cannot connect via pptpd + routing

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

cannot connect via pptpd + routing

Postby qwertyjjj on Sun Dec 02, 2012 7:06 am

I have setup pptpd but cannot connect from client.
Any ideas what could be wrong?

This is my current routing:
Code: Select all
[root ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun1
172.16.0.2      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun1
172.16.0.0      172.16.0.2      255.255.255.0   UG    0      0        0 tun0
88.xxx.xxx.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         88.xxx.xxx.1    0.0.0.0         UG    0      0        0 eth0
[root ~]#


I want to add a 3rd network for use with a PPTP VPN 10.8.1.0/24

Also, I have this routing in ioptables, so how do I get the pptp port to be redirected?
Code: Select all

-A PREROUTING -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 443 -j DNAT --to-destination 88.xxx.xxx.xx9:1194
-A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j SNAT --to-source 88.xxx.xxx.xx9
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1460
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu



add port 1723
-A PREROUTING -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 1723 -j DNAT --to-destination 88.xxx.xxx.xx9:1723
-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o eth0 -j MASQUERADE

Here is my iptables:
Code: Select all
# Generated by iptables-save v1.4.7 on Sun Nov 25 22:45:46 2012
*mangle
:PREROUTING ACCEPT [1490053707:1036617946585]
:INPUT ACCEPT [625694708:365286746462]
:FORWARD ACCEPT [859720908:670949790610]
:OUTPUT ACCEPT [760469091:982961370679]
:POSTROUTING ACCEPT [1620189999:1653911161289]
COMMIT
# Completed on Sun Nov 25 22:45:46 2012
# Generated by iptables-save v1.4.7 on Sun Nov 25 22:45:46 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [390:204397]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8002 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 9001 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8080 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1935 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 5001 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5001 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp --dport 1723 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -p gre -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i tun+ -j ACCEPT
-A RH-Firewall-1-INPUT -i tap+ -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Nov 25 22:45:46 2012
# Generated by iptables-save v1.4.7 on Sun Nov 25 22:45:46 2012
*nat
:PREROUTING ACCEPT [11980035:900517415]
:POSTROUTING ACCEPT [2124769:132314589]
:OUTPUT ACCEPT [2124633:132309469]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 172.16.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Nov 25 22:45:46 2012




I get this in the log and the Windows connection just times out

Code: Select all

Nov 25 00:00:12 jason rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="5395" x-info="web"] rsyslogd was HUPed
Nov 25 22:29:53 jason kernel: tun0: Disabled Privacy Extensions
Nov 25 22:31:04 jason kernel: tun0: Disabled Privacy Extensions
Nov 25 22:38:01 jason pptpd[25853]: MGR: Maximum of 100 connections reduced to 91, not enough IP addresses given
Nov 25 22:38:01 jason pptpd[25854]: MGR: Manager process started
Nov 25 22:38:01 jason pptpd[25854]: MGR: Maximum of 91 connections available
Nov 25 22:42:15 jason pptpd[25916]: MGR: Maximum of 100 connections reduced to 91, not enough IP addresses given
Nov 25 22:42:15 jason pptpd[25917]: MGR: Manager process started
Nov 25 22:42:15 jason pptpd[25917]: MGR: Maximum of 91 connections available
Nov 25 22:50:05 jason kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Nov 25 22:50:05 jason kernel: nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
Nov 25 22:50:41 jason pptpd[26072]: CTRL: Client 86.15.42.109 control connection started
Nov 25 22:50:41 jason pptpd[26072]: CTRL: Starting call (launching pppd, opening GRE)
Nov 25 22:50:41 jason pppd[26073]: Warning: can't open options file /root/.ppprc: Permission denied
Nov 25 22:50:41 jason pppd[26073]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Nov 25 22:50:41 jason kernel: PPP generic driver version 2.4.2
Nov 25 22:50:41 jason pppd[26073]: pppd 2.4.5 started by root, uid 0
Nov 25 22:50:41 jason pppd[26073]: Using interface ppp0
Nov 25 22:50:41 jason pppd[26073]: Connect: ppp0 <--> /dev/pts/0
Nov 25 22:50:41 jason pptpd[26072]: GRE: Bad checksum from pppd.
Nov 25 22:51:11 jason pppd[26073]: LCP: timeout sending Config-Requests
Nov 25 22:51:11 jason pppd[26073]: Connection terminated.
Nov 25 22:51:11 jason pppd[26073]: Modem hangup
Nov 25 22:51:11 jason pppd[26073]: Exit.
Nov 25 22:51:11 jason pptpd[26072]: GRE: read(fd=6,buffer=611860,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of $
Nov 25 22:51:11 jason pptpd[26072]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Nov 25 22:51:11 jason pptpd[26072]: CTRL: Client 86.15.42.109 control connection finished
qwertyjjj
Level 1
Level 1
 
Posts: 35
Joined: Sun Nov 25, 2012 6:07 am

Linux Mint is funded by ads and donations.
 

Re: cannot connect via pptpd + routing

Postby qwertyjjj on Mon Dec 03, 2012 3:37 pm

could this be a problem?
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
qwertyjjj
Level 1
Level 1
 
Posts: 35
Joined: Sun Nov 25, 2012 6:07 am


Return to Newbie Questions

Who is online

Users browsing this forum: austin.texas, niowluka, wpshooter and 42 guests