Can anyone provide some insight into getting my openSUSE 11.1 to connect to a Windows PPTP VPN?
Here’s what I tried:
- Installed pptp and pptp network manager packages
- Added a new PPTP VPN connection, specified username, password, etc. etc. (I’ll get to the specifics later)
- I also tried running the pppd command directly, to see if it creates more logging messages:
pppd noauth nobsdcomp nodeflate require-mppe-128 name DOMAIN\\username remotename vpn.server.ca pty “pptp x.x.x.x --nolaunchpppd”
Where x.x.x.x is the IP of the VPN server, vpn.server.ca the server name and DOMAIN\\username my domain credentials, matching those in the chap-secrets file.
When I check the log messages created in /var/log/messages, it seems that the connection attempt hangs on:
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x746f56e9> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x746f56e9> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x746f56e9> <pcomp> <accomp>]
…
These messages are repeated every 2s until a minute has expired and then the connection is terminated:
sent [LCP TermReq id=0x2 “User request”]
Modem hangup
Connection terminated.
To (hopefully) eliminate hardware, network, router, firewall issues, etc.: I can successfully connect to this VPN while running a VMWare WinXP virtual machine hosted on this same box.
I also traced the TCP packets using tcpdump. I compared the successful connection with the WinXP VM and the failed connection directly from the Linux box: I’ll list the successful connection TCP dump first and then the dump from the (failed) Linux attempt (see bottom of this message).
I have no knowledge of VPN protocol whatsoever, but here are a couple of things that seem odd:
- The successful attempt has the WinXP client (192.168.1.120) sending a CTRL_MSGTYPE=SLI message after the server’s CTRL_MSGTYPE=OCRP message, whereas this is not happening in the Linux connection.
- After the WinXP client sends “GREv1, call 157”, the server responds with “GREv1, call 0”, whereas the Linux client “GREv1, call 157” is responded to by the server with “GREv1, call 32768”, to which the client simply waits 2 seconds and then sends the “GREv1, call 0” again…
SUCCESS: WinXP VM on Linux host PPTP connection:
16:38:01.100235 IP x.x.x.x.1723 > 192.168.1.120.1081: P 157:189(32) ack 325 win 65211: pptp CTRL_MSGTYPE=OCRP CALL_ID(157) PEER_CALL_ID(0) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(14808325) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
16:38:01.111336 IP 192.168.1.120.1081 > x.x.x.x.1723: P 325:349(24) ack 189 win 65132: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(157) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
16:38:01.111354 IP 192.168.1.120.1081 > x.x.x.x.1723: P 325:349(24) ack 189 win 65132: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(157) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
16:38:01.116340 IP 192.168.1.120 > x.x.x.x: GREv1, call 157, seq 0, length 37: LCP, Conf-Request (0x01), id 0, length 23
16:38:01.116356 IP 192.168.1.120 > x.x.x.x: GREv1, call 157, seq 0, length 37: LCP, Conf-Request (0x01), id 0, length 23
16:38:01.207857 IP x.x.x.x > 192.168.1.120: GREv1, call 0, seq 0, ack 0, length 77: LCP, Conf-Request (0x01), id 0, length 59
16:38:01.208122 IP x.x.x.x > 192.168.1.120: GREv1, call 0, seq 1, length 37: LCP, Conf-Ack (0x02), id 0, length 23
16:38:01.208444 IP 192.168.1.120 > x.x.x.x: GREv1, call 157, seq 1, ack 1, length 55: LCP, Conf-Reject (0x04), id 0, length 37
16:38:01.208452 IP 192.168.1.120 > x.x.x.x: GREv1, call 157, seq 1, ack 1, length 55: LCP, Conf-Reject (0x04), id 0, length 37
16:38:01.297748 IP x.x.x.x > 192.168.1.120: GREv1, call 0, seq 2, ack 1, length 46: LCP, Conf-Request (0x01), id 1, length 28
16:38:01.298553 IP 192.168.1.120 > x.x.x.x: GREv1, call 157, seq 2, ack 2, length 46: LCP, Conf-Ack (0x02), id 1, length 28
16:38:01.298576 IP 192.168.1.120 > x.x.x.x: GREv1, call 157, seq 2, ack 2, length 46: LCP, Conf-Ack (0x02), id 1, length 28
16:38:01.299493 IP 192.168.1.120 > x.x.x.x: GREv1, call 157, seq 3, length 32: LCP, Ident (0x0c), id 1, length 20
16:38:01.299510 IP 192.168.1.120 > x.x.x.x: GREv1, call 157, seq 3, length 32: LCP, Ident (0x0c), id 1, length 20
16:38:01.299882 IP 192.168.1.120 > x.x.x.x: GREv1, call 157, seq 4, length 35: LCP, Ident (0x0c), id 2, length 23
16:38:01.299895 IP 192.168.1.120 > x.x.x.x: GREv1, call 157, seq 4, length 35: LCP, Ident (0x0c), id 2, length 23
16:38:01.317758 IP x.x.x.x.1723 > 192.168.1.120.1081: . ack 349 win 65187
FAILED: Linux host direct PPTP connection:
16:41:17.574049 IP x.x.x.x.1723 > 192.168.1.105.53550: P 157:189(32) ack 325 win 65211 <nop,nop,timestamp 881928 5076511>: pptp CTRL_MSGTYPE=OCRP CALL_ID(157) PEER_CALL_ID(0) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(14808325) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
16:41:17.574146 IP 192.168.1.105.53550 > x.x.x.x.1723: . ack 189 win 6432 <nop,nop,timestamp 5076534 881928>
16:41:17.574926 IP 192.168.1.105 > x.x.x.x: GREv1, call 157, seq 1, length 36: LCP, Conf-Request (0x01), id 1, length 22
16:41:17.664204 IP x.x.x.x > 192.168.1.105: GREv1, call 32768, seq 0, ack 1, length 77: LCP, Conf-Request (0x01), id 0, length 59
16:41:17.664325 IP x.x.x.x > 192.168.1.105: GREv1, call 32768, seq 1, length 36: LCP, Conf-Ack (0x02), id 1, length 22
16:41:19.338922 IP 192.168.1.105 > x.x.x.x: GREv1, call 157, seq 2, length 36: LCP, Conf-Request (0x01), id 1, length 22
16:41:19.436513 IP x.x.x.x > 192.168.1.105: GREv1, call 32768, seq 2, ack 2, length 40: LCP, Conf-Ack (0x02), id 1, length 22
16:41:19.651528 IP x.x.x.x > 192.168.1.105: GREv1, call 32768, seq 3, length 73: LCP, Conf-Request (0x01), id 1, length 59
16:41:21.342648 IP 192.168.1.105 > x.x.x.x: GREv1, call 157, seq 3, length 36: LCP, Conf-Request (0x01), id 1, length 22
16:41:21.439002 IP x.x.x.x > 192.168.1.105: GREv1, call 32768, seq 4, ack 3, length 40: LCP, Conf-Ack (0x02), id 1, length 22