Toon posts:

pptp achter linux router connect niet met (error 619)

Pagina: 1
Acties:
  • 1.131 views sinds 30-01-2008
  • Reageer

woensdag 22 juni 2005 20:14

Acties:
  • DDX
  • Registratie: April 2001
  • Laatst online: 23:42

DDX

Topicstarter
client: windows xp (sp2)
vpn server :cisco vpn concentrator 3020

de vpn client (pptp client van windows) blijft hangen op
'Verifying username and password...'
en geeft na aantal minuten :
'Error 619: A connection to the remote computer could not be established (..)'

het vreemde is alleen dat het tot gisteren prima werkte toen er aan de serverkant nog een pix 515 stond, met zelfde ip (username/wachtwoord is zelfde overgenomen zodat clients niets hoeven aan te passen)

als ik de client (laptop) via gprs laat inbellen werkt de pptp client wel ok
maar via de linux router blijft hij steeds hangen

heeft iemand enig idee waar ik dit moet zoeken/hoe ik dit kan oplossen ?

linux kernel heb ik net ook al geuprade naar 2.6.12 (draaide 2.6.9-ac11)
maar ook dit had geen effect

[ Voor 8% gewijzigd door DDX op 22-06-2005 20:21 ]

https://www.strava.com/athletes/2323035

donderdag 23 juni 2005 08:40

Acties:

Verwijderd

Dat wordt snifferen en loggings spitten.

Wordt 1723 tcp doorgelaten tot de concentrator ?
Wordt GRE doorgelaten tot de concentrator ?

p.s. twas voorheen dan al een vreemde constructie een pix achter een linux doos, als je het mij vraagt had dat andersom gemoeten.

donderdag 23 juni 2005 09:35

Acties:
  • DDX
  • Registratie: April 2001
  • Laatst online: 23:42

DDX

Topicstarter
Verwijderd schreef op donderdag 23 juni 2005 @ 08:40:
Dat wordt snifferen en loggings spitten.

Wordt 1723 tcp doorgelaten tot de concentrator ?
Wordt GRE doorgelaten tot de concentrator ?
ja de concentrator staat helemaal open op het internet
p.s. twas voorheen dan al een vreemde constructie een pix achter een linux doos, als je het mij vraagt had dat andersom gemoeten.
de pix (en nu de concentrator) staat dus op m'n werk
en niet achter mijn linux router (die thuis staat)

ik heb met tcpdump wat logs gemaakt, die gilt over protocol 47 unreachable [tos 0xc0]
lijkt er net op alsof iptables dit niet doorstuur aan mijn desktop pc ?

volledige log :

code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

00:20:05.254999 192.168.0.188.2650 > 212.72.36.3.1723: S 1312862361:1312862361(0) win 16384 <mss 1260,nop,nop,sackOK> (DF)
00:20:05.255026 80.126.253.168.2650 > 212.72.36.3.1723: S 1312862361:1312862361(0) win 16384 <mss 1260,nop,nop,sackOK> (DF)
00:20:05.262553 212.72.36.3.1723 > 80.126.253.168.2650: S 2427831829:2427831829(0) ack 1312862362 win 8192 <mss 1460>
00:20:05.262569 212.72.36.3.1723 > 192.168.0.188.2650: S 2427831829:2427831829(0) ack 1312862362 win 8192 <mss 1460>
00:20:05.263866 192.168.0.188.2650 > 212.72.36.3.1723: P 1:157(156) ack 1 win 17640: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(A) BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(2600) [|pptp] (DF)
00:20:05.263875 80.126.253.168.2650 > 212.72.36.3.1723: P 1:157(156) ack 1 win 17640: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(A) BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(2600) [|pptp] (DF)
00:20:05.272628 212.72.36.3.1723 > 80.126.253.168.2650: . ack 157 win 65535
00:20:05.272640 212.72.36.3.1723 > 192.168.0.188.2650: . ack 157 win 65535
00:20:05.273449 212.72.36.3.1723 > 80.126.253.168.2650: P 1:157(156) ack 157 win 65535: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(1031) [|pptp]
00:20:05.273463 212.72.36.3.1723 > 192.168.0.188.2650: P 1:157(156) ack 157 win 65535: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(1031) [|pptp]
00:20:05.275235 192.168.0.188.2650 > 212.72.36.3.1723: P 157:325(168) ack 157 win 17484: pptp CTRL_MSGTYPE=OCRQ CALL_ID(49152) CALL_SER_NUM(30575) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) PHONE_NO_LEN(0) [|pptp] (DF)
00:20:05.275245 80.126.253.168.2650 > 212.72.36.3.1723: P 157:325(168) ack 157 win 17484: pptp CTRL_MSGTYPE=OCRQ CALL_ID(49152) CALL_SER_NUM(30575) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) PHONE_NO_LEN(0) [|pptp] (DF)
00:20:05.284471 212.72.36.3.1723 > 80.126.253.168.2650: P 157:189(32) ack 325 win 65367: pptp CTRL_MSGTYPE=OCRP CALL_ID(10530) PEER_CALL_ID(49152) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(10000000) RECV_WIN(16) PROC_DELAY(1) PHY_CHAN_ID(0)
00:20:05.284484 212.72.36.3.1723 > 192.168.0.188.2650: P 157:189(32) ack 325 win 65367: pptp CTRL_MSGTYPE=OCRP CALL_ID(10530) PEER_CALL_ID(49152) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(10000000) RECV_WIN(16) PROC_DELAY(1) PHY_CHAN_ID(0)
00:20:05.284671 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:1 ppp: Conf-Req(0), Auth-Prot CHAP/MSCHAPv1
00:20:05.284704 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:05.291101 192.168.0.188.2650 > 212.72.36.3.1723: P 325:349(24) ack 189 win 17452: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(10530) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff) (DF)
00:20:05.291111 80.126.253.168.2650 > 212.72.36.3.1723: P 325:349(24) ack 189 win 17452: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(10530) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff) (DF)
00:20:05.301096 192.168.0.188 > 212.72.36.3: gre [KSv1] ID:2922 S:0 ppp: Conf-Req(0), MRU=1400, Magic-Num=53a76f88, PFC, ACFC, Call-Back CBCP
00:20:05.428848 212.72.36.3.1723 > 80.126.253.168.2650: . ack 349 win 65343
00:20:05.428861 212.72.36.3.1723 > 192.168.0.188.2650: . ack 349 win 65343
00:20:07.295380 192.168.0.188 > 212.72.36.3: gre [KSv1] ID:2922 S:1 ppp: Conf-Req(1), MRU=1400, Magic-Num=53a76f88, PFC, ACFC, Call-Back CBCP
00:20:08.278598 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:2 ppp: Conf-Req(1), Auth-Prot CHAP/MSCHAPv1
00:20:08.278649 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:10.295241 192.168.0.188 > 212.72.36.3: gre [KSv1] ID:2922 S:2 ppp: Conf-Req(2), MRU=1400, Magic-Num=53a76f88, PFC, ACFC, Call-Back CBCP
00:20:11.278138 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:3 ppp: Conf-Req(2), Auth-Prot CHAP/MSCHAPv1
00:20:11.278165 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:14.277902 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:4 ppp: Conf-Req(3), Auth-Prot CHAP/MSCHAPv1
00:20:14.277944 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:14.295055 192.168.0.188 > 212.72.36.3: gre [KSv1] ID:2922 S:3 ppp: Conf-Req(3), MRU=1400, Magic-Num=53a76f88, PFC, ACFC, Call-Back CBCP
00:20:17.277667 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:5 ppp: Conf-Req(4), Auth-Prot CHAP/MSCHAPv1
00:20:17.277713 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:18.295244 192.168.0.188 > 212.72.36.3: gre [KSv1] ID:2922 S:4 ppp: Conf-Req(4), MRU=1400, Magic-Num=53a76f88, PFC, ACFC, Call-Back CBCP
00:20:20.277209 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:6 ppp: Conf-Req(5), Auth-Prot CHAP/MSCHAPv1
00:20:20.277254 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:22.295432 192.168.0.188 > 212.72.36.3: gre [KSv1] ID:2922 S:5 ppp: Conf-Req(5), MRU=1400, Magic-Num=53a76f88, PFC, ACFC, Call-Back CBCP
00:20:23.276973 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:7 ppp: Conf-Req(6), Auth-Prot CHAP/MSCHAPv1
00:20:23.277022 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:26.276720 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:8 ppp: Conf-Req(7), Auth-Prot CHAP/MSCHAPv1
00:20:26.276752 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:26.297115 192.168.0.188 > 212.72.36.3: gre [KSv1] ID:2922 S:6 ppp: Conf-Req(6), MRU=1400, Magic-Num=53a76f88, PFC, ACFC, Call-Back CBCP
00:20:29.276263 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:9 ppp: Conf-Req(8), Auth-Prot CHAP/MSCHAPv1
00:20:29.276320 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:30.296053 192.168.0.188 > 212.72.36.3: gre [KSv1] ID:2922 S:7 ppp: Conf-Req(7), MRU=1400, Magic-Num=53a76f88, PFC, ACFC, Call-Back CBCP
00:20:32.276032 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:10 ppp: Conf-Req(9), Auth-Prot CHAP/MSCHAPv1
00:20:32.276055 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:34.296240 192.168.0.188 > 212.72.36.3: gre [KSv1] ID:2922 S:8 ppp: Conf-Req(8), MRU=1400, Magic-Num=53a76f88, PFC, ACFC, Call-Back CBCP
00:20:35.275568 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:11 ppp: Term-Req(10)
00:20:35.275588 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:37.275487 212.72.36.3 > 80.126.253.168: gre [KSv1] ID:c000 S:12 ppp: Term-Req(11)
00:20:37.275509 80.126.253.168 > 212.72.36.3: icmp: 80.126.253.168 protocol 47 unreachable [tos 0xc0] 
00:20:38.295927 192.168.0.188 > 212.72.36.3: gre [KSv1] ID:2922 S:9 ppp: Conf-Req(9), MRU=1400, Magic-Num=53a76f88, PFC, ACFC, Call-Back CBCP
00:20:41.275123 212.72.36.3.1723 > 80.126.253.168.2650: P 189:205(16) ack 349 win 65343: pptp CTRL_MSGTYPE=CCRQ CALL_ID(10530)
00:20:41.275156 212.72.36.3.1723 > 192.168.0.188.2650: P 189:205(16) ack 349 win 65343: pptp CTRL_MSGTYPE=CCRQ CALL_ID(10530)
00:20:41.276545 192.168.0.188.2650 > 212.72.36.3.1723: P 349:497(148) ack 205 win 17436: pptp CTRL_MSGTYPE=CDN CALL_ID(49152) RESULT_CODE(0) ERR_CODE(0) CAUSE_CODE(0) [|pptp] (DF)
00:20:41.276559 80.126.253.168.2650 > 212.72.36.3.1723: P 349:497(148) ack 205 win 17436: pptp CTRL_MSGTYPE=CDN CALL_ID(49152) RESULT_CODE(0) ERR_CODE(0) CAUSE_CODE(0) [|pptp] (DF)
00:20:41.424889 212.72.36.3.1723 > 80.126.253.168.2650: . ack 497 win 65195
00:20:41.424903 212.72.36.3.1723 > 192.168.0.188.2650: . ack 497 win 65195
00:20:41.425465 192.168.0.188.2650 > 212.72.36.3.1723: P 497:513(16) ack 205 win 17436: pptp CTRL_MSGTYPE=StopCCRQ REASON(1) (DF)
00:20:41.425475 80.126.253.168.2650 > 212.72.36.3.1723: P 497:513(16) ack 205 win 17436: pptp CTRL_MSGTYPE=StopCCRQ REASON(1) (DF)
00:20:41.432765 212.72.36.3.1723 > 80.126.253.168.2650: P 205:221(16) ack 513 win 65179: pptp CTRL_MSGTYPE=StopCCRP RESULT_CODE(1) ERR_CODE(0)
00:20:41.432776 212.72.36.3.1723 > 192.168.0.188.2650: P 205:221(16) ack 513 win 65179: pptp CTRL_MSGTYPE=StopCCRP RESULT_CODE(1) ERR_CODE(0)
00:20:41.432981 212.72.36.3.1723 > 80.126.253.168.2650: F 221:221(0) ack 513 win 65179
00:20:41.432993 212.72.36.3.1723 > 192.168.0.188.2650: F 221:221(0) ack 513 win 65179
00:20:41.436083 192.168.0.188.2650 > 212.72.36.3.1723: F 513:513(0) ack 221 win 17420 (DF)
00:20:41.436093 80.126.253.168.2650 > 212.72.36.3.1723: F 513:513(0) ack 221 win 17420 (DF)
00:20:41.438707 192.168.0.188.2650 > 212.72.36.3.1723: . ack 222 win 17420 (DF)
00:20:41.438717 80.126.253.168.2650 > 212.72.36.3.1723: . ack 222 win 17420 (DF)
00:20:41.443084 212.72.36.3.1723 > 80.126.253.168.2650: . ack 514 win 65178
00:20:41.443095 212.72.36.3.1723 > 192.168.0.188.2650: . ack 514 win 65178


en op de concentrator :
code:
1
2
3
4
5
6
7
8
9
10
11
12

1 06/23/2005 00:44:01.850 SEV=4 PPTP/47 RPT=35 80.126.253.168 
Tunnel to peer 80.126.253.168 established

2 06/23/2005 00:44:01.860 SEV=4 PPTP/42 RPT=35 80.126.253.168 
Session started on tunnel 80.126.253.168

3 06/23/2005 00:44:37.860 SEV=4 PPTP/35 RPT=35 80.126.253.168 
Session closed on tunnel 80.126.253.168 (peer 0, local 56965, serial 30576), rea
son: Error (No additional info)

5 06/23/2005 00:44:37.990 SEV=4 PPTP/34 RPT=35 80.126.253.168 
Tunnel to peer 80.126.253.168 closed, reason: None (No additional info)


ik heb trouwens ook al geprobeerd protocol 47 door te sturen naar de bewuste pc :

iptables -t nat -A PREROUTING -j DNAT -i eth0 -p 47 --to-destination 192.168.0.188

maar ik blijf de 'protocol 47 unreachable' houden

https://www.strava.com/athletes/2323035

zaterdag 25 juni 2005 22:45

Acties:
  • DDX
  • Registratie: April 2001
  • Laatst online: 23:42

DDX

Topicstarter
collega heeft het vandeweek ook nog even geprobeerd met zijn linux gateway
alleen dan met kernel 2.4 ipv 2.6

en bij hem werkt het gewoon ok...

misschien dus een bugje in 2.6 kernel met herkenning van pptp nat oid ?

iig heb ik vandaag maar l2tp geconfigged op mijn client ipv pptp
en nu kan ik gewoon weer vpn'en !

https://www.strava.com/athletes/2323035

Reageer