Problem connecting to VPN

andshrew · 08-08-2004, 05:47 AM

I've currently set up a VPN server on my mandrake 10 box (PoPToP version 1.1.4-b4), and all seems to be working except when my windows client attempts to connect it all seems to go wrong when it gives a ICIP timeout error in the log, and the windows (xp) machine just says:
Error 734: The PPP link control protocol was terminated.

Below is what is recorded in the syslog:

Code:

Aug  8 11:34:42 cpc5-hitc1-4-0-cust95 pptpd[319]: CTRL: Client 192.168.1.248 control connection started
Aug  8 11:34:42 cpc5-hitc1-4-0-cust95 pptpd[319]: CTRL: Starting call (launching pppd, opening GRE)
Aug  8 11:34:42 cpc5-hitc1-4-0-cust95 pptpd[319]: GRE: Discarding duplicate packet
Aug  8 11:34:42 cpc5-hitc1-4-0-cust95 pppd[320]: pppd 2.4.1 started by root, uid 0
Aug  8 11:34:42 cpc5-hitc1-4-0-cust95 pppd[320]: Connect:  <--> /dev/pts/1
Aug  8 11:34:42 cpc5-hitc1-4-0-cust95 pptpd[319]: GRE: Bad checksum from pppd.
Aug  8 11:34:44 cpc5-hitc1-4-0-cust95 pptpd[319]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Aug  8 11:34:44 cpc5-hitc1-4-0-cust95 pppd[320]: Using interface ppp1
Aug  8 11:34:44 cpc5-hitc1-4-0-cust95 pppd[320]: Couldn't set pass-filter in kernel: Invalid argument
Aug  8 11:34:44 cpc5-hitc1-4-0-cust95 pppd[320]: MSCHAP peer authentication succeeded for phantom
Aug  8 11:35:14 cpc5-hitc1-4-0-cust95 pppd[320]: IPCP: timeout sending Config-Requests
Aug  8 11:35:14 cpc5-hitc1-4-0-cust95 pppd[320]: Connection terminated.
Aug  8 11:35:14 cpc5-hitc1-4-0-cust95 pppd[320]: Connect time 0.6 minutes.
Aug  8 11:35:14 cpc5-hitc1-4-0-cust95 pppd[320]: Sent 237 bytes, received 221 bytes.
Aug  8 11:35:14 cpc5-hitc1-4-0-cust95 pptpd[319]: CTRL: Closing child ppp with pid 320
Aug  8 11:35:14 cpc5-hitc1-4-0-cust95 pptpd[319]: CTRL: Client 192.168.1.248 control connection finished
Aug  8 11:35:14 cpc5-hitc1-4-0-cust95 pppd[320]: Terminating on signal 2.
Aug  8 11:35:14 cpc5-hitc1-4-0-cust95 pppd[320]: tcflush failed: Input/output error
Aug  8 11:35:14 cpc5-hitc1-4-0-cust95 pppd[320]: Exit.

Now, if Im reading that right it seems to be authenticating ok, its just its causing an error trying to send IPCP, Ive searched around this site and google for information on how to fix it but Ive not found anything helpfull yet. Am I right in assuming this could possibly be a firewall issue in that its blocking ICIP stuff? Im currently using shorewall on the linux machine.

Any help would be great,
Thanks
Andrew

michaelk · 08-08-2004, 07:50 AM

I do not think it is a firewall issue.

Check the dialup propteries of the XP box. What settings do you have selected?

amfoster · 08-08-2004, 07:53 AM

Unfortunately, most of the output you posted is cut off. Usually, the biggest issue is dealing with mppe. Is mppe support built into the kernel on your machine? Just installing poptop is not enough.

andshrew · 08-08-2004, 09:00 AM

Assuming mmpe is the encryption stuff, then I dont think my kernal supports it atm, but I dont have it active in my config so it shouldn't be causing any problems? All that is active is MS-CHAP authentication. All I have done though is installed poptop, not changed anything to do with the kernal.

As for the xp machine dialup settings, its mainly going to be used for my friends to connect into my network from their cable internet connections so there would be no dialing up as such, but the settings I have match the security settings that the server requires, the type of VPN is set to automatic. What other information do you need about the winxp side of things?

Thanks for the replys,

michaelk · 08-08-2004, 10:04 AM

Post your options.conf file.
I know that it isn't a real dial up connection but MS still refer to it as one. I would select pptpd instead of automatic.

http://www.jsiinc.com/SUBK/tip5200/rh5242.htm
http://www.modemsite.com/56k/dunserror.asp

andshrew · 08-08-2004, 10:16 AM

Ahhh I see.
I dont have an options.conf but I have an options.pptp file which is below.. Hope its what you mean

(sorry Im quite new to all this..)

Code:

auth
refuse-pap
refuse-chap
require-chapms
refuse-chapms-v2

ms-wins 192.168.1.1
ms-dns 194.168.4.100

mtu 1490
mru 1490
ipparam PoPToP
multilink
asyncmap 0
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 30
lcp-echo-interval 5
deflate 0