Layer 2 Bridge

Hello,

I've used pptpd many times in the past for VPN tunnels and found it to
be a great solution for most cases, but I'm not sure it will do what
I'm trying to do now.

My home network has DHCP and DNS servers with everything in the
192.168.0.0/24 subnet.  I'd like to configure pptpd to act as a layer
2 bridge so that clients receive a network address from the DHCP
server and pptpd bridges traffic between the local network and the
client.

I'm not sure what the layer 2 side of the tunnel looks like.  I assume
that since it is a point-to-point tunnel, no ARP is being performed,
which is why I can't see any MAC information for my connected clients.

Is this possible at all or should I look at something like openswan?

Thanks,

Mark

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

Re: Layer 2 Bridge

On Thu, 8 Apr 2010, Mark wrote:

> My home network has DHCP and DNS servers with everything in the
> 192.168.0.0/24 subnet.  I'd like to configure pptpd to act as a layer
> 2 bridge so that clients receive a network address from the DHCP
> server and pptpd bridges traffic between the local network and the
> client.
> 
> I'm not sure what the layer 2 side of the tunnel looks like.  I assume
> that since it is a point-to-point tunnel, no ARP is being performed,
> which is why I can't see any MAC information for my connected clients.
> 
> Is this possible at all or should I look at something like openswan?

I don't think openswan will do exactly what you want to do.

I think that other than IP address allocation via DHCP, that pptpd will do 
what you want (you will need proxyarp and bcrelay options).

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

Re: Layer 2 Bridge

On Fri, Apr 9, 2010 at 6:18 AM, Charlie Brady <charlie_brady <at> mitel.com> wrote:
>
> On Thu, 8 Apr 2010, Mark wrote:
>
>> My home network has DHCP and DNS servers with everything in the
>> 192.168.0.0/24 subnet.  I'd like to configure pptpd to act as a layer
>> 2 bridge so that clients receive a network address from the DHCP
>> server and pptpd bridges traffic between the local network and the
>> client.
>>
>> I'm not sure what the layer 2 side of the tunnel looks like.  I assume
>> that since it is a point-to-point tunnel, no ARP is being performed,
>> which is why I can't see any MAC information for my connected clients.
>>
>> Is this possible at all or should I look at something like openswan?
>
> I don't think openswan will do exactly what you want to do.
>
> I think that other than IP address allocation via DHCP, that pptpd will do
> what you want (you will need proxyarp and bcrelay options).
>

Ok, that was simple.  I configured pptpd vend an address on the local
subnet, while its side of the tunnel was on a different one.  I
originally thought this would cause routing problems, but it works
just fine with proxyarp and bcrelay.

Thanks for the help!

Mark

GRE: read() from network failed, error = Protocol not available

Hi list.

I'm getting strange denial in connection of one of my windows clients.
Here is the log:

pptpd[23533]: CTRL: Client 10.216.13.65 control connection started
pptpd[23533]: CTRL: Starting call (launching pppd, opening GRE)
pppd[23534]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
pppd[23534]: pptpd-logwtmp: $Version$
pppd[23534]: pppd 2.4.5 started by root, uid 0
pppd[23534]: using channel 593
pppd[23534]: Using interface ppp1
pppd[23534]: Connect: ppp1 <--> /dev/pts/10
pppd[23534]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5>
<magic 0x857a698a>]
pptpd[23533]: GRE: Bad checksum from pppd.
pptpd[23533]: GRE: read(fd=7,buffer=80514a0,len=8260) from network
failed: status = -1 error = Protocol not available
pptpd[23533]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
pptpd[23533]: CTRL: Reaping child PPP[23534]
pppd[23534]: Modem hangup
pppd[23534]: Connection terminated.
pppd[23534]: Exit.

Furthermore, another client (using windows too) connects successfully.
I wonder what can cause such an error. Is it configuration of my
kernel, network, router, or the client's settings?.. How that can be
fixed?

------

Re: GRE: read() from network failed, error = Protocol not available

I had similar problems recently.  In my case it was that the router on 
my side didn't have the pptp nat kernel modules installed.  This is a 
GRE NAT issue likely and you'll need to find out where the GRE is being 
blocked/lost.

~Phil

On 04/23/2010 01:33 PM, max ulidtko wrote:
> Hi list.
>
> I'm getting strange denial in connection of one of my windows clients.
> Here is the log:
>
> pptpd[23533]: CTRL: Client 10.216.13.65 control connection started
> pptpd[23533]: CTRL: Starting call (launching pppd, opening GRE)
> pppd[23534]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
> pppd[23534]: pptpd-logwtmp: $Version$
> pppd[23534]: pppd 2.4.5 started by root, uid 0
> pppd[23534]: using channel 593
> pppd[23534]: Using interface ppp1
> pppd[23534]: Connect: ppp1<-->  /dev/pts/10
> pppd[23534]: sent [LCP ConfReq id=0x1<asyncmap 0x0>  <auth chap MD5>
> <magic 0x857a698a>]
> pptpd[23533]: GRE: Bad checksum from pppd.
> pptpd[23533]: GRE: read(fd=7,buffer=80514a0,len=8260) from network
> failed: status = -1 error = Protocol not available
> pptpd[23533]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
> pptpd[23533]: CTRL: Reaping child PPP[23534]
> pppd[23534]: Modem hangup
> pppd[23534]: Connection terminated.

Novice in search of assistance with first vpn

------------------------------------------------------------------------------

_______________________________________________
Poptop-server mailing list
Poptop-server <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/poptop-server

Re: Novice in search of assistance with first vpn

Actually, ssh is much easier for tunneling data through some firewall, 
if the allow the outbound access.  You can tunnel and port forward data 
through ssh.  Setup a proxy server on the other end, and point to it... 
But, you can use pptpd to do it.  If that is too hard, then the ssh 
route would be a bit easier, but is outside the list here.

~Phil

On 04/23/2010 04:09 PM, Aaron Epstein wrote:
> Greetings Poptop community,
>
> I have become interested in setting up a vpn when I found that it 
> could be used to bypass a particularly evil monitoring service setup 
> by my school.  I'd like to be able to connect to my home network from 
> school and use my home internet connection to access whatever I want, 
> like ssh for example. I'd like to use pptp because its the easiest to 
> connect to from windows machines.
>
> I began here (I have fedora 12):
> http://poptop.sourceforge.net/dox/redhat-howto.phtml
> but it started going over my head at step 4.
>
> Would anyone be willing to point me to a quick overview for the 
> configure step and how to make sure that I can share internet as 
> described.
>
> I'd be willing to write a beginners guide once I know what to do.
>
> Thank you,
> Aaron Epstein
>
>
> ------------------------------------------------------------------------------
>    
>
>
> _______________________________________________
> Poptop-server mailing list
> Poptop-server <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/poptop-server
>    

------------------------------------------------------------------------------

Re: Novice in search of assistance with first vpn

Hi

Perhaps you may find this how to more easier to follow:
http://thuannvn.blogspot.com/2009/03/how-to-setup-poptop-pptpd-vpn-server-on.html

Do depending on your schools network config this might be a futile
attempt for un-restricted Internet, the restrictions is there for a
reason.

Per
On Fri, 2010-04-23 at 18:09 -0400, Aaron Epstein wrote:
> Greetings Poptop community,
> 
> I have become interested in setting up a vpn when I found that it
> could be used to bypass a particularly evil monitoring service setup
> by my school.  I'd like to be able to connect to my home network from
> school and use my home internet connection to access whatever I want,
> like ssh for example. I'd like to use pptp because its the easiest to
> connect to from windows machines.
> 
> I began here (I have fedora 12):
> http://poptop.sourceforge.net/dox/redhat-howto.phtml
> but it started going over my head at step 4.
> 
> Would anyone be willing to point me to a quick overview for the
> configure step and how to make sure that I can share internet as
> described.
> 
> I'd be willing to write a beginners guide once I know what to do.
> 
> Thank you,
> Aaron Epstein
> ------------------------------------------------------------------------------
> _______________________________________________
> Poptop-server mailing list
> Poptop-server <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/poptop-server

------------------------------------------------------------------------------

Odd iptables issue

I know what must be the problem, but I can't find the source of the 
failure.  On the poptop server, I've got iptables set basically wide 
open now, but tried more restricted before.  I can see data going from 
ppp0 through eth1 to the work network hosts, and them replying ONLY when 
I look at eth1.  But on the same host, ppp0 still shows no reply 
packets... its like the data goes from vpn link, through ppp0 thru eth1 
to that lan, host replies, gets thru eth1, and then the iptables rules 
drop it when it tries to go back to ppp0... Why?  I'm sure there's soem 
simple rule I'm missing, but I can't for the life of me figure it out.  
I've even gone so far as to do:

iptables -I INPUT -i ppp+ -j ACCEPT

just to see if I could get it to work... and it doesn't.  I've tried:

iptables -I OUTPUT -o ppp+ -j ACCEPT

to no avail.

Ideas?

~Phil

------------------------------------------------------------------------------

Re: Odd iptables issue

Well, I found one part of the failure... for some reason, iptables 
insinuates taht ppp+ is valid, but when I changed the rule to be ppp0 it 
seems to have solved the routing issues, because now ppp0 shows packets 
going back down stream, but they get lost again somewhere on this end.  
Making progress... ugh.

~Phil

On 04/27/2010 02:19 PM, Phillip Davis wrote:
> I know what must be the problem, but I can't find the source of the
> failure.  On the poptop server, I've got iptables set basically wide
> open now, but tried more restricted before.  I can see data going from
> ppp0 through eth1 to the work network hosts, and them replying ONLY when
> I look at eth1.  But on the same host, ppp0 still shows no reply
> packets... its like the data goes from vpn link, through ppp0 thru eth1
> to that lan, host replies, gets thru eth1, and then the iptables rules
> drop it when it tries to go back to ppp0... Why?  I'm sure there's soem
> simple rule I'm missing, but I can't for the life of me figure it out.
> I've even gone so far as to do:
>
> iptables -I INPUT -i ppp+ -j ACCEPT
>
> just to see if I could get it to work... and it doesn't.  I've tried:
>
> iptables -I OUTPUT -o ppp+ -j ACCEPT
>
> to no avail.
>
> Ideas?
>
> ~Phil
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Poptop-server mailing list
> Poptop-server <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/poptop-server
>    

------------------------------------------------------------------------------