[pptp-server] PPTP and Linux clients - no packets?

David Crooke dave at convio.com
Tue Oct 9 18:05:56 CDT 2001 

This may be a semi-newbie question.......

I am trying to get a PPTP client on Linux to connect to our PPTP server
(also Linux, PoPToP). The server we have been running for several
months, and it works more or less flawlessly with Windows clients (98,
NT, 2k) - it does occasionally lock up a connection or the whole PPTP
setup.

The client is Red Hat 7.1 (Linux 2.4.2)

The PoPToP server is running Linux 2.2.12 (RH6.1) with PPPD 2.3.10 and
PoPToP 1.0.0

I searched the web and found a variety of conflicting advice, varying
from "just install this, this and that" to "you have to apply this and
that patch, do this, use these exact versions of everything, and fix
this and this bug". Here are some URL's I looked at:

http://www.sigpipe.org:8080/vpn/pptp.html
http://poptop.lineo.com/setup_pptp_client.html
http://www.rhapsodyk.net/adsl/HOWTO/
http://tiki-lounge.com/~ben/software/pptp.html

And I ended up pulling a tarball from here which has all the sources and
patches for security (MPPE etc.)

http://pptpclient.sourceforge.net/

The client is using pppd 2.4.0 and PPTP 1.0.2

Side note: one thing I initially found confusing is that a lot of people
just assume that if you're using PPP it's because it's dialup or some
other point to point setup (PPPoE over DSL)(  and that the PPTP VPN is
the only connection running down that interface - what I'm trying to set
up is VPN in its purest sense, over an existing ethernet (cable modem)
connection.

I have got to the state where I can type

pptp server.name.com

and it will connect and authenticate with CHAP, set up the tunnel with
or without encryption (BSD Deflate type 15 or MPPE 128 bit type 18) and
often exchange a couple of packets - sometimes I can ping the remote end
of the tunnel, and if I set up an appropriate route entry, I can
sometimes ping things on the LAN attached to it, sometimes not.

When ping works, I can also get the start of a telnet session going -
the SYN and ACK packets appear to pass without incident (I get the
message "Connected to server ....."), but then the telnet session just
hangs, no login prompt.

Sometimes, when ping doesn't work, I get messages like this:

Oct  9 17:42:57 poptop-server pptpd[988]: GRE:
read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error =
Input/output error
Oct  9 17:42:57 poptop-server pptpd[988]: CTRL: PTY read or GRE write
failed (pty,gre)=(5,6)

I also get some cases where, if I use MPPE-128, the client complains
that the server needs to authenticate itself, even though I have noauth
in the /etc/ppp/options file.

Below is some log output from a semi-successful connection, done with
deflate 15 mode (no encryption): 45.67.89.0/24 is the subnet of the
server and LAN, 12.34.56.789 is the client's real IP (cable modem). The
third bit of log is the result of doing the iptables command below on
the client after connecting, and then setting a route at the client end
for that IP and trying to ping and telnet from other machines on the LAN
to the IP at the client's end of the tunnel - the behaviour in
telnetting from the client to the LAN (or VPN server) is identical:

iptables -I INPUT -d 45.67.89.0/24 -j LOG

I'm stumped - something is choking but I can't figure out where.

Any advice welcome

Cheers
Dave


Server Log

Oct  9 17:43:47 poptop-server pptpd[1043]: CTRL: Client 12.34.56.789
control connection started
Oct  9 17:43:48 poptop-server pptpd[1043]: CTRL: Starting call
(launching pppd, opening GRE)
Oct  9 17:43:54 poptop-server pppd[1044]: pppd 2.3.10 started by root,
uid 0
Oct  9 17:43:54 poptop-server pppd[1044]: Using interface ppp2
Oct  9 17:43:54 poptop-server pppd[1044]: Connect: ppp2 <--> /dev/pts/3
Oct  9 17:43:54 poptop-server pptpd[1043]: GRE: Discarding duplicate
packet
Oct  9 17:43:57 poptop-server pppd[1044]: MSCHAP-v2 peer authentication
succeeded for cmurray
Oct  9 17:43:58 poptop-server pppd[1044]: found interface eth0 for proxy
arp
Oct  9 17:43:58 poptop-server pppd[1044]: local  IP address 45.67.89.231

Oct  9 17:43:58 poptop-server pppd[1044]: remote IP address 45.67.89.241

Oct  9 17:43:58 poptop-server pppd[1044]: Deflate (15) compression
enabled

Client Log

Oct  9 17:39:49 client pppd[22142]: pppd 2.4.0 started by root, uid 0
Oct  9 17:39:49 client pppd[22142]: Using interface ppp0
Oct  9 17:39:49 client pppd[22142]: Connect: ppp0 <--> /dev/ttya0
Oct  9 17:39:58 client pppd[22142]: Remote message:
S=0904759F0D01F9B7F74F54C516DAD7892A85B4F0
Oct  9 17:39:58 client pppd[22142]: Deflate (15) compression enabled
Oct  9 17:39:58 client pppd[22142]: local  IP address 45.67.89.241
Oct  9 17:39:58 client pppd[22142]: remote IP address 45.67.89.231


iptables on client - catching inbound packets sent to 45.67.89.0/24
subnet (i.e. ppp0 interface)

Oct  9 17:49:42 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.17
DST=45.67.89.241 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=56018 PROTO=ICMP
TYPE=8 CODE=0 ID=35371 SEQ=0
Oct  9 17:49:44 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.17
DST=45.67.89.241 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=56075 PROTO=ICMP
TYPE=8 CODE=0 ID=35371 SEQ=512
Oct  9 17:49:46 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.17
DST=45.67.89.241 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=56130 PROTO=ICMP
TYPE=8 CODE=0 ID=35371 SEQ=1024
Oct  9 17:49:48 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.17
DST=45.67.89.241 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=56198 PROTO=ICMP
TYPE=8 CODE=0 ID=35371 SEQ=1536
Oct  9 17:49:50 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.17
DST=45.67.89.241 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=56253 PROTO=ICMP
TYPE=8 CODE=0 ID=35371 SEQ=2048
Oct  9 17:49:52 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.17
DST=45.67.89.241 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=56310 PROTO=ICMP
TYPE=8 CODE=0 ID=35371 SEQ=2560
Oct  9 17:50:05 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.56
DST=45.67.89.241 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=13904 PROTO=ICMP
TYPE=8 CODE=0 ID=51209 SEQ=256
Oct  9 17:50:07 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.56
DST=45.67.89.241 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=14230 PROTO=ICMP
TYPE=8 CODE=0 ID=51209 SEQ=768
Oct  9 17:50:09 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.56
DST=45.67.89.241 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=14261 PROTO=ICMP
TYPE=8 CODE=0 ID=51209 SEQ=1280
Oct  9 17:50:21 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.56
DST=45.67.89.241 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=14705 DF PROTO=TCP
SPT=1320 DPT=23 WINDOW=32120 RES=0x00 SYN URGP=0
Oct  9 17:50:21 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.56
DST=45.67.89.241 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=14705 DF PROTO=TCP
SPT=1320 DPT=23 WINDOW=32120 RES=0x00 SYN URGP=0
Oct  9 17:50:22 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.56
DST=45.67.89.241 LEN=79 TOS=0x00 PREC=0x00 TTL=63 ID=1020 DF PROTO=TCP
SPT=1319 DPT=23 WINDOW=32120 RES=0x00 ACK PSH URGP=0
Oct  9 17:50:25 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.56
DST=45.67.89.241 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=14710 DF PROTO=TCP
SPT=1320 DPT=23 WINDOW=32120 RES=0x00 ACK URGP=0
Oct  9 17:50:26 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.56
DST=45.67.89.241 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=14712 DF PROTO=TCP
SPT=1320 DPT=23 WINDOW=32120 RES=0x00 ACK URGP=0
Oct  9 17:50:40 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.56
DST=45.67.89.241 LEN=79 TOS=0x00 PREC=0x00 TTL=63 ID=15127 DF PROTO=TCP
SPT=1320 DPT=23 WINDOW=32120 RES=0x00 ACK PSH URGP=0
Oct  9 17:50:40 alba kernel: IN=ppp0 OUT= MAC= SRC=45.67.89.56
DST=45.67.89.241 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=15130 DF PROTO=TCP
SPT=1320 DPT=23 WINDOW=32120 RES=0x00 ACK URGP=0
ID=51366 DF PROTO=TCP SPT=2374 DPT=25 WINDOW=32120 RES=0x00 SYN URGP=0





--
David Crooke, Chief Technology Officer
Convio Inc. - the online partner for nonprofits
4801 Plaza on the Lake, Suite 1500, Austin TX 78746
Tel: (512) 652 2600 - Fax: (512) 652 2699


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20011009/e3d3b77c/attachment.html>

More information about the pptp-server mailing list