News: This forum is now permanently frozen.
Pages: [1]
Topic: PPTP from Hotels/Coffee Shops  (Read 4999 times)
« on: June 11, 2008, 16:33:24 »
milkster *
Posts: 4

I have an employee that travels a lot and needs access to our VPN.  He is having issues connecting to the VPN from some locations.  When he returns home he can connect fine without making any changes.  I'm having a hard time figuring out why he can't connect. I'm hoping someone here can lend  a hand.

We are running Monowall 1.21
PPTP setup to use RADIUS Server on a SBS 2003 machine for authentication
PPTP server ip: 192.168.177.174
Remote address range: 192.168.177.112/28
Radius Server: 192.168.177.10

Firewall rules have TCP/UDP 1723 forwarded to Lan net
GRE is also forwarded to Lan net
Firewall Rules for PPTP VPN are set to allow everything - no restrictions.

The enduser is in a coffee shop and gets and internal ip of:
IP: 192.168.101.236
Subnet: 255.255.255.0
Gateway: 192.168.101.1

When he tries to connect with the builtin WinXP PPTP client he gets error: 619.

Here is the Monowall Log of when he tries to connect:
Code:
Jun 11 10:07:23 mpd: pptp1: killing connection with 74.13.246.50:1714
Jun 11 10:07:23 mpd: [pt1] LCP: Down event
Jun 11 10:07:23 mpd: [pt1] link: DOWN event
Jun 11 10:07:23 mpd: [pt1] LCP: phase shift ESTABLISH --> DEAD
Jun 11 10:07:23 mpd: [pt1] LCP: state change Closed --> Initial
Jun 11 10:07:23 mpd: [pt1] LCP: Down event
Jun 11 10:07:23 mpd: [pt1] link: DOWN event
Jun 11 10:07:23 mpd: [pt1] device is now in state DOWN
Jun 11 10:07:23 mpd: [pt1] device: DOWN event in state DOWN
Jun 11 10:07:23 mpd: [pt1] LCP: state change Stopped --> Closed
Jun 11 10:07:23 mpd: [pt1] LCP: Close event
Jun 11 10:07:23 mpd: [pt1] link: CLOSE event
Jun 11 10:07:23 mpd: [pt1] device is now in state DOWN
Jun 11 10:07:23 mpd: [pt1] device: DOWN event in state CLOSING
Jun 11 10:07:23 mpd: [pt1] closing link "pt1"...
Jun 11 10:07:23 mpd: [pt1] bundle: CLOSE event in state OPENED
Jun 11 10:07:23 mpd: [pt1] device is now in state CLOSING
Jun 11 10:07:23 mpd: [pt1] IFACE: Close event
Jun 11 10:07:23 mpd: pptp1: closing connection with 74.13.246.50:1714
Jun 11 10:07:23 mpd: [pt1] IFACE: Close event
Jun 11 10:07:23 mpd: [pt1] IPCP: LayerFinish
Jun 11 10:07:23 mpd: [pt1] IPCP: state change Starting --> Initial
Jun 11 10:07:23 mpd: [pt1] IPCP: Close event
Jun 11 10:07:23 mpd: [pt1] IFACE: Close event
Jun 11 10:07:23 mpd: [pt1] PPTP call terminated
Jun 11 10:07:23 mpd: pptp1-0: killing channel
Jun 11 10:07:23 mpd: pptp1-0: clearing call
Jun 11 10:07:23 mpd: [pt1] device: CLOSE event in state UP
Jun 11 10:07:23 mpd: [pt1] LCP: LayerFinish
Jun 11 10:07:23 mpd: [pt1] LCP: state change Req-Sent --> Stopped
Jun 11 10:07:23 mpd: [pt1] LCP: parameter negotiation failed
Jun 11 10:07:23 mpd: [pt1] LCP: not converging
Jun 11 10:07:23 mpd: Not supported
Jun 11 10:07:23 mpd: CALLBACK
Jun 11 10:07:23 mpd: ACFCOMP
Jun 11 10:07:23 mpd: PROTOCOMP
Jun 11 10:07:23 mpd: MAGICNUM 24537bcd
Jun 11 10:07:23 mpd: MRU 1400
Jun 11 10:07:23 mpd: [pt1] LCP: rec'd Configure Request #5 link 0 (Req-Sent)
Jun 11 10:07:22 mpd: ENDPOINTDISC [802.1] 00 e0 29 5e 8c 07
Jun 11 10:07:22 mpd: MP SHORTSEQ
Jun 11 10:07:22 mpd: MP MRRU 1600
Jun 11 10:07:22 mpd: AUTHPROTO CHAP MSOFTv2
Jun 11 10:07:22 mpd: MAGICNUM 0aea98c8
Jun 11 10:07:22 mpd: MRU 1500
Jun 11 10:07:22 mpd: PROTOCOMP
Jun 11 10:07:22 mpd: ACFCOMP
Jun 11 10:07:22 mpd: [pt1] LCP: SendConfigReq #233
Jun 11 10:07:20 mpd: ENDPOINTDISC [802.1] 00 e0 29 5e 8c 07
Jun 11 10:07:20 mpd: MP SHORTSEQ
Jun 11 10:07:20 mpd: MP MRRU 1600
Jun 11 10:07:20 mpd: AUTHPROTO CHAP MSOFTv2
Jun 11 10:07:20 mpd: MAGICNUM 0aea98c8
Jun 11 10:07:20 mpd: MRU 1500
Jun 11 10:07:20 mpd: PROTOCOMP
Jun 11 10:07:20 mpd: ACFCOMP
Jun 11 10:07:20 mpd: [pt1] LCP: SendConfigReq #232
Jun 11 10:07:19 mpd: CALLBACK
Jun 11 10:07:19 mpd: [pt1] LCP: SendConfigRej #4
Jun 11 10:07:19 mpd: Not supported
Jun 11 10:07:19 mpd: CALLBACK
Jun 11 10:07:19 mpd: ACFCOMP
Jun 11 10:07:19 mpd: PROTOCOMP
Jun 11 10:07:19 mpd: MAGICNUM 24537bcd
Jun 11 10:07:19 mpd: MRU 1400
Jun 11 10:07:19 mpd: [pt1] LCP: rec'd Configure Request #4 link 0 (Req-Sent)
Jun 11 10:07:18 mpd: ENDPOINTDISC [802.1] 00 e0 29 5e 8c 07
Jun 11 10:07:18 mpd: MP SHORTSEQ
Jun 11 10:07:18 mpd: MP MRRU 1600
Jun 11 10:07:18 mpd: AUTHPROTO CHAP MSOFTv2
Jun 11 10:07:18 mpd: MAGICNUM 0aea98c8
Jun 11 10:07:18 mpd: MRU 1500
Jun 11 10:07:18 mpd: PROTOCOMP
Jun 11 10:07:18 mpd: ACFCOMP
Jun 11 10:07:18 mpd: [pt1] LCP: SendConfigReq #231
Jun 11 10:07:16 mpd: ENDPOINTDISC [802.1] 00 e0 29 5e 8c 07
Jun 11 10:07:16 mpd: MP SHORTSEQ
Jun 11 10:07:16 mpd: MP MRRU 1600
Jun 11 10:07:16 mpd: AUTHPROTO CHAP MSOFTv2
Jun 11 10:07:16 mpd: MAGICNUM 0aea98c8
Jun 11 10:07:16 mpd: MRU 1500
Jun 11 10:07:16 mpd: PROTOCOMP
Jun 11 10:07:16 mpd: ACFCOMP
Jun 11 10:07:16 mpd: [pt1] LCP: SendConfigReq #230
Jun 11 10:07:15 mpd: CALLBACK
Jun 11 10:07:15 mpd: [pt1] LCP: SendConfigRej #3
Jun 11 10:07:15 mpd: Not supported
Jun 11 10:07:15 mpd: CALLBACK
Jun 11 10:07:15 mpd: ACFCOMP
Jun 11 10:07:15 mpd: PROTOCOMP
Jun 11 10:07:15 mpd: MAGICNUM 24537bcd
Jun 11 10:07:15 mpd: MRU 1400
Jun 11 10:07:15 mpd: [pt1] LCP: rec'd Configure Request #3 link 0 (Req-Sent)
Jun 11 10:07:14 mpd: ENDPOINTDISC [802.1] 00 e0 29 5e 8c 07
Jun 11 10:07:14 mpd: MP SHORTSEQ
Jun 11 10:07:14 mpd: MP MRRU 1600
Jun 11 10:07:14 mpd: AUTHPROTO CHAP MSOFTv2
Jun 11 10:07:14 mpd: MAGICNUM 0aea98c8
Jun 11 10:07:14 mpd: MRU 1500
Jun 11 10:07:14 mpd: PROTOCOMP
Jun 11 10:07:14 mpd: ACFCOMP
Jun 11 10:07:14 mpd: [pt1] LCP: SendConfigReq #229
Jun 11 10:07:12 mpd: ENDPOINTDISC [802.1] 00 e0 29 5e 8c 07
Jun 11 10:07:12 mpd: MP SHORTSEQ
Jun 11 10:07:12 mpd: MP MRRU 1600
Jun 11 10:07:12 mpd: AUTHPROTO CHAP MSOFTv2
Jun 11 10:07:12 mpd: MAGICNUM 0aea98c8
Jun 11 10:07:12 mpd: MRU 1500
Jun 11 10:07:12 mpd: PROTOCOMP
Jun 11 10:07:12 mpd: ACFCOMP
Jun 11 10:07:12 mpd: [pt1] LCP: SendConfigReq #228
Jun 11 10:07:11 mpd: CALLBACK
Jun 11 10:07:11 mpd: [pt1] LCP: SendConfigRej #2
Jun 11 10:07:11 mpd: Not supported
Jun 11 10:07:11 mpd: CALLBACK
Jun 11 10:07:11 mpd: ACFCOMP
Jun 11 10:07:11 mpd: PROTOCOMP
Jun 11 10:07:11 mpd: MAGICNUM 24537bcd
Jun 11 10:07:11 mpd: MRU 1400
Jun 11 10:07:11 mpd: [pt1] LCP: rec'd Configure Request #2 link 0 (Req-Sent)
Jun 11 10:07:10 mpd: ENDPOINTDISC [802.1] 00 e0 29 5e 8c 07
Jun 11 10:07:10 mpd: MP SHORTSEQ
Jun 11 10:07:10 mpd: MP MRRU 1600
Jun 11 10:07:10 mpd: AUTHPROTO CHAP MSOFTv2
Jun 11 10:07:10 mpd: MAGICNUM 0aea98c8
Jun 11 10:07:10 mpd: MRU 1500
Jun 11 10:07:10 mpd: PROTOCOMP
Jun 11 10:07:10 mpd: ACFCOMP
Jun 11 10:07:10 mpd: [pt1] LCP: SendConfigReq #227
Jun 11 10:07:08 mpd: CALLBACK
Jun 11 10:07:08 mpd: [pt1] LCP: SendConfigRej #1
Jun 11 10:07:08 mpd: Not supported
Jun 11 10:07:08 mpd: CALLBACK
Jun 11 10:07:08 mpd: ACFCOMP
Jun 11 10:07:08 mpd: PROTOCOMP
Jun 11 10:07:08 mpd: MAGICNUM 24537bcd
Jun 11 10:07:08 mpd: MRU 1400
Jun 11 10:07:08 mpd: [pt1] LCP: rec'd Configure Request #1 link 0 (Req-Sent)
Jun 11 10:07:08 mpd: ENDPOINTDISC [802.1] 00 e0 29 5e 8c 07
Jun 11 10:07:08 mpd: MP SHORTSEQ
Jun 11 10:07:08 mpd: MP MRRU 1600
Jun 11 10:07:08 mpd: AUTHPROTO CHAP MSOFTv2
Jun 11 10:07:08 mpd: MAGICNUM 0aea98c8
Jun 11 10:07:08 mpd: MRU 1500
Jun 11 10:07:08 mpd: PROTOCOMP
Jun 11 10:07:08 mpd: ACFCOMP
Jun 11 10:07:08 mpd: [pt1] LCP: SendConfigReq #226
Jun 11 10:07:06 mpd: CALLBACK
Jun 11 10:07:06 mpd: [pt1] LCP: SendConfigRej #0
Jun 11 10:07:06 mpd: Not supported
Jun 11 10:07:06 mpd: CALLBACK
Jun 11 10:07:06 mpd: ACFCOMP
Jun 11 10:07:06 mpd: PROTOCOMP
Jun 11 10:07:06 mpd: MAGICNUM 24537bcd
Jun 11 10:07:06 mpd: MRU 1400
Jun 11 10:07:06 mpd: [pt1] LCP: rec'd Configure Request #0 link 0 (Req-Sent)
Jun 11 10:07:06 mpd: pptp1-0: ignoring SetLinkInfo
Jun 11 10:07:06 mpd: ENDPOINTDISC [802.1] 00 e0 29 5e 8c 07
Jun 11 10:07:06 mpd: MP SHORTSEQ
Jun 11 10:07:06 mpd: MP MRRU 1600
Jun 11 10:07:06 mpd: AUTHPROTO CHAP MSOFTv2
Jun 11 10:07:06 mpd: MAGICNUM 0aea98c8
Jun 11 10:07:06 mpd: MRU 1500
Jun 11 10:07:06 mpd: PROTOCOMP
Jun 11 10:07:06 mpd: ACFCOMP
Jun 11 10:07:06 mpd: [pt1] LCP: SendConfigReq #225
Jun 11 10:07:06 mpd: [pt1] LCP: phase shift DEAD --> ESTABLISH
Jun 11 10:07:06 mpd: [pt1] LCP: state change Starting --> Req-Sent
Jun 11 10:07:06 mpd: [pt1] LCP: Up event
Jun 11 10:07:06 mpd: [pt1] link: origination is remote
Jun 11 10:07:06 mpd: [pt1] link: UP event
Jun 11 10:07:06 mpd: [pt1] device is now in state UP
Jun 11 10:07:06 mpd: [pt1] device: UP event in state OPENING
Jun 11 10:07:06 mpd: [pt1] device is now in state OPENING
Jun 11 10:07:06 mpd: [pt1] attaching to peer's outgoing call
Jun 11 10:07:06 mpd: [pt1] device: OPEN event in state DOWN
Jun 11 10:07:06 mpd: [pt1] LCP: LayerStart
Jun 11 10:07:06 mpd: [pt1] LCP: state change Initial --> Starting
Jun 11 10:07:06 mpd: [pt1] LCP: Open event
Jun 11 10:07:06 mpd: [pt1] link: OPEN event
Jun 11 10:07:06 mpd: [pt1] opening link "pt1"...
Jun 11 10:07:06 mpd: [pt1] bundle: OPEN event in state CLOSED
Jun 11 10:07:06 mpd: [pt1] IPCP: Open event
Jun 11 10:07:06 mpd: [pt1] IPCP: LayerStart
Jun 11 10:07:06 mpd: [pt1] IPCP: state change Initial --> Starting
Jun 11 10:07:06 mpd: [pt1] IPCP: Open event
Jun 11 10:07:06 mpd: [pt1] IFACE: Open event
Jun 11 10:07:06 mpd: pptp1: attached to connection with 74.13.246.50:1714
Jun 11 10:07:06 mpd: mpd: PPTP connection from 74.13.246.50:1714


Does anyone have any idea what the problem might be?  In the log file it has several lines that say  mpd: Not Supported. Its right after mpd:CALLBACK, mpd: ACFCOMP, mpd:PROTOCOMP

« Reply #1 on: June 12, 2008, 12:15:00 »
markb ****
Posts: 331

Probably the coffee shop not letting GRE through.
« Reply #2 on: June 12, 2008, 14:38:52 »
knightmb ****
Posts: 341

As was said, some places might have old routers/firewalls that don't support GRE+NAT properly. Not much you can do in that situation.

Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
« Reply #3 on: June 12, 2008, 14:47:31 »
milkster *
Posts: 4

Thanks for the response.  When I get a chance to talk to the tech support people for the Hotels i'll mention the GRE thing.
« Reply #4 on: June 15, 2008, 08:44:14 »
cmb *****
Posts: 851

619 is the error you get when the GRE protocol is blocked or not NATed properly. PPTP can be problematic because the default configuration of many firewalls and NAT devices will do this.
« Reply #5 on: June 17, 2008, 14:41:37 »
milkster *
Posts: 4

cmb, can you perhaps tell me what needs to be done on m0n0wall side so that I can make sure we are configured correctly and eliminate the issue on our end?  thanks
« Reply #6 on: June 17, 2008, 18:58:28 »
ChainSaw
Guest

if it works from some locations the problem is not on your end.  the fix needs to be applied on those locations you are having trouble with.

CS...
« Reply #7 on: March 04, 2009, 14:58:35 »
Tixe *
Posts: 9

Hi ... i have the some problem .. but the thing is that i has a

Office < -- > m0n0 1.235 < -- > Internet < -- > Place with m0n0 1.235 with PPTP enable

and i have the same error, wath i mus change on my m0n0 office to can fix the problem ?
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines