From owner-freebsd-current@FreeBSD.ORG  Wed Jul 21 00:32:43 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 331B816A4CE; Wed, 21 Jul 2004 00:32:43 +0000 (GMT)
Received: from CPE000103d44c07-CM000f9f7ae88c.cpe.net.cable.rogers.com
	(CPE000103d44c07-CM000f9f7ae88c.cpe.net.cable.rogers.com [69.193.41.53])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id E16FC43D39; Wed, 21 Jul 2004 00:32:42 +0000 (GMT)
	(envelope-from mikej@rogers.com)
Received: from localhost (localhost [127.0.0.1])
	with ESMTP id AE55D2954C4;	Tue, 20 Jul 2004 20:32:44 -0400 (EDT)
Received: from CPE000103d44c07-CM000f9f7ae88c.cpe.net.cable.rogers.com
	([127.0.0.1])10024)
	with ESMTP id 00508-02; Tue, 20 Jul 2004 20:32:42 -0400 (EDT)
Received: from 192.168.0.1 (localhost [127.0.0.1])
	with ESMTP id 869422954C3;	Tue, 20 Jul 2004 20:32:42 -0400 (EDT)
Received: from 192.168.0.200
        (SquirrelMail authenticated user mikej);
        by 192.168.0.1 with HTTP;
        Tue, 20 Jul 2004 20:32:42 -0400 (EDT)
Message-ID: <1407.192.168.0.200.1090369962.squirrel@192.168.0.200>
Date: Tue, 20 Jul 2004 20:32:42 -0400 (EDT)
From: "Mike Jakubik" <mikej@rogers.com>
To: freebsd-current@freebsd.org, freebsd-net@freebsd.org
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: by amavisd-new at fbsd.wettoast.net
Subject: NATD no longer works for outgoing PPTP VPN?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2004 00:32:43 -0000

Hello,

I have recently discovered, after long periods of trying to debug a VPN
server, that i can not establish PPTP VPN connections any more. The
culprit seems to be natd not forwarding GRE properly. I have tried adding
a 'redirect_proto gre' option to natd, but same behaviour occurs. I could
swear that not too long ago all my PPTP connection worked fine, as i have
a few clients defined in my windows pc. I have tried 3 different VPN
server, ranging from Windows 2000 server to FBSD with MPD, none work.
Plugging Internet directly to my PC works fine. Here is what the setup
looks like:

Me (Windows XP)    FreeBSD 5-C w/ NATD    Internet      VPN server
192.168.0.200      192.168.0.1            69.193.41.53  66.11.183.182

Here is rc.conf
---
gateway_enable="YES"
natd_enable="YES"
natd_interface="xl0"
natd_flags="-f /etc/natd.conf"

Here is natd.conf:
---
interface xl0
dynamic yes
use_sockets yes
same_ports yes
redirect_port tcp win2000:3389 3389
#redirect_proto gre win2000

And here is a log from natd -v when trying to estabish a VPN connection
(it looks like GRE is not being aliased correctly, windows pc just sits at
'Verifying username...'):
---
natd[32158]: Aliasing to 69.193.41.53, mtu 1500 bytes
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108


Thank You.