We help IT Professionals succeed at work.

routing traffic through linux PPTP server

re-searcher
re-searcher asked
on
Medium Priority
1,678 Views
Last Modified: 2012-05-12
Hello,

I install and configured poptop with freeradius and i can connect to server, but when my connection established i can't browse internet.

my pptp internal ip address is 192.168.1.1.
when i connected to server with pptp client from my Mac I can ping server (192.168.1.1) and from server i can ping client (192.168.1.2)
from server when i pinging experts-exhange.com i'll retrieve their IPs but from client i receive requiest time-out message.

Please, help me if you know how can i fix it
Comment
Watch Question

Commented:
Do you have packet forwarding correctly established?

This requires at least three steps:

1. enable forwarding of packets:
echo 1 > /proc/sys/net/ipv4/ip_forward

2. allow packet traversal on firewall (simplest rule is to allow all traffic, but you should change it appropriately):
iptables -I FORWARD -j ACCEPT

3. NAT the IPs to the server computer IP:
iptables -t nat -I POSTROUTING -j MASQUERADE


All these commands are valid until you reboot your system. You should put them in rc.local file or other apropriate configuration files to work after every reboot.

See also for example:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch03_:_Linux_Networking#How_to_Convert_Your_Linux_Server_into_a_Simple_Router

Author

Commented:
# Blaz
1. enable forwarding of packets:
echo 1 > /proc/sys/net/ipv4/ip_forward
my problem is when i set /proc/sys/net/ipv4/ip_forward to 1 after reboot it return back to 0

but my "sysctl -p" return following result:
sysctl -p
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_forward = 1

Open in new window


another problem is my ppp0 netmask is 255.255.255.255 instead of 255.255.255.0
i set "netmask 255.255.255.0" on /etc/pptpd.conf

Commented:
> my problem is when i set /proc/sys/net/ipv4/ip_forward to 1 after reboot it return back to 0

As I stated the setting will revert to 0 after reboot. If you have changed the sysctl.conf and run sysctl -p the new value should be 1. What is the value of ip_forward AFTER you run sysctl -p?

> another problem is my ppp0 netmask is 255.255.255.255 instead of 255.255.255.0
> i set "netmask 255.255.255.0" on /etc/pptpd.conf

Do you have a question about this?

Author

Commented:
As I stated the setting will revert to 0 after reboot. If you have changed the sysctl.conf and run sysctl -p the new value should be 1. What is the value of ip_forward AFTER you run sysctl -p?
I fixed it /proc/sys/net/ipv4/ip_forward now set to 1 and after reboot is not return back to 0.


Do you have a question about this?

my problem is why when i connect to pptp server with pptp client i can't browse internet and just internal network available for me.

Author

Commented:
I don't know why in previous reboot ip_forward not reset to 0 but now it's reset to 0.

but when i run "sysctl -p" i receive following result:
root@testserver:~# sysctl -p
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_forward = 1

Open in new window

Commented:
> I fixed it /proc/sys/net/ipv4/ip_forward now set to 1 and after reboot is not return back to 0.

Maybe you should just put line: "echo 1 > /proc/sys/net/ipv4/ip_forward" in file /etc/rc.local and solve this issue...


> my problem is why when i connect to pptp server with pptp client i can't browse internet and just internal network available for me.


More questions:
1. Have you (successfully) configured all my points (1-3) of packet forwarding?
2. You wrote "internal network available" does this mean that you can access more than just the poptop server?
3. What is the default gateway on client computers?

Author

Commented:
# Blaz,

after I add those rules which you said in first reply i can connect to server from my mac os and it stop on authenticating till i receive timeout/authentication failed error.

* I have a server which i configured poptop on it.
* I want to connect to my server with PPTP connection and browse internet with server IPs (route all traffic through PPTP Server)

* when i connect to server with my MAC OS for example my ip is 192.168.1.2 which i set this range in /etc/pptpd.conf
and my server ip is 192.168.1.1 (which i set it in pptd.conf file,too)
i have 5 dedicate IP (internet ip) and i want after PPTP connection established i be able to browse internet with one of the server IPs.
Top Expert 2011

Commented:
@Blaz
Maybe you should just put line: "echo 1 > /proc/sys/net/ipv4/ip_forward" in file /etc/rc.local and solve this issue...
Please post an update if you end up figuring out why this is supposedly happening.

My sleep-deprived brain is out of ideas --  http://www.experts-exchange.com/OS/Linux/Q_27429174.html

Bed time.

Commented:
> after I add those rules which you said in first reply i can connect to server from my mac os and it stop on authenticating till i receive timeout/authentication failed error.

So if I understand correctly the commands made things worse?

I think you should change point 3 to the following command:
iptables -t nat -I POSTROUTING -j MASQUERADE
to:
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
where eth0 is your internet interface on the server.

I would appreciate a more direct answer to my questions since you did not answer them all:
1. Have you (successfully) configured all my points (1-3) of packet forwarding?
2. What is the default gateway on client computers?

Author

Commented:
1. Have you (successfully) configured all my points (1-3) of packet forwarding?
No, I didn't ad any packet forwarding rules.
I just know i configured poptp with freeradius and freeradius-mysql as well.
because, i can connect to server with users which i added to mysql database.

2. What is the default gateway on client computers?

Open in new window

my client is standalone Mac and connect directly to internet, after PPTP connection established Default gateway would be PPTP Server.

again i wanna saying ppp0's netmast is 255.255.255.252 while i set netmast in /etc/pptpd.conf to 255.255.255.0

Commented:
> No, I didn't ad any packet forwarding rules.

Well than is good enough reason for not working... May I ask why didn't you configure that?

> my client is standalone Mac and connect directly to internet, after PPTP connection established Default gateway would be PPTP Server.

"Would be" is not good enough. It must be. Did you check your routing table on the client before/after PPTP connection?

> again i wanna saying ppp0's netmast is 255.255.255.252 while i set netmast in /etc/pptpd.conf to 255.255.255.0

This doesn't worry me because if you can communicate and ping the server form the client then the netmasks should be OK.

Author

Commented:
Well than is good enough reason for not working... May I ask why didn't you configure that?

Because, I'm newbie in Linux and after around 1 month research I learned how to work with Ubuntu and how to install pptpd,ppp,freeradius and etc. and I learned how to integrate all of these apps together.
I don't know what exactly i should do know, It's reason of I ask my question here.

"Would be" is not good enough. It must be. Did you check your routing table on the client before/after PPTP connection?
I fix my answer: it's MUST be :) I like it,too.
No I don't check routing table, because I don't do it for VPN accounts which i purchase from other companies, So I want to my server be like them. and any person with basic knowledge be able connect to PPTP server.

This doesn't worry me because if you can communicate and ping the server form the client then the netmasks should be OK.
I ask it because my Public IPs subnetmask is 255.255.255.0 but ppp netmast is 255.255.255.0

Commented:
> I don't know what exactly i should do know, It's reason of I ask my question here.

I gave you direct command-line command that you should run. If you don't run those then I can't help you.

After running the commands:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

(where eth0 in the last command is your internet interface)
please post the output of:

cat /proc/sys/net/ipv4/ip_forward
iptables -L -nvx
iptables -t nat -L -nvx


> No I don't check routing table, because I don't do it for VPN accounts which i purchase from other companies,
> So I want to my server be like them. and any person with basic knowledge be able connect to PPTP server.

I'm not sure that we are on the same page here - other VPN accounts you mentione probably work. Your's does not. That is why you should gather as much information as possible about why it does not work. This has nothing to do with what any person connecting should do. This is making it work in the first place.

> I ask it because my Public IPs subnetmask is 255.255.255.0 but ppp netmast is 255.255.255.0

Public IP netmask is not relevant to ppp netmask.

Author

Commented:
Thanks for you answers Blaz,

cat /proc/sys/net/ipv4/ip_forward
1

Open in new window


iptables -L -nvx
Chain INPUT (policy ACCEPT 59702 packets, 7182698 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 156 packets, 12771 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 57184 packets, 6422793 bytes)
    pkts      bytes target     prot opt in     out     source               destination   

Open in new window


iptables -t nat -L -nvx
Chain PREROUTING (policy ACCEPT 9188 packets, 993663 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 412 packets, 72035 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 240 packets, 15095 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 305 packets, 20379 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 MASQUERADE  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0   

Open in new window


Commented:
OK. The commands seem to work.

Can you verify that eth0 is your internet interface?

Does it work now?

Author

Commented:
it's not work,
i connected but after 10 second i disconnect from server (I testing it on MAC OS Snow Leopard)

root@testserver:~# tail -f /var/log/syslog | grep pp*
Nov  3 06:22:38 uss01 pptpd[5594]: MGR: Launching /usr/sbin/pptpctrl to handle client
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: local address = 192.168.120.1
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: remote address = 192.168.120.2
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: pppd options file = /etc/ppp/pptpd-options
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Client 109.110.168.240 control connection started
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 1)
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Made a START CTRL CONN RPLY packet
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: I wrote 156 bytes to the client.
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Sent packet to client
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 7)
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Set parameters to 100000000 maxbps, 64 window size
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Made a OUT CALL RPLY packet
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Starting call (launching pppd, opening GRE)
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: pty_fd = 6
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: tty_fd = 7
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: I wrote 32 bytes to the client.
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Sent packet to client
Nov  3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
Nov  3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): local address = 192.168.120.1
Nov  3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): remote address = 192.168.120.2
Nov  3 06:22:38 uss01 pppd[5595]: Plugin radius.so loaded.
Nov  3 06:22:38 uss01 pppd[5595]: RADIUS plugin initialized.
Nov  3 06:22:38 uss01 pppd[5595]: Plugin radius.so loaded.
Nov  3 06:22:38 uss01 pppd[5595]: RADIUS plugin initialized.
Nov  3 06:22:38 uss01 pppd[5595]: Plugin radattr.so loaded.
Nov  3 06:22:38 uss01 pppd[5595]: RADATTR plugin initialized.
Nov  3 06:22:38 uss01 pppd[5595]: pppd 2.4.5 started by root, uid 0
Nov  3 06:22:38 uss01 pppd[5595]: using channel 4
Nov  3 06:22:38 uss01 pppd[5595]: Using interface ppp0
Nov  3 06:22:38 uss01 pppd[5595]: Connect: ppp0 <--> /dev/pts/1
Nov  3 06:22:38 uss01 pppd[5595]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5ff5ff8b> <pcomp> <accomp>]
Nov  3 06:22:38 uss01 pptpd[5594]: GRE: Bad checksum from pppd.
Nov  3 06:22:38 uss01 pptpd[5594]: MGR: Launching /usr/sbin/pptpctrl to handle client
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: local address = 192.168.120.1
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: remote address = 192.168.120.2
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: pppd options file = /etc/ppp/pptpd-options
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Client 109.110.168.240 control connection started
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 1)
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Made a START CTRL CONN RPLY packet
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: I wrote 156 bytes to the client.
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Sent packet to client
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 7)
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Set parameters to 100000000 maxbps, 64 window size
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Made a OUT CALL RPLY packet
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Starting call (launching pppd, opening GRE)
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: pty_fd = 6
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: tty_fd = 7
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: I wrote 32 bytes to the client.
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Sent packet to client
Nov  3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
Nov  3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): local address = 192.168.120.1
Nov  3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): remote address = 192.168.120.2
Nov  3 06:22:38 uss01 pptpd[5594]: GRE: Bad checksum from pppd.
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 15)
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Nov  3 06:22:38 uss01 pptpd[5594]: GRE: accepting packet #1
Nov  3 06:22:38 uss01 pptpd[5594]: GRE: accepting packet #2
Nov  3 06:22:38 uss01 pppd[5595]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x16f7a9b2> <pcomp> <accomp>]
Nov  3 06:22:38 uss01 pppd[5595]: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x16f7a9b2> <pcomp> <accomp>]
Nov  3 06:22:38 uss01 pppd[5595]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5ff5ff8b> <pcomp> <accomp>]
Nov  3 06:22:38 uss01 pppd[5595]: sent [LCP EchoReq id=0x0 magic=0x5ff5ff8b]
Nov  3 06:22:38 uss01 pppd[5595]: sent [CHAP Challenge id=0x46 <e58e4c0f9ab8f8c54ec3cb01ad73dfa8>, name = "pptpd"]
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #3
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #4
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #5
Nov  3 06:22:39 uss01 pppd[5595]: rcvd [LCP EchoReq id=0x0 magic=0x16f7a9b2]
Nov  3 06:22:39 uss01 pppd[5595]: sent [LCP EchoRep id=0x0 magic=0x5ff5ff8b]
Nov  3 06:22:39 uss01 pppd[5595]: rcvd [LCP EchoRep id=0x0 magic=0x16f7a9b2]
Nov  3 06:22:39 uss01 pppd[5595]: rcvd [CHAP Response id=0x46 <6ba09c60ca1c3de3fe2acffb96c7ce6d00000000000000001f68b375e17ddac15a5c1bde5800e364162ada424c0bae4d00>, name = "1216m0628001"]
Nov  3 06:22:39 uss01 pppd[5595]: RADATTR plugin wrote 6 line(s) to file /var/run/radattr.ppp0.
Nov  3 06:22:39 uss01 pppd[5595]: sent [CHAP Success id=0x46 "S=B633EEEEC27DA838C147EFC8155ECEE852AD4645"]
Nov  3 06:22:39 uss01 pppd[5595]: sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #6
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #7
Nov  3 06:22:39 uss01 pppd[5595]: rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Nov  3 06:22:39 uss01 pppd[5595]: sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Nov  3 06:22:39 uss01 pppd[5595]: rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Nov  3 06:22:39 uss01 pppd[5595]: MPPE 128-bit stateless compression enabled
Nov  3 06:22:39 uss01 pppd[5595]: sent [IPCP ConfReq id=0x1 <addr 192.168.120.1>]
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 15)
Nov  3 06:22:38 uss01 pptpd[5594]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Nov  3 06:22:38 uss01 pptpd[5594]: GRE: accepting packet #1
Nov  3 06:22:38 uss01 pptpd[5594]: GRE: accepting packet #2
Nov  3 06:22:38 uss01 pppd[5595]: sent [CHAP Challenge id=0x46 <e58e4c0f9ab8f8c54ec3cb01ad73dfa8>, name = "pptpd"]
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #3
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #4
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #5
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #6
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #7
Nov  3 06:22:39 uss01 acpid: client 5589[0:0] has disconnected
Nov  3 06:22:39 uss01 acpid: client connected from 5630[0:0]
Nov  3 06:22:39 uss01 acpid: 1 client rule loaded
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: buffering packet #9 (expecting #8, lost or reordered)
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: buffering packet #10 (expecting #8, lost or reordered)
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: buffering packet #9 (expecting #8, lost or reordered)
Nov  3 06:22:39 uss01 pptpd[5594]: GRE: buffering packet #10 (expecting #8, lost or reordered)
Nov  3 06:22:42 uss01 pppd[5595]: sent [IPCP ConfReq id=0x1 <addr 192.168.120.1>]
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: timeout waiting for 1 packets
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: accepting #9 from queue
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: accepting #10 from queue
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #11
Nov  3 06:22:42 uss01 pppd[5595]: rcvd [IPV6CP ConfReq id=0x1 <addr fe80::cabc:c8ff:fea4:6bf4>]
Nov  3 06:22:42 uss01 pppd[5595]: Unsupported protocol 'IPv6 Control Protovol' (0x8057) received
Nov  3 06:22:42 uss01 pppd[5595]: sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a ca bc c8 ff fe a4 6b f4]
Nov  3 06:22:42 uss01 pppd[5595]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.120.1>]
Nov  3 06:22:42 uss01 pppd[5595]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.120.1>]
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #12
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #13
Nov  3 06:22:42 uss01 pppd[5595]: rcvd [IPCP ConfReq id=0x1 <addr 192.168.120.2> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
Nov  3 06:22:42 uss01 pppd[5595]: sent [IPCP ConfNak id=0x1 <ms-dns1 66.96.80.194> <ms-dns2 66.96.80.43>]
Nov  3 06:22:42 uss01 pppd[5595]: rcvd [IPV6CP ConfReq id=0x1 <addr fe80::cabc:c8ff:fea4:6bf4>]
Nov  3 06:22:42 uss01 pppd[5595]: Unsupported protocol 'IPv6 Control Protovol' (0x8057) received
Nov  3 06:22:42 uss01 pppd[5595]: sent [LCP ProtRej id=0x3 80 57 01 01 00 0e 01 0a ca bc c8 ff fe a4 6b f4]
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: accepting packet #14
Nov  3 06:22:43 uss01 pppd[5595]: rcvd [IPCP ConfReq id=0x2 <addr 192.168.120.2> <ms-dns1 66.96.80.194> <ms-dns2 66.96.80.43>]
Nov  3 06:22:43 uss01 pppd[5595]: sent [IPCP ConfAck id=0x2 <addr 192.168.120.2> <ms-dns1 66.96.80.194> <ms-dns2 66.96.80.43>]
Nov  3 06:22:43 uss01 pppd[5595]: Cannot determine ethernet address for proxy ARP
Nov  3 06:22:43 uss01 pppd[5595]: local  IP address 192.168.120.1
Nov  3 06:22:43 uss01 pppd[5595]: remote IP address 192.168.120.2
Nov  3 06:22:43 uss01 pppd[5595]: Script /etc/ppp/ip-up started (pid 5632)
Nov  3 06:22:43 uss01 slapd[3473]: connection_read(25): no connection!
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: timeout waiting for 1 packets
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: accepting #9 from queue
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: accepting #10 from queue
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #11
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #12
Nov  3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #13
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: accepting packet #14
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #17 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 slapd[3473]: last message repeated 3 times
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #17 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #18 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #19 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #20 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #21 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #22 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #23 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #24 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #25 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #26 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #27 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #28 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #29 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #30 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #31 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #32 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #33 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #34 (expecting #15, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: timeout waiting for 2 packets
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #17 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #18 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #19 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #20 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #21 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #22 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #23 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #24 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #25 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #26 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #27 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #28 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #29 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #30 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #31 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #32 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #33 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #34 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #35
Nov  3 06:22:44 uss01 slapd[3473]: connection_read(25): no connection!
Nov  3 06:22:44 uss01 slapd[3473]: last message repeated 3 times
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #36
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #37
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #38
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #39
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #40
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #41
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #43 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #44 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #45 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #46 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #47 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #48 (expecting #42, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #18 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #19 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #20 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #21 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #22 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #23 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #24 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #25 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #26 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #27 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #28 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #29 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #30 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #31 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #32 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #33 (expecting #15, lost or reordered)
Nov  3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #34 (expecting #15, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: timeout waiting for 2 packets
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #17 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #18 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #19 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #20 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #21 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #22 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #23 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #24 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #25 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #26 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #27 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #28 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #29 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #30 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #31 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #32 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #33 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #34 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #35
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #36
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #37
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #38
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #39
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #40
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #41
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #43 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #44 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #45 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #46 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #47 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #48 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #49 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #50 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #51 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #52 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #53 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #54 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #55 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #56 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #57 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #58 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #59 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #60 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #61 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #62 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #63 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 slapd[3473]: connection_read(25): no connection!
Nov  3 06:22:44 uss01 slapd[3473]: last message repeated 3 times
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: timeout waiting for 1 packets
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #43 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #44 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #45 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #46 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #47 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #48 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #49 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #50 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #51 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #52 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #53 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #54 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #55 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #56 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #57 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #58 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #59 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #60 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #61 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #62 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #63 from queue
Nov  3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #64
Nov  3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #65
Nov  3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #66
Nov  3 06:22:45 uss01 slapd[3473]: connection_read(25): no connection!
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #49 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #50 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #51 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #52 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #53 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #54 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #55 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #56 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #57 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #58 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #59 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #60 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #61 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #62 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #63 (expecting #42, lost or reordered)
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: timeout waiting for 1 packets
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #43 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #44 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #45 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #46 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #47 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #48 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #49 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #50 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #51 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #52 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #53 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #54 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #55 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #56 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #57 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #58 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #59 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #60 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #61 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #62 from queue
Nov  3 06:22:44 uss01 pptpd[5594]: GRE: accepting #63 from queue
Nov  3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #64
Nov  3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #65
Nov  3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #66
Nov  3 06:22:45 uss01 slapd[3473]: last message repeated 3 times
Nov  3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #67
Nov  3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #68
Nov  3 06:22:46 uss01 slapd[3473]: connection_read(25): no connection!
Nov  3 06:22:46 uss01 slapd[3473]: last message repeated 3 times
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #69
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #70
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #71
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #72
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #73
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #74
Nov  3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #67
Nov  3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #68
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #69
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #70
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #71
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #72
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #73
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #74
Nov  3 06:22:46 uss01 slapd[3473]: connection_read(25): no connection!
Nov  3 06:22:46 uss01 slapd[3473]: last message repeated 3 times
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #75
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #76
Nov  3 06:22:47 uss01 pppd[5595]: Script /etc/ppp/ip-up finished (pid 5632), status = 0x0
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #75
Nov  3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #76
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #77
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #78
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #79
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #80
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #81
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #82
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #83
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #84
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #85
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #86
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #87
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #88
Nov  3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #89
Nov  3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #90
Nov  3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #91
Nov  3 06:22:48 uss01 pptpd[5594]: GRE: read(fd=7,buffer=6095a0,len=8260) from network failed: status = -1 error = Message too long
Nov  3 06:22:48 uss01 pptpd[5594]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
Nov  3 06:22:48 uss01 pptpd[5594]: CTRL: Reaping child PPP[5595]
Nov  3 06:22:48 uss01 pppd[5595]: Modem hangup
Nov  3 06:22:48 uss01 pppd[5595]: Connect time 0.1 minutes.
Nov  3 06:22:48 uss01 pppd[5595]: Sent 7741 bytes, received 6020 bytes.
Nov  3 06:22:48 uss01 pppd[5595]: Script /etc/ppp/ip-down started (pid 5681)
Nov  3 06:22:48 uss01 pppd[5595]: MPPE disabled
Nov  3 06:22:48 uss01 pppd[5595]: sent [LCP TermReq id=0x4 "MPPE disabled"]
Nov  3 06:22:48 uss01 pppd[5595]: Connection terminated.
Nov  3 06:22:48 uss01 pppd[5595]: Waiting for 1 child processes...
Nov  3 06:22:48 uss01 pppd[5595]:   script /etc/ppp/ip-down, pid 5681
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #77
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #78
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #79
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #80
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #81
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #82
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #83
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #84
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #85
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #86
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #87
Nov  3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #88
Nov  3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #89
Nov  3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #90
Nov  3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #91
Nov  3 06:22:48 uss01 pptpd[5594]: GRE: read(fd=7,buffer=6095a0,len=8260) from network failed: status = -1 error = Message too long
Nov  3 06:22:48 uss01 pptpd[5594]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
Nov  3 06:22:48 uss01 pptpd[5594]: CTRL: Reaping child PPP[5595]
Nov  3 06:22:48 uss01 slapd[3473]: connection_read(25): no connection!
Nov  3 06:22:48 uss01 slapd[3473]: last message repeated 3 times
Nov  3 06:22:48 uss01 pppd[5595]: Script /etc/ppp/ip-down finished (pid 5681), status = 0x0
Nov  3 06:22:48 uss01 pppd[5595]: RADATTR plugin removed file /var/run/radattr.ppp0.
Nov  3 06:22:48 uss01 pppd[5595]: Exit.
Nov  3 06:22:48 uss01 pptpd[5594]: CTRL: Client 109.110.168.240 control connection finished
Nov  3 06:22:48 uss01 pptpd[5594]: CTRL: Exiting now
Nov  3 06:22:48 uss01 pptpd[2083]: MGR: Reaped child 5594
Nov  3 06:22:48 uss01 pptpd[5594]: CTRL: Client 109.110.168.240 control connection finished
Nov  3 06:22:48 uss01 pptpd[5594]: CTRL: Exiting now
Nov  3 06:22:48 uss01 pptpd[2083]: MGR: Reaped child 5594

Open in new window

Commented:
Just to make sure - did you successfully authenticate before you started to write the commands I posted or not?

Author

Commented:
Yes, before that command I connect but didn't be able to browse any site. after i add iptables rules i connected and after 10-20 sec disconnect.

Author

Commented:
Do you know why it's occur?

Commented:
What is your network diagram on this server computer:
- what network interfaces does it have
- to what interface do you connect with clients
- what interface is the gateway to internet

Author

Commented:
Blaz,

I trying to install centos and will contact you after configuration.

just in /etc/sysctl.conf "net.ipv4.conf.default.accept_source_route = 0" shoudl i change it to "1" ?

Author

Commented:
Ok, I installed ClearOS based on CentOS 5.

and add following command on /etc/rc.d/rc.local.firewall
iptables -t filter -I FORWARD -i pptp+ -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

Open in new window


and change sysctl ipv4_forwarding to 1.

but again i can't surf internet after i connect to pptp server.

Blaz, on each post you ask new question, i think it's possible you ask all of them in one post.

1. my server have eth0 with 6 ips.
2. ???
3. eth0 is my internet gateway on server and i want to my client (ppp0) use eth0 for browsing internet.

Commented:
> just in /etc/sysctl.conf "net.ipv4.conf.default.accept_source_route = 0" shoudl i change it to "1" ?

No, 0 is fine - this is for source routing which you do not need.

> eth0 is my internet gateway on server and i want to my client (ppp0) use eth0 for browsing internet.

You then probably connect  (establish ppp tunnel) to the server through eth0?

> Blaz, on each post you ask new question, i think it's possible you ask all of them in one post.
This is not possible because answers to some questions open other questions. Additionally we are trying to fix your problem and we both do not know yet where the problem lies, so additional questions are necessary. If you wish, however I might not ask any more questions...

Author

Commented:
- Blaz,
thanks for you assistant.
can i take your time for 1 hour here for fix this problem.

I send some results here, Actually i'm angry with these problems. one month i researching for fix this problem and find best solution.

iptables -L -nvx

[root@uss01 ~]# iptables -L -nvx
Chain INPUT (policy DROP 249 packets, 66399 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
      11      702 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
       0        0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x12/0x12 state NEW reject-with tcp-reset 
       0        0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW 
       0        0 DROP       all  --  eth0   *       127.0.0.0/8          0.0.0.0/0           
       0        0 DROP       all  --  eth0   *       169.254.0.0/16       0.0.0.0/0           
      53     7188 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     all  --  pptp+  *       0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     all  --  tun+   *       0.0.0.0/0            0.0.0.0/0           
      12      348 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 0 
       0        0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 3 
       0        0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
       6      702 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 11 
       0        0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68 
       0        0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp spt:67 dpt:68 
      89     7645 ACCEPT     tcp  --  *      *       0.0.0.0/0            206.51.40.15      tcp dpt:22 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            206.51.40.15      tcp dpt:81 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            206.51.40.15      tcp dpt:1875 
     555    60171 ACCEPT     47   --  *      *       0.0.0.0/0            206.51.40.15      
      24     1896 ACCEPT     tcp  --  *      *       0.0.0.0/0            206.51.40.15      tcp dpt:1723 
       6      422 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpts:1024:65535 state RELATED,ESTABLISHED 
       0        0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpts:1024:65535 state RELATED,ESTABLISHED 

Chain FORWARD (policy DROP 528 packets, 48209 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
     283    20096 ACCEPT     all  --  pptp+  *       0.0.0.0/0            0.0.0.0/0           
     227    16839 ACCEPT     all  --  pptp+  *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
      62     7656 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     all  --  *      pptp+   0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     all  --  *      tun+    0.0.0.0/0            0.0.0.0/0           
      12      348 ACCEPT     icmp --  *      eth0    0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp spt:68 dpt:67 
       0        0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp spt:68 dpt:67 
      68    22180 ACCEPT     tcp  --  *      eth0    206.51.40.15       0.0.0.0/0           tcp spt:22 
       9      764 ACCEPT     tcp  --  *      eth0    206.51.40.15       0.0.0.0/0           tcp spt:81 
       0        0 ACCEPT     tcp  --  *      eth0    206.51.40.15       0.0.0.0/0           tcp spt:1875 
     176     6568 ACCEPT     47   --  *      eth0    206.51.40.15       0.0.0.0/0           
      18     1328 ACCEPT     tcp  --  *      eth0    206.51.40.15       0.0.0.0/0           tcp spt:1723 
       6      422 ACCEPT     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           

Chain drop-lan (0 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
[root@uss01 ~]# 

Open in new window


iptables -t nat -L -nvx
[root@uss01 ~]# iptables -t nat -L -nvx
Chain PREROUTING (policy ACCEPT 552852 packets, 64519034 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 431 packets, 25860 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
      78     4828 MASQUERADE  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
      69     5063 MASQUERADE  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 3917 packets, 181307 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
[root@uss01 ~]# 

Open in new window

Commented:
What are this posted iptables rule? Previously you posted a different set of rules...

Some thoughts (on this rules):

1. Some packets on INPUT chain and som on FORWARD chain get DROPped (you can see that by the number of packets affected by the default DROP chain policy). It would be wise to know what they are - add a logging rule as the last rule in the input (forward) chain:
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG

Then you can inspect /var/log/messages log for dropped packets and their properties. Check what (if any) packets get added to the LOG when you try to establish the ppp tunnel (and later on surf the internet) from the client.

2.  You have currently two MASQUERADing rules in POSTROUTING chain. Perhaps delete both and add a new rule as follows (specify the source IP range):
iptables -t nat -F POSTROUTING
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE

Author

Commented:
as i said in previous post I reinstall Linux (ClearOS Distr.) based on CentOS

Author

Commented:
- Blaz

how can i remove current iptables rules?
i just know iptables --flush which remove all rules.

Author

Commented:
Nov  6 14:59:29 uss01 kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:90:3d:a0:72:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=556 
Nov  6 14:59:32 uss01 kernel: IN=eth0 OUT=pptp0 SRC=216.146.35.35 DST=192.168.120.127 LEN=68 TOS=0x00 PREC=0x00 TTL=53 ID=16677 PROTO=UDP SPT=53 DPT=56511 LEN=48 
Nov  6 14:59:33 uss01 kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:4d:2a:86:5d:08:00 SRC=66.232.114.228 DST=255.255.255.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=32254 PROTO=UDP SPT=17500 DPT=17500 LEN=127 
Nov  6 14:59:35 uss01 kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:14:2a:ab:4b:4a:08:00 SRC=66.232.112.50 DST=255.255.255.255 LEN=187 TOS=0x00 PREC=0x00 TTL=64 ID=23865 PROTO=UDP SPT=17500 DPT=17500 LEN=167 
Nov  6 14:59:36 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=64549 LEN=58 
Nov  6 14:59:36 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=63967 LEN=58 
Nov  6 14:59:37 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=64549 LEN=58 
Nov  6 14:59:37 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=63967 LEN=58 
Nov  6 14:59:37 uss01 kernel: IN=eth0 OUT=pptp0 SRC=216.146.35.35 DST=192.168.120.127 LEN=68 TOS=0x00 PREC=0x00 TTL=53 ID=20762 PROTO=UDP SPT=53 DPT=56511 LEN=48 
Nov  6 14:59:40 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=64549 LEN=58 
Nov  6 14:59:40 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=63967 LEN=58 
Nov  6 14:59:42 uss01 kernel: IN=eth0 OUT=pptp0 SRC=216.146.35.35 DST=192.168.120.127 LEN=68 TOS=0x00 PREC=0x00 TTL=53 ID=25276 PROTO=UDP SPT=53 DPT=56511 LEN=48 
Nov  6 14:59:42 uss01 kernel: IN=eth0 OUT=pptp0 SRC=74.125.229.116 DST=192.168.120.127 LEN=48 TOS=0x00 PREC=0x00 TTL=56 ID=16482 PROTO=TCP SPT=443 DPT=52619 WINDOW=5720 RES=0x00 ACK SYN URGP=0 
Nov  6 14:59:43 uss01 kernel: IN=eth0 OUT=pptp0 SRC=74.125.229.116 DST=192.168.120.127 LEN=48 TOS=0x00 PREC=0x00 TTL=56 ID=16482 PROTO=TCP SPT=443 DPT=52619 WINDOW=5720 RES=0x00 ACK SYN URGP=0 
Nov  6 14:59:43 uss01 kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:24:1d:53:f3:b4:08:00 SRC=66.232.100.107 DST=255.255.255.255 LEN=139 TOS=0x00 PREC=0x00 TTL=128 ID=31520 PROTO=UDP SPT=17500 DPT=17500 LEN=119 
Nov  6 14:59:43 uss01 kernel: IN=eth0 OUT=pptp0 SRC=74.125.229.116 DST=192.168.120.127 LEN=48 TOS=0x00 PREC=0x00 TTL=56 ID=16482 PROTO=TCP SPT=443 DPT=52619 WINDOW=5720 RES=0x00 ACK SYN URGP=0 

Open in new window

Author

Commented:
ifconfig show following details for PPTP:
pptp0     Link encap:Point-to-Point Protocol  
          inet addr:192.168.120.1  P-t-P:192.168.120.127  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:326 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:23304 (22.7 KiB)  TX bytes:90 (90.0 b)

Open in new window

Author

Commented:
New problem occur for me,

I found a problem and change from standalone mode to "standalone - no firewall",
currently i connect to server but disconnect automatically after 10 sec

Commented:
Nov  6 14:59:32 uss01 kernel: IN=eth0 OUT=pptp0 SRC=216.146.35.35 DST=192.168.120.127 LEN=68 TOS=0x00 PREC=0x00 TTL=53 ID=16677 PROTO=UDP SPT=53 DPT=56511 LEN=48

OK. I believe I found some problems with your current setup although in previous install (previous set of iptables rules) this should not happen.

You are currently not permitting the return traffic from internet to your client. Actually this is very good news since it seems that your client successfully connected to the internet (but then it did not receive any response to the DNS queries).

So to fix this you should add one more rule:
iptables -I FORWARD -m state --state ESTABLISHED -j ACCEPT

Author

Commented:
It's not work.

* when i flush iptables and add "iptables -I FORWARD -m state --state ESTABLISHED -j ACCEPT" it's not work.
* when i load iptables rules and add "iptables -I FORWARD -m state --state ESTABLISHED -j ACCEPT" it's not work again.

* when i add "iptables -I FORWARD -j ACCEPT" and "iptables -t nat -I POSTROUTING -j MASQUERADE" it's work but first send/receive make me disconnect from server.

Commented:
I thought you would add the rule on existing rules. Please add additional rule (just for testing):
iptables -I INPUT -j ACCEPT

This will accept all incoming traffic including (hopefully) the credentials. So you should have (at least) the rules:
iptables -I FORWARD -j ACCEPT
iptables -I INPUT -j ACCEPT
iptables -I OUTPUT -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.120.0/24 -o eth0 -j MASQUERADE

and of course:
echo 1 > /proc/sys/net/ipv4/ip_forward

This rules should make sure that your firewall doesn't drop any packets. If this works we can work from there to further limit the firewall.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
iptables -L --line-numbers will list the rules and their line numbers.
Make sure to note the Chain they are in

iptables -D <CHAIN> <rule_number>
The above is how to delete the rules or you can use the /etc/sysconfig/iptables turn off iptables and remove the lines you do not want and reenable iptables (caution should be used if the system is directly on the internet).

When your PPTP client connects, look at the netstat -rn data to see what the existing.

I'll have to look, but you may have to make sure that your PPTPD.conf is allocating a separate VPN IP not the same as the one on the current LAN.
Then the PPTP client IP needs to be NAted before it goes out this is how the response finds its way back.

Author

Commented:
- Arnold
Thanks for your assistant.

would you mind check your e-mail.

Author

Commented:
I test pptp server with windows and it's work and can browse internet with primary ip of my server eth0

i have 5 additional ip on this server (eth0:0 adn eth0:1 and etc.) i want each time users using different ips.

how can i do it?

and my problem is why with mac os i disconnect from internet?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
you have to configure iptables to map the VPN assigned IP to appear as though it is originating from a different public IP.
http://www.unix.com/unix-dummies-questions-answers/150122-iptables-change-source-ip.html
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables

here is the snippet from the above relavent to your question
replace the 97.158.253.26 with the public IP you have.
Note you may have to change -i eth0 to -i eth0:1
# PREROUTING statements for 1:1 NAT
# (Connections originating from the Internet)

iptables -t nat -A PREROUTING -d 97.158.253.26 -i eth0 \
        -j DNAT --to-destination 192.168.1.100

# POSTROUTING statements for 1:1 NAT
# (Connections originating from the home network servers)

iptables -t nat -A POSTROUTING -s 192.168.1.100 -o eth0 \
         -j SNAT --to-source 97.158.253.26

Open in new window

Author

Commented:
you mean i should set a public ip for each range of my private pptp network?

for example 192.168.1.0/24 -> eth0 and 192.168.2.0/24 -> eth0:1 and etc.
right?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
This is how you handle the mapping of an internal IP to appear as it originates from a public IP.  Without this, the traffic will always appear as originating from the Primary Public IP which is often the first routeable IP of the block

Are you doing segment dependant origination or IP based?
192.168.1.2 -> IP1
192.168.1.3 -> IP2

Author

Commented:
no i don't do it yet.

i should do it like following commands:
192.168.1.2 -> IP 1 (i.e eth0:0)
xx.xx.xx.1 is my first public ip which set on eth0:0

iptables -t nat -A PREROUTING -d xx.xx.xx.1 -i eth0:0 \
        -j DNAT --to-destination 192.168.1.2

Open in new window



192.168.1.3 -> IP 2 (i.e eth0:1)
xx.xx.xx.2 is my second public ip which set on eth0:1

iptables -t nat -A PREROUTING -d xx.xx.xx.2 -i eth0:1 \
        -j DNAT --to-destination 192.168.1.3

Open in new window



is it right?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
The two entries are mirrors of each other and should match
Note the example and note the path PREROUTING/POSTROUTING


POSTROUTING 192.168.1.2 -> xx.xx.xx.2 (OUTBOUND) SNAT
PREROUTING xx.xx.xx.xx.2 -> 192.168.1.2 (inbound) DNAT

The PREROUTING deals with mapping the external IP to the Internal IP,

Refer to the snippet I included in the earlier post which includes a description.

For outbound traffic, you have to use the POSTROUTING option and SNAT
iptables -t nat -A POSTROUTING -s 192.168.1.2 -o eth0:1 \
         -j SNAT --to-source XX.XX.XX.2
iptables -t nat -A POSTROUTING -s 192.168.1.3 -o eth0:2 \
         -j SNAT --to-source xx.xx.xx.3

Author

Commented:
pptpd just availabe/listel on primary IP. and users just able connect to pptp server with my primary IP (eth0), how can I make pptp available on other IPs? like eth:0 , eth0:1 and etc.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Why?
You have to configure pptpd to listen on all interfaces, 0.0.0.0.
configure iptables INPUT to pass 1723 traffic.

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Why not use the proxy on the server versus to try and route through the requests?

Author

Commented:
Why not use the proxy on the server versus to try and route through the requests?

because, i don't know how i should do it.

you mean with proxy on server i can route requests?
I don't like destination think visitor using proxy...

Author

Commented:
Why?
You have to configure pptpd to listen on all interfaces, 0.0.0.0.
configure iptables INPUT to pass 1723 traffic.

I changed listen value on /etc/pptpd.conf to 0.0.0.0 and restart pptpd, but it just accept requests which send to my primary IP.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
netstat -an | grep -i LISTEN | grep 1723

You have to make sure your IPTABLES rules allow access from outside (INPUT CHAIN)can you ping any of your other public IPs?  Do you have a web server configuration on each public IP as a test to make sure those are accessible from outside and are not being blocked by iptables or another firewall?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:

You can configure your web server to use the 192.168.x.x 3128 as the proxy.

Author

Commented:
Thanks for you helps.

netstat -an | grep -i LISTEN | grep 1723
tcp        0      0 0.0.0.0:1723                0.0.0.0:*                   LISTEN 

Open in new window


You have to make sure your IPTABLES rules allow access from outside (INPUT CHAIN)
How i should do it? I'm not expert  in linux and need detailed answers...

can you ping any of your other public IPs?
All packets send/receive when I ping all public IPs from external nework.

Do you have a web server configuration on each public IP
yes, httpd listen on *:80 and I create a virtual host on webserver and set dedicate Public IP to it.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Can I still access the system?

Author

Commented:
With last e-mail which i sent to you, it's possible you access to server, now.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
It seems that pptp is listening on all the IPs.

What happens if you change the IP in the PPTP client to which you are connecting?

Not having firewall on when your system is exposed to the net directly is a really bad idea.

Author

Commented:
I don't have any firewalls on my mac os.

in addition and set radiusd in debug mode with "radiusd -X" and on other IPs pptpd don't send request to freeradius but in /var/log/messages pptpd receive user authentication request.

you can test pptpd with following details:
user: testuser
pass: testpass
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
your pptpd.conf does not have the "plugin radius.so" directive which is why it is not communicating using radius.
pptpd records and reports within /var/log/messages the data sent/received during the session.

Author

Commented:
pptpd.conf doesn't have radius.so but it's call /etc/ppp/options.pptpd and options.pptpd contain "plugin radius.so"

you mean i should add it to /etc/pptpd.conf instead of /etc/ppp/options.pptpd ?

so, why with primary IP pptpd communicate to radius but for other IPs no?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
never mind, on the plugin reference

The error for the pptp connections to any IP other than the primary is a result of the GRE failure.i.e. the connection is made to 251 but the outgoing responses are coming from 250.

can you install strace command yum install strace.

this is a command that I could use to check what is happening within pppd when the connection is made to any IP other than the primary.

http://www.faqs.org/docs/Linux-HOWTO/PPP-HOWTO.html#PPP-SERVER

tried to capture traffic data to compare using tcpdump
http://linuxguruz.wordpress.com/2008/12/20/tcpdump-manual/

nothing specific showed up. strace could help


Author

Commented:
I installed strace.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Strange, It worked for connecting a single host to the 151.

But that only worked once.

The source of the request (NAS-IP-Address) is always seen by the radius server as coming from 150.

Do you have a check i.e. limiting the user to a single connection as well as having a state session table?

Author

Commented:
no i don't check yet.

what's solution for it?
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Don't know, not sure why it worked on the first attempt to 151 when prior and subsequent did not.  radacct log does not change NAS-IP-Address.
Not sure.

Author

Commented:
- Arnold
I think here just you can help me exactly.
would you mind read this topic -> http://www.experts-exchange.com/OS/Linux/Q_27475046.html