pptpd start fails after online update

Hi,

my pptpd does not start any more after an online update with a kernel
update.
Before update it was version 2.4.21-199 and after 2.4.21-202 AFAIK.
The Error message is as follows:

Starting MS VPN server pptpdmodprobe: Can't open dependencies file
/lib/modules/2.4.21-199-athlon/modules.dep (No such file or directory)

In fact there is no dir "2.4.21-199-athlon" in "/lib/modules/" but
there is the dir "2.4.21-202-athlon" which also has the file
"modules.dep" in it. Thats surely because of the kernel update. But
now i really don't have any idea what to do. I reinstalled the pptpd
package but with no effect.

Would be very very nice for getting help.

REGARDS

Jochen Demmer

Jochen Demmer wrote:

> my pptpd does not start any more after an online update with a kernel
> update.
> Before update it was version 2.4.21-199 and after 2.4.21-202 AFAIK.

Did you remember to patch your kernel for the mppe module? Mppe is not
included in the vanilla kernel so that might be your problem.

HTH,

Uli

Hi,

thanks for your answer, but it actually does not help because i don't know
how to prepare the kernel for the mppe-module. Was it a mistake to update my
kernel at least? I guess with the vanilla kernel you mean the version
2.4.21-202, right? In fact I plan to upgrade my kernel to a newer version
than 2.4.25 because of the known security problems with ISO9660 and dynamic
links. What to do for getting both things work, the new kernel and the
pptpdaemon?

Thanks very much,

Jochen Demmer

"Ulrich Wurst" <(E-Mail Removed)> schrieb im Newsbeitrag
news:c5rip9$oth$07$(E-Mail Removed)...
> Jochen Demmer wrote:
>
> > my pptpd does not start any more after an online update with a kernel
> > update.
> > Before update it was version 2.4.21-199 and after 2.4.21-202 AFAIK.
>
> Did you remember to patch your kernel for the mppe module? Mppe is not
> included in the vanilla kernel so that might be your problem.
>
> HTH,
>
> Uli

Jochen Demmer wrote:

> thanks for your answer, but it actually does not help because i don't know
> how to prepare the kernel for the mppe-module.

How did you create to mppe Module for the old kernel? Or was that the
original kernel that came with the distribution?


> I guess with the vanilla kernel you mean the version 2.4.21-202, right?

No, the vanilla kernel is the unpatched original 2.4.21 Kernel from
www.kernel.org. The "-202" hints that the kernel is modified by the
maintainer from your Linux distribution (which one do you use?).


> What to do for getting both things work, the new kernel and the
> pptpdaemon?
>

You find the patch and all necessary information at
http://www.polbox.com/h/hs001/
I suggest you try to find a patch for your distribution first (if there
is one). On debian this would be the kernel-patch-mppe package, on other
distributions I don't know.

Note that I highly recommend against using PPTP since it is rather
insecure. You'd best move on IPSEC/L2TP or if you find that too
complicated (it is!) you could try OpenVPN (http://openvpn.sf.net) for a
easily installed VPN-Tool (no kernel patches required) that also offers
a Windows-Port.
I use OpenVPN at all my clients to allow homeworkers and roadwarriors to
connect to the companies networks.

HTH,

Uli

Thanks again!

> How did you create to mppe Module for the old kernel? Or was that the
> original kernel that came with the distribution?

I did not create it, it must have been integrated. I'm using Suse Linux 9.0.


> You find the patch and all necessary information at
> http://www.polbox.com/h/hs001/
> I suggest you try to find a patch for your distribution first (if there
> is one). On debian this would be the kernel-patch-mppe package, on other
> distributions I don't know.

I cannot find a patch which is for my suse linux or is the right
kernel-version the only property i have to look for? In addition i nevery
compiled a kernel by myself and i never made changes in the kernel by
myself. I'm a little bit unsure and frightened of destroying something.


> Note that I highly recommend against using PPTP since it is rather
> insecure. You'd best move on IPSEC/L2TP or if you find that too
> complicated (it is!) you could try OpenVPN (http://openvpn.sf.net) for a
> easily installed VPN-Tool (no kernel patches required) that also offers
> a Windows-Port.
> I use OpenVPN at all my clients to allow homeworkers and roadwarriors to
> connect to the companies networks.

Am using PPTP because it's simple. Security is not so important. Originally
i only want to connect two LANs over Internet to one "virtual LAN". There is
no sensitive Data beeing transfered. Though i will have a look to OpenVPN.
Thx

Jochen Demmer

Jochen Demmer wrote:

> I cannot find a patch which is for my suse linux or is the right
> kernel-version the only property i have to look for?

There could be a collision between the mppe-patch and those the vendor
(SuSE) already applied although I don't think so since the mppe patch
doesn't modify too many files.
Probably a patch for an other version (best try one not too far from you
current kernel-version) will work, too.

> I'm a little bit unsure and frightened of destroying something.
>

Then OpenVPN will be the better choice for you, since the only
kernel-stuff it depends on is the TAP or TUN device that is in the
vanilla kernel for some time. No risc to break something, here.

Uli

Hi,

i downed the patch but though i read the installation-instructions i don't
have any idea what to do now. Again sorry for my lack of knowledge ;-)
I read that I shall download the pppd and install it? Why That?
Then I read: apply the patches. I would, if I knew how...
Got a file named "linux-2.4.21-mppe-mppc-0.98.patch" which i think fits best
for my kernel version.
What to do with that file?
Furthermore i read something about compiling my kernel and the pppd. The
only thing i compiled in my life was some software packages by typing these
things into the shell: ./configure -> make config -> make install
Compiling Kernel... uh oh... Should i forget it and better reinstall my
system???

Thanks,

Jochen Demmer


> There could be a collision between the mppe-patch and those the vendor
> (SuSE) already applied although I don't think so since the mppe patch
> doesn't modify too many files.
> Probably a patch for an other version (best try one not too far from you
> current kernel-version) will work, too.

Jochen Demmer wrote:

> i downed the patch but though i read the installation-instructions i don't
> have any idea what to do now. Again sorry for my lack of knowledge ;-)
> I read that I shall download the pppd and install it? Why That?

The PPPD does not support MPPE out-of-the-box, but since it worked
before the kernel update you can skip the pppd-part (you already have a
patched pppd that supports mppe and was patched by SuSE).

> Then I read: apply the patches. I would, if I knew how...
> Got a file named "linux-2.4.21-mppe-mppc-0.98.patch" which i think fits best
> for my kernel version. What to do with that file?

OK, lets do this step by step

first unpack your kernel to /usr/src/linux-2.4.25 and create a symbolic
link /usr/src/linux to this directory. Download the patch-file to
/usr/src/linux-2.4.25-mppe-mppc-0.98.patch.gz and change into the
/usr/src/linux directory.
Now type "zcat ../linux-2.4.25-mppe-mppc-0.98.patch.gz | patch -p1"
this should result in the output:

patching file drivers/net/Config.in
patching file drivers/net/Makefile
patching file drivers/net/ppp_generic.c
patching file drivers/net/ppp_mppe_crypto.c
patching file drivers/net/ppp_mppe_crypto.h
patching file drivers/net/ppp_mppe_mppc_comp.c
patching file include/linux/ppp-comp.h

otherwise something went wrong.

OK, you patched your kernel for mppe-Support, now you will have to
compile it. You probably want to keep your configuration so you have to
find your current configuration file. In a debian-System this is in
/boot/config-2.4.xy. on SuSE I should expect likewise. Copy it into the
linux sourcedirectory:
"cp /boot/config-2.4.18 /usr/src/linux/.config;make oldconfig"

If the new kernel has options your old one didn't have (new
hardwaredrivers and so on) you will be prompted for what to do with
those new options. Usually it is safe just to press enter here to use
the defaults. If you want to further configure the kernel type "make
menuconfig" or "make xconfig" if you are in a X-Environment.

Now that you configured your new kernel you have to build it. Type
"make dep clean bzImage modules modules_install"
This will take a while.

As the last step take your new kernel into the boot directory:
"cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.25" and modifiy your
bootloader /etc/lilo.conf or grub (don't know which one SuSE currently
uses). Don't forget to update lilo (by running "lilo") AFAIK this is not
required for grub but then I never used it.

> Should i forget it and better reinstall my system???
>

I do repeat myself, but you can save you all this trouble by using
OpenVPN or any other userspace VPN.

Uli

"Ulrich Wurst" <(E-Mail Removed)> schrieb im Newsbeitrag
news:c61fuk$pqv$04$(E-Mail Removed)...

I installed openVPN. My plan is to connect two LAN, both using the same
subnet (192.168.0.0/24).
Both LAN are connected to the I-Net via an ADSL-Router doing Network Adress
Translation.
Both Routers are able to do ip-forwarding. Both ISP disconnect/reconnect
every 24h and are giving a new IP-Address to the Routers.

In my LAN there is the the Linux-Server with OpenVPN. In The other LAN there
is 'only' a windows (xp)-client which should get in my subnet by connecting
to my Linux-Server.

Is this a realistic idea to connect these LAN via openVPN.
I should do "Routed IP Tunnel", not "Bridged Ethernet Tunnels", should I?

Pre-Thanks,

Jochen Demmer

Jochen Demmer wrote:
> I installed openVPN. My plan is to connect two LAN, both using the same
> subnet (192.168.0.0/24).

So you cannot use the routed tunnel, you have to use the bridged
ethernet tunnel as described in http://openvpn.sourceforge.net/bridge.html

> Both LAN are connected to the I-Net via an ADSL-Router doing Network Adress
> Translation.

As long as you can forward the used port(s) at the serverside from the
ADSL-Router to your OpenVPN Gateway this is no problem.

> Both ISP disconnect/reconnect every 24h and are giving a new IP-Address to
> the Routers.

This is also no problem. You will have to configure the ADSL-Router at
the serverside to register it's new IP-Adress into some DynDNS service.
You use this DynDNS-Adress in the "remote <myserver.dyndns.org>" line of
your client. Of course you will have to make sure that your serverside
is connected to the internet all the time (immediate reconnect after the
disconnection after 24h)

> In my LAN there is the the Linux-Server with OpenVPN. In The other LAN there
> is 'only' a windows (xp)-client which should get in my subnet by connecting
> to my Linux-Server.
>

That is no problem at all. This is the typical roadwarrior/homeoffice
situation. OpenVPN runs fine in this configuration.
A word of advice: since most ADSL-connections use PPPOE and PPPOE
decreases the maximum allow paket size you will have the use

link-mtu 1500
mssfix 1400
fragment 1400

However I never used to TAP-Mode (always the TUN-Mode), so I am not sure
if this is required in your setup. Leave it out and try if your tunnel
works. If "pings" work, but filetransfer or terminalserver-access
doesn't, these lines will probably correct it.

> I should do "Routed IP Tunnel", not "Bridged Ethernet Tunnels", should I?
>

No, the Routed IP-Tunnel will not work if your lokal network and the
remote one are the same. You will have the use the TAP-Mode which is
basically a very long virtual ethernet cable through the internet
between your client and the OpenVPN-Server.
The advantage of the TAP-Device-Mode is, that you can use it to
transport protocols other than IP and that it supports broadcasts (which
is also bad since this means that the broadcasts from your
office-network are transmitted through your VPN but usually this won't
use too much bandwidth).
The faq at http://openvpn.sourceforge.net/faq.html tells you more on
this subject.

Uli