Hello,
I try to connect to SG51 from Win XP - Vista client (VPN PPTP).
Here the line error I've found searching the Clavister log:
2010-09-02 02:46:51 2010-09-02 02:47:59 Clavister 06000051 DropAll Notice RULE ruleset_drop_packet drop wan:82.xx.xx.xx:51619 192.168.0.1:1723 TCP
Note the 1723 port (VPN PPTP).
The PPP parameters are all activated.
VPN IPSEC works fine.. (from Win XP-Vista-7 to Clavister)
I have many Clavister installed with the same VPN PPTP configuration, and I never had problems.
I've replaced SG51 hardware (with your hardware replacement service) few day ago without any change at my original configuration.
Thank's.
Cristian
PPTP Problem
Re: PPTP Problem
Seems strange why you have drop from external address to internal. Do you try to connect from outside?
Do you have any rules (expecially, SAT) about pptp-suite?
Do you have "PPTP before rules" enabled?
Do you have any rules (expecially, SAT) about pptp-suite?
Do you have "PPTP before rules" enabled?
BR, Alexandr Danilov
Re: PPTP Problem
Yes I try to connect from my office. Here I have configured many VPN connections (PPTP and L2TP).
I followed your "how to" about VPN and I don't have pptp-suite rules.
PPTP Before Rules is enabled.
This is the same VPN configuration I use with many Clavister without any problem.
I followed your "how to" about VPN and I don't have pptp-suite rules.
PPTP Before Rules is enabled.
This is the same VPN configuration I use with many Clavister without any problem.
Re: PPTP Problem
If you're trying to connect from inside, why in your log source intreface - wan?
Can you show by screenshots settings?
If your f/w is latest, try to debug by pcapdump utility in CLI.
Can you show by screenshots settings?
If your f/w is latest, try to debug by pcapdump utility in CLI.
BR, Alexandr Danilov
Re: PPTP Problem
I'm trying to connect from outside (here in my office). The Clavister is located in the office of my client.
The Clavister is a SG-51 8.90.11 Core and FineTune.
Which screenshoots might be useful?
The Clavister is a SG-51 8.90.11 Core and FineTune.
Which screenshoots might be useful?
Re: PPTP Problem
Aha... Seems strange why drop to 192.168.0.1. Is it SG's lan_ip?cris978 wrote:I'm trying to connect from outside (here in my office). The Clavister is located in the office of my client.
Show params of PPTP server.
BR, Alexandr Danilov
Re: PPTP Problem
192.168.0.1 is the SG's ip_wan
I have the same configuration in other Clavister, which work without problems.
The PPTP VPN is setting as the how-to found in this site.
PPTP_pool 192.168.1.120 - 192.168.1.150
ip_lan 192.168.1.1
ip_wan 192.168.0.1
There is a local user database
PPTP Server:
name - PPTP_tunnel
inner ip - ip_lan
tunnel protocol - PPTP
outer interface filter - any
outer server ip - ip_wan
pptp parameters as the how-to (IP POOL = pptp_pool)
proxy ARP as the how-to
there is user authentication rules (as the guide)
and there are two main rules (allow and nat)
PPP_PPTPBeforeRules is set
I only changed the hardware (with hardware replacement service), configuration and core are the same (before PPTP VPN worked)
Now, only the L2TP IPSEC VPN works....
Why? I can not understand why..
I have the same configuration in other Clavister, which work without problems.
The PPTP VPN is setting as the how-to found in this site.
PPTP_pool 192.168.1.120 - 192.168.1.150
ip_lan 192.168.1.1
ip_wan 192.168.0.1
There is a local user database
PPTP Server:
name - PPTP_tunnel
inner ip - ip_lan
tunnel protocol - PPTP
outer interface filter - any
outer server ip - ip_wan
pptp parameters as the how-to (IP POOL = pptp_pool)
proxy ARP as the how-to
there is user authentication rules (as the guide)
and there are two main rules (allow and nat)
PPP_PPTPBeforeRules is set
I only changed the hardware (with hardware replacement service), configuration and core are the same (before PPTP VPN worked)
Now, only the L2TP IPSEC VPN works....
Why? I can not understand why..
Re: PPTP Problem
Do you still see ruleset_drop_packet messages about PPTP-CTL ?
BR, Alexandr Danilov
Re: PPTP Problem
Yes the error is always the same (and the only one I could find):
DropAll Notice RULE ruleset_drop_packet drop wan:82.xx.xx.xx:51619 192.168.0.1:1723 TCP
I tried the L2TP IPSEC (as the how-to) and works
The PPTP (as the how-to) works with many other Clavister
DropAll Notice RULE ruleset_drop_packet drop wan:82.xx.xx.xx:51619 192.168.0.1:1723 TCP
I tried the L2TP IPSEC (as the how-to) and works
The PPTP (as the how-to) works with many other Clavister
Re: PPTP Problem
Hello.
Some questions.
1. Are you using traffic shaping on this node?
2. Is it a continuous problem or does it start to happen after awhile? I.e after a reboot it works fine for a few days / attempts and then the problem starts.
3. When this problem occur, does the listening connection for the PPTP server exist? You can check this by using the console command "conn -destport 1723 -verbose". It should look something like this:
Best regards
/Peter
Some questions.
1. Are you using traffic shaping on this node?
2. Is it a continuous problem or does it start to happen after awhile? I.e after a reboot it works fine for a few days / attempts and then the problem starts.
3. When this problem occur, does the listening connection for the PPTP server exist? You can check this by using the console command "conn -destport 1723 -verbose". It should look something like this:
Code: Select all
TCP_NEW TCP core:0.0.0.0:0 core:192.168.1.40:1723 50
...term: core:0.0.0.0:0 core:192.168.1.40:1723 50
/Peter