[pptp-server] http://www.vibres.com/pptpd/example.html

Ismandy Ali ismandya at sains.com.my
Tue Jan 30 18:55:03 CST 2001 

Hi people,
        Need help. The following is the output from my unsuccesfful
"LCP: timeout sending Config-Requests" problem. Inside the FAQ and as
most everybody know, this  problem is the result of the filtering of the
firewall in front of the pptp server. I have contacted the administrator
of the responsible networks, but they replied to me that that do not
implement any form of firewall. Any tcpdump experts?

[root at kgsnt3 log]# 08:50:19.578827 < j50.xxx12.jaring.my.1079 >
kgsnt3.1723: S 2688831:2688831(0) win 8192 <mss 536,nop,nop,sackOK> (DF)

08:50:19.578860 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: S
1099368846:1099368846(0) ack 2688832 win 32696 <mss 536,nop,nop,sackOK>
(DF)
08:50:20.178507 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: . 1:1(0) ack 1
win 8576 (DF)
08:50:20.222345 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: P 1:157(156)
ack 1 win 8576 (DF)
08:50:20.222386 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: . 1:1(0) ack
157 win 32540 (DF)
08:50:20.222662 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: P 1:157(156)
ack 157 win 32696 (DF)
08:50:20.989570 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: P 157:325(168)
ack 157 win 8420 (DF)
08:50:20.991593 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: P 157:189(32)
ack 325 win 32696 (DF)
08:50:21.100517 > gre-proto-0x880B (gre encap)
08:50:21.782312 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: . 325:325(0)
ack 189 win 8388 (DF)
08:50:24.101706 > gre-proto-0x880B (gre encap)
08:50:27.111721 > gre-proto-0x880B (gre encap)
08:50:30.121709 > gre-proto-0x880B (gre encap)
08:50:33.131739 > gre-proto-0x880B (gre encap)
08:50:36.141723 > gre-proto-0x880B (gre encap)
08:50:39.151677 > gre-proto-0x880B (gre encap)
08:50:42.161727 > gre-proto-0x880B (gre encap)
08:50:45.171691 > gre-proto-0x880B (gre encap)
08:50:48.181723 > gre-proto-0x880B (gre encap)
08:50:51.192280 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: F 189:189(0)
ack 325 win 32696 (DF)
08:50:51.344126 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: P 325:341(16)
ack 189 win 8388 (DF)
08:50:51.344169 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: R
1099369035:1099369035(0) win 0
08:50:51.459463 < j50.xxx12.jaring.my.1079 > kgsnt3.1723: F 341:341(0)
ack 190 win 8388 (DF)
08:50:51.459480 > kgsnt3.1723 > j50.xxx12.jaring.my.1079: R
1099369036:1099369036(0) win 0


Jason Osborne wrote:

>  Have you checked to make sure that the cisco router isn't blocking
> GRE packets?
>
>      <!--StartFragment-->7.3.9. Get "Sent [LCP ConfReq id=0x1
>      <asyncmap 0x0> <auth chap 81>
>          <magic 0xe6251907> <pcomp> <accomp>"
>          "...last message repeated 9 times"
>          "LCP: timeout sending Config-Requests"
>      errors in your log file
>
>      This typically means the GRE data link is not making it from
>      your
>      client to your server, typically because of firewalls.
>      Remember
>      that pptpd requires both a control connection (TCP port
>      1723) and
>      a data connection (GRE protocol = TCP/IP protocol 47).
>      Check all
>      of the firewalls between your two machines to make sure they
>      are
>      allowing both types of traffic to pass in both directions.
>
> Also, what type of connection do you have to the internet. I have ISDN
> and was having the same problem and it turned out to not be my
> firewall, but something else. Also, turn all on the debugging you can
> and post up a session so we can take a look at it. Thanks, Jason.A
> link you might find usefully:
> http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt
>
>      -----Original Message-----
>      From: pptp-server-admin at lists.schulte.org
>      [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of
>      Ismandy Ali
>      Sent: Monday, January 29, 2001 10:13 PM
>      To: phil at vibrationresearch.com;
>      pptp-server at lists.schulte.org
>      Subject: [pptp-server]
>      http://www.vibres.com/pptpd/example.html
>
>      Hi there,
>
>      I have followed the exampled inside the
>      http://www.vibres.com/pptpd/example.html, of course with
>      some parameter changes. but still I got the same problem.
>      "LCP: timeout sending Config-Requests ".
>
>      I have  browse every postings  inside the mailing-list
>
>      I thought that maybe  I  did something wrong during any of
>      the steps. so I decided  to delete all the files, reinstall
>      all the applications/patches and rebuild the kernel - twice.
>
>      I have been doing this  since last  two weeks(this week
>      makes it three weeks), but I did n't get any positive
>      outcome . I am not behind any firewall, the least is our
>      router configured not to "SMURF".  Attached is my
>      /etc/ppp/options and cisco router configuration. I have my
>      windows 's  box VPN updated.
>
>      i am using linux redhat 6.2 and kernel 2.2.17.
>
>      debug
>      name kgsnt3
>      mru 1450
>      mtu 1450
>      auth
>      require-chap
>      proxyarp
>      +chap
>      +chapms
>      +chapms-v2
>      mppe-40
>      mppe-128
>      mppe-stateless
>      202.184.155.1:
>
>      smurf configuration on cisco router:
>      Filter from internet
>          tcp port 137
>          tcp port netbios-ns
>          tcp port 139
>          udp service netbios-dgm
>          udp service 139
>          udp service 138
>          icmp service unreachable (deny to network address)
>          icmp service echo (deny to network address)
>      _______________________________________________ pptp-server
>      maillist - pptp-server at lists.schulte.org
>      http://lists.schulte.org/mailman/listinfo/pptp-server List
>      services provided by www.schulteconsulting.com!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20010131/ae33a58a/attachment.html>

More information about the pptp-server mailing list