Hi,
ich bin schon etwas am verzweifeln beim einrichten einer VPN-Verbindung.
nach stundenlanger Fehlersuche und noch längeren googelns poste ich mal. bin gespannt ob mir jemand weiterhelfen kann. iss ein recht kniffliges Problem.
Ausgangsbasis:
ich hab mein lokales Netzwerkerl (win98, winXP) hinter einem Linux 8.2 Rechner mit Firewall auf IP-Weiterleitung eingestellt.
ausgehende Verbindung mit dem Rechner funkt. Internet und Mail einwandfrei !
auf der anderen Seite gibts chello (Kabel-Netz), und von einem anderen chello Rechner greif ich per putty auf meine Linux-Kiste zu.
funkt auch einwandfrei.
zur bessern Übersicht (der Einfachheit halber mit nur einem Rechner hinter der Firewall) :
______
I______I winXP (fremder Rechner)
I 218.57.18.xx
I
I
I über chello
I
I
I 62.88.33.xx, eth0
_L____
I______I SuSE 8.2, Firewall, Router, pptpd, ppp, etc...
I 192.168.0.1, eth1
I
I LAN
I
I 192.168.0.111
_L____
I______I winXP (mein Rechner)
wie gesagt, am Linux-Rechner Firewall, Router, pptpd, ppp installiert um VPN zu ermöglichen.
die config-Scripts hab ich dem Mail angehängt.
am 218.57.18.xx hab ich VPN-Verbindung eingerichtet (x-tausend Konfigurationsmöglichkeiten hab ich durchprobiert)
die Verbindung hat er aufbauen können, iss aber beim Anmelden hängen geblieben (Fehler 718)
die Linux-Seite siehst du im Log-Auszug.
bei der Firewall hab ich für Testzwecke Ports 32 bis 65000 offen gelassen.
iptables stehen alle auf policy ACCEPT
anbei noch die wichtigsten Einstellungen/Log
lg
D
------------------------------------------------------------------------------------
/etc/pptpd.conf
SuSi:/etc # cat pptpd.conf
################################################################################
#
# Sample PoPToP configuration file
#
# for PoPToP version 1.0.0
#
################################################################################
# TAG: speed
#
# Specifies the speed for the PPP daemon to talk at.
# Some PPP daemons will ignore this value.
#
speed 115200
# TAG: option
#
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
#option /this/is/the/options/file
# siehe ganz unten
# TAG: debug
#
# Turns on (more) debugging to syslog.
#
debug
# TAG: localip
# TAG: remoteip
#
# Specifies the local and remote IP address ranges.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
localip 192.168.0.2-47
remoteip 192.168.0.100-145
# TAG: ipxnets
#
# This gives the range of IPX networks to allocate to clients. By
# default IPX network number allocation is not handled internally.
# By putting a low and high network number here a pool of IPX networks
# can be defined. If this is done then there must be one IPX network
# per client.
#
# The format is a pair of hex numbers without any 0x prefix separated
# by a hyphen.
#
#ipxnets 00001000-00001FFF
# TAG: listen
#
# Defines the IP address of the local interface on which pptpd
# should listen for connections. The default is to listen on all
# local interfaces (even ones brought up by pptp connections, thus
# permitting pptp tunnels inside the pptp tunnels).
#
#listen 192.168.0.1
listen 62.88.33.xx
# TAG: pidfile
#
# This defines the file name in which pptpd should store its process
# ID (or pid). The default is /var/run/pptpd.pid.
#
pidfile /var/run/pptpd.pid
# TAG: option
options /etc/ppp/options.ppp0
#
------------------------------------------------------------------------------------
/etc/ppp/options
SuSi:/etc/ppp #
SuSi:/etc/ppp # cat options
# /etc/ppp/options
#
# Not every option is listed here, see man pppd for more details.
# This file is read by the pppd, it is an error when it is not present.
#
# use the following command to see the active options:
# grep -v ^# /etc/ppp/options | grep -v ^$
#
# The name of this server. Often, the FQDN is used here.
#name <host>
# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname
# If no local IP address is given, pppd will use the first IP address
# that belongs to the local hostname. If "noipdefault" is given, this
# is disabled and the peer will have to supply an IP address.
#noipdefault
# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local
# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote
# Run the executable or shell command specified after pppd has terminated
# the link. This script could, for example, issue commands to the modem
# to cause it to hang up if hardware modem control signals were not
# available.
# If mgetty is running, it will reset the modem anyway. So there is no need
# to do it here.
#disconnect "chat -- \d+++\d\c OK ath0 OK"
# Increase debugging level (same as -d). The debug output is written
# to syslog LOG_LOCAL2.
#debug
# Enable debugging code in the kernel-level PPP driver. The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n
# noauth means do not require the peer to authenticate itself, this must
# be set if you want to use pppd to connect to the internet. In this case
# *you* must authenicate yourself to the peer(internet provider), so do
# not disable this setting unless you are the dial-in server which where
# the peer has to autenticate to.
#noauth
# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
#crtscts
# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock
# Use the modem control lines.(is default)
#modem
# The opposite: local
#
# Description:
# Don't use the modem control lines. With this
# option, pppd will ignore the state of the CD (Car
# rier Detect) signal from the modem and will not
# change the state of the DTR (Data Terminal Ready)
# signal.
#
# You need to disable modem and enable local if you want to connect
# to anoter system without using a modem:
local
# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it. 0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
# To allow pppd to work over a rlogin/telnet connection, ou should escape
# XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".)
#asyncmap 200a0000
asyncmap 0
# needed for some ISDN Terminaladaters, namely ELSA, those seem to have
# problems with asyncmap negotiation, so you can turn off this procedure
# in case your ISDN box has trouble with it, by enabling this option.
# You have to disable the asyncmap <x> option to be sure to have it
# active. If you use wvdial, set the ISDN parameter in /etc/wvdial.conf
# instead.
#default-asyncmap
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data). The value 1492 is for DSL connections (PPP Default -
# PPPoE Header: 1500 - 8 = 1492)
# mru 1492
# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface. The value 1492 is for DSL connections
# (PPP Default - PPPoE Header: 1500 - 8 = 1492)
# mtu 1492
# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0
# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#nodetach
# If this option is given, pppd will send an LCP echo-request frame to
# the peer every n seconds. Under Linux, the echo-request is sent when
# no packets have been received from the peer for n seconds. Normally
# the peer should respond to the echo-request by sending an echo-reply.
# This option can be used with the lcp-echo-failure option to detect
# that the peer is no longer connected.
lcp-echo-interval 130
# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection. Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 5
# Send up to 60 LCP configure-request during negotiation. With a value
# of 2 for lcp-restart below, this might take up to 2 minutes.
lcp-max-configure 60
# Resend unanswered LCP requests after 2 seconds.
lcp-restart 2
# Specifies that pppd should disconnect if the link is idle for n seconds.
idle 6600
# Specifies the maximal number of attempts to connect to the server. This
# is useful for dial on demand. Default value is 10.
#maxfail 3
# Disable the IPXCP and IPX protocols.
noipx
# In the file /etc/ppp/filters are some active-filter rules. See man pppd
# and man tcpdump for more informations.
# file /etc/ppp/filters
#-------------------------------------------------------------------------
# The next two options are only interesting for you if you are admin of
# a system with other users that use ppp, and those users are normally
# never allowed to add default route, or you do not want users to
# replace the default route.
#-------------------------------------------------------------------------
# enable this to prevent users from attempting to add a default route.
# Use this option with caution: If the user needs to use a program like
# wvdial, he will not be able to connect because wvdial forces defaulroute
# but this is rejected by this option and the user will not be able to
# connect to the internet.
#nodefaultroute
# enable this to prevent users from replacing an existing default route.
#noreplacedefaultroute
#-------------------------------------------------------------------------
# All options below only make sense if you configure pppd to be a dial-in
# server, so don't touch these if you want dial into your provider with
# PPP!
#-------------------------------------------------------------------------
# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>
# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system. {proxyarp,noproxyarp}
proxyarp
# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
#login
# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
# Two Servers can be remotely configured
#ms-dns 192.168.1.1
#ms-dns 192.168.1.2
# Specify which WINS Servers the incoming connection Win95 or WinNT should use
#ms-wins 192.168.1.50
#ms-wins 192.168.1.51
------------------------------------------------------------------------------------SuSi:/etc/ppp # cat options.ppp0
# noauth means do not require the peer to authenticate itself, this must
# be set if you want to use pppd to connect to the internet. In this case
# *you* must authenicate yourself to the peer(internet provider), so do
# not disable this setting unless you are the dial-in server which where
# the peer has to autenticate to.
auth
# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock
# Use the modem control lines.(is default)
#modem
# The opposite: local
#
# Description:
# Don't use the modem control lines. With this
# option, pppd will ignore the state of the CD (Car
# rier Detect) signal from the modem and will not
# change the state of the DTR (Data Terminal Ready)
# signal.
#
# You need to disable modem and enable local if you want to connect
# to anoter system without using a modem:
local
# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it. 0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
# To allow pppd to work over a rlogin/telnet connection, ou should escape
# XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".)
#asyncmap 200a0000
asyncmap 0
# needed for some ISDN Terminaladaters, namely ELSA, those seem to have
# problems with asyncmap negotiation, so you can turn off this procedure
# in case your ISDN box has trouble with it, by enabling this option.
# You have to disable the asyncmap <x> option to be sure to have it
# active. If you use wvdial, set the ISDN parameter in /etc/wvdial.conf
# instead.
#default-asyncmap
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data). The value 1492 is for DSL connections (PPP Default -
# PPPoE Header: 1500 - 8 = 1492)
mru 1200
# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface. The value 1492 is for DSL connections
# (PPP Default - PPPoE Header: 1500 - 8 = 1492)
mtu 1200
# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
netmask 255.255.255.0
# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#nodetach
# eigenes , 2.4.2004
auth
#refuse-pap
#refuse-chap
require-chapms-v2
+chapms-v2
mppe-40
mppe-128
mppe-stateless
SuSi:/etc/ppp #
------------------------------------------------------------------------------------
/etc/ppp/filters
SuSi:/etc/ppp # cat filters
#
# These filter rules should prevent unwanted internet services to
# keep your connections up by ignoring their connection requests
# and your 'go way' responses.
#
# Activate them by activating the line 'file /etc/ppp/filters' in
# /etc/ppp/options.
#
# Note: This has nothing to do with firewall rules. It only affects
# the idle time calculation of the kernel/pppd.
#
active-filter 'outbound and not icmp[0] == 3 and not tcp[13] & 4 != 0'
SuSi:/etc/ppp #
------------------------------------------------------------------------------------
Logfile – Auszug :
Feb 4 11:12:02 SuSi pptpd[4519]: MGR: Manager process started
Feb 4 11:12:20 SuSi pptpd[4521]: MGR: Launching /usr/sbin/pptpctrl to handle client
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: local address = 192.168.0.4
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: remote address = 192.168.1.102
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: pppd speed = 115200
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Client 218.57.18.xx control connection started
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Received PPTP Control Message (type: 1)
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Made a START CTRL CONN RPLY packet
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: I wrote 156 bytes to the client.
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Sent packet to client
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Received PPTP Control Message (type: 7)
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: 0 min_bps, 1525 max_bps, 32 window size
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Made a OUT CALL RPLY packet
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Starting call (launching pppd, opening GRE)
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: pty_fd = 4
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: tty_fd = 5
Feb 4 11:12:20 SuSi pptpd[4522]: CTRL (PPPD Launcher): Connection speed = 115200
Feb 4 11:12:20 SuSi pptpd[4522]: CTRL (PPPD Launcher): local address = 192.168.0.4
Feb 4 11:12:20 SuSi pptpd[4522]: CTRL (PPPD Launcher): remote address = 192.168.1.102
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: I wrote 32 bytes to the client.
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Sent packet to client
Feb 4 11:12:20 SuSi pppd[4522]: pppd 2.4.1 started by root, uid 0
Feb 4 11:12:20 SuSi pppd[4522]: Using interface ppp0
Feb 4 11:12:20 SuSi pppd[4522]: Connect: ppp0 <--> /dev/pts/3
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Received PPTP Control Message (type: 15)
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Received PPTP Control Message (type: 12)
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Made a CALL DISCONNECT RPLY packet
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Received CALL CLR request (closing call)
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: I wrote 148 bytes to the client.
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Sent packet to client
Feb 4 11:12:57 SuSi pppd[4522]: Modem hangup
Feb 4 11:12:57 SuSi pppd[4522]: Connection terminated.
Feb 4 11:12:57 SuSi pptpd[4521]: GRE: read error: Bad file descriptor
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Client 218.57.18.xx control connection finished
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Exiting now
Feb 4 11:12:57 SuSi pptpd[4519]: MGR: Reaped child 4521
Feb 4 11:12:57 SuSi pppd[4522]: Exit.
ich bin schon etwas am verzweifeln beim einrichten einer VPN-Verbindung.
nach stundenlanger Fehlersuche und noch längeren googelns poste ich mal. bin gespannt ob mir jemand weiterhelfen kann. iss ein recht kniffliges Problem.
Ausgangsbasis:
ich hab mein lokales Netzwerkerl (win98, winXP) hinter einem Linux 8.2 Rechner mit Firewall auf IP-Weiterleitung eingestellt.
ausgehende Verbindung mit dem Rechner funkt. Internet und Mail einwandfrei !
auf der anderen Seite gibts chello (Kabel-Netz), und von einem anderen chello Rechner greif ich per putty auf meine Linux-Kiste zu.
funkt auch einwandfrei.
zur bessern Übersicht (der Einfachheit halber mit nur einem Rechner hinter der Firewall) :
______
I______I winXP (fremder Rechner)
I 218.57.18.xx
I
I
I über chello
I
I
I 62.88.33.xx, eth0
_L____
I______I SuSE 8.2, Firewall, Router, pptpd, ppp, etc...
I 192.168.0.1, eth1
I
I LAN
I
I 192.168.0.111
_L____
I______I winXP (mein Rechner)
wie gesagt, am Linux-Rechner Firewall, Router, pptpd, ppp installiert um VPN zu ermöglichen.
die config-Scripts hab ich dem Mail angehängt.
am 218.57.18.xx hab ich VPN-Verbindung eingerichtet (x-tausend Konfigurationsmöglichkeiten hab ich durchprobiert)
die Verbindung hat er aufbauen können, iss aber beim Anmelden hängen geblieben (Fehler 718)
die Linux-Seite siehst du im Log-Auszug.
bei der Firewall hab ich für Testzwecke Ports 32 bis 65000 offen gelassen.
iptables stehen alle auf policy ACCEPT
anbei noch die wichtigsten Einstellungen/Log
lg
D
------------------------------------------------------------------------------------
/etc/pptpd.conf
SuSi:/etc # cat pptpd.conf
################################################################################
#
# Sample PoPToP configuration file
#
# for PoPToP version 1.0.0
#
################################################################################
# TAG: speed
#
# Specifies the speed for the PPP daemon to talk at.
# Some PPP daemons will ignore this value.
#
speed 115200
# TAG: option
#
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
#option /this/is/the/options/file
# siehe ganz unten
# TAG: debug
#
# Turns on (more) debugging to syslog.
#
debug
# TAG: localip
# TAG: remoteip
#
# Specifies the local and remote IP address ranges.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
localip 192.168.0.2-47
remoteip 192.168.0.100-145
# TAG: ipxnets
#
# This gives the range of IPX networks to allocate to clients. By
# default IPX network number allocation is not handled internally.
# By putting a low and high network number here a pool of IPX networks
# can be defined. If this is done then there must be one IPX network
# per client.
#
# The format is a pair of hex numbers without any 0x prefix separated
# by a hyphen.
#
#ipxnets 00001000-00001FFF
# TAG: listen
#
# Defines the IP address of the local interface on which pptpd
# should listen for connections. The default is to listen on all
# local interfaces (even ones brought up by pptp connections, thus
# permitting pptp tunnels inside the pptp tunnels).
#
#listen 192.168.0.1
listen 62.88.33.xx
# TAG: pidfile
#
# This defines the file name in which pptpd should store its process
# ID (or pid). The default is /var/run/pptpd.pid.
#
pidfile /var/run/pptpd.pid
# TAG: option
options /etc/ppp/options.ppp0
#
------------------------------------------------------------------------------------
/etc/ppp/options
SuSi:/etc/ppp #
SuSi:/etc/ppp # cat options
# /etc/ppp/options
#
# Not every option is listed here, see man pppd for more details.
# This file is read by the pppd, it is an error when it is not present.
#
# use the following command to see the active options:
# grep -v ^# /etc/ppp/options | grep -v ^$
#
# The name of this server. Often, the FQDN is used here.
#name <host>
# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname
# If no local IP address is given, pppd will use the first IP address
# that belongs to the local hostname. If "noipdefault" is given, this
# is disabled and the peer will have to supply an IP address.
#noipdefault
# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local
# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote
# Run the executable or shell command specified after pppd has terminated
# the link. This script could, for example, issue commands to the modem
# to cause it to hang up if hardware modem control signals were not
# available.
# If mgetty is running, it will reset the modem anyway. So there is no need
# to do it here.
#disconnect "chat -- \d+++\d\c OK ath0 OK"
# Increase debugging level (same as -d). The debug output is written
# to syslog LOG_LOCAL2.
#debug
# Enable debugging code in the kernel-level PPP driver. The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n
# noauth means do not require the peer to authenticate itself, this must
# be set if you want to use pppd to connect to the internet. In this case
# *you* must authenicate yourself to the peer(internet provider), so do
# not disable this setting unless you are the dial-in server which where
# the peer has to autenticate to.
#noauth
# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
#crtscts
# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock
# Use the modem control lines.(is default)
#modem
# The opposite: local
#
# Description:
# Don't use the modem control lines. With this
# option, pppd will ignore the state of the CD (Car
# rier Detect) signal from the modem and will not
# change the state of the DTR (Data Terminal Ready)
# signal.
#
# You need to disable modem and enable local if you want to connect
# to anoter system without using a modem:
local
# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it. 0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
# To allow pppd to work over a rlogin/telnet connection, ou should escape
# XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".)
#asyncmap 200a0000
asyncmap 0
# needed for some ISDN Terminaladaters, namely ELSA, those seem to have
# problems with asyncmap negotiation, so you can turn off this procedure
# in case your ISDN box has trouble with it, by enabling this option.
# You have to disable the asyncmap <x> option to be sure to have it
# active. If you use wvdial, set the ISDN parameter in /etc/wvdial.conf
# instead.
#default-asyncmap
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data). The value 1492 is for DSL connections (PPP Default -
# PPPoE Header: 1500 - 8 = 1492)
# mru 1492
# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface. The value 1492 is for DSL connections
# (PPP Default - PPPoE Header: 1500 - 8 = 1492)
# mtu 1492
# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0
# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#nodetach
# If this option is given, pppd will send an LCP echo-request frame to
# the peer every n seconds. Under Linux, the echo-request is sent when
# no packets have been received from the peer for n seconds. Normally
# the peer should respond to the echo-request by sending an echo-reply.
# This option can be used with the lcp-echo-failure option to detect
# that the peer is no longer connected.
lcp-echo-interval 130
# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection. Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 5
# Send up to 60 LCP configure-request during negotiation. With a value
# of 2 for lcp-restart below, this might take up to 2 minutes.
lcp-max-configure 60
# Resend unanswered LCP requests after 2 seconds.
lcp-restart 2
# Specifies that pppd should disconnect if the link is idle for n seconds.
idle 6600
# Specifies the maximal number of attempts to connect to the server. This
# is useful for dial on demand. Default value is 10.
#maxfail 3
# Disable the IPXCP and IPX protocols.
noipx
# In the file /etc/ppp/filters are some active-filter rules. See man pppd
# and man tcpdump for more informations.
# file /etc/ppp/filters
#-------------------------------------------------------------------------
# The next two options are only interesting for you if you are admin of
# a system with other users that use ppp, and those users are normally
# never allowed to add default route, or you do not want users to
# replace the default route.
#-------------------------------------------------------------------------
# enable this to prevent users from attempting to add a default route.
# Use this option with caution: If the user needs to use a program like
# wvdial, he will not be able to connect because wvdial forces defaulroute
# but this is rejected by this option and the user will not be able to
# connect to the internet.
#nodefaultroute
# enable this to prevent users from replacing an existing default route.
#noreplacedefaultroute
#-------------------------------------------------------------------------
# All options below only make sense if you configure pppd to be a dial-in
# server, so don't touch these if you want dial into your provider with
# PPP!
#-------------------------------------------------------------------------
# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>
# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system. {proxyarp,noproxyarp}
proxyarp
# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
#login
# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
# Two Servers can be remotely configured
#ms-dns 192.168.1.1
#ms-dns 192.168.1.2
# Specify which WINS Servers the incoming connection Win95 or WinNT should use
#ms-wins 192.168.1.50
#ms-wins 192.168.1.51
------------------------------------------------------------------------------------SuSi:/etc/ppp # cat options.ppp0
# noauth means do not require the peer to authenticate itself, this must
# be set if you want to use pppd to connect to the internet. In this case
# *you* must authenicate yourself to the peer(internet provider), so do
# not disable this setting unless you are the dial-in server which where
# the peer has to autenticate to.
auth
# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock
# Use the modem control lines.(is default)
#modem
# The opposite: local
#
# Description:
# Don't use the modem control lines. With this
# option, pppd will ignore the state of the CD (Car
# rier Detect) signal from the modem and will not
# change the state of the DTR (Data Terminal Ready)
# signal.
#
# You need to disable modem and enable local if you want to connect
# to anoter system without using a modem:
local
# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it. 0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
# To allow pppd to work over a rlogin/telnet connection, ou should escape
# XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".)
#asyncmap 200a0000
asyncmap 0
# needed for some ISDN Terminaladaters, namely ELSA, those seem to have
# problems with asyncmap negotiation, so you can turn off this procedure
# in case your ISDN box has trouble with it, by enabling this option.
# You have to disable the asyncmap <x> option to be sure to have it
# active. If you use wvdial, set the ISDN parameter in /etc/wvdial.conf
# instead.
#default-asyncmap
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data). The value 1492 is for DSL connections (PPP Default -
# PPPoE Header: 1500 - 8 = 1492)
mru 1200
# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface. The value 1492 is for DSL connections
# (PPP Default - PPPoE Header: 1500 - 8 = 1492)
mtu 1200
# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
netmask 255.255.255.0
# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#nodetach
# eigenes , 2.4.2004
auth
#refuse-pap
#refuse-chap
require-chapms-v2
+chapms-v2
mppe-40
mppe-128
mppe-stateless
SuSi:/etc/ppp #
------------------------------------------------------------------------------------
/etc/ppp/filters
SuSi:/etc/ppp # cat filters
#
# These filter rules should prevent unwanted internet services to
# keep your connections up by ignoring their connection requests
# and your 'go way' responses.
#
# Activate them by activating the line 'file /etc/ppp/filters' in
# /etc/ppp/options.
#
# Note: This has nothing to do with firewall rules. It only affects
# the idle time calculation of the kernel/pppd.
#
active-filter 'outbound and not icmp[0] == 3 and not tcp[13] & 4 != 0'
SuSi:/etc/ppp #
------------------------------------------------------------------------------------
Logfile – Auszug :
Feb 4 11:12:02 SuSi pptpd[4519]: MGR: Manager process started
Feb 4 11:12:20 SuSi pptpd[4521]: MGR: Launching /usr/sbin/pptpctrl to handle client
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: local address = 192.168.0.4
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: remote address = 192.168.1.102
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: pppd speed = 115200
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Client 218.57.18.xx control connection started
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Received PPTP Control Message (type: 1)
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Made a START CTRL CONN RPLY packet
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: I wrote 156 bytes to the client.
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Sent packet to client
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Received PPTP Control Message (type: 7)
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: 0 min_bps, 1525 max_bps, 32 window size
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Made a OUT CALL RPLY packet
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Starting call (launching pppd, opening GRE)
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: pty_fd = 4
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: tty_fd = 5
Feb 4 11:12:20 SuSi pptpd[4522]: CTRL (PPPD Launcher): Connection speed = 115200
Feb 4 11:12:20 SuSi pptpd[4522]: CTRL (PPPD Launcher): local address = 192.168.0.4
Feb 4 11:12:20 SuSi pptpd[4522]: CTRL (PPPD Launcher): remote address = 192.168.1.102
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: I wrote 32 bytes to the client.
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Sent packet to client
Feb 4 11:12:20 SuSi pppd[4522]: pppd 2.4.1 started by root, uid 0
Feb 4 11:12:20 SuSi pppd[4522]: Using interface ppp0
Feb 4 11:12:20 SuSi pppd[4522]: Connect: ppp0 <--> /dev/pts/3
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Received PPTP Control Message (type: 15)
Feb 4 11:12:20 SuSi pptpd[4521]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Received PPTP Control Message (type: 12)
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Made a CALL DISCONNECT RPLY packet
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Received CALL CLR request (closing call)
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: I wrote 148 bytes to the client.
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Sent packet to client
Feb 4 11:12:57 SuSi pppd[4522]: Modem hangup
Feb 4 11:12:57 SuSi pppd[4522]: Connection terminated.
Feb 4 11:12:57 SuSi pptpd[4521]: GRE: read error: Bad file descriptor
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Client 218.57.18.xx control connection finished
Feb 4 11:12:57 SuSi pptpd[4521]: CTRL: Exiting now
Feb 4 11:12:57 SuSi pptpd[4519]: MGR: Reaped child 4521
Feb 4 11:12:57 SuSi pppd[4522]: Exit.