Hi all,
First: I have tried every possible approach do to this thing with all the
information I gathered from the man pages, the USING file of pptp port, and
mailing lists.
Second, the Nortel's shit is configured to *only* accept mppe-128 bits and
MSChapV2 (or CHAP81 or 0x81 shit) for encryption and authentication it doesn't
have anything in the config for stateful or stateless connections.
Third, I have already tried with 3.7-release, 3.7-stable and I'm currently using
3.7-current, pptp package is 1.6.0 from updated ports and the kernel has *GRE
disabled*, only did that change from GENERIC.
And last, This is NOT like pptp for ADSL connections, What I want is to have my
OpenBSD firewall with a permanent connection to my work's VPN, I already have
ADSL connected, using kernel mode pppoe, and besides kernel panics with -release
and -stable, now it's running -FINE-, with -current). I was already able to
connect from windows or linux using pptp to this VPN, even now using rdr's in
pf.conf for GRE.
Here is what I get from the logs (using ppp/pptp) with full debugging enabled:
(erased/sed the date/hostname from the logs)
ppp[8382]: Command: default: set redial 15 0
ppp[8382]: Command: default: set reconnect 15 10000
ppp[8382]: Command: pptp: set log Phase Chat LCP IPCP CCP tun command
ppp[8382]: tun0: Command: pptp: set device !/usr/local/sbin/pptp
the.contivity.firewall.shit --nolaunchpppd --loglevel 2 --sync
ppp[8382]: tun0: Command: pptp: set mtu max 1350
ppp[8382]: tun0: Command: pptp: set mru max 1350
ppp[8382]: tun0: Command: pptp: set speed sync
ppp[8382]: tun0: Command: pptp: enable MSChapV2
ppp[8382]: tun0: Command: pptp: enable mppe
ppp[8382]: tun0: Command: pptp: enable keep-session
ppp[8382]: tun0: Command: pptp: set authname ******
ppp[8382]: tun0: Command: pptp: set authkey ********
ppp[8382]: tun0: Command: pptp: set mppe 128 stateful
ppp[8382]: tun0: Command: pptp: disable pap
ppp[8382]: tun0: Command: pptp: disable deflate pred1
ppp[8382]: tun0: Command: pptp: deny deflate pred1
ppp[8382]: tun0: Command: pptp: disable ipv6cp
ppp[8382]: tun0: Phase: PPP Started (interactive mode).
ppp[8382]: tun0: Command: /dev/tty: dial
ppp[8382]: tun0: Phase: bundle: Establish
ppp[8382]: tun0: Phase: deflink: closed -> opening
pptp[25129]: anon log[main:pptp.c:267]: The synchronous pptp option is activated
ppp[8382]: tun0: Phase: deflink: Connected!
ppp[8382]: tun0: Phase: deflink: opening -> dial
ppp[8382]: tun0: Phase: deflink: dial -> carrier
ppp[8382]: tun0: Phase: deflink: carrier -> login
ppp[8382]: tun0: Phase: deflink: login -> lcp
ppp[8382]: tun0: LCP: FSM: Using "deflink" as a transport
ppp[8382]: tun0: LCP: deflink: State change Initial --> Closed
ppp[8382]: tun0: LCP: deflink: State change Closed --> Stopped
pptp[2271]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1
Start-Control-Connection-Request'
pptp[2271]: anon log[ctrlp_disp:pptp_ctrl.c:732]: Received Start Control
Connection Reply
pptp[2271]: anon log[ctrlp_disp:pptp_ctrl.c:766]: Client connection established.
ppp[8382]: tun0: LCP: deflink: LayerStart
ppp[8382]: tun0: Warning: deflink: Reducing configured MRU from 1500 to 1350
ppp[8382]: tun0: LCP: deflink: SendConfigReq(1) state = Stopped
ppp[8382]: tun0: LCP: MRU[4] 1440
ppp[8382]: tun0: LCP: MAGICNUM[6] 0x440ae619
ppp[8382]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81)
ppp[8382]: tun0: LCP: deflink: State change Stopped --> Req-Sent
pptp[2271]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7
'Outgoing-Call-Request'
pptp[2271]: anon log[ctrlp_disp:pptp_ctrl.c:851]: Received Outgoing Call Reply.
pptp[2271]: anon log[ctrlp_disp:pptp_ctrl.c:890]: Outgoing call established
(call ID 0, peer's call ID 0).
ppp[8382]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent
ppp[8382]: tun0: LCP: MRU[4] 1440
ppp[8382]: tun0: LCP: MAGICNUM[6] 0x440ae619
ppp[8382]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81)
ppp[8382]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent
ppp[8382]: tun0: LCP: MRU[4] 1440
ppp[8382]: tun0: LCP: MAGICNUM[6] 0x440ae619
ppp[8382]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81)
ppp[8382]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent
ppp[8382]: tun0: LCP: MRU[4] 1440
ppp[8382]: tun0: LCP: MAGICNUM[6] 0x440ae619
ppp[8382]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81)
ppp[8382]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent
ppp[8382]: tun0: LCP: MRU[4] 1440
ppp[8382]: tun0: LCP: MAGICNUM[6] 0x440ae619
ppp[8382]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81)
ppp[8382]: tun0: LCP: deflink: LayerFinish
ppp[8382]: tun0: LCP: deflink: State change Req-Sent --> Stopped
ppp[8382]: tun0: LCP: deflink: State change Stopped --> Closed
ppp[8382]: tun0: LCP: deflink: State change Closed --> Initial
ppp[8382]: tun0: Phase: deflink: Disconnected!
ppp[8382]: tun0: Phase: deflink: lcp -> logout
ppp[8382]: tun0: Phase: deflink: logout -> hangup
ppp[8382]: tun0: Phase: deflink: Disconnected!
ppp[8382]: tun0: Phase: deflink: Connect time: 16 secs: 0 octets in, 115 octets
out
ppp[8382]: tun0: Phase: deflink: 0 packets in, 5 packets out
ppp[8382]: tun0: Phase: total 7 bytes/sec, peak 9 bytes/sec on Sat Jun 11
18:50:21 2005
ppp[8382]: tun0: Phase: deflink: HUPing 25129
pptp[2271]: anon log[callmgr_main:pptp_callmgr.c:230]: Closing connection
pptp[2271]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12
'Call-Clear-Request'
ppp[8382]: tun0: Phase: deflink: hangup -> opening
ppp[8382]: tun0: Phase: deflink: Enter pause (15) for redialing.
ppp[8382]: tun0: Chat: deflink: Reconnect try 1 of 10000
...
(and all again)
As you can see from the logs, I don't get anything *back* from pptp to ppp (the
configuration can be guessed from the "Command" logs of ppp)
And now this is the log with pppd/pppt (by the way, it is in the documentation
of pptp, but pppd doesn't accept the "pty" argument to start pptp, I guess this
is for linux pppd or I missed something):
pptp[17069]: anon log[main:pptp.c:267]: The synchronous pptp option is NOT
activated
pptp[31503]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1
'Start-Control-Connection-Request'
pptp[31503]: anon log[ctrlp_disp:pptp_ctrl.c:732]: Received Start Control
Connection Reply
pptp[31503]: anon log[ctrlp_disp:pptp_ctrl.c:766]: Client connection
established.
pptp[31503]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7
'Outgoing-Call-Request'
pptp[31503]: anon log[ctrlp_disp:pptp_ctrl.c:851]: Received Outgoing Call Reply.
pptp[31503]: anon log[ctrlp_disp:pptp_ctrl.c:890]: Outgoing call established
(call ID 0, peer's call ID 0).
pppd[17025]: pppd 2.3.5 started by paya, uid 0
pppd[17025]: Using interface ppp0
pppd[17025]: Connect: ppp0 <--> /dev/ttyp8
pppd[17025]: LCP: timeout sending Config-Requests
pppd[17025]: Connection terminated.
pptp[31503]: anon log[ctrlp_disp:pptp_ctrl.c:922]: Call disconnect notification
received (call id 0)
pptp[31503]: anon log[ctrlp_error:pptp_ctrl.c:199]: Result code is 3
'Administrative Shutdown'. Error code is 0, Cause code is 0
pptp[31503]: anon log[call_callback:pptp_callmgr.c:77]: Closing connection
pptp[617]: anon warn[decaps_hdlc:pptp_gre.c:197]: short read (0): Invalid
argument
pptp[31503]: anon log[pptp_conn_close:pptp_ctrl.c:433]: Closing PPTP connection
pptp[31503]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 3
'Stop-Control-Connection-Request'
pptp[31503]: anon log[ctrlp_disp:pptp_ctrl.c:793]: Received Stop Control
Connection Reply.
the commandline for this is really simple, and works from the other OS:
# pptp the.contivity.firewall.shit --loglevel 2 name javierv noauth debug
I've also tried many other options from pppd in the commandline, without
success. The file /etc/ppp/options is cleared.
Does anybody have something like this set up and working? I hate pptp but it's
the only way to connect to the contivity shit without opening another Branch
Office IPSec tunnel, which is discarded as I don't have a static public IP address.
Salu2.
Javier Villavicencio.
