FreeBSD 8.0 MPD5 PPTP 619 error

[pengtai]

startup:
        set user mpd mpd
        set web self 0.0.0.0 5006
        set web open
default:
        load pptp_server
pptp_server:
        set ippool add pool1 192.168.1.2 192.168.1.250
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
        set ipcp ranges 192.168.1.1/32 ippool pool1
        set ipcp dns 8.8.8.8
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless
        create link template L pptp
        set link action bundle B
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap eap
        set link enable chap
        set link keep-alive 10 60
        set link mtu 1460
        set pptp self 0.0.0.0
        set link enable incoming

Multi-link PPP daemon for FreeBSD

process 7717 started, version 5.5 (root@qy.cc 17:46  3-Aug-2011)
web: listening on 0.0.0.0 5006
PPTP: waiting for connection on 0.0.0.0 1723
[L] [L-1] Accepting PPTP connection
[L-1] Link: OPEN event
[L-1] LCP: Open event
[L-1] LCP: state change Initial --> Starting
[L-1] LCP: LayerStart
[L-1] PPTP: attaching to peer's outgoing call
[L-1] Link: UP event
[L-1] LCP: Up event
[L-1] LCP: state change Starting --> Req-Sent
[L-1] LCP: SendConfigReq #1
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 8e009bee
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] LCP: SendConfigReq #2
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 8e009bee
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] LCP: SendConfigReq #3
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 8e009bee
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] LCP: SendConfigReq #4
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 8e009bee
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] LCP: SendConfigReq #5
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 8e009bee
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] LCP: SendConfigReq #6
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 8e009bee
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] LCP: SendConfigReq #7
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 8e009bee
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] LCP: SendConfigReq #8
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 8e009bee
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] LCP: SendConfigReq #9
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 8e009bee
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] LCP: SendConfigReq #10
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 8e009bee
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] LCP: parameter negotiation failed
[L-1] LCP: state change Req-Sent --> Stopped
[L-1] LCP: LayerFinish
[L-1] PPTP call terminated
[L-1] Link: DOWN event
[L-1] LCP: Close event
[L-1] LCP: state change Stopped --> Closed
[L-1] LCP: Down event
[L-1] LCP: state change Closed --> Initial
[L-1] Link: SHUTDOWN event
[L-1] Link: Shutdown
[L-1] Accepting PPTP connection
[L-1] Link: OPEN event
[L-1] LCP: Open event
[L-1] LCP: state change Initial --> Starting
[L-1] LCP: LayerStart
[L-1] PPTP: attaching to peer's outgoing call
[L-1] Link: UP event
[L-1] LCP: Up event
[L-1] LCP: state change Starting --> Req-Sent
[L-1] LCP: SendConfigReq #1
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 077f2bd6
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] LCP: SendConfigReq #2
[L-1]   ACFCOMP
[L-1]   PROTOCOMP
[L-1]   MRU 1500
[L-1]   MAGICNUM 077f2bd6
[L-1]   AUTHPROTO CHAP MSOFTv2
[L-1]   MP MRRU 2048
[L-1]   MP SHORTSEQ
[L-1]   ENDPOINTDISC [802.1] 20 cf 30 50 e4 6f
[L-1] PPTP call terminated
[L-1] Link: DOWN event
[L-1] LCP: Close event
[L-1] LCP: state change Req-Sent --> Closing
[L-1] LCP: SendTerminateReq #3
[L-1] LCP: Down event
[L-1] LCP: LayerFinish
[L-1] LCP: state change Closing --> Initial
[L-1] Link: SHUTDOWN event
[L-1] Link: Shutdown

no Firewall

mpd_enable="YES"
mpd_flags="-b"
gateway_enable="YES"
natd_enable="YES"
natd_interface="em0"
ng_ipacct_enable="YES"

 

[ecazamir]

Error 619 rises when any form of VPN/Dial-up/PPPoE connection is unable to negotiate the parameters for the point-to-point channel. On your situation, error 619 indicate the network inability to properly carry the GRE packets. A ms-vpn session require that a GRE packets pass through network.

This may happen if a VPN client is coming from behind a NAT device which does not properly handle NAT for GRE, or somewhere between the client and the server a firewall is dropping GRE packets completely. Usually, if the gateway NAT-ing the client is running linux, loading the kernel module ip_conntrack_pptp and ip_nat_pptp fixes the problem.

Try running tcpdump on the server and look for IP/GRE packets when the client tries to establish the connection. If the client is communicating with the server using only TCP/1723, then your problem is the one described above.