I have a Red Hat 9 box with pptpd 1.2.1-1 & ppp-2.4.3-0.cvs_20040527.6. I have also tried several other versions of both packages. The box is my gateway/firewall/and VPN server. When I try to cennect to PPTP from the LAN side it works fine. When I try to connect to the WAN side from a remote location I get the following:
pptpd[7465]: CTRL: Client 63.195.17.6 control connection started
pptpd[7465]: CTRL: Starting call (launching pppd, opening GRE)
pppd[7466]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
pppd[7466]: pptpd-logwtmp: $Version$
kernel: application bug: pppd(7466) has SIGCHLD set to SIG_IGN but calls wait().
kernel: (see the NOTES section of 'man 2 wait'). Workaround activated.
pppd[7466]: pppd 2.4.3 started by root, uid 0
pppd[7466]: Using interface ppp1
pppd[7466]: Connect: ppp1 <--> /dev/pts/2
pptpd[7465]: GRE: Bad checksum from pppd.
pptpd[7465]: GRE: read(fd=5,buffer=8056740,len=8260) from network failed: status = -1 error = Protocol not available
localhost /etc/hotplug/net.agent: assuming ppp1 is already up
localhost pptpd[7465]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4)
pppd[7466]: Modem hangup
pppd[7466]: Connection terminated.
/etc/hotplug/net.agent: NET unregister event not supported
pppd[7466]: Exit.
pptpd[7465]: CTRL: Client 63.195.17.6 control connection finished
I have found many others with the same or similar problems, but none of them seemed to have any answers.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have a Red Hat 9 box with pptpd 1.2.1-1 & ppp-2.4.3-0.cvs_20040527.6. I have also tried several other versions of both packages. The box is my gateway/firewall/and VPN server. When I try to cennect to PPTP from the LAN side it works fine. When I try to connect to the WAN side from a remote location I get the following:
pptpd[7465]: CTRL: Client 63.195.17.6 control connection started
pptpd[7465]: CTRL: Starting call (launching pppd, opening GRE)
pppd[7466]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
pppd[7466]: pptpd-logwtmp: $Version$
kernel: application bug: pppd(7466) has SIGCHLD set to SIG_IGN but calls wait().
kernel: (see the NOTES section of 'man 2 wait'). Workaround activated.
pppd[7466]: pppd 2.4.3 started by root, uid 0
pppd[7466]: Using interface ppp1
pppd[7466]: Connect: ppp1 <--> /dev/pts/2
pptpd[7465]: GRE: Bad checksum from pppd.
pptpd[7465]: GRE: read(fd=5,buffer=8056740,len=8260) from network failed: status = -1 error = Protocol not available
localhost /etc/hotplug/net.agent: assuming ppp1 is already up
localhost pptpd[7465]: CTRL: GRE read or PTY write failed (gre,pty)=(5,4)
pppd[7466]: Modem hangup
pppd[7466]: Connection terminated.
/etc/hotplug/net.agent: NET unregister event not supported
pppd[7466]: Exit.
pptpd[7465]: CTRL: Client 63.195.17.6 control connection finished
I have found many others with the same or similar problems, but none of them seemed to have any answers.
BTW when I compare the log from WAN connections to the log from LAN connections the only difference is:
pptpd[7465]: GRE: read(fd=5,buffer=8056740,len=8260) from network failed: status = -1 error = Protocol not available
My iptables -L -n looks like:
target prot opt source destination
ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
tcpflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
tcpflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
tcpflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
tcpflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
tcpflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
tcpflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
firewalled icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.1.1
ACCEPT all -- 0.0.0.0/0 255.255.255.255
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
firewalled all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
silent udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137
silent udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138
silent udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:139
silent udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:445
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
Chain firewalled (2 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 15/min burst 5 LOG flags 0 level 4 prefix `Firewalled:'
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain silent (4 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain tcpflags (6 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 15/min burst 5 LOG flags 0 level 4 prefix `TCPflags:'
DROP all -- 0.0.0.0/0 0.0.0.0/0
tcpdump gives:
16:44:16.410713 XX.XX.XX.XX > XX.XX.XX.XX: gre [KSAv1] ID:4000 S:0 A:4294967295 ppp: Conf-Req(1), ACCM=00000000, Auth-Prot CHAP/MSCHAPv2, Magic-Num=47545104, PFC, ACFC (DF)
16:44:16.418813 XX.XX.XX.XX.1723 > XX.XX.XX.XX.2178: . ack 349 win 6432 (DF)
and:
icmp: XX.XX.XX.XX protocol 47 unreachable
I wiped my drive clean and loaded Fedora Core 3 and loaded my software. I loaded poptop before I even had a firewall up with the same exact problem.