going to restrict what algorithms could be documented. If you need compression support also, I include the information I had worked on at the time but couldn't be included, hope this is of help...

Best Regards,

John R.

These are instructions for installing PPTP Client on Gentoo Linux.

Most of the software is available on portage, please remember to add USE flag mppe-mppc to /etc/make.conf to apply the mppe-mppc patch to ppp.

MPPE is Microsoft Point-To-Point Encryption, and is described in

RFC3078.

Microsoft Windows VPN Server requires MPPE.

You will need to patch your kernel if your PPTP Server requires it. The patch is available from http://www.polbox.com/h/hs001/<p>

Kernel Configuration

Apply the patch to the kernel:

$ cd /usr/src

$ ln -s linux-2.6.X-gentoo-rX linux-2.6.X

$ patch -p0 < linux-2.6.X-mppe-mppc-1.X.patch.gz

Configure the kernel:

$ make menuconfig

 Cryptographic options  --->

  [*] Cryptographic API

  [*]   HMAC support

  [M]   MD5 digest algorithm

  ---   SHA1 digest algorithm

  [M]   SHA256 digest algorithm

  [M]   SHA384 and SHA512 digest algorithms

  [M]   DES and Triple DES EDE cipher algorithms

  ---   ARC4 cipher algorithm

  [M]   Deflate compression algorithm

and

Device Drivers  --->

  Networking support  --->

   [*]   PPP (point-to-point protocol) support

   [*]     PPP filtering

   [M]     PPP support for async serial ports

   [M]     PPP support for sync tty ports

   [M]     PPP Deflate compression

   [M]     PPP BSD-Compress compression  

   [M]     Microsoft PPP compression/encryption (MPPC/MPPE)

Emerge ppp:

$ emerge ppp

If you have enabled the mppe-mppc USE flag correctly output from this should look like this...

>>> emerge (1 of 1) net-dialup/ppp-2.4.2-r9 to /

>>> md5 src_uri ;-) ppp-2.4.2.tar.gz

>>> md5 src_uri ;-) ppp-2.4.2-mppe-mppc-1.1.patch.gz

>>> md5 src_uri ;-) ppp-dhcpc.tgz

>>> Unpacking source...

>>> Unpacking ppp-2.4.2.tar.gz to /var/tmp/portage/ppp-2.4.2-r9/work

>>> Unpacking ppp-2.4.2-mppe-mppc-1.1.patch.gz to /var/tmp/portage/ppp-2.4.2-r9/work

>>> Unpacking ppp-dhcpc.tgz to /var/tmp/portage/ppp-2.4.2-r9/work

 * Applying cbcp-dosfix.patch ...                                         [ ok ]

 * Applying mpls.patch.gz ...                                             [ ok ]

 * Applying killaddr-smarter.patch.gz ...                                 [ ok ]

 * Applying cflags.patch ...                                              [ ok ]

 * Applying control_c.patch ...                                           [ ok ]

 mppe-mppc

 * Enabling mppe-mppc support

 * Applying ppp-2.4.2-mppe-mppc-1.1.patch.gz ...                          [ ok ]

 (Final tip, edit /etc/ppp/peers/$TUNNEL and change require-mppe to mppe required stateless)

Installation

Update your portage tree:

$ emerge sync

Install pptpclient:

$ emerge -a pptpclient

Install pptpconfig (GUI):

$ emerge -a pptpconfig

Run as root and the window should appear:

$ pptpconfig

Or follow the last part on the pptp website to setup a desktop entry.

----------

## jkelly

Thanks to both John R. and KsE for the pointers. I'm still stuck in the water, after closely following John R.'s post (except for omitting "stateless" on "mppe required stateless", cuz that gave me an error), but my situation is a bit different: I'm trying to connect to a Debian machine that is acting as a PPTP server with MPPE compiled in (so that the boss can use the VPN from home from his Windows machine).

My colleague who set up the firewall/VPN server told me that I'd need MPPE, so I figured I'd follow standard directions PPTP w/MPPE. But when I try connecting using pptpconfig, I get this:

```
rcvd [LCP EchoRep id=0x0 magic=0x64c5c003]

rcvd [CHAP Success id=0x78 "Access granted"]

CHAP authentication succeeded: Access granted

MPPE required, but MS-CHAP[v2] auth not performed.

sent [LCP TermReq id=0x2 "MPPE required but not available"]

```

And then utter failure.  Here's the entire output of pptpconfig: 

```
pptpconfig: debug information dump begins

WARNING: security sensitive information follows

pptpconfig 1.2 2004/06/19 08:57:15

# pppd --version

pppd version 2.4.2

# uname -a

Linux spike 2.6.8-gentoo-r3 #4 Fri Feb 25 14:22:20 CET 2005 i686 Intel(R) Pentium(R) M processor 1600MHz GenuineIntel GNU/Linux

# grep mppe /proc/modules

ppp_mppe_mppc 14272 0 - Live 0xfd258000

# modinfo ppp_mppe

Array

(

    [name] => fnintranet

    [server] => firewall

    [domain] => 

    [username] => [******]

    [password] => (hidden by pptpconfig)

    [pppd-options] => 

    [pptp-options] => 

    [resolv] => 

    [dns-options] => 

    [routing] => routing_client_to_lan

    [usepeerdns] => 1

    [require-mppe] => 1

    [nomppe-40] => 

    [nomppe-128] => 

    [refuse-eap] => 

    [mppe-stateful] => 

    [autostart] => 

    [iconify] => 

    [persist] => 

    [debug] => 1

    [client-to-lan] => 

)

# route -n (before pppd)

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0

127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo

0.0.0.0         192.168.100.1   0.0.0.0         UG    0      0        0 eth0

pptpconfig: debug information dump ends, starting pppd

pppd options in effect:

debug      # (from /etc/ppp/peers/fnintranet)

updetach      # (from command line)

logfd 1      # (from command line)

linkname fnintranet      # (from /etc/ppp/peers/fnintranet)

dump      # (from /etc/ppp/peers/fnintranet)

noauth      # (from /etc/ppp/options.pptp)

name [******]      # (from /etc/ppp/peers/fnintranet)

remotename fnintranet      # (from /etc/ppp/peers/fnintranet)

      # (from /etc/ppp/options.pptp)

pty pptp firewall --nolaunchpppd       # (from /etc/ppp/peers/fnintranet)

mru 1000      # (from /etc/ppp/options.pptp)

mtu 1000      # (from /etc/ppp/options.pptp)

lcp-echo-failure 10      # (from /etc/ppp/options.pptp)

lcp-echo-interval 10      # (from /etc/ppp/options.pptp)

ipparam fnintranet      # (from /etc/ppp/peers/fnintranet)

usepeerdns      # (from /etc/ppp/peers/fnintranet)

nobsdcomp      # (from /etc/ppp/options.pptp)

nodeflate      # (from /etc/ppp/options.pptp)

mppe xxx # [don't know how to print value]      # (from /etc/ppp/peers/fnintranet)

using channel 18

Using interface ppp0pptpconfig: monitoring interface ppp0

Connect: ppp0 <--> /dev/pts/8

Warning - secret file /etc/ppp/pap-secrets has world and/or group access

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x16a5017e> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MD5> <magic 0x64c5c003> <pcomp> <accomp>]

sent [LCP ConfAck id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MD5> <magic 0x64c5c003> <pcomp> <accomp>]

rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x16a5017e> <pcomp> <accomp>]

sent [LCP EchoReq id=0x0 magic=0x16a5017e]

rcvd [LCP EchoReq id=0x0 magic=0x64c5c003]

sent [LCP EchoRep id=0x0 magic=0x16a5017e]

rcvd [CHAP Challenge id=0x78 <21935979a4f9cb69a9de1f2b89eec32e1e094063>, name = "firewall"]

Warning - secret file /etc/ppp/chap-secrets has world and/or group access

sent [CHAP Response id=0x78 <a811e88120759afebb859fb2511d0a7d>, name = "[******]"]

rcvd [LCP EchoRep id=0x0 magic=0x64c5c003]

rcvd [CHAP Success id=0x78 "Access granted"]

CHAP authentication succeeded: Access granted

MPPE required, but MS-CHAP[v2] auth not performed.

sent [LCP TermReq id=0x2 "MPPE required but not available"]

rcvd [LCP TermReq id=0x2 "MPPE required but not available"]

sent [LCP TermAck id=0x2]

rcvd [LCP TermAck id=0x2]

Connection terminated.

Waiting for 1 child processes...

  script pptp firewall --nolaunchpppd , pid 16995

Script pptp firewall --nolaunchpppd  finished (pid 16995), status = 0x0

# route -n (after pppd exit)

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0

127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo

0.0.0.0         192.168.100.1   0.0.0.0         UG    0      0        0 eth0

pptpconfig: pppd process terminated by signal 10 (failed)

pptpconfig: SIGUSR1

# route -n (after completion)

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0

127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo

0.0.0.0         192.168.100.1   0.0.0.0         UG    0      0        0 eth0

```

I don't know if it's useful info, but an lsmod gives me this:

```

Module                  Size  Used by

ppp_synctty             8128  0 

ppp_deflate             4736  0 

zlib_deflate           21912  1 ppp_deflate

zlib_inflate           21248  1 ppp_deflate

ppp_mppe_mppc          14272  0 

ppp_async               9344  0 

crc_ccitt               1792  1 ppp_async

ndiswrapper            73280  0 

usbserial              22752  0 

intel_agp              19424  1 

agpgart                28072  1 intel_agp

fglrx                 233788  21 

dummy                   2116  0 

yenta_socket           18624  0 

ds                     14212  4 

pcmcia_core            54604  2 yenta_socket,ds

cpuid                   2436  0 

cifs                  178028  0 

ide_cd                 36768  0 

```

Thanks in advance for any nudges in the right direction. I'd be more than happy to post any other config files if need be.

-Kelly

----------

## RypPn

If you'd like to work on this with me come on IRC to #gentoo on freenode, you'll find me under the nick RypPn. As long as you post the eventual solution back here for others to follow  :Wink: 

Best Regards,

John

----------

## R4miu5

i was trying to connect to the vpn of my school but when i do pon my_peer nothing happens.

ifconfig ppp0:

tells me no ip just no packages arrived departed and so on...

i think theres an error about my chap-secrets, because i dont know exactly what to write in it.

my domain is mb my user name is skellxig and how does my file have to look if my password were test?

but its a good tutorial. its not your fault that im so stupid:D

----------

## KsE

```

mb\\skellxig PPTP test *

PPTP mb\\skellxig test * 

```

Keep in mind that you need to keep PPTP, and the other vars consistant throughout.

----------

## R4miu5

sorry my english is not the best. i dont really understand what you wanted to tell me.

but if i do pon my_peer and ifconfig ppp0 i see what i told you and after 1 second it disappears

----------

## KsE

You're going to have to do some debugging to see what the problem is.

I explained this as the last code segment in the howto.

```

pppd call my_peer logfd 2 nodetach debug dump 

```

Also, just do "ifconfig" with out the ppp0 part. Who knows for sure what it'll come up as.

----------

## R4miu5

i get an error like

```
Unknown MS-CHAP authenticatino failure: E=61 R=1 C=<many letters and numbers> V=3

sent [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"

rcvd [LCP TermAck id=0x2 "Failed to authenticate ourselves to peer"

Connection terminated

<then some less important strings>

*** glibc detected *** double free or curruption (fasttop): 0x08ß58748
```

----------

## KsE

Well, your chap authentication isn't working. What kernel do you have? Which patch did you use? Did you build the necessary kernel options?

I'd need to see your whole output for that. Also, you can try the pptp-client mailing list. The actual developers will answer your questions there, and they'll probably have more of an idea.

----------

## R4miu5

kernel: 2.6.11-r3

patch: http://www.polbox.com/h/hs001/linux-2.6.11-mppe-mppc-1.3.patch.gz

all modules activated

i'm sorry. but i cant copy and paste from the console. ill try the mailing list. thanks for help

----------

## MultiMike

After applying the patch, recompiling kernel and installing modules, I have no 'ppp_mppe' module that I can load.  I have 'ppp-compress-18', but not the other.  I am unable to successfully connect to the VPN, so is that why?  How do I get this module?

----------

## R4miu5

i retried now and i get the following message:

```
no auth is possible

<then some retries>

and at the end tcflush failed Bad file descriptor
```

----------

## KsE

 *MultiMike wrote:*   

> After applying the patch, recompiling kernel and installing modules, I have no 'ppp_mppe' module that I can load.  I have 'ppp-compress-18', but not the other.  I am unable to successfully connect to the VPN, so is that why?  How do I get this module?

 

It should be there. Are you sure you applied it to the right kernel?

----------

## nichocouk

Hi there,

I am about to install PPP to connect to my college's VPN server. I'm not sure if it is a Windows server or not. The admin says that in order to connect to VPN I 'will require to have MPOA installed in the linux kernel'. Has it something to do with MPPE? atm i'm using linux-2.6.10-gentoo-r6.

sorry if it's a stupid question...  :Confused: 

----------

## neilhwatson

My pptp tunnel connects and is stable.  However, I cannot route any traffic through it.  I attempt to add a route but, that causes the tunnel to drop.  For more info: https://forums.gentoo.org/viewtopic-t-311222-highlight-.html

----------

## nichocouk

OK, sorry, my question was stupid...  :Rolling Eyes: 

It has nothing to do, these are two different options in the kernel config (and you don't need a patch to enable MPOA in the kernel).

----------

## neilhwatson

Does anyone know why I can call 

```
pon <peer>
```

 successfully via command line but not via crontab?

----------

## nichocouk

As a guess: try typing the full path of the command in your crontab?

Or could it be a problem with group permissions?

----------

## neilhwatson

I use the full paths for all commands. I ran in debug mode having the script start and stop a VPN tunnel but, the ppp log revealed little:

```

Mar 22 11:39:01 ettin pppd[19400]: pppd 2.4.2 started by root, uid 0

Mar 22 11:39:01 ettin pppd[19400]: using channel 58

Mar 22 11:39:01 ettin pppd[19400]: Using interface ppp1

Mar 22 11:39:01 ettin pppd[19400]: Connect: ppp1 <--> /dev/pts/5

Mar 22 11:39:02 ettin pppd[19400]: Modem hangup

Mar 22 11:39:02 ettin pppd[19400]: Connection terminated.

Mar 22 11:39:02 ettin pppd[19400]: Waiting for 1 child processes...

Mar 22 11:39:02 ettin pppd[19400]:   script pptp xxx.xxx.xxx.xxx --nolaunchpppd, pid 19402

Mar 22 11:39:02 ettin pppd[19400]: Script pptp xxx.xxx.xxx.xxx --nolaunchpppd finished (pid 19402), status = 0x7f

Mar 22 11:39:02 ettin pppd[19400]: Exit.

```

----------

## nichocouk

Hello there,

I'm trying to have pptp client running a VPN connection to my college but... I can't ! 

I have followed this HOWTO and the PPTP gentoo tutorial, googled, and I'm getting crazy about it.

The only thing I know for sure is that my VPN server requires MPPE and MPOA activated in the kernel.

Here is my config for /etc/ppp/peers/mypeer

```

remotename mypeer

linkname mypeer

ipparam mypeer

pty "pptp my.peer.some.where --nolaunchpppd "

name myusername

usepeerdns

require-mppe

debug dump

noauth

file /etc/ppp/options.pptp

```

the /etc/ppp/options.pptp

```

lock

noauth

nobsdcomp

nodeflate

require-mppe

mtu 1000

mru 1000

lcp-echo-failure 10

lcp-echo-interval 10

```

and the debug log:

```

pptpconfig: debug information dump begins

WARNING: security sensitive information follows

pptpconfig 1.2 2004/06/19 08:57:15

# pppd --version

pppd version 2.4.3

# uname -a

Linux dphlp0002 2.6.11-gentoo-r4 #2 SMP Mon Mar 21 17:10:55 GMT 2005 i686 Mobile Intel(R) Pentium(R) 4     CPU 3.06GHz GenuineIntel GNU/Linux

# grep mppe /proc/modules

# modinfo ppp_mppe

Array

(

    [name] => Mypeer

    [server] => my.peer.some.where

    [domain] => 

    [username] => myusername

    [password] => (hidden by pptpconfig)

    [pppd-options] => 

    [pptp-options] => 

    [resolv] => 

    [dns-options] => 

    [routing] => routing_interface_only

    [usepeerdns] => 1

    [require-mppe] => 1

    [nomppe-40] => 

    [nomppe-128] => 

    [refuse-eap] => 

    [mppe-stateful] => 

    [autostart] => 

    [iconify] => 

    [persist] => 

    [debug] => 1

    [client-to-lan] => 

)

# route -n (before pppd)

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 ath0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         10.0.0.2        0.0.0.0         UG    0      0        0 ath0

pptpconfig: debug information dump ends, starting pppd

/usr/sbin/pppd: In file /etc/ppp/peers/mypeer: unrecognized option 'require-mppe'

# route -n (after pppd exit)

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 ath0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         10.0.0.2        0.0.0.0         UG    0      0        0 ath0

pptpconfig: pppd process terminated by signal 2 (failed)

pptpconfig: SIGINT

# route -n (after completion)

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 ath0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         10.0.0.2        0.0.0.0         UG    0      0        0 ath0

```

Also, I get this message:

```
modinfo: could not find module ppp_mppe
```

I can't see what I'm doing wrong and why this module can't be found... Sorry if it's trivial, but I need some help.

Cheers.

----------

## KsE

Your options.pptp file should look like this

```

lock

noauth

nobsdcomp

nodeflate

```

Notice the "require-mppe" line isn't there.

----------

## nichocouk

Thanks! I actually have made some progress and found out that it is better when this line is not there. But why is that so? My VPN server says that it requires MPPE encryption.  :Question: 

Now, I get the modem hangup message that someone else also had:

```

pptpconfig: debug information dump begins

WARNING: security sensitive information follows

pptpconfig 1.2 2004/06/19 08:57:15

# pppd --version

pppd version 2.4.3

# uname -a

Linux dphlp0002 2.6.11-gentoo-r4 #2 SMP Mon Mar 21 17:10:55 GMT 2005 i686 Mobile Intel(R) Pentium(R) 4     CPU 3.06GHz GenuineIntel GNU/Linux

# grep mppe /proc/modules

ppp_mppe_mppc 16004 0 - Live 0xe0bc6000 [Note that it's there because I did a modprobe by hand]

# modinfo ppp_mppe

Array

(

    [name] => MyPeer

    [server] => my.peer.some.where

    [domain] => 

    [username] => MyName

    [password] => (hidden by pptpconfig)

    [pppd-options] => 

    [pptp-options] => 

    [resolv] => 

    [dns-options] => 

    [routing] => routing_all_to_tunnel

    [usepeerdns] => 1

    [require-mppe] => 

    [nomppe-40] => 

    [nomppe-128] => 

    [refuse-eap] => 

    [mppe-stateful] => 

    [autostart] => 

    [iconify] => 

    [persist] => 

    [debug] => 1

    [client-to-lan] => 

)

# route -n (before pppd)

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

144.124.47.241  144.124.51.254  255.255.255.255 UGH   0      0        0 eth0

144.124.48.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         144.124.51.254  0.0.0.0         UG    0      0        0 eth0

pptpconfig: debug information dump ends, starting pppd

pppd options in effect:

debug      # (from /etc/ppp/peers/MyPeer)

updetach      # (from command line)

logfd 1      # (from command line)

linkname MyPeer      # (from /etc/ppp/peers/MyPeer)

dump      # (from /etc/ppp/peers/MyPeer)

noauth      # (from /etc/ppp/options.pptp)

name MyName      # (from /etc/ppp/peers/MyPeer)

remotename MyPeer      # (from /etc/ppp/peers/MyPeer)

      # (from /etc/ppp/options.pptp)

pty pptp my.peer.some.where --nolaunchpppd       # (from /etc/ppp/peers/MyPeer)

mru 1000      # (from /etc/ppp/options.pptp)

mtu 1000      # (from /etc/ppp/options.pptp)

lcp-echo-failure 10      # (from /etc/ppp/options.pptp)

lcp-echo-interval 10      # (from /etc/ppp/options.pptp)

ipparam MyPeer      # (from /etc/ppp/peers/MyPeer)

usepeerdns      # (from /etc/ppp/peers/MyPeer)

nobsdcomp      # (from /etc/ppp/options.pptp)

nodeflate      # (from /etc/ppp/options.pptp)

using channel 3

Using interface ppp0

pptpconfig: monitoring interface ppp0

Connect: ppp0 <--> /dev/pts/3

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <mru 1400> <auth chap MS-v2> <magic 0x26d462fb> <pcomp> <accomp> <callback CBCP>]

sent [LCP ConfRej id=0x0 <callback CBCP>]

rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x26d462fb> <pcomp> <accomp>]

sent [LCP ConfNak id=0x1 <auth pap>]

rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS> <magic 0x26d462fb> <pcomp> <accomp>]

sent [LCP ConfNak id=0x2 <auth pap>]

rcvd [LCP ConfReq id=0x3 <mru 1400> <auth chap MS> <magic 0x26d462fb> <pcomp> <accomp>]

sent [LCP ConfNak id=0x3 <auth pap>]

rcvd [LCP ConfReq id=0x4 <mru 1400> <auth chap MS> <magic 0x26d462fb> <pcomp> <accomp>]

sent [LCP ConfNak id=0x4 <auth pap>]

rcvd [LCP ConfReq id=0x5 <mru 1400> <auth chap MS> <magic 0x26d462fb> <pcomp> <accomp>]

sent [LCP ConfNak id=0x5 <auth pap>]

rcvd [LCP ConfReq id=0x6 <mru 1400> <auth chap MS> <magic 0x26d462fb> <pcomp> <accomp>]

sent [LCP ConfRej id=0x6 <auth chap MS>]

rcvd [LCP TermReq id=0x7 "&\37777777724b\37777777773\000<\37777777715t\000\000\003\37777777627"]

sent [LCP TermAck id=0x7]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xa5c3c187> <pcomp> <accomp>]

Script pptp my.peer.some.where --nolaunchpppd  finished (pid 7714), status = 0x0

Modem hangup

Connection terminated.

# route -n (after pppd exit)

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

144.124.47.241  144.124.51.254  255.255.255.255 UGH   0      0        0 eth0

144.124.48.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         144.124.51.254  0.0.0.0         UG    0      0        0 eth0

pptpconfig: pppd process terminated by signal 16 (failed)

pptpconfig: SIGUSR1

# route -n (after completion)

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

144.124.47.241  144.124.51.254  255.255.255.255 UGH   0      0        0 eth0

144.124.48.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         144.124.51.254  0.0.0.0         UG    0      0        0 eth0

```

Any idea??

Cheers,

----------

## KsE

Can you show me your options.pptp file, and your peers/my_peer file?

Also, can you run pptp like this

```

pppd call my_peer logfd 2 nodetach debug dump 

```

and give me the output?

Remember to remove any sensitive info.

----------

## nichocouk

options.pptp

```

lock

noauth

nobsdcomp

nodeflate

mtu 1000

mru 1000

lcp-echo-failure 10

lcp-echo-interval 10

```

peers/mypeer

```

remotename Mypeer

linkname Mypeer

ipparam Mypeer

pty "pptp my.peer.some.where --nolaunchpppd "

name Myname

usepeerdns

debug dump

noauth

file /etc/ppp/options.pptp

```

Output:

```

pppd options in effect:

debug debug             # (from command line)

nodetach                # (from command line)

logfd 2         # (from command line)

linkname AberVPN                # (from /etc/ppp/peers/AberVPN)

dump            # (from command line)

noauth          # (from /etc/ppp/options.pptp)

name nll                # (from /etc/ppp/peers/AberVPN)

remotename AberVPN              # (from /etc/ppp/peers/AberVPN)

                # (from /etc/ppp/options.pptp)

pty pptp vpn.aber.ac.uk --nolaunchpppd          # (from /etc/ppp/peers/AberVPN)

mru 1000                # (from /etc/ppp/options.pptp)

mtu 1000                # (from /etc/ppp/options.pptp)

lcp-echo-failure 10             # (from /etc/ppp/options.pptp)

lcp-echo-interval 10            # (from /etc/ppp/options.pptp)

ipparam AberVPN         # (from /etc/ppp/peers/AberVPN)

usepeerdns              # (from /etc/ppp/peers/AberVPN)

nobsdcomp               # (from /etc/ppp/options.pptp)

nodeflate               # (from /etc/ppp/options.pptp)

using channel 2

Using interface ppp0

Connect: ppp0 <--> /dev/pts/4

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <mru 1400> <auth chap MS-v2> <magic 0x4d8e6704> <pcomp> <accomp> <callback CBCP>]

sent [LCP ConfRej id=0x0 <callback CBCP>]

rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x4d8e6704> <pcomp> <accomp>]

sent [LCP ConfNak id=0x1 <auth pap>]

rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS> <magic 0x4d8e6704> <pcomp> <accomp>]

sent [LCP ConfNak id=0x2 <auth pap>]

rcvd [LCP ConfReq id=0x3 <mru 1400> <auth chap MS> <magic 0x4d8e6704> <pcomp> <accomp>]

sent [LCP ConfNak id=0x3 <auth pap>]

rcvd [LCP ConfReq id=0x4 <mru 1400> <auth chap MS> <magic 0x4d8e6704> <pcomp> <accomp>]

sent [LCP ConfNak id=0x4 <auth pap>]

rcvd [LCP ConfReq id=0x5 <mru 1400> <auth chap MS> <magic 0x4d8e6704> <pcomp> <accomp>]

sent [LCP ConfNak id=0x5 <auth pap>]

rcvd [LCP ConfReq id=0x6 <mru 1400> <auth chap MS> <magic 0x4d8e6704> <pcomp> <accomp>]

sent [LCP ConfRej id=0x6 <auth chap MS>]

rcvd [LCP TermReq id=0x7 "M\37777777616g\004\000<\37777777715t\000\000\003\37777777627"]

sent [LCP TermAck id=0x7]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x1e30041f> <pcomp> <accomp>]

Script pptp vpn.aber.ac.uk --nolaunchpppd  finished (pid 7316), status = 0x0

Modem hangup

Connection terminated.

```

Well, I might have a hint: I am today at my work place - behind a firewall. I will have to wait tonight until I'm back home to see the result.

----------

## KsE

Ok, if not, there is a few things in your peers/my_peer file you should change.

First, do you need a domain when logging in? Like "domain\\user"?

----------

## nichocouk

I'll check with the VPN people. I don't think so, but I'll ask them again. I'd like to carry on trying though because it's bank holiday today and on Monday for Easter and I would like to be able to connect before Tuesday! :Crying or Very sad: 

EDIT: They are back to work next Wednesday! aaaaarrrggggg...

----------

## nichocouk

Hello,

this time I'm at home with my ADSL connection. I get the same kind of modem hangup error message.

If I leave my config files as given before on my previous post, the output of the pppd command is:

```

pppd options in effect:

debug debug             # (from command line)

nodetach                # (from command line)

logfd 2         # (from command line)

linkname MyPeer                # (from /etc/ppp/peers/MyPeer)

dump            # (from command line)

noauth          # (from /etc/ppp/options.pptp)

name MyName                # (from /etc/ppp/peers/MyPeer)

remotename MyPeer              # (from /etc/ppp/peers/MyPeer)

                # (from /etc/ppp/options.pptp)

                pty pptp my.peer.some.where --nolaunchpppd          # (from /etc/ppp/peers/MyPeer)

                mru 1000                # (from /etc/ppp/options.pptp)

                mtu 1000                # (from /etc/ppp/options.pptp)

                lcp-echo-failure 10             # (from /etc/ppp/options.pptp)

                lcp-echo-interval 10            # (from /etc/ppp/options.pptp)

                ipparam MyPeer         # (from /etc/ppp/peers/MyPeer)

                usepeerdns              # (from /etc/ppp/peers/MyPeer)

                nobsdcomp               # (from /etc/ppp/options.pptp)

                nodeflate               # (from /etc/ppp/options.pptp)

                using channel 6

                Using interface ppp0

                Connect: ppp0 <--> /dev/pts/1

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                rcvd [LCP ConfReq id=0x0 <mru 1400> <auth chap MS-v2> <magic 0xc5451b0> <pcomp> <accomp> <callback CBCP>]

                sent [LCP ConfRej id=0x0 <callback CBCP>]

                rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                rcvd [LCP ConfReq id=0x1 <mru 1400> <auth chap MS-v2> <magic 0xc5451b0> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x1 <auth pap>]

                rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS> <magic 0xc5451b0> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x2 <auth pap>]

                rcvd [LCP ConfReq id=0x3 <mru 1400> <auth chap MS> <magic 0xc5451b0> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x3 <auth pap>]

                rcvd [LCP ConfReq id=0x4 <mru 1400> <auth chap MS> <magic 0xc5451b0> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x4 <auth pap>]

                rcvd [LCP ConfReq id=0x5 <mru 1400> <auth chap MS> <magic 0xc5451b0> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x5 <auth pap>]

                rcvd [LCP ConfReq id=0x6 <mru 1400> <auth chap MS> <magic 0xc5451b0> <pcomp> <accomp>]

                sent [LCP ConfRej id=0x6 <auth chap MS>]

                rcvd [LCP TermReq id=0x7 0c 54 51 b0 00 3c cd 74 00 00 03 97]

                sent [LCP TermAck id=0x7]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x2b1bfd7d> <pcomp> <accomp>]

                Script pptp my.peer.some.where --nolaunchpppd  finished (pid 7406), status = 0x0

                Modem hangup

                Connection terminated.

```

I also tried to comment the lines about MTU/MRU and lcp-echo (which means I basically removed the last 4 lines from options.pptp). The output is the following:

```

pppd options in effect:

debug debug             # (from command line)

nodetach                # (from command line)

logfd 2         # (from command line)

linkname MyPeer                # (from /etc/ppp/peers/MyPeer)

dump            # (from command line)

noauth          # (from /etc/ppp/options.pptp)

name MyName                # (from /etc/ppp/peers/MyPeer)

remotename MyPeer              # (from /etc/ppp/peers/MyPeer)

                # (from /etc/ppp/options.pptp)

                pty pptp my.peer.some.where --nolaunchpppd          # (from /etc/ppp/peers/MyPeer)

                ipparam MyPeer         # (from /etc/ppp/peers/MyPeer)

                usepeerdns              # (from /etc/ppp/peers/MyPeer)

                nobsdcomp               # (from /etc/ppp/options.pptp)

                nodeflate               # (from /etc/ppp/options.pptp)

                using channel 5

                Using interface ppp0

                Connect: ppp0 <--> /dev/pts/1

                sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                rcvd [LCP ConfReq id=0x0 <mru 1400> <auth chap MS-v2> <magic 0x6a7b6265> <pcomp> <accomp> <callback CBCP>]

                sent [LCP ConfRej id=0x0 <callback CBCP>]

                rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                rcvd [LCP ConfReq id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x6a7b6265> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x1 <auth pap>]

                rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS> <magic 0x6a7b6265> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x2 <auth pap>]

                rcvd [LCP ConfReq id=0x3 <mru 1400> <auth chap MS> <magic 0x6a7b6265> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x3 <auth pap>]

                rcvd [LCP ConfReq id=0x4 <mru 1400> <auth chap MS> <magic 0x6a7b6265> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x4 <auth pap>]

                rcvd [LCP ConfReq id=0x5 <mru 1400> <auth chap MS> <magic 0x6a7b6265> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x5 <auth pap>]

                rcvd [LCP ConfReq id=0x6 <mru 1400> <auth chap MS> <magic 0x6a7b6265> <pcomp> <accomp>]

                sent [LCP ConfRej id=0x6 <auth chap MS>]

                rcvd [LCP TermReq id=0x7 "j{be\000<\37777777715t\000\000\003\37777777627"]

                sent [LCP TermAck id=0x7]

                sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8cbb7997> <pcomp> <accomp>]

                Script pptp my.peer.some.where --nolaunchpppd  finished (pid 7368), status = 0x0

                Modem hangup

                Connection terminated.

```

Thanks again for your time!

----------

## kiezpro

@ KsE:

That's a great howto, worked without problems the first time I tried.

Thanks!

----------

## KsE

That's good to hear. That's why I posted it.

I struggled with this for quite some time. I got help from James Cameron (one of the developers) debugging it for quite some time before I got it to work.

----------

## nichocouk

Hi there,

I got some new hints from the VPN server administrator: I do not need a domain name; I should remove the noauth line in my config files. So now I have:

options.pptp

```

lock

nobsdcomp

nodeflate

mtu 1000

mru 1000

lcp-echo-failure 10

lcp-echo-interval 10

```

peers/mypeer

```

remotename mypeer

linkname mypeer

ipparam mypeer

pty "pptp my.peer.some.where --nolaunchpppd "

name myname

usepeerdns

debug dump

file /etc/ppp/options.pptp

```

Ouput from command:

```

pppd options in effect:

debug debug             # (from command line)

nodetach                # (from command line)

logfd 2         # (from command line)

linkname Mypeer                # (from /etc/ppp/peers/Mypeer)

dump            # (from command line)

name Myname                # (from /etc/ppp/peers/Mypeer)

remotename Mypeer              # (from /etc/ppp/peers/Mypeer)

                # (from /etc/ppp/options.pptp)

                pty pptp my.peer.some.where --nolaunchpppd          # (from /etc/ppp/peers/Mypeer)

                mru 1000                # (from /etc/ppp/options.pptp)

                mtu 1000                # (from /etc/ppp/options.pptp)

                lcp-echo-failure 10             # (from /etc/ppp/options.pptp)

                lcp-echo-interval 10            # (from /etc/ppp/options.pptp)

                ipparam Mypeer         # (from /etc/ppp/peers/Mypeer)

                usepeerdns              # (from /etc/ppp/peers/Mypeer)

                nobsdcomp               # (from /etc/ppp/options.pptp)

                nodeflate               # (from /etc/ppp/options.pptp)

                using channel 3

                Using interface ppp0

                Connect: ppp0 <--> /dev/pts/2

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                rcvd [LCP ConfReq id=0x0 <mru 1400> <auth chap MS-v2> <magic 0x772b6001> <pcomp> <accomp> <callback CBCP>]

                sent [LCP ConfRej id=0x0 <callback CBCP>]

                rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                rcvd [LCP ConfReq id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x772b6001> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x1 <auth pap>]

                rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS> <magic 0x772b6001> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x2 <auth pap>]

                rcvd [LCP ConfReq id=0x3 <mru 1400> <auth chap MS> <magic 0x772b6001> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x3 <auth pap>]

                rcvd [LCP ConfReq id=0x4 <mru 1400> <auth chap MS> <magic 0x772b6001> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x4 <auth pap>]

                rcvd [LCP ConfReq id=0x5 <mru 1400> <auth chap MS> <magic 0x772b6001> <pcomp> <accomp>]

                sent [LCP ConfNak id=0x5 <auth pap>]

                rcvd [LCP ConfReq id=0x6 <mru 1400> <auth chap MS> <magic 0x772b6001> <pcomp> <accomp>]

                sent [LCP ConfRej id=0x6 <auth chap MS>]

                rcvd [LCP TermReq id=0x7 "w+`\001\000<\37777777715t\000\000\003\37777777627"]

                sent [LCP TermAck id=0x7]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0xbf85ed4e> <pcomp> <accomp>]

                Script pptp my.peer.some.where --nolaunchpppd  finished (pid 7528), status = 0x0

                Modem hangup

                Connection terminated.

```

It hasn't changed much since last time...! Sorry!

----------

## Maddog Battie

Thanks for all the comments / tips etc in the above posts. After being stuck for quite a while I've managed to get my link working. In this process I've spotted the following which hopefully will be useful to somebody:

minor typo

```
# gzip -d linux-2.6.10-mppe-mppc-1.2.patch.gz 

# patch -p1 < linux-2.6.10-mppe-mppc-1.2.patch.gz 
```

should read

```
# gzip -d linux-2.6.10-mppe-mppc-1.2.patch.gz 

# patch -p1 < linux-2.6.10-mppe-mppc-1.2.patch 
```

(or possibly even 2.6.11 as that is the latest version now)

This bit I didn't understand

```
# nano -w /etc/modules.d/ppp 

ppp-compress-18 

ppp_mppe 
```

my file contained the following and I left it as is

```
# cat /etc/modules.d/ppp

alias char-major-108    ppp_generic

alias /dev/ppp          ppp_generic

alias tty-ldisc-3       ppp_async

alias tty-ldisc-13      n_hdlc

alias tty-ldisc-14      ppp_synctty

alias ppp-compress-21   bsd_comp

alias ppp-compress-24   ppp_deflate

alias ppp-compress-26   ppp_deflate

alias net-pf-24         pppoe

alias ppp-compress-18 ppp_mppe_mppc
```

The following I assume is OK when logging on to a domain

```
# nano -w /etc/ppp/chap-secrets 

<domain>\\<user> PPTP <pass> * 

PPTP <domain>\\<user> <pass> * 
```

but I used the following for use without a domain

```
# nano -w /etc/ppp/chap-secrets 

<user> PPTP <pass> * 

PPTP <user> <pass> * 
```

(obvious really)

However it is important that you lock down this file to stop anyone from reading it

```
# chmod 600 /etc/ppp/chap-secrets
```

if /etc/ppp/peers does not exsist then it needs to be made

```
#mkdir /etc/ppp/peers
```

You also have to remove the domain in the following if you don't have one

```
# nano -w /etc/ppp/peers/my_peer 

pty "pptp <vpn ip addr> --nolaunchpppd" 

name <user> 

remotename PPTP 

#require-mppe-128 

file /etc/ppp/options.pptp 

ipparam my_peer 
```

Now the above got me partially working and I was able to ping the near end of the link but not the far end of the link

```
# ifconfig ppp0

ppp0      Link encap:Point-to-Point Protocol

          inet addr:10.0.2.200  P-t-P:10.0.0.2  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1000  Metric:1

          RX packets:413 errors:0 dropped:0 overruns:0 frame:0

          TX packets:413 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3

          RX bytes:4130 (4.0 Kb)  TX bytes:4136 (4.0 Kb)
```

Going into debug mode gave me the following:

```
# pppd call <my_peer> logfd 2 nodetach debug dump

<big snip>

rcvd [CHAP Success id=0x1 "Authentication succeeded, welcome!"]

CHAP authentication succeeded: Authentication succeeded, welcome!

sent [CCP ConfReq id=0x1 <mppe -H -M -S -L -D +C>]

sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]

rcvd [IPCP ConfReq id=0x1 <addr 10.0.0.2>]

sent [IPCP ConfAck id=0x1 <addr 10.0.0.2>]

rcvd [CCP ConfReq id=0x1 <mppe +H +M +S +L -D -C>]

sent [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>]

rcvd [CCP ConfNak id=0x1 <mppe +H +M +S +L -D -C>]

sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]

rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]

sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]

rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]

sent [CCP ConfNak id=0x2 <mppe -H -M +S -L -D -C>]

rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]

rcvd [IPCP ConfNak id=0x2 <addr 10.0.2.200>]

sent [IPCP ConfReq id=0x3 <addr 10.0.2.200>]

rcvd [CCP ConfReq id=0x3 <mppe +H -M +S -L -D -C>]

sent [CCP ConfNak id=0x3 <mppe -H -M +S -L -D -C>]

rcvd [IPCP ConfAck id=0x3 <addr 10.0.2.200>]

local  IP address 10.0.2.200

remote IP address 10.0.0.2

Script /etc/ppp/ip-up started (pid 6506)

Script /etc/ppp/ip-up finished (pid 6506), status = 0x1

rcvd [CCP ConfReq id=0x4 <mppe +H -M +S -L -D -C>]

sent [CCP ConfNak id=0x4 <mppe -H -M +S -L -D -C>]

rcvd [CCP ConfReq id=0x5 <mppe +H -M +S -L -D -C>]

sent [CCP ConfNak id=0x5 <mppe -H -M +S -L -D -C>]

rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]

sent [CCP ConfRej id=0x6 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]

sent [CCP ConfRej id=0x6 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]
```

which started off OK but ended up not being able to negotiate the correct flags for mppe (I think). The link therefore never started up.

I solved the problem by adding the following to options.pptp

```
# nano options.pptp

lock

noauth

nobsdcomp

nodeflate

#require-mppe

mppe required,stateless

mtu 1000

mru 1000

lcp-echo-failure 10

lcp-echo-interval 10
```

which then got me up and running.

```
# pppd call <my_peer> logfd 2 nodetach debug dump

<big snip>

rcvd [CHAP Success id=0x1 "Authentication succeeded, welcome!"]

CHAP authentication succeeded: Authentication succeeded, welcome!

sent [CCP ConfReq id=0x1 <mppe +H +M +S +L -D +C>]

rcvd [IPCP ConfReq id=0x1 <addr 10.0.0.2>]

sent [IPCP TermAck id=0x1]

rcvd [CCP ConfReq id=0x1 <mppe +H +M +S +L -D -C>]

sent [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfNak id=0x1 <mppe +H +M +S +L -D -C>]

sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]

sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]

sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]

sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]

sent [LCP EchoReq id=0x1 magic=0x4b111c0a]

rcvd [LCP EchoRep id=0x1 magic=0xd4b6f4]

rcvd [IPCP ConfReq id=0x1 <addr 10.0.0.2>]

sent [IPCP TermAck id=0x1]

rcvd [CCP ConfReq id=0x1 <mppe +H +M +S +L -D -C>]

sent [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]

sent [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]

MPPE 128-bit stateless compression enabled

sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]

rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]

sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]

rcvd [IPCP ConfNak id=0x2 <addr 10.0.2.200>]

sent [IPCP ConfReq id=0x3 <addr 10.0.2.200>]

rcvd [IPCP ConfAck id=0x3 <addr 10.0.2.200>]

sent [IPCP ConfReq id=0x3 <addr 10.0.2.200>]

rcvd [IPCP ConfAck id=0x3 <addr 10.0.2.200>]

sent [IPCP ConfReq id=0x3 <addr 10.0.2.200>]

rcvd [IPCP ConfAck id=0x3 <addr 10.0.2.200>]

sent [IPCP ConfReq id=0x3 <addr 10.0.2.200>]

rcvd [IPCP ConfAck id=0x3 <addr 10.0.2.200>]

sent [LCP EchoReq id=0x2 magic=0x4b111c0a]

rcvd [IPCP ConfReq id=0x1 <addr 10.0.0.2>]

sent [IPCP ConfAck id=0x1 <addr 10.0.0.2>]

local  IP address 10.0.2.200

remote IP address 10.0.0.2

Script /etc/ppp/ip-up started (pid 6574)

Script /etc/ppp/ip-up finished (pid 6574), status = 0x1
```

----------

## KsE

I actually noticed that typo a few weeks back. I thought I fixed it, guess not. Changed it now.

It's good to see you were able to work through your problem.

The /etc/modules.d/ppp portion was from the official doc. It didn't make a difference if I had it in there, but it might for some since it's in the original doc so I kept it. No harm in having the modules load.

----------

## micah_death

Will this work nearly the same with a 2.4.x kernel instead of 2.6? (the 2.6 wasn't liking my raid devices =(

----------

## nichocouk

Hello,

I am still trying to sort out my VPN connection with Linux. I have made some other changes which seem to make things a bit better (THANK YOU Maddog Battie for your post!), but I'm still not able to connect . I would be happy to have some more help!  :Crying or Very sad: 

*****

Here is the output of the command "pppd call mypeer logfd 2 nodetach debug dump":

```

pppd options in effect:

debug debug             # (from command line)

nodetach                # (from command line)

logfd 2         # (from command line)

dump            # (from command line)

name myname                # (from /etc/ppp/peers/mypeer)

remotename PPTP         # (from /etc/ppp/peers/mypeer)

                # (from /etc/ppp/options.pptp)

pty pptp my.peer.some.where --nolaunchpppd          # (from

/etc/ppp/peers/mypeer)

mru 1000                # (from /etc/ppp/options.pptp)

mtu 1000                # (from /etc/ppp/options.pptp)

lcp-echo-failure 10             # (from /etc/ppp/options.pptp)

lcp-echo-interval 10            # (from /etc/ppp/options.pptp)

ipparam mypeer         # (from /etc/ppp/peers/mypeer)

usepeerdns              # (from /etc/ppp/peers/mypeer)

nobsdcomp               # (from /etc/ppp/options.pptp)

nodeflate               # (from /etc/ppp/options.pptp)

using channel 7

Using interface ppp0

Connect: ppp0 <--> /dev/pts/1

[removed a few lines...]

rcvd [LCP EchoRep id=0x0 magic=0xfdb12c0]

rcvd [CHAP Success id=0x0 "S=978F1AFB189CFC67E8FA42F57D32A2962940FA72"]

sent [CCP ConfReq id=0x1 <mppe -H -M -S -L -D +C>]

sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 144.124.48.95>

<ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]

rcvd [CCP ConfReq id=0x3 <mppe +H -M -S -L -D +C>]

sent [CCP ConfNak id=0x3 <mppe -H -M -S -L -D +C>]

rcvd [IPCP ConfReq id=0x4 <addr 144.124.45.1>]

sent [IPCP ConfAck id=0x4 <addr 144.124.45.1>]

rcvd [CCP ConfAck id=0x1 <mppe -H -M -S -L -D +C>]

rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]

sent [IPCP ConfReq id=0x2 <addr 144.124.48.95> <ms-dns1 0.0.0.0>

<ms-dns3 0.0.0.0>]

rcvd [CCP ConfReq id=0x5 <mppe -H -M -S -L -D +C>]

sent [CCP ConfAck id=0x5 <mppe -H -M -S -L -D +C>]

MPPC compression enabled

rcvd [IPCP ConfNak id=0x2 <addr 144.124.45.18> <ms-dns1 144.124.16.12>

<ms-dns3 144.124.16.11>]

sent [IPCP ConfReq id=0x3 <addr 144.124.45.18> <ms-dns1 144.124.16.12>

<ms-dns3 144.124.16.11>]

rcvd [IPCP ConfAck id=0x3 <addr 144.124.45.18> <ms-dns1 144.124.16.12>

<ms-dns3 144.124.16.11>]

local  IP address 144.124.45.18

remote IP address 144.124.45.1

primary   DNS address 144.124.16.12

secondary DNS address 144.124.16.11

Script /etc/ppp/ip-up started (pid 14998)

Script /etc/ppp/ip-up finished (pid 14998), status = 0x1

sent [LCP EchoReq id=0x1 magic=0xef11b5d5]

rcvd [LCP EchoRep id=0x1 magic=0xfdb12c0]

...

```

The last sent / rcvd messages carry on and on until i hit ^C and then I

get:

```

Terminating on signal 2

Connect time 1.5 minutes.

Sent 0 bytes, received 36 bytes.

Script /etc/ppp/ip-down started (pid 15006)

sent [LCP TermReq id=0x2 "User request"]

Script pptp my.peer.some.where --nolaunchpppd finished (pid 14988), status =

0x0

Modem hangup

Connection terminated.

Script /etc/ppp/ip-down finished (pid 15006), status = 0x1

```

Before I interrupt the process I can check:

*** ifconfig ppp0

```

ppp0      Link encap:Point-to-Point Protocol

          inet addr:144.124.45.9  P-t-P:144.124.45.1

Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1000  Metric:1 RX

packets:8 errors:0 dropped:0 overruns:0 frame:0

          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3

          RX bytes:130 (130.0 b)  TX bytes:112 (112.0 b)

```

Below are my config files:

*** /etc/modules.d/ppp

```

alias char-major-108    ppp_generic

alias /dev/ppp          ppp_generic

alias tty-ldisc-3       ppp_async

alias tty-ldisc-13      n_hdlc

alias tty-ldisc-14      ppp_synctty

alias ppp-compress-21   bsd_comp

alias ppp-compress-24   ppp_deflate

alias ppp-compress-26   ppp_deflate

alias net-pf-24         pppoe

alias ppp-compress-18 ppp_mppe_mppc

```

*** /etc/ppp/chap-secrets

```

myname PPTP my_passwd *

PPTP myname my_passwd *

```

*** /etc/ppp/peers/mypeer

```

pty "pptp my.peer.some.where --nolaunchpppd"

name myname

remotename PPTP

file /etc/ppp/options.pptp

ipparam mypeer

usepeerdns

debug dump

```

*** /etc/ppp/options.pptp

```

lock

nobsdcomp

nodeflate

mtu 1000

mru 1000

lcp-echo-failure 10

lcp-echo-interval 10

```

Many thanks again for your help.

```

# uname -a

Linux dphlp0002 2.6.11-gentoo-r4 #2 SMP Mon Mar 21 17:10:55 GMT 2005

i686 Mobile Intel(R) Pentium(R) 4     CPU 3.06GHz GenuineIntel GNU/Linux

```

----------

## nichocouk

Right... I am happy to say that my VPN connection was running well yesterday evening. In fact my previous post here shows that it was probably running quite well last time, but I was too exhausted to notice it!  :Wink: 

However I must add that I have upgraded to gentoo-sources-2.6.11-r5 and reconfigured my kernel from scratch and it probably helped a bit...

----------

## Dexter2004

hi 

I'm having some problems connecting to a vpn... This is the command and the error:

```

pon my_peer  debug dump logfd 2 nodetach

pppd options in effect:

debug           # (from command line)

nodetach                # (from command line)

logfd 2         # (from command line)

linkname my_peer              # (from /etc/ppp/peers/digitalis)

dump            # (from command line)

noauth          # (from /etc/ppp/options.pptp)

refuse-eap              # (from /etc/ppp/peers/digitalis)

name username             # (from /etc/ppp/peers/digitalis)

remotename my_peer            # (from /etc/ppp/peers/digitalis)

                # (from /etc/ppp/options.pptp)

pty pptp ipaddress --nolaunchpppd            # (from /etc/ppp/peers/digitalis)

ipparam my_peer               # (from /etc/ppp/peers/digitalis)

usepeerdns              # (from /etc/ppp/peers/digitalis)

nobsdcomp               # (from /etc/ppp/options.pptp)

nodeflate               # (from /etc/ppp/options.pptp)

using channel 31

Using interface ppp0

Connect: ppp0 <--> /dev/pts/3

Warning - secret file /etc/ppp/pap-secrets has world and/or group access

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc4cdacff> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <auth chap MS-v2> <magic 0x5d7a0fee> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:ea.32.25.08.87.50.49.7e.af.e9.74.ed.63.9d.63.b7.00.00.00.00]> < 17 04 00 35>]

sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 00 35>]

rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xc4cdacff> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <auth chap MS-v2> <magic 0x5d7a0fee> <pcomp> <accomp> <endpoint [local:ea.32.26.88.83.51.49.6e.af.e9.74.ed.63.9d.63.b7.00.00.00.00]>]

sent [LCP ConfAck id=0x1 <auth chap MS-v2> <magic 0x5d7a0fee> <pcomp> <accomp> <endpoint [local:ea.32.26.88.83.51.49.6e.af.e9.74.ed.63.9d.63.b7.00.00.00.00]>]

rcvd [CHAP Challenge id=0x0 <08245687773d3744848accc8951e12cd>, name = "PHOE"]

sent [CHAP Response id=0x0 <794965c3bdc3c60ba15765a6f561c842000000000000000070069e91d2473cc51b61157bd97f3afe0b32a6e95ccc5e2500>, name = "username"]

rcvd [LCP TermReq id=0x3 "]z\017\37777777756\000<\37777777715t\000\000\003\37777777642"]

LCP terminated by peer (]z^OM-n^@<M-Mt^@^@^CM-")

sent [LCP TermAck id=0x3]

Connection terminated.

using channel 32

Using interface ppp0

Connect: ppp0 <--> /dev/pts/4

Waiting for 2 child processes...

  script pptp ipaddress --nolaunchpppd , pid 8672

  script pptp ipaddress --nolaunchpppd , pid 8666

Warning - secret file /etc/ppp/pap-secrets has world and/or group access

sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xf648db7> <pcomp> <accomp>]

sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xf648db7> <pcomp> <accomp>]

sending SIGTERM to process 8672

sending SIGTERM to process 8666

tcflush failed: Bad file descriptor

```

Can someone tell me what is appening?

thanks

----------

## patrickbores

I was getting LCP timeout errors, until I examined the traffic with tcpdump. It turned out that I was sending GRE packets, but not receiving any acknowledgements from the server.

Enabling GRE in the kernel solved the problem immediately. Now I just have to figure out how to get it to use the peer DNS server.

Patrick

----------

## patrickbores

Nevermind. Spoke too soon. It just stopped working for no reason.

Patrick

----------

## wmgoree

Perl-style variables are set up correctly but not listed.

```
pppd call $TUNNEL dump debug logfd 2 nodetach

pppd options in effect:

debug           # (from command line)

nodetach                # (from command line)

logfd 2         # (from command line)

dump            # (from command line)

noauth          # (from /etc/ppp/options.pptp)

name $DOMAIN\\$USERNAME          # (from /etc/ppp/peers/$TUNNELr)

remotename PPTP         # (from /etc/ppp/peers/$TUNNEL)

                # (from /etc/ppp/options.pptp)

pty pptp $VPN_SERVER             # (from /etc/ppp/peers/$TUNNEL)

ipparam $TUNNEL_NAME         # (from /etc/ppp/peers/$TUNNEL)

nobsdcomp               # (from /etc/ppp/options.pptp)

nodeflate               # (from /etc/ppp/options.pptp)

using channel 18

Using interface ppp0

Connect: ppp0 <--> /dev/pts/3

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1d628e0c> <pcomp> <accomp>]

Segmentation fault

```

Any hints?

----------

## daviessm

Hi,

I'm just trying to set up my PPTP VPN connection in Gentoo but when I bring the connection up, my computer seems to try to send infinite amounts of data to it and never receives a response.

Here's the output from pon:

```
root@bedevere:/usr/src> pon aberVPN debug logfd 2 nodetach

using channel 4

Using interface ppp0

Connect: ppp0 <--> /dev/pts/3

Warning - secret file /etc/ppp/pap-secrets has world and/or group access

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x8e09547b> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <mru 1400> <auth chap MS-v2> <magic 0x4abb506d> <pcomp> <accomp> <callback CBCP>]

sent [LCP ConfRej id=0x0 <callback CBCP>]

rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x8e09547b> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x4abb506d> <pcomp> <accomp>]

sent [LCP ConfAck id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x4abb506d> <pcomp> <accomp>]

sent [LCP EchoReq id=0x0 magic=0x8e09547b]

rcvd [CHAP Challenge id=0x0 <eeb099df52e715f02a311c889be518c9>, name = "VPNSERV2"]

Warning - secret file /etc/ppp/chap-secrets has world and/or group access

sent [CHAP Response id=0x0 <ae2670b166cfdf4164689f66bfee7e350000000000000000a303de5a33fef854edd903fe0983b74921f21c934776b75a00>, name = "username"]

rcvd [LCP EchoRep id=0x0 magic=0x4abb506d]

rcvd [CHAP Success id=0x0 "S=D0B0B201447D06BA1D4334D1BD1C8A62951A970D"]

sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]

rcvd [CCP ConfReq id=0x3 <mppe +H -M -S -L -D +C>]

sent [CCP ConfReq id=0x1]

sent [CCP ConfRej id=0x3 <mppe +H -M -S -L -D +C>]

rcvd [IPCP ConfReq id=0x4 <addr 144.124.45.1>]

sent [IPCP ConfAck id=0x4 <addr 144.124.45.1>]

rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]

sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]

rcvd [CCP ConfAck id=0x1]

rcvd [CCP TermReq id=0x5"J\37777777673Pm\000<\37777777715t\000\000\002\37777777734"]

sent [CCP TermAck id=0x5]

rcvd [IPCP ConfNak id=0x2 <addr 144.124.45.57>]

sent [IPCP ConfReq id=0x3 <addr 144.124.45.57>]

rcvd [IPCP ConfAck id=0x3 <addr 144.124.45.57>]

local  IP address 144.124.45.57

remote IP address 144.124.45.1

Script /etc/ppp/ip-up started (pid 13176)

Script /etc/ppp/ip-up finished (pid 13176), status = 0x0

sent [CCP ConfReq id=0x1]

sent [CCP ConfReq id=0x1]

sent [CCP ConfReq id=0x1]

sent [CCP ConfReq id=0x1]

sent [CCP ConfReq id=0x1]

sent [CCP ConfReq id=0x1]

sent [CCP ConfReq id=0x1]

sent [CCP ConfReq id=0x1]

Terminating on signal 2.

Script /etc/ppp/ip-down started (pid 13180)

sent [LCP TermReq id=0x2 "User request"]

Script /etc/ppp/ip-down finished (pid 13180), status = 0x1

Modem hangup

Connection terminated.

Connect time 0.5 minutes.

Sent 422277009 bytes, received 70 bytes.

Waiting for 1 child processes...

  script pptp vpn.aber.ac.uk --nolaunchpppd, pid 13164

Script pptp vpn.aber.ac.uk --nolaunchpppd finished (pid 13164), status = 0x0

Connect time 0.5 minutes.

Sent 422277009 bytes, received 70 bytes.
```

I think my main problem is that I haven't got mppe-mppc support compiled intot the kernel, as www.polbox.com is unreachable at the moment - does anyone have a copy of the patch for kernel 2.6.11?

EDIT:

polbox.com woke up again so I have MPPE working now.  My problem now is that even though the VPN connection seems to work, as soon as I try to add a route to the new network through the VPN, pptp starts taking up 99% processor usage.  The command I'm using to add the route is:

```
/sbin/route add -net 144.124.0.0 netmask 255.255.0.0 dev ppp0
```

Thanks,

----------

## wmgoree

 *daviessm wrote:*   

> My problem now is that even though the VPN connection seems to work, as soon as I try to add a route to the new network through the VPN, pptp starts taking up 99% processor usage.  The command I'm using to add the route is:
> 
> ```
> /sbin/route add -net 144.124.0.0 netmask 255.255.0.0 dev ppp0
> ```
> ...

 

I had this problem back with the old version of pptp, which I could get to not segfault (see above).

If it's like what I had, your ppp0 has foolishly taken a route that your physical interface should have. Let me give an example:

Suppose your pptp server is 123.45.67.89. For reasons that escape me, ppp0 will set up a route to 123.45.67.89. This is a Bad Thing and results in sending an exponential number of packets to the VPN server. So, if your routing tables have a target of 123.45.67.89 with the device ppp0, do this

```
route del -host 123.45.67.89 dev ppp0
```

and then (kind of quickly; before the VPN connection times out):

```
route add -host 123.45.67.89 gw 192.168.1.1 dev eth0

route add -net 123.45.67.0 netmask 255.255.255.0 dev ppp0
```

----------

## daviessm

 *wmgoree wrote:*   

> If it's like what I had, your ppp0 has foolishly taken a route that your physical interface should have.

 Yep, that's exactly what's going on.  Will I be able to add those route commands to my ip-up.ppp0 script, or is the silly route set up after that?

Thanks

----------

## wmgoree

You can put it in your ifup script, or you can write a wrapper that calls ifup and then does the routing. Either way works.

----------

## powah

I want to connect to my company's PPTP VPN from home.

I follow the instructions at

http://pptpclient.sourceforge.net/howto-gentoo.phtml

and had applied the MPPE patch to the kernel version 2.6.11-gentoo-r8.

My ppp0 can be setup but cannot reach my destination.

After ppp0 is setup.

# netstat -rn

Kernel IP routing table

```

Destination   Gateway       Genmask         Flags  MSS Window  irtt Iface

10.0.1.1      0.0.0.0       255.255.255.255 UH      0 0          0 ppp0

192.168.2.0   0.0.0.0       255.255.255.0   U       0 0          0 eth0

127.0.0.0     127.0.0.1     255.0.0.0       UG      0 0          0 lo

0.0.0.0       192.168.2.1   0.0.0.0         UG      0 0          0 eth0

```

My destination IP address is 174.31.0.219 with gateway address 174.31.0.1, so I do this.

# route add -net 174.31.0.0 netmask 255.255.255.0  dev ppp0

# netstat -rn

Kernel IP routing table

```

Destination   Gateway       Genmask         Flags  MSS Window  irtt Iface

10.0.1.1      0.0.0.0       255.255.255.255 UH      0 0          0 ppp0

174.31.0.0    0.0.0.0       255.255.255.0   U       0 0          0 ppp0

192.168.2.0   0.0.0.0       255.255.255.0   U       0 0          0 eth0

127.0.0.0     127.0.0.1     255.0.0.0       UG      0 0          0 lo

0.0.0.0       192.168.2.1   0.0.0.0         UG      0 0          0 eth0

```

#  traceroute 174.31.0.219

traceroute to 174.31.0.219 (174.31.0.219), 30 hops max, 40 byte packets

 1  * * *

 2  * * *

How to fix this problem?

----------

## chatgris

**EDIT It came back up**

The polbox url has been down for a few days now..  is there anywhere else I can get the patch for the 2.6.11 kernel?

Josh.

----------

## wmgoree

 *powah wrote:*   

> 
> 
> My destination IP address is 174.31.0.219 with gateway address 174.31.0.1, so I do this.
> 
> # route add -net 174.31.0.0 netmask 255.255.255.0  dev ppp0
> ...

 

You need the route through your physical interface to the VPN server, in your case 174.31.0.219 (if I'm reading your message right).

So:

```

# route add -host 174.31.0.219 gw 192.168.2.1 dev eth0

```

----------

## Lore

Hm, I'm trying now for five hours to establish a connection to an pptp vpn server. I'v read all docu twice, built in all modules, set the MPPE use flag etc.

My problem:

```

t36c103 bernhard # pon iww debug dump logfd 2 nodetach

pppd options in effect:

debug           # (from command line)

nodetach                # (from command line)

logfd 2         # (from command line)

linkname iww            # (from /etc/ppp/peers/iww)

dump            # (from command line)

noauth          # (from /etc/ppp/options.pptp)

refuse-eap              # (from /etc/ppp/peers/iww)

name bekau              # (from /etc/ppp/peers/iww)

remotename iww          # (from /etc/ppp/peers/iww)

                # (from /etc/ppp/options.pptp)

pty pptp vpn.iww.uni-karlsruhe.de --nolaunchpppd                # (from /etc/ppp/peers/iww)

ipparam iww             # (from /etc/ppp/peers/iww)

usepeerdns              # (from /etc/ppp/peers/iww)

nobsdcomp               # (from /etc/ppp/options.pptp)

nodeflate               # (from /etc/ppp/options.pptp)

using channel 21

Using interface ppp0

Connect: ppp0 <--> /dev/pts/2

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3f2cee24> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth eap> <magic 0x7304c22e> <pcomp> <accomp>]

sent [LCP ConfNak id=0x1 <auth chap MD5>]

rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x3f2cee24> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x2 <mru 1450> <asyncmap 0x0> <auth chap MD5> <magic 0x7304c22e> <pcomp> <accomp>]

sent [LCP ConfAck id=0x2 <mru 1450> <asyncmap 0x0> <auth chap MD5> <magic 0x7304c22e> <pcomp> <accomp>]

rcvd [LCP EchoReq id=0x0 magic=0x7304c22e]

sent [LCP EchoRep id=0x0 magic=0x3f2cee24]

rcvd [CHAP Challenge id=0x6e <4643704a62f75fbb7bab46f266254544a26b6efdc01705>, name = "pptpd"]

sent [CHAP Response id=0x6e <127dba693d2bdd6faf731e31c6e74971>, name = "bekau"]

rcvd [CHAP Success id=0x6e "Access granted"]

CHAP authentication succeeded: Access granted

sent [CCP ConfReq id=0x1 <mppe -H -M -S -L -D +C>]

sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 172.20.67.68> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]

rcvd [LCP TermReq id=0x3 "MPPE required but not available"]

LCP terminated by peer (MPPE required but not available)

sent [LCP TermAck id=0x3]

Connection terminated.

using channel 22

Using interface ppp0

Connect: ppp0 <--> /dev/pts/3

Waiting for 2 child processes...

  script pptp vpn.iww.uni-karlsruhe.de --nolaunchpppd , pid 10175

  script pptp vpn.iww.uni-karlsruhe.de --nolaunchpppd , pid 10154

sending SIGTERM to process 10175

sending SIGTERM to process 10154

Script pptp vpn.iww.uni-karlsruhe.de --nolaunchpppd  finished (pid 10154), status = 0x0

tcflush failed: Bad file descriptor

```

My options.pptp:

```

# Lock the port

#

lock

#

# We don't need the tunnel server to authenticate itself

#

noauth

#

# Turn off transmission protocols we know won't be used

#

nobsdcomp

nodeflate

```

My peer:

```

# name of tunnel, used to select lines in secrets files

remotename iww

# name of tunnel, used to name /var/run pid file

linkname iww

# name of tunnel, passed to ip-up scripts

ipparam iww

# data stream for pppd to use

pty "pptp vpn.iww.uni-karlsruhe.de --nolaunchpppd "

# domain and username, used to select lines in secrets files

name bekau

usepeerdns

#mppe required,stateless

refuse-eap

# adopt defaults from the pptp-linux package

file /etc/ppp/options.pptp

```

Has anybody a hint?

----------

## thoughtform

i need the mpp3 patch for 2.6.11r10 and 2.6.12

the url listed for polbox doesn't work.

thanks

----------

## scarr

I have the patch for 2.6.11-r10 for mppe_mccp.  That is in, I tested with the commands on the pptpclient site.  I have added mppe-mccp to the use flags and recompiled ppp-2.4.3.

modprobe ppp_mppe_mccp - it works

if I try:  pptp IPADD call PPPFile

I get unrecognized option "require-mppe". 

Any ideas?

----------

## scarr

Does the 1.1 ppp patch and the 1.3 kernel patch work together?

They are listed on the po site as the latest patches for the respective programs.

----------

## taskara

greetings

when you say in your guide  *Quote:*   

> Add this to modules.d.
> 
> Code:
> 
> # nano -w /etc/modules.d/ppp
> ...

 

do you mean to add them to /etc/modules.autoload.d/kernel-2.x?

or as an alias under modules.d/ppp ?

also, ppp-compress-18 and ppp_mppe don't seem to exist, but I do have ppp_mppe_mppc

cheers

----------

## astralbat

 *scarr wrote:*   

> I have the patch for 2.6.11-r10 for mppe_mccp.  That is in, I tested with the commands on the pptpclient site.  I have added mppe-mccp to the use flags and recompiled ppp-2.4.3.
> 
> modprobe ppp_mppe_mccp - it works
> 
> if I try:  pptp IPADD call PPPFile
> ...

 

I am also having these same problems on a 2.6.12.2 vanilla kernel. I have the ppp_mppe_mppc module and I have confirmed my ppp has mppe-mppc by following the instructions on the pptpclient site!

This only used to work for me last week.. but I have noticed I recently upgraded to 2.4.3-r8 from 2.4.3-r6 and the mppe-mppc option was strangely commented out, but even after downgrading to 2.4.3-r6, I still get the error: unrecognized option 'require-mppe'. I have tried various ways of specifying the option 'require-mppe-128', but to no avail.

Anyone else encountered this?

----------

## xsong

I can not get the pathes from  http://www.polbox.com/h/hs001/

BTW, my kernel is linux-2.6.12-gentoo-r6, can I use the patches for 2.6.11?

Thanks.

----------

## astralbat

 *astralbat wrote:*   

>  *scarr wrote:*   I have the patch for 2.6.11-r10 for mppe_mccp.  That is in, I tested with the commands on the pptpclient site.  I have added mppe-mccp to the use flags and recompiled ppp-2.4.3.
> 
> modprobe ppp_mppe_mccp - it works
> 
> if I try:  pptp IPADD call PPPFile
> ...

 

I am answering myself here. It seems my problems were a combination of the VPN Server needing rebooting (Windows, eh!) and adjusting the parameters to turn of chapv2 authentication and use "mppe required" instead of "require-mppe".

----------

## astralbat

 *xsong wrote:*   

> I can not get the pathes from  http://www.polbox.com/h/hs001/
> 
> BTW, my kernel is linux-2.6.12-gentoo-r6, can I use the patches for 2.6.11?
> 
> Thanks.

 

polbox has been down for a little while for some reason. I don't know where you can get the patches now? Anyone?

Patching 2.6.12 with 2.6.11 patch seems a bit unlikely it will work. Though I normally patch fine when the difference is a minor version or two.

But you can always try and if it doesn't succeed, you can reverse it.

----------

## Section_8

 *Quote:*   

> polbox has been down for a little while for some reason. I don't know where you can get the patches now? Anyone? 

 

I have some old copies of the patch laying around.  Posted here:

linux-2.6.9-mppe-mppc-1.2.patch

linux-2.6.10-mppe-mppc-1.2.patch

linux-2.6.11-mppe-mppc-1.3.patch

linux-2.6.12-mppe-mppc-1.3.patch

I hope polbox is coming back up soon.

----------

## xsong

very nice of you.Thanks.

----------

## xsong

Hi there,

I followed the first post in this thread to setup my vpn connection to my school. I just could not make it. 

Here is the error after I run:

```
pppd call my_peer logfd 2 nodetach debug dump 
```

and try to make a connection through ppp.

The error:

```
pppd options in effect:

debug      # (from command line)

nodetach      # (from command line)

logfd 2      # (from command line)

dump      # (from command line)

noauth      # (from /etc/ppp/options.pptp)

name ads\\xsong      # (from /etc/ppp/peers/my_peer)

remotename PPTP      # (from /etc/ppp/peers/my_peer)

      # (from /etc/ppp/options.pptp)

pty pptp vpn.indiana.edu --nolaunchpppd      # (from /etc/ppp/peers/my_peer)

ipparam my_peer      # (from /etc/ppp/peers/my_peer)

nobsdcomp      # (from /etc/ppp/options.pptp)

nodeflate      # (from /etc/ppp/options.pptp)

using channel 4

Using interface ppp0

Connect: ppp0 <--> /dev/pts/2

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x676e89d8> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <auth chap MS-v2>]

sent [LCP ConfAck id=0x0 <auth chap MS-v2>]

rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x676e89d8> <pcomp> <accomp>]

rcvd [CHAP Challenge id=0x1 <c01a5ce61f1514edc2715b8030574187>, name = ""]

sent [CHAP Response id=0x1 <04ab60178e7bfe9c35b05b425d9f944198bcbffa11ebb7becca2

2c0f160212113d5f47d970ea1794d1722ca8f97765e798>, name = "ads\\xsong"]

rcvd [CHAP Challenge id=0x2 <ea2ab162160bf5fcc2715b8030574187>, name = ""]

sent [CHAP Response id=0x2 <66db5a819380860cf1f2406e633d635a98bcbffa11ebb7beba58

7d6b875057d723db18063f69492055e48f1bd9241e0498>, name = "ads\\xsong"]

rcvd [CHAP Success id=0x2 "S=311D001DE064EEB0671DCDBB4C3F9BE6E997E2C4"]

sent [CCP ConfReq id=0x1 <mppe -H -M -S -L -D +C>]

sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 129.79.159.172>]

rcvd [IPCP ConfReq id=0x0 <addr 10.0.0.1>]

sent [IPCP ConfAck id=0x0 <addr 10.0.0.1>]

rcvd [CCP ConfReq id=0x0 <mppe +H -M +S +L -D -C>]

sent [CCP ConfNak id=0x0 <mppe -H -M +S -L -D -C>]

rcvd [CCP ConfNak id=0x1 <mppe +H -M +S +L -D -C>]

sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfReq id=0x1 <mppe -H -M +S -L -D -C>]

sent [CCP ConfAck id=0x1 <mppe -H -M +S -L -D -C>]

rcvd [CCP ConfNak id=0x2 <mppe +H -M +S -L -D -C>]

sent [CCP ConfReq id=0x3 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfAck id=0x3 <mppe +H -M +S -L -D -C>]

MPPE 128-bit stateless compression enabled

rcvd [IPCP ConfReq id=0x1 <addr 10.0.0.1>]

sent [IPCP ConfAck id=0x1 <addr 10.0.0.1>]

sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 129.79.159.172>]

rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]

sent [IPCP ConfReq id=0x2 <addr 129.79.159.172>]

rcvd [IPCP ConfNak id=0x2 <addr 156.56.80.36>]

sent [IPCP ConfReq id=0x3 <addr 156.56.80.36>]

rcvd [IPCP ConfAck id=0x3 <addr 156.56.80.36>]

local  IP address 156.56.80.36

remote IP address 10.0.0.1

Script /etc/ppp/ip-up started (pid 4908)

Script /etc/ppp/ip-up finished (pid 4908), status = 0x1

read: Value too large for defined data type

read: Value too large for defined data type

read: Value too large for defined data type

read: Value too large for defined data type

read: Value too large for defined data type

read: Value too large for defined data type

read: Value too large for defined data type

rcvd [LCP TermReq id=0x8]

LCP terminated by peer

Connect time 0.5 minutes.

Sent 10500 bytes, received 0 bytes.

Script /etc/ppp/ip-down started (pid 4914)

sent [LCP TermAck id=0x8]

Script /etc/ppp/ip-down finished (pid 4914), status = 0x1

Connection terminated.

using channel 5

Using interface ppp0

Connect: ppp0 <--> /dev/pts/5

Waiting for 2 child processes...

  script pptp vpn.indiana.edu --nolaunchpppd, pid 4916

  script pptp vpn.indiana.edu --nolaunchpppd, pid 4901

sending SIGTERM to process 4916

sending SIGTERM to process 4901

tcflush failed: Bad file descriptor
```

Can somebody tell me what's going wrong?

----------

## astralbat

 *xsong wrote:*   

> 
> 
> Can somebody tell me what's going wrong?

 

Have you tried setting the MTU/MRU?

----------

## xsong

I tried to set them first,

I can not even connect to vpn server.

If I did not set them, I can connect to the vpn server. But it still does not work for me. The error is the error when I did not set them.

----------

## Ph0eniX

After following the manual closely and 89,343 kernel compiles, I finally got MPPE working and I'm able to connect to a PPTP server as shown below:

```

ppp0      Link encap:Point-to-Point Protocol

          inet addr:209.123.134.229  P-t-P:209.123.134.225  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1

          RX packets:9 errors:0 dropped:0 overruns:0 frame:0

          TX packets:481927 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3

          RX bytes:104 (104.0 b)  TX bytes:170146108 (162.2 Mb)

```

...but, there is a BUT.  I'm able to ping the .225 address (far end) but nothing else on the remote network.  When I connect from a Windows system everything works as expected.  Here's my routing table after making a connection:

```

192.168.199.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0

127.0.0.0       127.0.0.1       255.0.0.0       UG        0 0          0 lo

0.0.0.0         209.123.134.229 0.0.0.0         UG        0 0          0 ppp0

0.0.0.0         192.168.199.5   0.0.0.0         UG        0 0          0 eth0

```

The PPTP server logs the following message every time I connect:

```

The user DOMAIN\user has connected and has been successfully authenticated on port VPN3-63. Data sent and received over this link is strongly encrypted.  

```

...and this one every time I disconnect (the 0 bytes sent and received bugs me):

```

The user DOMAIN\user connected on port VPN3-63 on 08/24/2005 at 04:31pm and disconnected on 08/24/2005 at 04:33pm.  The user was active for 1 minutes 56 seconds.  0 bytes were sent and 0 bytes were received. The port speed was 12500000.  The reason for disconnecting was user request. 

```

What am I doing wrong?

Thanks!

----------

## Ph0eniX

I sorted out some of the routing issues.  It seems as though I have to create a static route for every single host that's on the same subnet as the VPN server's IP address since "-net" hoses everything if I do:

```

route add -net 209.123.134.0 netmask 255.255.254.0 dev ppp0

```

This works fine:

```

route add 209.123.134.22 dev ppp0

```

"route -net" also works for all the other subnets (multihomed network).

----------

## router

thank you, I was needing this.

----------

## Ph0eniX

I'd like to find a cleaner way of doing this but I decided to write a little script that would actually loop through the list of hosts on the subnet that the server is on and add static routes to for each one [excluding the address of the server and some other hosts that I definitely won't be accessing over the vpn]:

```

#!/bin/bash

Y="209.123.134."

X=1

Z="Adding static route for: "

while [ $X -le 9 ]

do

        /usr/bin/echo $Z$Y$X

        /sbin/route add $Y$X dev ppp0

        X=$((X+1))

done

X=11

while [ $X -le 224 ]

do

        /usr/bin/echo $Z$Y$X

        /sbin/route add $Y$X dev ppp0

        X=$((X+1))

done

X=232

while [ $X -le 254 ]

do

        /usr/bin/echo $Z$Y$X

        /sbin/route add $Y$X dev ppp0

        X=$((X+1))

done

```

----------

## Havin_it

Hi,

I'm thinking of having a go at this myself, though I've never patched a kernel before so I have a bit of reading to do first.  I was just wondering:

Can a portage overlay be used for the kernel-source, to make it easier to re-apply the patch?  If so I'd be grateful for some steps on how to do this.  I've used overlays before (for Firefox and Thunderbird) but that was just for the purposes of using an edited ebuild.  What would I have to do to make it use this patch every time?

----------

## Ph0eniX

I did "emerge --update world" and it looks like my /usr/sbin/pppd was replaced.  Now when I try to start a tunnel, it says:

```

/usr/sbin/pppd: In file /etc/ppp/peers/tunnel: unrecognized option 'require-mppe-128'

```

----------

## Ph0eniX

Nevermind.  I took the "require-mppe-128" line out of the peer file and it's working now.  For some reason the option worked with the old version of pppd.

----------

## Havin_it

Ai-ai-ai!  kernel-2.6.13 is out there... what chance of a patch for mppe-mppc now that polbox appears to be deceased?

----------

## Ph0eniX

I think it may be a matter of simply changing all the references to 2.6.12 in linux-2.6.12-mppe-mppc-1.3.patch to say 2.6.13.  Has anyone tested this yet?

----------

## Havin_it

Might just risk it if there's no other option.  Will report back when I get time...

----------

## Ph0eniX

 *Havin_it wrote:*   

> Might just risk it if there's no other option.  Will report back when I get time...

 

Actually, the patch for 2.6.12 works [without modifications] with 2.6.13.  I just tested it.

----------

## Havin_it

Cool, thanks for the confirmation.  Couldn't see any refs to 2.6.12 apart from the header comments, so figured it'd be safe.  Nice to know for sure though   :Very Happy: 

----------

## Section_8

It looks like the mppc/mppe patch is available here now:

http://mppe-mppc.alphacron.de/

There is a patch there for 2.6.13

----------

## michavk

I've configured my ppp-stuff correctly: using 'pon <PEERNAME>' and a route add command (added in ip-up.local) connects me to the VPN server.

However, when I use '/etc/init.d/net.ppp0 start' doesn't launch my VPN connection..

my net.ppp0 config file:

```
lunar7 ~ # cat /etc/conf.d/net.ppp0

# /etc/conf.d/net.ppp0:

# $Header: /var/cvsroot/gentoo-x86/net-dialup/ppp/files/confd.ppp0,v 1.3 2005/02/06 09:22:13 mrness Exp $

# Config file for /etc/init.d/net.ppp0

PEER="WNBVPN"                   # Define peer (aka ISP)

DEBUG="no"                      # Turn on debugging

PERSIST="yes"                    # Redial after being dropped

ONDEMAND="no"                   # Only bring the interface up on demand?

#MODEMPORT="/dev/ttyS1"          # TTY device modem is connected to

#LINESPEED="115200"              # Speed pppd should try to connect at

#INITSTRING=""                   # Extra init string for the modem

DEFROUTE="no"                  # Must pppd set the default route?

#HARDFLOWCTL="yes"               # Use hardware flow control?

#ESCAPECHARS="yes"               # Use escape caracters ?

#PPPOPTIONS=""                   # Extra options for pppd

USERNAME="//masked username//"  # The PAP/CHAP username

PASSWORD="//masked password//"  # Your password/secret.  Ugly I know, but i

                                # will work on something more secure later

                                # on.  700 permission on /etc/init.d/net.ppp0

                                # should be enouth for now.

#NUMBER="9180000"                # The telephone number of your ISP

                                # leave blank for leased-line operation.

#REMIP=""                        # The ip of the remote box if it should be set

#NETMASK=""                      # Netmask

#IPADDR=""                       # Our IP if we have a static one

MRU="1400"                       # Sets the MRU

MTU="1400"                       # Sets the MTU

RETRYTIMEOUT="60"               # Retry timeout for when ONDEMAND="yes" or

                                # PERSIST="yes"

IDLETIMEOUT="600"               # Idle timeout for when ONDEMAND="yes"

PEERDNS="no"                    # Should pppd set the peer dns?

AUTOCFGFILES="yes"              # By default this scripts will generate

                                # /etc/ppp/chat-isp, /etc/ppp/chap-secrets,

                                # /etc/ppp/pap-secrets and /etc/ppp/peers/isp

                                # automatically.  Set to "no" if you experience

                                # problems, or need specialized scripts.  You

                                # will have to create these files by hand then.

AUTOCHATSCRIPT="yes"            # By default this script iwll generate

                                # /etc/ppp/chat-${PEER} automatically. Set to "no"

                                # if you experience problems, or need specialized

                                # scripts. You will have to create these files by

                                # hand then.

# Directory where the templates is stored

TEMPLATEDIR=/etc/ppp

```

Could anyone tell me what I'm doing wrong?

(I know, I could fix this using an ordinary bash-script using pon. But i like to keep things gentooish..)

----------

## MeatPie

I am stuck behind a proxy and firewall of our uni.  We connect through a VPN but as my machine is already here I CAN NOT use portage to emerge pptpclient and its dependencies.  So if anyone could give me a rundown on how I can go about installing it without using portage i'd appreciate it.

----------

## nichocouk

What about if you set

```
export http_proxy="YOUR.PROXY:PORT"
```

in /etc/profile, and then source this file?

----------

## MeatPie

Problem with that is I'll still won't be able to connect as we dial in to a VPN to get online.  Also, our proxy is configured by a script which I have checked and there are 3 different ones that handle my connection at any time.

----------

## ajaygautam

Here is how I did it.

```
echo 'net-dialup/ppp mppe-mppc' >> /etc/portage/package.use

echo 'net-dialup/ppp ~x86' >> /etc/portage/package.keywords

echo 'net-dialup/pptpclient ~x86' >> /etc/portage/package.keywords

vi /etc/make.conf

   --- add to USE: dba gd

ACCEPT_KEYWORDS="~x86" emerge pptpconfig -a

```

Patch kernel

```
cd /usr/src

mkdir patches

cd patches/

wget http://mppe-mppc.alphacron.de/linux-2.6.13-mppe-mppc-1.3.patch.gz

gunzip linux-2.6.13-mppe-mppc-1.3.patch.gz

cd ../linux

patch -p1 < ../patches/linux-2.6.13-mppe-mppc-1.3.patch

```

Build kernel

```
make menuconfig

genkernel --save-config --kernel-config=/usr/src/linux/config-current --gensplash=emergence --bootloader=grub all

```

Reboot: Make sure grub.conf points to proper kernels, reboot into new kernel.

php_gtk.so not found! After reboot, upon launching pptpconfig, I got an error

```
# pptpconfig

Warning: dl(): Unable to load dynamic library '/usr/lib/php/extensions/no-debug-non-zts-20020429/php_gtk.so' - /usr/lib/php/extensions/no-debug-non-zts-20020429/php_gtk.so: cannot open shared object file: No such file or directory in /usr/bin/pptpconfig.php on line 31

Fatal error: Cannot instantiate non-existent class:  gdkcolor in /usr/bin/pptpconfig.php on line 96

```

Found that package dev-php4/php-gtk is installed, and provides the missing file, but at a different location. So symlinked it.

```
less /var/db/pkg/dev-php4/php-gtk-1.0.2/CONTENTS

ll /usr/lib/php4/lib/php/extensions/no-debug-non-zts-20020429/php_gtk.so

cd /usr/lib/php/extensions/no-debug-non-zts-20020429

ln -s /usr/lib/php4/lib/php/extensions/no-debug-non-zts-20020429/php_gtk.so php_gtk.so

```

Save your /etc/resolv.conf somewhere. Thank me later  :Smile: 

Configure pptp: Launch pptpconfig (as root). Fill up config info

 *Quote:*   

> * Server
> 
> ** Name: MyCompany
> 
> ** Server: vpn.mycompany.com
> ...

 

Added my local DNS server (192.168.1.1) to the end of the DNS server list. The pptpconfig would occasionally clobber my /etc/resolv.conf file if I didn't do this.

MPPE workaround: pptpconfig failed to recognize mppe options in config files. Uncommenting them worked just fine. You would need to do this everytime you modify the configuration.

```
vi /etc/ppp/peers/MyCompany

   --- comment out require-mppe

vi /etc/ppp/options.pptp

   --- comment out require-mppe
```

Start PPTP connection: I compiled kernel stuff as modules. So you MAY need to load the modules before connecting. The following will load all dependencies too. First try wothout the modprobe command. pptpconfig should autoload these modules.

```
modprobe ppp_mppe_mppc

pptpconfig

   --- double click on MyCompany entry ---
```

Hope this helps someone.

Ajay

----------

## jwiles

Hello,

I am having a problem doing anything useful in the remote network.  In particular, I can ping IP addresses in the remote network, but I cannot SSH, connect the IMAP server, etc.  Any suggestions?

UPDATE: Nevermind.  Have to add a route for every host I need to access, I guess.

----------

## guyr

FYI, I installed kernel 2.6.14-r2, and the 2.6.13 patch works fine with it.

----------

## babaloo

 *guyr wrote:*   

> FYI, I installed kernel 2.6.14-r2, and the 2.6.13 patch works fine with it.

 

Do you tried 2.6.14 final? It does not work for me.

----------

## guyr

 *babaloo wrote:*   

>  *guyr wrote:*   FYI, I installed kernel 2.6.14-r2, and the 2.6.13 patch works fine with it. 
> 
> Do you tried 2.6.14 final? It does not work for me.

 

Sorry, I do not understand.  I applied the patch to x86 sources.  Since it is -r2, it is definitely final.  It's the second release of final, right?

----------

## babaloo

 *Quote:*   

> Sorry, I do not understand.  I applied the patch to x86 sources.  Since it is -r2, it is definitely final.  It's the second release of final, right?

 

I have applied 2.6.13 patch to final 2.6.14 kernel and it doesn't work. (Many hunks)

----------

## guyr

 *babaloo wrote:*   

> I have applied 2.6.13 patch to final 2.6.14 kernel and it doesn't work. (Many hunks)

 

Sorry, I don't know what else to say.  I applied linux-2.6.13-mppe-mppc-1.3.patch (gunzipped it first) to linux-2.6.14-gentoo-r2 and it applied without complaint.  I've successfully VPN'd into work after building this kernel:

/usr/src>uname -a

Linux pvr 2.6.14-gentoo-r2 #1 SMP PREEMPT Tue Nov 15 00:12:26 EST 2005 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux

----------

## dgaffuri

I've tried my VPN using the MPPE support built into 2.6.15-rc2 kernel and it works.   :Very Happy: 

The symbol is located here

```
  │ Symbol: PPP_MPPE [=m]                                                   │

  │ Prompt: PPP MPPE compression (encryption) (EXPERIMENTAL)                │

  │   Defined at drivers/net/Kconfig:2526                                   │

  │   Depends on: NETDEVICES && PPP && EXPERIMENTAL                         │

  │   Location:                                                             │

  │     -> Device Drivers                                                   │

  │       -> Network device support                                         │

  │         -> Network device support (NETDEVICES [=y])                     │

  │           -> PPP (point-to-point protocol) support (PPP [=m])           │

  │   Selects: CRYPTO && CRYPTO_SHA1 && CRYPTO_ARC4                         │
```

I had to modprobe the ppp_mppe manually (module name has changed).

I initially had a problem when trying to ping the other side.

```
rcvd [proto=0xd] e0 d5 18 51 c0 c5 04 57 03 c2 32 14 0e 12 2d fe 6f e8 32 c8 9b 04 63 be 86 9d fb e5 7a ff be 76 ...

Unsupported protocol 0xd received

sent [LCP ProtRej id=0x4 00 0d e0 d5 18 51 c0 c5 04 57 03 c2 32 14 0e 12 2d fe 6f e8 32 c8 9b 04 63 be 86 9d fb e5 7a ff ...]

rcvd [proto=0x47] 27 c5 7d d1 71 ae 46 4d 4b 6b 3d 4e 52 97 65 d6 6d 74 af d3 44 43 e0 62 b6 e9 c1 0b 02 0f 52 a7 ...

Unsupported protocol 'DCA Remote Lan' (0x47) received

sent [LCP ProtRej id=0x5 00 47 27 c5 7d d1 71 ae 46 4d 4b 6b 3d 4e 52 97 65 d6 6d 74 af d3 44 43 e0 62 b6 e9 c1 0b 02 0f ...]

rcvd [proto=0x18b2] b4 08 74 ce e7 d4 3b 39 3a 79 98 e0 c1 fe eb c3 d3 92 f5 da 64 87 89 7b bf bc 64 e0 a3 d7 6d fb ...

Unsupported protocol 0x18b2 received

sent [LCP ProtRej id=0x6 18 b2 b4 08 74 ce e7 d4 3b 39 3a 79 98 e0 c1 fe eb c3 d3 92 f5 da 64 87 89 7b bf bc 64 e0 a3 d7 ...]

.....
```

As suggested here I tried to add the 

```
mppe no128
```

option to the /etc/ppp/options.pptp called by my peer profile, but this didn't solved (even with no128,no56). Adding

```
mppe stateless
```

made the trick instead.

Hope this may be useful to someone else.

----------

## nichocouk

Souds good!   :Smile: 

How do you connect to your VPN then? What program do you use?

----------

## dgaffuri

 *nichocouk wrote:*   

> Souds good!  
> 
> How do you connect to your VPN then? What program do you use?

 

If you're asking to me (I'm not sure), using PPTP Client, as described in the first post on this topic, except that starting from 2.6.15-rc1 you don't need to patch the kernel no more, because MPPE support is included. You may find more info on this here.

----------

## nichocouk

Thanks dgaffuri, I was indeed asking you. I just wanted to know if you were using pptpclient or an init script like /etc/init.d/net.ppp0

cheers,

----------

## babaloo

I have some problems with 2.6.14 kernel (downloaded from kernel.org):

california linux-2.6.14 # patch -p1 < linux-2.6.13-mppe-mppc-1.3.patch

patching file drivers/net/Kconfig

Hunk #1 succeeded at 2474 (offset 57 lines).

patching file drivers/net/Makefile

Hunk #1 succeeded at 111 (offset 6 lines).

patching file drivers/net/ppp_generic.c

Hunk #6 succeeded at 1719 (offset -2 lines).

Hunk #7 succeeded at 1753 (offset -2 lines).

Hunk #8 succeeded at 2433 (offset -5 lines).

patching file drivers/net/ppp_mppe_mppc.c

patching file include/linux/ppp-comp.h

california linux-2.6.14 #

Can anybody help with this?

----------

## dgaffuri

And where is the problem? Tha patch succeded. Do you have compilation errors?

----------

## babaloo

 *dgaffuri wrote:*   

> And where is the problem? Tha patch succeded. Do you have compilation errors?

 

Ahaha! Right! Sorry for stupidly   :Wink: 

----------

## The Mad Crapper

I can't connect. I have tried to make this work on 3 different Gentoo machines, and i am tired of fighting with it.. Please help!

when i run

```

pon sonlight debug dump logfd 2 nodetach

```

i get

```

pppd options in effect:

debug           # (from command line)

nodetach                # (from command line)

logfd 2         # (from command line)

dump            # (from command line)

noauth          # (from /etc/ppp/options.sonlight)

name myDOMAIN\\mySN          # (from /etc/ppp/peers/sonlight)

remotename sonlight             # (from /etc/ppp/peers/sonlight)

                # (from /etc/ppp/options.sonlight)

pty pptp 69.15.62.54 --nolaunchpppd             # (from /etc/ppp/peers/sonlight)

mru 1000                # (from /etc/ppp/options.sonlight)

mtu 1000                # (from /etc/ppp/options.sonlight)

lcp-echo-failure 10             # (from /etc/ppp/options.sonlight)

lcp-echo-interval 10            # (from /etc/ppp/options.sonlight)

ipparam sonlight                # (from /etc/ppp/peers/sonlight)

nobsdcomp               # (from /etc/ppp/options.sonlight)

nodeflate               # (from /etc/ppp/options.sonlight)

mppe xxx # [don't know how to print value]              # (from /etc/ppp/options.sonlight)

using channel 12

Using interface ppp0

Connect: ppp0 <--> /dev/pts/2

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x466162ef> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x79423b3b> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:a5.5b.8b.80.5c.4a.49.b9.8e.18.c3.e8.0d.5c.0f.c5.00.00.00.00]> < 17 04 00 6b>]

sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 00 6b>]

rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x466162ef> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x79423b3b> <pcomp> <accomp> <endpoint [local:a5.5b.8b.80.5c.4a.49.b9.8e.18.c3.e8.0d.5c.0f.c5.00.00.00.00]>]

sent [LCP ConfAck id=0x1 <mru 1400> <auth eap> <magic 0x79423b3b> <pcomp> <accomp> <endpoint [local:a5.5b.8b.80.5c.4a.49.b9.8e.18.c3.e8.0d.5c.0f.c5.00.00.00.00]>]

sent [LCP EchoReq id=0x0 magic=0x466162ef]

rcvd [EAP Request id=0x13 Identity <No message>]

sent [EAP Response id=0x13 Identity <Name "myDOMAIN\\mySN">]

rcvd [LCP TermReq id=0x3 "yB;;\000<\37777777715t\000\000\002\37777777663"]

LCP terminated by peer (yB;;^@<M-Mt^@^@^BM-3)

sent [LCP TermAck id=0x3]

Connection terminated.

Waiting for 1 child processes...

  script pptp myServerIP --nolaunchpppd, pid 8576

Script pptp myServerIP --nolaunchpppd finished (pid 8576), status = 0x0

```

I have been having a hard time finding any info on the 'LCP terminated by peer' error...

This is the howto i used http://gentoo-wiki.com/HOWTO_PPTP_VPN_client_(Microsoft-compatible_with_mppe)

Ideas? thank you so much

----------

## saggating

I'm having the exact same problem. I not sure but I was expecting to see an outcoing chapv2 response instead of a <auth eap>.

I'm still digging around at the meoment.

----------

## Havin_it

Hey guys, not sure exactly what the problem may be, but you might want to try using pptpconfig (a GUI configuration app. for pptpclient) to do your setup.  I used it and the connection went up first time.

Also, please note that as of kernel 2.6.15 the MPPE-MPPC patch is included in the kernel, so no patching required.  If you have the new kernel and are still patching, that would most likely cause problems.

----------

## harryr

I can get the authentication to succeed and get P-T-P tunnel

set up, but there appears to be no traffic possible.

I have no firewall up.

One thing I did not check, I have ppp_mppe_mppc module

available but did not lsmod to see if it was loaded.

Do I need to manually modprobe this module?

I seem to have either a routing problem or encript-decrypt

problem once the tunnel is set up.

P.S. I did try from a WinXP box on the same local LAN and

VPN works.  So, I know my home cable and WRT54G boxes

can handle WinXP VPN.

Thanks in advance for any help.

 *Quote:*   

> 
> 
> eagle9 ~ # /usr/sbin/pppd call work logfd 2 nodetach debug dump
> 
> pppd options in effect:
> ...

 

----------

## Riekr

this worked for me: https://forums.gentoo.org/viewtopic-p-3074083-highlight-.html#3074083

----------

## wlchase

 *Riekr wrote:*   

> this worked for me: https://forums.gentoo.org/viewtopic-p-3074083-highlight-.html#3074083

 

This did it for me as well!

Basically, once you have a 2.6.15 kernel, and build it with mppe, the proper module to load is ppp_mppe. Then you pull references to ppp_mppe_mppc and ppp_compress_128 out of /etc/modules.conf, remove any mppe_mppc USE flags that may have been set in /etc/make.conf or /etc/portage/package.use, re-emerge net-dialup/ppp, and, since I use the GUI pptp client stuff, toggle the button for "Require Microsoft Point-to-Point Encryption (MPPE)" and I'm good to go!

Woo-hoo!   :Laughing: 

Bill

----------

## harryr

 :Very Happy:   I followed the instructions given in the link.

The key was: logging said mppe not supported in kernel.

I manually modprobed ppp-mppe and it worked.  This causes me

to ask if I needed to manually modprobe ppp-mppe-mppc when

I was running the patched 2.6.14 kernel.   If so, why did the patched

kernel *not* complain about mppe not being supported in the kernel?

Hmmmm?   

Well, anyway no sense going backward.  It works now with 2.6.15. 

Thanks again all.

----------

## BlakeJob

I have it setup as the pages state, but I cannot use pptpconfig to do the configuration (I'm running 64bit Gentoo).  Anyways the error i get:

```

rcvd [EAP Request id=0x1d Identity <No message>]

sent [EAP Response id=0x1d Identity <Name "$DOMAN\\$USER">]

rcvd [EAP Request id=0x1e Windows 2000...]

EAP: unknown authentication type 15; Naking

sent [EAP Response id=0x1e Nak <Suggested-type 13>]

rcvd [EAP Request id=0x1e Windows 2000...]

EAP: unknown authentication type 15; Naking

sent [EAP Response id=0x1e Nak <Suggested-type 13>]

rcvd [LCP TermReq id=0x7 "7=\000\37777777713\000<\37777777715t\000\000\002\37777777663"]

LCP terminated by peer (7=^@M-K^@<M-Mt^@^@^BM-3)

sent [LCP TermAck id=0x7]

Connection terminated.

```

$DOMAIN and $USER are the correct values, but I masked them for this posting.  any ideas or do you think I should post to the mailing list?  I'm running 2.6.15-gentoo-r1.

----------

## Tartan

mppe != mppc

Yes, 2.6.15 now has mppe, but that is NOT the full implementation with any real compression.

This is straight out of options.pptp:

 *Quote:*   

> # Encryption
> 
> # (There have been multiple versions of PPP with encryption support,
> 
> # choose with of the following sections you will use.  Note that MPPE
> ...

 

What is in 2.6.15+ is the the former MPPE (ppp_mppe.o) -- the version WITHOUT MPPC.  What I really hope we get is an updated version of Jan Dubiec's implemention of MPPE-MPPC (ppp_mppe_mppc.o) for 2.6.15+.  The compression makes a huge difference.

From http://www.samba.org/ftp/unpacked/ppp/README.MPPE:

 *Quote:*   

> While PPP regards MPPE as a "compressor", it actually expands every frame
> 
> by 4 bytes, the MPPE overhead (encapsulation).
> 
> Because of the data expansion, you'll see that ppp interfaces get their
> ...

 

So for now, I may be forced to setup an old 2.6.13 box, so I can use Jan's latest kernel patch, linux-2.6.13-mppe-mppc-1.3.patch.gz.

Cheers....

----------

## unaos

hello! all is worked fine, but after some time passed connection is breaked up  :Sad:  the tunnel just goes down and that's all.

here is what he says

```

[color=red]Jun 18 04:09:30 konduktor pppd[30822]: rcvd [LCP TermReq id=0x2 "link inactive"][/color]

Jun 18 04:09:30 konduktor pppd[30822]: LCP terminated by peer (link inactive)

Jun 18 04:09:30 konduktor pppd[30822]: Script /etc/ppp/ip-down started (pid 11613)

Jun 18 04:09:30 konduktor pppd[30822]: sent [LCP TermAck id=0x2]

Jun 18 04:09:30 konduktor pptp[30808]: anon log[pptp_read_some:pptp_ctrl.c:543]: read returned zero, peer has closed

Jun 18 04:09:30 konduktor pptp[30808]: anon log[callmgr_main:pptp_callmgr.c:255]: Closing connection (shutdown)

Jun 18 04:09:30 konduktor pptp[30808]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'

Jun 18 04:09:30 konduktor pptp[30808]: anon log[pptp_read_some:pptp_ctrl.c:543]: read returned zero, peer has closed

Jun 18 04:09:30 konduktor pptp[30808]: anon log[call_callback:pptp_callmgr.c:78]: Closing connection (call state)

Jun 18 04:09:30 konduktor pppd[30822]: Script /etc/ppp/ip-down finished (pid 11613), status = 0x1

Jun 18 04:09:33 konduktor pppd[30822]: Connection terminated.

Jun 18 04:09:33 konduktor pppd[30822]: Connect time 181.4 minutes.

```

i've thinked out that key-phrase is 'link inactive' and connection breaks if no data passin thru it and  added "idle 0" to the options. not work. the commented out cp-echo-failure 10 É lcp-echo-interval 10. that's wont work either.

and here is options.pptp

```

lock

updetach

noauth

debug

nobsdcomp

nodeflate

mppe required,stateless

defaultroute

unit 0

persist

idle 0

```

and peer file

```

name talisman

remotename PPTP

file /etc/ppp/options.pptp

```

----------

## dustfinger

I almost got my VPN connection up and running, but then all of a sudden debug stopped being outputed to the screen.  It happend when I tried adding require-mppe-128 to /etc/ppp/options.pptp.  I have tried rebooting and removing the require-mppe-128 flag, but to no avail.  When I run pppd with debug I the letters ATZ are outputed on the next line.  Once it returns that line (The ATZ line) is cleared.

 *Quote:*   

> 
> 
> # pppd call VPN_WORK logfd 2 nodetach debug dump
> 
> ATZ
> ...

 

Any ideas?

dustfinger.

*** EDIT ***

The problem was that my /etc/ppp/peers/VPN_WORK had only one line in it:

 *Quote:*   

> connect '/usr/sbin/chat -f /etc/ppp/chat-VPN_WORK

 '

How the heck did that happen?  Does this suggest that someone compromised my system while I was trying to connect to the VPN?

***********

----------

## dustfinger

 *cat /etc/ppp/options.pptp wrote:*   

> 
> 
> lock
> 
> noauth
> ...

 

 *pppd call VPN_WORK logfd 2 nodetach debug dump wrote:*   

> 
> 
> pppd options in effect:
> 
> debug           # (from command line)
> ...

 

Following the execution of pppd and the resulting debug output shown above, the content of chap-secrets and VPN_WORK were over written with the following text:

 *cat /etc/ppp/chap-secrets wrote:*   

> 
> 
> "user" * "passwd"
> 
> 

 

 *cat /etc/ppp/peers/VPN_WORK wrote:*   

> 
> 
> connect '/usr/sbin/chat -f /etc/ppp/chat-VPN_WORK'
> 
> 

 

So, the content that I placed in /etc/ppp/chap-secrets and /etc/ppp/peers/VPN_WORK was overwritten and so the next time that I try to connect using pppd I get the results mentioned in my previous post.  

What the heck is going on?

dustfinger

----------

## Havin_it

 *Tartan wrote:*   

> mppe != mppc
> 
> Yes, 2.6.15 now has mppe, but that is NOT the full implementation with any real compression.
> 
> This is straight out of options.pptp:
> ...

 

Apologies for the misinformation.  I haven't been back to this thread in a while, but now that pptpconfig is dead (and the pptpclient devs don't seem to be interested in helping KDE users), when making the switch to KVPNC I got bitten by this myself.  I can't recall where I got my 'facts', but obviously they were wrong.  Sorry.

I guess the patent issues prevent the possibility of having ppp_mppe_mppc in the distro kernel, but I wonder if the module could be provided as a separate package?  IANAKernel-dev, but provided the patch only affects the existing ppp_mppe module, then presumably an ebuild could just check that ppp_mppe wasn't built in the current config?

If this is feasible, I'd be willing to help in making it happen with whatever help I can provide.

----------

## hkfczrqj

I found this blog post about a patch for kernel 2.6.23, so there's hope. I haven't tried it yet. It was written by a fellow gentooist. I wonder why didn't he post it in the forums?

----------

## drzap

 *hkfczrqj wrote:*   

> I found this blog post about a patch for kernel 2.6.23, so there's hope. I haven't tried it yet. It was written by a fellow gentooist. I wonder why didn't he post it in the forums?

 

Hey ho, I manged to manually merge it into the 2.6.24 kernel as well and got working mppc on Arch linux. You can find the patches on: http://gaute.vetsj.com/?p=69

(now it is posted  :Smile:  )

- gaute

----------

## bfdi533

 *hkfczrqj wrote:*   

> I found this blog post about a patch for kernel 2.6.23, so there's hope. I haven't tried it yet. It was written by a fellow gentooist. I wonder why didn't he post it in the forums?

 

I tried those patches and for the first time was able to actually start the ppp/pptp software.

However, for some reason the connection is dropped.

Here is the debug output (cleaned of the address and username for security):

```
# pon vpn-target debug dump logfd 2 nodetach

pppd options in effect:

debug      # (from command line)

nodetach      # (from command line)

logfd 2      # (from command line)

dump      # (from command line)

noauth      # (from /etc/ppp/options.pptp)

refuse-chap      # (from /etc/ppp/options.pptp)

refuse-mschap      # (from /etc/ppp/options.pptp)

refuse-eap      # (from /etc/ppp/options.pptp)

name DOMAIN\\user      # (from /etc/ppp/peers/vpn-target)

remotename PPTP      # (from /etc/ppp/peers/vpn-target)

      # (from /etc/ppp/options.pptp)

pty pptp vpn.target.com --nolaunchpppd      # (from /etc/ppp/peers/vpn-target)

ipparam vpn-target      # (from /etc/ppp/peers/vpn-target)

nobsdcomp      # (from /etc/ppp/options.pptp)

nodeflate      # (from /etc/ppp/options.pptp)

using channel 10

Using interface ppp0

Connect: ppp0 <--> /dev/pts/4

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x541653a5> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x2abc044f> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:81.99.f3.6e.ea.22.44.dc.9e.4b.73.43.0a.83.08.d8.00.00.00.00]> < 17 04 00 4f>]

sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 00 4f>]

rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x541653a5> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x2abc044f> <pcomp> <accomp> <endpoint [local:81.99.f3.6e.ea.22.44.dc.9e.4b.73.43.0a.83.08.d8.00.00.00.00]>]

sent [LCP ConfNak id=0x1 <auth chap MS-v2>]

rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x2abc044f> <pcomp> <accomp> <endpoint [local:81.99.f3.6e.ea.22.44.dc.9e.4b.73.43.0a.83.08.d8.00.00.00.00]>]

sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x2abc044f> <pcomp> <accomp> <endpoint [local:81.99.f3.6e.ea.22.44.dc.9e.4b.73.43.0a.83.08.d8.00.00.00.00]>]

rcvd [CHAP Challenge id=0x0 <edbef32cd84e532d0dfba8833d17afff>, name = "SERVER"]

sent [CHAP Response id=0x0 <561b640cdeb5b9d217acbadfbf3148f7000000000000000026b4614da146a43f4a60db5b4e153c01240b2e2e6f753af900>, name = "DOMAIN\\user"]

rcvd [CHAP Success id=0x0 "S=E1F5E8020CB31462E6C34478C58B8B5378DD8B26"]

CHAP authentication succeeded

sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.1.148>]

rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L -D +C>]

sent [CCP ConfReq id=0x1]

sent [CCP ConfRej id=0x4 <mppe +H +M +S +L -D +C>]

rcvd [IPCP ConfReq id=0x5 <addr 10.8.8.113>]

sent [IPCP ConfAck id=0x5 <addr 10.8.8.113>]

rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]

sent [IPCP ConfReq id=0x2 <addr 192.168.1.148>]

rcvd [CCP ConfNak id=0x1 <mppe -H -M -S -L -D -C>]

sent [CCP ConfReq id=0x2]

rcvd [LCP TermReq id=0x6 "*\37777777674\004O\000<\37777777715t\000\000\002\37777777746"]

LCP terminated by peer (*M-<^DO^@<M-Mt^@^@^BM-f)

sent [LCP TermAck id=0x6]

Connection terminated.

Modem hangup

Waiting for 1 child processes...

  script pptp vpn.target.com --nolaunchpppd, pid 21974

Script pptp vpn.target.com --nolaunchpppd finished (pid 21974), status = 0x0

# 

```

This happens with 2 different domains/endpoints that are totally unrelated to each other.

Any ideas on why this get dropped like that?

----------

## drzap

well the patches was just manually merged and the alternations was not meant for this kernel.. i did not read up on what i did it just worked by luck, so there is a quite high probability that there is something wrong with the code.

- gaute

----------

## Beetle B.

I got the pptp connection going, but am stumbling on a much simpler problem.

Before pon, here's what route gives me:

```

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.0.0     *               255.255.255.0   U     0      0        0 eth0

loopback        *               255.0.0.0       U     0      0        0 lo

default         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

```

Basically, I access the Internet via a router, which is the 192.168.0.1 gateway.

After pon, here's the situation.

```

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.17.144.2    *               255.255.255.255 UH    0      0        0 ppp0

192.168.0.0     *               255.255.255.0   U     0      0        0 eth0

loopback        *               255.0.0.0       U     0      0        0 lo

default         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

```

Now what commands do I need to give route so that my network traffic goes through the PPTP connection? I had a bunch of ideas, but none worked.

----------

## drzap

 *Quote:*   

> 
> 
> ```
> 
> Kernel IP routing table
> ...

 

If you want to redirect all traffic to the 192.17.144.* ([1-255] subnet through the ppp0 interface you need to do something like:

```
route add -net 192.17.144.0/24 ppp0
```

- gaute

----------

## Beetle B.

I don't think that will do it.

How do I check? Should my reported IP on various sites change?

I think the problem with that solution is that all traffic needs to go through my router (192.168.0.1 gateway) before it can get to the Internet. So shouldn't I need to set it so that all traffic first goes through 192.168.0.1 and from there will head to ppp0?

If my question sounds nonsensical, it's because I never figured out networking in Linux. Put another way, how do I guarantee that all network traffic goes through the router (i.e. all network traffic) should then head to the VPN (192.17.144.*)?

----------

## drzap

 *Beetle B. wrote:*   

> I don't think that will do it.
> 
> How do I check? Should my reported IP on various sites change?

 

No it shouldn't. Only the output of 'route'

 *Quote:*   

> 
> 
> I think the problem with that solution is that all traffic needs to go through my router (192.168.0.1 gateway) before it can get to the Internet. So shouldn't I need to set it so that all traffic first goes through 192.168.0.1 and from there will head to ppp0?
> 
> 

 

No. ppp0 is a virtual network interface - a connection between your computer and another through your other network interface, if this computer is outside your local lan it goes through your gateway. The virtual interface imitates a second network card with a cable to a different subnet (192.17.144.*). 

When you try to send any data or make a connection, say ping a computer in the subnet of your ppp0 interface, ppp0 takes the data, puts it in a packet, sends it to the IP-address of the remote computer you set up your ppp0 interface to - since this new packet is for an IP-address _not_ in the subnet of ppp0 it is sent to the 'default' gw. Thus the remote machine gets a packet like always.. the remote machine realizes its a ppp packet, unpacks it and pretends it got it on _its_ ppp0 interface.

If you know the IP-address of another computer in the subnet of the VPN (192.17.144.xxx) and you are able to ping this one - you are connected.

For further confusion:

Your current setup _only_ sends packets for the _exact_  IP-address 192.17.144.2 through the ppp0 interface, do let your system know that _all_ traffic on the 192.17.144.0/24 (192.17.14.* with netmask 255.255.255.0) subnet should go through to the ppp0 interface you need to add the route from the previous post:

```

route add -net 192.17.144.0/24 ppp0
```

- gaute

----------

## Beetle B.

Thanks - that cleared it all up.

Turned out I was doing it correctly earlier. The problem was that the IP I was trying to reach was not 192.x. So I put a route command specific to the server I was trying to connect to.

----------

