VPN problems

Hiya!

I'm Joshua, and I'm part of the Technology working group for #Occupy
Wall Street. I'm trying to get a VPN set up on one of our hosts, so that
we can bypass the diabolical ISP that our building insists we use who
blocks everything in creation. I'm running into a few problems.

I'm following this tutorial here:
http://poptop.sourceforge.net/dox/debian-howto.phtml
and also this one here:
http://www.initcron.org/sysadmin/how...rver-on-debian
-50-lenny/

I've set everything up as recommended (the two tutorials seem almost
identical to me, and I'm hardly a virgin when it comes to networking),
and it kinda almost works. I'm trying to do a test login with my iphone,
and here's where I'm running into trouble. Here's the output from syslog:

Dec 7 12:48:10 occupyeverything pptpd[4658]: CTRL: Client 69.10.70.163
control connection started
Dec 7 12:48:10 occupyeverything pptpd[4658]: CTRL: Starting call
(launching pppd, opening GRE)
Dec 7 12:48:10 occupyeverything pppd[4660]: Plugin
/usr/lib/pptpd/pptpd-logwtmp.so loaded.
Dec 7 12:48:10 occupyeverything pppd[4660]: pptpd-logwtmp: $Version$
Dec 7 12:48:10 occupyeverything pppd[4660]: pppd options in effect:
Dec 7 12:48:10 occupyeverything pppd[4660]: debug#011#011# (from
/etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: domain
occupyeverything.info#011#011# (from /etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: dump#011#011# (from
/etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: plugin
/usr/lib/pptpd/pptpd-logwtmp.so#011#011# (from command line)
Dec 7 12:48:10 occupyeverything pppd[4660]: require-mschap-v2#011#011#
(from /etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: refuse-pap#011#011# (from
/etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: refuse-chap#011#011# (from
/etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: refuse-mschap#011#011#
(from /etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: name pptpd#011#011# (from
/etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: pptpd-original-ip
69.10.70.163#011#011# (from command line)
Dec 7 12:48:10 occupyeverything pppd[4660]: 115200#011#011# (from
command line)
Dec 7 12:48:10 occupyeverything pppd[4660]: lock#011#011# (from
/etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: crtscts#011#011# (from
/etc/ppp/options)
Dec 7 12:48:10 occupyeverything pppd[4660]: local#011#011# (from
command line)
Dec 7 12:48:10 occupyeverything pppd[4660]: asyncmap 0#011#011# (from
/etc/ppp/options)
Dec 7 12:48:10 occupyeverything pppd[4660]: lcp-echo-failure 4#011#011#
(from /etc/ppp/options)
Dec 7 12:48:10 occupyeverything pppd[4660]: lcp-echo-interval
30#011#011# (from /etc/ppp/options)
Dec 7 12:48:10 occupyeverything pppd[4660]: hide-password#011#011#
(from /etc/ppp/options)
Dec 7 12:48:10 occupyeverything pppd[4660]: ipparam
69.10.70.163#011#011# (from command line)
Dec 7 12:48:10 occupyeverything pppd[4660]: ms-dns xxx # [don't know
how to print value]#011#011# (from /etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: nodefaultroute#011#011#
(from /etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: proxyarp#011#011# (from
/etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]:
192.168.0.1:192.168.0.234#011#011# (from command line)
Dec 7 12:48:10 occupyeverything pppd[4660]: nobsdcomp#011#011# (from
/etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: require-mppe-128#011#011#
(from /etc/ppp/pptpd-options)
Dec 7 12:48:10 occupyeverything pppd[4660]: noipx#011#011# (from
/etc/ppp/options)
Dec 7 12:48:10 occupyeverything pppd[4660]: pppd 2.4.5 started by root,
uid 0
Dec 7 12:48:10 occupyeverything pppd[4660]: using channel 5
Dec 7 12:48:10 occupyeverything pppd[4660]: Using interface ppp0
Dec 7 12:48:10 occupyeverything pppd[4660]: Connect: ppp0 <-->
/dev/pts/2
Dec 7 12:48:10 occupyeverything pppd[4660]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS-v2> <magic 0xe417d252> <pcomp> <accomp>]
Dec 7 12:48:10 occupyeverything pptpd[4658]: GRE: Bad checksum from
pppd.
Dec 7 12:48:13 occupyeverything pppd[4660]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS-v2> <magic 0xe417d252> <pcomp> <accomp>]
Dec 7 12:48:16 occupyeverything pppd[4660]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS-v2> <magic 0xe417d252> <pcomp> <accomp>]
Dec 7 12:48:19 occupyeverything pppd[4660]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS-v2> <magic 0xe417d252> <pcomp> <accomp>]
Dec 7 12:48:22 occupyeverything pppd[4660]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS-v2> <magic 0xe417d252> <pcomp> <accomp>]
Dec 7 12:48:25 occupyeverything pppd[4660]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS-v2> <magic 0xe417d252> <pcomp> <accomp>]
Dec 7 12:48:28 occupyeverything pppd[4660]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS-v2> <magic 0xe417d252> <pcomp> <accomp>]
Dec 7 12:48:31 occupyeverything pppd[4660]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS-v2> <magic 0xe417d252> <pcomp> <accomp>]
Dec 7 12:48:34 occupyeverything pppd[4660]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS-v2> <magic 0xe417d252> <pcomp> <accomp>]
Dec 7 12:48:37 occupyeverything pppd[4660]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS-v2> <magic 0xe417d252> <pcomp> <accomp>]
Dec 7 12:48:40 occupyeverything pppd[4660]: LCP: timeout sending
Config-Requests
Dec 7 12:48:40 occupyeverything pppd[4660]: Connection terminated.
Dec 7 12:48:40 occupyeverything pppd[4660]: Modem hangup
Dec 7 12:48:40 occupyeverything pppd[4660]: Exit.
Dec 7 12:48:40 occupyeverything pptpd[4658]: GRE:
read(fd=6,buffer=610d20,len=8196) from PTY failed: status = -1 error =
Input/output error, usually caused by unexpected termination of pppd,
check option syntax and pppd logs
Dec 7 12:48:40 occupyeverything pptpd[4658]: CTRL: PTY read or GRE
write failed (pty,gre)=(6,7)
Dec 7 12:48:40 occupyeverything pptpd[4658]: CTRL: Reaping child
PPP[4660]
Dec 7 12:48:40 occupyeverything pptpd[4658]: CTRL: Client 69.10.70.163
control connection finished


Now, here's the iphone's side of the story:

Wed Dec 7 12:48:01 2011 : PPTP connecting to server '166.84.136.86'
(166.84.136.86)...
Wed Dec 7 12:48:01 2011 : PPTP connection established.
Wed Dec 7 12:48:02 2011 : Using interface ppp0
Wed Dec 7 12:48:02 2011 : Connect: ppp0 <--> socket[34:17]
Wed Dec 7 12:48:32 2011 : PPTP error when reading socket : EOF
Wed Dec 7 12:48:32 2011 : PPTP error when reading header : read -1,
expected 12 bytes
Wed Dec 7 12:48:32 2011 : PPTP hangup
Wed Dec 7 12:48:32 2011 : Connection terminated.
Wed Dec 7 12:48:32 2011 : PPTP disconnecting...
Wed Dec 7 12:48:32 2011 : PPTP disconnected


Any clues?

Thanks in advance, all,

Joshua

On Wednesday, December 7th, 2011, at 12:51:32h -0500, Joshua Whalen confessed:

> I'm hardly a virgin when it comes to networking

So you should know that the best type of VPN to set up is one
using IPsec tunnels, and for that my recommendation is using
strongSwan.

<http://www.strongswan.ORG/>


See this mini guide for the iPhone client configuration at

<http://serverfault.com/questions/212382/how-to-set-up-strongswan-or-openswan-for-pure-ipsec-with-iphone-client>

For something with more overhead on clients and server because it
is userspace rather than kernel, but simpler to setup in a hurry
and get working is openVPN.

<http://www.openvpn.net/index.php/open-source/documentation/howto.html>

Use caution at the openvpn.net site to stay under the Community section
for the GNU GPL v2 product rather than the commercial server section
which forms the bulk of the site.

> Dec 7 12:48:10 occupyeverything pptpd[4658]: GRE: Bad checksum from
> pppd.

This is where things starting going wrong.

A web search reveals that this will happen if GRE packets are being
blocked and there is discussion of this and a possible solution,
last post, bottom of page, at

<http://forums.whirlpool.net.AU/archive/1051673>