Need help configuring VPN and MPPE

[Foxti]

I noticed when I was searching around the packages in Puppy 1.0.8 that a PPTP client exist however the man pages are very cryptic tome as a newbe to all this and was wondering if any one could give me a better idea as to how to use it an example of how to configure it to talk to a server over eth0 would be greatly appreciated I know it would help a lot of others out as well

Thanks for the help
Dean

Text from man page:

PPTP
Section: Maintenance Commands (8)
Index Return to Main Contents
NAME
pptp - PPTP driver
SYNOPSIS
pptp <pptp-server-IP> <pptp-options> [ppp-options] ...
DESCRIPTION

pptp establishes the client side of a Virtual Private Network (VPN) using the Point-to-Point Tunneling Protocol (PPTP). Use this program to connect to an employer's PPTP based VPN, or to certain cable and ADSL service providers.

By default, pptp establishes the PPTP call to the PPTP server, and then starts an instance of pppd to manage the data transfer. However, pptp can also be run as a connection manager within pppd.
OPTIONS

The first argument on the pptp command line must be the host name or IP address of the PPTP server. Remaining arguments are checked for pptp options, and the arguments from the first unrecognised option onward are passed as is to pppd unless --nolaunchpppd is given.

--nolaunchpppd
do not launch pppd but use stdin as the network connection. Use this flag when including pptp as a pppd connection process using the pty option. See EXAMPLES.
--phone number
specifies the telephone number to place in the outgoing PPTP call request packet.
--localbind address
optional binding to a particular local IP address on a multi-homed host.
--quirks name
adopts special case handling for particular PPTP servers and ADSL modems.


QUIRKS

BEZEQ_ISRAEL
modifies packets to interoperate with Orckit ADSL modems on the BEZEQ network in Israel.


EXAMPLES

Connection to a Microsoft Windows VPN Server

pppdnoauthnobsdcompnodeflatemppe-40mppe-128 mppe-stateless name domain\\\\username remotename PPTP require-chapms-v2 pty "pptp 10.0.0.5 --nolaunchpppd"

Note that the chap-secrets file used by pppd must include an entry for domain\\username


STATISTICS
The pptp process collects statistics when sending and receiving GRE packets. They are intended to be useful for debugging poor PPTP performance and for general monitoring of link quality. The statistics are cumulative since the pptp process was started.

The statistics can be viewed by sending a SIGUSR1 signal to the "GRE-to-PPP Gateway" process, which will cause it to dump them to the system logs (at the LOG_NOTICE level). A better way to present the statistics to applications is being sought (e.g. SNMP?).

The following statistics are collected at the time of writing (April 2003):

rx accepted
the number of GRE packets successfully passed to PPP
rx lost
the number of packets never received, and presumed lost in the network
rx under win
the number of packets which were duplicates or had old sequence numbers (this might be caused by a packet-reordering network if your reordering timeout is set too low)
rx over win
the number of packets which were too far ahead in the sequence to be reordered (might be caused by loss of more than 300 packets in a row)
rx buffered
the number of packets which were slightly ahead of sequence, and were buffered for reordering
rx OS errors
the number of times where the operating system reported an error when we tried to read a packet
rx truncated
the number of times we received a packet which was shorter than the length implied by the GRE header
rx invalid
the number of times we received a packet which had invalid or unsupported flags set in the header, wrong version, or wrong protocol.
rx acks
the number of pure acknowledgements received (without data). Too many of these will waste bandwidth, and might be solved by tuning the remote host.
tx sent
the number of GRE packets sent with data
tx failed
the number of packets we tried to send, but the OS reported an error
tx short
the number of times the OS would not let us write a complete packet
tx acks
the number of times we sent a pure ack, without data
tx oversize
the number of times we couldn't send a packet because it was over PACKET_MAX bytes long
round trip
the estimated round-trip time in milliseconds


SEE ALSO
pppd(8)

Documentation in /usr/share/doc/pptp-linux
AUTHOR
This manual page was written by James Cameron <james.cameron@hp.com> from text contributed by Thomas Quinot <thomas@debian.org>, for the Debian GNU/Linux system. The description of the available statistics was written by Chris Wilson <chris@netservers.co.uk>.


Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
QUIRKS
EXAMPLES
STATISTICS
SEE ALSO
AUTHOR

This document was created by man2html, using the manual pages.
Time: 14:02:59 GMT, November 18, 2003

[BarryK]

Sometime ago, someone told me that for PPTP to work, I needed to recompile the kernel with MPPE enabled.

Well, I remembered that advice, but each time I have recompiled the kernel for Puppy, I have watched out for an option with "mppe" in it, but never found it.
I don't know anything about PPTP and MPPE, but I was assuming that if I am advised to enable MPPE in the kernel, there would be some option with the text "MPPE" in it that I could enable.

So, I'm still in the dark as to just what I was supposed to enable.

[jcoder24]

User john doe managed to get it (done). Unfortunately, he didn't provide any documentation on his success.

However, http://mppe-mppc.alphacron.de/ maybe a good starting point.

[tempestuous]

I just had a look at the situation ... the information is hard to find.
The link that jcoder24 provided represents one particular implementation of MPPE (Microsoft Point-to-Point Encryption), but I think if you intend to use Puppy's PPTPclient (originally from http://pptpclient.sourceforge.net/) then it would be best to follow their HOWTO.
MPPE support can be built into the kernel with a patch, or compiled as separate modules. The PPTPclient-recommended patches and source are from the Sourceforge files list of the "Poptop" project (a PPTP server) http://prdownloads.sourceforge.net/poptop/
I just compiled the modules now using these instructions - http://pptpclient.sourceforge.net/howto ... uild.phtml
Actually, I first tried the more recent version 0.8.2 of the modules, but these failed, so back to the suggested ver 0.7.1.
I now attach these two modules, ppp_generic.o.gz and ppp_mppe.o.gz. Both should go into /lib/modules/2.4.29/net/
ppp_generic.o.gz will OVERWRITE the existing module. Then to load them -

modprobe ppp_generic
insmod /lib/modules/2.4.29/net/ppp_mppe.o.gz

An MPPE-compatible version of PPP is also necessary. From what I can see, PPP 2.4.1 and earlier needed to be patched, and PPP 2.4.2 and newer versions have MPPE support built in.
Puppy has PPP 2.4.1, so this would need to be updated. Conveniently, PPP ver 2.4.3 is available as a PupGet package.

edit: revised mppe-mppc modules package available later in thread.

[jcoder24]

I've downloaded the two files and did a brief test. I'm yet to setup routing to complete the test but I was able to authenticate to the pptp server and get an ip assigned to the pptp interface. The only thing needed now is a gui for the pptp-client.

[rarsa]

I just want to clarify (or get clarification) on what Barry wrote on the News page:

I've been discussing how to implement VPN in Puppy, with Foxti on the Forum.

IPsec VPN is happily running in puppy. I have been using it for quite some time. It's just the MPPE VPN people have had trouble with.

http://www.murga.org/~puppy/viewtopic.php?p=12351#12351

The news seems to indicate that puppy does not support VPN at all.

[Foxti]

I have installed vector linux (not a fun task) Muddled my way through the intire proces of installing MPPE support and tested it and it works great However now that I have compiled the kernel to support I am not sure what to do next as the instrustions kinda stop at that point. I aso was hunting for the 1.0.8 config file but could not find one any place can some one help me with this

Dean

[jcoder24]

Foxti

You can try tempestuous modules option. It's simpler and don't require recompiling the kernel.

After I've completed my test I'll try to post a mini howto.

[tempestuous]

Yes, adding modules is easier than building this support into the kernel itself.
But keep your Vector Linux installation now you have it, it's a good development resource. Puppy 1.0.4 - 1.0.8 all have the same kernel config -
http://www.puppylinux.com/development/c ... k2.4.29.gz

[fuzz]

Perhaps the following can be of help to people who have similar questions. I'm a newbie to Linux as well, and I also had some trouble setting up my DSL internet connection using pptp. I found some help on my ISP's helpdesk pages. On these pages, there are 2 links (one on pppd, and one on pptp) and some instructions. The link on pppd doesn't work, and the link on pptp led me to believe that:
1. Puppy's kernel version is too low
2. I would have to build in MPPE support
3. ergo, it would not be possible to set up a connection
(now I'm new to all this so I possibly misinterpreted)

I decided to carry out the instructions anyway and lo and behold, it worked fine. Mind you, these are instructions for my Alcatel Speedtouch Home modem.

I hope the following instructions are useful to anyone:
(I realize I'm a newbie and this could all be 'old news' to you guys)

configure the network adapter:
# ifconfig eth0 10.0.0.150 netmask 255.255.255.0 broadcast 10.0.0.255
# ifconfig eth0 up
# ifconfig eth0

this should produce something like this:

Link encap:Ethernet HWaddr AA:BB:CC:DD:EE:FF
inet addr:10.0.0.150 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

Now add the correct route:

# route add -net 10.0.0.0 netmask 255.255.255.0 eth0
# route -n

which will show something like

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.150 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

Then configure pppd:

# cd /etc/ppp
# mv options options.modem
# touch options

Now create a file /etc/ppp/options.adsl containing the following:
idle 0
noauth
user loginname@xs4all.nl
defaultroute
usepeerdns
nodetach
lcp-echo-interval 10
lcp-echo-failure 3

(xs4all is my ISP)

Now put the following in the file pap-secrets:

# Authentication via PAP
# login - server - pass - IP
loginname@xs4all.nl * password *

Then make the connection with:
# /usr/sbin/pptp 10.0.0.138 file /etc/ppp/options.adsl

-----------------------------------------

I hope this is useful info.

Rob

[Foxti]

However let me explain my problem
1) both Berry and I have been able to compile in Vector and make it work.
2) Several peoplr here sat that they too have ben able to get it to create a mppe connection in here as well
3) my time is gettting into crunch here as well and puppy is the best solution

However here is my issue

1) have have a recompiled Kernel oin vector Geat thing. Which is great but I have no idea how to get that into Puppy

2) I used the tool for puppy and can make it work there Temporar as well
hoiwever that goes away

What I need to do is to be able to either A take what I have in vector and put it into puppy Which I was able to fix a couple other issues in as well that we were having with the Thshiba laptop sound or B make it permenate so that I can compile it into a bootable 50 meg cd and pen drive and I can not seem to find any instructions on how to do this.

I have a couple programers on line that will be glad to help build a nice GUI for the program once I can give them a working puppy with the kernel built in.

Off subject here I have also been trying to build puppy cdś with out a bunch of the installed software and evertime I remove any packages even just a game when I do a burn and then boot I get kernel panic errors however if I do a raw just build and leave things alone and just hit the default all the way through it works every time.

Any and all help in this mater would be of a fantastic help as my time to complete this project is running very very short and I have basicly a week to get it all done.

I know that the things I am doing will not only help me but many others here as well

I love puppy a lot and would love to do a lot more with it. I have even started to develop several man pages and step by step how toś for many things that are not yet compleated.

I am plaining to put several links up on my client sites for puppy as well as I think it is a fantastic product.

Dean

[tempestuous]

Foxti,
As long as any modifications to the filesystem don't include the kernel itself, then your new files will be retained in your persistent pupfile (actually, only /root, /etc and /usr). That's why I compiled the modules above. But a pupfile is not easily transportable when you want to give Puppy Linux to others, unless you use the multi-session liveCD ... that could be a solution for you.
Remastering is the complete solution. There are various ways to remaster, and some are a bit complex.

I think the easy answer is wait for Puppy2. Why go to a lot of trouble modifying Puppy 1.0.8 when everything you want will be ready-to-go with Puppy2.

[tempestuous]

I see that Barry has taken this initiative further and compiled the next Puppy kernel with MPPE/MPPC support.
With enhancements like this, Puppy is getting more and more sophisticated.

I don't know anything about VPN but would like to learn, because it's sure to affect my working life in the future.
The choice of VPN client depends on the type of VPN server you wish to connect to, right, ... PPTP or IPsec?
And this client software just establishes a connection, or "tunnel"? So I still need other tools like ftp client, samba, etc. to do anything useful with this connection?

[Foxti]

Hey Tempestuous,

I agree that remastering is the only way to do it however I have not been successfull doing that either. I used 2 of the different ways described in the remastering document here hower I have only been able to burn a working cd that doe s not change anything at all and excepts the defaults all the way through. If I even remove a game when I boot I get a kernel panic error and I am looking tro stip puppy way down to a very basic system. it will have only a very few tools. RemoteDesktop RDP client, A Single Diler program, FTP, Printer Utilitp Some Sound utilities, Mail, and the conection wiz, that is about it so that it will fit onto a single 50 Meg CD. I know it can be done as I was able to do most of it in 1.0.7 however it did not include sound or MPPE.

As for why not wait for version 2 I am in a big time constraint I have to have it up and working by mid week this week so that I can package it up for a couple of out staff members prior to them leaving on a trip.

I have a lot of time and frustration involved but do not want to give up on puppy because I love it so much.

[BarryK]

Foxti,
I have just responded to your p.m., stating that 1 week is a very short time, and
I may not have puppy2alpha2 released by then.
But, I could upload a snapshot release, totally unofficial, for your consumption
only. It will have the MPPE/MPPC enabled kernel and the pppd 2.4.3 package
patched to work properly with the kernel module.

Um, let's see. If I was on broadband, I could do it right now (hopefully, I will
be soon). Tomorrow I'm driving to Perth, so will go to my friend's place who
has adsl -- note though, it's pathetic for upload, only 64K upload speed.
So, how about 24 hours from now, and I'll send you a p.m. when it's available.

[tempestuous]

Revised MPPE/MPPC modules for Puppy 1.0.4-1.0.8 (kernel 2.4.29).

Following Barry's lead with the soon-to-be-released 2.4.31 kernel, I have compiled the modules from the same MPPE-MPPC patch he used from http://mppe-mppc.alphacron.de/
And I have also compiled PPP 2.4.3 with the compatible patch.
This still may not suit Foxti's needs, but will be good for those people wanting to use PPTPclient right now in a manner consistent with the forthcoming release.

Instructions - copy mppe-mppc-modules.tar.gz somewhere persistent, say /root/my-applications
Now do this -

cd /
tar -zxvf /root/my-applications/mppe-mppc-modules.tar.gz
depmod
rmmod ppp_generic ## because the old module may already be loaded
modprobe ppp_generic
modprobe ppp_mppe_mppc
modprobe bsd_comp
modprobe sha1
## the following might be necessary ...
## because in /etc/modules.conf they are commented out
modprobe ppp_async
modprobe ppp_deflate
modprobe ppp_synctty

Now install ppp-2.4.3-patched.tar.gz by uncompressing it from /

PPTPclient should now work (?)
I'm a VPN novice myself, but I see there's a HOWTO here http://www.linuxquestions.org/linux/ans ... are_How_to
the PPTPclient section is half way down.

[BarryK]

Tempestuous,
is that going to work, as I had to patch the kernel, so the kernel itself, vmlinuz,
would have to be used, meaning the CD will have to be remastered?

Puppy doesn't have module bsd_comp ...is that a problem?
The kernel config file has this:

Code: Select all

# CONFIG_PPP_BSDCOMP is not set

[BarryK]

/etc/modules.conf has this:

Code: Select all

#BK using ppp* for dialup connection, need these...
alias tty-ldisc-3 ppp_async
alias ppp0 ppp_generic
alias ppp1 ppp_generic
#according to some info on RH8.0, need this...
alias ppp-compress-21 off
#as modprobe tries to get it, but it is no longer needed.
#note, some other refs say need to do this...
#alias ppp-compress-21 bsd_comp
#alias ppp-compress-24 ppp_deflate
#alias ppp-compress-26 ppp_deflate
#alias char-major-108 ppp_generic

#HOWTO-PPP.htm also says need these...
alias /dev/ppp ppp_generic
# ...no, just don't like the look of this one!
alias char-major-108 ppp_generic
# and this, but I haven't got this installed...
#alias tty-ldisc-14 ppp_synctty

so ppp-compress-21 is "off", so the bsd_comp module isn't used.
But, perhaps for MPPE this will be needed?
(then I'll have to recompile the kernel yet again, mumble, mumble)

Puppy2 has this also in modules.conf:

Code: Select all

#v2.0.0 VPN support needs this...
alias ppp-compress-18 ppp_mppe_mppc

[jmarsden]

so ppp-compress-21 is "off", so the bsd_comp module isn't used.
But, perhaps for MPPE this will be needed?
(then I'll have to recompile the kernel yet again, mumble, mumble)

It shouldn't be.

No time to post more now, but if you are debugging PPP (as opposed to PPTP) connections, James Carlson's little book "PPP Design and Debugging" has all the info you are ever likely to need, though it may be a little old (mine is date 1998) and so lacks MPPE specifics.

For PPTP issues, http://pptpclient.sourceforge.net/howto-diagnosis.phtml has all manner of suggestions.

Jonathan

[tempestuous]

Barry,
Some kernel patches, like this one, just add their extra features to the kernel configuration list. These features then need to be enabled in the configuration.

In "Network device support" the new feature is easy to see - "Microsoft PPP compression/encryption (MPPC/MPPE)". The option was available to enable this either built-in, or as a module. If the module option was not available, of course, I would have had to build a new kernel to get this feature. But as it was, I was able to simply compile a module.
It sounds like you might need to go back and look at your .config!

Regarding the other configuration options - BSD-Compress, SHA1 and ARC4, I only learned that these were necessary from the VPN HOWTO I mentioned before - http://www.linuxquestions.org/linux/ans ... are_How_to

Regarding /etc/modules.conf, yes, I think those lines should be uncommented. Otherwise, these modules will need to be manually loaded (as I suggested in my instructions above for Puppy 1.0..

And, of course, practice often mocks theory, so it would be good if someone with VPN access could try my modules with PPTPclient. This might help you to get MPPE working in Puppy2 first time.