On Tue, Oct 23, 2007 at 01:05:03AM +0200, Paul de Weerd wrote:
> On Tue, Oct 23, 2007 at 12:07:50AM +0200, Stefan Sperling wrote:
> | * Add patch to ${WRKSRC}/pptp_gre.c to automatically enable
> | the net.inet.gre.allow sysctl before trying to bind
> | the GRE socket, and disable the sysctl again after
> | closing the socket.
>
> Is disabling after use the best way to go ?
No, in fact it isn't.
Theo also helped me realise that disabling the sysctl is a stupid idea.
In case you run two VPN tunnels and one of them goes down for some
reason the other one stops working, too, because the first one will
disable GRE system-wide. The obvious solution is to simply live with
leaving GRE enabled.
In fact no one ever talked about disabling it, only about enabling it.
I somehow just made up disabling it while writing the patch.
I should probably not be writing patches late at night.
Third update, both the diff and the list of changes have been changed.
List of changes:
* Update my email address.
* Add detailed option descriptions to pptp(8) man page.
* Move OpenBSD configuration examples from text file
${PREFIX}/share/doc/pptp/USING into pptp(8) man page,
and remove patch to ${WRKSRC}/USING. Extend and
revise examples while at it.
* Add patch to ${WRKSRC}/util.c to make pptp log normal
informational messages with level LOG_INFO instead of LOG_NOTICE.
* Update pkg/DESCR with a new description based on upstream web site.
* Fix URL to list of pptp security flaws in pkg/MESSAGE.
* [Re-]Create patches with `make update-patches'.
* Add patch to ${WRKSRC}/pptp_gre.c to automatically enable
the net.inet.gre.allow sysctl before trying to bind
the GRE socket.
* Remove '@sysctl net.inet.gre.allow=1' from PLIST.
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/pptp/Makefile,v
retrieving revision 1.17
diff -u -r1.17 Makefile
--- Makefile 15 Sep 2007 22:36:58 -0000 1.17
+++ Makefile 23 Oct 2007 10:28:42 -0000
@@ -3,13 +3,15 @@
COMMENT= PPTP client package for Microsoft VPN servers
-DISTNAME= pptp-1.7.1
+VERSION= 1.7.1
+DISTNAME= pptp-${VERSION}
+PKGNAME= ${DISTNAME}p0
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=pptpclient/}
HOMEPAGE= http://pptpclient.sf.net
-MAINTAINER= Stefan Sperling <[EMAIL PROTECTED]>
+MAINTAINER= Stefan Sperling <[EMAIL PROTECTED]>
# GPL
PERMIT_PACKAGE_CDROM= Yes
Index: files/pptp_8
===================================================================
RCS file: /cvs/ports/net/pptp/files/pptp_8,v
retrieving revision 1.5
diff -u -r1.5 pptp_8
--- files/pptp_8 12 Nov 2006 10:10:09 -0000 1.5
+++ files/pptp_8 23 Oct 2007 10:28:42 -0000
@@ -14,10 +14,19 @@
.Sh SYNOPSIS
.Nm
.Ar hostname
-[
-.Op Ar --phone <phone number>
-.Op Ar --quirks ISP_NAME
--- ]
+.Op Fl -version
+.Op Fl -phone Ar number
+.Op Fl -nolaunchpppd
+.Op Fl -quirks Ar quirk
+.Op Fl -debug
+.Op Fl -sync
+.Op Fl -timeout Ar secs
+.Op Fl -nobuffer
+.Op Fl -idle-wait Ar time
+.Op Fl -max-echo-wait Ar time
+.Op Fl -logstring Ar name
+.Op Fl -localbind Ar addr
+.Op Fl -loglevel Ar level
.Op Ar ppp options
.Sh DESCRIPTION
.Nm
@@ -37,33 +46,285 @@
The
.Ar hostname
parameter specifies which host should be contacted as the PPTP server.
-Additional parameters are passed on to
-.Ic ppp
+.Pp
+.Op Ar ppp options
+are passed on to
+.Xr ppp 8
and typically include a remote username or a file containing options.
.Pp
.Nm
must be run as root.
-
-.Sh EXAMPLE
+.Pp
.Nm
-.Ar hostname
-.Op Ar ppp options
+accepts the following options:
+.Bl -tag -width Ds
+.It Fl -version
+Display version number and exit.
+.It Fl -phone Ar number
+Pass
+.Ar number
+to remote host as phone number.
+.It Fl -nolaunchpppd
+Do not launch a ppp daemon, for use as a ppp daemon pty.
+.It Fl -quirks Ar quirk
+Work around a buggy PPTP implementation.
+The only currently recognised value is
+.Ar BEZEQ_ISRAEL .
+See the file
+.Pa PREFIX/share/doc/pptp/USING
+for details.
+.It Fl -debug
+Run in foreground (for debugging with gdb).
+.It Fl -sync
+Enable Synchronous HDLC.
+.Xr ppp 8
+must use it, too.
+.It Fl -timeout Ar secs
+Time to wait for reordered packets (0.01 to 10 secs).
+.It Fl -nobuffer
+Disable packet buffering and reordering completely
+.It Fl -idle-wait Ar secs
+Time to wait before sending echo request.
+.It Fl -max-echo-wait Ar secs
+Time to wait before giving up on lack of reply. This option
+seems to be unimplemented, because the flag can be set but is
+never evaluated (look at pptp_ctrl.c) \(em dead, unused code?
+.It Fl -logstring Ar name
+Use
+.Ar name
+instead of
+.Dq anon
+in syslog messages.
+.It Fl -localbind Ar addr
+Bind to specified IP address instead of wildcard.
+.It Fl -loglevel Ar level
+Sets the debugging level (0=low, 1=default, 2=high).
+.Sh EXAMPLES
+.Ss PPTP on a stand-alone VPN client
+This example assumes that you want to use pptp to connect
+to a VPN and use the VPN connection as your default route.
+Let us assume that the VPN server was called vpn-gateway.net.
+.Pp
+First, edit
+.Pa /etc/ppp/ppp.conf
+and add an entry for the VPN
+connection. See
+.Xr ppp 8
+for details on the format of this file.
+.Bd -literal
+ vpn:
+ set device "!/usr/local/sbin/pptp --nolaunchpppd vpn-gateway.net"
+ set authname User
+ set authkey MySecret
+ set mppe 128 stateless
+.Ed
+.Pp
+Next, you need to configure routing in
+.Pa /etc/ppp/ppp.linkup :
+.Bd -literal
+ vpn:
+ add default HISADDR
+.Ed
+.Pp
+If vpn-gateway.net does not reside on the local network,
+we have to add a host route pointing to vpn-gateway.net in order to
+avoid a chicken-and-egg problem once the default route is set to
+the VPN tunnel.
+Assuming the standard default route is 42.42.42.42:
+.Pp
+.Pa /etc/ppp/ppp.linkup :
+.Bd -literal
+ vpn:
+ add vpn-gateway.net 42.42.42.42
+ add default HISADDR
+.Ed
+.Pp
+If your default route is not fixed, for example if you connect
+to the VPN from many different networks while on the road,
+use a script to figure out the current default route and add the
+host route to the VPN gateway. For example:
+.Pp
+.Pa /etc/ppp/vpn-default-route.sh :
+.Bd -literal
+ #!/bin/sh
+ gw=`netstat -rn -f inet | grep ^default | awk '{print $2};'`
+ route add -host vpn-gateway.net ${gw}
+.Ed
+.Pp
+Call the script from
+.Pa /etc/ppp/ppp.linkup :
+.Bd -literal
+ vpn:
+ ! sh /etc/ppp/vpn-default-route.sh
+ add default HISADDR
+.Pp
+Make sure the changes to the routing table are reversed in
+.Pa /etc/ppp/ppp.linkdown :
+.Bd -literal
+ vpn:
+ delete vpn-gateway.net
+.Ed
+.Pp
+Restoring the previous default route in
+.Pa /etc/ppp/ppp.linkdown
+is left as an exercise for the reader. On a laptop it is usually
+enough to issue a DHCP request to restore the routing table
+after the VPN connection is terminated.
+.Pp
+Connect by running:
+.Dl ppp -ddial vpn
+.Pp
+To terminate the connection, kill the ppp process. It creates a PID
+file in /var/run/tunX.pid, where X is the number of the tun device used.
+.Ss PPTP on a router
+This example assumes that you want to configure a router running
+OpenBSD to provide PPTP VPN access to a remote network for all hosts
+on your internal network.
+.Pp
+Let us assume that the VPN server was called vpn-gateway.net,
+and that the default route of our OpenBSD box was 42.42.42.42.
+The remote network shall be 10.42.0.0/16; we want all traffic to
+this network to go through the VPN tunnel.
+.Pp
+First, edit
+.Pa /etc/ppp/ppp.conf
+and add an entry for the VPN
+connection. See
+.Xr ppp 8
+for details on the format of this file.
+.Bd -literal
+ default:
+ set log Phase Chat LCP IPCP CCP tun command
+ vpn:
+ set device "!/usr/local/sbin/pptp --nolaunchpppd vpn-gateway.net"
+ set authname User
+ set authkey MySecret
+ set mppe 128 stateless
+.Ed
+.Pp
+Next, you need to configure routing in
+.Pa /etc/ppp/ppp.linkup .
+We also load
+.Xr pf 4
+anchors for the vpn interface here.
+More on that later.
+.Pp
+.Pa /etc/ppp/ppp.linkup :
+.Bd -literal
+ vpn:
+ add 10.42.0.0/16 HISADDR
+ ! sh -c "/sbin/pfctl -a vpn -f /etc/pf.conf.vpn"
+.Ed
+.Pp
+If vpn-gateway.net resides inside 10.42.0.0/16, we have to add a host
+route pointing to vpn-gateway.net in order to avoid a chicken-and-egg
+problem once packets to 10.42.0.0/16 are routed through the tunnel.
+.Pp
+.Pa /etc/ppp/ppp.linkup :
+.Bd -literal
+ vpn:
+ add vpn-gateway.net 42.42.42.42
+ add 10.42.0.0/16 HISADDR
+ ! sh -c "/sbin/pfctl -a vpn -f /etc/pf.conf.vpn"
+.Ed
+.Pp
+If your default route is not fixed, for example if your ISP does not
+always assign the same gateway to you, use a script to figure out
+the current default route and add the host route to the VPN gateway.
+For example:
+.Pp
+.Pa /etc/ppp/vpn-default-route.sh :
+.Bd -literal
+ #!/bin/sh
+ gw=`netstat -rn -f inet | grep ^default | awk '{print $2};'`
+ route add -host vpn-gateway.net ${gw}
+.Ed
+.Pp
+Call the script from
+.Pa /etc/ppp/ppp.linkup :
+.Bd -literal
+ vpn:
+ ! sh /etc/ppp/vpn-default-route.sh
+ add 10.42.0.0/16 HISADDR
+ ! sh -c "/sbin/pfctl -a vpn -f /etc/pf.conf.vpn"
+.Pp
+Make sure the changes to the routing table are
+reversed when the VPN connection drops:
+.Pp
+.Pa /etc/ppp/ppp.linkdown:
+.Bd -literal
+ vpn:
+ ! sh -c "/sbin/pfctl -a vpn -F all"
+ delete 10.42.0.0/16
+ delete vpn-gateway.net
+.Ed
+.Pp
+To make
+.Xr pf 4
+aware of the vpn anchors, put these lines into the
+NAT and Filter sections of
+.Pa /etc/pf.conf ,
+respectively:
+.Bd -literal
+ nat-anchor vpn
+ anchor vpn
+.Ed
+.Pp
+See
+.Xr pf.conf 5
+for details on the format of this file.
+.Pp
+Now define vpn anchor rules in
+.Pa /etc/pf.conf.vpn ,
+for example:
+.Bd -literal
+ int_if=xl0
+ vpn_if=tun0
+
+ # NAT is of course optional. The remote network needs
+ # a route to our network as well if we don't do NAT.
+ nat on $vpn_if from $int_if:network to any -> ($vpn_if)
+
+ block drop on $vpn_if
+ pass out on $vpn_if
+
+ # Allow ping from remote, and explicitly make sure our replies are
+ # routed back through the tunnel.
+ pass in on $vpn_if reply-to ($vpn_if vpn-gateway.net) \e
+ inet proto icmp icmp-type echoreq keep state
+
+ # Same for ssh.
+ pass in on $vpn_if reply-to ($vpn_if vpn-gateway.net) proto tcp \e
+ from any to ($vpn_if) port ssh flags S/SA keep state
+.Ed
+.Pp
+Connect by running:
+.Dl ppp -unit0 -ddial vpn
+.Pp
+The -unit0 option makes sure ppp configures tun0 as the VPN
+connection end point, and not some other tun device.
+The packet filter rules configured above assume tun0 as the
+VPN connection end point.
+.Pp
+To terminate the connection, kill the ppp process. It creates a PID
+file in /var/run/tunX.pid, where X is the number of the tun device used.
.Sh FILES
.Pa /var/run/pptp/<ip-address>
is created as a socket. It is used for communicating with an existing
PPTP call manager for a given remote server host.
-.Pp
-.Pa PREFIX/sbin/pptp-reconnect
-can be used to (re)establish a pptp connection.
.Sh SEE ALSO
.Xr ppp 8 ,
.Xr gre 4 ,
+.Xr pf 4 ,
+.Xr pf.conf 5 ,
.Pa PREFIX/share/doc/pptp/USING .
.Sh HISTORY
This man page appeared first in
-.Nx
-\'s pptp-package.
+.Nx
+\'s pptp package.
.Sh AUTHORS
+.An Stefan Sperling Aq [EMAIL PROTECTED]
+(detailed option description, EXAMPLES section),
.An C. Scott Ananian Aq [EMAIL PROTECTED] ,
.An John Kohl Aq [EMAIL PROTECTED]
(patches and original man page).
Index: patches/patch-USING
===================================================================
RCS file: patches/patch-USING
diff -N patches/patch-USING
--- patches/patch-USING 12 Nov 2006 10:10:09 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,110 +0,0 @@
---- USING.orig Sat Nov 4 15:37:29 2006
-+++ USING Thu Nov 9 14:17:25 2006
-@@ -1,5 +1,10 @@
- Usage Notes
-
-+[ Note by your friendly OpenBSD pptp port maintainer:
-+Most examples in this file are quite Linux-centric. See the section
-+EXAMPLE CONFIGURATION FOR OPENBSD below for an example that focuses
-+on OpenBSD exclusively. ]
-+
- pptp is started as a psuedo-tty child process using pppd's pty option:
-
- pppd call provider [pppd-options] \
-@@ -94,5 +99,96 @@
-
- test-multiple-tunnels-1.sh creates multiple source interfaces
- test-multiple-tunnels-2.sh creates multiple tunnels
-+
-+
-+EXAMPLE CONFIGURATION FOR OPENBSD:
-+
-+On OpenBSD, pptp uses the userspace ppp(8) implementation
-+by default, instead of using pppd(8). This is a compile-time option
-+hardcoded in the port's Makefile, and it is not recommended that you
-+change this unless you really have a reason to do so. If your VPN
-+requires mppe/mppc in conjunction with pptp, ppp(8) is your
-+only option anyway since pppd(8) does not support mppe/mppc.
-+
-+This example assumes that you want to configure a gateway running
-+OpenBSD to provide PPTP VPN access to a remote network for all hosts
-+on your internal LAN. While this may not match your situation at
-+all, you will hopefully gather enough hints you can use for your
-+own setup.
-+
-+Let us assume that the VPN server is called vpn-gateway.net,
-+and that the default route of our OpenBSD box is 42.42.42.42.
-+The remote network is 10.42.0/16; all traffic to this network
-+should go through the VPN tunnel.
-+
-+Having ppp start pptp seems to be working much better than the
-+other way round. So first, put something like this into /etc/ppp/ppp.conf
-+to connect to the vpn gateway:
-+
-+ default:
-+ set log Phase Chat LCP IPCP CCP tun command
-+ vpn:
-+ set device "!PREFIX/sbin/pptp --nolaunchpppd vpn-gateway.net"
-+ set authname User
-+ set authkey MySecret
-+ set mppe 128 stateless
-+
-+Next, you need to configure routing in /etc/ppp/ppp.linkup.
-+Assuming vpn-gateway.net resides inside 10.42.0/16, we have to add a host
-+route pointing to vpn-gateway.net in order to avoid a chicken-and-egg
-+problem once packets to 10.42.0/16 are routed through the tunnel.
-+(Of course, this also applies if you need to configure the tunnel as
-+your default route, but that is not covered in this example.)
-+
-+We also load packet filter anchors for the vpn interface here.
-+More on that later.
-+
-+/etc/ppp/ppp.linkup:
-+
-+ vpn:
-+ ! sh -c "/sbin/route add -host vpn-gateway.net 42.42.42.42"
-+ ! sh -c "/sbin/route add -net 10.42.0.0 -netmask 255.255.0.0 HISADDR"
-+ ! sh -c "/sbin/pfctl -a vpn -f /etc/pf.conf.vpn"
-+
-+Commands in ppp.linkdown simply undo changes made in ppp.linkup.
-+
-+/etc/ppp/ppp.linkdown:
-+
-+ vpn:
-+ ! sh -c "/sbin/pfctl -a vpn -F all"
-+ ! sh -c "/sbin/route delete -net 10.42.0.0 -netmask 255.255.0.0 HISADDR"
-+ ! sh -c "/sbin/route delete -host vpn-gateway.net 42.42.42.42"
-+
-+To make pf aware of the vpn anchors, put these lines into the
-+nat and filter sections of /etc/pf.conf, respectively:
-+
-+ nat-anchor vpn
-+ anchor vpn
-+
-+Now define vpn anchor rules in /etc/pf.conf.vpn:
-+
-+ int_if=xl0
-+ vpn_if=tun0
-+
-+ nat on $vpn_if from $int_if:network to any -> ($vpn_if)
-+
-+ pass out on $vpn_if keep state
-+
-+ # Allow ping from remote, and explicitly make sure our replies are
-+ # routed back through the tunnel.
-+ pass in on $vpn_if reply-to ($vpn_if vpn-gateway.net) \
-+ inet proto icmp icmp-type echoreq keep state
-+
-+ # Same for ssh.
-+ pass in on $vpn_if reply-to ($vpn_if vpn-gateway.net) proto tcp \
-+ from any to ($vpn_if) port ssh flags S/SA keep state
-+
-+
-+Connect by running:
-+
-+ ppp -ddial vpn
-+
-+To terminate the connection, kill the ppp process. It creates a PID
-+file in /var/run/tunX.pid, where X is the number of the tun device used.
-
- $Id: patch-USING,v 1.2 2006/11/12 10:10:09 grunk Exp $
Index: patches/patch-inststr_c
===================================================================
RCS file: /cvs/ports/net/pptp/patches/patch-inststr_c,v
retrieving revision 1.1
diff -u -r1.1 patch-inststr_c
--- patches/patch-inststr_c 24 Mar 2005 00:57:58 -0000 1.1
+++ patches/patch-inststr_c 23 Oct 2007 10:28:42 -0000
@@ -1,7 +1,7 @@
$OpenBSD: patch-inststr_c,v 1.1 2005/03/24 00:57:58 naddy Exp $
---- inststr.c.orig Sat Mar 5 16:20:34 2005
-+++ inststr.c Sat Mar 5 16:24:38 2005
-@@ -20,7 +20,7 @@ inststr(int argc, char **argv, char **en
+--- inststr.c.orig Mon Feb 13 04:07:42 2006
++++ inststr.c Tue Sep 18 07:24:08 2007
+@@ -20,7 +20,7 @@ inststr(int argc, char **argv, char **environ, char *s
for (ptr = argv[0]; *ptr; *(ptr++) = '\0');
Index: patches/patch-pptp_ctrl_c
===================================================================
RCS file: /cvs/ports/net/pptp/patches/patch-pptp_ctrl_c,v
retrieving revision 1.1
diff -u -r1.1 patch-pptp_ctrl_c
--- patches/patch-pptp_ctrl_c 22 Sep 2006 02:00:50 -0000 1.1
+++ patches/patch-pptp_ctrl_c 23 Oct 2007 10:28:42 -0000
@@ -1,6 +1,6 @@
$OpenBSD: patch-pptp_ctrl_c,v 1.1 2006/09/22 02:00:50 pvalchev Exp $
---- pptp_ctrl.c.orig Thu Sep 21 19:03:03 2006
-+++ pptp_ctrl.c Thu Sep 21 19:03:19 2006
+--- pptp_ctrl.c.orig Mon Feb 13 04:07:42 2006
++++ pptp_ctrl.c Tue Sep 18 07:24:12 2007
@@ -457,6 +457,7 @@ void pptp_conn_destroy(PPTP_CONN * conn)
void pptp_fd_set(PPTP_CONN * conn, fd_set * read_set, fd_set * write_set,
int * max_fd)
@@ -9,7 +9,7 @@
assert(conn && conn->call);
/* Add fd to write_set if there are outstanding writes. */
if (conn->write_size > 0)
-@@ -465,7 +466,7 @@ void pptp_fd_set(PPTP_CONN * conn, fd_se
+@@ -465,7 +466,7 @@ void pptp_fd_set(PPTP_CONN * conn, fd_set * read_set,
FD_SET(conn->inet_sock, read_set);
if (*max_fd < conn->inet_sock) *max_fd = conn->inet_sock;
/* Add signal pipe file descriptor to set */
Index: patches/patch-pptp_gre_c
===================================================================
RCS file: patches/patch-pptp_gre_c
diff -N patches/patch-pptp_gre_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-pptp_gre_c 23 Oct 2007 10:28:42 -0000
@@ -0,0 +1,50 @@
+$OpenBSD$
+--- pptp_gre.c.orig Mon Feb 13 04:07:42 2006
++++ pptp_gre.c Tue Oct 23 10:49:46 2007
+@@ -11,6 +11,8 @@
+ #include <sys/socket.h>
+ #include <sys/stat.h>
+ #include <sys/time.h>
++#include <sys/sysctl.h>
++#include <netinet/ip_gre.h>
+ #include <unistd.h>
+ #include <string.h>
+ #include <errno.h>
+@@ -73,12 +75,36 @@ uint64_t time_now_usecs()
+ return (tv.tv_sec * 1000000) + tv.tv_usec;
+ }
+
++static int set_gre_sysctl(int value)
++{
++ int mib[4];
++
++ /* "net.inet.gre.allow" */
++ mib[0] = CTL_NET;
++ mib[1] = PF_INET;
++ mib[2] = IPPROTO_GRE;
++ mib[3] = GRECTL_ALLOW;
++
++ if (sysctl(mib, 4, NULL, 0, (void*)&value, sizeof(value)) == -1)
++ return 0;
++ return 1;
++}
++
+ /*** Open IP protocol socket
**************************************************/
+ int pptp_gre_bind(struct in_addr inetaddr)
+ {
+ struct sockaddr_in src_addr, loc_addr;
+ extern struct in_addr localbind;
+- int s = socket(AF_INET, SOCK_RAW, PPTP_PROTO);
++ int s;
++
++ /* On OpenBSD, we need to enable GRE via sysctl before
++ * it can be used. */
++ if (! set_gre_sysctl(1)) {
++ warn("Could not enable net.inet.gre.allow sysctl");
++ return -1;
++ }
++
++ s = socket(AF_INET, SOCK_RAW, PPTP_PROTO);
+ if (s < 0) { warn("socket: %s", strerror(errno)); return -1; }
+ if (localbind.s_addr != INADDR_NONE) {
+ bzero(&loc_addr, sizeof(loc_addr));
Index: patches/patch-util_c
===================================================================
RCS file: patches/patch-util_c
diff -N patches/patch-util_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-util_c 23 Oct 2007 10:28:42 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- util.c.orig Tue Sep 18 07:22:28 2007
++++ util.c Tue Sep 18 07:22:35 2007
+@@ -45,7 +45,7 @@ static void close_log(void)
+ void _log(const char *func, const char *file, int line, const char *format,
...)
+ {
+ MAKE_STRING("log");
+- syslog(LOG_NOTICE, "%s", string);
++ syslog(LOG_INFO, "%s", string);
+ }
+
+ /*** print a warning to syslog
************************************************/
Index: pkg/DESCR
===================================================================
RCS file: /cvs/ports/net/pptp/pkg/DESCR,v
retrieving revision 1.4
diff -u -r1.4 DESCR
--- pkg/DESCR 15 Dec 2003 21:55:09 -0000 1.4
+++ pkg/DESCR 23 Oct 2007 10:28:42 -0000
@@ -1,10 +1,4 @@
-pptp-linux is an implementation of the PPTP protocol for Linux and
-other Unix systems.
-
-The code is released under the terms of the GPL; see the file COPYING
-for details.
-
-You can find notes on installing and using this package in the file
-${PREFIX}/share/doc/pptp/USING; design notes are in the Documentation
-directory; and the standards documents used to implement pptp-linux
-can be found in the Reference directory.
+PPTP Client is a client for the proprietary Microsoft Point-to-Point
+Tunneling Protocol. It connects to PPTP-based Virtual Private Networks
+as used by some universities, companies and cable and ADSL internet
+service providers.
Index: pkg/MESSAGE
===================================================================
RCS file: /cvs/ports/net/pptp/pkg/MESSAGE,v
retrieving revision 1.5
diff -u -r1.5 MESSAGE
--- pkg/MESSAGE 12 Nov 2006 10:10:09 -0000 1.5
+++ pkg/MESSAGE 23 Oct 2007 10:28:42 -0000
@@ -1,10 +1,8 @@
You will need to allow gre traffic for pptp to work:
sysctl net.inet.gre.allow=1
+pptp will automatically try to set this sysctl before opening a gre socket.
-See ${PREFIX}/share/doc/pptp/USING for an example configuration
-specific to OpenBSD.
-
-See http://www.counterpane.com/pptp-faq.html for a list of security flaws.
+See http://www.schneier.com/pptp-faq.html for a list of security flaws.
==========================================================================
ATTENTION:
Alcatel ADSL modems contain default logins with easily computed passwords.
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/pptp/pkg/PLIST,v
retrieving revision 1.5
diff -u -r1.5 PLIST
--- pkg/PLIST 12 Nov 2006 10:10:09 -0000 1.5
+++ pkg/PLIST 23 Oct 2007 10:28:42 -0000
@@ -19,4 +19,3 @@
share/doc/pptp/Reference/rfc791.txt
share/doc/pptp/Reference/rfc793.txt
share/doc/pptp/USING
[EMAIL PROTECTED] net.inet.gre.allow=1
--
stefan
http://stsp.name PGP Key: 0xF59D25F0
pgpa89VnaL0HP.pgp
Description: PGP signature
