PPTPD -- Client Cannot Anything Other Then The PPTPD Server After Connect
Jan 8, 2008
I'm having a problem with PPTPD.
I can connect to the server fine but after connecting I cannot access anything other then the server's ssh.
I currently tried the following:
arp --set 192.168.11.100 5A:82:AC:3D:B9:FD pub
192.168.11.100 --> Client Allocated Address by PPTPD Server
5A:82:AC:3D:B9:FD --> MAC Address of PPTPD Server
######################################
# $Id: pptpd.conf,v 1.10 2006/09/04 23:30:57 quozl Exp $
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
######################################
# TAG: ppp
# Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
ppp /usr/sbin/pppd
# TAG: option
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd
# TAG: debug
# Turns on (more) debugging to syslog
#
debug
# TAG: stimeout
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10
# TAG: noipparam
# Suppress the passing of the client's IP address to PPP, which is
# done by default otherwise.
#
#noipparam
# TAG: logwtmp
# Use wtmp(5) to record client connections and disconnections.
#
logwtmp
# TAG: bcrelay <if>
# Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth1
# TAG: delegate
# Delegates the allocation of client IP addresses to pppd.
#
# Without this option, which is the default, pptpd manages the list of
# IP addresses for clients and passes the next free address to pppd.
# With this option, pptpd does not pass an address, and so pppd may use
# radius or chap-secrets to allocate an address.
#
# delegate
# TAG: connections
# Limits the number of client connections that may be accepted.
#
# If pptpd is allocating IP addresses (e.g. delegate is not
# used) then the number of connections is also limited by the
# remoteip option. The default is 100.
connections 100
# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
#
# These options are ignored if delegate option is set.
#
# Any addresses work as long as the local machine takes care of the
# routing. But if you want to use MS-Windows networking, you should
# use IP addresses out of the LAN address space and use the proxyarp
# option in the pppd options file, or run bcrelay.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than the value of connections,
# it will start at the beginning of the list and go until it
# gets connections IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
localip 192.168.11.200
remoteip 192.168.11.100-199
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
Code:
[root@* ~]# cat /etc/ppp/options.pptpd
##########################################
# $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $
#
# Sample Poptop PPP options file /etc/ppp/options.pptpd
# Options used by PPP when a connection arrives from a client.
# This file is pointed to by /etc/pptpd.conf option keyword.
# Changes are effective on the next connection. See "man pppd".
#
# You are expected to change this file to suit your system. As
# packaged, it requires PPP 2.4.2 and the kernel MPPE module.
#########################################
# Authentication
# Name of the local system for authentication purposes
# (must match the second field in /etc/ppp/chap-secrets entries)
name pptpd
# Strip the domain prefix from the username before authentication.
# (applies if you use pppd with chapms-strip-domain patch)
#chapms-strip-domain
# Encryption
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use.)
# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
# {{{
refuse-pap
refuse-chap
refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
require-mppe-128
# }}}
# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o
# {{{
#-chap
#-chapms
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
#+chapms-v2
# Require MPPE encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#mppe-40 # enable either 40-bit or 128-bit, not both
#mppe-128
#mppe-stateless
# }}}
# Network and Routing
# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients. The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
# If pppd is acting as a server for Microsoft Windows or "Samba"
# clients, this option allows pppd to supply one or two WINS (Windows
# Internet Name Services) server addresses to the clients. The first
# instance of this option specifies the primary WINS address; the
# second instance (if given) specifies the secondary WINS address.
#ms-wins 10.0.0.3
#ms-wins 10.0.0.4
# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system. This will have the effect of making the peer appear to other
# systems to be on the local ethernet.
# (you do not need this if your PPTP server is responsible for routing
# packets to the clients -- James Cameron)
proxyarp
# Normally pptpd passes the IP address to pppd, but if pptpd has been
# given the delegate option in pptpd.conf or the --delegate command line
# option, then pppd will use chap-secrets or radius to allocate the
# client IP address. The default local IP address used at the server
# end is often the same as the address of the server. To override this,
# specify the local IP address here.
# (you must not use this unless you have used the delegate option)
#10.8.0.100
# Logging
# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
#debug
# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
#dump
# Miscellaneous
# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
# access.
lock
# Disable BSD-Compress compression
nobsdcomp
# Disable Van Jacobson compression
# (needed on some networks with Windows 9x/ME/XP clients, see posting to
# poptop-server on 14th April 2005 by Pawel Pokrywka and followups,
# [url]novj
novjccomp
# turn off logging to stderr, since this may be redirected to pptpd,
# which may trigger a loopback
nologfd
# put plugins here
# (putting them higher up may cause them to sent messages to the pty)
so the first thing it must to be all server's ip that i want to connect to the domain companynamedns.com in www A record and mx record too
and if u ping to companynamedns.com every time it give you random ip [cuz i put www a record for more than server with same one domain name]
so this way not very cleard for me and i want to know
how can i add the www a record?
should i create a dns zone in any server but this entry in one server in whm [note i use cpanel/whm]?
and put the www A record with new domain name companynamedns.com for every time i get a new server like i add www A record this
companynamedns.com 1 A 192.168.1.1 14400s companynamedns.com 1 A 10.0.0.1 14400s companynamedns.com 1 A 10.10.10.1 14400s companynamedns.com 1 A 11.11.11.1 14400s
should i but all ns record in the dns zone in whm?
[note : there is another company make this trick and he have alot of name server NS but i didn't see all registred in dns records only 2 NS for the site And pointed to one server only]
so how can the client connect the the server with ns that the main domain name companynamedns.com already did't added the others NS in the dns zone
like A client make the nameserver for his site is
ns22.companynamedns.com ns23.companynamedns.com
but the DNS Records for the companynamedns.com is ONLY
s1.companynamedns.com s2.companynamedns.com
so how the ns22 and ns23 working and it didn't even added in the dns zone in the main domain companynamedns.com
maybe he add all the name server he want in the domain control panel in the child name server only not in the name server but i think it didn't work it must be add in the name server too
i really going to be CRAZY for this
this trick is the right way to connect more than server with one domain name
i colored the thread to read and get my idea easy and i really need expert help me with that issue
# telnet mail.domain.com 25 Trying xxx.xxx.xx.xx... telnet: connect to address xxx.xxx.xx.xx: Connection refused telnet: Unable to connect to remote host: Connection refused but when it's
# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.domain.com ESMTP it connects. I don't have a firewall
My Plesk 11.5 server will not connect to my SQL 2008 server. It runs on a Windows 2008 server. I have turned the Windows firewall off. The servers are on the same IP subnet. I can ping the SQL server by name and address, remotely Login successfully using SQL management studio, and map a share to a drive.
The SQL server is in Mixed Mode. I can telnet to port 1433 and login. The SQL server has TCP/IP enabled. Connections made by web sites - mostly ASP driven - connect normally. The Plesk console fails to connect with the following error -
Error: Test connection to the database server has failed because of network problems:
Get database server version failed: Login failed for user '????'.
I have a few users that have a hosting account with me and are trying to connect to their own MySQL servers elsewhere. Both said that they are able to connect to the MySQL server with other hosting accounts but not the ones hosted with me. I asked if they had setup permissions to allow remote connections from my server and they confirmed that they did.
What am I missing? Do I need to configure my firewall somehow? I figured the connection is just using port 80 since it's from an PHP script right?
My server works perfectly with INSERT, UPDATE, DELETE for mysql. but after like 12 hours later, my application crashes and I get this "Can't connect to MySQL server on 'localhost' (10055)" and I would have to restart my applications and everything will be working perfectly.
Do you guys have any idea why this happen?
I do have a lot of connections coming in and out of my server. Would that mean anything?
mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) /home/thesymbi/public_html/includes/class_core.php on line 274
For some reason, one of the servers can't connect to my mail server. Whenever a user tries to send email from that server to my server, the message won't go through and I see the following in the logs (var/log/exim/mainlog):
2007-02-13 23:56:06 SMTP connection from (***.ca) [***.***.***.***] lost while reading message data (header)
this problem occurs only with this ***.ca mail server (as far as I know).
In fact, trying dnsreport.com tool on any of my server domains, I am getting the error message
"ERROR: I could not complete a connection to any of your mailservers!
******.com: Timed out [Last data sent: RCPT TO: ]
If this is a timeout problem, note that the DNS report only waits about 40 seconds for responses, so your mail *may* work fine in this case but you will need to use testing tools specifically designed for such situations to be certain.
2wire BT router (Firmware 6.1.1) 1 Server (Dell) Hardware with NICs (Server is connected to router via Ethernet Cable) 5 Static Ip addresses purchased from BT Server OS is Centos 5.2
All laptops (5) are able to connect to the net wirelessly. I just did a standard installation of the Centos following [url]
I then tried Code: yum update but it times out. I have no remote access to the server. I can only connect when i am on the router. I have seached, read and tried so many sites and commands but it just is not working. I have had this problem for about a 6 days.
Its a long story but basically this server setup has become a nemesis.
I don't mind providing remote access to the server and router admin page if needed. I am in London btw.
Is there any way to disallow connections to SEND mail FROM my server to specific IPs? (Similarly to how you can limit connections to sshd from certain IPs)
I realize I cannot disable everything completely, as yahoo and the likes will have to connect to deliver mail. But no one of any use is going to try and connect to send mail, but a spammer.
No one has gotten in and abused it as of yet (knock on wood), but SMTP is being restarted at random and I can only imagine that this is being caused by one of these scumbags probably ddos'ing me. It takes eons to browse these logs, even if they restart via logrotate periodically!
I recently upgraded to 12.0.18 and I am using Roundcube 1.0 from the panel. I read that the "Unable to connect to sieve serve" problem would be solved in version 12.It seems not. What to do?
some clients on server couldn't access vb sometimes. this error occured
HTML Code: [B]Forbidden[/B]
You don't have permission to access /vb/showthread.php on this server. So I checked /usr/local/apache/logs/error_log and found this error
Code: client denied by server configuration: /home/USER_NAME/public_html/vb/showthread.php what does it mean, and How it was happened sometimes not all time?
Lately my users have been getting 403 and 404 errors for pages that are on the server and have the correct permissions. when I look in cpanel in the error logs I see the error:
Mon Mar 26 12:43:09 2007] [error] [client 216.x.x.x client denied by server configuration: /home/xxxx/public_html/acronyms.php
oot@server [/]# rndc status rndc: connect failed: 127.0.0.1#953: connection refused
root@server [/]# /etc/init.d/named status rndc: connect failed: 127.0.0.1#953: connection refused named is stopped
root@server [/]# /scripts/fixndc Named could not be restarted, any obvious config errors should show up below this line. No critical problems found, will attempt to regenerate keys regardless. warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused Creating rndc.conf Creating /etc/rndc.key warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused Restarting named warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused /scripts/fixrndc failed to fix the rndc key (or named is otherwise broken), please investigate manually
and i have try to reload the rndc but i got this error :
I am having trouble connecting to my ssh server. It responds with a lengthy error message about no network etc. but it is the last message that concerns me:
Sometimes, such troubles can be caused by a misconfigured firewall.
How can I check the firewall if I cannot connect to ssh? I am running plesk 11.5 control panel and CentOS 6. Is this something I can do from plesk?
I can see that the firewall in plesk is set to allow all for ssh, but I cannot see way to disable the firewall to test ssh connection. Can this be done from plesk?