DSM-G600, DNS-3xx and NSA-220 Hack Forum

Nobody has ANY idea how I could get pppd on my fffp'ed device...?

Any feedback ?

Did you manage to get pppd working ?

Thanks for the feedback !

We must be at the same step right now.

My tries to get pptpd VPN server (pppd + pptpd) to work:
- build ppp-2.4.3 from source -> OK
- build pptpd-1.3.4 from source -> OK
- build slhc.ko, ppp_generic.ko, ppp_async.ko kernel modules from source -> OK

Connection try, from Windows XP native pptp client :

May 12 21:11:09 terabox daemon.info pptpd[4195]: MGR: Maximum of 100 connections reduced to 6, not enough IP addresses given
May 12 21:11:09 terabox daemon.info pptpd[4197]: MGR: Manager process started
May 12 21:11:09 terabox daemon.info pptpd[4197]: MGR: Maximum of 6 connections available
May 12 21:11:15 terabox daemon.info pptpd[4198]: CTRL: Client 10.10.10.5 control connection started
May 12 21:11:15 terabox daemon.info pptpd[4198]: CTRL: Starting call (launching pppd, opening GRE)
May 12 21:11:15 terabox daemon.info pppd[4199]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
May 12 21:11:15 terabox daemon.notice pppd[4199]: pppd 2.4.3 started by root, uid 0
May 12 21:11:16 terabox daemon.info pppd[4199]: Using interface ppp0
May 12 21:11:16 terabox daemon.notice pppd[4199]: Connect: ppp0 <--> /dev/pts/7
May 12 21:11:19 terabox daemon.err pptpd[4198]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
May 12 21:11:19 terabox daemon.err pppd[4199]: MPPE required, but kernel has no support.
May 12 21:11:19 terabox daemon.notice pppd[4199]: Connection terminated.
May 12 21:11:19 terabox daemon.info pppd[4199]: Connect time 0.1 minutes.
May 12 21:11:19 terabox daemon.info pppd[4199]: Sent 0 bytes, received 0 bytes.

So now I must be missing MPPE kernel module (ppp_mppe.ko ?)

The problem:

- I can't find MPPE support in "make menuconfig", from dlink DNS-313 kernel source provided my Dlink
- I can find MPPE support option, in official kernel 2.6.15 source (downloaded from kernel.org), but then ... I can't compile the module ...

make modules

[...]
include/asm/locks.h:15:5: warning: "__LINUX_ARM_ARCH__" is not defined
In file included from include/asm/page.h:27,
                 from include/linux/sched.h:21,
                 from arch/arm/kernel/asm-offsets.c:13:
include/asm/glue.h:111:2: #error Unknown data abort handler type
In file included from include/linux/sched.h:21,
                 from arch/arm/kernel/asm-offsets.c:13:
include/asm/page.h:92:2: #error Unknown user operations model
In file included from include/linux/sched.h:23,
                 from arch/arm/kernel/asm-offsets.c:13:
include/asm/mmu.h:5:5: warning: "__LINUX_ARM_ARCH__" is not defined
include/asm/mmu.h:10:5: warning: "__LINUX_ARM_ARCH__" is not defined
arch/arm/kernel/asm-offsets.c:87:5: warning: "__LINUX_ARM_ARCH__" is not defined
make[1]: *** [arch/arm/kernel/asm-offsets.s] Error 1
make: *** [prepare0] Error 2

Wow ! So with DNS-323 / 321, ppp is already included in the kernel ? You are so lucky !!

DNS-313 is running kernel 2.6.15:

root@terabox:/# uname -a
Linux terabox 2.6.15 #235 Sun Dec 7 14:20:05 EST 2008 armv4l unknown

Yes, you are right, I read on the internet that MPPE is supposed to be available in kernel source from 2.6.15 ...
I can see the files ppp_mppe.c and .h, but can't enable the module in dlink kernel config ...

Dlink may have patched its kernel source (downloaded from there), so that it is not possible to enable this module anymore ?

I'm trying to force ppp_mppe.ko kernel module building, by directly editing autoconf.h, after running "make menuconfig" (not the casual way, I agree)

Let's see what happens ...

Just curious, what are you using ppp to do?
The last time I used it was to get ethernet over a shell account. 
I'm sure it's come a long way since then?

Another option you might try: when i had to compile the tun.ko module; i did so from the kernel source direct from kernel.org.  You could try downloading the same kernel version and just compiling that one module from there with "make modules"

metal450 wrote:

Another option you might try: when i had to compile the tun.ko module; i did so from the kernel source direct from kernel.org.  You could try downloading the same kernel version and just compiling that one module from there with "make modules"

According to this topic, 2.6.15 kernel source from kernel.org can't be used, for DNS-313, because the DNS-313 kernel is based on a patch from Storlink which is not integrated into the linux kernel mainline.

That explains why I couldn't built ppp-mppe.ko kernel module from source downloaded from kernel.org. Cf 5 posts earlier :

- I can find MPPE support option, in official kernel 2.6.15 source (downloaded from kernel.org), but then ... I can't compile the module ...

My kernel must be missing crypt support, so I'm not able to load ppp-mppe.ko. As crypt support can not be built as module, I should build and install a new kernel on the DNS-313.

But I was wondering something:

How did you build ppp ? Which version ? Which configure arguments ?

Because maybe your pppd program doesn't depends on ppp / mppe kernel support, as mine does ...
But it is more likely, that your pppd program depends on ppp and mppe kernel features, already integrated in your kernel version ... (I don't know which linux command can tell us if your kernel as ppp support ...)

Last edited by Electrocut (2009-05-13 18:29:20)

Ok

Definitively, Dlink DNS-313 Kernel must be lacking crypt support.

So, the only way to make pptpd + ppp (for PPTP VPN), or xl2tpd + openswan + ppp (for IPSEC/L2TP VPN) working on the DNS-313 ... will be to replace default kernel with a new one.

Maybe I will try later ... just to know,

But for now, I will keep OpenVPN as VPN Server. (OpenVPN hopefully doesn't depends on cryptographic kernel features)

Did you ever figure out how to do this?

I have my VPN up and running "sort of" - the remaining problem is that I need to use iptables to set it up such that I can access the other machines on my network, as well as the Internet itself (through the VPN).  But I *think* I can't add iptables without a fully rebuilt kernel (there doesn't seem to be a way to just insmod ip_tables - it always fails due to unresolved dependencies).

Do you know if this is true - or if there's some other way to achieve my desired behavior?  If not, any pointers on how I could tackle this...?  ONLY being able to access the NAS itself wasn't really what I was after...

Thx again!

Whoa, you're right!! In fact, by doing that I'm able to access other network shares as well as PING websites.  However, I although I can ping websites, for some reason I'm not able to actually access them.  Also, I can't access any shares by name - only by IP (including the NAS box itself, so obviously this is a different problem...).

The reason I thought I needed iptables was based on what I read in this article:

http://www.aminehaddad.com/2008/11/09/h … r-on-linux (see Step 6)

One thing I noticed for Checkpoint 1.  When I run ifconfig, I get:

inet addr:192.168.0.235  P-t-P:192.168.1.235  Mask:255.255.255.255

I'm able to ping 192.168.0.235 from the server, but not 192.168.1.235.  Could this be a problem...?

If not, any ideas on why I can't get to the 'net, and to other PC's by name?

Thanx so much again for ur tip...probably saved me immeasurable hassle

Could you make a picture, that illustrates your network configuration ? I'm a little lost with all your network addresses ... :s

For the DNS resolution (websites etc..), you should check:

> on the DNS-323 side:
- that in /etc/ppp/options.pptpd, "ms-dns" value in pointing on the Default Internet Getway

> on the PPTP Windows client side:
- that ipconfig /all shows the address defined as "ms-dns" before, as DNS server, for the current dialup connection
- that you can PING the address defined as "ms-dns" before

Then, you can try to install Wireshark on the Windows client, to sniff what is going on about DNS resolution, inside the VPN.

Last edited by Electrocut (2009-05-17 21:00:06)

Yes, as you said, it's strange. As you can PING google.fr after flushing local DNS cache, surfing on the web throw the VPN shouldn't be a problem.

Maybe some (not disabled) proxy settings, or "automatic proxy detection", on your client Browser ?


By the way, sometimes 3G providers are blocking PPTP traffic, but as your VPN is establishing correctly, it doesn't seem to be the case.