10.10. Troubleshooting PPTP

Problem

You're having trouble establishing a connection from a Windows client to your Linux Poptop server. What do you do?

Solution

First, make sure your pptp server is running with the netstat command:

	# netstat -untap | grep pptp
	tcp 0 0    0.0.0.0:1723   0.0.0.0:*   LISTEN   12893/pptpd

Then, use the good old ping command to test connectivity. When that's established, your Windows client error messages can be helpful. Figure 10-2 shows what it looks like on Windows XP when the server is unreachable.

You can take the number of the error message and look it up online, because Windows uses the standard Remote Access Server (RAS) error codes.

Next, make sure your firewall isn't blocking your VPN. The easy but scary way is to turn it off. Another way to do this for an iptables firewall is to run the fw_status script (see Chapter 3), and look for lines like these:

	Chain PREROUTING (policy ACCEPT 74530 packets, 7108K bytes)
	num   pkts bytes target     prot opt in     out     source        destination
	1  0  0 DNAT   tcp  --  eth1 any  anywhere   foo.net tcp dpt:1723 to:192.168.1.10
	2  0  0 DNAT   gre  --  eth1 any  anywhere   foo.net to:192.168.1.10
	7  0  0 ACCEPT tcp  --  eth1 eth0 anywhere   xena.alrac.net  tcp dpt:1723 state
	NEW,RELATED,ESTABLISHED
	8  0  0 ACCEPT gre  --  eth1 eth0 anywhere   xena.alrac.net  state
	NEW,RELATED,ESTABLISHED

You can check your destination address, state matches, interfaces name, and protocol matches.

Enabling the dump and debug options in /etc/pptpd.conf generates bales of helpful output in /var/log/debug and /var/log/messages.

This particular error plagues Ubuntu Edgy Eft users, and possibly users of some other Debian-derived distributions as well.

Windows XP cannot find the PPTP server

Figure 10-2. Windows XP cannot find the PPTP server

	April 17 08:19:31 router3 pptpd[6762]: CTRL: Starting call (launching pppd, opening
	GRE)
	April 17 08:19:31 router3 pppd[6763]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for
	pppd version 2.4.3, this is 2.4.4
	April 17 08:19:31 router3 pptpd[46762]: GRE: read(fd=6,buffer=6808440,len=8196) from
	PTY failed: status = -1 error = Input/output error, usually caused by unexpected
	termination of pppd, check option syntax and pppd logs

Your clients won't be able to establish a connection, and typically will get various unhelpful error messages. The problem is a version mismatch between ppp and logwtmp. A quick fix is to comment it out in /etc/pptpd.conf:

	#logwtmp

But then, you won't be able to monitor your pptp server with the who and last commands. To fix it, you need to download the source code for pptpd, edit a header file, then compile and install the new binary. It's really not hard, just change to the root user, and follow these steps:

	# cd
	# apt-get install libwrap0-dev debhelper
	# apt-get source pptpd
	# cd pptpd-1.3.0/plugins

Open the patchlevel.h file with your favorite editor and change this line:

	#define VERSION "2.4.3"

to:

	#define VERSION "2.4.4"

Save the file and exit. Then, run these commands:

	# cd ../..
	# apt-get -b source pptpd
	# dpkg -i pptpd_1.3.0-1ubuntu1_i386.deb
	# dpkg -i bcrelay_1.3.0-1ubuntu1_i386.deb

And that's all there is to it. Double-check your configurations, which should not have been touched, and everything should work.

Discussion

Hopefully, this version mismatch will not exist by the time you read this.

Here are some other things to look for:

See Also