Hosting a PPTP VPN server
3,208 views
Skip to first unread message
Kai Bolay
Aug 12, 2014, 1:57:29 PM8/12/14
to gce-dis...@googlegroups.com
Hi!
I'm trying to host a PPTP VPN server on GCE.
I believe I've correctly configured the instance:
- enabled IP forwarding when creating the instance
- up-to-date backports-debian-7-wheezy
- configured GCE firewall: 0.0.0.0/0 tcp:1723,udp:1723,tcp:47,udp:47,icmp
- installed pptpd
- configured pptpd
- enabled IP forwarding: "net.ipv4.ip_forward=1" in /etc/sysctl.conf
- enabled IP forwarding: "1" in /proc/sys/net/ipv4/ip_forward
- configured iptables:
iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s
192.168.192.0/24 -j TCPMSS --clamp-mss-to-pmtu
But still no luck. When I try to connect from the outside I see (in
/var/log/syslog):
Aug 12 17:26:07 vps pptpd[2597]: CTRL: Client 104.132.4.106 control
connection started
Aug 12 17:26:07 vps pptpd[2597]: CTRL: Starting call (launching pppd,
opening GRE)
Aug 12 17:26:07 vps pppd[2598]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Aug 12 17:26:07 vps pppd[2598]: pppd 2.4.5 started by kbolay, uid 0
Aug 12 17:26:07 vps pppd[2598]: Using interface ppp0
Aug 12 17:26:07 vps pppd[2598]: Connect: ppp0 <--> /dev/pts/2
Aug 12 17:26:07 vps pptpd[2597]: GRE: Bad checksum from pppd.
Aug 12 17:26:37 vps pppd[2598]: LCP: timeout sending Config-Requests
Aug 12 17:26:37 vps pppd[2598]: Connection terminated.
Aug 12 17:26:37 vps pppd[2598]: Modem hangup
Aug 12 17:26:37 vps pppd[2598]: Exit.
Aug 12 17:26:37 vps pptpd[2597]: GRE:
read(fd=6,buffer=7f8bcb428400,len=8196) from PTY failed: status = -1
error = Input/output error, usually caused by unexpected termination
of pppd, check option syntax and pppd logs
Aug 12 17:26:37 vps pptpd[2597]: CTRL: PTY read or GRE write failed
(pty,gre)=(6,7)
Aug 12 17:26:37 vps pptpd[2597]: CTRL: Reaping child PPP[2598]
Aug 12 17:26:37 vps pptpd[2597]: CTRL: Client 104.132.4.106 control
connection finished
I've found https://code.google.com/p/google-compute-engine/issues/detail?id=66
(VPN PPTP Server GRE: Bad checksum from pppd.) - so other people seem
to have the same problem.
Is there a way to make it work?
Thanks, Kai
I'm trying to host a PPTP VPN server on GCE.
I believe I've correctly configured the instance:
- enabled IP forwarding when creating the instance
- up-to-date backports-debian-7-wheezy
- configured GCE firewall: 0.0.0.0/0 tcp:1723,udp:1723,tcp:47,udp:47,icmp
- installed pptpd
- configured pptpd
- enabled IP forwarding: "net.ipv4.ip_forward=1" in /etc/sysctl.conf
- enabled IP forwarding: "1" in /proc/sys/net/ipv4/ip_forward
- configured iptables:
iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s
192.168.192.0/24 -j TCPMSS --clamp-mss-to-pmtu
But still no luck. When I try to connect from the outside I see (in
/var/log/syslog):
Aug 12 17:26:07 vps pptpd[2597]: CTRL: Client 104.132.4.106 control
connection started
Aug 12 17:26:07 vps pptpd[2597]: CTRL: Starting call (launching pppd,
opening GRE)
Aug 12 17:26:07 vps pppd[2598]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Aug 12 17:26:07 vps pppd[2598]: pppd 2.4.5 started by kbolay, uid 0
Aug 12 17:26:07 vps pppd[2598]: Using interface ppp0
Aug 12 17:26:07 vps pppd[2598]: Connect: ppp0 <--> /dev/pts/2
Aug 12 17:26:07 vps pptpd[2597]: GRE: Bad checksum from pppd.
Aug 12 17:26:37 vps pppd[2598]: LCP: timeout sending Config-Requests
Aug 12 17:26:37 vps pppd[2598]: Connection terminated.
Aug 12 17:26:37 vps pppd[2598]: Modem hangup
Aug 12 17:26:37 vps pppd[2598]: Exit.
Aug 12 17:26:37 vps pptpd[2597]: GRE:
read(fd=6,buffer=7f8bcb428400,len=8196) from PTY failed: status = -1
error = Input/output error, usually caused by unexpected termination
of pppd, check option syntax and pppd logs
Aug 12 17:26:37 vps pptpd[2597]: CTRL: PTY read or GRE write failed
(pty,gre)=(6,7)
Aug 12 17:26:37 vps pptpd[2597]: CTRL: Reaping child PPP[2598]
Aug 12 17:26:37 vps pptpd[2597]: CTRL: Client 104.132.4.106 control
connection finished
I've found https://code.google.com/p/google-compute-engine/issues/detail?id=66
(VPN PPTP Server GRE: Bad checksum from pppd.) - so other people seem
to have the same problem.
Is there a way to make it work?
Thanks, Kai
Kai Bolay
Aug 12, 2014, 3:27:23 PM8/12/14
to gce-dis...@googlegroups.com
On Tue, Aug 12, 2014 at 1:57 PM, I wrote:
> - configured GCE firewall: 0.0.0.0/0 tcp:1723,udp:1723,tcp:47,udp:47,icmp
There's actually no need to open port 1723 for udp or port 47 for
> - configured GCE firewall: 0.0.0.0/0 tcp:1723,udp:1723,tcp:47,udp:47,icmp
anything. I somehow need to enable protocol 47 (GRE) somehow, though.
Faizan
Aug 12, 2014, 3:30:25 PM8/12/14
to gce-dis...@googlegroups.com
Hello Kai,
As per this article seems like GRE traffic in GCE is not allowed.
Kai Bolay
Aug 14, 2014, 11:34:20 AM8/14/14
to gce-dis...@googlegroups.com
On Tue, Aug 12, 2014 at 3:30 PM, Faizan <faizan....@gmail.com> wrote:
As per this article seems like GRE traffic in GCE is not allowed.
Thanks for the link. Unfortunately the article just points out what is supported, but doesn't explicitly state that GRE is not supported. I think it would make sense to a least cover the most common protocols explicitly. I'm assuming that I'm not the only one trying to set up a PPTP server.
The "good" news is that I was able to set up a PPTP server on Amazon's EC2 without any problem in less than 20 minutes... I hope GCE will be able to catch up soon and start supporting GRE.
Kai
Reply all
Reply to author
Forward
0 new messages