Re: poptop on OpenBSD 5.3
On Mon, 5 Aug 2013 14:46:20 -0600 Alvaro Mantilla Gimenez alv...@alvaromantilla.com wrote: Hi Wesley, Lo__c, Thanks for the advice. I didn't know about npppd. It seems an interesting option. I am going to try that. +1 for npppd, i wrote howto (in Serbian though) here: https://www.mimar.rs/npppd-novi-openbsd-ov-pptpl2tp-server/ Make sure to use latest snapshot, and not 5.3 release, as I experienced hangs: http://openbsd.7691.n7.nabble.com/Hang-possibly-related-to-pipex-td230816.html If you still want poptop for any reason, my working ppp.conf (with authentication from active directory implementation of radius) is as follows: loop: set timeout 0 set log phase chat connect lcp ipcp command TUN set device localhost:pptp set dial set login set mppe 128 stateful set ifaddr 192.168.131.1 192.168.131.10-192.168.131.250 255.255.255.255 set server /var/tmp/loop 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: load loop disable pap disable chap enable mschapv2 set radius /etc/ppp/radius.conf disable deflate pred1 deny deflate pred1 disable ipv6cp disable ipv6 accept mppe enable proxy accept dns set dns 192.168.5.21 192.168.5.24 set device !/etc/ppp/secure You will also need file /etc/ppp/secure: #!/bin/sh exec /usr/sbin/ppp -direct loop-in Hope this helps. -- Marko Cupać
Re: poptop on OpenBSD 5.3
I approve Wesley, if you use OpenBSD 5.3 you should use npppd it's simpler than poptop and have nearly the same functionalities -- Best regards, Loïc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le lundi 05 août 2013 à 08:46 +0400, Wesley MOUEDINE ASSABY a écrit : Hi, Why not use the embedded package in OpenBSD 5.3 : npppd ?? conf files : /etc/npppd/npppd.conf and npppd-users Below a link that will help you on : http://fr.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd Cheers, Wesley Le 2013-08-05 4:48, Alvaro Mantilla Gimenez a écrit : Hi, I am trying to configure poptop on OpenBSD 5.3 without success. I've installed the package and configured the files as the /usr/local/share/doc/pkg-readmes/poptop-1.3.4p4 says but didn't work so I started to change things here and there without success. These are the facts: /etc/pptpd.conf: stimeout 10 noipparam logwtmp localip 5.5.5.1 remoteip 5.5.5.2-102 /etc/ppp/options: lock auth usehostname proxyarp +MSChap-V2 mppe-128 mppe-stateless /etc/ppp/ppp.conf: default: set log Phase Chat LCP IPCP CCP tun command set speed 115200 pptp: set log phase tun enable proxy set dns 8.8.8.8 8.8.4.4 set ifaddr 5.5.5.1 5.5.5.0/0 255.255.255.0 set timeout 0 enable chap enable MSChapV2 And here the error: pptpd[25764]: CTRL: Starting call (launching pppd, opening GRE) ppp[14716]: Phase: Using interface: tun0 ppp[14716]: Phase: deflink: Created in closed state ppp[14716]: tun0: Command: default: set speed 115200 ppp[14716]: tun0: Command: pptp: set log phase tun ppp[14716]: tun0: Phase: PPP Started (direct mode). ppp[14716]: tun0: Phase: bundle: Establish ppp[14716]: tun0: Phase: deflink: closed - opening ppp[14716]: tun0: Phase: deflink: Connected! ppp[14716]: tun0: Phase: deflink: opening - carrier ppp[14716]: tun0: Phase: deflink: carrier - lcp ppp[14716]: tun0: Phase: bundle: Authenticate ppp[14716]: tun0: Phase: deflink: his = none, mine = CHAP 0x81 ppp[14716]: tun0: Phase: Chap Output: CHALLENGE ppp[14716]: tun0: Phase: Chap Input: RESPONSE (49 bytes from testuser) ppp[14716]: tun0: Phase: Chap Output: SUCCESS ppp[14716]: tun0: Phase: deflink: lcp - open ppp[14716]: tun0: Phase: bundle: Network ppp[14716]: tun0: Phase: deflink: open - lcp ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Phase: bundle: Terminate pptpd[25764]: CTRL: EOF or bad error reading ctrl packet length. pptpd[25764]: CTRL: couldn't read packet header (exit) pptpd[25764]: CTRL: CTRL read failed ppp[14716]: tun0: Phase: deflink: read (0): Got zero bytes ppp[14716]: tun0: Phase: deflink: Disconnected! ppp[14716]: tun0: Phase: deflink: Connect time: 1 secs: 354 octets in, 364 octets out ppp[14716]: tun0: Phase: deflink: 7 packets in, 11 packets out ppp[14716]: tun0: Phase: total 718 bytes/sec, peak 0 bytes/sec on Sun Aug 4 18:23:07 2013 ppp[14716]: tun0: Phase: deflink: lcp - closed ppp[14716]: tun0: Phase: bundle: Dead ppp[14716]: tun0: Phase: PPP Terminated (normal). pptpd[25764]: CTRL: Client truncated_ip control connection finished So far I think is not an authentication problem (the authentication process seems to be success) and it is a network related issue. However, I do not how to fix it according to the three lines on the output: ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable I enabled and applied on sysctl.conf: net.inet.gre.allow=1 net.inet.gre.wccp=1 Also, I added the pf.conf lines needed to allow traffic from 1723 and GRE connections and, to be sure, let all traffic from 5.5.5.0 network pass through the firewall on tun0. Any help? What I am missing? Thanks in advance, Alvaro [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: poptop on OpenBSD 5.3
Hi Wesley, Loïc, Thanks for the advice. I didn't know about npppd. It seems an interesting option. I am going to try that. Cheers, Alvaro 2013/8/4 Loïc BLOT loic.b...@unix-experience.fr I approve Wesley, if you use OpenBSD 5.3 you should use npppd it's simpler than poptop and have nearly the same functionalities -- Best regards, Loïc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le lundi 05 août 2013 à 08:46 +0400, Wesley MOUEDINE ASSABY a écrit : Hi, Why not use the embedded package in OpenBSD 5.3 : npppd ?? conf files : /etc/npppd/npppd.conf and npppd-users Below a link that will help you on : http://fr.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd Cheers, Wesley Le 2013-08-05 4:48, Alvaro Mantilla Gimenez a écrit : Hi, I am trying to configure poptop on OpenBSD 5.3 without success. I've installed the package and configured the files as the /usr/local/share/doc/pkg-readmes/poptop-1.3.4p4 says but didn't work so I started to change things here and there without success. These are the facts: /etc/pptpd.conf: stimeout 10 noipparam logwtmp localip 5.5.5.1 remoteip 5.5.5.2-102 /etc/ppp/options: lock auth usehostname proxyarp +MSChap-V2 mppe-128 mppe-stateless /etc/ppp/ppp.conf: default: set log Phase Chat LCP IPCP CCP tun command set speed 115200 pptp: set log phase tun enable proxy set dns 8.8.8.8 8.8.4.4 set ifaddr 5.5.5.1 5.5.5.0/0 255.255.255.0 set timeout 0 enable chap enable MSChapV2 And here the error: pptpd[25764]: CTRL: Starting call (launching pppd, opening GRE) ppp[14716]: Phase: Using interface: tun0 ppp[14716]: Phase: deflink: Created in closed state ppp[14716]: tun0: Command: default: set speed 115200 ppp[14716]: tun0: Command: pptp: set log phase tun ppp[14716]: tun0: Phase: PPP Started (direct mode). ppp[14716]: tun0: Phase: bundle: Establish ppp[14716]: tun0: Phase: deflink: closed - opening ppp[14716]: tun0: Phase: deflink: Connected! ppp[14716]: tun0: Phase: deflink: opening - carrier ppp[14716]: tun0: Phase: deflink: carrier - lcp ppp[14716]: tun0: Phase: bundle: Authenticate ppp[14716]: tun0: Phase: deflink: his = none, mine = CHAP 0x81 ppp[14716]: tun0: Phase: Chap Output: CHALLENGE ppp[14716]: tun0: Phase: Chap Input: RESPONSE (49 bytes from testuser) ppp[14716]: tun0: Phase: Chap Output: SUCCESS ppp[14716]: tun0: Phase: deflink: lcp - open ppp[14716]: tun0: Phase: bundle: Network ppp[14716]: tun0: Phase: deflink: open - lcp ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Phase: bundle: Terminate pptpd[25764]: CTRL: EOF or bad error reading ctrl packet length. pptpd[25764]: CTRL: couldn't read packet header (exit) pptpd[25764]: CTRL: CTRL read failed ppp[14716]: tun0: Phase: deflink: read (0): Got zero bytes ppp[14716]: tun0: Phase: deflink: Disconnected! ppp[14716]: tun0: Phase: deflink: Connect time: 1 secs: 354 octets in, 364 octets out ppp[14716]: tun0: Phase: deflink: 7 packets in, 11 packets out ppp[14716]: tun0: Phase: total 718 bytes/sec, peak 0 bytes/sec on Sun Aug 4 18:23:07 2013 ppp[14716]: tun0: Phase: deflink: lcp - closed ppp[14716]: tun0: Phase: bundle: Dead ppp[14716]: tun0: Phase: PPP Terminated (normal). pptpd[25764]: CTRL: Client truncated_ip control connection finished So far I think is not an authentication problem (the authentication process seems to be success) and it is a network related issue. However, I do not how to fix it according to the three lines on the output: ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable I enabled and applied on sysctl.conf: net.inet.gre.allow=1 net.inet.gre.wccp=1 Also, I added the pf.conf lines needed to allow traffic from 1723 and GRE connections and, to be sure, let all traffic from 5.5.5.0 network pass through the firewall on tun0. Any help? What I am missing? Thanks in advance, Alvaro [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: poptop on OpenBSD 5.3
Hi, Why not use the embedded package in OpenBSD 5.3 : npppd ?? conf files : /etc/npppd/npppd.conf and npppd-users Below a link that will help you on : http://fr.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd Cheers, Wesley Le 2013-08-05 4:48, Alvaro Mantilla Gimenez a écrit : Hi, I am trying to configure poptop on OpenBSD 5.3 without success. I've installed the package and configured the files as the /usr/local/share/doc/pkg-readmes/poptop-1.3.4p4 says but didn't work so I started to change things here and there without success. These are the facts: /etc/pptpd.conf: stimeout 10 noipparam logwtmp localip 5.5.5.1 remoteip 5.5.5.2-102 /etc/ppp/options: lock auth usehostname proxyarp +MSChap-V2 mppe-128 mppe-stateless /etc/ppp/ppp.conf: default: set log Phase Chat LCP IPCP CCP tun command set speed 115200 pptp: set log phase tun enable proxy set dns 8.8.8.8 8.8.4.4 set ifaddr 5.5.5.1 5.5.5.0/0 255.255.255.0 set timeout 0 enable chap enable MSChapV2 And here the error: pptpd[25764]: CTRL: Starting call (launching pppd, opening GRE) ppp[14716]: Phase: Using interface: tun0 ppp[14716]: Phase: deflink: Created in closed state ppp[14716]: tun0: Command: default: set speed 115200 ppp[14716]: tun0: Command: pptp: set log phase tun ppp[14716]: tun0: Phase: PPP Started (direct mode). ppp[14716]: tun0: Phase: bundle: Establish ppp[14716]: tun0: Phase: deflink: closed - opening ppp[14716]: tun0: Phase: deflink: Connected! ppp[14716]: tun0: Phase: deflink: opening - carrier ppp[14716]: tun0: Phase: deflink: carrier - lcp ppp[14716]: tun0: Phase: bundle: Authenticate ppp[14716]: tun0: Phase: deflink: his = none, mine = CHAP 0x81 ppp[14716]: tun0: Phase: Chap Output: CHALLENGE ppp[14716]: tun0: Phase: Chap Input: RESPONSE (49 bytes from testuser) ppp[14716]: tun0: Phase: Chap Output: SUCCESS ppp[14716]: tun0: Phase: deflink: lcp - open ppp[14716]: tun0: Phase: bundle: Network ppp[14716]: tun0: Phase: deflink: open - lcp ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Phase: bundle: Terminate pptpd[25764]: CTRL: EOF or bad error reading ctrl packet length. pptpd[25764]: CTRL: couldn't read packet header (exit) pptpd[25764]: CTRL: CTRL read failed ppp[14716]: tun0: Phase: deflink: read (0): Got zero bytes ppp[14716]: tun0: Phase: deflink: Disconnected! ppp[14716]: tun0: Phase: deflink: Connect time: 1 secs: 354 octets in, 364 octets out ppp[14716]: tun0: Phase: deflink: 7 packets in, 11 packets out ppp[14716]: tun0: Phase: total 718 bytes/sec, peak 0 bytes/sec on Sun Aug 4 18:23:07 2013 ppp[14716]: tun0: Phase: deflink: lcp - closed ppp[14716]: tun0: Phase: bundle: Dead ppp[14716]: tun0: Phase: PPP Terminated (normal). pptpd[25764]: CTRL: Client truncated_ip control connection finished So far I think is not an authentication problem (the authentication process seems to be success) and it is a network related issue. However, I do not how to fix it according to the three lines on the output: ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network is unreachable I enabled and applied on sysctl.conf: net.inet.gre.allow=1 net.inet.gre.wccp=1 Also, I added the pf.conf lines needed to allow traffic from 1723 and GRE connections and, to be sure, let all traffic from 5.5.5.0 network pass through the firewall on tun0. Any help? What I am missing? Thanks in advance, Alvaro