vpnpptp

PPTP connection error: GRE: Bad checksum from pppd


I have setup a PPTP server on my own server. I follow this tutorial https://www.digitalocean.com/community/articles/how-to-setup-your-own-vpn-with-pptp

But when I try to use my mobile phone or my PC to connect my PPTP server, it says PPTP server hang up,username or password is wrong. But I checked my username and password, they are ok. In my PPTP server log, something like this:

Dec 14 03:57:46 localhost pptpd[2071]: CTRL: Client 121.32.107.56 control connection started


Dec 14 03:57:46 localhost pptpd[2071]: CTRL: Starting call (launching pppd, opening GRE)
Dec 14 03:57:46 localhost pppd[2072]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Dec 14 03:57:46 localhost pppd[2072]: pppd 2.4.5 started by root, uid 0
Dec 14 03:57:46 localhost pppd[2072]: Using interface ppp1
Dec 14 03:57:46 localhost pppd[2072]: Connect: ppp1 <--> /dev/pts/3
Dec 14 03:57:46 localhost pptpd[2071]: GRE: Bad checksum from pppd.
Dec 14 03:58:16 localhost pppd[2072]: LCP: timeout sending Config-Requests
Dec 14 03:58:16 localhost pppd[2072]: Connection terminated.
Dec 14 03:58:16 localhost pppd[2072]: Modem hangup
Dec 14 03:58:16 localhost pppd[2072]: Exit.
Dec 14 03:58:16 localhost pptpd[2071]: GRE: read(fd=6,buffer=804f620,len=8196) from PTY             failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Dec 14 03:58:16 localhost pptpd[2071]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Dec 14 03:58:16 localhost pptpd[2071]: CTRL: Reaping child PPP[2072]
Dec 14 03:58:16 localhost pptpd[2071]: CTRL: Client 121.32.107.56 control connection finished

Solution

  • If you check the various forums and mailing lists you will find notes about the MPPE option (PPP Encryption,) and MS Chap v2. If you haven't already tried tinkering with those settings I suggest you google for information about them - they might help in your case.

    They didn't help in my case.

    It turns out that there are packets, called GRE packets, that might be blocked in your configuration. Most of the instructions that I found on the net don't mention this - but it's important.

    Here's a page that does mention Protocol 47:

    http://forums.whirlpool.net.au/archive/1957524

    Bottom line: If there's something between, for example, your cable modem (ie: your public IP) and your VPN server: the problem may simply be that the GRE packets are not getting through. So,

    Unfortunately your configuration may require another solution - something to handle NAT'ing the GRE packets between your VPN server and your (cable modem / public IP.) I'm guessing that the routers will be the issue for many people so I hope this note helps in your case, too.