Hurricane Electric's IPv6 Tunnel Broker Forums
June 19, 2013, 03:37:25 am *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Welcome to Hurricane Electric's Tunnelbroker.net forums!
 
   Home   Help Search Login Register  
Hurricane Electric's IPv6 Tunnel Broker Forums > Tunnelbroker.net Specific Topics > Questions & Answers > PPTP Connected but no Traffic
Pages: 1 2 3 [4] 5
« previous next »
  Print  
Author Topic: PPTP Connected but no Traffic  (Read 16024 times)
liuxyon
Jr. Member
**
Posts: 53



View Profile
« Reply #45 on: June 02, 2010, 09:24:53 am »
When I use a very short time, PPTP will not have any actual network traffic. But the windows system and found no disconnect.

I am windows 2003 and And in behind a router. LAN other computers sharing the PPTP connection.

Very anxious to solve this problem.  Huh
Logged
jgadmin
Newbie
*
Posts: 15


View Profile
« Reply #46 on: June 02, 2010, 03:30:20 pm »
The tunnel stops working for me about every half hour.  I get times between 20 minuets and 5 hours.
Logged
jimb
Hero Member
*****
Posts: 804


^^^ Warped picture


View Profile
« Reply #47 on: June 02, 2010, 03:49:44 pm »
Interesting.  I wonder what's causing the instability?  Is there more or less constant traffic across the PPTP?  I would suspect some stateful firewall or NAT closing a hole if the traffic dies out for more than two minutes or so.  Maybe try some keepalive pings, one per minute or so?

It's a pretty common situation if there's not an explicit rule to allow the traffic all the way through.  For instance, I have a friend set up on a 6in4 connection, and I must run a cron job to do a v6 ping across the pipe every two minutes or else his firewall (some Westell) closes the hole.
Logged
jgadmin
Newbie
*
Posts: 15


View Profile
« Reply #48 on: June 02, 2010, 05:27:51 pm »
Quote from: jimb on June 02, 2010, 03:49:44 pm
Interesting.  I wonder what's causing the instability?  Is there more or less constant traffic across the PPTP?  I would suspect some stateful firewall or NAT closing a hole if the traffic dies out for more than two minutes or so.  Maybe try some keepalive pings, one per minute or so?
There is not NAT in the way because my router, which has a real IP, is making the connection. The router is checking every 60 seconds if the other side of the VPN is pingable.  If it is not then the interface is brought down then 10 seconds later brought back up.
Logged
jimb
Hero Member
*****
Posts: 804


^^^ Warped picture


View Profile
« Reply #49 on: June 02, 2010, 07:32:37 pm »
Quote from: jgadmin on June 02, 2010, 05:27:51 pm
Quote from: jimb on June 02, 2010, 03:49:44 pm
Interesting.  I wonder what's causing the instability?  Is there more or less constant traffic across the PPTP?  I would suspect some stateful firewall or NAT closing a hole if the traffic dies out for more than two minutes or so.  Maybe try some keepalive pings, one per minute or so?
There is not NAT in the way because my router, which has a real IP, is making the connection. The router is checking every 60 seconds if the other side of the VPN is pingable.  If it is not then the interface is brought down then 10 seconds later brought back up.
It wouldn't necessarily have to be NAT.  Any firewall without an explicit policy rule allowing the traffic.
Logged
donaldgmartin
Newbie
*
Posts: 4


View Profile
« Reply #50 on: June 02, 2010, 10:30:12 pm »
Quote from: jimb on June 02, 2010, 03:49:44 pm
I would suspect some stateful firewall or NAT closing a hole if the traffic dies out for more than two minutes or so.
I don't think that's the reason - PPTP still dies after a random interval even if I run 'ping -t ripe.net' on my Win7 machine the whole time.
Logged
jimb
Hero Member
*****
Posts: 804


^^^ Warped picture


View Profile
« Reply #51 on: June 02, 2010, 11:58:15 pm »
K.  Who knows then.  Look at your logs.  :p
Logged
homeipv6
Newbie
*
Posts: 19


View Profile
« Reply #52 on: June 03, 2010, 05:47:04 am »
Quote from: jimb on June 02, 2010, 03:49:44 pm
Interesting.  I wonder what's causing the instability?  Is there more or less constant traffic across the PPTP?  I would suspect some stateful firewall or NAT closing a hole if the traffic dies out for more than two minutes or so.  Maybe try some keepalive pings, one per minute or so?
Yes, there is running ping over VPN.
I don't think that this is NAT issue because other (not tunnelbroker) PPTP VPN works fine.
Logged
Ninho
Full Member
***
Posts: 138


View Profile
« Reply #53 on: June 03, 2010, 06:36:04 am »
Quote from: jimb on June 02, 2010, 07:32:37 pm
It wouldn't necessarily have to be NAT.  Any firewall without an explicit policy rule allowing the traffic.

Hi Jim! I'm in the same boat as the others - or similar -

I don't run a software firewall at the moment on the Windows box which serves as IPv6 router and local tunnel endpoint. If it were a firewall thing, it would have to be inside the Speedtouch ST510 box, but that ain't it because 1) I have explicit firewalling disabled in the ST router, 2) if it were an (implicit?) rule blocking traffic somewhere along the chain, things would not work AT ALL. That it works correctly for minutes proves it is not this kind of settings problem.


What I experience and, I think, Jgadmin, Donald and others also have been experiencing is traffic inside the tunnel ceasing after X minutes, while the tunnel itself remains formally open.


A first thought would be dynamical NAT entries timing out, but the tunnel dies out even while pinging the end point constantly at 1 second intervals.

I even tried this : in the router, unbind the "helper" applications for proto 47 (GRE) and PPTP (TCP :1723) and establish FIXED mappings to the windows box instead [like I do, with success, for proto 41]. Unfortunately, in this instance it doesn't work ! Either I goofed while unbinding/reNATting, or the problem may be on HE's side.

I'd appreciate feedback/ help / diagnosing ideas from both the HE people on the one hand, you and the other Masters OTOH. Did I forget about some server addresses/ ports/ protos ?

JimB, you are telling you have got NO problem ? Are you connected directly to a public IP or behing a local NAT ? I could try a direct connection - by temporarily replacing the ST 510 by my old ST 330 (ADSL on USB) but I am not in a hurry to do that if it could be avoided at all...
« Last Edit: June 03, 2010, 06:42:37 am by Ninho » Logged
donaldgmartin
Newbie
*
Posts: 4


View Profile
« Reply #54 on: June 03, 2010, 07:39:40 am »
It's definitely not a NAT issue because PPPoE is established by my Linux box, not the ADSL router (which is set to bridge mode), so no NAT is involved. It's not conntrack either, because I have another PPTP tunnel going out of that box, and it's working fine.
Logged
jimb
Hero Member
*****
Posts: 804


^^^ Warped picture


View Profile
« Reply #55 on: June 03, 2010, 01:25:29 pm »
I'm not using PPTP.  I'm using a straight 6in4 tunnel from a linux box with a public IP.  I experimented with the PPTP just to play, and got it working from a Windows box behind my NAT, but didn't do any long term testing.

I don't know what's causing the problems people are having, and can only guess.  If you've eliminated some connection hole closing issue w/ firewall, then it's something else.  Could be anything.  Could easily be on the HE side (some bug in the PPTP or 6in4 or whatever in whatever software/hardware they're using).  Only way to know is to maybe do some packet captures, look at logfiles/event logs for clues, etc.
Logged
claas
Newbie
*
Posts: 11


View Profile
« Reply #56 on: June 04, 2010, 12:42:15 am »
Will both tunnelservers (PPTP and IPV6) stay on the same IPv4 address?
Are there plans to change it?
Logged
Ninho
Full Member
***
Posts: 138


View Profile
« Reply #57 on: June 04, 2010, 12:47:40 am »
Hi JimB !

Quote from: jimb on June 03, 2010, 01:25:29 pm
I'm not using PPTP.  I'm using a straight 6in4 tunnel from a linux box with a public IP.  I experimented with the PPTP just to play, and got it working from a Windows box behind my NAT, but didn't do any long term testing.

Oh, OK then! I don't need to use the PPTP either, simple 6in4 working very well  across the Speedtouch's NAT w/ termination at either Linux or Windows boxes. Just trying to help test the BETA PPTP tunnel; when test is over and things eventually work that may be helpful too as a conveniient secondary injection point into the V4 internet, for special test purposes or if/when the national gov' insists on controlling what we must/can't do and see on the web...

Quote
I don't know what's causing the problems people are having, and can only guess.  If you've eliminated some connection hole closing issue w/ firewall, then it's something else.  Could be anything.  Could easily be on the HE side (some bug in the PPTP or 6in4 or whatever in whatever software/hardware they're using).  Only way to know is to maybe do some packet captures, look at logfiles/event logs for clues, etc.

Yes I agree, as much as I hate to blame other parties for the problems I may experience, it could well be some connection tracking bug on HE's side.
« Last Edit: June 04, 2010, 12:49:28 am by Ninho » Logged
kcochran
Sr. Network Engineer, Hurricane Electric
Administrator
Sr. Member
*****
Posts: 260



View Profile
« Reply #58 on: June 04, 2010, 01:13:35 am »
Ok, we think we finally tracked down this one and in theory, it should be squished.  Tunnels shouldn't stop working randomly once they're up... or so it says here in fine print.

As it is, we already do some NAT preservation by sending LCP pings periodically over the PPP control link.  Keeps that channel live, and checks for dead links.
Logged
jimb
Hero Member
*****
Posts: 804


^^^ Warped picture


View Profile
« Reply #59 on: June 04, 2010, 01:23:09 am »
I 'spose you don't want to reveal what it was?  I'm always curious about this stuff.  Probably can't go into any detail without revealing the 11 herbs and spices though.   Wink
« Last Edit: June 04, 2010, 01:26:38 am by jimb » Logged
Pages: 1 2 3 [4] 5
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!