Topic: Cannot connect SME Server 7 via VPN by PPTP

[foxof]

Dear,

I am new comer on SME, I installed and try VPN by PPTP in external PC (Win XPP).

After userid and password checked, it come out an error, as below:
"Error 734: The PPP link control protocol was terminated"

May any one can help me on this issue?


Thanks & regards,
Fox

[mmccarn]

Where to start?  PPTP is a relatively complicated protocol...

In order to create a PPTP connection from a remote Windows XP computer to a SME server you must both of the following open on all routers or firewalls your traffic passes through between the Windows XP workstation and the SME server:
1. TCP Port 1723 (used for link establishment & login)
2. IP Protocol 47 (GRE) (used for data traffic after login)

If there is anything blocking the protocol 47 traffic (note: this is NOT "TCP Port 47"!) then you get a good-looking login sequence followed by an error.

Locating exactly what is blocking your protocol 47 traffic can be quite tricky.  I've seen it blocked by:
1. Home routers that say they support "PPTP Pass-Thru", but that need firmware upgrades before it really works.
2. Enterprise firewalls that specifically intend to block PPTP connections
3. ISPs who block it for unstated reasons
4. Personal firewalls like Norton Internet Security or Windows Live OneCare.

Here's a link to another post on VPNs: http://forums.contribs.org/index.php?topic=32030.0

If your SME is configured correctly you should be able to establish a PPTP connection to it internally - try that, then try multiple remote sites.

If your server is not directly connected to the Internet, you'll have to find out how to route incoming protocol 47 traffic to it through your router...

[foxof]

Dear Mmccarn,

Thank you for your reply

My SME is directly connect to internet thur ADSL modem, it also take part on DHCP and NAT.

Since I also concerned about the firewall issue, so I try the VPN connect in local LAN, but still fail with the same error 734. I think it may not be the firewall issue since as I try the wrong userid with password, the error code changed (so I think there is connection between client and SME).

So I think it may be the setting issue instead. Is there any hints on it? Or where can I find the LOG of my problem.

Thank you.
Fox

[mmccarn]

You could still have a firewall issue - if port 1723 is open but protocol 47 is blocked the client will connect and authenticate, then the connection fails.

I also found this note on Microsoft's website:
http://support.microsoft.com/default.aspx?scid=kb;en-us;310431&Product=winxp

And this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;318718

[CharlieBrady]

You could still have a firewall issue - if port 1723 is open but protocol 47 is blocked the client will connect and authenticate, then the connection fails.

That's not fully correct. If protocol 47 is blocked, the client will not be able to authenticate, nor be able to negotiate encryption and IP address parameters.

[ldkeen]

Did you go into the server manager and both turn on vpn and also select which users will have access to the vpn server?
Could you post the relevant section from /var/log/messages. It might give a better description of why the connection is failing. The error should look similar to the one below:

rcvd [LCP ConfReq id=0x1 <magic 0xdeadbeef> <pcomp> <accomp>
<callback CBCP> <mrru 1614> <endpoint [local:xx.xx.xx.xx.xx.xx.xx.xx.xx]>]
sent [LCP ConfRej id=0x1 <pcomp> <accomp> <mrru 1614>]
sent [CHAP Challenge id=0x1 <xxxxxxxxxxxxxxx>, name = "LinuxVPNserver"]
rcvd [CHAP Response id=0x1 <xxxxxxxxxxxxxx>, name = "jacco"]
sent [CHAP Success id=0x1 "Welcome to LinuxVPNserver."]
sent [IPCP ConfReq id=0x1 <addr 192.168.1.128>]
CHAP peer authentication succeeded for jacco
sent [IPCP ConfReq id=0x1 <addr 192.168.1.128>]
IPCP: timeout sending Config-Requests

Regards Lloyd

[foxof]

Did you go into the server manager and both turn on vpn and also select which users will have access to the vpn server?
Could you post the relevant section from /var/log/messages. It might give a better description of why the connection is failing. The error should look similar to the one below:

rcvd [LCP ConfReq id=0x1 <magic 0xdeadbeef> <pcomp> <accomp>
<callback CBCP> <mrru 1614> <endpoint [local:xx.xx.xx.xx.xx.xx.xx.xx.xx]>]
sent [LCP ConfRej id=0x1 <pcomp> <accomp> <mrru 1614>]
sent [CHAP Challenge id=0x1 <xxxxxxxxxxxxxxx>, name = "LinuxVPNserver"]
rcvd [CHAP Response id=0x1 <xxxxxxxxxxxxxx>, name = "jacco"]
sent [CHAP Success id=0x1 "Welcome to LinuxVPNserver."]
sent [IPCP ConfReq id=0x1 <addr 192.168.1.128>]
CHAP peer authentication succeeded for jacco
sent [IPCP ConfReq id=0x1 <addr 192.168.1.128>]
IPCP: timeout sending Config-Requests

Regards Lloyd

Thank you ldkeen

This is the message content:

Aug 28 19:38:13 sme pptpd[30813]: CTRL: Client 192.168.1.198 control connection started
Aug 28 19:38:13 sme pptpd[30813]: CTRL: Starting call (launching pppd, opening GRE)
Aug 28 19:38:13 sme pppd[30814]: Plugin radius.so loaded.
Aug 28 19:38:13 sme pppd[30814]: RADIUS plugin initialized.
Aug 28 19:38:13 sme pppd[30814]: pppd 2.4.3 started by root, uid 0
Aug 28 19:38:13 sme kernel: divert: not allocating divert_blk for non-ethernet device ppp1
Aug 28 19:38:14 sme pppd[30814]: Using interface ppp1
Aug 28 19:38:14 sme pppd[30814]: Connect: ppp1 <--> /dev/pts/1
Aug 28 19:38:14 sme pptpd[30813]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Aug 28 19:38:14 sme pppd[30814]: MPPE required, but kernel has no support.
Aug 28 19:38:14 sme pppd[30814]: Connection terminated.
Aug 28 19:38:14 sme pppd[30814]: Connect time 0.1 minutes.
Aug 28 19:38:14 sme pppd[30814]: Sent 0 bytes, received 44 bytes.
Aug 28 19:38:14 sme kernel: divert: no divert_blk to free, ppp1 not ethernet
Aug 28 19:38:14 sme pptpd[30813]: CTRL: Reaping child PPP[30814]
Aug 28 19:38:14 sme pppd[30814]: Exit.
Aug 28 19:38:14 sme pptpd[30813]: CTRL: Client 192.168.1.198 control connection finished


This test is play at Local Area Network, thanks a lot

[ldkeen]

From the bug tracker, specifically http://bugs.contribs.org/show_bug.cgi?id=1595

> MPPE required, but kernel has no support

That means you have a kernel which doesn't match the pptp encryption modules.
Duplicate of bug 740. Boot the correct kernel and it will work.

What kernel are you running, you can tell by doing the following:

Code: [Select]

uname -r
Also what is the output of:

Code: [Select]

rpm -qa |grep ppp
Regards
Lloyd

[foxof]

Code: [Select]

uname -r
Also what is the output of:

Code: [Select]

rpm -qa |grep ppp
Regards
Lloyd

Dear Idkeen,

It is the results:

[root@sme ~]# uname -r
2.6.9-34.EL

[root@sme ~]# rpm -qa |grep ppp
kernel-module-ppp-1.0.2-2_2.6.9_34.0.2.EL
ppp-2.4.3-7.rhel4.1
rp-pppoe-3.5-22
kernel-smp-module-ppp-1.0.2-2_2.6.9_34.0.2.EL

I'd the yum update and have not reboot the system yet.

Is it cause any problem on it? I think I should change to kernal 2.6.9-34.02.EL


Thank you.
Fox

[JonB]

So you didn't follow the instructions after doing the yum update i.e

signal-event post-upgrade
signal-event reboot

You need to do this.

Jon

[jatan]

Hi.
I have the exact same problem.
I have done the signal-event post-upgrade and signal-event reboot, but only after a power failure a day later.

I still get:

uname -r:
2.6.9-34.ELsmp


rpm -qa |grep ppp:
kernel-module-ppp-1.0.2-2_2.6.9_34.0.2.EL
kernel-smp-module-ppp-1.0.2-2_2.6.9_34.0.2.EL
ppp-2.4.3-7.rhel4.1
rp-pppoe-3.5-22

Do you have any other suggestions please?

[JonB]

Reboot the server.
Press the space bar when you get the Tux splash screen and choose the correct kernel.

Jon

[foxof]

Dear All,

Reported:
After reboot the SME system, now the VPN tunnel can be built in local area network, and need to play another test at external netwrok on tomorrow.

Now when I ran the below comment, result change

Before:
2.6.9-34.ELsmp
After:
2.6.9-34.0.2ELsmp

Before / After:
kernel-module-ppp-1.0.2-2_2.6.9_34.0.2.EL
kernel-smp-module-ppp-1.0.2-2_2.6.9_34.0.2.EL

After kernal change, now VPN at internal network work  ^_^

Thank you all brother

[jatan]

It does not work for me.

Boot menu only has options for 2.6.9-34.EL / smp kernels.

grub.conf shows the following:

default=2
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.9-34.0.2.EL)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-34.0.2.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-34.0.2.EL.img
title CentOS (2.6.9-34.0.2.ELsmp)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-34.0.2.ELsmp ro root=/dev/main/root
        initrd /initrd-2.6.9-34.0.2.ELsmp.img
title SME Server (2.6.9-34.ELsmp)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-34.ELsmp ro root=/dev/main/root
        initrd /initrd-2.6.9-34.ELsmp.img
title SME Server-up (2.6.9-34.EL)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-34.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-34.EL.img

and all the mentioned files are in the /boot dir.

If I manually edit the boot loader lines during startup and change:

title SME Server-up (2.6.9-34.EL)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-34.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-34.EL.img
to

        kernel /vmlinuz-2.6.9-34.0.2.EL ro root=/dev/main/root
        initrd /initrd-2.6.9-34.0.2.EL.img

and choose to boot I get an error " file does not exist" or something...

Any suggestions will be appreciated. Thanks

[ldkeen]

and choose to boot I get an error " file does not exist" or something...

Any suggestions will be appreciated

Have you tried running yum upgrade again??
Lloyd

[jatan]

Yes, yum upgrade:
No new rpms were installed. No additional commands are required.

 /boot does contain the following also:

config-2.6.9-34.0.2.EL
initrd-2.6.9-34.0.2.EL.img
System.map-2.6.9-34.0.2.EL
vmlinuz-2.6.9-34.0.2.ELsmp
config-2.6.9-34.0.2.ELsmp
config-2.6.9-34.0.2.ELsmp
initrd-2.6.9-34.0.2.ELsmp.img
System.map-2.6.9-34.0.2.ELsmp

why I can't boot them I don't know ...

[foxof]

Yes, yum upgrade:
No new rpms were installed. No additional commands are required.

 /boot does contain the following also:

config-2.6.9-34.0.2.EL
initrd-2.6.9-34.0.2.EL.img
System.map-2.6.9-34.0.2.EL
vmlinuz-2.6.9-34.0.2.ELsmp
config-2.6.9-34.0.2.ELsmp
config-2.6.9-34.0.2.ELsmp
initrd-2.6.9-34.0.2.ELsmp.img
System.map-2.6.9-34.0.2.ELsmp

why I can't boot them I don't know ...

Sorry Jatan, I think you problem may be something about kernal upgrade that I am no experience on it.

But my problem is solved, i can built the VPN tunnel at outside network and local network

[Ness]

I have a similar problem trying to remote access a SME 7.0 unit from an XP Client on my SME 6.0.1 system.

Note: I'm not using a dial-up connection for this!

Initially the VPN session stopped at XP's "Verifying username and password" messagebox. After the timeout, I get an XP Error 721

A day later, all was well with no changes to settings.

If I'm looking at th eright log file entries, it shows this for the successful connection:

Code: [Select]


Sep  4 13:06:05 jaws pptpd[9763]: CTRL: Client [MY.WAN.IP.ADD] control connection started
Sep  4 13:06:05 jaws pptpd[9763]: CTRL: Starting call (launching pppd, opening GRE)
Sep  4 13:06:05 jaws pppd[9764]: Plugin radius.so loaded.
Sep  4 13:06:05 jaws pppd[9764]: RADIUS plugin initialized.
Sep  4 13:06:05 jaws pppd[9764]: pppd 2.4.3 started by root, uid 0
Sep  4 13:06:05 jaws kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Sep  4 13:06:05 jaws pppd[9764]: Using interface ppp0
Sep  4 13:06:05 jaws pppd[9764]: Connect: ppp0 <--> /dev/pts/0
Sep  4 13:06:05 jaws pptpd[9763]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Sep  4 13:06:05 jaws pppd[9764]: MPPE 128-bit stateless compression enabled
Sep  4 13:06:07 jaws pppd[9764]: found interface eth0 for proxy arp
Sep  4 13:06:07 jaws pppd[9764]: local  IP address 192.168.0.1
Sep  4 13:06:07 jaws pppd[9764]: remote IP address 192.168.0.95
Sep  4 13:06:07 jaws esmith::event[9788]: Processing event: ip-up.pptpd ppp0 /dev/pts/0 460800 192.168.0.1 192.168.0.95 pptpd
Sep  4 13:06:07 jaws esmith::event[9788]: Running event handler: /etc/e-smith/events/actions/generic_template_expand
Sep  4 13:06:07 jaws esmith::event[9788]: expanding /etc/rc.d/init.d/masq  
Sep  4 13:06:07 jaws esmith::event[9788]: generic_template_expand=action|Event|ip-up.pptpd|Action|generic_template_expand|Start|1157371567 472620|End|1157371567 869071|Elapsed|0.396451
Sep  4 13:06:07 jaws esmith::event[9788]: Running event handler: /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access
Sep  4 13:06:08 jaws /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access[9791]: /home/e-smith/db/configuration: OLD pptpd=service|Interfaces||TCPPort|1723|access|public|sessions|5|status|enabled
Sep  4 13:06:08 jaws /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access[9791]: /home/e-smith/db/configuration: NEW pptpd=service|Interfaces|ppp0|TCPPort|1723|access|public|sessions|5|status|enabled
Sep  4 13:06:08 jaws esmith::event[9788]: S70pptp-interface-access=action|Event|ip-up.pptpd|Action|S70pptp-interface-access|Start|1157371567 869395|End|1157371568 25250|Elapsed|0.155855
Sep  4 13:06:08 jaws esmith::event[9788]: Running event handler: /etc/e-smith/events/actions/adjust-services
Sep  4 13:06:08 jaws esmith::event[9788]: adjusting non-supervised masq (adjust)  
Sep  4 13:06:08 jaws esmith::event[9788]: adjust-services=action|Event|ip-up.pptpd|Action|adjust-services|Start|1157371568 25616|End|1157371568 663181|Elapsed|0.637565
Sep  4 13:07:11 jaws pppd[9764]: LCP terminated by peer (\M-|jz^@<M-Mt^@^@^@^@)
Sep  4 13:07:11 jaws pppd[9764]: Connect time 1.1 minutes.
Sep  4 13:07:11 jaws pppd[9764]: Sent 1450 bytes, received 8179 bytes.
Sep  4 13:07:11 jaws pptpd[9763]: CTRL: Reaping child PPP[9764]
Sep  4 13:07:11 jaws pppd[9764]: Modem hangup
Sep  4 13:07:11 jaws pppd[9764]: Connection terminated.


Two days on and now its back to the same XP message box, again after the timeout, I get an XP Error 721

Looking at the var/logs/messages at the time of the failure I see the following

Code: [Select]


Sep  5 08:41:38 jaws pptpd[3673]: MGR: No free connection slots or IPs - no more clients can connect!
Sep  5 08:41:38 jaws pptpd[4601]: CTRL: Client [MY.WAN.IP.ADD] control connection started
Sep  5 08:41:38 jaws pptpd[4601]: CTRL: Starting call (launching pppd, opening GRE)
Sep  5 08:41:38 jaws pppd[4602]: Plugin radius.so loaded.
Sep  5 08:41:38 jaws pppd[4602]: RADIUS plugin initialized.
Sep  5 08:41:38 jaws pppd[4602]: pppd 2.4.3 started by root, uid 0
Sep  5 08:41:38 jaws kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Sep  5 08:41:38 jaws pppd[4602]: Using interface ppp0
Sep  5 08:41:38 jaws pppd[4602]: Connect: ppp0 <--> /dev/pts/0
Sep  5 08:42:08 jaws pppd[4602]: LCP: timeout sending Config-Requests
Sep  5 08:42:15 jaws pppd[4602]: Modem hangup
Sep  5 08:42:15 jaws pptpd[4601]: CTRL: Reaping child PPP[4602]
Sep  5 08:42:15 jaws pppd[4602]: Failed to open /dev/pts/0: No such file or directory
Sep  5 08:42:15 jaws pppd[4602]: tcflush failed: Bad file descriptor
Sep  5 08:42:15 jaws kernel: divert: no divert_blk to free, ppp0 not ethernet
Sep  5 08:42:15 jaws pppd[4602]: Exit.
Sep  5 08:42:15 jaws pptpd[4601]: CTRL: Client [MY.WAN.IP.ADD] control connection finished


I changed the number of clients to 2 and retried:

Code: [Select]


Sep  5 08:52:42 jaws pptpd[5030]: CTRL: Client [MY.WAN.IP.ADD] control connection started
Sep  5 08:52:42 jaws pptpd[5030]: CTRL: Starting call (launching pppd, opening GRE)
Sep  5 08:52:42 jaws pppd[5031]: Plugin radius.so loaded.
Sep  5 08:52:42 jaws pppd[5031]: RADIUS plugin initialized.
Sep  5 08:52:42 jaws pppd[5031]: pppd 2.4.3 started by root, uid 0
Sep  5 08:52:42 jaws kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Sep  5 08:52:42 jaws pppd[5031]: Using interface ppp0
Sep  5 08:52:42 jaws pppd[5031]: Connect: ppp0 <--> /dev/pts/0
Sep  5 08:53:12 jaws pppd[5031]: LCP: timeout sending Config-Requests
Sep  5 08:53:20 jaws pppd[5031]: Modem hangup
Sep  5 08:53:20 jaws pptpd[5030]: CTRL: Reaping child PPP[5031]
Sep  5 08:53:20 jaws pppd[5031]: Failed to open /dev/pts/0: No such file or directory
Sep  5 08:53:20 jaws pppd[5031]: tcflush failed: Bad file descriptor
Sep  5 08:53:20 jaws kernel: divert: no divert_blk to free, ppp0 not ethernet
Sep  5 08:53:20 jaws pppd[5031]: Exit.
Sep  5 08:53:20 jaws pptpd[5030]: CTRL: Client [MY.WAN.IP.ADD] control connection finished


The only change to the server since install is the addition of AWSTATS.

Can anyone shed light on this.

I'm worried about the error messages about "Bad File Descriptor", but don't know what relevance this has.

Chris