From owner-freebsd-net@FreeBSD.ORG Wed Jul 14 16:36:04 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1955A16A4CE for ; Wed, 14 Jul 2004 16:36:04 +0000 (GMT) Received: from CPE000103d44c07-CM000f9f7ae88c.cpe.net.cable.rogers.com (CPE000103d44c07-CM000f9f7ae88c.cpe.net.cable.rogers.com [69.193.41.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id EECAF43D2D for ; Wed, 14 Jul 2004 16:35:43 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from localhost (localhost [127.0.0.1]) with ESMTP id 769CA2954C4 for ; Wed, 14 Jul 2004 12:35:41 -0400 (EDT) Received: from CPE000103d44c07-CM000f9f7ae88c.cpe.net.cable.rogers.com ([127.0.0.1])10024) with ESMTP id 43308-06 for ; Wed, 14 Jul 2004 12:35:39 -0400 (EDT) Received: from 69.193.41.53 (localhost [127.0.0.1]) with ESMTP id 2131729548C for ; Wed, 14 Jul 2004 12:35:39 -0400 (EDT) Received: from 66.11.183.182 (SquirrelMail authenticated user mikej); by 69.193.41.53 with HTTP; Wed, 14 Jul 2004 12:35:39 -0400 (EDT) Message-ID: <62362.66.11.183.182.1089822939.squirrel@66.11.183.182> Date: Wed, 14 Jul 2004 12:35:39 -0400 (EDT) From: "Mike Jakubik" To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: by amavisd-new at fbsd.wettoast.net Subject: PPTP VPN using MPD behind NAT help needed X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jul 2004 16:36:04 -0000 Hello, I am attempting to setup a PPTP VPN server using MPD on a FreeBSD 5.2-C box, which is behind a DSL router. Unfortunately it does not seem to work for everyone trying to connect to the server, and i cant figure out what the problem is. It works for some clients, and it does not for others (It just sits on 'Verifying username and password' under XP) All the clients are using Windows XP, all of them are behind some sort of NAT firewall, which is setup to allow all outgoing traffic. I can establish a PPTP connection locally just fine, and one of our clients can too, but the rest do not work. Here is my network layout: (192.168.138.50) (192.168.138.1) () VPN server > DLink DSL router > Internet Typical client setup: Internet < Generic NAT/Firewall < Windows XP PC The DLink router has PPTP passthrough enabled, and incoming PPTP connections are forwarded to 192.168.138.50. MPD version 3.18 Here is mpd.conf: --- default: load pptp0 load pptp1 load pptp2 pptp0: new -i ng0 pptp0 pptp0 set ipcp ranges 192.168.138.50/32 192.168.138.200/32 load standard pptp1: new -i ng1 pptp1 pptp1 set ipcp ranges 192.168.138.50/32 192.168.138.201/32 load standard pptp2: new -i ng2 pptp2 pptp2 set ipcp ranges 192.168.138.50/32 192.168.138.202/32 load standard standard: set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set iface enable tcpmssfix set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link mtu 1460 set link keep-alive 10 60 set ipcp yes vjcomp set ipcp dns 192.168.1.1 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless --- Here is mpd.links: --- pptp0: set link type pptp set pptp self 192.168.138.50 set pptp enable incoming set pptp disable originate pptp1: set link type pptp set pptp self 192.168.138.50 set pptp enable incoming set pptp disable originate pptp2: set link type pptp set pptp self 192.168.138.50 set pptp enable incoming set pptp disable originate --- Here is mpd.secrets: --- mike "secret" --- And here is the log from an unsucessful attempt: --- Jul 14 12:04:37 fbsd mpd: mpd: pid 59486, version 3.18 (root@fbsd.afirma.ca 16:17 13-Jul-2004) Jul 14 12:04:37 fbsd mpd: [pptp0] ppp node is "mpd59486-pptp0" Jul 14 12:04:37 fbsd mpd: mpd: local IP address for PPTP is 192.168.138.50 Jul 14 12:04:37 fbsd mpd: [pptp0] using interface ng0 Jul 14 12:04:37 fbsd mpd: [pptp1] ppp node is "mpd59486-pptp1" Jul 14 12:04:37 fbsd mpd: [pptp1] using interface ng1 Jul 14 12:04:37 fbsd mpd: [pptp2] ppp node is "mpd59486-pptp2" Jul 14 12:04:37 fbsd mpd: [pptp2] using interface ng2 Jul 14 12:04:50 fbsd mpd: mpd: PPTP connection from 69.193.41.53:3104 Jul 14 12:04:50 fbsd mpd: pptp0: attached to connection with 69.193.41.53:3104 Jul 14 12:04:50 fbsd mpd: [pptp0] IFACE: Open event Jul 14 12:04:50 fbsd mpd: [pptp0] IPCP: Open event Jul 14 12:04:50 fbsd mpd: [pptp0] IPCP: state change Initial --> Starting Jul 14 12:04:50 fbsd mpd: [pptp0] IPCP: LayerStart Jul 14 12:04:50 fbsd mpd: [pptp0] IPCP: Open event Jul 14 12:04:50 fbsd mpd: [pptp0] bundle: OPEN event in state CLOSED Jul 14 12:04:50 fbsd mpd: [pptp0] opening link "pptp0"... Jul 14 12:04:50 fbsd mpd: [pptp0] link: OPEN event Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: Open event Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: state change Initial --> Starting Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: LayerStart Jul 14 12:04:50 fbsd mpd: [pptp0] device: OPEN event in state DOWN Jul 14 12:04:50 fbsd mpd: [pptp0] attaching to peer's outgoing call Jul 14 12:04:50 fbsd mpd: [pptp0] device is now in state OPENING Jul 14 12:04:50 fbsd mpd: [pptp0] device: UP event in state OPENING Jul 14 12:04:50 fbsd mpd: [pptp0] device is now in state UP Jul 14 12:04:50 fbsd mpd: [pptp0] link: UP event Jul 14 12:04:50 fbsd mpd: [pptp0] link: origination is remote Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: Up event Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: state change Starting --> Req-Sent Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: phase shift DEAD --> ESTABLISH Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: SendConfigReq #1 Jul 14 12:04:50 fbsd mpd: ACFCOMP Jul 14 12:04:50 fbsd mpd: PROTOCOMP Jul 14 12:04:50 fbsd mpd: MRU 1500 Jul 14 12:04:50 fbsd mpd: MAGICNUM f822715a Jul 14 12:04:50 fbsd mpd: AUTHPROTO CHAP MSOFTv2 Jul 14 12:04:50 fbsd mpd: MP MRRU 1600 Jul 14 12:04:50 fbsd mpd: MP SHORTSEQ Jul 14 12:04:50 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa Jul 14 12:04:50 fbsd mpd: pptp0-0: ignoring SetLinkInfo Jul 14 12:04:52 fbsd mpd: [pptp0] LCP: SendConfigReq #2 Jul 14 12:04:52 fbsd mpd: ACFCOMP Jul 14 12:04:52 fbsd mpd: PROTOCOMP Jul 14 12:04:52 fbsd mpd: MRU 1500 Jul 14 12:04:52 fbsd mpd: MAGICNUM f822715a Jul 14 12:04:52 fbsd mpd: AUTHPROTO CHAP MSOFTv2 Jul 14 12:04:52 fbsd mpd: MP MRRU 1600 Jul 14 12:04:52 fbsd mpd: MP SHORTSEQ Jul 14 12:04:52 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa Jul 14 12:04:54 fbsd mpd: [pptp0] LCP: SendConfigReq #3 Jul 14 12:04:54 fbsd mpd: ACFCOMP Jul 14 12:04:54 fbsd mpd: PROTOCOMP Jul 14 12:04:54 fbsd mpd: MRU 1500 Jul 14 12:04:54 fbsd mpd: MAGICNUM f822715a Jul 14 12:04:54 fbsd mpd: AUTHPROTO CHAP MSOFTv2 Jul 14 12:04:54 fbsd mpd: MP MRRU 1600 Jul 14 12:04:54 fbsd mpd: MP SHORTSEQ Jul 14 12:04:54 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa Jul 14 12:04:56 fbsd mpd: [pptp0] LCP: SendConfigReq #4 Jul 14 12:04:56 fbsd mpd: ACFCOMP Jul 14 12:04:56 fbsd mpd: PROTOCOMP Jul 14 12:04:56 fbsd mpd: MRU 1500 Jul 14 12:04:56 fbsd mpd: MAGICNUM f822715a Jul 14 12:04:56 fbsd mpd: AUTHPROTO CHAP MSOFTv2 Jul 14 12:04:56 fbsd mpd: MP MRRU 1600 Jul 14 12:04:56 fbsd mpd: MP SHORTSEQ Jul 14 12:04:56 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa Jul 14 12:04:58 fbsd mpd: [pptp0] LCP: SendConfigReq #5 Jul 14 12:04:58 fbsd mpd: ACFCOMP Jul 14 12:04:58 fbsd mpd: PROTOCOMP Jul 14 12:04:58 fbsd mpd: MRU 1500 Jul 14 12:04:58 fbsd mpd: MAGICNUM f822715a Jul 14 12:04:58 fbsd mpd: AUTHPROTO CHAP MSOFTv2 Jul 14 12:04:58 fbsd mpd: MP MRRU 1600 Jul 14 12:04:58 fbsd mpd: MP SHORTSEQ Jul 14 12:04:58 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa Jul 14 12:05:00 fbsd mpd: [pptp0] LCP: SendConfigReq #6 Jul 14 12:05:00 fbsd mpd: ACFCOMP Jul 14 12:05:00 fbsd mpd: PROTOCOMP Jul 14 12:05:00 fbsd mpd: MRU 1500 Jul 14 12:05:00 fbsd mpd: MAGICNUM f822715a Jul 14 12:05:00 fbsd mpd: AUTHPROTO CHAP MSOFTv2 Jul 14 12:05:00 fbsd mpd: MP MRRU 1600 Jul 14 12:05:00 fbsd mpd: MP SHORTSEQ Jul 14 12:05:00 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa Jul 14 12:05:02 fbsd mpd: [pptp0] LCP: SendConfigReq #7 Jul 14 12:05:02 fbsd mpd: ACFCOMP Jul 14 12:05:02 fbsd mpd: PROTOCOMP Jul 14 12:05:02 fbsd mpd: MRU 1500 Jul 14 12:05:02 fbsd mpd: MAGICNUM f822715a Jul 14 12:05:02 fbsd mpd: AUTHPROTO CHAP MSOFTv2 Jul 14 12:05:02 fbsd mpd: MP MRRU 1600 Jul 14 12:05:02 fbsd mpd: MP SHORTSEQ Jul 14 12:05:02 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa Jul 14 12:05:04 fbsd mpd: [pptp0] LCP: SendConfigReq #8 Jul 14 12:05:04 fbsd mpd: ACFCOMP Jul 14 12:05:04 fbsd mpd: PROTOCOMP Jul 14 12:05:04 fbsd mpd: MRU 1500 Jul 14 12:05:04 fbsd mpd: MAGICNUM f822715a Jul 14 12:05:04 fbsd mpd: AUTHPROTO CHAP MSOFTv2 Jul 14 12:05:04 fbsd mpd: MP MRRU 1600 Jul 14 12:05:04 fbsd mpd: MP SHORTSEQ Jul 14 12:05:04 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa Jul 14 12:05:06 fbsd mpd: [pptp0] LCP: SendConfigReq #9 Jul 14 12:05:06 fbsd mpd: ACFCOMP Jul 14 12:05:06 fbsd mpd: PROTOCOMP Jul 14 12:05:06 fbsd mpd: MRU 1500 Jul 14 12:05:06 fbsd mpd: MAGICNUM f822715a Jul 14 12:05:06 fbsd mpd: AUTHPROTO CHAP MSOFTv2 Jul 14 12:05:06 fbsd mpd: MP MRRU 1600 Jul 14 12:05:06 fbsd mpd: MP SHORTSEQ Jul 14 12:05:06 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa Jul 14 12:05:08 fbsd mpd: [pptp0] LCP: SendConfigReq #10 Jul 14 12:05:08 fbsd mpd: ACFCOMP Jul 14 12:05:08 fbsd mpd: PROTOCOMP Jul 14 12:05:08 fbsd mpd: MRU 1500 Jul 14 12:05:08 fbsd mpd: MAGICNUM f822715a Jul 14 12:05:08 fbsd mpd: AUTHPROTO CHAP MSOFTv2 Jul 14 12:05:08 fbsd mpd: MP MRRU 1600 Jul 14 12:05:08 fbsd mpd: MP SHORTSEQ Jul 14 12:05:08 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: state change Req-Sent --> Stopped Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: LayerFinish Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: parameter negotiation failed Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: LayerFinish Jul 14 12:05:10 fbsd mpd: [pptp0] device: CLOSE event in state UP Jul 14 12:05:10 fbsd mpd: pptp0-0: clearing call Jul 14 12:05:10 fbsd mpd: pptp0-0: killing channel Jul 14 12:05:10 fbsd mpd: [pptp0] PPTP call terminated Jul 14 12:05:10 fbsd mpd: [pptp0] IFACE: Close event Jul 14 12:05:10 fbsd mpd: [pptp0] IPCP: Close event Jul 14 12:05:10 fbsd mpd: [pptp0] IPCP: state change Starting --> Initial Jul 14 12:05:10 fbsd mpd: [pptp0] IPCP: LayerFinish Jul 14 12:05:10 fbsd mpd: [pptp0] IFACE: Close event Jul 14 12:05:10 fbsd mpd: pptp0: closing connection with 69.193.41.53:3104 Jul 14 12:05:10 fbsd mpd: [pptp0] IFACE: Close event Jul 14 12:05:10 fbsd mpd: [pptp0] device is now in state CLOSING Jul 14 12:05:10 fbsd mpd: [pptp0] bundle: CLOSE event in state OPENED Jul 14 12:05:10 fbsd mpd: [pptp0] closing link "pptp0"... Jul 14 12:05:10 fbsd mpd: [pptp0] device: CLOSE event in state CLOSING Jul 14 12:05:10 fbsd mpd: [pptp0] device is now in state CLOSING Jul 14 12:05:10 fbsd mpd: [pptp0] link: CLOSE event Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: Close event Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: state change Stopped --> Closed Jul 14 12:05:10 fbsd mpd: [pptp0] device: DOWN event in state CLOSING Jul 14 12:05:10 fbsd mpd: [pptp0] device is now in state DOWN Jul 14 12:05:10 fbsd mpd: [pptp0] link: DOWN event Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: Down event Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: state change Closed --> Initial Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: phase shift ESTABLISH --> DEAD Jul 14 12:05:10 fbsd mpd: [pptp0] device: DOWN event in state DOWN Jul 14 12:05:10 fbsd mpd: [pptp0] device is now in state DOWN Jul 14 12:05:10 fbsd mpd: [pptp0] link: DOWN event Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: Down event Jul 14 12:05:10 fbsd mpd: pptp0: killing connection with 69.193.41.53:3104 --- Any help would be greatly appreciated. Thanks.