[Techtalk] Confused about VPN configuration

Sat Mar 8 22:13:26 EST 2003

I'm trying to set up a VPN and having a little bit of trouble because
I can't seem to locate a How-To that describes the scenario I'm going for.

Here's what I have so far.  I have a working NetBSD firewall, a
working Drake 8.2 box (machine name gargoyle) that is currently my
main network server (DHCP, DNS, etc.) and a second Drake 8.2 box
(machine name eagle) that I'm building as a replacement for gargoyle.
 I installed pptpd-server on eagle from the Mandrake CD.

I changed /etc/pptpd.conf to use the following addresses:

localip 192.168.2.64-73
remoteip 192.168.2.74-83

First question:  Do I have to run a dhcp server on eagle?  I'm not
quite ready to move dhcp from gargoyle to eagle.

Since I've just installed pptpd-server for the first time, I was
thinking I could do some cursory testing from inside my network from a
Doze box.  I'm able to establish the connection and authenticate, but
then I get an error "The server did not assign an IP address".  I have
the following in syslog (everything up to successful authentication
was omitted):

Mar  8 16:01:26 eagle pppd[16608]: CHAP peer authentication succeeded
for test
Mar  8 16:01:26 eagle pppd[16608]: rcvd [CCP ConfReq id=0x5 < 12 06 01
00 00 01>]
Mar  8 16:01:26 eagle pppd[16608]: sent [CCP ConfRej id=0x5 < 12 06 01
00 00 01>]
Mar  8 16:01:26 eagle pppd[16608]: rcvd [IPCP ConfReq id=0x6 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0>
<ms-wins 0.0.0.0>]
Mar  8 16:01:26 eagle pppd[16608]: sent [IPCP ConfRej id=0x6 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0>
<ms-wins 0.0.0.0>]
Mar  8 16:01:26 eagle pppd[16608]: rcvd [IPCP ConfRej id=0x1 <addr
0.0.0.0> <compress VJ 0f 01> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Mar  8 16:01:26 eagle pppd[16608]: sent [IPCP ConfReq id=0x2 <addrs
0.0.0.0 0.0.0.0>]
Mar  8 16:01:26 eagle pppd[16608]: rcvd [CCP ConfRej id=0x1 <deflate
15> <deflate(old#) 15> <bsd v1 15>]
Mar  8 16:01:26 eagle pppd[16608]: sent [CCP ConfReq id=0x2]
Mar  8 16:01:26 eagle pppd[16608]: rcvd [CCP TermReq id=0x7 0b 5e 7a
cd 00 3c cd 74 00 00 02 dc]
Mar  8 16:01:26 eagle pppd[16608]: sent [CCP TermAck id=0x7]
Mar  8 16:01:26 eagle pppd[16608]: rcvd [IPCP ConfReq id=0x8 <addr
0.0.0.0>]
Mar  8 16:01:26 eagle pppd[16608]: sent [IPCP ConfRej id=0x8 <addr
0.0.0.0>]
Mar  8 16:01:26 eagle pppd[16608]: rcvd [IPCP ConfRej id=0x2 <addrs
0.0.0.0 0.0.0.0>]
Mar  8 16:01:26 eagle pppd[16608]: sent [IPCP ConfReq id=0x3]
Mar  8 16:01:26 eagle pppd[16608]: rcvd [IPCP TermReq id=0x9 0b 5e 7a
cd 00 3c cd 74 00 00 02 e2]
Mar  8 16:01:26 eagle pppd[16608]: sent [IPCP TermAck id=0x9]
Mar  8 16:01:26 eagle pppd[16608]: Modem hangup
Mar  8 16:01:26 eagle pppd[16608]: Connection terminated.
Mar  8 16:01:26 eagle pppd[16608]: Connect time 0.1 minutes.
Mar  8 16:01:26 eagle pppd[16608]: Sent 127 bytes, received 143 bytes.
Mar  8 16:01:26 eagle pptpd[16607]: GRE: read error: Bad file descriptor
Mar  8 16:01:26 eagle pptpd[16607]: CTRL: PTY read or GRE write failed
(pty,gre)=(-1,-1)
Mar  8 16:01:26 eagle pptpd[16607]: CTRL: Client 192.168.2.254 control
connection finished
Mar  8 16:01:26 eagle pppd[16608]: Exit.
Mar  8 16:01:26 eagle /etc/hotplug/net.agent: NET unregister event not
supported

I know I don't have an address range conflict -- gargoyle only assigns
addresses in the range 192.168.2.129-254.

So, the second question is:  is it possible to test the VPN from
inside the network?  Or do I have to come in from the outside?

Third question:  Do I have to run some form of NAT on eagle just for
the VPN?

Fourth question:  Can someone give me a clue as to what I may
have done wrong?  Or, point me to a How-To that describes a
configuration for pptpd-server that doesn't include running a firewall
on the same machine?  I think I'm very confused about what's required
for VPN operations vs. what's required for the firewall operations
being handled elsewhere.

-- 
Brenda
http://opensource.theotherbell.com

_______________________________________________
Techtalk mailing list
Techtalk at linuxchix.org
http://mailman.linuxchix.org/mailman/listinfo/techtalk