PPTP VPN Access

[MadTomT]

Hi

Can you advise how I allow a remote VPN connection to terminate on the 7800DX.
and if it's possible to only allow that VPN connection access to the Internet and ONE IP Address on the local LAN ?

If I have to allow full access to the LAN, I can live with that but would like to have locked it down a bit more.

Thanks

[billion_fan]

Hi

Can you advise how I allow a remote VPN connection to terminate on the 7800DX.
and if it's possible to only allow that VPN connection access to the Internet and ONE IP Address on the local LAN ?

If I have to allow full access to the LAN, I can live with that but would like to have locked it down a bit more.

Thanks

Attached is a screen shot showing you how to drop a PPTP connection.

Not sure about limited the client to ONE internal IP address though

[MadTomT]

Hi

Thanks for the reply. I think I worded my question badly

Can you advise how I allow a remote VPN connection to terminate on the 7800DX.
and if it's possible to only allow that VPN connection access to the Internet and ONE IP Address on the local LAN ?

What I should have asked is how do I configure the router to allow PPTP clients to connect to it (terminating on it) ?

In VPN -> VPN Accounts I've created and enabled an account.

In VPN -> PPTP -> PPTP Server -> I've configured the PPTP server and enabled it.

In the logs I see : (IP Address & Username masked)

Code: Select all

Jun 11 20:27:55 daemon info pptpd[19212]: CTRL: Client 129.xx.xx.xxx control connection started
Jun 11 20:27:55 daemon info pptpd[19212]: CTRL: Starting call (launching pppd, opening GRE)
Jun 11 20:27:55 daemon info pptpd[19212]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/dev/ttyp0)
Jun 11 20:27:55 daemon info syslog: Plugin /lib/pptpd-logwtmp.so loaded.
Jun 11 20:27:55 daemon notice syslog: pppv started
Jun 11 20:27:56 daemon info syslog: Using interface pppv0
Jun 11 20:27:56 daemon notice syslog: Connect: pppv0 <--> /dev/ttyp0
Jun 11 20:27:56 daemon err pptpd[19212]: GRE: Bad checksum from pppd.
Jun 11 20:27:56 daemon err pptpd[19212]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jun 11 20:27:56 daemon notice syslog: CHAP peer authentication succeeded for Wxxxxxxxxx
Jun 11 20:27:56 daemon err syslog: MPPE required but peer negotiation failed
Jun 11 20:27:56 daemon notice syslog: Connection terminated.
Jun 11 20:27:56 daemon info syslog: Connect time 0.0 minutes.
Jun 11 20:27:56 daemon info syslog: Sent 0 bytes, received 2 bytes.
Jun 11 20:27:56 daemon info syslog: Exit.
Jun 11 20:27:56 daemon err pptpd[19212]: GRE: read(fd=7,buffer=420e1c,len=8196) from PTY failed: status = -1 error = Error 5, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Jun 11 20:27:56 daemon err pptpd[19212]: CTRL: PTY read or GRE write failed (pty,gre)=(7,8)
Jun 11 20:27:56 daemon info pptpd[19212]: CTRL: Client 129.xx.xx.xxx control connection finished

The remote user gets PPTP Terminated and nothing connects.

Help

Thanks

[kmr1962]

I think the solution may be "option c" here
http://pptpclient.sourceforge.net/howto ... mppe_rbpnf

Or try setting the "Peer Encryption Mode" on the 7800 to "stateless only"

[MadTomT]

I think you might be right.

I found that page last night and then set the encryption key length from auto to 128.

After that I could VPN in from my phone via 3G, just waiting for the remote user to confirm its working for him.

If that is the case then it would suggest an issues with pptpd on the router in that it won't negotiate the encryption correctly.