DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th May 2011
dcvtss dcvtss is offline
New User
 
Join Date: May 2011
Posts: 1
Thanked 0 Times in 0 Posts
Post Poptop pptpd

Hi all I'm having some issues with getting poptop to work and I think I have it narrowed down to proxyarp but am stuck now. The setup is I'm using OpenBSD 4.8 as a firewall/router/dns/dhcp/vpn system and am trying to connect via Windows XP built in vpn client to poptop 1.34 on my openbsd box. I can connect fine and ping the openbsd box but can't ping any of the other hosts on the remote network. I ran a tcpdump on the LAN interface of my OpenBSD box filtering on the host I am trying to ping and see it make an arp request for the MAC of the IP of my remote client tunnel address and never receive a response. If I manually add an entry to the arp table for the tunnel ip with a MAC of my OpenBSD box's LAN interface everything works.

Before anyone responds, I am well aware of the inherent limitations of PPTP and that it is not the most secure solution, but in MY situation it is an acceptable trade off to not have to install 3rd party VPN client software on the remote clients or manage a PKI.

Does anyone have any ideas? Do I need to write ip-up and ip-down scripts to add the arp entries? The following are the contents of my configuration files.


pptpd.conf
Code:
option /etc/ppp/options

noipparam

remoteip xxx.xxx.xxx.201-210
pidfile /var/run/pptpd.pid


options
Code:
lock
auth
usehostname
proxyarp
+MSChap-V2 mppe-128 mppe-stateless


ppp.conf
Code:
loop:

      set timeout 0

      set log phase chat connect lcp ipcp command

      set device localhost:pptp

      set dial

      set login

      set mppe * stateful

      # Server (local) IP address, Range for Clients, and Netmask

      # Use the same IP addresses you specified in /etc/pppd.conf :

      set ifaddr xxx.xxx.xxx.200 xxx.xxx.xxx.201-xxx.xxx.xxx.210 255.255.255.255

      set server /tmp/loop "" 0177

loop-in:

     set timeout 0

     set log phase lcp ipcp command

     allow mode direct

pptp:

     load loop

     # Disable unsecured auth

     disable pap

     disable chap

     enable mschapv2

     disable deflate pred1

     deny deflate pred1

     disable ipv6

     accept mppe

     enable proxy

     accept dns

     # DNS Servers to assign client

     # Use your own DNS server IP address :

     set dns xxx.xxx.xxx.1



     # NetBIOS/WINS Servers to assign client

     # Use your own WINS server IP address :

     set nbns xxx.xxx.xxx.1

     set device !/etc/ppp/secure
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
poptop - Radioamateur needs help plz oe1ssu OpenBSD Packages and Ports 10 22nd October 2009 05:22 PM
poptop on OpenBSD 4.3 bartman OpenBSD Packages and Ports 15 22nd September 2008 11:18 PM


All times are GMT. The time now is 12:00 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick