Client VPN Problem

Sébastien DACQUIN

Client VPN Problem

« on: March 28, 2001, 04:22:29 AM »

We successfully connect a client to the server using VPN service when the client is directly connected to internet (Dial or Cable). Although, we have a problem when we are trying to connect a client behind a router or an other e-smith server : the client return error 629.
The trace on the server shows a connection from the client, and an answer is sent back but the client never received it.
Does anyone already encountered this problem and knows how to fix it ?

Logged

Karl Ponsonby

Re: Client VPN Problem

« Reply #1 on: March 28, 2001, 04:51:03 AM »

I think that maybe the issue is in relation to PPTP_Masq. The e-smith box does not have this installed. If I follow you correctly the VPN client is behind a router or another e-smith box, then thai is correct. It will not get a return acknowledgement.
Karl

Logged

Gordon Rowell

Re: Client VPN Problem

« Reply #2 on: March 28, 2001, 05:04:54 AM »

Karl Ponsonby wrote:
>
> I think that maybe the issue is in relation to PPTP_Masq. The
> e-smith box does not have this installed.

This is true of e-smith 4.1, but is not the problem in this case.

> If I follow you
> correctly the VPN client is behind a router or another
> e-smith box, then thai is correct. It will not get a return
> acknowledgement.

This is correct. The gateway needs to support masquerading of
the PPTP and GRE protocols. The router may be doing packet
filtering or NAT, and both will need to be configured to
allow both protocols for PPTP to function.

Gordon

Logged

Sébastien DACQUIN

Re: Client VPN Problem

« Reply #3 on: March 28, 2001, 03:52:38 PM »

> This is correct. The gateway needs to support masquerading of
> the PPTP and GRE protocols. The router may be doing packet
> filtering or NAT, and both will need to be configured to
> allow both protocols for PPTP to function.

e-smith 4.1.1 support PPTP and GRE on default setup ?
My clients stay on error 629 when behind e-smith 4.1.1 (dial-up) and
error 678 when behind e-smith 4.1.1 (cable).
On both server i use dyndns services.
I found a package ip_masq_vpn in the contrib section but there is no changes
when i setup it with the command : rpm -UhvF ip_masq_vpn-0.1.1-1.i386.rpm

What is wrong ?

>
> Gordon

Logged

Gordon Rowell

Re: Client VPN Problem

« Reply #4 on: March 28, 2001, 04:00:05 PM »

Sébastien DACQUIN wrote:
> [...]
> e-smith 4.1.1 support PPTP and GRE on default setup ?

As a server, yes. Neither e-smith 4.1 or 4.1.1 support PPTP masquerading.

> My clients stay on error 629 when behind e-smith 4.1.1
> (dial-up) and error 678 when behind e-smith 4.1.1 (cable).

Yes, as the masquerading module is not loaded. It did not work
in the RedHat 7 kernel used in e-smith 4.1 and 4.1.1

> On both server i use dyndns services.
> I found a package ip_masq_vpn in the contrib section but
> there is no changes
> when i setup it with the command : rpm -UhvF
> ip_masq_vpn-0.1.1-1.i386.rpm
>
> What is wrong ?

You also need to load the module. This module will be standard in later release of e-smith. The configuration to load modules is found in the templates for /etc/rc.d/init.d/masq and modifications to those should be discussed in the Experienced Users Forum or on the devinfo mailing list.

Thanks,

Gordon

Logged

Mike Niedzwiedz

Re: Client VPN Problem

« Reply #5 on: March 29, 2001, 07:26:28 PM »

try changing the encryption level from the default 128 to 40

Logged

Gordon Rowell

Re: Client VPN Problem

« Reply #6 on: March 30, 2001, 11:18:05 AM »

Mike Niedzwiedz wrote:
>
> try changing the encryption level from the default 128 to 40

This will not help, and is not advisable (40 bit encryption is seriously flawed). The problem is the lack of a PPTP masqurade module, so the packets never get to the server.

Gordon

Logged