= Windows VPN PPTP status = '''Let op: We raden het gebruik van PPTP af ivm veiligheid en andere praktische redenen. In plaats hiervan raden we de [wiki:howto/OpenVpnServer SYN-3 OpenVPN server] aan''' Hier ziet u een overzicht van alle actieve VPN PPTP sessies. = Probleem oplossing = Kijk eerst of u de instructies van deze pagina goed gevolgd heeft: [wiki:help/scc/pptp/editsettings] == Kan niet internetten vanuit Windows, zodra PPTP verbinding gemaakt is == Waarschijnlijk heeft u de firewall instellingen van de SYN-3 server niet goed staan, of de gateway instelling bij de tunnel in Windows. Volg methode 1 of 2 op deze pagina: [wiki:help/scc/pptp/editsettings] == Fout 800 in Windows bij het maken van verbinding == Meestal komt dit door verkeerde firewall instellingen, waardoor de TCP paketten op poort 1723 of GRE paketten niet aankomen. * Controleer of alle routers en firewalls op de weg poort 1723 TCP toelaten. * Controleer of alle routers en firewalls de speciale GRE paketten toestaan. Dit is een speciaal protocol en dus '''geen''' TCP of UDP. NAT routers hebben hier nogal eens problemen mee. U kunt met telnet controleren of poort 1723 beschikbaar is: {{{ r3m0t3h0st ~ # telnet 82.161.14.18 1723 Trying 82.161.14.18... Connected to 82.161.14.18. Escape character is '^]'. }}} Als deze poort te connecten is en u krijgt nog steeds fout 800, dan komen de GRE paketten niet goed over. == Tcpdump van een werkende verbinding == Hieronder een uitdraai van een correcte verbindings opbouw via pptp. Vooral de GRE paketten geven nogal eens problemen. Dit kunt u als leidraad gebruiken bij foutanalyse: {{{ root@syn3.server.nl ~# tcpdump -l -n -i eth1 tcp port 1723 or proto GRE tcpdump: WARNING: eth1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 68 bytes 12:44:23.389384 IP (ip windows).42906 > (ip syn3 server).1723: S 628441774:628441774(0) win 5840 12:44:23.391162 IP (ip syn3 server).1723 > (ip windows).42906: S 3878131842:3878131842(0) ack 628441775 win 5792 12:44:24.167643 IP (ip windows).42906 > (ip syn3 server).1723: . ack 1 win 5840 12:44:24.212601 IP (ip windows).42906 > (ip syn3 server).1723: P 1:157(156) ack 1 win 5840 : pptp [|pptp] 12:44:24.212705 IP (ip syn3 server).1723 > (ip windows).42906: . ack 157 win 6432 12:44:24.215001 IP (ip syn3 server).1723 > (ip windows).42906: P 1:157(156) ack 157 win 6432 : pptp [|pptp] 12:44:24.584567 IP (ip windows).42906 > (ip syn3 server).1723: . ack 157 win 6432 12:44:24.649449 IP (ip windows).42906 > (ip syn3 server).1723: P 157:325(168) ack 157 win 6432 : pptp [|pptp] 12:44:24.655420 IP (ip syn3 server).1723 > (ip windows).42906: P 157:189(32) ack 325 win 7504 : pptp [|pptp] 12:44:24.760576 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 0, length 41: LCP, Conf-Request (0x01), id 1, length 27 12:44:24.883231 IP (ip windows).42906 > (ip syn3 server).1723: P 325:349(24) ack 189 win 6432 : pptp [|pptp] 12:44:24.902917 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 0, length 37: LCP, Conf-Request (0x01), id 0, length 23 12:44:24.903215 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 1, ack 0, length 27: LCP, Conf-Reject (0x04), id 0, length 9 12:44:24.923179 IP (ip syn3 server).1723 > (ip windows).42906: . ack 349 win 7504 12:44:24.958618 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 1, ack 0, length 45: LCP, Conf-Ack (0x02), id 1, length 27 12:44:25.007238 IP (ip syn3 server) > (ip windows): GREv1, call 256, ack 1, no-payload, length 12 12:44:25.215910 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 2, ack 1, length 38: LCP, Conf-Request (0x01), id 1, length 20 12:44:25.216474 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 2, ack 2, length 38: LCP, Conf-Ack (0x02), id 1, length 20 12:44:25.216495 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 3, length 40: CHAP, Challenge (0x01), id 178, Value 748ee918be2d20b9ce5d13d676a44c[|chap] 12:44:25.460235 IP (ip windows).42906 > (ip syn3 server).1723: P 349:373(24) ack 189 win 6432 : pptp [|pptp] 12:44:25.460317 IP (ip syn3 server).1723 > (ip windows).42906: . ack 373 win 7504 12:44:25.500146 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 3, ack 2, length 36: LCP, Ident (0x0c), id 2, length 20 12:44:25.500618 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 4, ack 3, length 42: LCP, Code-Reject (0x07), id 2, length 24 12:44:25.515413 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 4, length 35: LCP, Ident (0x0c), id 3, length 23 12:44:25.515807 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 5, ack 4, length 45: LCP, Code-Reject (0x07), id 3, length 27 12:44:25.535140 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 5, ack 3, length 77: CHAP, Response (0x02), id 178, Value b4861c0a6d23151cbf9c87[|chap] 12:44:25.587155 IP (ip syn3 server) > (ip windows): GREv1, call 256, ack 5, no-payload, length 12 12:44:25.637748 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 6, length 60: CHAP, Success (0x03), id 178, Msg S=5C6A1C5EE09E13[|chap] 12:44:25.638361 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 7, length 24: unknown ctrl-proto (0x80fd), Conf-Request (0x01), id 1, length 12 12:44:25.900487 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 6, length 24: unknown ctrl-proto (0x80fd), Conf-Request (0x01), id 4, length 12 12:44:25.900718 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 7, length 48: IPCP, Conf-Request (0x01), id 5, length 36 12:44:25.901082 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 8, ack 7, length 28: unknown ctrl-proto (0x80fd), Conf-Nack (0x03), id 4, length 12 12:44:25.901098 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 9, length 18: IPCP, Term-Ack (0x06), id 5, length 6 12:44:25.916258 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 8, ack 7, length 28: unknown ctrl-proto (0x80fd), Conf-Ack (0x02), id 1, length 12 12:44:25.967009 IP (ip syn3 server) > (ip windows): GREv1, call 256, ack 8, no-payload, length 12 12:44:26.173223 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 9, ack 8, length 28: unknown ctrl-proto (0x80fd), Conf-Request (0x01), id 6, length 12 12:44:26.173986 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 10, ack 9, length 28: unknown ctrl-proto (0x80fd), Conf-Ack (0x02), id 6, length 12 12:44:26.174011 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 11, length 24: IPCP, Conf-Request (0x01), id 1, length 12 12:44:26.462499 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 10, ack 11, length 28: IPCP, Conf-Ack (0x02), id 1, length 12 12:44:26.511054 IP (ip syn3 server) > (ip windows): GREv1, call 256, ack 10, no-payload, length 12 12:44:27.900578 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 11, length 48: IPCP, Conf-Request (0x01), id 7, length 36 12:44:27.901058 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 12, ack 11, length 46: IPCP, Conf-Reject (0x04), id 7, length 30 12:44:28.161524 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 12, ack 12, length 28: IPCP, Conf-Request (0x01), id 8, length 12 12:44:28.161961 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 13, ack 12, length 28: IPCP, Conf-Nack (0x03), id 8, length 12 12:44:28.414999 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 13, ack 13, length 28: IPCP, Conf-Request (0x01), id 9, length 12 12:44:28.422793 IP (ip syn3 server) > (ip windows): GREv1, call 256, seq 14, ack 13, length 28: IPCP, Conf-Ack (0x02), id 9, length 12 12:44:28.753561 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 14, ack 14, length 61: compressed PPP data 12:44:28.802578 IP (ip syn3 server) > (ip windows): GREv1, call 256, ack 14, no-payload, length 12 12:44:28.820100 IP (ip windows) > (ip syn3 server): GREv1, call 384, seq 15, length 178: compressed PPP data ...verbinding is actief... }}} = Zie ook = * [wiki:help/scc/pptp/editsettings]