Friday, October 29, 2010

Fedora 13 v.s Microsoft PPTP

After such a long time of not having PPTP functionality in linux to communicate with microsoft pptp (RARS) servers that we have at various clients, I finally dedicated a night to getting it up and working.

I can't help but wonder why none of this is default. I find it hard to imagine anybody in their right mind using PPTP unless they are in a windows environment to begin with.

Anyways lets cut to the chase. I am working primarily with the builtin gnome network manager tray icon. I want Network Manager to be able to connect.

I have the same error on my Fedora 12 machine. The Fedora 12 Machine was a bit more helpful with its error and alerted the user "Error could not connect to the vpn, invalid secrets". Fedora 13.. just said vpn connection failed. but I assumed it was the same problem.

Here is a snippet from my /var/log/messages
Oct 30 00:09:57 Wolfbite pptp[3954]: nm-pptp-service-3943 log[ctrlp_rep:pptp_ctrl.c:254]: Sent control packet type is 1 'Start-Control-Connection-Request'
Oct 30 00:09:57 Wolfbite pptp[3954]: nm-pptp-service-3943 log[ctrlp_disp:pptp_ctrl.c:754]: Received Start Control Connection Reply
Oct 30 00:09:57 Wolfbite pptp[3954]: nm-pptp-service-3943 log[ctrlp_disp:pptp_ctrl.c:788]: Client connection established.
Oct 30 00:09:58 Wolfbite pptp[3954]: nm-pptp-service-3943 log[ctrlp_rep:pptp_ctrl.c:254]: Sent control packet type is 7 'Outgoing-Call-Request'
Oct 30 00:09:58 Wolfbite pptp[3954]: nm-pptp-service-3943 log[ctrlp_disp:pptp_ctrl.c:873]: Received Outgoing Call Reply.
Oct 30 00:09:58 Wolfbite pptp[3954]: nm-pptp-service-3943 log[ctrlp_disp:pptp_ctrl.c:912]: Outgoing call established (call ID 0, peer's call ID 31573).
Oct 30 00:10:00 Wolfbite pptp[3954]: nm-pptp-service-3943 log[ctrlp_disp:pptp_ctrl.c:927]: Received Call Clear Request.
Oct 30 00:10:31 Wolfbite pppd[3946]: LCP: timeout sending Config-Requests
Oct 30 00:10:31 Wolfbite pppd[3946]: Connection terminated.
Oct 30 00:10:31 Wolfbite NetworkManager[3739]: VPN plugin failed: 1
Oct 30 00:10:31 Wolfbite pppd[3946]: Modem hangup
Oct 30 00:10:31 Wolfbite pptp[3948]: nm-pptp-service-3943 warn[decaps_hdlc:pptp_gre.c:204]: short read (-1): Input/output error
Oct 30 00:10:31 Wolfbite pptp[3948]: nm-pptp-service-3943 warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log
Oct 30 00:10:31 Wolfbite pptp[3954]: nm-pptp-service-3943 log[callmgr_main:pptp_callmgr.c:235]: Closing connection (unhandled)
Oct 30 00:10:31 Wolfbite pptp[3954]: nm-pptp-service-3943 log[ctrlp_rep:pptp_ctrl.c:254]: Sent control packet type is 12 'Call-Clear-Request'
Oct 30 00:10:31 Wolfbite pptp[3954]: nm-pptp-service-3943 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
Oct 30 00:10:31 Wolfbite pppd[3946]: Exit.
Oct 30 00:10:31 Wolfbite NetworkManager[3739]: VPN plugin failed: 1
Oct 30 00:10:31 Wolfbite NetworkManager[3739]: VPN plugin failed: 1
Oct 30 00:10:31 Wolfbite NetworkManager[3739]: VPN plugin state changed: 6
Oct 30 00:10:31 Wolfbite NetworkManager[3739]: VPN plugin state change reason: 0
Oct 30 00:10:31 Wolfbite NetworkManager[3739]: error disconnecting VPN: Could not process the request because no VPN connection was active.
Oct 30 00:10:31 Wolfbite NetworkManager[3739]: Policy set 'Auto gateway' (wlan0) as default for IPv4 routing and DNS.
Oct 30 00:10:36 Wolfbite NetworkManager[3739]: VPN service 'pptp' disappeared

Its important to know that MS VPNs only like require mppe. go to the advanced settings window, and make sure only MSCHAPv2 is checked. uncheck the others (pap, chap, mschap, eap).

Open up /etc/ppp/options.pptp
make sure these lines are located within the file somewhere
refuse-pap
refuse-eap
refuse-chap
refuse-mschap
require-mppe

take note of the line that says require-mppe. I had to manually write that one, but the others were there for me. They need to be there for this to work properly.

2 comments :

Devon Dieffenbach said...

Tried these Settings i am getting this error:

Nov 9 18:50:20 spiderpig pppd[1748]: Plugin /usr/lib/pppd/2.4.5//nm-pptp-pppd-plugin.so loaded.
Nov 9 18:50:20 spiderpig pppd[1748]: pppd 2.4.5 started by root, uid 0
Nov 9 18:50:20 spiderpig pppd[1748]: Using interface ppp0
Nov 9 18:50:20 spiderpig pppd[1748]: Connect: ppp0 <--> /dev/pts/1
Nov 9 18:50:51 spiderpig pppd[1748]: LCP: timeout sending Config-Requests
Nov 9 18:50:51 spiderpig pppd[1748]: Connection terminated.
Nov 9 18:50:51 spiderpig pppd[1748]: Modem hangup
Nov 9 18:50:51 spiderpig pppd[1748]: Exit.
Nov 9 18:53:46 spiderpig kernel: [ 883.038543] device eth0 left promiscuous mode
Nov 9 18:53:48 spiderpig kernel: [ 884.702205] device eth0 entered promiscuous mode
Nov 9 18:53:50 spiderpig kernel: [ 886.841578] device eth0 left promiscuous mode
Nov 9 18:53:52 spiderpig kernel: [ 888.595786] device eth0 entered promiscuous mode
Nov 9 18:54:11 spiderpig kernel: [ 907.612820] sky2 eth0: Link is down.
Nov 9 18:55:09 spiderpig kernel: [ 965.204927] Registered led device: iwl-phy0::radio
Nov 9 18:55:09 spiderpig kernel: [ 965.205019] Registered led device: iwl-phy0::assoc
Nov 9 18:55:09 spiderpig kernel: [ 965.205382] Registered led device: iwl-phy0::RX
Nov 9 18:55:09 spiderpig kernel: [ 965.205499] Registered led device: iwl-phy0::TX
Nov 9 18:55:09 spiderpig kernel: [ 965.237894] ADDRCONF(NETDEV_UP): wlan0: link is not ready
Nov 9 18:55:17 spiderpig kernel: [ 973.662191] ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Nov 9 18:55:45 spiderpig kernel: [ 1001.296717] Intel AES-NI instructions are not detected.
Nov 9 18:55:45 spiderpig kernel: [ 1001.345422] padlock: VIA PadLock not detected.
Nov 9 18:56:03 spiderpig pppd[1933]: Plugin /usr/lib/pppd/2.4.5//nm-pptp-pppd-plugin.so loaded.
Nov 9 18:56:03 spiderpig pppd[1933]: pppd 2.4.5 started by root, uid 0
Nov 9 18:56:03 spiderpig pppd[1933]: Using interface ppp0
Nov 9 18:56:03 spiderpig pppd[1933]: Connect: ppp0 <--> /dev/pts/1
Nov 9 18:56:08 spiderpig pppd[1933]: LCP terminated by peer (yM-4^J7^@ /dev/pts/1
Nov 9 18:58:42 spiderpig pppd[1975]: LCP terminated by peer (d-y#011^@ /dev/pts/1
Nov 9 18:59:04 spiderpig pppd[1990]: LCP terminated by peer (tM-LL,^@<M-Mt^@^@^BM-3)
Nov 9 18:59:07 spiderpig pppd[1990]: Connection terminated.
Nov 9 18:59:07 spiderpig pppd[1990]: Modem hangup
Nov 9 18:59:07 spiderpig pppd[1990]: Exit.


Everything else is setup the exact same.

Devon Dieffenbach said...

Figured out the problem.
I fixed it by changing 2 more options after looking at my original configuration.

1. Changed NT Domain to blank. I know.. this really does not make sense, but right after applying this it worked.

2. I also changed Advanced settings to not send PPP Echo Packets. I tested the VPN immediately after updating the setting, but it did not fix it. I included this simply for documentation purposes.