Topic: Billion modem to pass through VPN

[Smitro]

Hi all,

I've just changed my modem over to a brand new Billion BiPAC 7300 RA to replace my old DLink DSL-502T.

I got it setup nice and quick and all is working, except for VPN. None of my users are now able to connect to my SME server through VPN. I've done a little research and found a couple of extra options that I was suppose to put in, but it still seems to not let them connect. The only message they get is "Failed to connect". Which isn't real helpful.

With my DLink DSL-502T all I had to do was select virtual server and add PPTP and tell it which local IP address to point at. No such luck with this one.

Has anyone got VPN working through one of these devices and might be able to point me in the right direction? Below are a couple of screenshots of my settings to compare against. Any suggestions welcome.

Packet Filter – http://mailoz.com/modemsetup/packet_filter.jpg
Port Mapping – http://mailoz.com/modemsetup/port_mapping.jpg

[dgs]

Have you set your SME server as the DMZ host in the billion virtual server options. This will open all incoming requests to the SME box.

I have the VPN working on some Billion 7300s but can only establish one connection at a time.  You need to leave a minute or so after disconnecting one remote connection before attempting another. I usually only need one connection so I've never followed this up further.

[brianr]

I have also successfully used Billion routers to pass through VPN, although not this model.

An obvious question for which I apologise in advance - 192.168.1.254 IS the SMEserver?

[Smitro]

The server is 192.168.1.254 and the modem is 192.168.1.2 (same as the previous modem I used).

I was hoping to use port forwarding rather than DMZ. One connection, that's a little crazy?

[Smitro]

Interesting... I just tried to connect internally and it failed. So that's inside the modem. So maybe there is not problem with the modem after all? I wonder if this could be a side effect to the recent upgrade of SME to 7.4?

[brianr]

I've got one remote 7.4 that I can connect to using VPN, the rest are still 7.3.  It was "new" install, no upgrades at the moment.

[Smitro]

Ok, I think I might be getting somewhere... I found this in the messages log. (I know this is starting to head for bug tracker status)

Dec  1 21:28:53 box1 pptpd[17374]: CTRL: Client 192.168.1.10 control connection started
Dec  1 21:28:53 box1 pptpd[17374]: CTRL: Starting call (launching pppd, opening GRE)
Dec  1 21:28:53 box1 pppd[17375]: Plugin radius.so loaded.
Dec  1 21:28:53 box1 pppd[17375]: RADIUS plugin initialized.
Dec  1 21:28:53 box1 pppd[17375]: pppd 2.4.4 started by root, uid 0
Dec  1 21:28:53 box1 kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Dec  1 21:28:53 box1 pppd[17375]: Using interface ppp0
Dec  1 21:28:53 box1 pppd[17375]: Connect: ppp0 <--> /dev/pts/0
Dec  1 21:28:53 box1 pptpd[17374]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Dec  1 21:28:53 box1 pppd[17375]: MPPE required, but kernel has no support.
Dec  1 21:28:53 box1 pppd[17375]: Connection terminated.
Dec  1 21:28:53 box1 pppd[17375]: Connect time 0.0 minutes.
Dec  1 21:28:53 box1 pppd[17375]: Sent 0 bytes, received 58 bytes.
Dec  1 21:28:53 box1 pptpd[17374]: CTRL: Reaping child PPP[17375]
Dec  1 21:28:53 box1 kernel: divert: no divert_blk to free, ppp0 not ethernet
Dec  1 21:28:53 box1 pppd[17375]: Exit.
Dec  1 21:28:53 box1 pptpd[17374]: CTRL: Client 192.168.1.10 control connection finished

Any idea on what that means?

[brianr]

I think this means you are running a kernel which is incompatible with the kernel modules, what is the result of:

uname -a

this is what I get..

Linux bjsserver 2.6.9-78.0.8.EL #1 Wed Nov 19 19:43:32 EST 2008 i686 athlon i386 GNU/Linux

[Smitro]

Linux box1 2.6.9-67.0.7.ELsmp #1 SMP Sat Mar 15 06:54:55 EDT 2008 i686 i686 i386 GNU/Linux

It looks like yours is slightly newer than mine? My server is saying it's up to date.

I'm running an Intel board with 2 x P3 processors.

[brianr]

If that server has been updated to 7.4, then it ought to show the same kernel version as mine.  This is def the problem.

Can you re-boot and select the correct kernel?  Hit enter on the grub screen and select the kernel (choose the smp one).

You ought to submit a *bug* on this as well.

[Smitro]

I'll give it a go. I'll have to hook up a keyboard and monitor first.

[Smitro]

Bingo!

I did as you said it's now running the same kernel as yours. I then connected via VPN and it worked a treat. The next question I have though... There was no SMP option, does that mean I'm now only running on one processor? I've forgotten the command to check how many processors there are.

[Smitro]

No, I was right. I'm only running on one processor. 

The command I was after is: cat /proc/cpuinfo

[brianr]

I am surprised that there was no "smp" version of the kernel, I am sure that my one 7.4 in the wild is a dual core, and it is running an smp version.  perhaps the upgrade failed to detect the dual processor-ness of your system, and did not install the smp kernel.

this is it:

Linux mapserver 2.6.9-78.0.8.ELsmp #1 SMP Wed Nov 19 20:05:04 EST 2008 i686 aon i386 GNU/Linux

Definately a bug report required.

[Smitro]

Ok, thanks for your help, I've submitted a bug here:
http://bugs.contribs.org/show_bug.cgi?id=4815

I know I'm not the best with wording these things correctly, so feel free to add to it if I've missed anything off.

For now I'm happy to just run on one processor and still have VPN working. Hopefully I'll be able to install a new kernel sometime in the near future.

Thanks one again for your help, it's been very much appreciated!