Re: npppd - changing clients' route table

On 2021-09-12, Radek wrote: > Sorry for the late reply, adding ":framed-ip-netmask=255.255.255.0:" doesn't > solve the problem. Tested on Win10. framed-ip-netmask controls addition of the route on the npppd machine, not the client. You only use it if you have multiple addresse

Re: npppd - changing clients' route table

which terminate the tunnel has "192.168.4.254". > >> Right? > > Do you mean the other end of the tunnel? It is 10.109.4.254 > > interface pppx0 address 10.109.4.254 ipcp IPCP > > Sorry, "192.168.4.244" should have been "10.109.4.254". > &

Re: npppd(8) and PROXY_AUTHEN_CHALLENGE bad length with Juniper

61. > > Also what I said > >> It's for CHAP or MSCHAPv1. If MD5 is selected for PPP CHAP, the > >> challenge length for CHAP is 16 octet. The challenge for MSCHAPv1 is > >> also 8 octet, but npppd doesn't support MSCHAv1 anyway. So 24 must be > >> enough

Re: npppd(8) and PROXY_AUTHEN_CHALLENGE bad length with Juniper

t;> challenge length for CHAP is 16 octet. The challenge for MSCHAPv1 is >> also 8 octet, but npppd doesn't support MSCHAv1 anyway. So 24 must be >> enough for RFC 2661. is false. Length of callenge is "independent of the hash algorithm". In RFC 1994 (PPP CHAP): |

Re: npppd(8) and PROXY_AUTHEN_CHALLENGE bad length with Juniper

ork-around, so misc it is. > > > > This is done with OpenBSD 6.8-stable, syspatch 001 through 012 installed. > > We considered trying -current, but noticed no activity in the npppd tree > > that might make a difference. > > > > 'old' and 'new' equipment types from upstr

Re: npppd(8) and PROXY_AUTHEN_CHALLENGE bad length with Juniper

around, so misc it is. > > This is done with OpenBSD 6.8-stable, syspatch 001 through 012 installed. > We considered trying -current, but noticed no activity in the npppd tree > that might make a difference. > > 'old' and 'new' equipment types from upstream are both Juniper, though >

npppd(8) and PROXY_AUTHEN_CHALLENGE bad length with Juniper

012 installed. We considered trying -current, but noticed no activity in the npppd tree that might make a difference. 'old' and 'new' equipment types from upstream are both Juniper, though unsure of exact models. Old should be Juniper ERX of some type, new I only know this from packet capture

Re: npppd - changing clients' route table

4" should have been "10.109.4.254". >> How about if you configure the npppd-users >> >> rdk: >> :password=pasword:\ >> :framed-ip-address=10.109.4.254:\ >> :framed-ip-netmask=255.255.255.0: >> >> The server (npppd) will conf

Fw: Re: npppd - changing clients' route table

Hello, > The interface which terminate the tunnel has "192.168.4.254". > Right? Do you mean the other end of the tunnel? It is 10.109.4.254 interface pppx0 address 10.109.4.254 ipcp IPCP > How about if you configure the npppd-users > > rdk: > :password=pasw

Re: npppd - changing clients' route table

Hello, On Sat, 20 Feb 2021 21:14:24 +0100 Radek wrote: > I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw > 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254. > If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes via >

npppd - changing clients' route table

Hi, I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254. If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes via 10.109.4.254 client> route print Network Destination Netmask Gate

Re: npppd - problem with simultaneous sessions

> > > >> It seems that only last person can use the tunnel. This reminds me > >> problems through NAT. > > True. Can it be caused by wrong PF rules? > > > >> Both sessions seem to be connected from A.B.C.D. Are the clients > >> behind a NAT? &g

Re: npppd - problem with simultaneous sessions

nts behind a NAT? Yes, both client are behind the same router/NAT. I have a 66/i386 box running npppd on producion and my two clients can be connected the same time flawlessly. How about the npppd side? Does the client directly connect to > tunnel L2TP protocol l2tp { > listen on X.Y

Re: npppd - problem with simultaneous sessions

66/i386 box running npppd on producion and my two clients can be connected the same time flawlessly. > How about the npppd side? Does the client directly connect to > > > tunnel L2TP protocol l2tp { > > listen on X.Y.Z.13 > > } > > X.Y.Z.13 ? Or a NAT i

Re: npppd - problem with simultaneous sessions

Hi, On Wed, 6 Jan 2021 21:33:49 +0100 Radek wrote: I have a box with relatively fresh install of 68/amd64, fully syspatched. There is a npppd server running on it. The problem is that I can have only one nppp session at one time. If the second vpn user connects the box, the first nppp

npppd - problem with simultaneous sessions

Hi @misc, I have a box with relatively fresh install of 68/amd64, fully syspatched. There is a npppd server running on it. The problem is that I can have only one nppp session at one time. If the second vpn user connects the box, the first nppp session hangs/drops. I probably have missed

Re: npppd failed enable pipex: Invalid argument

On Mon, 17 Aug 2020 00:36:35 +0300 Vitaliy Makkoveev wrote: > Hello Marko. > > Can I propose you to try upcoming 6.8? We moved pppac(4) and pppx(4) > output processing out of kernel lock. pppx(4) output is still > serialised by netlock, but I hope we'll made it per-cpu before 6.8 > release. >

Re: npppd failed enable pipex: Invalid argument

m 6.6 to 6.7, and (sys)patched >>> it to 017_dix. Everything works great except my npppd setup. It >>> starts fine, but upon connecting over pptp I get the following >>> records in log: >>> (...) >>> Aug 4 15:48:48 nat2 npppd[66557]: ppp id=0 layer=bas

Re: npppd failed enable pipex: Invalid argument

> > On 4 Aug 2020, at 17:04, Marko Cupać wrote: > > > > Hi, > > > > I have recently upgraded (actually installed from scratch and copied > > config files) one of my firewalls from 6.6 to 6.7, and (sys)patched > > it to 017_dix. Everything works great

npppd failed enable pipex: Invalid argument

Hi, I have recently upgraded (actually installed from scratch and copied config files) one of my firewalls from 6.6 to 6.7, and (sys)patched it to 017_dix. Everything works great except my npppd setup. It starts fine, but upon connecting over pptp I get the following records in log: Aug 4 15:48

Re: npppd failed enable pipex: Invalid argument

> On 4 Aug 2020, at 17:04, Marko Cupać wrote: > > Hi, > > I have recently upgraded (actually installed from scratch and copied > config files) one of my firewalls from 6.6 to 6.7, and (sys)patched it > to 017_dix. Everything works great except my npppd setup. It st

npppd docs for tun change to pppac

Hi, I just updated my system from 6.6 (old current) to 6.7 (current) which went through fine. I realized that the npppd setup I had stopped working. Something that threw me off in the man pages was the lingering reference to the old tun interface which has since been reworked to pppac

Re: npppd pptp hangs

t; You have pipex(4) disabled. Is it still hangs with disabled > > > > pipex(4)? As I discovered > > > > (https://marc.info/?t=15852997681=1=2), npppd with pipex(4) > > > > enabled and non-NULL "idle-timeout" option will crash kernel. You > > &

Re: npppd pptp hangs

c.info/?t=158529976800001=1=2), npppd with pipex(4) > enabled and non-NULL "idle-timeout" option will crash kernel. You > can disable this option in yout npppd.conf an reenable pipex(4). > Looks like crashes should gone. And don't use pppac(4) with pipex enabled, use pppx(4). Crash you r

Re: npppd pptp hangs

On Mon, 30 Mar 2020 14:33:46 +0300 Vitaliy Makkoveev wrote: > On Mon, Mar 30, 2020 at 02:28:08PM +0300, Vitaliy Makkoveev wrote: > > You have pipex(4) disabled. Is it still hangs with disabled > > pipex(4)? As I discovered > > (https://marc.info/?t=15852997681=1=2

Re: npppd pptp hangs

On Mon, Mar 30, 2020 at 02:28:08PM +0300, Vitaliy Makkoveev wrote: > You have pipex(4) disabled. Is it still hangs with disabled pipex(4)? > As I discovered (https://marc.info/?t=15852997681=1=2), npppd > with pipex(4) enabled and non-NULL "idle-timeout" option will cras

Re: npppd pptp hangs

On Mon, Mar 30, 2020 at 12:47:13PM +0200, Marko Cupać wrote: > On Sat, 28 Mar 2020 01:46:41 +0300 > Vitaliy Makkoveev wrote: > > > Can you try latest snapshot? > > Unfortunately, the box that runs npppd is the most important machine on > my network (GRE/IPsec hub for mul

Re: npppd pptp hangs

On Sat, 28 Mar 2020 01:46:41 +0300 Vitaliy Makkoveev wrote: > Can you try latest snapshot? Unfortunately, the box that runs npppd is the most important machine on my network (GRE/IPsec hub for multiple branch offices), I can't take the risk. > Can you share your npppd.conf? Below,

Re: npppd pptp hangs

can do to avoid future hangs? > > I got another hang, this time killing npppd process crashed complete OS > (sorry for photo, I don't have serial console set up): > > https://oblak.mimar.rs/index.php/s/Cc9J745jH93RK6j > > At the time when npppd wouldn't accept new connec

Re: npppd pptp hangs

On Tue, 24 Mar 2020 09:34:09 +0100 Marko Cupać wrote: > On Tue, 24 Mar 2020 07:13:27 +1000 > Stuart Longland wrote: > > > On 23/3/20 10:26 pm, Marko Cupać wrote: > > > Anything I can do to avoid future hangs? I got another hang, this time killing npppd process cr

Re: npppd pptp hangs

s a win-win situation - I get eternal fame and glory on the Internet, and list readers get copy/paste howto set up npppd pptp server with RADIUS authentication. Could come handy in this "end of days" situation where everyone works remotely :D https://www.mimar.rs/blog/how-to-set-up-

Re: npppd pptp hangs

On 23/3/20 10:26 pm, Marko Cupać wrote: > Anything I can do to avoid future hangs? Whilst probably not the answer you're looking for: moving away from PPTP would be a good start. The MSCHAPv2 authentication used in PPTP is vulnerable to dictionary attacks and the RC4 cipher used in MPPE (the

npppd pptp hangs

Hi, my npppd pptp server has recently got increase from ~20 to >200 concurrent users. So far it worked flawlessly for years, but before few minutes it become unresponsive. It stopped logging at one point (I have log redirected to its own file, /var/log/npppd). npppctl also hanged, return

Re: NPPPD Server behind a firewall

do not disagree. I just need to move an existing NPPPD to behind a firewall in the short term that serves several iPads and Windows PCs. Once I have the move done, I want to move expand to IKEv2. I was also under the impression that IKEv2 was faster. The IPsec side should be ok as long

Re: NPPPD Server behind a firewall

>> There are ways to make even Windows clients use actual crypto with IPsec if >> needed, though last I checked it could not be done from the GUI but required >> powershell commands. (I don't have a URL handy, sorry, but this information >> wasn't very hard to find when I needed it.) > > Thanks. I

Re: NPPPD Server behind a firewall

ayer. Check debug logs from isakmpd, check ipsectl -sa, etc. OK. I suspect getting IPsec SAs going with both peers behind NAT is tricky. I agree. See my subsequent post where I replaced 'egress' above with the external IP (of the subsequently NAT'd npppd server). Closer. But not quite there. Thanks - Damian

Re: NPPPD Server behind a firewall

\ psk "MYSECRET" and restarted isakmpd and reloaded ipsec.conf. On the inside of the NPPPD server, the only errors I get are isakmpd[46608]: attribute_unacceptable: GROUP_DESCRIPTION: got ECP_384, expected MODP_2048 isakmpd[46608]: attribute_unacceptable: GROUP_DESCRIPTIO

Re: NPPPD Server behind a firewall

ctl -sa, etc. I suspect getting IPsec SAs going with both peers behind NAT is tricky. I believe it should be possile in theory but I cannot confirm whether our implementation can do this easily. It will certainly involve UDP traffic since AH/ESP cannot pass through NAT. If your IPsec SAs already work for o

NPPPD Server behind a firewall

I have a L2TP NPPPD server machine with IP $L2TP sitting behind an OpenBSD firewall, say FIRET. 'T' for temporary because it will move. $L2TP is an externally routable IP. $Ext, the external interface of FIRET, allows traffic into $L2TP. A snippet of pf.conf is begin snippet-0 ipsecIN

Re: npppd and vpn connections on the same network

h them soon. -- View this message in context: http://openbsd-archive.7691.n7.nabble.com/npppd-and-vpn-connections-on-the-same-network-tp260921p321119.html Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: npppd troubles

slate from internal to External NET > >> pass out on em0 inet from em1:network to any nat-to (em0) > > > > You're using NAT when passing out on em0 here, and... > > > >> external = em0 > > > >> pass out quick on $external from 10.0.0.103/32 to an

Re: npppd troubles

m0) > > You're using NAT when passing out on em0 here, and... > >> external = em0 > >> pass out quick on $external from 10.0.0.103/32 to any > > ... my guess is that you're missing 'nat-to ($external)' here ^ > Thanks - is there a way to exclude the npppd users from t

Re: npppd troubles

On Thu, Nov 03, 2016 at 03:17:40PM -0400, Marina Brown wrote: > Hi All: > > I have been trying to create an nppp connection across my property - > about 100M for one of my friends who lives here. He wants less security > than i like behind my firewall. I have not been able to get OpenBSD to >

npppd troubles

-a OpenBSD bernie.mesh.local 6.0 GENERIC.MP#2319 amd64 - # $OpenBSD: npppd.conf,v 1.2 2014/03/22 04:32:39 yasuoka Exp $ # sample npppd configuration file. see npppd.conf(5) tunnel L2TP protocol l2tp tunnel PPTP protocol pptp tunnel PPPOE protocol pppoe { listen on interface

npppd dies, posiibly due to lost route to radius server

Hi, I have two active/passive CARPed boxes of 5.9 with latest errata patches which serve as NAT firewalls, but also as pptp servers, which authenticate users from Microsoft's implementation of radius server (NPS). In last two weeks, I had three occurrences of npppd going down. Last 32650

Re: L2TP/IPSec via npppd won't work with Android 5.x

Hi Renaud and the lists, Did you tried to use iked/ikev2 for android (+5.x) client? I checked my note3 is support ikev2 psk/rsa, I want to setup my home OpenBSD router act as vpn/nat router for my note3, Thanks. Renaud Allard allard.it> writes: > > > I can't get android to connect with modp >

Re: L2TP/IPSec via npppd won't work with Android 5.x

56" enc "aes-256" group "modp1024" \ >> quick auth "hmac-sha2-s256" enc "aes-256" group "modp1024" \ >> psk "redacted" > It creates an IPSEC SA and flow as shown by ipsecctl -s all, but npppd > never see

Re: L2TP/IPSec via npppd won't work with Android 6.0.1

Thank you! I will try this. I have confirmed it wasn't due to last year's OpenBSD 5.7 to 5.8 upgrade as I built a VM with 5.7 using same settings and get exactly the same behavior. This was triple confirmed by being able to connect with iOS on an iPhone, Windows 10, Chromebook (with md5 hmacs

Re: L2TP/IPSec via npppd won't work with Android 6.0.1

On Wed, Mar 30, 2016 at 8:18 AM, YASUOKA Masahiko wrote: > On Tue, 29 Mar 2016 11:37:14 +0200 > Mattieu Baptiste wrote: >> On Tue, Mar 29, 2016 at 5:43 AM, Sly Midnight wrote: >>> I don't mean to bring up an old thread, but I was

Re: L2TP/IPSec via npppd won't work with Android 6.0.1

On Tue, 29 Mar 2016 11:37:14 +0200 Mattieu Baptiste wrote: > On Tue, Mar 29, 2016 at 5:43 AM, Sly Midnight wrote: >> I don't mean to bring up an old thread, but I was wondering if anyone >> else was experiencing issues with OpenBSD 5.8 and Android

Re: L2TP/IPSec via npppd won't work with Android 6.0.1

On Tue, Mar 29, 2016 at 5:43 AM, Sly Midnight wrote: > Hello, > > I don't mean to bring up an old thread, but I was wondering if anyone > else was experiencing issues with OpenBSD 5.8 and Android 6.0.1 > (preferably the version on the Nexus line of devices) connecting to >

L2TP/IPSec via npppd won't work with Android 6.0.1

oup "modp1024" \ > psk "redacted" It creates an IPSEC SA and flow as shown by ipsecctl -s all, but npppd never sees a connection attempt and tcpdumping enc0 shows no traffic and ultimately the connection fails. If I modify it to hmac-md5, aes, modp2048 I can get m

Re: L2TP/IPSec via npppd won't work with Android 5.x

roup "modp1024" \ > psk "redacted" It creates an IPSEC SA and flow as shown by ipsecctl -s all, but npppd never sees a connection attempt and tcpdumping enc0 shows no traffic and ultimately the connection fails. If I modify it to hmac-md5, aes, modp2048 I can get my Ch

Re: L2TP/IPSec via npppd won't work with Android 5.x

' didn't make a chage.(after `ipsecctl -f /etc/ipsec.conf`) Hi, the following config worked for me when I was using it (with npppd) last year (dumped it since I couldn't find a way to use it with iOS and Android at the same time): /etc/ipsec.conf public_ip = "x.y.z.a" ike passive esp trans

Re: L2TP/IPSec via npppd won't work with Android 5.x

Hi, On Mon, 22 Feb 2016 00:26:11 +0800 Jiahao Dai wrote: > I am a new openBSD user and I found it's extramly difficult to setup a > L2TP/IPSec(IKEv1) Road Warrior server to getting work with Android devices. > > I followed the tutorial here Configuring L2TP Over IPSec on

L2TP/IPSec via npppd won't work with Android 5.x

Hi, everyone: I am a new openBSD user and I found it's extramly difficult to setup a L2TP/IPSec(IKEv1) Road Warrior server to getting work with Android devices. I followed the tutorial here Configuring L2TP Over IPSec on OpenBSD for Mac OS X Clients [1], deployed on fresh openBSD 5.8 and found

Re: npppd pppx0 VPN Client can access wan but cannot access lan

> I'm, running OpenBSD 5.8, npppd, mpath and have tried the same on 5.7 and 5.3. > npppd is works fine and clients can connect using windows pptp client. > The Client has the pptp connection set as default gateway and can > access the internet through the vpn gateway but cannot ac

Re: npppd pppx0 VPN Client can access wan but cannot access lan

Hi, On Sat, 19 Dec 2015 01:11:40 - "torsten" <tors...@cnc-london.net> wrote: > I'm, running OpenBSD 5.8, npppd, mpath and have tried the same on 5.7 and 5.3. > npppd is works fine and clients can connect using windows pptp client. > The Client has the pptp connecti

Re: npppd pppx0 VPN Client can access wan but cannot access lan

Hi Is there anyone who can help to resolve the problem i have with pppx, tun and tap using npppd and openVPN not forwarding traffic to ingress but egress works fine. It was my first post to the list and if there is any info or further details required just ask, I would appreciate any help or hints

Re: npppd pppx0 VPN Client can access wan but cannot access lan

On Sat, 19 Dec 2015 01:11:40 - "torsten" <tors...@cnc-london.net> wrote: > I'm, running OpenBSD 5.8, npppd, mpath and have tried the same on 5.7 and 5.3. > npppd is works fine and clients can connect using windows pptp client. > The Client has the pptp connection set a

npppd pppx0 VPN Client can access wan but cannot access lan

Hi I'm, running OpenBSD 5.8, npppd, mpath and have tried the same on 5.7 and 5.3. npppd is works fine and clients can connect using windows pptp client. The Client has the pptp connection set as default gateway and can access the internet through the vpn gateway but cannot access the LAN network

Re: npppd and pf

Hi Imre Thanks for your reply. I successfully translated your wiki. Your notes were very helpful. Manually adding an entry for proxy arp does seem to make the VPN work. Is this really the best solution for this issue though ? I would have to add an arp entry for every IP assigned by npppd

npppd and pf

I'm adding more functionality to my firewall (OpenBSD 5.7) and have been trying to configure PPTP VPN access for my Windows users. I have got npppd running using the config below and can successfully authenticate and establish a connection. I am able to connect to the VPN from a windows PC

Re: npppd and pf

Hi! I must apologize i didt read thru your text attentiatively but i believe it is because of arp. Although i am just an user of npppd i run it already for some time and i think it works very well. Here are my notes, see if there are some use for them, hope Google translates it, http

Questions about l2tp/IPsec with npppd on OpenBSD

Hi, I have a l2tp/IPsec VPN working on OpenBSD 5.6 with npppd. I have a couple of questions about npppd 1) How come it's not possible to the address assigned to a CARP interface on the OpenBSD host Here's what's logged when I try to connect using the IP address assigned to the CARP interface

Re: L2TP using Npppd and IPsec

, on another hand I am reading man pages for npppd and ipsec on 5.7 and Giovanni's slides from two years ago http://www.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd for the talk he gave at BSDCan IIRC. I don't need to use RADIUS just a local authentication database. It is in the base

Re: L2TP using Npppd and IPsec

, with Windows, Mac, Linux and OpenBSD clients connecting. Very easy to configure (linux being the exception :p). You only need to change npppd.conf, npppd-users and ipsec.conf and you are in business. I wrote an up-to-date guide on how to do it, let me know if you want a copy. Caveats... yes. I'm

Re: L2TP using Npppd and IPsec

, npppd-users and ipsec.conf and you are in business. I wrote an up-to-date guide on how to do it, let me know if you want a copy. Caveats... yes. I'm currently seeing issues with some clients (might be a client software issue) sending multiple connect requests. I also got a very

Re: L2TP using Npppd and IPsec

similar setup in production? Any caveats? Any other advises before I take a plunge. Yes I am, with Windows, Mac, Linux and OpenBSD clients connecting. Very easy to configure (linux being the exception :p). You only need to change npppd.conf, npppd-users and ipsec.conf and you are in business

L2TP using Npppd and IPsec

am not a Windows uses but it seems that it should be trivial to setup client side https://www.hideipvpn.com/2010/03/howto-windows-7-ipsecl2tp-vpn-setup-tutorial/ and avoid customer service requests, on another hand I am reading man pages for npppd and ipsec on 5.7 and Giovanni's slides from two

problem with configuration npppd/ipsec for road warrior

Hi, i looking for a simple setup for npppd/ipsec for road warriors. We have some clients (road warriors) with dynamic ip-adresses connecting to a gateway by L2TP (macosx/ios/windows). Client (road warriors) -- GATEWAY -- Internet I just looking for a simple configuration for our openbsd5.4

two npppd users access different subnets behind openbsd firewall from their win7 workstations

Hi! I have used very basic npppd setup for some years and it works for me alright, thanks! (From Windows 7 workstations.) It seems now i need to set up more complicated configuration. Say that firewall has three network interfaces re0 - public internet re1 - internal network one

npppd and vpn connections on the same network

Hi! Is it possible to setup npppd so that the clients are on the same network as the local network behind the router/firewall? The only setups I've seen have the clients on a seperate network. -- chs

Re: npppd and vpn connections on the same network

Yes. But there is a bug with Windows clients. See http://marc.info/?l=openbsd-miscm=141627574522930w=2 On Mon, 1 Dec 2014 12:42:41 +0100 Christer Solskogen christer.solsko...@gmail.com wrote: Hi! Is it possible to setup npppd so that the clients are on the same network as the local

Re: npppd and vpn connections on the same network

I had this set up for an Android and an OSX client. Ignore the networks part and configure the connections for the end points. I took the npppd assigned IPs out of my DHCP range. My problems, though: Needed a specific npppd config for each client. Username, assigned IP, whatever else goes

Re: npppd and vpn connections on the same network

On Mon, 1 Dec 2014 11:38:31 -0500 trondd tro...@gmail.com wrote: I had this set up for an Android and an OSX client. Ignore the networks part and configure the connections for the end points. I took the npppd assigned IPs out of my DHCP range. I think I misunderstood your question. You want

Re: npppd ipsec port 500 INVALID_MESSAGE_ID

, 2014, at 5:51 PM, mishve...@rambler.ru wrote: I have OpenBSD 5.4 amd64. I install npppd and configure IPSec(l2tp + password). LAN 192.168.1.1/255.255.255.0 WAN(ISP NET; Connect by MAC ddress) 10.0.0.1/255.0.0.0 ISP GET ME GLOBAL IP SERVER1-Openbsd - 1.2.3.4 WIN 2003 SERVER2 IP - 9.8.7.6 WIN

Re: npppd ipsec port 500 INVALID_MESSAGE_ID

On Oct 4, 2014, at 5:51 PM, mishve...@rambler.ru wrote: I have OpenBSD 5.4 amd64. I install npppd and configure IPSec(l2tp + password). LAN 192.168.1.1/255.255.255.0 WAN(ISP NET; Connect by MAC ddress) 10.0.0.1/255.0.0.0 ISP GET ME GLOBAL IP SERVER1-Openbsd - 1.2.3.4 WIN 2003

Both PPTP and L2TP on npppd?

I’m running a L2TP server using npppd on OpenBSD 5.5. Is it possible to run both PPTP and L2TP using npppd? I tried to append a tunnel for pptp in default configuration then my L2TP could not work. Best regards

Re: npppd Ipsec L2TP mtu issues.

On Mon, 15 Sep 2014 20:22:25 +0200 Jens Hansen jensh...@gmail.com wrote: Thank you for your response. I've investegated a little further, I see the following in /var/log/messages on the l2tp npppd server: l2tpd ctrl=1 timeout waiting ack for hello packets. l2tpd ctrl=1 call=28732 logtype

Re: npppd Ipsec L2TP mtu issues.

Thank you for your response. I've investegated a little further, I see the following in /var/log/messages on the l2tp npppd server: l2tpd ctrl=1 timeout waiting ack for hello packets. l2tpd ctrl=1 call=28732 logtype=PPPUnbind The client reports that the tunnel went down.. does this indidacte

Re: npppd Ipsec L2TP mtu issues.

Hi, On Sun, 7 Sep 2014 21:00:31 +0200 Jens Hansen jensh...@gmail.com wrote: I can successfully connect to my opensbsd 5.5. isakmpd / npppd IPSEC L2TP vpn setup. But (not knowing too much about netwoking) i think i'm having a mtu problem. I can do low volume traffic fine, but transmitting

npppd Ipsec L2TP mtu issues.

Hello list. I can successfully connect to my opensbsd 5.5. isakmpd / npppd IPSEC L2TP vpn setup. But (not knowing too much about netwoking) i think i'm having a mtu problem. I can do low volume traffic fine, but transmitting larger files stalls. I've tried as per suggested by others around

npppd advice

DNS. I'd really like to upgrade to 5.6/-current, but for my connection to work, I either have to abandon some features (MLPPP) with kernel-mode pppoe, or go with something completely new, like npppd. I've briefly read the man pages, but before I go investing too much time, and possibly going

Re: npppd advice

On 2014-08-03, Scott McEachern sc...@blackstaff.ca wrote: I'd really like to upgrade to 5.6/-current, but for my connection to work, I either have to abandon some features (MLPPP) with kernel-mode pppoe, or go with something completely new, like npppd. Not currently possible, npppd is server

Re: npppd advice

On 08/03/14 14:42, Stuart Henderson wrote: On 2014-08-03, Scott McEachern sc...@blackstaff.ca wrote: I'd really like to upgrade to 5.6/-current, but for my connection to work, I either have to abandon some features (MLPPP) with kernel-mode pppoe, or go with something completely new, like npppd

Re: npppd advice

npppd. Not currently possible, npppd is server-side only and doesn't do MLPPP (or IPV6CP). That's what I was afraid of. Theo, is there any chance of putting userland ppp back in? I'm sure I'm not the only person out there that needs that specific functionality to stay online

IPSec w/ and w/o npppd for road warriors

managed to use npppd for L2TP (iOS and OS X clients) by using: ike passive esp transport proto udp \ from pppoe0 (10.17.19.0/24) to any port 1701 \ main auth hmac-sha1 enc 3des group modp1024 \ quick auth hmac-sha1 enc aes group none \ psk ... on the office gateway's /etc/ipsec.conf

Re: npppd security

On Wed, 28 May 2014 22:04:34 +0300 Mike Jackson m...@netauth.com wrote: If npppd tunnel listen address can't be changed and l2tp-ipsec-require isn't supported, You can change the listen address by npppd.conf: tunnel L2TP protocol l2tp { listen on xxx.xxx.xxx.xxx } l2tp-ipsec-require

Re: npppd security

version of npppd(8) does not support adding or removing tunnel settings or changing listener settings (listen address, port and l2tp-ipsec-require). -- l2tp-ipsec-require isn't supported yet, but we can refuse L2TP without IPsec packerts by pf. So, would this be the best way to do

Re: pipex and npppd syslog

On 27.05.2014 23:13, Stefan Sieg wrote: On 27.05.2014 20:03, Marko Cupać wrote: Hi, I have relatively busy npppd pptp server, and it logs a lot of output into /var/log/messages. How can I move npppd and pipex log messages into separate file? Thank you in advance, -- Marko

Re: pipex and npppd syslog

On Tue, 27 May 2014 20:03:54 +0200 Marko Cupać marko.cu...@mimar.rs wrote: I have relatively busy npppd pptp server, and it logs a lot of output into /var/log/messages. How can I move npppd and pipex log messages into separate file? As far as syslog.conf(5), you can use !!npppd

npppd security

Hi, I'm running 5.5 release, all patches applied. I have a few questions about npppd running in combination with isakmpd. If npppd tunnel listen address can't be changed and l2tp-ipsec-require isn't supported, then how is one supposed to secure the npppd service from dictionary attacks

pipex and npppd syslog

Hi, I have relatively busy npppd pptp server, and it logs a lot of output into /var/log/messages. How can I move npppd and pipex log messages into separate file? Thank you in advance, -- Marko Cupać

Re: npppd with two pppx interfaces causes kernel panic

On Thu, Mar 20, 2014 at 01:43:59PM +0900, YASUOKA Masahiko wrote: On Wed, 19 Mar 2014 21:05:35 -0700 Paul B. Henson hen...@acm.org wrote: On Thu, Mar 20, 2014 at 10:22:51AM +0900, YASUOKA Masahiko wrote: pppx will be fixed. Great :). This is a known bug then? It's new for me. I had

Re: npppd with two pppx interfaces causes kernel panic

From: YASUOKA Masahiko Sent: Wednesday, March 19, 2014 9:44 PM Should I just keep an eye on the changelog for mention of pppx changes to tell when it's safe to try again? Sorry I cannot understand the point of this question. Sorry to be confusing; I switched to tun because of this bug,

Re: npppd with two pppx interfaces causes kernel panic

From: Jonathan Gray Sent: Thursday, March 20, 2014 3:36 AM The following diff prevents the panic here: Interesting, given the XXX, it seems somebody was already a little suspicious of this section :). From a cursory glance, it seems pppx_dev_lookup is supposed to return data about a

npppd can't open /dev/pppx1

I set up an L2TP VPN with npppd recently using pppx, and other than some routing issues with ospfd it works great. I'm trying to add a second VPN connection, but that doesn't seem to work using pppx. With this config: interface pppx0 address 10.128.120.1 ipcp IPCP_admin interface pppx1 address

Re: npppd can't open /dev/pppx1

up in ifconfig for the clients, which I guess led me to believe I didn't have to do anything special to use pppx1 in the npppd config. Thanks, and sorry for the noise. On Wed, Mar 19, 2014 at 02:29:35PM -0700, Paul B. Henson wrote: I set up an L2TP VPN with npppd recently using pppx, and other

npppd with two pppx interfaces causes kernel panic

After successfully setting up an L2TP VPN with npppd and pppx, I tried to add a second VPN subnet with a different authentication base. I was working remotely, and after starting npppd in debug mode: bash-4.2# npppd -d 2014-03-19 14:41:50:NOTICE: Starting npppd pid=32407 version=5.0.0 2014-03-19

  1   2   3   >