Date: Wed, 24 Oct 2001 22:46:11 -0700 From: "Drew Tomlinson" <drew@mykitchentable.net> To: "Joe Clarke" <marcus@marcuscom.com> Cc: <questions@FreeBSD.ORG> Subject: Re: VPN Server & Win2K Client Not Connecting Message-ID: <00cc01c15d18$5a0108a0$0301a8c0@bigdaddy> References: <20011024173548.L35166-100000@shumai.marcuscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Joe Clarke" <marcus@marcuscom.com>
To: "Drew Tomlinson" <drew@mykitchentable.net>
Cc: <questions@FreeBSD.ORG>
Sent: Wednesday, October 24, 2001 2:41 PM
Subject: Re: VPN Server & Win2K Client Not Connecting
>
>
> On Mon, 22 Oct 2001, Drew Tomlinson wrote:
>
> > I apologize if this is a duplicate. I'm not sure my first post
made it
> > out as I received an error when sending it.
> >
> > I'm trying to setup a VPN server on my home network. I have
installed
> > mpd-netgraph 3.3 from ports and followed the directions in the
user
> > guide and sample files. I'm attempting to connect from a Win2K
client
> > but am not successful. I have searched the list archives and
found one
> > message that was close to my problem but did not find any replies.
> > Below is my log from an attempted connection. I don't really
understand
> > what's going on and hope someone can point out my error and let me
know
> > where to look next.
>
> I usually respond to PPTP/mpd questions. I have this working on
FreeBSD
> 4.4-stable with 2000, 98, and Me clients. I compiled mpd-netgraph
3.2 (I
> haven't upgraded to 3.3 yet) from ports. I also made sure I had all
the
> crypto sources installed first (this is the only way to get MS CHAP
> support [that is, you need the DES libs]).
>
> This works out of the box with pretty much the default pptp config
in
> mpd.conf. I only had to add user and IP address info. I'm also
able to
> get 128-bit MPPE.
>
> It looks like your clients are trying to use MS CHAP, but mpd wasn't
> compiled with it. Try adding the crypto sources and libraries to
your
> machine, then recompile the port.
Thank you for looking into my problem.
Since I posted this message, I have done a little more
troubleshooting. What I found is that if I connect from a Win2K
machine on my private LAN to the VPN server (on the same private LAN),
a tunnel is established. My interpretation of the successful log is
that the Win2K client sends a Config Request. The request is rejected
by the VPN server. Then the VPN server sends a message along the
lines of "how 'bout this?". The message is received by the Win2K
client that says "OK" and then the tunnel is established.
My internet connection for my home network is ADSL. When I try to
connect to the VPN server via the Internet, it seems as the "how 'bout
this?" message from the VPN server doesn't make it to the Win2K
client. My FBSD firewall is not an issue as I've tried it with the
firewall wide open. I log deny packets and have log_in_vain set. No
errors show up in the logs. Here's my network config:
ISP
|
| IP is DHCP (RFC 1918 & draft-manning nets
| inbound blocked here)
|
ADSL Modem/Router (provides DNS & NAT)
|192.168.10.1 (RFC 1918 & draft-manning nets
| outbound blocked here)
|
|192.168.10.2 (ed1)
Firewall
|
|192.168.1.2 (ed0)
|
Internal Network 192.168.1.0/24
I know NAT and VPN don't necessarily get along real well so it may be
a NAT issue with my 3Com router/modem. But it could also be a
firewall issue at my place of employment. I am able to connect to a
VPN server at my work from home through the 3Com router/modem.
Connecting to my home from work via VPN fails. Do you have any idea
which problem is more likely? Or some other possibility I haven't
even thought of? I'll be out of town for a few days but when I
return, I plan to do a little more testing. Any advice, pointers,
things to look for, etc. will be greatly appreciated.
Thanks,
Drew
> Joe
>
> >
> > Thanks,
> >
> > Drew
> >
> > -----------------------------------------------
> > Multi-link PPP for FreeBSD, by Archie L. Cobbs.
> > Based on iij-ppp, by Toshiharu OHNO.
> > mpd: pid 27386, version 3.3 (root@blacksheep.mykitchentable.net
07:08
> > 21-Oct-2001)
> > [pptp] ppp node is "mpd27386-pptp"
> > mpd: local IP address for PPTP is 192.168.10.2
> > [pptp] using interface ng0
> > [pptp:vpn1] mpd: PPTP connection from xxx.xxx.xxx.xxx:2166
> > pptp0: attached to connection with xxx.xxx.xxx.xxx:2166
> > [pptp] IFACE: Open event
> > [pptp] IPCP: Open event
> > [pptp] IPCP: state change Initial --> Starting
> > [pptp] IPCP: LayerStart
> > [pptp] IPCP: Open event
> > [pptp] bundle: OPEN event in state CLOSED
> > [pptp] opening link "vpn1"...
> > [vpn1] link: OPEN event
> > [vpn1] LCP: Open event
> > [vpn1] LCP: state change Initial --> Starting
> > [vpn1] LCP: LayerStart
> > [vpn1] device: OPEN event in state DOWN
> > [vpn1] attaching to peer's outgoing call
> > [vpn1] device is now in state OPENING
> > [vpn1] device: UP event in state OPENING
> > [vpn1] device is now in state UP
> > [vpn1] link: UP event
> > [vpn1] link: origination is remote
> > [vpn1] LCP: Up event
> > [vpn1] LCP: state change Starting --> Req-Sent
> > [vpn1] LCP: phase shift DEAD --> ESTABLISH
> > [vpn1] LCP: SendConfigReq #1
> > ACFCOMP
> > PROTOCOMP
> > MRU 1500
> > MAGICNUM c45f0870
> > AUTHPROTO CHAP MSOFT
> > pptp0-0: ignoring SetLinkInfo
> > [vpn1] LCP: rec'd Configure Request #0 link 0 (Req-Sent)
> > MAGICNUM 75e54257
> > PROTOCOMP
> > ACFCOMP
> > CALLBACK
> > Not supported
> > MP MRRU 1614
> > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8
b2 00
> > 00 00 08
> > [vpn1] LCP: SendConfigRej #0
> > CALLBACK
> > MP MRRU 1614
> > [vpn1] LCP: SendConfigReq #2
> > ACFCOMP
> > PROTOCOMP
> > MRU 1500
> > MAGICNUM c45f0870
> > AUTHPROTO CHAP MSOFT
> > [vpn1] LCP: rec'd Configure Request #1 link 0 (Req-Sent)
> > MAGICNUM 75e54257
> > PROTOCOMP
> > ACFCOMP
> > CALLBACK
> > Not supported
> > MP MRRU 1614
> > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8
b2 00
> > 00 00 08
> > [vpn1] LCP: SendConfigRej #1
> > CALLBACK
> > MP MRRU 1614
> > [vpn1] LCP: SendConfigReq #3
> > ACFCOMP
> > PROTOCOMP
> > MRU 1500
> > MAGICNUM c45f0870
> > AUTHPROTO CHAP MSOFT
> > [vpn1] LCP: rec'd Configure Request #2 link 0 (Req-Sent)
> > MAGICNUM 75e54257
> > PROTOCOMP
> > ACFCOMP
> > CALLBACK
> > Not supported
> > MP MRRU 1614
> > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8
b2 00
> > 00 00 08
> > [vpn1] LCP: SendConfigRej #2
> > CALLBACK
> > MP MRRU 1614
> > [vpn1] LCP: SendConfigReq #4
> > ACFCOMP
> > PROTOCOMP
> > MRU 1500
> > MAGICNUM c45f0870
> > AUTHPROTO CHAP MSOFT
> > [vpn1] LCP: SendConfigReq #5
> > ACFCOMP
> > PROTOCOMP
> > MRU 1500
> > MAGICNUM c45f0870
> > AUTHPROTO CHAP MSOFT
> > [vpn1] LCP: rec'd Configure Request #3 link 0 (Req-Sent)
> > MAGICNUM 75e54257
> > PROTOCOMP
> > ACFCOMP
> > CALLBACK
> > Not supported
> > MP MRRU 1614
> > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8
b2 00
> > 00 00 08
> > [vpn1] LCP: SendConfigRej #3
> > CALLBACK
> > MP MRRU 1614
> > [vpn1] LCP: SendConfigReq #6
> > ACFCOMP
> > PROTOCOMP
> > MRU 1500
> > MAGICNUM c45f0870
> > AUTHPROTO CHAP MSOFT
> > [vpn1] LCP: SendConfigReq #7
> > ACFCOMP
> > PROTOCOMP
> > MRU 1500
> > MAGICNUM c45f0870
> > AUTHPROTO CHAP MSOFT
> > [vpn1] LCP: rec'd Configure Request #4 link 0 (Req-Sent)
> > MAGICNUM 75e54257
> > PROTOCOMP
> > ACFCOMP
> > CALLBACK
> > Not supported
> > MP MRRU 1614
> > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8
b2 00
> > 00 00 08
> > [vpn1] LCP: SendConfigRej #4
> > CALLBACK
> > MP MRRU 1614
> > [vpn1] LCP: SendConfigReq #8
> > ACFCOMP
> > PROTOCOMP
> > MRU 1500
> > MAGICNUM c45f0870
> > AUTHPROTO CHAP MSOFT
> > [vpn1] LCP: SendConfigReq #9
> > ACFCOMP
> > PROTOCOMP
> > MRU 1500
> > MAGICNUM c45f0870
> > AUTHPROTO CHAP MSOFT
> > [vpn1] LCP: SendConfigReq #10
> > ACFCOMP
> > PROTOCOMP
> > MRU 1500
> > MAGICNUM c45f0870
> > AUTHPROTO CHAP MSOFT
> > [vpn1] LCP: rec'd Configure Request #5 link 0 (Req-Sent)
> > MAGICNUM 75e54257
> > PROTOCOMP
> > ACFCOMP
> > CALLBACK
> > Not supported
> > MP MRRU 1614
> > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8
b2 00
> > 00 00 08
> > [vpn1] LCP: not converging
> > [vpn1] LCP: parameter negotiation failed
> > [vpn1] LCP: state change Req-Sent --> Stopped
> > [vpn1] LCP: LayerFinish
> > [vpn1] device: CLOSE event in state UP
> > pptp0-0: clearing call
> > pptp0-0: killing channel
> > [vpn1] PPTP call terminated
> > [pptp] IFACE: Close event
> > [pptp] IPCP: Close event
> > [pptp] IPCP: state change Starting --> Initial
> > [pptp] IPCP: LayerFinish
> > [pptp] IFACE: Close event
> > pptp0: closing connection with xxx.xxx.xxx.xxx:2166
> > [pptp] IFACE: Close event
> > [vpn1] device is now in state CLOSING
> > [pptp] bundle: CLOSE event in state OPENED
> > [pptp] closing link "vpn1"...
> > [vpn1] device: DOWN event in state CLOSING
> > [vpn1] device is now in state DOWN
> > [vpn1] link: CLOSE event
> > [vpn1] LCP: Close event
> > [vpn1] LCP: state change Stopped --> Closed
> > [vpn1] device: DOWN event in state DOWN
> > [vpn1] device is now in state DOWN
> > [vpn1] link: DOWN event
> > [vpn1] LCP: Down event
> > [vpn1] LCP: state change Closed --> Initial
> > [vpn1] LCP: phase shift ESTABLISH --> DEAD
> > pptp0: invalid length 16 for type 4
> > pptp0: killing connection with xxx.xxx.xxx.xxx:2166
> > [vpn1] link: DOWN event
> > [vpn1] LCP: Down event
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00cc01c15d18$5a0108a0$0301a8c0>