PPP
Is there some way to add it? It is required for some types of VPN software (like PPTP)
4 Replies
Thanks,
-Chris
I tried the kernel version that was specified but pptp still couldn't start ppp because "couldn't set tty to PPP discipline". I think this idicates that ppp doesn't support tty ports in the kernel.
Is there a kernel that allows the pptp sessions.
@mike:
Did you ever get pptp going? I can't for the life of me, clients keep disconnecting with error 619.
I'm not sure of the exact message returned from Windows, but I know a problem I often have is if the user is behind a firewall (could be a personal firewall on the pc as well) that does not allow the GRE protocol, or of course if your VPN server's firewall has it blocked.
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
Most modern soho cable/dsl/etc routers handle this by default, but I have seen some older (a few years) that had to have a new firmware installed, also some hotels and "custom" firewall setups don't allow it. I've seen a soho routers just freak out and quit allowing it, just had to reboot the router to allow GRE through again. And many (maybe all?) NAT setups that only have one external IP won't allow/freak out/just don't work when multiple internal clients try connecting to the same external PPTP VPN.
What does your server logs say? The error messages provided by ms clients are so useless I usually don't even listen to the user read them.
@andyc:
I tried the kernel version that was specified but pptp still couldn't start ppp because "couldn't set tty to PPP discipline". I think this idicates that ppp doesn't support tty ports in the kernel.
Is there a kernel that allows the pptp sessions.
What version of ppp are you using?
Just some notes from my experiences setting up vpn servers using poptop:
you won't be able to use encryption (mppe) without compiling your kernel for it.
windows likes to provide a domain with the username, if your server logs show "domain\user" there is a patch to ppp that will strip out the domain section.
There were a lot of little tweaks and patches I had to learn to get a good linux PPTP server setup. But since I've gotten it working (chapv2, encryption, stripping the domain out of usernames, and some others I've probably forgot) I haven't seen a problem that wasn't windows (win9x requires updates) or some silly firewall in three years of using it.
Kenny