Hi folks,
I am using openSUSE 12.1 (x86_64) and want to run a vpn server so I can use an encrypted connection over my home internet connection when I am somewhere on a wireless network with my ipod touch.
So far, I installed pptpd, set localip in /etc/pptpd.conf to match my current ip and set up a user and password in /etc/ppp/chap-secrets.
I then configured the firewall to allow tcp traffic on port 1723.
Then I just typed pptpd to start it and tried to connect from my ipod touch. I used the public IP address of my home computer, which results in the message “pptp-vpn server does not respond”.
Is there anything more I have to do or anything I misconfigured?
Thanks a lot
I use a pptp vpn client frequently, but have less experience with the pptp server configuration. Did you create/edit /etc/ppp/pptpd-options to configure the server?
Examples:
opensuse - Setting up VPN on server for use with iPhone. How to? - Server Fault
Linux VPN Server/Client Setup - Apollo III Communications (FAQ)
Yes, I used the configuration stated in the first link.
According to /var/log/messages, everything should be fine
May 8 21:41:33 piura pptpd[5544]: MGR: Manager process started
May 8 21:41:33 piura pptpd[5544]: MGR: Maximum of 100 connections available
May 8 21:41:33 piura pptpd[5535]: Starting MS VPN server pptpd..done
However, my ipod still gives me “The PPTP-VPN server did not respond. Try reconnecting.”. I don’t even know how to see more specific error messages on the iphone/ipad…
Any ideas?
Thanks
I assume you have a static IP address (from your ISP). Are you connecting via a router. If so, the router logs might tell the story.
No, my external IP changes from time to time, but not so often, which should be okay. I have an internal IP which apparently doesn’t change, though.
My problem is, how do I access my router’s log files (if they exist)? It’s a router delivered by my ISP and there is no information about how to connect to it…
On 2012-05-10 19:16, checkfrogger wrote:
>
> No, my external IP changes from time to time, but not so often, which
> should be okay. I have an internal IP which apparently doesn’t change,
> though.
> My problem is, how do I access my router’s log files (if they exist)?
> It’s a router delivered by my ISP and there is no information about how
> to connect to it…
You can not do an vpn without configuring your router for it.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)
My problem is, how do I access my router’s log files (if they exist)? It’s a router delivered by my ISP and there is no information about how to connect to it…
Many routers can be accessed via an http interface for monitoring and configuration .You may have to search online for the model. The next issue will probably be authentication, to get in…
Router IP Address - Ways to Find Your Router’s IP Addresses
Thanks guys, I finally managed to get access to the router. I checked the router logs, but absolutely nothing appears when I try to connect via pptp-vpn.
Now I’m puzzled how to properly configure it, any hint is appreciated!
You will need to make sure your router/firewall is capable and configured to forward (or allow) TCP port 1723 to the PPTP VPN server. For specific help, you may need to provide your router model.
Ok, that wasn’t overly difficult to allow port 1723. Now the ipod apparently sees the server and says “A connection could not be established to the PPP server. Try reconnecting.”
I assumed wrong authentication information and established new user/pass combinations in /etc/ppp/chap-secrets, then restarted the pptpd daemon, but I still get the same error. What else could be wrong?
You may need to configure /etc/sysctl.conf (server end) to make sure IP forwarding is enabled ie ‘net.ipv4.ip_forward=1’ is present.
I don’t have experience with using an iPod, (although I do have an iPhone and we have a PPTP-VPN server at work).
If you can, I’d try with a Windows or Linux client first. With a Linux client, you could open a terminal on the client end, and start
sudo tail -f /var/log/messages
and note what is reported when trying to connect. (Examining the kernel messages of the server may also assist with providing information about what is failing).
On 2012-05-12 22:56, deano ferrari wrote:
> Code:
> --------------------
> sudo tail -f /var/log/messages
> --------------------
Just a side note: instead of “tail -f” use “tailf”.
The advantage is that it doesn’t trigger disk activity when the file
doesn’t grow. It doesn’t matter in this particular case, though.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)
Use what works. Absolutely no advantage here. It is run for a short time to assist with the actual problem at hand.
Editing sysctl.conf indeed triggered some action. When I start the daemon, everything looks fine (/var/log/messages on server side):
May 13 09:27:35 piura pptpd[2172]: Shutting down MS VPN server pptpd..done
May 13 09:27:35 piura kernel: 231.661652] PPP MPPE Compression module registered
May 13 09:27:35 piura pptpd[2190]: MGR: Manager process started
May 13 09:27:35 piura pptpd[2190]: MGR: Maximum of 100 connections available
May 13 09:27:35 piura pptpd[2181]: Starting MS VPN server pptpd..done
Then I connect (again from the ipod since I don’t have another machine available at the moment) and get the following appended to /var/log/messages, again on the server side:
May 13 09:27:55 piura pptpd[2191]: MGR: Launching /usr/sbin/pptpctrl to handle client
May 13 09:27:55 piura pptpd[2191]: CTRL: local address = 192.168.1.37
May 13 09:27:55 piura pptpd[2191]: CTRL: remote address = 192.168.1.100
May 13 09:27:55 piura pptpd[2191]: CTRL: pppd speed = 115200
May 13 09:27:55 piura pptpd[2191]: CTRL: pppd options file = /etc/ppp/options.ppp0
May 13 09:27:55 piura pptpd[2191]: CTRL: Client 83.76.200.14 control connection started
May 13 09:27:55 piura pptpd[2191]: CTRL: Received PPTP Control Message (type: 1)
May 13 09:27:55 piura pptpd[2191]: CTRL: Made a START CTRL CONN RPLY packet
May 13 09:27:55 piura pptpd[2191]: CTRL: I wrote 156 bytes to the client.
May 13 09:27:55 piura pptpd[2191]: CTRL: Sent packet to client
May 13 09:27:55 piura pptpd[2191]: CTRL: Received PPTP Control Message (type: 7)
May 13 09:27:55 piura pptpd[2191]: CTRL: Set parameters to 100000000 maxbps, 64 window size
May 13 09:27:55 piura pptpd[2191]: CTRL: Made a OUT CALL RPLY packet
May 13 09:27:55 piura pptpd[2191]: CTRL: Starting call (launching pppd, opening GRE)
May 13 09:27:55 piura pptpd[2191]: CTRL: pty_fd = 6
May 13 09:27:55 piura pptpd[2191]: CTRL: tty_fd = 7
May 13 09:27:55 piura pptpd[2191]: CTRL: I wrote 32 bytes to the client.
May 13 09:27:55 piura pptpd[2191]: CTRL: Sent packet to client
May 13 09:27:55 piura pptpd[2192]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
May 13 09:27:55 piura pptpd[2192]: CTRL (PPPD Launcher): local address = 192.168.1.37
May 13 09:27:55 piura pptpd[2192]: CTRL (PPPD Launcher): remote address = 192.168.1.100
May 13 09:27:55 piura pppd[2192]: pppd 2.4.5 started by root, uid 0
May 13 09:27:55 piura pptpd[2191]: CTRL: Received PPTP Control Message (type: 15)
May 13 09:27:55 piura pptpd[2191]: CTRL: Got a SET LINK INFO packet with standard ACCMs
May 13 09:27:55 piura pppd[2192]: Using interface ppp0
May 13 09:27:55 piura pppd[2192]: Connect: ppp0 <--> /dev/pts/3
May 13 09:27:56 piura pptpd[2191]: GRE: buffering packet #1 (expecting #0, lost or reordered)
May 13 09:27:57 piura pptpd[2191]: GRE: timeout waiting for 1 packets
May 13 09:27:57 piura pptpd[2191]: GRE: accepting #1 from queue
May 13 09:27:59 piura pptpd[2191]: GRE: accepting packet #2
May 13 09:28:02 piura pptpd[2191]: GRE: accepting packet #3
May 13 09:28:05 piura pptpd[2191]: GRE: accepting packet #4
May 13 09:28:08 piura pptpd[2191]: GRE: accepting packet #5
May 13 09:28:11 piura pptpd[2191]: GRE: accepting packet #6
May 13 09:28:14 piura pptpd[2191]: GRE: accepting packet #7
May 13 09:28:17 piura pptpd[2191]: GRE: accepting packet #8
May 13 09:28:20 piura pptpd[2191]: GRE: accepting packet #9
May 13 09:28:23 piura pptpd[2191]: GRE: accepting packet #10
May 13 09:28:26 piura pptpd[2191]: CTRL: EOF or bad error reading ctrl packet length.
May 13 09:28:26 piura pptpd[2191]: CTRL: couldn't read packet header (exit)
May 13 09:28:26 piura pptpd[2191]: CTRL: CTRL read failed
May 13 09:28:26 piura pptpd[2191]: CTRL: Reaping child PPP[2192]
May 13 09:28:26 piura pppd[2192]: Modem hangup
May 13 09:28:26 piura pppd[2192]: Connection terminated.
May 13 09:28:26 piura avahi-daemon[897]: Withdrawing workstation service for ppp0.
May 13 09:28:26 piura pppd[2192]: Exit.
May 13 09:28:26 piura pptpd[2191]: CTRL: Client 83.76.200.14 control connection finished
May 13 09:28:26 piura pptpd[2191]: CTRL: Exiting now
May 13 09:28:26 piura pptpd[2190]: MGR: Reaped child 2191
So there are a few errors like “couldn’t read packet header” - my naive guess: might it be that the client and server are using different protocols somehow?
Well it appears that you’re connecting okay
May 13 09:27:55 piura pptpd[2191]: MGR: Launching /usr/sbin/pptpctrl to handle client
May 13 09:27:55 piura pptpd[2191]: CTRL: local address = 192.168.1.37
May 13 09:27:55 piura pptpd[2191]: CTRL: remote address = 192.168.1.100
May 13 09:27:55 piura pptpd[2191]: CTRL: pppd speed = 115200
May 13 09:27:55 piura pptpd[2191]: CTRL: pppd options file = /etc/ppp/options.ppp0
May 13 09:27:55 piura pptpd[2191]: CTRL: Client 83.76.200.14 control connection started
May 13 09:27:55 piura pptpd[2191]: CTRL: Received PPTP Control Message (type: 1)
May 13 09:27:55 piura pptpd[2191]: CTRL: Made a START CTRL CONN RPLY packet
May 13 09:27:55 piura pptpd[2191]: CTRL: I wrote 156 bytes to the client.
May 13 09:27:55 piura pptpd[2191]: CTRL: Sent packet to client
May 13 09:27:55 piura pptpd[2191]: CTRL: Received PPTP Control Message (type: 7)
May 13 09:27:55 piura pptpd[2191]: CTRL: Set parameters to 100000000 maxbps, 64 window size
May 13 09:27:55 piura pptpd[2191]: CTRL: Made a OUT CALL RPLY packet
May 13 09:27:55 piura pptpd[2191]: CTRL: Starting call (launching pppd, opening GRE)
May 13 09:27:55 piura pptpd[2191]: CTRL: pty_fd = 6
May 13 09:27:55 piura pptpd[2191]: CTRL: tty_fd = 7
May 13 09:27:55 piura pptpd[2191]: CTRL: I wrote 32 bytes to the client.
May 13 09:27:55 piura pptpd[2191]: CTRL: Sent packet to client
May 13 09:27:55 piura pptpd[2192]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
May 13 09:27:55 piura pptpd[2192]: CTRL (PPPD Launcher): local address = 192.168.1.37
May 13 09:27:55 piura pptpd[2192]: CTRL (PPPD Launcher): remote address = 192.168.1.100
May 13 09:27:55 piura pppd[2192]: pppd 2.4.5 started by root, uid 0
May 13 09:27:55 piura pptpd[2191]: CTRL: Received PPTP Control Message (type: 15)
May 13 09:27:55 piura pptpd[2191]: CTRL: Got a SET LINK INFO packet with standard ACCMs
May 13 09:27:55 piura pppd[2192]: Using interface ppp0
May 13 09:27:55 piura pppd[2192]: Connect: ppp0 <--> /dev/pts/3
It’s not clear to me exactly what is causing the CTRL errors you’re experiencing. You might want to test again a few times to see if it fails consistently, or randomly. Here’s a reference showing a successful connection dialogue:
PPTP works with two sessions: a TCP session to port 1723 to initialize and manage the connection and a GRE tunnel to encapsulate PPP packets. The PPP packets are encrypted using the MPPE “Microsoft Point-to-Point Encryption“) protocol.
PPTP works with two sessions: a TCP session to port 1723 to initialize and manage the connection and a GRE tunnel to encapsulate PPP packets. The PPP packets are encrypted using the MPPE “Microsoft Point-to-Point Encryption“) protocol.
I’m at the limits of my knowledge assisting with this. (I’ve never had a problem with a client, but only with Linux devices). You might want to examine the packets further with
sudo /usr/sbin/tcpdump -i eth1 tcp port 1723 or proto 47
or save them to a file (eg tcp.txt)
sudo /usr/sbin/tcpdump -i eth1 tcp port 1723 or proto 47 -w tcp.txt
I’ve came across threads like this while searching for iP**** device VPN connectivity issues:
http://ubuntuforums.org/archive/index.php/t-1804471.html
It suggests that PPTP support may be broken for iOS devices.