deadmalc | # 11 | 2008-03-11, 22:10 | Report

I'd seriously recommend not using pptp, if you have a need for vpn technologies I'd recommend openvpn (for people using windows) or IPSec if you are a linux house.
(Windows doesn't really support IPSec that well in XP)
Setting up IPSec/Openvpn saved me considerable time in admin, and it performed far better (IMHO)

aflegg | # 12 | 2008-03-12, 14:35 | Report

The problem is the majority of people won't be able to control what VPN solution their employer uses.

Ulysses | # 13 | 2008-03-18, 12:49 | Report

Hi,

I'm on IT 0S2007.

I followed fanoush instructions: flashed the kernel, inserted the modules (sha1, arc4 and ppp_mppe) .

Then I downloaded the pptp client from http://maemo.lancode.de

Everything went fine, but when I launch the VPN tunnel, I get

No auth is possible
and
MPPE required, but MS-CHAP[v2] auth not performed.

According to the pptpclient troubleshooting guide, this is often caused by a version mismatch between the module and the pppd. However, pppd is at version 2.4.2, pptp-client is at 1.7.0. As to fanoush modules, I have no idea.

Anybody knows what's wrong?






flashed the kernel,

fanoush | # 14 | 2008-03-18, 13:23 | Report

Can be also some conflicting pppd options, see also
http://www.nabble.com/MPPE-required%...html#a10192337

If insmod worked and you see line about mppe in kernel log (type dmesg) it may be something else than missing mppe. See also http://ubuntuforums.org/showthread.php?t=16562, do you see "sent [LCP TermReq id=0x2 "MPPE required but not available"]" line too?

Ulysses | # 15 | 2008-03-18, 13:51 | Report

Hi,

I checked the /etc/ppp/options file and all the PAP directives are commented out.

insmod worked. dmesg produces the line:
"PPP MPPE Compression module registered"

And finally, yes, I do have the line in the debug log:
"sent [LCP TermReq id=0x2 "MPPE required but not available"]"
just after the line:
"MPPE required, but MS-CHAP[v2] auth not performed"

lsmod result:

Module Size Used by
ppp_mppe 6756 0 - Live 0xbf05a000
arc4 1760 0 - Live 0xbf058000
sha1 2368 0 - Live 0xbf056000
g_file_storage 24456 0 - Live 0xbf04f000
cx3110x 50632 0 - Live 0xbf041000
umac 258596 1 cx3110x, Live 0xbf000000


Thanks in advance, Daniel

Ulysses | # 16 | 2008-03-18, 14:12 | Report

Ok, I found the problem.

When entering my username and password in the chap-secrets file, I made a mistake. Since I corrected it, I can connect successfully. Yay.

I want to thank especially fanoush for his amazing contributions to the community. Thanks!

fanoush | # 17 | 2008-03-18, 14:23 | Report

And the passwords/secrets? From the article linked above "If you want MPPE, add "refuse-pap" to the options, and remove the entriers from pap-secrets that you added, instead adding them to chap-secrets. ". So you do have username and password in chap-secrets?

Then I don't know. Looks like the software on your side is installed fine. Either it is something bad in your configuration or maybe the other side doesn't support mppe after all?

fanoush | # 18 | 2008-03-18, 14:24 | Report

Oh, nevermind, disregard last post, great you got it working.

Ulysses | # 19 | 2008-03-18, 14:35 | Report

I got it working thanks to you, fanoush.

And with your last message you hit it on the nail again, since the culprit was with the chap secrets (a typo).

Now, I'm trying to do the routing.

I put a script file with route commands in /etc/ppp/ip-up.d/
but it doesn't appear to run though.

I wonder if anyone is using /etc/ppp/ip-up.d/ scripts succesfully on IT 0S2007?

Ulysses | # 20 | 2008-03-18, 16:09 | Report

Just to clarify the last point:

On debian based systems, after pppd establishes a connection and assigns an IP, scripts in /etc/ppp/ip-up.d are run with run-parts. It is ip-up that launches them while making available to those scripts some variables pointing to the gateway, interface and IP.

Scripts in the /etc/ppp/ip-up.d have to conform to a couple of rules in order to run, like the name should not have any suffix, they have to be owned by root, etc.

It can be troublesome to troubleshoot them. And that's what I'm trying to do right now. Therefore I was wondering if anyone has had success with them on IT 0S2007.

Thanks.

Ulysses