Need help configuring VPN and MPPE

Booting, installing, newbie
Message
Author
tempestuous
Posts: 5464
Joined: Fri 10 Jun 2005, 05:12
Location: Australia

#31 Post by tempestuous »

BarryK wrote:#according to some info on RH8.0, need this...
alias ppp-compress-21 off
My tests in Puppy 1.0.7 included the bsd_comp.o module, and PPTPclient certainly loaded this module. I can't say whether this module is definitely required, but various PPTP documentation and snippets of information on the web suggest that is. If so, that line in modules.conf should be

alias ppp-compress-21 bsd_comp

Perhaps some VPN servers use this compression module, some don't?

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#32 Post by BarryK »

tempestuous,
If you're using the standard 1.0.7 or 1.0.8 kernel, it doesn't have bsd_comp,
either as a module or builtin. Ditto for the 2.4.31 kernel used in puppy2.
So, whatever is put into modules.conf is academic.

Kernel config file has this:

# CONFIG_PPP_BSDCOMP is not set
CONFIG_ISDN_PPP_BSDCOMP=m

Interesting, that second one creates module isdn_bsdcomp.o

tempestuous
Posts: 5464
Joined: Fri 10 Jun 2005, 05:12
Location: Australia

#33 Post by tempestuous »

At the same time that I patched and configured the kernel to enable the ppp_mppe_mppc module, I also enabled -
"PPP BSD-Compress compression" (CONFIG_PPP_BSDCOMP)
"SHA1 digest algorithm" (CONFIG_CRYPTO_SHA1) and
"ARC4 cipher algorithm" (CONFIG_CRYPTO_ARC4)

All of these new modules are contained in my mppe-mppc-modules.tar.gz package I posted earlier in this thread.
I then added this package to Puppy 1.0.7 for testing with Foxti's PPTP-VPN test account.

Foxti
Posts: 19
Joined: Sat 04 Mar 2006, 19:35
Location: Indiana
Contact:

More Info

#34 Post by Foxti »

Barry,

I tested vpn the way you have it set up in your .config file and it works fine for connecting to my MS servers and it works fine with cisco and also red hat server however when I tryed to hook to a free BSD server and a fedora server it would not connect I uncommented the line for BSD compress and both then worked
I have set mine up exactly as tempestuous had in his instructions and it worked with everything I tryed to connect to including an IBM AS400. from further research (and boy do you have to search) I found that the BSD-Compress is only for really old versions of Linux servers and should have been patched out long ago, but some people still use it. The SHA1 many be needed for some cisco systems. I did not need it but that is not to say that some one else will not need it.
The arch4 chipper is for some Micro Soft systems however I have not seen where yet

Dean

Foxti
Posts: 19
Joined: Sat 04 Mar 2006, 19:35
Location: Indiana
Contact:

To Clarify for mppe users

#35 Post by Foxti »

Create /etc/ppp/peers/Myvpnaccount1 and add this -
pty "pptp 123.456.789.01 --nolaunchpppd"
name fredflintstone
mtu 1490
mru 1490
remotename pptpd
require-mschap
file /etc/ppp/options.pptp
ipparam Myvpnaccount1
persist
#require-mppe-128 ## I got an error message from this, so deleted it. Maybe it depends on the server?
These are the Commands that should be used in the kernel we are using

Usage

By default pppd tries to negotiate MPPC and don't negotiate MPPE but will agree if peer wants encryption. If peer supports a few key lengths, according to RFC3078 pppd will choose the strongest one.

mppe suboptions:

required - make MPPE obligatory, disconnect if peer doesn't support MPPE
stateless - try to negotiate stateless mode
no40 - disable 40 bit keys
no56 - disable 56 bit keys
no128 - disable 128 bit keys

Examples:

pppd [options] - try to negotiate MPPC, MPPE is optional

pppd nomppe [options] - try to negotiate MPPC and disable MPPE; peer will disconnect if it requires MPPE

pppd nomppc [options] - disable MPPC; MPPE is optional

pppd mppe required,stateless,no128 [options] - try to negotiate MPPC, require MPPE in stateless mode and disable 128 bit keys; pppd will disconnect if peer doesn't support MPPE

John Doe
Posts: 1681
Joined: Mon 01 Aug 2005, 04:46
Location: Michigan, US

#36 Post by John Doe »

jcoder24 wrote:User john doe managed to get it (done). Unfortunately, he didn't provide any documentation on his success.
Sorry I dropped the ball on this. I just stumbled upon this thread a couple days ago and was so embarrassed (that I hadn't followed up on the previous post I had forgotten about) it took me several days to comment.

I tried to drop some bread crumbs along the way for anyone that was interested. I mentioned this so long ago that I though no one really cared about it except me.

Here is me "owning" a Windows 2003 Server with the march snap shot of puppy2A, a couple config files for my vpn and RDesktop.

There is even a second Blinky icon that pops up in the jwm toolbar (it's a bit covered by the processor graph). In IceWM it shows up ok.
Attachments
PUPPY-MPPE-MPPC-VPN.png
"owning" a Windows 2003 Server with Puppy
(93.35 KiB) Downloaded 1444 times

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#37 Post by BarryK »

That's fine John, it took awhile, but suddenly it has all come together and it all works!
That overlapped Blinky will be fixed soon. It's because that release of Puppy uses an unpatched JWM v1.4.

Foxti
Posts: 19
Joined: Sat 04 Mar 2006, 19:35
Location: Indiana
Contact:

Install both of these in 2.0

#38 Post by Foxti »

Barry,

Add this to 2.0 for great vpn

Dean
Attachments
mppe-mppc-modules[1].tar.gz
modules
(29.73 KiB) Downloaded 355 times

tempestuous
Posts: 5464
Joined: Fri 10 Jun 2005, 05:12
Location: Australia

#39 Post by tempestuous »

Foxti,
These look like the same packages I posted earlier in this thread. These modules will only work with the 2.4.29 kernel in Puppy 1.0.4-1.0.9.

Puppy2 will have the 2.6.16.7 kernel, and Barry has already accommodated MPPE in Puppy2 - see www.puppylinux.com/news.htm Apr 23.

Foxti
Posts: 19
Joined: Sat 04 Mar 2006, 19:35
Location: Indiana
Contact:

Sorry

#40 Post by Foxti »

I posted that after woirking with an earlier version of 2.0 before I noticed he switched to the 2.6.17

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#41 Post by BarryK »

There may be a problem with Pup 2.0, as it still has the same ppp that was patched for the mppe-mppc module, which was a extra module that didn't come with the kernel source.
However, k2.6.16.7 has mppe module. but, I don't know if the patched ppp will work properly with it. May have to go to the ppp home site and investigate if
the ppp source needs a different patch.

vabene06
Posts: 36
Joined: Tue 25 Apr 2006, 20:31

#42 Post by vabene06 »

Hallo,
there is no need to patch the kernel, it works with pptp. I connect to internet via adsl in austria since early puppy-days. The only thing i did was to take the configuration from a working mandrake on my hd. All thing i need are in etc:
+ hosts-file (10.0.0.138 in austria),
+ resolv.conf (nameservers)
+ ld.so.conf and ld.so.cache.
i put it in etc
then i took from my working mandrake etc/ppp:

chap-secrets, papsecrets, options, pptp-options.template, the link to resolv.conf and put it in etc.

than i made a script for starting the connection
ifconfig eth0 (or 1 etc.) 10.0.0.140 netmask 255.255.255.0
and a second for starting pptp
pptp 10.0.0.138.
Then everthing works. I wrote this from the adsl-connection without a patch or something like this.
vabene

John Doe
Posts: 1681
Joined: Mon 01 Aug 2005, 04:46
Location: Michigan, US

#43 Post by John Doe »

BarryK wrote:May have to go to the ppp home site and investigate if
the ppp source needs a different patch.
My Puppy2 MPPE/MPPC observations real quick for thought:

I don't seem to have trouble authenticating or with NAT (I can log into the machine with another computer and see the linux connection in the remote routing and that an IP address is assigned). I add the route to the linux machine's routing table just like before (puppy2 2.4 kernel patched), but then can't ping.

tempestuous
Posts: 5464
Joined: Fri 10 Jun 2005, 05:12
Location: Australia

#44 Post by tempestuous »

BarryK wrote:k2.6.16.7 has mppe module. but, I don't know if the patched ppp will work properly with it.
Barry,
Your suspicion is well-founded. I just saw a report on the web (sorry, lost the link) that the ppp patch not only doesn't help the new in-kernel module, it actually BREAKS compatibility. The new module should work with recent versions of PPP unpatched.
But ... there's a bug with the new module (actually, some other related module I think) - apparently PPTP connections fail after a minute or so.
If you're going to stick with the 2.6.16.7 kernel there's a simple patch to the kernel source to fix the problem here http://marc.theaimsgroup.com/?l=linux-k ... 6465&q=raw
I just tried this patch. It applies without error.
From k2.6.17 this patch is not needed.

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#45 Post by BarryK »

I would like to move up to the latest kernel for v2.02, except that I don't want to
do kernel jumps too often as everyone else has to recompile their kernel modules also -- that is, the guys who have created extra wireless, modem, etc. modules for Puppy 2.00/01.
But, perhaps I shouldn't worry, leave it to them to catch up?

tempestuous
Posts: 5464
Joined: Fri 10 Jun 2005, 05:12
Location: Australia

#46 Post by tempestuous »

Now that you mention the issue of a new kernel, I won't be updating wifi drivers again, because I'm about to take on a job that will consume much more of my time. Can I suggest, perhaps, that the current kernel remain for one more Puppy release, and get these critical fixes for PPTP?
Now that I take a closer look at that patch I mentioned, I think it's for one of the PTYS modules, which is configured within the kernel image. I don't think that a minor kernel change like this should break compatibility with all the extra external modules that have been compiled so far. At least, that was the case with pakt's revised kernel for cpu frequency scaling.
And thinking about it, maybe pakt's changes could be incorporated in the next release, too?

User avatar
rarsa
Posts: 3053
Joined: Sun 29 May 2005, 20:30
Location: Kitchener, Ontario, Canada
Contact:

#47 Post by rarsa »

BarryK wrote:I don't want to do kernel jumps too often as everyone else has to recompile their kernel modules also
Two comments:

a) Kernel 2.6.16 is quite a solid kernel and worth staying with for a while.

b) Idealy we could have a repository of source packages for modules and a "1 click" build process for them.

This would have multiple benefits:
- It will make the packages compliant with their open source license. (You must provide access to the source not just a link to the source)
- All modules would be always current
- If done right, the effort to create the build process would be a fraction of the effort to recompile them all.

Tempestuous and other module packagers:
- Can you host such a repository?
- If not, Could you upload the source for the modules you have packaged to Germanpups ftp hosting site?

Everybody else:
If you know how to automate the build process, please volunteer.

If no one else volunteers and there is enough patience I can either do it or coach someone else doing it.
[url]http://rarsa.blogspot.com[/url] Covering my eclectic thoughts
[url]http://www.kwlug.org/blog/48[/url] Covering my Linux How-to

tempestuous
Posts: 5464
Joined: Fri 10 Jun 2005, 05:12
Location: Australia

#48 Post by tempestuous »

rarsa,
I have no hosting facilities, but I'm happy to provide various source code that I used.
Regarding the wifi drivers, I would make these points:

I have already listed the origin of the various source code in the README's.

The source code I used was the latest available at the time I compiled the Puppy2.0 drivers, but by the time a new Puppy kernel rolls out, this same source is bound to be out of date ... and in some cases, unuseable.
Each new kernel release seems to create a compilation problem for one existing driver or another. The latest linux-wlan-ng drivers, for example, failed to compile against k2.6.16.7 until I found a patch that fixed the problem. Similarly, the stock standard nVidia-7178 graphics modules fail to compile without a patch.

Newer kernels will have a revised "softmac" version of the Linux wifi stack (core wifi modules). This is almost certain to result in some existing external drivers failing to compile.

Some newer wifi drivers (eg. bcm43xx) will become available in-kernel, so their external source code will become redundant.

So, I'm happy to provide this source code, but I think its future usefulness will be limited.
And the "one-click build process" concept is looking very optimistic.

User avatar
rarsa
Posts: 3053
Joined: Sun 29 May 2005, 20:30
Location: Kitchener, Ontario, Canada
Contact:

#49 Post by rarsa »

tempestuous wrote:And the "one-click build process" concept is looking very optimistic.
After your explanation it indeed looks like I'm suffering from rossyvisionitis.

From all the drivers you compiled:

How many have a CDV/Subversion repository for tracking the source?
How many compiled OK for the new kernel?
How much time did you spend finding the fix for those that didn't?

On the one hand I still think that Puppy should stay with the same kernel for a while. On the other hand, I am sure that automating what can be automated is always preferrable even if you don't get to automate 100%.
[url]http://rarsa.blogspot.com[/url] Covering my eclectic thoughts
[url]http://www.kwlug.org/blog/48[/url] Covering my Linux How-to

tempestuous
Posts: 5464
Joined: Fri 10 Jun 2005, 05:12
Location: Australia

#50 Post by tempestuous »

rarsa wrote:How many have a CDV/Subversion repository for tracking the source?
Out of 22 wifi driver/utility packages, just 2: prism54-fullmac and zd1211.
Another 7 packages had CVS repositories.
rarsa wrote:How many compiled OK for the new kernel?
How much time did you spend finding the fix for those that didn't?
4 wifi packages would not compile against the 2.6.16.7 kernel. I found a patch for the linux-wlan-ng driver, contributed by some kind person on the Gentoo forum, but the other 3 drivers (atmelwlandriver, BerliOS at76c503, Lucent-Agere Hermes) still have no fix as yet.

Post Reply