Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 8 replies
  • Subscribers 0 subscribers
  • Views 1405 views
  • Users 0 members are here
Options
Suggested

[8.960][MYTH] PPPoA failing to connect

x-cimo
I use the PPPoA interface type to connect to a PPTP VPN provider, which works fine in V8.

However when trying the same in UTM9 I get:

2012:05:26-00:18:50 plasmashield pppoa-sh: pptpc[7307] PPTP over Ethernet Loop Control Script activated 
2012:05:26-00:18:50 plasmashield pppoa-sh: pptpc[7307] waiting 10 seconds for mdw filter setup 
2012:05:26-00:19:05 plasmashield pppoa-sh: pptpc[7307] initiating PPTP connection 
2012:05:26-00:19:05 plasmashield pppoa-sh: pptpc[7307] waiting 10 sec for ip-up script 
2012:05:26-00:19:05 plasmashield pppd-pppoa[7358]: pppd 2.4.6 started by (unknown), uid 0
2012:05:26-00:19:05 plasmashield pppd-pppoa[7358]: Couldn't open pty slave /dev/pts/0: No such file or directory
2012:05:26-00:19:05 plasmashield pppd-pppoa[7358]: using channel 9
2012:05:26-00:19:05 plasmashield pppd-pppoa[7358]: Using interface ppp0
2012:05:26-00:19:05 plasmashield pppd-pppoa[7358]: Connect: ppp0  /dev/ttyp0
2012:05:26-00:19:06 plasmashield pppd-pppoa[7358]: sent [LCP ConfReq id=0x1     ]
2012:05:26-00:19:09 plasmashield pppd-pppoa[7358]: sent [LCP ConfReq id=0x1     ]
2012:05:26-00:19:12 plasmashield pppd-pppoa[7358]: sent [LCP ConfReq id=0x1     ]
2012:05:26-00:19:15 plasmashield pppoa-sh: pptpc[7307] looking for IP info in /var/run/pptp/eth0#REF_IntPppPptp1 
2012:05:26-00:19:15 plasmashield pppoa-sh: pptpc[7307] /var/run/pptp/eth0#REF_IntPppPptp1 not found, check ip-up script 
2012:05:26-00:19:15 plasmashield pppoa-sh: pptpc[7307] shutting down pptp connection  X.X.X.X
2012:05:26-00:19:15 plasmashield pppd-pppoa[7358]: sent [LCP ConfReq id=0x1     ]
2012:05:26-00:19:15 plasmashield pppd-pppoa[7358]: Terminating on signal 15
2012:05:26-00:19:15 plasmashield pppd-pppoa[7358]: sent [LCP TermReq id=0x2 "User request"]
2012:05:26-00:19:15 plasmashield pppd-pppoa[7358]: Child process /usr/sbin/pptp-current X.X.X.X --nolaunchpppd (pid 7359) terminated with signal 15
2012:05:26-00:19:15 plasmashield pppd-pppoa[7358]: Modem hangup
2012:05:26-00:19:15 plasmashield pppd-pppoa[7358]: Connection terminated.
2012:05:26-00:19:15 plasmashield pppoa-sh: pptpc[7307] removing UNIX domain socket /var/run/pptp/X.X.X.X 
2012:05:26-00:19:15 plasmashield pppoa-sh: pptpc[7307] verifying running processes 
2012:05:26-00:19:15 plasmashield pppd-pppoa[7358]: Exit.
2012:05:26-00:19:15 plasmashield pppoa-sh: pptpc[7307] pppd: : call REF_IntPppPptp1 ipparam eth0#REF_IntPppPptp1 failed
2012:05:26-00:19:15 plasmashield pppoa-sh: pptpc[7307] pptp: call manager or gre-gateway failed
2012:05:26-00:19:15 plasmashield pppoa-sh: pptpc[7307] one or more processes missing 
2012:05:26-00:19:15 plasmashield pppoa-sh: pptpc[7307] shutting down pptp connection  X.X.X.X
2012:05:26-00:19:20 plasmashield pppoa-sh: pptpc[7307] removing UNIX domain socket /var/run/pptp/X.X.X.X 
2012:05:26-00:19:20 plasmashield pppoa-sh: pptpc[7307] encountered 1 errors so far 
2012:05:26-00:19:20 plasmashield pppoa-sh: pptpc[7307] connection terminated after 10 sec 
2012:05:26-00:19:20 plasmashield pppoa-sh: pptpc[7307] connection terminated prematurely 
2012:05:26-00:19:20 plasmashield pppoa-sh: pptpc[7307] restarting connection in 5 sec 
2012:05:26-00
Parents
  • 0
    Connection to a VPN provider is not official supported by UTM.

    If you want something like this running:
     a) ensure there are packetfilter rules allowing PPTP traffic from the ASG to the VPN provider,
        e.g. use WAN Address Object as source in PF rule
     b) ensure there are static or policy rules, always routing the VPN traffic over the WAN interface

    Cheers
     Ulrich
  • 0 in reply to da_merlin
    The UTM9 is setup such as:

    Firewall: One entry:  Any -> Any -> Any (unsecured)
    Policy routing such as any traffic going to VPN provider go over WAN.

    Both of theses recommendations are already in place, just like they are on the V8 machine.

    Therefore, I ask for the case to be re-opened.
Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?