VPN do windows 2000 serverja

tomi at hrovatin.com tomi at hrovatin.com
Sun Nov 25 14:18:23 CET 2001 

Lep pozdrav,

Uporabnik linuxa sem že cel teden, zato vas prosim, da ste prizanesljivi v primeru neumnih vprašanj.

Problematika je naslednja:
Inštaliran imam debian 2.4.8. V kernelu so vsi (vsaj upam da) moduli potrebni za VPN. Doinštaliral sem še pptp-linux in mppe kernel patch. Prebral sem kar nekaj dokumentov na to temo, zmedlo me je pa to, da je v vsakem dokumentu ta stvar malo drugaèe opisana.
V firewallu imam odprt port 1723 in dodano:
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p tcp --dport 1723 -j DNAT --to $LAN_IFACE
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p 47 -j DNAT --to $LAN_IFACE
(tole je pobrano iz enega how-toja)

v chap_secrets imam dodani vrstici:
domain\\username     server_ip           pw       *
server_ip            domain\\username    pw       *

(tole z dvojnim vpisom in zamenjanim remotehost/username je prav tako iz enega how-toja)

zadevo poklièem takole:
pptp server_ip debug name domain\\username remotehost server_ip noauth

v logu se zgodi tole:

Nov 25 12:47:20 citrus pptp[2802]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:548]: Client connection established.
Nov 25 12:47:21 citrus pptp[2802]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:655]: Outgoing call established (call ID 0, peer's call ID 998).
Nov 25 12:47:21 citrus pppd[2804]: pppd 2.4.1 started by root, uid 0
Nov 25 12:47:21 citrus pppd[2804]: using channel 13
Nov 25 12:47:21 citrus pppd[2804]: Using interface ppp1
Nov 25 12:47:21 citrus pppd[2804]: Connect: ppp1 <--> /dev/pts/5
Nov 25 12:47:21 citrus pppd[2804]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xafeb5b5e> <pcomp> <accomp>]
Nov 25 12:47:23 citrus pppd[2804]: rcvd [LCP ConfReq id=0x0 <auth chap 81> <magic 0x41430756> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [loca
Nov 25 12:47:23 citrus pppd[2804]: sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 00 32>]
Nov 25 12:47:23 citrus pppd[2804]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xafeb5b5e> <pcomp> <accomp>]
Nov 25 12:47:23 citrus pppd[2804]: rcvd [LCP ConfReq id=0x1 <auth chap 81> <magic 0x41430756> <pcomp> <accomp> <endpoint [local:35.7a.c3.66.50.a1.4d.cf.a1
Nov 25 12:47:23 citrus pppd[2804]: sent [LCP ConfNak id=0x1 <auth chap MD5>]
Nov 25 12:47:23 citrus pppd[2804]: rcvd [LCP ConfReq id=0x2 <auth chap m$oft> <magic 0x41430756> <pcomp> <accomp> <endpoint [local:35.7a.c3.66.50.a1.4d.cf
Nov 25 12:47:23 citrus pppd[2804]: sent [LCP ConfAck id=0x2 <auth chap m$oft> <magic 0x41430756> <pcomp> <accomp> <endpoint [local:35.7a.c3.66.50.a1.4d.cf
Nov 25 12:47:23 citrus pptp[2802]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:704]: PPTP_SET_LINK_INFO recieved from peer_callid 0
Nov 25 12:47:23 citrus pptp[2802]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:707]:   send_accm is 00000000, recv_accm is FFFFFFFF
Nov 25 12:47:23 citrus pppd[2804]: rcvd [CHAP Challenge id=0x0 <ea655f2df03df703>, name = "REMOTEHOST"]
Nov 25 12:47:23 citrus pppd[2804]: sent [CHAP Response id=0x0 <0000000000000000000000000000000000000000000000001b3b485d1d128ff6250d9d9684459d417258d79264f
Nov 25 12:47:23 citrus pppd[2804]: rcvd [CHAP Success id=0x0 ""]
Nov 25 12:47:23 citrus pppd[2804]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
Nov 25 12:47:23 citrus pppd[2804]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
Nov 25 12:47:23 citrus pppd[2804]: rcvd [CCP ConfReq id=0x4 < 12 06 01 00 00 f1>]
Nov 25 12:47:23 citrus pppd[2804]: sent [CCP ConfRej id=0x4 < 12 06 01 00 00 f1>]
Nov 25 12:47:23 citrus pppd[2804]: rcvd [IPCP ConfReq id=0x5 <addr 10.0.1.116>]
Nov 25 12:47:23 citrus pppd[2804]: sent [IPCP ConfAck id=0x5 <addr 10.0.1.116>]
Nov 25 12:47:23 citrus pppd[2804]: rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
Nov 25 12:47:23 citrus pppd[2804]: sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
Nov 25 12:47:23 citrus pppd[2804]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
Nov 25 12:47:23 citrus pppd[2804]: sent [CCP ConfReq id=0x2]
Nov 25 12:47:23 citrus pptp[2802]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:704]: PPTP_SET_LINK_INFO recieved from peer_callid 0
Nov 25 12:47:23 citrus pptp[2802]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:707]:   send_accm is FFFFFFFF, recv_accm is FFFFFFFF
Nov 25 12:47:23 citrus pppd[2804]: rcvd [LCP TermReq id=0x6 "AC\007V\000<\37777777715t\000\000\002\37777777746"]
Nov 25 12:47:23 citrus pppd[2804]: LCP terminated by peer (AC^GV^@<M-Mt^@^@^BM-f)
Nov 25 12:47:23 citrus pppd[2804]: sent [LCP TermAck id=0x6]
Nov 25 12:47:26 citrus pppd[2804]: Connection terminated.
Nov 25 12:47:27 citrus pppd[2804]: Exit.

Kolikor jaz razumem tole, se zaèneta pogovarjati in celo autentificirata se.
Še ena hecna stvar pa je, da na win 2000 serverju ni v logu nobenega sledu o poizkusu connecta.

Kakršenkoli nasvet je veè kot dobrodošel.

Tomi Hrovatin

More information about the lugos-list mailing list