Topic: VPN Problems

[Bob King]

I have had March SME Server Ver 5 with update 2 installed for several months and everything seems to be working very well. Recently we developed the need for an internet VPN connection to allow sales people to log in and access a data base runinng on the internal Windows network.

I have read the March user's guide and several howto's but just can not get a connection established. The configuration in the Remote access server-manager is set to allow 2 PPTP conections.

The setting in Windows 2000 Pro dialup networking are as follows:

General - The March server's IP address
Options - Display progress ...
              Nothing else ticked
Security - Typical
               Require secure password
               Nothing else ticked

Networking - Point to Point Tunneling Protocol (PPTP)
                      Settings
                          Enable LCP extentions
                          Enable software compression
                   Internet Protocol (TCP/IP)
                   File and Printer Sharing for MS Networks
                   Client for MS Networks
Shariing - Nothing ticked

When trying to establish a connection it goes through verfiying user name and password and after a short time comes back with "Error 619 - The specified port is not connected".

Can someone please tell me what I am doing wrong.

[Chris Smith]

This is actually a Win2k issue. I had the same problem. Update the Win2k boxes to sp2 and it will work.

[Filippo Carletti]

If W2k pre SP2 (or SP1), disable Software compression

[Bob King]

Thanks to both Chris & Filippo for their responses.

The Win2K boxes are all SP2. I still get the same error even with software compression disabled. Have tried connecting from several different locations using different Win2K machines always the same error.

Any other ideas will be greatly appreciated.

Bob

[Filippo Carletti]

Time for a bit of debugging.
telnet your.external.ip.address 1723

Can you connect ?

If yes, show us some relevant pieces from /var/log/messages

[Bob King]

Telnet is disabled. Connected via SSH. Below are entries in /var/log/messages from one recent connection attempt. Hope this helps. And thanks for the assistance.

*****************************************************************
Dec  8 05:24:45 AARAT01 pptpd[7233]: MGR: Launching /usr/sbin/pptpctrl to handle client
Dec  8 05:24:45 AARAT01 pptpd[7233]: CTRL: local address = 192.168.178.10
Dec  8 05:24:45 AARAT01 pptpd[7233]: CTRL: remote address = 192.168.178.147
Dec  8 05:24:45 AARAT01 pptpd[7233]: CTRL: pppd speed = 460800
Dec  8 05:24:45 AARAT01 pptpd[7233]: CTRL: pppd options file = /etc/ppp/options.pptpd
Dec  8 05:24:45 AARAT01 pptpd[7233]: CTRL: Client 203.59.204.105 control connection started
Dec  8 05:24:45 AARAT01 pptpd[7233]: CTRL: Received PPTP Control Message (type: 1)
Dec  8 05:24:45 AARAT01 pptpd[7233]: CTRL: Made a START CTRL CONN RPLY packet
Dec  8 05:24:45 AARAT01 pptpd[7233]: CTRL: I wrote 156 bytes to the client.
Dec  8 05:24:45 AARAT01 pptpd[7233]: CTRL: Sent packet to client
Dec  8 05:24:46 AARAT01 pptpd[7233]: CTRL: Received PPTP Control Message (type: 7)
Dec  8 05:24:46 AARAT01 pptpd[7233]: CTRL: 0 min_bps, 1525 max_bps, 32 window size
Dec  8 05:24:46 AARAT01 pptpd[7233]: CTRL: Made a OUT CALL RPLY packet
Dec  8 05:24:46 AARAT01 pptpd[7233]: CTRL: Starting call (launching pppd, opening GRE)
Dec  8 05:24:46 AARAT01 pptpd[7233]: CTRL: pty_fd = 5
Dec  8 05:24:46 AARAT01 pptpd[7233]: CTRL: tty_fd = 6
Dec  8 05:24:46 AARAT01 pptpd[7234]: CTRL (PPPD Launcher): Connection speed = 460800
Dec  8 05:24:46 AARAT01 pptpd[7234]: CTRL (PPPD Launcher): local address = 192.168.178.10
Dec  8 05:24:46 AARAT01 pptpd[7233]: CTRL: I wrote 32 bytes to the client.
Dec  8 05:24:46 AARAT01 pptpd[7233]: CTRL: Sent packet to client
Dec  8 05:24:46 AARAT01 pptpd[7234]: CTRL (PPPD Launcher): remote address = 192.168.178.147
Dec  8 05:24:46 AARAT01 modprobe: modprobe: Can't locate module char-major-108
Dec  8 05:24:46 AARAT01 pptpd[7233]: CTRL: Received PPTP Control Message (type: 15)
Dec  8 05:24:46 AARAT01 pptpd[7233]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Dec  8 05:24:46 AARAT01 kernel: CSLIP: code copyright 1989 Regents of the University of California
Dec  8 05:24:46 AARAT01 kernel: PPP: version 2.3.7 (demand dialling)
Dec  8 05:24:46 AARAT01 kernel: PPP line discipline registered.
Dec  8 05:24:46 AARAT01 kernel: registered device ppp0
Dec  8 05:24:46 AARAT01 pppd[7234]: pppd 2.4.0 started by root, uid 0
Dec  8 05:24:46 AARAT01 pppd[7234]: Using interface ppp0
Dec  8 05:24:46 AARAT01 pppd[7234]: Connect: ppp0 <--> /dev/pts/0
Dec  8 05:24:47 AARAT01 pptpd[7233]: CTRL: Received PPTP Control Message (type: 15)
Dec  8 05:24:47 AARAT01 pptpd[7233]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Dec  8 05:24:51 AARAT01 pptpd[7233]: CTRL: Received PPTP Control Message (type: 12)
Dec  8 05:24:51 AARAT01 pptpd[7233]: CTRL: Made a CALL DISCONNECT RPLY packet
Dec  8 05:24:51 AARAT01 pptpd[7233]: CTRL: Received CALL CLR request (closing call)
Dec  8 05:24:51 AARAT01 pptpd[7233]: CTRL: I wrote 148 bytes to the client.
Dec  8 05:24:51 AARAT01 pptpd[7233]: CTRL: Sent packet to client
Dec  8 05:24:51 AARAT01 pppd[7234]: Modem hangup
Dec  8 05:24:51 AARAT01 pppd[7234]: Connection terminated.
Dec  8 05:24:51 AARAT01 pppd[7234]: Exit.
Dec  8 05:24:51 AARAT01 pptpd[7233]: GRE: read error: Bad file descriptor
Dec  8 05:24:51 AARAT01 pptpd[7233]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
Dec  8 05:24:51 AARAT01 pptpd[7233]: CTRL: Client 203.59.204.105 control connection finished
Dec  8 05:24:51 AARAT01 pptpd[7233]: CTRL: Exiting now
Dec  8 05:24:51 AARAT01 pptpd[5993]: MGR: Reaped child 7233
********************************************************************************

[Filippo Carletti]

> Telnet is disabled.

It was only to check if the port as open, don't worry.

> /var/log/messages from one recent connection attempt. Hope
> this helps. And thanks for the assistance.
> Dec  8 05:24:51 AARAT01 pptpd[7233]: CTRL: Received PPTP
> Control Message (type: 12)

Your win2k is asking to close the call.
Hard to say why.
Maybe win2k doesn't agree on compression option or something.

[Bob King]

Thanks anyway Filippo,

I've tried from several different Win2K machines from different locations, different networks and different types of internet access. Every attempt resulted in the exact same error.

I wonder if anyone on this forum has been able to use Win2K to establish a VPN connection with a SME Server 5.0 box. If so please let me know how!

I have double checked the user E-Smith manual & howto's. The Win2K boxes have SP2 installed and 128 bit encryption. I've tried all the different settings in the Win Dialup Networking VPN connection Dialog. Nothing has helped.

[bala]

Bob

Under your win2K "Virtual Private Connection Properties"

Options - Display progress ...
tick - Prompt for name and password

I'm using Wink2K to connect to my office (e-smith) from home....works...

I did try with your above mentioned settings and it gave me the same error code...
The only difference is the "tick - Prompt for name and password" ... tick it and maybe it should work as mine........


Regards


Bala

[Bob King]

Thanks Bala,

I tried it but no help - same error.

There must be something  that I am missing on the SME Server box since the problem occures when trying to connect from several different Win2K boxes.

[Filippo Carletti]

> There must be something  that I am missing on the SME Server
> box since the problem occures when trying to connect from
> several different Win2K boxes.

I agree. I tested connections from 98,2K and 2kSP2 to essg 4.1.2 and SME 5.0
Always worked, apart disabling compression on plain 2k.

[Shing Ho]

Hi Bob

I have the same problem as you.  I have a theory.

I'm running V5 on a P100.  I think it is too slow to run VPN connection.  It seems to disconnect (timeout) at 30 sec.  I tried to increased the timeout but there was no affect, may be it's a Microsoft bug.

The e-smith VPN does work, I can connect from home to office.  The office machine is significantly faster (800MHz).

Please let me know if you are currently running on a slow server as well.

This is just a theory!
Shing...Bob King wrote:

[Bob King]

Hi Shing Ho,

The server is a P200 with 512kb cache & 128mb RAM, 30gb HDD.
It has only 6 users on the connected network. Functions as a Gateway, DCHP, Web & E-mail server (no Web Mail). The Web site it hosts is very small (averages less than 100 hit/day) with no dynamic content. The permanent Internet connection is ADSL 64 up x 128 down. Another server on the network does File Server duties.

It doesn't seem to me that this configuration would be over stressing the P200.

Bob

[Shing Ho]

Can't explain it then.  I don't have anyother users on the server and it still doesn't connect.  May be CPU speed related???

Shing..

[Shing Ho]

Can't explain it then.  I don't have anyother users on the server and it still doesn't connect.  May be CPU speed related???

Shing..