• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

PPTP Connected but no Traffic

Started by jgadmin, May 28, 2010, 01:41:14 AM

Previous topic - Next topic

liuxyon

When I use a very short time, PPTP will not have any actual network traffic. But the windows system and found no disconnect.

I am windows 2003 and And in behind a router. LAN other computers sharing the PPTP connection.

Very anxious to solve this problem.  ???
<a href="http://ipv6.he.net/certification/scoresheet.php?pass_name=liuxyon" target="_blank"><img src="http://ipv6.he.net/certification/create_badge.php?pass_name=liuxyon&amp;badge=3" style="border: 0; width: 229px; height: 137px" alt="IPv6 Certification Badge for liuxyon"></img></a>

jgadmin

The tunnel stops working for me about every half hour.  I get times between 20 minuets and 5 hours.

jimb

Interesting.  I wonder what's causing the instability?  Is there more or less constant traffic across the PPTP?  I would suspect some stateful firewall or NAT closing a hole if the traffic dies out for more than two minutes or so.  Maybe try some keepalive pings, one per minute or so?

It's a pretty common situation if there's not an explicit rule to allow the traffic all the way through.  For instance, I have a friend set up on a 6in4 connection, and I must run a cron job to do a v6 ping across the pipe every two minutes or else his firewall (some Westell) closes the hole.

jgadmin

Quote from: jimb on June 02, 2010, 03:49:44 PM
Interesting.  I wonder what's causing the instability?  Is there more or less constant traffic across the PPTP?  I would suspect some stateful firewall or NAT closing a hole if the traffic dies out for more than two minutes or so.  Maybe try some keepalive pings, one per minute or so?
There is not NAT in the way because my router, which has a real IP, is making the connection. The router is checking every 60 seconds if the other side of the VPN is pingable.  If it is not then the interface is brought down then 10 seconds later brought back up.

jimb

Quote from: jgadmin on June 02, 2010, 05:27:51 PM
Quote from: jimb on June 02, 2010, 03:49:44 PM
Interesting.  I wonder what's causing the instability?  Is there more or less constant traffic across the PPTP?  I would suspect some stateful firewall or NAT closing a hole if the traffic dies out for more than two minutes or so.  Maybe try some keepalive pings, one per minute or so?
There is not NAT in the way because my router, which has a real IP, is making the connection. The router is checking every 60 seconds if the other side of the VPN is pingable.  If it is not then the interface is brought down then 10 seconds later brought back up.
It wouldn't necessarily have to be NAT.  Any firewall without an explicit policy rule allowing the traffic.

donaldgmartin

Quote from: jimb on June 02, 2010, 03:49:44 PM
I would suspect some stateful firewall or NAT closing a hole if the traffic dies out for more than two minutes or so.
I don't think that's the reason - PPTP still dies after a random interval even if I run 'ping -t ripe.net' on my Win7 machine the whole time.

jimb

K.  Who knows then.  Look at your logs.  :p

homeipv6

Quote from: jimb on June 02, 2010, 03:49:44 PM
Interesting.  I wonder what's causing the instability?  Is there more or less constant traffic across the PPTP?  I would suspect some stateful firewall or NAT closing a hole if the traffic dies out for more than two minutes or so.  Maybe try some keepalive pings, one per minute or so?
Yes, there is running ping over VPN.
I don't think that this is NAT issue because other (not tunnelbroker) PPTP VPN works fine.

Ninho

#53
Quote from: jimb on June 02, 2010, 07:32:37 PM
It wouldn't necessarily have to be NAT.  Any firewall without an explicit policy rule allowing the traffic.

Hi Jim! I'm in the same boat as the others - or similar -

I don't run a software firewall at the moment on the Windows box which serves as IPv6 router and local tunnel endpoint. If it were a firewall thing, it would have to be inside the Speedtouch ST510 box, but that ain't it because 1) I have explicit firewalling disabled in the ST router, 2) if it were an (implicit?) rule blocking traffic somewhere along the chain, things would not work AT ALL. That it works correctly for minutes proves it is not this kind of settings problem.


What I experience and, I think, Jgadmin, Donald and others also have been experiencing is traffic inside the tunnel ceasing after X minutes, while the tunnel itself remains formally open.


A first thought would be dynamical NAT entries timing out, but the tunnel dies out even while pinging the end point constantly at 1 second intervals.

I even tried this : in the router, unbind the "helper" applications for proto 47 (GRE) and PPTP (TCP :1723) and establish FIXED mappings to the windows box instead [like I do, with success, for proto 41]. Unfortunately, in this instance it doesn't work ! Either I goofed while unbinding/reNATting, or the problem may be on HE's side.

I'd appreciate feedback/ help / diagnosing ideas from both the HE people on the one hand, you and the other Masters OTOH. Did I forget about some server addresses/ ports/ protos ?

JimB, you are telling you have got NO problem ? Are you connected directly to a public IP or behing a local NAT ? I could try a direct connection - by temporarily replacing the ST 510 by my old ST 330 (ADSL on USB) but I am not in a hurry to do that if it could be avoided at all...


donaldgmartin

It's definitely not a NAT issue because PPPoE is established by my Linux box, not the ADSL router (which is set to bridge mode), so no NAT is involved. It's not conntrack either, because I have another PPTP tunnel going out of that box, and it's working fine.

jimb

I'm not using PPTP.  I'm using a straight 6in4 tunnel from a linux box with a public IP.  I experimented with the PPTP just to play, and got it working from a Windows box behind my NAT, but didn't do any long term testing.

I don't know what's causing the problems people are having, and can only guess.  If you've eliminated some connection hole closing issue w/ firewall, then it's something else.  Could be anything.  Could easily be on the HE side (some bug in the PPTP or 6in4 or whatever in whatever software/hardware they're using).  Only way to know is to maybe do some packet captures, look at logfiles/event logs for clues, etc.

claas

Will both tunnelservers (PPTP and IPV6) stay on the same IPv4 address?
Are there plans to change it?

Ninho

#57
Hi JimB !

Quote from: jimb on June 03, 2010, 01:25:29 PM
I'm not using PPTP.  I'm using a straight 6in4 tunnel from a linux box with a public IP.  I experimented with the PPTP just to play, and got it working from a Windows box behind my NAT, but didn't do any long term testing.

Oh, OK then! I don't need to use the PPTP either, simple 6in4 working very well  across the Speedtouch's NAT w/ termination at either Linux or Windows boxes. Just trying to help test the BETA PPTP tunnel; when test is over and things eventually work that may be helpful too as a conveniient secondary injection point into the V4 internet, for special test purposes or if/when the national gov' insists on controlling what we must/can't do and see on the web...

QuoteI don't know what's causing the problems people are having, and can only guess.  If you've eliminated some connection hole closing issue w/ firewall, then it's something else.  Could be anything.  Could easily be on the HE side (some bug in the PPTP or 6in4 or whatever in whatever software/hardware they're using).  Only way to know is to maybe do some packet captures, look at logfiles/event logs for clues, etc.

Yes I agree, as much as I hate to blame other parties for the problems I may experience, it could well be some connection tracking bug on HE's side.

kcochran

Ok, we think we finally tracked down this one and in theory, it should be squished.  Tunnels shouldn't stop working randomly once they're up... or so it says here in fine print.

As it is, we already do some NAT preservation by sending LCP pings periodically over the PPP control link.  Keeps that channel live, and checks for dead links.

jimb

#59
I 'spose you don't want to reveal what it was?  I'm always curious about this stuff.  Probably can't go into any detail without revealing the 11 herbs and spices though.   ;)