pingle.org

Comments

I was not able to connect from WinXP SP2, using default connection options when creating connection, still getting the above error that noipparam was supposed to fix, any ideas?

Comment by Jamie Bah — 5/9/2006 @ 4:18 pm

Were you getting the “Label ipparam rejected” error, the GRE error, or both?

The GRE error can also be caused by the traffic being firewalled locally.

If you send me your pptpd.conf and ppp.conf (make sure to remove any passwords!) I might be able to take a look. I’ve used this same config on 3 servers so far, and it’s worked on all 3. However, before I settled on this config I did get that error a lot while refining the options.

Jim

Comment by jim — 5/9/2006 @ 5:10 pm

I am also getting the following error, can you advise what fixes it or the cause?
ppp[pid]: Warning: Label ipparam rejected -direct connection: Configuaration label not found

Cheers,

Mal

Comment by mal — 8/31/2006 @ 8:05 pm

Have you tried setting “noipparam” in your pptpd.conf file? Are you sure that your files match up with what I posted?

Also, this can fix some errors: Try forcing the Windows PPTP client to use MS-CHAPv2. Go to the properties of the connection, click the security tab, set the options to “Advanced”, click “Settings”, select “Allow these protocols”, and check only MS-CHAP v2. Click OK until you’re out, and try again.

Comment by jim — 9/5/2006 @ 11:25 am

can win xp vpn client connect anywhere?
i can´t connect from home to office vpn server – i have standard pppoe connection (dynamic IP aadress and port closed)

connection error: 619

Comment by kaido — 9/5/2006 @ 2:37 pm

I have used XP’s PPTP client from a lot of places, and it usually Just Works. I don’t see any reason why it would not work over a PPPoE connection, although I have not tried it.

I assume you are connecting to a Poptop server, what errors, if any, are showing up on the server?

Comment by jim — 9/5/2006 @ 2:44 pm

I try different win xp computers but nothing…still error 619

here is server ppp.log

Sep 6 22:02:17 freebsd ppp[4216]: Phase: Using interface: tun0
Sep 6 22:02:17 freebsd ppp[4216]: Phase: deflink: Created in closed state
Sep 6 22:02:17 freebsd ppp[4216]: Command: loop: set device localhost:pptp
Sep 6 22:02:17 freebsd ppp[4216]: Command: loop: set dial
Sep 6 22:02:17 freebsd ppp[4216]: Command: loop: set login
Sep 6 22:02:17 freebsd ppp[4216]: Command: loop: set ifaddr 192.168.50.81 192.168.50.225-192.168.50.235 255.255.255.0
Sep 6 22:02:17 freebsd ppp[4216]: IPCP: Selected IP address 192.168.50.231
Sep 6 22:02:17 freebsd ppp[4216]: Command: loop: add default HISADDR
Sep 6 22:02:17 freebsd ppp[4216]: Warning: Add route failed: 0.0.0.0/0 already exists
Sep 6 22:02:17 freebsd ppp[4216]: Command: loop: set server /tmp/loop ******** 0177
Sep 6 22:02:17 freebsd ppp[4216]: Phase: Listening at local socket /tmp/loop.
Sep 6 22:02:17 freebsd ppp[4216]: Command: pptp: disable pap
Sep 6 22:02:17 freebsd ppp[4216]: Command: pptp: enable passwdauth
Sep 6 22:02:17 freebsd ppp[4216]: Command: pptp: disable ipv6cp
Sep 6 22:02:17 freebsd ppp[4216]: Command: pptp: enable proxy
Sep 6 22:02:17 freebsd ppp[4216]: Command: pptp: accept dns
Sep 6 22:02:17 freebsd ppp[4216]: Command: pptp: enable MSChapV2
Sep 6 22:02:17 freebsd ppp[4216]: Command: pptp: enable mppe
Sep 6 22:02:17 freebsd ppp[4216]: Command: pptp: disable deflate pred1
Sep 6 22:02:17 freebsd ppp[4216]: Command: pptp: deny deflate pred1
Sep 6 22:02:17 freebsd ppp[4216]: Command: pptp: set dns 194.126.115.18
Sep 6 22:02:17 freebsd ppp[4216]: Command: pptp: set device !/etc/ppp/secure
Sep 6 22:02:17 freebsd ppp[4216]: Phase: PPP Started (direct mode).
Sep 6 22:02:17 freebsd ppp[4216]: Phase: bundle: Establish
Sep 6 22:02:17 freebsd ppp[4216]: Phase: deflink: closed -> opening
Sep 6 22:02:17 freebsd ppp[4216]: Phase: deflink: Connected!
Sep 6 22:02:17 freebsd ppp[4216]: Phase: deflink: opening -> carrier
Sep 6 22:02:17 freebsd ppp[4216]: Phase: deflink: carrier -> lcp
[LCP Traffic removed]
Sep 6 22:02:32 freebsd ppp[4216]: Phase: deflink: Disconnected!
Sep 6 22:02:32 freebsd ppp[4216]: Phase: deflink: Connect time: 15 secs: 241 octets in, 416 octets out
Sep 6 22:02:32 freebsd ppp[4216]: Phase: deflink: 5 packets in, 10 packets out
Sep 6 22:02:32 freebsd ppp[4216]: Phase: total 43 bytes/sec, peak 67 bytes/sec on Wed Sep 6 22:02:19 2006
Sep 6 22:02:32 freebsd ppp[4216]: Phase: deflink: lcp -> closed
Sep 6 22:02:32 freebsd ppp[4216]: Phase: bundle: Dead
Sep 6 22:02:32 freebsd ppp[4216]: Phase: PPP Terminated (normal).

Comment by kaido — 9/6/2006 @ 11:27 am

Looking around a bit I see that error 619 is most often caused by (a) A router you’re going through not supporting PPTP passthrough, or (b) something filtering the PPTP port or GRE protocol before it gets to the Poptop server.

If your PPPoE connection is handled by a modem/router, check to make sure it has a PPTP Passthrough or VPN passthrough option and that it is enabled.

Comment by Jim — 9/6/2006 @ 2:28 pm

in PPPOE connection is ip protokoll 47 (GRE)closed, but it´s very popular ISP on my country
I try OpenVPN now

Comment by kaido — 9/7/2006 @ 3:16 pm

Sorry to hear that you can’t get PPTP working. I haven’t used OpenVPN before, but I hear that it works really well.

I have heard some people also talk about Hamachi and there is a Linux client, but I don’t know if it would work on FreeBSD or not. If you have two Windows machines, both behind NAT, this can create a tunnel between them. Unfortunately, this requires the connection be initialized by contacting a third-party server, which is the reason I don’t like it.

Comment by jim — 9/7/2006 @ 6:32 pm

Thank you it works

Using pptpd@ubuntu and your pptpd.conf settings made it work

Comment by Tommy — 12/30/2006 @ 12:49 pm

What should the contents of /etc/ppp/secure look like?

In previous versions it was something like

#!/bin/sh
exec /usr/sbin/ppp

Comment by Jorge — 1/24/2007 @ 9:12 pm

At one point I had this in /etc/ppp/secure:
#!/bin/sh exec /usr/sbin/ppp -direct loop-in

But now I actually do not have any file there at all.

Comment by jim — 1/24/2007 @ 9:16 pm

Do you mean you have no /etc/ppp/secure file at all?

Comment by Jorge — 2/6/2007 @ 12:15 am

That’s correct, I have no /etc/ppp/secure file at all.

Comment by jim — 2/6/2007 @ 7:03 am

…strange…an xp systeam does connect and can ping every computer on the network but can’t see netbios names and shares. There have been no changes to the firewall and it used to work using freebsd 5.3

Comment by Jorge — 2/6/2007 @ 3:50 pm

I haven’t tested this one myself, because I don’t run windows shares across PPTP, but the usual suggestions for network browsing may apply:

Are you using a WINS server? If so, is that being set or passed to the PPTP client?

Can you still access the shares by using \\1.2.3.4\ (with a proper IP address, of course)?

Is broadcast traffic being passed back and forth?

There are many differences between 5.3 and 6.x, but I am not sure what may have caused this to pop up.

Comment by jim — 2/9/2007 @ 9:23 am

Realy helped, thank you.

Comment by proctozont — 4/18/2007 @ 3:16 am

Hello.
It works, and i did before another kind of on a linux debian, but i think that FreeBSD its better.
i have only this strange message on screen (/var/log/messages):

Apr 26 23:09:15 fw pptpd[99783]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!

I really don’t understand what it is mean!

Comment by xer — 4/27/2007 @ 3:43 am

I forgot to say…
My FreeBSD (legacy 5.5) doesn’t have the file called:
/etc/ppp/secure

So, i did it as follow:

#|/bin/sh
exec /usr/sbin/ppp -direct loop-in

It works, but i don’t know if is the right way, i found it on google search.
Another one, in /etc/ppp/ppp.secret you can ASSIGN the given IP as follow:
username password “192.168.0.215″

To that username will be assigned THAT ip, it works, so you don’t have to make a RANGE, can be useful?

Comment by xer — 4/27/2007 @ 7:53 am

tail -f /var/log/messages
Aug 23 19:08:35 kunam pptpd[34764]: CTRL: PTY read or GRE write failed (pty,gre)=(7,6)
Aug 23 19:08:35 kunam ppp[34765]: Warning: 192.168.212.140: Cannot determine ethernet address for proxy ARP
Aug 23 19:09:24 kunam ppp[34914]: Warning: Add route failed: 0.0.0.0/0 already exists
Aug 23 19:09:40 kunam pptpd[34913]: GRE: read(fd=7,buffer=804d580,len=8196) from PTY failed: status = 0 error = No error
Aug 23 19:09:40 kunam pptpd[34913]: CTRL: PTY read or GRE write failed (pty,gre)=(7,6)
Aug 23 19:09:40 kunam ppp[34914]: Warning: 192.168.212.141: Cannot determine ethernet address for proxy ARP
Aug 23 19:16:27 kunam ppp[35182]: Warning: Add route failed: 0.0.0.0/0 already exists
Aug 23 19:16:43 kunam pptpd[35181]: GRE: read(fd=7,buffer=804d580,len=8196) from PTY failed: status = 0 error = No error
Aug 23 19:16:43 kunam pptpd[35181]: CTRL: PTY read or GRE write failed (pty,gre)=(7,6)
Aug 23 19:16:43 kunam ppp[35182]: Warning: 192.168.212.142: Cannot determine ethernet address for proxy ARP

please help me…
what do you do ?

thank’s

Comment by yudy — 8/23/2007 @ 8:10 am

no offense … what used poptop for if in freebsd we’ve much robust one that’s MPD… trust me MPD could easily configured and could do l2tp, pptp , and many more

Comment by Ryan — 8/4/2008 @ 5:50 am

If you have a link to a tutorial or information on MPD, I’d happily link to it. Poptop works well and really wasn’t that hard to configure, and works on multiple platforms.

That’s the great thing about UNIX, there is usually more than one good way to get the job done, and the choice is left up to the admin or user. :)

Comment by jim — 8/4/2008 @ 7:22 am

I realize this is a very very old post, but I’ve been using it as a reference to get poptop working on freeBSD 6.3. I’ve used about 5 or 6 different website recommended configurations and can’t get it to work.

Just in case you still monitor this at all, here is the error I’m getting. Similar to your above, but slightly different and I can’t fix it:
Warning: Label /etc/ppp/ppp.conf rejected -direct connection: Configuration label not found
GRE: read(fd=7,buffer=804d580, len=8196) from PTY failed: status = 0 error = No Error
CTRL: PTY read or GRE write failed (pty,gre)=(7,6)

My usr/local/etc/pptpd.conf file looks like this:
option /etc/ppp/ppp.conf
localip
remoteip
pidfile /var/run/pptpd.pid
nobsdcomp
proxyarp
+chapms-v2
mppe-40
mppe-128
mppe-stateless
noipparam
debug

My etc/ppp/ppp.conf:
pptp:
set timeout 0
set log phase chat connect lcp ipcp tun
set dial
set login
enable passwdauth
enable mssfixup
set ifaddr
allow mode direct
set server /tmp/loop “” 0177
enable chap
enable mschapv2
disable pap
enable proxy
accept dns
set dns
set nbns
set device !/etc/ppp/secure

From client side, I’m running Windows XP and trying to do a standard VPN connection, getting 619 error after it tries to authenticate credentials.

Notes: I’m not using a /etc/ppp/secure file just like your setup recommends (getting same errors with or without it). I’ve played around with the firewall, and it’s definitely allowing connections on port 1723. I’ve put in code to allow GRE, but I have no way to test it (assuming it’s working because I was getting a GRE socket() error before I added it in).

Any help is appreciated more than you could possibly believe. Thank you.

Comment by Stumped — 6/26/2009 @ 5:48 pm

Sorry to say that I don’t run poptop anymore. I’ve replaced all my VPN terminating routers with pfSense boxes (http://www.pfsense.org/). :-)

They use MPD for PPTP, but I’ve also phased out almost all my PPTP VPNs, in favor of IPsec mobile clients with the Shrew Soft client, or OpenVPN.

I wish I could help, those do look like the errors I saw before, but I don’t recall any specifics except that when I was running with the config I posted here they went away…

Comment by jim — 6/26/2009 @ 5:57 pm

i am runing FreeBSD 8.0 , i need only PPTP client ,is there any standard configuration ,i tried mpd5 but i failed to success .

Comment by SIFE — 5/25/2010 @ 4:57 am

I haven’t needed to try this on pfSense 7 or 8 so I don’t know what works anymore. I run pfSense at the edge of all my networks and use OpenVPN or IPsec to interconnect now. I know mpd5 can be used as a PPTP client but I haven’t ever tried to configure it as such.

Comment by jim — 5/25/2010 @ 8:08 am

Comments

Leave a comment