Hi,
I'm having trouble getting my VPN to work. I use one computer for
internet routing being connected to my DSL modem via eth1 (192.168.0.3)
while another ethernet card eth0 (192.168.0.2) links to my desktop
computer with its ethernet card being eth0 (192.168.0.1).
I read a lot about problems forwarding gre data without a patched kernel,
but as vpn works with my desktop computer running windows 2000 I don't
think the routing is the problem.
When calling pptp/pppd like this:
pptp vpn-internet.uni-muenster.de debug passive local nodetach name *** >
/var/log/pptp.log
The output is:
using channel 23
Using interface ppp0
Connect: ppp0 <--> /dev/pts/4
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3b4e566e> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3b4e566e> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3b4e566e> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3b4e566e> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3b4e566e> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3b4e566e> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3b4e566e> <pcomp> <accomp>]
Terminating on signal 15.
sent [LCP TermReq id=0x2 "User request"]
sent [LCP TermReq id=0x3 "User request"]
Connection terminated.
When logging the eth0 device using tcpdump:
tcpdump: listening on eth0
17:31:19.349164 Paul.32778 > dns03.btx.dtag.de.domain: 11656+ (46) (DF)
17:31:19.349728 Paul.32779 > dns03.btx.dtag.de.domain: 10694+ (43) (DF)
17:31:19.566080 dns03.btx.dtag.de.domain > Paul.32778: 11656 1/0/0 (62) (DF)
17:31:19.567455 Paul.32998 > C72VPN-IPVPN.UNI-MUENSTER.DE.1723: S 1479539663:1479539663(0) win 5440 <mss 1360,sackOK,timestamp 10079479[|tcp]> (DF)
17:31:19.569152 dns03.btx.dtag.de.domain > Paul.32779: 10694* 1/0/0 (74) (DF)
17:31:19.569756 Paul.32779 > dns03.btx.dtag.de.domain: 10695+ (46) (DF)
17:31:19.734760 C72VPN-IPVPN.UNI-MUENSTER.DE.1723 > Paul.32998: S 1892368647:1892368647(0) ack 1479539664 win 4128 <mss 536>
17:31:19.734833 Paul.32998 > C72VPN-IPVPN.UNI-MUENSTER.DE.1723: . ack 1 win 5440 (DF)
17:31:19.735593 Paul.32998 > C72VPN-IPVPN.UNI-MUENSTER.DE.1723: P 1:157(156) ack 1 win 5440 (DF)
17:31:19.790025 C72VPN-IPVPN.UNI-MUENSTER.DE.1723 > Paul.32998: . ack 157 win 3972
17:31:19.792686 C72VPN-IPVPN.UNI-MUENSTER.DE.1723 > Paul.32998: P 1:157(156) ack 157 win 3972
17:31:19.792706 Paul.32998 > C72VPN-IPVPN.UNI-MUENSTER.DE.1723: . ack 157 win 5440 (DF)
17:31:19.807426 dns03.btx.dtag.de.domain > Paul.32779: 10695 1/0/0 (88) (DF)
17:31:20.737980 Paul.32998 > C72VPN-IPVPN.UNI-MUENSTER.DE.1723: P 157:325(168) ack 157 win 5440 (DF)
17:31:20.790309 C72VPN-IPVPN.UNI-MUENSTER.DE.1723 > Paul.32998: . ack 325 win 3804
17:31:20.854704 C72VPN-IPVPN.UNI-MUENSTER.DE.1723 > Paul.32998: P 157:189(32) ack 325 win 3804
17:31:20.854753 Paul.32998 > C72VPN-IPVPN.UNI-MUENSTER.DE.1723: . ack 189 win 5440 (DF)
17:31:22.856993 Paul > C72VPN-IPVPN.UNI-MUENSTER.DE: gre-proto-0x880B (gre encap)
17:31:23.877629 Paul > C72VPN-IPVPN.UNI-MUENSTER.DE: gre-proto-0x880B (gre encap)
17:31:26.878169 Paul > C72VPN-IPVPN.UNI-MUENSTER.DE: gre-proto-0x880B (gre encap)
17:31:29.878712 Paul > C72VPN-IPVPN.UNI-MUENSTER.DE: gre-proto-0x880B (gre encap)
17:31:32.883463 Paul > C72VPN-IPVPN.UNI-MUENSTER.DE: gre-proto-0x880B (gre encap)
17:31:35.882802 Paul > C72VPN-IPVPN.UNI-MUENSTER.DE: gre-proto-0x880B (gre encap)
17:31:38.883327 Paul > C72VPN-IPVPN.UNI-MUENSTER.DE: gre-proto-0x880B (gre encap)
17:31:40.885576 C72VPN-IPVPN.UNI-MUENSTER.DE.1723 > Paul.32998: P 189:337(148) ack 325 win 3804
17:31:40.885637 Paul.32998 > C72VPN-IPVPN.UNI-MUENSTER.DE.1723: . ack 337 win 5440 (DF)
17:31:40.887437 C72VPN-IPVPN.UNI-MUENSTER.DE.1723 > Paul.32998: P 337:353(16) ack 325 win 3804
17:31:40.887453 Paul.32998 > C72VPN-IPVPN.UNI-MUENSTER.DE.1723: . ack 353 win 5440 (DF)
17:31:40.889328 Paul.32998 > C72VPN-IPVPN.UNI-MUENSTER.DE.1723: P 325:341(16) ack 353 win 5440 (DF)
17:31:40.891547 Paul.32998 > C72VPN-IPVPN.UNI-MUENSTER.DE.1723: F 341:341(0) ack 353 win 5440 (DF)
17:31:40.895295 Paul > C72VPN-IPVPN.UNI-MUENSTER.DE: gre-proto-0x880B (gre encap)
17:31:40.977363 C72VPN-IPVPN.UNI-MUENSTER.DE.1723 > Paul.32998: . ack 341 win 3788
17:31:40.978834 C72VPN-IPVPN.UNI-MUENSTER.DE.1723 > Paul.32998: . ack 342 win 3788
17:31:40.981657 C72VPN-IPVPN.UNI-MUENSTER.DE.1723 > Paul.32998: FP 353:353(0) ack 342 win 3788
17:31:40.981712 Paul.32998 > C72VPN-IPVPN.UNI-MUENSTER.DE.1723: . ack 354 win 5440 (DF)
17:31:43.894643 Paul > C72VPN-IPVPN.UNI-MUENSTER.DE: gre-proto-0x880B (gre encap)
17:31:45.881684 arp who-has Paul tell Server
17:31:45.881730 arp reply Paul is-at 0:7:95:35:66:91
To me this looks like there's no gre response from the vpn server incoming
at my desktop computer, which could be caused by my NAT, which is
configured like this:
source /etc/init.d/functions
echo -n "Setting Up Gateway Services..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "65535" > /proc/sys/net/ipv4/ip_conntrack_max
/usr/bin/iptables -P INPUT ACCEPT
/usr/bin/iptables -F INPUT
/usr/bin/iptables -P OUTPUT ACCEPT
/usr/bin/iptables -F OUTPUT
/usr/bin/iptables -t nat -F
/usr/bin/iptables -A FORWARD -i ppp0 -o eth1 -m state --state ESTABLISHED,RELAT$/usr/bin/iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT
/usr/bin/iptables -A FORWARD -j LOG
/usr/bin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
evaluate_retval
But I don't understant why the Win2000 VPN is working while gre packets
seem to get lost under linux.
I hope that's not too much log files beeing posted but I think they might
help to illustrate my problem. Thanks so far for reading and any help will
be very appreciated,
Paul
Similar Threads
Linear Mode
