# pptp, GRE flooding

## alatar

After starting ppp with command sudo pon unlim I have the following output after 30 seconds:

```
eth0      Link encap:Ethernet  HWaddr 00:19:db:ef:74:57  

          inet addr:172.16.104.3  Bcast:172.16.104.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:29209 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3902 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:13298356 (12.6 MiB)  TX bytes:278864 (272.3 KiB)

          Interrupt:219 

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ppp0      Link encap:Point-to-Point Protocol  

          inet addr:10.3.255.86  P-t-P:10.3.11.113  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1460  Metric:1

          RX packets:3 errors:0 dropped:0 overruns:0 frame:0

          TX packets:5427423 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3 

          RX bytes:66 (66.0 B)  TX bytes:1938409620 (1.8 GiB)
```

It is strange because I have only 256kb/s connection. Though pppd works and the IP I get is right I can not ping nothing outside. When trying to run sudo tcpdump -i ppp0 > log I get the following output:

```
10:16:14.139060 IP 172.16.104.3 > 10.3.11.113: gre

10:16:14.576504 IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854631, length 72: IP 172.16.104.3 > 10.3.11.113: gre

10:16:14.576552 IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854632, length 108: IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854618, length 72: IP [|ip]

10:16:14.576560 IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854637, length 720: IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854623, length 684: IP [|ip]

10:16:14.576567 IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854638, length 1440: IP truncated-ip - 36 bytes missing! 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854624, length 1440: IP [|ip]

10:16:14.576574 IP 172.16.104.3 > 10.3.11.113: gre

10:16:14.576608 IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854639, length 72: IP 172.16.104.3 > 10.3.11.113: gre

10:16:14.576643 IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854640, length 108: IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854625, length 72: IP [|ip]

10:16:14.576650 IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854641, length 144: IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854626, length 108: IP [|ip]

10:16:14.576657 IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854644, length 252: IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854629, length 216: IP [|ip]

10:16:14.576663 IP 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854645, length 1440: IP truncated-ip - 36 bytes missing! 172.16.104.3 > 10.3.11.113: GREv1, call 45657, seq 1854630, length 1440: IP [|ip]

10:16:14.576670 IP 172.16.104.3 > 10.3.11.113: gre 
```

Note that this block is recurring, the whole size of log file after 40 seconds is almost 600MiB (!).

Here is the output of my /etc/ppp/peers/unlim file:

```
pty "pptp unlim.d5.khai.edu --nolaunchpppd --debug"

name dep

remotename pptp

require-mschap-v2

nomppe

lock

noauth

nobsdcomp

nodeflate

defaultroute

usepeerdns

debug
```

Please help, I need unlimited ppp connection to update my Gentoo box  :Smile: 

P.S. 'nomppe' option is required by my provider, because compression has been disabled.Last edited by alatar on Fri Apr 03, 2009 8:17 am; edited 1 time in total

----------

## alatar

I had tried to disable GRE support in kernel, but nothing really changed. The same output, the same problem. I think I am missing something very easy, but very important. Any variants?

----------

## alatar

I think I found out the problem. Google told that the reason is in some kind of loop when my ppp0 is up. All packets should be sent to the eth0 interface while they are sent to the virtual ppp0. That is why I have a lot of packets sent but very little received. 

Here is my route output after receiving IP from dhcp server:

```
Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

172.16.104.0    *               255.255.255.0   U     0      0        0 eth0

172.16.0.0      172.16.104.1    255.255.0.0     UG    0      0        0 eth0

10.0.0.0        172.16.104.1    255.0.0.0       UG    0      0        0 eth0

loopback        *               255.0.0.0       U     0      0        0 lo 
```

And here is the output after sudo pon unlim command:

```
Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.3.11.113     *               255.255.255.255 UH    0      0        0 ppp0

172.16.104.0    *               255.255.255.0   U     0      0        0 eth0

172.16.0.0      172.16.104.1    255.255.0.0     UG    0      0        0 eth0

10.0.0.0        172.16.104.1    255.0.0.0       UG    0      0        0 eth0

loopback        *               255.0.0.0       U     0      0        0 lo 
```

I had tried setting default route before ppp0, but the problem is still there when ppp0 is up:

```
Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.3.11.113     *               255.255.255.255 UH    0      0        0 ppp0

172.16.104.0    *               255.255.255.0   U     0      0        0 eth0

172.16.0.0      172.16.104.1    255.255.0.0     UG    0      0        0 eth0

10.0.0.0        172.16.104.1    255.0.0.0       UG    0      0        0 eth0

loopback        *               255.0.0.0       U     0      0        0 lo

default         *               0.0.0.0         U     0      0        0 eth0 
```

My ip address: 172.16.104.3

default gateway: 172.16.104.1

vpn server: 10.3.11.113

What am I missing?

----------

## mrness

Your VPN server is badly configured. It should never report its external IP address to its PPP clients as remote IP address, instead it should report the address configured on its internal network interface.

There is a workaround if you cannot fix your VPN server configuration. Just add commands in your /etc/ppp/ip-up script that removes the PPP host route and replace it with a route like this:

```

ip route del 10.3.11.113/32 dev ppp0

ip route add 192.168.0.0/24 dev ppp0

```

Note: replace 192.168.0.0/24 with the network prefix behind your VPN server.

----------

## alatar

The IP I get for ppp0 interface is 10.3.255.86. So right commands in /etc/ppp/ip-up are the following:

```
ip route del 10.3.11.113/32 dev ppp0

ip route add 10.3.255.0/24 dev ppp0 
```

Am I right? Or 'network prefix behind your VPN server' means something else?

----------

## mrness

Strictly speaking that prefix could be something else - IP address pool used for VPN clients could be allocated from a different prefix than the one used by LAN. You could try use this prefix; if you can't get access to services available for VPN clients, ask your admin about the correct prefix.

----------

## alatar

Thanks for you help. I will try this as soon as I get home.

----------

