Topic: Urgent - VPN conection Failed after 4 years - Stumped!

[the_owl]

Hi Forum!

SME 7.4

We have a client  who has branches at remote sites that connect to the server via the built in PPTP system to read/wride data, and connects via the external IP address for asterix VOIP.  This has been working flawlessly for 3-4 years and no local changes have been made.

Today I got a call from a number of branches and the owner of the business informing me thy could not connect to the VPN, and that it stops on verifying name/password befor being disconnected by the server.  I verified this presentation on test equipment in the workshop.

VOIP, http and SSH access are fine.

I tried with our admin account and I can log in fine via SSH, but get the same authentication issue as they get when I use the same credentials via PPTP (user has rights for VPN connection)

I have tried rebooting the router and rebooting the server (reboot and reconfigure options tried) same problem.

I have checked the messages log before and after an attempt I can see the connection being started then terminated.

I have checked and double checked all the necessary settings, and as only I have access to the back end I know that no-one else has interfered with anything.

I am at a loss with a very frustrated client - any ideas would be welcome!

*************** UPDATE **************

My Colleage has just been on-site and can connect to the shares from the local network using the credentials of the various branches, but cannot connect to the vpn when connecting directly to the router and attempting to VPN in.  once again all other services work fine??

*************************************

[janet]

the_owl

Have a read of this
http://wiki.contribs.org/VPN_practical_tips
and work through all the possibilities

Perhaps the ISP has changed something or a piece of equipment somewhere in the path has changed.

The log file(s) should indicate why a failure is occurring, you do not tell us what the logs say when you see a disconnection or failed connection.

[the_owl]

Thanks for getting back to me Mary,

I have read the link you suggested before to posting here, with no luck.

I have contacted the ISP who assures me nothing has changed but have told me they will investigate and they are usually very good in this respect.

But here is the odd thing, Nothing else has changed regarding the server or the way it connects to the internet, and the equipment is in a locked cabinet. One day it worked, the next day it stopped. I will get a copy of the appropriate section of the log here ASAP.

The client is getting more annoyed about this by the hour.

I really hope that someone here can shed some light on this.

[Stefano]

if nothing has been changed, the problem is outside..

pptp? IMHO a issue with GRE protocol

[janet]

the_owl

No one can give you a definitive answer, it's your server & your ISP & your connections, so you have to troubleshoot it.
The problem is not going to jump up in front of you and say "here I am".

I have read the link you suggested before to posting here, with no luck.

It's not much use just reading it, you need to carry out the suggestions in the article and in the links referred to eg the advanced troubleshooting link near the start, in particular this section (for example), as Stefano says gre problems are high on the list of suspects as to the cause.
http://pptpclient.sourceforge.net/howto-diagnosis.phtml#gre

You still do not show us the output of the log file when the vpn connection fails, it will most likely have the clue you need.

I really hope that someone here can shed some light on this.

You need to put more effort into troubleshooting

[the_owl]

Thank you Stefano,

Here are sections from the log files,

boot.log  (grabbed from putty)

Nov  6 12:30:33 lilliput-server sysctl: net.ipv4.tcp_syncookies = 1
Nov  6 12:30:33 lilliput-server network: Setting network parameters:  succeeded
Nov  6 12:30:34 lilliput-server network: Bringing up loopback interface:  succeeded
Nov  6 12:30:32 lilliput-server syslog: syslogd shutdown succeeded
Nov  6 12:30:36 lilliput-server network: Bringing up interface eth0:  succeeded
Nov  6 12:30:38 lilliput-server network: Bringing up interface eth1:  succeeded
Nov  6 12:30:38 lilliput-server wan: Starting wan succeeded
Nov  6 12:30:38 lilliput-server irqbalance: irqbalance startup succeeded
Nov  6 12:30:38 lilliput-server crond: crond startup succeeded
Nov  6 12:30:38 lilliput-server acpid: acpid startup succeeded
Nov  6 12:30:39 lilliput-server mysqld: Starting mysqld succeeded
Nov  6 12:30:39 lilliput-server dnscache: Starting dnscache succeeded
Nov  6 12:30:39 lilliput-server imap: Starting imap succeeded
Nov  6 12:30:39 lilliput-server imaps: Starting imaps succeeded
Nov  6 12:30:39 lilliput-server pop3: Starting pop3 succeeded
Nov  6 12:30:39 lilliput-server pop3s: Starting pop3s succeeded
Nov  6 12:30:39 lilliput-server tinydns: Starting tinydns succeeded
Nov  6 12:30:39 lilliput-server lpd: Starting lpd succeeded
Nov  6 12:30:40 lilliput-server dhcpd: Starting dhcpd succeeded
Nov  6 12:30:40 lilliput-server clamd: Starting clamd succeeded
Nov  6 12:30:40 lilliput-server freshclam: Starting freshclam succeeded
Nov  6 12:30:40 lilliput-server ldap: Starting ldap succeeded
Nov  6 12:30:40 lilliput-server ntpd: Starting ntpd succeeded
Nov  6 12:30:40 lilliput-server qmail: Starting qmail succeeded
Nov  6 12:30:40 lilliput-server qpsmtpd: Starting qpsmtpd succeeded
Nov  6 12:30:41 lilliput-server sqpsmtpd: Starting sqpsmtpd succeeded
Nov  6 12:30:43 lilliput-server sshd: Starting sshd succeeded
Nov  6 12:30:45 lilliput-server httpd-admin: Starting httpd-admin succeeded
Nov  6 12:30:46 lilliput-server httpd-e-smith: Starting httpd-e-smith succeeded
Nov  6 12:30:47 lilliput-server pptpd: Starting pptpd succeeded
Nov  6 12:30:48 lilliput-server radiusd: Starting radiusd succeeded
Nov  6 12:30:48 lilliput-server smolt:  succeeded
Nov  6 12:30:49 lilliput-server spamd: Starting spamd succeeded
Nov  6 12:30:49 lilliput-server squid: Starting squid succeeded
Nov  6 12:30:49 lilliput-server nmbd: Starting nmbd succeeded
Nov  6 12:30:50 lilliput-server smbd: Starting smbd succeeded
Nov  6 12:31:22 lilliput-server atalk: atalkd startup succeeded
Nov  6 12:31:29 lilliput-server atalk:   Registering lilliput-server:Workstation: succeeded
Nov  6 12:31:35 lilliput-server atalk:   Registering lilliput-server:netatalk: succeeded
Nov  6 12:31:35 lilliput-server atalk: papd startup succeeded
Nov  6 12:31:35 lilliput-server atalk: cnid_metad startup succeeded
Nov  6 12:31:35 lilliput-server atalk: afpd startup succeeded
Nov  6 12:32:39 lilliput-server sark: asterisk startup succeeded
Nov  6 12:32:41 lilliput-server fop: op_server.pl startup succeeded
Nov  6 12:32:41 lilliput-server messagebus: messagebus startup succeeded
Nov  6 12:32:42 lilliput-server haldaemon: haldaemon startup succeeded

As you can see PPTPD starts ok....

and here is the messages log when I attempt a VPN connection from outside.

Nov  7 12:51:52 lilliput-server pptpd[18852]: CTRL: Client 86.19.143.110 control connection started
Nov  7 12:51:52 lilliput-server pptpd[18852]: CTRL: Starting call (launching pppd, opening GRE)
Nov  7 12:51:52 lilliput-server pppd[18853]: Plugin radius.so loaded.
Nov  7 12:51:52 lilliput-server pppd[18853]: RADIUS plugin initialized.
Nov  7 12:51:52 lilliput-server pppd[18853]: pppd 2.4.4 started by root, uid 0
Nov  7 12:51:52 lilliput-server kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Nov  7 12:51:52 lilliput-server pppd[18853]: Using interface ppp0
Nov  7 12:51:52 lilliput-server pppd[18853]: Connect: ppp0 <--> /dev/pts/1
Nov  7 12:51:52 lilliput-server udevd[1218]: udev done!
Nov  7 12:52:22 lilliput-server pppd[18853]: LCP: timeout sending Config-Requests
Nov  7 12:52:29 lilliput-server pppd[18853]: Modem hangup
Nov  7 12:52:29 lilliput-server pptpd[18852]: CTRL: Reaping child PPP[18853]
Nov  7 12:52:29 lilliput-server pppd[18853]: Connection terminated.
Nov  7 12:52:29 lilliput-server kernel: divert: no divert_blk to free, ppp0 not ethernet
Nov  7 12:52:29 lilliput-server pppd[18853]: Exit.
Nov  7 12:52:29 lilliput-server pptpd[18852]: CTRL: Client 86.19.143.110 control connection finished
Nov  7 12:52:29 lilliput-server udevd[1218]: udev done!

So the request is still getting to the server, on the client screen it shows "verifying username and passwors" for a while then disconnects, some sites are reporting that it disconnects almost instantly

I hope someone sees  something here I have missed!

[Stefano]

LCP: timeout sending Config-Requests

search the web.. it's likely a issue with GRE protocol.. i.e. it's an ISP's problem

[CharlieBrady]

Your symptoms indicate a problem with radiusd, which is the intermediate between pppd and the samba password database, which is used by the VPN service for authentication.

[the_owl]

After posting I saw your post Mary, thank you for responding so quickly! I was in the process of getting the other info together at the time.

Thank you for the link, I am working through it now.....

Apologies to all for seeming a bit passive,  I have been googling and reading through forums almost every waking minute before posting here looking for guidence.

I am putting in the effort I assure you,

[the_owl]

Thank you Stefano and CharltBrady!
 
CharlyBrady, Raduisd started successfuly on reboot, is there a way to test the connections between pptp, radiusd and the samba password database?

[janet]

the_owl

Fine, also see
http://pptpclient.sourceforge.net/howto-diagnosis.phtml#lcp_timeout
& listen to what Charlie says.

[the_owl]

doing this now, thanks Mary

[Stefano]

Your symptoms indicate a problem with radiusd, which is the intermediate between pppd and the samba password database, which is used by the VPN service for authentication.

Charlie, just a curiosity of mine: from what line do you think it's a radius issue?
I see many results in google regarding LCP timeout and GRE.. and I can't find any evidence of radius problems in the OP's log extract

TIA, just wish to learn to debug and solve..

[CharlieBrady]

Charlie, just a curiosity of mine: from what line do you think it's a radius issue?

Just because it was reported as an authentication issue, and ssh and samba access indicated that the password matched the backend storage. LCP timout on the other hand is a network connectivity issue. No issue with radius. My bad guess.

[CharlieBrady]

I'd also advise OP to start looking for alternative VPN technology. PPTP with password authentication is now susceptible to password theft by anyone who can capture the traffic (e.g. any ISP along the route).

http://technet.microsoft.com/en-us/security/advisory/2743314

http://www.theregister.co.uk/2012/07/31/ms_chapv2_crack/