Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: turtle2472 on December 05, 2007, 11:41:11 PM
-
I have set SME 7.2 (all the latest updates) to allow 3 users to connect via PPTP with only 3 users allow VPN rights. When I attempt to connect it fails every time.
I either get:Registering you computer on the network...
Error 734: The PPP link control protocol was terminated.
or I get:Could not negotiate a connection with the remote ppp server. Please verify your settings and try again.
Using the default PPTP VPN configuration I have my address set as mydomain.dyndns.org and then my user name and password for my SME account. I am getting the same error when attempting to connect via Mac or PC with standard settings in both. And I also am unable to connect via my cell phone (WM6 HTC TyTN II (http://www.htc.com/product/03-product_tytn_II.htm)). Is there something I'm missing?
I've read and re-read the section on VPN (http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11#PPTP_.28VPN.29) in the documentation and it doesn't seem like it should be this challenging. I've also disabled and re-enabled PPTP VPN in hopes it might work. :? I've attempted
-
I am getting the same error when attempting to connect via Mac or PC with standard settings in both. And I also am unable to connect via my cell phone (WM6 HTC TyTN II). Is there something I'm missing?
Obviously, your trying to connect outside the network with the cell phone.
How are you trying to tunnel in with Mac or PC - from inside your network or outside?
Is the SME 7.2 running in gateway or server only mode?
-
Obviously, your trying to connect outside the network with the cell phone.
How are you trying to tunnel in with Mac or PC - from inside your network or outside?
Outside of my network. I would just hop onto someone else's signal (I have about 10+ APs at any given time and about half unsecured) and attempt to sign in. On my PC I would share my connection with my cell phone as well as hop onto other wireless APs.
Is the SME 7.2 running in gateway or server only mode?
It's running in servergateway mode. No router between it and my cable modem. It is a dynamic IP, but I verified it's FQDN is resolving correctly by viewing a web page from outside the network. I have 55 open DHCP addresses available too.
-
hi
it seems to be a GRE protocol issue
pptp vpn needs tcp port 1723 and protocol 47 (GRE)..
many isps, expecially mobile ones, block the last one.
Hth
ciao
Stefano
-
Ok, so now I just need to find out if my ISP and mobile provider are blocking those ports.
Is there any other possibility?
-
Ok, so now I just need to find out if my ISP and mobile provider are blocking those ports.
well.. you can do something like
grep -i pp*pd /var/log/messages
and see if there is an error
HTH
Ciao
Stefano
-
Ok, this is what I get for one of the sessions in the log, they are all the same with the exception of the time:
Dec 5 180:07:52 lenny pppd[31995]: Plugin radius.so loaded
Dec 5 180:07:52 lenny pppd[31995]: RADIUS plugin initialized.
Dec 5 180:07:52 lenny pppd[31995]: pppd 2.4.4 started by root, uid 0
Dec 5 180:07:52 lenny pppd[31995]: Using interface ppp0
Dec 5 180:07:52 lenny pppd[31995]: Connect: ppp0 <--> /dev/pts/0
Dec 5 180:07:55 lenny pppd[31995]: MPPE required, but kernel has no support.
Dec 5 180:07:55 lenny pppd[31995]: Connection terminated.
Dec 5 180:07:55 lenny pppd[31995]: Connect time 0.1 minutes.
Dec 5 180:07:55 lenny pppd[31995]: Sent 0 bytes, recieved 0 bytes.
Dec 5 180:07:55 lenny pppd[31995]: Exit.
Dec 5 180:07:55 lenny pptpd[31995]: GRE: read(fd=6,buffer=804e5a0,len=8196) from d termination of pppd, check option syntax and pppd logs
-
>Dec 5 180:07:55 lenny pppd[31995]: MPPE required, but kernel has no support.
This is usually caused by kernel/kmod mismatch. What do the following show?
rpm -qa kernel*
rpm -qa kmod*
uname -r
-
>Dec 5 180:07:55 lenny pppd[31995]: MPPE required, but kernel has no support.
This is usually caused by kernel/kmod mismatch. What do the following show?
rpm -qa kernel*
kernel-utils-2.4-13.1.99
kernel-2.6.9-55.0.6.EL
kernel-2.6.9-55.0.9.EL
kernel-2.6.9-55.0.12.EL
kernel-2.6.9-55.0.2.EL
rpm -qa kmod*
kmod-slip-1.0-2.2.6.9_55.0.12.EL
kmod-ppp-1.0.2-2.2.6.9_55.0.12.EL
kmod-appletalk-1.0-2.2.6.9_55.0.12.EL
uname -r
2.6.9-55.0.2.EL
-
turtle2472
Looks like you are booting to a older (different than kmod) kernel.
Edit /boot/grub/grub.conf and change
default=0
where your first listed kernel is
2.6.9-55.0.12.ELsmp
It's OK to run the smp kernel on single processor systems.
Then see if that fixes your VPN issue.
You can also select the "correct" kernel at start up if you are quick.
-
turtle2472
Looks like you are booting to a older (different than kmod) kernel.
Edit /boot/grub/grub.conf and change
default=0
where your first listed kernel is
2.6.9-55.0.12.ELsmp
It's OK to run the smp kernel on single processor systems.
Then see if that fixes your VPN issue.
You can also select the "correct" kernel at start up if you are quick.
I don't know how to edit it. I just don't know *inx well enough. I have SSH connected to the server but don't know how to edit that file. :/
-
turtle2472
You can select the correct kernel at startup when the appropriate screen is displayed (ie a list of kernels), and I think that selection remains permanently changed. It's only on for a few seconds so be quick.
Otherwise login as root & do
pico -w /boot/grub/grub.conf
CAREFULLY make any necessary changes eg assuming the first listed kernel is what you want then change the line to read.
default=0
Ctrl o (to save)
Ctrl x (to exit)
then reboot.
-
turtle2472
You can select the correct kernel at startup when the appropriate screen is displayed (ie a list of kernels), and I think that selection remains permanently changed. It's only on for a few seconds so be quick.
Otherwise login as root & do
pico -w /boot/grub/grub.conf
CAREFULLY make any necessary changes eg assuming the first listed kernel is what you want then change the line to read.
default=0
Ctrl o (to save)
Ctrl x (to exit)
then reboot.
Ok, I have done the command line edit and here are my results:
[root@lenny ~]# rpm -qa kernel*
kernel-utils-2.4-13.1.99
kernel-2.6.9-55.0.6.EL
kernel-2.6.9-55.0.9.EL
kernel-2.6.9-55.0.12.EL
kernel-2.6.9-55.0.2.EL
[root@lenny ~]# rpm -qa kmod*
kmod-slip-1.0-2.2.6.9_55.0.12.EL
kmod-ppp-1.0.2-2.2.6.9_55.0.12.EL
kmod-appletalk-1.0-2.2.6.9_55.0.12.EL
[root@lenny ~]# uname -r
2.6.9-55.0.12.EL
I haven't tried connecting yet because I'm pressed for time and will have to test later. Does this look right though?
-
turtle2472
rpm -qa kmod*
kmod-slip-1.0-2.2.6.9_55.0.12.EL
kmod-ppp-1.0.2-2.2.6.9_55.0.12.EL
kmod-appletalk-1.0-2.2.6.9_55.0.12.EL
uname -r
2.6.9-55.0.12.EL
Does this look right though?
The kernel & module versions you are running now match, so that should have removed any VPN issues associated with mismatching.
-
turtle2472
The kernel & module versions you are running now match, so that should have removed any VPN issues associated with mismatching.
Thank you all so much for this help. I have now been able to connect with my Mac and PC using an external connection (read: neighbors unsecured WiFi). This is a major step for me though I don't know when I lost my ability to VPN because the last time I needed it was back in early October.
I have been able to connect via tethering my cell phone now too. I'm still having an issue with connecting directly from the cell phone, but this is clearly an issue on my end with configuration since my server is connecting when being used as a modem for XP and when connecting through WiFi from both Mac and XP.
Thanks again everyone who helped out, I wouldn't have had a clue how to fix this. I am curious though as to what caused the mismatch? Any ideas? I don't want this to happen again if I can help it, though at least now I can refer back to this thread to check.
-
How can I give rep points around here? I'd love to give a cookie to all those who helped me fix my VPN issue but I can't figure out how to do it. :???:
-
How can I give rep points around here? I'd love to give a cookie to all those who helped me fix my VPN issue but I can't figure out how to do it. :???:
Sorry, only Global Moderators, Dev Team and Admins are allowed to do that.
-
Sorry, only Global Moderators, Dev Team and Admins are allowed to do that.
Oh, well I hope they get passed out then. :)
-
I'm having a challenge again. :???:
[root@lenny ~]# grep -i pp*pd /var/log/messages
Jul 12 02:59:20 lenny esmith::event[2971]: expanding /var/service/wan/pppoe.pppd.conf
Jul 12 03:05:46 lenny pptpd[5536]: CTRL: Starting call (launching pppd, opening GRE)
Jul 12 03:05:46 lenny pppd[5537]: Plugin radius.so loaded.
Jul 12 03:05:46 lenny pppd[5537]: RADIUS plugin initialized.
Jul 12 03:05:46 lenny pppd[5537]: pppd 2.4.4 started by root, uid 0
Jul 12 03:05:46 lenny pppd[5537]: Using interface ppp0
Jul 12 03:05:46 lenny pppd[5537]: Connect: ppp0 <--> /dev/pts/0
Jul 12 03:06:16 lenny pppd[5537]: Modem hangup
Jul 12 03:06:16 lenny pppd[5537]: Connection terminated.
Jul 12 03:06:16 lenny pppd[5537]: Exit.
[root@lenny ~]# rpm -qa kernel*
kernel-2.6.9-67.0.4.EL
kernel-2.6.9-55.0.6.EL
kernel-2.6.9-55.0.9.EL
kernel-2.6.9-55.0.12.EL
kernel-2.6.9-67.0.7.EL
kernel-utils-2.4-13.1.105
kernel-2.6.9-55.0.2.EL
kernel-2.6.9-67.0.1.EL
warning: only V3 signatures can be verified, skipping V4 signature
[root@lenny ~]# rpm -qa kmod*
kmod-slip-1.0-2.2.6.9_67.0.7.EL
kmod-ppp-1.0.2-2.2.6.9_67.0.7.EL
kmod-appletalk-1.0-2.2.6.9_67.0.7.EL
warning: only V3 signatures can be verified, skipping V4 signature
Now to see what to do about it this time. Any help would be greatly appreciated. :) I get the same error messages when trying to connect as before. Something about not being able to negotiate the connection.
-
turtle2472
You can select the correct kernel at startup when the appropriate screen is displayed (ie a list of kernels), and I think that selection remains permanently changed. It's only on for a few seconds so be quick.
Otherwise login as root & do
pico -w /boot/grub/grub.conf
CAREFULLY make any necessary changes eg assuming the first listed kernel is what you want then change the line to read.
default=0
Ctrl o (to save)
Ctrl x (to exit)
then reboot.
Never mind, I got impatient and decided to try this again. It worked. default=2 was the state when I found it and I changed it to 0. all is fine now. :)
So why does this or how does this mix up happen? Am I the only one effected by it or are other SME users too? Is there something I can do differently to make sure this mixup doesn't happen again?