[pptp-server] Unstable VPN

Brian L. DiMambro dimambro at pacbell.net
Tue Mar 21 09:40:59 CST 2000


Hi all.

I have installed pptpd-1.0.0 / ppp-2.3.10 using the procedures in the
redhat 6.0 how-to from the PoPToP website. I have installed it on a
SPARC 5 running RH 6.1 using the stock 2.2.12-20 kernel. I followed the
instructions exactly and installed all packages with no errors. The VPN
is being accessed by both Windoze 2000 and 98 clients (at this time a
max of 4 connects). Following are the contents of my pptpd.conf and
options files:

################################################################################

#
# Sample PoPToP configuration file
#
# for PoPToP version 1.0.0
#
################################################################################

# TAG: speed
#
#       Specifies the speed for the PPP daemon to talk at.
#       Some PPP daemons will ignore this value.
#
speed 1152000

# TAG: option
#
#       Specifies the location of the PPP options file.
#       By default PPP looks in '/etc/ppp/options'
#
#option /this/is/the/options/file

# TAG: debug
#
#       Turns on (more) debugging to syslog.
#
debug

# TAG: localip
# TAG: remoteip
#
#       Specifies the local and remote IP address ranges.
#
#       You can specify single IP addresses seperated by commas or you
can
#       specify ranges, or both. For example:
#
#               192.168.0.234,192.168.0.245-249,192.168.0.254
#
#       IMPORTANT RESTRICTIONS:
#
#       1. No spaces are permitted between commas or within addresses.
#
#       2. If you give more IP addresses than MAX_CONNECTIONS, it will
#          start at the beginning of the list and go until it gets
#          MAX_CONNECTIONS IPs. Others will be ignored.
#
#       3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
#          you must type 234-238 if you mean this.
#
#       4. If you give a single localIP, that's ok - all local IPs will
#          be set to the given one. You MUST still give at least one
remote
#          IP for each simultaneous client.
#
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
remoteip 192.168.20.220-239
localip www.xxx.yyy.zzz (I have a real IP here, just don't want to
broadcast it.)

# TAG: ipxnets
#
#       This gives the range of IPX networks to allocate to clients.  By

#       default IPX network number allocation is not handled internally.

#       By putting a low and high network number here a pool of IPX
networks
#       can be defined.  If this is done then there must be one IPX
network
#       per client.
#
#       The format is a pair of hex numbers without any 0x prefix
separated
#       by a hyphen.
#
#ipxnets 00001000-00001FFF

# TAG: listen
#
#       Defines the IP address of the local interface on which pptpd
#       should listen for connections.  The default is to listen on all
#       local interfaces (even ones brought up by pptp connections, thus

#       permitting pptp tunnels inside the pptp tunnels).
#
#listen 192.168.0.1

# TAG: pidfile
#
#       This defines the file name in which pptpd should store its
process
#       ID (or pid).  The default is /var/run/pptpd.pid.
#
#pidfile /var/run/pptpd.pid


# cat options
lock
auth
+chap
proxyarp
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless

We have set up the clients as per the instructions in the WIN95/98 and
2000 how-tos. The system also runs SSH and I have blocked all access to
the system for telnet ftp etc ... basically I commented everything out
of the inetd.conf file and commented out things like pop3 etc ... from
the services file. I would also like to use this system as a firewall
and have my chains built but not activated at this time. The system has
an external interface to the net and a second interface (both 10BT) to a
switched internal network. The clients are connecting via the internet,
no modems.

So.... here's the problem. My developers connect to the VPN, they can
telnet, www, ftp to the internal systems but the connection keeps
crashing, hanging etc ... and blows away their sessions. Below is the
error message from my messages file. The VPN is so unstable it is
unusable for my developers. Any suggestions would be appreciated.


Mar 20 07:55:59 wcfw pptpd[1159]: CTRL: Unexpected control message 0 in
disconnect sequence
Mar 20 07:55:59 wcfw pptpd[1159]: CTRL: EOF or bad error reading ctrl
packet length.
Mar 20 07:55:59 wcfw pptpd[1159]: CTRL: couldn't read packet header
(exit)


More information about the pptp-server mailing list