[pptp-server] remote win9x clients fail, clients on the LAN connect...

robert berzerke at swbell.net
Mon Aug 27 19:19:32 CDT 2001 

That section is correct.  I'm thinking you haven't enabled forwarding between 
the ppp interface and the lan.  A complete (and working) example iptables 
firewall is at http://home.swbell.net/berzerke .  Try the whole thing and see 
the problem persists.

On Monday 27 August 2001 09:57 am, Chris Mitchell wrote:
> thats what i was thinking, however i have:
>
> #Allow pptpd connections (port 1723)
> /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \
>         --sport $PUBLICPORTS --dport 1723 -j ACCEPT
> /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT
> /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT
> /sbin/iptables -A INPUT  -i $EXTINT -p 47 -j ACCEPT
> /sbin/iptables -A INPUT  -i ppp+ \
>         -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
> /sbin/iptables -A OUTPUT -o ppp+ \
>         -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
> echo "PPTPD allowed"
>
> in the firewall......am thinking this should be taking care of that...
>
>
>   ----- Original Message -----
>   From: Americo Kerr Azevedo
>   To: Chris Mitchell
>   Sent: Monday, August 27, 2001 11:21 PM
>   Subject: RES: [pptp-server] remote win9x clients fail, clients on the LAN
> connect...
>
>
>   Seems that your firewall (or firewall rules on the Linux box, if this is
> the dialup server) is blocking GRE (IP protocol 47) packets. You must allow
> GRE packet and route TCP port 1723 to the internal VPN server.
> -----Mensagem original-----
>     De: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]Em nome de Chris Mitchell
> Enviada em: segunda-feira, 27 de agosto de 2001 11:30
>     Para: pptp-server at lists.schulte.org
>     Assunto: [pptp-server] remote win9x clients fail, clients on the LAN
> connect...
>
>
>
>     Hi,
>
>     Have just setup poptop on a server. Machines on the LAN seem to connect
> and function correctly (one win2k machine, one win98se machine), however,
> when a remote client (win98se) tries to connect, it fails with an error I
> can't seem to find anywhere in this mailing list, or anywhere else, below
> is the output of the log...
>
>     This is what happens when trying to connect from a remote dialup...
>
>     Aug 27 21:49:20 vengabus pptpd[5579]: CTRL: Client 203.220.xx.xx
> control connection started Aug 27 21:49:20 vengabus pptpd[5579]: CTRL:
> Starting call (launching pppd, opening GRE) Aug 27 21:49:20 vengabus
> pppd[5580]: pppd 2.4.1 started by root, uid 0 Aug 27 21:49:20 vengabus
> pppd[5580]: Using interface ppp1
>     Aug 27 21:49:20 vengabus pppd[5580]: Connect: ppp1 <--> /dev/pts/2
>     Aug 27 21:49:20 vengabus pptpd[5579]: Buffering out-of-order packet;
> got 1 after 4294967295 Aug 27 21:49:21 vengabus pptpd[5579]: Packet reorder
> timeout waiting for 0 Aug 27 21:49:21 vengabus pptpd[5579]: Buffering
> out-of-order packet; got 2 after 0 Aug 27 21:49:21 vengabus pppd[5580]:
> MSCHAP-v2 peer authentication succeeded for jam Aug 27 21:49:21 vengabus
> pppd[5580]: found interface eth0 for proxy arp Aug 27 21:49:21 vengabus
> pppd[5580]: local  IP address 192.168.0.100 Aug 27 21:49:21 vengabus
> pppd[5580]: remote IP address 192.168.0.102 Aug 27 21:49:21 vengabus
> pppd[5580]: MPPE 40 bit, stateless compression enabled Aug 27 21:49:31
> vengabus pptpd[5579]: Error writing GRE packet: Operation not permitted Aug
> 27 21:49:31 vengabus pptpd[5579]: CTRL: GRE read or PTY write failed
> (gre,pty)=(6,5) Aug 27 21:49:31 vengabus pptpd[5579]: CTRL: Client
> 203.220.xx.xx control connection finished Aug 27 21:49:31 vengabus
> pppd[5580]: Modem hangup
>     Aug 27 21:49:31 vengabus pppd[5580]: Connection terminated.
>     Aug 27 21:49:31 vengabus pppd[5580]: Connect time 0.2 minutes.
>     Aug 27 21:49:31 vengabus pppd[5580]: Sent 136 bytes, received 192
> bytes. Aug 27 21:49:31 vengabus pppd[5580]: Exit.
>     Aug 27 22:00:00 vengabus kernel: PPP MPPE compression module
> unregistered
>
>     This is what occurs when connecting over the LAN...
>
>     Aug 27 21:45:26 vengabus pptpd[5221]: CTRL: Client 192.168.0.3 control
> connection started Aug 27 21:45:26 vengabus pptpd[5221]: CTRL: Starting
> call (launching pppd, opening GRE) Aug 27 21:45:26 vengabus pppd[5222]:
> pppd 2.4.1 started by root, uid 0 Aug 27 21:45:26 vengabus pppd[5222]:
> Using interface ppp1
>     Aug 27 21:45:26 vengabus pppd[5222]: Connect: ppp1 <--> /dev/pts/2
>     Aug 27 21:45:26 vengabus pptpd[5221]: Buffering out-of-order packet;
> got 1 after 4294967295 Aug 27 21:45:26 vengabus pptpd[5221]: Packet reorder
> timeout waiting for 0 Aug 27 21:45:26 vengabus pptpd[5221]: Buffering
> out-of-order packet; got 2 after 0 Aug 27 21:45:26 vengabus pppd[5222]:
> MSCHAP-v2 peer authentication succeeded for jam Aug 27 21:45:26 vengabus
> pppd[5222]: found interface eth0 for proxy arp Aug 27 21:45:26 vengabus
> pppd[5222]: local  IP address 192.168.0.100 Aug 27 21:45:26 vengabus
> pppd[5222]: remote IP address 192.168.0.102 Aug 27 21:45:26 vengabus
> pppd[5222]: MPPE 40 bit, stateless compression enabled Aug 27 21:47:22
> vengabus pppd[5222]: LCP terminated by peer
>     Aug 27 21:47:22 vengabus pppd[5222]: Modem hangup
>     Aug 27 21:47:22 vengabus pppd[5222]: Connection terminated.
>     Aug 27 21:47:22 vengabus pppd[5222]: Connect time 2.0 minutes.
>     Aug 27 21:47:22 vengabus pppd[5222]: Sent 556 bytes, received 640
> bytes. Aug 27 21:47:23 vengabus pppd[5222]: Exit.
>
>     any ideas?
>
>     cheers,
>
>     Chris

More information about the pptp-server mailing list