PPTP disconnects when peers disconnect

ubuntu vpn pptp ubuntu-13.04

7,867

You should try to setup different local ip for connections, something like this:

localip 172.20.1.1-100
remoteip 172.20.1.101-200

also, set your filewall rules:

# accept incoming control connections via conntrack
iptables -A INPUT -p tcp --dport 1723 -m conntrack --ctstate NEW -j ACCEPT
# accept GRE protocol
iptables -A INPUT -p gre -j ACCEPT
# allow packet forwarding from VPN subnet with TCP max segment size tune
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -s 172.20.1.0/24 -j TCPMSS --clamp-mss-to-pmtu

and please, post your pptpd.conf and pptpd-options file

7,867

Thilak Rao

Updated on September 18, 2022

Comments

Thilak Rao over 1 year

Just setup a Ubuntu 13.10 on a server, and configured PPTP VPN. Everything works just fine, until another peer disconnects his VPN connection.

I was able to consistently simulate this by connecting my iPhone to the VPN, and whenever I disconnect the VPN from my iPhone, the VPN just drops for everyone.

Here's the server's log file:

Nov 28 01:14:51 thilak pppd[1620]: pppd 2.4.5 started by thilak, uid 0
Nov 28 01:14:51 thilak pppd[1620]: Using interface ppp0
Nov 28 01:14:51 thilak pppd[1620]: Connect: ppp0 <--> /dev/pts/2
Nov 28 01:14:51 thilak pptpd[1619]: GRE: Bad checksum from pppd.
Nov 28 01:14:54 thilak pppd[1620]: peer from calling number 106.51.51.20 authorized
Nov 28 01:14:55 thilak pppd[1620]: MPPE 128-bit stateless compression enabled
Nov 28 01:14:55 thilak pppd[1620]: Cannot determine ethernet address for proxy ARP
Nov 28 01:14:55 thilak pppd[1620]: local  IP address 198.211.113.34
Nov 28 01:14:55 thilak pppd[1620]: remote IP address 10.10.0.2
Nov 28 01:17:01 thilak CRON[1648]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Nov 28 01:26:29 thilak pptpd[1677]: CTRL: Client 106.51.51.20 control connection started
Nov 28 01:26:29 thilak pptpd[1677]: CTRL: Starting call (launching pppd, opening GRE)
Nov 28 01:26:29 thilak pppd[1678]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Nov 28 01:26:29 thilak pppd[1678]: pppd 2.4.5 started by thilak, uid 0
Nov 28 01:26:29 thilak pppd[1678]: Using interface ppp1
Nov 28 01:26:29 thilak pppd[1678]: Connect: ppp1 <--> /dev/pts/3
Nov 28 01:26:29 thilak pptpd[1677]: GRE: Bad checksum from pppd.
Nov 28 01:26:32 thilak pppd[1678]: peer from calling number 106.51.51.20 authorized
Nov 28 01:26:33 thilak pppd[1678]: MPPE 128-bit stateless compression enabled
Nov 28 01:26:33 thilak pppd[1678]: Cannot determine ethernet address for proxy ARP
Nov 28 01:26:33 thilak pppd[1678]: local  IP address 198.211.113.34
Nov 28 01:26:33 thilak pppd[1678]: remote IP address 10.10.0.4
Nov 28 01:27:14 thilak pppd[1678]: LCP terminated by peer (MPPE disabled)
Nov 28 01:27:14 thilak pppd[1678]: Connect time 0.7 minutes.
Nov 28 01:27:14 thilak pppd[1678]: Sent 44172 bytes, received 16425 bytes.
Nov 28 01:27:14 thilak pptpd[1677]: CTRL: EOF or bad error reading ctrl packet length.
Nov 28 01:27:14 thilak pptpd[1677]: CTRL: couldn't read packet header (exit)
Nov 28 01:27:14 thilak pptpd[1677]: CTRL: CTRL read failed
Nov 28 01:27:14 thilak pptpd[1677]: CTRL: Reaping child PPP[1678]
Nov 28 01:27:14 thilak pppd[1678]: Hangup (SIGHUP)
Nov 28 01:27:14 thilak pppd[1678]: Modem hangup
Nov 28 01:27:14 thilak pppd[1678]: Connection terminated.
Nov 28 01:27:14 thilak pptpd[1619]: GRE: read(fd=7,buffer=7f38314b8460,len=8260) from network failed: status = -1 error = Protocol not available
Nov 28 01:27:14 thilak pptpd[1619]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
Nov 28 01:27:14 thilak pptpd[1619]: CTRL: Reaping child PPP[1620]
Nov 28 01:27:14 thilak pppd[1620]: Hangup (SIGHUP)
Nov 28 01:27:14 thilak pppd[1620]: Modem hangup
Nov 28 01:27:14 thilak pppd[1620]: Connect time 12.4 minutes.
Nov 28 01:27:14 thilak pppd[1620]: Sent 19431067 bytes, received 7005368 bytes.
Nov 28 01:27:14 thilak pppd[1620]: MPPE disabled
Nov 28 01:27:14 thilak pppd[1620]: Connection terminated.
Nov 28 01:27:14 thilak pppd[1678]: Exit.
Nov 28 01:27:14 thilak pptpd[1677]: CTRL: Client 106.51.51.20 control connection finished
Nov 28 01:27:14 thilak pppd[1620]: Exit.
Nov 28 01:27:14 thilak pptpd[1619]: CTRL:

Any idea what's going on?

Thilak Rao over 10 years

I have set my localip as the public ip address of the server. This is what my pptpd.conf file looks like: localip 198.211.113.34 remoteip 10.10.0.2-10 Thanks!
Shooorf over 10 years

You shouldnt set localip to your external IP (which is using for incoming connection). Localip should be used as internal ip for PPP interfaces. If you just want to grant access on other networks for PPP clients - just set appropriate routes (in case of local intranet , using FORWARD chain + 'ip route add') or configure NAT (in case of internet access). If you have entire subnet of real ip adresses and wants them to be assigned for your VPN client - ok, you should set remoteip to real IP range as well.
Shooorf over 10 years

PPTPD listening GRE and TCP 1723 for incoming client connections on all interfaces by default, you could control this by setting iptables rules (INPUT chain).