1 2 Previous Next 15 Replies Latest reply on Oct 4, 2010 5:36 PM by ctas

    PPTP problems - SG580 firmware 4.0.8

      Hey all,

       

      Since upgrading to firmware 4.0.8, none of our PPTP users are able to connect to internal IP addresses. The connection works... but they just can't ping anything inside the network.

       

      I've downgraded to 4.0.7 thinking this was the cause of the problem, but it has not helped.

       

      In the System Log, I see the following:

       

      Sep 21 17:58:44 pppd[1766]: pppd 2.4.4 started by root, uid 0 
      Sep 21 17:58:44 pppd[1766]: Connect: ppp1 <--> /dev/pts/0 
      Sep 21 17:58:44 pppd[1766]: Warning - secret file /etc/config/pap-secrets has world and/or group access 
      Sep 21 17:58:47 pptpd[1765]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! 
      Sep 21 17:58:47 pppd[1766]: Warning - secret file /etc/config/chap-secrets has world and/or group access 
      Sep 21 17:58:47 pppd[1766]: MPPE 40-bit stateless transmit compression enabled 
      Sep 21 17:58:47 pppd[1766]: local  IP address 10.7.31.1 
      Sep 21 17:58:47 pppd[1766]: remote IP address 10.7.31.53 
      Sep 21 18:01:55 pppd[1766]: Modem hangup 
      Sep 21 18:01:55 pppd[1766]: Connection terminated. 
      Sep 21 18:02:00 pptpd[1765]: CTRL: Asked to free call when no call open, not handled well 
      Sep 21 18:02:00 pptpd[1765]: CTRL: Could not free Call ID [admin shutdown]! 
      Sep 21 18:02:00 pptpd[1765]: CTRL: Couldn't write packet to client. 
      Sep 21 18:02:00 last message repeated 1 time(s) 

       

      When the connection is established, we are able to ping 10.7.31.1 (the firewall), but we are unable to ping or connect to anything else. I don't get any other errors in the System Log.

       

      What can we do to further troubleshoot this?

       

      Thanks!

      K

        • 1. Re: PPTP problems - SG580 firmware 4.0.8
          jcmiller54

          Have a look at this thread. It might help.

           

          See post number 47.

           

          https://community.mcafee.com/thread/20391?start=45&tstart=0

          • 2. Re: PPTP problems - SG580 firmware 4.0.8
            Tristan

            Interesting read

             

            Note: post 57 not 47

            • 3. Re: PPTP problems - SG580 firmware 4.0.8
              jcmiller54

              Finger has been appropriately chastized. Thanks for the correction.

               

              John

              • 4. Re: PPTP problems - SG580 firmware 4.0.8

                Thanks for the link John!

                 

                I was coming from version 4.0.7, so already had a group for VPN access with PPTP ticked, and the relevant users assigned...

                 

                Have just gone in to that section of the admin pages and have re-applied all the settings, so I'll see if that makes a difference!

                 

                Cheers,

                Kim

                • 5. Re: PPTP problems - SG580 firmware 4.0.8

                  Still no luck I'm afraid

                   

                  Have upgraded back to 4.0.8. Here's the full log at the time of the connection being made:

                   

                  Sep 22 15:59:27 pppd[29059]: pppd 2.4.4 started by root, uid 0 
                  Sep 22 15:59:27 pppd[29059]: Connect: ppp1 <--> /dev/pts/0 
                  Sep 22 15:59:27 pppd[29059]: Warning - secret file /etc/config/pap-secrets has world and/or group access 
                  Sep 22 15:59:30 pptpd[29056]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! 
                  Sep 22 15:59:32 pppd[29059]: Warning - secret file /etc/config/chap-secrets has world and/or group access 
                  Sep 22 15:59:34 pppd[29059]: MPPE 40-bit stateless transmit compression enabled 
                  Sep 22 15:59:34 pppd[29059]: local  IP address 10.7.31.1 
                  Sep 22 15:59:34 pppd[29059]: remote IP address 10.7.31.50 
                  Sep 22 15:59:37 packet[307]: nf_ct_tcp: invalid packet ignored SRC=10.7.31.124 DST=63.245.209.93 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=50516 DF PROTO=TCP SPT=51311 DPT=80 WINDOW=65535 SYN URGP=0  
                  Sep 22 15:59:38 packet[307]: nf_ct_tcp: invalid packet ignored SRC=10.7.31.124 DST=63.245.209.93 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=15934 DF PROTO=TCP SPT=51311 DPT=80 WINDOW=65535 SYN URGP=0  
                  Sep 22 16:00:24 packet[307]: nf_ct_tcp: invalid packet ignored SRC=150.101.98.86 DST=150.101.218.142 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=0 PROTO=TCP SPT=80 DPT=51334 WINDOW=5792 ACK SYN URGP=0  
                  Sep 22 16:00:25 packet[307]: Default - dropped: IN=ppp0 SRC=69.50.201.132 DST=150.101.218.142 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=7521 PROTO=TCP SPT=57729 DPT=113 WINDOW=5840 SYN URGP=0  
                  Sep 22 16:00:25 packet[307]: Default - dropped: IN=ppp0 SRC=69.50.201.132 DST=150.101.218.142 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=21637 PROTO=TCP SPT=55911 DPT=113 WINDOW=5840 SYN URGP=0  
                  Sep 22 16:01:36 pppd[29059]: Modem hangup 
                  Sep 22 16:01:36 pppd[29059]: Connection terminated. 
                  Sep 22 16:01:41 pptpd[29056]: CTRL: Asked to free call when no call open, not handled well 
                  Sep 22 16:01:41 pptpd[29056]: CTRL: Could not free Call ID [admin shutdown]! 
                  Sep 22 16:01:41 pptpd[29056]: CTRL: Couldn't write packet to client. 
                  Sep 22 16:01:41 last message repeated 1 time(s) 
                  Sep 22 16:01:41 firewall[29512]: received signal while executing: 15 

                   

                   

                  Message was edited by: ctas on 9/22/10 12:34:02 AM CDT
                  • 6. Re: PPTP problems - SG580 firmware 4.0.8

                    if you enable the debug option ( under advanced on the pptp server ), what does the syslog show then ?

                    • 7. Re: PPTP problems - SG580 firmware 4.0.8

                      Sorry, should have mentioned - that is with debug on...

                       

                      Kim

                      • 8. Re: PPTP problems - SG580 firmware 4.0.8

                        um....stop and start the server...there should be more info with debug on.

                        • 9. Re: PPTP problems - SG580 firmware 4.0.8

                          Ah, I needed to enable the local syslog.

                           

                          This is the display "notices, warnings and errors"

                           

                          Sep 22 17:48:26 pppd[10451]: (20100922T174826967) pppd 2.4.4 started by root, uid 0
                          Sep 22 17:48:26 pppd[10451]: (20100922T174826978) Connect: ppp1 <--> /dev/pts/0
                          Sep 22 17:48:26 pppd[10451]: (20100922T174826981) Warning - secret file /etc/config/pap-secrets has world and/or group access
                          Sep 22 17:48:26 pptpd[10370]: (20100922T174826987) CTRL: Request to close control connection when call is open, closing
                          Sep 22 17:48:26 pppd[10451]: (20100922T174826990) Modem hangup
                          Sep 22 17:48:26 pppd[10451]: (20100922T174826991) Connection terminated.
                          Sep 22 17:48:27 pptpd[10370]: (20100922T174827061) CTRL: Couldn't write packet to client.
                          Sep 22 17:48:27 last message repeated 1 time(s) 
                          Sep 22 17:48:27 packet[307]: (20100922T174827743) nf_ct_tcp: invalid packet ignored SRC=216.38.164.107 DST=150.101.218.142 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=45078 PROTO=TCP SPT=80 DPT=53100 WINDOW=49968 ACK URGP=0 


                          --- the user could not connect, so reboot their computer then was able to connect. The following is the log when they were trying to ping a computer on our internal IP. I'm not sure which bits of this log are relevant?



                          Sep 22 17:55:27 pppd[13019]: (20100922T175527552) sent [LCP ConfRej id=0x0 <callback CBCP>]
                          Sep 22 17:55:27 pppd[13019]: (20100922T175527690) rcvd [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0x44bc82b6> <pcomp> <accomp>]
                          Sep 22 17:55:27 pppd[13019]: (20100922T175527886) rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0xc436085> <pcomp> <accomp>]
                          Sep 22 17:55:27 pppd[13019]: (20100922T175527890) sent [LCP ConfAck id=0x1 <mru 1400> <magic 0xc436085> <pcomp> <accomp>]
                          Sep 22 17:55:27 pppd[13019]: (20100922T175527900) sent [CHAP Challenge id=0x3e <e829b05d43b46c2b1e56f9bfff651225>, name = "PoPToP"]
                          Sep 22 17:55:28 pptpd[12939]: (20100922T175528346) CTRL: Ignored a SET LINK INFO packet with real ACCMs!
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528528) rcvd [LCP Ident id=0x2 magic=0xc436085 "MSRASV5.10"]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528529) rcvd [LCP Ident id=0x3 magic=0xc436085 "MSRAS-0-LAPTOP"]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528555) rcvd [CHAP Response id=0x3e <eca45cded0bdebff125eb5206a789cb800000000000000007c4cf04db5ccbb755acd214129ff3b21aaa0a066fb61ef0200>, name = "clhvww_vpn"]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528556) Warning - secret file /etc/config/chap-secrets has world and/or group access
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528621) sent [CHAP Success id=0x3e "S=3B39B25CD531010965C4DF9004E9DAD489474B7F M=Access granted"]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528627) Script /bin/auth-up started (pid 13027)
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528629) sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528630) sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 10.7.31.1>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528704) rcvd [CCP ConfReq id=0x4 <mppe +H -M -S -L -D +C>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528704) sent [CCP ConfNak id=0x4 <mppe +H -M -S +L -D -C>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528705) rcvd [IPCP ConfReq id=0x5 <addr 0.0.0.0> <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528705) sent [IPCP ConfRej id=0x5 <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528712) rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528713) sent [CCP ConfReq id=0x2]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528713) rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528713) sent [IPCP ConfReq id=0x2 <addr 10.7.31.1>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528805) rcvd [CCP ConfReq id=0x6 <mppe +H -M -S +L -D -C>]
                          Sep 22 17:55:28 kernel: (20100922T175528805) allocing ppp compressor
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528806) sent [CCP ConfAck id=0x6 <mppe +H -M -S +L -D -C>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528806) rcvd [IPCP ConfReq id=0x7 <addr 0.0.0.0>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528807) sent [IPCP ConfNak id=0x7 <addr 10.7.31.50>]
                          Sep 22 17:55:28 conntrack[307]: (20100922T175528836) action=create id=3264413940 family=inet proto=tcp tcpstate=SYN_SENT tx-src=10.7.31.103 tx-dst=66.102.11.164 tx-sport=2094 tx-dport=80 rx-src=66.102.11.164 rx-dst=150.101.218.142 rx-sport=80 rx-dport=2094 mark=12 
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528848) rcvd [CCP ConfAck id=0x2]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528848) MPPE 40-bit stateless transmit compression enabled
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528849) rcvd [IPCP ConfAck id=0x2 <addr 10.7.31.1>]
                          Sep 22 17:55:28 conntrack[307]: (20100922T175528849) action=create id=3264414916 family=inet proto=tcp tcpstate=SYN_SENT tx-src=10.7.31.103 tx-dst=150.101.195.91 tx-sport=2095 tx-dport=80 rx-src=150.101.195.91 rx-dst=150.101.218.142 rx-sport=80 rx-dport=2095 mark=12 
                          Sep 22 17:55:28 conntrack[307]: (20100922T175528887) action=destroy id=3263260820 family=inet proto=tcp tx-src=10.7.31.108 tx-dst=174.36.30.73 tx-sport=56391 tx-dport=443 tx-packets=9 tx-bytes=480 rx-src=174.36.30.73 rx-dst=150.101.218.142 rx-sport=443 rx-dport=56391 rx-packets=0 rx-bytes=0 mark=12 
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528889) rcvd [IPCP ConfReq id=0x8 <addr 10.7.31.50>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528890) sent [IPCP ConfAck id=0x8 <addr 10.7.31.50>]
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528905) found interface eth0 for proxy arp
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528906) local  IP address 10.7.31.1
                          Sep 22 17:55:28 pppd[13019]: (20100922T175528907) remote IP address 10.7.31.50

                           

                          Sep 22 17:58:14 pppd[13019]: (20100922T175814685) rcvd [Compressed data] 90 1e 3b c0 f2 e5 a7 60 ...
                          Sep 22 17:58:14 pppd[13019]: (20100922T175814685) sent [CCP ResetReq id=0x9]

                           

                          (there semed to be a lot of rcvd, then sent... but they were getting ping timeouts).

                           

                          Cheers,

                          Kim

                          1 2 Previous Next