[pptp-server] More: LCP ConfRequest failing (A hint?)

tmk tmk at netmagic.net
Tue Aug 3 11:24:50 CDT 1999 

The error you list means that the pptp control connection was successful,
but the GRE (generic routing encapsulation - proto 47) did not connect. As
such, ppp has nowhere to send it's LCP requests and it can't get any
response to them.

Usually the problem is running behind a NAT (aka masq) system, without the
appropriate kernel mod or ip forwarding set up. The other possible problem
is that the other end (client's ISP) doesn't support protocol 47, and they
refuse to route it to their subnet. This will squelch any possibility for
running pptp :)

I'm not exactly sure why NAT systems don't work, but i think it's because
GRE isn't really TCP, it's an independant protocol, and as such it probably
isn't recognized by ipchains or ipfwadm as something it can work with.

ideas/comments? send them to the list
Kevin

----- Original Message -----
From: Laurent 'case' Mahieux <case at clight.net>
To: <pptp-server at lists.schulte.org>
Sent: Tuesday, August 03, 1999 8:04 AM
Subject: [pptp-server] More: LCP ConfRequest failing (A hint?)


>   Browsing thru the FAQ & Mail archive, I found multiple instances of the
> problem; and seemingly no definitive answer.
>
>   I don't have one, though I believe this is a help.
>
>   BTW, I'm not on the list, so if you intend me to read an answer, plz CC
me.
>
> Problem basically looks like this on server:
> Aug  3 14:06:28 finet0 pptpd[8742]: CTRL: Client 194.149.90.201 control
connection started
> Aug  3 14:06:28 finet0 pptpd[8742]: CTRL: Starting call (launching pppd,
opening GRE)
> Aug  3 14:06:28 finet0 pppd[8743]: pppd 2.3.5 started by root, uid 0
> Aug  3 14:06:28 finet0 pppd[8743]: Using interface ppp0
> Aug  3 14:06:28 finet0 pppd[8743]: Connect: ppp0 <--> /dev/ttyp0
> Aug  3 14:06:28 finet0 pppd[8743]: Warning - secret file
/etc/ppp/pap-secrets has world and/or group access
> Aug  3 14:06:28 finet0 pppd[8743]: sent [LCP ConfReq id=0x1 <auth chap 05>
<magic 0xfb5e95ef> <pcomp> <accomp>]
> Aug  3 14:06:55 finet0 last message repeated 9 times
> Aug  3 14:06:58 finet0 pptpd[8742]: GRE:
read(fd=4,buffer=804cffc,len=8196) from PTY failed: status = -1 error =
Input/output error
> Aug  3 14:06:58 finet0 pptpd[8742]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
> Aug  3 14:06:58 finet0 pptpd[8742]: CTRL: Client 194.149.90.201 control
connection finished
> Aug  3 14:06:58 finet0 pppd[8743]: LCP: timeout sending Config-Requests
> Aug  3 14:06:58 finet0 pppd[8743]: Connection terminated.
> Aug  3 14:06:58 finet0 pppd[8743]: Exit.
>
> On the client (Win98) it fails during the username/password
authentification
>
> I traced this to going thru a firewall (two actually).
>
> I went from the follownig setup:
>
>    ISP RAS (194.xx.xx.xx) ---> Firewall (195.xx.xx.xx) --> NAT
(10.xx.xx.xx) server
>
> To this setup:
>
>    (195.xx.xx.xx) Local RAS --> NAT (10.xx.xx.xx) server
>
> So, basically, I still go thru a NAT firewall between my dial-up access
> and the server, but I bypass the first firewall (the one between our
provider
> and our "real IP class). This works fine.
>   The first firewall is setup for basic services (www, mail, ftp...) and
> denies everything else.
>
>   I dunno what port/protocol LCP is using, but it's clearly not getting
thru.
> pptpd protocol is getting thru though.
>
>   It might be interesting to have all port/protocols listed in the FAQ for
> every step of the connection.
>
>   Now everything seems to be working great :-)
>
>   I hope this can be usefull.
>
>   Regards,
>     Laurent.
>
> --
> +------------------------------------------------------+----------------+
> |case at clight.net    URL http://spring.clight.fr/~case/ | ** GO LINUX ** |
> +------------------------------------------------------+----------------+
> |                   Life's not fair                    |   My opinions  |
> |            But the root password helps               | are my very own|
> +------------------------------------------------------+----------------+
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>

More information about the pptp-server mailing list