headers
Nathaniel Watson | 3 Oct 2005 16:53
Picon

cials-tabs, fast shipping


Be ERECT in less than 15 mins

PRlCE: $ 2 / use

visit us: bookold.com

-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Permalink | Reply | 0 comments |
headers
John Horne | 5 Oct 2005 18:59
Picon
Favicon

Radius plugin failover - not working?

Hello,

We have a server running Fedora Core 3 linux (2.6.12-1.1372_FC3 kernel),
with pptpd 1.2.2, freeradius 1.0.1, and ppp 2.4.3 (with mppe/mppc patch)
and the radius plugin. This is all used as a VPN server for mainly
Windows XP clients using mppe/pptp. This works fine - the radius plugin
talks fine with the local radius server.

However, I have being testing failover with another server using the
same software, and the failover does not seem to work. (I also tried
this with ppp 2.4.4.b1 - same result.) In the radiusclient.conf file on
the local host I have specified both radius servers for the
authserver/acctserver as:

  authserver  localhost:1812 vpn2.plymouth.ac.uk:1812
  acctserver  localhost:1813 vpn2.plymouth.ac.uk:1813

If I stop the local radius server, then I can see (using tcpdump and ppp
in debug mode) the local host/ppp sending a radius authentication
request to the remote server. The remote server sends the reply (an
authentication success). But the client always receives a 691 error
complaining about 'access was denied because the username and/or
password was invalid'. The username/pwd are correct.

(More details:
   client is      141.163.60.7
   local host is  141.163.111.250 (aka 'vpn1')
   remote host is 141.163.195.250 (aka 'vpn2') )

A snippet of the local host logged ppp messages shows:
(Continue reading)

Permalink | Reply | 1 comment |
headers
Eugene Paskevich | 6 Oct 2005 07:39
Picon
Gravatar

Re: CBCP rewrite patch + feature request

On Wed, 14 Sep 2005 09:57:06 +0300, Eugene Paskevich  
<eugene <at> raptor.kiev.ua> wrote:

> As you asked, Paul, I ported my patch to 2.4.4b1 version.
> All your remarks were took into the account while porting.
> But some things were changed so no surprise you will have
> more remarks. :-)
>
> Patch features:
>
> 1) README corrections and additions.
> 2) chat/chat.c: got rid of compilation warning complaining
>    trigraph misuse when compiled using gcc-3.4.4.
> 3) New hook and plugin for it. Both described in README.
> 4) Almost fully rewritten and reorganized cbcp.c
>    With addition of server side capabilities, code for list
>    callback type, retransmitting timeouted packets.
> 5) Some defines were enumerated in cbcp.h
> 6) #ifdef'ed out unused cbcp definitions if code is compiled
>    without CBCP_SUPPORT.
> 7) corrected tiny misspellings with dialling -> dialing.
>
> Feature request:
>
> 1) Utilize new hook in radius plugin.

I beg your pardon, Paul, but it's been three weeks since
I've sent this patch and I haven't seen any comments upon it.
Sorry for my impatience, but I think that this time must be
sufficient at least for reviewing and commenting, isn't it?
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Horne | 6 Oct 2005 18:40
Picon
Favicon

Re: Radius plugin failover - not working?

On Wed, 2005-10-05 at 17:59 +0100, John Horne wrote:
> 
> We have a server running Fedora Core 3 linux (2.6.12-1.1372_FC3 kernel),
> with pptpd 1.2.2, freeradius 1.0.1, and ppp 2.4.3 (with mppe/mppc patch)
> and the radius plugin. This is all used as a VPN server for mainly
> Windows XP clients using mppe/pptp. This works fine - the radius plugin
> talks fine with the local radius server.
> 
> However, I have being testing failover with another server using the
> same software, and the failover does not seem to work.
>
Hello,

Okay, you can ignore this. It was due to my misunderstanding of the
'key' in the radiusclient/servers file. I have now corrected this, and
failover works fine :-)

Sorry for the hassle.

John.

--

-- 
---------------------------------------------------------------
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 233914
E-mail: John.Horne <at> plymouth.ac.uk       Fax: +44 (0)1752 233839

-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
(Continue reading)

Permalink | Reply | 0 comments |
headers
Don | 16 Oct 2005 11:38
Picon

Re[9]: my prog

Hello!
Just the best cheap programs store:
http://www.geocities.com/ubsyp3d4jh0oa/

Cordero Smjiren Sixkiller May Achtelik

-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Permalink | Reply | 0 comments |
headers
Jan Just Keijser | 20 Oct 2005 12:42
Picon

Re: Authentificating with certificates ("unknown authentication type 13; Naking")

hi all,

there already is a patch to do EAP-TLS authentication with ppp; see
  http://eaptls.spe.net
for details. I've just completed the patch against ppp-2.4.3 to allow 
MPPE encryption with EAP-TLS. I have created two versions:
- one against the ppp_mppe module which supports 128bit MPPE but no MPPC
- one against the ppp_mppe_mppc module which supports 40/56/128 bit MPPE 
and MPPC (but there are some licensing issues, I believe, with using MPPC).
Tested it with both XP and W2K as clients, Linux as a PoPToP server - 
works beautifully :)

anybody interested?

cheers,

JJK

>Boky Gmail writes:
>> Note: resending; it seems it didn't get through the first time round.
>
>No, it came through fine the first time.
>
>> I was wondering if it is possible to use certificates instead of
>> passwords for authentification over PPTP?
>
>"Possible"?  Sure; you've got source code.
>
>> EAP: unknown authentication type 13; Naking
>
(Continue reading)

Permalink | Reply | 2 comments |
headers
Boky Gmail | 20 Oct 2005 12:56
Picon

Re: Authentificating with certificates ("unknown authentication type 13; Naking")

Yes, we know about EAP-TLS.

But EAP-TLS does not allow you to use MPPE/MPPC (128bit) since
MPPE/MPPC patch expects that you use MS-CHAP[v2] authentification and
EAP-TLS patch uses EAP authentification.

Did you hack the EAP-TLS patch to provide correct credentials to
MPPE/MPPC patch. Are you sure you are using MPPE/MPPC?

I thought I was (PPTP said in output log it negotiated MPPE 128bit)
but I was getting errors like "Unknown protocol 0x??...".

As it turns out when I added "require-mppe" to my options the tunnel
was not being setup anymore and I started getting errors in the lines
of "MS-CHAP[v2] required for MPPE/MPPC".

If you have a patch for this we'd of course be more than happy to se it.

Cheers,
Bojan

On 10/20/05, Jan Just Keijser <jan.just.keijser <at> gmail.com> wrote:
> hi all,
>
> there already is a patch to do EAP-TLS authentication with ppp; see
>   http://eaptls.spe.net
> for details. I've just completed the patch against ppp-2.4.3 to allow
> MPPE encryption with EAP-TLS. I have created two versions:
> - one against the ppp_mppe module which supports 128bit MPPE but no MPPC
> - one against the ppp_mppe_mppc module which supports 40/56/128 bit MPPE
(Continue reading)

Permalink | Reply | 1 comment |
headers
Jan Just Keijser | 20 Oct 2005 13:42
Picon

Re: Authentificating with certificates ("unknown authentication type 13; Naking")

I have hacked pppd to allows MPPE 128 bit encryption. The Windows PPTP 
VPN status screen tells me it is using MPPE128 encryption but no 
compression; ethereal dumps show me the data is compressed/encrypted. 
Without the MPPE encryption I can see still the original packets inside 
the GRE tunnel, with MPPE I cannot. This version is available on 
http://eaptls.spe.net in the download section.

I have also created a hacked version of pppd in combination with 
ppp_mppe_mppc that allow MPPE+MPPC. With this module, the PPTP VPN 
status screen tells me it is using MPPE128 encryption (or MPPE40/MPPE56) 
and MPPC compression. This version is not yet available on the internet 
but I am working on a DKMS version of the ppp_mppe_mppe module. I have a 
patched ppp-2.4.3 source tree available.

JJK

Boky Gmail wrote:

>Yes, we know about EAP-TLS.
>
>But EAP-TLS does not allow you to use MPPE/MPPC (128bit) since
>MPPE/MPPC patch expects that you use MS-CHAP[v2] authentification and
>EAP-TLS patch uses EAP authentification.
>
>Did you hack the EAP-TLS patch to provide correct credentials to
>MPPE/MPPC patch. Are you sure you are using MPPE/MPPC?
>
>I thought I was (PPTP said in output log it negotiated MPPE 128bit)
>but I was getting errors like "Unknown protocol 0x??...".
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Chauncey Avery | 20 Oct 2005 17:41

Timely narcotic Solutions

Greetings

Check out the great weekly specials. 

You can not find better prices.

80% savings on all items in July.
No prescription

http://uk.geocities.com/raylalalalapharm/

..All the best wishes from CheapMe/dz 

-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Permalink | Reply | 0 comments |
headers
Robt P. Paul | 21 Oct 2005 12:25

Top medication Offerings

How are you,

Our customers return for our weekly specials.

The best online offer you will ever find.

Save over 80% on everything.
No prescriptions notes neccesary

http://uk.geocities.com/tomhalderstrom

..Best wishes from ReliablePharm

-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Permalink | Reply | 0 comments |

Gmane