PPTP VPN can no longer connect

Hello,

I used to be able to connect to PPTP VPN just fine after following this post and this post, but suddenly I no longer able to connect after I do shutdown yesterday (I usually leave my computer on sleep).

Below is the journalctl log :

Sep 07 15:02:11 asv-home pppd[93410]: Connect: ppp0 <--> /dev/pts/2
Sep 07 15:02:11 asv-home NetworkManager[1351]: <info>  [1631001731.4348] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/28)
Sep 07 15:02:11 asv-home pptp[93413]: nm-pptp-service-93393 log[main:pptp.c:353]: The synchronous pptp option is NOT activated
Sep 07 15:02:11 asv-home systemd-udevd[93415]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Sep 07 15:02:11 asv-home pptp[93425]: nm-pptp-service-93393 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
Sep 07 15:02:11 asv-home pptp[93425]: nm-pptp-service-93393 log[ctrlp_disp:pptp_ctrl.c:781]: Received Start Control Connection Reply
Sep 07 15:02:11 asv-home pptp[93425]: nm-pptp-service-93393 log[ctrlp_disp:pptp_ctrl.c:815]: Client connection established.
Sep 07 15:02:12 asv-home pptp[93425]: nm-pptp-service-93393 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
Sep 07 15:02:12 asv-home pptp[93425]: nm-pptp-service-93393 log[ctrlp_disp:pptp_ctrl.c:900]: Received Outgoing Call Reply.
Sep 07 15:02:12 asv-home pptp[93425]: nm-pptp-service-93393 log[ctrlp_disp:pptp_ctrl.c:938]: Outgoing call established (call ID 1204, peer's call ID 3199).
Sep 07 15:02:42 asv-home pppd[93410]: LCP: timeout sending Config-Requests
Sep 07 15:02:42 asv-home pppd[93410]: Connection terminated.
Sep 07 15:02:42 asv-home NetworkManager[93410]: LCP: timeout sending Config-Requests
Sep 07 15:02:42 asv-home NetworkManager[93410]: Connection terminated.
Sep 07 15:02:42 asv-home NetworkManager[1351]: <warn>  [1631001762.4619] vpn-connection[0x5557500c0520,45375e92-d6eb-4869-b4dd-9e942908c708,"VPN 1",0]: VPN plugin: failed: connect-failed (1)
Sep 07 15:02:42 asv-home NetworkManager[93410]: Terminating on signal 15
Sep 07 15:02:42 asv-home NetworkManager[93410]: Modem hangup
Sep 07 15:02:42 asv-home pppd[93410]: Terminating on signal 15
Sep 07 15:02:42 asv-home NetworkManager[1351]: <info>  [1631001762.4622] vpn-connection[0x5557500c0520,45375e92-d6eb-4869-b4dd-9e942908c708,"VPN 1",0]: VPN plugin: state changed: stopping (5)
Sep 07 15:02:42 asv-home pppd[93410]: Modem hangup
Sep 07 15:02:42 asv-home NetworkManager[1351]: <info>  [1631001762.4623] vpn-connection[0x5557500c0520,45375e92-d6eb-4869-b4dd-9e942908c708,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Sep 07 15:02:42 asv-home pptp[93425]: nm-pptp-service-93393 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
Sep 07 15:02:42 asv-home pptp[93425]: nm-pptp-service-93393 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 12 'Call-Clear-Request'
Sep 07 15:02:42 asv-home pptp[93425]: nm-pptp-service-93393 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
Sep 07 15:02:42 asv-home pppd[93410]: Exit.
Sep 07 15:02:42 asv-home gnome-shell[4471]: Removing a network device that was not added
Sep 07 15:02:42 asv-home NetworkManager[1351]: <info>  [1631001762.4708] vpn-connection[0x5557500c0520,45375e92-d6eb-4869-b4dd-9e942908c708,"VPN 1",0]: VPN service disappeared

My office also has Forticlient VPN and I am able to use openfortivpn but somehow it doesn’t change the DNS address so I’m restricted to by-IP access only (I need the by-domain access). This issue seems come from how DNS is now managed by one of systemd services, and openfortivpn doesn’t support it yet (it looks like it still using the hosts file method).

I know PPTP is not recommended but my office use it and I can’t do anything about it. Right now I workaround it by running windows VM (PPTP from windows is running fine).

Any help is very appreciated. Thank you.

Sounds like the PPTP problem is not client-specific.
Try restarting the router or the server if possible.

Also, the openfortivpn issue may already be fixed:
1983017 – Re-enable resolvconf support

Thank you for the fast reply

I don’t think this is server issue as it only affect me alone (I’ve checked it with the network guy). Also the openfortivpn, I checked the resolvectl status still not add/change the DNS server. Output below:

Link 2 (enp0s25)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp3s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: [ISP DNS Address]
       DNS Servers: [ISP DNS Address]

Link 4 (virbr0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 23 (vboxnet0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 26 (ppp0)
Current Scopes: LLMNR/IPv4
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

For now I changed my workaround from using Windows VM to manually set up resolvectl DNS from this guide on archlinux wiki combined with openfortivpn. It works.

Still no luck on that PPTP though, and I will need to wait until the next network maintenance to check if restarting the server router can fix it.

Restart the client and its router and try to re-establish the PPTP connection.
Then check if the issue persists:

sysctl net.netfilter.nf_conntrack_helper

It’s best to split the openfortivpn problem to a separate thread, so we don’t mix different issues.

I’m sorry, I didn’t mean to include openfortivpn issue in this thread, I just trying to give as much as info of what I’ve tried/encountered. I’ll keep it in mind.

I’ve restarted the client and the router, and I still unable to connect. Output below :

Sep 07 16:24:00 asv-home NetworkManager[1124]: <info>  [1631006640.4131] audit: op="connection-activate" uuid="45375e92-d6eb-4869-b4dd-9e942908c708" name="VPN 1" pid=2017 uid=1000 result="success"
Sep 07 16:24:00 asv-home NetworkManager[1124]: <info>  [1631006640.4178] vpn-connection[0x560af3de8140,45375e92-d6eb-4869-b4dd-9e942908c708,"VPN 1",0]: Started the VPN service, PID 2848
Sep 07 16:24:00 asv-home NetworkManager[1124]: <info>  [1631006640.4258] vpn-connection[0x560af3de8140,45375e92-d6eb-4869-b4dd-9e942908c708,"VPN 1",0]: Saw the service appear; activating connection
Sep 07 16:24:00 asv-home NetworkManager[1124]: <info>  [1631006640.5538] vpn-connection[0x560af3de8140,45375e92-d6eb-4869-b4dd-9e942908c708,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
Sep 07 16:24:00 asv-home NetworkManager[1124]: <info>  [1631006640.5586] vpn-connection[0x560af3de8140,45375e92-d6eb-4869-b4dd-9e942908c708,"VPN 1",0]: VPN plugin: state changed: starting (3)
Sep 07 16:24:00 asv-home pppd[2861]: Plugin /usr/lib64/pppd/2.4.9/nm-pptp-pppd-plugin.so loaded.
Sep 07 16:24:00 asv-home NetworkManager[2861]: Plugin /usr/lib64/pppd/2.4.9/nm-pptp-pppd-plugin.so loaded.
Sep 07 16:24:00 asv-home kernel: PPP generic driver version 2.4.2
Sep 07 16:24:00 asv-home pppd[2861]: pppd 2.4.9 started by root, uid 0
Sep 07 16:24:00 asv-home pptp[2867]: nm-pptp-service-2848 log[main:pptp.c:353]: The synchronous pptp option is NOT activated
Sep 07 16:24:00 asv-home pppd[2861]: Using interface ppp0
Sep 07 16:24:00 asv-home NetworkManager[1124]: <info>  [1631006640.5860] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/6)
Sep 07 16:24:00 asv-home NetworkManager[2861]: Using interface ppp0
Sep 07 16:24:00 asv-home NetworkManager[2861]: Connect: ppp0 <--> /dev/pts/1
Sep 07 16:24:00 asv-home pppd[2861]: Connect: ppp0 <--> /dev/pts/1
Sep 07 16:24:00 asv-home systemd-udevd[2865]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Sep 07 16:24:00 asv-home pptp[2876]: nm-pptp-service-2848 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
Sep 07 16:24:00 asv-home pptp[2876]: nm-pptp-service-2848 log[ctrlp_disp:pptp_ctrl.c:781]: Received Start Control Connection Reply
Sep 07 16:24:00 asv-home pptp[2876]: nm-pptp-service-2848 log[ctrlp_disp:pptp_ctrl.c:815]: Client connection established.
Sep 07 16:24:01 asv-home pptp[2876]: nm-pptp-service-2848 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
Sep 07 16:24:01 asv-home pptp[2876]: nm-pptp-service-2848 log[ctrlp_disp:pptp_ctrl.c:900]: Received Outgoing Call Reply.
Sep 07 16:24:01 asv-home pptp[2876]: nm-pptp-service-2848 log[ctrlp_disp:pptp_ctrl.c:938]: Outgoing call established (call ID 36265, peer's call ID 3203).
Sep 07 16:24:31 asv-home pppd[2861]: LCP: timeout sending Config-Requests
Sep 07 16:24:31 asv-home pppd[2861]: Connection terminated.
Sep 07 16:24:31 asv-home NetworkManager[2861]: LCP: timeout sending Config-Requests
Sep 07 16:24:31 asv-home NetworkManager[2861]: Connection terminated.
Sep 07 16:24:31 asv-home NetworkManager[1124]: <warn>  [1631006671.6103] vpn-connection[0x560af3de8140,45375e92-d6eb-4869-b4dd-9e942908c708,"VPN 1",0]: VPN plugin: failed: connect-failed (1)
Sep 07 16:24:31 asv-home NetworkManager[1124]: <info>  [1631006671.6107] vpn-connection[0x560af3de8140,45375e92-d6eb-4869-b4dd-9e942908c708,"VPN 1",0]: VPN plugin: state changed: stopping (5)
Sep 07 16:24:31 asv-home NetworkManager[1124]: <info>  [1631006671.6146] vpn-connection[0x560af3de8140,45375e92-d6eb-4869-b4dd-9e942908c708,"VPN 1",0]: VPN service disappeared
Sep 07 16:24:31 asv-home pppd[2861]: Terminating on signal 15
Sep 07 16:24:31 asv-home gnome-shell[2017]: Removing a network device that was not added
Sep 07 16:24:31 asv-home NetworkManager[2861]: Terminating on signal 15
Sep 07 16:24:31 asv-home NetworkManager[2861]: Modem hangup
Sep 07 16:24:31 asv-home pppd[2861]: Modem hangup
Sep 07 16:24:31 asv-home pptp[2876]: nm-pptp-service-2848 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
Sep 07 16:24:31 asv-home pptp[2876]: nm-pptp-service-2848 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 12 'Call-Clear-Request'
Sep 07 16:24:31 asv-home pptp[2876]: nm-pptp-service-2848 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
Sep 07 16:24:31 asv-home pppd[2861]: Exit.

Below is output for the sysctl command :

[asv@asv-home ~] $ sudo sysctl net.netfilter.nf_conntrack_helper
[sudo] password for asv: 
net.netfilter.nf_conntrack_helper = 1

Also below is the PPTP config :

1e8cd897a2736f6cdd1102f73c5c3baca1992f7c.png321×571 23.3 KB

Edit : As a note, back when I can still connect, sometimes I need to disable the firewall to be able to connect. So I ran tests above with firewall disabled.

Do you use a router or a modem to connect to the internet?
Have you installed any relevant updates before the issue happened?

Note that disabling services only applies at startup.
Stop the firewall service to affect the runtime configuration.

I’m using tethering wifi from my smartphone, and no I haven’t updated anything system wise on my phone.

I also have tried disabling the firewall (systemctl disable firewalld.service) and reboot but still unable to connect. net.netfilter.nf_conntrack_helper output as 1;

Let’s check the facts:

• Until recently, PPTP worked fine.
• Nothing has changed on the client side.
• Connection tracking helper is enabled.
• Disabling firewall doesn’t affect the result.

It’s logical to assume the problem is unrelated to Fedora.
Looks like its root cause is somewhere upstream.

You can try restarting the smartphone or using another ISP.

Okay, I’ll do some checks with different laptop, different distro (probably fresh install fedora 34, ubuntu 20, and/or centos 7), and different ISP. I’ll update as soon as it done.

Thank you for your helps

Update, I’ve tested it on another fedora 34, centos 7, and ubuntu 20, and both has similar results. Sometimes it does connect but sometimes it doesn’t, which I assume it must be something in the server side, maybe incompatibility in settings or something in the server’s network / ISP.

Thank you @vgaetera for the support! As I don’t have access to server’s settings / logs, I can’t think anything to resolve this, so I’ll mark this thread as closed. The solutions are either use gnome’s PPTP when it able to connect, or use openfortivpn and static DNS on system-resolved.

Sounds like a missing nathelper module on the ISP router.
This typically happens to clients behind NAT/CGNAT.