Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Len Parker on February 26, 2003, 08:01:06 PM
-
I'm trying to VPN in from home using win98SE to a 5.6 box
Previously could VPN into a 5.5 box by after running this command from root
/sbin/e-smith/config masq ipsec yes
/sbin/e-smith/signal-event remoteaccess-update
Recently now have setup a 5.6 box but can't VPN in yet from home after doing the following from root:
/sbin/e-smith/config masq ipsec yes
/sbin/e-smith/signal-event remoteaccess-update
service ipsec start
"ipsec verify" produced the following:
Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path [OK]
Checking for KLIPS support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
DNS checks.
Looking for forward key for starbird [OK]
Looking for KEY in reverse map: 204.8.169.24.in-addr.arpa [FAILED]
Does the machine have at least one non-private address [OK]
I'm not experienced enough to to proceed from here to correct the situation.
Attempting to VPN in produces a 645 error from Windows 98 DUN VPN
Both connections are using a dynamic IP address from Road Runner. Before attempting to connect, I do make sure I'm using the correct IP for the e-smith
Can anyone point me in the right direction
Thanks
-
Are you trying to make an IPSec or PPTP connection?
FYI, there is a bug in the PPTP stuff in 5.6. A search should bring up plenty of info on it...
-
I found the threads on the 5.6 VPN bug and created a custom template with the two lines commented out, expanded the template & rebooted. Then I checked the /etc/rc.d/init.d/masq and saw the two lines commented out. I'll test it later from another site and see if it works. Thanks for the info.
-
Hi Len,
I was having major problems with PPTP on SME 5.6. Mainly dropped connections. The fix to comment out those two lines has made connections VERY stable.
Cheers,
Gary
-
After modifying the source template & completing the changes I'm still unable to VPN in from another site.
Here's part of the messages log. Can anyone help determine why I couldn't make the connection? Thanks
Feb 27 14:06:01 starbird pppd[2374]: CHAP peer authentication succeeded for leonard
Feb 27 14:06:01 starbird pppd[2374]: MPPE required but peer negotiation failed
Feb 27 14:06:01 starbird pppd[2374]: Connection terminated.
Feb 27 14:06:01 starbird pppd[2374]: Connect time 0.0 minutes.
Feb 27 14:06:01 starbird pppd[2374]: Sent 29 bytes, received 65 bytes.
Feb 27 14:06:01 starbird pppd[2374]: Connect time 0.0 minutes.
Feb 27 14:06:01 starbird pppd[2374]: Sent 29 bytes, received 65 bytes.
Feb 27 14:06:01 starbird pppd[2374]: Exit.
Feb 27 14:06:01 starbird pptpd[2373]: GRE: read(fd=5,buffer=804d940,len=8196) from PTY failed: status = -1 error = Input/output error
Feb 27 14:06:01 starbird pptpd[2373]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
Feb 27 14:06:01 starbird pptpd[2373]: CTRL: Client 24.169.14.180 control connection finished
Feb 27 14:06:01 starbird pptpd[2373]: CTRL: Exiting now
Feb 27 14:06:01 starbird pptpd[2175]: MGR: Reaped child 2373
Feb 27 14:06:01 starbird /etc/hotplug/net.agent: NET unregister event not supported
-
Len Parker wrote:
>
> Feb 27 14:06:01 starbird pptpd[2373]: GRE:
> read(fd=5,buffer=804d940,len=8196) from PTY failed: status =
> -1 error = Input/output error
> Feb 27 14:06:01 starbird pptpd[2373]: CTRL: PTY read or GRE
> write failed (pty,gre)=(5,6)
> Feb 27 14:06:01 starbird pptpd[2373]: CTRL: Client
> 24.169.14.180 control connection finished
> Feb 27 14:06:01 starbird pptpd[2373]: CTRL: Exiting now
Do you have a router or anything else between the SME and the internet connection? A lot of times people don't forward GRE (protocol 47), which causes errors like this. However, I think the 5.6 bug may have been like that too.
At this point, the easiest way to do VPN stuff seems to be to use 5.5 instead...
-
Bill Talcott Asked
Do you have a router or anything else between the SME and the internet connection? A lot of times people don't forward GRE (protocol 47), which causes errors like this. However, I think the 5.6 bug may have been like that too.
Answer-
No Router between SME & Internet
-
Found the problem. Although I was using the same settings for Window DUN that worked with 5.5 it didn't work with 5.6. I found that the properties for DUN must be set to encrypt password and encrypt data. After those settings were made everything worked fine.
Thanks for all the help
-
IN WINDOWS XP VPN CLIENT don't work
-
>Raffaele Capasso
>Wrote
>IN WINDOWS XP VPN CLIENT don't work
Raffe,
I was only able to get one good connection & I haven't been able to connect since. If you want to use VPN you probably need to install SME v5.5. VPN issues are all over this board and no one seems to be able to resolve the problem. Be sure to look at the "messages" log in the Server-Manager. You will probably see where PPTP was trying to make a connection and then it disconnects because it can't negotiate the GRE for PPTP. I think it's a "net filter" problem but haven't been able to fix it.
Also on the Windows side make sure you are logged in with the same user name, password & domain for the SME file share you are trying to VPN with.
I have since removed v5.6 and installed v5.5 on each of the sites I need to VPN with. I'll be watching for a patch before I give it another try.
Let me know how you make out.
Regards
Len Parker