Topic: Error 718 PPTP VPN

[SloopJohnB]

I am using a WIN2k VPN client and when trying to connect, I keep getting this error; TCP/IP CP reported error 718:

I haved looked high and low for more info on this on Google and here in this forum to no avail.
Server= SME 6.03b with updates
Hi-Speed, static ip connection (1.5 mbs according to DSLreports.com)
Client= Win2k with SP3 over a 256k DSL connection

Settings on client:
* IP address= 68.15.XXX.XXX
*General tab has all three Dialing options checked
*Security Tab has Typical settings chosen with the force encryption checkbox off
*Under Networking, Type of VPN is PPTP (have tried Automatic also)
*And then in the TCP-IP properties, I have 192.168.1.1 for the SME-WINS server in the remote network.
*The final tab has nothing checkmarked.
*The workgroup name on the client PC is different than the WORKGROUP/DOMAIN name of the remote network, however I am logging into the server using the "Include Windows login domain" checked.

The SME server has the user VPNfunction enabled and the remote connection allows for 10 pptp clients to connect.

Here is the output for the messages log on the server:
Oct 27 11:51:53 lvds12 pptpd[6133]: CTRL: Received PPTP Control Message (type: 5)
Oct 27 11:51:53 lvds12 pptpd[6133]: CTRL: Made a ECHO RPLY packet
Oct 27 11:51:53 lvds12 pptpd[6133]: CTRL: I wrote 20 bytes to the client.
Oct 27 11:51:53 lvds12 pptpd[6133]: CTRL: Sent packet to client
Oct 27 11:51:58 lvds12 pptpd[6133]: CTRL: Received PPTP Control Message (type: 15)
Oct 27 11:51:58 lvds12 pptpd[6133]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Oct 27 11:51:58 lvds12 pppd[6134]: LCP terminated by peer (OM-^O#;^@

Since the VPN setup should straight forward and should work msot of the time, there is not alot of data on the net about this. Any help would be appriciated.

SloopJohnB

[SloopJohnB]

*****Update, now it does connect periodically, but I cannot browse the remote network...***

SloopJohnB

[SloopJohnB]

Does anyone have any suggestions on this??? It's been so long, an no reply!

[Bob King]

I have several customers, with W2K Pro sp4, using VPN to connect to remote networks behind SME 5.6 U5 servers (have not tried 6.03b yet). I understand that 6.03b with updates has corrected the problems that 5.6 had so I will not go into those and will only deal with the W2K client settings.

I Set up W2K VPN Connection properties as follows:

General Tab: enter the Global IP address of the remote VPN Server (SME 6.03Bb)

Options Tab:
   Check - "Display progress while connecting"
   Check - "Prompt for name and password, certificate, etc."
   Uncheck - "Include Windows logon domain"

Security Tab:
   Security Options - Tick "Typical (recommended settings)"
   Validate my idenity as Follows: Select "Require secured password"
   Uncheck - "Automatically use my Windows logon name ... (and domain if any)"
   Check - "Require data encryption (disconnect if none)"

Networking Tab:
   Type of VPN server I am calling: Select "Automatic"
     Under "Settings" - Check All Three Options

   Internet Protocol (TCP/IP) "Properties"
     Tick - "Obtain an IP address automatically"
     Tick - "Obtain DNS server address automatically"

If your W2K client is located behind an SME server, router or firewall you will have other issues to deal with.

Hope this helps you.

[SloopJohnB]

Yes, the client is behind another SME server version 6.03b. I get that stinkin' "error 619" all the time now. I am wandering if this is because of being behind another SME server. I keep looking for the related topics in this forum but find unfinished threads only! Somebody hep-me!

SloopJohnB

[SloopJohnB]

Yes, the client is behind another SME server version 6.03b. I get that stinkin' "error 619" all the time now. I am wandering if this is because of being behind another SME server. I keep looking for the related topics in this forum but find unfinished threads only! Somebody hep-me!

SloopJohnB

[Bob King]

Correctly apply ALL the latest 6.03b updates (on both servers) including the correct "ppp-mppe-modules-2.4.2-4es" update for the server processors. The MPPE update is done separate from the other updates.

Check "/etc/ppp/options.pptpd" (on both SME servers) to ensure that they have a line for "multilink". If not, modify the "e-smith Template" file and expand the template.

Double check the settings on your W2K client. If you are connecting to a "peer to peer" network (Not a true Windows Domain) or your SME box is not the MDC for the Windows Domain, DO NOT check "Include Windows login domain" under the Options Tab. You must check "Require data encryption (disconnect if none)" under the Security Tab. Your first post indicated the opposite for both of these options.

[SloopJohnB]

Although I have not found the answers, I have solved one problem for now. The win2k client machine is behind an SME 6.03b server (server-gateway mode) that is attempting to connect to an SME 6.03b vpn-server over the internet. When I disconnected the win2k client from the SME server and directly connected it to the static-ip, cable-modem internet connection, I could connect to the SME vpn-server with only one problem, that being I could not browse the network but I could search and find a computer on the remote network.

I have applied the mppe fix as described in the previous post, I have  changed the client settings to require encryption, enable multi-link, login to domain (the remote is setup as a MDC) use pptp. I still cannot browse the remote network.


Any suggestions or links to articles that can fix this would be much appreciated.

SloopJohnB

[Bob King]

I am not sure about Windows Domains but here is what I have to do to be able to browse a peer to peer remote network using a VPN connection through a remote SME server.

1. Assign a permanent IP addsess to all the Windows machines on the remote network that I want to browse. I do this in the "Hostnames and addresses" server-manager panel on the remote SME server. Enter the computer name, IP address and Ethernet address of each Windows machine you want to be able to browse.

2. Enter each remote computer name and IP address (the same as entered in step 1 above) into the "hosts" file on the client Windows machine (located at (/windows/system32/drivers/etc/hosts) when the client is connect directly to the internet. If the client is connecting through a local SME Server Gateway you can enter them as local hosts in the "Hostnames and addresses" server-manager panel on the local SME server.

This may not be the best way but it is the only way I have been able to make it work.

Good luck.

[SloopJohnB]

This problem was cured by moving the SME6.03 from the win2k client side to act as SERVER ONLY and placed behind a Firewall-Router. Once I opened up port 1723 on the router I could access the SME 6.03b VPN server with no problems!

The only issue to deal with now, is I have a client that is behind an Actiontec DSL router (Qwest network) that can connect to VPN server, but cannot see any of the workgroups or computers on the remote VPN server.

Any suggestions??


SloopJohnB

[Mark Farey]

Bob,

RE: "If your W2K client is located behind an SME server, router or firewall you will have other issues to deal with." Can you please clarify? I have a 6.03 box on the clinet side and a 5.6 box on the server side. Can this ever work?

Regards,
Mark
Ottawa, Canada.

[Bob King]

Mark Farey wrote:
> RE: "If your W2K client is located behind an SME server,
> router or firewall you will have other issues to deal with."
> Can you please clarify? I have a 6.03 box on the clinet side
> and a 5.6 box on the server side. Can this ever work?

I do not use any version of SME 6 so I can not comment on it. Look at my set-up in this post (link below) to see how I make it work using 5.6 & 5.1.2

http://forums.contribs.org/index.php?topic=8925.msg33649#msg33649

I have tried using 'WINS' but have not been able to get it to work. When I assign fixed IP addresses on the remote network and define them on the client side everything works properly. It may not be the easiest or most elegant method but it works for me every time so I'll stick with it.

[SloopJohnB]

Sorry to leave everyone hanging. Here is what I have found:

A regular client directly connected to the internet (via a dsl or cable modem) seems to have no problem connecting to an SME server that is in Server/Gateway mode (and that is also directly connected the DSl or cable modem).

Once either a Linksys-Netgear-Dlink in placed anywhere in between AND the SME server is placed in SERVER ONLY mode somehow, even though I allowed port passage, the VPN connection seems to be unstable at best.

So I have concluded that remote clients must NOT be behind any other gateway or firewall in order for the VPN connection to work like I want.

I know there must be a way to get around these obstacles, but allowing port 1723 traffic on each firewall so far has not worked for me. If anyone has any idea, I would much appreciate it.

SloopJohnB