Date: Thu, 14 Dec 2000 17:17:04 +0300 From: "Alexey" <Alexey.Dementsov@oggi.spb.ru> To: <questions@FreeBSD.org> Message-ID: <001601c065d8$8949cb70$0201040a@oggi.spb.ru>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0013_01C065F1.ADE67820
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
Good day.
I have a same dificult problem with tooling VPN based package poptop. I =
uses FreeBDS 3.1 operation system. Client is VPN Microsoft. Connection =
in the Local Aria Network was succesful on 10.4.1.1 IP.=20
FreeBSD is connected with Internet by PPP with fixed ip adress x.x.x.x
Client computer is connected whith Internet by dual-up with fixed =
ip-adress y.y.y.y
Then I tried to connect through Internet on x.x.x.x IP. The messages =
"650 The Remote Access server is not responding" appeard after the check =
username password.
Configuration files are wrote below:
/etc/rc.conf
ifconfig_ed1=3D"inet 10.4.1.1 netmask 255.255.255.0"
defaultrouter=3D"NO"
network_interfaces=3D"ed1 lo0"
hostname=3D"mail.oggi.spb.ru"
keymap=3Dru.koi8-r
keychange=3D"61 ^[[K"
scrnmap=3Dkoi8-r2cp866
font8x16=3Dcpp866b-8x16
font8x14=3Dcpp866-8x14
font8x8=3Dcp866-8x8
firewall_enable =3D "YES"
natd_enable=3D"YES"
natd_interface=3D"tun0"
natd_flags=3D"-dynamic"
ppp_enable=3D"YES"
ppp_mode=3D"auto"
ppp_nat=3D"YES"
/etc/rc.firewall
fwcmd=3D"/sbin/ipfw"
$fwcmd -f flush
# Divert all packets through the tunnel interface.
$fwcmd add divert natd all from any to any via tun0
# Allow all data from my network card and localhost. Make sure you
# change your network card (mine was fxp0) before you reboot. :)
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via ed1
#Allow all data from warehouse
$fwcmd add allow all from y.y.y.y to any
# Allow all connections that I initiate.
$fwcmd add allow tcp from any to any out xmit tun0 setup
# Once connections are made, allow them to stay open.
$fwcmd add allow tcp from any to any via tun0 established
# Everyone on the internet is allowed to connect to the following
# services on the machine. This example shows that people may =
connect
# to ssh and apache
$fwcmd add allow tcp from any to any 25 setup
=20
$fwcmd add reset log tcp from any to any 113 in recv tun0
.
$fwcmd add allow udp from any to 212.44.130.6 53 out xmit tun0
$fwcmd add allow udp from 212.44.130.6 53 to any in recv tun0
$fwcmd add 65435 allow icmp from any to any
=20
$fwcmd add 65435 deny log ip from any to any
=20
/etc/ppp/ppp.conf
default:
set redial 1 0
set filter dial 0 deny udp src eq 53
set filter dial 1 deny udp dst eq 53
set filter dial 2 permit 0/0 0/0
internet:
set device /dev/cuaa0
set speed 115200
disable pred1
deny pred1
disable lqr
deny lqr
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK =
ATE1Q0 OK
set authname name
set authkey password
set phone 123456
set timeout 600
set openmode active
accept chap
set ifaddr x.x.x.x 127.2.2.2/0 255.255.255.0
add 0 0 127.2.2.2
/etc/ppp/options
debug
name x.x.x.x
lock
require-chap
auth
proxyarp
/etc/ppp/chap-secrets
billy x.x.x.x bob * =20
/etc/pptpd.conf
speed 115200
options /etc/ppp/options
debug
------=_NextPart_000_0013_01C065F1.ADE67820
Content-Type: text/html;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Dkoi8-r" http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3401" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT size=3D2>Good day.</FONT></DIV>
<DIV><FONT size=3D2>I have a same dificult problem with tooling VPN =
based package=20
poptop. I uses FreeBDS 3.1 operation system. Client is VPN Microsoft. =
Connection=20
in the Local Aria Network was succesful on 10.4.1.1 IP. </FONT></DIV>
<DIV><FONT size=3D2>
<DIV><FONT size=3D2>FreeBSD is connected with Internet by PPP with fixed =
ip adress=20
x.x.x.x</FONT></DIV>
<DIV><FONT size=3D2>Client computer is connected whith Internet by =
dual-up with=20
fixed ip-adress y.y.y.y</FONT></DIV>
<DIV>Then I tried to connect through Internet on x.x.x.x IP. The=20
messages "650 The Remote Access server is not responding" appeard =
after the=20
check username password.</FONT></DIV></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>Configuration files are wrote below:</FONT></DIV>
<DIV> <FONT size=3D2>/etc/rc.conf</FONT></DIV>
<DIV><FONT size=3D2>ifconfig_ed1=3D"inet 10.4.1.1 netmask=20
255.255.255.0"<BR>defaultrouter=3D"NO"<BR>network_interfaces=3D"ed1=20
lo0"<BR>hostname=3D"mail.oggi.spb.ru"<BR>keymap=3Dru.koi8-r<BR>keychange=3D=
"61=20
^[[K"<BR>scrnmap=3Dkoi8-r2cp866<BR>font8x16=3Dcpp866b-8x16<BR>font8x14=3D=
cpp866-8x14<BR>font8x8=3Dcp866-8x8<BR>firewall_enable=20
=3D=20
"YES"<BR>natd_enable=3D"YES"<BR>natd_interface=3D"tun0"<BR>natd_flags=3D"=
-dynamic"<BR>ppp_enable=3D"YES"</FONT></DIV>
<DIV><FONT size=3D2>ppp_mode=3D"auto"<BR>ppp_nat=3D"YES"</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>/etc/rc.firewall</FONT></DIV>
<DIV><FONT size=3D2> fwcmd=3D"/sbin/ipfw"</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2> $fwcmd -f flush<BR></FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2> # Divert all packets through the =
tunnel=20
interface.</FONT></DIV>
<DIV><FONT size=3D2> $fwcmd add divert natd all from =
any to any=20
via tun0</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2> # Allow all data from my network =
card and=20
localhost. Make sure you<BR> # change your =
network card=20
(mine was fxp0) before you reboot. :)<BR> $fwcmd =
add=20
allow ip from any to any via lo0<BR> $fwcmd add allow =
ip from=20
any to any via ed1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2> #Allow all data from=20
warehouse<BR> $fwcmd add allow all from y.y.y.y to=20
any<BR> # Allow all connections that =
I=20
initiate.<BR> $fwcmd add allow tcp from any to any out =
xmit=20
tun0 setup</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2> # Once connections are made, =
allow them to=20
stay open.<BR> $fwcmd add allow tcp from any to any =
via tun0=20
established</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2> # Everyone on the internet is =
allowed to=20
connect to the following<BR> # services on the =
machine. =20
This example shows that people may connect<BR> # to =
ssh and=20
apache<BR> $fwcmd add allow tcp from any to any 25=20
setup<BR> </FONT></DIV>
<DIV><FONT size=3D2> $fwcmd add reset log tcp from any =
to any=20
113 in recv tun0</FONT></DIV>
<DIV><FONT size=3D2>.<BR> $fwcmd add allow udp from =
any to=20
212.44.130.6 53 out xmit tun0</FONT></DIV>
<DIV><FONT size=3D2> $fwcmd add allow udp from =
212.44.130.6 53=20
to any in recv tun0</FONT></DIV>
<DIV><FONT size=3D2><BR> $fwcmd add 65435 allow icmp =
from any to=20
any</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2> <BR> $fwcmd add 65435 =
deny log=20
ip from any to=20
any<BR> =
&=
nbsp; &n=
bsp; =20
</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>/etc/ppp/ppp.conf</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>default:<BR> set redial 1=20
0<BR> set filter dial 0 deny udp src eq=20
53<BR> set filter dial 1 deny udp dst eq=20
53<BR> set filter dial 2 permit 0/0 0/0</FONT></DIV>
<DIV><FONT size=3D2>internet:<BR> set device=20
/dev/cuaa0<BR> set speed 115200<BR> =
disable=20
pred1<BR> deny pred1<BR> disable=20
lqr<BR> deny lqr<BR> set dial "ABORT =
BUSY=20
ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 =
OK<BR> =20
set authname name<BR> set =
authkey password<BR> =20
set phone 123456<BR> set timeout =
600<BR> set=20
openmode active<BR> accept chap<BR> =
set=20
ifaddr x.x.x.x 127.2.2.2/0 255.255.255.0<BR> add 0 0=20
127.2.2.2<BR></FONT><FONT size=3D2>/etc/ppp/options</FONT></DIV>
<DIV><FONT size=3D2>debug<BR>name x.x.x.x</FONT></DIV>
<DIV><FONT =
size=3D2>lock<BR>require-chap<BR>auth<BR>proxyarp<BR></DIV></FONT>
<DIV><FONT size=3D2>/etc/ppp/chap-secrets</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>billy x.x.x.x bob * </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>/etc/pptpd.conf</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>speed 115200</FONT></DIV>
<DIV><FONT size=3D2>options /etc/ppp/options<BR>debug</FONT></DIV>
<DIV> </DIV></BODY></HTML>
------=_NextPart_000_0013_01C065F1.ADE67820--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001601c065d8$8949cb70$0201040a>