Topic: pptp vpn problem

[crusader]

I have a strange problem.
I updated my sme 6.5 system to the 7.0 final release. After that I can't dial in over pptp vpn access anymore. I've searched my logs for some problems and found this:

MPPE is needed in kernel for pptp connection. This kernel does not support MPPE.

I've checked the kernel version which is 2.6.9-34-EL
could it be that this kernel really lags MPPE support?
Does anyone else have this problem?

[byte]

MPPE is needed in kernel for pptp connection. This kernel does not support MPPE.

It's because you are booting from the incorrect kernel, depending on which smeupdates you have you will need to reboot and select the correct kernel.

[crusader]

Which would be?

[byte]

Which would be?

You tell us! In other words what kernels have you got as you may have not done the latest updates, check the grub menu

[crusader]

title CentOS (2.6.9-42.0.2.ELsmp)
title CentOS (2.6.9-42.0.2.EL)
title CentOS (2.6.9-34.0.2.EL)
title CentOS (2.6.9-34.0.2.ELsmp)
title SME Server (2.6.9-34.ELsmp)
title SME Server-up (2.6.9-34.EL)

These are the kernes within grub.conf

[byte]

title CentOS (2.6.9-42.0.2.ELsmp)
title CentOS (2.6.9-42.0.2.EL)

Ok depending on if you have single CPU or two CPU's you would need to use one of those, for example if you have P4 3.0ghz w/HT then its likey to be .SMP kernel if it's a celeron/amd duron then you would use the .EL kernel

[crusader]

Ok, and why does the 2.6.9-34 version not support  mppe?
Was this a bug or intention?

[byte]

Ok, and why does the 2.6.9-34 version not support  mppe?

As far as I believe its because we upgraded the kernel version so only the latest kernel version is supplied with pptp option, not actually sure why the older kernel version would not have support, its probably because it would mean keeping up2date kernel versions rather than just building one set of pptp support.

[crusader]

Ok, thank you for your help, I will try the new kernel. We will see if it works.

[cljunkie]

My server also no longers support VPN running kernel 2.6.9-34. When I try kernels

title CentOS (2.6.9-42.0.2.ELsmp)
title CentOS (2.6.9-42.0.2.EL)

Naturally the non EL locks up, as it should, but so does the EL.smp. I fear the my multi-CPU hardware may not work with the newer kernel(s) as far as VPN goes.

So I am waiting for a new kernel and trying to come up with a work-around. My office must have VPN. I'm not really interested in setting up another router and having a 'server-only' for an office of less than 10.

I did check the bugtracker but the only open item doesn't quite fit my situation.

Ideas?

Thanks,

CLjunkie

[pfloor]

Here is why ppp with the older kernels may not work any more:

When an upgdate is performed, yum "Installs" the newer kernel and leaves the old ones there in case the newer kernel fails.  If that happens, you can re-boot and select an older kernel.  This is done so that your machine isn't left broken by a kernel update.

However, upon an update the kernel-modules are updated and the older modules are removed.  This is appearantly causing problems for those that need to revert to an older kernel as the corrisponding modules will be missing and things like ppp will fail.

I am going to raise a bug to see if the older modules can be left in place along with the older kernels.

[p-jones]

I have two PIII-600Mhz server-gateways both booting  CentOS 2.6.9-42.0.2.EL kernel and both have lost the pptp with the same error as reported in this post.

I have not investigated this in depth as yet but I believe both occured at some point when doing a YUM update and the upstream proxy error (reported elsewhere) occured.

I will take this to the bug tracker if warranted when I have had a closer look at the issue.

[pfloor]

I have two PIII-600Mhz server-gateways both booting  CentOS 2.6.9-42.0.2.EL kernel and both have lost the pptp with the same error as reported in this post.

I have not investigated this in depth as yet but I believe both occured at some point when doing a YUM update and the upstream proxy error (reported elsewhere) occured.

I will take this to the bug tracker if warranted when I have had a closer look at the issue.

Possibly your kernel got updated but not the modules.  What do you get with:

# rpm -qa kernel*

also post output of:

# rpm -qa *yum*

[p-jones]

[root@vserver1 ~]# rpm -qa *yum*
yum-2.4.3-1.c4
smeserver-yum-1.2.0-25.el4.sme
yum-plugin-fastestmirror-0.2.4-3.c4


[root@vserver1 ~]# rpm -qa kernel*
kernel-smp-module-ppp-1.0.2-2_2.6.9_42.0.2.EL
kernel-2.6.9-34.EL
kernel-module-ppp-1.0.2-2_2.6.9_42.0.2.EL
kernel-smp-2.6.9-34.0.2.EL
kernel-2.6.9-34.0.2.EL
kernel-smp-2.6.9-42.0.2.EL
kernel-2.6.9-42.0.3.EL
kernel-utils-2.4-13.1.83
kernel-module-appletalk-1.0-1_2.6.9_42.0.2.EL
kernel-smp-2.6.9-34.EL
kernel-smp-module-slip-1.0-1_2.6.9_42.0.2.EL
kernel-module-slip-1.0-1_2.6.9_42.0.2.EL
kernel-smp-module-appletalk-1.0-1_2.6.9_42.0.2.EL
kernel-smp-2.6.9-42.0.3.EL

[byte]

I have two PIII-600Mhz server-gateways both booting  CentOS 2.6.9-42.0.2.EL kernel and both have lost the pptp with the same error as reported in this post.

Because you have a newer kernel 2.6.9-42.0.3 you would need to boot use the correct smp or el version, then pptp should work as normal.

[pfloor]

I have two PIII-600Mhz server-gateways both booting  CentOS 2.6.9-42.0.2.EL kernel and both have lost the pptp with the same error as reported in this post.

Because you have a newer kernel 2.6.9-42.0.3 you would need to boot use the correct smp or el version, then pptp should work as normal.

That won't work.  p-jones has the 2.6.9-42.0.2 modules and needs to use the corrisponding kernel for pptp to work.

p-jones, it looks like your yum problem may have installed a newer kernel but not the related modules.

What do you get with:

# uname -r

[p-jones]

Alright, so which is the correct kernel version ?

Why is there now a mismatch. I only have SME updates selected (except development options). It is a very standard setup with no addons.

[pfloor]

Alright, so which is the correct kernel version ?

Why is there now a mismatch. I only have SME updates selected (except development options). It is a very standard setup with no addons.

At one time you must have had the smeupdates-testing enabled because the 2.6.9-42.0.3 kernel is from there.

what is the output of:

#uname -r

and

rpm -qa kmod*

[p-jones]

[root@vserv1 ~]# uname -r
2.6.9-42.0.3.EL
[root@vserv1 ~]# rpm -qa kmod*
[root@vserv1 ~]#

[pfloor]

[root@vserv1 ~]# uname -r
2.6.9-42.0.3.EL
[root@vserv1 ~]# rpm -qa kmod*
[root@vserv1 ~]#

There is your problem.  You have the 2.6.9-42.0.3 kernel installed and the 2.6.9-42.0.2 modules installed.  This won't work.

Either revert back to the 2.6.9-42.0.2 kernel (reboot and pick the correct kernel on the penguin screen) OR install the 2.6.9-42.0.3 modules.  To install the 2.6.9-42.0.3 modules you can:

# yum install kmod*

The 2.6.9-42.0.3 kernel and modules are NOT in the "standard" repos.  You must have the smeupdates-testing repo enabled.  If this is a production server then you are not advised to use the testing repos, there are some unstable packages in there.

[p-jones]

Thanks Paul. I will give that a go later today and post back for the benefit of others.

Rgds
Peter

[p-jones]

[root@vserv1 ~]# yum install kmod*
==============================================================
WARNING: Additional commands may be required after running yum
==============================================================
Loading "smeserver" plugin
Loading "fastestmirror" plugin
Setting up Install Process
Setting up repositories
smeaddons                 100% |=========================|  951 B    00:00
smeos                     100% |=========================|  951 B    00:00
smeupdates                100% |=========================|  951 B    00:00
Loading mirror speeds from cached hostfile
Reading repository metadata in from local files
primary.xml.gz            100% |=========================|  56 kB    00:01
http://mirror.contribs.org/smeserver/releases/7/smeupdate                                              s/i386/repodata/primary.xml.gz: [Errno -1] Metadata file does not match checksum
Trying other mirror.
primary.xml.gz            100% |=========================|  54 kB    00:01
smeupdates: ################################################## 90/90
Added 0 new packages, deleted 3 old in 1.30 seconds
Parsing package install arguments
No Match for argument: kmod*
Nothing to do
================================================================
No new rpms were installed. No additional commands are required.
================================================================

[pfloor]

WARNING: It apears thet you have installed some packages (including your current kernel) from the testing repos.  This is highly discouraged on a production server.

That being said, if you still want to install the corrisponding modules from the testng repo then you need to do the following:

# yum --enablerepo=smeupdates-testing install kmod*
# signal-event post-upgrade
# signal-event reboot

Or just reboot and choose the correct kernel (2.6.9-42.0.2)