Date: Mon, 13 Sep 2004 09:56:19 -0500 From: "Jonathan Reeder" <jreeder@minutemenu.com> To: <freebsd-net@freebsd.org> Subject: MPD 3.18 Trouble Message-ID: <NIECLIJFBLKHJMOALIKPMEFNCLAA.jreeder@minutemenu.com>
next in thread | raw e-mail | index | archive | help
First off, sorry if this has come through twice, I tried to send it last
week but don't think it made it through:
I've got MPD v3.18 up and running on my FreeBSD 4.9. All seems to be going
well, clients can connect via PPTP, but once connected, they cannot actually
access my internal network. Some background on my configuration:
# ifconfig
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet a.b.c.d netmask 0xfffffff8 broadcast a.b.c.e
inet6 fe80::2a0:ffff:feff:9cfc%dc0 prefixlen 64 scopeid 0x1
ether 00:a0:ff:ff:9c:fc
media: Ethernet 10baseT/UTP
status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::220:edff:fe2c:fe68%rl0 prefixlen 64 scopeid 0x2
ether 00:20:ed:2c:fe:68
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
That is for the server that runs MPD. Also, here are my mpd.conf and
mpd.links:
# cat /usr/local/etc/mpd/mpd.conf
default:
log +auth +pptp
load vpn0
load vpn1
vpn0:
new -i ng0 vpn0 vpn0
set iface disable on-demand
set iface enable proxy-arp
set bundle disable multilink
set link yes acfcomp protocomp
set link mtu 1400
set link no pap chap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp ranges 192.168.1.254/32 192.168.1.200/32
set ipcp dns x.x.x.x
set bundle enable compression
set ccp yes mppc
#set ccp yes mpp-e40
set ccp no mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd
vpn1:
same as vpn0
# cat /usr/local/etc/mpd/mpd.links
vpn0:
set link type pptp
set pptp self a.b.c.d
set pptp enable incoming
set pptp disable originate
MPD runs fine, listens on port 1723, accepts connections, authenticates, and
then once a user is connected, my ifconfig changes from what you saw above
to something similar to the following:
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1396
inet 192.168.1.254 --> 192.168.1.200 netmask 0xffffffff
inet6 fe80::2a0:ffff:feff:9cfc%ng0 prefixlen 64 scopeid 0x5
So, I'm thinking that I should be set, right? Nope. No traffic actually
makes it from the client to my internal 192.168.1.0/24 network. When I ping
a 192.168.1 client from the remote VPN user, if I watch a tcpdump -i ng0 I
can see the ping come through from dc0 (via GRE) to ng0, but that ping never
seems to get passed to the rl0 interface like I would expect. (Yes, I do
have gateway_enable='YES' and the sysctl has been confirmed to be on). Same
type of problem if I try to ping 192.168.1.200 from a host on my local
network. I get a reply from 192.168.1.10 (the local address of my FreeBSD
machine) saying "Destination host unreachable". If I try to ping
192.168.1.200 from my BSD box, I get
ping: sendto: No route to host
This is the one that really kills me, because it has a perfect route to that
host sitting right in front of it. It just refuses to pass the packets to
the proper device.
I'm hoping someone might have run into this same type of problem before. Is
there something about my mpd.conf that would keep ng0 from passing packets
off to my local network (rl0) and vice-versa? If anyone is kind enough to
respond, let me know if there is any other info about my configuration that
would be helpful to you.
Thanks a bunch,
Jonathan Reeder
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NIECLIJFBLKHJMOALIKPMEFNCLAA.jreeder>