Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alex2011-01-07 01:29:39
VPN
Alex, 2011-01-07 01:29:39

VPN - a large number of TCP errors and then no connection?

I installed pptpd on a VPS with Debian Lenny and I'm testing access to it with different devices.
Installed like this (based on several how-to):

# apt-get install pptpd<br/>
# vi /etc/pptpd.conf<br/>
localip 10.60.60.1 <br/>
remoteip 10.60.60.50-150<br/>
# vi /etc/ppp/pptpd-options - добавил<br/>
ms-dns [DNS1 IP]<br/>
ms-dns [DNS2 IP]<br/>
mtu 1000 &lt;- исправило соединение с iPad. <br/>
mru 1200 &lt;-<br/>
# vi /etc/ppp/chap-secrets<br/>
myusername pptpd mypasswd *<br/>
# mknod /dev/ppp c 108 0 &lt;- ликвидировало ошибку 619 с закрытием соединения.<br/>
# /etc/init.d/pptpd restart<br/>
# vi /etc/sysctl.conf<br/>
net.ipv4.ip_forward=1<br/>
# sysctl net.ipv4.ip_forward=1<br/>
# iptables -t nat -A POSTROUTING -s 10.60.60.0/24 -o eth0 -j MASQUERADE<br/>

Created a pptp connection in Windows XP - within half an hour everything works fine. Additional tests showed that this was lucky - if you open maps.google.com in the browser, it stops delivering packets almost immediately (many requests?).
Android (HTC Desire) - connects, works for several minutes, then starts flooding /var/log/messages on the server with messages like "Protocol-Reject for unsupported protocol ..." Doesn't disconnect, but doesn't browse either.
iPAD - connects, pings google.com in zTools, but Safari and other programs do not see the Internet. Fixed by adding mtu 1000 and mru 1200 to /etc/ppp/pptpd-options. It began to work normally.
Tried tcpdump after connection was established:
# tcpdump -A -s0 -n -i ppp0 host 10.60.60.50 -w dump.txt<br/>

and see what's going on in Wireshark. Shows a large block of normal packets, and then a lot of [TCP Dup ACK] and [TCP Retransmission] errors. Up to 10 pieces in a row.
Run Wireshark on the Windows client and open map.google.com, run tcpdump on the server. Several packets passed, because a bunch of garbage Dup ACK, Retramsmission, then solid SYNs on the client from different ports:
10.60.60.50 74.125.87.99 TCP ecnp > http [SYN] Seq=0 Win=16384 Len=0 MSS=1160
And on the server
tcpdump -A -s0 -n -i ppp0 host 10.60.60.50
writes 0 packets.
If you have any ideas, tell me how to deal with this whole thing or where else to ask.
Thank you!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
andoriyu, 2011-01-07
@andoriyu

iPad'u must be told to let all traffic through vpn'y, the default VPN in iOS is used, who would have thought, to a private network. cl.ly/2T0o1d0m1d3w1P1Y2F2O Even if it doesn't climb with the checkbox checked, the gateway default is not transmitted.

Report
W
withlove, 2012-02-24
@withlove

For Android: code.google.com/p/android/issues/detail?id=4706
This is a bug and hasn't been fixed yet. Unless in the 4th version.
Use L2TP/IPSec.

Similar questions
N
Nikolai Savelyev2017-04-13 06:16:44
Is it possible to set up a connection to a different server address in the mikrotik l2tp client, if the first one is unavailable? 1Reply
I
Ilya Kuznetsov2017-04-13 10:34:17
How to connect zyxel keenetic omni II and zyxel keenetic start using VPN? 1Reply
S
sbh2015-04-21 03:44:33
How to set up Android VPN L2TP/IPSec RSA? 0Reply
R
Roman Kozhevnikov2015-04-25 20:20:09
How to safely use Tor and other "connections through someone"? 2Reply
I
Igor2015-04-29 18:37:35
Is it possible to go through a vpn tunnel in the opposite direction? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question