Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Devlyn Davis on April 09, 2002, 10:35:01 PM
-
Hi Folks,
I had difficulties connecting via PPTP when my SME box was behind my router. I have since moved the SME box to the 'front' of the connection and changed (reinstalled) SME to server and gateway. SME is basically functioning as my router now.
Well, I am having the same problem I was having before, in that when I try to connect to my SME box via PPTP, the client times out and I get the 619 error. I am using Windows 2000 as the client.
My question is this: I am behind a firewall here at work. Is there anything in particular that has to be configured to allow a VPN connection from within our firewall? Below is an excerpt from my logs. Note that it lists my external connection as 192.188.1.247...is that correct? Does the box automatically assign that address for outbound connections? Thanks for any insight.
Apr 9 09:24:01 smeserver pptpd[15357]: MGR: Launching /usr/sbin/pptpctrl to handle client
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: local address = 192.168.1.111
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: remote address = 192.168.1.247
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: pppd speed = 460800
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: pppd options file = /etc/ppp/options.pptpd
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: Client 65.207.169.236 control connection started
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: Received PPTP Control Message (type: 1)
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: Made a START CTRL CONN RPLY packet
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: I wrote 156 bytes to the client.
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: Sent packet to client
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: Received PPTP Control Message (type: 7)
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: 0 min_bps, 1525 max_bps, 32 window size
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: Made a OUT CALL RPLY packet
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: Starting call (launching pppd, opening GRE)
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: pty_fd = 5
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: tty_fd = 6
Apr 9 09:24:01 smeserver pptpd[15358]: CTRL (PPPD Launcher): Connection speed = 460800
Apr 9 09:24:01 smeserver pptpd[15358]: CTRL (PPPD Launcher): local address = 192.168.1.111
Apr 9 09:24:01 smeserver pptpd[15358]: CTRL (PPPD Launcher): remote address = 192.168.1.247
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: I wrote 32 bytes to the client.
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: Sent packet to client
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: Received PPTP Control Message (type: 15)
Apr 9 09:24:01 smeserver pptpd[15357]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Apr 9 09:24:02 smeserver modprobe: modprobe: Can't locate module char-major-108
Apr 9 09:24:02 smeserver pppd[15358]: pppd 2.4.0 started by root, uid 0
Apr 9 09:24:02 smeserver pppd[15358]: Using interface ppp1
Apr 9 09:24:02 smeserver pppd[15358]: Connect: ppp1 <--> /dev/pts/1
Apr 9 09:24:32 smeserver pppd[15358]: LCP: timeout sending Config-Requests
Apr 9 09:24:32 smeserver pppd[15358]: Connection terminated.
Apr 9 09:24:32 smeserver pppd[15358]: Exit.
Apr 9 09:24:32 smeserver pptpd[15357]: Error reading from pppd: Input/output error
Apr 9 09:24:32 smeserver pptpd[15357]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5)
Apr 9 09:24:32 smeserver pptpd[15357]: CTRL: Client 65.207.169.236 control connection finished
Apr 9 09:24:32 smeserver pptpd[15357]: CTRL: Exiting now
Apr 9 09:24:32 smeserver pptpd[13193]: MGR: Reaped child 15357
-
I've had no problems with Win95/98/XP connecting to SME 5.0, and logging on to our NT4 PDC behind it, other than a few DUN issues on the clients...
Can you try the PPTP connection from outside the firewall? Firewalls are designed to stop connections that do/don't meet certain requirements. If you don't have access to those settings, it's hard to say exactly what is and isn't blocked. Using a direct connection from elsewhere is the easiest way to see if the firewall is the problem.
When the client connects, it is given an IP by the SME for its tunnelled connection. I'd guess that's what the "remote address = 192.168.1.247" is, but I don't know for sure.
-
Looks like your firewall is blocking GRE.
Apr 9 09:24:32 smeserver pptpd[15357]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5)
Try connecting from a dial up or some other connection without a firewall in the way.
-
Thanks Guys,
After dialing up via modem, I was able to connect to my SME box w/no problems.
-Dev
-
If you are interested in opening the ports on your router (if you are allowed to) ports used by PPTP are GRE on port 47 & TCP on 1723. There is a reasonable description of VPN in the Linux Documentation Project HOWTO on VPN
http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO.html
quick extract
<<
The control channel is a standard TCP connection to port 1723 on the server. The data channel carrying the private network traffic uses IP protocol number 47 (GRE), a generic encapsulation protocol described in RFC1701. The transparent transmission of data over the data channel is achieved by negotiating a standard PPP connection over it, just as if it were a dialup connection directly from the client to the server. The options negotiated over the tunnel by PPP control whether the data is compressed and/or encrypted, thus PPTP itself has nothing to do with encryption.
>>
Trevor B
Devlyn Davis wrote:
>
>
> My question is this: I am behind a firewall here at work.
> Is there anything in particular that has to be configured to
> allow a VPN connection from within our firewall?
>
-
http://forums.contribs.org/index.php?topic=13306.msg50382#msg50382 has some info that might be helpful too.