LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-31-2012, 10:11 PM   #1
neopandid
Member
 
Registered: Aug 2011
Location: Russia
Distribution: Debian
Posts: 31

Rep: Reputation: Disabled
Windows7 VPN clients behind Debian Gateway can not connect to Draytek VPN


Hi,
I am using Debian 6.05 with iptables & squid3 installed.
My Windows clients can't connect to Draytek VPN server which is located in another country with their built-in windows VPN clients. Sometimes they can connect but the Gateway configuration never changes.
The same VPN is working successfully outside my gateway.
This is a huge problem for me since Application Servers behind Gateway are using PPTP VPN for replications.

My network schema is below.
Internet--ZyXEL GIGABIT ROUTER--DEBIAN GW--Windows DHCP Server--Switch--AppServers, APs, Clients

I am using IPTables to block facebook and torrent traffic and Squid3 for URL and File type filtering.
There is nothing filtered about VPN, I tested with fresh installed Debian without Squid3 and iptables filtering rules. And I still couldn't connect.

These are the log entries from a different PPTP VPN Server which is also a Debian
------------------------------
Aug 31 23:16:10 (none) pptpd[8624]: CTRL: Client xxx.xxx.xxx.xxx control connection started
Aug 31 23:16:10 (none) pptpd[8624]: CTRL: Starting call (launching pppd, opening GRE)
Aug 31 23:16:10 (none) pppd[8626]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Aug 31 23:16:10 (none) pppd[8626]: pppd 2.4.5 started by root, uid 0
Aug 31 23:16:10 (none) pppd[8626]: Using interface ppp0
Aug 31 23:16:10 (none) pppd[8626]: Connect: ppp0 <--> /dev/pts/2
Aug 31 23:16:10 (none) pptpd[8624]: GRE: Bad checksum from pppd.
Aug 31 23:16:40 (none) pppd[8626]: LCP: timeout sending Config-Requests
Aug 31 23:16:40 (none) pppd[8626]: Connection terminated.
Aug 31 23:16:40 (none) pppd[8626]: Modem hangup
Aug 31 23:16:40 (none) pppd[8626]: Exit.
Aug 31 23:16:40 (none) pptpd[8624]: GRE: read(fd=6,buffer=8058640,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Aug 31 23:16:40 (none) pptpd[8624]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Aug 31 23:16:40 (none) pptpd[8624]: CTRL: Reaping child PPP[8626]
Aug 31 23:16:40 (none) pptpd[8624]: CTRL: Client xxx.xxx.xxx.xxx control connection finished
-------------------------

VPN clients are giving 619 Error Codes.

How can I solve this problem?
Thanks in advance.

Last edited by neopandid; 08-31-2012 at 10:21 PM. Reason: log information added.
 
Old 08-31-2012, 10:34 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,999

Rep: Reputation: Disabled
Have you loaded the connection tracking modules for PPTP?

For the GRE part of PPTP to work properly behind a firewall, the PPTP conntrack module (nf_conntrack_pptp) must be loaded (or compiled into the kernel). If the connection is NATed, the PPTP NAT module (nf_nat_pptp) must be loaded as well.
 
1 members found this post helpful.
Old 08-31-2012, 11:07 PM   #3
neopandid
Member
 
Registered: Aug 2011
Location: Russia
Distribution: Debian
Posts: 31

Original Poster
Rep: Reputation: Disabled
I load these modules and it's working.

modprobe nf_conntrack_pptp
modprobe nf_nat_pptp

Thank you very much.
 
Old 08-31-2012, 11:34 PM   #4
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,999

Rep: Reputation: Disabled
You're welcome.

Be advised that due to a weakness in the MS-CHAPv2 protocol, PPTP is vulnerable to a man-in-the-middle attack during login and should at least be considered insecure when used over open networks.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Connect VPN in gateway sent2020 Linux - Newbie 3 08-04-2011 09:42 AM
newbie cant connect to clients VPN through my NAT. wachaca Linux - Networking 7 11-26-2008 08:32 AM
why am i not able to connect to the vpn from linux gateway system? sravanth.svk Linux - Security 1 10-14-2006 03:43 AM
Linux VPN Software - How to Connect to a Windows VPN wfernley Linux - Software 2 02-07-2006 09:40 AM
How do i connect Ciscos VPN client to Checkpoint VPN server Klas Linux - Networking 1 11-29-2003 08:00 AM


All times are GMT -5. The time now is 04:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration