Piratpartiets mötesplattform


Svara
 
Ämnesverktyg Sök i det här ämnet Visningsalternativ
  (#1) Gammal
marthafokker Inte uppkopplad
 
Inlägg: 2
Reg.datum: Dec 2006
Standard relakks on linux low mtu suddenly causes protocol-reject errors [Solved] - 2006-12-21, 01:29

Hey guys I've been using the relakks vpn service on a linux box for a few months now and after a shaky start the service has been stable and fast since they upgraded their hardware last month. Well after a month of trouble free service my vpn connection crawled to a halt and my logs showed numerous







Citat:
Protocol-Reject for unsupported protocol 0xXXXX






errors and the debug output showed even more







Citat:
LCP ProtRej id=0xXXXX






errors.







I hadn't changed anything on my machine or router at all so I began to suspect a problem with the relakks servers again. After much experimentation I discovered that tweaking my mtu/mru settings got rid of the problem. I had been using 1200 for my mtu/mru settings in the pppd options because higher settings would cause the vpn tunnel to disconnect but now i find i need to set it as high as i can go to prevent the protocol-reject errors. I settled on 1400 as a safe setting at first and it seemed to work fine for a few hours but the errors came back and now I have pushed it up to 1450 which is as high as i can go before the connection starts dropping as soon as it is established. The errors seemed to have gone away but I have nagging feeling that they might come back again.







I'm wondering if anyone has experienced this problem as well because i can't find a reference to this on the few forums that i have been searching.







Update. I'm now not able to get a functioning vpn tunnel and am, getting the above Protocol-Reject errors in the pppd logs. I've set the mtu to the maximum i can go which is 1496 and it's not helping anymore. Setting them lower also doesn't fix the problem. I borrowed a windows XP machine and hooked it up to the same router and it was able to establish a vpn connection with the pptp server and i could connect fine through the tunnel. I'm now suspecting something was changed on the relakks servers which is causing a compatibility problem with the linux pptp client though i can't find any mention of this by other linux/relakks users online so it could still be caused by my ISP.







The pptpclient diagnosis page







http://pptpclient.sourceforge.net/ho...#lcp_protrej_1







suggests that there is a problem with the encryption caused by an incompatible mppe/mppc kernel module but i haven't recompiled my kernel and haven't upgraded my pppd or pptpclient packages since when it was working fine last week. This leaves me to suspect either a server misconfiguration or my ISP's routers misbehaving in some way.







So i'm hoping there are more than a few linux users on this forum who could give me some feedback about whether they've come across a similar problem and if they've come up with a solution. I've already emailed relakks' tech support and am waiting a response.







Thanks



Edit:



Okay it turns out to have been the route creation scripts in my /etc/ppp/ip-up file. I had put the code at the end of the file and moving it to the start of the file solved the problem. Can't figure out why it was working for the couple of months it was though.



   
Svara med citat
  (#2) Gammal
sebbla Inte uppkopplad
 
Inlägg: 3
Reg.datum: Jan 2007

Länk: #65843
Standard RE: relakks on linux low mtu suddenly causes protocol-reject errors [Solved] - 2007-01-17, 01:01

I experience exactly the same problem... I think i've set up my routes accoring to the pinned post by tephlon, but I receive these strage "Protocol-Reject" messages and cannot tunnel any data... I tried the setup on two relatively modern Debian machines (kernel 2.6.15 and 2.6.18)



Because you suggested it could be a timing issue, I placed some pauses between the different route commands. After the command which establishes the route to my remote ppp endpoint the first "Protocol-Reject" messages occur.



route add -host 83.233.168.7/32 gw 192.168.17.1 dev eth0



After setting up the tunnel as default gateway, every second a new message appears in syslog

route add default ppp0



I tried to mix the order of the route setting (delete first, the add) but the symptoms are the same



I would really appreciate if you could give me a hint, how you got it to work....



Cheers



BTW, my routes after setting up the tunnel are:



Destination Gateway Genmask Flags Metric Ref Use Iface

83.233.168.7 192.168.17.1 255.255.255.255 UGH 0 0 0 eth0

[... analog routes to other relakks pptp hosts ...]

192.168.17.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0



And ifconfig ppp0 shows:

inet addr:83.233.169.36 P-t-P:83.233.168.7 Mask:255.255.255.255


   
Svara med citat
  (#3) Gammal
tephlon Inte uppkopplad
 
Inlägg: 18
Reg.datum: Jun 2006

Länk: #65857
Standard RE: relakks on linux low mtu suddenly causes protocol-reject errors [Solved] - 2007-01-17, 12:09

I'm also very interested in a solution to the Protocol-Reject issue. I haven't had any problems with that since september, but it would be nice to be able to solve it, should it come up again.



I've googled for a bit, and couldn't really find anything useful. I found a tip on http://poptop.sourceforge.net/dox/source-howto.html (same document at http://home.swbell.net/berzerke/2.4_...PTPD-HOWTO.txt), saying that one should add "mppe-stateless" to options.pptp. I have no idea if it works, but if it does please post
   
Svara med citat
  (#4) Gammal
sebbla Inte uppkopplad
 
Inlägg: 3
Reg.datum: Jan 2007

Länk: #65911
Standard RE: relakks on linux low mtu suddenly causes protocol-reject errors [Solved] - 2007-01-18, 00:26

Ok, got it working. Here's my story:



As you described in another post, you used arch linux. So I installed the same distribution to see if they use e.g. another pptp implementation. But I ran in exactly the same problems with arch linux as with Debian. I tried to set other mtu / mru values, connect directly to the internet, configure the stateles flag... but nothing worked. Then, after a few hours of testing, I found out, that when the system is rebootet, the tunnel can be esablished (hmmm...). Since a reboot is not the best solution I found out that a simple unload of the kernel modules for ppp does the same. So I added to the stop section of your script the following line:



modprobe -r ppp_mppe ppp_async ppp_generic



Naturally, the start section needs the following line added:

modprobe ppp_mppe



Now the link works and can be restartet. Only my syslog gets filled with messages like:

pptp[2715]: anon log[decaps_gre:pptp_gre.c:407]: buffering packet 326128 (expecting 326056, lost or reordered)

... but I ignore them bravely :-)



This works on Debian etch too.



Currently I'm working on a watchdog script for the line, because the tunnel seems not really reliable, it stops accepting packet ca once an hour.
   
Svara med citat
  (#5) Gammal
tephlon Inte uppkopplad
 
Inlägg: 18
Reg.datum: Jun 2006

Länk: #65913
Standard RE: relakks on linux low mtu suddenly causes protocol-reject errors [Solved] - 2007-01-18, 01:13

Reloading modules? Gah...



Yeah, I'm filtering out the "buffering packet" logs, I get loads of them too. They're not very interesting.



The tunnel dies for me too, now and again, but not as often as once every hour. It's working on the order of days at a time for me. But I've noticed that if there is no traffic regularly in the tunnel, it dies. Maybe that's the case with your tunnel? Watchdogs are good. Maybe start a kennel? Bah, sorry
   
Svara med citat
  (#6) Gammal
sebbla Inte uppkopplad
 
Inlägg: 3
Reg.datum: Jan 2007

Länk: #65914
Standard RE: relakks on linux low mtu suddenly causes protocol-reject errors [Solved] - 2007-01-18, 01:52

Yes i'm aware that they cut the line when no traffic is there. But i'm actually logged in via the tunnel and doing things on the machine when it's happening...



Seems to me that we are experiencing a rare incompatibility between linux pptp and the server software relakks uses. I hope relakks won't change their setup because it works now more or less. Maybe I can figure enough to fill a bug report...



My watchdog script, maybe OT



start it with nohup scriptname.sh







#/bin/sh

#

# simple watchdog script to keep tunnel up



# interval to wait between link test (seconds)

interval=60

# command to execute when testing link

# must return 0 on success

check="host www.riaa.com"

# logfile, use /dev/null when not needed

log="/var/log/watchdog.log"

# command to execute when watchdog is triggered

action="/root/relakks.sh restart"



touch $log

echo `date`: watchdog starting



while (true)

do

$check > /dev/null

ret=$?

if [ 0 -ne $ret ]

then

echo `date`: watchdog triggered [$ret] >> $log

$action > /dev/null

else

echo `date`: watchdog ok. >> $log

fi

sleep $interval

done
   
Svara med citat
  (#7) Gammal
marthafokker Inte uppkopplad
 
Inlägg: 2
Reg.datum: Dec 2006

Länk: #65965
Standard RE: relakks on linux low mtu suddenly causes protocol-reject errors [Solved] - 2007-01-18, 18:57

I'd never thought to reload the kernel modules but the following at the top of my /etc/ppp/ip-up script works for me :







route del -host pptp.relakks.com



route add -host pptp.relakks.com gw $MYROUTERIP dev eth0



route del default



route add default gw $4 dev ppp0







My /etc/ppp/ip-down has the following at the top of the file:







route del default



route add default gw $MYROUTERIP dev eth0



route del pptp.relakks.com







Obviously u need to replace $MYROUTERIP with the ip address of your router. Also u might want to add an entry in /etc/hosts for pptp.relakks.com because it is load balanced between six servers with the following ips:







83.233.168.2



83.233.168.3



83.233.168.4



83.233.168.5



83.233.168.6



83.233.168.7







Pick one of the above ips and either add a /etc/hosts entry for it(recommended) or hard code it into your ip-up/ip-down scripts and also your pppd connect script. This is because each consecutive DNS lookup of the hostname pptp.relakks.com returns a different ip from the above list so you might end up with a tunnel to one ip and have your routes setup to a different one which will render your tunnel useless.







I still get the occasional Protocol-Reject error but i usually only need to bring down the tunnel and bring it up again to fix it. My mru/mtu setting is 1404 and if refreshing the tunnel doesn't work, resetting my router's connection to my ISP almost always fixes the problem.







Cheers
   
Svara med citat
  (#8) Gammal
doriangray Inte uppkopplad
 
Inlägg: 2
Reg.datum: Feb 2007

Länk: #67146
Standard RE: relakks on linux low mtu suddenly causes protocol-reject errors [Solved] - 2007-02-08, 04:14

Hi!

cool to know that I am not the only one having a heavily flooded syslog and daemon.log :-)

So, as far as I could find out, the pptp_grep:407 lines are not really critical - my connection is running

quite well. I do, however, have a problem with all these senseless error messages as I dont

want to change the way my system is rotating my logfiles.



Does anyone have an idea how to stop the pptp-linux app from flooding my logfiles? I mean, except filtering

permanently the unwanted lines out of the logs.



Thanks for any suggestions...



Dorian
   
Svara med citat
  (#9) Gammal
doriangray Inte uppkopplad
 
Inlägg: 2
Reg.datum: Feb 2007

Länk: #67415
Standard RE: relakks on linux low mtu suddenly causes protocol-reject errors [Solved] - 2007-02-10, 01:45

found a solution for the flooded-logfiles problem:



I simply took the source of my pptp-application (networkmanager-gnome with pptp-linux) and removed all the syscalls.

then I ran it through dpkg-source and updated my current version. now everything works fine and the bloody messages

are gone...
   
Svara med citat
  (#10) Gammal
the5cardstud Inte uppkopplad
 
Inlägg: 2
Reg.datum: May 2007

Länk: #81205
Standard RE: relakks on linux low mtu suddenly causes protocol-reject errors [Solved] - 2007-09-07, 16:17

I'm using Windows (don't scoff, I'm a Linux guy, I'm just using Windows ATM).



I also get the Protocol Rejects as the connection dies and must be reconnected. I suspect it's something at their end and not at the customer's end.



It's strange -- I can sometimes go 1-2 days without a disconnect, and sometimes I cannot go 15 minutes.
   
Svara med citat
Svara

Ämnesverktyg Sök i det här ämnet
Sök i det här ämnet:

Avancerad sökning
Visningsalternativ

Regler för att posta
Du får inte posta nya ämnen
Du får inte posta svar
Du får inte posta bifogade filer
Du får inte redigera dina inlägg

BB-kod är
Smilies är
[IMG]-kod är
HTML-kod är av


Liknande ämnen
Ämne Startat av Forum Svar Senaste inlägg
9/11 third tower mystery 'solved' Qer Övrig diskussion 1 2008-07-10 16:04
World publics reject torture Dennis Nilsson PP i media 0 2008-06-27 22:33
Relakks and the Linux command line tephlon Relakks 13 2007-09-28 01:44
Relakks L2TP Linux Debian ph00 Relakks 1 2006-12-19 23:38
Relakks och linux xor Relakks 5 2006-08-18 10:41



Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Svensk översättning av: Anders Pettersson
vBulletin Skin developed by: vBStyles.com