ArubaOS and Controllers

Reply
New Contributor
Posts: 3
Registered: ‎08-29-2011

PPTP VPN Issues

I am having an issue with PPTP VPN connections on my 3600 controller.

I hope there is an easy answer and it's just something easy I'm missing...

I have two SSIDs one is an employee network that allows users to connect via WPA2 Ent and be directly on our network with DHCP from our production DHCP server. PPTP VPN connections work fine from this network.

Our second SSID uses captive portal authentication and provides users a DHCP address from the controller on a separate VLAN. Whenever I try to connect from this network my PPTP client throws errors 721 and 619 and will not connect.

I have given both networks any any allow all rules and still see the same behavior. Traffic is tunneled back to the controller in both cases. Any insight would be appreciated.

Just to clarify Public internet -> Juniper firewall -> Aruba controller 10.X.X.X

-> Employee network (same subnet 10.X.X.X as Aruba controller, uses Juniper as gateway.)

-> Guest network (192.168.X.X network served from Aruba on separate VLAN. Uses Aruba's 192.168.X.X address as gateway. Can get to everything else fine.)

Thanks in advance,
Mark
Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: PPTP VPN Issues


I am having an issue with PPTP VPN connections on my 3600 controller.

I hope there is an easy answer and it's just something easy I'm missing...

I have two SSIDs one is an employee network that allows users to connect via WPA2 Ent and be directly on our network with DHCP from our production DHCP server. PPTP VPN connections work fine from this network.

Our second SSID uses captive portal authentication and provides users a DHCP address from the controller on a separate VLAN. Whenever I try to connect from this network my PPTP client throws errors 721 and 619 and will not connect.

I have given both networks any any allow all rules and still see the same behavior. Traffic is tunneled back to the controller in both cases. Any insight would be appreciated.

Just to clarify Public internet -> Juniper firewall -> Aruba controller 10.X.X.X

-> Employee network (same subnet 10.X.X.X as Aruba controller, uses Juniper as gateway.)

-> Guest network (192.168.X.X network served from Aruba on separate VLAN. Uses Aruba's 192.168.X.X address as gateway. Can get to everything else fine.)

Thanks in advance,
Mark





What version of code is this? Are you doing ip nat inside on the 192.168.x.x? In this case, it has been fixed in ArubaOS 5.0.4.0. From the release notes:

Bug 53494: The controller correctly processes NATed PPTP packets, allowing clients are able to establish a PPTP connection while connected to an Aruba controller.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎08-29-2011

Re: PPTP VPN Issues

The Aruba does have source NAT enabled for that VLAN. We are running 6.1.2.2 and still see the issue.
Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: PPTP VPN Issues

I do not see it in the release notes for that version of code. If you open up a TAC case and mention bug 53494, they can give you status for the version you are running. They are patched separately.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 760
Registered: ‎05-31-2007

PPTP VPN Issues

I have a site with a similar issue. The specific ID below is not yet patched in the 6.1 train.

A request to add this to the 6.1.2.x train was placed today. So I expect we will see it post 6.1.2.3.
Occasional Contributor II
Posts: 23
Registered: ‎12-22-2009

Re: PPTP VPN Issues


I have a site with a similar issue. The specific ID below is not yet patched in the 6.1 train.

A request to add this to the 6.1.2.x train was placed today. So I expect we will see it post 6.1.2.3.




Don't do NAT on that VLAN.
This issue occur because NATING.
Aruba
Posts: 760
Registered: ‎05-31-2007

PPTP VPN Issues

Don't do NAT'ing on a whole VLAN.. ? Wish it was that simple/optional ;)
Aruba
Posts: 760
Registered: ‎05-31-2007

PPTP VPN Issues

Thanks for the suggestion but ... there is no other box that can do NAT in the network. (its' a branch site).

The issue will be fixed soon enough.
New Contributor
Posts: 3
Registered: ‎08-29-2011

Re: PPTP VPN Issues

Thanks for the help!

I will either downgrade to the 5.0 train or wait it out for the resolution of the bug in 6.1.2.3.
Search Airheads
Showing results for 
Search instead for 
Did you mean: