Ask Your Question
3

Can't connect to VPN on Fedora 21

asked 2015-01-30 11:01:56 -0500

SamSimon gravatar image

updated 2015-01-30 13:04:37 -0500

Hello everyone. When I am trying to connect to VPN by the Network Manager an error message appears. The same thing when using pptp console client. On Windows 7 with the same setting all works fine. Thanks in advance

ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 176.194.119.204  netmask 255.255.240.0  broadcast 176.194.127.255
        inet6 fe80::221:85ff:fe5f:1d5e  prefixlen 64  scopeid 0x20<link>
        ether 00:21:85:5f:1d:5e  txqueuelen 1000  (Ethernet)
        RX packets 8448  bytes 6274415 (5.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8441  bytes 1196608 (1.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 24  bytes 2208 (2.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24  bytes 2208 (2.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         176.194.112.1   0.0.0.0         UG    1024   0        0 eth0
176.194.112.0   0.0.0.0         255.255.240.0   U     0      0        0 eth0
176.194.128.1   176.194.112.1   255.255.255.255 UGH   1      0        0 eth0
195.137.187.129 176.194.112.1   255.255.255.255 UGH   0      0        0 eth0
195.137.187.198 176.194.112.1   255.255.255.255 UGH   0      0        0 eth0

cat /etc/ppp/options.pptp

lock
noauth
refuse-pap
refuse-eap
refuse-chap
#refuse-mschap
nobsdcomp
nodeflate

cat /etc/ppp/peers/vpn

pty "pptp 195.137.187.198 --nolaunchpppd --nobuffer" 
remotename vpn
debug
defaultroute
noipdefault
noauth
asyncmap 0
crtscts
lock
hide-password
local
noproxyarp
lcp-echo-interval 30
lcp-echo-failure 4
noipx
refuse-eap
refuse-chap
refuse-pap

cat /var/log/ppp/vpnlog

pppd options in effect:
debug debug     # (from command line)
nodetach        # (from command line)
logfile /var/log/ppp/vpnlog     # (from /etc/ppp/peers/vpn)
dump        # (from command line)
noauth      # (from /etc/ppp/peers/vpn)
refuse-pap      # (from /etc/ppp/peers/vpn)
refuse-chap     # (from /etc/ppp/peers/vpn)
refuse-eap      # (from /etc/ppp/peers/vpn)
remotename vpn      # (from /etc/ppp/peers/vpn)
        # (from /etc/ppp/peers/vpn)
pty pptp 195.137.187.198 --nolaunchpppd --nobuffer      # (from /etc/ppp/peers/vpn)
crtscts     # (from /etc/ppp/peers/vpn)
local       # (from /etc/ppp/peers/vpn)
asyncmap 0      # (from /etc/ppp/peers/vpn)
lcp-echo-failure 4      # (from /etc/ppp/peers/vpn)
lcp-echo-interval 30        # (from /etc/ppp/peers/vpn)
hide-password       # (from /etc/ppp/peers/vpn)
noipdefault     # (from /etc/ppp/peers/vpn)
defaultroute        # (from /etc/ppp/peers/vpn)
noproxyarp      # (from /etc/ppp/peers/vpn)
noipx       # (from /etc/ppp/peers/vpn)
using channel 3
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6946ed9> <pcomp> <accomp>]
sent ...
(more)
edit retag flag offensive close merge delete

Comments

Same problem here too.

pvanthony gravatar imagepvanthony ( 2015-02-01 11:23:40 -0500 )edit

If you stop firewalld (sudo systemctl stop firewalld.service) do you find that it works?

dkscully gravatar imagedkscully ( 2015-02-06 08:36:17 -0500 )edit

still doesn't work: "LCP: timeout sending Config-Requests"

SamSimon gravatar imageSamSimon ( 2015-02-08 06:25:43 -0500 )edit
2

Also seeing "LCP: timeout sending Config-Requests" reported in journalctl. I seems that the firewall is blocking GRE, I added rules to accept GRE via the commandline and now I'm able to setup my VPN:

firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT
firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -p gre -j ACCEPT
firewall-cmd --reload
Hidde Boonstra gravatar imageHidde Boonstra ( 2015-02-10 05:37:21 -0500 )edit

The above firewall rules solved the problem for me. I am happy. Thank you, Hidde Boonstra, for sharing the solution. :-)

pvanthony gravatar imagepvanthony ( 2015-02-13 10:45:52 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-03-29 11:26:30 -0500

This answer from comments: firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -p gre -j ACCEPT firewall-cmd --reload

also helped me. Thanks.

edit flag offensive delete link more

Comments

These firewall rules solve my issue too. Thank you

nicofonk gravatar imagenicofonk ( 2016-10-28 06:51:02 -0500 )edit

Thanks this worked for me.

valentt gravatar imagevalentt ( 2018-02-06 16:33:20 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-01-30 11:01:56 -0500

Seen: 11,285 times

Last updated: Jan 30 '15