Date: Tue, 5 Sep 2000 20:35:04 -0700 From: "Renaud Waldura" <renaud@waldura.com> To: "Christopher T. Griffiths" <cgriffiths@quansoo.com> Cc: <net@freebsd.org> Subject: Re: mpd-netgraph and vpn issues Message-ID: <002801c017b3$76ab5a60$0302010a@biohz.net> References: <Pine.BSF.4.21.0009052043070.799-100000@defiant.quansoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Maybe add: # the PPTP interface address set pptp self YOUR_ADDR to mpd.links? From what I'm guessing, YOUR_ADDR above is probably 192.168.1.1. I do not see why your setup would require you to use a route, although I can be mistaken. > The compression/encryption stuff is working great and I am sure it is Now tell me, how did you get the compression/encryption to work? I was under the impression that compression+encryption required code not present in the FreeBSD distribution, and hence was not available. Do Windows clients connect with the "Require data encryption" setting (on by default)? Thanks, --Renaud ----- Original Message ----- From: Christopher T. Griffiths <cgriffiths@quansoo.com> To: <net@freebsd.org> Sent: Tuesday, September 05, 2000 5:53 PM Subject: mpd-netgraph and vpn issues > In my continued attempts to connect my win2k client to a mpd-netgraph > server I have gotten this far: > > My local lan behind my firewall in the dmz has internet routed address. > The mpd server is sitting in the dmz. > > I need to be able to add vpn users to some block of address in the dmz > so that they can access systems past my firewall. > > I am also getting the following error when I connect: > > [pptp] no interface to proxy arp on for 192.168.1.2 > > Do I need to change the 192.168.* address to my public dmz address to get > the systems to proxy arp? > > My attempts to do so have caused my server system to hop off the local > network and only talk to the vpn client. Not a good scenario. > > The compression/encryption stuff is working great and I am sure it is > something so stupid in order to get network connectivity working. > > If I add the following line I am able to ping back and forth between the > client and server machine but not out into the dmz: > > set iface route 192.168.1.0/24 > > any help would be greatly appreciated. > > Thanks > > Chris > > > config: > pptp: > new -i ng0 pptp pptp > set iface disable on-demand > set iface enable proxy-arp > set iface idle 1800 > set bundle disable multilink > set link yes acfcomp protocomp > set link no pap chap > set link enable chap > set link keep-alive 10 60 > set ipcp yes vjcomp > set ipcp ranges 192.168.1.1/32 192.168.1.2/32 > set ipcp dns 12.40.126.75 > set bundle enable compression > set ccp yes mppc > set ccp yes mpp-e40 > set ccp yes mpp-e128 > set bundle enable crypt-reqd > set ccp yes mpp-stateless > > > --- > Christopher T. Griffiths > Quansoo Group Inc. > cgriffiths@quansoo.com > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002801c017b3$76ab5a60$0302010a>