VPN Server Clinic: Why did my VPN server stop working?

Reply Subscribe

Thread Tools

Search this Thread

Nov 13, 2017, 9:40 am

#16

nomad1972

Join Date: Oct 2017

Posts: 78

Quote:

Originally Posted by Dodge DeBoulet

Hey Paul, just double checking. The terminal capture that you had posted actually showed an attempt to run netstat after the iptables dump, but included an extra # at the beginning. I'm assuming you ran it again without the hash ... ?

Not from the logs he supplied. He did however paste the iptables -L outback back into the console and got a whole bunch of shell errors.

Nov 13, 2017, 9:42 am

#17

PTravel

FlyerTalk Evangelist

Original Poster

Join Date: Mar 2004

Location: Newport Beach, California, USA

Posts: 36,062

The output from IPTables -L -vn is here:

http://www.paultauger.com/IPTable2List.txt

I'll have to try connecting while the syslog output is running later.

Nov 13, 2017, 9:46 am

#18

Ditto

Join Date: Mar 2016

Location: CPT,AMS

Posts: 4,412

Quote:

Originally Posted by PTravel

The output from IPTables -L -vn is here:

http://www.paultauger.com/IPTable2List.txt

I'll have to try connecting while the syslog output is running later.

So these are the entries of interest:Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
23338 2913K logaccept 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 80 ACCEPT tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
0 0 logaccept tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723It shows 2 packets coming from VLAN2 (which is presumably your LAN side), and nothing from any other interface (including the WAN side), it also depends on when this was captured as counters may be reset in some cases.

When you try to connect, you can run the following command twice, once before and once after (this will further limit the amount of output)

iptables -L INPUT -vn

And then take a look if the 3rd line pkts/bytes column increases, also since it is sending packets to 'logaccept', log entries will be added to the syslog file.

Nov 13, 2017, 9:47 am

#19

nomad1972

Join Date: Oct 2017

Posts: 78

Quote:

Originally Posted by PTravel

The output from IPTables -L -vn is here:

http://www.paultauger.com/IPTable2List.txt

I'll have to try connecting while the syslog output is running later.

Offtopic, I'm glad to see I'm not the only loon left who still runs a SlingBox with remote viewing enabled.

PTravel likes this.

Nov 13, 2017, 9:52 am

#20

nomad1972

Join Date: Oct 2017

Posts: 78

Quote:

Originally Posted by Ditto

VLAN2 seems to be his WAN.

Nov 13, 2017, 9:53 am

#21

Dodge DeBoulet

Join Date: May 2004

Location: Exclusively OMNI/PR, for Reasons

Posts: 4,188

Quote:

Originally Posted by nomad1972

Not from the logs he supplied. He did however paste the iptables -L outback back into the console and got a whole bunch of shell errors.

This was in the original file:

Code:

root@Fred3:~# root@Fred3:~# # netstat -an | grep 1723
-sh: root@Fred3:~#: not found

So at some point he included the hash ... that's why I double-checked

But maybe you were referring to the "ran it again" part?

Nov 13, 2017, 9:59 am

#22

Dodge DeBoulet

Join Date: May 2004

Location: Exclusively OMNI/PR, for Reasons

Posts: 4,188

Quote:

Originally Posted by nomad1972

This is GOOD. Nothing means an open TCP connection has been established and you can access 1723/TCP from the outside world. You can close the connection it by typing ^]

I'm pretty sure his telnet was to port 23; I had asked him to ssh into the router and he probably didn't have that enabled so used telnet instead ... and managed to grab the iptables dumps thereby

PTravel likes this.

Nov 16, 2017, 10:15 pm

#23

JamesBigglesworth

Join Date: Feb 2014

Location: Frensham, Lincolnshire

Programs: RFC

Posts: 5,085

This thread is like reading a murder mystery novel.

Nov 17, 2017, 6:52 am

#24

PTravel

FlyerTalk Evangelist

Original Poster

Join Date: Mar 2004

Location: Newport Beach, California, USA

Posts: 36,062

The mystery deepens. Yesterday, VPN started working again. By itself. Without my having done anything.

Dec 30, 2017, 6:49 pm

#25

PTravel

FlyerTalk Evangelist

Original Poster

Join Date: Mar 2004

Location: Newport Beach, California, USA

Posts: 36,062

Update.

It looks like a hardware problem in the router, as it started acting up in other ways. I've replaced it with a new router (not using dd-wrt this time) and everything's working fine.

Thanks, everyone!