Topic: VPN Does it work or not. Will anybody fix it?

[kraz]

Im having the same problems with VPN and indows boxes logging on my 6.0 box as anybody else here.

I have a 5.0 instalation where it's working flawlessly.

Has anybody found a fix for it? Will anybody fix it?

I dont have the money to buy me at hardware VPN systm, so a linux box is my best solution!

Do I really have to revert my system to 5.0? Or change to another linux-distro? Hope not!

[raem]

Well I VPN into a 6.0 server all the time without problems, from Win98 & 2K. I suggest you search these forums on VPN and read all the posts, and examine your setup very carefully. That has to be a setup issue or router issue or even ISP issue.

You don't give near enough information to be able to troubleshoot your problem. Look at the logs and see what they say, the answer will be there somewhere.

Regs
Ray

[kraz_not_logged_in]

I have been looking at older posts, but I see others have the same problem. Is it something with encrypted passwords or?


I try to dial up with my usual username/password.

Then I get a screen wanting me to state it again.

after that I press OK again (not changing it)

After 3 tries I get a 734 error.

At one point I seemed to get logged in, but when registering my computer on the network I was disconnected....


I have followed the guides on this site, but they are made for 5.4 not for 6.0...and if it worked in 5.0 why did it change anyway??

I have a suspicion that it has something to do with my network settings or registering the computer on the network...


Setup is as follows:

INTERNET
   |
ROUTER IP 10.0.0.1
   |
E-Smith 6.0 NETCARD 1 IP 10.0.0.2
E-smith 6.0 NETCARD 2 IP 192.168.0.1 (DHCP)
   |
LOCAL
NETWORK
   |
SERVER, LAN PC's


I want to be able to reach  the server and the internal network.

Do I have to configure something in the
"Local networks" setting?


right now I have

Network     Subnet mask  Number of hosts Router Action

192.168.0.0 255.255.255.0 256

I have the same problem when connecting from the LAN, but not when connecting to our server, that has e-smith 5.0 installed...??


Here is a logfile from the login:


Apr  3 17:01:42 firewall pptpd[4340]: MGR: Launching /usr/sbin/pptpctrl to hand
le client
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: local address = 192.168.0.1
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: remote address = 192.168.0.242
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: pppd speed = 460800
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: pppd options file = /etc/ppp/option
s.pptpd
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Client 212.242.58.222 control conne
ction started
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Received PPTP Control Message (type
: 1)
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Made a START CTRL CONN RPLY packet
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: I wrote 156 bytes to the client.
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Sent packet to client
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Received PPTP Control Message (type
: 7)
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Set parameters to 1525 maxbps, 64 w
indow size
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Made a OUT CALL RPLY packet
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Starting call (launching pppd, open
ing GRE)
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: pty_fd = 5
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: tty_fd = 6
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: I wrote 32 bytes to the client.
Apr  3 17:01:42 firewall pptpd[4341]: CTRL (PPPD Launcher): Connection speed =
460800
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Sent packet to client
Apr  3 17:01:42 firewall pptpd[4341]: CTRL (PPPD Launcher): local address = 192
.168.0.1
Apr  3 17:01:42 firewall pptpd[4341]: CTRL (PPPD Launcher): remote address = 19
2.168.0.242
Apr  3 17:01:42 firewall pppd[4341]: pppd 2.4.2b1 started by root, uid 0
Apr  3 17:01:42 firewall pppd[4341]: Starting negotiation on /dev/pts/0
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Received PPTP Control Message (type
: 15)
Apr  3 17:01:42 firewall pptpd[4340]: CTRL: Got a SET LINK INFO packet with sta
ndard ACCMs
Apr  3 17:01:42 firewall pptpd[4340]: GRE: Discarding duplicate packet
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Received PPTP Control Message (type
: 15)
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Ignored a SET LINK INFO packet with
 real ACCMs!
Apr  3 17:01:45 firewall pppd[4341]: CHAP peer authentication failed for lk
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Received PPTP Control Message (type
: 15)
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Got a SET LINK INFO packet with sta
ndard ACCMs
Apr  3 17:01:45 firewall pppd[4341]: Connection terminated.
Apr  3 17:01:45 firewall pppd[4341]: Exit.
Apr  3 17:01:45 firewall pptpd[4340]: GRE: read(fd=5,buffer=804d940,len=8196) f
rom PTY failed: status = -1 error = Input/output error
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: PTY read or GRE write failed (pty,g
re)=(5,6)
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Client 212.242.58.222 control conne
ction finished
Apr  3 17:01:45 firewall pptpd[4340]: CTRL: Exiting now
Apr  3 17:01:45 firewall pptpd[3316]: MGR: Reaped child 4340


This doesnt make any sence to me, but maybe some of you can decode it?

[Anonymous]

Forgot to mention  that this is NOT an ISP problem..I have done it ton an win2k machine from outside the network before...

[raem]

You need to setup you router to forward TCP 1723, UDP 500, and protocol 47 to the sme box
see
http://forums.contribs.org/index.php?topic=10768.msg40627#msg40627
for general reference, and quite a few other posts if you care to search say on gre packets or VPN

What Windows OS/update are you using ?

Regs
Ray

[kraz]

Ive done that already... thats whats my problem...the router has been set up allready, and it HAS been working with a win2k pro box that recieved  the calls...now I want my e-smith to do the same...

[kraz]

So..I give up now...I dont have the time for trying to fix this myself...Ill have to go back to e-smit 5.0...It worked on that version...I was happy since this 6.0 version looked good and easy to use. But theres too much trouble with some of the important stuff ... Ill try it again in a while and hopefully somebody will have fixed it then...I cant...just happy that someone does actually fix the errors at some point.....

[raem]

>.....and hopefully somebody will have fixed it then

As far as I know there is no "error" with v6.0 & VPN, although somem users appear to have troubles, it seems more to do with workstation OS and/or router problems.

> I try to dial up with my usual username/password.
> Then I get a screen wanting me to state it again.  

I assume by "dial up" you mean establish the VPN connection ?
You need to log on to your local (Windows) PC with the same username and password as you have on the remote server. You would also establish your VPN login connection with the same username & password.

There have been lots of issues with WinXP VPN connections, you need the correct upgrade applied.
What OS and upgrade version are you using ?

When I upgraded sme some time ago (I think it was from 5.5 to 5.6) the VPN connection settings in Win2K no longer worked, I had to tick the box for
"Require data encryption (disconnect if none)", under the VPN setup Security tab.
It worked fine without that box ticked on earlier versions of sme, but not with v5.6 (and I assume v6.0 also).

If you don't have time to fix your VPN issue, which is not all that big a task, will you have time to rebuild your v5,0 server when it gets hacked (and clean up your data), that version of sme server is way out of date and NOT secure.
If your server gets hacked and someone sets up a open relay, then you'll get your IP blacklisted. How much time do you have to fix that problem ?
You should be running at least v5.6, and if you are going to upgrade to that, then you might as well upgrade to v6.0 to ensure you have a secure server.

Regs
Ray

[wykyd]

I am running the new 6.0.1 and the only prolem I had with VPN is trying to connect with a standard win 2K.
I added service pack 4 and never had a problem again. I can and have VPN into my server from many different machines.

Its not the server that is broken.

You have enabled this in remote connections.

What error are you getting?

[bobk]

So..I give up now...I dont have the time for trying to fix this myself...Ill have to go back to e-smit 5.0...It worked on that version...I was happy since this 6.0 version looked good and easy to use. But theres too much trouble with some of the important stuff ... Ill try it again in a while and hopefully somebody will have fixed it then...I cant...just happy that someone does actually fix the errors at some point.....

I agree with RayMitchell and wykyd, "there is no 'error' with v6.0 & VPN". Setting up vpn can be tedious and requires very close attention to detail. The smallest misconfiguation on the client will cause huge problems. Tripple check your client and both network setups (99% of problems are there, not on SME)! Look closely to see what it actually is, not what you think should be.

Look at this post http://forums.contribs.org/index.php?topic=21205.msg83987#msg83987

[wyron]

Gotcha !!
No, I tend to agree. There is no error in server 6.01-01, only in the minds of people like myself overlooking the basics.
The answer is of course to activate VPN-access for admin first of all (done locally in server-manager -> Users). Then (when you need to access server-manager off-site) let putty create a tunnel from port 980 on the client to port 22 (SSH) on your servers external address.
Only then you can tell your browser to access localhost:980
Simple, once you know the answer !
Silly me !

[dfuchs]

Hi everyone,

Ray -- When you say that you couldn't connect from a win2k machine without checking the "Require Data Encryption" box, what error did you get on the win2k machine?  Was it Error 619?  Actually, did you ever get an Error 619 when you upgraded from 5.5 to 5.6?  And if you can remember, what did you do to fix it?

I'm pretty sure I have things set up correctly according to the many posts on this error (on SME 6.0 and win2k SP4), but I'm still getting an Error 619.  The weird thing is that it was working perfectly for about an hour, and then stopped working.  Nothing was changed in between.  So, I'm just wondering if you did anything specific to deal with an Error 619 at any point in your upgrade.

Thanks!
Dan

[Anonymous]

Sorry don't recall the error messages, just know I had to tick that box to get it to either establish or maintain the VPN connection.

I believe there is a 10 minute timeout period ie if you establish a VPN connection and then it is disconnected for some reason, you will not be able to connect again for 10 minutes (the default timeout setting). I seem to recall reading that it could be adjusted, you would have to search to find that. I think Charlie Brady was giving the answer so search through all his posts and you may find it.

Regs
Ray Mitchell

[dfuchs]

Thanks for the reply.  I don't think it is a timeout issue; it has not worked at all since that initial hour (many weeks), even after rebooting.  Oh well, guess I'm going to have to downgrade.

Thanks anyway,
Dan

[Anonymous]

I agree with RayMitchell and wykyd, "there is no 'error' with v6.0 & VPN". Setting up vpn can be tedious and requires very close attention to detail. The smallest misconfiguation on the client will cause huge problems. Tripple check your client and both network setups (99% of problems are there, not on SME)! Look closely to see what it actually is, not what you think should be.

I don't know what you mean about tedious, you are talking about the pptp vpn right?
ipsec is tedious, but pptp is checking a box in server manager and clicking ok.

I completely disagree that the VPN works in 6x and this is why.
I have been using E-Smith/SME since version 3 something (so long ago I do not remember)
Setting up the VPN consisted of enabling it in server manager and connecting to it. That was it. Worked flawlessly for me.
That is until version 5.6, once I updated 2 different boxes to that version _BOOM_, the VPN don't work no more on either of them. 'Downgrade' to 5.5 and it works perfect. Same exact setup as before, absulutely nothing changed exept the version of E-Smith/SME.
This is still true with 6.x, for me and many others it would seem.
I even installed a new HD in my working SME, put 6.x on it, and the VPN is broken out of the box.
Connect the old HD, boot it up, connect via VPN absolutley no problem.
That would seem to tell me that something changed with regards to VPN in SME since I did not change anything else.

Anyone have an explanation for this problem?