Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 2 Oct 2001 15:54:58 -0400
From:      "John Graves" <johngraves@mindless.com>
To:        <freebsd-questions@FreeBSD.ORG>
Subject:   mpd-netgraph - can't ping internal network
Message-ID:  <OE46wKmykOFYZTyPvXb00002bf1@hotmail.com>
next in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.

------=_NextPart_000_000E_01C14B5A.9657A270
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

    I've been working on getting a vpn going for remote users using =
mpd-netgraph. I've installed it on 2 different machines, and the install =
went fine on both. So it has to be my mistake.
    Windows 2000 machines can connect and authenticate to the mpd =
machine using credentials in the mpd.secret file. The remote machines =
can ping their ip assigned by mpd and also the mpd machine itself. =
However, when trying to ping any other machines on the network, no =
reply. Looks like data goes one way, but nothing comes back.
    A FreeBSD box acts as the gateway/firewall for the internal network. =
This happens even with rules allowing all traffic to pass both ways, and =
nothing in firewall_logs has given me any indication anything is getting =
dropped. Nor is there any mpd output indicating any errors.=20
    Also, I've tried running mpd on the firewall itself as well as on a =
machine behind the firewall with the same results.
    What looks strange to me, is the WAN <PPP/SLIP> Interface on the =
remote client has an ip of 172.16.1.10  255.255.255.255 and a default =
gateway of 172.16.1.10.
    Any help would be appreciated. Thanks.

Here are my config files...just in case!=20

172.16.1.0/24 is the internal network.
172.16.1.1 is the internal interface if the firewall running mpd
101.102.103.104 is the external ip of the firewall

Again, I've tried this on a machine behind the firewall with a nated ip =
and still can't reach hosts on the internal network.

[mpd.conf]

default:
        load pptp1

pptp1:
        new -i ng1 pptp1 pptp1
        set iface enable proxy-ARP
        set bundle enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
        set link keep-alive 10 60
        set ipcp yes vjcomp
        set ipcp ranges 172.16.1.1/32 172.16.1.10/32

        set bundle enable compression
        set ccp yes mppc
        set ccp yes mpp-e40
        set ccp yes mpp-e128
        set ccp yes mpp-stateless

[mpd.links]

pptp1:
  set link type pptp
        set pptp self 101.102.103.104
        set pptp enable incoming
        set pptp disable originate

------=_NextPart_000_000E_01C14B5A.9657A270
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; I've been working on =
getting a=20
vpn going for remote users using mpd-netgraph. I've installed it on 2 =
different=20
machines, and the install went fine on both. So it has to be my=20
mistake.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; Windows 2000 =
machines can=20
connect and authenticate to the mpd machine using credentials in the =
mpd.secret=20
file. The remote machines can ping their ip assigned by mpd and also the =
mpd=20
machine itself. However, when trying to ping any other machines on the =
network,=20
no reply. Looks like data goes one way, but nothing comes =
back.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; A FreeBSD box acts =
as the=20
gateway/firewall for the internal network. This happens even with rules =
allowing=20
all traffic to pass both ways, and nothing in firewall_logs has given me =
any=20
indication anything is getting dropped. Nor is there any mpd output =
indicating=20
any errors. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; Also, I've tried =
running mpd on=20
the firewall itself as well as on a machine behind the firewall with the =
same=20
results.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; What looks strange =
to me, is the=20
WAN &lt;PPP/SLIP&gt; Interface on the remote client has an ip&nbsp;of=20
172.16.1.10 &nbsp;255.255.255.255 and a default gateway of=20
172.16.1.10.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; Any help would be =
appreciated.=20
Thanks.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Here are my config files...just in =
case!=20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>172.16.1.0/24 is the internal =
network.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>172.16.1.1 is the internal interface if =
the=20
firewall running mpd</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>101.102.103.104 is the external ip of =
the=20
firewall</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Again, I've tried this on a machine =
behind the=20
firewall with a nated ip and still can't reach hosts on the internal=20
network.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>[mpd.conf]</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial=20
size=3D2>default:<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;load=
=20
pptp1<BR></FONT><FONT face=3DArial size=3D2></FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2>pptp1:<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;new =
-i ng1=20
pptp1 pptp1<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set iface =
enable=20
proxy-ARP<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set bundle =
enable=20
multilink<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set link yes =
acfcomp=20
protocomp<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set link no pap=20
chap<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set link enable=20
chap<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set link keep-alive =
10=20
60<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set ipcp yes=20
vjcomp<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set ipcp ranges=20
172.16.1.1/32 172.16.1.10/32</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial =
size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set=20
bundle enable compression<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
set ccp=20
yes mppc<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set ccp yes=20
mpp-e40<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set ccp yes=20
mpp-e128<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set ccp yes=20
mpp-stateless</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>[mpd.links]</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>pptp1:<BR>&nbsp; set link type=20
pptp<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set pptp=20
self&nbsp;101.102.103.104<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
set pptp=20
enable incoming<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set pptp =
disable=20
originate</FONT></DIV></BODY></HTML>

------=_NextPart_000_000E_01C14B5A.9657A270--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE46wKmykOFYZTyPvXb00002bf1>