EDIT : My searches leaded me to GRE packets : they seem to be exchanged on IP port (not TCP one) 47. It seems to be quite painful to handle it with iptables. So question become : how can I transmit GRE packets through interfaces on my custom router? This answer seems not working in my case.

I'm trying to build my own router based on a fanless machine on which I installed Debian 9.6.

So far, it works on normal connection, traffic is correctly forward from lan to wan. I have trouble establishing VPN connection from my desktop machine to a VPN server. This connection is working when I remove my router form the path.

So far, I did :

  • Interface renaming (I've got now wan and lan, through /etc/udev/rules.d/70-persistent-net.rules)

ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 11:22:33:44:55:66 brd ff:ff:ff:ff:ff:ff
    inet brd scope global wan
       valid_lft forever preferred_lft forever
    inet6 fe80::4262:31ff:fe01:14ad/64 scope link 
       valid_lft forever preferred_lft forever
3: lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 77:88:99:00:aa:bb brd ff:ff:ff:ff:ff:ff
    inet brd scope global lan
       valid_lft forever preferred_lft forever
    inet6 fe80::4262:31ff:fe01:14ae/64 scope link 
       valid_lft forever preferred_lft forever
  • DHCP server for lan subnet (

subnet netmask { range; option routers; option broadcast-address; }

  • Traffic forwarding using iptables


My /etc/network/interfaces file :

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto wan
allow-hotplug wan
iface wan inet dhcp

auto lan
allow-hotplug lan
iface lan inet static

auto wifi
allow-hotplug wifi
iface wifi inet static

/var/log/syslog outputs this while connection is trying to be made :

Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:939]: Outgoing call established (call ID 28628, peer's call ID 27745).
Nov 29 14:59:51 nicolas pppd[7202]: LCP: timeout sending Config-Requests

Please note there are 30 seconds delay below 2 traces, as it's stated it looks like timeout.

Full trace below :

Nov 29 14:59:19 nicolas NetworkManager[927]: <info>  [1543499959.8921] audit: op="connection-activate" uuid="bc714f1c-5ba0-44f8-800f-1a1cf45d17d1" name="Niort" pid=6877 uid=1000 result="success"
Nov 29 14:59:19 nicolas NetworkManager[927]: <info>  [1543499959.8965] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: Started the VPN service, PID 7195
Nov 29 14:59:19 nicolas NetworkManager[927]: <info>  [1543499959.9059] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: Saw the service appear; activating connection
Nov 29 14:59:20 nicolas NetworkManager[927]: <info>  [1543499960.0440] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN connection: (ConnectInteractive) reply received
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: pppd started with pid 7202
Nov 29 14:59:20 nicolas NetworkManager[927]: <info>  [1543499960.0468] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN plugin: state changed: starting (3)
Nov 29 14:59:20 nicolas pppd[7202]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
Nov 29 14:59:20 nicolas NetworkManager[927]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
Nov 29 14:59:20 nicolas pppd[7202]: pppd 2.4.7 started by root, uid 0
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
Nov 29 14:59:20 nicolas pppd[7202]: Using interface ppp0
Nov 29 14:59:20 nicolas NetworkManager[927]: Using interface ppp0
Nov 29 14:59:20 nicolas NetworkManager[927]: Connect: ppp0 <--> /dev/pts/4
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Nov 29 14:59:20 nicolas pppd[7202]: Connect: ppp0 <--> /dev/pts/4
Nov 29 14:59:20 nicolas NetworkManager[927]: nm_device_get_device_type: assertion 'NM_IS_DEVICE (self)' failed
Nov 29 14:59:20 nicolas NetworkManager[927]: <info>  [1543499960.0525] manager: (ppp0): new Generic device (/org/freedesktop/NetworkManager/Devices/23)
Nov 29 14:59:20 nicolas pptp[7207]: nm-pptp-service-7195 log[main:pptp.c:350]: The synchronous pptp option is NOT activated
Nov 29 14:59:20 nicolas NetworkManager[927]: <info>  [1543499960.0582] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Nov 29 14:59:20 nicolas NetworkManager[927]: <info>  [1543499960.0585] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Nov 29 14:59:20 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 1 'Start-Control-Connection-Request'
Nov 29 14:59:20 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:781]: Received Start Control Connection Reply
Nov 29 14:59:20 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:815]: Client connection established.
Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 7 'Outgoing-Call-Request'
Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:900]: Received Outgoing Call Reply.
Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:939]: Outgoing call established (call ID 28628, peer's call ID 27745).
Nov 29 14:59:51 nicolas pppd[7202]: LCP: timeout sending Config-Requests
Nov 29 14:59:51 nicolas NetworkManager[927]: LCP: timeout sending Config-Requests
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
Nov 29 14:59:51 nicolas NetworkManager[927]: Connection terminated.
Nov 29 14:59:51 nicolas pppd[7202]: Connection terminated.
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: Terminated ppp daemon with PID 7202.
Nov 29 14:59:51 nicolas NetworkManager[927]: <warn>  [1543499991.0852] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN plugin: failed: connect-failed (1)
Nov 29 14:59:51 nicolas NetworkManager[927]: <info>  [1543499991.0853] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN plugin: state changed: stopping (5)
Nov 29 14:59:51 nicolas NetworkManager[927]: <error> [1543499991.0867] platform-linux: do-change-link[24]: failure changing link: failure 19 (Aucun périphérique de ce type)
Nov 29 14:59:51 nicolas NetworkManager[927]: <warn>  [1543499991.0873] device (ppp0): failed to disable userspace IPv6LL address handling
Nov 29 14:59:51 nicolas NetworkManager[927]: <info>  [1543499991.0891] devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Nov 29 14:59:51 nicolas NetworkManager[927]: <info>  [1543499991.0895] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN service disappeared
Nov 29 14:59:51 nicolas gnome-session[3198]: Gjs-Message: JS LOG: Removing a network device that was not added
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
Nov 29 14:59:51 nicolas pptp[7207]: nm-pptp-service-7195 warn[decaps_hdlc:pptp_gre.c:220]: short read (-1): Input/output error
Nov 29 14:59:51 nicolas NetworkManager[927]: Terminating on signal 15
Nov 29 14:59:51 nicolas NetworkManager[927]: Child process /usr/sbin/pptp --nolaunchpppd --loglevel 0 --logstring nm-pptp-service-7195 (pid 7205) terminated with signal 15
Nov 29 14:59:51 nicolas NetworkManager[927]: Modem hangup
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
Nov 29 14:59:51 nicolas pptp[7207]: nm-pptp-service-7195 warn[decaps_hdlc:pptp_gre.c:232]: pppd may have shutdown, see pppd log
Nov 29 14:59:51 nicolas pppd[7202]: Terminating on signal 15
Nov 29 14:59:51 nicolas pptp[7225]: nm-pptp-service-7195 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
Nov 29 14:59:51 nicolas pppd[7202]: Child process /usr/sbin/pptp --nolaunchpppd --loglevel 0 --logstring nm-pptp-service-7195 (pid 7205) terminated with signal 15
Nov 29 14:59:51 nicolas pppd[7202]: Modem hangup
Nov 29 14:59:51 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 12 'Call-Clear-Request'
Nov 29 14:59:51 nicolas pptp[7225]: nm-pptp-service-7195 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
Nov 29 14:59:51 nicolas pppd[7202]: Exit.

Does anyone get a lead about the mistake at stake here? How can I configure either my VPN client or my router to properly forward VPN trafic?


  • How is the remote VPN server configured? Please note that the concept of "VPN", where you encrypt random traffic and tunnel it over the Internet, has multiple implementations. PPTP is one (but certainly not the only one); if the remote server doesn't run PPTP but some other VPN implementation, then obviously that would not work... – Wouter Verhelst Nov 30 '18 at 12:22
  • Thanks for your reply. I don't have the exact answer about VPN configuration, but I think you missed a sentence in my (long though) post : "This connection is working when I remove my router form the path.". AFAIS, my client configuration is not at stake here. Nonetheless, I'm editing the post because my investigtions semme to go around GRE packets that could be blocked. – nbonniot Dec 03 '18 at 09:01

