From owner-freebsd-questions Sat Sep 29 7:57:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from kirk.sector14.net (66-61-170-163.mtc2.cox.rr.com [66.61.170.163]) by hub.freebsd.org (Postfix) with ESMTP id 08F6837B40E for ; Sat, 29 Sep 2001 07:57:41 -0700 (PDT) Received: (from dgl@localhost) by kirk.sector14.net (8.11.3/8.11.3) id f8TEvdA17709; Sat, 29 Sep 2001 10:57:39 -0400 (EDT) (envelope-from dgl) Date: Sat, 29 Sep 2001 10:57:39 -0400 From: Doug Lee To: freebsd-questions@freebsd.org Subject: Multiple VPNs possible under mpd? Message-ID: <20010929105739.A17633@kirk.sector14.net> Mail-Followup-To: Doug Lee , freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: Bartimaeus Group Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I use mpd to build VPN connections to one Unix machine and a number of Windows machines. The Unix VPN is LAN-to-LAN and works fine regardless of whatever else is going on (though I'm not sure I've ever had a Windows machine try to get a VPN first). My problem is figuring out how to allow more than one Windows machine to connect at once. The Windows machines want to be nodes on the LAN (ptp). There is a small set of valid login ids for the Windows VPN connections, listed in mpd.secret. I even gave each one its own ip range, though this is not necessary and neither fixed nor worsened the problem. The first Windows machine can authenticate using any valid login and does (I think) get its correct ip assignment; but then the other Windows machines can't connect. ("Valid login" here means a key/password pair from mpd.secret.) I will include mpd.conf and mpd.links here. 192.168.14 is the local net for this machine, and 192.168.2 is the remote LAN for the Unix VPN. I use "new -i ng9" for the vpnwin link because I figured that would create enough ng* interfaces to support the connections we need. I'm sure I'm missing something here though... Please CC any responses directly to me. Thanks much. *** mpd.conf: default: set login # for telnet control of mpd load doug_lan # the Unix (LAN-to-LAN config) load vpnwin # The Windows (ptp) config) doug_lan: new -i ng0 lan_vpn lan_vpn set iface disable on-demand set iface addrs 10.0.0.1 10.0.0.2 set iface idle 0 set iface route 192.168.2.0/24 set bundle disable multilink set bundle authname set link yes acfcomp protocomp set link no pap set link yes chap # If remote machine is NT you need this.. # set link enable no-orig-auth set link keep-alive 10 75 set ipcp yes vjcomp set ipcp ranges 10.0.0.1/32 10.0.0.2/32 # set iface enable proxy-arp # If you wanted MPPE encryption and had ng_mppc(8)... set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set bundle enable crypt-reqd set ccp yes mpp-stateless open vpnwin: new -i ng9 vpnwin vpnwin set iface disable on-demand set iface enable proxy-arp set iface idle 0 set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.14.5/32 192.168.14.128/28 set ipcp nbns 192.168.14.9 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set bundle enable crypt-reqd set ccp yes mpp-stateless *** mpd.links: lan_vpn: set link type pptp set pptp self set pptp peer set pptp enable incoming set pptp disable originate outcall vpnwin: set link type pptp set pptp self set pptp enable incoming set pptp disable originate outcall -- Doug Lee dgl@visi.com http://www.visi.com/~dgl Bartimaeus Group doug@bartsite.com http://www.bartsite.com "No person is your friend who demands your silence or denies your right to grow." --unknown source To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message