Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 2001 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outgoing PPTP connections fail

Rob_Bridges
Hello, thanks in advance for any help provided.  I am trying to connect through the our ASG425 to a remote VPN server.  The first 2 packet filter rules I have are Any-> PPTP ->Any and Any->Gre->Any.  Still the log drops the gre protocal 47.  Any ideas?


This thread was automatically locked due to age.
Parents
  • 0
    Hi Guys...  Thanks for the help.  I'm thinking the problem may lie somewhere else.  The PF log shows less dropped GRE packets than I thought when I first posted.  It actually shows more passed than dropped, none the less I am having a heck of a time trying to connect and it does randomly drop them.  If I keep trying, eventually the connection goes through.  The connection traffic help for PPTP is checked.  My orgininal PF rules did specify my internal network until I started trouble shooting.


    /var/log/packetfilter.log:2009:12:31-09:59:43 guro1 ulogd[3557]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="unknown" dstmac="xx:xx:xx:xx:xx:xx" srcmac="00:00:00:00:00:00" srcip="99.xx.xx.xx" dstip="64.xx.xx.xx" proto="47" length="65" tos="0x00" prec="0x00" ttl="59"
    /var/log/packetfilter.log:2009:12:31-10:02:02 guro1 ulogd[3557]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="unknown" dstmac="xx:xx:xx:xx:xx:xx" srcmac="00:00:00:00:00:00" srcip="99.xx.xx.xx" dstip="64.xx.xx.xx" proto="47" length="65" tos="0x00" prec="0x00" ttl="59" 
    /var/log/packetfilter.log:2009:12:31-10:03:34 guro1 ulogd[3557]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="2" seq="0" initf="eth0" outitf="eth1" dstmac="00:xx:xx:xx:xx:xx" srcmac="00:xx:xx:xx:xx:xx" srcip="131.xx.xx.xx" dstip="99.xx.xx.xx" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="1363" dstport="1723" tcpflags="SYN" 
    /var/log/packetfilter.log:2009:12:31-10:11:03 guro1 ulogd[3557]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="2" seq="0" initf="eth0" outitf="eth1" dstmac="00:xx:xx:xx:xx:xx" srcmac="00:xx:xx:xx:xx:xx" srcip="131.xx.xx.xx" dstip="99.xx.xx.xx" proto="6" length="196" tos="0x00" prec="0x00" ttl="126" srcport="1364" dstport="1723" tcpflags="ACK PSH" 
    /var/log/packetfilter.log:2009:12:31-10:11:41 guro1 ulogd[3557]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="2" seq="0" initf="eth0" outitf="eth1" dstmac="00:xx:xx:xx:xx:xx" srcmac="00:xx:xx:xx:xx:xx" srcip="131.xx.xx.xx" dstip="99.xx.xx.xx" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="1365" dstport="1723" tcpflags="SYN" 
    /var/log/packetfilter.log:2009:12:31-10:12:17 guro1 ulogd[3557]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="2" seq="0" initf="eth0" outitf="eth1" dstmac="00:xx:xx:xx:xx:xx" srcmac="00:xx:xx:xx:xx:xx" srcip="131.xx.xx.xx" dstip="99.xx.xx.xx" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="1366" dstport="1723" tcpflags="SYN"
Reply
  • 0
    Hi Guys...  Thanks for the help.  I'm thinking the problem may lie somewhere else.  The PF log shows less dropped GRE packets than I thought when I first posted.  It actually shows more passed than dropped, none the less I am having a heck of a time trying to connect and it does randomly drop them.  If I keep trying, eventually the connection goes through.  The connection traffic help for PPTP is checked.  My orgininal PF rules did specify my internal network until I started trouble shooting.


    /var/log/packetfilter.log:2009:12:31-09:59:43 guro1 ulogd[3557]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="unknown" dstmac="xx:xx:xx:xx:xx:xx" srcmac="00:00:00:00:00:00" srcip="99.xx.xx.xx" dstip="64.xx.xx.xx" proto="47" length="65" tos="0x00" prec="0x00" ttl="59"
    /var/log/packetfilter.log:2009:12:31-10:02:02 guro1 ulogd[3557]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="unknown" dstmac="xx:xx:xx:xx:xx:xx" srcmac="00:00:00:00:00:00" srcip="99.xx.xx.xx" dstip="64.xx.xx.xx" proto="47" length="65" tos="0x00" prec="0x00" ttl="59" 
    /var/log/packetfilter.log:2009:12:31-10:03:34 guro1 ulogd[3557]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="2" seq="0" initf="eth0" outitf="eth1" dstmac="00:xx:xx:xx:xx:xx" srcmac="00:xx:xx:xx:xx:xx" srcip="131.xx.xx.xx" dstip="99.xx.xx.xx" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="1363" dstport="1723" tcpflags="SYN" 
    /var/log/packetfilter.log:2009:12:31-10:11:03 guro1 ulogd[3557]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="2" seq="0" initf="eth0" outitf="eth1" dstmac="00:xx:xx:xx:xx:xx" srcmac="00:xx:xx:xx:xx:xx" srcip="131.xx.xx.xx" dstip="99.xx.xx.xx" proto="6" length="196" tos="0x00" prec="0x00" ttl="126" srcport="1364" dstport="1723" tcpflags="ACK PSH" 
    /var/log/packetfilter.log:2009:12:31-10:11:41 guro1 ulogd[3557]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="2" seq="0" initf="eth0" outitf="eth1" dstmac="00:xx:xx:xx:xx:xx" srcmac="00:xx:xx:xx:xx:xx" srcip="131.xx.xx.xx" dstip="99.xx.xx.xx" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="1365" dstport="1723" tcpflags="SYN" 
    /var/log/packetfilter.log:2009:12:31-10:12:17 guro1 ulogd[3557]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="2" seq="0" initf="eth0" outitf="eth1" dstmac="00:xx:xx:xx:xx:xx" srcmac="00:xx:xx:xx:xx:xx" srcip="131.xx.xx.xx" dstip="99.xx.xx.xx" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="1366" dstport="1723" tcpflags="SYN"
Children
No Data