# VPN Connects But Can't Acccess Websites



## fahad (Oct 2, 2013)

Hello Guys,

I have installed pptpd vpn in ubuntu12.04 in a kvm VPS. Now I can connect to the vpn but i can't access any website.

When i connect i get this logs from /var/log/syslog


Oct  2 13:54:25 server1 pptpd[2180]: CTRL: Client 58.97.196.149 control connecti                             on started
Oct  2 13:54:26 server1 pptpd[2180]: CTRL: Starting call (launching pppd, openin                             g GRE)
Oct  2 13:54:26 server1 pppd[2181]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loade                             d.
Oct  2 13:54:26 server1 pppd[2181]: pppd 2.4.5 started by root, uid 0
Oct  2 13:54:26 server1 pppd[2181]: Using interface ppp0
Oct  2 13:54:26 server1 pppd[2181]: Connect: ppp0 <--> /dev/pts/0
Oct  2 13:54:26 server1 pptpd[2180]: GRE: Bad checksum from pppd.
Oct  2 13:54:29 server1 pppd[2181]: peer from calling number 58.97.196.149 autho                             rized
Oct  2 13:54:30 server1 pppd[2181]: MPPE 128-bit stateless compression enabled
Oct  2 13:54:31 server1 pppd[2181]: Cannot determine ethernet address for proxy ARP
Oct  2 13:54:31 server1 pppd[2181]: local  IP address 185.17.150.135
Oct  2 13:54:31 server1 pppd[2181]: remote IP address 192.168.0.234
Oct  2 13:54:31 server1 named[888]: received control channel command 'reconfig'
Oct  2 13:54:31 server1 named[888]: loading configuration from '/etc/bind/named.conf'
Oct  2 13:54:31 server1 named[888]: reading built-in trusted keys from file '/etc/bind/bind.key              s'
Oct  2 13:54:31 server1 named[888]: using default UDP/IPv4 port range: [1024, 65535]
Oct  2 13:54:31 server1 named[888]: using default UDP/IPv6 port range: [1024, 65535]
Oct  2 13:54:31 server1 named[888]: sizing zone task pool based on 5 zones
Oct  2 13:54:31 server1 named[888]: using built-in root key for view _default
Oct  2 13:54:31 server1 named[888]: Warning: 'empty-zones-enable/disable-empty-zone' not set: d              isabling RFC 1918 empty zones
Oct  2 13:54:31 server1 named[888]: reloading configuration succeeded
Oct  2 13:54:31 server1 named[888]: any newly configured zones are now loaded

Please help me.


----------



## WebSearchingPro (Oct 2, 2013)

Do you have the tutorial you used that you can link?


----------



## fahad (Oct 2, 2013)

WebSearchingPro said:


> Do you have the tutorial you used that you can link?



http://bit.ly/1dVZOI7


----------



## zim (Oct 2, 2013)

Make sure you have iptables NAT rules ( Physical Interfaces only do not include virtual (e.x. eth0:1))

Xen/KVM

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

OpenVZ

iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE

When you connect to your VPN, can you ping a public IP? can you ping the VPN VPS IP?


----------



## fahad (Oct 2, 2013)

zim said:


> Make sure you have iptables NAT rules ( Physical Interfaces only do not include virtual (e.x. eth0:1))
> 
> Xen/KVM
> 
> ...


I can by the ip , but by hostname(server1.domain.com) i can't.


----------



## fahad (Oct 2, 2013)

fahad said:


> I can by the ip , but by hostname(server1.domain.com) i can't.


I am getting new error.


```
Oct  2 15:01:08 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0x804
Oct  2 15:01:12 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0x97
Oct  2 15:01:12 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0xe5
Oct  2 15:01:17 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0x3ae8
Oct  2 15:01:18 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0xaafc
Oct  2 15:01:22 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0xc462
Oct  2 15:01:22 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0x15
Oct  2 15:01:27 server1 pppd[2252]: Protocol-Reject for unsupported protocol 'IP6 Header Compression' (0x4f)
Oct  2 15:01:43 server1 pppd[2252]: Protocol-Reject for unsupported protocol 'DCA Remote Lan' (0x47)
Oct  2 15:01:48 server1 pppd[2252]: Protocol-Reject for unsupported protocol 'IP6 Header Compression' (0x4f)
Oct  2 15:01:53 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0xf0ee
```


----------



## zim (Oct 2, 2013)

set the ms-dns in /etc/ppp/pptpd-options


ms-dns 8.8.8.8
ms-dns 8.8.4.4
more than likely they were commented out with # remove them. also in your client, you may need to select, use VPN DNS or something of the sort.

/etc/init.d/pptpd restart

and try connecting again.


----------



## fahad (Oct 2, 2013)

zim said:


> set the ms-dns in /etc/ppp/pptpd-options
> 
> 
> ms-dns 8.8.8.8
> ...


I have done that but showing above error when i try to access websites. I am trying from Android ...


----------



## zim (Oct 2, 2013)

Apparently your home connection is attempting IPv6 First. And the error is PPP rejecting the protocol.

Did you start with a fresh iptable? Are you blocking any ports on the VPN?


----------



## fahad (Oct 2, 2013)

zim said:


> Apparently your home connection is attempting IPv6 First. And the error is PPP rejecting the protocol.
> 
> Did you start with a fresh iptable? Are you blocking any ports on the VPN?


I have no idea about that ....  please explain how to know that ...


----------



## fahad (Oct 2, 2013)

Solution is:
 


#refuse-pap
#refuse-chap
#refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
#require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#require-mppe-128
# }}}
And no user/pass . So open VPN access ..  Only problem occurs by mppe


----------



## fahad (Oct 2, 2013)

Ok , I got the solution.

just give a # before require-mppe-128


----------

