4

I am trying to set up a pptpd vpn on our newly installed Ubuntu 11.10 64 bit server, but am not having success having a client connect via an iPhone to the VPN. Note that no clients have been able to connect to this VPN from outside of the network. The system is up to date with patches.

Here is the output of /var/log/syslog. Please note that 222.153.x.y is my remote IP address.

Mar 30 22:07:47 server pptpd[9546]: CTRL: Client 222.153.x.y control connection started
Mar 30 22:07:47 server pptpd[9546]: CTRL: Starting call (launching pppd, opening GRE)
Mar 30 22:07:47 server pppd[9555]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Mar 30 22:07:47 server pppd[9555]: pppd 2.4.5 started by root, uid 0
Mar 30 22:07:47 server pppd[9555]: Using interface ppp0
Mar 30 22:07:47 server pppd[9555]: Connect: ppp0 <--> /dev/pts/3
Mar 30 22:07:47 server pptpd[9546]: GRE: Bad checksum from pppd.
Mar 30 22:08:17 server pppd[9555]: LCP: timeout sending Config-Requests
Mar 30 22:08:17 server pppd[9555]: Connection terminated.
Mar 30 22:08:17 server pppd[9555]: Modem hangup
Mar 30 22:08:17 server pppd[9555]: Exit.
Mar 30 22:08:17 server pptpd[9546]: GRE: read(fd=6,buffer=6075a0,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Mar 30 22:08:17 server pptpd[9546]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Mar 30 22:08:17 server pptpd[9546]: CTRL: Reaping child PPP[9555]
Mar 30 22:08:17 server pptpd[9546]: CTRL: Client 222.153.x.y control connection finished

As you can see, the problem seems to be the connection timing out after 30 seconds ("Mar 30 22:08:17 server pppd[9555]: LCP: timeout sending Config-Requests".

Over Wifi however (inside the local network) there are no issues:

Mar 30 22:12:33 unreal-server pptpd[12406]: CTRL: Client 192.168.0.100 control connection started
Mar 30 22:12:33 unreal-server pptpd[12406]: CTRL: Starting call (launching pppd, opening GRE)
Mar 30 22:12:33 unreal-server pppd[12407]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Mar 30 22:12:33 unreal-server pppd[12407]: pppd 2.4.5 started by root, uid 0
Mar 30 22:12:33 unreal-server pppd[12407]: Using interface ppp0
Mar 30 22:12:33 unreal-server pppd[12407]: Connect: ppp0 <--> /dev/pts/3
Mar 30 22:12:33 unreal-server pptpd[12406]: GRE: Bad checksum from pppd.
Mar 30 22:12:36 unreal-server pppd[12407]: peer from calling number 192.168.0.100 authorized
Mar 30 22:12:36 unreal-server pppd[12407]: MPPE 128-bit stateless compression enabled
Mar 30 22:12:36 unreal-server pppd[12407]: Cannot determine ethernet address for proxy ARP
Mar 30 22:12:36 unreal-server pppd[12407]: local  IP address 192.168.0.10
Mar 30 22:12:36 unreal-server pppd[12407]: remote IP address 192.168.1.1

I have set up an iptables config for the server; to check this isn't the problem I allowed all traffic temporarily, but this does NOT change the symptoms in the first example. Here is the output from /etc/iptables.rules.save

*filter
    :FORWARD ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
COMMIT

Even with these rules applied, the output from /var/log/syslog is LINE FOR LINE what I saw in the the first block of code.

Please note that before running this Ubuntu server; an old SME Server box was running in place of it, that had a pptpd server on it just like we are using, and we experienced no issues.

Brendan
  • 41
  • 1
  • 2
  • How is the pptp box connected? Does it have a public IP? Do you ave to go through a NAT or firewall to get to it? – Zoredache Mar 30 '12 at 17:38

3 Answers3

1

I suspect the problem you're having, is that on your router you have forwarded port 1723 (PPTP) to your server, but not the GRE protocol. (This isn't a port, but a whole protocol.)

The PPTP control channel is established over port 1723 TCP, but the actual packet flow uses the GRE protocol - and your LCP Config-Requests timeout from PPP is a suggestion that something is preventing this traffic from getting through.

Finally, make sure your mobile phone provider (is this Telecom in New Zealand?) allows you to make PPTP connections. If you are indeed on New Zealand's Telecom (XT), you may want to adjust your mobile APN (access point name) to 'direct.telecom.co.nz' - the default is 'internet.telecom.co.nz' .

Tim Woolford
  • 281
  • 1
  • 2
0

Did you open both port 1723 and 47? GRE requires port 47 to be open. If there's some NAT-ing involved, does your router have VPN passthrough enabled?

Also, should you have 2 routers between your server and the public internet the NAT-ing can be affected by this. Google "double NAT".

Chris
  • 241
  • 2
  • 8
0

I found this error too. First got 'GRE: Bad checksum from pppd.' and then 'GRE: read(fd=6,buffer=6075a0,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs'. In my case, it's because i am typing the wrong password. I t's not because of the GRE port 47 is blocked. And in my case even if i let port 47 blocked, vpn still work.

apporc
  • 111
  • 2