[pptp-server] 619 Error

Michael Walter walterm at Gliatech.com
Mon Aug 14 11:03:20 CDT 2000 

try this(from memory):
 
# ENABLE IP FORWARDING
echo 1 > /proc/sys/net/ipv4/ip_forward
 
# SET THE DEFAULT POLICIES
ipchains -P input DENY
ipchains -P output DENY
ipchains -P forward DENY
 
# ALLOW GRE TRAFFIC
ipchains -A input -p 47 -j ACCEPT
ipchains -A output -p 47 -j ACCEPT
 
# ALLOW TRAFFIC TO AND FROM THE DYNAMIC PORTS ON THE EXTERNAL INTERFACE
ipchains -A input -d externalipaddress 49152:65535 -j ACCEPT 
ipchains -A output -d externalipaddress 49152:65535 -j ACCEPT
 
# ALLOW ALL INTERNAL TRAFFIC
ipchains -A input -s 192.168.0.0/24 -j ACCEPT
ipchains -A output -d 192.168.0.0/24 -j ACCEPT
 
# MASQ ANY TRAFFIC FROM THE INTERNAL NETWORK TO THE INTERNET
ipchains -A forward -s 192.168.0.0/24 -j MASQ
 
I don't think you need to do anything with syn cookies because there are no
connections coming back, but I could be wrong.  This allows all gre traffic,
all internal-internal traffic, masq's internal-external, and
external-internal traffic that comes in on the dynamically assigned ip
ports.
 
Thanks, 

Michael J. Walter 
rhce mcse mcp+i a+ 
Network Administrator 
Gliatech, Inc. 
23420 Commerce Park Rd. 
Beachwood, Ohio 44122 
Tel: (216) 831-3200 
Email: walterm at gliatech.com 

-----Original Message-----
From: Chris [mailto:cliles at gw.total-web.net]
Sent: Monday, August 14, 2000 2:41 PM
To: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] 619 Error


I've got 
ipchains -A input -p tcp -d externalipaddress 1723 -j ACCEPT
ipchains -A input -p 47 -d externalipaddress -j ACCEPT
ipchains -A output -p tcp -s 0.0.0.0/0 1723 -j ACCEPT
ipchains -A output -p 47 -s 0.0.0.0/0 -j ACCEPT
to allow the traffic 
and I've got 
ipchains -A forward -p tcp -s 192.168.0.0/24 -j MASQ
ipchains -A forward -p 47 -s 192.168.0.0/24 -j MASQ
to masq the traffic
I might have something wrong with my firewalling as I have no clue what the
above masqing stuff does.
 

----- Original Message ----- 
From: Michael  <mailto:walterm at Gliatech.com> Walter 
To: 'Chris' <mailto:cliles at gw.total-web.net>  
Cc: PPTPD User Group (E-mail) <mailto:pptp-server at lists.schulte.org>  
Sent: Monday, August 14, 2000 8:05 AM
Subject: RE: [pptp-server] 619 Error

make sure that you allow the gre protocol on your masq'ing box.
 

ipchains -A input -p 47 -j ACCEPT 
ipchains -A output -p 47 -j ACCEPT

 
 

Thanks, 

Michael J. Walter 
rhce mcse mcp+i a+ 
Network Administrator 
Gliatech, Inc. 
23420 Commerce Park Rd. 
Beachwood, Ohio 44122 
Tel: (216) 831-3200 
Email: walterm at gliatech.com <mailto:walterm at gliatech.com>  

-----Original Message-----
From: Chris [ mailto:cliles at gw.total-web.net
<mailto:cliles at gw.total-web.net> ]
Sent: Monday, August 14, 2000 1:50 PM
To: pptp-server at lists.schulte.org
Subject: Fw: [pptp-server] 619 Error


Alright guys, the kernel is patched to allow vpn masqing, everything was
compiled into the kernel rather than in modules so I know that those options
are working. Bascily what is still happening is that the client connects and
authenticates with ppp but the pptp can't do something so it crashes. I
still get a 619 error, and pptp says 
CTRL: PTY or GRE write failed (pty,gre) =(5,6)
CTRL: Client 192.168.0.2 control connection finished
and PPP says that I authenticate with mschap-v2 but then it says:
LCP terminated by peer (#sBN@^@BM-f)
Connection terminated.
 
All I want to do is connect to the vpn server so I can access my home lan
away from home. I am trying to connect to the vpn server from a win2000 box
behind a linux masqing box that is also running poptop.
Thanks,
 
Chris Liles

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000814/413ef786/attachment.html>

More information about the pptp-server mailing list