VPN Server Problem
Ok. Here's the deal. I'm trying to set up a VPN server so my clients can connect to my server's PDC in a remote place. I have installed ppp, pptp and pptpd. I have also opened port 1723 on the firewall and on my router. My router is a D-Link DI-614+. When I try to connect, I get error 619. If I look in the logs I get:
Code:
pptpd[1803]: GRE: read(fd=6,buffer=8059680,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs |
pptp is not a tcp or udp protocol so just opening up port 1723 is usually not enough. pptp's protocol is "gre" - as the errors indercate. Normally the firewall has to support "gre" to pass it through - not all routers/firewalls support "gre" pass through. I don't know the DI-614+ but you have two options - find the gre/pptp pass through option (if it has it - usually just a tick box) or does the DI-614+ support VPN its self.
|
Hmmmm. I can't find any gre option but there was a default virtual server setting for PPTP so I'm assuming it supports PPTP.
|
I know this does not help with your D-link but A quick google (pptp gre firewall) shows simular situation with smoothwall - http://martybugs.net/smoothwall/vpn.cgi which says:
Background: A PPTP VPN server requires TCP port 1723 forwarded to the VPN server, as well as the GRE protocol (protocol 47). As the Smoothwall web interface doesn't provide functionality for forwarding the GRE protocol, you'll have to edit the firewall script. When I say "supports PPTP" there are two ways a router/firwall can support PPTP. 1) Pass it through to another device (what I assume you are doing) and/or 2) Answer the VPN its self. Have you VPNed to your pptp server from the inside (i.e. not through the D-Link). That would confirm your server is infact OK and the problem lies with the D-Links GRE support/config. |
I don't think it works when I use 127.0.0.1. I am using pptpclient.
|
No sorry I did not mean inside to be 127.0.0.1 but another machine on the same subnet. Say your PPTP server is 192.168.1.100/24 add your pptp clint PC at say 192.168.1.101 and pptp to 192.168.1.100 and debug. Once that is working OK but is still not via D-Link it would kind of confirm it is a D-Link PPTP pass through issue.
|
There should be a pptp passthrough option on the D-link router, it will open GRE and the pptp port for you. I had difficulty setting up my pptp server and encountered the same error, I wish I could remember what I did to fix it, so I could tell you, but I don't think it's your router. Let us see your configs, or do a search on my name for posts it should lead you to some info about pptp setup.
|
Which config file do you want first?
|
start with your pptp config, and your pppd config file.
|
/etc/pptp.conf:
Code:
############################################################################### Code:
############################################################################### |
First you need to actually have a pool of addresses for use by the clients so you have to enable the localip and remoteip tags. Next step post your pppd configuration for the actual ppp protocol daemon. Additionally isn't there an options file for routing I would like to see that too.
|
I found the following on the D-Link web site after much gnashing of teeth about my network. Try this link: support.dlink.com and look under the FAQ for your particular router. This entry was one of the selections on the navigation column under VPN Support. It appears to work as WireShark shows two way GRE traffic in the PPP pipe.
PPTP VPN Print Protocols have 8 bit identification numbers that are specified in the TCP header. PPTP uses Protocol Id 47 which is GRE. Protocol 6 is TCP. This identifies what protocol is being used. This router does not support specific rules for specific protocols other than TCP or UDP. The correct Virtual Server entry will however forward Protocol ID 47/GRE properly. Make sure you have the latest firmware. To upgrade, visit support.dlink.com/faq/view.asp?prod_id=966. After flashing the firmware reset the router. Reconfigure your WAN interface to connect with your ISP. Verify Internet connection. In Virtual Server make 1 entry for your PPTP/GRE connection. Use TCP port 1723 and forward to your MS VPN (PPTP/GRE) server. This has to be TCP (not UDP or Both). After applying settings, check Firewall section for a TCP 1723 entry and a PPTP_GRE entry. Now connect to your WAN IP address using your MS VPN client from the WAN (this will not work from LAN using the WAN IP to loopback to LAN). Note: PPTP pass-through does not need to be enabled in the Tools > Misc section. |
Quote:
But I still can't connect locally. Do you think it could be my firewall, since there is a GRE read error? |
VPN Server Problem
I have the impression that you can't connect remotely to the domain from within the domain. Is that what you mean?
|
Quote:
|
All times are GMT -5. The time now is 05:29 PM. |