I'm trying to connect to my corporate VPN using a laptop running Ubuntu 10.04. It's a company laptop but as I have chosen to run Linux rather than "a proper" OS, I'm mostly on-my-own as far as getting these things working. Normally that's OK because I am almost always successful – except this problem has had me stumped for several weeks now.
The problem is that I am unable to access the VPN from my home network. I am using the Gnome Network Manager interface to configure the PPTP connection but no matter what combination of options, domain\username formats, encryption options or authentication methods I select, I get the exact same behaviour, which is essentially a 10-second wait, and then a failure message.
I checked /var/log/daemon.log:
Aug 15 22:27:46 pc770-ubu NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...
Aug 15 22:27:46 pc770-ubu NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started (org.freedesktop.NetworkManager.pptp), PID 4595
Aug 15 22:27:46 pc770-ubu NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' just appeared, activating connections
Aug 15 22:27:50 pc770-ubu NetworkManager: <info> VPN plugin state changed: 3
Aug 15 22:27:50 pc770-ubu NetworkManager: <info> VPN connection 'VPN' (Connect) reply received.
Aug 15 22:27:50 pc770-ubu NetworkManager: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 15 22:27:50 pc770-ubu NetworkManager: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Aug 15 22:27:50 pc770-ubu pptp[4602]: nm-pptp-service-4595 log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Aug 15 22:27:50 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Aug 15 22:27:50 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Aug 15 22:27:50 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Aug 15 22:27:51 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Aug 15 22:27:51 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Aug 15 22:27:51 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 17382).
[ ** TEN SECOND DELAY ** ]
Aug 15 22:28:21 pc770-ubu NetworkManager: <info> VPN plugin failed: 1
Aug 15 22:28:21 pc770-ubu NetworkManager: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 15 22:28:21 pc770-ubu pptp[4602]: nm-pptp-service-4595 warn[decaps_hdlc:pptp_gre.c:204]: short read (-1): Input/output error
Aug 15 22:28:21 pc770-ubu pptp[4602]: nm-pptp-service-4595 warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log
Aug 15 22:28:21 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[callmgr_main:pptp_callmgr.c:234]: Closing connection (unhandled)
Aug 15 22:28:21 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
Aug 15 22:28:21 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
Aug 15 22:28:21 pc770-ubu NetworkManager: <info> VPN plugin failed: 1
Aug 15 22:28:21 pc770-ubu NetworkManager: <info> VPN plugin failed: 1
Aug 15 22:28:21 pc770-ubu NetworkManager: <info> VPN plugin state changed: 6
Aug 15 22:28:21 pc770-ubu NetworkManager: <info> VPN plugin state change reason: 0
Aug 15 22:28:21 pc770-ubu NetworkManager: <WARN> connection_state_changed(): Could not process the request because no VPN connection was active.
Aug 15 22:28:34 pc770-ubu NetworkManager: <debug> [1281868114.002900] ensure_killed(): waiting for vpn service pid 4595 to exit
Aug 15 22:28:34 pc770-ubu NetworkManager: <debug> [1281868114.002975] ensure_killed(): vpn service pid 4595 cleaned up
I was unable to determine how to enable extra debugging info in this log, so instead I manually created a very similar config for pppd and then started this with 'pon' (I've also verified that this manual configuration does connect to the VPN when I'm inside the corporate firewall):
$ sudo pon vpn debug dump logfd 2 nodetach
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
linkname vpn # (from /etc/ppp/peers/vpn)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
refuse-pap # (from /etc/ppp/options.pptp)
refuse-chap # (from /etc/ppp/options.pptp)
refuse-mschap # (from /etc/ppp/options.pptp)
refuse-eap # (from /etc/ppp/options.pptp)
name gnet\\dantliff # (from /etc/ppp/peers/vpn)
remotename vpn # (from /etc/ppp/peers/vpn)
# (from /etc/ppp/options.pptp)
pty pptp ***.***.***.*** --nolaunchpppd # (from /etc/ppp/peers/vpn)
crtscts # (from /etc/ppp/options)
# (from /etc/ppp/options)
asyncmap 0 # (from /etc/ppp/options)
lcp-echo-failure 4 # (from /etc/ppp/options)
lcp-echo-interval 30 # (from /etc/ppp/options)
hide-password # (from /etc/ppp/options)
ipparam vpn # (from /etc/ppp/peers/vpn)
proxyarp # (from /etc/ppp/options)
usepeerdns # (from /etc/ppp/peers/vpn)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
require-mppe # (from /etc/ppp/peers/vpn)
noipx # (from /etc/ppp/options)
using channel 7
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
LCP: timeout sending Config-Requests
Connection terminated.
Modem hangup
Waiting for 1 child processes...
script pptp ***.***.***.*** --nolaunchpppd , pid 4631
Script pptp ***.***.***.*** --nolaunchpppd finished (pid 4631), status = 0x0
I ran Wireshark to watch the traffic and it seems that no LCP replies are coming back to the client.
A bit more info:
-
the laptop is connecting to the Internet via a WiFi access point (bridge mode), then an ADSL router. PPTP pass-through is enabled on the ADSL router and Access Point.
-
if I connect the laptop to the ADSL with an ethernet cable (to eliminate the WiFi), there is no improvement.
-
another laptop (running Mac OSX) is able to connect to the VPN, via WiFi or cable.
-
another client, Windows7, is able to connect to the VPN via cable.
-
an iPhone is able to connect to the VPN via WiFi.
-
this laptop is able to connect to the VPN from inside the corporate firewall.
So I've got three other devices that are able to connect to the target PPTP VPN, and a laptop that can't, except when I move the laptop inside the target network, it can connect.
Any ideas what else I can try? I've tried methodically selecting various VPN options with no change in result. I've also read several Ubuntu Forum posts suggesting turning off EAP and that doesn't help either. I'm now at a loss how to fix this, and what will happen next is I'll be told by Management "we told you so", drop Linux and switch to a "proper" OS like Windows instead, which I really don't want to do.
Best Answer
Never found a solution - switched to OpenVPN instead and that works fine.