PPTP Clients unable to access the internet and Internal Network Resources

Robert Chan · ‎05-23-2019

Hey guys good afternoon need some assistance about this issue.

Trying to set up a PPTP Server, clients are able to authenticate to this network but unable to gain Internet Access and unable to reach internal network resources.

Please assist.

Configurations are below:

Building configuration...

Current configuration : 3668 bytes
!
! Last configuration change at 19:52:42 UTC Thu May 23 2019 by robert
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname OGLE
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!

!
!
!
!

ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group PPTP_SER
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
license udi pid CISCO1921/K9 sn FTX1703853R
license accept end user agreement
license boot module c1900 technology-package securityk9
license boot module c1900 technology-package datak9
license boot module c1900 technology-package NtwkEssSuitek9
!
!

username cisco password 0 cisco

!
redundancy
!
!
!
!
!
ip ssh version 2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description INTERNET
no ip address
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/0
peer default ip address pool PPTP_Clients
no keepalive
ppp ipcp dns 8.8.4.4
ppp ipcp route default
!
interface Dialer1
ip address negotiated
ip mtu 1400
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1360
load-interval 30
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp chap hostname XXXX
ppp chap password 0 XXXX
!
ip local pool PPTP_Clients 192.168.4.20 192.168.4.35
no ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.4.10 22 interface Dialer1 22
ip nat inside source static tcp 192.168.4.10 25 interface Dialer1 25
ip nat inside source static tcp 192.168.4.10 110 interface Dialer1 110
ip nat inside source static tcp 192.168.4.10 143 interface Dialer1 143
ip nat inside source static tcp 192.168.4.10 587 interface Dialer1 587
ip nat inside source static tcp 192.168.4.10 993 interface Dialer1 993
ip nat inside source static tcp 192.168.4.10 8081 interface Dialer1 8081
ip nat inside source static tcp 192.168.4.10 27015 interface Dialer1 27015
ip nat inside source static tcp 192.168.4.10 27018 interface Dialer1 27018
ip nat inside source static tcp 192.168.4.10 27020 interface Dialer1 27020
ip nat inside source static tcp 192.168.4.10 443 interface Dialer1 443
ip nat inside source list 10 pool PPTP_Clients overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 110 permit ip any any
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
transport preferred ssh
transport input all
transport output all
line vty 5 15
exec-timeout 0 0
logging synchronous
login local
transport preferred ssh
transport input all
transport output all
!
scheduler allocate 20000 1000

!
end

Georg Pauwen · ‎05-23-2019

Hello,

make the changes marked in bold and check if that makes a difference:

interface Virtual-Template1
ip unnumbered GigabitEthernet0/0
peer default ip address pool PPTP_Clients
no keepalive
ppp ipcp dns 8.8.4.4
--> no ppp ipcp route default
!
interface Dialer1
ip address negotiated
ip mtu 1400
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1360
load-interval 30
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp chap hostname XXXX
ppp chap password 0 XXXX
!
ip local pool PPTP_Clients 192.168.4.20 192.168.4.35
no ip forward-protocol nd
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.4.10 22 interface Dialer1 22
ip nat inside source static tcp 192.168.4.10 25 interface Dialer1 25
ip nat inside source static tcp 192.168.4.10 110 interface Dialer1 110
ip nat inside source static tcp 192.168.4.10 143 interface Dialer1 143
ip nat inside source static tcp 192.168.4.10 587 interface Dialer1 587
ip nat inside source static tcp 192.168.4.10 993 interface Dialer1 993
ip nat inside source static tcp 192.168.4.10 8081 interface Dialer1 8081
ip nat inside source static tcp 192.168.4.10 27015 interface Dialer1 27015
ip nat inside source static tcp 192.168.4.10 27018 interface Dialer1 27018
ip nat inside source static tcp 192.168.4.10 27020 interface Dialer1 27020
ip nat inside source static tcp 192.168.4.10 443 interface Dialer1 443
-> no ip nat inside source list 10 pool PPTP_Clients overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit
!
access-list 1 permit 192.168.4.0 0.0.0.255
--> no access-list 110 permit ip any any

Robert Chan · ‎05-23-2019

ok sure no problem i will configure make the changes and see if it will work

Robert Chan · ‎05-23-2019

Please see these are the Debugs i am getting when i connect to the VPN router but still no internet access ?

OGLE(config)#
May 24 01:25:05.323: PPP: Alloc Context [27049BF4]
May 24 01:25:05.323: ppp3 PPP: Phase is ESTABLISHING
May 24 01:25:05.323: ppp3 PPP: Using AAA Unique Id = F
May 24 01:25:05.323: ppp3 PPP: Authorization required
May 24 01:25:05.323: ppp3 PPP: Using vpn set call direction
May 24 01:25:05.323: ppp3 PPP: Treating connection as a callin
May 24 01:25:05.323: ppp3 PPP: Session handle[FA000003] Session id[3]
May 24 01:25:05.323: ppp3 LCP: Event[OPEN] State[Initial to Starting]
May 24 01:25:05.323: ppp3
OGLE(config)# PPP: No remote authentication for call-in
May 24 01:25:05.323: ppp3 PPP LCP: Enter passive mode, state[Stopped]
May 24 01:25:05.327: ppp3 LCP: I CONFREQ [Stopped] id 0 len 21
May 24 01:25:05.327: ppp3 LCP: MRU 1400 (0x01040578)
May 24 01:25:05.327: ppp3 LCP: MagicNumber 0x03C63476 (0x050603C63476)
May 24 01:25:05.327: ppp3 LCP: PFC (0x0702)
May 24 01:25:05.327: ppp3 LCP: ACFC (0x0802)
May 24 01:25:05.327: ppp3 LCP: Callback 6 (0x0D0306)
May 24 01:25:05.327: ppp3 LCP: O CONFREQ [Stop
OGLE(config)#ped] id 1 len 10
May 24 01:25:05.327: ppp3 LCP: MagicNumber 0xB7620A20 (0x0506B7620A20)
May 24 01:25:05.327: ppp3 LCP: O CONFREJ [Stopped] id 0 len 7
May 24 01:25:05.327: ppp3 LCP: Callback 6 (0x0D0306)
May 24 01:25:05.327: ppp3 LCP: Event[Receive ConfReq-] State[Stopped to REQsent]
May 24 01:25:05.331: ppp3 LCP: I CONFACK [REQsent] id 1 len 10
May 24 01:25:05.331: ppp3 LCP: MagicNumber 0xB7620A20 (0x0506B7620A20)
May 24 01:25:05.331: ppp3 LCP: Event[Receive ConfAck] State[REQsent to ACKrcv
OGLE(config)#d]
May 24 01:25:05.331: ppp3 LCP: I CONFREQ [ACKrcvd] id 1 len 18
May 24 01:25:05.331: ppp3 LCP: MRU 1400 (0x01040578)
May 24 01:25:05.331: ppp3 LCP: MagicNumber 0x03C63476 (0x050603C63476)
May 24 01:25:05.331: ppp3 LCP: PFC (0x0702)
May 24 01:25:05.331: ppp3 LCP: ACFC (0x0802)
May 24 01:25:05.331: ppp3 LCP: O CONFNAK [ACKrcvd] id 1 len 8
May 24 01:25:05.331: ppp3 LCP: MRU 1500 (0x010405DC)
May 24 01:25:05.331: ppp3 LCP: Event[Receive ConfReq-] State[ACKrcvd to ACKrcvd]
May 24 01:25
OGLE(config)#:05.331: ppp3 LCP: I CONFREQ [ACKrcvd] id 2 len 18
May 24 01:25:05.331: ppp3 LCP: MRU 1400 (0x01040578)
May 24 01:25:05.331: ppp3 LCP: MagicNumber 0x03C63476 (0x050603C63476)
May 24 01:25:05.331: ppp3 LCP: PFC (0x0702)
May 24 01:25:05.331: ppp3 LCP: ACFC (0x0802)
May 24 01:25:05.331: ppp3 LCP: O CONFNAK [ACKrcvd] id 2 len 8
May 24 01:25:05.331: ppp3 LCP: MRU 1500 (0x010405DC)
May 24 01:25:05.331: ppp3 LCP: Event[Receive ConfReq-] State[ACKrcvd to ACKrcvd]
May 24 01:25:05.331: ppp3 LC
OGLE(config)#P: I CONFREQ [ACKrcvd] id 3 len 18
May 24 01:25:05.335: ppp3 LCP: MRU 1500 (0x010405DC)
May 24 01:25:05.335: ppp3 LCP: MagicNumber 0x03C63476 (0x050603C63476)
May 24 01:25:05.335: ppp3 LCP: PFC (0x0702)
May 24 01:25:05.335: ppp3 LCP: ACFC (0x0802)
May 24 01:25:05.335: ppp3 LCP: O CONFACK [ACKrcvd] id 3 len 18
May 24 01:25:05.335: ppp3 LCP: MRU 1500 (0x010405DC)
May 24 01:25:05.335: ppp3 LCP: MagicNumber 0x03C63476 (0x050603C63476)
May 24 01:25:05.335: ppp3 LCP: PFC (0x0702)
Ma
OGLE(config)#y 24 01:25:05.335: ppp3 LCP: ACFC (0x0802)
May 24 01:25:05.335: ppp3 LCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
May 24 01:25:05.335: ppp3 LCP: I IDENTIFY [Open] id 4 len 18 magic 0x03C63476MSRASV5.20
May 24 01:25:05.335: ppp3 LCP: I IDENTIFY [Open] id 5 len 24 magic 0x03C63476MSRAS-0-RCKID-PC
May 24 01:25:05.335: ppp3 LCP: I IDENTIFY [Open] id 6 len 24 magic 0x03C63476\x-uA#xE')OA^-^b
May 24 01:25:05.335: ppp3 PPP: Queue IPV6CP code[1] id[7]
May 24 01:25:05.335: ppp3 PPP: Queue IPCP code[
OGLE(config)#1] id[8]
May 24 01:25:05.339: ppp3 PPP: No authorization without authentication
May 24 01:25:05.339: ppp3 PPP: Phase is FORWARDING, Attempting Forward
May 24 01:25:05.339: ppp3 LCP: State is Open
May 24 01:25:05.343: Vi2.1 PPP: Phase is ESTABLISHING, Finish LCP
May 24 01:25:05.343: Vi2.1 PPP: Phase is UP
May 24 01:25:05.343: Vi2.1 IPCP: Protocol configured, start CP. state[Initial]
May 24 01:25:05.343: Vi2.1 IPCP: Event[OPEN] State[Initial to Starting]
May 24 01:25:05.343: Vi2.1 IPCP: O CONFREQ [St
OGLE(config)#arting] id 1 len 10
May 24 01:25:05.343: Vi2.1 IPCP: Address 192.168.4.1 (0x0306C0A80401)
May 24 01:25:05.343: Vi2.1 IPCP: Event[UP] State[Starting to REQsent]
May 24 01:25:05.343: Vi2.1 PPP: Process pending ncp packets
May 24 01:25:05.343: Vi2.1 IPCP: Redirect packet to Vi2.1
May 24 01:25:05.343: Vi2.1 IPCP: I CONFREQ [REQsent] id 8 len 34
May 24 01:25:05.343: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000)
May 24 01:25:05.343: Vi2.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
May 24 01:25:05.
OGLE(config)#343: Vi2.1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
May 24 01:25:05.343: Vi2.1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
May 24 01:25:05.343: Vi2.1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
May 24 01:25:05.343: Vi2.1 IPCP AUTHOR: Done. Her address 0.0.0.0, we want 0.0.0.0
May 24 01:25:05.343: Vi2.1 IPCP: Pool returned 192.168.4.11
May 24 01:25:05.343: Vi2.1 IPCP AUTHOR: no author-info for primary dns
May 24 01:25:05.343: Vi2.1 IPCP AUTHOR: no author-info for primary wins
May 24 01:25
OGLE(config)#:05.343: Vi2.1 IPCP AUTHOR: no author-info for seconday dns
May 24 01:25:05.343: Vi2.1 IPCP AUTHOR: no author-info for seconday wins
May 24 01:25:05.343: Vi2.1 IPCP: O CONFREJ [REQsent] id 8 len 16
May 24 01:25:05.343: Vi2.1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
May 24 01:25:05.343: Vi2.1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
May 24 01:25:05.343: Vi2.1 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent]
May 24 01:25:05.343: Vi2.1 IPV6CP: Redirect packet to Vi2.1
May 24 01:25:05
OGLE(config)#.343: Vi2.1 IPV6CP: I CONFREQ [UNKNOWN] id 7 len 14
May 24 01:25:05.343: Vi2.1 IPV6CP: Interface-Id C451:720F:2FBF:A3BF (0x010AC451720F2FBFA3BF)
May 24 01:25:05.343: Vi2.1 LCP: O PROTREJ [Open] id 2 len 20 protocol IPV6CP (0x01070010010AC451720F2FBFA3BF)
May 24 01:25:05.347: Vi2.1 IPCP: I CONFACK [REQsent] id 1 len 10
May 24 01:25:05.347: Vi2.1 IPCP: Address 192.168.4.1 (0x0306C0A80401)
May 24 01:25:05.347: Vi2.1 IPCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]
May 24 01:25:05.347: Vi2.1
OGLE(config)#IPCP: I CONFREQ [ACKrcvd] id 9 len 22
May 24 01:25:05.347: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000)
May 24 01:25:05.347: Vi2.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
May 24 01:25:05.347: Vi2.1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
May 24 01:25:05.347: Vi2.1 IPCP AUTHOR: no author-info for primary dns
May 24 01:25:05.347: Vi2.1 IPCP AUTHOR: no author-info for seconday dns
May 24 01:25:05.347: Vi2.1 IPCP: O CONFNAK [ACKrcvd] id 9 len 22
May 24 01:25:05.347: Vi2.1 IPCP: Address
OGLE(config)# 192.168.4.11 (0x0306C0A8040B)
May 24 01:25:05.347: Vi2.1 IPCP: PrimaryDNS 8.8.4.4 (0x810608080404)
May 24 01:25:05.347: Vi2.1 IPCP: SecondaryDNS 190.80.2.125 (0x8306BE50027D)
May 24 01:25:05.347: Vi2.1 IPCP: Event[Receive ConfReq-] State[ACKrcvd to ACKrcvd]
May 24 01:25:05.351: Vi2.1 IPCP: I CONFREQ [ACKrcvd] id 10 len 22
May 24 01:25:05.351: Vi2.1 IPCP: Address 192.168.4.11 (0x0306C0A8040B)
May 24 01:25:05.351: Vi2.1 IPCP: PrimaryDNS 8.8.4.4 (0x810608080404)
May 24 01:25:05.351: Vi2.1
OGLE(config)#IPCP: SecondaryDNS 190.80.2.125 (0x8306BE50027D)
May 24 01:25:05.351: Vi2.1 IPCP AUTHOR: no author-info for primary dns
May 24 01:25:05.351: Vi2.1 IPCP AUTHOR: no author-info for seconday dns
May 24 01:25:05.351: Vi2.1 IPCP: O CONFACK [ACKrcvd] id 10 len 22
May 24 01:25:05.351: Vi2.1 IPCP: Address 192.168.4.11 (0x0306C0A8040B)
May 24 01:25:05.351: Vi2.1 IPCP: PrimaryDNS 8.8.4.4 (0x810608080404)
May 24 01:25:05.351: Vi2.1 IPCP: SecondaryDNS 190.80.2.125 (0x8306BE50027D)
May 24 01:25:05.35
OGLE(config)#1: Vi2.1 IPCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
May 24 01:25:05.371: Vi2.1 IPCP: State is Open
May 24 01:25:05.371: Vi2.1 IPCP: Install default route thru 192.168.4.11
May 24 01:25:05.371: Vi2.1 IPCP: Install route to 192.168.4.11

Robert Chan · ‎05-23-2019

Please see i have made some additional changes to my configuration at my home network but no luck, i tested it out to see if this would work on a LAN with a regular client PC trying to authenticate to it.

Please see below, Please let me know if any additional information of changes is needed.

Building configuration...

Current configuration : 2324 bytes
!
! Last configuration change at 01:32:30 UTC Fri May 24 2019
! NVRAM config last updated at 01:32:34 UTC Fri May 24 2019
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname OGLE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp excluded-address 192.168.4.1 192.168.4.5
!
ip dhcp pool LAN
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 8.8.8.8
domain-name XXX
!
!
ip domain name XXX
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group PPTP_SERVER
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
!
!
!
license udi pid CISCO1921/K9 sn FGL152524WJ
!
!

username cisco password 0 cisco
!
redundancy
!
!
!
!
!
!
!
!
!
interface Loopback1
description LAN
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
interface GigabitEthernet0/0
description INTERNET
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
!
interface Serial0/0/0
no ip address
shutdown
!
!
interface Virtual-Template1
description PPTP_CLIENTS D/GATEWAY
ip unnumbered Loopback1
ip nat inside
ip virtual-reassembly
peer default ip address pool PPTP_Clients
no keepalive
ppp ipcp dns 8.8.4.4
ppp ipcp route default
ppp ipcp address accept
!
!
ip local pool PPTP_Clients 192.168.4.10 192.168.4.35
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
!
access-list 1 permit 192.168.4.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line aux 0
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
transport preferred ssh
transport input all
transport output all
line vty 5 15
exec-timeout 0 0
logging synchronous
login local
transport preferred ssh
transport input all
transport output all
!
scheduler allocate 20000 1000
end

Georg Pauwen · ‎05-24-2019

Hello,

try and bind a 'real' interface to the Virtual Template rather than the loopback:

interface GigabitEthernet0/1
ip address 192.168.4.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Virtual-Template1
description PPTP_CLIENTS D/GATEWAY
ip unnumbered GigabitEthernet0/1
ip nat inside
ip virtual-reassembly
peer default ip address pool PPTP_Clients
no keepalive