[pptp-server] LCP: timeout sending Config-Requests

Sean McAvoy sean at mds-networks.com
Wed Jul 5 13:11:06 CDT 2000 

Hello,
I have seen this problem with a NT PPTP server behind a Linux NAT
firewall,but
I myself have got PoPToP working behind a Linux NAT Firewall (I used
coyote linux
in both cases as a firewall). If you are working with a linux firewall
I'd suggest
looking at : http://www.pdos.lcs.mit.edu/~cananian/Projects/IPfwd/
is is designed to allow protocol 47 out of firewalls.
Hope that helps.


Patrick Reid wrote:
> 
> I bet that the problem is that these firewalls don't allow protocol 47 (GRE)
> through. The way PPTP works is that the connection is established and
> controlled via communication on TCP port 1723, but the actual tunnel is
> established using GRE (as opposed to TCP or UDP, say).
> 
> So if a firewall allowed TCP/IP traffic, the calling computer could
> establish a connection, but would be unable to actually establish the
> tunnel.
> 
> Patrick Reid
> 
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Brian Aust
> Sent: July 5, 2000 10:59 AM
> To: 'root'; pptp-server at lists.schulte.org
> Subject: RE: [pptp-server] LCP: timeout sending Config-Requests
> 
> > -----Original Message-----
> > From: root [mailto:root at intcolor.eu
> rocolor.com.pl]
> > Sent: Wednesday, July 05, 2000 8:27 AM
> 
> > I want to have pptp server on 195.117.18.137 (Linux) and
> > clients on Win98.
> >
> > My files:
> >
> > /etc/ppp/options:
> > debug
> > name my_server
> > auth
> > proxyarp
> > +chap
> > lock
> >
> > /etc/pptpd.conf:
> > speed 115200
> > debug
> > localip 10.10.20.1
> > remoteip 10.10.20.10-40
> >
> > /etc/ppp/chap-secrets:
> > test  my_server       password        *
> >
> >
> > In /var/log/messages:
> > Jul  5 13:47:14 intcolor pptpd[20919]: CTRL: Client
> > 212.106.2.229 control connection started
> > Jul  5 13:47:14 intcolor pptpd[20919]: CTRL: Starting call
> > (launching pppd, opening GRE)
> > Jul  5 13:47:14 intcolor pppd[20920]: pppd 2.3.8 started by
> > root, uid 0
> > Jul  5 13:47:14 intcolor pppd[20920]: Using interface ppp0
> > Jul  5 13:47:14 intcolor pppd[20920]: Connect: ppp0 <--> /dev/pts/0
> > Jul  5 13:47:44 intcolor pppd[20920]: LCP: timeout sending
> > Config-Requests
> > Jul  5 13:47:44 intcolor pppd[20920]: Connection terminated.
> > Jul  5 13:47:44 intcolor pppd[20920]: Exit.
> > Jul  5 13:47:44 intcolor pptpd[20919]: Error reading from
> > pppd: Input/Output error
> > Jul  5 13:47:44 intcolor pptpd[20919]: CTRL: GRE read or PTY
> > write failed (gre,pty)=(5,4)
> > Jul  5 13:47:44 intcolor pptpd[20919]: CTRL: Client
> > 212.106.2.229 control connection finished
> >
> > In /var/log/pptpd, there is also:
> > Jul  5 13:47:14 intcolor pppd[20920]: sent [LCP ConfReq
> > id=0x1 <asyncmap 0x0> <auth chap 81> <magic 0xc38551c4>
> > <pcomp> <accomp>]
> > Jul  5 13:47:41 intcolor last message repeated 9 times
> >
> > Any ideas?
> > Michal Kuratczyk
> 
> The W98 client with which you're trying to connect to the poptop server..
> where is it?  And mainly, is it in an office or someplace which might be
> behind a firewall?  Also, is your poptop server behind a firewall?
> 
> I FINALLY got my poptop working in the clear as of last Friday, and it
> turned out that the culprit was Checkpoint Firewall-1.  My poptop server had
> been behind that firewall, and while FW-1 SUPPOSEDLY allows all PPTP traffic
> through, I got wind of the fact that several other people found that they
> "just couldn't get poptop to work behind FW-1"...   so i wound up slapping
> the poptop server out alongside the firewall with an internal and external
> NIC, and presto!! problem solved.
> 
> However, i still get that EXACT SAME error message you get whenever a W98
> client behind certain firewalls tries to connect.  I have no problems
> connecting from an AOL dialup or from RoadRunner cable modems, but a
> colleague in the UK who sits in an office behind a firewall can't connect
> and I get those LCP: timeout error messages whenever he tries.  Thus far,
> i've simply concluded that some W98 clients behind certain firewalls just
> can't do it.
> 
> HTH,
> Brian
> 
> Brian R. Aust
> Manager of Information Technology
> Health Decisions, Inc.
> 1512 East Franklin St.  Suite 200
> Chapel Hill, NC   27514
> 919.967.2399 x247
> baust at healthdec.com
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

-- 
cat /dev/random
A?´7?¾äñ9

ý9ä??

More information about the pptp-server mailing list