[pptp-server] 619 Error

Gord Belsey gord at amador.ca
Mon Aug 14 12:33:21 CDT 2000


hmmm.....with a default policy of DENY, I think you need to add:

ipchains -A forward -p 47 -j ACCEPT

hope this is useful

Gord Belsey
  ----- Original Message ----- 
  From: Chris 
  To: pptp-server at lists.schulte.org 
  Sent: Monday, August 14, 2000 1:55 PM
  Subject: Re: [pptp-server] 619 Error


  ok so I do that and I still get error 619, but in my var/log/messages pptp says:
  GRE: read(fd=5,buffer=804d7c0,len=8196) from PTY fsiled: status = -1 error = Input/output error

  and then 
  CTRL: PTY read or GRE write failed (pty, gre)=(5,6)
  CTRL: Client 192.168.0.2 control connection finished


    ----- Original Message ----- 
    From: Michael Walter 
    To: 'Chris' 
    Cc: PPTPD User Group (E-mail) 
    Sent: Monday, August 14, 2000 9:03 AM
    Subject: RE: [pptp-server] 619 Error


    try this(from memory):
     
    # ENABLE IP FORWARDING
    echo 1 > /proc/sys/net/ipv4/ip_forward
     
    # SET THE DEFAULT POLICIES
    ipchains -P input DENY
    ipchains -P output DENY
    ipchains -P forward DENY
     
    # ALLOW GRE TRAFFIC
    ipchains -A input -p 47 -j ACCEPT
    ipchains -A output -p 47 -j ACCEPT
     
    # ALLOW TRAFFIC TO AND FROM THE DYNAMIC PORTS ON THE EXTERNAL INTERFACE
    ipchains -A input -d externalipaddress 49152:65535 -j ACCEPT 
    ipchains -A output -d externalipaddress 49152:65535 -j ACCEPT
     
    # ALLOW ALL INTERNAL TRAFFIC
    ipchains -A input -s 192.168.0.0/24 -j ACCEPT
    ipchains -A output -d 192.168.0.0/24 -j ACCEPT
     
    # MASQ ANY TRAFFIC FROM THE INTERNAL NETWORK TO THE INTERNET
    ipchains -A forward -s 192.168.0.0/24 -j MASQ
     
    I don't think you need to do anything with syn cookies because there are no connections coming back, but I could be wrong.  This allows all gre traffic, all internal-internal traffic, masq's internal-external, and external-internal traffic that comes in on the dynamically assigned ip ports.
     
    Thanks, 
    Michael J. Walter 
    rhce mcse mcp+i a+ 
    Network Administrator 
    Gliatech, Inc. 
    23420 Commerce Park Rd. 
    Beachwood, Ohio 44122 
    Tel: (216) 831-3200 
    Email: walterm at gliatech.com 

      -----Original Message-----
      From: Chris [mailto:cliles at gw.total-web.net]
      Sent: Monday, August 14, 2000 2:41 PM
      To: pptp-server at lists.schulte.org
      Subject: Re: [pptp-server] 619 Error


      I've got 
      ipchains -A input -p tcp -d externalipaddress 1723 -j ACCEPT
      ipchains -A input -p 47 -d externalipaddress -j ACCEPT
      ipchains -A output -p tcp -s 0.0.0.0/0 1723 -j ACCEPT
      ipchains -A output -p 47 -s 0.0.0.0/0 -j ACCEPT
      to allow the traffic 
      and I've got 
      ipchains -A forward -p tcp -s 192.168.0.0/24 -j MASQ
      ipchains -A forward -p 47 -s 192.168.0.0/24 -j MASQ
      to masq the traffic
      I might have something wrong with my firewalling as I have no clue what the above masqing stuff does.

        ----- Original Message ----- 
        From: Michael Walter 
        To: 'Chris' 
        Cc: PPTPD User Group (E-mail) 
        Sent: Monday, August 14, 2000 8:05 AM
        Subject: RE: [pptp-server] 619 Error


        make sure that you allow the gre protocol on your masq'ing box.
         
        ipchains -A input -p 47 -j ACCEPT 
        ipchains -A output -p 47 -j ACCEPT
         
         
        Thanks, 

        Michael J. Walter 
        rhce mcse mcp+i a+ 
        Network Administrator 
        Gliatech, Inc. 
        23420 Commerce Park Rd. 
        Beachwood, Ohio 44122 
        Tel: (216) 831-3200 
        Email: walterm at gliatech.com 

          -----Original Message-----
          From: Chris [mailto:cliles at gw.total-web.net]
          Sent: Monday, August 14, 2000 1:50 PM
          To: pptp-server at lists.schulte.org
          Subject: Fw: [pptp-server] 619 Error


          Alright guys, the kernel is patched to allow vpn masqing, everything was compiled into the kernel rather than in modules so I know that those options are working. Bascily what is still happening is that the client connects and authenticates with ppp but the pptp can't do something so it crashes. I still get a 619 error, and pptp says 
          CTRL: PTY or GRE write failed (pty,gre) =(5,6)
          CTRL: Client 192.168.0.2 control connection finished
          and PPP says that I authenticate with mschap-v2 but then it says:
          LCP terminated by peer (#sBN@^@BM-f)
          Connection terminated.

          All I want to do is connect to the vpn server so I can access my home lan away from home. I am trying to connect to the vpn server from a win2000 box behind a linux masqing box that is also running poptop.
          Thanks,

          Chris Liles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000814/7fa4a170/attachment.html>


More information about the pptp-server mailing list