Has a Server where the logs are getting filled with the same messages:
Nov 16 22:13:43 ddgvirginia pptpd[6186]: CTRL: Client 10.20.1.1 control connection finished
Nov 16 22:13:46 ddgvirginia pptpd[6195]: CTRL: Client 10.20.1.1 control connection started
Nov 16 22:13:47 ddgvirginia pptpd[6195]: CTRL: Starting call (launching pppd, opening GRE)
Nov 16 22:13:47 ddgvirginia pppd[6196]: Plugin radius.so loaded.
Nov 16 22:13:47 ddgvirginia pppd[6196]: RADIUS plugin initialized.
Nov 16 22:13:47 ddgvirginia pppd[6196]: pppd 2.4.5 started by root, uid 0
Nov 16 22:13:47 ddgvirginia pppd[6196]: Using interface ppp1
Nov 16 22:13:47 ddgvirginia pppd[6196]: Connect: ppp1 <--> /dev/pts/1
Nov 16 22:13:49 ddgvirginia pppd[6196]: Modem hangup
Nov 16 22:13:49 ddgvirginia pppd[6196]: Connection terminated.
Nov 16 22:13:49 ddgvirginia pppd[6196]: Exit.
Nov 16 22:13:49 ddgvirginia pptpd[6195]: CTRL: Client 10.20.1.1 control connection finished
Nov 16 22:13:52 ddgvirginia pptpd[6204]: CTRL: Client 10.20.1.1 control connection started
Nov 16 22:13:53 ddgvirginia pptpd[6204]: CTRL: Starting call (launching pppd, opening GRE)
Nov 16 22:13:53 ddgvirginia pppd[6205]: Plugin radius.so loaded.
Nov 16 22:13:53 ddgvirginia pppd[6205]: RADIUS plugin initialized.
Nov 16 22:13:53 ddgvirginia pppd[6205]: pppd 2.4.5 started by root, uid 0
Nov 16 22:13:53 ddgvirginia pppd[6205]: Using interface ppp1
Nov 16 22:13:53 ddgvirginia pppd[6205]: Connect: ppp1 <--> /dev/pts/1
Nov 16 22:13:55 ddgvirginia pppd[6205]: Modem hangup
Nov 16 22:13:55 ddgvirginia pppd[6205]: Connection terminated.
Nov 16 22:13:55 ddgvirginia pppd[6205]: Exit.
Server is setup similar to the same way I have mine. D-Link DIR 825 flashed with DDWRT and port 1723 forwarded to SME Server for VPN.
Only differences I see are
1) They also have Port 1701 (for L2TP) forwarded as well.
2) While both of our Servers are running as an ESXi Virtual Machine instance, they have two network adapters on a virtual switch, but in "Fail-Over" mode.
3) Mine is a clean install of SME 9.0, while theirs was a clean install but restore was ran from a backup of SME 8.
On the router (DDWRT) theirs shows that out of 4096 "IP Filter Maximum Ports" they are upwards of 4089 (and climbing) with a lot of them coming from the SME Server. In comparison mine has only ~ 184 used and I do not see anything similar in my logs.
Tried the suggestion from mentioned by CharlieBrady on
http://forums.contribs.org/index.php/topic,51644.msg262818.html#msg262818:
This means that a GRE packet was sent by pptpd on the server, and it was rejected via an ICMP message from the client end, or from a firewall gateway somewhere between your server and the client.
The most common cause of this is that the client is behind a NAT gateway, and the NAT gateway is rejecting GRE unless there is expected traffic because of outbound GRE. But if the server is faster at sending its first GRE packet than the client is, then the gateway won't see outbound GRE before the first inbound GRE packet arrives, and will reject it.
SME server has a configuration option to allow for this case. You can try it.
config setprop pptpd Passive enabled
signal-event remoteaccess-update
With this option, pptpd on the server will wait until it receives a GRE packet before it sends its first GRE packet.
Thanks for any other ideas
4 Replies
2051 Views