VPN Problemen

quote: http://pptpclient.sourcef...agnosis.phtml#lcp_timeout

LCP: timeout sending Config-Requests

This is a general error condition that is common to a number of causes. It means that pppd did not receive any LCP configuration requests from the peer, or was unable to agree on LCP parameters. Enable debug logging, try the connection again, and look at messages just prior to this message.
There are many causes for the timeout error:

-> MSCHAP negotiation failed,
-> no GRE packets were received by the client,
-> no GRE packets were transmitted by the server,
-> invalid GRE packets were transmitted by the server,
-> no GRE packets were transmitted by the client.
-> invalid GRE packets were transmitted by the client,

Use tcpdump to check the flow of GRE packets.


-> No GRE received by PPTP Client

If you see a series of sent [LCP ConfReq ...] messages with no rcvd messages, then you may not have GRE connectivity to the PPTP Server. Prove this using the GRE step in the Fault Tree.


-> No GRE transmitted by PPTP Server

Symptom: GRE packets are emitted by the client, but none are returned by the server, but a tunnel from another machine on the same LAN works fine. The client is behind a NAT gateway with respect to the server.
Diagnosis: PPTP servers will not allow a connection to start from the same IP address that they perceive an active connection on already.

Solution: use alternate PPTP server IP addresses.


-> Invalid GRE packets transmitted by server

Symptom: GRE packets are emitted by the client, GRE packets are returned by the server, but the client makes no sense of them, reporting in the debug log the following asynchronous PPP packet:
rcvd [proto=0x7eff] 7d 23 c0 21 7d 21 7d 21 7d 20 7d 39 7d 22 ...]
Diagnosis: you may be running pppd with the sync option, with a version of the GRE-to-PPP gateway that will recognise sync mode, but the server is returning asynchronous responses.

Solution: turn off sync and try again.


-> No GRE packets transmitted by client

There are two known causes.
Symptom: tcpdump shows no GRE packets are being transmitted by the client. strace shows no write() on the GRE socket by the GRE-to-PPP gateway process.

Diagnosis: you may be running pppd with the sync option, which prevents older version of the GRE-to-PPP gateway from forwarding the packets.

Solution: turn off sync and try again.

Symptom: tcpdump shows no GRE packets are being transmitted by the client. However, strace shows a successful write() on the GRE socket by the GRE-to-PPP gateway process.

Diagnosis: your system may have iptables or ipchains rules that prevent GRE transmission. The GRE-to-PPP gateway sends the packets, but they are dropped by the packet filter before being transferred to the interface.

Solution: check the firewall rules, remove or add replacements, and try again. The following iptables rules may be added to allow GRE through eth0. Change eth0 to the name of the interface through which the PPTP Server is contacted.

iptables --insert OUTPUT 1 \
--source 0.0.0.0/0.0.0.0 \
--destination 0.0.0.0/0.0.0.0 \
--jump ACCEPT --protocol gre \
--out-interface eth0

iptables --insert INPUT 1 \
--source 0.0.0.0/0.0.0.0 \
--destination 0.0.0.0/0.0.0.0 \
--jump ACCEPT --protocol gre \
--in-interface eth0

These rules can be refined further to constrain the GRE traffic.


-> Invalid GRE packets transmitted by client

Symptom: 10 or more GRE packets are emitted by the client in less than a second, and the number of GRE packets is far greater than the number of LCP requests logged.
Diagnosis: you may be running pppd with the pty option and the debug option but not the logfd 2 option. This can cause pppd to send the debug messages out the psuedo-tty file descriptor to the GRE-to-PPP gateway process, and then to the PPTP Server. The server refuses to respond once it sees random traffic like this.

Solution: Add the logfd 2 option.