May 16 15:32:36 fernlx2 kernel: PPP MPPE Compression module registered
May 16 15:32:36 fernlx2 pptpd[7448]: MGR: Manager process started
May 16 15:32:36 fernlx2 pptpd[7448]: MGR: Maximum of 9 connections available
May 16 15:39:52 fernlx2 pptpd[7457]: MGR: Launching /usr/sbin/pptpctrl to handle client
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: local address = 192.168.3.1
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: remote address = 192.168.3.2
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: pppd speed = 115200
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: pppd options file = /etc/ppp/options.ppp0
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Client 192.168.0.240 control connection started
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Received PPTP Control Message (type: 1)
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Made a START CTRL CONN RPLY packet
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: I wrote 156 bytes to the client.
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Sent packet to client
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Received PPTP Control Message (type: 7)
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Set parameters to 100000000 maxbps, 64 window size
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Made a OUT CALL RPLY packet
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Starting call (launching pppd, opening GRE)
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: pty_fd = 6
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: tty_fd = 7
May 16 15:39:52 fernlx2 pptpd[7458]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
May 16 15:39:52 fernlx2 pptpd[7458]: CTRL (PPPD Launcher): local address = 192.168.3.1
May 16 15:39:52 fernlx2 pptpd[7458]: CTRL (PPPD Launcher): remote address = 192.168.3.2
May 16 15:39:52 fernlx2 pppd[7458]: The remote system (<n>) is required to authenticate itself
May 16 15:39:52 fernlx2 pppd[7458]: but I couldn't find any suitable secret (password) for it to use to do so.
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: I wrote 32 bytes to the client.
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Sent packet to client
May 16 15:39:52 fernlx2 pptpd[7457]: GRE: read(fd=6,buffer=8059560,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Reaping child PPP[7458]
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Client 192.168.0.240 control connection finished
May 16 15:39:52 fernlx2 pptpd[7457]: CTRL: Exiting now
May 16 15:39:52 fernlx2 pptpd[7448]: MGR: Reaped child 7457

################################################################################
#
# Sample PoPToP configuration file
#
# for PoPToP version 1.0.0
#
################################################################################


# TAG: speed
#
#       Specifies the speed for the PPP daemon to talk at.
#       Some PPP daemons will ignore this value.
#
speed 115200


# TAG: option
#
#       Specifies the location of the PPP options file.
#       By default PPP looks in '/etc/ppp/options'
#
#option /this/is/the/options/file
option /etc/ppp/options.ppp0


# TAG: debug
#
#       Turns on (more) debugging to syslog.
#
debug


# TAG: localip
# TAG: remoteip
#
#       Specifies the local and remote IP address ranges.
#
#       You can specify single IP addresses seperated by commas or you can
#       specify ranges, or both. For example:
#
#               192.168.0.234,192.168.0.245-249,192.168.0.254
#
#       IMPORTANT RESTRICTIONS:
#
#       1. No spaces are permitted between commas or within addresses.
#
#       2. If you give more IP addresses than MAX_CONNECTIONS, it will
#          start at the beginning of the list and go until it gets
#          MAX_CONNECTIONS IPs. Others will be ignored.
#
#       3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
#          you must type 234-238 if you mean this.
#
#       4. If you give a single localIP, that's ok - all local IPs will
#          be set to the given one. You MUST still give at least one remote
#          IP for each simultaneous client.
#
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245


localip 192.168.3.1
remoteip 192.168.3.2-10


# TAG: ipxnets
#
#       This gives the range of IPX networks to allocate to clients.  By
#       default IPX network number allocation is not handled internally.
#       By putting a low and high network number here a pool of IPX networks
#       can be defined.  If this is done then there must be one IPX network
#       per client.
#
#       The format is a pair of hex numbers without any 0x prefix separated
#       by a hyphen.
#
#ipxnets 00001000-00001FFF


# TAG: listen
#
#       Defines the IP address of the local interface on which pptpd
#       should listen for connections.  The default is to listen on all
#       local interfaces (even ones brought up by pptp connections, thus
#       permitting pptp tunnels inside the pptp tunnels).
#
#listen 192.168.0.1


# TAG: pidfile
#
#       This defines the file name in which pptpd should store its process
#       ID (or pid).  The default is /var/run/pptpd.pid.
#
pidfile /var/run/pptpd.pid

# /etc/ppp/options
# modif 2007-03-01 mme
#
# Not every option is listed here, see man pppd for more details.  This file
# is read by the pppd, it is an error when it is not present.
#
# Use the following command to see the active options:
# grep -v ^# /etc/ppp/options | grep -v ^$
#


# The name of this server. Often, the FQDN is used here.
#name <host>
name fernlx2-vpn
refuse-pap
require-mschap-v2
require-mppe
# require-chap


netmask 255.255.255.0






# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname


# If no local IP address is given, pppd will use the first IP address
# that belongs to the local hostname. If "noipdefault" is given, this
# is disabled and the peer will have to supply an IP address.
noipdefault


# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local


# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote


# Run the executable or shell command specified after pppd has terminated
# the link.  This script could, for example, issue commands to the modem
# to cause it to hang up if hardware modem control signals were not
# available.
# If mgetty is running, it will reset the modem anyway. So there is no need
# to do it here.
#disconnect "chat -- \d+++\d\c OK ath0 OK"


# Increase debugging level (same as -d). The debug output is written
# to syslog LOG_LOCAL2.
#
debug


# Enable debugging code in the kernel-level PPP driver.  The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n


# noauth means do not require the peer to authenticate itself, this must
# be set if you want to use pppd to connect to the internet. In this case
# *you* must authenicate yourself to the peer(internet provider), so do
# not disable this setting unless you are the dial-in server which where
# the peer has to autenticate to.
auth


# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
crtscts


# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock


# Use the modem control lines.(is default)
# modem
# The opposite: local
#
# Description:
# Don't use the modem control lines.  With this option, pppd will ignore the
# state of the CD (Carrier Detect) signal from the modem and will not change
# the state of the DTR (Data Terminal Ready) signal.
#
# You need to disable modem and enable local if you want to connect to anoter
# system without using a modem:
#
local


# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it.  0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
# To allow pppd to work over a rlogin/telnet connection, ou should escape
# XON (^Q), XOFF  (^S) and ^]: (The peer should use "escape ff".)
#asyncmap  200a0000
asyncmap 0


# needed for some ISDN Terminaladaters, namely ELSA, those seem to have
# problems with asyncmap negotiation, so you can turn off this procedure
# in case your ISDN box has trouble with it, by enabling this option.
# You have to disable the asyncmap <x> option to be sure to have it
# active. If you use wvdial, set the ISDN parameter in /etc/wvdial.conf
# instead.
#default-asyncmap


# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128.  The default MRU value is 1500.  A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data). The value 1492 is for DSL connections (PPP Default -
# PPPoE Header: 1500 - 8 = 1492)
# mru 1492


# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface. The value 1492 is for DSL connections
# (PPP Default - PPPoE Header: 1500 - 8 = 1492)
# mtu 1492


# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
netmask 255.255.255.0


# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
nodetach


# If this option is given, pppd will send an LCP echo-request frame to
# the peer every n seconds. Under Linux, the echo-request is sent when
# no packets have been received from the peer for n seconds. Normally
# the peer should respond to the echo-request by sending an echo-reply.
# This option can be used with the lcp-echo-failure option to detect
# that the peer is no longer connected.
lcp-echo-interval 30


# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection.  Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4


# Send up to 60 LCP configure-request during negotiation. With a value
# of 2 for lcp-restart below, this might take up to 2 minutes.
lcp-max-configure 60


# Resend unanswered LCP requests after 2 seconds.
lcp-restart 2


# Specifies that pppd should disconnect if the link is idle for n seconds.
idle 600


# Specifies the maximal number of attempts to connect to the server. This
# is useful for dial on demand. Default value is 10.
#maxfail 3


# Disable the IPXCP and IPX protocols.
noipx


# In the file /etc/ppp/filters are some active-filter rules. See man pppd
# and man tcpdump for more informations.
file /etc/ppp/filters


#-------------------------------------------------------------------------
# The next two options are only interesting for you if you are admin of
# a system with other users that use ppp, and those users are normally
# never allowed to add default route, or you do not want users to
# replace the default route.
#-------------------------------------------------------------------------


# enable this to prevent users from attempting to add a default route.
# Use this option with caution: If the user needs to use a program like
# wvdial, he will not be able to connect because wvdial forces defaulroute
# but this is rejected by this option and the user will not be able to
# connect to the internet.
#nodefaultroute


# enable this to prevent users from replacing an existing default route.
#noreplacedefaultroute


#-------------------------------------------------------------------------
# All options below only make sense if you configure pppd to be a dial-in
# server, so don't touch these if you want dial into your provider with
# PPP!
#-------------------------------------------------------------------------


# Set the assumed name of the remote system for authentication purposes
# to <n>.
#
remotename <n>


# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system. {proxyarp,noproxyarp}
proxyarp


# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
#login


# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
# Two Servers can be remotely configured
#ms-dns 192.168.1.1
#ms-dns 192.168.1.2


# Specify which WINS Servers the incoming connection Win95 or WinNT should use
#ms-wins 192.168.1.50
#ms-wins 192.168.1.51


# added mme
lock
# mtu 1450
# mru 1450
proxyarp
auth
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0


# Handshake Auth Method
# +chap
# +mschap-v2


# Data Encryption Methods
# mppe required

# /etc/ppp/options
# modif 2007-03-01 mme
#
# Not every option is listed here, see man pppd for more details.  This file
# is read by the pppd, it is an error when it is not present.
#
# Use the following command to see the active options:
# grep -v ^# /etc/ppp/options | grep -v ^$
#


# The name of this server. Often, the FQDN is used here.
#name <host>
name fernlx2-vpn
auth


require-mschap-v2
# require-chap
refuse-pap




# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname


# If no local IP address is given, pppd will use the first IP address
# that belongs to the local hostname. If "noipdefault" is given, this
# is disabled and the peer will have to supply an IP address.
noipdefault


# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local


# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote


# Run the executable or shell command specified after pppd has terminated
# the link.  This script could, for example, issue commands to the modem
# to cause it to hang up if hardware modem control signals were not
# available.
# If mgetty is running, it will reset the modem anyway. So there is no need
# to do it here.
#disconnect "chat -- \d+++\d\c OK ath0 OK"


# Increase debugging level (same as -d). The debug output is written
# to syslog LOG_LOCAL2.
#debug


# Enable debugging code in the kernel-level PPP driver.  The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n


# noauth means do not require the peer to authenticate itself, this must
# be set if you want to use pppd to connect to the internet. In this case
# *you* must authenicate yourself to the peer(internet provider), so do
# not disable this setting unless you are the dial-in server which where
# the peer has to autenticate to.
auth


# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
crtscts


# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock


# Use the modem control lines.(is default)
# modem
# The opposite: local
#
# Description:
# Don't use the modem control lines.  With this option, pppd will ignore the
# state of the CD (Carrier Detect) signal from the modem and will not change
# the state of the DTR (Data Terminal Ready) signal.
#
# You need to disable modem and enable local if you want to connect to anoter
# system without using a modem:
#
local


# async character map -- 32-bit hex; each bit is a character
# t0hat needs to be escaped for pppd to receive it.  0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
# To allow pppd to work over a rlogin/telnet connection, ou should escape
# XON (^Q), XOFF  (^S) and ^]: (The peer should use "escape ff".)
#asyncmap  200a0000
asyncmap 0


# needed for some ISDN Terminaladaters, namely ELSA, those seem to have
# problems with asyncmap negotiation, so you can turn off this procedure
# in case your ISDN box has trouble with it, by enabling this option.
# You have to disable the asyncmap <x> option to be sure to have it
# active. If you use wvdial, set the ISDN parameter in /etc/wvdial.conf
# instead.
#default-asyncmap


# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128.  The default MRU value is 1500.  A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data). The value 1492 is for DSL connections (PPP Default -
# PPPoE Header: 1500 - 8 = 1492)
# mru 1492


# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface. The value 1492 is for DSL connections
# (PPP Default - PPPoE Header: 1500 - 8 = 1492)
# mtu 1492


# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
netmask 255.255.255.0


# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
nodetach


# If this option is given, pppd will send an LCP echo-request frame to
# the peer every n seconds. Under Linux, the echo-request is sent when
# no packets have been received from the peer for n seconds. Normally
# the peer should respond to the echo-request by sending an echo-reply.
# This option can be used with the lcp-echo-failure option to detect
# that the peer is no longer connected.
lcp-echo-interval 30


# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection.  Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4


# Send up to 60 LCP configure-request during negotiation. With a value
# of 2 for lcp-restart below, this might take up to 2 minutes.
lcp-max-configure 60


# Resend unanswered LCP requests after 2 seconds.
lcp-restart 2


# Specifies that pppd should disconnect if the link is idle for n seconds.
idle 600


# Specifies the maximal number of attempts to connect to the server. This
# is useful for dial on demand. Default value is 10.
#maxfail 3


# Disable the IPXCP and IPX protocols.
noipx


# In the file /etc/ppp/filters are some active-filter rules. See man pppd
# and man tcpdump for more informations.
file /etc/ppp/filters


#-------------------------------------------------------------------------
# The next two options are only interesting for you if you are admin of
# a system with other users that use ppp, and those users are normally
# never allowed to add default route, or you do not want users to
# replace the default route.
#-------------------------------------------------------------------------


# enable this to prevent users from attempting to add a default route.
# Use this option with caution: If the user needs to use a program like
# wvdial, he will not be able to connect because wvdial forces defaulroute
# but this is rejected by this option and the user will not be able to
# connect to the internet.
#nodefaultroute


# enable this to prevent users from replacing an existing default route.
#noreplacedefaultroute


#-------------------------------------------------------------------------
# All options below only make sense if you configure pppd to be a dial-in
# server, so don't touch these if you want dial into your provider with
# PPP!
#-------------------------------------------------------------------------


# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>


# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system. {proxyarp,noproxyarp}
proxyarp


# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
#login


# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
# Two Servers can be remotely configured
#ms-dns 192.168.1.1
#ms-dns 192.168.1.2


# Specify which WINS Servers the incoming connection Win95 or WinNT should use
#ms-wins 192.168.1.50
#ms-wins 192.168.1.51


# added mme
lock
mtu 1450
mru 1450
proxyarp
auth
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0


# Handshake Auth Method
+chap
+mschap-v2


# Data Encryption Methods
mppe required

# Secrets for authentication using CHAP
# client        server          secret          IP addresses
# modif mme 2007-03-01


# OUTBOUND CONNECTIONS
# Here you should add your PPP Login and PPP password to connect to your
# provider via pap. The * means that the entry(login and passoword may be
# used for ANY host you connect to.
# Thus you do not have to worry about the foreign machine name. Just
# replace password with your password.
#hostname       *       password


# PREDIFINED CONNECTIONS
# These are user and password entries for publically accessible call-by-call
# Internet providers in Germany. If they confict with your config, remove them.
# READ_IN_CALLBYCALL_SECRETS


# INBOUND CONNECTIONS
#client         hostname        <password>      192.168.1.1
mme             fernlx2-vpn     +++++++       192.168.3.2
daniel          fernlx2-vpn       +++++++      192.168.3.3
robert          fernlx2-vpn       +++++++     192.168.3.4
buchhaltung     fernlx2-vpn    +++++++       192.168.3.5




---------------


anm die pwds's habe ich hier durch "+++++++ " ersetzt