Brian Lavender | 7 Oct 23:37 2010

what options for hping?

I have a user that is failing to connect. We have previously had
issues with GRE packets not going through.

How do you use hping to test the connection for GRE?
What options?

brian
--

-- 
Brian Lavender
http://www.brie.com/brian/

"Program testing can be used to show the presence of bugs, but never to
show their absence!"

Professor Edsger Dijkstra
1972 Turing award recipient

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
Clemente Aguiar | 19 Oct 12:14 2010
Picon

VPN no longer works after samba upgrade

Hello,

I have a VPN configured and working for some years now. I use Gentoo
linux, and recently Samba has been upgraded from version 3.0.37 to
3.4.9.

After the upgrade the VPN stopped working. The problem is that ver.
3.0.37 is no longer available, so I cannot downgrade.

Can anybody help me to get this working with Samba 3.4(.9)?

Here is a log of the problem:

Oct 16 17:39:02 polvo pptpd[6501]: CTRL: Client 213.8.247.192 control
connection started
Oct 16 17:39:02 polvo pptpd[6501]: CTRL: Starting call (launching pppd,
opening GRE)
Oct 16 17:39:02 polvo pppd[6502]: Plugin winbind.so loaded.
Oct 16 17:39:02 polvo pppd[6502]: WINBIND plugin initialized.
Oct 16 17:39:02 polvo pppd[6502]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so
loaded.
Oct 16 17:39:02 polvo pppd[6502]: pptpd-logwtmp: $Version$
Oct 16 17:39:02 polvo pppd[6502]: pppd 2.4.4 started by root, uid 0
Oct 16 17:39:02 polvo pppd[6502]: using channel 5
Oct 16 17:39:02 polvo pppd[6502]: Using interface ppp0
Oct 16 17:39:02 polvo pppd[6502]: Connect: ppp0 <--> /dev/pts/1
Oct 16 17:39:02 polvo pppd[6502]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap MS-v2> <magic 0xd29e844> <pcomp> <accomp>]
Oct 16 17:39:02 polvo pppd[6502]: rcvd [LCP ConfReq id=0x1 <asyncmap
0x0> <magic 0x638e8298> <pcomp> <accomp>]
(Continue reading)

Jorge Bastos | 19 Oct 13:11 2010
Picon

Re: VPN no longer works after samba upgrade

Howdy,

> After the upgrade the VPN stopped working. The problem is that ver.
> 3.0.37 is no longer available, so I cannot downgrade.
> 

It seems that the problem is on your side:

Oct 16 17:39:02 polvo pppd[6502]: rcvd [LCP TermReq id=0x2 "Failed to
authenticate ourselves to peer"] Oct 16 17:39:02 polvo pppd[6502]: LCP
terminated by peer (Failed to authenticate ourselves to peer) Oct 16
17:39:02 polvo pppd[6502]: sent [LCP TermAck id=0x2] Oct 16 17:39:02 polvo
pptpd[6501]: CTRL: EOF or bad error reading ctrl packet length.
Oct 16 17:39:02 polvo pptpd[6501]: CTRL: couldn't read packet header
(exit)

------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
Clemente Aguiar | 19 Oct 13:28 2010
Picon

Re: VPN no longer works after samba upgrade

Which side is that, they are both my sides: its my client and I manage
the server :-)

Please remember that the same client used to connect, and after I
upgraded Samba, it does not connect any more.

The client is a Mac, but I have tried with a Linux client and also the
same thing - used to work but not after the upgrade.

Clemente

----- Mensagem Original-----
De: Jorge Bastos <mysql.jorge <at> decimal.pt>
Para: 'Clemente Aguiar' <ca-lists <at> madeiratecnopolo.pt>,
poptop-server <at> lists.sourceforge.net
Assunto: RE: [Poptop-server] VPN no longer works after samba upgrade
Data: Tue, 19 Oct 2010 12:11:56 +0100

Howdy,

> After the upgrade the VPN stopped working. The problem is that ver.
> 3.0.37 is no longer available, so I cannot downgrade.
> 

It seems that the problem is on your side:

Oct 16 17:39:02 polvo pppd[6502]: rcvd [LCP TermReq id=0x2 "Failed to
authenticate ourselves to peer"] Oct 16 17:39:02 polvo pppd[6502]: LCP
terminated by peer (Failed to authenticate ourselves to peer) Oct 16
17:39:02 polvo pppd[6502]: sent [LCP TermAck id=0x2] Oct 16 17:39:02 polvo
(Continue reading)

Jorge Bastos | 19 Oct 14:08 2010
Picon

Re: VPN no longer works after samba upgrade

> Which side is that, they are both my sides: its my client and I manage
> the server :-)

- Kernel version?
- POPTOP version?
- PPP version?

------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
Clemente Aguiar | 19 Oct 15:49 2010
Picon

Re: VPN no longer works after samba upgrade

- Kernel version: 2.6.28 (Gentoo Linux 2.6.28-hardened-r9)
- POPTOP version: 1.3.4
- PPP version: 2.4.4 (r25)

In the meantime I found this thread on a Samba bug which could be
related to the problem I have:

http://samba.2283325.n4.nabble.com/winbind-and-pptpd-authentication-failure-td2532691.html

This thread referes to the following bug:

https://bugzilla.samba.org/show_bug.cgi?id=7568

I am at present installing Samba 3.5.6 which includes the referred fix.
I will let you know the results.

Clemente

----- Mensagem Original-----
De: Jorge Bastos <mysql.jorge <at> decimal.pt>
Para: 'Clemente Aguiar' <ca-lists <at> madeiratecnopolo.pt>,
poptop-server <at> lists.sourceforge.net
Assunto: RE: [Poptop-server] VPN no longer works after samba upgrade
Data: Tue, 19 Oct 2010 13:08:51 +0100

> Which side is that, they are both my sides: its my client and I manage
> the server :-)

- Kernel version?
- POPTOP version?
(Continue reading)

Jorge Bastos | 19 Oct 16:07 2010
Picon

Re: VPN no longer works after samba upgrade

> - Kernel version: 2.6.28 (Gentoo Linux 2.6.28-hardened-r9)
> - POPTOP version: 1.3.4
> - PPP version: 2.4.4 (r25)
> 
> In the meantime I found this thread on a Samba bug which could be
> related to the problem I have:
> 
> http://samba.2283325.n4.nabble.com/winbind-and-pptpd-authentication-
> failure-td2532691.html
> 
> This thread referes to the following bug:
> 
> https://bugzilla.samba.org/show_bug.cgi?id=7568
> 
> I am at present installing Samba 3.5.6 which includes the referred fix.
> I will let you know the results.

Ah,
You're using NTLM ?
Forgot to ask that part.

------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
Clemente Aguiar | 19 Oct 17:20 2010
Picon

Re: VPN no longer works after samba upgrade

Phil, to answer your question: I am using Samba (more precisely
winbindd) to authenticate against an AD. And with Samba 3.4.9,
authentication was not working (seems that there was a bug, see my
previous email).

Regarding the problem that I had, the good news is that with Samba 3.5.6
it works.

So my VPN is now working again.

Thanks,
Clemente

----- Mensagem Original-----
De: Phillip Davis <pdavis <at> daviszone.org>
Para: Jorge Bastos <mysql.jorge <at> decimal.pt>
Cc: Clemente Aguiar <ca-lists <at> madeiratecnopolo.pt>,
<poptop-server <at> lists.sourceforge.net>
<poptop-server <at> lists.sourceforge.net>
Assunto: Re: [Poptop-server] VPN no longer works after samba upgrade
Data: Tue, 19 Oct 2010 09:02:06 -0600

I guess what confuses me is how Samba has anything to do whatsoever with pptp or ppp. They should be totally
unrelated no?  Pptp/ppp are a communication link and samba is a file sharing protocol.   Pptp can be
established and samba never used. The errors seem to be all about establishing a pptp connection and
nothing to do with samba sharing. Unless pptp is sharing samba's auto mechanism?

~Phil

On Oct 19, 2010, at 8:07 AM, "Jorge Bastos" <mysql.jorge <at> decimal.pt> wrote:
(Continue reading)

Phillip Davis | 19 Oct 17:02 2010

Re: VPN no longer works after samba upgrade

I guess what confuses me is how Samba has anything to do whatsoever with pptp or ppp. They should be totally
unrelated no?  Pptp/ppp are a communication link and samba is a file sharing protocol.   Pptp can be
established and samba never used. The errors seem to be all about establishing a pptp connection and
nothing to do with samba sharing. Unless pptp is sharing samba's auto mechanism?

~Phil

On Oct 19, 2010, at 8:07 AM, "Jorge Bastos" <mysql.jorge <at> decimal.pt> wrote:

>> - Kernel version: 2.6.28 (Gentoo Linux 2.6.28-hardened-r9)
>> - POPTOP version: 1.3.4
>> - PPP version: 2.4.4 (r25)
>> 
>> In the meantime I found this thread on a Samba bug which could be
>> related to the problem I have:
>> 
>> http://samba.2283325.n4.nabble.com/winbind-and-pptpd-authentication-
>> failure-td2532691.html
>> 
>> This thread referes to the following bug:
>> 
>> https://bugzilla.samba.org/show_bug.cgi?id=7568
>> 
>> I am at present installing Samba 3.5.6 which includes the referred fix.
>> I will let you know the results.
> 
> Ah,
> You're using NTLM ?
> Forgot to ask that part.
> 
(Continue reading)

Charlie Brady | 19 Oct 17:38 2010

Re: VPN no longer works after samba upgrade


On Tue, 19 Oct 2010, Phillip Davis wrote:

> I guess what confuses me is how Samba has anything to do whatsoever with
> pptp or ppp. They should be totally unrelated no?  Pptp/ppp are a
> communication link and samba is a file sharing protocol.  Pptp can be
> established and samba never used. The errors seem to be all about
> establishing a pptp connection and nothing to do with samba sharing.
> Unless pptp is sharing samba's auto mechanism?

I think you mean "auth mechanism". And the answer is yes. PPTP encryption
(MPPE) depends on MS-CHAPv2, which depends on server having passwords
hashed in NT format. Samba does this.

http://www.schneier.com/paper-pptpv2.html
http://tools.ietf.org/html/draft-ietf-pppext-mschapv2-keys

> 
> ~Phil
> 
> On Oct 19, 2010, at 8:07 AM, "Jorge Bastos" <mysql.jorge <at> decimal.pt> wrote:
> 
> >> - Kernel version: 2.6.28 (Gentoo Linux 2.6.28-hardened-r9)
> >> - POPTOP version: 1.3.4
> >> - PPP version: 2.4.4 (r25)
> >> 
> >> In the meantime I found this thread on a Samba bug which could be
> >> related to the problem I have:
> >> 
> >> http://samba.2283325.n4.nabble.com/winbind-and-pptpd-authentication-
(Continue reading)


Gmane