Hi experts,
is my first time here as and I have fresh installed ASG v8.000 with home license running on;
Shuttle SB95, 2 x NICs, 1GB and DSL via PPPoA
I cannot get the remote inbound VPN (PPTP) to work and tried many settings out already and searched for solutions here of course but no luck so far.
Here the details what I want to achive;
outbund VPN is working fine: [:)]
ASG -> Cisco VPN client or openVPN -> Office or customers
inbound VPN is not working: [:@]
Office -> MS-VPN or Cisco VPN client -> ASG : is not connecting
I've added some rule for inbound VPN (PPTP) and GRE port 47 and added users but see that GRE:47 gets dropped.
We use a Cisco in the office wich works fine but I don't have any preferences for a specific VPN solution yet (Cisco, MS-VPN or openVPN).
Packet filter;
12:01:45 Default DROP TCP 122.252.5.92 :80 → 192.168.1.1 : 38656
[RST] len=40 ttl=49 tos=0x00 srcmac=0:16:e3:9:a2:ea dstmac=0:30:1b:b8:5d:e8
12:01:52 Default DROP 47 203.109.153.x→ 192.168.1.x
len=54 ttl=119 tos=0x00 srcmac=0:16:e3:9:a2:ea dstmac=0:30:1b:b8:5d:e8
12:01:54 Default DROP 47 203.109.153.x → 192.168.1.x
len=54 ttl=119 tos=0x00 srcmac=0:16:e3:9:a2:ea dstmac=0:30:1b:b8:5d:e8
12:01:58 Default DROP 47 203.109.153.x → 192.168.1.x
len=54 ttl=119 tos=0x00 srcmac=0:16:e3:9:a2:ea dstmac=0:30:1b:b8:5d:e8
12:02:02 Default DROP 47 203.109.153.x → 192.168.1.x
len=54 ttl=119 tos=0x00 srcmac=0:16:e3:9:a2:ea dstmac=0:30:1b:b8:5d:e8
PPTP daemon;
2010:08:06-12:01:52 myciberplace pptpd[998]: MGR: Launching /usr/sbin/pptpctrl to handle client
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: local address = 10.242.1.1
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: remote address = 10.242.1.2
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: Client 203.109.153.115 control connection started
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: Received PPTP Control Message (type: 1)
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: Made a START CTRL CONN RPLY packet
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: I wrote 156 bytes to the client.
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: Sent packet to client
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: Received PPTP Control Message (type: 7)
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: Set parameters to 100000000 maxbps, 64 window size
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: Made a OUT CALL RPLY packet
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: Starting call (launching pppd, opening GRE)
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: pty_fd = 6
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: tty_fd = 7
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: I wrote 32 bytes to the client.
2010:08:06-12:01:52 myciberplace pptpd[999]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
2010:08:06-12:01:52 myciberplace pptpd[999]: CTRL (PPPD Launcher): local address = 10.242.1.1
2010:08:06-12:01:52 myciberplace pptpd[999]: CTRL (PPPD Launcher): remote address = 10.242.1.2
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: Sent packet to client
2010:08:06-12:01:52 myciberplace pppd-pptp[999]: Plugin aua.so loaded.
2010:08:06-12:01:52 myciberplace pppd-pptp[999]: AUA plugin initialized.
2010:08:06-12:01:52 myciberplace pppd-pptp[999]: pppd 2.4.5 started by (unknown), uid 0
2010:08:06-12:01:52 myciberplace pppd-pptp[999]: using channel 27
2010:08:06-12:01:52 myciberplace pppd-pptp[999]: Starting negotiation on /dev/ttyp0
2010:08:06-12:01:52 myciberplace pppd-pptp[999]: sent [LCP ConfReq id=0x1 ]
2010:08:06-12:01:52 myciberplace pptpd[998]: GRE: Bad checksum from pppd.
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: Received PPTP Control Message (type: 15)
2010:08:06-12:01:52 myciberplace pptpd[998]: CTRL: Got a SET LINK INFO packet with standard ACCMs
2010:08:06-12:01:55 myciberplace pppd-pptp[999]: sent [LCP ConfReq id=0x1 ]
2010:08:06-12:01:58 myciberplace pppd-pptp[999]: sent [LCP ConfReq id=0x1 ]
2010:08:06-12:02:01 myciberplace pppd-pptp[999]: sent [LCP ConfReq id=0x1 ]
2010:08:06-12:02:04 myciberplace pppd-pptp[999]: sent [LCP ConfReq id=0x1 ]
2010:08:06-12:02:07 myciberplace pppd-pptp[999]: sent [LCP ConfReq id=0x1 ]
2010:08:06-12:02:10 myciberplace pppd-pptp[999]: sent [LCP ConfReq id=0x1 ]
2010:08:06-12:02:13 myciberplace pppd-pptp[999]: sent [LCP ConfReq id=0x1 ]
2010:08:06-12:02:16 myciberplace pppd-pptp[999]: sent [LCP ConfReq id=0x1 ]
2010:08:06-12:02:19 myciberplace pppd-pptp[999]: sent [LCP ConfReq id=0x1 ]
2010:08:06-12:02:22 myciberplace pptpd[998]: GRE: read(fd=6,buffer=805a540,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
2010:08:06-12:02:22 myciberplace pptpd[998]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
2010:08:06-12:02:22 myciberplace pptpd[998]: CTRL: Reaping child PPP[999]
2010:08:06-12:02:22 myciberplace pptpd[998]: CTRL: Client 203.109.153.x control connection finished
2010:08:06-12:02:22 myciberplace pptpd[998]: CTRL: Exiting now
2010:08:06-12:02:22 myciberplace pppd-pptp[999]: LCP: timeout sending Config-Requests
2010:08:06-12:02:22 myciberplace pppd-pptp[999]: Connection terminated.
2010:08:06-12:02:22 myciberplace pppd-pptp[999]: Modem hangup
2010:08:06-12:02:22 myciberplace pppd-pptp[999]: Exit.
2010:08:06-12:02:22 myciberplace pptpd[26893]: MGR: Reaped child 998
SSL VPN log is empty;
IPS log is empty;
I've added some scren shots and live logs from and hope this would help.
Note;
Just tested again and maybe it is worth to mention that the rule which drops GRE is fwrule="60001"
2010:08:06-12:01:52 myciberplace ulogd[4318]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:16:e3:9:a2:ea" dstmac="0:30:1b:b8:5d:e8" srcip="203.109.153.x" dstip="192.168.1.x" proto="47" length="54" tos="0x00" prec="0x00" ttl="119"
many thanks
Robert
This thread was automatically locked due to age.
