Date: Sun, 09 Nov 2003 19:16:05 -0500 From: Joe Marcus Clarke <marcus@marcuscom.com> To: Archie Cobbs <archie@dellroad.org> Cc: questions@FreeBSD.ORG Subject: Re: MPD problems connecting to a Cisco 3000 concentrator Message-ID: <1068423365.67992.19.camel@shumai.marcuscom.com> In-Reply-To: <200311092337.hA9NbWAZ003784@arch20m.dellroad.org> References: <200311092337.hA9NbWAZ003784@arch20m.dellroad.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-40ebfV7zSz6N/snbSEuc Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2003-11-09 at 18:37, Archie Cobbs wrote: > Joe Marcus Clarke wrote: > > I'm trying to establish an encrypted PPTP connection to a Cisco VPN > > concentrator using mpd-3.14. It works fine when I disable all > > encryption, but with even 40-bit stateless, I get errors like: > >=20 > > [vpn] LCP: rec'd Protocol Reject #2 link 0 (Opened) > > [vpn] LCP: protocol 0x32f7 was rejected > > [vpn] LCP: rec'd Protocol Reject #10 link 0 (Opened) > > [vpn] LCP: protocol 0xa785 was rejected > > [vpn] LCP: rec'd Protocol Reject #11 link 0 (Opened) > > [vpn] LCP: protocol 0x5a41 was rejected > > [vpn] LCP: rec'd Protocol Reject #12 link 0 (Opened) > > [vpn] LCP: protocol 0x5ceb was rejected >=20 > Almost certain that either the MPD side is incorrectly decrypting the > packets or the Cisco side is incorrectly encrypting them. All known MPD > bugs in this regard are fixed in the latest version of MPD & FreeBSD... > try upgrading the Cisco box?? Or try MS-CHAPv1 instead of v2? The packets aren't even going out on the wire, so the problem looks to be on the mpd side encrypting the packets (that is, in my sniffer trace, I never see any GRE packets going out to the concentrator). All my pings are sourced from the mpd client side. Mpd-3.14 is the latest version, correct?=20 As for the CHAP, things work fine when using MS-CHAPv2 without encryption (at least I thought that's what was being used). I can try MS-CHAPv1, but what I'm really trying to do is help Will with his PPTP setup for access at school. I have VPN 3000s in my lab that I can do just about anything I want to, but Will has no access to his concentrator. Since the concentrator terminates Windows VPN sessions correctly, is there anything else on the mpd side I can look at? Thanks for your help. Joe >=20 > -Archie >=20 > _________________________________________________________________________= _ > Archie Cobbs * Halloo Communications * http://www.halloo.co= m --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-40ebfV7zSz6N/snbSEuc Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQA/rtjFb2iPiv4Uz4cRAoMjAKCHz97jnnbC58EXhq0c8RQ8NXdGLACfYlvr W4aF1w3d+ESEBzMPjQCqyIg= =SRjO -----END PGP SIGNATURE----- --=-40ebfV7zSz6N/snbSEuc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1068423365.67992.19.camel>