Re: PPTP Support

[Antony J Mee <A J Mee ncl ac uk>]

Robert & Dan,

I got a very useful response from James Cameron (the PPTP maintainer).
It looks like my correct course of action is to build a pppd plugin, 
which apparently
are very version dependent, but I'm sure the packaging for a particular 
distro will be able to get around that.  It seems a pppd plugin can 
solve both the chap-secrets and ip-up issue. 

I think I may be able to make nm-pptp-service-pptp-helper into a dbus 
aware pppd plugin thus solving it all in one.  I'm looking onto this 
now. Doesn't seem too bad so far!

The VPN gateway IP issue is not yet so obvious.  It may be that the 
plugin can solve that too, but I haven't quite figured that out yet.  
James made a suggestion about using netstat to find out the ip of the 
machine connected to port 1732 but that may be a little clumsy. 

James has invited me to submit a patch for pptp if needed.

Also however, James suggested something I had thought of myself and have 
already implemented.  That is that nm-pptp-service does a gethostbyname 
look up on the given VPN server name then passes the IP to pppd and 
remembers it for it's own routing purposes later.  This appears to work 
just nicely.

tOnY


Robert Love wrote:

> On Tue, 2005-11-22 at 11:33 -0500, Dan Williams wrote:
>
>  
>
> > Yeah, this does rather suck.  But if pptp just calls pppd and doesn't
> > allow specification of stuff like a script file to run after everything
> > is done, etc, its going to be hard.  Hopefully there's a way to do this
> > without touching/moving stuff around...
> >
> >    
> >
> > > In the case of the secrets file, I suppose you could write that data out
> > > yourself, no?
> > >      
> > I did this initially for vpnc before they added the 'options written to
> > stdin' option in 0.3.3 (which is why NM requires 0.3.3).  It works, but
> > of course its a security risk.  If there's no alternative though, it's
> > probably the best route.
> >    
>
> Yah.  I am not so worried about the secrets file (although we ought to
> work toward fixing that, too) but the ifup modifications needed:
>
>        ipparam=$6
>        if [ "$ipparam" == "nm-pptp-service" ]; then
>        export route_vpn_gateway=$5
>        export dev=$1
>        export ifconfig_local=$4
>        if [ -e /etc/ppp/resolv.conf ]; then
>        export IP4_DNS=`grep '^nameserver[[:space:]]' /etc/ppp/resolv.conf | sed -e 's/^nameserver\s*\(.*\)/\1/' | xargs | sed -e 's/ /,/'`
>        fi
>        /usr/bin/nm-pptp-service-pptp-helper
>        exit
>        fi
>
> I dunno if we can get distros to carry edits to /etc/ppp/ip-up.
>
> Anyhow, Dan -- should we merge this or wait until some of the other
> issues are resolved?  I have a copy in my tree that I can commit now, if
> the former.
>
> Antony is right in that "almost just works" is better than nothing, but
> I also don't want to put a solution into the tree if it is far from what
> we want.
>
> 	Robert Love
>
>
>