Dario Lesca
2018-Mar-26 11:03 UTC
[CentOS] centos7: pptpd vpn problem: mppe_decompress[0]: FLUSHED bit not set in stateless mode!
I try to setup a PPTP VPN server on Centos 7 and from client a router Vodafone Station (Firmware 5.4.8.1.316.1.21) On c7 I have install this: [root at s-virt tmp]# rpm -q pptpd ppppptpd-1.4.0-2.el7.x86_64ppp-2.4.5- 33.el7.x86_64 and setup all file and firewall like howto say.This now is my config: /etc/pptpd.conf:option /etc/ppp/options.pptpd/etc/pptpd.conf:logwtmp/etc/pptpd.conf:localip 192.168.11.1/etc/pptpd.conf:remoteip 192.168.11.100- 109/etc/ppp/options.pptpd:name pptpd/etc/ppp/options.pptpd:refuse- pap/etc/ppp/options.pptpd:refuse-chap/etc/ppp/options.pptpd:refuse- mschap/etc/ppp/options.pptpd:require-mschap- v2/etc/ppp/options.pptpd:require-mppe- 128/etc/ppp/options.pptpd:lock/etc/ppp/options.pptpd:nobsdcomp /etc/ppp /options.pptpd:novj/etc/ppp/options.pptpd:novjccomp/etc/ppp/options.ppt pd:nologfd/etc/ppp/chap-secrets:myuser pptpd mypass * The connection from V.S. router to my c7 server work:mar 26 12:50:28 s- virt.ansaldi.loc pptpd[26782]: CTRL: Client x.x.x.x control connection startedmar 26 12:50:28 s-virt.ansaldi.loc pptpd[26782]: CTRL: Starting call (launching pppd, opening GRE)mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: pppd 2.4.5 started by root, uid 0mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Using interface ppp0mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Connect: ppp0 <--> /dev/pts/19mar 26 12:50:28 s-virt.ansaldi.loc NetworkManager[1026]: <info> [1522061428.6946] manager: (ppp0): new Generic device (/org/freedesktop/NetworkManager/Devices/40)mar 26 12:50:28 s- virt.ansaldi.loc pppd[26783]: peer from calling number x.x.x.x authorizedmar 26 12:50:31 s-virt.ansaldi.loc pppd[26783]: MPPE 128-bit stateless compression enabledmar 26 12:50:34 s-virt.ansaldi.loc pppd[26783]: local IP address 192.168.11.1mar 26 12:50:34 s- virt.ansaldi.loc pppd[26783]: remote IP address 192.168.11.100 But when I try to connect from a client (through the V. S. router) to my server via VPN, or ping it, on 4 ping only two work, and into log of server I see this error when the ping fail.> mar 26 12:00:50 s-virt.ansaldi.loc kernel: mppe_decompress[0]: > FLUSHED bit not set in stateless mode!Someone have some suggest to resolve this problem ? Many thanks -- Dario Lesca (inviato dal mio Linux Fedora 27 Workstation)
Dario Lesca
2018-Mar-26 13:44 UTC
[CentOS] centos7: pptpd vpn problem: mppe_decompress[0]: FLUSHED bit not set in stateless mode!
I have also try to use this VPN connection from my Fedora Workstation and all work fine, seem a problem of router Vodafone Station. This is a ping from server to V.S. when the V.S. is connected: [root at s-virt tmp]# ping 192.168.11.100 PING 192.168.11.100 (192.168.11.100) 56(84) bytes of data. 64 bytes from 192.168.11.100: icmp_seq=1 ttl=64 time=63.3 ms mar 26 15:33:06 s-virt.ansaldi.loc kernel: mppe_decompress[0]: FLUSHED bit not set in stateless mode! 64 bytes from 192.168.11.100: icmp_seq=3 ttl=64 time=76.4 ms mar 26 15:33:08 s-virt.ansaldi.loc kernel: mppe_decompress[0]: FLUSHED bit not set in stateless mode! 64 bytes from 192.168.11.100: icmp_seq=5 ttl=64 time=63.8 ms mar 26 15:33:10 s-virt.ansaldi.loc kernel: mppe_decompress[0]: FLUSHED bit not set in stateless mode! 64 bytes from 192.168.11.100: icmp_seq=7 ttl=64 time=63.9 ms ^C --- 192.168.11.100 ping statistics --- 7 packets transmitted, 4 received, 42% packet loss, time 6002ms rtt min/avg/max/mdev = 63.364/66.895/76.414/5.508 ms Many thanks Il giorno lun, 26/03/2018 alle 13.03 +0200, Dario Lesca ha scritto:> I try to setup a PPTP VPN server on Centos 7 and from client a router > Vodafone Station (Firmware 5.4.8.1.316.1.21) > > On c7 I have install this: > > [root at s-virt tmp]# rpm -q pptpd ppp > pptpd-1.4.0-2.el7.x86_64 > ppp-2.4.5-33.el7.x86_64 > > > and setup all file and firewall like howto say. > This now is my config: > > /etc/pptpd.conf:option /etc/ppp/options.pptpd > /etc/pptpd.conf:logwtmp > /etc/pptpd.conf:localip 192.168.11.1 > /etc/pptpd.conf:remoteip 192.168.11.100-109 > /etc/ppp/options.pptpd:name pptpd > /etc/ppp/options.pptpd:refuse-pap > /etc/ppp/options.pptpd:refuse-chap > /etc/ppp/options.pptpd:refuse-mschap > /etc/ppp/options.pptpd:require-mschap-v2 > /etc/ppp/options.pptpd:require-mppe-128 > /etc/ppp/options.pptpd:lock > /etc/ppp/options.pptpd:nobsdcomp > /etc/ppp/options.pptpd:novj > /etc/ppp/options.pptpd:novjccomp > /etc/ppp/options.pptpd:nologfd > /etc/ppp/chap-secrets:myuser pptpd mypass * > > The connection from V.S. router to my c7 server work: > > mar 26 12:50:28 s-virt.ansaldi.loc pptpd[26782]: CTRL: Client x.x.x.x > control connection started > mar 26 12:50:28 s-virt.ansaldi.loc pptpd[26782]: CTRL: Starting call > (launching pppd, opening GRE) > mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Plugin > /usr/lib64/pptpd/pptpd-logwtmp.so loaded. > mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: pppd 2.4.5 started by > root, uid 0 > mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Using interface ppp0 > mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: Connect: ppp0 <--> > /dev/pts/19 > mar 26 12:50:28 s-virt.ansaldi.loc NetworkManager[1026]: > <info> [1522061428.6946] manager: (ppp0): new Generic device ( > /org/freedesktop/NetworkManager/Devices/40) > mar 26 12:50:28 s-virt.ansaldi.loc pppd[26783]: peer from calling > number x.x.x.x authorized > mar 26 12:50:31 s-virt.ansaldi.loc pppd[26783]: MPPE 128-bit > stateless compression enabled > mar 26 12:50:34 s-virt.ansaldi.loc pppd[26783]: local IP address > 192.168.11.1 > mar 26 12:50:34 s-virt.ansaldi.loc pppd[26783]: remote IP address > 192.168.11.100 > > But when I try to connect from a client (through the V. S. router) to > my server via VPN, or ping it, on 4 ping only two work, and into log > of server I see this error when the ping fail. > > > mar 26 12:00:50 s-virt.ansaldi.loc kernel: mppe_decompress[0]: > FLUSHED bit not set in stateless mode! > > Someone have some suggest to resolve this problem ? > > Many thanks >-- Dario Lesca (inviato dal mio Linux Fedora 27 Workstation)
Gordon Messmer
2018-Mar-26 14:19 UTC
[CentOS] centos7: pptpd vpn problem: mppe_decompress[0]: FLUSHED bit not set in stateless mode!
On 03/26/2018 04:03 AM, Dario Lesca wrote:> I try to setup a PPTP VPN server on Centos 7If you have ANY other option, do not use PPTP.? If your client router supports IPSec, it will be vastly more secure. PPTP's encryption handshake uses a key derived from the password.? It is extremely weak, and (IIRC) if it is cracked, the attacker will know the password that you used, which may give them insight to further attack your network.
Dario Lesca
2018-Mar-27 12:22 UTC
[CentOS] centos7: pptpd vpn problem: mppe_decompress[0]: FLUSHED bit not set in stateless mode!
Il giorno lun, 26/03/2018 alle 07.19 -0700, Gordon Messmer ha scritto:> If your client router supports IPSec, it will be vastly more secure.Yes, the router have IPsec. Then I power off PPTP and configure and enable IPsec Many thanks -- Dario Lesca (inviato dal mio Linux Fedora 27 Workstation)