PoPToP HOWTO/FAQ ---------------- Last Updated: 19991104 Send changes to: Matthew Ramsay HOWTO/FAQ mostly compiled from PoPToP help pages and the PoPToP Mailing List (hosted by Christopher Schulte) by Matthew Ramsay. Contributions from Steve Rhodes, Michael Walter Emir Toktar. Contents -------- 1.0 Introduction 1.1 About PoPToP 1.2 Credits 2.0 System Requirements 3.0 PPP with MSCHAPv2/MPPE Installation 4.0 PoPToP Installation 6.0 FAQ 1.0 Introduction ---------------- 1.1 About PoPToP PoPToP is the PPTP Server solution for Linux. PoPToP allows Linux servers to function seamlessly in the PPTP VPN environment. This enables administrators to leverage the considerable benefits of both Microsoft and Linux. The current pre-release version supports Windows 95/98/NT/2000 PPTP clients and PPTP Linux clients. PoPToP is free GNU software. PoPToP Home Page: http://www.moretonbay.com/vpn/pptp.html 1.2 Credits PoPToP was originally started by Matthew Ramsay under the control of Moreton Bay Ventures (http://www.moretonbay.com). Around March 1999 PoPToP was publicly released under the GNU GPL by Moreton Bay. PoPToP is what it is today due to the help of a number of intelligent and experienced hackers. More specifically Kevin Thayer, David Luyer and Peter Galbavy. More contributors to PoPToP (in various forms) include Allan Clark, Seth Vidal, Harald Vogt, Ron O'Hara and Chris Wong. And finally, credit to all the PoPToP followers who test and report problems. 2.0 System Requirements ----------------------- 1. A modern Linux distribution (such as Debian, Red Hat, etc.) with a recent kernel (2.2.x recommended, 2.0.x should be ok). Note: ports exist for Solaris, BSD and others but are not supported in this HOWTO at this time. 2. PPP 2.3.8 (and the MSCHAPv2/MPPE patch if you want enhanced Microsoft compatible authentication and encryption). 3. PoPToP v1.0.0 (or download the latest release at: http://www.moretonbay.com/vpn/download_pptp.html 3.0 PPP (and MSCHAPv2/MPPE) Installation -------------------------------------- It is only necessary to use PPP 2.3.8 if you want Microsoft compatible MSCHAPv2/MPPE authentication and encryption. The reason for this is that the MSCHAPv2/MPPE patch currently supplied (19990813) is against PPP 2.3.8. If you don't need Microsoft compatible authentication/encryption any 2.3.x PPP source will be fine. (Update: There is now a MSCHAPv2/MPPE patch for ppp-2.3.10). 4.0 PoPToP Installation ----------------------- Follow these instructions to install PoPToP: 1. Grab the latest version of PoPToP (v1.0.0 as of 19991001) (http://www.moretonbay.com/vpn/download_pptp.html) 2. You will need to be root to install and run PoPToP. 3a. If you downloaded the PoPToP v1.0.0 tarball (and stored it in /usr/local/src/) follow these instructions: [cd /usr/local/src/] [tar zxvf pptpd-1.0.0.tgz] [cd pptpd-1.0.0] [./configure] [make] [make install] 3b. If you downloaded the PoPToP RPM (pptpd-1.0.0-1.i386.rpm as of 19991001) follow these instructions: [rpm --install pptpd-1.0.0-1.i386.rpm] 4. Note: PoPToP's binaries are located in /usr/local/sbin. PoPToP goes looking for its binaries in that directory! So if they are not there it won't work! Check that there is 'pptpd' and 'pptpctrl' in /usr/local/sbin/ now. 5. If you want to enable debugging follow these steps: Change directory to /etc/ and open up syslog.conf. Add the line: daemon.debug /var/log/pptpd.log Kill off the current syslogd and start a new one: [killall syslogd] [/usr/sbin/syslogd] 6. Make sure the following files exist and look similar to: /etc/ppp/options debug name servername auth require-chap proxyarp /etc/pptpd.conf speed 115200 localip 192.168.0.234-238 remoteip 192.168.1.234-238 /etc/ppp/chap-secrets billy servername bob * 7. You are now ready to launch PoPToP. If you want to launch PoPToP now: [/usr/local/sbin/pptpd] Note: If you can't connect for some reason open up /var/log/pptpd.log and search for any error messages. If that doesn't help read the FAQ (below) or as a last resort send a message to the mailing list. Emboldened by my success, I set out to turn on MS authentication and encryption, and this is where the fun started. AUTHENTICATION AND ENCRYPTION This is an area where Microsoft really shows its true colors. Turning on password and data encryption on the Win98 VPN server configuration was quite the eye opening experience. First with the authentication, you will have to go through a somewhat difficult compilation of the ppp-2.3.8 package. The worst part here is getting all the pieces together, namely the rc4 files. This process is well documented in this archive, so I won't go into it here. The next realization is that Microsoft prepends the domain name to the user name when submitting the login credentials. For example, srhodes is now DBNET\\srhodes. If that wasn't bad enough, I found that the domain wasn't even the one I was logged into. My best guess is that the first domain that the computer ever logs into is stuck with it for ever. This is a real problem if you have multiple domains that you log into. I modified the pppd.c code to strip out the domain on MSCHAP logins, but you can just set the user name in chap-secrets to match the windows version. Then I spent a whole day trying to figure out why data encryption does not work. I tried just about everything I could think of that could be wrong. That's when I discovered this archive, for which I am truly grateful. It turns out that the Win98 implementation of encryption is FUBAR! You have to download one of those patches from Microsoft, DUN40.exe to get the thing to work. This is for 40 bit encryption. Don't hold your breath waiting for 128 bit. ftp://ftp.microsoft.com/softlib/mslfiles/dun40.exe Q&A I have a pptp server set up on my office LAN. I can connect to the server and ping to it fine, but I can't ping any other hosts on the office subnet. I have ip-forwarding turned on and I have proxyarp set in the ppp/options file. What can be wrong? There seem to be a lot of questions floating around about routing and masq'ing associated with this issue. Well, my curiosity got the best of me, so I thought I would check this out. Shown below is my test setup for investigating this problem. 192.168.8.142 192.168.56.10 192.168.56.11 192.168.56.12 ________ _______ ______ _____ | | | | | | | | | client |------->| fire |-------->| pptp |----->| host | | | | wall | | srvr | | | |________| |_______| |______| |______| H H H 192.168.8.10 H H H H===================================H 192.168.5.12 pptp connection 192.168.5.11 For the sake of simplicity, we will ignore address translation issues associated with the firewall. This assumes that the client at 192.168.8.142 is going to use 192.168.56.11 as its target address for the pptp connection to pptp_srvr. The firewall will block all access to the 192.168.56.0 subnet except for pptp connections associated with pptp_srvr. This can be implemented with ipchains ipchains -P input DENY ipchains -P forward DENY ipchains -A input 192.168.56.0/24 -j ACCEPT /* allow connections from inside */ ipchains -A input -p tcp -d 192.168.56.11 1723 -j ACCEPT ipchains -A input -p 47 -d 192.168.56.11 -j ACCEPT ipchains -A forward -p tcp -d 192.168.56.11 1723 -j ACCEPT ipchains -A forward -p tcp -s 192.168.56.11 1723 -j ACCEPT ipchains -A forward -p 47 -d 192.168.56.11 -j ACCEPT ipchains -A forward -p 47 -s 192.168.56.11 -j ACCEPT When you connect from client to pptp_srvr, you will be able to complete the connection and ping to pptp_srvr. However, if you attempt to ping host, at 192.168.56.12, this will fail. A clue to this problem can be found in the /var/tmp/messages file on pptp_srvr. There, in the pppd messages, you will find Cannot determine ethernet address for proxy ARP This is due to an issue with the pppd program, which attempts to find a hardware interface on the subnet to which the pppd client has been assigned. In this case its looking for a hardware interface on the 192.168.5.0 subnet. It will fail to find one, and will drop the proxyarp request. The simplest way around this problem, and the one that is suggested in the pppd documentation, is to set the pppd client IP assignment to be on the local subnet. An example in this case might be 192.168.56.129. However, it may not be possible to do that. In the case of a fully loaded subnet, there may not be any addresses to spare. Or there may be some security issues with giving out local subnet addresses. What to do? The place to look is in the arp table. If you run tcpdump on host (192.168.56.12) during the time when client is pinging, you will see unanswered arp requests from host attempting to find the hardware address for 192.168.5.12. You need to proxy the hardware address of the pptp_srvr for client in order for this request to be fulfilled. This is the job of proxyarp. However, proxyarp has let us down in this instance, and we need to find a workaround. This can be done manually using the arp command on pptp_srvr. For example, if the hardware address of the ethernet card on pptp_srvr is 00:60:08:98:14:14, you could force the arp to proxy the client pptp address by saying arp --set 192.168.5.12 00:60:08:98:14:13 pub You should now be able to ping from client to host through the pptp connection. This can be a problem, however, in a dynamic environment when clients are logging into and out of the pptp server on a continuous basis. One way around this problem is to write a script that will execute upon the initiation of each ppp connection. The place to do this is in /etc/ppp/ip-up. This script is executed each time a new ppp connection is started. It gets some variables passed into it, one of which is the assigned IP address of the client. Note that RedHat systems use ip-up.local as the place for you to make the script. Don't forget to chmod +x ! #! /bin/bash REMOTE_IP_ADDRESS=$5 date > /var/run/ppp.up echo "REMOTE_IP_ADDRESS = " $REMOTE_IP_ADDRESS >> /var/run/ppp.up arp --set $REMOTE_IP_ADDRESS 00:60:08:98:14:14 pub >> /var/run/ppp.up exit 0 This should put you in business for accessing the remote subnet under this scenario. I am a little bit concerned, however, because I also built a script ip-down.local, that should remove the arp proxy when client disconnected. It doesn't seem to do anything, however, and if I try to delete the arp entry manually, it just spits out a cryptic error message. The arp entries remain persistent, as far as I can tell. If this is a problem or not, I don't know. The next few clients that log in are treated well, so I guess its OK. **************************************************************************** Q. Also, after running pptpd and monitoring its log file and seeing that it failed to open ttyp1 - I chmod +rw /dev/ttyp[0-9] and it seemed to work somewhat. But, after I rebooted, I had to do this again. Is this normal? A. pptpd should be running as root (unless you have a system with a setuid openpty() helper, which isn't very common). If it fails to open a pty/tty pair as root then that is probably because it is in use. Other programs which use pty/tty's will change their permissions back to the standard ones. **************************************************************************** Q. sometimes when I make a connection to my pptpd server I see a message like Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-21 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-26 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-24 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-21 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-26 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-24 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-26 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-24 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-21 in /var/log/messages on the server. Any idea what I can do about it? A. yeah, in your /lib/modules//net/ directory, there should be files called bsd_comp.o and ppp_deflate.o.. insmod those files and you'll be good to go. **************************************************************************** Q. Hi, I'm having trouble getting pptpd & mschap-v2 to work. I downloaded all of the patches and compiled everything but whenever i try to connect from my win98 machine, it says: Error 691: The computer you have dialed in to has denied access because the username and/or password is invalid on the domain. What is this suppose to mean? A. Error 691 is an authentication problem probably due to the fact that MS chap uses the domain name and username combo to authenticate. If you look at the logs you will probably see a message saying that MS chap is trying to authenticate user "domain\\username". I got it to work by putting the full domain and user string in the client portion of the chap-secrets file. # Secrets for authentication using CHAP # client server secret IP addresses workgroup\\user server password * If anyone knows how to get it to default to a particular domain, I would like to know. **************************************************************************** Q. how do I go about checking who is logged in via tunnel? I need some way of writing the pppd data to wtmp/utmp. (and not sessreg either) does anyone know of any way of doing this via ppp? A. pppd syslogs everything to /var/log/messages (that's the default on my box anyways) and it will say something like : pppd[15450]: CHAP peer authentication succeeded for you could do a tail /var/log/messages -n2000 | grep CHAP if you wanted to see who has been logging in. other than that, there's not much i know of. all the authentication is provided by pppd (if you don't have an auth or a require-chap (or pap, etc.) option, it doesn't even ask for a username. **************************************************************************** Q. My NT client won't connect! A. Try taking header and software compression off. **************************************************************************** Q. PPTP *client* stops working. A. go to /var/run/pptp/ and look for a socket named x.x.x.x delete it and try it again. **************************************************************************** Q. How many clients does PoPToP support? A. The limits under Linux are: per-process filedescriptors - one per client (would limit clients to 256 by default, or 1024 with kernel recompile, or more with major libc/kernel hackery) - no relevant limit ttys - currently, with a standard kernel, 256 clients - with Unix98 ptys and a small amount of coding, 2048 ppp devices - no limit in kernel source for ppp - limit of 100 in dev_alloc_name() in 2.2.x for(i=0;i<100;i++) { sprintf(dev->name,name,i); if(dev_get(dev->name)==NULL) return i; } best fix is probably to keep a static int ppp_maxdev so you don't end up doing 2000 dev_get's to allocated the 2001'th device. processes - 2 per client plus system processes - standard kernel max = 512 processes, ie 256 clients - i386 max = 4096 processes, ie 2048 clients So it seems that 2048 will be the limit, if you fix a few things and with a minor kernel mod (I could do all of these pretty easily and send you a trivial kernel patch). To go above 2048 the easiest approach would be to combine pptpctrl and pppd in one process, which would get you to 4096. Beyond there, you need to go for a select() based model, which would be significant coding effort and require large fd-set sizes and so on. So 4096 is the practical limit, and 2048 the easy limit. **************************************************************************** Q. What authentication methods (PAP/CHAP) does PoPToP work with? A. PoPToP uses whatever authentication methods your PPPd provides (usually PAP and CHAP). With PPPd patches you can get MSCHAP and MSCHAPv2 authentication as well. **************************************************************************** Q. When running PoPToP I get the following error: Jun 11 08:29:04 server pptpd[4875]: MGR: No more free connection slots! What does this mean? A. I'd say at a guess you've only configured one IP address and you have connected a client, and as such there are no more free connection slots should any more clients wish to connect. **************************************************************************** Q. Does PoPToP suffer from the same security flaws (http://www.counterpane.com/pptp.html) as the Windows NT PPTP server? A. An initial look at the article suggests that what the authors hammered was not the PPTP protocol, but the authentication that the PPTP VPN servers on NT offered access to via open internet. PPTP seems initially to be just the path to the weakness, not the weakness itself. Part of their observance of weakness deals with use of poor passwords as well, a cheap component, simple enough to fix. > While no flaws were found in PPTP itself, several serious flaws were > found in the Microsoft implementation of it. > (http://www.counterpane.com/pptp-pressrel.html) The authors do not specifically say "this is ONLY effective against NT", just that NT is affected. This implies that they do not recognize PoPToP, and it may be included. The fact that PoPToP has to interOp with MS DUN's VPN client means that it will have the same weaknesses. It can only protect itself from DoS attacks, have immediate response to out-of-sequence packets or illogical packets, etc. The protocol is not considered weak in this analysis, but the weaknesses have to be replicated in apparent behavior by PoPToP. The only thing the developers can do with PoPToP is make it a stronger server per se -- more able to handle the attacks when the come. In conclusion: PoPToP suffers the same security vulnerabilities as the NT sever (this is because it operates with Windows clients). Update: MSCHAPv2 has been released and addresses some of the security issues. PoPToP works with MSCHAPv2. **************************************************************************** Q. Does PoPToP support data encryption? A. Yes.. with appropriate PPPd patches. Patches are available for PPPd to provide Microsoft compatible RC4 data encryption. The PPPd patch supports 40 and 128 bit RC4 encryption. **************************************************************************** Q. PoPToP or IPsec? Which is better suited to my needs? A. 1. The difference between PoPToP and IPsec is that PoPToP is ready NOW.. and requires *no* third party software on the Windows client end (Windows comes with a free PPTP client that is trivial to set up). 2. PoPToP is a completely *free* solution. Update: Unfortunately not true for Mac *clients* though. The Mac client software is around $400 US a copy. 3. PoPToP can be integrated with the latest PPPD patches that take advantage of MSCHAPv2 and MPPE (Microsoft encryption using RC4 - 40/128 bits). More details follow from Emir Toktar: (Refs: A Comprehensive Guide to Virtual Private Networks, IBM. Virtual Private Networking: An Overview White Paper - DRAFT, 3/18/98 Microsoft.) Neither network layer-based (L2TP, PPTP,...) nor application layer-based (IPSec,SSL,SSH) security techniques are the best choice for all situations. There will be trade-offs. Network layer security protects the information created by upper layer protocols, but it requires that IPSec be implemented in the communications stack. With network layer security, there is no need to modify existing upper layer applications. On the other hand, if security features are already imbedded within a given application, then the data for that specific application will be protected while it is in transit, even in the absence of network layer security. Therefore security functions must be imbedded on a per-application basis. There are still other considerations: Authentication is provided only for the identity of tunnel endpoints, but not for each individual packet that flows inside the tunnel. This can expose the tunnel to man-in-the-middle and spoofing attacks. Network layer security gives blanket protection, but this may not be as fine-grained as would be desired for a given application. It protects all traffic and is transparent to users and applications. Network layer security does not provide protection once the datagram has arrived at its destination host. That is, it is vulnerable to attack within the upper layers of the protocol stack at the destination machine. Application layer security can protect the information that has been generated within the upper layers of the stack, but it offers no protection against several common network layer attacks while the datagram is in transit. For example, a datagram in transit would be vulnerable to spoofing attacks against its source or destination address. Application layer security is more intelligent (as it knows the application) but also more complex and slower. IPSec provides for tunnel authentication, while PPTP does not. Layer 2 tunneling protocols inherit the user authentication schemes of PPP, including the EAP methods discussed below. Many Layer 3 tunneling schemes assume that the endpoints were well known (and authenticated) before the tunnel was established. An exception to this is IPSec ISAKMP negotiation, which provides mutual authentication of the tunnel endpoints. (Note that most IPSec implementations support machine-based certificates only, rather than user certificates. As a result, any user with access to one of the endpoint machines can use the tunnel. This potential security weakness can be eliminated when IPSec is paired with a Layer 2 protocol such as L2TP. Using the Extensible Authentication Protocol (EAP), Layer 2 tunneling protocols can support a wide variety of authentication methods, including one-time passwords, cryptographic calculators, and smart cards. Layer 3 tunneling protocols (IPSec) can use similar methods; for example, IPSec defines public key certificate authentication in its ISAKMP/Oakley negotiation. Layer 2 tunneling supports dynamic assignment of client addresses based on the Network Control Protocol (NCP) negotiation mechanism. Generally, Layer 3 tunneling schemes assume that an address has already been assigned prior to initiation of the tunnel. Schemes for assignment of addresses in IPSec tunnel mode are currently under development and are not yet available. Layer 2 tunneling protocols support PPP-based compression schemes. For example, the Microsoft implementations of both PPTP and L2TP use Microsoft Point-to-Point Compression (MPPC). The IETF is investigating similar mechanisms (such as IP Compression) for the Layer 3 tunneling protocols. Layer 2 tunneling protocols support PPP-based data encryption mechanisms. Microsoft's implementation of PPTP supports optional use of Microsoft Point-to-Point Encryption (MPPE), based on the RSA/RC4 algorithm. Layer 3 tunneling protocols can use similar methods; for example, IPSec defines several optional data encryption methods which are negotiated during the ISAKMP/Oakley exchange. MPPE, a Layer 2 protocol, relies on the initial key generated during user authentication, and then refreshes it periodically. IPSec, explicitly negotiates a common key during the ISAKMP exchange, and also refreshes it periodically. Layer 2 tunneling supports multiple payload protocols, which makes it easy for tunneling clients to access their corporate networks using IP, IPX, NetBEUI, and so forth. In contrast, Layer 3 tunneling protocols, such as IPSec tunnel mode, typically support only target networks that use the IP protocol. IPSec is not multi-protocol. IPSec will be suported by Windows 2000. Many cases can occur, each of which needs to be examined on its own merit. It may be desirable to employ a mix of both network layer security techniques and application layer techniques to achieve the desired overall level of protection. For example, you could use an upper layer mechanism such as Secure Sockets Layer (SSL) to encrypt upper layer data. SSL could then be supplemented with IPSec's AH protocol at the network layer to provide per-packet data origin authentication and protection against spoofing attacks. **************************************************************************** Q. I get a 'createHostSocket: Address already in use' error! what gives? A. Address already in use in createHostSocket means something is already using TCP port 1723 - maybe another pptp daemon is running? **************************************************************************** Q. Does PoPToP work with Windows 2000 clients? A. PoPToP v0.9.5 and above should work with Windows 2000 clients. ****************************************************************************