You are not logged in.

#1 2008-04-14 22:12:31

roan
Member
Registered: 2008-04-14
Posts: 2

Troubles with pptp / vpn clients connected to gateway

Last week I installed a PC running Archlinux to function as a gateway/firewall/nat server. I used dnsmasq and shorewall and it all works fine, except for my outgoing vpn (pptpclient) from the local clients to the vpn server at work.

The setup is as following:

adsl connection
voip modem/router with dmz to linux box (192.168.0.0/24)

archlinux gateway eth0 (192.168.2.0/24)
archlinux gateway eth1 (10.0.0.0/24)

ethernet switch

archlinux client
windows client

When I directly connect my -for example- Windows laptop to the modem I can connect to the vpn server. When I connect it to the linux box the connection times out. I have this also with my linux client, so there should be something wrong on the gateway.

My http, imap, sshd, etc works fine on the clients. Even incoming ssh forwarding to one of the clients. Also, when I disable shorewall (and only the iptables masquerading rules have been set) it still doesn't work. So maybe the problem is dnsmasq? I've tried 'everything' and I just can't find out where the problem is...

Perhaps this information is useful

# pppd call ***** logfd 2 nodetach debug dump: (on the client)

pppd options in effect:
debug        # (from command line)
nodetach        # (from command line)
logfd 2        # (from command line)
dump        # (from command line)
noauth        # (from /etc/ppp/options.pptp)
refuse-chap        # (from /etc/ppp/options.pptp)
refuse-mschap        # (from /etc/ppp/options.pptp)
refuse-eap        # (from /etc/ppp/options.pptp)
name *****        # (from /etc/ppp/peers/*****)
remotename PPTP        # (from /etc/ppp/peers/8****)
        # (from /etc/ppp/options.pptp)
pty ***** --nolaunchpppd        # (from /etc/ppp/peers/***)
crtscts        # (from /etc/ppp/options)
        # (from /etc/ppp/options)
asyncmap 0        # (from /etc/ppp/options)
lcp-echo-failure 4        # (from /etc/ppp/options)
lcp-echo-interval 30        # (from /etc/ppp/options)
hide-password        # (from /etc/ppp/options)
ipparam firstfind        # (from /etc/ppp/peers/*****)
proxyarp        # (from /etc/ppp/options)
nobsdcomp        # (from /etc/ppp/options.pptp)
nodeflate        # (from /etc/ppp/options.pptp)
require-mppe-128        # (from /etc/ppp/peers/******)
noipx        # (from /etc/ppp/options)
using channel 23
Using interface ppp0
Connect: ppp0 <--> /dev/pts/3
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc1af8392> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc1af8392> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc1af8392> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc1af8392> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc1af8392> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc1af8392> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc1af8392> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc1af8392> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc1af8392> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc1af8392> <pcomp> <accomp>]
LCP: timeout sending Config-Requests
Connection terminated.
Modem hangup
Waiting for 1 child processes...
  script *** --nolaunchpppd, pid 6318
Script *** --nolaunchpppd finished (pid 6318), status = 0x0

# tcpdump -i eth0: (on the gateway)

22:12:34.204583 IP the.hostname.*******.1723 > 192.168.2.2.41069: S 1059944814:1059944814(0) ack 3240455486 win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
22:12:34.204770 IP 192.168.2.2.41069 > the.hostname.*******.1723: . ack 1 win 46 <nop,nop,timestamp 5362491 0>
22:12:34.204993 IP 192.168.2.2.41069 > the.hostname.*******.1723: P 1:157(156) ack 1 win 46 <nop,nop,timestamp 5362491 0>: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(AS) BEARER_CAP(DA) MAX_CHAN(65535) FIRM_REV(1) [|pptp]
22:12:34.212859 IP 192.168.2.1.domain > 192.168.2.2.32769: 17520 NXDomain 0/0/0 (42)
22:12:34.213131 IP 192.168.2.2.32769 > 192.168.2.1.domain: 23422+ PTR? 1.2.168.192.in-addr.arpa. (42)
22:12:34.224752 IP the.hostname.*******.1723 > 192.168.2.2.41069: P 1:157(156) ack 157 win 65379 <nop,nop,timestamp 29589164 5362491>: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(3790) [|pptp]
22:12:34.224959 IP 192.168.2.2.41069 > the.hostname.*******.1723: . ack 157 win 54 <nop,nop,timestamp 5362497 29589164>
22:12:34.225759 IP 192.168.2.1.domain > 192.168.2.2.32769: 23422 NXDomain 0/0/0 (42)
22:12:35.205141 IP 192.168.2.2.41069 > the.hostname.*******.1723: P 157:325(168) ack 157 win 54 <nop,nop,timestamp 5362791 29589164>: pptp CTRL_MSGTYPE=OCRQ CALL_ID(0) CALL_SER_NUM(0) MIN_BPS(2400) MAX_BPS(10000000) BEARER_TYPE(Any) [|pptp]
22:12:35.223959 IP the.hostname.*******.1723 > 192.168.2.2.41069: P 157:189(32) ack 325 win 65211 <nop,nop,timestamp 29589174 5362791>: pptp CTRL_MSGTYPE=OCRP CALL_ID(47925) PEER_CALL_ID(0) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(13277755) RECV_WIN(16384) PROC_DELAY(0) [|pptp]
22:12:35.224136 IP 192.168.2.2.41069 > the.hostname.*******.1723: . ack 189 win 54 <nop,nop,timestamp 5362797 29589174>
22:12:35.224325 IP 192.168.2.2 > the.hostname.*******: GREv1, call 47925, seq 1, length 36: LCP, Conf-Request (0x01), id 1, length 22
22:12:38.188754 IP 192.168.2.2 > the.hostname.*******: GREv1, call 47925, seq 2, length 36: LCP, Conf-Request (0x01), id 1, length 22
22:12:39.186329 arp who-has 192.168.2.1 tell 192.168.2.2
22:12:39.186558 arp reply 192.168.2.1 is-at 00:01:e3:dc:f2:11 (oui Unknown)
22:12:41.191873 IP 192.168.2.2 > the.hostname.*******: GREv1, call 47925, seq 3, length 36: LCP, Conf-Request (0x01), id 1, length 22
22:12:44.195817 IP 192.168.2.2 > the.hostname.*******: GREv1, call 47925, seq 4, length 36: LCP, Conf-Request (0x01), id 1, length 22
22:12:47.202258 IP 192.168.2.2 > the.hostname.*******: GREv1, call 47925, seq 5, length 36: LCP, Conf-Request (0x01), id 1, length 22
22:12:50.204579 IP 192.168.2.2 > the.hostname.*******: GREv1, call 47925, seq 6, length 36: LCP, Conf-Request (0x01), id 1, length 22
22:12:53.207664 IP 192.168.2.2 > the.hostname.*******: GREv1, call 47925, seq 7, length 36: LCP, Conf-Request (0x01), id 1, length 22
22:12:56.212017 IP 192.168.2.2 > the.hostname.*******: GREv1, call 47925, seq 8, length 36: LCP, Conf-Request (0x01), id 1, length 22
22:12:59.213907 IP 192.168.2.2 > the.hostname.*******: GREv1, call 47925, seq 9, length 36: LCP, Conf-Request (0x01), id 1, length 22
22:13:02.217014 IP 192.168.2.2 > the.hostname.*******: GREv1, call 47925, seq 10, length 36: LCP, Conf-Request (0x01), id 1, length 22
22:13:05.244879 IP 192.168.2.2.41069 > the.hostname.*******.1723: P 325:341(16) ack 189 win 54 <nop,nop,timestamp 5371804 29589174>: pptp CTRL_MSGTYPE=CCRQ CALL_ID(0)
22:13:05.244898 IP 192.168.2.2.41069 > the.hostname.*******.1723: F 341:341(0) ack 189 win 54 <nop,nop,timestamp 5371804 29589174>
22:13:05.260764 IP the.hostname.*******.1723 > 192.168.2.2.41069: P 189:337(148) ack 341 win 65195 <nop,nop,timestamp 29589476 5371804>: pptp CTRL_MSGTYPE=CDN CALL_ID(47925) RESULT_CODE(0) ERR_CODE(0) CAUSE_CODE(0) [|pptp]
22:13:05.260970 IP 192.168.2.2.41069 > the.hostname.*******.1723: R 3240455826:3240455826(0) win 0
22:13:05.261709 IP the.hostname.*******.1723 > 192.168.2.2.41069: F 337:337(0) ack 342 win 65195 <nop,nop,timestamp 29589476 5371804>
22:13:05.261888 IP 192.168.2.2.41069 > the.hostname.*******.1723: R 3240455827:3240455827(0) win 0

Does anyone know a solution?

Update:

This part of the wiki page says it should be an firewall issue
http://wiki.archlinux.org/index.php/Mic … _correctly

I get the same error as shown on the page (LCP: timeout sending Config-Requests).

Possibly my gateway/firewall rejects the response from the VPN server. Is there anyone that can acknowledge that? Perhaps by looking at the tcpdump?

Last edited by roan (2008-04-15 16:22:36)

Offline

#2 2008-04-15 18:38:39

roan
Member
Registered: 2008-04-14
Posts: 2

Re: Troubles with pptp / vpn clients connected to gateway

Well, I have found the solution. It's a bit stupid, I had to power off/on the 'provider firmware' adsl modem. Everything works fine now.

Offline

Board footer

Powered by FluxBB