[pptp-server] RE: GRE: Bad checksum from pppd?
Wylie Swanson
wylie at datamaersk.com
Mon May 13 23:42:26 CDT 2002
Hmmm. I'm actually testing in this environment:
[ xp client 192.168.0.5 ] --->
[ poptop server 192.168.0.120 ] --> [ nat fw/gw 192.168.0.1 ] --> [
internet ]
[ internal dhcp ] -->
The block I am allocating addresses for PoPToP is also in the 192.168.0
network, and are available. The plan is to move this to production,
ending up with
[ nat fw/gw/vpn 192.168.0.1 ] --> [ internet ] <-- ['road warrior'
Windows XP Professional native client]
It clicked in the back of my mind that creating the tunnel from the
192.168.0/24 to the 192.168.0/24 in the lab might be causing a problem
for GRE? Thoughts?
Best regards,
Wylie
-----Original Message-----
From: kluivert at dodobirdy.netcraft.com.my
[mailto:kluivert at dodobirdy.netcraft.com.my] On Behalf Of Julian Gomez
Sent: Monday, May 13, 2002 9:36 PM
To: wylie at datamaersk.com
Subject: Re: GRE: Bad checksum from pppd?
On Mon, 13 May 2002 wylie-netfilter at datamaersk.net wrote:
> I am not sure what is causing this problem or if "GRE: Bad checksum
> from pppd" is the terminating error. This is running on a 2.4.18
> patched kernel with mppe and mschap2 and PoPToP. Authentication
> appears to be working, but the connection is lost immediately after
> successful authentication.
I have it got iptables/ipchains working with poptop. There is a problem
when you have two poptops trying to authenticate from behind one nat
machine to another server like the diagram below.
[ client a ] --+
[ client b ] ----> [ nat gw ] --> [ external poptop server ]
You need to patch accordingly with the pptp conntracking patch but I
never got that bit working also even with the patch.
> May 13 17:10:22 myserver pptpd[1658]: CTRL: GRE read or PTY write
> failed
> (gre,pty)=(6,5)
Used to get hit by this one all the time and it used to be a
configuration side problem for me. But I can't see where you are going
wrong at your end and I don't have a spare machine to diff the
configuration files with.
Try switching on debugging and see what else it reaps.
More information about the pptp-server
mailing list