1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Having trouble with PPTP Server. Have I done it correctly?

Discussion in 'DD-WRT Firmware' started by beeblebrox, Apr 29, 2005.

  1. beeblebrox

    beeblebrox Network Guru Member

    I've tried 5 different firmwares. All I need is for the router to act as a PPTP server, but it's been nearly impossible. I'm now using DD-WRT #22 prefinal5 on a WRT54Gv.3 and it's driving me insane.

    My problem:
    I can connect to the VPN from a Windows XP client machine using the built-in XP VPN client and resolve hostnames and get ICMP echo replys. Aside from that, it gives me a really broken connection. Some things connect, some things won't. It's completely unreliable and not consistent. I can connect using netcat to some http servers and things like that.

    The process list shows pptpctrl at near 100% usage and trying to run pptpctrl from the command line brings an immediate segfault.

    I can try another burn of the firmware, but I've had the same problem with both prefinal4 and prefinal5. None of the other firwares seem to support a PPTP server. I doubt it has to do with a bad burn, they just aren't this consistent at being broken.

    Here's my setup:
    Using factory defaults, except for enabling pptp and setting the following items:
    Server IP: 192.168.1.2-6
    Remote IP: 192.168.1.250-254
    Chap:
    "username" * "password" * [Enter]

    I've tried the following items:
    Server IP: 192.168.1.1 ; 192.168.1.2
    Remote IP: 192.168.1.254

    I've turned on syslogd and nothing appears to be wrong. There isn't anything in there that would be of any use. Have I set it up correctly, and is there anything I can do?

    Thanks for all your help. This software is really pretty amazing. You guys have done excellent work with this firmware, it's by far leaps and bounds ahead of the others available.

    Nick
     
  2. sir_lunatic

    sir_lunatic Network Guru Member

    This is actually a simple solution....

    The problem is the mtu. The linksys pptp server is locking to an mtu of 1392. Which is fine for both ethernet connections and ppoe connections. Any other type it probably wont work. But this isnt really the problem.

    The problem is that Windows (either Xp or 2000) implement the pptp client wrong. The client wants to use its own mtu value and ignore everything down stream. To make matters worse, Microsoft locked the mtu for a pptp tunel to 1400, which is larger that the linksys's. Sooooooo........

    When your machine connects to a site, it tells it to use an mtu of 1400. So when a large packet arrives at the linksys from said site, it gets dropped because it wont fragment it.

    So how do we solve it you ask.........

    Its time to make a change to the registry.........

    You can test this by doing the following.

    (ed. note: I use www.mit.edu in the following example because thier site is A. always up, and B. handles fragmentation properly.....so its a reliable test.)

    while you have your pptp connection up

    ping -f -l 1500 www.mit.edu

    you should get a response that it cant fragment because the DF flag is set. What this command does is send a 1500 byte ping telling everything along the way not to fragment the bit if its mtu is smaller than this. So what we can do is keep doing this til we get a proper response. And that will be our ideal mtu value. but not exactly, the value in the ping is actually smaller. We can add 28 to this value for the header overhead.

    so now do a ping -f -l 1364 www.mit.edu

    you should be getting a proper response. if not, play around a bit and try to narrow down the number that works. But beware, dont just settle for a lower number that works, or you will lose the efficiency of the link. Lower the number in incriments of say 10 til it works then raise it back up by 1's, find the last number that works.

    once you find that number add 28(its the header length) to it and write it down cause we will now have to change the registry and use that number.

    so now fire up regedit and add the folowing:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan\Parameters\Protocols\0]
    "ProtocolType"=dword:00000800
    "PPPProtocolType"=dword:00000021
    "TunnelMTU"=dword:00000570

    this dword values are in hex. Once you add them you can change the TunnelMTU to the value you wrote down, but make sure you set it to Decimal instead of hexadecimal.

    You can reference all of this at the following url:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;826159


    One more thing fo all those having problems with the hanging at log in. It most instances this is also a problem with the Windows pptp client. To fix the login hang, try changing the "Type of VPN" from Automatic to PPTP VPN in the properies of your vpn connection under the "Networking" tab. Windows has a problem improperly detecting a pptp connection as an l2tp ipsec tunnel......

    YMMV..........
     
  3. knight14th

    knight14th Network Guru Member

    The MTU setting of XP can not be responsible for this slow connection. Cause using linux and the pptp 1.4.0 client with an 1392 mtu or 996 MTU makes no difference. Cpu usage is still at about 100% and there is no way to load big web pages or copy files through pptp-tunnel.
     

Share This Page