I try to setup a PPTP VPN server on Centos 7 and from client a router Vodafone Station (Firmware 5.4.8.1.316.1.21) On c7 I have install this: [root@s-virt tmp]# rpm -q pptpd ppppptpd-1.4.0-2.el7.x86_64ppp-2.4.5- 33.el7.x86_64 and setup all file and firewall like howto say.This now is my config: /etc/pptpd.conf:option /etc/ppp/options.pptpd/etc/pptpd.conf:logwtmp/etc/pptpd.conf:localip 192.168.11.1/etc/pptpd.conf:remoteip 192.168.11.100- 109/etc/ppp/options.pptpd:name pptpd/etc/ppp/options.pptpd:refuse- pap/etc/ppp/options.pptpd:refuse-chap/etc/ppp/options.pptpd:refuse- mschap/etc/ppp/options.pptpd:require-mschap- v2/etc/ppp/options.pptpd:require-mppe- 128/etc/ppp/options.pptpd:lock/etc/ppp/options.pptpd:nobsdcomp /etc/ppp /options.pptpd:novj/etc/ppp/options.pptpd:novjccomp/etc/ppp/options.ppt pd:nologfd/etc/ppp/chap-secrets:myuser pptpd mypass *
The connection from V.S. router to my c7 server work:mar 26 12:50:28 s- virt.ansaldi.loc pptpd[26782]: CTRL: Client x.x.x.x control connection startedmar 26 12:50:28 s-virt.ansaldi.loc pptpd[26782]: CTRL: Starting call (launching pppd, opening GRE)mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: pppd 2.4.5 started by root, uid 0mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Using interface ppp0mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Connect: ppp0 <--> /dev/pts/19mar 26 12:50:28 s-virt.ansaldi.loc NetworkManager[1026]: <info> [1522061428.6946] manager: (ppp0): new Generic device (/org/freedesktop/NetworkManager/Devices/40)mar 26 12:50:28 s- virt.ansaldi.loc pppd[26783]: peer from calling number x.x.x.x authorizedmar 26 12:50:31 s-virt.ansaldi.loc pppd[26783]: MPPE 128-bit stateless compression enabledmar 26 12:50:34 s-virt.ansaldi.loc pppd[26783]: local IP address 192.168.11.1mar 26 12:50:34 s- virt.ansaldi.loc pppd[26783]: remote IP address 192.168.11.100 But when I try to connect from a client (through the V. S. router) to my server via VPN, or ping it, on 4 ping only two work, and into log of server I see this error when the ping fail.
mar 26 12:00:50 s-virt.ansaldi.loc kernel: mppe_decompress[0]: FLUSHED bit not set in stateless mode!
Someone have some suggest to resolve this problem ? Many thanks
I have also try to use this VPN connection from my Fedora Workstation and all work fine, seem a problem of router Vodafone Station.
This is a ping from server to V.S. when the V.S. is connected:
[root@s-virt tmp]# ping 192.168.11.100 PING 192.168.11.100 (192.168.11.100) 56(84) bytes of data. 64 bytes from 192.168.11.100: icmp_seq=1 ttl=64 time=63.3 ms mar 26 15:33:06 s-virt.ansaldi.loc kernel: mppe_decompress[0]: FLUSHED bit not set in stateless mode! 64 bytes from 192.168.11.100: icmp_seq=3 ttl=64 time=76.4 ms mar 26 15:33:08 s-virt.ansaldi.loc kernel: mppe_decompress[0]: FLUSHED bit not set in stateless mode! 64 bytes from 192.168.11.100: icmp_seq=5 ttl=64 time=63.8 ms mar 26 15:33:10 s-virt.ansaldi.loc kernel: mppe_decompress[0]: FLUSHED bit not set in stateless mode! 64 bytes from 192.168.11.100: icmp_seq=7 ttl=64 time=63.9 ms ^C --- 192.168.11.100 ping statistics --- 7 packets transmitted, 4 received, 42% packet loss, time 6002ms rtt min/avg/max/mdev = 63.364/66.895/76.414/5.508 ms
Many thanks
Il giorno lun, 26/03/2018 alle 13.03 +0200, Dario Lesca ha scritto:
I try to setup a PPTP VPN server on Centos 7 and from client a router Vodafone Station (Firmware 5.4.8.1.316.1.21)
On c7 I have install this:
[root@s-virt tmp]# rpm -q pptpd ppp pptpd-1.4.0-2.el7.x86_64 ppp-2.4.5-33.el7.x86_64
and setup all file and firewall like howto say. This now is my config:
/etc/pptpd.conf:option /etc/ppp/options.pptpd /etc/pptpd.conf:logwtmp /etc/pptpd.conf:localip 192.168.11.1 /etc/pptpd.conf:remoteip 192.168.11.100-109 /etc/ppp/options.pptpd:name pptpd /etc/ppp/options.pptpd:refuse-pap /etc/ppp/options.pptpd:refuse-chap /etc/ppp/options.pptpd:refuse-mschap /etc/ppp/options.pptpd:require-mschap-v2 /etc/ppp/options.pptpd:require-mppe-128 /etc/ppp/options.pptpd:lock /etc/ppp/options.pptpd:nobsdcomp /etc/ppp/options.pptpd:novj /etc/ppp/options.pptpd:novjccomp /etc/ppp/options.pptpd:nologfd /etc/ppp/chap-secrets:myuser pptpd mypass *
The connection from V.S. router to my c7 server work:
mar 26 12:50:28 s-virt.ansaldi.loc pptpd[26782]: CTRL: Client x.x.x.x control connection started mar 26 12:50:28 s-virt.ansaldi.loc pptpd[26782]: CTRL: Starting call (launching pppd, opening GRE) mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded. mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: pppd 2.4.5 started by root, uid 0 mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Using interface ppp0 mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Connect: ppp0 <--> /dev/pts/19 mar 26 12:50:28 s-virt.ansaldi.loc NetworkManager[1026]: <info> [1522061428.6946] manager: (ppp0): new Generic device ( /org/freedesktop/NetworkManager/Devices/40) mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: peer from calling number x.x.x.x authorized mar 26 12:50:31 s-virt.ansaldi.loc pppd[26783]: MPPE 128-bit stateless compression enabled mar 26 12:50:34 s-virt.ansaldi.loc pppd[26783]: local IP address 192.168.11.1 mar 26 12:50:34 s-virt.ansaldi.loc pppd[26783]: remote IP address 192.168.11.100
But when I try to connect from a client (through the V. S. router) to my server via VPN, or ping it, on 4 ping only two work, and into log of server I see this error when the ping fail.
mar 26 12:00:50 s-virt.ansaldi.loc kernel: mppe_decompress[0]:
FLUSHED bit not set in stateless mode!
Someone have some suggest to resolve this problem ?
Many thanks
On 03/26/2018 04:03 AM, Dario Lesca wrote:
I try to setup a PPTP VPN server on Centos 7
If you have ANY other option, do not use PPTP. If your client router supports IPSec, it will be vastly more secure.
PPTP's encryption handshake uses a key derived from the password. It is extremely weak, and (IIRC) if it is cracked, the attacker will know the password that you used, which may give them insight to further attack your network.
Il giorno lun, 26/03/2018 alle 07.19 -0700, Gordon Messmer ha scritto:
If your client router supports IPSec, it will be vastly more secure.
Yes, the router have IPsec. Then I power off PPTP and configure and enable IPsec
Many thanks
-
Dario Lesca -
Gordon Messmer