Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Neville Caine on October 10, 2002, 04:22:54 PM
-
Recently installed e-smith 5.1.2 to a small business site. Email and gateway working well with customers existing dial-up connection. Have now moved on to trying to provide remote access to a file server on the private network and remote administration of e-smith box.
For remote administration managed to connect with SSH after changing the port for SSH from 22 to 4xxxx to avoid the customer's ISP port blocking.
When trying to connect with Win98 VPN client I get a number of different responses. The two most frequent are VPN Connection Refused and Connection Terminated. In the connection terminated case the connection appears to be made and is then dropped immediately.
The user account name on the e-smith gateway is not the same as the account name on the private network file server. I am assuming that once I get connected to the LAN I can then map a drive with UNC eg \ourServer
Have had a good look at documentation and also searched forum. Anyone have similar experiences? Any help greatly appreciated.
Thanks
Neville
-
You need to logon to the VPN connection with an SME username/password like you would with a dialup ISP. You need to have DUN 1.4 (128-bit upgrade) installed. I have had flaky problems after installing DUN 1.4, that were fixed by reinstalling the DUN 1.4 patch, so maybe try that.
-
First off, make sure you are running 128-bit encryption! Documentation on this site clearly states that anything below 128-bit will be dropped (which explains the connection terminated errors). Use a Win2k pro box w/ sp2, which automatically upgrades you to 128 bit encryption and then see if it works.
-
Thanks for the reply Bill & Lennox. I have made sure that the encyption is not an issue and am using 128bit as e-smith requires.
I have been able to extract information from the messages log that (I think) shows one of the VPN connections I attempted (refer below). I am not sure what the log may reveal as I am getting toward the limits of my knowledge about Linux.
Does the message log provide any clues to what the problem may be? Any further assistance appreciated.
Thanks
Neville
============Start Message Log Extract===============
Oct 11 14:03:56 e-smith pptpd[6846]: CTRL: pppd options file = /etc/ppp/options.pptpd
Oct 11 14:03:56 e-smith pptpd[6846]: CTRL: Client 202.7.177.133 control connection started
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: Received PPTP Control Message (type: 1)
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: Made a START CTRL CONN RPLY packet
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: I wrote 156 bytes to the client.
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: Sent packet to client
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: Received PPTP Control Message (type: 7)
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: 0 min_bps, 0 max_bps, 32 window size
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: Made a OUT CALL RPLY packet
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: Starting call (launching pppd, opening GRE)
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: pty_fd = 5
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: tty_fd = 6
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: I wrote 32 bytes to the client.
Oct 11 14:03:59 e-smith pptpd[6846]: CTRL: Sent packet to client
Oct 11 14:03:59 e-smith pptpd[6847]: CTRL (PPPD Launcher): Connection speed = 460800
Oct 11 14:03:59 e-smith pptpd[6847]: CTRL (PPPD Launcher): local address = 192.0.0.100
Oct 11 14:03:59 e-smith pptpd[6847]: CTRL (PPPD Launcher): remote address = 192.0.0.169
Oct 11 14:03:59 e-smith modprobe: modprobe: Can't locate module char-major-108
Oct 11 14:03:59 e-smith pppd[6847]: pppd 2.4.0 started by root, uid 0
Oct 11 14:03:59 e-smith pppd[6847]: Using interface ppp1
Oct 11 14:03:59 e-smith pppd[6847]: Connect: ppp1 <--> /dev/pts/1
Oct 11 14:04:00 e-smith pptpd[6846]: Buffering out-of-order packet; got 1 after 4294967295
Oct 11 14:04:03 e-smith pptpd[6846]: Packet reorder timeout waiting for 0
Oct 11 14:04:03 e-smith pptpd[6846]: Buffering out-of-order packet; got 2 after 0
Oct 11 14:04:04 e-smith pppd[6847]: MSCHAP-v2 peer authentication succeeded for *username*
Oct 11 14:04:06 e-smith pppd[6847]: found interface eth0 for proxy arp
Oct 11 14:04:06 e-smith pppd[6847]: local IP address 192.0.0.100
Oct 11 14:04:06 e-smith pppd[6847]: remote IP address 192.0.0.169
Oct 11 14:04:07 e-smith pppd[6847]: Connection terminated.
Oct 11 14:04:07 e-smith pppd[6847]: Connect time 0.2 minutes.
Oct 11 14:04:07 e-smith pppd[6847]: Sent 676 bytes, received 623 bytes.
Oct 11 14:04:07 e-smith e-smith[6860]: Processing event: ip-up.pptpd ppp1 /dev/pts/1 460800 192.0.0.100 192.0.0.169 pptpd
Oct 11 14:04:07 e-smith e-smith[6864]: Processing event: ip-down ppp1 /dev/pts/1 460800 192.0.0.100 192.0.0.169 pptpd
Oct 11 14:04:07 e-smith e-smith[6864]: Running event handler: /etc/e-smith/events/ip-down/S50isdn-down-notify
Oct 11 14:04:08 e-smith e-smith[6864]: S50isdn-down-notify=action|Event|ip-down|Action|S50isdn-down-notify|Start|1034309047 9
64426|End|1034309048 736111|Elapsed|0.771685
Oct 11 14:04:08 e-smith pppd[6847]: Exit.
Oct 11 14:04:08 e-smith pptpd[6846]: Error reading from pppd: Input/output error
Oct 11 14:04:08 e-smith pptpd[6846]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5)
Oct 11 14:04:08 e-smith pptpd[6846]: CTRL: Client 202.7.177.133 control connection finished
Oct 11 14:04:08 e-smith pptpd[6846]: CTRL: Exiting now
===================End Message Log Extract=====================
-
Neville Caine wrote:
>
> Oct 11 14:04:08 e-smith pptpd[6846]: CTRL: GRE read or PTY
> write failed (gre,pty)=(6,5)
Is the GRE protocol (47) blocked by a firewall or the ISP?
Also, have you tried reinstalling DUN 1.4? I've had weird problems where it would disconnect after two seconds or so, and reinstalling DUN 1.4 fixed it for some reason... I don't understand it, but it's something easy and quick to try.
-
Thanks Bill.
I think you might be on to something in regard to GRE and blocked ports. The ISP that my customer is using has a policy of blocking all ports below 1024. I had to modify the port that SSH ran on to be able to connect for remote admin.
I'll double check with the ISP on the port blocking issue and if they confirm this I'll then look at how I can tell GRE to use a different port.
Neville
-
Well so far I've at least learnt that GRE is protocol 47 and this is different to Port 47. The investigation goes on.
Nev