[pptp-server] 619 Error
Chris
cliles at gw.total-web.net
Mon Aug 14 14:55:40 CDT 2000
ok so I do that and I still get error 619, but in my var/log/messages pptp says:
GRE: read(fd=5,buffer=804d7c0,len=8196) from PTY fsiled: status = -1 error = Input/output error
and then
CTRL: PTY read or GRE write failed (pty, gre)=(5,6)
CTRL: Client 192.168.0.2 control connection finished
----- Original Message -----
From: Michael Walter
To: 'Chris'
Cc: PPTPD User Group (E-mail)
Sent: Monday, August 14, 2000 9:03 AM
Subject: RE: [pptp-server] 619 Error
try this(from memory):
# ENABLE IP FORWARDING
echo 1 > /proc/sys/net/ipv4/ip_forward
# SET THE DEFAULT POLICIES
ipchains -P input DENY
ipchains -P output DENY
ipchains -P forward DENY
# ALLOW GRE TRAFFIC
ipchains -A input -p 47 -j ACCEPT
ipchains -A output -p 47 -j ACCEPT
# ALLOW TRAFFIC TO AND FROM THE DYNAMIC PORTS ON THE EXTERNAL INTERFACE
ipchains -A input -d externalipaddress 49152:65535 -j ACCEPT
ipchains -A output -d externalipaddress 49152:65535 -j ACCEPT
# ALLOW ALL INTERNAL TRAFFIC
ipchains -A input -s 192.168.0.0/24 -j ACCEPT
ipchains -A output -d 192.168.0.0/24 -j ACCEPT
# MASQ ANY TRAFFIC FROM THE INTERNAL NETWORK TO THE INTERNET
ipchains -A forward -s 192.168.0.0/24 -j MASQ
I don't think you need to do anything with syn cookies because there are no connections coming back, but I could be wrong. This allows all gre traffic, all internal-internal traffic, masq's internal-external, and external-internal traffic that comes in on the dynamically assigned ip ports.
Thanks,
Michael J. Walter
rhce mcse mcp+i a+
Network Administrator
Gliatech, Inc.
23420 Commerce Park Rd.
Beachwood, Ohio 44122
Tel: (216) 831-3200
Email: walterm at gliatech.com
-----Original Message-----
From: Chris [mailto:cliles at gw.total-web.net]
Sent: Monday, August 14, 2000 2:41 PM
To: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] 619 Error
I've got
ipchains -A input -p tcp -d externalipaddress 1723 -j ACCEPT
ipchains -A input -p 47 -d externalipaddress -j ACCEPT
ipchains -A output -p tcp -s 0.0.0.0/0 1723 -j ACCEPT
ipchains -A output -p 47 -s 0.0.0.0/0 -j ACCEPT
to allow the traffic
and I've got
ipchains -A forward -p tcp -s 192.168.0.0/24 -j MASQ
ipchains -A forward -p 47 -s 192.168.0.0/24 -j MASQ
to masq the traffic
I might have something wrong with my firewalling as I have no clue what the above masqing stuff does.
----- Original Message -----
From: Michael Walter
To: 'Chris'
Cc: PPTPD User Group (E-mail)
Sent: Monday, August 14, 2000 8:05 AM
Subject: RE: [pptp-server] 619 Error
make sure that you allow the gre protocol on your masq'ing box.
ipchains -A input -p 47 -j ACCEPT
ipchains -A output -p 47 -j ACCEPT
Thanks,
Michael J. Walter
rhce mcse mcp+i a+
Network Administrator
Gliatech, Inc.
23420 Commerce Park Rd.
Beachwood, Ohio 44122
Tel: (216) 831-3200
Email: walterm at gliatech.com
-----Original Message-----
From: Chris [mailto:cliles at gw.total-web.net]
Sent: Monday, August 14, 2000 1:50 PM
To: pptp-server at lists.schulte.org
Subject: Fw: [pptp-server] 619 Error
Alright guys, the kernel is patched to allow vpn masqing, everything was compiled into the kernel rather than in modules so I know that those options are working. Bascily what is still happening is that the client connects and authenticates with ppp but the pptp can't do something so it crashes. I still get a 619 error, and pptp says
CTRL: PTY or GRE write failed (pty,gre) =(5,6)
CTRL: Client 192.168.0.2 control connection finished
and PPP says that I authenticate with mschap-v2 but then it says:
LCP terminated by peer (#sBN@^@BM-f)
Connection terminated.
All I want to do is connect to the vpn server so I can access my home lan away from home. I am trying to connect to the vpn server from a win2000 box behind a linux masqing box that is also running poptop.
Thanks,
Chris Liles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000814/e7f3461c/attachment.html>
More information about the pptp-server
mailing list