Re: PPTP Support



Robert & Dan,

I got a very useful response from James Cameron (the PPTP maintainer).
It looks like my correct course of action is to build a pppd plugin, which apparently are very version dependent, but I'm sure the packaging for a particular distro will be able to get around that. It seems a pppd plugin can solve both the chap-secrets and ip-up issue. I think I may be able to make nm-pptp-service-pptp-helper into a dbus aware pppd plugin thus solving it all in one. I'm looking onto this now. Doesn't seem too bad so far!

The VPN gateway IP issue is not yet so obvious. It may be that the plugin can solve that too, but I haven't quite figured that out yet. James made a suggestion about using netstat to find out the ip of the machine connected to port 1732 but that may be a little clumsy.
James has invited me to submit a patch for pptp if needed.

Also however, James suggested something I had thought of myself and have already implemented. That is that nm-pptp-service does a gethostbyname look up on the given VPN server name then passes the IP to pppd and remembers it for it's own routing purposes later. This appears to work just nicely.

tOnY


Robert Love wrote:

On Tue, 2005-11-22 at 11:33 -0500, Dan Williams wrote:

Yeah, this does rather suck.  But if pptp just calls pppd and doesn't
allow specification of stuff like a script file to run after everything
is done, etc, its going to be hard.  Hopefully there's a way to do this
without touching/moving stuff around...

In the case of the secrets file, I suppose you could write that data out
yourself, no?
I did this initially for vpnc before they added the 'options written to
stdin' option in 0.3.3 (which is why NM requires 0.3.3).  It works, but
of course its a security risk.  If there's no alternative though, it's
probably the best route.

Yah.  I am not so worried about the secrets file (although we ought to
work toward fixing that, too) but the ifup modifications needed:

       ipparam=$6
       if [ "$ipparam" == "nm-pptp-service" ]; then
       export route_vpn_gateway=$5
       export dev=$1
       export ifconfig_local=$4
       if [ -e /etc/ppp/resolv.conf ]; then
       export IP4_DNS=`grep '^nameserver[[:space:]]' /etc/ppp/resolv.conf | sed -e 's/^nameserver\s*\(.*\)/\1/' | xargs | sed -e 's/ /,/'`
       fi
       /usr/bin/nm-pptp-service-pptp-helper
       exit
       fi

I dunno if we can get distros to carry edits to /etc/ppp/ip-up.

Anyhow, Dan -- should we merge this or wait until some of the other
issues are resolved?  I have a copy in my tree that I can commit now, if
the former.

Antony is right in that "almost just works" is better than nothing, but
I also don't want to put a solution into the tree if it is far from what
we want.

	Robert Love






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]