next »

[datafirm]

Running 1.2 release.

I can get fast and reliable connections for about 15 seconds or so, then they all seem to stop.  They will work again in some about of time, say 5 minutes. 

It could also be that when it receives so much data it starts to time out.

Where could I start to troubleshoot such an issue?

Thanks

[hoba]

Systemlogs.

[datafirm]

Systemlogs.

Yes, I could not find anything relevant there.  This is why I called out to the forum!

[hoba]

So the pptp session is not dropped but is just unusable for some time though you stay connected and it starts working again by itself? Maybe some synchronizing sarts to happen once the client is connected that loads the connection 100%? From the shellmenu or via ssh watch pftop to see what the client is doing once it is connected.

[datafirm]

So the pptp session is not dropped but is just unusable for some time though you stay connected and it starts working again by itself? Maybe some synchronizing sarts to happen once the client is connected that loads the connection 100%? From the shellmenu or via ssh watch pftop to see what the client is doing once it is connected.

Correct, the connection is not dropped, but the layer is (just found some logs).  Let me paste a log snippet below to see if this helps:

<code>
Apr  3 10:03:50 routethis mpd: [pt0] LCP: no reply to 1 echo request(s)
Apr  3 10:04:00 routethis mpd: [pt0] LCP: no reply to 2 echo request(s)
Apr  3 10:04:10 routethis mpd: [pt0] LCP: no reply to 3 echo request(s)
Apr  3 10:04:20 routethis mpd: [pt0] LCP: no reply to 4 echo request(s)
Apr  3 10:04:30 routethis mpd: [pt0] LCP: no reply to 5 echo request(s)
Apr  3 10:04:30 routethis mpd: [pt0] LCP: peer not responding to echo requests
Apr  3 10:04:30 routethis mpd: [pt0] LCP: LayerFinish
Apr  3 10:04:30 routethis mpd: [pt0] LCP: LayerStart
Apr  3 10:04:30 routethis mpd: [pt0] LCP: state change Opened --> Starting
Apr  3 10:04:30 routethis mpd: [pt0] LCP: phase shift NETWORK --> DEAD
Apr  3 10:04:30 routethis mpd: [pt0] setting interface ng1 MTU to 1500 bytes
Apr  3 10:04:30 routethis mpd: [pt0] up: 0 links, total bandwidth 9600 bps
Apr  3 10:04:30 routethis mpd: [pt0] IPCP: Down event
Apr  3 10:04:30 routethis mpd: [pt0] IPCP: state change Opened --> Starting
Apr  3 10:04:30 routethis mpd: [pt0] IPCP: LayerDown
Apr  3 10:04:30 routethis mpd: [pt0] IFACE: Down event
Apr  3 10:04:30 routethis mpd: [pt0] exec: /usr/local/sbin/vpn-linkdown ng1 inet wprater
</code>

[datafirm]

So the pptp session is not dropped but is just unusable for some time though you stay connected and it starts working again by itself? Maybe some synchronizing sarts to happen once the client is connected that loads the connection 100%? From the shellmenu or via ssh watch pftop to see what the client is doing once it is connected.

FYI, this is happening on multiple clients (iphone and OS X Leopard).

[hoba]

Interesting. My leopard is connected 24h currently to the office using pptp and lots of coworkers use pptp on windows as well and we even have one iphone that is using pptp access. No issues so far. Is there something in front of your pfSense that might firewall/nat packets?

[datafirm]

Interesting. My leopard is connected 24h currently to the office using pptp and lots of coworkers use pptp on windows as well and we even have one iphone that is using pptp access. No issues so far. Is there something in front of your pfSense that might firewall/nat packets?

Yes, our ISP has a firewall in front of PFsense on the router level.  I had them open tcp 1723 and 47.

[hoba]

You need TCP 1723 and the GRE protocol. Not TCP 47.

[datafirm]

You need TCP 1723 and the GRE protocol. Not TCP 47.

Thats what they claim are open

==
UDP isn't used for PPTP tunnels...only TCP 1723 and protocol 47 (GRE), which are both open.
==

[datafirm]

I just realized I did not have protocol GRE opened as a rule on the PPTP interface on PfSense.  Hope this is what was needed.

[hoba]

By enabling the PPTP-Server on pfSense all needed rules are generated invisibly behind the scenes for pptp to work. The rules at the pptp tab are to allow or block traffic that is coming in through connected pptp sessions.

Are you trying to pptp in (from clients at wan to your pfsense pptp server) or are you trying to go through from lan clients to pptp servers at wan?

[datafirm]

By enabling the PPTP-Server on pfSense all needed rules are generated invisibly behind the scenes for pptp to work. The rules at the pptp tab are to allow or block traffic that is coming in through connected pptp sessions.

Are you trying to pptp in (from clients at wan to your pfsense pptp server) or are you trying to go through from lan clients to pptp servers at wan?

I am trying to come in through the WAN to the pfSense PPTP server.  From home to pptp to get to our internal network.

[datafirm]

By enabling the PPTP-Server on pfSense all needed rules are generated invisibly behind the scenes for pptp to work. The rules at the pptp tab are to allow or block traffic that is coming in through connected pptp sessions.

Things are working much better tonight when I added the rule to allow protocol 47 traffic, but you said that was not even needed.  Still getting timeouts

There is nothing in /var/log/system.log

[hoba]

I doubt that the firewall in front of you is configured correctly. If it does NAT too things might even become worse (like handling multiple concurrent pptp sessions for example).

Try to bypass that firewall by connecting a client that is having issues directly to you pfSense WAN. Then try PPTP again. Does it work now? If yes the issue is located at the firewall in front of you.