Nabble - Poptop

tag:old.nabble.com,2006:forum-4436 Nabble - Poptop 2009-12-19T07:25:50Z Poptop is an open source implementation of a PPTP server. Running under x86 or embedded Motorola ColdFire architectures Poptop provides full interoperability with the Microsoft PPTP VPN client. Poptop home is <a href="http://sourceforge.net/projects/poptop/" target="_top" rel="nofollow">here</a>. tag:old.nabble.com,2006:post-26855888 Re: Tunnel stops working after a while, LCP ProtRej 2009-12-19T07:25:50Z 2009-12-19T07:25:50Z Gianluca Varenni It's a remote machine and I'm not in the office right now. Also, it <br>guarantees connectivity to the whole office. In general for a production <br>machine I prefer to install only deb package, no recompiling unless it's an <br>extreme situation. <br><br>I will probably wait until I get back to the office. <br><br>Have a nice day <br>GV <br><br><br><br>----- Original Message ----- <br>From: "Jorge Bastos" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26855888&i=0" target="_top" rel="nofollow">mysql.jorge@...</a>> <br>To: "'Gianluca Varenni'" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26855888&i=1" target="_top" rel="nofollow">gianluca.varenni@...</a>>; <br><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26855888&i=2" target="_top" rel="nofollow">poptop-server@...</a>> <br>Sent: Saturday, December 19, 2009 6:42 AM <br>Subject: RE: [Poptop-server] Tunnel stops working after a while, LCP ProtRej <br><br><br>>> I just checked, and there is no official deb package for kernel 2.6.36, <br>>> the <br>>> latest available one is a 2.6.18 :-( <br>>> <br>> <br>> Can't you compile it, or it's a remote machine? <br>> <br><br><br>------------------------------------------------------------------------------ <br>This SF.Net email is sponsored by the Verizon Developer Community <br>Take advantage of Verizon's best-in-class app development support <br>A streamlined, 14 day to market process makes app distribution fast and easy <br>Join now and get one step closer to millions of Verizon customers <br><a href="http://p.sf.net/sfu/verizon-dev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/verizon-dev2dev</a>  <br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26855888&i=3" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26855562 Re: Tunnel stops working after a while, LCP ProtRej 2009-12-19T06:42:29Z 2009-12-19T06:42:29Z Jorge Bastos > I just checked, and there is no official deb package for kernel 2.6.36, <br>> the <br>> latest available one is a 2.6.18 :-( <br>> <br><br>Can't you compile it, or it's a remote machine? <br><br><br>------------------------------------------------------------------------------ <br>This SF.Net email is sponsored by the Verizon Developer Community <br>Take advantage of Verizon's best-in-class app development support <br>A streamlined, 14 day to market process makes app distribution fast and easy <br>Join now and get one step closer to millions of Verizon customers <br><a href="http://p.sf.net/sfu/verizon-dev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/verizon-dev2dev</a>  <br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26855562&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26855559 Re: Tunnel stops working after a while, LCP ProtRej 2009-12-19T06:41:14Z 2009-12-19T06:41:14Z Gianluca Varenni I just checked, and there is no official deb package for kernel 2.6.36, the <br>latest available one is a 2.6.18 :-( <br><br>Thanks anyway <br><br>GV <br><br><br>----- Original Message ----- <br>From: "Jorge Bastos" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26855559&i=0" target="_top" rel="nofollow">mysql.jorge@...</a>> <br>To: "'Gianluca Varenni'" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26855559&i=1" target="_top" rel="nofollow">gianluca.varenni@...</a>>; <br><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26855559&i=2" target="_top" rel="nofollow">poptop-server@...</a>> <br>Sent: Saturday, December 19, 2009 6:05 AM <br>Subject: RE: [Poptop-server] Tunnel stops working after a while, LCP ProtRej <br><br><br>>> <br>>> It's a debian 4.0, I will see if I can still update the kernel package <br>>> without breaking everything. Do you think that is the culprit? <br>>> <br>> <br>> Maybe, <br>> I have similar situation, with clients connection from slow connections <br>> including me, and that never happen or anyone complained. <br>> <br><br><br>------------------------------------------------------------------------------ <br>This SF.Net email is sponsored by the Verizon Developer Community <br>Take advantage of Verizon's best-in-class app development support <br>A streamlined, 14 day to market process makes app distribution fast and easy <br>Join now and get one step closer to millions of Verizon customers <br><a href="http://p.sf.net/sfu/verizon-dev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/verizon-dev2dev</a>  <br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26855559&i=3" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26855301 Re: Tunnel stops working after a while, LCP ProtRej 2009-12-19T06:05:30Z 2009-12-19T06:05:30Z Jorge Bastos > <br>> It's a debian 4.0, I will see if I can still update the kernel package <br>> without breaking everything. Do you think that is the culprit? <br>> <br><br>Maybe, <br>I have similar situation, with clients connection from slow connections <br>including me, and that never happen or anyone complained. <br><br><br>------------------------------------------------------------------------------ <br>This SF.Net email is sponsored by the Verizon Developer Community <br>Take advantage of Verizon's best-in-class app development support <br>A streamlined, 14 day to market process makes app distribution fast and easy <br>Join now and get one step closer to millions of Verizon customers <br><a href="http://p.sf.net/sfu/verizon-dev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/verizon-dev2dev</a>  <br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26855301&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26854562 Re: Tunnel stops working after a while, LCP ProtRej 2009-12-19T04:04:13Z 2009-12-19T04:04:13Z Gianluca Varenni It's a debian 4.0, I will see if I can still update the kernel package <br>without breaking everything. Do you think that is the culprit? <br><br>GV <br><br>----- Original Message ----- <br>From: "Jorge Bastos" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26854562&i=0" target="_top" rel="nofollow">mysql.jorge@...</a>> <br>To: <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26854562&i=1" target="_top" rel="nofollow">poptop-server@...</a>> <br>Sent: Saturday, December 19, 2009 3:21 AM <br>Subject: Re: [Poptop-server] Tunnel stops working after a while, LCP ProtRej <br><br><div class='shrinkable-quote'><br>>> Server: <br>>> pptpd 1.3.4 <br>>> pppd  2.4.4 <br>>> Kernel 2.6.18-6-686 <br>>> <br>>> Client <br>>> Windows XP SP3 and Windows Vista <br>>> <br>>> Any ideas what could cause this problem? <br>> <br>> <br>> Do you have opportunity to update the kernel to 2.6.32? <br>> <br>> <br>> ------------------------------------------------------------------------------ <br>> This SF.Net email is sponsored by the Verizon Developer Community <br>> Take advantage of Verizon's best-in-class app development support <br>> A streamlined, 14 day to market process makes app distribution fast and <br>> easy <br>> Join now and get one step closer to millions of Verizon customers <br>> <a href="http://p.sf.net/sfu/verizon-dev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/verizon-dev2dev</a><br>> _______________________________________________ <br>> Poptop-server mailing list <br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26854562&i=2" target="_top" rel="nofollow">Poptop-server@...</a> <br>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a>  </div><br><br>------------------------------------------------------------------------------ <br>This SF.Net email is sponsored by the Verizon Developer Community <br>Take advantage of Verizon's best-in-class app development support <br>A streamlined, 14 day to market process makes app distribution fast and easy <br>Join now and get one step closer to millions of Verizon customers <br><a href="http://p.sf.net/sfu/verizon-dev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/verizon-dev2dev</a>  <br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26854562&i=3" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26854307 Re: Tunnel stops working after a while, LCP ProtRej 2009-12-19T03:21:18Z 2009-12-19T03:21:18Z Jorge Bastos > Server: <br>> pptpd 1.3.4 <br>> pppd  2.4.4 <br>> Kernel 2.6.18-6-686 <br>> <br>> Client <br>> Windows XP SP3 and Windows Vista <br>> <br>> Any ideas what could cause this problem? <br><br><br>Do you have opportunity to update the kernel to 2.6.32? <br><br><br>------------------------------------------------------------------------------ <br>This SF.Net email is sponsored by the Verizon Developer Community <br>Take advantage of Verizon's best-in-class app development support <br>A streamlined, 14 day to market process makes app distribution fast and easy <br>Join now and get one step closer to millions of Verizon customers <br><a href="http://p.sf.net/sfu/verizon-dev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/verizon-dev2dev</a>  <br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26854307&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26853769 Tunnel stops working after a while, LCP ProtRej 2009-12-19T01:40:17Z 2009-12-19T01:40:17Z Gianluca Varenni I have a problem with my pptpd installation, that started happening when my <br>users connect from far away locations with a really slow link (the server is <br>in california, the clients are in europe on a DSL link with some packet <br>drops every now and then). <br><br>The pptpd connection works for a bit and then it stops. This seems to happen <br>more frequently when the client is downloading/uploading big files on the <br>VPN. <br><br>The log is below. <br><br>As you can see, after a certain time pppd receives garbage and sends LCP <br>ProtRej packets. <br><br>Server: <br>pptpd 1.3.4 <br>pppd  2.4.4 <br>Kernel 2.6.18-6-686 <br><br>Client <br>Windows XP SP3 and Windows Vista <br><br>Any ideas what could cause this problem? <br><br>Have a nice day <br>GV <br><br><br><br>Dec 19 00:21:46 evilside pppd[27039]: using channel 326 <br>Dec 19 00:21:46 evilside pppd[27039]: sent [LCP ConfReq id=0x1 <asyncmap <br>0x0> <auth chap MS-v2> <magic 0x2c017766> <pcomp> <accomp>] <br>Dec 19 00:21:46 evilside pppd[27039]: rcvd [LCP ConfReq id=0x0 <mru 1400> <br><magic 0x522857e4> <pcomp> <accomp> <callback CBCP>] <br>Dec 19 00:21:46 evilside pppd[27039]: sent [LCP ConfRej id=0x0 <callback <br>CBCP>] <br>Dec 19 00:21:47 evilside pppd[27039]: rcvd [LCP ConfReq id=0x1 <mru 1400> <br><magic 0x522857e4> <pcomp> <accomp>] <br>Dec 19 00:21:47 evilside pppd[27039]: sent [LCP ConfAck id=0x1 <mru 1400> <br><magic 0x522857e4> <pcomp> <accomp>] <br>Dec 19 00:21:49 evilside pppd[27039]: sent [LCP ConfReq id=0x1 <asyncmap <br>0x0> <auth chap MS-v2> <magic 0x2c017766> <pcomp> <accomp>] <br>Dec 19 00:21:49 evilside pppd[27039]: rcvd [LCP ConfAck id=0x1 <asyncmap <br>0x0> <auth chap MS-v2> <magic 0x2c017766> <pcomp> <accomp>] <br>Dec 19 00:21:49 evilside pppd[27039]: sent [LCP EchoReq id=0x0 <br>magic=0x2c017766] <br>Dec 19 00:21:49 evilside pppd[27039]: sent [CHAP Challenge id=0xdc <br><f6f7816fc775bd1039244bb862b6340a>, name = "pptpd"] <br>Dec 19 00:21:49 evilside pppd[27039]: rcvd [LCP Ident id=0x2 <br>magic=0x522857e4 "MSRASV5.20"] <br>Dec 19 00:21:49 evilside pppd[27039]: rcvd [LCP Ident id=0x3 <br>magic=0x522857e4 "MSRAS-0-TEST"] <br>Dec 19 00:21:49 evilside pppd[27039]: rcvd [LCP Ident id=0x4 <br>magic=0x522857e4 <br>"\037\025D\023A\37777777621IL\37777777600\37777777611\37777777731\024 <br>\37777777710\022\37777777753"] <br>Dec 19 00:21:52 evilside pppd[27039]: sent [CHAP Challenge id=0xdc <br><f6f7816fc775bd1039244bb862b6340a>, name = "pptpd"] <br>Dec 19 00:21:53 evilside pppd[27039]: rcvd [CHAP Response id=0xdc <br><81ef9788b072f454b85ee5d46177e97b0000000000000000c89d2eaccae4c457bc4c9c602f5335c9784a7f435f23fa4e00>, <br>name = "USERXXX"] <br>Dec 19 00:21:53 evilside pppd[27039]: RADATTR plugin wrote 8 line(s) to file <br>/var/run/radattr.ppp3. <br>Dec 19 00:21:53 evilside pppd[27039]: sent [CHAP Success id=0xdc <br>"S=05095606B26E93C608D0C64E4B827EFFB75DE695"] <br>Dec 19 00:21:53 evilside pppd[27039]: sent [CCP ConfReq id=0x1 <mppe +H -M <br>+S -L -D -C>] <br>Dec 19 00:21:53 evilside pppd[27039]: rcvd [IPV6CP ConfReq id=0x5 <addr <br>fe80::b836:207a:8b56:f500>] <br>Dec 19 00:21:53 evilside pppd[27039]: sent [LCP ProtRej id=0x2 80 57 01 05 <br>00 0e 01 0a b8 36 20 7a 8b 56 f5 00] <br>Dec 19 00:21:53 evilside pppd[27039]: rcvd [CCP ConfReq id=0x6 <mppe +H -M <br>+S -L -D -C>] <br>Dec 19 00:21:53 evilside pppd[27039]: sent [CCP ConfAck id=0x6 <mppe +H -M <br>+S -L -D -C>] <br>Dec 19 00:21:53 evilside pppd[27039]: rcvd [IPCP ConfReq id=0x7 <addr <br>0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins <br>0.0.0.0>] <br>Dec 19 00:21:53 evilside pppd[27039]: sent [IPCP TermAck id=0x7] <br>Dec 19 00:21:53 evilside pppd[27039]: rcvd [CCP ConfAck id=0x1 <mppe +H -M <br>+S -L -D -C>] <br>Dec 19 00:21:53 evilside pppd[27039]: sent [IPCP ConfReq id=0x1 <compress VJ <br>0f 01> <addr 192.168.77.67>] <br>Dec 19 00:21:54 evilside pppd[27039]: rcvd [IPCP ConfRej id=0x1 <compress VJ <br>0f 01>] <br>Dec 19 00:21:54 evilside pppd[27039]: sent [IPCP ConfReq id=0x2 <addr <br>X.X.X.X>] <br>Dec 19 00:21:54 evilside pppd[27039]: rcvd [IPCP ConfAck id=0x2 <addr <br>X.X.X.X>] <br>Dec 19 00:21:57 evilside pppd[27039]: sent [IPCP ConfReq id=0x2 <addr <br>X.X.X.X>] <br>Dec 19 00:21:57 evilside pppd[27039]: rcvd [IPCP ConfReq id=0x8 <addr <br>0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins <br>0.0.0.0>] <br>Dec 19 00:21:57 evilside pppd[27039]: sent [IPCP ConfNak id=0x8 <addr <br>y.y.y.y> <ms-dns1 z.z.z.z> <ms-wins z.z.z.z> <ms-dns3 z.z.z.z> <ms-wins <br>z.z.z.z>] <br>Dec 19 00:21:57 evilside pppd[27039]: rcvd [IPCP ConfAck id=0x2 <addr <br>X.X.X.X>] <br>Dec 19 00:21:57 evilside pppd[27039]: rcvd [IPCP ConfReq id=0x9 <addr <br>0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins <br>0.0.0.0>] <br>Dec 19 00:21:57 evilside pppd[27039]: sent [IPCP ConfNak id=0x9 <addr <br>y.y.y.y> <ms-dns1 z.z.z.z> <ms-wins z.z.z.z> <ms-dns3 z.z.z.z> <ms-wins <br>z.z.z.z>] <br>Dec 19 00:21:57 evilside pppd[27039]: rcvd [IPCP ConfReq id=0xa <addr <br>y.y.y.y> <ms-dns1 z.z.z.z> <ms-wins z.z.z.z> <ms-dns3 z.z.z.z> <ms-wins <br>z.z.z.z>] <br>Dec 19 00:21:57 evilside pppd[27039]: sent [IPCP ConfAck id=0xa <addr <br>y.y.y.y> <ms-dns1 z.z.z.z> <ms-wins z.z.z.z> <ms-dns3 z.z.z.z> <ms-wins <br>z.z.z.z>] <br>Dec 19 00:21:57 evilside pppd[27039]: Script /etc/ppp/ip-up started (pid <br>27043) <br>Dec 19 00:21:57 evilside pppd[27039]: Script /etc/ppp/ip-up finished (pid <br>27043), status = 0x0 <br>Dec 19 00:36:16 evilside pppd[27039]: rcvd [proto=0x1e77] 30 04 48 7d a5 f2 <br>60 46 3b 02 7c be 51 ce 2d 06 a6 a2 3a 8a 4b e9 93 dc 75 e5 f6 c4 3c 79 f9 <br>07 ... <br>Dec 19 00:36:16 evilside pppd[27039]: sent [LCP ProtRej id=0x3 1e 77 30 04 <br>48 7d a5 f2 60 46 3b 02 7c be 51 ce 2d 06 a6 a2 3a 8a 4b e9 93 dc 75 e5 f6 <br>c4 3c 79 ...] <br>Dec 19 00:36:17 evilside pppd[27039]: rcvd [proto=0xde3d] 57 c7 2b aa dc 1b <br>e5 f4 cd 40 19 11 66 0c 21 db 57 9a 72 72 d4 ee 3c 05 ad e9 7b ae ec ff ae <br>92 ... <br>Dec 19 00:36:17 evilside pppd[27039]: sent [LCP ProtRej id=0x4 de 3d 57 c7 <br>2b aa dc 1b e5 f4 cd 40 19 11 66 0c 21 db 57 9a 72 72 d4 ee 3c 05 ad e9 7b <br>ae ec ff ...] <br>Dec 19 00:36:17 evilside pppd[27039]: rcvd [proto=0xd637] e5 74 ce 7d 01 67 <br>89 e1 5a 31 2a c3 b1 88 a5 15 95 ed 55 6c 79 18 07 bd 82 40 72 bc 2f 63 9d <br>da ... <br>Dec 19 00:36:17 evilside pppd[27039]: sent [LCP ProtRej id=0x5 d6 37 e5 74 <br>ce 7d 01 67 89 e1 5a 31 2a c3 b1 88 a5 15 95 ed 55 6c 79 18 07 bd 82 40 72 <br>bc 2f 63 ...] <br>Dec 19 00:36:17 evilside pppd[27039]: rcvd [proto=0x4c08] 4d 2d 08 4d d9 13 <br>d7 23 ec 3f 9a e7 19 f6 3a 61 97 ed 45 99 ed e0 2c fd de 75 cf 0c cc 38 55 <br>9c ... <br>Dec 19 00:36:17 evilside pppd[27039]: sent [LCP ProtRej id=0x6 4c 08 4d 2d <br>08 4d d9 13 d7 23 ec 3f 9a e7 19 f6 3a 61 97 ed 45 99 ed e0 2c fd de 75 cf <br>0c cc 38 ...] <br>Dec 19 00:36:17 evilside pppd[27039]: rcvd [proto=0x4a97] dc a5 2e 6a 39 e0 <br>0b 5a 02 74 af 3e d1 b6 f4 8f fd 48 11 ff ce 94 7a 83 4e a3 03 4f 8c 51 fb <br>78 ... <br>Dec 19 00:36:17 evilside pppd[27039]: sent [LCP ProtRej id=0x7 4a 97 dc a5 <br>2e 6a 39 e0 0b 5a 02 74 af 3e d1 b6 f4 8f fd 48 11 ff ce 94 7a 83 4e a3 03 <br>4f 8c 51 ...] <br><br><br>------------------------------------------------------------------------------ <br>This SF.Net email is sponsored by the Verizon Developer Community <br>Take advantage of Verizon's best-in-class app development support <br>A streamlined, 14 day to market process makes app distribution fast and easy <br>Join now and get one step closer to millions of Verizon customers <br><a href="http://p.sf.net/sfu/verizon-dev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/verizon-dev2dev</a>  <br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26853769&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26824414 Re: xp sp3 vista seven mppe problem 2009-12-16T23:47:08Z 2009-12-16T23:47:08Z philippe gracia Le 26/11/2009 11:41, philippe gracia a écrit : <div class='shrinkable-quote'><br>> hi! <br>> <br>> I have the same problem described here : <br>> <a href="http://sourceforge.net/mailarchive/message.php?msg_id=484FC86A.9020404%40wavenet.at" target="_top" rel="nofollow">http://sourceforge.net/mailarchive/message.php?msg_id=484FC86A.9020404%40wavenet.at</a><br>> <br>> <br>> Here is a small explanation: <br>> <br>> - XP3 sp3/vista/seven connect to a ppptpd-server, but cannot ping any <br>> machine on the network, but all 98/200/xp client does. <br>> <br>> To make it work, You must disable encryption in the connexion properties. <br>> <br>> here is a cut/paste of the vista log : <br>> Nov 26 11:24:12 mailhost pptpd[1463]: CTRL: Client xx.xx.xx.xx control <br>> connection started <br>> Nov 26 11:24:12 mailhost pptpd[1463]: CTRL: Starting call (launching <br>> pppd, opening GRE) <br>> Nov 26 11:24:12 mailhost pppd[1464]: Plugin <br>> /usr/lib64/pptpd/pptpd-logwtmp.so loaded. <br>> Nov 26 11:24:12 mailhost pppd[1464]: pppd 2.4.4 started by root, uid 0 <br>> Nov 26 11:24:12 mailhost pppd[1464]: Starting negotiation on /dev/pts/3 <br>> Nov 26 11:24:15 mailhost pptpd[1463]: CTRL: Ignored a SET LINK INFO <br>> packet with real ACCMs! <br>> Nov 26 11:24:15 mailhost pppd[1464]: Using interface ppp1 <br>> Nov 26 11:24:15 mailhost pppd[1464]: MPPE 128-bit stateful compression <br>> enabled <br>> Nov 26 11:24:17 mailhost pppd[1464]: found interface eth1 for proxy arp <br>> Nov 26 11:24:17 mailhost pppd[1464]: local  IP address 10.33.1.250 <br>> Nov 26 11:24:17 mailhost pppd[1464]: remote IP address 10.33.1.75 <br>> <br>> <br>> my options.pptpd: <br>> <br>> name pptpd <br>> lock <br>> mtu 1400 <br>> mru 1400 <br>> proxyarp <br>> auth <br>> #debug <br>> multilink <br>> <br>> # Strip the domain prefix from the username before authentication. <br>> # (applies if you use pppd with chapms-strip-domain patch) <br>> #chapms-strip-domain <br>> <br>> <br>> # Encryption <br>> # (There have been multiple versions of PPP with encryption support, <br>> # choose with of the following sections you will use.) <br>> <br>> <br>> # BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o <br>> # {{{ <br>> refuse-pap <br>> refuse-chap <br>> refuse-mschap <br>> # Require the peer to authenticate itself using MS-CHAPv2 [Microsoft <br>> # Challenge Handshake Authentication Protocol, Version 2] authentication. <br>> require-mschap-v2 <br>> # Require MPPE 128-bit encryption <br>> # (note that MPPE requires the use of MSCHAP-V2 during authentication) <br>> #require-mppe-128 <br>> #mppe no128,no56 <br>> mppe required <br>> <br>> # Miscellaneous <br>> <br>> # Create a UUCP-style lock file for the pseudo-tty to ensure exclusive <br>> # access. <br>> lock <br>> <br>> # Disable BSD-Compress compression <br>> nobsdcomp <br>> <br>> # Disable Van Jacobson compression <br>> # (needed on some networks with Windows 9x/ME/XP clients, see posting to <br>> # poptop-server on 14th April 2005 by Pawel Pokrywka and followups, <br>> # <a href="http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2" target="_top" rel="nofollow">http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2</a> ) <br>> novj <br>> novjccomp <br>> <br>> # turn off logging to stderr, since this may be redirected to pptpd <br>> nologfd <br>> <br>> <br>> <br>> <br>> <br>> <br>> I have a strange kernel error message : <br>> <br>> Nov 25 15:31:14 mailhost kernel: mppe_comp_init[1]: unknown key length <br>> Nov 25 17:04:34 mailhost kernel: mppe_decomp_init[1]: unknown key length <br>> <br>> <br>> can someone help me resolve this ? <br>> <br>> thanks by advance <br>> <br>>     </div><br><br>Hello. <br>Tried to resolve by myself, but it's far away of my knowledge. <br><br>Really no idea ? <br><br>I'm feeling alone ... <br><br>thanks... <br><br><br>------------------------------------------------------------------------------ <br>This SF.Net email is sponsored by the Verizon Developer Community <br>Take advantage of Verizon's best-in-class app development support <br>A streamlined, 14 day to market process makes app distribution fast and easy <br>Join now and get one step closer to millions of Verizon customers <br><a href="http://p.sf.net/sfu/verizon-dev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/verizon-dev2dev</a>  <br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26824414&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26820961 Re: gre troubles 2009-12-16T16:08:27Z 2009-12-16T16:08:27Z James Cameron-8 On Wed, Dec 16, 2009 at 11:46:43AM -0800, jon heise wrote: <br>> Dec 16 18:41:43 sjc-log1 pppd[23830]: Connect: ppp0 <--> /dev/pts/2 <br>> Dec 16 18:42:13 sjc-log1 pppd[23830]: LCP: timeout sending Config-Requests <br>> Dec 16 18:42:13 sjc-log1 pppd[23830]: Connection terminated. <br><br>GRE is not getting through.  You should be able to confirm that using <br>tcpdump or wireshark.  Check your routers.  Check the local system's <br>iptables rules. <br><br>-- <br>James Cameron <br><a href="http://quozl.linux.org.au/" target="_top" rel="nofollow">http://quozl.linux.org.au/</a><br><br>------------------------------------------------------------------------------ <br>This SF.Net email is sponsored by the Verizon Developer Community <br>Take advantage of Verizon's best-in-class app development support <br>A streamlined, 14 day to market process makes app distribution fast and easy <br>Join now and get one step closer to millions of Verizon customers <br><a href="http://p.sf.net/sfu/verizon-dev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/verizon-dev2dev</a>  <br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26820961&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26817713 gre troubles 2009-12-16T11:46:43Z 2009-12-16T11:46:43Z jon heise-2 i'm setting up a new poptop instance and i'm running into with gre   <br>getting some read error. the connection is running between an office   <br>and a datacenter with acl's on the routers allowing gre through and an   <br>ip traffic between the two sites through. <br><br>  I'm getting the following in my logs: <br><br>Dec 16 18:41:43 sjc-log1 pptpd[23829]: CTRL: Client *.*.*.* control   <br>connection started <br>Dec 16 18:41:43 sjc-log1 pptpd[23829]: CTRL: Starting call (launching   <br>pppd, opening GRE) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: pppd options in effect: <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: debug             # (from /etc/ <br>ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: nologfd           # (from /etc/ <br>ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: dump              # (from /etc/ <br>ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: require-mschap-v2         #   <br>(from /etc/ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: refuse-pap                #   <br>(from /etc/ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: refuse-chap               #   <br>(from /etc/ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: refuse-mschap             #   <br>(from /etc/ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: name pptpd                #   <br>(from /etc/ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: 115200            # (from   <br>command line) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: lock              # (from /etc/ <br>ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: local             # (from   <br>command line) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: novj              # (from /etc/ <br>ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: novjccomp         # (from /etc/ <br>ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: ipparam   <br>64.244.66.2               # (from command line) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]:   <br>192.168.30.26:192.168.30.115              # (from command line) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: nobsdcomp         # (from /etc/ <br>ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: require-mppe-128          #   <br>(from /etc/ppp/options.pptpd) <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: pppd 2.4.4 started by root, uid 0 <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: Using interface ppp0 <br>Dec 16 18:41:43 sjc-log1 pppd[23830]: Connect: ppp0 <--> /dev/pts/2Dec   <br>16 18:42:13 sjc-log1 pppd[23830]: LCP: timeout sending Config-Requests <br>Dec 16 18:42:13 sjc-log1 pppd[23830]: Connection terminated. <br>Dec 16 18:42:13 sjc-log1 pppd[23830]: Modem hangupDec 16 18:42:13 sjc- <br>log1 pppd[23830]: Exit. <br>Dec 16 18:42:13 sjc-log1 pptpd[23829]: GRE: read <br>(fd=6,buffer=610860,len=8196) from PTY failed: status = -1 error =   <br>Input/output error, usually caused by unexpected termination of pppd,   <br>check option syntax and pppd logs <br>Dec 16 18:42:13 sjc-log1 pptpd[23829]: CTRL: PTY read or GRE write   <br>failed (pty,gre)=(6,7) <br>Dec 16 18:42:13 sjc-log1 pptpd[23829]: CTRL: Client *.*.*.* control   <br>connection finished <br><br><br>Jon Heise <br>Systems Engineer <br>Genius, Inc <br>1400 Fashion Island Blvd, Suite 500 <br>650 703 8615 (C) <br><br><br>------------------------------------------------------------------------------ <br>This SF.Net email is sponsored by the Verizon Developer Community <br>Take advantage of Verizon's best-in-class app development support <br>A streamlined, 14 day to market process makes app distribution fast and easy <br>Join now and get one step closer to millions of Verizon customers <br><a href="http://p.sf.net/sfu/verizon-dev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/verizon-dev2dev</a>  <br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26817713&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26603036 Only Partial Callingstationid 2009-12-01T01:06:36Z 2009-12-01T01:06:36Z Neville-10 Hi everyone, <br><br>I'm at a lost why combination of  poptop radius plugin is only passing   <br>the last 4 digits of the callingstationid and in reverse order. <br><br>I would also like to capture MAC address, but this does not seem to be   <br>possible? <br><br>Any ideas, pointers? <br><br>Kind Regards, <br><br>Nev <br><br>CentOS 5.4 <br>pptp 2.4.4 <br>Poptop 1.3.4 <br><br>------------------------------------------------------------------------------ <br>Join us December 9, 2009 for the Red Hat Virtual Experience, <br>a free event focused on virtualization and cloud computing. <br>Attend in-depth sessions from your desk. Your couch. Anywhere. <br><a href="http://p.sf.net/sfu/redhat-sfdev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/redhat-sfdev2dev</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26603036&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26588415 Re: poptop+freeradius 2009-12-01T00:44:34Z 2009-12-01T00:44:34Z Oguzhan Kayhan I figured out the first problem. <br>The additional dictionary packets (windows one) has the same ID with <br>default dictionary file ..So freeradius was assuming a 4 digit dictionary <br>parameters instead of full ip stack. <br>I just changed the ID of clientipaddress and it worked. <br>But still couldnt find anything about disconnect <br>:( <br><div class='shrinkable-quote'><br>> Hi, Oguzhan <br>> <br>> I checked my radacct table, there no problem. My radacct table like that: <br>> +------------------+-----------------+ <br>> | callingstationid | framedipaddress | <br>> +------------------+-----------------+ <br>> | XXX.42.176.XXX    | 192.168.10.234  | <br>> <br>> I think that you maybe not configure your radiusclient correct. Check that <br>> if you create dictionary for pptp protocol correctly. <br>> <br>> I couldn't help you the  2nd problem, I am also confused with radius <br>> disconnect packet. <br>> <br>> On Tue, Nov 24, 2009 at 7:30 PM, Oguzhan Kayhan <br>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26588415&i=0" target="_top" rel="nofollow">oguzhank@...</a>>wrote: <br>> <br>>> Hello, <br>>> I made a configuration for freeradius+pptp+mysql <br>>> <br>>> Everythings working great..Except some minor problems.. <br>>> Here's follows.. <br>>> <br>>> I am checking radacct table on mysql to see the logs.. <br>>> Ok. i can see connection dates..total data trasnfers.. username <br>>> etc..but.. <br>>> it doesnt show callingstationid for the user that connects to vpn.. <br>>> Just the framedIpAddress that user gets.. <br>>> Does anybody had such problem.. or is there any way to log the callingip <br>>> addresses on mysql also??? <br>>> <br>>> Second problem.. <br>>> Is there a way to disconnect pptp user via radius disconnect packet?? <br>>> <br>>> <br>>> Thanks.. <br>>> <br>>> <br>>> <br>>> <br>>> <br>>> ------------------------------------------------------------------------------ <br>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 <br>>> 30-Day <br>>> trial. Simplify your report design, integration and deployment - and <br>>> focus <br>>> on <br>>> what you do best, core application coding. Discover what's new with <br>>> Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>>> _______________________________________________ <br>>> Poptop-server mailing list <br>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26588415&i=1" target="_top" rel="nofollow">Poptop-server@...</a> <br>>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>>> <br>> ------------------------------------------------------------------------------ <br>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 <br>> 30-Day <br>> trial. Simplify your report design, integration and deployment - and focus <br>> on <br>> what you do best, core application coding. Discover what's new with <br>> Crystal Reports now. <br>> <a href="http://p.sf.net/sfu/bobj-july_______________________________________________" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july_______________________________________________</a><br>> Poptop-server mailing list <br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26588415&i=2" target="_top" rel="nofollow">Poptop-server@...</a> <br>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>> </div><br><br><br>------------------------------------------------------------------------------ <br>Join us December 9, 2009 for the Red Hat Virtual Experience, <br>a free event focused on virtualization and cloud computing. <br>Attend in-depth sessions from your desk. Your couch. Anywhere. <br><a href="http://p.sf.net/sfu/redhat-sfdev2dev" target="_top" rel="nofollow">http://p.sf.net/sfu/redhat-sfdev2dev</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26588415&i=3" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26532944 Re: PPTP and iptables problem 2009-11-26T09:50:04Z 2009-11-26T09:50:04Z Serg Smirnoff On Thu, Nov 26, 2009 at 5:30 PM, Charlie Brady <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26532944&i=0" target="_top" rel="nofollow">charlie_brady@...</a>> wrote: <div class='shrinkable-quote'><br>> <br>> On Thu, 26 Nov 2009, Serg Smirnoff wrote: <br>> <br>>> well, <br>>> let's add again a two simple rules to forward like these: <br>>> <br>>> iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT <br>>> iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT <br>> <br>> Those rules will be more effective if "inserted before" the "reject <br>> everything" rule, rather than "appended after". <br>> <br>> </div><br>yep, that's what I meant, I thought Fred knows about rules order.. :) <br><br>-- <br>Serg Smirnov <br>email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26532944&i=1" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26532944&i=2" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26530472 Re: PPTP and iptables problem 2009-11-26T06:46:20Z 2009-11-26T06:46:20Z Frederick Gordts Thanks, that was it, I just removed that rule and now it works! <br>-A FORWARD -j REJECT --reject-with icmp-port-unreachable <br><br>Should I change/remove other rules in my iptables config (below) for security? <br><br># Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>*mangle <br>:PREROUTING ACCEPT [92672:54733713] <br>:INPUT ACCEPT [33497:3256120] <br>:FORWARD ACCEPT [59175:51477593] <br>:OUTPUT ACCEPT [47961:52615592] <br>:POSTROUTING ACCEPT [105702:104001760] <br>COMMIT <br># Completed on Thu Nov 26 11:38:12 2009 <br># Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>*nat <br>:PREROUTING ACCEPT [61:4397] <br>:POSTROUTING ACCEPT [0:0] <br>:OUTPUT ACCEPT [1:60] <br>-A POSTROUTING -j MASQUERADE <br>-A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE <br>COMMIT <br># Completed on Thu Nov 26 11:38:12 2009 <br># Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>*filter <br>:INPUT ACCEPT [0:0] <br>:FORWARD ACCEPT [0:0] <br>:OUTPUT ACCEPT [0:0] <br>-A INPUT -i ppp0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT <br>-A INPUT -i lo -j ACCEPT <br>-A INPUT -d 127.0.0.0/8 -i ! lo -j REJECT --reject-with icmp-port-unreachable <br>-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 11431 -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT <br>-A INPUT -p tcp -m state --state NEW -m tcp --dport 11430 -j ACCEPT <br>-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT <br>-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: <br>" --log-level 7 <br>-A INPUT -j REJECT --reject-with icmp-port-unreachable <br>-A INPUT -d x.x.x.x/32 -p tcp -m tcp --dport 1723 -j ACCEPT <br>-A INPUT -i ppp0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT <br>-A INPUT -i ppp0 -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 137 -j ACCEPT <br>-A INPUT -p udp -m udp --dport 137 -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT <br>-A INPUT -p udp -m udp --dport 139 -j ACCEPT <br>-A OUTPUT -j ACCEPT <br>COMMIT <br># Completed on Thu Nov 26 11:38:12 2009 <br><br><br>2009/11/26 Charlie Brady <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26530472&i=0" target="_top" rel="nofollow">charlie_brady@...</a>>: <br>> All forwarded traffic is rejected (but policy is ACCEPT). <br>> <br>> You need to permite forwarding in the filter table, and do <br>> NAT/MASQUERADE in the nat table. <br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26530472&i=1" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26530258 Re: PPTP and iptables problem 2009-11-26T06:30:17Z 2009-11-26T06:30:17Z Charlie Brady-13 <br>On Thu, 26 Nov 2009, Serg Smirnoff wrote: <br><br>> well, <br>> let's add again a two simple rules to forward like these: <br>> <br>> iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT <br>> iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT <br><br>Those rules will be more effective if "inserted before" the "reject <br>everything" rule, rather than "appended after". <br><br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26530258&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26530251 Re: PPTP and iptables problem 2009-11-26T06:29:10Z 2009-11-26T06:29:10Z Charlie Brady-13 <br>On Thu, 26 Nov 2009, Fred wrote: <br><br>> Here you go. Note that it doesn't contain any FORWARD rules anymore, <br><br>That's not true. <br><br>> as all the ones I tried didn't work. But according to James' page, the <br>> problem should be there... <br><br>Indeed. <br><br>> # Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>> *filter <br>> :INPUT ACCEPT [0:0] <br>> :FORWARD ACCEPT [0:0] <br>... <br>> -A FORWARD -j REJECT --reject-with icmp-port-unreachable <br>... <br>> COMMIT <br>> # Completed on Thu Nov 26 11:38:12 2009 <br><br>All forwarded traffic is rejected (but policy is ACCEPT). <br><br>You need to permite forwarding in the filter table, and do <br>NAT/MASQUERADE in the nat table. <br><br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26530251&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26528989 Re: PPTP and iptables problem 2009-11-26T04:45:47Z 2009-11-26T04:45:47Z Frederick Gordts Thanks but that doesn't help either. Still can't ping/visit external <br>websites from the client. <br><br>2009/11/26 Serg Smirnoff <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=0" target="_top" rel="nofollow">sergey.a.smirnov@...</a>>: <div class='shrinkable-quote'><br>> well, <br>> let's add again a two simple rules to forward like these: <br>> <br>> iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT <br>> iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT <br>> <br>> and after that try to reach an external target and see how the counter <br>> will changes in "iptables -nL FORWARD -v" output. <br>> <br>> On Thu, Nov 26, 2009 at 1:43 PM, Fred <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=1" target="_top" rel="nofollow">fredbus@...</a>> wrote: <br>>> Here you go. Note that it doesn't contain any FORWARD rules anymore, <br>>> as all the ones I tried didn't work. But according to James' page, the <br>>> problem should be there... <br>>> <br>>> PPTP Client IP = 192.168.0.100-120 <br>>> PPTP Server IP = 192.168.0.1 <br>>> eth0 IP is a public Internet IP <br>>> <br>>> Pinging 192.168.0.1 works from the client; pinging external servers does not. <br>>> <br>>> # Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>>> *mangle <br>>> :PREROUTING ACCEPT [92672:54733713] <br>>> :INPUT ACCEPT [33497:3256120] <br>>> :FORWARD ACCEPT [59175:51477593] <br>>> :OUTPUT ACCEPT [47961:52615592] <br>>> :POSTROUTING ACCEPT [105702:104001760] <br>>> COMMIT <br>>> # Completed on Thu Nov 26 11:38:12 2009 <br>>> # Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>>> *nat <br>>> :PREROUTING ACCEPT [61:4397] <br>>> :POSTROUTING ACCEPT [0:0] <br>>> :OUTPUT ACCEPT [1:60] <br>>> -A POSTROUTING -j MASQUERADE <br>>> -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE <br>>> COMMIT <br>>> # Completed on Thu Nov 26 11:38:12 2009 <br>>> # Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>>> *filter <br>>> :INPUT ACCEPT [0:0] <br>>> :FORWARD ACCEPT [0:0] <br>>> :OUTPUT ACCEPT [0:0] <br>>> -A INPUT -i ppp0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT <br>>> -A INPUT -i lo -j ACCEPT <br>>> -A INPUT -d 127.0.0.0/8 -i ! lo -j REJECT --reject-with icmp-port-unreachable <br>>> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT <br>>> -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT <br>>> -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT <br>>> -A INPUT -p tcp -m tcp --dport 11431 -j ACCEPT <br>>> -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT <br>>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 11430 -j ACCEPT <br>>> -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT <br>>> -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: <br>>> " --log-level 7 <br>>> -A INPUT -j REJECT --reject-with icmp-port-unreachable <br>>> -A INPUT -d 194.50.91.233/32 -p tcp -m tcp --dport 1723 -j ACCEPT <br>>> -A INPUT -i ppp0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT <br>>> -A INPUT -i ppp0 -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT <br>>> -A INPUT -p tcp -m tcp --dport 137 -j ACCEPT <br>>> -A INPUT -p udp -m udp --dport 137 -j ACCEPT <br>>> -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT <br>>> -A INPUT -p udp -m udp --dport 139 -j ACCEPT <br>>> -A FORWARD -j REJECT --reject-with icmp-port-unreachable <br>>> -A OUTPUT -j ACCEPT <br>>> COMMIT <br>>> # Completed on Thu Nov 26 11:38:12 2009 <br>>> <br>>> <br>>> 2009/11/26 Serg Smirnoff <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=2" target="_top" rel="nofollow">sergey.a.smirnov@...</a>>: <br>>>> ok, gotcha :) <br>>>> <br>>>> show your current iptables configuration plz. <br>>>> <br>>>> On Thu, Nov 26, 2009 at 1:27 PM, Fred <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=3" target="_top" rel="nofollow">fredbus@...</a>> wrote: <br>>>>> That's 1, of course ;-) <br>>>>> See my other mail, it must be some kind of iptables FORWARD rule that <br>>>>> I don't have, but I can't find out which one. <br>>>>> <br>>>>> On Thu, Nov 26, 2009 at 11:21 AM, Serg Smirnoff <br>>>>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=4" target="_top" rel="nofollow">sergey.a.smirnov@...</a>> wrote: <br>>>>>> huh, <br>>>>>> and what's the output: <br>>>>>> <br>>>>>> # sysctl net.ipv4.ip_forward <br>>>>>> <br>>>>>> On Thu, Nov 26, 2009 at 1:05 PM, Fred <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=5" target="_top" rel="nofollow">fredbus@...</a>> wrote: <br>>>>>>> If it only were that easy ;-) But it doesn't work. <br>>>>>>> <br>>>>>>> On Thu, Nov 26, 2009 at 10:42 AM, Serg Smirnoff <br>>>>>>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=6" target="_top" rel="nofollow">sergey.a.smirnov@...</a>> wrote: <br>>>>>>>> if the client IP from the private network you need to create the <br>>>>>>>> appropriate rules in the NAT chain, e.g.: <br>>>>>>>> <br>>>>>>>> iptables -A POSTROUTING -t nat -s 192.168.0.100 -j MASQUERADE <br>>>>>>> <br>>>>>>> ------------------------------------------------------------------------------ <br>>>>>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>>>>>>> trial. Simplify your report design, integration and deployment - and focus on <br>>>>>>> what you do best, core application coding. Discover what's new with <br>>>>>>> Crystal Reports now. <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>>>>>>> _______________________________________________ <br>>>>>>> Poptop-server mailing list <br>>>>>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=7" target="_top" rel="nofollow">Poptop-server@...</a> <br>>>>>>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>>>>>>> <br>>>>>> <br>>>>>> <br>>>>>> <br>>>>>> -- <br>>>>>> Serg Smirnov <br>>>>>> email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=8" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br>>>>>> <br>>>>> <br>>>> <br>>>> <br>>>> <br>>>> -- <br>>>> Serg Smirnov <br>>>> email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=9" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br>>>> <br>>> <br>> <br>> <br>> <br>> -- <br>> Serg Smirnov <br>> email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=10" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br>> </div><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26528989&i=11" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26534746 Re: PPTP and iptables problem 2009-11-26T04:00:14Z 2009-11-26T04:00:14Z James Cameron-8 <html><body class="ApplePlainTextBody" style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">On 26/11/2009, at 9:43 PM, Fred wrote:<br><blockquote type="cite">Here you go. Note that it doesn't contain any FORWARD rules anymore,<br></blockquote><blockquote type="cite">as all the ones I tried didn't work. But according to James' page, the<br></blockquote><blockquote type="cite">problem should be there...<br></blockquote><br>No, that's not what I said.  I said: "The most common cause of failure for this test is iptables FORWARD rules."  There are certainly other causes for failure for this test.<br><br><blockquote type="cite">*nat<br></blockquote><blockquote type="cite">-A POSTROUTING -j MASQUERADE<br></blockquote><blockquote type="cite">-A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE<br></blockquote><br>This looks unusual to me, because I normally MASQUERADE by selecting the output interface.<br><br><blockquote type="cite">*filter<br></blockquote><blockquote type="cite">:INPUT ACCEPT [0:0]<br></blockquote><blockquote type="cite">:FORWARD ACCEPT [0:0]<br></blockquote><blockquote type="cite">:OUTPUT ACCEPT [0:0]<br></blockquote><blockquote type="cite">...<br></blockquote><blockquote type="cite">-A FORWARD -j REJECT --reject-with icmp-port-unreachable<br></blockquote><br>You appear to be rejecting all forward packets in the OUTPUT rules?<br><br></body></html> <br />------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br />_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26534746&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26527733 Re: PPTP and iptables problem 2009-11-26T02:59:30Z 2009-11-26T02:59:30Z Serg Smirnoff well, <br>let's add again a two simple rules to forward like these: <br><br>iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT <br>iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT <br><br>and after that try to reach an external target and see how the counter <br>will changes in "iptables -nL FORWARD -v" output. <br><br>On Thu, Nov 26, 2009 at 1:43 PM, Fred <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527733&i=0" target="_top" rel="nofollow">fredbus@...</a>> wrote: <div class='shrinkable-quote'><br>> Here you go. Note that it doesn't contain any FORWARD rules anymore, <br>> as all the ones I tried didn't work. But according to James' page, the <br>> problem should be there... <br>> <br>> PPTP Client IP = 192.168.0.100-120 <br>> PPTP Server IP = 192.168.0.1 <br>> eth0 IP is a public Internet IP <br>> <br>> Pinging 192.168.0.1 works from the client; pinging external servers does not. <br>> <br>> # Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>> *mangle <br>> :PREROUTING ACCEPT [92672:54733713] <br>> :INPUT ACCEPT [33497:3256120] <br>> :FORWARD ACCEPT [59175:51477593] <br>> :OUTPUT ACCEPT [47961:52615592] <br>> :POSTROUTING ACCEPT [105702:104001760] <br>> COMMIT <br>> # Completed on Thu Nov 26 11:38:12 2009 <br>> # Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>> *nat <br>> :PREROUTING ACCEPT [61:4397] <br>> :POSTROUTING ACCEPT [0:0] <br>> :OUTPUT ACCEPT [1:60] <br>> -A POSTROUTING -j MASQUERADE <br>> -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE <br>> COMMIT <br>> # Completed on Thu Nov 26 11:38:12 2009 <br>> # Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>> *filter <br>> :INPUT ACCEPT [0:0] <br>> :FORWARD ACCEPT [0:0] <br>> :OUTPUT ACCEPT [0:0] <br>> -A INPUT -i ppp0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT <br>> -A INPUT -i lo -j ACCEPT <br>> -A INPUT -d 127.0.0.0/8 -i ! lo -j REJECT --reject-with icmp-port-unreachable <br>> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT <br>> -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT <br>> -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT <br>> -A INPUT -p tcp -m tcp --dport 11431 -j ACCEPT <br>> -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT <br>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 11430 -j ACCEPT <br>> -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT <br>> -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: <br>> " --log-level 7 <br>> -A INPUT -j REJECT --reject-with icmp-port-unreachable <br>> -A INPUT -d 194.50.91.233/32 -p tcp -m tcp --dport 1723 -j ACCEPT <br>> -A INPUT -i ppp0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT <br>> -A INPUT -i ppp0 -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT <br>> -A INPUT -p tcp -m tcp --dport 137 -j ACCEPT <br>> -A INPUT -p udp -m udp --dport 137 -j ACCEPT <br>> -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT <br>> -A INPUT -p udp -m udp --dport 139 -j ACCEPT <br>> -A FORWARD -j REJECT --reject-with icmp-port-unreachable <br>> -A OUTPUT -j ACCEPT <br>> COMMIT <br>> # Completed on Thu Nov 26 11:38:12 2009 <br>> <br>> <br>> 2009/11/26 Serg Smirnoff <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527733&i=1" target="_top" rel="nofollow">sergey.a.smirnov@...</a>>: <br>>> ok, gotcha :) <br>>> <br>>> show your current iptables configuration plz. <br>>> <br>>> On Thu, Nov 26, 2009 at 1:27 PM, Fred <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527733&i=2" target="_top" rel="nofollow">fredbus@...</a>> wrote: <br>>>> That's 1, of course ;-) <br>>>> See my other mail, it must be some kind of iptables FORWARD rule that <br>>>> I don't have, but I can't find out which one. <br>>>> <br>>>> On Thu, Nov 26, 2009 at 11:21 AM, Serg Smirnoff <br>>>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527733&i=3" target="_top" rel="nofollow">sergey.a.smirnov@...</a>> wrote: <br>>>>> huh, <br>>>>> and what's the output: <br>>>>> <br>>>>> # sysctl net.ipv4.ip_forward <br>>>>> <br>>>>> On Thu, Nov 26, 2009 at 1:05 PM, Fred <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527733&i=4" target="_top" rel="nofollow">fredbus@...</a>> wrote: <br>>>>>> If it only were that easy ;-) But it doesn't work. <br>>>>>> <br>>>>>> On Thu, Nov 26, 2009 at 10:42 AM, Serg Smirnoff <br>>>>>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527733&i=5" target="_top" rel="nofollow">sergey.a.smirnov@...</a>> wrote: <br>>>>>>> if the client IP from the private network you need to create the <br>>>>>>> appropriate rules in the NAT chain, e.g.: <br>>>>>>> <br>>>>>>> iptables -A POSTROUTING -t nat -s 192.168.0.100 -j MASQUERADE <br>>>>>> <br>>>>>> ------------------------------------------------------------------------------ <br>>>>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>>>>>> trial. Simplify your report design, integration and deployment - and focus on <br>>>>>> what you do best, core application coding. Discover what's new with <br>>>>>> Crystal Reports now. <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>>>>>> _______________________________________________ <br>>>>>> Poptop-server mailing list <br>>>>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527733&i=6" target="_top" rel="nofollow">Poptop-server@...</a> <br>>>>>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>>>>>> <br>>>>> <br>>>>> <br>>>>> <br>>>>> -- <br>>>>> Serg Smirnov <br>>>>> email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527733&i=7" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br>>>>> <br>>>> <br>>> <br>>> <br>>> <br>>> -- <br>>> Serg Smirnov <br>>> email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527733&i=8" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br>>> <br>> </div><br><br><br>-- <br>Serg Smirnov <br>email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527733&i=9" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527733&i=10" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26527548 Re: PPTP and iptables problem 2009-11-26T02:43:02Z 2009-11-26T02:43:02Z Frederick Gordts Here you go. Note that it doesn't contain any FORWARD rules anymore, <br>as all the ones I tried didn't work. But according to James' page, the <br>problem should be there... <br><br>PPTP Client IP = 192.168.0.100-120 <br>PPTP Server IP = 192.168.0.1 <br>eth0 IP is a public Internet IP <br><br>Pinging 192.168.0.1 works from the client; pinging external servers does not. <br><br># Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>*mangle <br>:PREROUTING ACCEPT [92672:54733713] <br>:INPUT ACCEPT [33497:3256120] <br>:FORWARD ACCEPT [59175:51477593] <br>:OUTPUT ACCEPT [47961:52615592] <br>:POSTROUTING ACCEPT [105702:104001760] <br>COMMIT <br># Completed on Thu Nov 26 11:38:12 2009 <br># Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>*nat <br>:PREROUTING ACCEPT [61:4397] <br>:POSTROUTING ACCEPT [0:0] <br>:OUTPUT ACCEPT [1:60] <br>-A POSTROUTING -j MASQUERADE <br>-A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE <br>COMMIT <br># Completed on Thu Nov 26 11:38:12 2009 <br># Generated by iptables-save v1.4.2 on Thu Nov 26 11:38:12 2009 <br>*filter <br>:INPUT ACCEPT [0:0] <br>:FORWARD ACCEPT [0:0] <br>:OUTPUT ACCEPT [0:0] <br>-A INPUT -i ppp0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT <br>-A INPUT -i lo -j ACCEPT <br>-A INPUT -d 127.0.0.0/8 -i ! lo -j REJECT --reject-with icmp-port-unreachable <br>-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 11431 -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT <br>-A INPUT -p tcp -m state --state NEW -m tcp --dport 11430 -j ACCEPT <br>-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT <br>-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: <br>" --log-level 7 <br>-A INPUT -j REJECT --reject-with icmp-port-unreachable <br>-A INPUT -d 194.50.91.233/32 -p tcp -m tcp --dport 1723 -j ACCEPT <br>-A INPUT -i ppp0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT <br>-A INPUT -i ppp0 -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 137 -j ACCEPT <br>-A INPUT -p udp -m udp --dport 137 -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT <br>-A INPUT -p udp -m udp --dport 139 -j ACCEPT <br>-A FORWARD -j REJECT --reject-with icmp-port-unreachable <br>-A OUTPUT -j ACCEPT <br>COMMIT <br># Completed on Thu Nov 26 11:38:12 2009 <br><br><br>2009/11/26 Serg Smirnoff <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527548&i=0" target="_top" rel="nofollow">sergey.a.smirnov@...</a>>: <div class='shrinkable-quote'><br>> ok, gotcha :) <br>> <br>> show your current iptables configuration plz. <br>> <br>> On Thu, Nov 26, 2009 at 1:27 PM, Fred <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527548&i=1" target="_top" rel="nofollow">fredbus@...</a>> wrote: <br>>> That's 1, of course ;-) <br>>> See my other mail, it must be some kind of iptables FORWARD rule that <br>>> I don't have, but I can't find out which one. <br>>> <br>>> On Thu, Nov 26, 2009 at 11:21 AM, Serg Smirnoff <br>>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527548&i=2" target="_top" rel="nofollow">sergey.a.smirnov@...</a>> wrote: <br>>>> huh, <br>>>> and what's the output: <br>>>> <br>>>> # sysctl net.ipv4.ip_forward <br>>>> <br>>>> On Thu, Nov 26, 2009 at 1:05 PM, Fred <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527548&i=3" target="_top" rel="nofollow">fredbus@...</a>> wrote: <br>>>>> If it only were that easy ;-) But it doesn't work. <br>>>>> <br>>>>> On Thu, Nov 26, 2009 at 10:42 AM, Serg Smirnoff <br>>>>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527548&i=4" target="_top" rel="nofollow">sergey.a.smirnov@...</a>> wrote: <br>>>>>> if the client IP from the private network you need to create the <br>>>>>> appropriate rules in the NAT chain, e.g.: <br>>>>>> <br>>>>>> iptables -A POSTROUTING -t nat -s 192.168.0.100 -j MASQUERADE <br>>>>> <br>>>>> ------------------------------------------------------------------------------ <br>>>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>>>>> trial. Simplify your report design, integration and deployment - and focus on <br>>>>> what you do best, core application coding. Discover what's new with <br>>>>> Crystal Reports now. <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>>>>> _______________________________________________ <br>>>>> Poptop-server mailing list <br>>>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527548&i=5" target="_top" rel="nofollow">Poptop-server@...</a> <br>>>>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>>>>> <br>>>> <br>>>> <br>>>> <br>>>> -- <br>>>> Serg Smirnov <br>>>> email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527548&i=6" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br>>>> <br>>> <br>> <br>> <br>> <br>> -- <br>> Serg Smirnov <br>> email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527548&i=7" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br>> </div><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527548&i=8" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26527523 xp sp3 vista seven mppe problem 2009-11-26T02:41:05Z 2009-11-26T02:41:05Z philippe gracia hi! <br><br>I have the same problem described here : <br><a href="http://sourceforge.net/mailarchive/message.php?msg_id=484FC86A.9020404%40wavenet.at" target="_top" rel="nofollow">http://sourceforge.net/mailarchive/message.php?msg_id=484FC86A.9020404%40wavenet.at</a>  <br><br><br>Here is a small explanation: <br><br>- XP3 sp3/vista/seven connect to a ppptpd-server, but cannot ping any <br>machine on the network, but all 98/200/xp client does. <br><br>To make it work, You must disable encryption in the connexion properties. <br><br>here is a cut/paste of the vista log : <br>Nov 26 11:24:12 mailhost pptpd[1463]: CTRL: Client xx.xx.xx.xx control <br>connection started <br>Nov 26 11:24:12 mailhost pptpd[1463]: CTRL: Starting call (launching <br>pppd, opening GRE) <br>Nov 26 11:24:12 mailhost pppd[1464]: Plugin <br>/usr/lib64/pptpd/pptpd-logwtmp.so loaded. <br>Nov 26 11:24:12 mailhost pppd[1464]: pppd 2.4.4 started by root, uid 0 <br>Nov 26 11:24:12 mailhost pppd[1464]: Starting negotiation on /dev/pts/3 <br>Nov 26 11:24:15 mailhost pptpd[1463]: CTRL: Ignored a SET LINK INFO <br>packet with real ACCMs! <br>Nov 26 11:24:15 mailhost pppd[1464]: Using interface ppp1 <br>Nov 26 11:24:15 mailhost pppd[1464]: MPPE 128-bit stateful compression <br>enabled <br>Nov 26 11:24:17 mailhost pppd[1464]: found interface eth1 for proxy arp <br>Nov 26 11:24:17 mailhost pppd[1464]: local  IP address 10.33.1.250 <br>Nov 26 11:24:17 mailhost pppd[1464]: remote IP address 10.33.1.75 <br><br><br>my options.pptpd: <br><br>name pptpd <br>lock <br>mtu 1400 <br>mru 1400 <br>proxyarp <br>auth <br>#debug <br>multilink <br><br># Strip the domain prefix from the username before authentication. <br># (applies if you use pppd with chapms-strip-domain patch) <br>#chapms-strip-domain <br><br><br># Encryption <br># (There have been multiple versions of PPP with encryption support, <br># choose with of the following sections you will use.) <br><br><br># BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o <br># {{{ <br>refuse-pap <br>refuse-chap <br>refuse-mschap <br># Require the peer to authenticate itself using MS-CHAPv2 [Microsoft <br># Challenge Handshake Authentication Protocol, Version 2] authentication. <br>require-mschap-v2 <br># Require MPPE 128-bit encryption <br># (note that MPPE requires the use of MSCHAP-V2 during authentication) <br>#require-mppe-128 <br>#mppe no128,no56 <br>mppe required <br><br># Miscellaneous <br><br># Create a UUCP-style lock file for the pseudo-tty to ensure exclusive <br># access. <br>lock <br><br># Disable BSD-Compress compression <br>nobsdcomp <br><br># Disable Van Jacobson compression <br># (needed on some networks with Windows 9x/ME/XP clients, see posting to <br># poptop-server on 14th April 2005 by Pawel Pokrywka and followups, <br># <a href="http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2" target="_top" rel="nofollow">http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2</a> ) <br>novj <br>novjccomp <br><br># turn off logging to stderr, since this may be redirected to pptpd <br>nologfd <br><br><br><br><br><br><br>I have a strange kernel error message : <br><br>Nov 25 15:31:14 mailhost kernel: mppe_comp_init[1]: unknown key length <br>Nov 25 17:04:34 mailhost kernel: mppe_decomp_init[1]: unknown key length <br><br><br>can someone help me resolve this ? <br><br>thanks by advance <br><br><br>---- <br>please excuse my poor english as i'm french ! ;) <br><br><br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527523&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26527351 Re: PPTP and iptables problem 2009-11-26T02:27:41Z 2009-11-26T02:27:41Z Frederick Gordts That's 1, of course ;-) <br>See my other mail, it must be some kind of iptables FORWARD rule that <br>I don't have, but I can't find out which one. <br><br>On Thu, Nov 26, 2009 at 11:21 AM, Serg Smirnoff <br><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527351&i=0" target="_top" rel="nofollow">sergey.a.smirnov@...</a>> wrote: <div class='shrinkable-quote'><br>> huh, <br>> and what's the output: <br>> <br>> # sysctl net.ipv4.ip_forward <br>> <br>> On Thu, Nov 26, 2009 at 1:05 PM, Fred <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527351&i=1" target="_top" rel="nofollow">fredbus@...</a>> wrote: <br>>> If it only were that easy ;-) But it doesn't work. <br>>> <br>>> On Thu, Nov 26, 2009 at 10:42 AM, Serg Smirnoff <br>>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527351&i=2" target="_top" rel="nofollow">sergey.a.smirnov@...</a>> wrote: <br>>>> if the client IP from the private network you need to create the <br>>>> appropriate rules in the NAT chain, e.g.: <br>>>> <br>>>> iptables -A POSTROUTING -t nat -s 192.168.0.100 -j MASQUERADE <br>>> <br>>> ------------------------------------------------------------------------------ <br>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>>> trial. Simplify your report design, integration and deployment - and focus on <br>>> what you do best, core application coding. Discover what's new with <br>>> Crystal Reports now. <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>>> _______________________________________________ <br>>> Poptop-server mailing list <br>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527351&i=3" target="_top" rel="nofollow">Poptop-server@...</a> <br>>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>>> <br>> <br>> <br>> <br>> -- <br>> Serg Smirnov <br>> email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527351&i=4" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br>> </div><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527351&i=5" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26527264 Re: PPTP and iptables problem 2009-11-26T02:21:59Z 2009-11-26T02:21:59Z Serg Smirnoff huh, <br>and what's the output: <br><br># sysctl net.ipv4.ip_forward <br><br>On Thu, Nov 26, 2009 at 1:05 PM, Fred <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527264&i=0" target="_top" rel="nofollow">fredbus@...</a>> wrote: <div class='shrinkable-quote'><br>> If it only were that easy ;-) But it doesn't work. <br>> <br>> On Thu, Nov 26, 2009 at 10:42 AM, Serg Smirnoff <br>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527264&i=1" target="_top" rel="nofollow">sergey.a.smirnov@...</a>> wrote: <br>>> if the client IP from the private network you need to create the <br>>> appropriate rules in the NAT chain, e.g.: <br>>> <br>>> iptables -A POSTROUTING -t nat -s 192.168.0.100 -j MASQUERADE <br>> <br>> ------------------------------------------------------------------------------ <br>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>> trial. Simplify your report design, integration and deployment - and focus on <br>> what you do best, core application coding. Discover what's new with <br>> Crystal Reports now. <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>> _______________________________________________ <br>> Poptop-server mailing list <br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527264&i=2" target="_top" rel="nofollow">Poptop-server@...</a> <br>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>> </div><br><br><br>-- <br>Serg Smirnov <br>email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527264&i=3" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527264&i=4" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26527076 Re: PPTP and iptables problem 2009-11-26T02:05:27Z 2009-11-26T02:05:27Z Frederick Gordts If it only were that easy ;-) But it doesn't work. <br><br>On Thu, Nov 26, 2009 at 10:42 AM, Serg Smirnoff <br><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527076&i=0" target="_top" rel="nofollow">sergey.a.smirnov@...</a>> wrote: <br>> if the client IP from the private network you need to create the <br>> appropriate rules in the NAT chain, e.g.: <br>> <br>> iptables -A POSTROUTING -t nat -s 192.168.0.100 -j MASQUERADE <br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527076&i=1" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26527077 Re: PPTP and iptables problem 2009-11-26T02:04:48Z 2009-11-26T02:04:48Z Frederick Gordts James, this is a great page! I did testing and it fails at step 4: <br>tcpdump doesn't show anything at this stage. <br>tcpdump -n -i eth0 icmp and dst host 209.85.227.103 <br>(using the IP of Google as a test) <br>Steps 1-3 all pass. <br><br>How can I solve this? I am using these variables: <br>Client Name : client <br>Client Tunnel Network Interface : ppp0 <br>Client Tunnel Network Interface Address : 192.168.0.100 <br>Server Name : server <br>Server Tunnel Network Interface : ppp0 <br>Server Tunnel Network Interface Address : 192.168.0.1 <br>Server External Network Interface : eth0 <br>Server External Network Interface Address : (server's public IP) <br>Target External Network Interface Address : 209.85.227.103 (google test IP) <br><br>Thanks for your help! <br><br>On Wed, Nov 25, 2009 at 11:30 PM, James Cameron <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527077&i=0" target="_top" rel="nofollow">quozl@...</a>> wrote: <br>> Familiar. <br>> <br>> Read what I wrote about it before: <br>> <a href="http://poptop.sourceforge.net/dox/diagnose-forwarding.phtml" target="_top" rel="nofollow">http://poptop.sourceforge.net/dox/diagnose-forwarding.phtml</a><br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26527077&i=1" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26526803 Re: PPTP and iptables problem 2009-11-26T01:42:58Z 2009-11-26T01:42:58Z Serg Smirnoff Greetings, <br><br>if the client IP from the private network you need to create the <br>appropriate rules in the NAT chain, e.g.: <br><br>iptables -A POSTROUTING -t nat -s 192.168.0.100 -j MASQUERADE <br><br>On Wed, Nov 25, 2009 at 12:40 PM, Fred <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26526803&i=0" target="_top" rel="nofollow">fredbus@...</a>> wrote: <div class='shrinkable-quote'><br>> I have done more testing and added rules to allow ppp0 for ports 67-69 <br>> and 137-139, and my error disappears. However, it still doesn't work. <br>> My syslog show exactly the same errors when I switch off iptables, and <br>> then everything works fine. When I switch on iptables again, I can't <br>> surf using the PPTP, but no other errors are logged in syslog. So I <br>> don't know what to do now... <br>> <br>> Pinging the pptp server (192.168.0.1) from the Windows client works <br>> fine even with iptables on, but I cannot ping an internet host (though <br>> it resolves fine using the DNS server of the PPTP server), giving me <br>> destination port unreachable. <br>> <br>> Any help would be greatly appreciated as I have now spent hours trying <br>> to resolve it. <br>> <br>> This is a sample log <br>> <br>> Nov 25 10:21:40 bevc pptpd[22917]: CTRL: Client x.x.x.x control <br>> connection started <br>> Nov 25 10:21:40 bevc pptpd[22917]: CTRL: Starting call (launching <br>> pppd, opening GRE) <br>> Nov 25 10:21:40 bevc pppd[22918]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. <br>> Nov 25 10:21:40 bevc pppd[22918]: pppd 2.4.4 started by root, uid 0 <br>> Nov 25 10:21:40 bevc pppd[22918]: Using interface ppp0 <br>> Nov 25 10:21:40 bevc pppd[22918]: Connect: ppp0 <--> /dev/pts/1 <br>> Nov 25 10:21:40 bevc pptpd[22917]: GRE: Bad checksum from pppd. (THIS <br>> ERROR SEEMS "NORMAL") <br>> Nov 25 10:21:43 bevc pptpd[22917]: CTRL: Ignored a SET LINK INFO <br>> packet with real ACCMs! (THIS ERROR SEEMS "NORMAL") <br>> Nov 25 10:21:44 bevc pppd[22918]: Cannot determine ethernet address <br>> for proxy ARP <br>> Nov 25 10:21:44 bevc pppd[22918]: local IP address 192.168.0.1 <br>> Nov 25 10:21:44 bevc pppd[22918]: remote IP address 192.168.0.100 <br>> Nov 25 10:21:50 bevc pppd[22918]: LCP terminated by peer <br>> (>M-Q^OB^@<M-Mt^@^@^@^@) <br>> Nov 25 10:21:50 bevc pppd[22918]: Connect time 0.1 minutes. <br>> Nov 25 10:21:50 bevc pppd[22918]: Sent 1214 bytes, received 2387 bytes. <br>> Nov 25 10:21:50 bevc pptpd[22917]: CTRL: Reaping child PPP[22918] <br>> Nov 25 10:21:50 bevc pppd[22918]: Modem hangup <br>> Nov 25 10:21:50 bevc pppd[22918]: Connection terminated. <br>> Nov 25 10:21:50 bevc pppd[22918]: Exit. <br>> Nov 25 10:21:50 bevc pptpd[22917]: CTRL: Client x.x.x.x control <br>> connection finished <br>> <br>> On Tue, Nov 24, 2009 at 7:38 PM, Edvin Seferovic | Kolpinghaus <br>> St.Polten <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26526803&i=1" target="_top" rel="nofollow">edvin.seferovic@...</a>> wrote: <br>>> Hi, <br>>> <br>>> you should allow traffic to flow from and to the PPP interface that has been <br>>> created when the VPN connection got set up. <br>>> <br>>> ipt -A INPUT -i ppp+ -j ACCEPT <br>>> ipt -A OUTPUT -o ppp+ -j ACCEPT <br>>> ipt -A FORWARD -i ppp+ -j ACCEPT <br>>> ipt -A FORWARD -o ppp+ -j ACCEPT <br>>> <br>>> <br>>> There are also scripts which are started when the interface is brought up or <br>>> down. /etc/ppp/ip-up ... you can enter some specific rules there. <br>>> <br>>> Regards, <br>>> E:S <br>>> <br>>> -----Original Message----- <br>>> From: Fred [mailto:<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26526803&i=2" target="_top" rel="nofollow">fredbus@...</a>] <br>>> Sent: Dienstag, 24. November 2009 19:21 <br>>> To: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26526803&i=3" target="_top" rel="nofollow">poptop-server@...</a> <br>>> Subject: Re: [Poptop-server] PPTP and iptables problem <br>>> <br>>> Well my problem is that I can't connect to any websites through the <br>>> VPN. They just time out. When I clear all iptables rules, it works <br>>> fine. <br>>> <br>>> PPTP on the server has a WAN IP (eth0) and gives a LAN IP to the PPTP <br>>> client (192.168.0.100) when connecting to the server. <br>>> <br>>> So it must be some iptables rule, but I cannot find it at all... <br>>> <br>>> On Tue, Nov 24, 2009 at 6:13 PM, Charlie Brady <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26526803&i=4" target="_top" rel="nofollow">charlie_brady@...</a>> <br>>> wrote: <br>>>>> I am happily running PPTP/Poptop on Debian 5.0 as a server, connecting <br>>>>> with a Windows VPN client. It works fine if iptables is disabled, but <br>>>>> when I enable it, I get problems. <br>>>> <br>>>> What problems do you have? All we know is that you see some iptables <br>>>> 'denied' messages. <br>>>> <br>>>>> I have these rules: <br>>>>> -A INPUT -p tcp --dport 1723 -j ACCEPT <br>>>>> -A INPUT -p gre -j ACCEPT <br>>>>> -A INPUT -p tcp -s 0/0 -d (server IP) --dport 1723 -j ACCEPT <br>>>>> <br>>>>> This lets me connect to the server, but when I try to send traffic <br>>>>> over the link (eg visiting a website), syslog shows me this error <br>>>>> <br>>>>> Nov 24 17:56:23 bevc kernel: [3906338.922822] iptables denied: IN=ppp0 <br>>>>> OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>>>>> PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=308 <br>>>>> Nov 24 17:56:26 bevc kernel: [3906341.923159] iptables denied: IN=ppp0 <br>>>>> OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>>>>> PREC=0x00 TTL=128 ID=13 PROTO=UDP SPT=68 DPT=67 LEN=308 <br>>>> <br>>>> That appears to be your peer sending DHCP client discovery messages. <br>>>> <br>>>>> ppp0 is the pptp connection on the server. (default) and pptp <br>>>>> allocates 192.168.0.100 to the client <br>>>>> <br>>>>> Any idea how to solve this? I have spent hours trying to come up with <br>>>>> the correct iptables rule, but can't find it. <br>>>> <br>>>> <br>>> <br>>> ---------------------------------------------------------------------------- <br>>> -- <br>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>>> trial. Simplify your report design, integration and deployment - and focus <br>>> on <br>>> what you do best, core application coding. Discover what's new with <br>>> Crystal Reports now. <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>>> _______________________________________________ <br>>> Poptop-server mailing list <br>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26526803&i=5" target="_top" rel="nofollow">Poptop-server@...</a> <br>>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>>> <br>>> <br>>> ------------------------------------------------------------------------------ <br>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>>> trial. Simplify your report design, integration and deployment - and focus on <br>>> what you do best, core application coding. Discover what's new with <br>>> Crystal Reports now. <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>>> _______________________________________________ <br>>> Poptop-server mailing list <br>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26526803&i=6" target="_top" rel="nofollow">Poptop-server@...</a> <br>>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>>> <br>> <br>> ------------------------------------------------------------------------------ <br>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>> trial. Simplify your report design, integration and deployment - and focus on <br>> what you do best, core application coding. Discover what's new with <br>> Crystal Reports now. <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>> _______________________________________________ <br>> Poptop-server mailing list <br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26526803&i=7" target="_top" rel="nofollow">Poptop-server@...</a> <br>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>> </div><br><br><br>-- <br>Serg Smirnov <br>email/xmpp: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26526803&i=8" target="_top" rel="nofollow">Sergey.A.Smirnov@...</a> <br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26526803&i=9" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26524618 Re: poptop+freeradius 2009-11-25T21:42:10Z 2009-11-25T21:42:10Z maodan Hi, Oguzhan<br><br>I checked my radacct table, there no problem. My radacct table like that:<br>+------------------+-----------------+<br>| callingstationid | framedipaddress |<br>+------------------+-----------------+<br> | XXX.42.176.XXX | 192.168.10.234 | <br><br>I think that you maybe not configure your radiusclient correct. Check that if you create dictionary for pptp protocol correctly.<br><br>I couldn't help you the 2nd problem, I am also confused with radius disconnect packet.<br> <br><div class="gmail_quote">On Tue, Nov 24, 2009 at 7:30 PM, Oguzhan Kayhan <span dir="ltr"><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26524618&i=0" target="_top" rel="nofollow">oguzhank@...</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Hello,<br> I made a configuration for freeradius+pptp+mysql<br> <br> Everythings working great..Except some minor problems..<br> Here's follows..<br> <br> I am checking radacct table on mysql to see the logs..<br> Ok. i can see connection dates..total data trasnfers.. username etc..but..<br> it doesnt show callingstationid for the user that connects to vpn..<br> Just the framedIpAddress that user gets..<br> Does anybody had such problem.. or is there any way to log the callingip<br> addresses on mysql also???<br> <br> Second problem..<br> Is there a way to disconnect pptp user via radius disconnect packet??<br> <br> <br> Thanks..<br> <br> <br> <br> <br> ------------------------------------------------------------------------------<br> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day<br> trial. Simplify your report design, integration and deployment - and focus on<br> what you do best, core application coding. Discover what's new with<br> Crystal Reports now. <a href="http://p.sf.net/sfu/bobj-july" target="_blank" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br> _______________________________________________<br> Poptop-server mailing list<br> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26524618&i=1" target="_top" rel="nofollow">Poptop-server@...</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_blank" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br> </blockquote></div><br> <br />------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br />_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26524618&i=2" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26521461 Re: PPTP and iptables problem 2009-11-25T14:30:42Z 2009-11-25T14:30:42Z James Cameron-8 On 25/11/2009, at 8:40 PM, Fred wrote: <br>> I have done more testing and added rules to allow ppp0 for ports 67-69 <br>> and 137-139, and my error disappears. However, it still doesn't work. <br>> My syslog show exactly the same errors when I switch off iptables, and <br>> then everything works fine. When I switch on iptables again, I can't <br>> surf using the PPTP, but no other errors are logged in syslog. So I <br>> don't know what to do now... <br><br>Sounds like forwarding problems. <br><br>> Pinging the pptp server (192.168.0.1) from the Windows client works <br>> fine even with iptables on, but I cannot ping an internet host (though <br>> it resolves fine using the DNS server of the PPTP server), giving me <br>> destination port unreachable. <br><br>Sounds very like forwarding problem. <br><br>Familiar. <br><br>Read what I wrote about it before: <br><a href="http://poptop.sourceforge.net/dox/diagnose-forwarding.phtml" target="_top" rel="nofollow">http://poptop.sourceforge.net/dox/diagnose-forwarding.phtml</a><br><br><br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26521461&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26509907 Re: PPTP and iptables problem 2009-11-25T01:40:55Z 2009-11-25T01:40:55Z Frederick Gordts I have done more testing and added rules to allow ppp0 for ports 67-69 <br>and 137-139, and my error disappears. However, it still doesn't work. <br>My syslog show exactly the same errors when I switch off iptables, and <br>then everything works fine. When I switch on iptables again, I can't <br>surf using the PPTP, but no other errors are logged in syslog. So I <br>don't know what to do now... <br><br>Pinging the pptp server (192.168.0.1) from the Windows client works <br>fine even with iptables on, but I cannot ping an internet host (though <br>it resolves fine using the DNS server of the PPTP server), giving me <br>destination port unreachable. <br><br>Any help would be greatly appreciated as I have now spent hours trying <br>to resolve it. <br><br>This is a sample log <br><br>Nov 25 10:21:40 bevc pptpd[22917]: CTRL: Client x.x.x.x control <br>connection started <br>Nov 25 10:21:40 bevc pptpd[22917]: CTRL: Starting call (launching <br>pppd, opening GRE) <br>Nov 25 10:21:40 bevc pppd[22918]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. <br>Nov 25 10:21:40 bevc pppd[22918]: pppd 2.4.4 started by root, uid 0 <br>Nov 25 10:21:40 bevc pppd[22918]: Using interface ppp0 <br>Nov 25 10:21:40 bevc pppd[22918]: Connect: ppp0 <--> /dev/pts/1 <br>Nov 25 10:21:40 bevc pptpd[22917]: GRE: Bad checksum from pppd. (THIS <br>ERROR SEEMS "NORMAL") <br>Nov 25 10:21:43 bevc pptpd[22917]: CTRL: Ignored a SET LINK INFO <br>packet with real ACCMs! (THIS ERROR SEEMS "NORMAL") <br>Nov 25 10:21:44 bevc pppd[22918]: Cannot determine ethernet address <br>for proxy ARP <br>Nov 25 10:21:44 bevc pppd[22918]: local  IP address 192.168.0.1 <br>Nov 25 10:21:44 bevc pppd[22918]: remote IP address 192.168.0.100 <br>Nov 25 10:21:50 bevc pppd[22918]: LCP terminated by peer <br>(>M-Q^OB^@<M-Mt^@^@^@^@) <br>Nov 25 10:21:50 bevc pppd[22918]: Connect time 0.1 minutes. <br>Nov 25 10:21:50 bevc pppd[22918]: Sent 1214 bytes, received 2387 bytes. <br>Nov 25 10:21:50 bevc pptpd[22917]: CTRL: Reaping child PPP[22918] <br>Nov 25 10:21:50 bevc pppd[22918]: Modem hangup <br>Nov 25 10:21:50 bevc pppd[22918]: Connection terminated. <br>Nov 25 10:21:50 bevc pppd[22918]: Exit. <br>Nov 25 10:21:50 bevc pptpd[22917]: CTRL: Client x.x.x.x control <br>connection finished <br><br>On Tue, Nov 24, 2009 at 7:38 PM, Edvin Seferovic | Kolpinghaus <br>St.Polten <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26509907&i=0" target="_top" rel="nofollow">edvin.seferovic@...</a>> wrote: <div class='shrinkable-quote'><br>> Hi, <br>> <br>> you should allow traffic to flow from and to the PPP interface that has been <br>> created when the VPN connection got set up. <br>> <br>> ipt -A INPUT -i ppp+ -j ACCEPT <br>> ipt -A OUTPUT -o ppp+ -j ACCEPT <br>> ipt -A FORWARD -i ppp+ -j ACCEPT <br>> ipt -A FORWARD -o ppp+ -j ACCEPT <br>> <br>> <br>> There are also scripts which are started when the interface is brought up or <br>> down. /etc/ppp/ip-up ... you can enter some specific rules there. <br>> <br>> Regards, <br>> E:S <br>> <br>> -----Original Message----- <br>> From: Fred [mailto:<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26509907&i=1" target="_top" rel="nofollow">fredbus@...</a>] <br>> Sent: Dienstag, 24. November 2009 19:21 <br>> To: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26509907&i=2" target="_top" rel="nofollow">poptop-server@...</a> <br>> Subject: Re: [Poptop-server] PPTP and iptables problem <br>> <br>> Well my problem is that I can't connect to any websites through the <br>> VPN. They just time out. When I clear all iptables rules, it works <br>> fine. <br>> <br>> PPTP on the server has a WAN IP (eth0) and gives a LAN IP to the PPTP <br>> client (192.168.0.100) when connecting to the server. <br>> <br>> So it must be some iptables rule, but I cannot find it at all... <br>> <br>> On Tue, Nov 24, 2009 at 6:13 PM, Charlie Brady <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26509907&i=3" target="_top" rel="nofollow">charlie_brady@...</a>> <br>> wrote: <br>>>> I am happily running PPTP/Poptop on Debian 5.0 as a server, connecting <br>>>> with a Windows VPN client. It works fine if iptables is disabled, but <br>>>> when I enable it, I get problems. <br>>> <br>>> What problems do you have? All we know is that you see some iptables <br>>> 'denied' messages. <br>>> <br>>>> I have these rules: <br>>>> -A INPUT -p tcp --dport 1723 -j ACCEPT <br>>>> -A INPUT -p gre -j ACCEPT <br>>>> -A INPUT -p tcp -s 0/0 -d (server IP) --dport 1723 -j ACCEPT <br>>>> <br>>>> This lets me connect to the server, but when I try to send traffic <br>>>> over the link (eg visiting a website), syslog shows me this error <br>>>> <br>>>> Nov 24 17:56:23 bevc kernel: [3906338.922822] iptables denied: IN=ppp0 <br>>>> OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>>>> PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=308 <br>>>> Nov 24 17:56:26 bevc kernel: [3906341.923159] iptables denied: IN=ppp0 <br>>>> OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>>>> PREC=0x00 TTL=128 ID=13 PROTO=UDP SPT=68 DPT=67 LEN=308 <br>>> <br>>> That appears to be your peer sending DHCP client discovery messages. <br>>> <br>>>> ppp0 is the pptp connection on the server. (default) and pptp <br>>>> allocates 192.168.0.100 to the client <br>>>> <br>>>> Any idea how to solve this? I have spent hours trying to come up with <br>>>> the correct iptables rule, but can't find it. <br>>> <br>>> <br>> <br>> ---------------------------------------------------------------------------- <br>> -- <br>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>> trial. Simplify your report design, integration and deployment - and focus <br>> on <br>> what you do best, core application coding. Discover what's new with <br>> Crystal Reports now. <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>> _______________________________________________ <br>> Poptop-server mailing list <br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26509907&i=4" target="_top" rel="nofollow">Poptop-server@...</a> <br>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>> <br>> <br>> ------------------------------------------------------------------------------ <br>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>> trial. Simplify your report design, integration and deployment - and focus on <br>> what you do best, core application coding. Discover what's new with <br>> Crystal Reports now. <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>> _______________________________________________ <br>> Poptop-server mailing list <br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26509907&i=5" target="_top" rel="nofollow">Poptop-server@...</a> <br>> <a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br>> </div><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26509907&i=6" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26501592 Re: PPTP and iptables problem 2009-11-24T10:38:54Z 2009-11-24T10:38:54Z Edvin Seferovic Hi, <br><br>you should allow traffic to flow from and to the PPP interface that has been <br>created when the VPN connection got set up. <br><br>ipt -A INPUT -i ppp+ -j ACCEPT <br>ipt -A OUTPUT -o ppp+ -j ACCEPT <br>ipt -A FORWARD -i ppp+ -j ACCEPT <br>ipt -A FORWARD -o ppp+ -j ACCEPT <br><br><br>There are also scripts which are started when the interface is brought up or <br>down. /etc/ppp/ip-up ... you can enter some specific rules there. <br><br>Regards, <br>E:S <br><br>-----Original Message----- <br>From: Fred [mailto:<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26501592&i=0" target="_top" rel="nofollow">fredbus@...</a>] <br>Sent: Dienstag, 24. November 2009 19:21 <br>To: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26501592&i=1" target="_top" rel="nofollow">poptop-server@...</a> <br>Subject: Re: [Poptop-server] PPTP and iptables problem <br><br>Well my problem is that I can't connect to any websites through the <br>VPN. They just time out. When I clear all iptables rules, it works <br>fine. <br><br>PPTP on the server has a WAN IP (eth0) and gives a LAN IP to the PPTP <br>client (192.168.0.100) when connecting to the server. <br><br>So it must be some iptables rule, but I cannot find it at all... <br><br>On Tue, Nov 24, 2009 at 6:13 PM, Charlie Brady <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26501592&i=2" target="_top" rel="nofollow">charlie_brady@...</a>> <br>wrote: <div class='shrinkable-quote'><br>>> I am happily running PPTP/Poptop on Debian 5.0 as a server, connecting <br>>> with a Windows VPN client. It works fine if iptables is disabled, but <br>>> when I enable it, I get problems. <br>> <br>> What problems do you have? All we know is that you see some iptables <br>> 'denied' messages. <br>> <br>>> I have these rules: <br>>> -A INPUT -p tcp --dport 1723 -j ACCEPT <br>>> -A INPUT -p gre -j ACCEPT <br>>> -A INPUT -p tcp -s 0/0 -d (server IP) --dport 1723 -j ACCEPT <br>>> <br>>> This lets me connect to the server, but when I try to send traffic <br>>> over the link (eg visiting a website), syslog shows me this error <br>>> <br>>> Nov 24 17:56:23 bevc kernel: [3906338.922822] iptables denied: IN=ppp0 <br>>> OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>>> PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=308 <br>>> Nov 24 17:56:26 bevc kernel: [3906341.923159] iptables denied: IN=ppp0 <br>>> OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>>> PREC=0x00 TTL=128 ID=13 PROTO=UDP SPT=68 DPT=67 LEN=308 <br>> <br>> That appears to be your peer sending DHCP client discovery messages. <br>> <br>>> ppp0 is the pptp connection on the server. (default) and pptp <br>>> allocates 192.168.0.100 to the client <br>>> <br>>> Any idea how to solve this? I have spent hours trying to come up with <br>>> the correct iptables rule, but can't find it. <br>> <br>> </div><br>---------------------------------------------------------------------------- <br>-- <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus <br>on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26501592&i=3" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26501592&i=4" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26500978 Re: PPTP and iptables problem 2009-11-24T10:21:14Z 2009-11-24T10:21:14Z Frederick Gordts Well my problem is that I can't connect to any websites through the <br>VPN. They just time out. When I clear all iptables rules, it works <br>fine. <br><br>PPTP on the server has a WAN IP (eth0) and gives a LAN IP to the PPTP <br>client (192.168.0.100) when connecting to the server. <br><br>So it must be some iptables rule, but I cannot find it at all... <br><br>On Tue, Nov 24, 2009 at 6:13 PM, Charlie Brady <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26500978&i=0" target="_top" rel="nofollow">charlie_brady@...</a>> wrote: <div class='shrinkable-quote'><br>>> I am happily running PPTP/Poptop on Debian 5.0 as a server, connecting <br>>> with a Windows VPN client. It works fine if iptables is disabled, but <br>>> when I enable it, I get problems. <br>> <br>> What problems do you have? All we know is that you see some iptables <br>> 'denied' messages. <br>> <br>>> I have these rules: <br>>> -A INPUT -p tcp --dport 1723 -j ACCEPT <br>>> -A INPUT -p gre -j ACCEPT <br>>> -A INPUT -p tcp -s 0/0 -d (server IP) --dport 1723 -j ACCEPT <br>>> <br>>> This lets me connect to the server, but when I try to send traffic <br>>> over the link (eg visiting a website), syslog shows me this error <br>>> <br>>> Nov 24 17:56:23 bevc kernel: [3906338.922822] iptables denied: IN=ppp0 <br>>> OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>>> PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=308 <br>>> Nov 24 17:56:26 bevc kernel: [3906341.923159] iptables denied: IN=ppp0 <br>>> OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>>> PREC=0x00 TTL=128 ID=13 PROTO=UDP SPT=68 DPT=67 LEN=308 <br>> <br>> That appears to be your peer sending DHCP client discovery messages. <br>> <br>>> ppp0 is the pptp connection on the server. (default) and pptp <br>>> allocates 192.168.0.100 to the client <br>>> <br>>> Any idea how to solve this? I have spent hours trying to come up with <br>>> the correct iptables rule, but can't find it. <br>> <br>> </div><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26500978&i=1" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26499845 Re: PPTP and iptables problem 2009-11-24T09:13:34Z 2009-11-24T09:13:34Z Charlie Brady-13 <br>On Tue, 24 Nov 2009, Frederick Gordts wrote: <br><br>> Hello  list, <br>> <br>> I am happily running PPTP/Poptop on Debian 5.0 as a server, connecting <br>> with a Windows VPN client. It works fine if iptables is disabled, but <br>> when I enable it, I get problems. <br><br>What problems do you have? All we know is that you see some iptables <br>'denied' messages. <br><div class='shrinkable-quote'><br>> I have these rules: <br>> -A INPUT -p tcp --dport 1723 -j ACCEPT <br>> -A INPUT -p gre -j ACCEPT <br>> -A INPUT -p tcp -s 0/0 -d (server IP) --dport 1723 -j ACCEPT <br>> <br>> This lets me connect to the server, but when I try to send traffic <br>> over the link (eg visiting a website), syslog shows me this error <br>> <br>> Nov 24 17:56:23 bevc kernel: [3906338.922822] iptables denied: IN=ppp0 <br>> OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>> PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=308 <br>> Nov 24 17:56:26 bevc kernel: [3906341.923159] iptables denied: IN=ppp0 <br>> OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>> PREC=0x00 TTL=128 ID=13 PROTO=UDP SPT=68 DPT=67 LEN=308 </div><br>That appears to be your peer sending DHCP client discovery messages. <br><br>> ppp0 is the pptp connection on the server. (default) and pptp <br>> allocates 192.168.0.100 to the client <br>> <br>> Any idea how to solve this? I have spent hours trying to come up with <br>> the correct iptables rule, but can't find it. <br><br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26499845&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26499711 PPTP and iptables problem 2009-11-24T09:06:07Z 2009-11-24T09:06:07Z Frederick Gordts Hello  list, <br><br>I am happily running PPTP/Poptop on Debian 5.0 as a server, connecting <br>with a Windows VPN client. It works fine if iptables is disabled, but <br>when I enable it, I get problems. <br><br>I have these rules: <br>-A INPUT -p tcp --dport 1723 -j ACCEPT <br>-A INPUT -p gre -j ACCEPT <br>-A INPUT -p tcp -s 0/0 -d (server IP) --dport 1723 -j ACCEPT <br><br>This lets me connect to the server, but when I try to send traffic <br>over the link (eg visiting a website), syslog shows me this error <br><br>Nov 24 17:56:23 bevc kernel: [3906338.922822] iptables denied: IN=ppp0 <br>OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>PREC=0x00 TTL=128 ID=1 PROTO=UDP SPT=68 DPT=67 LEN=308 <br>Nov 24 17:56:26 bevc kernel: [3906341.923159] iptables denied: IN=ppp0 <br>OUT= MAC= SRC=192.168.0.100 DST=255.255.255.255 LEN=328 TOS=0x00 <br>PREC=0x00 TTL=128 ID=13 PROTO=UDP SPT=68 DPT=67 LEN=308 <br><br>ppp0 is the pptp connection on the server. (default) and pptp <br>allocates 192.168.0.100 to the client <br><br>Any idea how to solve this? I have spent hours trying to come up with <br>the correct iptables rule, but can't find it. <br><br>Thanks <br>Fred <br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26499711&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26494618 poptop+freeradius 2009-11-24T03:30:05Z 2009-11-24T03:30:05Z Oguzhan Kayhan Hello, <br>I made a configuration for freeradius+pptp+mysql <br><br>Everythings working great..Except some minor problems.. <br>Here's follows.. <br><br>I am checking radacct table on mysql to see the logs.. <br>Ok. i can see connection dates..total data trasnfers.. username etc..but.. <br>it doesnt show callingstationid for the user that connects to vpn.. <br>Just the framedIpAddress that user gets.. <br>Does anybody had such problem.. or is there any way to log the callingip <br>addresses on mysql also??? <br><br>Second problem.. <br>Is there a way to disconnect pptp user via radius disconnect packet?? <br><br><br>Thanks.. <br><br><br><br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26494618&i=0" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p> tag:old.nabble.com,2006:post-26478446 Re: Debian server: PPTP over SSH, for MICROSOFT XP CLIENT? 2009-11-23T05:51:50Z 2009-11-23T05:51:50Z Charlie Brady-13 <br>On Sun, 22 Nov 2009, yellow protoss wrote: <br><br>> Hi <br>> <br>> It has nothing to do with consulting. Linux is GNU free. And everyone buy <br>> using Linux is contributing to its success. <br>> If you have no time, ok, I do understand. <br>> <br>> Look on forums, e.g. Ubuntuforums, the community is really nice and everyone <br>> is helping each other. <br><br>Listen "yellow", if you want to ask questions of the community, don't send <br>email directly to me. Ask the mailing list. If you send questions directly <br>to me, then accept what answer I give you, and don't complain to "the <br>community". <br><br>Please take the time to read this: <br><br><a href="http://www.eyrie.org/~eagle/faqs/questions.html" target="_top" rel="nofollow">http://www.eyrie.org/~eagle/faqs/questions.html</a><br><br>Your proposal is impractical, since GRE packets cannot be forwarded over <br>an SSH connection. <br><div class='shrinkable-quote'><br>> <br>> Have a nice sunday, <br>> Best regards <br>> Y. <br>> <br>> <br>> On Sat, Nov 21, 2009 at 6:09 PM, Charlie Brady <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26478446&i=0" target="_top" rel="nofollow">charlie_brady@...</a>>wrote: <br>> <br>> > <br>> > On Sat, 21 Nov 2009, yellow protoss wrote: <br>> > <br>> > > I have several questions, if you dont mind. <br>> > <br>> > Sorry, I don't do PPTP consulting. <br>> > <br>> > > <br>> > > PPTP is it secured over the whole net? <br>> > > <br>> > > *PPTP* uses TCP *port* 1723. <br>> > > <br>> > > Can PPTP be made secured to work like a windows server 2000, I mean, it <br>> > has <br>> > > great potential. <br>> > > It is so easy to make it work. <br>> > > just apt-get install <br>> > > <br>> > > the only missing would be a security that wouldnt be SSL since it is very <br>> > > hard to configure. <br>> > > <br>> > > ... hmmm still thinking how to make PPTP work over the net, to access my <br>> > > home in all security. <br>> > > <br>> > > <br>> > > <br>> > <a href="http://yellowprotoss.ye.funpic.org/website/pptp_over_ssh/PPTP_SECURED_UBUNTU.jpg" target="_top" rel="nofollow">http://yellowprotoss.ye.funpic.org/website/pptp_over_ssh/PPTP_SECURED_UBUNTU.jpg</a><br>> > > <br>> > > Best regards <br>> > > Y. <br>> > > <br>> > > <br>> > > <br>> > > On Sat, Nov 21, 2009 at 3:51 PM, Charlie Brady <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26478446&i=1" target="_top" rel="nofollow">charlie_brady@...</a> <br>> > >wrote: <br>> > > <br>> > > > <br>> > > > On Sat, 21 Nov 2009, yellow protoss wrote: <br>> > > > <br>> > > > > That idea is quite nice, no? or has issues. <br>> > > > <br>> > > > No, it has issues. SSH can only forward TCP connections. PPTP uses GRE <br>> > > > packets as transport. <br>> > > > <br>> > > > --- <br>> > > > Charlie <br>> > > > <br>> > > > <br>> > > </div><br>--- <br>Charlie <br><br><br>------------------------------------------------------------------------------ <br>Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day <br>trial. Simplify your report design, integration and deployment - and focus on <br>what you do best, core application coding. Discover what's new with <br>Crystal Reports now.  <a href="http://p.sf.net/sfu/bobj-july" target="_top" rel="nofollow">http://p.sf.net/sfu/bobj-july</a><br>_______________________________________________ <br>Poptop-server mailing list <br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26478446&i=2" target="_top" rel="nofollow">Poptop-server@...</a> <br><a href="https://lists.sourceforge.net/lists/listinfo/poptop-server" target="_top" rel="nofollow">https://lists.sourceforge.net/lists/listinfo/poptop-server</a><br><p>From forum: <a href="http://old.nabble.com/poptop-server-f4437.html" embed="fixTarget[4437]" target="_top" >poptop-server</a></p>