Topic: pptp vpn connexion problems

[gdbs]

Hi,

I have a problem with vpn connexion:

When i try to connect from a computer directly connected to Internet, I can connect without any problem tu my server with a fresh sme 7.1.
This is the "message" file log on server (i've change my public address to 123.123.123.123):

Code: [Select]


Jan 11 22:51:49 server pptpd[8398]: CTRL: Client 123.123.123.123 control connection started
Jan 11 22:51:49 server pptpd[8398]: CTRL: Starting call (launching pppd, opening GRE)
Jan 11 22:51:49 server pppd[8399]: Plugin radius.so loaded.
Jan 11 22:51:49 server pppd[8399]: RADIUS plugin initialized.
Jan 11 22:51:49 server pppd[8399]: pppd 2.4.4 started by root, uid 0
Jan 11 22:51:49 server kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Jan 11 22:51:49 server pppd[8399]: Using interface ppp0
Jan 11 22:51:49 server pppd[8399]: Connect: ppp0 <--> /dev/pts/0
Jan 11 22:51:49 server pptpd[8398]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jan 11 22:51:50 server pppd[8399]: MPPE 128-bit stateless compression enabled
Jan 11 22:51:51 server pppd[8399]: found interface eth0 for proxy arp
Jan 11 22:51:51 server pppd[8399]: local  IP address 192.168.100.1
Jan 11 22:51:51 server pppd[8399]: remote IP address 192.168.101.253
Jan 11 22:51:52 server esmith::event[8423]: Processing event: ip-up.pptpd ppp0 /dev/pts/0 460800 192.168.100.1 192.168.101.253 pptpd
Jan 11 22:51:52 server esmith::event[8423]: Running event handler: /etc/e-smith/events/actions/generic_template_expand
Jan 11 22:51:52 server esmith::event[8423]: expanding /etc/rc.d/init.d/masq  
Jan 11 22:51:53 server esmith::event[8423]: generic_template_expand=action|Event|ip-up.pptpd|Action|generic_template_expand|Start|1168552312 742764|End|1168552313 497313|Elapsed|0.754549
Jan 11 22:51:53 server esmith::event[8423]: Running event handler: /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access
Jan 11 22:51:53 server /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access[8425]: /home/e-smith/db/configuration: OLD pptpd=service|Interfaces||TCPPort|1723|access|public|sessions|2|status|enabled
Jan 11 22:51:53 server /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access[8425]: /home/e-smith/db/configuration: NEW pptpd=service|Interfaces|ppp0|TCPPort|1723|access|public|sessions|2|status|enabled
Jan 11 22:51:53 server esmith::event[8423]: S70pptp-interface-access=action|Event|ip-up.pptpd|Action|S70pptp-interface-access|Start|1168552313 497610|End|1168552313 667529|Elapsed|0.169919
Jan 11 22:51:53 server esmith::event[8423]: Running event handler: /etc/e-smith/events/actions/adjust-services
Jan 11 22:51:53 server esmith::event[8423]: adjusting non-supervised masq (adjust)  
Jan 11 22:51:54 server esmith::event[8423]: adjust-services=action|Event|ip-up.pptpd|Action|adjust-services|Start|1168552313 667880|End|1168552314 418151|Elapsed|0.750271


But when i try to connect to this server from a network with an other sme 7.1 server, I have an error 619 just after the login/password identification. This is the "message" log file:

Code: [Select]


Jan 10 11:15:16 server pptpd[9203]: CTRL: Client 123.123.123.123 control connection started
Jan 10 11:15:17 server pptpd[9203]: CTRL: Starting call (launching pppd, opening GRE)
Jan 10 11:15:17 server pppd[9204]: Plugin radius.so loaded.
Jan 10 11:15:17 server pppd[9204]: RADIUS plugin initialized.
Jan 10 11:15:17 server pppd[9204]: pppd 2.4.4 started by root, uid 0
Jan 10 11:15:17 server kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Jan 10 11:15:17 server pppd[9204]: Using interface ppp0
Jan 10 11:15:17 server pppd[9204]: Connect: ppp0 <--> /dev/pts/0
Jan 10 11:15:17 server pptpd[9203]: GRE: read(fd=7,buffer=8056c40,len=8260) from network failed: status = -1 error = Protocol not available
Jan 10 11:15:17 server pptpd[9203]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
Jan 10 11:15:17 server pptpd[9203]: CTRL: Reaping child PPP[9204]
Jan 10 11:15:17 server pppd[9204]: Modem hangup
Jan 10 11:15:17 server pppd[9204]: Connection terminated.
Jan 10 11:15:17 server kernel: divert: no divert_blk to free, ppp0 not ethernet
Jan 10 11:15:17 server pppd[9204]: Exit.
Jan 10 11:15:17 server pptpd[9203]: CTRL: Client 123.123.123.123 control connection finished



But one time, I've been able to establish a connexion... after 5:00pm... when a lot of people left the office... but when i try to connect for a computer directly connected to Internet, i can establish a vpn connection when i want during the day! This is the log of the connection after 5:00pm:

Code: [Select]


Jan  9 17:13:57 server pptpd[1371]: CTRL: Client 123.123.123.123 control connection started
Jan  9 17:13:57 server pptpd[1371]: CTRL: Starting call (launching pppd, opening GRE)
Jan  9 17:13:57 server pppd[1372]: Plugin radius.so loaded.
Jan  9 17:13:57 server pppd[1372]: RADIUS plugin initialized.
Jan  9 17:13:57 server pppd[1372]: pppd 2.4.4 started by root, uid 0
Jan  9 17:13:57 server kernel: divert: not allocating divert_blk for non-ethernet device ppp1
Jan  9 17:13:57 server pppd[1372]: Using interface ppp1
Jan  9 17:13:57 server pppd[1372]: Connect: ppp1 <--> /dev/pts/1
Jan  9 17:13:57 server pptpd[1371]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jan  9 17:13:57 server pppd[1372]: MPPE 128-bit stateless compression enabled
Jan  9 17:13:59 server pppd[1372]: found interface eth0 for proxy arp
Jan  9 17:13:59 server pppd[1372]: local  IP address 192.168.100.1
Jan  9 17:13:59 server pppd[1372]: remote IP address 192.168.101.254
Jan  9 17:13:59 server esmith::event[1396]: Processing event: ip-up.pptpd ppp1 /dev/pts/1 460800 192.168.100.1 192.168.101.254 pptpd
Jan  9 17:13:59 server esmith::event[1396]: Running event handler: /etc/e-smith/events/actions/generic_template_expand
Jan  9 17:13:59 server esmith::event[1396]: expanding /etc/rc.d/init.d/masq  
Jan  9 17:14:00 server esmith::event[1396]: generic_template_expand=action|Event|ip-up.pptpd|Action|generic_template_expand|Start|1168359239 803303|End|1168359240 158999|Elapsed|0.355696
Jan  9 17:14:00 server esmith::event[1396]: Running event handler: /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access
Jan  9 17:14:00 server /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access[1398]: /home/e-smith/db/configuration: OLD pptpd=service|Interfaces|ppp0|TCPPort|1723|access|public|sessions|2|status|enabled
Jan  9 17:14:00 server /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access[1398]: /home/e-smith/db/configuration: NEW pptpd=service|Interfaces|ppp0,ppp1|TCPPort|1723|access|public|sessions|2|status|enabled
Jan  9 17:14:00 server esmith::event[1396]: S70pptp-interface-access=action|Event|ip-up.pptpd|Action|S70pptp-interface-access|Start|1168359240 159302|End|1168359240 300008|Elapsed|0.140706
Jan  9 17:14:00 server esmith::event[1396]: Running event handler: /etc/e-smith/events/actions/adjust-services
Jan  9 17:14:00 server esmith::event[1396]: adjusting non-supervised masq (adjust)  
Jan  9 17:14:00 server esmith::event[1396]: adjust-services=action|Event|ip-up.pptpd|Action|adjust-services|Start|1168359240 300274|End|1168359240 781262|Elapsed|0.480988


both servers have same kernel 2.6.9-42.0.3.ELsmp

these are 2 xeon 3GHz (the server i try to establish connection is a bi-processor) 2Gi Ram, HDD SCSI hard raid 1.

thanx for your help!

[gdbs]

up up up

[ryppn]

From previous experience I believe the SME server you are passing through requires the number of pptp clients set to zero. If you already have this I'm out of ideas.

Best Regards

[gdbs]

thx for your help.

if i do this, i'll be able to establish a connection to this server if i have to! And the problem was not present with sme 7.0.

[brianr]

this is the subject of a bug report (that I submitted).

http://bugs.contribs.org/show_bug.cgi?id=2146

I think the devs are waiting for some tcpdumps so that they can see what is happening.  I haven't been in a position to provide them as yet..

[heneb]

I cant even VPN into a new SME 7.1 install,Gives me error 721 cannot connect to remote peer.
Also in log divert_blk cannot be allocated

[tosing]

Probably your problem is that you've updated to a new kernel and the kernel modules are still in testing.
If this is a production server then you are not advised to use the testing repos, there are some unstable packages in there.

IF you are running kernel 2.6.9-42.0.8 (check with uname -r) read the line in red again before doing this:

Code: [Select]

yum -y --enablerepo=smeupdates-testing update kmod*; signal-event post-upgrade; signal-event reboot

[skydivers]

IF you are running kernel 2.6.9-42.0.8 (check with uname -r) read the line in red again before doing this:

Code: [Select]

yum -y --enablerepo=smeupdates-testing update kmod*; signal-event post-upgrade; signal-event reboot[/quote]

This works for me!

Thanks

[ryppn]

Works for me too.

[ben]

This fix worked for me too.

Is SME taking those update packages from the RHEL/CentOS upstream? IMO, kernel updates shouldn't be in the release repos unless their corresponding kmod packages are also released - as demonstrated, it's breaking functionality for lots of people.

[warren]

Is SME taking those update packages from the RHEL/CentOS upstream? IMO, kernel updates shouldn't be in the release repos unless their corresponding kmod packages are also released - as demonstrated, it's breaking functionality for lots of people.

This issue is in the bug tracker.

also, follow these instructions :

http://forums.contribs.org/index.php?topic=35886.0

especially the part :

...because searching and lurking solved almost all my issues.

as well as those on the top of the "Post a reply" page.


warren

[imcintyre]

I am getting notifications that there are updates in smeupdates-testing. I have tried to disable this destination on the software installer page by holding Ctrl and clicking on smeupdates - testing, but it still stays in the list. Help?

[raem]

imcintyre

Click on the repos you want.

[imcintyre]

I held down Ctrl and clicked on the ones I wanted and they are now "blue" or highlighted. The smeupdates - testing is still on the list but is "white". Is this correct? Sorry for being "thick" but I don't find this intuitive.

[raem]

imcintyre

Yes