On 28/03/13 05:03, TJ wrote:
A quick follow-up on some progress. I realised on reading my own message that both ends of the PPP connection had the "silent" a.k.a 'passive' option set. I removed it from the client end and there is now LCP negotiation but the interface fails to come up.
Insight is snowballing. During the trials of the 'buggy' version 4.46 I had found that the "notty" option seemed to get the connection further along. After reading the last messages on the client that I just posted to the list:
Serial line is looped back.
I took a closer look at the server's configuration and tried removing the "notty" option. That solved the issue of no IP address assignment.
Both ends of the link now come up and have the expected IP addresses.
My next task is to open the shorewall policy rules up to allow traffic through. I'll tackle that tomorrow.
Here is the working configuration, server first:
----- /etc/stunnel/pella-vpn.conf ----- CAfile = /etc/stunnel/vpn.pem cert = /etc/stunnel/vpn.pem key = /etc/stunnel/vpn.pem output = /var/log/stunnel-vpn.log debug = 7 client = no foreground = no
[vpn] accept = 109.74.x.y:9876 exec = /usr/sbin/pppd execargs = pppd call pella-vpn 10.254.241.1:10.254.241.2 pty = yes ---------- ----- /etc/ppp/peers/pella-vpn ----- # ensure we use ppp3 (ppp0-2 are already in use) unit 3 #notty ktune local noipdefault noccp noauth novj nomp nopcomp noaccomp updetach linkname pella debug dump ----------
And on the client (note the name ends .vpn to prevent the stunnel4 daemon loading this profile automatically):
----- /etc/stunnel/pella.conf.vpn ----- pid = /var/run/stunnel4/pella.pid debug = debug output = /var/log/stunnel-pella.log foreground = no client=yes connect = 109.74.x.y:9876 CAfile = /etc/stunnel/vpn.pem # verify the peer's certificate verify = 2 ---------- ----- /etc/ppp/peers/pella-vpn ----- # ensure we use ppp3 (ppp0-2 are already in use) unit 3 ktune local noipdefault noccp noauth novj nomp nopcomp noaccomp updetach logfd 2 linkname pella pty "/usr/bin/stunnel4 /etc/stunnel/pella.conf.vpn" debug dump ----------