ADSL + VPN = ahhhhhhhh

[phildlight]

Ok, I have 1 pc w/ WinXP Home, and 1 laptop w/ WinXP home. I have ADSL through Earthlink on the pc, and I have dial up through Earthlink on the laptop. While on dial up, I can connect to my VPN I setup at work fine, but on the pc, I keep getting 619 errors etc. I have all of the logs from the SnapGear firewall, and my pc's event logs, but I've sifted through everything and can't find a solution. Other people in my office can connect to the VPN w/ cable, and one girl is even using WinME and dial up, and she can connect fine. I'm sure the VPN is right, and I'm sure I've setup the pc w/ DSL correctly. Just can't connect. AHHHHH. Any help? Anybody heard of this before? Thanks.

 

[gacollier]

phild,

Argh... the dreaded "error 619". What's the VPN server (Windows 2000 Server, Pro, something else)? Also, the other systems that are able to "get through", are any of these systems XP and using a broadband connection?

Now some obvious items... make sure that under the NIC for the broadband connention under "local are connection properties", "internet connection firewall" and "internet connection sharing" are disabled.

Let us know on the first items.

 

[phildlight]

Server is NT 4.0 as the controller, and a 2000 as file server.

One person is using another ISP and ADSL on WinXP home, and he CAN get through. I'm convinced the DSL modem I have is crap. It came from the ISP, so I'm going to get a new router to fix this. I'm sure it's the issue. The laptop I'm on now on dial up works fine, so I know the settings aren't "f-d" up. Thanks for the reply. Let me know if anything else comes to mind.

 

[gacollier]

phild,

Did you get this resolved? If you didn't, what are the log entries on the related to the VPN server?

 

[phildlight]

Below are the firewall logs. I did the "xx.xxx.xx.xxx" stuff. Can't be too careful. Say, while I'm asking questions, when I connect w/ the laptop and dial up, I can't map drives using (//server) or internal IP (10.0.0.2)? I haven't picked up a new router yet, so no the problem isn't "fixed". Funny, I'm the only one who can't connect (ADSL) and I set this up. Let me know if you can figure out the problem using below logs: I do have Chap enabled on my end, and firewall. It is setup as PPTP VPN, and L2TP is not enabled, nor is GRE.

Mar 16 13:37:28 pptpd[15174]: CTRL: Client "xx.xxx.xx.xxx" control connection started
Mar 16 13:37:29 pptpd[15174]: CTRL: Starting call (launching pppd, opening GRE)
Mar 16 13:37:29 pptpd[15174]: CTRL: Allocating pty/tty pair
Mar 16 13:37:29 pptpd[15174]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/dev/ttyp0)
Mar 16 13:37:29 pppd[15175]: Using interface ppp0
Mar 16 13:37:29 pppd[15175]: pppd create pidfile
Mar 16 13:37:29 pppd[15175]: Connect: ppp0 <--> /dev/ttyp0
Mar 16 13:37:29 pppd[15175]: Will not do PAP for user PoPToP
Mar 16 13:37:29 pppd[15175]: Will not do CHAP for user PoPToP
Mar 16 13:37:59 pppd[15175]: LCP: timeout sending Config-Requests
Mar 16 13:37:59 pppd[15175]: Connection terminated.
Mar 16 13:37:59 pppd[15175]: Exit.
Mar 16 13:37:59 pptpd[15174]: GRE: read(fd=3,buffer=414aac,len=4096) from PTY failed: status = -1 error = Error 5
Mar 16 13:37:59 pptpd[15174]: CTRL: PTY read or GRE write failed (pty,gre)=(3,4)
Mar 16 13:37:59 pptpd[15174]: CTRL: Client "xx.xxx.xx.xxx" control connection finished

 

[AndyJG]

I believe you require GRE (protocol 47) for PPTP to work correctly. Try enabling it. Also, do you have TCP port 1723 forwarded to the server?

Andy

 

[gacollier]

I think Andy is right. Looks like you're stalling out on the LCP return request. given that LCP is packaged in GRE I'd do as Andy suggested and look at opening GRE on the client end. You mentioned that you have firewall enabled on the client, have you tried disabling this as a test?

 

[Shplad]

Hey Phildlight:

From your packet trace there, it looks to me like someone was trying to use PopTop-the Linux pptp client. Was that the case? the negotiations process appears to be trying pap and then chap and then the timeout occurs.

Were you using Poptop in that scenario? What type of authentication was specified in the client and host machines?

Shplad

 

[phildlight]

thanks for the reply shplad. I've fixed the issue, and it was the configuration of the modem that earthlink supplied. The modem by default uses a constant connection, and a firewall. I hacked into the modem, and set it force a manual connection. When I re-configured the modem, the last choice on the last page of the config was to disable the firewall. I did that, and I'm up and running. Damn earthlink modem.

 

[neo125]

Hey phildlight:

Just wanted to send a "big thank you" for helping me solve a similar problem that I was having with one of my remote users who had earthlink dsl service at their home office. Battled with it for weeks and could not get anywhere with their customer support, and finally discovered your posting.

Also a huge thanks goes to all the dedicated people who post all the helpful responses to help solve the IT headaches we all face everyday.


Cheers,

neo125