poptop on OpenBSD 4.3
I am having issues connecting from my Mac and XP PPTP clients to my poptop server. They try and connect and are dropped right away. I have a feeling my issue has to do with how I am configuring ppp.
I am running OpenBSD 4.3 and poptop-1.3.0. ( installed using pkg_add)
The OpenBSD box is acting as a firewall/router doing nat with pf. My internal ip address on the OBSD box is 192.168.1.1.
I loosely followed the instructions found here:
However, in part 1 on the top link the author states to remove:
pseudo-device gre # GRE encapsulation interface
Which does not make sense, because PopTop uses gre and when I did remove gre, it gave me the error:
(May 16 18:21:40 cerberus pptpd: PPTPD: failed to allow GRE, errno=42) and would not start pptpd.
Therefore, I recompiled my kernel with gre. I am now able to start pptpd, but I am now receiving a new error when I try to connect:
CTRL: PTY read or GRE write failed (pty,gre)=(7,6)
pptpd: GRE: read(fd=7,buffer=3c0046a0,len=8196) from PTY failed: status = 0 error= No error
In my ppp.log I receive this error:
ppp: Warning: Label ipparam rejected -direct connection: Configuration label not found
Here are my config files.
set timeout 0
set log phase chat connect lcp ipcp command
set device localhostpploop
set mppe * stateful
set ifaddr 192.168.1.2 192.168.1.234-192.168.1.254 255.255.255.255
set server /var/tmp/loop "" 0177
set timeout 0
set log phase lcp ipcp command
allow mode direct
# Disable unsecured auth
disable deflate pred1
deny deflate pred1
set device !/etc/ppp/secure
exec /usr/sbin/ppp -direct loop-in
I can make a successful telnet session to my external IP on port 1723 so it does not look like pf is an issue. However, here is what I am doing in pf.conf.
pass in quick on $ext_if proto tcp from any to $ext_if port = 1723 modulate state
pass in quick on $ext_if proto gre from any to $ext_if keep state
pass out quick on $ext_if proto gre from $ext_if to any keep state
pass in quick log on tun0 all
pass out quick log on tun0 all
pass in quick log on tun1 all
pass out quick log on tun1 all
Any help would be appreciated!
Add "log" argument to ALL your pass and block rules in your pf.conf, run
# pfctl -F all -vf pf.conf
# tcpdump -eni pflog0
Never argue with an idiot. They will bring you down to their level and beat you with experience.
-bash-3.2# tcpdump -eni pflog0
tcpdump: listening on pflog0, link-type PFLOG
I will recompile the kernel to the GENERIC to see if that fixes anything. However, I only took out some unnecessary device drivers, so I am not too certain that will fix anything, but who knows.
...& we follow this same cultural decision here as well. Installing a kernel with the same version number from a mirror would alleviate any remaining questions as to whether customizing is still contributing unexpected behaviors. If & when you do respond again with new information, please provide the output of the following command:
-bash-3.2$ sysctl kern.version
kern.version=OpenBSD 4.3 (GENERIC) #0: Sat May 24 20:54:05 PDT 2008
I recompiled the kernel to be GENERIC and I am seeing the same behavior.
For 3 years 5 months (OpenBSD 3.7 thru OpenBSD 4.2), the poptop port remained unchanged -- poptop 1.1.4b4p1. For 4.3, poptop was updated to 1.3.0, and GRE is automatically enabled at runtime.
Return to a GENERIC kernel, and you can eliminate your custom kernel as a point-of-error.
Disclaimer: I am not a poptop user, I merely read the log for the port's Makefile. Here is a link: http://www.openbsd.org/cgi-bin/cvswe...optop/Makefile
Note: your koychev link is broken.
Try adding a "noipparam" in pptpd.conf.
This link talks more about it, as experienced by one user:
When I run pptpd in the forground using -f I see the error
plugin: Configuration label not found
When I try and connect. From the research that I have done, it suggested that I am missing pptp: in my ppp.conf file. However, I have that section in. I have even tried changing my config files around quite a bit, stripping them of all extra stuff and I am seeing the same errors.
If anyone could provide some insight that would be great. I feel like I am just spinning my wheels and nothing is changing.