Thread: Poptop pptpd
View Single Post
  #1   (View Single Post)  
Old 26th May 2011
dcvtss dcvtss is offline
New User
 
Join Date: May 2011
Posts: 1
Post Poptop pptpd

Hi all I'm having some issues with getting poptop to work and I think I have it narrowed down to proxyarp but am stuck now. The setup is I'm using OpenBSD 4.8 as a firewall/router/dns/dhcp/vpn system and am trying to connect via Windows XP built in vpn client to poptop 1.34 on my openbsd box. I can connect fine and ping the openbsd box but can't ping any of the other hosts on the remote network. I ran a tcpdump on the LAN interface of my OpenBSD box filtering on the host I am trying to ping and see it make an arp request for the MAC of the IP of my remote client tunnel address and never receive a response. If I manually add an entry to the arp table for the tunnel ip with a MAC of my OpenBSD box's LAN interface everything works.

Before anyone responds, I am well aware of the inherent limitations of PPTP and that it is not the most secure solution, but in MY situation it is an acceptable trade off to not have to install 3rd party VPN client software on the remote clients or manage a PKI.

Does anyone have any ideas? Do I need to write ip-up and ip-down scripts to add the arp entries? The following are the contents of my configuration files.


pptpd.conf
Code:
option /etc/ppp/options

noipparam

remoteip xxx.xxx.xxx.201-210
pidfile /var/run/pptpd.pid


options
Code:
lock
auth
usehostname
proxyarp
+MSChap-V2 mppe-128 mppe-stateless


ppp.conf
Code:
loop:

      set timeout 0

      set log phase chat connect lcp ipcp command

      set device localhost:pptp

      set dial

      set login

      set mppe * stateful

      # Server (local) IP address, Range for Clients, and Netmask

      # Use the same IP addresses you specified in /etc/pppd.conf :

      set ifaddr xxx.xxx.xxx.200 xxx.xxx.xxx.201-xxx.xxx.xxx.210 255.255.255.255

      set server /tmp/loop "" 0177

loop-in:

     set timeout 0

     set log phase lcp ipcp command

     allow mode direct

pptp:

     load loop

     # Disable unsecured auth

     disable pap

     disable chap

     enable mschapv2

     disable deflate pred1

     deny deflate pred1

     disable ipv6

     accept mppe

     enable proxy

     accept dns

     # DNS Servers to assign client

     # Use your own DNS server IP address :

     set dns xxx.xxx.xxx.1



     # NetBIOS/WINS Servers to assign client

     # Use your own WINS server IP address :

     set nbns xxx.xxx.xxx.1

     set device !/etc/ppp/secure
Reply With Quote