PiePants
PiePants is a PPTP client for Mac OS X. It supports encrypted communications for secure connections to your PPTP VPN. PiePants only supports a single PPTP connection at a time.
Obtaining PiePants
You can download PiePants here:
PiePants_Install.dmg
Download the Disk Copy image, mount it, and then perform a simple drag install to your applications folder.
Using PiePants
PiePants is designed to be very simple to use. Everything you need should be quickly available in the main window:
To connect using PiePants, enter your connection information in the three required fields of the Settings tab:
Put your VPN server's host name or IP address in the server field. Put your user name in the user name field (for Microsoft domain authentication, place the domain and user name as DOMAIN\username). Enter your password into the password field.
After entering your settings, click the Connect button. PiePants will configure itself and attempt to bring up a PPTP connection to the remote machine. While you are connected, status information will be updated in the main window, and the Connect button will change to Disconnect -- click Disconnect to disconnect from your PPTP VPN.
You can find additional information about the connection in the Log window, available from the Windows menu:
The Log window will display information about your connection. You can clear the log at any time by clicking the Clear button. You can save the log by clicking the Save... button. And you can print the log by clicking the Print... button. All of these options are also available from the main menu.
You can configure advanced options in the Advanced tab of the main window:
If you enable the Verbose Logging option, then PiePants will provide extensive information in the Log window. This can be helpful when trying to figure out why PPTP connections aren't working correctly.
If you enable the Use Remote Gateway option, then PiePants will configure your network to use the VPN connection for all traffic (except the local network) while you are connected.
Similarly, the Use Remote DNS option will cause the remote DNS servers (if provided by your PPTP server) to be used while you are connected, overriding your existing DNS servers during the connection.
The Connect when lanching PiePants option tells PiePants to connect automatically whenever you start PiePants. If you configure your PiePants connection settings and use this option, then you can place an alias to PiePants in your login items folder -- PiePants will immediately launch and try to establish a connection as soon as you log in.
If you set the Automatically reconnect if not disconnected manually option, then PiePants will try to reconnect (after a short 10 second wait) if it detects that the connection has dropped.
You can override the maximum transmission unit (MTU) value of the PPTP connection interface by enabling the Override MTU option and providing a number. Generally, you should not need to modify the default, but adjusting the MTU size may have performance benefits for some networks.
You can override the netmask of the PPTP connection interface by enablking the Override Netmask option and providing a new netmask. When you connect, PiePants tries to determine the netmask value for the remote network you are connected to. It does this using the original class A, B, and C rules from the Internet documentation. If your remote network uses a different netmask, you can want to provide it here. This will help PiePants configure your routing table correctly while you are connected.
Setting Up PiePants
The first time you use PiePants, you will be prompted to setup the various component pieces that PiePants uses:
This window simply explains that some pieces of PiePants need to be configured to run with special privileges. In order to configure these pieces, you will need to provide an administrative username and password. When you click OK, you will see the authentication dialog:
(It's not my fault that the window doesn't come to the foreground, or that it says "Authorization Trampoline" -- that's Apple's fault :-).
Enter the administator username and password, and then click OK. If you provide correct information, PiePants will be able to make PPTP connections -- it will not ask you for this information again unless the installation becomes damaged in some way.
How PiePants Works
PiePants consists of four main pieces, though you normally only interact with one of them. The main piece is the user interface that you see when you start up the program. Bundled inside the program is a tool for bringing up and running a PPTP control channel (this program is called pptp). Also bundled inside is a user-mode PPP stack program called ppp (this program is a modified version of the same PPP stack used in FreeBSD). Finally, the program includes a tunnel-type device driver that is used to bring up the IP stack in the kernel.
Because several of these programs require access to protected resources, many of them must be run as root. The first time you run PiePants, the program will prompt you to repair the installation because it needs to enable the security settings for these components. The pptp program must execute with privileges because it uses a SOCK_RAW socket for the GRE tunnel portion of PPTP, and because it loads and unloads the pptp device driver. The ppp program must run with privileges because it modifies the routing table.
Each of these pieces communicates together to provide a PPTP tunnel to your network.
Known Issues
The password is stored in clear-text in your preferences file. This file is normally only readable by you, so this is not a horrible issue (indeed, it is the same level of security as provided by other UNIX-based PPP clients where passwords are stored in a "secrets" file). I do hope to use the Keychain for password storage in the future.
The other biggie is that it appears that Classic applications can't use the PPTP connection -- at least I haven't been able to get them to use it. I currently don't have a clue why Classic has this limitation, but (a) I'm not surprised by it and (b) I wouldn't hold my breath waiting for me to fix it.
The remote DNS support doesn't seem to work; I'm going to have to figure out the system configuration framework interfaces, and they're not well documented.
To Do List
- licensing issues
- keepalive
- better icons
- use system configuration framework
Release History
1.0.0b3, 7 Apr 2002 - third beta release:
- fixed a problem with a case-sensitive comparison of authentication data
1.0.0b2, 15 Mar 2002 - second beta release:
- enhanced user interface (tabbed configuration, log window)
- enhanced logging facilities
- support for using remote gateway
- support for using remote DNS
- support for automatically determining remote netmask
- support for automatic connection on startup
- support for automatic reconnection when unexpected disconnects occur
- support for overriding MTU value
0.99, 28 Feb 2002 - initial beta release
Licensing
I haven't yet decided exactly how I'm going to license PiePants, but most likely it will be as pay-if-you-like shareware for a small fee (say, $25). On the other hand, it appears from the Darwin CVS tree that there may be a PPTP client in the OS before too long, which would probably make PiePants obsolete. So who knows -- maybe I'll make it free, or open source it. I'd appreciate feedback from folks on whether or not they'd pay for it. For now, there are no limitations in the beta -- please use it and give me feedback, but please understand that this is sort of a side project for me and I may have some trouble providing quick support if you run into a problem.
Copyright (c) 2002 Rob Newberry robthedude@mac.com,
All rights reserved.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
PiePants uses a modified version of ppp to provide PPP services for the PPTP connection. The license for this program is as follows:
Copyright (c) 2001 Brian Somers brian@Awfulhak.org
based on work by Eivind Eklund perhaps@yes.no,
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
The tunnel device driver used by PiePants is based on work done by Stefan Arentz, Giuliano Gavazzi and Julian Onions, and carries the following copyright:
(C) Copyright 2001, Raxas Software. All rights reserved.
(C) Copyright 1988, Julian Onions jpo@cs.nott.ac.uj Nottingham University 1987.