Topic: VPN has recently failed

[T0b3rm0ry]

It has been some time since I had the need to VPN as I have been on site over the busy season but one of the last updates has stopped me from accessing it. I am using the same laptop with the same settings but now I can't connect at all??? I have also been asked to set it up for another user with a vista machine (mine is XP) & that will not connect either. Has anybody else had similar issues? What is the general fix/setting change I need to make & are there more issues to be dealt with for the vista machine?

[pfloor]

It has been some time since I had the need to VPN as I have been on site over the busy season but one of the last updates has stopped me from accessing it. I am using the same laptop with the same settings but now I can't connect at all??? I have also been asked to set it up for another user with a vista machine (mine is XP) & that will not connect either. Has anybody else had similar issues? What is the general fix/setting change I need to make & are there more issues to be dealt with for the vista machine?

This question has been asked many, many times and there are several possible reasons and fixes for failing VPN connections.  Searching the forums and bug tracker would have provided you with many answers.

Anyhow, VPN can be a touchy animal and just posting "I can't connect at all" and not providing any detail will not really help you.  You need to be much more specific.  You can start by give us 2 things...

What error messages are you getting on the client end?
What entries are in the log files from the time you try to connect?

[T0b3rm0ry]

Client side I get the standard error 800 message. What is the name of the log file I should look at? I looked for the "VPN" log but there is none...

Windows log: CoID={CB82D368-E017-4984-975D-68EC73BD62DA}: The user Simon-PC\Simon dialed a connection named Tabletops which has failed. The error code returned on failure is 0.

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="RasClient" />
  <EventID Qualifiers="0">20227</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2008-02-19T03:26:33.000Z" />
  <EventRecordID>16400</EventRecordID>
  <Channel>Application</Channel>
  <Computer>Simon-PC</Computer>
  <Security />
  </System>
- <EventData>
  <Data>{CB82D368-E017-4984-975D-68EC73BD62DA}</Data>
  <Data>Simon-PC\Simon</Data>
  <Data>Tabletops</Data>
  <Data>0</Data>
  </EventData>
  </Event>

[pfloor]

"messages" log file.  Look for pptp entries.

Also, from the command line show the outputs of:

config show pptpd
uname -a
rpm -qa kernel*
rpm -qa kmod*

[T0b3rm0ry]

[root@iserver ~]# config show pptpd
pptpd=service
    TCPPort=1723
    access=public
    sessions=3
    status=enabled
[root@iserver ~]# uname -a
Linux iserver 2.6.9-55.0.6.ELsmp #1 SMP Tue Sep 4 21:36:00 EDT 2007 i686 i686 i386 GNU/Linux
[root@iserver ~]# rpm -qa kernel*
kernel-2.6.9-55.0.6.EL
kernel-smp-2.6.9-55.0.2.EL
kernel-smp-2.6.9-55.0.6.EL
kernel-2.6.9-55.0.2.EL
kernel-utils-2.4-13.1.99
[root@iserver ~]# rpm -qa kmod*


However there are no PPTP entries that I can see in the last 3 hours of the messages log??? Would this mean my router can't manage the GRE packets other post mention? (Its a speedtouch 510 with the latest firmware)

[idp_qbn]

Hi T0b3rm0ry
I had the same happen when I upgraded from 7.2 to 7.3. I connected remotely to do the upgrade and afterwards I could not connect.

The upgrade to 7.3 seemed to have gone OK because there were no grumbles from the users. The next time I did a site visit, I just
1) un-installed OpenVPN
2) re-installed it, 
3) created new certificates
4) copied the certificates to my WinXP box

and all was well.

I didn't put it in as a bug report since I assumed I had made an error somewhere...I even thought it might have been a dyndns error somehow. Anyway, this time I was more careful in my reading of the instructions.

Cheers
Ian

[pfloor]

[root@iserver ~]# config show pptpd
pptpd=service
    TCPPort=1723
    access=public
    sessions=3
    status=enabled

That look OK

[root@iserver ~]# uname -a
Linux iserver 2.6.9-55.0.6.ELsmp #1 SMP Tue Sep 4 21:36:00 EDT 2007 i686 i686 i386 GNU/Linux

You need to update your server.

[root@iserver ~]# rpm -qa kernel*
kernel-2.6.9-55.0.6.EL
kernel-smp-2.6.9-55.0.2.EL
kernel-smp-2.6.9-55.0.6.EL
kernel-2.6.9-55.0.2.EL
kernel-utils-2.4-13.1.99

See above.

[root@iserver ~]# rpm -qa kmod*

If that's really what you get (nothing) from that command then your server is missing the kernel modules needed to establish a vpn connection.  You might have problems getting kmods for the kernel you are using so you might have to update your server including the kernel and kmods.

However there are no PPTP entries that I can see in the last 3 hours of the messages log???  Would this mean my router can't manage the GRE packets other post mention? (Its a speedtouch 510 with the latest firmware)

You will have to determine whether or not the router is capable of pptp and gre passthrough (Google is your friend). However, your original post indicates that this setup used to work (or did you leave some pertinent information out).

[pfloor]

Hi T0b3rm0ry
I had the same happen when I upgraded from 7.2 to 7.3. I connected remotely to do the upgrade and afterwards I could not connect.

The upgrade to 7.3 seemed to have gone OK because there were no grumbles from the users. The next time I did a site visit, I just
1) un-installed OpenVPN
2) re-installed it, 
3) created new certificates
4) copied the certificates to my WinXP box

and all was well.

I didn't put it in as a bug report since I assumed I had made an error somewhere...I even thought it might have been a dyndns error somehow. Anyway, this time I was more careful in my reading of the instructions.

Cheers
Ian

Ian, you're confusing the issue here.  The OP never stated he/she is using OpenVPN nor did he/she mention anything about certificate problems.

[idp_qbn]

Ooops...sorry.
Thought we were talking about OpenVPN - must remember not to chew gum and try to think at the same time!

T0b3rm0ry, please disregard what I said.

Ian

[T0b3rm0ry]

That look OK

You need to update your server.

See above.

If that's really what you get (nothing) from that command then your server is missing the kernel modules needed to establish a vpn connection.  You might have problems getting kmods for the kernel you are using so you might have to update your server including the kernel and kmods.

You will have to determine whether or not the router is capable of pptp and gre passthrough (Google is your friend). However, your original post indicates that this setup used to work (or did you leave some pertinent information out).

Updating via yum now, will this update the kernel as well? If not please give me advise on how to do so or point me in the right direction for instructions luisted on the site.

Am I right to assume that I need something like openvpn (or???) as kernel mods to be able to use VPN? What is the easiest to install/use?

It was working rpeviously however I have updated both the server and firmware for the router, I'm researching the router configs now...

[pfloor]

You do not need any additional contribs (like OpenVPN) to make VPN work.

After you update the server run these commands:

cd /
uname -a
rpm -qa kernel*
rpm -qa kmod*

Then let's see if everything is there.  If not, we will go from there and walk you through the steps needed to install/update anything else needed.

[T0b3rm0ry]

This is the reply I get from the CLI:

[root@iserver ~]# cd /
[root@iserver /]# uname -a
Linux iserver 2.6.9-55.0.6.ELsmp #1 SMP Tue Sep 4 21:36:00 EDT 2007 i686 i686 i386 GNU/Linux
[root@iserver /]# rpm -qa kernel*
kernel-2.6.9-55.0.6.EL
kernel-smp-2.6.9-55.0.2.EL
kernel-smp-2.6.9-55.0.6.EL
kernel-2.6.9-55.0.2.EL
kernel-utils-2.4-13.1.99
[root@iserver /]# rpm -qa kmod*

With this as a reply am I right to assume that the kernel is from sept last year? If yum does not update this how do I manage it without a fresh install from CD so I keep all the settings?

[pfloor]

This is the reply I get from the CLI:

[root@iserver ~]# cd /
[root@iserver /]# uname -a
Linux iserver 2.6.9-55.0.6.ELsmp #1 SMP Tue Sep 4 21:36:00 EDT 2007 i686 i686 i386 GNU/Linux
[root@iserver /]# rpm -qa kernel*
kernel-2.6.9-55.0.6.EL
kernel-smp-2.6.9-55.0.2.EL
kernel-smp-2.6.9-55.0.6.EL
kernel-2.6.9-55.0.2.EL
kernel-utils-2.4-13.1.99
[root@iserver /]# rpm -qa kmod*

Is this after the update?  That is an old kernel and all the kmods are missing.

Are you sure the server is updated?

Did you run "signal-event post-upgrade" and "signal-event reboot"?

If you did then please show output of:

cat /etc/e-smith-release
cat /etc/redhat-release

If you didn't then run the post-upgrade/reboot and show the outputs again.

[T0b3rm0ry]

I have only been updating via the YUM software installer as it is the only way i know how... I tried to paste the signal-event post-upgrade as a command line but obviously it was not the actual command as it did nothing? my release shows as 7.2...

[root@iserver /]# signal-event post-upgrade
[root@iserver /]# cat /etc/e-smith-release
SME Server release 7.2
[root@iserver /]# cat /etc/redhat-release
SME Server release 7.2

So how do I do a complete update including the kernel with the added kmods? & also with keeping the settings that are in place?

[pfloor]

signal-event post-upgrade is an actual command and won't show anything (unless it encounters errors).

What version did this server start out as (7.0, 7.1, etc.)

It isn't updated to the latest (7.3) yet so there must be a problem.  You will probably need to do your updating from the CLI so you san see exactly what is happening.  Read this about updating:

http://wiki.contribs.org/Updating_to_SME_7.2#Yum_Update