Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#1809 - 18.06.1 pptp not working. System log spammed with Protocol-Reject for unsupported protocol #6793

Closed
openwrt-bot opened this issue Aug 24, 2018 · 8 comments
Labels

Comments

@openwrt-bot
Copy link

bill888:

BT Home Hub 5A (Lantiq)
OpenWRT 18.06.1
WAN port configured with static IP and wired to existing LAN.

Packages:
ppp-mod-pptp
kmod-nf-nathelper-extra
luci-proto-ppp

pptp won't work on 18.06.1 without this fix:
https://bugs.openwrt.org/index.php?do=details&task_id=1646&order=id&sort=desc&order2=severity&sort2=desc

ie. install:
kmod-ipt-raw

Following added to /etc/firewall/user
iptables -t raw -A OUTPUT -p tcp -m tcp --dport 1723 -j CT --helper pptp

Same symptoms with two different VPN providers.

Hub connects to VPN provider. Acquires working IP.
I can visit whatismyipaddress.com to verify VPN is working.
I may then be able to browse to another website for a few seconds or a minute or two before VPN stops working.

Example of system log at time the VPN fails.

Fri Aug 24 06:34:03 2018 daemon.notice netifd: Interface 'VPN' is setting up now
Fri Aug 24 06:34:04 2018 daemon.info pppd[2442]: Plugin pptp.so loaded.
Fri Aug 24 06:34:04 2018 daemon.info pppd[2442]: PPTP plugin version 1.00
Fri Aug 24 06:34:04 2018 daemon.notice pppd[2442]: pppd 2.4.7 started by root, uid 0
Fri Aug 24 06:34:05 2018 kern.info kernel: [ 108.753519] pptp-VPN: renamed from ppp0
Fri Aug 24 06:34:05 2018 daemon.info pppd[2442]: Using interface pptp-VPN
Fri Aug 24 06:34:05 2018 daemon.notice pppd[2442]: Connect: pptp-VPN <--> pptp (*** removed ***)
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: CHAP authentication succeeded
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: MPPE 128-bit stateless compression enabled
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: local IP address 10.220.0.6
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: remote IP address 10.220.0.1
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: primary DNS address 10.220.0.1
Fri Aug 24 06:34:06 2018 daemon.notice pppd[2442]: secondary DNS address 10.220.0.1
Fri Aug 24 06:34:06 2018 daemon.notice netifd: Network device 'pptp-VPN' link is up
Fri Aug 24 06:34:06 2018 daemon.notice netifd: Interface 'VPN' is now up

Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: reading /tmp/resolv.conf.auto
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain test
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain onion
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain localhost
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain local
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain invalid
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain bind
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using local addresses only for domain lan

Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using nameserver 10.220.0.1#53
Fri Aug 24 06:34:06 2018 daemon.info dnsmasq[1925]: using nameserver 8.8.8.8#53
Fri Aug 24 06:34:06 2018 user.notice firewall: Reloading firewall due to ifup of VPN (pptp-VPN)
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x2efb
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xa0bb
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xe9
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x9c89
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x9046
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xd
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x8b
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 'IP6 Header Compression' (0x4f)
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xd851
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xc4ee
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x17
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x34cf
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 'IP6 Header Compression' (0x4f)
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xad
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x47
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0x1441
Fri Aug 24 06:34:24 2018 daemon.warn pppd[2442]: Protocol-Reject for unsupported protocol 0xfec8

(If I use LEDE 17.01.4 without the kmod-ipt-raw and iptables fix, pptp vpn works fine)

@openwrt-bot
Copy link
Author

por:

Did you install/load kmod-gre and kmod-mppe ?
Maybe also the GRE protocol (47) needs to be explicitly allowed in the firewall.
Also see https://openwrt.org/docs/guide-user/services/vpn/client.pptp

Apart from the issue, why not use another tunnelling protocol as PPTP is not a very good and safe one (in terms of security MPPE and MSCHAP aren't top notch), does your VPN provider only offer that protocol ?

@openwrt-bot
Copy link
Author

bill888:

kmod-gre and kmod-mppe are present.

HH5a is configured as per openwrt wiki.

Security is not important for streaming application. PPTP offers faster speeds than OpenVPN which is reason for looking at it.

I also tried 18.06.0-rc1 and encountered same behaviour, though system log did throw up an extra PPP: VJ uncompressed error message.

Sat Aug 25 05:08:06 2018 daemon.info dnsmasq-dhcp[1849]: DHCPREQUEST(br-lan) 192.168.111.222 00:24:e8:f6:2e:08 Sat Aug 25 05:08:06 2018 daemon.info dnsmasq-dhcp[1849]: DHCPACK(br-lan) 192.168.111.222 00:24:e8:f6:2e:08 PC Sat Aug 25 05:08:19 2018 daemon.err uhttpd[1271]: luci: accepted login on / for root from 192.168.111.222

Sat Aug 25 05:09:06 2018 kern.err kernel: [ 99.774890] pptp-VPN: PPP: VJ uncompressed error

Sat Aug 25 05:09:06 2018 daemon.warn pppd[2020]: Protocol-Reject for unsupported protocol 0x9e98
Sat Aug 25 05:09:06 2018 daemon.warn pppd[2020]: Protocol-Reject for unsupported protocol 0x4445
Sat Aug 25 05:09:06 2018 daemon.warn pppd[2020]: Protocol-Reject for unsupported protocol 0xc1
Sat Aug 25 05:09:06 2018 daemon.warn pppd[2020]: Protocol-Reject for unsupported protocol 0x7475
Sat Aug 25 05:09:06 2018 daemon.warn pppd[2020]: Protocol-Reject for unsupported protocol 0x4c2f

Adding noVJ to /etc/ppp/options.pptp did not solve original problem.

I'll see if I can get hold of a different model of router to see if I can replicate the above behaviour.

In the mean time, PPTP client appears to be unstable in 18.06 on BT Home Hub 5A.

@openwrt-bot
Copy link
Author

flfq:

R6100
R6250
openwrt 18.6.1

ADD
iptables -t raw -A OUTPUT -p tcp -m tcp --dport 1723 -j CT --helper pptp

but , not work

@openwrt-bot
Copy link
Author

flfq:

I am all ok
please kiss me

firewarl add
iptables -t raw -A OUTPUT -p tcp -m tcp –dport 1723 -j CT –helper pptp

and
opkg update
opkg list |grep kmod-crypto |awk '{print $1}' |xargs opkg install

this install all crypto

@openwrt-bot
Copy link
Author

flfq:

and reboot !

@openwrt-bot
Copy link
Author

ThomasCr:

I think you don't need a NAT helper for your OUTGOING packages (they are not using NAT at this place....) - but maybe I am wrong - and for routed (aka NAT) packages they get applied automatically (see iptables -L -vn -t raw)

but lucky that you found the problem.

@openwrt-bot
Copy link
Author

bill888:

I tried installing PPTP client again on 18.06.1 on HH5A

I also added all the crypto packages

opkg update opkg list |grep kmod-crypto |awk '{print $1}' |xargs opkg install

Unfortunately, it does not fix the problem for HH5A.

@openwrt-bot
Copy link
Author

bill888:

I forgot to add, one difference from 3 weeks ago, is the system log is no longer spammed with "Protocol-Reject" messages causing log to overfill.

Instead, there is just one single "Protocol-Reject" message in the system log. I can only speculate this change in behaviour is as a result of installing all the crypto packages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant