8 Replies Latest reply on Jun 28, 2012 9:28 PM by mcisar

    PPTP VPN connection 'stuck'

      Am having difficulty with a PPTP VPN connection terminating to an SG-565 with 4.0.10 firmware. 

       

      Everything seems to work fine until the far-end (client) loses it's internet connection.  When it comes back up a new tunnel is established, but there is no connectivity over the VPN.  Checking the PPTP Port Status what you find is that there are now two connections from the client.  So as far as I can tell the SG-565 never kills the original tunnel when the far end drops off.  If I disable and then re-enable PPTP the ghost connection goes away and then the remote end will subsequently re-connect successfully.

       

      Does anyone have any thoughts on how I might fix this issue?

       

      Cheers,

      >>>>> Mike <<<<<

       

      P.S.  The client device at the remote site is also an SG-565, running a 3.x firmware version.

        • 1. Re: PPTP VPN connection 'stuck'

          The PPTP protocol has LCP echo requests and replies to detect if the PPTP GRE stream is still functional, and this is tested every 30 secs...if I recall correctly.

           

          After 3 failures, the link will be torn down....so 119 seconds max, the link will be removed.

           

          I presume you have tested after 90 seconds.

           

          That would leave routing as a possible culprit....are you assigning static IP 's at all to clients ?

          • 2. Re: PPTP VPN connection 'stuck'

            Without intervention the two connections show under PPTP port status indefinately, both connections seem to still update their respective "uptime"... this morning the 2nd connection had been "up" for an hour and 25 minutes when I dis/re-enabled the PPTP server to re-establish a working tunnel.

             

            The client is assigned a static IP, and there is a routing statement in place to route traffic to the remote subnet through that static IP (10.11.18.0/24 --> 10.11.13.20)

             

            Cheers,

            >>>>> Mike <<<<<

            • 3. Re: PPTP VPN connection 'stuck'

              is the static IP 10.11.13.20 on the same subnet as your internal LAN ?

              If so, can you try another subnet to use...a unique subnet that is not part of your LAN or anywhere else ?

              • 4. Re: PPTP VPN connection 'stuck'

                Yes, the static is on he same subnet as the local lan... will test using an alternate static IP tonight once the client is closed.

                 

                Regards,

                >>>>> Mike <<<<<

                • 5. Re: PPTP VPN connection 'stuck'

                  Finally was able to do some further work on this.  Have assigned the client 192.168.254.1  rather than 10.11.13.20  and changed the static route to 10.11.18.0/24 --> 192.168.254.1     

                   

                  Still seeing the same problem, as far as I'm able to tell if the client only goes offline for a short time this is when the problem occurs... that is to say it appears if the client goes offline and then comes online and attempts to reconnect before the server has dropped the original connection then that is when we see the two connections apparently online.   There have been a couple of cases where the client's ADSL line was down for a period of hours, and in these cases it appeared to automatically reconnect without a problem.

                   

                  End up having to disable PPTP server, re-enable it... wait for a single tunnel to come up and then disable and enable the static route to get back up and going.

                   

                  >>>>> Mike <<<<<

                  • 6. Re: PPTP VPN connection 'stuck'

                    Going to *bump* on this thread because the client has started seeing this problem repeatedly again (obviously their internet connection got stable for a while and now has gotten a bit flakey again.

                     

                    Long story short if the remote end of the VPN drops for just a short bit it then automatically reestablishes, so you have 2 PPTP sessions showing but no traffic is flowing on the VPN (assume traffic still being sent to the "disconnected" VPN).  The old tunnel never drops by itself, but rather I have to go in, disable the PPTP server and then re-enable it to get that ghost session to go away.  

                     

                    As mentioned before, if the internet connection is out for a long period of time (ie. more than a brief hiccup) the connection does drop and re-establish properly... its only when the connection re-establishes before the original one drops on the server side that I see this issue. 

                     

                    Any thoughts to working around this problem...  even if I could prevent that particular PPP user from starting a 2nd session in theory that would then give the original session time to drop from the server maybe???

                     

                    Cheers,

                    >>>>> Mike <<<<<

                    • 7. Re: PPTP VPN connection 'stuck'

                      can you post the routing table when in the error state and tell me which ppp interfaces are relevant to the remote client ?

                      • 8. Re: PPTP VPN connection 'stuck'

                        I will capture this info the next time the VPN goes down.

                         

                        Mike