Koozali.org: home of the SME Server

RADIUS going bonkers?

Offline Mirfster

  • *
  • 62
  • +0/-0
RADIUS going bonkers?
« on: November 17, 2015, 05:17:35 PM »
Has a Server where the logs are getting filled with the same messages:

Quote
Nov 16 22:13:43 ddgvirginia pptpd[6186]: CTRL: Client 10.20.1.1 control connection finished
Nov 16 22:13:46 ddgvirginia pptpd[6195]: CTRL: Client 10.20.1.1 control connection started
Nov 16 22:13:47 ddgvirginia pptpd[6195]: CTRL: Starting call (launching pppd, opening GRE)
Nov 16 22:13:47 ddgvirginia pppd[6196]: Plugin radius.so loaded.
Nov 16 22:13:47 ddgvirginia pppd[6196]: RADIUS plugin initialized.
Nov 16 22:13:47 ddgvirginia pppd[6196]: pppd 2.4.5 started by root, uid 0
Nov 16 22:13:47 ddgvirginia pppd[6196]: Using interface ppp1
Nov 16 22:13:47 ddgvirginia pppd[6196]: Connect: ppp1 <--> /dev/pts/1
Nov 16 22:13:49 ddgvirginia pppd[6196]: Modem hangup
Nov 16 22:13:49 ddgvirginia pppd[6196]: Connection terminated.
Nov 16 22:13:49 ddgvirginia pppd[6196]: Exit.
Nov 16 22:13:49 ddgvirginia pptpd[6195]: CTRL: Client 10.20.1.1 control connection finished
Nov 16 22:13:52 ddgvirginia pptpd[6204]: CTRL: Client 10.20.1.1 control connection started
Nov 16 22:13:53 ddgvirginia pptpd[6204]: CTRL: Starting call (launching pppd, opening GRE)
Nov 16 22:13:53 ddgvirginia pppd[6205]: Plugin radius.so loaded.
Nov 16 22:13:53 ddgvirginia pppd[6205]: RADIUS plugin initialized.
Nov 16 22:13:53 ddgvirginia pppd[6205]: pppd 2.4.5 started by root, uid 0
Nov 16 22:13:53 ddgvirginia pppd[6205]: Using interface ppp1
Nov 16 22:13:53 ddgvirginia pppd[6205]: Connect: ppp1 <--> /dev/pts/1
Nov 16 22:13:55 ddgvirginia pppd[6205]: Modem hangup
Nov 16 22:13:55 ddgvirginia pppd[6205]: Connection terminated.
Nov 16 22:13:55 ddgvirginia pppd[6205]: Exit.

Server is setup similar to the same way I have mine.  D-Link DIR 825 flashed with DDWRT and port 1723 forwarded to SME Server for VPN. 

Only differences I see are
1) They also have Port 1701 (for L2TP) forwarded as well. 
2) While both of our Servers are running as an ESXi Virtual Machine instance, they have two network adapters on a virtual switch, but in "Fail-Over" mode.
3) Mine is a clean install of SME 9.0, while theirs was a clean install but restore was ran from a backup of SME 8.

On the router (DDWRT) theirs shows that out of 4096 "IP Filter Maximum Ports" they are upwards of 4089 (and climbing) with a lot of them coming from the SME Server.  In comparison mine has only ~ 184 used and I do not see anything similar in my logs.

Tried the suggestion from mentioned by CharlieBrady on http://forums.contribs.org/index.php/topic,51644.msg262818.html#msg262818:

Quote
This means that a GRE packet was sent by pptpd on the server, and it was rejected via an ICMP message from the client end, or from a firewall gateway somewhere between your server and the client.

The most common cause of this is that the client is behind a NAT gateway, and the NAT gateway is rejecting GRE unless there is expected traffic because of outbound GRE. But if the server is faster at sending its first GRE packet than the client is, then the gateway won't see outbound GRE before the first inbound GRE packet arrives, and will reject it.

SME server has a configuration option to allow for this case. You can try  it.

config setprop pptpd Passive enabled
signal-event remoteaccess-update

With this option, pptpd on the server will wait until it receives a GRE packet before it sends its first GRE packet.

Thanks for any other ideas


Offline Mirfster

  • *
  • 62
  • +0/-0
Re: RADIUS going bonkers?
« Reply #1 on: November 18, 2015, 02:49:07 AM »
May have found something.  Originally the Server was a physical box and acted as a Server/Gateway.  However, it was migrated to a VM and is in "ServerOnly" mode.  However, I see a "ppp0" still listed shown as the interface for the "pptpd" service.

Quote
pptpd=service
     Interface=ppp0
     Passive=enabled
     TCPPort=1723
     access=public
     sessions=10
     status=enabled

Whereas on mine it lists the interface with nothing declared "Interface="

Is the ppp0 still needed/required?  Their Server does have a 10 GB NIC as well, but this is configured as "eth2" and has a Static assigned (172.x.x.x).

ifconfig on their server shows
     "eth0", (which is the NIC attached to the DDWRT switch/router)
     "eth2" (which is the 10 GB Static)
     "lo" (Loopback)
     "pppo" (which for some reason has the same IP as "eth0")  <-- This is NOT on my Server and everything works fine

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: RADIUS going bonkers?
« Reply #2 on: November 18, 2015, 03:48:20 PM »
Has a Server where the logs are getting filled with the same messages:

It sounds like your server is not functioning correctly, so you should report a problem via the bug tracker.

http://bugs.contribs.org/

BTW, your logs show pptpd and pppd restarting, not "RADIUS going bonkers".
« Last Edit: November 18, 2015, 03:51:39 PM by CharlieBrady »

Offline Mirfster

  • *
  • 62
  • +0/-0
Re: RADIUS going bonkers?
« Reply #3 on: November 18, 2015, 05:22:13 PM »
Thanks, you are correct it is "pptpd".  After hours last night, I re-ran a "Configure this server" (after I took a VM Snapshot).

Did not change anything, but when I completed; it had me restart.

So far things are working pretty good.  Still wondering about the "ppp0" adapter though.

Not so many entries in the log as well, but still seeing a couple.

Will monitor and if needed, open a bug.

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: RADIUS going bonkers?
« Reply #4 on: November 18, 2015, 11:43:04 PM »
Still wondering about the "ppp0" adapter though.

If somebody starts an inbound PPTP VPN connection, ppp0 will be created to carry the VPN traffic, and the local IP address of ppp0 will carry the same address as your LAN adapter.