PPTP disconnects when peers disconnect
7,867
You should try to setup different local ip for connections, something like this:
localip 172.20.1.1-100
remoteip 172.20.1.101-200
also, set your filewall rules:
# accept incoming control connections via conntrack
iptables -A INPUT -p tcp --dport 1723 -m conntrack --ctstate NEW -j ACCEPT
# accept GRE protocol
iptables -A INPUT -p gre -j ACCEPT
# allow packet forwarding from VPN subnet with TCP max segment size tune
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -s 172.20.1.0/24 -j TCPMSS --clamp-mss-to-pmtu
and please, post your pptpd.conf and pptpd-options file
Related videos on Youtube
Author by
Thilak Rao
Updated on September 18, 2022Comments
-
Thilak Rao over 1 year
Just setup a Ubuntu 13.10 on a server, and configured PPTP VPN. Everything works just fine, until another peer disconnects his VPN connection.
I was able to consistently simulate this by connecting my iPhone to the VPN, and whenever I disconnect the VPN from my iPhone, the VPN just drops for everyone.
Here's the server's log file:
Nov 28 01:14:51 thilak pppd[1620]: pppd 2.4.5 started by thilak, uid 0 Nov 28 01:14:51 thilak pppd[1620]: Using interface ppp0 Nov 28 01:14:51 thilak pppd[1620]: Connect: ppp0 <--> /dev/pts/2 Nov 28 01:14:51 thilak pptpd[1619]: GRE: Bad checksum from pppd. Nov 28 01:14:54 thilak pppd[1620]: peer from calling number 106.51.51.20 authorized Nov 28 01:14:55 thilak pppd[1620]: MPPE 128-bit stateless compression enabled Nov 28 01:14:55 thilak pppd[1620]: Cannot determine ethernet address for proxy ARP Nov 28 01:14:55 thilak pppd[1620]: local IP address 198.211.113.34 Nov 28 01:14:55 thilak pppd[1620]: remote IP address 10.10.0.2 Nov 28 01:17:01 thilak CRON[1648]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Nov 28 01:26:29 thilak pptpd[1677]: CTRL: Client 106.51.51.20 control connection started Nov 28 01:26:29 thilak pptpd[1677]: CTRL: Starting call (launching pppd, opening GRE) Nov 28 01:26:29 thilak pppd[1678]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Nov 28 01:26:29 thilak pppd[1678]: pppd 2.4.5 started by thilak, uid 0 Nov 28 01:26:29 thilak pppd[1678]: Using interface ppp1 Nov 28 01:26:29 thilak pppd[1678]: Connect: ppp1 <--> /dev/pts/3 Nov 28 01:26:29 thilak pptpd[1677]: GRE: Bad checksum from pppd. Nov 28 01:26:32 thilak pppd[1678]: peer from calling number 106.51.51.20 authorized Nov 28 01:26:33 thilak pppd[1678]: MPPE 128-bit stateless compression enabled Nov 28 01:26:33 thilak pppd[1678]: Cannot determine ethernet address for proxy ARP Nov 28 01:26:33 thilak pppd[1678]: local IP address 198.211.113.34 Nov 28 01:26:33 thilak pppd[1678]: remote IP address 10.10.0.4 Nov 28 01:27:14 thilak pppd[1678]: LCP terminated by peer (MPPE disabled) Nov 28 01:27:14 thilak pppd[1678]: Connect time 0.7 minutes. Nov 28 01:27:14 thilak pppd[1678]: Sent 44172 bytes, received 16425 bytes. Nov 28 01:27:14 thilak pptpd[1677]: CTRL: EOF or bad error reading ctrl packet length. Nov 28 01:27:14 thilak pptpd[1677]: CTRL: couldn't read packet header (exit) Nov 28 01:27:14 thilak pptpd[1677]: CTRL: CTRL read failed Nov 28 01:27:14 thilak pptpd[1677]: CTRL: Reaping child PPP[1678] Nov 28 01:27:14 thilak pppd[1678]: Hangup (SIGHUP) Nov 28 01:27:14 thilak pppd[1678]: Modem hangup Nov 28 01:27:14 thilak pppd[1678]: Connection terminated. Nov 28 01:27:14 thilak pptpd[1619]: GRE: read(fd=7,buffer=7f38314b8460,len=8260) from network failed: status = -1 error = Protocol not available Nov 28 01:27:14 thilak pptpd[1619]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6) Nov 28 01:27:14 thilak pptpd[1619]: CTRL: Reaping child PPP[1620] Nov 28 01:27:14 thilak pppd[1620]: Hangup (SIGHUP) Nov 28 01:27:14 thilak pppd[1620]: Modem hangup Nov 28 01:27:14 thilak pppd[1620]: Connect time 12.4 minutes. Nov 28 01:27:14 thilak pppd[1620]: Sent 19431067 bytes, received 7005368 bytes. Nov 28 01:27:14 thilak pppd[1620]: MPPE disabled Nov 28 01:27:14 thilak pppd[1620]: Connection terminated. Nov 28 01:27:14 thilak pppd[1678]: Exit. Nov 28 01:27:14 thilak pptpd[1677]: CTRL: Client 106.51.51.20 control connection finished Nov 28 01:27:14 thilak pppd[1620]: Exit. Nov 28 01:27:14 thilak pptpd[1619]: CTRL:
Any idea what's going on?
-
Thilak Rao over 10 yearsI have set my localip as the public ip address of the server. This is what my pptpd.conf file looks like: localip 198.211.113.34 remoteip 10.10.0.2-10 Thanks!
-
Shooorf over 10 yearsYou shouldnt set localip to your external IP (which is using for incoming connection). Localip should be used as internal ip for PPP interfaces. If you just want to grant access on other networks for PPP clients - just set appropriate routes (in case of local intranet , using FORWARD chain + 'ip route add') or configure NAT (in case of internet access). If you have entire subnet of real ip adresses and wants them to be assigned for your VPN client - ok, you should set remoteip to real IP range as well.
-
Shooorf over 10 yearsPPTPD listening GRE and TCP 1723 for incoming client connections on all interfaces by default, you could control this by setting iptables rules (INPUT chain).