Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 07-03-2004, 09:44 AM   #1
LQ Newbie
Registered: Mar 2004
Posts: 8

Rep: Reputation: 0
SuSE 9.1 VPN Connection to WatchGuard Firebox 4500

System Specifications:
SuSE 9.1 Professional

Using pptpconfig I have set up a VPN connection using these details:

Name: VPN
Domain: none
Username: username
Password: password

Routing Style: Client to LAN
Networks: CompanyNetwork

Automatic: unchecked
Servers: blank
Options: blank

Require Microsoft Point to Point Encryption (MPPE): Unchecked
Refuse 40 bit Encryption: Unchecked
Refuse 128 bit Encryption: Unchecked
Refuse Stateless Encryption: Unchecked
Refuse to Authenticate with EAP: Checked

Start tunnel when this program starts: Unchecked
Reconnect if disconnected: Checked
Enabled connection debugging facilities: Checked
Options (pppd): blank
Options (pptp): blank

Selecting my created tunnel and hitting start brings up a new X window with the connection status in it.

My information, slightly edited, is below:

pptpconfig: debug information dump begins
WARNING: security sensitive information follows
pptpconfig 1.2 2004/06/19 08:57:15
# pppd --version
pppd version 2.4.2
# uname -a
Linux linux 2.6.5-7.75-default #1 Mon Jun 14 10:44:37 UTC 2004 i686 i686 i386 GNU/Linux
# grep mppe /proc/modules
ppp_mppe 16128 0 - Live 0xfad9e000
ppp_generic 29332 4 ppp_deflate,bsd_comp,ppp_async,ppp_mppe, Live 0xfad95000
# modinfo ppp_mppe
license:        BSD without advertisement clause
depends:        ppp_generic
supported:      yes
vermagic:       2.6.5-7.75-default 586 REGPARM gcc-3.3
    [name] => VPN
    [server] => XXX.XXX.XXX.XXX
    [domain] => 
    [username] => XXXXXXXXXX
    [password] => (hidden by pptpconfig)
    [pppd-options] => 
    [pptp-options] => 
    [resolv] => 
    [dns-options] => 
    [routing] => routing_client_to_lan
    [usepeerdns] => 
    [require-mppe] => 
    [nomppe-40] => 
    [nomppe-128] => 
    [refuse-eap] => 1
    [mppe-stateful] => 
    [autostart] => 
    [iconify] => 
    [persist] => 1
    [debug] => 1
    [client-to-lan] => a:1:{s:12:"";s:5:"VPN";}
# route -n (before pppd)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface   U     0      0        0 eth0     U     0      0        0 eth0       U     0      0        0 lo         UG    0      0        0 eth0
pptpconfig: debug information dump ends, starting pppd
pppd options in effect:
debug		# (from /etc/ppp/peers/VPN)
updetach		# (from command line)
idle 600		# (from /etc/ppp/options)
persist		# (from /etc/ppp/peers/VPN)
logfd 1		# (from command line)
linkname VPN		# (from /etc/ppp/peers/VPN)
dump		# (from /etc/ppp/peers/VPN)
active-filter xxx # [don't know how to print value]		# (from /etc/ppp/filters)
noauth		# (from /etc/ppp/options.pptp)
refuse-eap		# (from /etc/ppp/peers/VPN)
name XXXXXXXX		# (from /etc/ppp/peers/VPN)
remotename VPN		# (from /etc/ppp/peers/VPN)
		# (from /etc/ppp/options.pptp)
pty pptp XXX.XXX.XXX.XXX --nolaunchpppd 		# (from /etc/ppp/peers/VPN)
crtscts		# (from /etc/ppp/options)
		# (from /etc/ppp/options)
asyncmap 0		# (from /etc/ppp/options)
lcp-echo-failure 4		# (from /etc/ppp/options)
lcp-echo-interval 30		# (from /etc/ppp/options)
lcp-restart 2		# (from /etc/ppp/options)
lcp-max-configure 60		# (from /etc/ppp/options)
ipparam VPN		# (from /etc/ppp/peers/VPN)
noipdefault		# (from /etc/ppp/options)
nobsdcomp		# (from /etc/ppp/options.pptp)
nodeflate		# (from /etc/ppp/options.pptp)
noipx		# (from /etc/ppp/options)
using channel 29
Using interface ppp0
pptpconfig: monitoring interface ppp0
Connect: ppp0 <--> /dev/pts/1

[...edited out CHAP negotiation because I'm not sure how sensitive it is..]

rcvd [CHAP Success id=0x1 "S=89C48B213C116F1261CE41F968FC25E273BC0C0D"]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr>]
rcvd [IPCP ConfReq id=0x1 <addr>]
sent [IPCP ConfAck id=0x1 <addr>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr>]
rcvd [IPCP ConfNak id=0x2 <addr>]
sent [IPCP ConfReq id=0x3 <addr>]
rcvd [IPCP ConfAck id=0x3 <addr>]
local  IP address
remote IP address
# route -n (after pppd exit)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface UH    0      0        0 ppp0   U     0      0        0 eth0     U     0      0        0 eth0       U     0      0        0 lo         UG    0      0        0 eth0
pptpconfig: pppd process exit status 0 (started)
ip route add XXX.XXX.XXX.XXX via dev eth0  src
ip route add '' dev 'ppp0'
pptpconfig: routes added to remote networks
pptpconfig: connected
# route -n (after completion)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface UH    0      0        0 ppp0
XXX.XXX.XXX.XXX UGH   0      0        0 eth0   U     0      0        0 eth0   U     0      0        0 ppp0     U     0      0        0 eth0       U     0      0        0 lo         UG    0      0        0 eth0

ping -c 5
PING ( 56(84) bytes of data.

--- ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4000ms

pptpconfig: command failed, exit code 1
The VPN server is a WatchGuard 4500. I connect to it routinely from Windows XP Professional (both without SP1 and with SP1). The general settings under Windows XP are:

Host Name or IP Address: XXX.XXX.XXX.XXX

Display progress while connecting: Checked
Prompt for name and password, certificate, etc: Checked
Include Windows logon domain: Unchecked
Redial Attempts: 3
Time between Redial Attempts: 1 minute
Idle Time before hanging up: Never
Redial Line if Dropped: Checked

Typical: Checked
Validate my identity as follows: Require secured password
Automatically use my Windows logon name and password (and domain, if any): Unchecked
Require data encryption (disconnect if none): Checked

Type of VPN: Automatic
Enable LCP Extensions: Checked
Enable software compression: Checked
Negotiate multi link for single link connections: Unchecked

Internet (TCP/IP) Protocol Settings
Obtain an IP address automatically: Selected
Obtain DNS server address automatically: Selected
Use default gateway on remote network: Unchecked
DNS server addresses: blank
WINS server addresses: blank

I am not an IPSec user, I am a PPTP user.

The end result is that I can't get any traffic to go over the created device. The data just goes poof. No pings, traceroutes, nada. This is brand new install of SuSE 9.1 as well.

Any help?
Old 07-26-2004, 10:46 AM   #2
LQ Newbie
Registered: May 2004
Location: Dallas
Posts: 14

Rep: Reputation: 0
need help

I am sorry. I am not that familiar with the problem. But, I may need some help from you. You were talking about VPN from SuSE 9.1 to Firebox. We have a similar setup with SuSE 9.0 and Firebox 500. Can you please tell me how to set up an VPN connection from SuSE 9.0 Firewall to the Firebox it will be very helpful.
Chethan Channappa
Old 03-08-2005, 06:27 PM   #3
LQ Newbie
Registered: Mar 2005
Posts: 4

Rep: Reputation: 0
I have the exact same problem

Has anyone found a solution to this yet??
Old 06-13-2006, 05:01 PM   #4
LQ Newbie
Registered: Jan 2006
Posts: 1

Rep: Reputation: 0
Same problem with SuSE 10.0. . .

It seems to have been quite a while since bmschkerke posted his original question, but I am having this EXACT same problem with SuSE 10.0, as well.

If anyone has any further ideas, your input would be greatly appreciated.


Eric Heine


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firebox based browser logicalfuzz Linux - Software 2 11-02-2005 10:27 PM
vpn connection bahramcho Linux - Networking 1 05-04-2005 07:58 AM
vpn connection bahramcho Linux - Networking 1 04-29-2005 11:42 AM
Snortsam and a Watchguard havelino Linux - Hardware 0 02-17-2005 08:07 AM
Watchguard Firebox X500 neozero62 General 0 11-08-2004 04:14 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:13 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration