routing traffic through linux PPTP server
Hello,
I install and configured poptop with freeradius and i can connect to server, but when my connection established i can't browse internet.
my pptp internal ip address is 192.168.1.1.
when i connected to server with pptp client from my Mac I can ping server (192.168.1.1) and from server i can ping client (192.168.1.2)
from server when i pinging experts-exhange.com i'll retrieve their IPs but from client i receive requiest time-out message.
Please, help me if you know how can i fix it
I install and configured poptop with freeradius and i can connect to server, but when my connection established i can't browse internet.
my pptp internal ip address is 192.168.1.1.
when i connected to server with pptp client from my Mac I can ping server (192.168.1.1) and from server i can ping client (192.168.1.2)
from server when i pinging experts-exhange.com i'll retrieve their IPs but from client i receive requiest time-out message.
Please, help me if you know how can i fix it
ASKER
# Blaz
but my "sysctl -p" return following result:
another problem is my ppp0 netmask is 255.255.255.255 instead of 255.255.255.0
i set "netmask 255.255.255.0" on /etc/pptpd.conf
1. enable forwarding of packets:my problem is when i set /proc/sys/net/ipv4/ip_forw
echo 1 > /proc/sys/net/ipv4/ip_forward
but my "sysctl -p" return following result:
sysctl -p
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_forward = 1another problem is my ppp0 netmask is 255.255.255.255 instead of 255.255.255.0
i set "netmask 255.255.255.0" on /etc/pptpd.conf
> my problem is when i set /proc/sys/net/ipv4/ip_forw
As I stated the setting will revert to 0 after reboot. If you have changed the sysctl.conf and run sysctl -p the new value should be 1. What is the value of ip_forward AFTER you run sysctl -p?
> another problem is my ppp0 netmask is 255.255.255.255 instead of 255.255.255.0
> i set "netmask 255.255.255.0" on /etc/pptpd.conf
Do you have a question about this?
As I stated the setting will revert to 0 after reboot. If you have changed the sysctl.conf and run sysctl -p the new value should be 1. What is the value of ip_forward AFTER you run sysctl -p?
> another problem is my ppp0 netmask is 255.255.255.255 instead of 255.255.255.0
> i set "netmask 255.255.255.0" on /etc/pptpd.conf
Do you have a question about this?
ASKER
As I stated the setting will revert to 0 after reboot. If you have changed the sysctl.conf and run sysctl -p the new value should be 1. What is the value of ip_forward AFTER you run sysctl -p?I fixed it /proc/sys/net/ipv4/ip_forw
Do you have a question about this?
my problem is why when i connect to pptp server with pptp client i can't browse internet and just internal network available for me.
ASKER
I don't know why in previous reboot ip_forward not reset to 0 but now it's reset to 0.
but when i run "sysctl -p" i receive following result:
but when i run "sysctl -p" i receive following result:
root@testserver:~# sysctl -p
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_forward = 1
> I fixed it /proc/sys/net/ipv4/ip_forw
Maybe you should just put line: "echo 1 > /proc/sys/net/ipv4/ip_forw
> my problem is why when i connect to pptp server with pptp client i can't browse internet and just internal network available for me.
More questions:
1. Have you (successfully) configured all my points (1-3) of packet forwarding?
2. You wrote "internal network available" does this mean that you can access more than just the poptop server?
3. What is the default gateway on client computers?
Maybe you should just put line: "echo 1 > /proc/sys/net/ipv4/ip_forw
> my problem is why when i connect to pptp server with pptp client i can't browse internet and just internal network available for me.
More questions:
1. Have you (successfully) configured all my points (1-3) of packet forwarding?
2. You wrote "internal network available" does this mean that you can access more than just the poptop server?
3. What is the default gateway on client computers?
ASKER
# Blaz,
after I add those rules which you said in first reply i can connect to server from my mac os and it stop on authenticating till i receive timeout/authentication failed error.
* I have a server which i configured poptop on it.
* I want to connect to my server with PPTP connection and browse internet with server IPs (route all traffic through PPTP Server)
* when i connect to server with my MAC OS for example my ip is 192.168.1.2 which i set this range in /etc/pptpd.conf
and my server ip is 192.168.1.1 (which i set it in pptd.conf file,too)
i have 5 dedicate IP (internet ip) and i want after PPTP connection established i be able to browse internet with one of the server IPs.
after I add those rules which you said in first reply i can connect to server from my mac os and it stop on authenticating till i receive timeout/authentication failed error.
* I have a server which i configured poptop on it.
* I want to connect to my server with PPTP connection and browse internet with server IPs (route all traffic through PPTP Server)
* when i connect to server with my MAC OS for example my ip is 192.168.1.2 which i set this range in /etc/pptpd.conf
and my server ip is 192.168.1.1 (which i set it in pptd.conf file,too)
i have 5 dedicate IP (internet ip) and i want after PPTP connection established i be able to browse internet with one of the server IPs.
@Blaz
My sleep-deprived brain is out of ideas -- https://www.experts-exchange.com/questions/27429174/how-to-edit-files-Linux-Ubuntu-Distr.html
Bed time.
Maybe you should just put line: "echo 1 > /proc/sys/net/ipv4/ip_forwPlease post an update if you end up figuring out why this is supposedly happening.ard" in file /etc/rc.local and solve this issue...
My sleep-deprived brain is out of ideas -- https://www.experts-exchange.com/questions/27429174/how-to-edit-files-Linux-Ubuntu-Distr.html
Bed time.
> after I add those rules which you said in first reply i can connect to server from my mac os and it stop on authenticating till i receive timeout/authentication failed error.
So if I understand correctly the commands made things worse?
I think you should change point 3 to the following command:
iptables -t nat -I POSTROUTING -j MASQUERADE
to:
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
where eth0 is your internet interface on the server.
I would appreciate a more direct answer to my questions since you did not answer them all:
1. Have you (successfully) configured all my points (1-3) of packet forwarding?
2. What is the default gateway on client computers?
So if I understand correctly the commands made things worse?
I think you should change point 3 to the following command:
iptables -t nat -I POSTROUTING -j MASQUERADE
to:
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
where eth0 is your internet interface on the server.
I would appreciate a more direct answer to my questions since you did not answer them all:
1. Have you (successfully) configured all my points (1-3) of packet forwarding?
2. What is the default gateway on client computers?
ASKER
1. Have you (successfully) configured all my points (1-3) of packet forwarding?No, I didn't ad any packet forwarding rules.
I just know i configured poptp with freeradius and freeradius-mysql as well.
because, i can connect to server with users which i added to mysql database.
2. What is the default gateway on client computers?again i wanna saying ppp0's netmast is 255.255.255.252 while i set netmast in /etc/pptpd.conf to 255.255.255.0
> No, I didn't ad any packet forwarding rules.
Well than is good enough reason for not working... May I ask why didn't you configure that?
> my client is standalone Mac and connect directly to internet, after PPTP connection established Default gateway would be PPTP Server.
"Would be" is not good enough. It must be. Did you check your routing table on the client before/after PPTP connection?
> again i wanna saying ppp0's netmast is 255.255.255.252 while i set netmast in /etc/pptpd.conf to 255.255.255.0
This doesn't worry me because if you can communicate and ping the server form the client then the netmasks should be OK.
Well than is good enough reason for not working... May I ask why didn't you configure that?
> my client is standalone Mac and connect directly to internet, after PPTP connection established Default gateway would be PPTP Server.
"Would be" is not good enough. It must be. Did you check your routing table on the client before/after PPTP connection?
> again i wanna saying ppp0's netmast is 255.255.255.252 while i set netmast in /etc/pptpd.conf to 255.255.255.0
This doesn't worry me because if you can communicate and ping the server form the client then the netmasks should be OK.
ASKER
Well than is good enough reason for not working... May I ask why didn't you configure that?
Because, I'm newbie in Linux and after around 1 month research I learned how to work with Ubuntu and how to install pptpd,ppp,freeradius and etc. and I learned how to integrate all of these apps together.
I don't know what exactly i should do know, It's reason of I ask my question here.
"Would be" is not good enough. It must be. Did you check your routing table on the client before/after PPTP connection?I fix my answer: it's MUST be :) I like it,too.
No I don't check routing table, because I don't do it for VPN accounts which i purchase from other companies, So I want to my server be like them. and any person with basic knowledge be able connect to PPTP server.
This doesn't worry me because if you can communicate and ping the server form the client then the netmasks should be OK.I ask it because my Public IPs subnetmask is 255.255.255.0 but ppp netmast is 255.255.255.0
> I don't know what exactly i should do know, It's reason of I ask my question here.
I gave you direct command-line command that you should run. If you don't run those then I can't help you.
After running the commands:
echo 1 > /proc/sys/net/ipv4/ip_forw
iptables -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
(where eth0 in the last command is your internet interface)
please post the output of:
cat /proc/sys/net/ipv4/ip_forw
iptables -L -nvx
iptables -t nat -L -nvx
> No I don't check routing table, because I don't do it for VPN accounts which i purchase from other companies,
> So I want to my server be like them. and any person with basic knowledge be able connect to PPTP server.
I'm not sure that we are on the same page here - other VPN accounts you mentione probably work. Your's does not. That is why you should gather as much information as possible about why it does not work. This has nothing to do with what any person connecting should do. This is making it work in the first place.
> I ask it because my Public IPs subnetmask is 255.255.255.0 but ppp netmast is 255.255.255.0
Public IP netmask is not relevant to ppp netmask.
I gave you direct command-line command that you should run. If you don't run those then I can't help you.
After running the commands:
echo 1 > /proc/sys/net/ipv4/ip_forw
iptables -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
(where eth0 in the last command is your internet interface)
please post the output of:
cat /proc/sys/net/ipv4/ip_forw
iptables -L -nvx
iptables -t nat -L -nvx
> No I don't check routing table, because I don't do it for VPN accounts which i purchase from other companies,
> So I want to my server be like them. and any person with basic knowledge be able connect to PPTP server.
I'm not sure that we are on the same page here - other VPN accounts you mentione probably work. Your's does not. That is why you should gather as much information as possible about why it does not work. This has nothing to do with what any person connecting should do. This is making it work in the first place.
> I ask it because my Public IPs subnetmask is 255.255.255.0 but ppp netmast is 255.255.255.0
Public IP netmask is not relevant to ppp netmask.
ASKER
Thanks for you answers Blaz,
cat /proc/sys/net/ipv4/ip_forw
iptables -L -nvx
iptables -t nat -L -nvx
cat /proc/sys/net/ipv4/ip_forw
1iptables -L -nvx
Chain INPUT (policy ACCEPT 59702 packets, 7182698 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 156 packets, 12771 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 57184 packets, 6422793 bytes)
pkts bytes target prot opt in out source destination iptables -t nat -L -nvx
Chain PREROUTING (policy ACCEPT 9188 packets, 993663 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 412 packets, 72035 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 240 packets, 15095 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 305 packets, 20379 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
OK. The commands seem to work.
Can you verify that eth0 is your internet interface?
Does it work now?
Can you verify that eth0 is your internet interface?
Does it work now?
ASKER
it's not work,
i connected but after 10 second i disconnect from server (I testing it on MAC OS Snow Leopard)
root@testserver:~# tail -f /var/log/syslog | grep pp*
i connected but after 10 second i disconnect from server (I testing it on MAC OS Snow Leopard)
root@testserver:~# tail -f /var/log/syslog | grep pp*
Nov 3 06:22:38 uss01 pptpd[5594]: MGR: Launching /usr/sbin/pptpctrl to handle client
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: local address = 192.168.120.1
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: remote address = 192.168.120.2
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: pppd options file = /etc/ppp/pptpd-options
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Client 109.110.168.240 control connection started
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 1)
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Made a START CTRL CONN RPLY packet
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: I wrote 156 bytes to the client.
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Sent packet to client
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 7)
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Set parameters to 100000000 maxbps, 64 window size
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Made a OUT CALL RPLY packet
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Starting call (launching pppd, opening GRE)
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: pty_fd = 6
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: tty_fd = 7
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: I wrote 32 bytes to the client.
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Sent packet to client
Nov 3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
Nov 3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): local address = 192.168.120.1
Nov 3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): remote address = 192.168.120.2
Nov 3 06:22:38 uss01 pppd[5595]: Plugin radius.so loaded.
Nov 3 06:22:38 uss01 pppd[5595]: RADIUS plugin initialized.
Nov 3 06:22:38 uss01 pppd[5595]: Plugin radius.so loaded.
Nov 3 06:22:38 uss01 pppd[5595]: RADIUS plugin initialized.
Nov 3 06:22:38 uss01 pppd[5595]: Plugin radattr.so loaded.
Nov 3 06:22:38 uss01 pppd[5595]: RADATTR plugin initialized.
Nov 3 06:22:38 uss01 pppd[5595]: pppd 2.4.5 started by root, uid 0
Nov 3 06:22:38 uss01 pppd[5595]: using channel 4
Nov 3 06:22:38 uss01 pppd[5595]: Using interface ppp0
Nov 3 06:22:38 uss01 pppd[5595]: Connect: ppp0 <--> /dev/pts/1
Nov 3 06:22:38 uss01 pppd[5595]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5ff5ff8b> <pcomp> <accomp>]
Nov 3 06:22:38 uss01 pptpd[5594]: GRE: Bad checksum from pppd.
Nov 3 06:22:38 uss01 pptpd[5594]: MGR: Launching /usr/sbin/pptpctrl to handle client
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: local address = 192.168.120.1
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: remote address = 192.168.120.2
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: pppd options file = /etc/ppp/pptpd-options
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Client 109.110.168.240 control connection started
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 1)
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Made a START CTRL CONN RPLY packet
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: I wrote 156 bytes to the client.
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Sent packet to client
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 7)
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Set parameters to 100000000 maxbps, 64 window size
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Made a OUT CALL RPLY packet
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Starting call (launching pppd, opening GRE)
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: pty_fd = 6
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: tty_fd = 7
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: I wrote 32 bytes to the client.
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Sent packet to client
Nov 3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
Nov 3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): local address = 192.168.120.1
Nov 3 06:22:38 uss01 pptpd[5595]: CTRL (PPPD Launcher): remote address = 192.168.120.2
Nov 3 06:22:38 uss01 pptpd[5594]: GRE: Bad checksum from pppd.
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 15)
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Nov 3 06:22:38 uss01 pptpd[5594]: GRE: accepting packet #1
Nov 3 06:22:38 uss01 pptpd[5594]: GRE: accepting packet #2
Nov 3 06:22:38 uss01 pppd[5595]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x16f7a9b2> <pcomp> <accomp>]
Nov 3 06:22:38 uss01 pppd[5595]: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x16f7a9b2> <pcomp> <accomp>]
Nov 3 06:22:38 uss01 pppd[5595]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5ff5ff8b> <pcomp> <accomp>]
Nov 3 06:22:38 uss01 pppd[5595]: sent [LCP EchoReq id=0x0 magic=0x5ff5ff8b]
Nov 3 06:22:38 uss01 pppd[5595]: sent [CHAP Challenge id=0x46 <e58e4c0f9ab8f8c54ec3cb01ad73dfa8>, name = "pptpd"]
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #3
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #4
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #5
Nov 3 06:22:39 uss01 pppd[5595]: rcvd [LCP EchoReq id=0x0 magic=0x16f7a9b2]
Nov 3 06:22:39 uss01 pppd[5595]: sent [LCP EchoRep id=0x0 magic=0x5ff5ff8b]
Nov 3 06:22:39 uss01 pppd[5595]: rcvd [LCP EchoRep id=0x0 magic=0x16f7a9b2]
Nov 3 06:22:39 uss01 pppd[5595]: rcvd [CHAP Response id=0x46 <6ba09c60ca1c3de3fe2acffb96c7ce6d00000000000000001f68b375e17ddac15a5c1bde5800e364162ada424c0bae4d00>, name = "1216m0628001"]
Nov 3 06:22:39 uss01 pppd[5595]: RADATTR plugin wrote 6 line(s) to file /var/run/radattr.ppp0.
Nov 3 06:22:39 uss01 pppd[5595]: sent [CHAP Success id=0x46 "S=B633EEEEC27DA838C147EFC8155ECEE852AD4645"]
Nov 3 06:22:39 uss01 pppd[5595]: sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #6
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #7
Nov 3 06:22:39 uss01 pppd[5595]: rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Nov 3 06:22:39 uss01 pppd[5595]: sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Nov 3 06:22:39 uss01 pppd[5595]: rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Nov 3 06:22:39 uss01 pppd[5595]: MPPE 128-bit stateless compression enabled
Nov 3 06:22:39 uss01 pppd[5595]: sent [IPCP ConfReq id=0x1 <addr 192.168.120.1>]
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Received PPTP Control Message (type: 15)
Nov 3 06:22:38 uss01 pptpd[5594]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Nov 3 06:22:38 uss01 pptpd[5594]: GRE: accepting packet #1
Nov 3 06:22:38 uss01 pptpd[5594]: GRE: accepting packet #2
Nov 3 06:22:38 uss01 pppd[5595]: sent [CHAP Challenge id=0x46 <e58e4c0f9ab8f8c54ec3cb01ad73dfa8>, name = "pptpd"]
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #3
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #4
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #5
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #6
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: accepting packet #7
Nov 3 06:22:39 uss01 acpid: client 5589[0:0] has disconnected
Nov 3 06:22:39 uss01 acpid: client connected from 5630[0:0]
Nov 3 06:22:39 uss01 acpid: 1 client rule loaded
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: buffering packet #9 (expecting #8, lost or reordered)
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: buffering packet #10 (expecting #8, lost or reordered)
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: buffering packet #9 (expecting #8, lost or reordered)
Nov 3 06:22:39 uss01 pptpd[5594]: GRE: buffering packet #10 (expecting #8, lost or reordered)
Nov 3 06:22:42 uss01 pppd[5595]: sent [IPCP ConfReq id=0x1 <addr 192.168.120.1>]
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: timeout waiting for 1 packets
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: accepting #9 from queue
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: accepting #10 from queue
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #11
Nov 3 06:22:42 uss01 pppd[5595]: rcvd [IPV6CP ConfReq id=0x1 <addr fe80::cabc:c8ff:fea4:6bf4>]
Nov 3 06:22:42 uss01 pppd[5595]: Unsupported protocol 'IPv6 Control Protovol' (0x8057) received
Nov 3 06:22:42 uss01 pppd[5595]: sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a ca bc c8 ff fe a4 6b f4]
Nov 3 06:22:42 uss01 pppd[5595]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.120.1>]
Nov 3 06:22:42 uss01 pppd[5595]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.120.1>]
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #12
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #13
Nov 3 06:22:42 uss01 pppd[5595]: rcvd [IPCP ConfReq id=0x1 <addr 192.168.120.2> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
Nov 3 06:22:42 uss01 pppd[5595]: sent [IPCP ConfNak id=0x1 <ms-dns1 66.96.80.194> <ms-dns2 66.96.80.43>]
Nov 3 06:22:42 uss01 pppd[5595]: rcvd [IPV6CP ConfReq id=0x1 <addr fe80::cabc:c8ff:fea4:6bf4>]
Nov 3 06:22:42 uss01 pppd[5595]: Unsupported protocol 'IPv6 Control Protovol' (0x8057) received
Nov 3 06:22:42 uss01 pppd[5595]: sent [LCP ProtRej id=0x3 80 57 01 01 00 0e 01 0a ca bc c8 ff fe a4 6b f4]
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: accepting packet #14
Nov 3 06:22:43 uss01 pppd[5595]: rcvd [IPCP ConfReq id=0x2 <addr 192.168.120.2> <ms-dns1 66.96.80.194> <ms-dns2 66.96.80.43>]
Nov 3 06:22:43 uss01 pppd[5595]: sent [IPCP ConfAck id=0x2 <addr 192.168.120.2> <ms-dns1 66.96.80.194> <ms-dns2 66.96.80.43>]
Nov 3 06:22:43 uss01 pppd[5595]: Cannot determine ethernet address for proxy ARP
Nov 3 06:22:43 uss01 pppd[5595]: local IP address 192.168.120.1
Nov 3 06:22:43 uss01 pppd[5595]: remote IP address 192.168.120.2
Nov 3 06:22:43 uss01 pppd[5595]: Script /etc/ppp/ip-up started (pid 5632)
Nov 3 06:22:43 uss01 slapd[3473]: connection_read(25): no connection!
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: timeout waiting for 1 packets
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: accepting #9 from queue
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: accepting #10 from queue
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #11
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #12
Nov 3 06:22:42 uss01 pptpd[5594]: GRE: accepting packet #13
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: accepting packet #14
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #17 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 slapd[3473]: last message repeated 3 times
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #17 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #18 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #19 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #20 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #21 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #22 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #23 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #24 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #25 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #26 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #27 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #28 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #29 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #30 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #31 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #32 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #33 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #34 (expecting #15, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: timeout waiting for 2 packets
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #17 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #18 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #19 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #20 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #21 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #22 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #23 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #24 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #25 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #26 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #27 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #28 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #29 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #30 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #31 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #32 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #33 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #34 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #35
Nov 3 06:22:44 uss01 slapd[3473]: connection_read(25): no connection!
Nov 3 06:22:44 uss01 slapd[3473]: last message repeated 3 times
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #36
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #37
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #38
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #39
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #40
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #41
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #43 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #44 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #45 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #46 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #47 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #48 (expecting #42, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #18 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #19 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #20 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #21 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #22 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #23 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #24 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #25 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #26 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #27 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #28 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #29 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #30 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #31 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #32 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #33 (expecting #15, lost or reordered)
Nov 3 06:22:43 uss01 pptpd[5594]: GRE: buffering packet #34 (expecting #15, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: timeout waiting for 2 packets
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #17 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #18 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #19 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #20 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #21 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #22 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #23 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #24 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #25 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #26 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #27 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #28 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #29 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #30 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #31 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #32 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #33 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #34 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #35
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #36
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #37
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #38
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #39
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #40
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting packet #41
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #43 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #44 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #45 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #46 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #47 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #48 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #49 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #50 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #51 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #52 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #53 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #54 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #55 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #56 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #57 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #58 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #59 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #60 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #61 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #62 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #63 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 slapd[3473]: connection_read(25): no connection!
Nov 3 06:22:44 uss01 slapd[3473]: last message repeated 3 times
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: timeout waiting for 1 packets
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #43 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #44 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #45 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #46 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #47 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #48 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #49 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #50 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #51 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #52 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #53 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #54 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #55 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #56 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #57 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #58 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #59 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #60 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #61 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #62 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #63 from queue
Nov 3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #64
Nov 3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #65
Nov 3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #66
Nov 3 06:22:45 uss01 slapd[3473]: connection_read(25): no connection!
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #49 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #50 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #51 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #52 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #53 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #54 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #55 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #56 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #57 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #58 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #59 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #60 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #61 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #62 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: buffering packet #63 (expecting #42, lost or reordered)
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: timeout waiting for 1 packets
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #43 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #44 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #45 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #46 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #47 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #48 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #49 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #50 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #51 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #52 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #53 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #54 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #55 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #56 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #57 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #58 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #59 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #60 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #61 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #62 from queue
Nov 3 06:22:44 uss01 pptpd[5594]: GRE: accepting #63 from queue
Nov 3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #64
Nov 3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #65
Nov 3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #66
Nov 3 06:22:45 uss01 slapd[3473]: last message repeated 3 times
Nov 3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #67
Nov 3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #68
Nov 3 06:22:46 uss01 slapd[3473]: connection_read(25): no connection!
Nov 3 06:22:46 uss01 slapd[3473]: last message repeated 3 times
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #69
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #70
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #71
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #72
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #73
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #74
Nov 3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #67
Nov 3 06:22:45 uss01 pptpd[5594]: GRE: accepting packet #68
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #69
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #70
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #71
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #72
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #73
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #74
Nov 3 06:22:46 uss01 slapd[3473]: connection_read(25): no connection!
Nov 3 06:22:46 uss01 slapd[3473]: last message repeated 3 times
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #75
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #76
Nov 3 06:22:47 uss01 pppd[5595]: Script /etc/ppp/ip-up finished (pid 5632), status = 0x0
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #75
Nov 3 06:22:46 uss01 pptpd[5594]: GRE: accepting packet #76
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #77
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #78
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #79
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #80
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #81
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #82
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #83
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #84
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #85
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #86
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #87
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #88
Nov 3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #89
Nov 3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #90
Nov 3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #91
Nov 3 06:22:48 uss01 pptpd[5594]: GRE: read(fd=7,buffer=6095a0,len=8260) from network failed: status = -1 error = Message too long
Nov 3 06:22:48 uss01 pptpd[5594]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
Nov 3 06:22:48 uss01 pptpd[5594]: CTRL: Reaping child PPP[5595]
Nov 3 06:22:48 uss01 pppd[5595]: Modem hangup
Nov 3 06:22:48 uss01 pppd[5595]: Connect time 0.1 minutes.
Nov 3 06:22:48 uss01 pppd[5595]: Sent 7741 bytes, received 6020 bytes.
Nov 3 06:22:48 uss01 pppd[5595]: Script /etc/ppp/ip-down started (pid 5681)
Nov 3 06:22:48 uss01 pppd[5595]: MPPE disabled
Nov 3 06:22:48 uss01 pppd[5595]: sent [LCP TermReq id=0x4 "MPPE disabled"]
Nov 3 06:22:48 uss01 pppd[5595]: Connection terminated.
Nov 3 06:22:48 uss01 pppd[5595]: Waiting for 1 child processes...
Nov 3 06:22:48 uss01 pppd[5595]: script /etc/ppp/ip-down, pid 5681
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #77
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #78
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #79
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #80
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #81
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #82
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #83
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #84
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #85
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #86
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #87
Nov 3 06:22:47 uss01 pptpd[5594]: GRE: accepting packet #88
Nov 3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #89
Nov 3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #90
Nov 3 06:22:48 uss01 pptpd[5594]: GRE: accepting packet #91
Nov 3 06:22:48 uss01 pptpd[5594]: GRE: read(fd=7,buffer=6095a0,len=8260) from network failed: status = -1 error = Message too long
Nov 3 06:22:48 uss01 pptpd[5594]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
Nov 3 06:22:48 uss01 pptpd[5594]: CTRL: Reaping child PPP[5595]
Nov 3 06:22:48 uss01 slapd[3473]: connection_read(25): no connection!
Nov 3 06:22:48 uss01 slapd[3473]: last message repeated 3 times
Nov 3 06:22:48 uss01 pppd[5595]: Script /etc/ppp/ip-down finished (pid 5681), status = 0x0
Nov 3 06:22:48 uss01 pppd[5595]: RADATTR plugin removed file /var/run/radattr.ppp0.
Nov 3 06:22:48 uss01 pppd[5595]: Exit.
Nov 3 06:22:48 uss01 pptpd[5594]: CTRL: Client 109.110.168.240 control connection finished
Nov 3 06:22:48 uss01 pptpd[5594]: CTRL: Exiting now
Nov 3 06:22:48 uss01 pptpd[2083]: MGR: Reaped child 5594
Nov 3 06:22:48 uss01 pptpd[5594]: CTRL: Client 109.110.168.240 control connection finished
Nov 3 06:22:48 uss01 pptpd[5594]: CTRL: Exiting now
Nov 3 06:22:48 uss01 pptpd[2083]: MGR: Reaped child 5594
Just to make sure - did you successfully authenticate before you started to write the commands I posted or not?
ASKER
Yes, before that command I connect but didn't be able to browse any site. after i add iptables rules i connected and after 10-20 sec disconnect.
ASKER
Do you know why it's occur?
What is your network diagram on this server computer:
- what network interfaces does it have
- to what interface do you connect with clients
- what interface is the gateway to internet
- what network interfaces does it have
- to what interface do you connect with clients
- what interface is the gateway to internet
ASKER
Blaz,
I trying to install centos and will contact you after configuration.
just in /etc/sysctl.conf "net.ipv4.conf.default.acc
I trying to install centos and will contact you after configuration.
just in /etc/sysctl.conf "net.ipv4.conf.default.acc
ASKER
Ok, I installed ClearOS based on CentOS 5.
and add following command on /etc/rc.d/rc.local.firewal
and change sysctl ipv4_forwarding to 1.
but again i can't surf internet after i connect to pptp server.
Blaz, on each post you ask new question, i think it's possible you ask all of them in one post.
1. my server have eth0 with 6 ips.
2. ???
3. eth0 is my internet gateway on server and i want to my client (ppp0) use eth0 for browsing internet.
and add following command on /etc/rc.d/rc.local.firewal
iptables -t filter -I FORWARD -i pptp+ -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADEand change sysctl ipv4_forwarding to 1.
but again i can't surf internet after i connect to pptp server.
Blaz, on each post you ask new question, i think it's possible you ask all of them in one post.
1. my server have eth0 with 6 ips.
2. ???
3. eth0 is my internet gateway on server and i want to my client (ppp0) use eth0 for browsing internet.
> just in /etc/sysctl.conf "net.ipv4.conf.default.acc
No, 0 is fine - this is for source routing which you do not need.
> eth0 is my internet gateway on server and i want to my client (ppp0) use eth0 for browsing internet.
You then probably connect (establish ppp tunnel) to the server through eth0?
> Blaz, on each post you ask new question, i think it's possible you ask all of them in one post.
This is not possible because answers to some questions open other questions. Additionally we are trying to fix your problem and we both do not know yet where the problem lies, so additional questions are necessary. If you wish, however I might not ask any more questions...
No, 0 is fine - this is for source routing which you do not need.
> eth0 is my internet gateway on server and i want to my client (ppp0) use eth0 for browsing internet.
You then probably connect (establish ppp tunnel) to the server through eth0?
> Blaz, on each post you ask new question, i think it's possible you ask all of them in one post.
This is not possible because answers to some questions open other questions. Additionally we are trying to fix your problem and we both do not know yet where the problem lies, so additional questions are necessary. If you wish, however I might not ask any more questions...
ASKER
- Blaz,
thanks for you assistant.
can i take your time for 1 hour here for fix this problem.
I send some results here, Actually i'm angry with these problems. one month i researching for fix this problem and find best solution.
iptables -L -nvx
iptables -t nat -L -nvx
thanks for you assistant.
can i take your time for 1 hour here for fix this problem.
I send some results here, Actually i'm angry with these problems. one month i researching for fix this problem and find best solution.
iptables -L -nvx
[root@uss01 ~]# iptables -L -nvx
Chain INPUT (policy DROP 249 packets, 66399 bytes)
pkts bytes target prot opt in out source destination
11 702 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 DROP all -- eth0 * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- eth0 * 169.254.0.0/16 0.0.0.0/0
53 7188 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
12 348 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 8
6 702 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
89 7645 ACCEPT tcp -- * * 0.0.0.0/0 206.51.40.15 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 206.51.40.15 tcp dpt:81
0 0 ACCEPT tcp -- * * 0.0.0.0/0 206.51.40.15 tcp dpt:1875
555 60171 ACCEPT 47 -- * * 0.0.0.0/0 206.51.40.15
24 1896 ACCEPT tcp -- * * 0.0.0.0/0 206.51.40.15 tcp dpt:1723
6 422 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 528 packets, 48209 bytes)
pkts bytes target prot opt in out source destination
283 20096 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
227 16839 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
62 7656 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
12 348 ACCEPT icmp -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
68 22180 ACCEPT tcp -- * eth0 206.51.40.15 0.0.0.0/0 tcp spt:22
9 764 ACCEPT tcp -- * eth0 206.51.40.15 0.0.0.0/0 tcp spt:81
0 0 ACCEPT tcp -- * eth0 206.51.40.15 0.0.0.0/0 tcp spt:1875
176 6568 ACCEPT 47 -- * eth0 206.51.40.15 0.0.0.0/0
18 1328 ACCEPT tcp -- * eth0 206.51.40.15 0.0.0.0/0 tcp spt:1723
6 422 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain drop-lan (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
[root@uss01 ~]# iptables -t nat -L -nvx
[root@uss01 ~]# iptables -t nat -L -nvx
Chain PREROUTING (policy ACCEPT 552852 packets, 64519034 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 431 packets, 25860 bytes)
pkts bytes target prot opt in out source destination
78 4828 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
69 5063 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 3917 packets, 181307 bytes)
pkts bytes target prot opt in out source destination
[root@uss01 ~]#
What are this posted iptables rule? Previously you posted a different set of rules...
Some thoughts (on this rules):
1. Some packets on INPUT chain and som on FORWARD chain get DROPped (you can see that by the number of packets affected by the default DROP chain policy). It would be wise to know what they are - add a logging rule as the last rule in the input (forward) chain:
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
Then you can inspect /var/log/messages log for dropped packets and their properties. Check what (if any) packets get added to the LOG when you try to establish the ppp tunnel (and later on surf the internet) from the client.
2. You have currently two MASQUERADing rules in POSTROUTING chain. Perhaps delete both and add a new rule as follows (specify the source IP range):
iptables -t nat -F POSTROUTING
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
Some thoughts (on this rules):
1. Some packets on INPUT chain and som on FORWARD chain get DROPped (you can see that by the number of packets affected by the default DROP chain policy). It would be wise to know what they are - add a logging rule as the last rule in the input (forward) chain:
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
Then you can inspect /var/log/messages log for dropped packets and their properties. Check what (if any) packets get added to the LOG when you try to establish the ppp tunnel (and later on surf the internet) from the client.
2. You have currently two MASQUERADing rules in POSTROUTING chain. Perhaps delete both and add a new rule as follows (specify the source IP range):
iptables -t nat -F POSTROUTING
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
ASKER
as i said in previous post I reinstall Linux (ClearOS Distr.) based on CentOS
ASKER
- Blaz
how can i remove current iptables rules?
i just know iptables --flush which remove all rules.
how can i remove current iptables rules?
i just know iptables --flush which remove all rules.
ASKER
Nov 6 14:59:29 uss01 kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:90:3d:a0:72:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=556
Nov 6 14:59:32 uss01 kernel: IN=eth0 OUT=pptp0 SRC=216.146.35.35 DST=192.168.120.127 LEN=68 TOS=0x00 PREC=0x00 TTL=53 ID=16677 PROTO=UDP SPT=53 DPT=56511 LEN=48
Nov 6 14:59:33 uss01 kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:4d:2a:86:5d:08:00 SRC=66.232.114.228 DST=255.255.255.255 LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=32254 PROTO=UDP SPT=17500 DPT=17500 LEN=127
Nov 6 14:59:35 uss01 kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:14:2a:ab:4b:4a:08:00 SRC=66.232.112.50 DST=255.255.255.255 LEN=187 TOS=0x00 PREC=0x00 TTL=64 ID=23865 PROTO=UDP SPT=17500 DPT=17500 LEN=167
Nov 6 14:59:36 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=64549 LEN=58
Nov 6 14:59:36 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=63967 LEN=58
Nov 6 14:59:37 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=64549 LEN=58
Nov 6 14:59:37 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=63967 LEN=58
Nov 6 14:59:37 uss01 kernel: IN=eth0 OUT=pptp0 SRC=216.146.35.35 DST=192.168.120.127 LEN=68 TOS=0x00 PREC=0x00 TTL=53 ID=20762 PROTO=UDP SPT=53 DPT=56511 LEN=48
Nov 6 14:59:40 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=64549 LEN=58
Nov 6 14:59:40 uss01 kernel: IN=eth0 OUT=pptp0 SRC=66.96.80.194 DST=192.168.120.127 LEN=78 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=63967 LEN=58
Nov 6 14:59:42 uss01 kernel: IN=eth0 OUT=pptp0 SRC=216.146.35.35 DST=192.168.120.127 LEN=68 TOS=0x00 PREC=0x00 TTL=53 ID=25276 PROTO=UDP SPT=53 DPT=56511 LEN=48
Nov 6 14:59:42 uss01 kernel: IN=eth0 OUT=pptp0 SRC=74.125.229.116 DST=192.168.120.127 LEN=48 TOS=0x00 PREC=0x00 TTL=56 ID=16482 PROTO=TCP SPT=443 DPT=52619 WINDOW=5720 RES=0x00 ACK SYN URGP=0
Nov 6 14:59:43 uss01 kernel: IN=eth0 OUT=pptp0 SRC=74.125.229.116 DST=192.168.120.127 LEN=48 TOS=0x00 PREC=0x00 TTL=56 ID=16482 PROTO=TCP SPT=443 DPT=52619 WINDOW=5720 RES=0x00 ACK SYN URGP=0
Nov 6 14:59:43 uss01 kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:24:1d:53:f3:b4:08:00 SRC=66.232.100.107 DST=255.255.255.255 LEN=139 TOS=0x00 PREC=0x00 TTL=128 ID=31520 PROTO=UDP SPT=17500 DPT=17500 LEN=119
Nov 6 14:59:43 uss01 kernel: IN=eth0 OUT=pptp0 SRC=74.125.229.116 DST=192.168.120.127 LEN=48 TOS=0x00 PREC=0x00 TTL=56 ID=16482 PROTO=TCP SPT=443 DPT=52619 WINDOW=5720 RES=0x00 ACK SYN URGP=0 ASKER
ifconfig show following details for PPTP:
pptp0 Link encap:Point-to-Point Protocol
inet addr:192.168.120.1 P-t-P:192.168.120.127 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:326 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:23304 (22.7 KiB) TX bytes:90 (90.0 b)ASKER
New problem occur for me,
I found a problem and change from standalone mode to "standalone - no firewall",
currently i connect to server but disconnect automatically after 10 sec
I found a problem and change from standalone mode to "standalone - no firewall",
currently i connect to server but disconnect automatically after 10 sec
Nov 6 14:59:32 uss01 kernel: IN=eth0 OUT=pptp0 SRC=216.146.35.35 DST=192.168.120.127 LEN=68 TOS=0x00 PREC=0x00 TTL=53 ID=16677 PROTO=UDP SPT=53 DPT=56511 LEN=48
OK. I believe I found some problems with your current setup although in previous install (previous set of iptables rules) this should not happen.
You are currently not permitting the return traffic from internet to your client. Actually this is very good news since it seems that your client successfully connected to the internet (but then it did not receive any response to the DNS queries).
So to fix this you should add one more rule:
iptables -I FORWARD -m state --state ESTABLISHED -j ACCEPT
OK. I believe I found some problems with your current setup although in previous install (previous set of iptables rules) this should not happen.
You are currently not permitting the return traffic from internet to your client. Actually this is very good news since it seems that your client successfully connected to the internet (but then it did not receive any response to the DNS queries).
So to fix this you should add one more rule:
iptables -I FORWARD -m state --state ESTABLISHED -j ACCEPT
ASKER
It's not work.
* when i flush iptables and add "iptables -I FORWARD -m state --state ESTABLISHED -j ACCEPT" it's not work.
* when i load iptables rules and add "iptables -I FORWARD -m state --state ESTABLISHED -j ACCEPT" it's not work again.
* when i add "iptables -I FORWARD -j ACCEPT" and "iptables -t nat -I POSTROUTING -j MASQUERADE" it's work but first send/receive make me disconnect from server.
* when i flush iptables and add "iptables -I FORWARD -m state --state ESTABLISHED -j ACCEPT" it's not work.
* when i load iptables rules and add "iptables -I FORWARD -m state --state ESTABLISHED -j ACCEPT" it's not work again.
* when i add "iptables -I FORWARD -j ACCEPT" and "iptables -t nat -I POSTROUTING -j MASQUERADE" it's work but first send/receive make me disconnect from server.
I thought you would add the rule on existing rules. Please add additional rule (just for testing):
iptables -I INPUT -j ACCEPT
This will accept all incoming traffic including (hopefully) the credentials. So you should have (at least) the rules:
iptables -I FORWARD -j ACCEPT
iptables -I INPUT -j ACCEPT
iptables -I OUTPUT -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.120.0/24 -o eth0 -j MASQUERADE
and of course:
echo 1 > /proc/sys/net/ipv4/ip_forw
This rules should make sure that your firewall doesn't drop any packets. If this works we can work from there to further limit the firewall.
iptables -I INPUT -j ACCEPT
This will accept all incoming traffic including (hopefully) the credentials. So you should have (at least) the rules:
iptables -I FORWARD -j ACCEPT
iptables -I INPUT -j ACCEPT
iptables -I OUTPUT -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.120.0/24 -o eth0 -j MASQUERADE
and of course:
echo 1 > /proc/sys/net/ipv4/ip_forw
This rules should make sure that your firewall doesn't drop any packets. If this works we can work from there to further limit the firewall.
iptables -L --line-numbers will list the rules and their line numbers.
Make sure to note the Chain they are in
iptables -D <CHAIN> <rule_number>
The above is how to delete the rules or you can use the /etc/sysconfig/iptables turn off iptables and remove the lines you do not want and reenable iptables (caution should be used if the system is directly on the internet).
When your PPTP client connects, look at the netstat -rn data to see what the existing.
I'll have to look, but you may have to make sure that your PPTPD.conf is allocating a separate VPN IP not the same as the one on the current LAN.
Then the PPTP client IP needs to be NAted before it goes out this is how the response finds its way back.
Make sure to note the Chain they are in
iptables -D <CHAIN> <rule_number>
The above is how to delete the rules or you can use the /etc/sysconfig/iptables turn off iptables and remove the lines you do not want and reenable iptables (caution should be used if the system is directly on the internet).
When your PPTP client connects, look at the netstat -rn data to see what the existing.
I'll have to look, but you may have to make sure that your PPTPD.conf is allocating a separate VPN IP not the same as the one on the current LAN.
Then the PPTP client IP needs to be NAted before it goes out this is how the response finds its way back.
ASKER
- Arnold
Thanks for your assistant.
would you mind check your e-mail.
Thanks for your assistant.
would you mind check your e-mail.
ASKER
I test pptp server with windows and it's work and can browse internet with primary ip of my server eth0
i have 5 additional ip on this server (eth0:0 adn eth0:1 and etc.) i want each time users using different ips.
how can i do it?
and my problem is why with mac os i disconnect from internet?
i have 5 additional ip on this server (eth0:0 adn eth0:1 and etc.) i want each time users using different ips.
how can i do it?
and my problem is why with mac os i disconnect from internet?
you have to configure iptables to map the VPN assigned IP to appear as though it is originating from a different public IP.
http://www.unix.com/unix-dummies-questions-answers/150122-iptables-change-source-ip.html
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
here is the snippet from the above relavent to your question
replace the 97.158.253.26 with the public IP you have.
Note you may have to change -i eth0 to -i eth0:1
http://www.unix.com/unix-dummies-questions-answers/150122-iptables-change-source-ip.html
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
here is the snippet from the above relavent to your question
replace the 97.158.253.26 with the public IP you have.
Note you may have to change -i eth0 to -i eth0:1
# PREROUTING statements for 1:1 NAT
# (Connections originating from the Internet)
iptables -t nat -A PREROUTING -d 97.158.253.26 -i eth0 \
-j DNAT --to-destination 192.168.1.100
# POSTROUTING statements for 1:1 NAT
# (Connections originating from the home network servers)
iptables -t nat -A POSTROUTING -s 192.168.1.100 -o eth0 \
-j SNAT --to-source 97.158.253.26ASKER
you mean i should set a public ip for each range of my private pptp network?
for example 192.168.1.0/24 -> eth0 and 192.168.2.0/24 -> eth0:1 and etc.
right?
for example 192.168.1.0/24 -> eth0 and 192.168.2.0/24 -> eth0:1 and etc.
right?
This is how you handle the mapping of an internal IP to appear as it originates from a public IP. Without this, the traffic will always appear as originating from the Primary Public IP which is often the first routeable IP of the block
Are you doing segment dependant origination or IP based?
192.168.1.2 -> IP1
192.168.1.3 -> IP2
Are you doing segment dependant origination or IP based?
192.168.1.2 -> IP1
192.168.1.3 -> IP2
ASKER
no i don't do it yet.
i should do it like following commands:
192.168.1.2 -> IP 1 (i.e eth0:0)
xx.xx.xx.1 is my first public ip which set on eth0:0
192.168.1.3 -> IP 2 (i.e eth0:1)
xx.xx.xx.2 is my second public ip which set on eth0:1
is it right?
i should do it like following commands:
192.168.1.2 -> IP 1 (i.e eth0:0)
xx.xx.xx.1 is my first public ip which set on eth0:0
iptables -t nat -A PREROUTING -d xx.xx.xx.1 -i eth0:0 \
-j DNAT --to-destination 192.168.1.2192.168.1.3 -> IP 2 (i.e eth0:1)
xx.xx.xx.2 is my second public ip which set on eth0:1
iptables -t nat -A PREROUTING -d xx.xx.xx.2 -i eth0:1 \
-j DNAT --to-destination 192.168.1.3is it right?
The two entries are mirrors of each other and should match
Note the example and note the path PREROUTING/POSTROUTING
POSTROUTING 192.168.1.2 -> xx.xx.xx.2 (OUTBOUND) SNAT
PREROUTING xx.xx.xx.xx.2 -> 192.168.1.2 (inbound) DNAT
The PREROUTING deals with mapping the external IP to the Internal IP,
Refer to the snippet I included in the earlier post which includes a description.
For outbound traffic, you have to use the POSTROUTING option and SNAT
iptables -t nat -A POSTROUTING -s 192.168.1.2 -o eth0:1 \
-j SNAT --to-source XX.XX.XX.2
iptables -t nat -A POSTROUTING -s 192.168.1.3 -o eth0:2 \
-j SNAT --to-source xx.xx.xx.3
Note the example and note the path PREROUTING/POSTROUTING
POSTROUTING 192.168.1.2 -> xx.xx.xx.2 (OUTBOUND) SNAT
PREROUTING xx.xx.xx.xx.2 -> 192.168.1.2 (inbound) DNAT
The PREROUTING deals with mapping the external IP to the Internal IP,
Refer to the snippet I included in the earlier post which includes a description.
For outbound traffic, you have to use the POSTROUTING option and SNAT
iptables -t nat -A POSTROUTING -s 192.168.1.2 -o eth0:1 \
-j SNAT --to-source XX.XX.XX.2
iptables -t nat -A POSTROUTING -s 192.168.1.3 -o eth0:2 \
-j SNAT --to-source xx.xx.xx.3
ASKER
pptpd just availabe/listel on primary IP. and users just able connect to pptp server with my primary IP (eth0), how can I make pptp available on other IPs? like eth:0 , eth0:1 and etc.
Why?
You have to configure pptpd to listen on all interfaces, 0.0.0.0.
configure iptables INPUT to pass 1723 traffic.
You have to configure pptpd to listen on all interfaces, 0.0.0.0.
configure iptables INPUT to pass 1723 traffic.
Why not use the proxy on the server versus to try and route through the requests?
ASKER
Why not use the proxy on the server versus to try and route through the requests?
because, i don't know how i should do it.
you mean with proxy on server i can route requests?
I don't like destination think visitor using proxy...
ASKER
Why?
You have to configure pptpd to listen on all interfaces, 0.0.0.0.
configure iptables INPUT to pass 1723 traffic.
I changed listen value on /etc/pptpd.conf to 0.0.0.0 and restart pptpd, but it just accept requests which send to my primary IP.
netstat -an | grep -i LISTEN | grep 1723
You have to make sure your IPTABLES rules allow access from outside (INPUT CHAIN)can you ping any of your other public IPs? Do you have a web server configuration on each public IP as a test to make sure those are accessible from outside and are not being blocked by iptables or another firewall?
You have to make sure your IPTABLES rules allow access from outside (INPUT CHAIN)can you ping any of your other public IPs? Do you have a web server configuration on each public IP as a test to make sure those are accessible from outside and are not being blocked by iptables or another firewall?
You can configure your web server to use the 192.168.x.x 3128 as the proxy.
ASKER
Thanks for you helps.
netstat -an | grep -i LISTEN | grep 1723
netstat -an | grep -i LISTEN | grep 1723
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN You have to make sure your IPTABLES rules allow access from outside (INPUT CHAIN)How i should do it? I'm not expert in linux and need detailed answers...
can you ping any of your other public IPs?All packets send/receive when I ping all public IPs from external nework.
Do you have a web server configuration on each public IPyes, httpd listen on *:80 and I create a virtual host on webserver and set dedicate Public IP to it.
Can I still access the system?
ASKER
With last e-mail which i sent to you, it's possible you access to server, now.
It seems that pptp is listening on all the IPs.
What happens if you change the IP in the PPTP client to which you are connecting?
Not having firewall on when your system is exposed to the net directly is a really bad idea.
What happens if you change the IP in the PPTP client to which you are connecting?
Not having firewall on when your system is exposed to the net directly is a really bad idea.
ASKER
I don't have any firewalls on my mac os.
in addition and set radiusd in debug mode with "radiusd -X" and on other IPs pptpd don't send request to freeradius but in /var/log/messages pptpd receive user authentication request.
you can test pptpd with following details:
user: testuser
pass: testpass
in addition and set radiusd in debug mode with "radiusd -X" and on other IPs pptpd don't send request to freeradius but in /var/log/messages pptpd receive user authentication request.
you can test pptpd with following details:
user: testuser
pass: testpass
your pptpd.conf does not have the "plugin radius.so" directive which is why it is not communicating using radius.
pptpd records and reports within /var/log/messages the data sent/received during the session.
pptpd records and reports within /var/log/messages the data sent/received during the session.
ASKER
pptpd.conf doesn't have radius.so but it's call /etc/ppp/options.pptpd and options.pptpd contain "plugin radius.so"
you mean i should add it to /etc/pptpd.conf instead of /etc/ppp/options.pptpd ?
so, why with primary IP pptpd communicate to radius but for other IPs no?
you mean i should add it to /etc/pptpd.conf instead of /etc/ppp/options.pptpd ?
so, why with primary IP pptpd communicate to radius but for other IPs no?
never mind, on the plugin reference
The error for the pptp connections to any IP other than the primary is a result of the GRE failure.i.e. the connection is made to 251 but the outgoing responses are coming from 250.
can you install strace command yum install strace.
this is a command that I could use to check what is happening within pppd when the connection is made to any IP other than the primary.
http://www.faqs.org/docs/Linux-HOWTO/PPP-HOWTO.html#PPP-SERVER
tried to capture traffic data to compare using tcpdump
http://linuxguruz.wordpress.com/2008/12/20/tcpdump-manual/
nothing specific showed up. strace could help
The error for the pptp connections to any IP other than the primary is a result of the GRE failure.i.e. the connection is made to 251 but the outgoing responses are coming from 250.
can you install strace command yum install strace.
this is a command that I could use to check what is happening within pppd when the connection is made to any IP other than the primary.
http://www.faqs.org/docs/Linux-HOWTO/PPP-HOWTO.html#PPP-SERVER
tried to capture traffic data to compare using tcpdump
http://linuxguruz.wordpress.com/2008/12/20/tcpdump-manual/
nothing specific showed up. strace could help
ASKER
I installed strace.
Strange, It worked for connecting a single host to the 151.
But that only worked once.
The source of the request (NAS-IP-Address) is always seen by the radius server as coming from 150.
Do you have a check i.e. limiting the user to a single connection as well as having a state session table?
But that only worked once.
The source of the request (NAS-IP-Address) is always seen by the radius server as coming from 150.
Do you have a check i.e. limiting the user to a single connection as well as having a state session table?
ASKER
no i don't check yet.
what's solution for it?
what's solution for it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
- Arnold
I think here just you can help me exactly.
would you mind read this topic -> https://www.experts-exchange.com/questions/27475046/PPTP-Poptop-server-speed-is-too-slow.html
I think here just you can help me exactly.
would you mind read this topic -> https://www.experts-exchange.com/questions/27475046/PPTP-Poptop-server-speed-is-too-slow.html
This requires at least three steps:
1. enable forwarding of packets:
echo 1 > /proc/sys/net/ipv4/ip_forw
2. allow packet traversal on firewall (simplest rule is to allow all traffic, but you should change it appropriately):
iptables -I FORWARD -j ACCEPT
3. NAT the IPs to the server computer IP:
iptables -t nat -I POSTROUTING -j MASQUERADE
All these commands are valid until you reboot your system. You should put them in rc.local file or other apropriate configuration files to work after every reboot.
See also for example:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch03_:_Linux_Networking#How_to_Convert_Your_Linux_Server_into_a_Simple_Router