pptp gets modem hung up outside firewall, but not inside firewall

cmnorton · 11-22-2008, 11:56 AM

I believe I have configured kvpnc (Kubuntu) properly. It works inside our firewall connecting to the wan vpn address. Outside the firewall, it appears that after the initial connection, a delay needs inserting. That is my pptp client is bailing after a zero length read.

What parameters control delay after initial connection and which config files are involved?

Here are the log results:

root@mrshighpants:/var/log# tail syslog
pptp[10092]: anon log[ctrlp_disp

ptp_ctrl.c:857]: Received Outgoing Call Reply.
pptp[10092]: anon log[ctrlp_disp

ptp_ctrl.c:896]: Outgoing call established (call ID 0, peer's call ID 101).
pptp[10092]: anon log[pptp_read_some

ptp_ctrl.c:543]: read returned zero, peer has closed
pptp[10092]: anon log[callmgr_main

ptp_callmgr.c:255]: Closing connection (shutdown)
pptp[10092]: anon log[ctrlp_rep

ptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
pptp[10092]: anon log[pptp_read_some

ptp_ctrl.c:543]: read returned zero, peer has closed
pptp[10092]: anon log[call_callback

ptp_callmgr.c:78]: Closing connection (call state)
pppd[10087]: Modem hangup
pppd[10087]: Connection terminated.
pppd[10087]: Exit.

Any pointers would be appreciated.

blackhole54 · 11-23-2008, 04:59 AM

Hi,

I don't know how much help I can give you with your problem (but who knows -- maybe a thought will occur to me.) But I am seeing a bunch of "smilies" in your log listing. This wouldn't happen if you wrapped your listing in "code tags." If you need more info, check out the link in my signature.

Also, I don't see any time stamps in your log listing. Not always, but sometimes the timing of messages gives clues as to what is going on.

cmnorton · 11-23-2008, 09:47 AM

Attached is a recent log wrapped in code tags:

Quote:

Nov 23 09:42:55 myserver pptp[7879]: anon log[ctrlp_disp

ptp_ctrl.c:738]: Received Start Control Connection Reply
Nov 23 09:42:55 myserver pptp[7879]: anon log[ctrlp_disp

ptp_ctrl.c:772]: Client connection established.
Nov 23 09:42:55 myserver pptp[7879]: anon log[ctrlp_rep

ptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Nov 23 09:42:56 myserver pptp[7879]: anon log[ctrlp_disp

ptp_ctrl.c:857]: Received Outgoing Call Reply.
Nov 23 09:42:56 myserver pptp[7879]: anon log[ctrlp_disp

ptp_ctrl.c:896]: Outgoing call established (call ID 0, peer's call ID 103).
Nov 23 09:43:04 myserver pppd[7866]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa3754e0b> <accomp>]
Nov 23 09:43:05 myserver pptp[7879]: anon log[pptp_read_some

ptp_ctrl.c:543]: read returned zero, peer has closed
Nov 23 09:43:05 myserver pptp[7879]: anon log[callmgr_main

ptp_callmgr.c:255]: Closing connection (shutdown)
Nov 23 09:43:05 myserver pptp[7879]: anon log[ctrlp_rep

ptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
Nov 23 09:43:05 myserver pptp[7879]: anon log[pptp_read_some

ptp_ctrl.c:543]: read returned zero, peer has closed
Nov 23 09:43:05 myserver pptp[7879]: anon log[call_callback

ptp_callmgr.c:78]: Closing connection (call state)
Nov 23 09:43:05 myserver pppd[7866]: Script /usr/sbin/pptp --loglevel 1 209.6.3.218 --nolaunchpppd finished (pid 7867), status = 0x0
Nov 23 09:43:05 myserver pppd[7866]: Modem hangup
Nov 23 09:43:05 myserver pppd[7866]: Connection terminated.
Nov 23 09:43:05 myserver pppd[7866]: Exit.

blackhole54 · 11-24-2008, 10:54 AM

Thanks for the update. I've not come up with any ideas, but poking around has revealed to me that kvpnc is just a front end. In your case, I believe it is pptpclient that is doing the real work. So at the risk of telling you something you already know, I would suggest that Internet searches might be more productive with the term pptp or pptpclient than with the term kvpnc.

I did find a fairly extensive diagnostic page here. A quick search using keywords didn't reveal anything hopeful, but I didn't look at it in detail. You might want to take a look at it and see if it is any help. In particular, I noted it had instructions on using tcpdump (a packet sniffer) for troubleshooting. You might find that to be useful. It also has a fault tree which might help.

Also, I'm not trying to be a nag, but in your last post you quoted the log output instead of using code tags. The effect is quite different. If you are clicking on the icon to use the tags, the icon for code tags is the hash mark (#) right next to the icon for quoting. The "quick reply" box does not have this icon.

blackhole54 · 11-27-2008, 01:04 AM

After receiving some information about pptp in another thread and doing some Internet searching and looking at the Wikipedia articles on pptp and GRE, I see that pptp actually uses two streams: GRE for the tunneling and TCP for control. As such it can be tricky to pass through firewalls and NAT devices. So when you are outside your corporate firewall, you might have failure either at the corporate firewall and/or at your own router/NAT device.

You might want to take a look at this link that LQ member mostlyharmless kindly provided. It tells (as I read it) what needs to be done at the corporate firewall to let a pptp connection through. In particular, the firewall must allow GRE packets through and route them correctly in addition to allowing the TCP/1723 packets through.

Likewise, your DSL router (or whatever you are using at home) must allow the GRE packets through and route them correctly. (If you have a firewall on your client machine, it must also track these packets correctly. But since you didn't have problems when behind the corporate firewall, I assume this is not an issue.) I also noted that one of the comment posters on the technet link above states that "Many consumer grade routers have issues passing GRE Protocol 47 traffic." So perhaps your home router isn't even capable of this. And if you look on that that other LQ thread I linked to you, will see the mostlyharmless remembers a requirement to open one or more ports on the router the client is behind.

I hope this gives you some useful information for troubleshooting further.