Date: Thu, 16 Sep 2004 20:20:18 -0500 From: "Jonathan Reeder" <jreeder@minutemenu.com> To: "Tim Pushor" <timp@crossthread.com> Cc: freebsd-net@freebsd.org Subject: RE: MPD 3.18 Trouble Message-ID: <NIECLIJFBLKHJMOALIKPMEGPCLAA.jreeder@minutemenu.com> In-Reply-To: <4148E318.4090506@crossthread.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the reply, Tim. I do run ipfilter, but I allow incoming tcp port 1723 and also GRE. A look through my ipf.log shows no blocked packets. Also, I can see the GRE traffic coming into my dc0 (external if) in tcpdump, and I can then see the unencapsulated traffic on my ng0 interface in tcpdump. Problem is, the traffic just never gets off of ng0. I would think the proper series of events would be: GRE encapsulated traffic comes in on dc0 (external) -> unencapsulation of traffic and then retransmission from ng0 (vpn pseudo-if) -> if the traffic is destined for my local lan, ng0 passes it off to rl0 (internal if). I see steps one and two of that in tcpdump, but not three. -----Original Message----- From: Tim Pushor [mailto:timp@crossthread.com] Sent: Wednesday, September 15, 2004 7:49 PM To: Jonathan Reeder Cc: freebsd-net@freebsd.org Subject: Re: MPD 3.18 Trouble Jonathan, A cursory look through your config looks ok, similar to mine (which *is* working ;-). One question, could the packets be being dropped by a firewall? Are you running ipf/ipfirewall/ipfw? Jonathan Reeder wrote: >First off, sorry if this has come through twice, I tried to send it last >week but don't think it made it through: > >I've got MPD v3.18 up and running on my FreeBSD 4.9. All seems to be going >well, clients can connect via PPTP, but once connected, they cannot actually >access my internal network. Some background on my configuration: > ># ifconfig >dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet a.b.c.d netmask 0xfffffff8 broadcast a.b.c.e > inet6 fe80::2a0:ffff:feff:9cfc%dc0 prefixlen 64 scopeid 0x1 > ether 00:a0:ff:ff:9c:fc > media: Ethernet 10baseT/UTP > status: active >rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255 > inet6 fe80::220:edff:fe2c:fe68%rl0 prefixlen 64 scopeid 0x2 > ether 00:20:ed:2c:fe:68 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > inet 127.0.0.1 netmask 0xff000000 >faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 >ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500 >ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500 > >That is for the server that runs MPD. Also, here are my mpd.conf and >mpd.links: > ># cat /usr/local/etc/mpd/mpd.conf >default: > log +auth +pptp > load vpn0 > load vpn1 > >vpn0: > new -i ng0 vpn0 vpn0 > set iface disable on-demand > set iface enable proxy-arp > set bundle disable multilink > set link yes acfcomp protocomp > set link mtu 1400 > set link no pap chap > set link enable chap > set link keep-alive 60 180 > set ipcp yes vjcomp > set ipcp ranges 192.168.1.254/32 192.168.1.200/32 > set ipcp dns x.x.x.x > > set bundle enable compression > set ccp yes mppc > #set ccp yes mpp-e40 > set ccp no mpp-e40 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > set bundle yes crypt-reqd > >vpn1: > same as vpn0 > ># cat /usr/local/etc/mpd/mpd.links >vpn0: > set link type pptp > set pptp self a.b.c.d > set pptp enable incoming > set pptp disable originate > >MPD runs fine, listens on port 1723, accepts connections, authenticates, and >then once a user is connected, my ifconfig changes from what you saw above >to something similar to the following: > >ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1396 > inet 192.168.1.254 --> 192.168.1.200 netmask 0xffffffff > inet6 fe80::2a0:ffff:feff:9cfc%ng0 prefixlen 64 scopeid 0x5 > >So, I'm thinking that I should be set, right? Nope. No traffic actually >makes it from the client to my internal 192.168.1.0/24 network. When I ping >a 192.168.1 client from the remote VPN user, if I watch a tcpdump -i ng0 I >can see the ping come through from dc0 (via GRE) to ng0, but that ping never >seems to get passed to the rl0 interface like I would expect. (Yes, I do >have gateway_enable='YES' and the sysctl has been confirmed to be on). Same >type of problem if I try to ping 192.168.1.200 from a host on my local >network. I get a reply from 192.168.1.10 (the local address of my FreeBSD >machine) saying "Destination host unreachable". If I try to ping >192.168.1.200 from my BSD box, I get > >ping: sendto: No route to host > >This is the one that really kills me, because it has a perfect route to that >host sitting right in front of it. It just refuses to pass the packets to >the proper device. > >I'm hoping someone might have run into this same type of problem before. Is >there something about my mpd.conf that would keep ng0 from passing packets >off to my local network (rl0) and vice-versa? If anyone is kind enough to >respond, let me know if there is any other info about my configuration that >would be helpful to you. > >Thanks a bunch, > >Jonathan Reeder >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NIECLIJFBLKHJMOALIKPMEGPCLAA.jreeder>