From owner-freebsd-questions@FreeBSD.ORG Wed Jan 7 23:49:15 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 946AC16A4CE for ; Wed, 7 Jan 2004 23:49:15 -0800 (PST) Received: from dis.gruntle.org (dis.gruntle.org [198.144.205.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C5EE43D4C for ; Wed, 7 Jan 2004 23:49:12 -0800 (PST) (envelope-from cjones@dis.gruntle.org) Received: from dis.gruntle.org (localhost [127.0.0.1]) by dis.gruntle.org (8.12.10/8.12.10) with ESMTP id i087nBcj021313 for ; Wed, 7 Jan 2004 23:49:11 -0800 (PST) (envelope-from cjones@dis.gruntle.org) Received: (from cjones@localhost) by dis.gruntle.org (8.12.10/8.12.10/Submit) id i087nB4J021312 for freebsd-questions@freebsd.org; Wed, 7 Jan 2004 23:49:11 -0800 (PST) (envelope-from cjones) Date: Wed, 7 Jan 2004 23:49:11 -0800 From: Chris Jones To: freebsd-questions@freebsd.org Message-ID: <20040108074911.GC357@gruntle.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.5.1i Subject: mpd PPTP to Cisco 3000 VPN Concentrator routing problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2004 07:49:15 -0000 Hi. I've gone over list archives and seen this issue discussed before, but the sugggested solutions aren't working for me. I am using mpd-3.15_1 on FreeBSD 4.9-STABLE to connect to a Cisco 3000 Series VPN Concentrator. I have negotiated CHAP and MPPE and the ng0 interface comes up, but when I try to do anything I get this: $ ping 10.10.58.7 PING 10.10.58.7 (10.10.58.7): 56 data bytes ping: sendto: Resource deadlock avoided ping: sendto: No buffer space available A little investigation showed that this is a known routing issue and that it is possible to work around by re-addressing the ng0 interface with the VPN concentrator's private IP and set a default route to it. I did this, but I still have the same problem. :( Does anyone see what I am doing wrong here? Below are my routing table and ifconfig before running mpd, after running mpd, and after running the "fix". Below that is my mpd.conf and its output (verbose). I appreciate any help on this, I've been going crazy trying to figure out what I'm doing wrong. I can get it to work using the OSX PPTP client, but not mpd. - Chris VPN External IP: C.O.R.P VPN Interal IP: 10.10.58.7 *** before running mpd Destination Gateway Flags Refs Use Netif Expire default 192.168.131.254 UGS 0 0 de0 127.0.0.1 127.0.0.1 UH 0 0 lo0 192.168.131 link#1 UC 0 0 de0 192.168.131.254 00:00:0f:00:00:00 UHLW 1 0 de0 36 *** after running mpd ng0: flags=88d1 mtu 1494 inet 10.10.58.156 --> C.O.R.P netmask 0xffffffff inet6 fe80::203:ffff:fe73:504c%ng0 prefixlen 64 scopeid 0x3 Destination Gateway Flags Refs Use Netif Expire default 192.168.131.254 UGS 0 30 de0 10.10.58.156 lo0 UHS 0 0 lo0 127.0.0.1 127.0.0.1 UH 0 0 lo0 192.168.131 link#1 UC 0 0 de0 192.168.131.254 00:00:0f:00:00:00 UHLW 1 0 de0 4 C.O.R.P 10.10.58.156 UH 0 0 ng0 *** run fix from iface up-script ifconfig ng0 inet 10.10.58.156 10.10.58.7 netmask 0xffffffff route delete default route add default -interface ng0 *** after running fix ng0: flags=88d1 mtu 1494 inet6 fe80::203:ffff:fe73:504c%ng0 prefixlen 64 scopeid 0x3 inet 10.10.58.156 --> 10.10.58.7 netmask 0xffffffff Destination Gateway Flags Refs Use Netif Expire default ng0 US 0 0 ng0 10.10.58.7 10.10.58.156 UH 0 0 ng0 10.10.58.156 lo0 UHS 0 0 lo0 127.0.0.1 127.0.0.1 UH 0 0 lo0 192.168.131 link#1 UC 0 0 de0 192.168.131.254 00:00:0f:00:00:00 UHLW 0 0 de0 ciscovpn: new -i ng0 ciscovpn work set bundle authname "user" set bundle password "password" set ipcp ranges 10.10.58.0/23 C.O.R.P/32 set link max-redial -1 set link keep-alive 0 0 set link disable acfcomp protocomp set bundle no crypt-reqd set bundle enable compression encryption set ccp yes mppc set ccp yes mpp-e128 set ccp no mpp-e40 set ccp yes mpp-stateless set link disable pap chap set link no chap-md5 set link no chap-msv2 set link no pap set link accept chap-msv1 set iface idle 0 set ipcp disable vjcomp set ipcp enable req-pri-dns req-sec-dns set iface up-script /usr/local/etc/mpd/ciscovpn-iface-up.sh open *** mpd.links work: set link type pptp set pptp peer C.O.R.P set pptp enable originate outcall *** mpd output # mpd Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 1033, version 3.15 (root@mymachine 00:39 7-Jan-2004) [ciscovpn] ppp node is "mpd1033-ciscovpn" [ciscovpn] using interface ng0 [ciscovpn] IFACE: Open event [ciscovpn] IPCP: Open event [ciscovpn] IPCP: state change Initial --> Starting [ciscovpn] IPCP: LayerStart [ciscovpn:work] [ciscovpn] bundle: OPEN event in state CLOSED [ciscovpn] opening link "work"... [work] link: OPEN event [work] LCP: Open event [work] LCP: state change Initial --> Starting [work] LCP: LayerStart [work] device: OPEN event in state DOWN pptp0: connecting to C.O.R.P:1723 [work] device is now in state OPENING pptp0: connected to C.O.R.P:1723 pptp0: attached to connection with C.O.R.P:1723 pptp0-0: outgoing call connected at 10000000 bps [work] PPTP call successful [work] device: UP event in state OPENING [work] device is now in state UP [work] link: UP event [work] link: origination is local [work] LCP: Up event [work] LCP: state change Starting --> Req-Sent [work] LCP: phase shift DEAD --> ESTABLISH [work] LCP: SendConfigReq #1 MRU 1500 MAGICNUM 3aa7e9cd MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 03 ff 73 50 4c [work] LCP: SendConfigReq #2 MRU 1500 MAGICNUM 3aa7e9cd MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 03 ff 73 50 4c [work] LCP: rec'd Configure Reject #2 link 0 (Req-Sent) MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 03 ff 73 50 4c [work] LCP: SendConfigReq #3 MRU 1500 MAGICNUM 3aa7e9cd [work] LCP: rec'd Configure Ack #3 link 0 (Req-Sent) MRU 1500 MAGICNUM 3aa7e9cd [work] LCP: state change Req-Sent --> Ack-Rcvd [work] LCP: rec'd Configure Request #1 link 0 (Ack-Rcvd) AUTHPROTO CHAP MSOFT [work] LCP: SendConfigAck #1 AUTHPROTO CHAP MSOFT [work] LCP: state change Ack-Rcvd --> Opened [work] LCP: phase shift ESTABLISH --> AUTHENTICATE [work] LCP: auth: peer wants CHAP, I want nothing [work] LCP: LayerUp [work] CHAP: rec'd CHALLENGE #1 Name: "" Using authname "user" [work] CHAP: sending RESPONSE [work] CHAP: rec'd CHALLENGE #2 Name: "" Using authname "user" [work] CHAP: sending RESPONSE [work] CHAP: rec'd SUCCESS #2 [work] LCP: authorization successful [work] LCP: phase shift AUTHENTICATE --> NETWORK [ciscovpn] setting interface ng0 MTU to 1500 bytes [ciscovpn] up: 1 link, total bandwidth 64000 bps [ciscovpn] IPCP: Up event [ciscovpn] IPCP: state change Starting --> Req-Sent [ciscovpn] IPCP: SendConfigReq #1 IPADDR 10.10.58.0 PRIDNS 0.0.0.0 SECDNS 0.0.0.0 [ciscovpn] CCP: Open event [ciscovpn] CCP: state change Initial --> Starting [ciscovpn] CCP: LayerStart [ciscovpn] CCP: Up event [ciscovpn] CCP: state change Starting --> Req-Sent [ciscovpn] CCP: SendConfigReq #1 [work] CCP: Checking wether 40 bits are enabled -> no [work] CCP: Checking wether 56 bits are enabled -> no [work] CCP: Checking wether 128 bits are enabled -> yes MPPC 0x01000040: MPPE, 128 bit, stateless [ciscovpn] ECP: Open event [ciscovpn] ECP: state change Initial --> Starting [ciscovpn] ECP: LayerStart [ciscovpn] ECP: Up event [ciscovpn] ECP: state change Starting --> Req-Sent [ciscovpn] ECP: SendConfigReq #1 [ciscovpn] IPCP: rec'd Configure Request #0 link 0 (Req-Sent) IPADDR C.O.R.P C.O.R.P is OK [ciscovpn] IPCP: SendConfigAck #0 IPADDR C.O.R.P [ciscovpn] IPCP: state change Req-Sent --> Ack-Sent [ciscovpn] CCP: rec'd Configure Request #0 link 0 (Req-Sent) MPPC 0x01000060: MPPE, 40 bit, 128 bit, stateless [work] CCP: Checking wether 40 bits are acceptable -> no [work] CCP: Checking wether 128 bits are acceptable -> yes [ciscovpn] CCP: SendConfigNak #0 MPPC 0x01000040: MPPE, 128 bit, stateless [ciscovpn] CCP: rec'd Configure Nak #1 link 0 (Req-Sent) MPPC 0x01000040: MPPE, 128 bit, stateless [ciscovpn] CCP: SendConfigReq #2 [work] CCP: Checking wether 40 bits are enabled -> no [work] CCP: Checking wether 56 bits are enabled -> no [work] CCP: Checking wether 128 bits are enabled -> yes MPPC 0x01000040: MPPE, 128 bit, stateless [work] LCP: rec'd Protocol Reject #2 link 0 (Opened) [work] LCP: protocol ECP was rejected [ciscovpn] ECP: protocol was rejected by peer [ciscovpn] ECP: state change Req-Sent --> Stopped [ciscovpn] ECP: LayerFinish [ciscovpn] CCP: rec'd Configure Request #1 link 0 (Req-Sent) MPPC 0x01000040: MPPE, 128 bit, stateless [work] CCP: Checking wether 128 bits are acceptable -> yes [ciscovpn] CCP: SendConfigAck #1 MPPC 0x01000040: MPPE, 128 bit, stateless [ciscovpn] CCP: state change Req-Sent --> Ack-Sent [ciscovpn] CCP: rec'd Configure Ack #2 link 0 (Ack-Sent) MPPC 0x01000040: MPPE, 128 bit, stateless [ciscovpn] CCP: state change Ack-Sent --> Opened [ciscovpn] CCP: LayerUp Compress using: MPPE, 128 bit, stateless Decompress using: MPPE, 128 bit, stateless [ciscovpn] setting interface ng0 MTU to 1494 bytes [ciscovpn] IPCP: SendConfigReq #2 IPADDR 10.10.58.0 PRIDNS 0.0.0.0 SECDNS 0.0.0.0 [ciscovpn] IPCP: rec'd Configure Nak #2 link 0 (Ack-Sent) IPADDR 10.10.58.156 10.10.58.156 is OK PRIDNS 10.10.10.100 SECDNS 10.10.10.85 [ciscovpn] IPCP: SendConfigReq #3 IPADDR 10.10.58.156 PRIDNS 10.10.10.100 SECDNS 10.10.10.85 [ciscovpn] IPCP: rec'd Configure Ack #3 link 0 (Ack-Sent) IPADDR 10.10.58.156 PRIDNS 10.10.10.100 SECDNS 10.10.10.85 [ciscovpn] IPCP: state change Ack-Sent --> Opened [ciscovpn] IPCP: LayerUp 10.10.58.156 -> C.O.R.P [ciscovpn] IFACE: Up event [ciscovpn] setting interface ng0 MTU to 1494 bytes [ciscovpn] exec: /sbin/ifconfig ng0 10.10.58.156 C.O.R.P netmask 0xffffffff -link0 [ciscovpn] exec: /sbin/route add 10.10.58.156 -iface lo0 [ciscovpn] exec: /usr/local/etc/mpd/ciscovpn-iface-up.sh ng0 inet 10.10.58.156 C.O.R.P dns1 10.10.10.100 dns2 10.10.10.85 [ciscovpn] IFACE: Up event -- Chris