[pptp-server] VPN Masquerading Woes

Michael Walter walterm at Gliatech.com
Fri Aug 4 11:30:12 CDT 2000 

Hello All,

I am working on a test configuration that I am hoping to roll into
production soon.  I have a win2000 client connecting through a linux masq
box to a poptop server.  When I connect, the win2000 client makes it to the
Verifying Username and Password stage and eventually gives Error 619: the
specified port is not connected.  I have tested the same configuration with
the client connected directly to the poptop vpn and it work flawlessly.  I
have also tried this with several different clients against the test and our
production poptop vpn's with the same results.  I have the chap-secrets and
pap-secrets files set up correctly and they both contain the login I am
trying to use.  Has anyone had these kind of problems with VPN masquerading?
If so, did you find any type of resolution?  Thanks in advance for any help,

Michael J. Walter
mcse mcp+i rhce a+
Network Administrator
Gliatech, Inc.
23420 Commerce Park Rd.
Beachwood, Ohio 44122
Tel: (216) 831-3200
Email: walterm at gliatech.com 


}---------- NETWORK DIAGRAM ----------{
[---------------------------]          [-------------------]
[---------------------------]
[ VPN Client                ]          [ NAT Server        ]          [ VPN
Server                ]
[ Win2000 sp1 40bit         ]----------[ Redhat 6.2        ]----------[
Redhat 6.2                ]
[ 192.0.0.89                ]          [ Kernel-2.2.16-12  ]          [
Kernel-2.2.16-3.pptp.joey ]
[ Type of VPN: PPTP         ]          [ eth1: 192.0.0.200 ]          [
eth0: 10.0.0.2            ]
[ Obtain IP addr auto       ]          [ eth0: 10.0.0.1    ]          [
eth1: 52.0.0.1            ]
[ Obtain DNS addr auto      ]          [ ip_masq_pptp.o    ]          [
ppp-2.3.11-4.pptp.joey    ]
[ Do not use remote gateway ]          [ ip_masq_ftp.o     ]          [
pptpd-1.0.0-1.pptp.joey   ]
[ Don't require encryption  ]          [                   ]          [
]
[ Use pap,chap,chap-v2      ]          [                   ]          [
]
[---------------------------]          [-------------------]
[---------------------------]


}---------- NAT SERVER ----------{
NAT Server Configuration:
# test.sh
  ipchains -F
  ipchains -P input ACCEPT
  ipchains -P output ACCEPT
  ipchains -P forward ACCEPT
  echo 1 > /proc/sys/net/ipv4/ip_forward
  insmod ip_masq_pptp
  insmod ip_masq_ftp
  ipchains -A forward -i eth0 -j MASQ

NAT Server LOG:
  Aug  4 11:24:50 proxyserver kernel: ip_masq_pptp_tcp(): OUT_CALL_REQUEST
192.0.0.89 -> 10.0.0.2 CID=C000 MCID=EE61 
  Aug  4 11:24:50 proxyserver kernel: ip_demasq_pptp_tcp(): OUT_CALL_REPLY
192.0.0.89 -> 10.0.0.2 CID=C000 MCID=EE61 
  Aug  4 11:26:20 proxyserver kernel: ip_masq_pptp_tcp(): OUT_CALL_REQUEST
192.0.0.89 -> 10.0.0.2 CID=0 MCID=EE63 
  Aug  4 11:26:20 proxyserver kernel: ip_demasq_pptp_tcp(): OUT_CALL_REPLY
192.0.0.89 -> 10.0.0.2 CID=0 MCID=EE63 
  Aug  4 11:27:43 proxyserver kernel: ip_masq_pptp_tcp(): OUT_CALL_REQUEST
192.0.0.89 -> 10.0.0.2 CID=4000 MCID=EE65 
  Aug  4 11:27:43 proxyserver kernel: ip_demasq_pptp_tcp(): OUT_CALL_REPLY
192.0.0.89 -> 10.0.0.2 CID=4000 MCID=EE65 
  Aug  4 11:32:11 proxyserver kernel: ip_masq_pptp_tcp(): OUT_CALL_REQUEST
192.0.0.89 -> 10.0.0.2 CID=8000 MCID=EE67 
  Aug  4 11:32:11 proxyserver kernel: ip_demasq_pptp_tcp(): OUT_CALL_REPLY
192.0.0.89 -> 10.0.0.2 CID=8000 MCID=EE67 
  Aug  4 11:33:00 proxyserver kernel: ip_masq_pptp_tcp(): OUT_CALL_REQUEST
192.0.0.89 -> 10.0.0.2 CID=C000 MCID=EE69 
  Aug  4 11:33:00 proxyserver kernel: ip_demasq_pptp_tcp(): OUT_CALL_REPLY
192.0.0.89 -> 10.0.0.2 CID=C000 MCID=EE69 
  Aug  4 11:33:42 proxyserver kernel: ip_masq_pptp_tcp(): OUT_CALL_REQUEST
192.0.0.89 -> 10.0.0.2 CID=0 MCID=EE6B 
  Aug  4 11:33:42 proxyserver kernel: ip_demasq_pptp_tcp(): OUT_CALL_REPLY
192.0.0.89 -> 10.0.0.2 CID=0 MCID=EE6B 
  Aug  4 11:38:30 proxyserver kernel: ip_masq_pptp_tcp(): OUT_CALL_REQUEST
192.0.0.89 -> 10.0.0.2 CID=4000 MCID=EE6D 
  Aug  4 11:38:30 proxyserver kernel: ip_demasq_pptp_tcp(): OUT_CALL_REPLY
192.0.0.89 -> 10.0.0.2 CID=4000 MCID=EE6D 
  Aug  4 11:46:31 proxyserver kernel: ip_masq_pptp_tcp(): OUT_CALL_REQUEST
192.0.0.89 -> 10.0.0.2 CID=8000 MCID=EE70 
  Aug  4 11:46:31 proxyserver kernel: ip_demasq_pptp_tcp(): OUT_CALL_REPLY
192.0.0.89 -> 10.0.0.2 CID=8000 MCID=EE70 


}---------- VPN SERVER ----------{
VPN Server Configuration:
# pptpd.conf
  speed 115200
  debug
  localip 52.0.0.1
  remoteip 52.0.0.11-20
  listen 10.0.0.2
  pidfile /var/run/pptpd.pid

# conf.modules
  alias parport_lowlevel parport_pc
  alias eth0 ne
  alias eth1 ne
  options ne io=0x380,0x360
  alias ppp-compress-18 ppp_mppe

# options
  lock
  auth
  +pap
  +chap
  +chapms
  +chapms-v2
  mppe-40
  mppe-128
  mppe-stateless
  netmask 255.255.255.0
  proxyarp

# test.sh
  ipchains -F
  ipchains -P input ACCEPT
  ipchains -P output ACCEPT
  ipchains -P forward ACCEPT
  echo 1 > /proc/sys/net/ipv4/ip_forward
  

VPN Server LOG:
  Aug  1 02:12:28 proxyserver pptpd[688]: CTRL: Client 10.0.0.1 control
connection started
  Aug  1 02:12:28 proxyserver pptpd[688]: CTRL: Starting call (launching
pppd, opening GRE)
  Aug  1 02:12:28 proxyserver pppd[689]: pppd 2.3.11 started by root, uid 0
  Aug  1 02:12:28 proxyserver pppd[689]: Using interface ppp0
  Aug  1 02:12:28 proxyserver pppd[689]: Connect: ppp0 <--> /dev/pts/0
  Aug  1 02:12:58 proxyserver pppd[689]: LCP: timeout sending
Config-Requests 
  Aug  1 02:12:58 proxyserver pppd[689]: Connection terminated.
  Aug  1 02:12:58 proxyserver pppd[689]: Exit.
  Aug  1 02:12:58 proxyserver pptpd[688]: GRE:
read(fd=4,buffer=804d7c0,len=8196) from PTY failed: status = -1 error =
Input/output error
  Aug  1 02:12:58 proxyserver pptpd[688]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
  Aug  1 02:12:58 proxyserver pptpd[688]: CTRL: Client 10.0.0.1 control
connection finished

More information about the pptp-server mailing list