LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 11-22-2008, 11:56 AM   #1
cmnorton
Member
 
Registered: Feb 2005
Distribution: Ubuntu, CentOS
Posts: 585

Rep: Reputation: 35
pptp gets modem hung up outside firewall, but not inside firewall


I believe I have configured kvpnc (Kubuntu) properly. It works inside our firewall connecting to the wan vpn address. Outside the firewall, it appears that after the initial connection, a delay needs inserting. That is my pptp client is bailing after a zero length read.

What parameters control delay after initial connection and which config files are involved?

Here are the log results:

root@mrshighpants:/var/log# tail syslog
pptp[10092]: anon log[ctrlp_dispptp_ctrl.c:857]: Received Outgoing Call Reply.
pptp[10092]: anon log[ctrlp_dispptp_ctrl.c:896]: Outgoing call established (call ID 0, peer's call ID 101).
pptp[10092]: anon log[pptp_read_someptp_ctrl.c:543]: read returned zero, peer has closed
pptp[10092]: anon log[callmgr_mainptp_callmgr.c:255]: Closing connection (shutdown)
pptp[10092]: anon log[ctrlp_repptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
pptp[10092]: anon log[pptp_read_someptp_ctrl.c:543]: read returned zero, peer has closed
pptp[10092]: anon log[call_callbackptp_callmgr.c:78]: Closing connection (call state)
pppd[10087]: Modem hangup
pppd[10087]: Connection terminated.
pppd[10087]: Exit.

Any pointers would be appreciated.

Last edited by cmnorton; 11-22-2008 at 12:04 PM. Reason: clean up log
 
Old 11-23-2008, 04:59 AM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Hi,

I don't know how much help I can give you with your problem (but who knows -- maybe a thought will occur to me.) But I am seeing a bunch of "smilies" in your log listing. This wouldn't happen if you wrapped your listing in "code tags." If you need more info, check out the link in my signature.

Also, I don't see any time stamps in your log listing. Not always, but sometimes the timing of messages gives clues as to what is going on.

Last edited by blackhole54; 11-23-2008 at 05:03 AM.
 
Old 11-23-2008, 09:47 AM   #3
cmnorton
Member
 
Registered: Feb 2005
Distribution: Ubuntu, CentOS
Posts: 585

Original Poster
Rep: Reputation: 35
resbumitted logs

Attached is a recent log wrapped in code tags:
Quote:
Nov 23 09:42:55 myserver pptp[7879]: anon log[ctrlp_dispptp_ctrl.c:738]: Received Start Control Connection Reply
Nov 23 09:42:55 myserver pptp[7879]: anon log[ctrlp_dispptp_ctrl.c:772]: Client connection established.
Nov 23 09:42:55 myserver pptp[7879]: anon log[ctrlp_repptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Nov 23 09:42:56 myserver pptp[7879]: anon log[ctrlp_dispptp_ctrl.c:857]: Received Outgoing Call Reply.
Nov 23 09:42:56 myserver pptp[7879]: anon log[ctrlp_dispptp_ctrl.c:896]: Outgoing call established (call ID 0, peer's call ID 103).
Nov 23 09:43:04 myserver pppd[7866]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa3754e0b> <accomp>]
Nov 23 09:43:05 myserver pptp[7879]: anon log[pptp_read_someptp_ctrl.c:543]: read returned zero, peer has closed
Nov 23 09:43:05 myserver pptp[7879]: anon log[callmgr_mainptp_callmgr.c:255]: Closing connection (shutdown)
Nov 23 09:43:05 myserver pptp[7879]: anon log[ctrlp_repptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
Nov 23 09:43:05 myserver pptp[7879]: anon log[pptp_read_someptp_ctrl.c:543]: read returned zero, peer has closed
Nov 23 09:43:05 myserver pptp[7879]: anon log[call_callbackptp_callmgr.c:78]: Closing connection (call state)
Nov 23 09:43:05 myserver pppd[7866]: Script /usr/sbin/pptp --loglevel 1 209.6.3.218 --nolaunchpppd finished (pid 7867), status = 0x0
Nov 23 09:43:05 myserver pppd[7866]: Modem hangup
Nov 23 09:43:05 myserver pppd[7866]: Connection terminated.
Nov 23 09:43:05 myserver pppd[7866]: Exit.
 
Old 11-24-2008, 10:54 AM   #4
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Thanks for the update. I've not come up with any ideas, but poking around has revealed to me that kvpnc is just a front end. In your case, I believe it is pptpclient that is doing the real work. So at the risk of telling you something you already know, I would suggest that Internet searches might be more productive with the term pptp or pptpclient than with the term kvpnc.

I did find a fairly extensive diagnostic page here. A quick search using keywords didn't reveal anything hopeful, but I didn't look at it in detail. You might want to take a look at it and see if it is any help. In particular, I noted it had instructions on using tcpdump (a packet sniffer) for troubleshooting. You might find that to be useful. It also has a fault tree which might help.

Also, I'm not trying to be a nag, but in your last post you quoted the log output instead of using code tags. The effect is quite different. If you are clicking on the icon to use the tags, the icon for code tags is the hash mark (#) right next to the icon for quoting. The "quick reply" box does not have this icon.
 
Old 11-27-2008, 01:04 AM   #5
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
After receiving some information about pptp in another thread and doing some Internet searching and looking at the Wikipedia articles on pptp and GRE, I see that pptp actually uses two streams: GRE for the tunneling and TCP for control. As such it can be tricky to pass through firewalls and NAT devices. So when you are outside your corporate firewall, you might have failure either at the corporate firewall and/or at your own router/NAT device.

You might want to take a look at this link that LQ member mostlyharmless kindly provided. It tells (as I read it) what needs to be done at the corporate firewall to let a pptp connection through. In particular, the firewall must allow GRE packets through and route them correctly in addition to allowing the TCP/1723 packets through.

Likewise, your DSL router (or whatever you are using at home) must allow the GRE packets through and route them correctly. (If you have a firewall on your client machine, it must also track these packets correctly. But since you didn't have problems when behind the corporate firewall, I assume this is not an issue.) I also noted that one of the comment posters on the technet link above states that "Many consumer grade routers have issues passing GRE Protocol 47 traffic." So perhaps your home router isn't even capable of this. And if you look on that that other LQ thread I linked to you, will see the mostlyharmless remembers a requirement to open one or more ports on the router the client is behind.

I hope this gives you some useful information for troubleshooting further.

Last edited by blackhole54; 11-27-2008 at 01:07 AM. Reason: gramar
 
  


Reply

Tags
kvpnc, pptp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
e-mail clients inside a VPN behind firewall mmn357157 Linux - Software 1 05-05-2007 03:16 PM
I have problems with pptp and firewall redhat 9 bluebird Linux - Software 0 02-24-2004 10:55 AM
Forwarding PPTP through the firewall jsimpson98 Linux - Networking 0 07-08-2003 07:16 AM
IP Forwarding inside my firewall drtbmd Linux - Networking 6 08-22-2002 02:53 PM
Playing Armada2 from inside firewall theFuzzyOne Linux - Networking 0 12-05-2001 10:50 AM


All times are GMT -5. The time now is 09:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration