PPTP VPN problem over SpeedTouch ST516 solved

I recently needed to connect to a VPN over PPTP on either Ubuntu 10.10 (Maverick Meerkat), and/or Windows Vista running inside VirtualBox on Ubuntu, and/or Windows Vista running normally. I was using a SpeedTouch ST516 v6 DSL modem with TekSavvy as the ISP.

My initial attempts met with much resistance! On Vista I received errors 619 and 806, both of which suggested that GRE packets were either not being sent or were not getting through. /var/log/messages on Ubuntu gave similar evidence:

Mar 14 07:59:07 kittens pppd[2919]: Plugin /usr/lib/pppd/2.4.5//nm-pptp-pppd-plugin.so loaded.
Mar 14 07:59:07 kittens pppd[2919]: pppd 2.4.5 started by root, uid 0
Mar 14 07:59:07 kittens pppd[2919]: Using interface ppp0
Mar 14 07:59:07 kittens pppd[2919]: Connect: ppp0 <–> /dev/pts/1
Mar 14 07:59:38 kittens pppd[2919]: LCP: timeout sending Config-Requests
Mar 14 07:59:38 kittens pppd[2919]: Connection terminated.
Mar 14 07:59:38 kittens pppd[2919]: Modem hangup
Mar 14 07:59:38 kittens pppd[2919]: Exit.

The lack of GRE packets was confirmed using WireShark. All the evidence suggested that there was some kind of firewall or routing issue that was preventing the GRE packets from getting through.

Much searching revealed that this is not an uncommon problem, particularly on Vista. Many of the search results I turned up focused on anti-virus or firewall software causing the problem, or Vista’s Service Pack 1. Isolating for these factors made no difference in my case.

In a long shot, I contacted the ISP, TekSavvy, to see if they might be doing any filtering. Some search results suggested that sometimes ISPs filter GRE packets. They claimed that they did not filter GRE.

After some more bashing my head against the wall, I came up with this gem from Wikipedia:

Firmware version does not support PPTP (or GRE forwarding) when the ST516 is used in router mode.

This very specific limitation matched my exact model of modem, and version of firmware. After some investigation, I also discovered that TekSavvy had configured the modem in router mode (and preconfigured the PPPoE username/password) before sending it to me!

Given that the warning on Wikipedia was specific to a particular version of the firmware, I upgraded the firmware to see if that would fix it. Unusually, the modem’s web interface provides no facility to update the firmware. A Windows-only firmware update tool is provided instead. (An alternate method of updating firmware does exist for GNU/Linux based systems.)

The tool failed several times before I discovered that I had to set my Vista ethernet connection to a fixed IP in order to perform the update. After many attempts, it finally “worked”. It gave an error and indicated that the process had failed, but the web interface showed the new firmware apparently working, and I had Internet access.

The new firmware did nothing to solve the problem.

What did solve the problem was setting the router up in bridge mode, and moving the PPPoE login to the desktop computer instead. Doing so allowed me to connect to the modem in two ways: one as a LAN and the other as a dumb modem. When connected as a dumb modem, I have Internet but can’t access the web interface for the modem. When connected as a LAN, I can only access the web interface for the modem.

All is working now, and I can connect to the VPN! I can only hope this post spares you similar difficulties.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s