-   Linux - Server (
-   -   Windows7 VPN clients behind Debian Gateway can not connect to Draytek VPN (

neopandid 08-31-2012 11:11 PM

Windows7 VPN clients behind Debian Gateway can not connect to Draytek VPN
I am using Debian 6.05 with iptables & squid3 installed.
My Windows clients can't connect to Draytek VPN server which is located in another country with their built-in windows VPN clients. Sometimes they can connect but the Gateway configuration never changes.
The same VPN is working successfully outside my gateway.
This is a huge problem for me since Application Servers behind Gateway are using PPTP VPN for replications.

My network schema is below.
Internet--ZyXEL GIGABIT ROUTER--DEBIAN GW--Windows DHCP Server--Switch--AppServers, APs, Clients

I am using IPTables to block facebook and torrent traffic and Squid3 for URL and File type filtering.
There is nothing filtered about VPN, I tested with fresh installed Debian without Squid3 and iptables filtering rules. And I still couldn't connect.

These are the log entries from a different PPTP VPN Server which is also a Debian
Aug 31 23:16:10 (none) pptpd[8624]: CTRL: Client control connection started
Aug 31 23:16:10 (none) pptpd[8624]: CTRL: Starting call (launching pppd, opening GRE)
Aug 31 23:16:10 (none) pppd[8626]: Plugin /usr/lib/pptpd/ loaded.
Aug 31 23:16:10 (none) pppd[8626]: pppd 2.4.5 started by root, uid 0
Aug 31 23:16:10 (none) pppd[8626]: Using interface ppp0
Aug 31 23:16:10 (none) pppd[8626]: Connect: ppp0 <--> /dev/pts/2
Aug 31 23:16:10 (none) pptpd[8624]: GRE: Bad checksum from pppd.
Aug 31 23:16:40 (none) pppd[8626]: LCP: timeout sending Config-Requests
Aug 31 23:16:40 (none) pppd[8626]: Connection terminated.
Aug 31 23:16:40 (none) pppd[8626]: Modem hangup
Aug 31 23:16:40 (none) pppd[8626]: Exit.
Aug 31 23:16:40 (none) pptpd[8624]: GRE: read(fd=6,buffer=8058640,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Aug 31 23:16:40 (none) pptpd[8624]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Aug 31 23:16:40 (none) pptpd[8624]: CTRL: Reaping child PPP[8626]
Aug 31 23:16:40 (none) pptpd[8624]: CTRL: Client control connection finished

VPN clients are giving 619 Error Codes.

How can I solve this problem?
Thanks in advance.

Ser Olmy 08-31-2012 11:34 PM

Have you loaded the connection tracking modules for PPTP?

For the GRE part of PPTP to work properly behind a firewall, the PPTP conntrack module (nf_conntrack_pptp) must be loaded (or compiled into the kernel). If the connection is NATed, the PPTP NAT module (nf_nat_pptp) must be loaded as well.

neopandid 09-01-2012 12:07 AM

I load these modules and it's working.

modprobe nf_conntrack_pptp
modprobe nf_nat_pptp

Thank you very much.

Ser Olmy 09-01-2012 12:34 AM

You're welcome.

Be advised that due to a weakness in the MS-CHAPv2 protocol, PPTP is vulnerable to a man-in-the-middle attack during login and should at least be considered insecure when used over open networks.

All times are GMT -5. The time now is 06:46 PM.