klicker83
17.10.04, 17:16
Hi Leute hab folgendes Problem ich versuche jetzt schon seit geraumer Zeit einen VPN Server unter SuSE Linux 9.0 zum laufen zu bringen dazu benutze ich PPTPD.
Meine configuration:
/etc/pptpd.conf
speed 115200
option /etc/ppp/options
debug
localip 192.168.0.234
remoteip 192.168.0.235-238
#ipxnets 00001000-00001FFF
#listen 192.168.0.1
pidfile /var/run/pptpd.pid
/etc/ppp/options
# /etc/ppp/options
debug
lock
auth
+chapms-v2
mppe-128
mppe-stateless
#mru 1440
#mtu 1490
#nodetach
#lcp-echo-interval 30
#lcp-echo-failure 4
#lcp-max-configure 60
#lcp-restart 2
#idle 600
# Disable the IPXCP and IPX protocols.
noipx
proxyarp
ms-dns 192.168.0.1
#ms-dns 192.168.1.2
ms-wins 192.168.0.2
#ms-wins 192.168.1.51
/etc/ppp/chap-secrets
test * testpw 192.168.0.236
/etc/ppp/options
# /etc/ppp/options
#
# Not every option is listed here, see man pppd for more details.
# This file is read by the pppd, it is an error when it is not present.
#
# use the following command to see the active options:
# grep -v ^# /etc/ppp/options | grep -v ^$
#
# The name of this server. Often, the FQDN is used here.
#name <host>
# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname
# If no local IP address is given, pppd will use the first IP address
# that belongs to the local hostname. If "noipdefault" is given, this
# is disabled and the peer will have to supply an IP address.
noipdefault
# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local
# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote
# Run the executable or shell command specified after pppd has terminated
# the link. This script could, for example, issue commands to the modem
# to cause it to hang up if hardware modem control signals were not
# available.
# If mgetty is running, it will reset the modem anyway. So there is no need
# to do it here.
#disconnect "chat -- \d+++\d\c OK ath0 OK"
# Increase debugging level (same as -d). The debug output is written
# to syslog LOG_LOCAL2.
#debug
# Enable debugging code in the kernel-level PPP driver. The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n
# noauth means do not require the peer to authenticate itself, this must
# be set if you want to use pppd to connect to the internet. In this case
# *you* must authenicate yourself to the peer(internet provider), so do
# not disable this setting unless you are the dial-in server which where
# the peer has to autenticate to.
noauth
# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
crtscts
# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock
# Use the modem control lines.(is default)
modem
# The opposite: local
#
# Description:
# Don't use the modem control lines. With this
# option, pppd will ignore the state of the CD (Car*
# rier Detect) signal from the modem and will not
# change the state of the DTR (Data Terminal Ready)
# signal.
#
# You need to disable modem and enable local if you want to connect
# to anoter system without using a modem:
#local
# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it. 0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
# To allow pppd to work over a rlogin/telnet connection, ou should escape
# XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".)
#asyncmap 200a0000
asyncmap 0
# needed for some ISDN Terminaladaters, namely ELSA, those seem to have
# problems with asyncmap negotiation, so you can turn off this procedure
# in case your ISDN box has trouble with it, by enabling this option.
# You have to disable the asyncmap <x> option to be sure to have it
# active. If you use wvdial, set the ISDN parameter in /etc/wvdial.conf
# instead.
#default-asyncmap
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data). The value 1492 is for DSL connections (PPP Default -
# PPPoE Header: 1500 - 8 = 1492)
# mru 1492
# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface. The value 1492 is for DSL connections
# (PPP Default - PPPoE Header: 1500 - 8 = 1492)
# mtu 1492
# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0
# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
nodetach
# If this option is given, pppd will send an LCP echo-request frame to
# the peer every n seconds. Under Linux, the echo-request is sent when
# no packets have been received from the peer for n seconds. Normally
# the peer should respond to the echo-request by sending an echo-reply.
# This option can be used with the lcp-echo-failure option to detect
# that the peer is no longer connected.
lcp-echo-interval 30
# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection. Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4
# Send up to 60 LCP configure-request during negotiation. With a value
# of 2 for lcp-restart below, this might take up to 2 minutes.
lcp-max-configure 60
# Resend unanswered LCP requests after 2 seconds.
lcp-restart 2
# Specifies that pppd should disconnect if the link is idle for n seconds.
idle 600
# Specifies the maximal number of attempts to connect to the server. This
# is useful for dial on demand. Default value is 10.
#maxfail 3
# Disable the IPXCP and IPX protocols.
noipx
# In the file /etc/ppp/filters are some active-filter rules. See man pppd
# and man tcpdump for more informations.
file /etc/ppp/filters
#-------------------------------------------------------------------------
# The next two options are only interesting for you if you are admin of
# a system with other users that use ppp, and those users are normally
# never allowed to add default route, or you do not want users to
# replace the default route.
#-------------------------------------------------------------------------
# enable this to prevent users from attempting to add a default route.
# Use this option with caution: If the user needs to use a program like
# wvdial, he will not be able to connect because wvdial forces defaulroute
# but this is rejected by this option and the user will not be able to
# connect to the internet.
#nodefaultroute
# enable this to prevent users from replacing an existing default route.
#noreplacedefaultroute
#-------------------------------------------------------------------------
# All options below only make sense if you configure pppd to be a dial-in
# server, so don't touch these if you want dial into your provider with
# PPP!
#-------------------------------------------------------------------------
# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>
# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system. {proxyarp,noproxyarp}
#proxyarp
# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
#login
# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
# Two Servers can be remotely configured
#ms-dns 192.168.1.1
#ms-dns 192.168.1.2
# Specify which WINS Servers the incoming connection Win95 or WinNT should use
#ms-wins 192.168.1.50
#ms-wins 192.168.1.51
so weit so gut jetzt bin ich also ab in die shell
122:~ # pptpd -f
hab die sache gestarte es passiert noch nichts. Ich versuche zu conneten über einen WinXP PRO Rechner, linux giebt mir aus:
/usr/sbin/pppd: This system lacks kernel support for PPP. This could be becausethe PPP kernel module could not be loaded, or because PPP was not
included in the kernel configuration. If PPP was included as a
module, try `/sbin/modprobe -v ppp'. If that fails, check that
ppp.o exists in /lib/modules/`uname -r`/net.
See README.linux file in the ppp distribution for more details.
und Windoof meint: Fehler 619 Ein unbekannter Fehler ist aufgetreten ( wenigstens giebt es zu das es keinen plan hat).
Ok ganz so suchfaul war ich dann doch nicht und hab mich etwas umgeschaut
und siehe da es giebt da was "MPPE/MPPC kernel module for Linux" MPPE/MPPC (http://www.polbox.com/h/hs001/#AEN55) hab mir die
sache mal angeschaut.
Installation
*
Download kernel patch: linux-2.6.8-mppe-mppc-1.1.patch.gz or linux-2.4.27-mppe-mppc-1.1.patch.gz,
*
Download pppd-2.4.2,
*
Download pppd patch: ppp-2.4.2-mppe-mppc-1.1.patch.gz (recommended) or ppp-2.4.2-stdopt-mppe-mppc-1.1.patch.gz,
*
Apply patches to the kernel and pppd,
*
Do eg. "make menuconfig". In "Network device support" choose "PPP (point-to-point protocol) support" and then mark "Microsoft PPP compression/encryption (MPPC/MPPE)"; for version 1.0-test1 or higher you will have also mark SHA1 and RC4 algorithms in CryptoAPI's configuration menu,
*
Compile kernel and pppd,
*
If you have compiled MPPE/MPPC as module, add to your /etc/modules.conf following line (Note that in ancient versions module's binary was called ppp_mppe.o):
alias ppp-compress-18 ppp_mppe_mppc
Gut das mit der installation von pppd-2.4.2 hab ich noch hinbekommen aber wie ich die beiden patches zu installieren habe kein plan und am kernel rumzupfuschen ohne nen plan zu haben ist auch nicht grad toll. Wär echt super wenn ihr mir hierbei n bischen hielfestellung geben könntet.
Danke schon mal im voraus.
Meine configuration:
/etc/pptpd.conf
speed 115200
option /etc/ppp/options
debug
localip 192.168.0.234
remoteip 192.168.0.235-238
#ipxnets 00001000-00001FFF
#listen 192.168.0.1
pidfile /var/run/pptpd.pid
/etc/ppp/options
# /etc/ppp/options
debug
lock
auth
+chapms-v2
mppe-128
mppe-stateless
#mru 1440
#mtu 1490
#nodetach
#lcp-echo-interval 30
#lcp-echo-failure 4
#lcp-max-configure 60
#lcp-restart 2
#idle 600
# Disable the IPXCP and IPX protocols.
noipx
proxyarp
ms-dns 192.168.0.1
#ms-dns 192.168.1.2
ms-wins 192.168.0.2
#ms-wins 192.168.1.51
/etc/ppp/chap-secrets
test * testpw 192.168.0.236
/etc/ppp/options
# /etc/ppp/options
#
# Not every option is listed here, see man pppd for more details.
# This file is read by the pppd, it is an error when it is not present.
#
# use the following command to see the active options:
# grep -v ^# /etc/ppp/options | grep -v ^$
#
# The name of this server. Often, the FQDN is used here.
#name <host>
# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname
# If no local IP address is given, pppd will use the first IP address
# that belongs to the local hostname. If "noipdefault" is given, this
# is disabled and the peer will have to supply an IP address.
noipdefault
# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local
# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote
# Run the executable or shell command specified after pppd has terminated
# the link. This script could, for example, issue commands to the modem
# to cause it to hang up if hardware modem control signals were not
# available.
# If mgetty is running, it will reset the modem anyway. So there is no need
# to do it here.
#disconnect "chat -- \d+++\d\c OK ath0 OK"
# Increase debugging level (same as -d). The debug output is written
# to syslog LOG_LOCAL2.
#debug
# Enable debugging code in the kernel-level PPP driver. The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n
# noauth means do not require the peer to authenticate itself, this must
# be set if you want to use pppd to connect to the internet. In this case
# *you* must authenicate yourself to the peer(internet provider), so do
# not disable this setting unless you are the dial-in server which where
# the peer has to autenticate to.
noauth
# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
crtscts
# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock
# Use the modem control lines.(is default)
modem
# The opposite: local
#
# Description:
# Don't use the modem control lines. With this
# option, pppd will ignore the state of the CD (Car*
# rier Detect) signal from the modem and will not
# change the state of the DTR (Data Terminal Ready)
# signal.
#
# You need to disable modem and enable local if you want to connect
# to anoter system without using a modem:
#local
# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it. 0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
# To allow pppd to work over a rlogin/telnet connection, ou should escape
# XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".)
#asyncmap 200a0000
asyncmap 0
# needed for some ISDN Terminaladaters, namely ELSA, those seem to have
# problems with asyncmap negotiation, so you can turn off this procedure
# in case your ISDN box has trouble with it, by enabling this option.
# You have to disable the asyncmap <x> option to be sure to have it
# active. If you use wvdial, set the ISDN parameter in /etc/wvdial.conf
# instead.
#default-asyncmap
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data). The value 1492 is for DSL connections (PPP Default -
# PPPoE Header: 1500 - 8 = 1492)
# mru 1492
# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface. The value 1492 is for DSL connections
# (PPP Default - PPPoE Header: 1500 - 8 = 1492)
# mtu 1492
# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0
# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
nodetach
# If this option is given, pppd will send an LCP echo-request frame to
# the peer every n seconds. Under Linux, the echo-request is sent when
# no packets have been received from the peer for n seconds. Normally
# the peer should respond to the echo-request by sending an echo-reply.
# This option can be used with the lcp-echo-failure option to detect
# that the peer is no longer connected.
lcp-echo-interval 30
# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection. Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4
# Send up to 60 LCP configure-request during negotiation. With a value
# of 2 for lcp-restart below, this might take up to 2 minutes.
lcp-max-configure 60
# Resend unanswered LCP requests after 2 seconds.
lcp-restart 2
# Specifies that pppd should disconnect if the link is idle for n seconds.
idle 600
# Specifies the maximal number of attempts to connect to the server. This
# is useful for dial on demand. Default value is 10.
#maxfail 3
# Disable the IPXCP and IPX protocols.
noipx
# In the file /etc/ppp/filters are some active-filter rules. See man pppd
# and man tcpdump for more informations.
file /etc/ppp/filters
#-------------------------------------------------------------------------
# The next two options are only interesting for you if you are admin of
# a system with other users that use ppp, and those users are normally
# never allowed to add default route, or you do not want users to
# replace the default route.
#-------------------------------------------------------------------------
# enable this to prevent users from attempting to add a default route.
# Use this option with caution: If the user needs to use a program like
# wvdial, he will not be able to connect because wvdial forces defaulroute
# but this is rejected by this option and the user will not be able to
# connect to the internet.
#nodefaultroute
# enable this to prevent users from replacing an existing default route.
#noreplacedefaultroute
#-------------------------------------------------------------------------
# All options below only make sense if you configure pppd to be a dial-in
# server, so don't touch these if you want dial into your provider with
# PPP!
#-------------------------------------------------------------------------
# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>
# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system. {proxyarp,noproxyarp}
#proxyarp
# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
#login
# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
# Two Servers can be remotely configured
#ms-dns 192.168.1.1
#ms-dns 192.168.1.2
# Specify which WINS Servers the incoming connection Win95 or WinNT should use
#ms-wins 192.168.1.50
#ms-wins 192.168.1.51
so weit so gut jetzt bin ich also ab in die shell
122:~ # pptpd -f
hab die sache gestarte es passiert noch nichts. Ich versuche zu conneten über einen WinXP PRO Rechner, linux giebt mir aus:
/usr/sbin/pppd: This system lacks kernel support for PPP. This could be becausethe PPP kernel module could not be loaded, or because PPP was not
included in the kernel configuration. If PPP was included as a
module, try `/sbin/modprobe -v ppp'. If that fails, check that
ppp.o exists in /lib/modules/`uname -r`/net.
See README.linux file in the ppp distribution for more details.
und Windoof meint: Fehler 619 Ein unbekannter Fehler ist aufgetreten ( wenigstens giebt es zu das es keinen plan hat).
Ok ganz so suchfaul war ich dann doch nicht und hab mich etwas umgeschaut
und siehe da es giebt da was "MPPE/MPPC kernel module for Linux" MPPE/MPPC (http://www.polbox.com/h/hs001/#AEN55) hab mir die
sache mal angeschaut.
Installation
*
Download kernel patch: linux-2.6.8-mppe-mppc-1.1.patch.gz or linux-2.4.27-mppe-mppc-1.1.patch.gz,
*
Download pppd-2.4.2,
*
Download pppd patch: ppp-2.4.2-mppe-mppc-1.1.patch.gz (recommended) or ppp-2.4.2-stdopt-mppe-mppc-1.1.patch.gz,
*
Apply patches to the kernel and pppd,
*
Do eg. "make menuconfig". In "Network device support" choose "PPP (point-to-point protocol) support" and then mark "Microsoft PPP compression/encryption (MPPC/MPPE)"; for version 1.0-test1 or higher you will have also mark SHA1 and RC4 algorithms in CryptoAPI's configuration menu,
*
Compile kernel and pppd,
*
If you have compiled MPPE/MPPC as module, add to your /etc/modules.conf following line (Note that in ancient versions module's binary was called ppp_mppe.o):
alias ppp-compress-18 ppp_mppe_mppc
Gut das mit der installation von pppd-2.4.2 hab ich noch hinbekommen aber wie ich die beiden patches zu installieren habe kein plan und am kernel rumzupfuschen ohne nen plan zu haben ist auch nicht grad toll. Wär echt super wenn ihr mir hierbei n bischen hielfestellung geben könntet.
Danke schon mal im voraus.