View Single Post
  #3  
Old 24th January 2007, 17:25
steveomach3ww steveomach3ww is offline
Junior Member
 
Join Date: Feb 2006
Posts: 29
Thanks: 0
Thanked 0 Times in 0 Posts
Default Vpn Connection Problems

My network has a static outside ip address and a internal static of 192.168.1.1. Here is a copy of the syslog when i try to connect either with the firewall on or off.

Jan 24 09:14:10 mathesfire steveo: Shorewall Stopped
Jan 24 09:14:10 mathesfire steveo: Shorewall Cleared
Jan 24 09:14:21 mathesfire pptpd[16966]: CTRL: Client 12.169.XXX.XXX control connection started
Jan 24 09:14:21 mathesfire pptpd[16966]: CTRL: Starting call (launching pppd, opening GRE)
Jan 24 09:14:21 mathesfire pppd[16967]: pppd 2.4.4 started by root, uid 0
Jan 24 09:14:21 mathesfire pppd[16967]: using channel 7
Jan 24 09:14:21 mathesfire pppd[16967]: Using interface ppp0
Jan 24 09:14:21 mathesfire pppd[16967]: Connect: ppp0 <--> /dev/pts/1
Jan 24 09:14:21 mathesfire pppd[16967]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x6f0aa0af> <pcomp> <accomp>]
Jan 24 09:14:21 mathesfire pptpd[16966]: GRE: read(fd=7,buffer=80505a0,len=8260) from network failed: status = -1 error = Protocol not available
Jan 24 09:14:21 mathesfire pptpd[16966]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
Jan 24 09:14:21 mathesfire pptpd[16966]: CTRL: Reaping child PPP[16967]
Jan 24 09:14:22 mathesfire pppd[16967]: Modem hangup
Jan 24 09:14:22 mathesfire pppd[16967]: Connection terminated.
Jan 24 09:14:22 mathesfire pppd[16967]: Exit.
Jan 24 09:14:22 mathesfire pptpd[16966]: CTRL: Client 12.169.XXX.XXX control connection finished

root@mathesfire:/etc/shorewall# /etc/init.d/shorewall start
Starting "Shorewall firewall": done.
root@mathesfire:/etc/shorewall# tail -f /var/log/syslog
Jan 24 09:14:35 mathesfire pppd[18749]: Using interface ppp0
Jan 24 09:14:35 mathesfire pppd[18749]: Connect: ppp0 <--> /dev/pts/1
Jan 24 09:14:35 mathesfire pppd[18749]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xbb8ac80b> <pcomp> <accomp>]
Jan 24 09:14:35 mathesfire pptpd[18748]: GRE: xmit failed from decaps_hdlc: Operation not permitted
Jan 24 09:14:35 mathesfire pptpd[18748]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Jan 24 09:14:35 mathesfire pptpd[18748]: CTRL: Reaping child PPP[18749]
Jan 24 09:14:35 mathesfire pppd[18749]: Modem hangup
Jan 24 09:14:35 mathesfire pppd[18749]: Connection terminated.
Jan 24 09:14:35 mathesfire pppd[18749]: Exit.
Jan 24 09:14:35 mathesfire pptpd[18748]: CTRL: Client 12.169.XXX.XXX control connection finished


AND HERE IS THE SHOREWALL CONFIG FILE

################################################## #############################
# /etc/shorewall/shorewall.conf V3.0 - Change the following variables to
# match your setup
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# This file should be placed in /etc/shorewall
#
# (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net)
#
# >>>>>>>>>>>>> NOTE TO USERS UPGRADING FROM 2.x <<<<<<<<<<<<<<<<<<
#
# Most problems associated with upgrades come from two causes:
#
# - The user didn't read and follow the migration considerations in the
# release notes.
#
# - The user mis-handled the /etc/shorewall/shorewall.conf file during
# upgrade. Shorewall is designed to allow the default behavior of
# the product to evolve over time. To make this possible, the design
# assumes that you will not replace your current shorewall.conf file
# during upgrades. If you feel absolutely compelled to have the latest
# comments and options in your shorewall.conf then you must proceed
# carefully.
#
# The new/changed options in shorewall 3.0 are listed below. If you don't
# want to convert to the new 3.0 format for /etc/shorewall/zones and you
# don't want to replace your current rules that use 2.x builtin actions,
# then if you plan to use this copy of shorewall.conf file then you must
# change it as follows:
#
# - SPECFILE
#
# This file has IPSECFILE=zones. You want to set it to IPSECFILE=ipsec.
# This will indicate that your /etc/shorewall/zones file is in the
# pre-3.0 format.
#
# - FW
#
# This file has FW undefined. If you have named your firewall zone
# something other than 'fw' then you must set FW accordingly.
#
# - MAPOLDACTIONS
#
# This file has MAPOLDACTIONS=No. You want to set it to
# MAPOLDACTIONS=Yes in order to permit rules that use the 2.x builtin
# actions such as AllowPing to continue to work.
################################################## #############################
# S T A R T U P E N A B L E D
################################################## #############################
#
# Once you have configured Shorewall, you may change the setting of
# this variable to 'Yes'
#

STARTUP_ENABLED=Yes
################################################## #############################
# L O G G I N G
################################################## #############################
#
# General note about log levels. Log levels are a method of describing
# to syslog (8) the importance of a message and a number of parameters
# in this file have log levels as their value.
#
# These levels are defined by syslog and are used to determine the destination
# of the messages through entries in /etc/syslog.conf (5). The syslog
# documentation refers to these as "priorities"; Netfilter calls them "levels"
# and Shorewall also uses that term.
#
# Valid levels are:
#
# 7 debug
# 6 info
# 5 notice
# 4 warning
# 3 err
# 2 crit
# 1 alert
# 0 emerg
#
# For most Shorewall logging, a level of 6 (info) is appropriate. Shorewall
# log messages are generated by NetFilter and are logged using facility
# 'kern' and the level that you specifify. If you are unsure of the level
# to choose, 6 (info) is a safe bet. You may specify levels by name or by
# number.
#
# If you have built your kernel with ULOG target support, you may also
# specify a log level of ULOG (must be all caps). Rather than log its
# messages to syslogd, Shorewall will direct netfilter to log the messages
# via the ULOG target which will send them to a process called 'ulogd'.
# ulogd is available with most Linux distributions (although it probably isn't
# installed by default). Ulogd is also available from
# http://www.gnumonks.org/projects/ulogd and can be configured to log all
# Shorewall message to their own log file
################################################## #############################
#
# LOG FILE LOCATION
#
# This variable tells the /sbin/shorewall program where to look for Shorewall
# log messages. If not set or set to an empty string (e.g., LOGFILE="") then
# /var/log/messages is assumed.
#
# WARNING: The LOGFILE variable simply tells the 'shorewall' program where to
# look for Shorewall messages.It does NOT control the destination for
# these messages. For information about how to do that, see
#
# http://www.shorewall.net/shorewall_logging.html
#

LOGFILE=/var/log/messages

#
# LOG FORMAT
#
# Shell 'printf' Formatting template for the --log-prefix value in log messages
# generated by Shorewall to identify Shorewall log messages. The supplied
# template is expected to accept either two or three arguments; the first is
# the chain name, the second (optional) is the logging rule number within that
# chain and the third is the ACTION specifying the disposition of the packet
# being logged. You must use the %d formatting type for the rule number; if
# your template does not contain %d then the rule number will not be included.
#
# If you want to integrate Shorewall with fireparse, then set LOGFORMAT as:
#
# LOGFORMAT="fp=%s:%d a=%s "
#
# If not specified or specified as empty (LOGFORMAT="") then the value
# "Shorewall:%s:%s:" is assumed.
#
# CAUTION: /sbin/shorewall uses the leading part of the LOGFORMAT string (up
# to but not including the first '%') to find log messages in the 'show log',
# 'status' and 'hits' commands. This part should not be omitted (the
# LOGFORMAT should not begin with "%") and the leading part should be
# sufficiently unique for /sbin/shorewall to identify Shorewall messages.
#

LOGFORMAT="Shorewall:%s:%s:"

#
# LOG FORMAT Continued
#
# Using the default LOGFORMAT, chain names may not exceed 11 characters or
# truncation of the log prefix may occur. Longer chain names may be used with
# log tags if you set LOGTAGONLY=Yes. With LOGTAGONLY=Yes, if a log tag is
# specified then the tag is included in the log prefix in place of the chain
# name.
#

LOGTAGONLY=No

#
# LOG RATE LIMITING
#
# The next two variables can be used to control the amount of log output
# generated. LOGRATE is expressed as a number followed by an optional
# `/second', `/minute', `/hour', or `/day' suffix and specifies the maximum
# rate at which a particular message will occur. LOGBURST determines the
# maximum initial burst size that will be logged. If set empty, the default
# value of 5 will be used.
#

Last edited by steveomach3ww; 24th January 2007 at 17:32.
Reply With Quote