Koozali.org: home of the SME Server

[SOLVED] VPN Authentication Issues

Offline leon85

  • *
  • 8
  • +0/-0
    • OpenCSI.it
[SOLVED] VPN Authentication Issues
« on: April 12, 2008, 06:04:57 PM »
I have the same problem described in this post.

http://forums.contribs.org/index.php?topic=33728.0

I running sme server 7.3.

I am having troubles trying to connect to my SME server on my office lan over my VPN connection from home. I am running SME 7 w/ no contribs on the server, XP Pro SP2 on the workstation. I created a new network connection for the PPTP session on the windows box. When I try to connect, it gets past the "Connecting to..." part, but errors out when it tries to authenticate the username/password. I am using strong encryption, and I am positive that I have typed the credentials properly. I also know that the boxes can see each other as I can ping the SME server and I can access it with SSH.


this is the log of vpn connection:

Apr 12 18:41:17 server pptpd[6554]: CTRL: Client **.**.**.** control connection started
Apr 12 18:41:17 server pptpd[6554]: CTRL: Starting call (launching pppd, opening GRE)
Apr 12 18:41:17 server pppd[6555]: Plugin radius.so loaded.
Apr 12 18:41:17 server pppd[6555]: RADIUS plugin initialized.
Apr 12 18:41:17 server pppd[6555]: pppd 2.4.4 started by root, uid 0
Apr 12 18:41:17 server kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Apr 12 18:41:17 server pppd[6555]: Using interface ppp0
Apr 12 18:41:17 server pppd[6555]: Connect: ppp0 <--> /dev/pts/0
Apr 12 18:41:47 server pppd[6555]: LCP: timeout sending Config-Requests
Apr 12 18:41:50 server ntpd: logging to file /dev/stdout
Apr 12 18:41:54 server pppd[6555]: Modem hangup
Apr 12 18:41:54 server pptpd[6554]: CTRL: Reaping child PPP[6555]
Apr 12 18:41:54 server pppd[6555]: Connection terminated.
Apr 12 18:41:54 server kernel: divert: no divert_blk to free, ppp0 not ethernet
Apr 12 18:41:54 server pppd[6555]: Exit.
Apr 12 18:41:54 server pptpd[6554]: CTRL: Client **.**.**.** control connection finished


Thanks for help.
« Last Edit: April 14, 2008, 11:22:57 AM by leon85 »

Offline pfloor

  • *****
  • 889
  • +1/-0
Re: VPN Authentication Issues
« Reply #1 on: April 12, 2008, 07:06:28 PM »
Is there any type of firewall on either end of the connection?
In life, you must either "Push, Pull or Get out of the way!"

Offline leon85

  • *
  • 8
  • +0/-0
    • OpenCSI.it
Re: VPN Authentication Issues
« Reply #2 on: April 12, 2008, 07:42:13 PM »
in the windows client the firewall is disabled.

Offline pfloor

  • *****
  • 889
  • +1/-0
Re: VPN Authentication Issues
« Reply #3 on: April 12, 2008, 07:46:48 PM »
So there is no other firewall, router, etc in front of the WXP box or the SME Server?

IOW, the WXP client and the SME Server are connected DIRECTLY to the internet?  I find this hard to believe :-)
In life, you must either "Push, Pull or Get out of the way!"

Offline leon85

  • *
  • 8
  • +0/-0
    • OpenCSI.it
Re: VPN Authentication Issues
« Reply #4 on: April 12, 2008, 07:53:41 PM »
The windows client is connected to the Internet via a router DSL.
the sme server is connected through a router dsl but the port is open for vpn.
the problem is not the firewall.

Offline pfloor

  • *****
  • 889
  • +1/-0
Re: VPN Authentication Issues
« Reply #5 on: April 12, 2008, 08:03:30 PM »
The windows client is connected to the Internet via a router DSL.
the sme server is connected through a router dsl but the port is open for vpn.
the problem is not the firewall.
You are making an assumption here that may not be true.  The error in your logs indicate that one of your routers may have a problem forwarding GRE packets.

VPN uses port 1723 AND the GRE protocol.  Port 1723 is easy to forward but GRE can be a challenge and some routers can't handle it properly because GRE is a protocol and not a port.

Making pptp type VPN connections is not as simple as forwarding port 1723, do your routers SPECIFICALLY say that they handle passthrough pptp VPN connections?  Both routers must be able to handle pptp VPN passthrough for your scenario to work correctly.
In life, you must either "Push, Pull or Get out of the way!"

Offline leon85

  • *
  • 8
  • +0/-0
    • OpenCSI.it
Re: VPN Authentication Issues
« Reply #6 on: April 14, 2008, 11:21:52 AM »
You are right, the problem was the protocol 47 (Gre).

I active the PPTP pass-thru and all OK!!!

Thanks

Ciao
Leon