New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FS#1809 - 18.06.1 pptp not working. System log spammed with Protocol-Reject for unsupported protocol #6793
Comments
por: Did you install/load kmod-gre and kmod-mppe ? Apart from the issue, why not use another tunnelling protocol as PPTP is not a very good and safe one (in terms of security MPPE and MSCHAP aren't top notch), does your VPN provider only offer that protocol ? |
bill888: kmod-gre and kmod-mppe are present. HH5a is configured as per openwrt wiki. Security is not important for streaming application. PPTP offers faster speeds than OpenVPN which is reason for looking at it. I also tried 18.06.0-rc1 and encountered same behaviour, though system log did throw up an extra PPP: VJ uncompressed error message.
Sat Aug 25 05:08:06 2018 daemon.info dnsmasq-dhcp[1849]: DHCPREQUEST(br-lan) 192.168.111.222 00:24:e8:f6:2e:08
Sat Aug 25 05:08:06 2018 daemon.info dnsmasq-dhcp[1849]: DHCPACK(br-lan) 192.168.111.222 00:24:e8:f6:2e:08 PC
Sat Aug 25 05:08:19 2018 daemon.err uhttpd[1271]: luci: accepted login on / for root from 192.168.111.222
Adding noVJ to /etc/ppp/options.pptp did not solve original problem. I'll see if I can get hold of a different model of router to see if I can replicate the above behaviour. In the mean time, PPTP client appears to be unstable in 18.06 on BT Home Hub 5A. |
flfq: R6100 ADD but , not work |
flfq: I am all ok firewarl add and this install all crypto |
flfq: and reboot ! |
ThomasCr: I think you don't need a NAT helper for your OUTGOING packages (they are not using NAT at this place....) - but maybe I am wrong - and for routed (aka NAT) packages they get applied automatically (see iptables -L -vn -t raw) but lucky that you found the problem. |
bill888: I tried installing PPTP client again on 18.06.1 on HH5A I also added all the crypto packages
opkg update
opkg list |grep kmod-crypto |awk '{print $1}' |xargs opkg install
Unfortunately, it does not fix the problem for HH5A. |
bill888: I forgot to add, one difference from 3 weeks ago, is the system log is no longer spammed with "Protocol-Reject" messages causing log to overfill. Instead, there is just one single "Protocol-Reject" message in the system log. I can only speculate this change in behaviour is as a result of installing all the crypto packages. |
bill888:
BT Home Hub 5A (Lantiq)
OpenWRT 18.06.1
WAN port configured with static IP and wired to existing LAN.
Packages:
ppp-mod-pptp
kmod-nf-nathelper-extra
luci-proto-ppp
pptp won't work on 18.06.1 without this fix:
https://bugs.openwrt.org/index.php?do=details&task_id=1646&order=id&sort=desc&order2=severity&sort2=desc
ie. install:
kmod-ipt-raw
Following added to /etc/firewall/user
iptables -t raw -A OUTPUT -p tcp -m tcp --dport 1723 -j CT --helper pptp
Same symptoms with two different VPN providers.
Hub connects to VPN provider. Acquires working IP.
I can visit whatismyipaddress.com to verify VPN is working.
I may then be able to browse to another website for a few seconds or a minute or two before VPN stops working.
Example of system log at time the VPN fails.
Fri Aug 24 06:34:03 2018 daemon.notice netifd: Interface 'VPN' is setting up now
Fri Aug 24 06:34:04 2018 daemon.info pppd[2442]: Plugin pptp.so loaded.
Fri Aug 24 06:34:04 2018 daemon.info pppd[2442]: PPTP plugin version 1.00
Fri Aug 24 06:34:04 2018 daemon.notice pppd[2442]: pppd 2.4.7 started by root, uid 0
Fri Aug 24 06:34:05 2018 kern.info kernel: [ 108.753519] pptp-VPN: renamed from ppp0
Fri Aug 24 06:34:05 2018 daemon.info pppd[2442]: Using interface pptp-VPN
Fri Aug 24 06:34:05 2018 daemon.notice pppd[2442]: Connect: pptp-VPN <--> pptp (*** removed ***)
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: CHAP authentication succeeded
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: MPPE 128-bit stateless compression enabled
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: local IP address 10.220.0.6
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: remote IP address 10.220.0.1
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: primary DNS address 10.220.0.1
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: secondary DNS address 10.220.0.1
Fri Aug 24 06:34:06 2018 daemon.notice netifd: Network device 'pptp-VPN' link is up
Fri Aug 24 06:34:06 2018 daemon.notice netifd: Interface 'VPN' is now up
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: reading /tmp/resolv.conf.auto
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain test
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain onion
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain localhost
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain local
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain invalid
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain bind
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain lan
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using nameserver 10.220.0.1#53
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using nameserver 8.8.8.8#53
Fri Aug 24 06:34:06 2018 user.notice firewall: Reloading firewall due to ifup of VPN (pptp-VPN)
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x2efb
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xa0bb
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xe9
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x9c89
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x9046
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xd
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x8b
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 'IP6 Header Compression' (0x4f)
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xd851
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xc4ee
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x17
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x34cf
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 'IP6 Header Compression' (0x4f)
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xad
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x47
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x1441
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xfec8
(If I use LEDE 17.01.4 without the kmod-ipt-raw and iptables fix, pptp vpn works fine)
The text was updated successfully, but these errors were encountered: