amuck-landowner

VPN Connects But Can't Acccess Websites

fahad

Member
Hello Guys,

I have installed pptpd vpn in ubuntu12.04 in a kvm VPS. Now I can connect to the vpn but i can't access any website.

When i connect i get this logs from /var/log/syslog


Oct  2 13:54:25 server1 pptpd[2180]: CTRL: Client 58.97.196.149 control connecti                             on started
Oct  2 13:54:26 server1 pptpd[2180]: CTRL: Starting call (launching pppd, openin                             g GRE)
Oct  2 13:54:26 server1 pppd[2181]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loade                             d.
Oct  2 13:54:26 server1 pppd[2181]: pppd 2.4.5 started by root, uid 0
Oct  2 13:54:26 server1 pppd[2181]: Using interface ppp0
Oct  2 13:54:26 server1 pppd[2181]: Connect: ppp0 <--> /dev/pts/0
Oct  2 13:54:26 server1 pptpd[2180]: GRE: Bad checksum from pppd.
Oct  2 13:54:29 server1 pppd[2181]: peer from calling number 58.97.196.149 autho                             rized
Oct  2 13:54:30 server1 pppd[2181]: MPPE 128-bit stateless compression enabled
Oct  2 13:54:31 server1 pppd[2181]: Cannot determine ethernet address for proxy ARP
Oct  2 13:54:31 server1 pppd[2181]: local  IP address 185.17.150.135
Oct  2 13:54:31 server1 pppd[2181]: remote IP address 192.168.0.234
Oct  2 13:54:31 server1 named[888]: received control channel command 'reconfig'
Oct  2 13:54:31 server1 named[888]: loading configuration from '/etc/bind/named.conf'
Oct  2 13:54:31 server1 named[888]: reading built-in trusted keys from file '/etc/bind/bind.key              s'
Oct  2 13:54:31 server1 named[888]: using default UDP/IPv4 port range: [1024, 65535]
Oct  2 13:54:31 server1 named[888]: using default UDP/IPv6 port range: [1024, 65535]
Oct  2 13:54:31 server1 named[888]: sizing zone task pool based on 5 zones
Oct  2 13:54:31 server1 named[888]: using built-in root key for view _default
Oct  2 13:54:31 server1 named[888]: Warning: 'empty-zones-enable/disable-empty-zone' not set: d              isabling RFC 1918 empty zones
Oct  2 13:54:31 server1 named[888]: reloading configuration succeeded
Oct  2 13:54:31 server1 named[888]: any newly configured zones are now loaded

Please help me. :(
 

zim

The Invader
Verified Provider
Make sure you have iptables NAT rules ( Physical Interfaces only do not include virtual (e.x. eth0:1))

Xen/KVM

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

OpenVZ

iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE

When you connect to your VPN, can you ping a public IP? can you ping the VPN VPS IP?
 

fahad

Member
Make sure you have iptables NAT rules ( Physical Interfaces only do not include virtual (e.x. eth0:1))

Xen/KVM

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

OpenVZ

iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE

When you connect to your VPN, can you ping a public IP? can you ping the VPN VPS IP?
I can by the ip , but by hostname(server1.domain.com) i can't.
 

fahad

Member
I can by the ip , but by hostname(server1.domain.com) i can't.
I am getting new error.

Code:
Oct  2 15:01:08 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0x804
Oct  2 15:01:12 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0x97
Oct  2 15:01:12 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0xe5
Oct  2 15:01:17 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0x3ae8
Oct  2 15:01:18 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0xaafc
Oct  2 15:01:22 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0xc462
Oct  2 15:01:22 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0x15
Oct  2 15:01:27 server1 pppd[2252]: Protocol-Reject for unsupported protocol 'IP6 Header Compression' (0x4f)
Oct  2 15:01:43 server1 pppd[2252]: Protocol-Reject for unsupported protocol 'DCA Remote Lan' (0x47)
Oct  2 15:01:48 server1 pppd[2252]: Protocol-Reject for unsupported protocol 'IP6 Header Compression' (0x4f)
Oct  2 15:01:53 server1 pppd[2252]: Protocol-Reject for unsupported protocol 0xf0ee
 

zim

The Invader
Verified Provider
set the ms-dns in /etc/ppp/pptpd-options


ms-dns 8.8.8.8
ms-dns 8.8.4.4
more than likely they were commented out with # remove them. also in your client, you may need to select, use VPN DNS or something of the sort.

/etc/init.d/pptpd restart

and try connecting again.
 

fahad

Member
set the ms-dns in /etc/ppp/pptpd-options


ms-dns 8.8.8.8
ms-dns 8.8.4.4
more than likely they were commented out with # remove them. also in your client, you may need to select, use VPN DNS or something of the sort.

/etc/init.d/pptpd restart

and try connecting again.
I have done that but showing above error when i try to access websites. I am trying from Android ...
 

zim

The Invader
Verified Provider
Apparently your home connection is attempting IPv6 First. And the error is PPP rejecting the protocol.

Did you start with a fresh iptable? Are you blocking any ports on the VPN?
 

fahad

Member
Apparently your home connection is attempting IPv6 First. And the error is PPP rejecting the protocol.

Did you start with a fresh iptable? Are you blocking any ports on the VPN?
I have no idea about that .... :( please explain how to know that ...
 

fahad

Member
Solution is:
 


#refuse-pap
#refuse-chap
#refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
#require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#require-mppe-128
# }}}
And no user/pass . So open VPN access .. :( Only problem occurs by mppe :(
 
Top
amuck-landowner