Versions Compared

Old Version 2

changes.mady.by.user Chun Kang

Saved on

compared with

New Version Current

changes.mady.by.user Chun Kang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

When pppd is running as installed, but the server running VPN client does not act anything with the warning message as sometimes pppd does not work and showing warning message - discarding bogus packet, : pppd is dropping its packet intentionally, so VPN is actually not working from that time. The workaround I can do is just disconnect the VPN and reconnect.


I just checked system progress by

...

Code Block
Apr 23 08:32:21 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118939 (expecting 99092)
Apr 23 08:32:23 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118940 (expecting 99092)
Apr 23 08:32:23 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118941 (expecting 99092)
Apr 23 08:32:24 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118942 (expecting 99092)
Apr 23 08:32:26 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118943 (expecting 99092)
Apr 23 08:32:28 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118944 (expecting 99092)
Apr 23 08:32:29 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118945 (expecting 99092)
Apr 23 08:32:29 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118946 (expecting 99092)
Apr 23 08:32:31 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118947 (expecting 99092)
Apr 23 08:32:33 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118948 (expecting 99092)
Apr 23 08:32:36 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118949 (expecting 99092)
Apr 23 08:32:40 ***** pptp[3186]: anon warn[decaps_gre:pptp_gre.c:439]: discarding bogus packet 118950 (expecting 99092)

In this case, the experts recommended to limit MTU such as 

...


The PPTP setting I use is as following:
 Code Block
languagebash
titlevi /etc/ppp/options.pptp
###############################################################################
# $Id: options.pptp,v 1.3 2006/03/26 23:11:05 quozl Exp $
#
# Sample PPTP PPP options file /etc/ppp/options.pptp
# Options used by PPP when a connection is made by a PPTP client.
# This file can be referred to by an /etc/ppp/peers file for the tunnel.
# Changes are effective on the next connection.  See "man pppd".
#
# You are expected to change this file to suit your system.  As
# packaged, it requires PPP 2.4.2 or later from http://ppp.samba.org/
# and the kernel MPPE module available from the CVS repository also on
# http://ppp.samba.org/, which is packaged for DKMS as kernel_ppp_mppe.
###############################################################################

# Lock the port
lock

# Authentication
# We don't need the tunnel server to authenticate itself
noauth

# We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
# (you may need to remove these refusals if the server is not using MPPE)
refuse-pap
refuse-eap
refuse-chap
refuse-mschap

# Compression
# Turn off compression protocols we know won't be used
nobsdcomp
nodeflate

# Encryption
# (There have been multiple versions of PPP with encryption support,
# choose which of the following sections you will use.  Note that MPPE
# requires the use of MSCHAP-V2 during authentication)
#
# Note that using PPTP with MPPE and MSCHAP-V2 should be considered
# insecure:
# http://marc.info/?l=pptpclient-devel&m=134372640219039&w=2
# https://github.com/moxie0/chapcrack/blob/master/README.md
# http://technet.microsoft.com/en-us/security/advisory/2743314

# http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras
# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
# If the kernel is booted in FIPS mode (fips=1), the ppp_mppe.ko module
# is not allowed and PPTP-MPPE is not available.
# {{{
# Require MPPE 128-bit encryption
# require-mppe-128
# }}}

# http://mppe-mppc.alphacron.de/ fork from PPP project by Jan Dubiec
# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
# {{{
# Require MPPE 128-bit encryption
# mppe required,stateless
# }}}

I haven't solved that issue at the moment, and going to update this page when I resolve it.