serveral people have wroten about this issue . now i know it most like not MT that is at fault but the other router or pc.

--------------------------------------------------------------------------------

kchris wrote:
Hi!

First, I created PPPoE connection, then after disconnection I tried out the PPtP connection - but it fails. The login procedure (on the client XP) hangs up at "verifying username/password", then after a couple of seconds, an error message is displayed code 619.

I can't imagine what could cause this error, I think configuring a VPN is a quite straight-forward procedure...


I found another topic with the same error but it's in the archive. And it didn't worked for me (delete/recreate everything).

this is happing to a couple of our customers routers linksys and dlink . the wierd thing is every once in a while the can connect . but it is like 1 out 50 times they try to connect .

any help

or solution to the issue, other then just replace the router.

--------------------------------------------------------------------------------

I am running a couple of 2.8 firewalls, and I have a client PPTP VPN set up. I am able to connect from the outside via a Windows or OS/X PPTP client and get on the network, as well as inside via my WiFi interface.

However, it does not work when I am connecting from behind my MT firewall nor any of my customers' other home firewalls. It does work from behind the cheap Netgear box at my local coffee shop.

Any ideas? Should I switch to L2TP or IPSEC? Is there a firewall setting that makes NAT traversal more reliable?

Will send configs/logs as needed.

Thanks,

John


sten



Joined: 01 Jun 2004
Posts: 157
Location: Moss, Norway
Posted: Wed Jun 22, 2005 12:09 am Post subject:

--------------------------------------------------------------------------------

Properly configured MT router should work. At home you dont say if you are NATing or no but either way it should work. You dont say what kind of PPTP server you are using. Do you have PPTP enabled in Firewall->Ports ?

On to topic. PPTP is generally easier to get through firewalls than IPSec. L2TP however should go straight through (the easiest), unless it's been specifically firewall'ed out. However Microsoft's L2TP implementation wants to run with IPSec. I guess you could modify it to not use IPSec encryption on the L2TP tunnel using registry or something. (Try googling it).


arclight


Joined: 21 Jun 2005
Posts: 2
Location: Los Angeles, CA
Posted: Thu Jun 23, 2005 12:15 am Post subject: MT config for PPTP

--------------------------------------------------------------------------------

When I connect from outside my firewall, everything works and I get authenticated almost immediately. From inside my FW or my customer's home WiFi LAN, it hangs on "verifying username and password" and ends up with Microsoft error 619, if connecting from Windows XP.

Here are my configurations on the PPTP server:


[admin@MikroTik] interface pptp-server> pri det
Flags: X - disabled, D - dynamic, R - running
0 name="pptp-in1" user=""

# NAME PORTS
0 ftp 21
1 pptp
2 gre
3 X h323
4 mms
5 irc 6667
6 quake3
7 X tftp 69


[admin@MikroTik] ppp profile> pri
Flags: * - default
0 * name="default" local-address=0.0.0.0 remote-address=0.0.0.0
session-timeout=0s idle-timeout=0s use-compression=yes
use-vj-compression=no use-encryption=yes require-encryption=yes
only-one=no change-tcp-mss=yes tx-bit-rate=0 rx-bit-rate=0
incoming-filter="" outgoing-filter="" dns-server=4.2.2.1 wins-server=""


0 name="user1" service=pptp caller-id="" password="password123" profile=default
local-address=192.168.1.254 remote-address=192.168.1.241 routes=""
limit-bytes-in=0 limit-bytes-out=0

1 name="user2" service=pptp caller-id="" password="password123" profile=default
local-address=192.168.1.254 remote-address=192.168.1.240 routes=""
limit-bytes-in=0 limit-bytes-out=0

admin@MikroTik] ip firewall rule input> pri
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Allow all incoming traffic on local LAN.
src-address=192.168.1.0/24 in-interface=!public action=accept

1 ;;; Allow PPTP to firewall.
dst-address=4.3.211.111/32 protocol=gre action=accept

0 ;;; Allow firewall services out to LAN.
src-address=192.168.1.254/32 dst-address=192.168.1.0/24
out-interface=!public action=accept

1 ;;; Allow outbound FW VPN traffic.
src-address=4.3.211.111/32 out-interface=public protocol=gre
action=accept

2 src-address=4.3.211.111/32:1723 out-interface=public protocol=tcp
action=accept



Any ideas?


John


randyloveless



Joined: 30 Sep 2004
Posts: 221
Location: california
Posted: Mon Jun 27, 2005 7:49 am Post subject:

--------------------------------------------------------------------------------

i have the same issue on this. it works from most other routers to our MT router. but we have a couple of satelite connections that for the life of me wont connect . they do 1 out of 50 times maybe . tryied changing mtu . no luck . i am also getting the same 619 error.


sten



Joined: 01 Jun 2004
Posts: 157
Location: Moss, Norway
Posted: Mon Jun 27, 2005 12:54 pm Post subject:

--------------------------------------------------------------------------------

Could be that one end does not set the correct GRE session id. This was the case for the longest time with poptop which apparently many have based their code on.


randyloveless



Joined: 30 Sep 2004
Posts: 221
Location: california
Posted: Mon Jun 27, 2005 7:06 pm Post subject:

--------------------------------------------------------------------------------

sten

i am going to change out the linsys router that i am having an issue with and see if this fixes the issue. but is there a work around for this or not ?

Randy

ok put a different router in fix issue . but again is there a work around for this issue

Randy