vpn (pptp/ppp) problem

[piti]

hi there
after restart fsck found and repaired (?) errors on partition mounted as /var my vpn stopped working, well and some other stuff but that's already fixed
there is simply no connection possible

here's my /etc/ppp/options.pptpd:
name pptpd
debug
lock
mtu 1450
mru 1450
auth
proxyarp
+chap
+chapms
+chapms-v2
require-chapms-v2
mppe-128
mppe-stateless

/etc/pptpd.conf
option /etc/ppp/options.pptpd
debug
localip 192.168.1.1
remoteip 192.168.1.200-230

this is in the logs:
pptpd[3005]: CTRL: Client 1.2.3.4 control connection started
pptpd[3005]: CTRL: Starting call (launching pppd, opening GRE)
pppd[3006]: pppd 2.4.1 started by root, uid 0
pppd[3006]: Using interface ppp0
pppd[3006]: Connect: ppp0 <--> /dev/pts/6
pppd[3006]: LCP: timeout sending Config-Requests
pppd[3006]: Connection terminated.
pppd[3006]: Exit.
pptpd[3005]: GRE: read(fd=5,buffer=804da60,len=8196) from PTY failed: status = -1 error = Input/output error
leeloo pptpd[3005]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
pptpd[3005]: CTRL: Client 1.2.3.4 control connection finished

and this is tcpdump on the vpn dedicated interface
15:21:22.267985 IP 1.2.3.4.50004 > 10.0.0.1.1723: S 1294417031:1294417031(0) win 16384 <mss 1412,nop,nop,sackOK>
15:21:22.268198 IP 10.0.0.1.1723 > 1.2.3.4.50004: S 1306935075:1306935075(0) ack 1294417032 win 5840 <mss 1460,nop,nop,sackOK>
15:21:22.332424 IP 1.2.3.4.50004 > 10.0.0.1.1723: P 1:157(156) ack 1 win 16944: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) [|pptp]
15:21:22.332559 IP 10.0.0.1.1723 > 1.2.3.4.50004: . ack 157 win 5840
15:21:22.337829 IP 10.0.0.1.1723 > 1.2.3.4.50004: P 1:157(156) ack 157 win 5840: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) [|pptp]
15:21:22.411204 IP 1.2.3.4.50004 > 10.0.0.1.1723: P 157:325(168) ack 157 win 16788: pptp CTRL_MSGTYPE=OCRQ CALL_ID(18) [|pptp]
15:21:22.413455 IP 10.0.0.1.1723 > 1.2.3.4.50004: P 157:189(32) ack 325 win 6432: pptp CTRL_MSGTYPE=OCRP CALL_ID(0) [|pptp]
15:21:22.424735 IP 10.0.0.1 > 1.2.3.4: call 18 seq 0 gre-ppp-payload
15:21:22.600138 IP 1.2.3.4.50004 > 10.0.0.1.1723: . ack 189 win 16756
15:21:25.429306 IP 10.0.0.1 > 1.2.3.4: call 18 seq 1 gre-ppp-payload
15:21:28.439274 IP 10.0.0.1 > 1.2.3.4: call 18 seq 2 gre-ppp-payload
15:21:31.449245 IP 10.0.0.1 > 1.2.3.4: call 18 seq 3 gre-ppp-payload
15:21:34.459259 IP 10.0.0.1 > 1.2.3.4: call 18 seq 4 gre-ppp-payload
15:21:37.469292 IP 10.0.0.1 > 1.2.3.4: call 18 seq 5 gre-ppp-payload
15:21:40.479266 IP 10.0.0.1 > 1.2.3.4: call 18 seq 6 gre-ppp-payload
15:21:43.489277 IP 10.0.0.1 > 1.2.3.4: call 18 seq 7 gre-ppp-payload
15:21:46.499250 IP 10.0.0.1 > 1.2.3.4: call 18 seq 8 gre-ppp-payload
15:21:49.509248 IP 10.0.0.1 > 1.2.3.4: call 18 seq 9 gre-ppp-payload
15:21:52.522188 IP 10.0.0.1.1723 > 1.2.3.4.50004: F 189:189(0) ack 325 win 6432
15:21:52.572844 IP 1.2.3.4.50004 > 10.0.0.1.1723: F 325:325(0) ack 190 win 16756
15:21:52.573000 IP 10.0.0.1.1723 > 1.2.3.4.50004: . ack 326 win 6432

any idea what's wrong?

 

[piti]

forgot to add pppd log file report:
using channel 16
Using interface ppp0
Connect: ppp0 <--> /dev/pts/6
sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap 81> <magic 0x4e3a7591> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap 81> <magic 0x4e3a7591> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap 81> <magic 0x4e3a7591> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap 81> <magic 0x4e3a7591> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap 81> <magic 0x4e3a7591> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap 81> <magic 0x4e3a7591> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap 81> <magic 0x4e3a7591> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap 81> <magic 0x4e3a7591> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap 81> <magic 0x4e3a7591> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap 81> <magic 0x4e3a7591> <pcomp> <accomp>]
LCP: timeout sending Config-Requests
Connection terminated.

 

[John Lewis]

GRE (protocol 47) is not making it's way from the client to the server. If all of the changes have taken place on the linux box and there are no changes to the client or the network between, most likely cause would be a firewall rule dropping GRE or if you policy is other than accept lack of a rule allowing it.

Could also be that the GRE packets originating on the server are not getting to the client. Again, I would look at firewall rules. Might try to run Ethereal on the client to see if there are any GRE packets getting there and if a response is generated (assuming a Windows client, tcpdump should do if a linux box, although Ethereal is nicer there as well).

 

[piti]

even with firewall turned off (on both sides) it's not working, that was the first thing i thought about - but the firewall rules were not changed :-|

 

[piti]

so, looks like the client is misconfigured, the connection attempt from another computer on the same remote network was successfull