Results 1 to 10 of 10

Thread: 500g, PPTP issues

  1. #1
    Join Date
    Mar 2005
    Location
    Russia
    Posts
    56

    500g, PPTP issues

    Could somebody help me to understand what this nice grey box with Linux inside whats to tell? Part of Syslog attached.

    Connection details:
    - Internet access through VPN-tunnel (Russia)
    - MAC-address cloned with ASUS box
    - Static IP address 10.13.1.24
    - Gateway and VPN-server address 10.0.0.2
    - DNS 85.93.128.2 and 85.93.129.2

    First come observations:
    - WAN LED blinking quickly like hell
    - Data transmitted from 500g amounts 10 MB per about 1 min (as syslog says)
    - Ping from LAN PC to ISP gateway fails
    - Ping from 500g to ISP gateway using telnet gives 70% loss
    Attached Files Attached Files

  2. #2
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,356
    Please check your PM.

  3. #3
    Join Date
    Mar 2005
    Location
    Russia
    Posts
    56

    Post 500g, steps forward

    As long as PPTP connection between 500g and my ISP is not established yet, I think it would be good idea to inform everybody about further progress.

    At the very begining there was an error which arose just after CHAP authentication
    Code:
    Jan  1 03:02:24 pppd[81]: CHAP authentication succeeded: Welcome!!
    Jan  1 03:02:24 kernel: mppe_decomp_alloc: options rejected: o[0]=12, o[1]=06, o[2]=00, o[3]=00, o[4]=00, o[5]=00
    Jan  1 03:02:24 pppd[81]: Received bad configure-ack:
    Thanks to Oleg these two bad lines left syslog. He suggested adding nomppe nomppc parameters in field Additional pppd options on page IP Config | WAN & LAN.

    After all very designing part of syslog looks like lines in attached file. Most interesting is the amount of data which 500g sends to ISP without any PC connected to it from LAN side.
    Code:
    Jan  1 03:05:52 pppd[81]: Connection terminated.
    Jan  1 03:05:52 pppd[81]: Connect time 1.2 minutes.
    Jan  1 03:05:52 pppd[81]: Sent 10476658 bytes, received 70 bytes.
    On of this forum guru, Kitsok supposed all VPN traffic, control and data, redirected to tunnel. And therefore some additional routes and rules should be added somewhere in 500g.

    Tomorrow I'll get my 500g from ISP test lab, where now IT-guys try to make it works with their VPN-server. I hope they will take a win

    Anyway, all suggestions are welcome.
    Attached Files Attached Files

  4. #4
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,356
    Most likely, nomppe and nomppc options will not be needed. For me the only line, which could cause problem is

    Code:
    Jan  1 03:04:41 pppd[81]: remote IP address 10.0.0.2
    It seems to me, that they need to return external address instead of the internal address of their PPTP server, although I'm not sure.

  5. #5
    Join Date
    Mar 2005
    Location
    Russia
    Posts
    56

    Wink

    Quote Originally Posted by Oleg
    It seems to me, that they need to return external address instead of the internal address of their PPTP server, although I'm not sure.
    Sure, looks like complete mess with external and internal IP
    Code:
    Jan  1 03:04:41 pppd[81]: local  IP address 85.93.136.163
    Jan  1 03:04:41 pppd[81]: remote IP address 10.0.0.2
    Above local is my external to the Internet, and remote is GW/VPN server address.

    By the way, very nice resource PPPD manual, especially section
    ROUTING
    When IPCP negotiation is completed successfully, pppd will inform the kernel of the local and remote IP addresses for the ppp interface. This is sufficient to create a host route to the remote end of the link, which will enable the peers to exchange IP packets. Communication with other machines generally requires further modification to routing tables and/or ARP (Address Resolution Protocol) tables. In most cases the defaultroute and/or proxyarp options are sufficient for this, but in some cases further intervention is required. The /etc/ppp/ip-up script can be used for this.

    Sometimes it is desirable to add a default route through the remote host, as in the case of a machine whose only connection to the Internet is through the ppp interface. The defaultroute option causes pppd to create such a default route when IPCP comes up, and delete it when the link is terminated.

    In some cases it is desirable to use proxy ARP, for example on a server machine connected to a LAN, in order to allow other hosts to communicate with the remote host. The proxyarp option causes pppd to look for a network interface on the same subnet as the remote host (an interface supporting broadcast and ARP, which is up and not a point-to-point or loopback interface). If found, pppd creates a permanent, published ARP entry with the IP address of the remote host and the hardware address of the network interface found.

    When the demand option is used, the interface IP addresses have already been set at the point when IPCP comes up. If pppd has not been able to negotiate the same addresses that it used to configure the interface (for example when the peer is an ISP that uses dynamic IP address assignment), pppd has to change the interface IP addresses to the negotiated addresses. This may disrupt existing connections, and the use of demand dialling with peers that do dynamic IP address assignment is not recommended.
    Last edited by Snufkin; 10-03-2005 at 20:36.

  6. #6
    Join Date
    Mar 2005
    Location
    Russia
    Posts
    56

    500g, daemon of PPPD

    IT-guys from ISP test lab are still fighting with daemon of PPPD inside my router and their VPN server. They told me server log is full with router attempts to establish certain type of encryption. Don't ask me what they meant

    ISP howto web page about setting up VPN tunnel in Microsoft Windows contains important step regarding encryption. By default option Encryption required (otherwise disconnect) in Security tab of VPN connection properties window is enabled. ISP requires this option to be set disabled.

    As far as I can join two above points there is a chance that router's VPN client (i.e. PPPD) by default is set up the same way as MS Windows client. And to become broadband happy I have to override this default setting.

    Could somebody tell me the name of this magic PPPD option? I'll immediately input this word in Additional pppd options field.

  7. #7
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,356
    well, the answer is nomppe, but the problem is with routing as seems.

  8. #8
    Join Date
    Mar 2005
    Location
    Russia
    Posts
    56
    Quote Originally Posted by Oleg
    ...the problem is with routing as seems.
    While I've been waiting for feedback from ISP side (with my router as well), Google brings another good page about routing Routing HOWTO.

  9. #9
    Join Date
    Mar 2005
    Location
    Russia
    Posts
    56

    Thumbs up PPTP success!

    All stories should have their happy end

    At long last I brought my router at home with ISP conclusion - this ASUS box would not be able to interact with their VPN server. And sticking point was disabling PPTP encryption in router VPN client.

    You have already seen in previous posts how Oleg recommended to solve above stickiness. Just adding nomppe nomppc options did really work and switched VPN tunnel encryption off.

    Second Oleg's step was as geniusly simple as the first one. It seemed 500g tried unsuccessfully to encapsulate itself, i.e. put in a single route data and control stream - probably Oleg will give us more scientifically correct explanation In telnet session I enetered
    Code:
    route add -host 10.0.0.2 dev eth1
    and PPTP tunnel immediately poped up.

    Sequential changings in 500g routes are as follows:
    From scratch
    Code:
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    192.168.1.0     0.0.0.0         255.255.255.0   U        40 0          0 br0
    10.0.0.0        0.0.0.0         255.0.0.0       U        40 0          0 eth1
    127.0.0.0       0.0.0.0         255.0.0.0       U        40 0          0 lo
    Command entered
    Code:
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    10.0.0.2        0.0.0.0         255.255.255.255 UH       40 0          0 eth1
    192.168.1.0     0.0.0.0         255.255.255.0   U        40 0          0 br0
    10.0.0.0        0.0.0.0         255.0.0.0       U        40 0          0 eth1
    127.0.0.0       0.0.0.0         255.0.0.0       U        40 0          0 lo
    PPTP connection established
    Code:
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    10.0.0.2        0.0.0.0         255.255.255.255 UH       40 0          0 eth1
    10.0.0.2        0.0.0.0         255.255.255.255 UH       40 0          0 ppp0
    192.168.1.0     0.0.0.0         255.255.255.0   U        40 0          0 br0
    10.0.0.0        0.0.0.0         255.0.0.0       U        40 0          0 eth1
    127.0.0.0       0.0.0.0         255.0.0.0       U        40 0          0 lo
    0.0.0.0         10.0.0.2        0.0.0.0         UG       40 0          0 ppp0
    So, through the next steps I had to make route to 10.0.0.2 permanent. There was simple way (too simple for *nix expert like me ) to do it using post-boot script. Oleg pointed out undocumented feature in 1.9.2.7-4 firmware, and I left Default gateway field empty and typed gateway IP address in Heartbeat server field. Then my heart begun to beat much quicker because I've got connection to ISP without telnet workarounds!

    Great final, many thanks to Oleg!
    Last edited by Snufkin; 17-03-2005 at 22:37.

  10. #10
    Join Date
    Aug 2005
    Location
    Eindhoven, The Netherlands
    Posts
    125
    Would this also work to setup a permanent VPN connection to my work?
    In order to use Outlook at home, the VPN connection is needed. Also, one of our customers only gives access to their LAN to a specific IP address range (my work's and so not my IP at home). I have an "always on" connection with my ISP and what I would like to achieve is to transfer only the necessary traffic through the VPN if it concerns Outlook data or transfers to/from the customer. Can this be done?

    /update

    I entered the same command via telnet, but the pptp does not come up
    Last edited by Jethro; 03-05-2006 at 16:17.

Similar Threads

  1. WL-500GX bootloader issues?
    By rover in forum WL-500g Q&A
    Replies: 3
    Last Post: 18-09-2005, 20:16
  2. Wireless-2200BG-LAN-connectivity issues - 1.9.2.7-4
    By psylockex in forum WL-500g Q&A
    Replies: 4
    Last Post: 16-05-2005, 11:22
  3. 1.8.1.7-3 Progressive Connection Issues ?
    By tomilius in forum WL-500g Q&A
    Replies: 7
    Last Post: 11-03-2005, 15:22
  4. vpn connection from client with pptp (ms vpn)
    By wiz in forum WL-500g Q&A
    Replies: 23
    Last Post: 20-12-2004, 18:13
  5. New Firmware Issues
    By hwapper in forum WL-500g Q&A
    Replies: 3
    Last Post: 21-04-2004, 09:27

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •