[pptp-server] two problems: connection lost after 15 to 30 minutes / packet mix-up upon re-dialing

Matthias Suencksen ms at marcant.net
Sat Feb 3 02:57:59 CST 2001 

Hello!

I've been playing around with pptp but run into Anybody has expierenced
problems with sudden
drops of the connection ?

I've got an pptp 1.1.2 server(linux) which
serves windows 98 dialup clients. also there is a
checkpoint-1 firewall in front of the server which
passes traffic to it.

Things go mostly well but when the client does ftp uploads/downloads
(and using their ISDN 8KB/s bandwidth to the max) the connections
usually drop after 15 - 30 minutes ..

.. this does not occur when doing low bandwidth stuff like
telnet over the vpn connection ( the connections lasts
for hours then ).

So in the case where the ISDN line is filled up with
traffic the following happens:

Either the win98 computer says that the vpn adapter
has hung up ( the dial-up connections is still active though)
OR the pptp server says something like "can't read packet header"
and quits the connection itself.

Strace'ing the server in the latter case showed a ECONNRESET
on the GRE socket ( unfortunatelay I forgot wheter it was
during read or write ).


In the former case where the win98 reported that the vpn has hung
up the following happened what I suspect as a bug in the pptp server
(which is second problem I want to report and which may be
completly unrelated to the connection-dropping-stuff !)

The pptp-child processes didn't notice that the windows 98
client already had declared the connection for dead.

After using "reconnect" on the the windows client a new
pptp child process was spawned but the original pptp 
process seemed to eat up the packets for the new connection.

Consequently I wasn't able to do even do a "ping".

This resulted in the following interesting log:

Feb  3 08:39:11 server2 pptpd[7504]: CTRL: Sent packet to client
Feb  3 08:40:27 server2 pptpd[7504]: CTRL: Received PPTP Control Message
(type: 5)
Feb  3 08:40:27 server2 pptpd[7504]: CTRL: Made a ECHO RPLY packet
Feb  3 08:40:27 server2 pptpd[7504]: CTRL: I wrote 20 bytes to the
client.
Feb  3 08:40:27 server2 pptpd[7504]: CTRL: Sent packet to client
Feb  3 08:41:59 server2 pptpd[7504]: CTRL: Received PPTP Control Message
(type: 5)
Feb  3 08:41:59 server2 pptpd[7504]: CTRL: Made a ECHO RPLY packet
Feb  3 08:41:59 server2 pptpd[7504]: CTRL: I wrote 20 bytes to the
client.
Feb  3 08:41:59 server2 pptpd[7504]: CTRL: Sent packet to
client            

At this point the pptp server does not any long receive type 5
control messages from the client. the windows computer popped
up a message that the vpn adapter has been hung up. I then
type "reconnect":

Feb  3 08:44:10 server2 pptpd[7809]: MGR: Launching
/usr/local/sbin/pptpctrl to handle client
Feb  3 08:44:10 server2 pptpd[7809]: CTRL: local address = 172.19.210.10
Feb  3 08:44:10 server2 pptpd[7809]: CTRL: remote address =
172.19.212.2        

So process no 7809 is the new handler for the new connection.

[..]
Feb  3 08:44:10 server2 pppd[7810]: pppd 2.3.11 started by root, uid 0
Feb  3 08:44:10 server2 pppd[7810]: Using interface ppp1
Feb  3 08:44:10 server2 pppd[7810]: Connect: ppp1 <--> /dev/pts/6
Feb  3 08:44:10 server2 pppd[7810]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap 81> <magic 0xcbda4a08> <pcomp> <accomp>]
Feb  3 08:44:10 server2 pppd[7810]: Timeout 0x8050444:0x80788a0 in 3
seconds.

Now:

Feb  3 08:44:10 server2 pptpd[7504]: Discarding out-of-order packet 1,
already have 24692     

It is strange that the "old" pptpd process no. 7504 wants to handle the 
packets for the new connection whild should be handled by no.7809 (see
above) - of course 
"packet 1" is out of sync with its own sequence number of 24692 ..!

Their seems to be contention for incoming packets:

Feb  3 08:44:10 server2 pptpd[7504]: Discarding out-of-order packet 1,
already have 24692
Feb  3 08:44:10 server2 pptpd[7809]: Buffering out-of-order packet; got
1 after 4294967295
Feb  3 08:44:13 server2 pppd[7810]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth
 chap 81> <magic 0xcbda4a08> <pcomp> <accomp>]
Feb  3 08:44:13 server2 pppd[7810]: Timeout 0x8050444:0x80788a0 in 3
seconds.
Feb  3 08:44:13 server2 pptpd[7504]: Discarding out-of-order packet 2,
already have 24692
Feb  3 08:44:13 server2 pptpd[7809]: Packet reorder timeout waiting for
0   


.. any ideas appreciated ..!


my pppd setup is:

auth
require-chap
# proxyarp
+chapms-v2
mppe-40
mppe-128
mppe-stateless
# be strict
require-mppe
require-mppe-stateless
# workaround silly Windows clients which send NT-domain prefix
chapms-strip-domain  

--
Matthias

More information about the pptp-server mailing list