From owner-freebsd-questions@FreeBSD.ORG Thu Jan 8 00:34:32 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C19916A4CE for ; Thu, 8 Jan 2004 00:34:32 -0800 (PST) Received: from dis.gruntle.org (dis.gruntle.org [198.144.205.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 921B343D45 for ; Thu, 8 Jan 2004 00:34:30 -0800 (PST) (envelope-from cjones@dis.gruntle.org) Received: from dis.gruntle.org (localhost [127.0.0.1]) by dis.gruntle.org (8.12.10/8.12.10) with ESMTP id i088YUcj021812; Thu, 8 Jan 2004 00:34:30 -0800 (PST) (envelope-from cjones@dis.gruntle.org) Received: (from cjones@localhost) by dis.gruntle.org (8.12.10/8.12.10/Submit) id i088YUSC021811; Thu, 8 Jan 2004 00:34:30 -0800 (PST) (envelope-from cjones) Date: Thu, 8 Jan 2004 00:34:30 -0800 From: Chris Jones To: Joe Marcus Clarke Message-ID: <20040108083430.GD357@gruntle.org> References: <20040108074911.GC357@gruntle.org> <1073549281.76587.12.camel@shumai.marcuscom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1073549281.76587.12.camel@shumai.marcuscom.com> User-Agent: Mutt/1.5.5.1i cc: FreeBSD User Questions List Subject: Re: mpd PPTP to Cisco 3000 VPN Concentrator routing problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2004 08:34:32 -0000 Oh. :( I thought it negotiated the encryption ok because I see this: [ciscovpn] CCP: LayerUp Compress using: MPPE, 128 bit, stateless Decompress using: MPPE, 128 bit, stateless And capturing on the interface, I see echo req's coming in from the concentrator, but I encounter a routing loop when I try to send across the tunnel. Disabling encryption isn't an option, even for testing, I'm afraid. Original message from Joe Marcus Clarke: > On Thu, 2004-01-08 at 02:49, Chris Jones wrote: > > Hi. I've gone over list archives and seen this issue discussed before, > > but the sugggested solutions aren't working for me. I am using > > mpd-3.15_1 on FreeBSD 4.9-STABLE to connect to a Cisco 3000 Series VPN > > Concentrator. I have negotiated CHAP and MPPE and the ng0 interface > > comes up, but when I try to do anything I get this: > > > > $ ping 10.10.58.7 > > PING 10.10.58.7 (10.10.58.7): 56 data bytes > > ping: sendto: Resource deadlock avoided > > ping: sendto: No buffer space available > > > > A little investigation showed that this is a known routing issue and > > that it is possible to work around by re-addressing the ng0 interface > > with the VPN concentrator's private IP and set a default route to it. I > > did this, but I still have the same problem. :( > > > > Does anyone see what I am doing wrong here? Below are my routing table > > and ifconfig before running mpd, after running mpd, and after running > > the "fix". Below that is my mpd.conf and its output (verbose). > > > > I appreciate any help on this, I've been going crazy trying to figure > > out what I'm doing wrong. I can get it to work using the OSX PPTP > > client, but not mpd. > > Good luck. I have tried to get this working, but have never been able > to get mpd encryption to work with the Concentrator's encryption > (neither has anyone else to my knowledge). If you disable encryption on > the concentrator, the tunnel will come up, and you will be able to pass > traffic across it. Any other combination does not work. I haven't > tried 3.16 yet, but looking at the ChangeLog, I doubt it addresses this > problem. > > Joe > > -- > PGP Key : http://www.marcuscom.com/pgp.asc -- Chris