PPTP VPN can connect, but cannot ping

terrio · 02-07-2008, 08:36 AM

Hey Guys,

I have been working trying to setup VPN access from my Slack box to a Windows VPN. I have setup PPTP and am able to connect to the VPN but am unable to ping a machine on the other side of the tunnel.

Here is the output of tail /var/log/messages after I call the VPN. It appears I am connected.

Code:

Feb  7 10:32:10 AXE pppd[32321]: CHAP authentication succeeded
Feb  7 10:32:10 AXE pppd[32321]: MPPE 128-bit stateless compression enabled
Feb  7 10:32:11 AXE pppd[32321]: local  IP address 10.22.37.51
Feb  7 10:32:11 AXE pppd[32321]: remote IP address 10.22.127.1

However, now when I try to ping a machine within the VPN it fails. Any idea what I could be missing?

Thanks

bsdunix · 02-07-2008, 09:31 AM

Quote:

However, now when I try to ping a machine within the VPN it fails. Any idea what I could be missing?

Just a guess, maybe the remote network is setup not to accept ping requests or send ping replies.

thecarpy · 02-07-2008, 10:59 AM

1. ping yourself 10.22.37.51
2. the other side 10.22.127.1
3. ping another system in the target network, if that fails, it is a routing issue - I think ;-)

add this route:

route add -net 10.22.0.0 netmask 255.255.0.0 gw 10.22.127.1

if that does not help, please print your routing table ...

terrio · 02-08-2008, 12:02 PM

Thanks all for the info. BSDUNIX you hit the nail on the head, pings are disabled on the network I am trying to connect.
I so I moved forward with thecarpy's suggestion to add the entry to the route table, and then attempted to connect to my
workstation using VNC, however the connection timed out and failed. I am unable to determine why this could be, so I have
included my routing table below. Does everything look ok?

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.22.127.1     *               255.255.255.255 UH    0      0        0 ppp0
localnet        *               255.255.255.0   U     0      0        0 eth0
10.22.0.0       10.22.127.1     255.255.0.0     UG    0      0        0 ppp0
loopback        *               255.0.0.0       U     0      0        0 lo
default         192.168.1.1     0.0.0.0         UG    1      0        0 eth0

Thanks for the help!

terrio · 02-12-2008, 05:59 AM

Thanks for all the help! I now have VPN and VNC working. It turns out that the issue was related to routing. It turns out that the machine I was trying to remote to was on a different subnet, so I had to change the route to allow for this. Thanks again.

koodoo · 02-18-2010, 05:39 AM

Hi,

I am facing almost the same issues (so I am posting here even though the thread is pretty old). I have Slackware64 13 installed and I am trying to connect to my university pptp vpn server. The instructions on the universities webpage specifically mention that "You _must_ disable EAP in the list of Authentication methods. You also _must_ enable the Use Point-to-Point encryption (MPPE) option."

So far I think that I can connect, however I cannot ssh/ping any machine across the tunnel. The output of
pppd call cseVPN dump debug logfd 2 nodetach require-mppe is

Code:

root@knapsacker:~# pppd call cseVPN dump debug logfd 2 nodetach require-mppe                                                                
pppd options in effect:                                                                                                                     
debug           # (from command line)                                                                                                       
nodetach                # (from command line)                                                                                               
logfd 2         # (from command line)                                                                                                       
dump            # (from command line)                                                                                                       
noauth          # (from /etc/ppp/peers/cseVPN)                                                                                              
refuse-pap              # (from /etc/ppp/options)                                                                                           
refuse-chap             # (from /etc/ppp/options)                                                                                           
refuse-mschap           # (from /etc/ppp/options)                                                                                           
refuse-eap              # (from /etc/ppp/options)                                                                                           
name myusername            # (from /etc/ppp/peers/cseVPN)                                                                                      
remotename cseVPN               # (from /etc/ppp/peers/cseVPN)                                                                              
                # (from /etc/ppp/peers/cseVPN)                                                                                              
pty pptp pptp.cse.tamu.edu --nolaunchpppd               # (from /etc/ppp/peers/cseVPN)                                                      
ipparam cseVPN          # (from /etc/ppp/peers/cseVPN)                                                                                      
nobsdcomp               # (from /etc/ppp/peers/cseVPN)                                                                                      
nodeflate               # (from /etc/ppp/peers/cseVPN)                                                                                      
require-mppe            # (from command line)                                                                                               
require-mppe-128                # (from /etc/ppp/peers/cseVPN)                                                                              
using channel 6                                                                                                                             
Using interface ppp0                                                                                                                        
Connect: ppp0 <--> /dev/pts/6                                                                                                               
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3d808735> <pcomp> <accomp>]                                                                
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x3d808735> <pcomp> <accomp>]                                                                
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x3b365ca2> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:39.29.ff.15.42.87.42.68.b9.e7.eb.f4.8c.3d.a0.47.00.00.00.00]>]                                                                                          
sent [LCP ConfRej id=0x1 <callback CBCP> <mrru 1614>]                                                                                       
rcvd [LCP ConfReq id=0x2 <mru 1400> <auth eap> <magic 0x3b365ca2> <pcomp> <accomp> <endpoint [local:39.29.ff.15.42.87.42.68.b9.e7.eb.f4.8c.3d.a0.47.00.00.00.00]>]
sent [LCP ConfNak id=0x2 <auth chap MS-v2>]
rcvd [LCP ConfReq id=0x3 <mru 1400> <auth chap MS-v2> <magic 0x3b365ca2> <pcomp> <accomp> <endpoint [local:39.29.ff.15.42.87.42.68.b9.e7.eb.f4.8c.3d.a0.47.00.00.00.00]>]
sent [LCP ConfAck id=0x3 <mru 1400> <auth chap MS-v2> <magic 0x3b365ca2> <pcomp> <accomp> <endpoint [local:39.29.ff.15.42.87.42.68.b9.e7.eb.f4.8c.3d.a0.47.00.00.00.00]>]
rcvd [CHAP Challenge id=0x0 <a448b3899d0baabcf4b9b1405c5ead7e>, name = "PPTP"]
sent [CHAP Response id=0x0 <8b930fc10ba9eec29ef05e9e1959ac6d48036aff7f0000c57ba7dec6b9de3329921d09c2ed907f6327cb67fa5fec817a25>, name = "shishir"]
rcvd [CHAP Success id=0x0 "S=299877682CCEF29CFAD330CB081386F41FED82BD"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
rcvd [CCP ConfReq id=0x5 <mppe +H -M +S -L -D +C>]
sent [CCP ConfNak id=0x5 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x6 <addr 192.168.11.130>]
sent [IPCP TermAck id=0x6]
rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x7 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x7 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr 192.168.11.158>]
sent [IPCP ConfReq id=0x3 <addr 192.168.11.158>]
rcvd [IPCP ConfAck id=0x3 <addr 192.168.11.158>]
rcvd [IPCP ConfReq id=0x8 <addr 192.168.11.130>]
sent [IPCP ConfAck id=0x8 <addr 192.168.11.130>]
local  IP address 192.168.11.158
remote IP address 192.168.11.130
Script /etc/ppp/ip-up started (pid 5729)
Script /etc/ppp/ip-up finished (pid 5729), status = 0x4

/var/log/messages contains the following:

Code:

Feb 18 05:34:08 knapsacker pppd[6010]: pppd options in effect:
Feb 18 05:34:08 knapsacker pppd[6010]: debug^I^I# (from command line)
Feb 18 05:34:08 knapsacker pppd[6010]: nodetach^I^I# (from command line)
Feb 18 05:34:08 knapsacker pppd[6010]: logfd 2^I^I# (from command line) 
Feb 18 05:34:08 knapsacker pppd[6010]: dump^I^I# (from command line)    
Feb 18 05:34:08 knapsacker pppd[6010]: noauth^I^I# (from /etc/ppp/peers/cseVPN)
Feb 18 05:34:08 knapsacker pppd[6010]: refuse-pap^I^I# (from /etc/ppp/options)
Feb 18 05:34:08 knapsacker pppd[6010]: refuse-chap^I^I# (from /etc/ppp/options)
Feb 18 05:34:08 knapsacker pppd[6010]: refuse-mschap^I^I# (from /etc/ppp/options)
Feb 18 05:34:08 knapsacker pppd[6010]: refuse-eap^I^I# (from /etc/ppp/options)
Feb 18 05:34:08 knapsacker pppd[6010]: name shishir^I^I# (from /etc/ppp/peers/cseVPN)
Feb 18 05:34:08 knapsacker pppd[6010]: remotename cseVPN^I^I# (from /etc/ppp/peers/cseVPN)
Feb 18 05:34:08 knapsacker pppd[6010]: ^I^I# (from /etc/ppp/peers/cseVPN)
Feb 18 05:34:08 knapsacker pppd[6010]: pty pptp pptp.cse.tamu.edu --nolaunchpppd^I^I# (from /etc/ppp/peers/cseVPN)
Feb 18 05:34:08 knapsacker pppd[6010]: ipparam cseVPN^I^I# (from /etc/ppp/peers/cseVPN)
Feb 18 05:34:08 knapsacker pppd[6010]: nobsdcomp^I^I# (from /etc/ppp/peers/cseVPN)
Feb 18 05:34:08 knapsacker pppd[6010]: nodeflate^I^I# (from /etc/ppp/peers/cseVPN)
Feb 18 05:34:08 knapsacker pppd[6010]: require-mppe^I^I# (from command line)
Feb 18 05:34:08 knapsacker pppd[6010]: require-mppe-128^I^I# (from /etc/ppp/peers/cseVPN)
Feb 18 05:34:08 knapsacker pppd[6010]: pppd 2.4.4 started by koodoo, uid 0
Feb 18 05:34:08 knapsacker pppd[6010]: Using interface ppp0
Feb 18 05:34:08 knapsacker pppd[6010]: Connect: ppp0 <--> /dev/pts/3
Feb 18 05:34:08 knapsacker pptp[6011]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Feb 18 05:34:08 knapsacker pptp[6016]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Feb 18 05:34:08 knapsacker pptp[6016]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Feb 18 05:34:08 knapsacker pptp[6016]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Feb 18 05:34:09 knapsacker pptp[6016]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Feb 18 05:34:09 knapsacker pptp[6016]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Feb 18 05:34:09 knapsacker pptp[6016]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 4576).
Feb 18 05:34:09 knapsacker pptp[6011]: anon log[decaps_gre:pptp_gre.c:405]: discarding duplicate or old packet 0 (expecting 2)
Feb 18 05:34:11 knapsacker pptp[6016]: anon log[ctrlp_disp:pptp_ctrl.c:950]: PPTP_SET_LINK_INFO received from peer_callid 40280
Feb 18 05:34:11 knapsacker pptp[6016]: anon log[ctrlp_disp:pptp_ctrl.c:953]:   send_accm is 00000000, recv_accm is FFFFFFFF
Feb 18 05:34:11 knapsacker pppd[6010]: CHAP authentication succeeded
Feb 18 05:34:12 knapsacker pppd[6010]: MPPE 128-bit stateless compression enabled
Feb 18 05:34:12 knapsacker dbus-daemon: Rejected send message, 1 matched rules; type="method_call", sender=":1.9" (uid=1000 pid=3895 comm="kded4 ") interface="org.freedesktop.Hal.Device.CPUFreq" member="GetCPUFreqAvailableGovernors" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=3606 comm="/usr/sbin/hald --daemon=yes "))
Feb 18 05:34:15 knapsacker pppd[6010]: local  IP address 192.168.11.203
Feb 18 05:34:15 knapsacker pppd[6010]: remote IP address 192.168.11.130

and my routing table is:

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
pptp.cs.tamu.ed dslrouter.weste 255.255.255.255 UGH   0      0        0 eth1
192.168.11.130  *               255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
loopback        *               255.0.0.0       U     0      0        0 lo
default         dslrouter.weste 0.0.0.0         UG    0      0        0 eth1

Can anyone provide me any pointers as to how to get this working?

Thanks,
koodoo.