[ale] PPTP issue that affects Linux but not Windows?
Jeff Hubbs
hbbs at comcast.net
Thu Apr 29 17:31:56 EDT 2004
Am I wrong or is PPTP to be avoided in general due to design weaknesses?
- Jeff
On Thu, 2004-04-29 at 07:22, John Wells wrote:
> Geoffrey said:
> > What kinds of problems are you having with pptp? Why don't they go with
> (the much more secure and standard) ipsec?
>
> Ok...you asked for it. Here's my email to the pptp list. Note that the
> ICMP error described happens only when attempting to connect from a Linux
> box....windows boxes connect just fine.
>
> Any pptp experts on the list? The developers of pptpclient are pointing
> the finger at either a. IpCOP, or b. Speakeasy...my new ISP.
>
> <start message sent to pptp mailing list>
> I'm having a very interesting problem with LCP timeouts (no GRE from
> server). I've talked quite a bit with Quozl on #pptp and we're both
> perplexed. He suggested I post to the list to get some other eyes on
> it...we're at a loss.
>
> Here's a summary of what's happening:
>
> I run an ipcop firewall/router and have a number of machines behind it. I
> need to connect to my company's VPN.
>
> Here's an overview of the interesting points, before I get into detail:
>
> - Windows machines (even windows machines running on top of a Linux box
> that fails via Win4Lin) succeed in connecting.
> - This exact same unmodified firewall/router (I run ipcop) has been used
> successfully before, allowing a RH9 box to connect. I then switch to
> Fedora and have had these problems....
> - However, between switch from RH9 to Fedora, I moved, so I'm now running
> via a different static ip across a different DSL bridge via a different
> provider (Speakeasy now, was Speedfactory).
> - Quozl has verified all modules are loaded correctly.
> - iptables is completed open...all rules setup default to accept on the
> client side.
>
> Ok, now for the detail.
>
> Here's the output from the pptpconfig:
>
> using channel 2
> Using interface ppp0
> pptp-php-gtk: monitoring interface ppp0
> Connect: ppp0 <--> /dev/pts/2
> sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6238dbb3> <pcomp>
> <accomp>] sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6238dbb3>
> <pcomp> <accomp>] sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic
> 0x6238dbb3> <pcomp> <accomp>] sent [LCP ConfReq id=0x1 <asyncmap 0x0>
> <magic 0x6238dbb3> <pcomp> <accomp>] sent [LCP ConfReq id=0x1 <asyncmap
> 0x0> <magic 0x6238dbb3> <pcomp> <accomp>] sent [LCP ConfReq id=0x1
> <asyncmap 0x0> <magic 0x6238dbb3> <pcomp> <accomp>] sent [LCP ConfReq
> id=0x1 <asyncmap 0x0> <magic 0x6238dbb3> <pcomp> <accomp>] sent [LCP
> ConfReq id=0x1 <asyncmap 0x0> <magic 0x6238dbb3> <pcomp> <accomp>] sent
> [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6238dbb3> <pcomp> <accomp>]
> sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6238dbb3> <pcomp>
> <accomp>] LCP: timeout sending Config-Requests
> Connection terminated.
> Waiting for 1 child processes...
> script pptp vpn.mycompany.com --nolaunchpppd, pid 8442
> Script pptp vpn.mycompany.com --nolaunchpppd finished (pid 8442), status =
> 0x0
> pptp-php-gtk: pppd process terminated by signal 10
> pptp-php-gtk: SIGUSR1
>
> Second, a tcpdump from the client (172.16.2.8). Seems fairly
> standard...no GRE packets being returned.
>
> -- TCPDUMP from client --
> 20:45:50.702248 172.16.2.8.33392 > vpn.mycompany.com.1723: S
> 426399634:426399634(0) wi n 5840 <mss 1460,sackOK,timestamp 8557389
> 0,nop,wscale 0> (DF)
> 20:45:50.771672 vpn.mycompany.com.1723 > 172.16.2.8.33392: S
> 3082603769:3082603769(0) ack 426399635 win 49232 <nop,nop,timestamp
> 107243076 8557389,mss 1460,nop,wscale 0,nop,nop,sackOK> (DF)
> 20:45:50.771734 172.16.2.8.33392 > vpn.mycompany.com.1723: . ack 1 win
> 5840 <nop,nop,t imestamp 8557396 107243076> (DF)
> 20:45:50.772163 172.16.2.8.33392 > vpn.mycompany.com.1723: P 1:157(156)
> ack 1 win 5840 <nop,nop,timestamp 8557396 107243076>: pptp
> CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) F RAME_CAP(AS) BEARER_CAP(DA)
> MAX_CHAN(65535) FIRM_REV(1) HOSTNAME(local) VENDOR(c ananian) (DF)
> 20:45:50.850231 vpn.mycompany.com.1723 > 172.16.2.8.33392: . ack 157 win
> 49076 <nop,no p,timestamp 107243084 8557396> (DF)
> 20:45:51.779804 172.16.2.8.33392 > vpn.mycompany.com.1723: P 157:325(168)
> ack 1 win 58 40 <nop,nop,timestamp 8557497 107243084>: pptp
> CTRL_MSGTYPE=OCRQ CALL_ID(0) CALL _SER_NUM(0) MIN_BPS(2400)
> MAX_BPS(10000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_ WIN(3)
> PROC_DELAY(0) PHONE_NO_LEN(0) PHONE_NO() SUB_ADDR() (DF)
> 20:45:51.854038 vpn.mycompany.com.1723 > 172.16.2.8.33392: . ack 325 win
> 48908 <nop,no p,timestamp 107243184 8557497> (DF)
> 20:45:53.764725 vpn.mycompany.com.1723 > 172.16.2.8.33392: P 1:157(156)
> ack 325 win 48 908 <nop,nop,timestamp 107243375 8557497>: pptp
> CTRL_MSGTYPE=SCCRP PROTO_VER(1.0 ) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S)
> BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(21 95) HOSTNAME() VENDOR(Microsoft
> Windows NT) (DF)
> 20:45:53.764784 172.16.2.8.33392 > vpn.mycompany.com.1723: . ack 157 win
> 5840 <nop,nop ,timestamp 8557695 107243375> (DF)
> 20:45:53.835248 vpn.mycompany.com.1723 > 172.16.2.8.33392: P 157:189(32)
> ack 325 win 4 8908 <nop,nop,timestamp 107243382 8557695>: pptp
> CTRL_MSGTYPE=OCRP CALL_ID(33765 ) PEER_CALL_ID(0) RESULT_CODE(1)
> ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(14808325) RECV_WIN(16384)
> PROC_DELAY(0) PHY_CHAN_ID(0) (DF)
> 20:45:53.835293 172.16.2.8.33392 > vpn.mycompany.com.1723: . ack 189 win
> 5840 <nop,nop ,timestamp 8557702 107243382> (DF)
> 20:45:53.835731 172.16.2.8 > vpn.mycompany.com: gre [KSv1] ID:83e5 S:1
> ppp: Conf-Req(1 ), ACCM=00000000, Magic-Num=73482e22, PFC, ACFC (DF)
> 20:45:54.639217 172.16.2.8 > vpn.mycompany.com: gre [KSv1] ID:83e5 S:2
> ppp: Conf-Req(1 ), ACCM=00000000, Magic-Num=73482e22, PFC, ACFC (DF)
> 20:45:57.639382 172.16.2.8 > vpn.mycompany.com: gre [KSv1] ID:83e5 S:3
> ppp: Conf-Req(1 ), ACCM=00000000, Magic-Num=73482e22, PFC, ACFC (DF)
> 20:46:00.649363 172.16.2.8 > vpn.mycompany.com: gre [KSv1] ID:83e5 S:4
> ppp: Conf-Req(1 ), ACCM=00000000, Magic-Num=73482e22, PFC, ACFC (DF)
> 20:46:03.661090 172.16.2.8 > vpn.mycompany.com: gre [KSv1] ID:83e5 S:5
> ppp: Conf-Req(1 ), ACCM=00000000, Magic-Num=73482e22, PFC, ACFC (DF)
> 20:46:06.670819 172.16.2.8 > vpn.mycompany.com: gre [KSv1] ID:83e5 S:6
> ppp: Conf-Req(1 ), ACCM=00000000, Magic-Num=73482e22, PFC, ACFC (DF)
> 20:46:09.679291 172.16.2.8 > vpn.mycompany.com: gre [KSv1] ID:83e5 S:7
> ppp: Conf-Req(1 ), ACCM=00000000, Magic-Num=73482e22, PFC, ACFC (DF)
> 20:46:12.679765 172.16.2.8 > vpn.mycompany.com: gre [KSv1] ID:83e5 S:8
> ppp: Conf-Req(1 ), ACCM=00000000, Magic-Num=73482e22, PFC, ACFC (DF)
> 20:46:15.681940 172.16.2.8 > vpn.mycompany.com: gre [KSv1] ID:83e5 S:9
> ppp: Conf-Req(1 ), ACCM=00000000, Magic-Num=73482e22, PFC, ACFC (DF)
> 20:46:18.689381 172.16.2.8 > vpn.mycompany.com: gre [KSv1] ID:83e5 S:10
> ppp: Conf-Req( 1), ACCM=00000000, Magic-Num=73482e22, PFC, ACFC (DF)
> 20:46:21.697165 172.16.2.8.33392 > vpn.mycompany.com.1723: P 325:341(16)
> ack 189 win 5 840 <nop,nop,timestamp 8560488 107243382>: pptp
> CTRL_MSGTYPE=CCRQ CALL_ID(0) (DF )
> 20:46:21.770433 vpn.mycompany.com.1723 > 172.16.2.8.33392: P 189:337(148)
> ack 341 win 48908 <nop,nop,timestamp 107246176 8560488>: pptp
> CTRL_MSGTYPE=CDN CALL_ID(33765 ) RESULT_CODE(0) ERR_CODE(0) CAUSE_CODE(0)
> CALL_STATS() (DF)
> 20:46:21.770501 172.16.2.8.33392 > vpn.mycompany.com.1723: P 341:373(32)
> ack 337 win 5 840 <nop,nop,timestamp 8560496 107246176>: pptp
> CTRL_MSGTYPE=CCRQ CALL_ID(0) (DF )
> 20:46:21.841936 vpn.mycompany.com.1723 > 172.16.2.8.33392: P 337:353(16)
> ack 373 win 4 8908 <nop,nop,timestamp 107246183 8560496>: pptp
> CTRL_MSGTYPE=StopCCRP RESULT_CO DE(1) ERR_CODE(0) (DF)
> 20:46:21.878615 172.16.2.8.33392 > vpn.mycompany.com.1723: . ack 353 win
> 5840 <nop,nop ,timestamp 8560507 107246183> (DF)
> 20:46:21.937251 vpn.mycompany.com.1723 > 172.16.2.8.33392: F 353:353(0)
> ack 373 win 48 908 <nop,nop,timestamp 107246193 8560496> (DF)
> 20:46:21.968623 172.16.2.8.33392 > vpn.mycompany.com.1723: . ack 354 win
> 5840 <nop,nop ,timestamp 8560516 107246193> (DF)
> 20:46:23.700332 172.16.2.8.33392 > vpn.mycompany.com.1723: R 373:373(0)
> ack 354 win 58 40 <nop,nop,timestamp 8560689 107246193> (DF)
>
>
> Now the interesting part. Please note the icmp errors in the following
> tcpdump. This is a dump on the firewall itself, listening to the external
> interface (IPCop is doing NAT). Also note, that during this connection
> sequence, I do indeed have a listening port (Quozl and I verified this by
> running "netstat -an --raw", which provided this info:
> Proto Recv-Q Send-Q Local Address Foreign Address State
> raw 0 0 172.16.2.8:47 66.192.236.168:* 1 )
>
> -- TCPDUMP dump from firewall/router's external interface --
>
> 22:39:22.251772 mydslhost.dsl.speakeasy.net.33353 >
> vpn.mycompany.com.1723: S 3502859749:3502859749(0) win 5840 <mss
> 1460,sackOK,timestamp 8441573 0,nop,wscale 0> (DF)
> 22:39:22.320141 vpn.mycompany.com.1723 >
> mydslhost.dsl.speakeasy.net.33353: S 3536178865:3536178865(0) ack
> 3502859750 win 49232 <nop,nop,timestamp 107127261 8441573,mss
> 1460,nop,wscale 0,nop,nop,sackOK> (DF)
> 22:39:22.320522 mydslhost.dsl.speakeasy.net.33353 >
> vpn.mycompany.com.1723: . ack 1 win 5840 <nop,nop,timestamp 8441580
> 107127261> (DF)
> 22:39:22.321061 mydslhost.dsl.speakeasy.net.33353 >
> vpn.mycompany.com.1723: P 1:157(156) ack 1 win 5840 <nop,nop,timestamp
> 8441580 107127261>: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(AS)
> BEARER_CAP(DA) MAX_CHAN(65535) FIRM_REV(1) HOSTNAME(local)
> VENDOR(cananian) (DF)
> 22:39:22.394534 vpn.mycompany.com.1723 >
> mydslhost.dsl.speakeasy.net.33353: . ack 157 win 49076 <nop,nop,timestamp
> 107127268 8441580> (DF)
> 22:39:23.324614 mydslhost.dsl.speakeasy.net.33353 >
> vpn.mycompany.com.1723: P 157:325(168) ack 1 win 5840 <nop,nop,timestamp
> 8441681 107127268>: pptp CTRL_MSGTYPE=OCRQ CALL_ID(33353) CALL_SER_NUM(0)
> MIN_BPS(2400) MAX_BPS(10000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_WIN(3)
> PROC_DELAY(0) PHONE_NO_LEN(0) PHONE_NO() SUB_ADDR() (DF)
> 22:39:23.398243 vpn.mycompany.com.1723 >
> mydslhost.dsl.speakeasy.net.33353: . ack 325 win 48908 <nop,nop,timestamp
> 107127368 8441681> (DF)
> 22:39:25.380511 vpn.mycompany.com.1723 >
> mydslhost.dsl.speakeasy.net.33353: P 1:157(156) ack 325 win 48908
> <nop,nop,timestamp 107127567 8441681>: pptp CTRL_MSGTYPE=SCCRP
> PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP(DA)
> MAX_CHAN(0) FIRM_REV(2195) HOSTNAME() VENDOR(Microsoft Windows NT) (DF)
> 22:39:25.380935 mydslhost.dsl.speakeasy.net.33353 >
> vpn.mycompany.com.1723: . ack 157 win 5840 <nop,nop,timestamp 8441886
> 107127567> (DF)
> 22:39:25.448589 vpn.mycompany.com.1723 >
> mydslhost.dsl.speakeasy.net.33353: P 157:189(32) ack 325 win 48908
> <nop,nop,timestamp 107127573 8441886>: pptp CTRL_MSGTYPE=OCRP
> CALL_ID(50148) PEER_CALL_ID(33353) RESULT_CODE(1) ERR_CODE(0)
> CAUSE_CODE(0) CONN_SPEED(14808325) RECV_WIN(16384) PROC_DELAY(0)
> PHY_CHAN_ID(0) (DF)
> 22:39:25.448953 mydslhost.dsl.speakeasy.net.33353 >
> vpn.mycompany.com.1723: . ack 189 win 5840 <nop,nop,timestamp 8441893
> 107127573> (DF)
> 22:39:25.449473 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: gre
> [KSv1] ID:c3e4 S:1 ppp: Conf-Req(1), ACCM=00000000, Magic-Num=b58a330d,
> PFC, ACFC (DF)
> 22:39:25.523448 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSAv1] ID:8249 S:0 A:1 ppp: Conf-Req(0), Auth-Prot CHAP/MSCHAPv2,
> Magic-Num=5118142b, PFC, ACFC
> 22:39:25.523687 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:25.524051 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSv1] ID:8249 S:1 ppp: Conf-Ack(1), ACCM=00000000, Magic-Num=b58a330d,
> PFC, ACFC
> 22:39:25.524193 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:26.216577 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: gre
> [KSv1] ID:c3e4 S:2 ppp: Conf-Req(1), ACCM=00000000, Magic-Num=b58a330d,
> PFC, ACFC (DF)
> 22:39:26.286722 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSAv1] ID:8249 S:2 A:2 ppp: Conf-Ack(1), ACCM=00000000,
> Magic-Num=b58a330d, PFC, ACFC
> 22:39:26.286876 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:27.522033 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSv1] ID:8249 S:3 ppp: Conf-Req(1), Auth-Prot CHAP/MSCHAPv2,
> Magic-Num=5118142b, PFC, ACFC
> 22:39:27.522195 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:29.217351 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: gre
> [KSv1] ID:c3e4 S:3 ppp: Conf-Req(1), ACCM=00000000, Magic-Num=b58a330d,
> PFC, ACFC (DF)
> 22:39:29.287043 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSAv1] ID:8249 S:4 A:3 ppp: Conf-Ack(1), ACCM=00000000,
> Magic-Num=b58a330d, PFC, ACFC
> 22:39:29.287201 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:30.533873 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSv1] ID:8249 S:5 ppp: Conf-Req(2), Auth-Prot CHAP/MSCHAPv2,
> Magic-Num=5118142b, PFC, ACFC
> 22:39:30.534129 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:32.226147 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: gre
> [KSv1] ID:c3e4 S:4 ppp: Conf-Req(1), ACCM=00000000, Magic-Num=b58a330d,
> PFC, ACFC (DF)
> 22:39:32.297208 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSAv1] ID:8249 S:6 A:4 ppp: Conf-Ack(1), ACCM=00000000,
> Magic-Num=b58a330d, PFC, ACFC
> 22:39:32.297360 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:34.531550 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSv1] ID:8249 S:7 ppp: Conf-Req(3), Auth-Prot CHAP/MSCHAPv2,
> Magic-Num=5118142b, PFC, ACFC
> 22:39:34.531702 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:35.234945 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: gre
> [KSv1] ID:c3e4 S:5 ppp: Conf-Req(1), ACCM=00000000, Magic-Num=b58a330d,
> PFC, ACFC (DF)
> 22:39:35.304665 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSAv1] ID:8249 S:8 A:5 ppp: Conf-Ack(1), ACCM=00000000,
> Magic-Num=b58a330d, PFC, ACFC
> 22:39:35.304819 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:38.236324 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: gre
> [KSv1] ID:c3e4 S:6 ppp: Conf-Req(1), ACCM=00000000, Magic-Num=b58a330d,
> PFC, ACFC (DF)
> 22:39:38.307445 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSAv1] ID:8249 S:9 A:6 ppp: Conf-Ack(1), ACCM=00000000,
> Magic-Num=b58a330d, PFC, ACFC
> 22:39:38.307605 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:38.536811 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSv1] ID:8249 S:10 ppp: Conf-Req(4), Auth-Prot CHAP/MSCHAPv2,
> Magic-Num=5118142b, PFC, ACFC
> 22:39:38.536959 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:41.244565 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: gre
> [KSv1] ID:c3e4 S:7 ppp: Conf-Req(1), ACCM=00000000, Magic-Num=b58a330d,
> PFC, ACFC (DF)
> 22:39:41.314170 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSAv1] ID:8249 S:11 A:7 ppp: Conf-Ack(1), ACCM=00000000,
> Magic-Num=b58a330d, PFC, ACFC
> 22:39:41.314334 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:42.542333 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSv1] ID:8249 S:12 ppp: Conf-Req(5), Auth-Prot CHAP/MSCHAPv2,
> Magic-Num=5118142b, PFC, ACFC
> 22:39:42.542494 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:44.256594 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: gre
> [KSv1] ID:c3e4 S:8 ppp: Conf-Req(1), ACCM=00000000, Magic-Num=b58a330d,
> PFC, ACFC (DF)
> 22:39:44.329510 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSAv1] ID:8249 S:13 A:8 ppp: Conf-Ack(1), ACCM=00000000,
> Magic-Num=b58a330d, PFC, ACFC
> 22:39:44.329661 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:46.547587 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSv1] ID:8249 S:14 ppp: Conf-Req(6), Auth-Prot CHAP/MSCHAPv2,
> Magic-Num=5118142b, PFC, ACFC
> 22:39:46.547744 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:47.264471 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: gre
> [KSv1] ID:c3e4 S:9 ppp: Conf-Req(1), ACCM=00000000, Magic-Num=b58a330d,
> PFC, ACFC (DF)
> 22:39:47.335001 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSAv1] ID:8249 S:15 A:9 ppp: Conf-Ack(1), ACCM=00000000,
> Magic-Num=b58a330d, PFC, ACFC
> 22:39:47.335153 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:50.264568 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: gre
> [KSv1] ID:c3e4 S:10 ppp: Conf-Req(1), ACCM=00000000, Magic-Num=b58a330d,
> PFC, ACFC (DF)
> 22:39:50.333825 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSAv1] ID:8249 S:16 A:10 ppp: Conf-Ack(1), ACCM=00000000,
> Magic-Num=b58a330d, PFC, ACFC
> 22:39:50.333979 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:50.552857 vpn.mycompany.com > mydslhost.dsl.speakeasy.net: gre
> [KSv1] ID:8249 S:17 ppp: Conf-Req(7), Auth-Prot CHAP/MSCHAPv2,
> Magic-Num=5118142b, PFC, ACFC
> 22:39:50.553005 mydslhost.dsl.speakeasy.net > vpn.mycompany.com: icmp:
> mydslhost.dsl.speakeasy.net protocol 47 unreachable [tos 0xc0]
> 22:39:53.280572 mydslhost.dsl.speakeasy.net.33353 >
> vpn.mycompany.com.1723: P 325:341(16) ack 189 win 5840 <nop,nop,timestamp
> 8444676 107127573>: pptp CTRL_MSGTYPE=CCRQ CALL_ID(33353) (DF)
> 22:39:53.353311 vpn.mycompany.com.1723 >
> mydslhost.dsl.speakeasy.net.33353: P 189:337(148) ack 341 win 48908
> <nop,nop,timestamp 107130364 8444676>: pptp CTRL_MSGTYPE=CDN
> CALL_ID(50148) RESULT_CODE(0) ERR_CODE(0) CAUSE_CODE(0) CALL_STATS() (DF)
> 22:39:53.353731 mydslhost.dsl.speakeasy.net.33353 >
> vpn.mycompany.com.1723: P 341:373(32) ack 337 win 5840 <nop,nop,timestamp
> 8444684 107130364>: pptp CTRL_MSGTYPE=CCRQ CALL_ID(33353) (DF)
> 22:39:53.429218 vpn.mycompany.com.1723 >
> mydslhost.dsl.speakeasy.net.33353: P 337:353(16) ack 373 win 48908
> <nop,nop,timestamp 107130371 8444684>: pptp CTRL_MSGTYPE=StopCCRP
> RESULT_CODE(1) ERR_CODE(0) (DF)
> 22:39:53.463345 mydslhost.dsl.speakeasy.net.33353 >
> vpn.mycompany.com.1723: . ack 353 win 5840 <nop,nop,timestamp 8444695
> 107130371> (DF)
> 22:39:53.519412 vpn.mycompany.com.1723 >
> mydslhost.dsl.speakeasy.net.33353: F 353:353(0) ack 373 win 48908
> <nop,nop,timestamp 107130381 8444684> (DF)
> 22:39:53.553342 mydslhost.dsl.speakeasy.net.33353 >
> vpn.mycompany.com.1723: . ack 354 win 5840 <nop,nop,timestamp 8444704
> 107130381> (DF)
> 22:39:55.284047 mydslhost.dsl.speakeasy.net.33353 >
> vpn.mycompany.com.1723: R 373:373(0) ack 354 win 5840 <nop,nop,timestamp
> 8444877 107130381> (DF)
>
>
> Why would my machine not be reachable when there's a raw socket awaiting
> it? What
> else might I be missing? I'm completely at a loss, especially since
> Windows XP and
> Windows 98 have no problems with connecting. In fact, as I mentioned, I
> fired up
> Win4Lin on the client machine and it connected just fine (albeit with a
> different
> 172.16.2.* ip address). And, just for kicks, I modified 172.16.2.8 to a
> different
> IP, and no luck.
>
> Can anyone help me? I'm not sure what I'm missing.
>
> Thanks so much!
>
> John
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list