Topic: VPN Does it work or not. Will anybody fix it?

[kraz]

Im having the same problems with VPN and indows boxes logging on my 6.0 box as anybody else here.

I have a 5.0 instalation where it's working flawlessly.

Has anybody found a fix for it? Will anybody fix it?

I dont have the money to buy me at hardware VPN systm, so a linux box is my best solution!

Do I really have to revert my system to 5.0? Or change to another linux-distro? Hope not!

[raem]

Well I VPN into a 6.0 server all the time without problems, from Win98 & 2K. I suggest you search these forums on VPN and read all the posts, and examine your setup very carefully. That has to be a setup issue or router issue or even ISP issue.

You don't give near enough information to be able to troubleshoot your problem. Look at the logs and see what they say, the answer will be there somewhere.

Regs
Ray

[kraz_not_logged_in]

I have been looking at older posts, but I see others have the same problem. Is it something with encrypted passwords or?


I try to dial up with my usual username/password.

Then I get a screen wanting me to state it again.

after that I press OK again (not changing it)

After 3 tries I get a 734 error.

At one point I seemed to get logged in, but when registering my computer on the network I was disconnected....


I have followed the guides on this site, but they are made for 5.4 not for 6.0...and if it worked in 5.0 why did it change anyway??

I have a suspicion that it has something to do with my network settings or registering the computer on the network...


Setup is as follows:

INTERNET
   |
ROUTER IP 10.0.0.1
   |
E-Smith 6.0 NETCARD 1 IP 10.0.0.2
E-smith 6.0 NETCARD 2 IP 192.168.0.1 (DHCP)
   |
LOCAL
NETWORK
   |
SERVER, LAN PC's


I want to be able to reach  the server and the internal network.

Do I have to configure something in the
"Local networks" setting?


right now I have

Network     Subnet mask  Number of hosts Router Action

192.168.0.0 255.255.255.0 256

I have the same problem when connecting from the LAN, but not when connecting to our server, that has e-smith 5.0 installed...??


Here is a logfile from the login:


Apr  3 17:01:42 firewall pptpd[4340]: MGR: Launching /usr/sbin/pptpctrl to hand
le client
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: local address = 192.168.0.1
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: remote address = 192.168.0.242
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: pppd speed = 460800
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: pppd options file = /etc/ppp/option
s.pptpd
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Client 212.242.58.222 control conne
ction started
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Received PPTP Control Message (type
: 1)
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Made a START CTRL CONN RPLY packet
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: I wrote 156 bytes to the client.
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Sent packet to client
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Received PPTP Control Message (type
: 7)
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Set parameters to 1525 maxbps, 64 w
indow size
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Made a OUT CALL RPLY packet
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Starting call (launching pppd, open
ing GRE)
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: pty_fd = 5
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: tty_fd = 6
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: I wrote 32 bytes to the client.
Apr  3 17:01:42 firewall pptpd[4341]: CTRL (PPPD Launcher): Connection speed =
460800
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Sent packet to client
Apr  3 17:01:42 firewall pptpd[4341]: CTRL (PPPD Launcher): local address = 192
.168.0.1
Apr  3 17:01:42 firewall pptpd[4341]: CTRL (PPPD Launcher): remote address = 19
2.168.0.242
Apr  3 17:01:42 firewall pppd[4341]: pppd 2.4.2b1 started by root, uid 0
Apr  3 17:01:42 firewall pppd[4341]: Starting negotiation on /dev/pts/0
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Received PPTP Control Message (type
: 15)
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Got a SET LINK INFO packet with sta
ndard ACCMs
Apr  3 17:01:42 firewall pptpd[4340]: GRE: Discarding duplicate packet
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Received PPTP Control Message (type
: 15)
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Ignored a SET LINK INFO packet with
 real ACCMs!
Apr  3 17:01:45 firewall pppd[4341]: CHAP peer authentication failed for lk
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Received PPTP Control Message (type
: 15)
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Got a SET LINK INFO packet with sta
ndard ACCMs
Apr  3 17:01:45 firewall pppd[4341]: Connection terminated.
Apr  3 17:01:45 firewall pppd[4341]: Exit.
Apr  3 17:01:45 firewall pptpd[4340]: GRE: read(fd=5,buffer=804d940,len=8196) f
rom PTY failed: status = -1 error = Input/output error
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: PTY read or GRE write failed (pty,g
re)=(5,6)
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Client 212.242.58.222 control conne
ction finished
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Exiting now
Apr  3 17:01:45 firewall pptpd[3316]: MGR: Reaped child 4340


This doesnt make any sence to me, but maybe some of you can decode it?

[Anonymous]

Forgot to mention  that this is NOT an ISP problem..I have done it ton an win2k machine from outside the network before...

[raem]

You need to setup you router to forward TCP 1723, UDP 500, and protocol 47 to the sme box
see
http://forums.contribs.org/index.php?topic=10768.msg40627#msg40627
for general reference, and quite a few other posts if you care to search say on gre packets or VPN

What Windows OS/update are you using ?

Regs
Ray

[kraz]

Ive done that already... thats whats my problem...the router has been set up allready, and it HAS been working with a win2k pro box that recieved  the calls...now I want my e-smith to do the same...

[kraz]

So..I give up now...I dont have the time for trying to fix this myself...Ill have to go back to e-smit 5.0...It worked on that version...I was happy since this 6.0 version looked good and easy to use. But theres too much trouble with some of the important stuff ... Ill try it again in a while and hopefully somebody will have fixed it then...I cant...just happy that someone does actually fix the errors at some point.....

[raem]

>.....and hopefully somebody will have fixed it then

As far as I know there is no "error" with v6.0 & VPN, although somem users appear to have troubles, it seems more to do with workstation OS and/or router problems.

> I try to dial up with my usual username/password.
> Then I get a screen wanting me to state it again.  

I assume by "dial up" you mean establish the VPN connection ?
You need to log on to your local (Windows) PC with the same username and password as you have on the remote server. You would also establish your VPN login connection with the same username & password.

There have been lots of issues with WinXP VPN connections, you need the correct upgrade applied.
What OS and upgrade version are you using ?

When I upgraded sme some time ago (I think it was from 5.5 to 5.6) the VPN connection settings in Win2K no longer worked, I had to tick the box for
"Require data encryption (disconnect if none)", under the VPN setup Security tab.
It worked fine without that box ticked on earlier versions of sme, but not with v5.6 (and I assume v6.0 also).

If you don't have time to fix your VPN issue, which is not all that big a task, will you have time to rebuild your v5,0 server when it gets hacked (and clean up your data), that version of sme server is way out of date and NOT secure.
If your server gets hacked and someone sets up a open relay, then you'll get your IP blacklisted. How much time do you have to fix that problem ?
You should be running at least v5.6, and if you are going to upgrade to that, then you might as well upgrade to v6.0 to ensure you have a secure server.

Regs
Ray

[wykyd]

I am running the new 6.0.1 and the only prolem I had with VPN is trying to connect with a standard win 2K.
I added service pack 4 and never had a problem again. I can and have VPN into my server from many different machines.

Its not the server that is broken.

You have enabled this in remote connections.

What error are you getting?

[bobk]

So..I give up now...I dont have the time for trying to fix this myself...Ill have to go back to e-smit 5.0...It worked on that version...I was happy since this 6.0 version looked good and easy to use. But theres too much trouble with some of the important stuff ... Ill try it again in a while and hopefully somebody will have fixed it then...I cant...just happy that someone does actually fix the errors at some point.....

I agree with RayMitchell and wykyd, "there is no 'error' with v6.0 & VPN". Setting up vpn can be tedious and requires very close attention to detail. The smallest misconfiguation on the client will cause huge problems. Tripple check your client and both network setups (99% of problems are there, not on SME)! Look closely to see what it actually is, not what you think should be.

Look at this post http://forums.contribs.org/index.php?topic=21205.msg83987#msg83987

[wyron]

Gotcha !!
No, I tend to agree. There is no error in server 6.01-01, only in the minds of people like myself overlooking the basics.
The answer is of course to activate VPN-access for admin first of all (done locally in server-manager -> Users). Then (when you need to access server-manager off-site) let putty create a tunnel from port 980 on the client to port 22 (SSH) on your servers external address.
Only then you can tell your browser to access localhost:980
Simple, once you know the answer !
Silly me !

[dfuchs]

Hi everyone,

Ray -- When you say that you couldn't connect from a win2k machine without checking the "Require Data Encryption" box, what error did you get on the win2k machine?  Was it Error 619?  Actually, did you ever get an Error 619 when you upgraded from 5.5 to 5.6?  And if you can remember, what did you do to fix it?

I'm pretty sure I have things set up correctly according to the many posts on this error (on SME 6.0 and win2k SP4), but I'm still getting an Error 619.  The weird thing is that it was working perfectly for about an hour, and then stopped working.  Nothing was changed in between.  So, I'm just wondering if you did anything specific to deal with an Error 619 at any point in your upgrade.

Thanks!
Dan

[Anonymous]

Sorry don't recall the error messages, just know I had to tick that box to get it to either establish or maintain the VPN connection.

I believe there is a 10 minute timeout period ie if you establish a VPN connection and then it is disconnected for some reason, you will not be able to connect again for 10 minutes (the default timeout setting). I seem to recall reading that it could be adjusted, you would have to search to find that. I think Charlie Brady was giving the answer so search through all his posts and you may find it.

Regs
Ray Mitchell

[dfuchs]

Thanks for the reply.  I don't think it is a timeout issue; it has not worked at all since that initial hour (many weeks), even after rebooting.  Oh well, guess I'm going to have to downgrade.

Thanks anyway,
Dan

[Anonymous]

I agree with RayMitchell and wykyd, "there is no 'error' with v6.0 & VPN". Setting up vpn can be tedious and requires very close attention to detail. The smallest misconfiguation on the client will cause huge problems. Tripple check your client and both network setups (99% of problems are there, not on SME)! Look closely to see what it actually is, not what you think should be.

I don't know what you mean about tedious, you are talking about the pptp vpn right?
ipsec is tedious, but pptp is checking a box in server manager and clicking ok.

I completely disagree that the VPN works in 6x and this is why.
I have been using E-Smith/SME since version 3 something (so long ago I do not remember)
Setting up the VPN consisted of enabling it in server manager and connecting to it. That was it. Worked flawlessly for me.
That is until version 5.6, once I updated 2 different boxes to that version _BOOM_, the VPN don't work no more on either of them. 'Downgrade' to 5.5 and it works perfect. Same exact setup as before, absulutely nothing changed exept the version of E-Smith/SME.
This is still true with 6.x, for me and many others it would seem.
I even installed a new HD in my working SME, put 6.x on it, and the VPN is broken out of the box.
Connect the old HD, boot it up, connect via VPN absolutley no problem.
That would seem to tell me that something changed with regards to VPN in SME since I did not change anything else.

Anyone have an explanation for this problem?

[bobk]

I completely disagree that the VPN works in 6x and this is why.
I have been using E-Smith/SME since version 3 something (so long ago I do not remember)
Setting up the VPN consisted of enabling it in server manager and connecting to it. That was it. Worked flawlessly for me.
That is until version 5.6, once I updated 2 different boxes to that version _BOOM_, the VPN don't work no more on either of them. 'Downgrade' to 5.5 and it works perfect. Same exact setup as before, absulutely nothing changed exept the version of E-Smith/SME.
This is still true with 6.x, for me and many others it would seem.
I even installed a new HD in my working SME, put 6.x on it, and the VPN is broken out of the box.
Connect the old HD, boot it up, connect via VPN absolutley no problem.
That would seem to tell me that something changed with regards to VPN in SME since I did not change anything else.

Anyone have an explanation for this problem?

Explanation - 5.6 & 6.x have tighter rules. They are no longer tolerant of lax configuration.

As I have said several times, I have multiple clients with a mixture of 5.6 and 6.0.1-01 servers using a mixture of W2K Pro & XP Pro workstations. None of them are experiencing any problems using VPN. I travel extensively with an XP Pro laptop and can VPN into my office (SME 5.6 u6), home (SME 6.0.1-01) or any of my clients. I can also VPN from my home or office to any of my clients (from behind an SME to another network with an SME gateway).

If it works for me it will work for you! I suggest that you recheck your set-ups, forget about what worked in the past and concentrate cosely on what the settings should be.

[felipevidal]

Hello all,

I am new to SMEserver and my first post but have a light background in Linux/Unix use.  I had no problems getting a Windows 2000 VPN client to connect to SMEserver when I did the following.  I installed the SMEserver 6.01-01-Custom version onto one of my systems.  After some of the basic setup stuff I created a user with VPN access rights then enabled PPTP by allowing up to 5 users.  I followed the setup for the client described at this site:

Windows 2000 - http://www.domain-logic.com/support/secure_tunnel_w2k.htm
Windows XP - http://www.domain-logic.com/support/secure_tunnel_XP.htm

Using the instructions from that site I did not have any issues connecting.  I have read that on Windows 2000, Service Pack 4 must be installed for it to work as some extra encryption protocols were added then.

I hope this helps.

-felipe

[wykyd]

The only time I have had problems connecting to SME with VPN is when I was connecting with and unpatched win2K client.

I have never had any other problems.

[rswennen]

Hi I have read all how to's but still don't manage to create the certificates for a 6.0 server.

I am trying to create them via remote access to the server-manager though via https.

Can this be the problem ?  Do you have to create them locally or can you do this via remote access or via ssh access ??

Please help.

Rohnny

[jdness]

Well at least I am able to get PPTP working most of the time but I have run into an issue that I have not found an answer for.  I can normally get into pptp just fine with a W2k system.  BUT if for any reason I get dropped or disconnected I can not get back in.  I have tried waiting several days and nothing changes.  If I reboot the server I can get right back in.  As long as I can do a proper disconnect everything seems to be fine.  I don't have all the log messages but if I don't think it tells me much other than I was disconnected.  I have tried different users to see if it just locked out one user but it has stopped all pptp activity until I reboot the sme server.

I have read some comments about a inactivity timeout but that does not seem to be my issue as when it is working I can stay up for days.  But if I get disconnected for any other reason than me doing the disconnect I'm usually hosed.

Anyone got any ideas.  I suspect some type of timer too but I don't have a clue where to look for it.

[bobk]

...If I reboot the server I can get right back in.  As long as I can do a proper disconnect everything seems to be fine.  I don't have all the log messages but if I don't think it tells me much other than I was disconnected.  I have tried different users to see if it just locked out one user but it has stopped all pptp activity until I reboot the sme server...

Most likely the pptpd service is getting hung up. Instead of rebooting the server try this from console.
 

Code: [Select]

# service pptpd restart

[boringgit]

I can still only connect a VPN as the admin user.

Quite frustrating as it means I have to share my admin password with my directors who need VPN access, and of course only one of them/us can connect at one time...

[bobk]

I can still only connect a VPN as the admin user.

Quite frustrating as it means I have to share my admin password with my directors who need VPN access, and of course only one of them/us can connect at one time...

Have you authorized VPN Client Access in the Users panel under Collaboration in the Server Manager? You need to do this for each user that you want to grant VPN access.

[Anonymous]

Having read several of the posts concerning VPN and E-Smith/SME I thought I would add my 2 bits to the discussion.
I, like one of the other posters, have never had a single problem with the VPN functionality in E-Smith/SME. Currently we use 6.0 and it works fine and seems faster than older versions.
There are a few tricks and gotchas I have picked up along the way that may be of help to some of you.

1. Not all versions of Windows are alike when it comes to VPN access. WinXP works "out of the box", other versions do not. You must download all the patchs pertaining to dialup networking to make the MS VPN client work at 128 bit encryption. Without that you will not connect as the Linux implementation demands that level of security.

2. On your E-Smith/SME server you must enable DHCP for whatever limited range of IPs you wish to be available to your VPN client(s). If you have another DHCP server on your internal network you can disable DHCP on your E-Smith/SME server but only after you have first enabled it for some range of addresses. This will still allow your clients to recieve an IP address when they connect even though the E-Smith/SME server is not providing your internal workstations with addresses. I haven't confirmed this next part but I would assume that whatever range you set the E-Smith/SME server to should not be allowed to conflict with an already functioning DHCP server on your network.

3. Your internal IP range cannot be the same as the internal IP range of the connecting VPN client. For instance if you are using 192.168.1.X as your workstation IP address assignments, your VPN client cannot be using that same range internally on their end. If that is the case they will connect but be unable to route to anything on your end. Make sure both sides are different.

4. Firewalls can play havoc with the connection. Some firewalls will work perfectly, others will need tweaking. For instance the Sonicwall we use where I work works fine but my Linksys tends to not work all that well. I believe it has to do with the 2 ports required (1723 and 47) and how the firewall handles GRE. Perhaps someone with more knowledge about this aspect than I have could step in here and explain this issue further.

To close, as long as the above guidelines are followed I have not seen a single problem with the VPN connectivity in E-Smith/SME in any version.
Hope that helps anyone who is having problems.

[boringgit]

Hiya,

Thanks for the replys  

What I do find odd is that connecting as admin works perfectly. I can browse the network, connect to servers inside my network etc. etc.

Anything other than admin - no go...

Looking in /var/log/messages I see the usual VPN connection messages, followed by

"CHAP peer authentication failed for USER" Where username is the user I am trying to log in as  

Looking about on the 'net it looks as if this is a shared secret problem - Certificates and the like were only used on the IPsec VPN provided by servicelink I thought?

[bobk]

...What I do find odd is that connecting as admin works perfectly. I can browse the network, connect to servers inside my network etc. etc.

Anything other than admin - no go...

Looking in /var/log/messages I see the usual VPN connection messages, followed by

"CHAP peer authentication failed for USER" Where username is the user I am trying to log in as  
...

Check your Client Login username & password settings:
1. You must logon to your local (Windows) PC with the same username and password as your account on the remote SME VPN server.
2. If you are connecting to a SME 6.x server - This user account must have VPN Client Access set to YES in the Server Manager User Panel.
3. You must establish your VPN login connection with the same username & password.

[wykyd]

1. You must logon to your local (Windows) PC with the same username and password as your account on the remote SME VPN server.

I don't log onto my work machine with the same accounts that I log into remotely. I type in the User and Password for the connection. Never had a problem so far.

[Anonymous]

One thing i forget was to increase the number of PPTP connections allowed in the server-manager pages!

I still can't connect to home from work, but i think  it might be the work firewall blocking the connection. Is there someway to see if my request is getting to the SME server? Perhaps looking in one of the log files? I just don't know which one.

Phil

[guest]

I have setup VPN on both 6.03b and 6.0.01 custonm vpn services using DSL @ both ends and have not had a bit of trouble !!!!!


Maybe its a PEBCAC Error......
Possible error between computer and chair!!!!


digout the dummy's BOOKS!!!!!

[stancol]

I had a problem with VPN on 6.0.1 and ran around and around looking for it. Found it right under my nose (some times it's the simply things that get you the most). Typing "service pptpd status" yeiled not running. Boy it's hard to trouble shoot VPN connections when the VPN service isn't running.

To fix it I'll I had to do was "service pptpd start".

Not sure this is a bug yet so I'm not going to post it as such yet. It appears that pptpd doesn't start on reboot. At least it doesn't on my machine. I've tried changing the number of users and saving the config from the server-manager but it doesn't seem to add it to any of the rc.d files. (Maybe I'm looking in the wrong place.) It might be a conflict between one of my contribs and pptpd.

I even had it stop one time with out rebooting the server. I did add another contrib at the time it stopped. However I add several and didn't notice that pptpd had stopped so I couldn't begin to tell you after which contrib it stopped.

Would be nice if someone could tell me how to either add it to the startup or tell me how to check for it.

[Medimo]

For me PPTP worked out of the box, using 5.5, 5.6 and 6.0 using all kinds of windows clients.

The only thing is that sometimes the VPN-connection is broken and new connections are refused for a certain amount of time.

grz,

Richard.

[jonnybb1]

Below is a snippet of the log file. I can no longer connect o this SME box with SME 603beta. It worked fine before. Any help would be appreciated. The error on the client side is 619. I get as far as the login session, then it errors out to error 619...Jonnybb1


******************************
Apr 26 14:00:00 skyline01 kernel: st0: Error with sense data: Current st09:00: sense key Illegal Request
Apr 26 14:00:00 skyline01 kernel: Additional sense indicates Invalid command operation code
Apr 26 18:05:50 skyline01 pptpd[18806]: MGR: Launching /usr/sbin/pptpctrl to handle client
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: local address = 192.168.0.2
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: remote address = 192.168.0.197
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: pppd speed = 460800
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: pppd options file = /etc/ppp/options.pptpd
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: Client 68.15.31.221 control connection started
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: Received PPTP Control Message (type: 1)
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: Made a START CTRL CONN RPLY packet
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: I wrote 156 bytes to the client.
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: Sent packet to client
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: Received PPTP Control Message (type: 7)
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: Set parameters to 1525 maxbps, 64 window size
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: Made a OUT CALL RPLY packet
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: Starting call (launching pppd, opening GRE)
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: pty_fd = 5
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: tty_fd = 6
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: I wrote 32 bytes to the client.
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: Sent packet to client
Apr 26 18:05:50 skyline01 pptpd[18807]: CTRL (PPPD Launcher): Connection speed = 460800
Apr 26 18:05:50 skyline01 pptpd[18807]: CTRL (PPPD Launcher): local address = 192.168.0.2
Apr 26 18:05:50 skyline01 pptpd[18807]: CTRL (PPPD Launcher): remote address = 192.168.0.197
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: Received PPTP Control Message (type: 15)
Apr 26 18:05:50 skyline01 pptpd[18806]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Apr 26 18:05:50 skyline01 pppd[18807]: pppd 2.4.2b1 started by root, uid 0
Apr 26 18:05:50 skyline01 pppd[18807]: Starting negotiation on /dev/pts/0
Apr 26 18:06:20 skyline01 pppd[18807]: LCP: timeout sending Config-Requests
Apr 26 18:06:20 skyline01 pppd[18807]: Connection terminated.
Apr 26 18:06:20 skyline01 pppd[18807]: Exit.
Apr 26 18:06:20 skyline01 pptpd[18806]: GRE: read(fd=5,buffer=804d940,len=8196) from PTY failed: status = -1 error = Input/output error
Apr 26 18:06:20 skyline01 pptpd[18806]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
Apr 26 18:06:20 skyline01 pptpd[18806]: CTRL: Client 68.15.31.221 control connection finished
Apr 26 18:06:20 skyline01 pptpd[18806]: CTRL: Exiting now
Apr 26 18:06:20 skyline01 pptpd[2000]: MGR: Reaped child 18806

[kmccarn]

Well - thaks to the post from

felipevida

All my Errors are gone.

[Anonymous]

I have setup VPN on both 6.03b and 6.0.01 custonm vpn services using DSL @ both ends and have not had a bit of trouble !!!!!


Maybe its a PEBCAC Error......
Possible error between computer and chair!!!!


digout the dummy's BOOKS!!!!!

[Mark R]

I have the same problem with VPN... i've set everything i believe i should set...

1 set account to VPN
2 forwarded port 1723 on router to SME
3 forwarded port 1723 on router to the client

and still no joy....

maybe PEBCAC error.... but who knows

[PhilV]

and....

4) Enabled Max PPTP connections to be a number greater than 0

????

Easy to forget that one!

Phil

[Mark R]

Yep.... done that one....

[MSmith]

If you can do that, the SME box's external interface will be directly exposed to the Internet (as is intended, and provided for) and you won't have to worry about forwarding any ports.  Your router might also have a "DMZ" setting, as it's called in some Linksys routers, that also directly exposes a certain IP address to the Internet.

[harro]

Plus:

5) nat create protocol=47 inside_addr=10.0.0.xxx outside_addr=0

?

[mbachmann]

Your router might also have a "DMZ" setting, as it's called in some Linksys routers, that also directly exposes a certain IP address to the Internet.

Just as a remark for nitpickers like me: What most routers are calling DMZ ist NOT DMZ. It is called what you've mentioned: exposed host.

[Mark R]

Aaaaarrrrgggghhhh still not working..

tried everything and still no luck

Lan (192.168.0.1)
.  |
SME/VPN server (192.168.1.1) set user to VPN, set client to 2
.  |
Router (bla.bla.bla.bla) forwarded ports 1723, 500, 47
.  |
  NET
.  |
client router (bla.bla.bla.bla) forward ports 1723, 500, 47
.  |
client (10.0.0.2) win2k sp4


does SME have to be in server mode ONLY??? as i am running in server/gateway mode

please find below my log
Jun 22 18:03:31 reygateway pptpd[7663]: MGR: Launching /usr/sbin/pptpctrl to handle client
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: local address = 192.168.0.5
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: remote address = 192.168.0.109
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: pppd speed = 460800
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: pppd options file = /etc/ppp/options.pptpd
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: Client 81.168.35.196 control connection started
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: Received PPTP Control Message (type: 1)
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: Made a START CTRL CONN RPLY packet
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: I wrote 156 bytes to the client.
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: Sent packet to client
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: Received PPTP Control Message (type: 7)
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: Set parameters to 1525 maxbps, 64 window size
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: Made a OUT CALL RPLY packet
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: Starting call (launching pppd, opening GRE)
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: pty_fd = 5
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: tty_fd = 6
Jun 22 18:03:31 reygateway pptpd[7664]: CTRL (PPPD Launcher): Connection speed = 460800
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: I wrote 32 bytes to the client.
Jun 22 18:03:31 reygateway pptpd[7664]: CTRL (PPPD Launcher): local address = 192.168.0.5
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: Sent packet to client
Jun 22 18:03:31 reygateway pptpd[7664]: CTRL (PPPD Launcher): remote address = 192.168.0.109
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: Received PPTP Control Message (type: 15)
Jun 22 18:03:31 reygateway pppd[7664]: pppd 2.4.2b1 started by root, uid 0
Jun 22 18:03:31 reygateway pptpd[7663]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Jun 22 18:03:31 reygateway pppd[7664]: Starting negotiation on /dev/pts/0
Jun 22 18:03:32 reygateway pptpd[7663]: GRE: Discarding duplicate packet
Jun 22 18:04:02 reygateway pppd[7664]: LCP: timeout sending Config-Requests
Jun 22 18:04:02 reygateway pppd[7664]: Connection terminated.
Jun 22 18:04:02 reygateway pppd[7664]: Exit.
Jun 22 18:04:02 reygateway pptpd[7663]: GRE: read(fd=5,buffer=804d940,len=8196) from PTY failed: status = -1 error = Input/output error
Jun 22 18:04:02 reygateway pptpd[7663]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
Jun 22 18:04:02 reygateway pptpd[7663]: CTRL: Client 81.168.35.196 control connection finished
Jun 22 18:04:02 reygateway pptpd[7663]: CTRL: Exiting now
Jun 22 18:04:02 reygateway pptpd[4833]: MGR: Reaped child 7663

I hope someone can help.

thanks mark

[Bugi]

Saw that this morning. I've said it before....for all you want to talk about United and their international profile http://download-games.b0x.com/, they really seem to do business the right way. I'm interested to see just how much Kenyon had to do with these results, so next year will be interesting.

[crazybob]

See the message below. It is about the post above this one

Bob

[crazybob]

DO NOT click on the above link. My Avast antivirus software caught it as a virus

Bob

[Anonymous]

Try this for a quick workaround:

/etc/rc.d/init.d/masq restart

I had something similar with 6.0.1-01. All over sudden it started working again after restarting Masq.

Rgards,
Peter