• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Need help with PPTP on centos with IPV6 !

Started by Ahmed M. H. Alzaeem, August 18, 2014, 04:10:31 AM

Previous topic - Next topic

Ahmed M. H. Alzaeem

hi all ,
im trying to establish ipv6 over pptp on centos 6.5
======================
actually i coould get ipv6 when i run radvd many times after the user get authenticated but that seems not fine.

so , i tried to use somethink like script that will run the radvd when the use get logged in
===================
now agian , all my needs is , i need the user get both ipv4 & ipv6  & DNS from the server.
right now , only the ipv4 works fine ,but ipv6 not fine.
but i can always can own ipv6 link local address and can ping the pptp server link local addresss , but the gloab address ...not always works !
============================================
here is sample of logs :
Aug 18 14:29:01 centOS pptpd[1247]: CTRL: Client 188.161.107.179 control connection started
Aug 18 14:29:02 centOS pptpd[1247]: CTRL: Starting call (launching pppd, opening GRE)
Aug 18 14:29:02 centOS pppd[1248]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Aug 18 14:29:02 centOS pppd[1248]: pppd 2.4.5 started by root, uid 0
Aug 18 14:29:02 centOS pppd[1248]: Using interface ppp0
Aug 18 14:29:02 centOS pppd[1248]: Connect: ppp0 <--> /dev/pts/1
Aug 18 14:29:05 centOS pppd[1248]: peer from calling number 188.161.107.179 authorized
Aug 18 14:29:06 centOS pppd[1248]: MPPE 128-bit stateless compression enabled
Aug 18 14:29:07 centOS pppd[1248]: local  LL address fe80::0000:0000:0000:0001
Aug 18 14:29:07 centOS pppd[1248]: remote LL address fe80::6059:e02c:3d9e:a552
Aug 18 14:29:08 centOS pppd[1248]: Cannot determine ethernet address for proxy ARP
Aug 18 14:29:08 centOS pppd[1248]: local  IP address 172.16.36.1
Aug 18 14:29:08 centOS pppd[1248]: remote IP address 172.16.36.2
==================================================

so , i followed the article in :
http://superuser.com/questions/590865/routing-ipv6-traffic-through-debian-pptpd-into-hurricane-electrics-ipv6-tunnel

=============
i will post my config for pptpv6


[root@centOS ipv6-radvd]# ls -l /etc/ppp
total 44
-rw------- 1 root root   98 Aug 18 01:20 chap-secrets
-rw------- 1 root root  349 Oct 23  2013 eaptls-client
-rw------- 1 root root  405 Oct 23  2013 eaptls-server
-rw-r--r-- 1 root root   31 Aug 18 12:55 ipv6-addr
drwxr-xr-x 2 root root 4096 Aug 18 13:50 ipv6-down.d
drwxr-xr-x 2 root root 4096 Aug 18 13:49 ipv6-radvd
drwxr-xr-x 2 root root 4096 Aug 18 13:23 ipv6-up.d
-rw-r--r-- 1 root root    5 Nov 17  2009 options
-rw-r--r-- 1 root root 4492 Aug 18 13:19 options.pptpd
-rw------- 1 root root   77 Nov 17  2009 pap-secrets
====================================================
[root@centOS ipv6-radvd]# cat /etc/ppp/ipv6-down.d/setupradvd
#!/bin/bash
RAP=/etc/ppp/ipv6-radvd/$IFNAME
kill `cat $RAP.pid` || true
rm -f $RAP.*

=====================================================
[root@centOS ipv6-radvd]# cat /etc/ppp/ipv6-up.d/setupradvd
#!/bin/bash
ADDR=$(grep ^$PEERNAME: /etc/ppp/ipv6-addr |cut -f 2 -d :)
if test x$ADDR == x ; then
echo "No IPv6 address found for user $PEERNAME"
exit 0
fi

# We'll assign the user a /64 prefix.
# I'm using a Hurricane Electric-assigned /48 prefix.

# Operating systems seem to expect to be able to assign the
# last 64 bits of the address (based on ethernet MAC address
# or some other identifier). So try to obtain a /48 prefix.

# If you only have a /64 bit prefix, you can try to assign a
# /80 prefix to your remote users. It works, but I'm only now
# trying to enable these users to have routing.

USERPREFIX=2001:470:XXXX:$ADDR
USERPREFIXSIZE=64
USERPREFIXOURADDRESS=1
USERPREFIXUSERADDRESS=2

# Add the address for your side of the tunnel to the PPP device.
ifconfig $IFNAME add $USERPREFIX::$USERPREFIXOURADDRESS/$USERPREFIXSIZE

# establish new route
# (when a packet is directed toward user subnet, send it to user ip)
route -6 add $USERPREFIX::/$USERPREFIXSIZE gw $USERPREFIX::$USERPREFIXUSERADDRESS

#generate radvd config
RAP=/etc/ppp/ipv6-radvd/$IFNAME
RA=$RAP.conf
echo interface $IFNAME >$RA
echo '{ AdvSendAdvert on; MinRtrAdvInterval 5; MaxRtrAdvInterval 100;' >>$RA
echo ' prefix' $USERPREFIX::/$USERPREFIXSIZE '{};' >>$RA

# Instead of your DNS...
#echo ' RDNSS $USERPREFIX::$USERPREFIXOURADDRESS {}; };' >>$RA
# ...try assigning the Google DNS :)
echo ' RDNSS 2001:4860:4860::8888 {}; }; ' >> $RA

# The creation of radvd configuration could be more readable, but whatever.

# Start radvd
/usr/sbin/radvd -C $RA -p $RAP.pid

exit 0

========================
[root@centOS ipv6-radvd]# ls -l /etc/ppp/
chap-secrets   eaptls-client  eaptls-server  ipv6-addr      ipv6-down.d/   ipv6-radvd/    ipv6-up.d/     options        options.pptpd  pap-secrets   
==============================
[root@centOS ipv6-radvd]# ls -l /etc/ppp/ipv6-radvd/
total 0
==============================================
[root@centOS ipv6-radvd]# /etc/init.d/radvd status
radvd is stopped

====================================================
[root@centOS ipv6-radvd]# cat /etc/radvd.conf
# NOTE: there is no such thing as a working "by-default" configuration file.
#       At least the prefix needs to be specified.  Please consult the radvd.conf(5)
#       man page and/or /usr/share/doc/radvd-*/radvd.conf.example for help.
#
#
#interface eth0
#{
#       AdvSendAdvert on;
#       MinRtrAdvInterval 30;
#       MaxRtrAdvInterval 100;
#       prefix 2001:db8:1:0::/64
#       {
#               AdvOnLink on;
#               AdvAutonomous on;
#               AdvRouterAddr off;
#       };
#
#};
#interface ppp0
#{
#    AdvSendAdvert on;
#    prefix 2001:470:ffff::/64 {                 # this is my internal network prefix
##        AdvOnLink on;
#        AdvAutonomous on;
#        AdvRouterAddr on;
#    };
#    RDNSS 2001:470:ffff::1 2001:470:ffff::2 {   # I have 2 DNS servers
#        # I have no options to add here
#    };
#};
[root@centOS ipv6-radvd]#
==================================================
[root@centOS ipv6-radvd]# cat /etc/ppp/ipv6-addr
ivucica:1234
littlejohnny:1235

=====================================================
[root@centOS ipv6-radvd]# cat /etc/ppp/options.pptpd
###############################################################################
# $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $
#
# Sample Poptop PPP options file /etc/ppp/options.pptpd
# Options used by PPP when a connection arrives from a client.
# This file is pointed to by /etc/pptpd.conf option keyword.
# Changes are effective on the next connection.  See "man pppd".
#
# You are expected to change this file to suit your system.  As
# packaged, it requires PPP 2.4.2 and the kernel MPPE module.
###############################################################################


# Authentication

# Name of the local system for authentication purposes
# (must match the second field in /etc/ppp/chap-secrets entries)
name pptpd

# Strip the domain prefix from the username before authentication.
# (applies if you use pppd with chapms-strip-domain patch)
#chapms-strip-domain


# Encryption
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use.)


# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
# {{{
refuse-pap
refuse-chap
refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
require-mppe-128
# }}}


# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o
# {{{
#-chap
#-chapms
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
#+chapms-v2
# Require MPPE encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#mppe-40        # enable either 40-bit or 128-bit, not both
#mppe-128
#mppe-stateless
# }}}


# Network and Routing

# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients.  The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2

# If pppd is acting as a server for Microsoft Windows or "Samba"
# clients, this option allows pppd to supply one or two WINS (Windows
# Internet Name Services) server addresses to the clients.  The first
# instance of this option specifies the primary WINS address; the
# second instance (if given) specifies the secondary WINS address.
#ms-wins 10.0.0.3
#ms-wins 10.0.0.4

# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system.  This will have the effect of making the peer appear to other
# systems to be on the local ethernet.
# (you do not need this if your PPTP server is responsible for routing
# packets to the clients -- James Cameron)
proxyarp

# Normally pptpd passes the IP address to pppd, but if pptpd has been
# given the delegate option in pptpd.conf or the --delegate command line
# option, then pppd will use chap-secrets or radius to allocate the
# client IP address.  The default local IP address used at the server
# end is often the same as the address of the server.  To override this,
# specify the local IP address here.
# (you must not use this unless you have used the delegate option)
#10.8.0.100


# Logging

# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
#debug

# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
#dump


# Miscellaneous

# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
# access.
lock

# Disable BSD-Compress compression
nobsdcomp

# Disable Van Jacobson compression
# (needed on some networks with Windows 9x/ME/XP clients, see posting to
# poptop-server on 14th April 2005 by Pawel Pokrywka and followups,
# http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 )
novj
novjccomp

# turn off logging to stderr, since this may be redirected to pptpd,
# which may trigger a loopback
nologfd

# put plugins here
# (putting them higher up may cause them to sent messages to the pty)

ms-dns 8.8.8.8
ms-dns 8.8.4.4
########################
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp
ipv6 ::1,::2
[root@centOS ipv6-radvd]#

==============================

above , i pasted all my ipv6 config that done on the server , i just want to know wts wrong ? and can i use dhcpv6 instead of SLAAC radvd for pptp ??

wish to help


regards


kcochran

IPv6 over PPP doesn't have quite the same knobs that IPv4 does.  For example, IPCP6 doesn't have the options to assign global IPv6 addresses.  You need to use RA/SLAAC to do those.  Then you can tell RA that it's a managed address, which then should cause the client to use DHCPv6 to request its global address, and other options.

Ahmed M. H. Alzaeem

hi ,
i understand that i will need SLacc , ......ive installed Radvd .

can you help me with config ?

ive posted all the config i did on the server above ?!!
is there something wrong with the scripts ?

can u guide me plz ?

regards