pptp vpn client disconnecting automatically

suresh.k · 11-15-2012, 01:13 AM

Hi,
I have configured pptp vpn server in my centOS 5.5 machine,

i have installed vpn server as foolows
#yum install ppp
#wget http://poptop.sourceforge.net/yum/st...el6.x86_64.rpm
#rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm

#vim /etc/pptpd.conf
localip 192.168.10.53 (VPN Server IP)
remoteip 192.168.10.200-300

#vim /etc/ppp/options.pptpd
ms-dns 123.x.x.x (my isp dns ip's)
ms-dns 123.x.x.x

#vim /etc/ppp/chap-secrets
username pptpd passwd *

#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1

#sysctl -p

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
#iptables -A INPUT -i eth0 -p gre -j ACCEPT

#service iptables save
#service iptables restart
#service pptpd start

Configured port forwading for VPN in router to 1723.

Then went to another windows xp computer which is not in this network,
created VPN network connection,

Then i can able to connect to vpn server,
I am getting
IP - 192.168.10.200
SUBNET MASK - 255.255.255.255
GATEWAY - 192.168.10.200

then i can ping the local network and i can access internet also,
when i am try to access shared folder of network or browsing network IP's, then the vpn connection automatically disconnecting.

here is the log message of pptp server...

Nov 15 15:33:53 admin pptpd[12328]: CTRL: Client 121.243.138.164 control connection started
Nov 15 15:33:53 admin pptpd[12328]: CTRL: Starting call (launching pppd, opening GRE)
Nov 15 15:33:53 admin pppd[12329]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Nov 15 15:33:53 admin pppd[12329]: pppd 2.4.4 started by root, uid 0
Nov 15 15:33:53 admin pppd[12329]: Using interface ppp0
Nov 15 15:33:53 admin pppd[12329]: Connect: ppp0 <--> /dev/pts/2
Nov 15 15:33:56 admin pptpd[12328]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Nov 15 15:33:56 admin pppd[12329]: MPPE 128-bit stateless compression enabled
Nov 15 15:33:58 admin pppd[12329]: found interface eth0 for proxy arp
Nov 15 15:33:58 admin pppd[12329]: local IP address 192.168.10.53
Nov 15 15:33:58 admin pppd[12329]: remote IP address 192.168.10.200
Nov 15 15:34:07 admin pptpd[12328]: GRE: read(fd=7,buffer=80515e0,len=8260) from network failed: status = -1 error = Message too long
Nov 15 15:34:07 admin pptpd[12328]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
Nov 15 15:34:07 admin pppd[12329]: Modem hangup
Nov 15 15:34:07 admin pppd[12329]: Connect time 0.2 minutes.
Nov 15 15:34:07 admin pppd[12329]: Sent 12288 bytes, received 3443 bytes.
Nov 15 15:34:07 admin pppd[12329]: MPPE disabled
Nov 15 15:34:07 admin pppd[12329]: Connection terminated.
Nov 15 15:34:07 admin pppd[12329]: Exit.
Nov 15 15:34:07 admin pptpd[12328]: CTRL: Client 121.243.138.164 control connection finished

please help to solve the problem, looked into lot of forums still no luck.

thanks
suresh.

suresh.k · 11-19-2012, 04:33 AM

Can Anybody please help to resolve the issue...

TB0ne · 11-19-2012, 10:03 AM

Quote:

Originally Posted by suresh.k

Can Anybody please help to resolve the issue...

Don't bump your own threads. All you've succeeded in doing is removing it from the zero-reply list, which makes it LESS VISIBLE, and reduces the chances that anyone will see it. Also, you've marked numerous threads as SOLVED, but have never come back to post the solution or what worked for you...since you come here for help, others do too...posting your solution would mean that others with the same problems can then see one way of solving them.

And if you did "looked into lot of forums", you would have seen things that would have solved your problem. The error itself tells you what the issue is. The GRE (protocol 47) needs to be forwarded through any intermediate routers/switches that the VPN connection runs through. Routers don't do this automatically. It's NOT uncommon to have PPTP VPN passthrough problems with SOHO routers. VPN passthrough ability can change from one particular brand/model/firmware version to the next firmware version. You don't provide any details about your environment, so it's hard to say if that's the issue, but based on the error, it seems likely.

You are going to need to allow the PPTP traffic in through the router. This is where you need to allow IP protocol 47. This might not even be possible with consumer grade devices (that is, setting up PAT-type things), so if you're using a cheap SOHO type router, you may not be able to do this at all.

suresh.k · 11-20-2012, 01:57 AM

Quote:

Originally Posted by TB0ne

Don't bump your own threads. All you've succeeded in doing is removing it from the zero-reply list, which makes it LESS VISIBLE, and reduces the chances that anyone will see it.

OK

Quote:

Also, you've marked numerous threads as SOLVED, but have never come back to post the solution or what worked for you...since you come here for help, others do too...posting your solution would mean that others with the same problems can then see one way of solving them.

Yes, But i have posted some of the solutions.
Now onwards I definitely post the solutions as you suggestions.

Quote:

And if you did "looked into lot of forums", you would have seen things that would have solved your problem. The error itself tells you what the issue is. The GRE (protocol 47) needs to be forwarded through any intermediate routers/switches that the VPN connection runs through. Routers don't do this automatically. It's NOT uncommon to have PPTP VPN passthrough problems with SOHO routers. VPN passthrough ability can change from one particular brand/model/firmware version to the next firmware version. You don't provide any details about your environment, so it's hard to say if that's the issue, but based on the error, it seems likely.

You are going to need to allow the PPTP traffic in through the router. This is where you need to allow IP protocol 47. This might not even be possible with consumer grade devices (that is, setting up PAT-type things), so if you're using a cheap SOHO type router, you may not be able to do this at all.

Network Environment:
ISP Modem > Netgear WNDR3800 Router > Switch > Local System's and Server's
I am using Netgear WNDR3800 Router, Can i configure GRE on this Router If yes please let me know how.
I have configured port forwarding(1723) for PPTP on my router.

Thanks
Suresh

TB0ne · 11-20-2012, 09:40 AM

Quote:

Originally Posted by suresh.k

Yes, But i have posted some of the solutions. Now onwards I definitely post the solutions as you suggestions.

Sorry, but I've not seen any.

Quote:

Network Environment:
ISP Modem > Netgear WNDR3800 Router > Switch > Local System's and Server's
I am using Netgear WNDR3800 Router, Can i configure GRE on this Router If yes please let me know how.
I have configured port forwarding(1723) for PPTP on my router.

Ok, so did you read my first reply??? AGAIN, most SOHO type routers won't do PAT/GRE...if you want to know if the particular router that you already have supports it, then I'd suggest you read the manual that came with it, or contact their tech support folks. Also said in my first reply, is that you need GRE allowed through your firewalls/routers, along with port 1723, which you already have.

You still haven't posted complete details (you say it goes to a 'switch'...you don't say what kind), but again, if that switch doesn't support/is blocking GRE, then you're still stuck, no matter what your router can do.

suresh.k · 11-21-2012, 12:21 AM

Quote:

AGAIN, most SOHO type routers won't do PAT/GRE...if you want to know if the particular router that you already have supports it, then I'd suggest you read the manual that came with it, or contact their tech support folks. Also said in my first reply, is that you need GRE allowed through your firewalls/routers, along with port 1723, which you already have.

OK, I am a newbie in Linux system administration, working in a small office, so that I am practising in local network to how to configure PPTP VPN in Linux. I have configured VPN as mention above procedure, by looking into some of you tube videos, so that I don't now that need to allow GRE or not through firewall/routers. I just configured as mentioned in you tube videos.

Quote:

You still haven't posted complete details ch'.(you say it goes to a 'swit..you don't say what kind), but again, if that switch doesn't support/is blocking GRE, then you're still stuck, no matter what your router can do.

My Switch is D-Link DES-1024D,

Thanks
Suresh

TB0ne · 11-21-2012, 09:48 AM

Quote:

Originally Posted by suresh.k

OK, I am a newbie in Linux system administration,

You've been registered here for over a year now.

Quote:

working in a small office, so that I am practising in local network to how to configure PPTP VPN in Linux. I have configured VPN as mention above procedure, by looking into some of you tube videos, so that I don't now that need to allow GRE or not through firewall/routers. I just configured as mentioned in you tube videos.

My Switch is D-Link DES-1024D,

Great...so, your problem remains the same. You've got a VPN working, and now need to enable GRE. AGAIN you need to configure your switches/routers to allow this. That means that YOU need to read the manuals on those devices, and find out if they can actually support that feature or not. If they can't, they you obviously cannot use GRE with that hardware. So you either have the choice of NOT using GRE, or buying new hardware.

If they DO support GRE, then the manuals will TELL YOU how to enable it....so follow those instructions. Not much anyone here can help with...this is something that YOU have to set up in your networking hardware.

suresh.k · 11-21-2012, 10:52 PM

OK TB0ne

Thank you very much for your support.

Suresh,