I need some help to debug my PPTP connection. After reading all the posts regarding VPN on 5.6 and making the changes as instructed to create a custom template that remmed out:
/sbin/modprobe ip_nat_pptp
/sbin/modprobe ip_conntrack_pptp
I'm still not able to VPN in to the server. I've only been able to connect once and can't seem to understand why that was even possible. The problem seems to be caused by a GRE input/output error. Listed below is a section of the messages log showing the attempted PPTP and also below that is the output of - "iptables -L -t filter". The iptables nat seems to allow everything. So I'm wondering if the iptables filter is causing the the GRE problems. Can someone please look at this and figure out the problem. Thanks in advance.
Message Log:
28 starbird pptpd[2382]: MGR: Launching /usr/sbin/pptpctrl to handle client
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: local address = 192.168.1.1
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: remote address = 192.168.1.247
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: pppd speed = 460800
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: pppd options file = /etc/ppp/options.pptpd
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: Client 24.169.5.115 control connection started
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: Received PPTP Control Message (type: 1)
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: Made a START CTRL CONN RPLY packet
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: I wrote 156 bytes to the client.
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: Sent packet to client
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: Received PPTP Control Message (type: 7)
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: Set parameters to 0 maxbps, 16 window size
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: Made a OUT CALL RPLY packet
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: Starting call (launching pppd, opening GRE)
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: pty_fd = 5
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: tty_fd = 6
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: I wrote 32 bytes to the client.
Mar 3 11:54:28 starbird pptpd[2382]: CTRL: Sent packet to client
Mar 3 11:54:28 starbird pptpd[2383]: CTRL (PPPD Launcher): Connection speed = 460800
Mar 3 11:54:28 starbird pptpd[2383]: CTRL (PPPD Launcher): local address = 192.168.1.1
Mar 3 11:54:28 starbird pptpd[2383]: CTRL (PPPD Launcher): remote address = 192.168.1.247
Mar 3 11:54:29 starbird kernel: CSLIP: code copyright 1989 Regents of the University of California
Mar 3 11:54:29 starbird kernel: CSLIP: code copyright 1989 Regents of the University of California
Mar 3 11:54:29 starbird kernel: PPP generic driver version 2.4.2
Mar 3 11:54:29 starbird pppd[2383]: pppd 2.4.2b1 started by root, uid 0
Mar 3 11:54:29 starbird pppd[2383]: Using interface ppp0
Mar 3 11:54:29 starbird pppd[2383]: Connect: ppp0 <--> /dev/pts/0
Mar 3 08:53:02 starbird last message repeated 2 times
Mar 3 11:54:29 starbird /etc/hotplug/net.agent: assuming ppp0 is already up
Mar 3 11:54:29 starbird kernel: PPP MPPE Compression module registered
Mar 3 11:54:29 starbird pppd[2383]: CHAP peer authentication succeeded for leonard
Mar 3 11:54:29 starbird pppd[2383]: MPPE required but peer negotiation failed
Mar 3 11:54:29 starbird pppd[2383]: Connection terminated.
Mar 3 11:54:29 starbird pppd[2383]: Connect time 0.0 minutes.
Mar 3 11:54:29 starbird pppd[2383]: Sent 29 bytes, received 65 bytes.
Mar 3 11:54:29 starbird pppd[2383]: Connect time 0.0 minutes.
Mar 3 11:54:29 starbird pppd[2383]: Sent 29 bytes, received 65 bytes.
Mar 3 11:54:29 starbird pppd[2383]: Exit.
Mar 3 11:54:29 starbird pptpd[2382]: GRE: read(fd=5,buffer=804d940,len=8196) from PTY failed: status = -1 error = Input/output error
Mar 3 11:54:29 starbird pptpd[2382]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
Mar 3 11:54:29 starbird pptpd[2382]: CTRL: Client 24.169.5.115 control connection finished
Mar 3 11:54:29 starbird pptpd[2382]: CTRL: Exiting now
Mar 3 11:54:29 starbird pptpd[2181]: MGR: Reaped child 2382
Mar 3 11:54:29 starbird /etc/hotplug/net.agent: NET unregister event not supported
Here's the output of "iptables -L -t filter":
Chain INPUT (policy DROP)
target prot opt source destination
icmpIn icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
InputAllowLocals all -- anywhere anywhere
InboundTCP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc
gre-in gre -- anywhere anywhere
denylog gre -- anywhere anywhere
denylog all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ForwardAllowLocals all -- anywhere anywhere
denylog all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
icmpOut icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
ACCEPT all -- anywhere anywhere
Chain ForwardAllowLocals (1 references)
target prot opt source destination
ForwardAllowLocals_1231 all -- anywhere anywhere
Chain ForwardAllowLocals_1231 (1 references)
target prot opt source destination
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere 192.168.1.0/24
Chain InboundTCP (1 references)
target prot opt source destination
InboundTCP_1231 all -- anywhere anywhere
denylog tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
Chain InboundTCP_1231 (1 references)
target prot opt source destination
denylog all -- anywhere !roc-24-169-6-61.rochester.rr.com
tcp_in_113 tcp -- anywhere anywhere tcp dpt:auth
denylog tcp -- anywhere anywhere tcp dpt:auth
tcp_in_21 tcp -- anywhere anywhere tcp dpt:ftp
denylog tcp -- anywhere anywhere tcp dpt:ftp
tcp_in_80 tcp -- anywhere anywhere tcp dpt:www
denylog tcp -- anywhere anywhere tcp dpt:www
tcp_in_443 tcp -- anywhere anywhere tcp dpt:https
denylog tcp -- anywhere anywhere tcp dpt:https
tcp_in_143 tcp -- anywhere anywhere tcp dpt:imap2
denylog tcp -- anywhere anywhere tcp dpt:imap2
tcp_in_389 tcp -- anywhere anywhere tcp dpt:ldap
denylog tcp -- anywhere anywhere tcp dpt:ldap
tcp_in_110 tcp -- anywhere anywhere tcp dpt:pop3
denylog tcp -- anywhere anywhere tcp dpt:pop3
tcp_in_1723 tcp -- anywhere anywhere tcp dpt:1723
denylog tcp -- anywhere anywhere tcp dpt:1723
tcp_in_25 tcp -- anywhere anywhere tcp dpt:smtp
denylog tcp -- anywhere anywhere tcp dpt:smtp
tcp_in_22 tcp -- anywhere anywhere tcp dpt:ssh
denylog tcp -- anywhere anywhere tcp dpt:ssh
tcp_in_23 tcp -- anywhere anywhere tcp dpt:telnet
denylog tcp -- anywhere anywhere tcp dpt:telnet
Chain InputAllowLocals (1 references)
target prot opt source destination
InputAllowLocals_1231 all -- anywhere anywhere
Chain InputAllowLocals_1231 (1 references)
target prot opt source destination
ACCEPT all -- 192.168.1.0/24 anywhere
Chain denylog (36 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain gre-in (1 references)
target prot opt source destination
denylog all -- anywhere !roc-24-169-6-61.rochester.rr.com
ACCEPT all -- anywhere anywhere
Chain icmpIn (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
denylog all -- anywhere anywhere
Chain icmpOut (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
denylog all -- anywhere anywhere
Chain tcp_in_110 (1 references)
target prot opt source destination
denylog all -- anywhere anywhere
denylog all -- anywhere anywhere
Chain tcp_in_113 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
denylog all -- anywhere anywhere
Chain tcp_in_143 (1 references)
target prot opt source destination
denylog all -- anywhere anywhere
denylog all -- anywhere anywhere
Chain tcp_in_1723 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
denylog all -- anywhere anywhere
Chain tcp_in_21 (1 references)
target prot opt source destination
denylog all -- anywhere anywhere
denylog all -- anywhere anywhere
Chain tcp_in_22 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
denylog all -- anywhere anywhere
Chain tcp_in_23 (1 references)
target prot opt source destination
denylog all -- anywhere anywhere
denylog all -- anywhere anywhere
Chain tcp_in_25 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
denylog all -- anywhere anywhere
Chain tcp_in_389 (1 references)
target prot opt source destination
denylog all -- anywhere anywhere
denylog all -- anywhere anywhere
Chain tcp_in_443 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
denylog all -- anywhere anywhere
Chain tcp_in_80 (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
denylog all -- anywhere anywhere
1 Replies
475 Views