Date: Thu, 15 Jul 2004 10:38:34 +0900 (JST) From: Motonori Shindo <mshindo@mshindo.net> To: mikej@rogers.com Cc: freebsd-net@freebsd.org Subject: Re: PPTP VPN using MPD behind NAT help needed Message-ID: <20040715.103834.59465255.mshindo@mshindo.net> In-Reply-To: <62362.66.11.183.182.1089822939.squirrel@66.11.183.182> References: <62362.66.11.183.182.1089822939.squirrel@66.11.183.182>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike, This seems like a DSL router's problem. Because PPTP encapsulates PPP using GRE, which is neither TCP nor UDP, routers sometimes can not NAT PPTP traffic. Some router conqurs this problem by simply "passing through" GRE packets (and hence this feature is sometimes called "VPN Pass Through") assuming there is only one PPTP client behind NAT. What you are seeing is most likely this case. There are, however, routers with more intelligence in this regard, which is capable of handling GRE over NAT with many clients. 'natd' included in FreeBSD is one of such "smart" NAT implementation. Regards, From: "Mike Jakubik" <mikej@rogers.com> Subject: PPTP VPN using MPD behind NAT help needed Date: Wed, 14 Jul 2004 12:35:39 -0400 (EDT) > Hello, > > I am attempting to setup a PPTP VPN server using MPD on a FreeBSD 5.2-C > box, which is behind a DSL router. Unfortunately it does not seem to work > for everyone trying to connect to the server, and i cant figure out what > the problem is. It works for some clients, and it does not for others (It > just sits on 'Verifying username and password' under XP) All the clients > are using Windows XP, all of them are behind some sort of NAT firewall, > which is setup to allow all outgoing traffic. I can establish a PPTP > connection locally just fine, and one of our clients can too, but the rest > do not work. > > Here is my network layout: > > (192.168.138.50) (192.168.138.1) () > VPN server > DLink DSL router > Internet > > Typical client setup: > > Internet < Generic NAT/Firewall < Windows XP PC > > The DLink router has PPTP passthrough enabled, and incoming PPTP > connections are forwarded to 192.168.138.50. > > MPD version 3.18 > > Here is mpd.conf: > > --- > default: > load pptp0 > load pptp1 > load pptp2 > > pptp0: > new -i ng0 pptp0 pptp0 > set ipcp ranges 192.168.138.50/32 192.168.138.200/32 > load standard > > pptp1: > new -i ng1 pptp1 pptp1 > set ipcp ranges 192.168.138.50/32 192.168.138.201/32 > load standard > > pptp2: > new -i ng2 pptp2 pptp2 > set ipcp ranges 192.168.138.50/32 192.168.138.202/32 > load standard > > standard: > set iface disable on-demand > set iface enable proxy-arp > set iface idle 1800 > set iface enable tcpmssfix > set bundle enable multilink > set link yes acfcomp protocomp > set link no pap chap > set link enable chap > set link mtu 1460 > set link keep-alive 10 60 > set ipcp yes vjcomp > set ipcp dns 192.168.1.1 > set bundle enable compression > set ccp yes mppc > set ccp yes mpp-e40 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > --- > > Here is mpd.links: > > --- > pptp0: > set link type pptp > set pptp self 192.168.138.50 > set pptp enable incoming > set pptp disable originate > > pptp1: > set link type pptp > set pptp self 192.168.138.50 > set pptp enable incoming > set pptp disable originate > > pptp2: > set link type pptp > set pptp self 192.168.138.50 > set pptp enable incoming > set pptp disable originate > --- > > Here is mpd.secrets: > > --- > mike "secret" > --- > > > And here is the log from an unsucessful attempt: > > --- > Jul 14 12:04:37 fbsd mpd: mpd: pid 59486, version 3.18 > (root@fbsd.afirma.ca 16:17 13-Jul-2004) > Jul 14 12:04:37 fbsd mpd: [pptp0] ppp node is "mpd59486-pptp0" > Jul 14 12:04:37 fbsd mpd: mpd: local IP address for PPTP is 192.168.138.50 > Jul 14 12:04:37 fbsd mpd: [pptp0] using interface ng0 > Jul 14 12:04:37 fbsd mpd: [pptp1] ppp node is "mpd59486-pptp1" > Jul 14 12:04:37 fbsd mpd: [pptp1] using interface ng1 > Jul 14 12:04:37 fbsd mpd: [pptp2] ppp node is "mpd59486-pptp2" > Jul 14 12:04:37 fbsd mpd: [pptp2] using interface ng2 > Jul 14 12:04:50 fbsd mpd: mpd: PPTP connection from 69.193.41.53:3104 > Jul 14 12:04:50 fbsd mpd: pptp0: attached to connection with > 69.193.41.53:3104 > Jul 14 12:04:50 fbsd mpd: [pptp0] IFACE: Open event > Jul 14 12:04:50 fbsd mpd: [pptp0] IPCP: Open event > Jul 14 12:04:50 fbsd mpd: [pptp0] IPCP: state change Initial --> Starting > Jul 14 12:04:50 fbsd mpd: [pptp0] IPCP: LayerStart > Jul 14 12:04:50 fbsd mpd: [pptp0] IPCP: Open event > Jul 14 12:04:50 fbsd mpd: [pptp0] bundle: OPEN event in state CLOSED > Jul 14 12:04:50 fbsd mpd: [pptp0] opening link "pptp0"... > Jul 14 12:04:50 fbsd mpd: [pptp0] link: OPEN event > Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: Open event > Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: state change Initial --> Starting > Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: LayerStart > Jul 14 12:04:50 fbsd mpd: [pptp0] device: OPEN event in state DOWN > Jul 14 12:04:50 fbsd mpd: [pptp0] attaching to peer's outgoing call > Jul 14 12:04:50 fbsd mpd: [pptp0] device is now in state OPENING > Jul 14 12:04:50 fbsd mpd: [pptp0] device: UP event in state OPENING > Jul 14 12:04:50 fbsd mpd: [pptp0] device is now in state UP > Jul 14 12:04:50 fbsd mpd: [pptp0] link: UP event > Jul 14 12:04:50 fbsd mpd: [pptp0] link: origination is remote > Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: Up event > Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: state change Starting --> Req-Sent > Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: phase shift DEAD --> ESTABLISH > Jul 14 12:04:50 fbsd mpd: [pptp0] LCP: SendConfigReq #1 > Jul 14 12:04:50 fbsd mpd: ACFCOMP > Jul 14 12:04:50 fbsd mpd: PROTOCOMP > Jul 14 12:04:50 fbsd mpd: MRU 1500 > Jul 14 12:04:50 fbsd mpd: MAGICNUM f822715a > Jul 14 12:04:50 fbsd mpd: AUTHPROTO CHAP MSOFTv2 > Jul 14 12:04:50 fbsd mpd: MP MRRU 1600 > Jul 14 12:04:50 fbsd mpd: MP SHORTSEQ > Jul 14 12:04:50 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa > Jul 14 12:04:50 fbsd mpd: pptp0-0: ignoring SetLinkInfo > Jul 14 12:04:52 fbsd mpd: [pptp0] LCP: SendConfigReq #2 > Jul 14 12:04:52 fbsd mpd: ACFCOMP > Jul 14 12:04:52 fbsd mpd: PROTOCOMP > Jul 14 12:04:52 fbsd mpd: MRU 1500 > Jul 14 12:04:52 fbsd mpd: MAGICNUM f822715a > Jul 14 12:04:52 fbsd mpd: AUTHPROTO CHAP MSOFTv2 > Jul 14 12:04:52 fbsd mpd: MP MRRU 1600 > Jul 14 12:04:52 fbsd mpd: MP SHORTSEQ > Jul 14 12:04:52 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa > Jul 14 12:04:54 fbsd mpd: [pptp0] LCP: SendConfigReq #3 > Jul 14 12:04:54 fbsd mpd: ACFCOMP > Jul 14 12:04:54 fbsd mpd: PROTOCOMP > Jul 14 12:04:54 fbsd mpd: MRU 1500 > Jul 14 12:04:54 fbsd mpd: MAGICNUM f822715a > Jul 14 12:04:54 fbsd mpd: AUTHPROTO CHAP MSOFTv2 > Jul 14 12:04:54 fbsd mpd: MP MRRU 1600 > Jul 14 12:04:54 fbsd mpd: MP SHORTSEQ > Jul 14 12:04:54 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa > Jul 14 12:04:56 fbsd mpd: [pptp0] LCP: SendConfigReq #4 > Jul 14 12:04:56 fbsd mpd: ACFCOMP > Jul 14 12:04:56 fbsd mpd: PROTOCOMP > Jul 14 12:04:56 fbsd mpd: MRU 1500 > Jul 14 12:04:56 fbsd mpd: MAGICNUM f822715a > Jul 14 12:04:56 fbsd mpd: AUTHPROTO CHAP MSOFTv2 > Jul 14 12:04:56 fbsd mpd: MP MRRU 1600 > Jul 14 12:04:56 fbsd mpd: MP SHORTSEQ > Jul 14 12:04:56 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa > Jul 14 12:04:58 fbsd mpd: [pptp0] LCP: SendConfigReq #5 > Jul 14 12:04:58 fbsd mpd: ACFCOMP > Jul 14 12:04:58 fbsd mpd: PROTOCOMP > Jul 14 12:04:58 fbsd mpd: MRU 1500 > Jul 14 12:04:58 fbsd mpd: MAGICNUM f822715a > Jul 14 12:04:58 fbsd mpd: AUTHPROTO CHAP MSOFTv2 > Jul 14 12:04:58 fbsd mpd: MP MRRU 1600 > Jul 14 12:04:58 fbsd mpd: MP SHORTSEQ > Jul 14 12:04:58 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa > Jul 14 12:05:00 fbsd mpd: [pptp0] LCP: SendConfigReq #6 > Jul 14 12:05:00 fbsd mpd: ACFCOMP > Jul 14 12:05:00 fbsd mpd: PROTOCOMP > Jul 14 12:05:00 fbsd mpd: MRU 1500 > Jul 14 12:05:00 fbsd mpd: MAGICNUM f822715a > Jul 14 12:05:00 fbsd mpd: AUTHPROTO CHAP MSOFTv2 > Jul 14 12:05:00 fbsd mpd: MP MRRU 1600 > Jul 14 12:05:00 fbsd mpd: MP SHORTSEQ > Jul 14 12:05:00 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa > Jul 14 12:05:02 fbsd mpd: [pptp0] LCP: SendConfigReq #7 > Jul 14 12:05:02 fbsd mpd: ACFCOMP > Jul 14 12:05:02 fbsd mpd: PROTOCOMP > Jul 14 12:05:02 fbsd mpd: MRU 1500 > Jul 14 12:05:02 fbsd mpd: MAGICNUM f822715a > Jul 14 12:05:02 fbsd mpd: AUTHPROTO CHAP MSOFTv2 > Jul 14 12:05:02 fbsd mpd: MP MRRU 1600 > Jul 14 12:05:02 fbsd mpd: MP SHORTSEQ > Jul 14 12:05:02 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa > Jul 14 12:05:04 fbsd mpd: [pptp0] LCP: SendConfigReq #8 > Jul 14 12:05:04 fbsd mpd: ACFCOMP > Jul 14 12:05:04 fbsd mpd: PROTOCOMP > Jul 14 12:05:04 fbsd mpd: MRU 1500 > Jul 14 12:05:04 fbsd mpd: MAGICNUM f822715a > Jul 14 12:05:04 fbsd mpd: AUTHPROTO CHAP MSOFTv2 > Jul 14 12:05:04 fbsd mpd: MP MRRU 1600 > Jul 14 12:05:04 fbsd mpd: MP SHORTSEQ > Jul 14 12:05:04 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa > Jul 14 12:05:06 fbsd mpd: [pptp0] LCP: SendConfigReq #9 > Jul 14 12:05:06 fbsd mpd: ACFCOMP > Jul 14 12:05:06 fbsd mpd: PROTOCOMP > Jul 14 12:05:06 fbsd mpd: MRU 1500 > Jul 14 12:05:06 fbsd mpd: MAGICNUM f822715a > Jul 14 12:05:06 fbsd mpd: AUTHPROTO CHAP MSOFTv2 > Jul 14 12:05:06 fbsd mpd: MP MRRU 1600 > Jul 14 12:05:06 fbsd mpd: MP SHORTSEQ > Jul 14 12:05:06 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa > Jul 14 12:05:08 fbsd mpd: [pptp0] LCP: SendConfigReq #10 > Jul 14 12:05:08 fbsd mpd: ACFCOMP > Jul 14 12:05:08 fbsd mpd: PROTOCOMP > Jul 14 12:05:08 fbsd mpd: MRU 1500 > Jul 14 12:05:08 fbsd mpd: MAGICNUM f822715a > Jul 14 12:05:08 fbsd mpd: AUTHPROTO CHAP MSOFTv2 > Jul 14 12:05:08 fbsd mpd: MP MRRU 1600 > Jul 14 12:05:08 fbsd mpd: MP SHORTSEQ > Jul 14 12:05:08 fbsd mpd: ENDPOINTDISC [802.1] 00 48 54 82 6d aa > Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: state change Req-Sent --> Stopped > Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: LayerFinish > Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: parameter negotiation failed > Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: LayerFinish > Jul 14 12:05:10 fbsd mpd: [pptp0] device: CLOSE event in state UP > Jul 14 12:05:10 fbsd mpd: pptp0-0: clearing call > Jul 14 12:05:10 fbsd mpd: pptp0-0: killing channel > Jul 14 12:05:10 fbsd mpd: [pptp0] PPTP call terminated > Jul 14 12:05:10 fbsd mpd: [pptp0] IFACE: Close event > Jul 14 12:05:10 fbsd mpd: [pptp0] IPCP: Close event > Jul 14 12:05:10 fbsd mpd: [pptp0] IPCP: state change Starting --> Initial > Jul 14 12:05:10 fbsd mpd: [pptp0] IPCP: LayerFinish > Jul 14 12:05:10 fbsd mpd: [pptp0] IFACE: Close event > Jul 14 12:05:10 fbsd mpd: pptp0: closing connection with 69.193.41.53:3104 > Jul 14 12:05:10 fbsd mpd: [pptp0] IFACE: Close event > Jul 14 12:05:10 fbsd mpd: [pptp0] device is now in state CLOSING > Jul 14 12:05:10 fbsd mpd: [pptp0] bundle: CLOSE event in state OPENED > Jul 14 12:05:10 fbsd mpd: [pptp0] closing link "pptp0"... > Jul 14 12:05:10 fbsd mpd: [pptp0] device: CLOSE event in state CLOSING > Jul 14 12:05:10 fbsd mpd: [pptp0] device is now in state CLOSING > Jul 14 12:05:10 fbsd mpd: [pptp0] link: CLOSE event > Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: Close event > Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: state change Stopped --> Closed > Jul 14 12:05:10 fbsd mpd: [pptp0] device: DOWN event in state CLOSING > Jul 14 12:05:10 fbsd mpd: [pptp0] device is now in state DOWN > Jul 14 12:05:10 fbsd mpd: [pptp0] link: DOWN event > Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: Down event > Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: state change Closed --> Initial > Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: phase shift ESTABLISH --> DEAD > Jul 14 12:05:10 fbsd mpd: [pptp0] device: DOWN event in state DOWN > Jul 14 12:05:10 fbsd mpd: [pptp0] device is now in state DOWN > Jul 14 12:05:10 fbsd mpd: [pptp0] link: DOWN event > Jul 14 12:05:10 fbsd mpd: [pptp0] LCP: Down event > Jul 14 12:05:10 fbsd mpd: pptp0: killing connection with 69.193.41.53:3104 > --- > > Any help would be greatly appreciated. > > Thanks. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040715.103834.59465255.mshindo>