We upgraded the remaining units in our environment to version 8 yesterday. These are ASG 220 HA units and everything has gone smoothly with the exception of PPTP.
We are having major issues getting users connected through PPTP, it seems that if you make two attempts in rapid succession you will first have a failure and then the second attempt will succeed.
The log shows the following:
2011:03:09-16:20:18 vpn-1 pptpd[915]: GRE: xmit failed from decaps_hdlc: Operation not permitted
2011:03:09-16:20:18 vpn-1 pptpd[915]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
2011:03:09-16:20:18 vpn-1 pptpd[915]: CTRL: Reaping child PPP[917]
2011:03:09-16:20:18 vpn-1 pptpd[6722]: MGR: Reaped child 915
2011:03:09-16:20:18 vpn-1 pptpd[915]: CTRL: Client 120.155.157.50 control connection finished
2011:03:09-16:20:18 vpn-1 pptpd[915]: CTRL: Exiting now
2011:03:09-16:40:46 vpn-1 pptpd[3690]: MGR: Launching /usr/sbin/pptpctrl to handle client
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: local address = 172.20.21.1
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: remote address = 172.20.21.2
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Client 59.154.135.26 control connection started
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Received PPTP Control Message (type: 1)
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Made a START CTRL CONN RPLY packet
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: I wrote 156 bytes to the client.
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Sent packet to client
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Received PPTP Control Message (type: 7)
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Set parameters to 100000000 maxbps, 64 window size
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Made a OUT CALL RPLY packet
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Starting call (launching pppd, opening GRE)
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: pty_fd = 6
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: tty_fd = 7
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: I wrote 32 bytes to the client.
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Sent packet to client
2011:03:09-16:40:46 vpn-1 pptpd[3691]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
2011:03:09-16:40:46 vpn-1 pptpd[3691]: CTRL (PPPD Launcher): local address = 172.20.21.1
2011:03:09-16:40:46 vpn-1 pptpd[3691]: CTRL (PPPD Launcher): remote address = 172.20.21.2
2011:03:09-16:40:46 vpn-1 pptpd[3690]: GRE: Bad checksum from pppd.
2011:03:09-16:40:46 vpn-1 pptpd[3690]: GRE: xmit failed from decaps_hdlc: Operation not permitted
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Reaping child PPP[3691]
2011:03:09-16:40:46 vpn-1 pptpd[6722]: MGR: Reaped child 3690
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Client 59.154.135.26 control connection finished
2011:03:09-16:40:46 vpn-1 pptpd[3690]: CTRL: Exiting now
I need to stress that PPTP was no issue prior to upgrade, we have some 50+ iphones and a multitude of laptops that use this regularly.
I have specific rules to allow GRE, even with an ANY -> ANY rule at the top of the packetfilter the problem remains.
Really need to resolve this issue as soon as possible, so again I'd be really grateful for some help here.
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
