Date: 28 Apr 2002 14:34:32 +0300 From: Ralf Folkerts <ralf.folkerts@epost.de> To: freebsd-questions@freebsd.org Subject: MPD-(PPTP) Config Problem... Message-ID: <1019993672.321.68.camel@beastie.home.folkerts-net.de>
next in thread | raw e-mail | index | archive | help
Hi,
I'd like to access "my" Company's Net through a VPN from my FreeBSD box.
However, I was unable to configure mpd (and pptp) to work.I then tried
from my Win-Box - and it worked (so there must a be a way to configure
mpd to get it to work, too).
In a "short" Overview: I have a small Network @ home (10.0.0.0/24) and
access the IN through a DSL-Router (10.0.0.254/32 local, a.b.c.d/32 as
assigned by ISP,. remote).
The company's internal Network is on address 192.168.1.0/24.
The company's VPN-Router can be reached via Internet at address
"c.o.m.p"
It will assign ne an address 192.168.7.101/32 which, however, is fix for
my Login-Name.
FreeBSD is 4.5STABLE, mpd is mpd-3.7.
I tried with several Configs, but either MPD won't connect at all, or it
will connect and I also can ping the remote machines but not e.g. telnet
to them (which works fine from my Win-machine, so it shouldn't be a
Routing Problem of the Server's of the Company) or it does establish a
link but then produces errors.
Here is my "latest" config that produces the last symptom (connects but
the produces errors).
---<<<mpd.conf>>>---
default:
load vpn
vpn:
new -i ng0 vpn vpn
set iface disable on-demand
set iface addrs 192.168.7.101 c.o.m.p
set iface idle 0
set iface route 192.168.1.0/24
set bundle disable multilink
set bundle authname "abc"
set link yes acfcomp protocomp
set link disable pap chap
set link accept chap
# If remote machine is NT you need this..
set link enable no-orig-auth
set link keep-alive 10 75
set ipcp yes vjcomp
set ipcp ranges 192.168.7.101/32 c.o.m.p/32
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set bundle enable crypt-reqd
set ccp yes mpp-stateless
open
---<<</mpd.conf>>>---
---<<<mpd.links>>>---
vpn:
set link type pptp
set pptp self 192.168.7.101
set pptp peer c.o.m.p
set pptp disable incoming
set pptp enable originate outcall
---<<</mpd.links>>>
---<<<mpd.log>>>---
beastie:root#mpd
Multi-link PPP for FreeBSD, by Archie L. Cobbs.
Based on iij-ppp, by Toshiharu OHNO.
mpd: pid 668, version 3.7 (root@freebsd.home.folkerts-net.de 17:43
18-Apr-2002)
[vpn] ppp node is "mpd668-vpn"
[vpn] using interface ng0
[vpn] IFACE: Open event
[vpn] IPCP: Open event
[vpn] IPCP: state change Initial --> Starting
[vpn] IPCP: LayerStart
[vpn:vpn] [vpn] bundle: OPEN event in state CLOSED
[vpn] opening link "vpn"...
[vpn] link: OPEN event
[vpn] LCP: Open event
[vpn] LCP: state change Initial --> Starting
[vpn] LCP: LayerStart
[vpn] device: OPEN event in state DOWN
pptp0: connecting to c.o.m.p:1723
[vpn] device is now in state OPENING
pptp0: connected to c.o.m.p:1723
pptp0: attached to connection with c.o.m.p:1723
pptp0-0: outgoing call connected at 64000 bps
[vpn] PPTP call successful
[vpn] device: UP event in state OPENING
[vpn] device is now in state UP
[vpn] link: UP event
[vpn] link: origination is local
[vpn] LCP: Up event
[vpn] LCP: state change Starting --> Req-Sent
[vpn] LCP: phase shift DEAD --> ESTABLISH
[vpn] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 12345678
[vpn] rec'd unknown ctrl message, cookie=942710669 cmd=4
[vpn] LCP: rec'd Configure Request #1 link 0 (Req-Sent)
MRU 1524
AUTHPROTO CHAP MD5
MAGICNUM 12345678
PROTOCOMP
ACFCOMP
[vpn] LCP: SendConfigAck #1
MRU 1524
AUTHPROTO CHAP MD5
MAGICNUM 12345678
PROTOCOMP
ACFCOMP
[vpn] LCP: state change Req-Sent --> Ack-Sent
[vpn] LCP: rec'd Configure Ack #1 link 0 (Ack-Sent)
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 12345678
[vpn] LCP: state change Ack-Sent --> Opened
[vpn] LCP: phase shift ESTABLISH --> AUTHENTICATE
[vpn] LCP: auth: peer wants CHAP, I want nothing
[vpn] LCP: LayerUp
[vpn] CHAP: rec'd CHALLENGE #1
Name: "company"
Using authname "abc"
[vpn] CHAP: sending RESPONSE
[vpn] CHAP: rec'd SUCCESS #1
[vpn] LCP: authorization successful
[vpn] LCP: phase shift AUTHENTICATE --> NETWORK
[vpn] up: 1 link, total bandwidth 64000 bps
[vpn] IPCP: Up event
[vpn] IPCP: state change Starting --> Req-Sent
[vpn] IPCP: SendConfigReq #1
IPADDR 192.168.7.101
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: Open event
[vpn] CCP: state change Initial --> Starting
[vpn] CCP: LayerStart
[vpn] CCP: Up event
[vpn] CCP: state change Starting --> Req-Sent
[vpn] CCP: SendConfigReq #1
MPPC
0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] CCP: rec'd Configure Request #1 link 0 (Req-Sent)
MPPC
0x00000020: MPPE, 40 bit
[vpn] CCP: SendConfigAck #1
MPPC
0x00000020: MPPE, 40 bit
[vpn] CCP: state change Req-Sent --> Ack-Sent
[vpn] IPCP: rec'd Configure Request #1 link 0 (Req-Sent)
IPADDR c.o.m.p
Same as PPTP IP; would cause routing loop
NAKing with c.o.m.p
[vpn] IPCP: SendConfigNak #1
IPADDR c.o.m.p
[vpn] IPCP: rec'd Configure Reject #1 link 0 (Req-Sent)
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] IPCP: SendConfigReq #2
IPADDR 192.168.7.101
[vpn] CCP: SendConfigReq #2
MPPC
0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] IPCP: rec'd Configure Ack #2 link 0 (Req-Sent)
IPADDR 192.168.7.101
[vpn] IPCP: state change Req-Sent --> Ack-Rcvd
[vpn] CCP: rec'd Configure Nak #2 link 0 (Ack-Sent)
MPPC
0x00000020: MPPE, 40 bit
[vpn] CCP: SendConfigReq #3
MPPC
0x00000020: MPPE, 40 bit
[vpn] CCP: rec'd Configure Ack #3 link 0 (Ack-Sent)
MPPC
0x00000020: MPPE, 40 bit
[vpn] CCP: state change Ack-Sent --> Opened
[vpn] CCP: LayerUp
[vpn] "accept chap" required for MPPE
[vpn] can't determine credentials for MPPE
[vpn] CCP: failed to negotiate required encryption
[vpn] CCP: Close event
[vpn] CCP: state change Opened --> Closing
[vpn] CCP: SendTerminateReq #4
[vpn] CCP: LayerDown
[vpn] CCP: state change Closing --> Closed
[vpn] CCP: LayerFinish
[vpn] "accept chap" required for MPPE
[vpn] can't determine credentials for MPPE
[vpn] CCP: failed to negotiate required encryption
[vpn] CCP: Close event
[vpn] CCP: LayerFinish
Compress using: MPPE, 40 bit
Decompress using: MPPE, 40 bit
[vpn] CCP: rec'd Terminate Ack #4 link 0 (Closed)
[vpn] CCP: rec'd Configure Request #2 link 0 (Closed)
[vpn] CCP: SendTerminateAck #5
[vpn] IPCP: rec'd Configure Request #2 link 0 (Ack-Rcvd)
IPADDR c.o.m.p
Same as PPTP IP; would cause routing loop
NAKing with c.o.m.p
[vpn] IPCP: SendConfigNak #2
IPADDR c.o.m.p
[vpn] IPCP: rec'd Configure Request #3 link 0 (Ack-Rcvd)
[vpn] IPCP: SendConfigAck #3
[vpn] IPCP: state change Ack-Rcvd --> Opened
[vpn] IPCP: LayerUp
192.168.7.101 -> c.o.m.p
[vpn] IFACE: Up event
[vpn] exec: /sbin/ifconfig ng0 192.168.7.101 c.o.m.p netmask 0xffffffff
-link0
[vpn] exec: /sbin/route add 192.168.1.0 c.o.m.p -netmask 0xffffff00
[vpn] IFACE: Up event
---<<</mpd.log>>>---
When I try to ping a Server I get (I put the DNS-Zone for "company.lan"
on my local DNS!):
---<<<>>>---
beastie:mpd#ping test.company.lan
PING test.company.lan (192.168.1.9): 56 data bytes
ping: sendto: Resource deadlock avoided
ping: sendto: Resource deadlock avoided
ping: sendto: No buffer space available
ping: sendto: No buffer space available
ping: sendto: No buffer space available
ping: sendto: No buffer space available
---<<</>>>---
Could someone out there please put me on the right track??
I first assumed my NATting router be a problem, but as my Win-Box
establishes the pptp-Link w/o any problems (I can ping and telnet and
ftp to all Servers I tried) I hope hat this should not be the problem?!
Would be great if someone could help me with this!
Regards,
_ralf_
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1019993672.321.68.camel>