vpn connection

Place to discuss Fedora and/or Red Hat
Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

vpn connection

Post by Master of Reality » Thu Mar 09, 2006 8:42 am

So i am trying to connect to my schools vpn connection on Fedora Core 4. I can connect fine in SuSE.

So what i had to do was, recompile to the newest kernel with the correct ppp modules and such (same as i did on suse). Then I tried copying the config files (/etc/ppp) from suse, but it didnt work. So i went through configuring it the same as i did in suse using my schools instructions. (I can post them if it would help).

Anyway, i know my network card is up and running fine, it works with the wireless network fine. But when i run 'pppd call StudentsNetwork' like i would on suse, it doesnt output anything. In suse it outputs some stuff about being connected and such.

Any ideas, or should i post the conf file or something?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Mar 09, 2006 10:15 am

Hmmm, this doesn't sound like a VPN connection to me. At least you didn't mention any VPN protocol. Are you sure this isn't just a regular dialup PPP connection? Yes, the instructions would probably be helpful although I haven't had to use ppp/chap/etc in quite some time.

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Tue Mar 14, 2006 7:09 am

Here are the linux instructions.They are held on a webpage that is accessible over the wireless network without being connected to the VPN. Also the downloads needed are on the schools server.

I dont really know how VPN works with linux much, so i pretty much just followed the instructions exactly. I think in suse i also might have used YaST to setup a VPN after i followed the instructions. (I used YaST to setup a DSL thing through pptp with my login name and password. Which I was told to do by some website saying SuSE had the easiest VPN setup)
Linux (Tested On Slackware 9.0):
Latest downloads available at http://prdownloads.sourceforge.net/pptpclient/.
Linux kernel 2.4.21 available here.

1) Install PPP with the MPPE update (ppp-2.4.2_cvs_20021120.tar.gz).
Next, execute the kernel update script with the command 'mppeinstall.sh /usr/src/linux' (located in the linux/mppe directory).
2) Rebuild your kernel now and make sure to enable (best to put right in the kernel) the following under Network Device Support:
- PPP (point-to-point protocol) support
- PPP support for async serial ports
- PPP support for sync tty ports
- PPP Deflate compression
- PPP BSD-Compress compression
- PPP MPPE compression (encryption) !!!! THIS MUST BE COMPILED AS A MODULE !!!!
- PPP over Ethernet

3) Reboot and load your new kernel, ensure that PPP and the MPPE module exist, and load properly (try 'modprobe ppp_mppe', should produce a kernel taint warning but still load successfully).

4) Check for MPPE support in pppd by running "strings `which pppd`|grep -i mppe|wc --lines", the result should be around 38, a 0 indicates no MPPE support. If not present, recheck your PPP installation!

5) Install the PPTP client (pptp-linux-1.3.1.tar.gz) from source if it is not already installed.

6) Download the basic PPTP client (pptp-linux-1.1.0-1.tar.gz) from http://prdownloads.sourceforge.net/pptpclient/, unpack it and copy:
- pptp-command program to /usr/sbin
- options.pptp to /etc/ppp
** Modify the options.pptp file as follows:
- Comment out the mppe-40, mppe-128 and mppe-stateless lines
- Insert the following lines underneath those just commented out:
- require-mppe
- nomppe-stateful
- refuse-pap
- refuse-chap

7) Create a directory to store your PPTP configuration: /etc/ppp/peers.

8) Configure the PPTP connection:
- Configure the PPTP tunnel by running pptp-command and select the following:
- 3.) setup
- 4.) Add a NEW PPTP Tunnel
- 1.) Other
- RCCStudentsNetwork
- 10.100.0.1
- students\\my.username
- PPTP
- 8.) Quit
- Edit the /etc/ppp/peers/RCCStudentsNetwork file and add in the line below the line 'remotename PPTP':
pty "pptp 10.100.0.1 --nolaunchpppd"

9) Configure your CHAP-SECRETS file with the pptp-command script:
- 3.) setup
- 1.) Manage CHAP secrets
- 2.) Add a New CHAP secret
- students\\my.username
- PPTP
- Enter your password here
- 4.) Quit
- 8.) Quit

10) Make pptp setuid root with the command: chmod u+s `which pptp`

11) Test your new PPTP tunnel by running: 'pppd call RCCStudentsNetwork dump debug logfd 2 nodetach'.... This should spit a bunch of information out to the screen, if successful you will get result from 'ifconfig ppp0'

12) You can now start the VPN connection whenever/however you like (startup script perhaps?) by executing the two following commands:
- pppd call RCCStudentsNetwork
- route add default gw 10.100.100.10

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Mar 14, 2006 12:27 pm

Ah yes, PPTP. Unfortunately I only have experience IPSEC (OpenSWAN and hardware based) and SSL VPNs (Harware based and OpenVPN (OenVPN kicks ass)). However, if it works on SUSE it surely can be made to work on Fedora. At which step in the instructions do things start going wrong?

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Tue Mar 14, 2006 1:52 pm

thats the thing, they all work fine, no errors. I run pppd call RCCStudentsNetwork like i would in SuSE, but nothing happens. No errors, no output at all.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Mar 14, 2006 4:02 pm

Even when you add this to your pppd command line "dump debug logfd 2 nodetach"? Are you doing this as root? Do you have the chat script in /etc/ppp/peers named RCCStudentsNetwork?

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Wed Mar 15, 2006 6:54 am

when i add the 'dump debug logfd 2 nodetach' it outputs some stuff, saying its sending and recieving things. Then it sends something like 7 times and says:
LCP: Timeout sending config-requests
connection terminated.

Would OpenVPN or something work for this instead.. I think(not positive) the VPN is run by a Microsoft server.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Mar 15, 2006 9:10 am

There is a big diagnostic section on that pptp client web site, even mentions that error message:

http://pptpclient.sourceforge.net/howto-diagnosis.phtml

No, you could not use OpenVPN as a client to a PPTP server. Two completely different technologies.

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Wed Mar 15, 2006 10:44 am

I'm thinking the firewall on fedora is blocking the GRE responces, i'll try turning off my firewall, but how would i go about letting it through.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Mar 15, 2006 12:07 pm

It would be easy to check that (service iptables stop). If that is indeed what is causing the problem then I normally add the appropriate iptables rules to /etc/sysconfig/iptables.

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Thu Mar 16, 2006 9:22 am

After looking at the tcpdump and seeing nothing clarifying, I looked again at the pppd output and realized it said 'no auth possible'. So i looked at my chap-secrets file, and fedora had apparently added a couple lines to it that were incorrect, so i commented them out and it works fine now.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Mar 16, 2006 9:56 am

Cool!

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Sun Apr 02, 2006 1:09 pm

More of a kernel question pertaining to this...

Would the current kernel configuration be shown if i went into the /usr/src/kernels/<kernel that FC5 installed>/ and run make xconfig.

If so... then i am missing the BSD-Compress Compression. Is there some way to just build this module without recompiling the whole kernel?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sun Apr 02, 2006 2:16 pm

Try this:
http://fedora.redhat.com/docs/release-n ... #id3098172

Here are the two files you need:
http://voidmain.is-a-geek.net/files/bsd_comp/

You should only need the "kernel-devel" package installed.
NOTE: I got the bsd_comp.c from the latest kernel source (2.6.16-1.2080_FC5).

Once you get the module built copy the bsd_comp.ko to:

/lib/modules/`uname -r`/kernel/drivers/net

Then "depmod -a". Now the module should load when called.

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Sun Apr 02, 2006 3:16 pm

Thanks, Seems to work.

By the way, the latest kernel is now 2.6.16-1.2084 :p

Post Reply