Topic: VPN configuration assistance please

[turtle2472]

I have set SME 7.2 (all the latest updates) to allow 3 users to connect via PPTP with only 3 users allow VPN rights.  When I attempt to connect it fails every time.

I either get:

Registering you computer on the network...
Error 734: The PPP link control protocol was terminated.

or I get:

Could not negotiate a connection with the remote ppp server.  Please verify your settings and try again.

Using the default PPTP VPN configuration I have my address set as mydomain.dyndns.org and then my user name and password for my SME account.  I am getting the same error when attempting to connect via Mac or PC with standard settings in both.  And I also am unable to connect via my cell phone (WM6 HTC TyTN II).  Is there something I'm missing? 

I've read and re-read the section on VPN in the documentation and it doesn't seem like it should be this challenging. I've also disabled and re-enabled PPTP VPN in hopes it might work.     I've attempted

[pmstewart]

I am getting the same error when attempting to connect via Mac or PC with standard settings in both.  And I also am unable to connect via my cell phone (WM6 HTC TyTN II).  Is there something I'm missing? 

Obviously, your trying to connect outside the network with the cell phone.

How are you trying to tunnel in with Mac or PC - from inside your network or outside?

Is the SME 7.2 running in gateway or server only mode?

[turtle2472]

Obviously, your trying to connect outside the network with the cell phone.

How are you trying to tunnel in with Mac or PC - from inside your network or outside?

Outside of my network.  I would just hop onto someone else's signal (I have about 10+ APs at any given time and about half unsecured) and attempt to sign in.  On my PC I would share my connection with my cell phone as well as hop onto other wireless APs.

Is the SME 7.2 running in gateway or server only mode?

It's running in servergateway mode.  No router between it and my cable modem.  It is a dynamic IP, but I verified it's FQDN is resolving correctly by viewing a web page from outside the network.  I have 55 open DHCP addresses available too.

[Stefano]

hi

it seems to be a GRE protocol issue

pptp vpn needs tcp port 1723 and protocol 47 (GRE)..

many isps, expecially mobile ones, block the last one.

Hth
ciao

Stefano

[turtle2472]

Ok, so now I just need to find out if my ISP and mobile provider are blocking those ports.

Is there any other possibility?

[Stefano]

Ok, so now I just need to find out if my ISP and mobile provider are blocking those ports.

well.. you can do something like

Code: [Select]

grep -i pp*pd /var/log/messages

and see if there is an error

HTH
Ciao
Stefano

[turtle2472]

Ok, this is what I get for one of the sessions in the log, they are all the same with the exception of the time:

Code: [Select]

Dec  5 180:07:52 lenny pppd[31995]: Plugin radius.so loaded
Dec  5 180:07:52 lenny pppd[31995]: RADIUS plugin initialized.
Dec  5 180:07:52 lenny pppd[31995]: pppd 2.4.4 started by root, uid 0
Dec  5 180:07:52 lenny pppd[31995]: Using interface ppp0
Dec  5 180:07:52 lenny pppd[31995]: Connect: ppp0 <--> /dev/pts/0
Dec  5 180:07:55 lenny pppd[31995]: MPPE required, but kernel has no support.
Dec  5 180:07:55 lenny pppd[31995]: Connection terminated.
Dec  5 180:07:55 lenny pppd[31995]: Connect time 0.1 minutes.
Dec  5 180:07:55 lenny pppd[31995]: Sent 0 bytes, recieved 0 bytes.
Dec  5 180:07:55 lenny pppd[31995]: Exit.
Dec  5 180:07:55 lenny pptpd[31995]: GRE: read(fd=6,buffer=804e5a0,len=8196) from d termination of pppd, check option syntax and pppd logs

[pfloor]

>Dec  5 180:07:55 lenny pppd[31995]: MPPE required, but kernel has no support.

This is usually caused by kernel/kmod mismatch.  What do the following show?

rpm -qa kernel*
rpm -qa kmod*
uname -r

[turtle2472]

>Dec  5 180:07:55 lenny pppd[31995]: MPPE required, but kernel has no support.

This is usually caused by kernel/kmod mismatch.  What do the following show?

rpm -qa kernel*

kernel-utils-2.4-13.1.99
kernel-2.6.9-55.0.6.EL
kernel-2.6.9-55.0.9.EL
kernel-2.6.9-55.0.12.EL
kernel-2.6.9-55.0.2.EL

rpm -qa kmod*

kmod-slip-1.0-2.2.6.9_55.0.12.EL
kmod-ppp-1.0.2-2.2.6.9_55.0.12.EL
kmod-appletalk-1.0-2.2.6.9_55.0.12.EL

uname -r

2.6.9-55.0.2.EL

[raem]

turtle2472

Looks like you are booting to a older (different than kmod) kernel.
Edit /boot/grub/grub.conf and change
default=0
where your first listed kernel is
2.6.9-55.0.12.ELsmp

It's OK to run the smp kernel on single processor systems.

Then see if that fixes your VPN issue.

You can also select the "correct" kernel at start up if you are quick.

[turtle2472]

turtle2472

Looks like you are booting to a older (different than kmod) kernel.
Edit /boot/grub/grub.conf and change
default=0
where your first listed kernel is
2.6.9-55.0.12.ELsmp

It's OK to run the smp kernel on single processor systems.

Then see if that fixes your VPN issue.

You can also select the "correct" kernel at start up if you are quick.

I don't know how to edit it.  I just don't know *inx well enough.  I have SSH connected to the server but don't know how to edit that file. :/

[raem]

turtle2472

You can select the correct kernel at startup when the appropriate screen is displayed (ie a list of kernels), and I think that selection remains permanently changed. It's only on for a few seconds so be quick.

Otherwise login as root & do
pico -w /boot/grub/grub.conf

CAREFULLY make any necessary changes eg assuming the first listed kernel is what you want then change the line to read.
default=0
Ctrl o (to save)
Ctrl x (to exit)

then reboot.

[turtle2472]

turtle2472

You can select the correct kernel at startup when the appropriate screen is displayed (ie a list of kernels), and I think that selection remains permanently changed. It's only on for a few seconds so be quick.

Otherwise login as root & do
pico -w /boot/grub/grub.conf

CAREFULLY make any necessary changes eg assuming the first listed kernel is what you want then change the line to read.
default=0
Ctrl o (to save)
Ctrl x (to exit)

then reboot.

Ok, I have done the command line edit and here are my results:

Code: [Select]

[root@lenny ~]# rpm -qa kernel*
kernel-utils-2.4-13.1.99
kernel-2.6.9-55.0.6.EL
kernel-2.6.9-55.0.9.EL
kernel-2.6.9-55.0.12.EL
kernel-2.6.9-55.0.2.EL
[root@lenny ~]# rpm -qa kmod*
kmod-slip-1.0-2.2.6.9_55.0.12.EL
kmod-ppp-1.0.2-2.2.6.9_55.0.12.EL
kmod-appletalk-1.0-2.2.6.9_55.0.12.EL
[root@lenny ~]# uname -r
2.6.9-55.0.12.EL
I haven't tried connecting yet because I'm pressed for time and will have to test later.  Does this look right though?

[raem]

turtle2472

rpm -qa kmod*
kmod-slip-1.0-2.2.6.9_55.0.12.EL
kmod-ppp-1.0.2-2.2.6.9_55.0.12.EL
kmod-appletalk-1.0-2.2.6.9_55.0.12.EL
uname -r
2.6.9-55.0.12.EL
Does this look right though?

The kernel & module versions you are running now match, so that should have removed any VPN issues associated with mismatching.

[turtle2472]

turtle2472

The kernel & module versions you are running now match, so that should have removed any VPN issues associated with mismatching.

Thank you all so much for this help.  I have now been able to connect with my Mac and PC using an external connection (read: neighbors unsecured WiFi).  This is a major step for me though I don't know when I lost my ability to VPN because the last time I needed it was back in early October.

I have been able to connect via tethering my cell phone now too.  I'm still having an issue with connecting directly from the cell phone, but this is clearly an issue on my end with configuration since my server is connecting when being used as a modem for XP and when connecting through WiFi from both Mac and XP.

Thanks again everyone who helped out, I wouldn't have had a clue how to fix this.  I am curious though as to what caused the mismatch?  Any ideas?  I don't want this to happen again if I can help it, though at least now I can refer back to this thread to check.