Re: PPTP VPN
On 08/19/11 18:00, Pierre Abbat wrote: I've looked all over the Web and tried things and nothing worked right. And I still don't understand what's going on. What does pppd do, and what does pptp do? Why are they separate? There is a package ssh-ip-tunnel-1.0nb1 = Simple VPN system using pppd over ssh. I can ssh into the box. Can I use this and get the same IP address that I'm supposed to get with pppd and pptp? Do I have to log in as root? Pierre Oh Man. This is a can of worms :D opening. carefully. anyone feel free to chime in and correct me where I am wrong :D Basically - VPN is a generic term for an encrypted network tunnel, with many possible technologies - simple SSH/SSL tunnels, IPSEC tunnels, PPTP, OpenVPN, and others. PPP is the 'point to point' protocol - which can be used for setting up a variety of network links, most often modems / ISDN / T1+ lines but also other various configurations such as GSM modems, wide-area fiber optic links, etc. In DragonFly we have 2x implementations of PPP - one, 'ppp' which runs as a userland tool on top of the tun/tap device, another, pppd which runs in kernel space. There is also a netgraph(3) implementation of PPP - I don't recall if this is separate from the 'pppd' kernel version or used to support it . The ppp one is a bit easier to setup/debug due to the nifty command shell it has, but is slower performing than pppd due to the user-kernel data copying requirements. The 'ppp' (userland) version of PPP is common across the BSD's and differs from a different 'ppp' (userland) version which was implemented for linux with different commands, configuration, etc - however, all speak 'PPP'. PPP is a serial communications protocol, and as such is often setup over terminal lines (such as a dialup modem tty, etc) - it appears that the ssh-ip-tunnel package uses the 'dial up tty' portion of SSH in combination with the '/usr/sbin/pppd' (kernel mode) package. Keeping in mind that the package is in pkgsrc and requires kernel features - the netbsd kernel mode pppd package has common ancestry with the netbsd kernel mode version and so the ssh-ip-tunnel might work for setting up these kinds of vpn's using the dragonfly kernel-mode pppd implementation. However, PPTP is a specific and somewhat standardized method / protocol of tunneling PPP (point to point) traffic over an existing IP infrastructure and as such you will need a PPTP implementation to connect to the remote end. As the pptp package is the client only one, this is the one you'll need to use - the freebsddiary post is a bit confusing because it defines the pptp configuration file as ppp.conf - however, whatever the file is called it needs to be called using the pptp program. Usually / generically speaking for VPN's in general there is some primary connection which is established to negotiate the configuration of the actual tunneled connection - the exact specifics of the negotiation and what authentication is required will vary according to the given setup / choice of VPN technology and other administrator settings - again not being versed in PPTP and your particular situation, I can't say what this might mean for your case, e.g. root, dialup, foo, etc. Hope this clears things up a bit / somewhat. Or makes them murkier in a way that might lead to clarity :D And keep up your hope - I think if one can configure a PPP or VPN link and a mail server 'blind', one can pretty much configure anything in the world of computers so this is 50% of the battle :D Cheers Good luck. - Chris
Re: PPTP VPN
On 08/20/11 05:53, Chris Turner wrote: As the pptp package is the client only one, this is the one you'll need to use - the freebsddiary post is a bit confusing because it defines the pptp configuration file as ppp.conf - however, whatever the file is called it needs to be called using the pptp program. ach - looks like I misread your output - you did call pptp which called pppd and had some errors. This could be a few factors - 1: pptp is compiled from pkgsrc - which might mean it is expecting a netbsd pppd underneath instead of the freebsd-dragonfly one we have (need to check freebsd4/freebsd-now/netbsd pppd manual pages / code) 2: pppd has drifted w/r/t pptp or the other way around and pkgsrc needs updating, (need to check pptp manual pages / code ) 3: ... To get this moving in the right direction, you might want to try setting up a spare freebsd box with ports or a netbsd box with pkgsrc, get the pptp link working, and try to figgure out the possible pppd and pptp differences on dragonfly that are keeping this from working - aka, you might need to port/update pppd or pptp, or pkgsrc, or 1/2/both/all, etc to the current state of affairs on DragonFly This is why I keep sources for all BSD's handy for troubleshooting purposes :D Alternately you might just want to try SSH port forwarding if you can SSH to the remote end :D if anyone has a working PPTP setup this would be an excellent time to chime in :D cheers again and good luck. - Chris
Re: PPTP VPN
On Saturday 20 August 2011 07:03:44 Chris Turner wrote: looks like I misread your output - you did call pptp which called pppd and had some errors. This could be a few factors - 1: pptp is compiled from pkgsrc - which might mean it is expecting a netbsd pppd underneath instead of the freebsd-dragonfly one we have (need to check freebsd4/freebsd-now/netbsd pppd manual pages / code) 2: pppd has drifted w/r/t pptp or the other way around and pkgsrc needs updating, (need to check pptp manual pages / code ) 3: ... NetBSD pptp expecting a NetBSD pppd would make sense. The pppd is in world, but there's also a pppd package. To get this moving in the right direction, you might want to try setting up a spare freebsd box with ports or a netbsd box with pkgsrc, get the pptp link working, and try to figgure out the possible pppd and pptp differences on dragonfly that are keeping this from working - aka, you might need to port/update pppd or pptp, or pkgsrc, or 1/2/both/all, etc to the current state of affairs on DragonFly This is why I keep sources for all BSD's handy for troubleshooting purposes :D I don't have any other BSD boxes. I have a Linux box. Alternately you might just want to try SSH port forwarding if you can SSH to the remote end :D I can SSH, and there is an SSH VPN package which I'll try. It requires knowing the IP addresses; I can get that by running the pptp tunnel on the router. Pierre -- li ze te'a ci vu'u ci bi'e te'a mu du li ci su'i ze te'a mu bi'e vu'u ci
Re: PPTP VPN
I haven't connected via PPTP on a non-Windows machine in a while, but I bet these steps would work: http://www.freebsddiary.org/pptp.php On Thu, Aug 18, 2011 at 6:42 PM, Pierre Abbat p...@phma.optus.nu wrote: My boss has a VPN that I need to connect to. I can connect to it from the Windows box, but then only the Windows box can access it; or from the router, but it doesn't stay up long. How can I set up the DragonFly box so that it can be started with a script in /etc/rc.d? Pierre -- Jews use a lunisolar calendar; Muslims use a solely lunar calendar.
Re: PPTP VPN
On Friday 19 August 2011 09:08:02 Justin Sherrill wrote: I haven't connected via PPTP on a non-Windows machine in a while, but I bet these steps would work: http://www.freebsddiary.org/pptp.php I created a section called bda in pppd.conf and then ran pptp. I got this: # pptp mail.baucom-davis.com bda running pppd: /usr/sbin/pppd /dev/pts/7 38400 bda /usr/sbin/pppd: unrecognized option 'bda' pppd version 2.3 patch level 5 Usage: /usr/sbin/pppd [ options ], where options are: deviceCommunicate over the named device speed Set the baud rate to speed loc:rem Set the local and/or remote interface IP addresses. Either one may be omitted. asyncmap nSet the desired async map to hex n authRequire authentication from peer connect p Invoke shell command p to set up the serial line crtscts Use hardware RTS/CTS flow control defaultrouteAdd default route through interface file fTake options from file f modem Use modem control lines mru n Set MRU value to n for negotiation See pppd(8) for more options. Do I have a different pptp program than FreeBSD, or what? Pierre -- .i toljundi do .ibabo mi'afra tu'a do .ibabo damba do .ibabo do jinga .icu'u la ma'atman.
Re: PPTP VPN
On Friday 19 August 2011 12:46:30 Pierre Abbat wrote: Do I have a different pptp program than FreeBSD, or what? The one in FreeBSD is poptop. The one in DragonFly is pptp. There is a poptop package in pkgsrc, but no binary, so I installed pptp. Pierre -- When a barnacle settles down, its brain disintegrates. Já não percebe nada, já não percebe nada.
Re: PPTP VPN
On Friday 19 August 2011 13:55:33 Pierre Abbat wrote: The one in FreeBSD is poptop. The one in DragonFly is pptp. There is a poptop package in pkgsrc, but no binary, so I installed pptp. Further checking: I called a friend who sets up networks for a living. He told me there was a change in the pppd program or protocol in 2005 that made command line options no longer valid. The FreeBSD page was written in 2002. Pierre -- Don't buy a French car in Holland. It may be a citroen.
Re: PPTP VPN
I've looked all over the Web and tried things and nothing worked right. And I still don't understand what's going on. What does pppd do, and what does pptp do? Why are they separate? There is a package ssh-ip-tunnel-1.0nb1 = Simple VPN system using pppd over ssh. I can ssh into the box. Can I use this and get the same IP address that I'm supposed to get with pppd and pptp? Do I have to log in as root? Pierre -- li ze te'a ci vu'u ci bi'e te'a mu du li ci su'i ze te'a mu bi'e vu'u ci
Re: PPTP VPN client
On Fri, Dec 05, 2008 at 11:59:03AM +0200, Dennis Melentyev wrote: In FreeBSD ports exists an mpd daemon for PPTP connections. I hardly can find it in pkgsrc (well, it's not portable enough). I've written a pkgsrc package for older version (mpd-3.18) http://les.ath.cx/DragonFly/dfly2_0-pkgsrc-mpd-3.18.tar.gz and been using here for my PPPoE and PPTP connections. For some reason netgraph modules need to be loaded with kldload command or it just won't work (I seem to recall this started at some point around 1.10-RELEASE, but I haven't managed to track down yet). If you're using GENERIC kernel it means you need to compile a kernel without netgraph modules compiled in, so at the moment mpd is not your choice. Also it seems that ng_pptpgre module (or other modules it depends on) has some race problem, so if you have `options INVARIANTS' in your kernel config, you'll often experience kernel panics. UP kernel is affected by this problem, too. The following bandaid seems to stop the panic, but I occasionally receive `deadlock avoided' error while using rdesktop to connect to a Windows PC in my office, and in that case, the TCP connection dies. --- a/sys/netgraph/pptpgre/ng_pptpgre.c +++ b/sys/netgraph/pptpgre/ng_pptpgre.c @@ -556,8 +556,10 @@ ng_pptpgre_xmit(node_p node, struct mbuf *m, meta_p meta) NG_SEND_DATA(error, priv-lower, m, meta); /* Start receive ACK timer if data was sent and not already running */ - if (error == 0 gre-hasSeq priv-xmitSeq == priv-recvAck + 1) + if (error == 0 gre-hasSeq priv-xmitSeq == priv-recvAck + 1) { + ng_pptpgre_stop_recv_ack_timer(node); ng_pptpgre_start_recv_ack_timer(node); + } return (error); } What could be used on DFBSD (client side) to create PPTP tunnel with MPPC/MPPE without involving manual build from sources? net/pptp?
Re: PPTP VPN client
On Fri, Dec 05, 2008 at 10:22:56PM +0200, Dennis Melentyev wrote: I've written a pkgsrc package for older version (mpd-3.18) http://les.ath.cx/DragonFly/dfly2_0-pkgsrc-mpd-3.18.tar.gz The connection fails for some reason. Firefox says The connection to the server was reset while the page was loading Could you please check your server? Sorry, I messed up something in the ipfw rule when I add a rule to accept requests to my git repository. I also put it on my leaf account: http://leaf.dragonflybsd.org/~y0netan1/dfly2_0-pkgsrc-mpd-3.18.tar.gz : What could be used on DFBSD (client side) to create PPTP tunnel with MPPC/MPPE without involving manual build from sources? net/pptp? It says no encription yet or so. :( Ah, it's too bad.