Koozali.org: home of the SME Server

VPN PPTP problems

Offline alext

  • ***
  • 91
  • +0/-0
VPN PPTP problems
« on: June 16, 2007, 10:56:58 PM »
Hi,

Like one of the other forum entries, I also have trouble with VPN/PPTP.
I connect and get the "connecting" and "verifying username and password" dialogues.
Then, on the "registering your computer on the network" dialogue, I get;
"Error 734: The PPP link control protocol was terminated" followed by a disconnect.

I followed the advice in other forum entries but still can't get it to work.

My installation is a completetly fresh one using the 7.1 iso which I then performed
the very long update within the server manager panel to let it update to 7.1.3.

When it failed I modified the grub.conf file to boot a previous kernel but the problem
still exists.

I have included all of the files that I think are relevant

If someone would kindly check these files and point me in the right direction I would be
very grateful as I need to get the VPN running by Monday.

Many thanks,
AlexT.

---------------------------------------------------------------------------------------

My message log is as follows:
 
  Jun 16 15:56:05 atl-gateway pptpd[9714]: CTRL: Client 212.59.181.105 control connection started
  Jun 16 15:56:05 atl-gateway pptpd[9714]: CTRL: Starting call (launching pppd, opening GRE)
  Jun 16 15:56:05 atl-gateway pppd[9715]: Plugin radius.so loaded.
  Jun 16 15:56:05 atl-gateway pppd[9715]: RADIUS plugin initialized.
  Jun 16 15:56:06 atl-gateway kernel: CSLIP: code copyright 1989 Regents of the University of California
  Jun 16 15:56:06 atl-gateway kernel: PPP generic driver version 2.4.2
  Jun 16 15:56:06 atl-gateway pppd[9715]: pppd 2.4.4 started by root, uid 0
  Jun 16 15:56:06 atl-gateway kernel: divert: not allocating divert_blk for non-ethernet device ppp0
  Jun 16 15:56:06 atl-gateway pppd[9715]: Using interface ppp0
  Jun 16 15:56:06 atl-gateway pppd[9715]: Connect: ppp0 <--> /dev/pts/0
  Jun 16 15:56:06 atl-gateway pptpd[9714]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
  Jun 16 15:56:08 atl-gateway pppd[9715]: MPPE required, but kernel has no support.
  Jun 16 15:56:08 atl-gateway pppd[9715]: Connection terminated.
  Jun 16 15:56:08 atl-gateway pppd[9715]: Connect time 0.1 minutes.
  Jun 16 15:56:08 atl-gateway pppd[9715]: Sent 0 bytes, received 0 bytes.
  Jun 16 15:56:08 atl-gateway kernel: divert: no divert_blk to free, ppp0 not ethernet
  Jun 16 15:56:08 atl-gateway pptpd[9714]: CTRL: Reaping child PPP[9715]
  Jun 16 15:56:08 atl-gateway pppd[9715]: Exit.
  Jun 16 15:56:08 atl-gateway pptpd[9714]: CTRL: Client 212.59.181.105 control connection finished
  Jun 16 21:58:52 atl-gateway login(pam_unix)[13907]: session opened for user root by LOGIN(uid=0)
  Jun 16 21:58:52 atl-gateway  -- root[13907]: ROOT LOGIN ON tty1

---------------------------------------------------------------------------------------

grub.conf file  (original)
  # grub.conf generated by anaconda
  #
  # Note that you do not have to rerun grub after making changes to this file
  # NOTICE:  You have a /boot partition.  This means that
  #          all kernel and initrd paths are relative to /boot/, eg.
  #          root (hd0,0)
  #          kernel /vmlinuz-version ro root=/dev/main/root
  #          initrd /initrd-version.img
  #boot=/dev/sda
  default=1
  timeout=5
  splashimage=(hd0,0)/grub/splash.xpm.gz
  hiddenmenu
  title CentOS (2.6.9-55.EL)
   root (hd0,0)
   kernel /vmlinuz-2.6.9-55.EL ro root=/dev/main/root
   initrd /initrd-2.6.9-55.EL.img
  title CentOS (2.6.9-55.ELsmp)
   root (hd0,0)
   kernel /vmlinuz-2.6.9-55.ELsmp ro root=/dev/main/root
   initrd /initrd-2.6.9-55.ELsmp.img
  title CentOS (2.6.9-42.0.10.EL)
   root (hd0,0)
   kernel /vmlinuz-2.6.9-42.0.10.EL ro root=/dev/main/root
   initrd /initrd-2.6.9-42.0.10.EL.img
  title SME Server (2.6.9-42.0.3.ELsmp)
   root (hd0,0)
   kernel /vmlinuz-2.6.9-42.0.3.ELsmp ro root=/dev/main/root
   initrd /initrd-2.6.9-42.0.3.ELsmp.img
  title SME Server-up (2.6.9-42.0.3.EL)
   root (hd0,0)
   kernel /vmlinuz-2.6.9-42.0.3.EL ro root=/dev/main/root
   initrd /initrd-2.6.9-42.0.3.EL.img


uname -r (original)
  2.6.9-55.ELsmp

rpm -qa ¦grep ppp (after changing grub default to 3)
  rp-pppoe-3.5-22
  ppp-2.4.4-1.3.el4.sme
  kmod-ppp-smp-1.0.2-1.2.6.9_42.0.10.EL
  kmod-ppp-1.0.2-1.2.6.9_42.0.10.EL

---------------------------------------------------------------------------------------

grub.conf file  (after changing grub default to 3)
  # grub.conf generated by anaconda
  #
  # Note that you do not have to rerun grub after making changes to this file
  # NOTICE:  You have a /boot partition.  This means that
  #          all kernel and initrd paths are relative to /boot/, eg.
  #          root (hd0,0)
  #          kernel /vmlinuz-version ro root=/dev/main/root
  #          initrd /initrd-version.img
  #boot=/dev/sda
  default=3
  timeout=5
  splashimage=(hd0,0)/grub/splash.xpm.gz
  hiddenmenu
  title CentOS (2.6.9-55.EL)
   root (hd0,0)
   kernel /vmlinuz-2.6.9-55.EL ro root=/dev/main/root
   initrd /initrd-2.6.9-55.EL.img
  title CentOS (2.6.9-55.ELsmp)
   root (hd0,0)
   kernel /vmlinuz-2.6.9-55.ELsmp ro root=/dev/main/root
   initrd /initrd-2.6.9-55.ELsmp.img
  title CentOS (2.6.9-42.0.10.EL)
   root (hd0,0)
   kernel /vmlinuz-2.6.9-42.0.10.EL ro root=/dev/main/root
   initrd /initrd-2.6.9-42.0.10.EL.img
  title SME Server (2.6.9-42.0.3.ELsmp)
   root (hd0,0)
   kernel /vmlinuz-2.6.9-42.0.3.ELsmp ro root=/dev/main/root
   initrd /initrd-2.6.9-42.0.3.ELsmp.img
  title SME Server-up (2.6.9-42.0.3.EL)
   root (hd0,0)
   kernel /vmlinuz-2.6.9-42.0.3.EL ro root=/dev/main/root
   initrd /initrd-2.6.9-42.0.3.EL.img

uname -r (after changing grub default to 3)
  2.6.9-42.0.3.ELsmp

rpm -qa ¦grep ppp (after changing grub default to 3)
  rp-pppoe-3.5-22
  ppp-2.4.4-1.3.el4.sme
  kmod-ppp-smp-1.0.2-1.2.6.9_42.0.10.EL
  kmod-ppp-1.0.2-1.2.6.9_42.0.10.EL

---------------------------------------------------------------------------------------
...

Offline raem

  • *
  • 3,972
  • +4/-0
Re: VPN PPTP problems
« Reply #1 on: June 17, 2007, 12:55:49 AM »
alext

>... MPPE required, but kernel has no support.

http://pptpclient.sourceforge.net/howto-diagnosis.phtml#mppe_rbkhns


Here's my output from a 7.1.3 smeserver updated yesterday, where VPN is working OK.

uname -r

2.6.9-42.0.10.ELsmp

rpm -qa |grep ppp

rp-pppoe-3.5-22
ppp-2.4.4-1.3.el4.sme
kmod-ppp-smp-1.0.2-1.2.6.9_42.0.10.EL
kmod-ppp-1.0.2-1.2.6.9_42.0.10.EL


Do you have the yum testing repository enabled, if so you should not ?


Looks like your kernel & mppe module versions are different.


Here's the ouput from another sme 7.1.3 server also recently upgraded with VPN working OK.

uname -r

2.6.9-42.0.10.ELsmp

rpm -qa |grep ppp

rp-pppoe-3.5-22
kmod-ppp-smp-1.0.2-1.2.6.9_42.0.10.EL
ppp-2.4.4-1.3.el4.sme
kmod-ppp-1.0.2-1.2.6.9_42.0.10.EL
...

Offline alext

  • ***
  • 91
  • +0/-0
yum testing repository ?
« Reply #2 on: June 17, 2007, 08:11:16 AM »
Hi Ray,

Thanks for your quick reply.
I am about to go to the clientr to continue working so I will check your config to mine.

I am not familiar with the "yum testing repository". What is it and how would I enable/disable it?

As I mentioned, this installation is fresh, (repartition and all), so I am surprised that I get two different versions. Does that happen during the software update from 7.1 to 7.13 ?

Cheers,
Alex
...

Offline raem

  • *
  • 3,972
  • +4/-0
Re: yum testing repository ?
« Reply #3 on: June 17, 2007, 08:29:58 AM »
alext

> ...yum testing repository.... What is it and how would I enable/disable it?

Look in server manager at the software updates panel & unselect "testing"  if necessary.
...

Offline alext

  • ***
  • 91
  • +0/-0
Testing not selected
« Reply #4 on: June 17, 2007, 10:49:34 AM »
Hi Ray,

I checked in the server manager/software updates panel and found that only the following were selected:
    CentOS - os
    CentOS - updates
    SME Server - addons
    SME Server - os
    SME Server - updates
    [/list]

    The SME Server - updates testing was not selected.

    I guess there is no way to unwind the updates and it means that I will have to rebuild to 7.1 again. If I do this I would like to be sure as to what updates I can trust.

    Any ideas?
    (Have to start soon otherwise I will miss the Indianapolis F1 Grand Prix race)

    Cheers,
    Alex
    ...

    Offline alext

    • ***
    • 91
    • +0/-0
    Missing Kernel?
    « Reply #5 on: June 17, 2007, 12:08:36 PM »
    Hi,

    Looking at the grub.conf file again I note that the kernels seem to go in pairs, (EL and ELsmp),
    except for the kernel 2.6.9-42.0.10.EL

    There is no ELsmp kernel listed.

    How can that happen?

    I have checked in the /boot directory but no luck.

    Cheers,
    Alex
    ...

    Offline alext

    • ***
    • 91
    • +0/-0
    VPN PPTP problems
    « Reply #6 on: June 17, 2007, 03:44:04 PM »
    Well, I finally bit the bullet and scrubbed out my SME V7-1.1.3 system and re-installed the 7.1.1 version fresh from the iso.

    After installation and reconfiguring I disabled the software updates and checked the kernel/ppp versions.
    They are:

      uname -r
      2.6.9-42.0.3.ELsmp

      rpm -qa ¦grep ppp
      ppp-2.4.4-1.3.el4.sme
      kmod-ppp-smp-1.0.2-1.2.6.9_42.0.3.EL
      kmod-ppp-1.0.2-1.2.6.9_42.0.3.EL [/list]

      I checked by installing a laptop in the DMZ pointing back to the external IP address of the server.
      Worked fine until I plugged the router into the external network (ADSL), then the DNS screws up.
      So I will have to finally check it remotely.

      For now I am leaving the server on the current version as I cannot trust the updates.

      Perhaps V7.2 will fix it...

      Many thanks for your help.

      Cheers,
      Alex
      ...

      Offline raem

      • *
      • 3,972
      • +4/-0
      VPN PPTP problems
      « Reply #7 on: June 17, 2007, 10:19:41 PM »
      alext

      > For now I am leaving the server on the current version
      > as I cannot trust the updates.

      sme7 has had a lot of changes and improvements & they were happening "on the fly" so to speak.

      There was an earlier issue with certain Centos updates not being excluded, where support had not yet been provided in sme updates.

      I refer to these posts & others on the topic
      http://forums.contribs.org/index.php?topic=37183.0
      http://forums.contribs.org/index.php?topic=37414.0

      Try the following
      Install from CD
      Then disable Centos updates in the software update panel
      Then at the command line do a
      yum update smeserver-yum
      signal-event post-upgrade; signal-event reboot

      Then update your server using the updates panel
      Select the Reconfigure option

      Then enable Centos updates
      Then update your server again using the updates panel
      Select the Reconfigure option

      That should only allow the correct updates to be installed, including the correct kernel & ppp modules.


      > install(ed) a laptop in the DMZ pointing back to the external IP
      > address of the server. Worked fine

      I assume you mean VPN worked fine  with the earlier kernel & modules?
      ...

      Offline alext

      • ***
      • 91
      • +0/-0
      Back-door VPN
      « Reply #8 on: June 18, 2007, 09:26:17 AM »
      Quote
      I assume you mean VPN worked fine with the earlier kernel & modules?


      Yes, you are correct: the earlier, re-installed version.

      Many thanks for your help and advice. It's Monday morning now and I have to let the user settle down and smooth their ruffled feathers so I will keep your update advice in mind and when they are back to normal and I have the courage to do so, I will have a go at it.

      Is there an image backup programme in Linux that will allow me to take an image copy of any partition? (Something like PQ Image in MS Windows world). I have a feeling I saw something about it when browsing around the GPARTED application. That sort of safety measure would give me a better feeling of security before attempting the updates.

      Thanks again,
      AlexT
      ...