poptop - Radioamateur needs help plz

[oe1ssu]

Hello!


I am runing serveral public proxy for echolink radio amateur networks.

Everthing is runing absolut perfect! -> http://www.echolink.org/proxylist.jsp


For security reason i need to setup an easy VPN daemon. Therefore i picked up poptop.


Hardware:
1 Server with 1 NIC. Distri: openBSD 3.9 (i do not want to ruin the uptime )

I´ve set up tun devices, did the options, pptpd.conf, chap secrets, etc.

Unfortunately i get this error:
Oct 14 08:11:09 hugo ppp[11791]: Warning: iface rm: ioctl(SIOCDIFADDR_IN6, fe80:9::204:75ff:febe:fc96/64): Can't assign requested address

Here is my pptpd.conf:

option /etc/ppp/options-pptpd
localip 172.19.1.1
remoteip 172.19.1.30-50
# PID file (can be used for monitoring)
pidfile /var/run/pptpd.pid
noipparam

options-pptpd:

name pptpd
lock
mtu 1450
mru 1450
proxyarp
auth
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0

# Handshake Auth Method
+chap
+mschap-v2

# Data Encryption Methods
mppe required
remoteip 172.19.1.30-50

ppp.conf:

loop:
set timeout 0
set log phase chat connect lcp ipcp command
set device localhostptp
set dial
set login
set mppe * stateful
# Server (local) IP address, Range for Clients, and Netmask
# Use the same IP addresses you specified in /etc/pppd.conf :
set ifaddr 172.19.1.1 172.19.1.30-172.19.1.50 255.255.255.0
set server /tmp/loop "" 0177

loop-in:
set timeout 0
set log phase lcp ipcp command
allow mode direct
pptp:
load loop
# Disable unsecured auth
disable pap
disable chap
enable mschapv2
disable deflate pred1
deny deflate pred1
disable ipv6
accept mppe
enable proxy
accept dns
# DNS Servers to assign client
# Use your own DNS server IP address :
set dns 10.100.10.10
set device !/etc/ppp/secure

chap secret:

#username pptpd password *
oe1ssu pptpd YEP 172.19.1.30

pap secret:

# Secrets for authentication using PAP
# client server secret IP addresses
oe1ssu pptpd YEP 172.19.1.30

Ifconfig:

<root@hugo:47:~>$ ifconfig

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:04:75:be:fc:96
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 83.xxx.xxx.xx netmask 0xfffffff8 broadcast 83.xxx.xxx.xx
inet6 fe80::204:75ff:febe:fc96%xl0 prefixlen 64 scopeid 0x1
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=0<> mtu 1460
enc0: flags=41<UP,RUNNING> mtu 1536
tun1: flags=11<UP,POINTOPOINT> mtu 3000
groups: tun
tun2: flags=11<UP,POINTOPOINT> mtu 3000
groups: tun
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
groups: ppp
inet 0.0.0.0 --> 0.0.0.0 netmask 0xffffff00
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
groups: tun

I hope someone can help me. Fact is, i love openBSD and this is the very first time where i´ve not found a solutions in howtos, rtfms etc.

 

[MrMarv]

Hi,
im sorry not to be able to help you with poptop. Have you considered using OpenVPN?
Im not that into Radio to exactly know what your requirements are... why do you need to set up a VPN and how many and what kind of hosts schould be in the VPN?

Cheers!

 

[oe1ssu]

Hi MrMarv!

I need to use poptop because many other radio amateurs should be able to use their windows systems.

And pptp is quite easy.

I will test the whole setup with approximately 10 user. If everything is working well, i will setup new hardware with openBSD 4.6. (1 height unit with raid and some faster CPU)

Why pptp with samba?
On the Server i´ll have serveral pogramms, and some database which sould be available through samba. Many HAMs (=Radio amateur) are using Echolink, UIView, etc. where you can access database via mounted network device -> Samba

For security purpose i do not want anybody to access samba directly. Therefore i need the pptp tunnel.

Regardings to my systems, i do only use openBSD for all servers. (i am not mad to run public proxy on security sieve OS Workstation is Ubuntu 9.02.

If you have any questions regarding to radio amateur - please feel free. According to this i can realy help you.

 

[Schläfer]

ppp.conf:
set ifaddr 172.19.1.1 172.19.1.30-172.19.1.50 255.255.255.0

This is no legal syntax for ppp.
If you want to specify a range you have to use netmask style, e.g.

set ifaddr 172.19.1.1 172.19.1.32/28

should allow 172.19.1.32 through 172.19.1.63 for the peer.

 

[oe1ssu]

I think i´ve tried this already

# Server (local) IP address, Range for Clients, and Netmask
# Use the same IP addresses you specified in /etc/pppd.conf :
set ifaddr 172.19.1.1 172.19.1.32/28
set server /tmp/loop "" 0177

Here is the result:
/var/log/messages

Oct 14 15:33:04 hugo pptpd[11536]: GRE: read(fd=6,buffer=3c004a80,len=8196) from PTY failed: status = 0 error = No error
Oct 14 15:33:04 hugo pptpd[11536]: CTRL: PTY read or GRE write failed (pty,gre)=(6,5)
Oct 14 15:33:04 hugo ppp[14860]: Warning: iface rm: ioctl(SIOCDIFADDR_IN6, fe80:9::204:75ff:febe:fc96/64): Can't assign requested address
Oct 14 15:33:32 hugo ppp[23727]: Warning: iface rm: ioctl(SIOCDIFADDR_IN6, fe80:9::204:75ff:febe:fc96/64): Can't assign requested address