Topic: PPTP bug fixed in 5.6U4 ???

[Jim Huneycutt]

The reference for recent 5.6 update 4 refers to this fix: "#6546 PPTP: recurring session delays and disconnects".

Does anyone know if this fixes the PPTP problems reported in the forum and listed as a bug here:
http://www.e-smith.org/bugs/index.php3?op=showBug&bugID=93

Thanks,
jim

[Kelvin]

Jim,

It appears that Update 4 has removed the template fragment which puts in the ip_nat_pptp and ip_conntrack_pptp lines into masq (effectively the same as the published workaround). However, there are updated pptp and ipmasq modules in the update as well. I'll test it out and see.

Kelvin

[Ray Mitchell]

I have installed Update 4 and my vpn pptp (from local 5.6 to remote 5.5) seems to be working OK (have been connected for well over an hour now), but it did work OK after implementing the bug fix anyway (did not work before that though).

Regards
Ray Mitchell

[Martin Trigg]

I suspect there is still something amiss with PPTP.

I applied update 4 to a fresh V5.6 install and found that outgoing PPTP connections from the first PC which I used worked reliably.

After DISCONNECTING that VPN link (as only one can be active at a time to the same remote PPTP server) I tried to establish another link from a different machine on the LAN to the same remote SME V5.5 server.

It failed with Windows reporting an Error 619.

In total I tried connecting from 3 machines (2 x XP, 1 x Win2000) and in every case the PC that I used to establish the first VPN connection, after rebooting the SME V5.6u4, could reliably and repeatedly connect.

I used the same and different Username/Passwords from each machine, all with the same results. I was always connecting to the same remote server.

As a double check I applied Update 4 to my normal SME 5.6 machine and experienced the same results. In my case at least there still appears to be an issue, has anyone else seen the above?

[Guck Puppy]

I was wondering if the removal of these modules (ip_nat_pptp and ip_conntrack_pptp)  also means that trying to do PPTP connections *through* a 5.6U4 server would stop working - I think the bug report listed that as a side effect of this work around, unfortunately that information has been removed from the report.

Can anyway with U4 installed comment on the ability to make PPTP connections from internal clients through 5.6 to machines across the net?

G

[Ray Mitchell]

Dear Guck Puppy

That's what I said in my earlier post, but to elaborate I can connect (at different times) from a Win2K w/s and a Win95 w/s through a local 5.6U4 server to a remote 5.5U6 server and connect to workstations on the remote network also. I have had a number of connections established this evening ranging from 15 minutes to 1 hour to over 2.5 hours without any problem.

When I first installed the 5.6 server I could not get reliable connections at all. Then I applied the bug fix that was posted on the bugs page, and that fixed the problem with getting out of my 5.6 server. I applied the U4 update yesterday and vpn pptp outgoing still works OK.

I never loaded any of the modules at Charlie's website as I understaood that these were for debugging only and were not meant to be fixes at all.

So for me anyway, outgoing through 5.6 is working fine now.
Regards
Ray Mitchell

[Kelvin]

Martin,

I think that problem is not from 5.6 itself. I have sites running SME 5.1.2 as the PPTP server where clients (and me) connect to. They have reported before that when they connect from home or another location, the first machine connects OK. If that machine logs off, then another machine at the *same* location tries to log in, they get the 619 error. Moreover, they are not running SME at home, just a normal broadband router box. This second machine will not be able to log in until the router box gets reset (in your case, your SME server getting rebooted). I'm suspecting either it's a protocol issue, cache issue or the way PPTP is implemented in SME (whichever version).

Jim, GP & Ray, so far so good. With Update 4 installed I've been able to establish connections to every remote site I tried successfully and maintain that connection. In the past, even with the workaround applied, I can connect to some but not others until the server gets rebooted, after which soem of the site I could connect to before, I can't while the ones I couldn't before I can (try saying that 20 times in a row quickly ). I'll continue testing and will post back if any new developments arise.

Kelvin

[Martin Trigg]

Kelvin,

Good point, so to prove my problem at least is caused by the SME 5.6 U4 at home I remove the SME and re-enabled my Linksys router to provide DHCP and PPPoE.

Running through the same tests I was able to successfully connect from 2 different machines to the remote SME V5.5.

So in my case it looks like SME 5.6 U4 is causing some sort of problem. I always allowed a minimum of 30 seconds between connections as I have seen issues in the past when you reconnect quickly.

Regards
Martin

[Kelvin]

Hi Martin,

Hmmm... interesting. I wonder if the SMC router is the culprit with these other clients.

Will try with other router..

Kelvin

[Charlie Brady]

Martin Trigg wrote:

> So in my case it looks like SME 5.6 U4 is causing some sort
> of problem. I always allowed a minimum of 30 seconds between
> connections as I have seen issues in the past when you
> reconnect quickly.

Please try again, but with a minimum of 2 minutes between connections. Without connection tracking modules the masquerading code won't know to tear down the GRE connection when the PPTP control connection is terminated. This means that GRE will still be forwarded to the first workstation for two minutes after the PPTP connection is terminated. This will prevent a connection from being made from the second one.

Run iptstate if you want to vizualize the expiry of the connection tracking.

2 minutes is the default timeout for connections - I expect that you can find a way to adjust that, if you really need multiple (serial, not simultaneous) outbound connections to the same remote server.

regards

Charlie

[Guck Puppy]

I too have applied 5.6U4 now, and have been able to PPTP TO the server with no problems.

Connecting *through* did give me issues - I had unsuccessful connection attempts, the 619 error.

I'm only connecting through the 5.6 server from a single workstation - and I see using iptstate that the 1723 connections made from the workstation out to the remote PPTP server and I see the 2 minute TTL.

The GRE connection looks to have a TTL of 10 minutes though:

Source IP         Destination IP          Proto    State     TTL
{remote-pptp-ip}  {sme5.6u4-external-ip}  gre                0:09:04

so after the failed attempt to connect, I waited 10 mins, tried again, and the connection was successful - now GRE is being forwarded to my workstation! Whee!

G

[Martin Trigg]

I also saw a similar situation to GP, first attempt to connect failed. After waiting 10 minutes I was able to successfully connect. Seemed to be a one off problem.

Charlie, thanks for your continued support of the unsupported developers release

Martin

[Ghislain van der Steen]

I have the same problem, after installing U4 I can only do an outgoing VPN connection once, if I try to connect a second time the connection fails with error
619 (on Windows XP). In U3 everything worked well.

[Ghislain van der Steen]

I've found a solution for failing repeating outgoing pptp connections (Windows error 619), i have compared the content of the following packages "e-smith-ipmasq-1.8.1-01.noarch.rpm" "e-smith-ipmasq-1.8.2-01.noarch.rpm" and found the "10masq_pptp" file missing. After copying the file to the correct folder (/etc/e-smith/templates/etc/rc.d/init.d/masq) and applying the signal-events post-upgrade and reboot everyting is working well again.

[Guck Puppy]

Yeah... but I think the reason that was left out was to implement the workaround of having unreliable PPTP connections in the first place... I believe (need to check search the forum) that Charlie Brady mentioned it was these masq and conntrack modules that were causing the problems in the first place, that's why they took them out.

I'd be very interested to know if you suffer from the problems that were reported about PPTP before U4.

G