Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 2 Sep 2011 09:31:53 +0300
From:      =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= <kes-kes@yandex.ru>
To:        Marco Beishuizen <mbeis@xs4all.nl>
Cc:        freebsd-questions@freebsd.org, Mike Tancsa <mike@sentex.net>
Subject:   Re[3]: vpn using pptpclient in FreeBSD
Message-ID:  <638737527.20110902093153@yandex.ru>
In-Reply-To: <alpine.BSF.2.00.1109012218560.2952@yokozuna.lan>
References:  <alpine.BSF.2.00.1108302340540.3063@yokozuna.lan> <4E5E8A93.1010006@sentex.net> <alpine.BSF.2.00.1108312159370.9385@yokozuna.lan> <123778406.20110901225021@yandex.ru> <alpine.BSF.2.00.1109012218560.2952@yokozuna.lan>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Здравствуйте, Marco.

Вы писали 1 сентября 2011 г., 23:35:49:

MB> On Thu, 1 Sep 2011, the wise Коньков Евгений wrote:

>> Notice: [B1] IFACE: Add route 0.0.0.0/0 130.115.3.34 failed: File exists
>> You already have default route in your system
>> why you set up the default again?
>> Notice in conf:
>>  set iface route default

MB> With help from Mike Tancsa I've changed the config a bit and getting less
MB> errors now, but still not a working vpn connection. My mpd.conf is now:
MB> ...
MB> # Default configuration is "pptp_client"

MB> default:
MB>         load pptp_client

MB> pptp_client:
MB> #
MB> # PPTP client: only outgoing calls, auto reconnect,
MB> # ipcp-negotiated address, one-sided authentication,
MB> # default route points on ISP's end
MB> #

MB>         create bundle static B1
MB>         set iface route 130.115.0.0/16
MB>         set ipcp ranges 0.0.0.0/0 0.0.0.0/0

MB>         set bundle enable compression
MB>         set ccp yes mppc
MB>         set mppc yes e40
MB>         set mppc yes e128
MB>         set bundle enable crypt-reqd
MB>         set mppc yes stateless

MB>         create link static L1 pptp
MB>         set link action bundle B1
MB>         set auth authname xxxxxxxxxxxxxx
MB>         set auth password xxxxxxxxxxxxx
MB>         set link max-redial 0
MB>         set link mtu 1460
MB>         set link keep-alive 20 75
MB>         set pptp peer vpn-eur-pptp.eur.nl
MB>         set pptp disable windowing
MB>         open
MB> ...

MB> It looks like it's setting up a correct connection, but the site of the
MB> library I would like to access isn't accessible when mpd5 is running:
MB> ...
MB> process 2965 started, version 5.5 (root@yokozuna.lan 17:08 30-Jul-2011)
MB> CONSOLE: listening on 127.0.0.1 5005
MB> web: listening on 0.0.0.0 5006
MB> [B1] Bundle: Interface ng0 created
MB> [L1] [L1] Link: OPEN event
MB> [L1] LCP: Open event
MB> [L1] LCP: state change Initial --> Starting
MB> [L1] LCP: LayerStart
MB> [L1] PPTP call successful
MB> [L1] Link: UP event
MB> [L1] LCP: Up event
MB> [L1] LCP: state change Starting --> Req-Sent
MB> [L1] LCP: SendConfigReq #1
MB> [L1]   ACFCOMP
MB> [L1]   PROTOCOMP
MB> [L1]   ACCMAP 0x000a0000
MB> [L1]   MRU 1500
MB> [L1]   MAGICNUM 0a9219e0
MB> [L1] LCP: SendConfigReq #2
MB> [L1]   ACFCOMP
MB> [L1]   PROTOCOMP
MB> [L1]   ACCMAP 0x000a0000
MB> [L1]   MRU 1500
MB> [L1]   MAGICNUM 0a9219e0
MB> [L1] LCP: rec'd Configure Reject #2 (Req-Sent)
MB> [L1]   PROTOCOMP
MB> [L1] LCP: SendConfigReq #3
MB> [L1]   ACFCOMP
MB> [L1]   ACCMAP 0x000a0000
MB> [L1]   MRU 1500
MB> [L1]   MAGICNUM 0a9219e0
MB> [L1] LCP: rec'd Configure Reject #3 (Req-Sent)
MB> [L1]   ACFCOMP
MB> [L1] LCP: SendConfigReq #4
MB> [L1]   ACCMAP 0x000a0000
MB> [L1]   MRU 1500
MB> [L1]   MAGICNUM 0a9219e0
MB> [L1] LCP: rec'd Configure Nak #4 (Req-Sent)
MB> [L1]   ACCMAP 0x000a0000
MB> [L1] LCP: SendConfigReq #5
MB> [L1]   ACCMAP 0x000a0000
MB> [L1]   MRU 1500
MB> [L1]   MAGICNUM 0a9219e0
MB> [L1] LCP: rec'd Configure Ack #5 (Req-Sent)
MB> [L1]   ACCMAP 0x000a0000
MB> [L1]   MRU 1500
MB> [L1]   MAGICNUM 0a9219e0
MB> [L1] LCP: state change Req-Sent --> Ack-Rcvd
MB> [L1] LCP: rec'd Configure Request #1 (Ack-Rcvd)
MB> [L1]   AUTHPROTO CHAP MSOFTv2
MB> [L1] LCP: SendConfigAck #1
MB> [L1]   AUTHPROTO CHAP MSOFTv2
MB> [L1] LCP: state change Ack-Rcvd --> Opened
MB> [L1] LCP: auth: peer wants CHAP, I want nothing
MB> [L1] LCP: LayerUp
MB> [L1] CHAP: rec'd CHALLENGE #1 len: 21
MB> [L1]   Name: ""
MB> [L1] CHAP: Using authname "xxxxxxxxxxxxxxxxx"
MB> [L1] CHAP: sending RESPONSE #1 len: 69
MB> [L1] CHAP: rec'd CHALLENGE #2 len: 21
MB> [L1]   Name: ""
MB> [L1] CHAP: Using authname "xxxxxxxxxxxxxxxxxx"
MB> [L1] CHAP: sending RESPONSE #2 len: 69
MB> [L1] rec'd proto IPCP during authenticate phase
MB> [L1] rec'd proto CCP during authenticate phase
MB> [L1] CHAP: sending RESPONSE #2 len: 69
MB> [L1] CHAP: rec'd SUCCESS #2 len: 46
MB> [L1]   MESG: S=F1619D8A3373D2F43E6652E992CA564D66B1C1A4
MB> [L1] LCP: authorization successful
MB> [L1] Link: Matched action 'bundle "B1" ""'
MB> [L1] Link: Join bundle "B1"
MB> [B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
MB> [B1] IPCP: Open event
MB> [B1] IPCP: state change Initial --> Starting
MB> [B1] IPCP: LayerStart
MB> [B1] CCP: Open event
MB> [B1] CCP: state change Initial --> Starting
MB> [B1] CCP: LayerStart
MB> [B1] IPCP: Up event
MB> [B1] IPCP: state change Starting --> Req-Sent
MB> [B1] IPCP: SendConfigReq #1
MB> [B1]   IPADDR 0.0.0.0
MB> [B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
MB> [B1] CCP: Up event
MB> [B1] CCP: state change Starting --> Req-Sent
MB> [B1] CCP: SendConfigReq #1
MB> [B1]   MPPC
MB> [B1]     0x01000060:MPPE(40, 128 bits), stateless
MB> [B1] CCP: rec'd Configure Nak #1 (Req-Sent)
MB> [B1]   MPPC
MB> [B1]     0x01000040:MPPE(128 bits), stateless
MB> [B1] CCP: SendConfigReq #2
MB> [B1]   MPPC
MB> [B1]     0x01000040:MPPE(128 bits), stateless
MB> [B1] CCP: rec'd Configure Ack #2 (Req-Sent)
MB> [B1]   MPPC
MB> [B1]     0x01000040:MPPE(128 bits), stateless
MB> [B1] CCP: state change Req-Sent --> Ack-Rcvd
MB> [B1] IPCP: rec'd Configure Request #1 (Req-Sent)
MB> [B1]   IPADDR 130.115.3.35
MB> [B1]     130.115.3.35 is OK
MB> [B1] IPCP: SendConfigAck #1
MB> [B1]   IPADDR 130.115.3.35
MB> [B1] IPCP: state change Req-Sent --> Ack-Sent
MB> [B1] CCP: rec'd Configure Request #1 (Ack-Rcvd)
MB> [B1]   MPPC
MB> [B1]     0x01000060:MPPE(40, 128 bits), stateless
MB> [B1] CCP: SendConfigNak #1
MB> [B1]   MPPC
MB> [B1]     0x01000040:MPPE(128 bits), stateless
MB> [B1] CCP: rec'd Configure Request #2 (Ack-Rcvd)
MB> [B1]   MPPC
MB> [B1]     0x01000040:MPPE(128 bits), stateless
MB> [B1] CCP: SendConfigAck #2
MB> [B1]   MPPC
MB> [B1]     0x01000040:MPPE(128 bits), stateless
MB> [B1] CCP: state change Ack-Rcvd --> Opened
MB> [B1] CCP: LayerUp
MB> [B1] CCP: Compress using: mppc (MPPE(128 bits), stateless)
MB> [B1] CCP: Decompress using: mppc (MPPE(128 bits), stateless)
MB> [B1] IPCP: SendConfigReq #2
MB> [B1]   IPADDR 0.0.0.0
MB> [B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
MB> [B1] IPCP: rec'd Configure Reject #2 (Ack-Sent)
MB> [B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
MB> [B1] IPCP: SendConfigReq #3
MB> [B1]   IPADDR 0.0.0.0
MB> [B1] IPCP: rec'd Configure Nak #3 (Ack-Sent)
MB> [B1]   IPADDR 130.115.85.11
MB> [B1]     130.115.85.11 is OK
MB> [B1] IPCP: SendConfigReq #4
MB> [B1]   IPADDR 130.115.85.11
MB> [B1] IPCP: rec'd Configure Ack #4 (Ack-Sent)
MB> [B1]   IPADDR 130.115.85.11
MB> [B1] IPCP: state change Ack-Sent --> Opened
MB> [B1] IPCP: LayerUp
MB> [B1]   130.115.85.11 -> 130.115.3.35
MB> [B1] IFACE: Up event
MB> ...

MB> I also noticed some kernel messages when starting mpd5:
MB> ...
MB> WARNING: attempt to domain_add(netgraph) after domainfinalize()
MB> Loop detected on ng0
MB> Loop detected on ng0
MB> Loop detected on ng0
MB> ...

MB> So I get the impression that I'm almost there.

MB> Marco

Try:
netstat -nr
ifconfig ng0

>WARNING: attempt to domain_add(netgraph) after domainfinalize()
you may ignore this message.

>set iface route 130.115.0.0/16
you say that behind tunnele thereis 130.115.0.0/16 subnet, but
MB> [B1]   130.115.85.11 -> 130.115.3.35
you have address from subnet 130.115.0.0/16 addres on local machine
so you get this message:
MB> Loop detected on ng0

add routes only for subnets that on the other end of tunnel and not
local
>>set iface route 130.115.0.0/16

also you may remove  'iface route' from config. and setup tunnel.
after that try to ping the other end: ping 130.115.3.35
add route by hand:
# route add XXXXXXXX/X 130.115.3.35
# route add YYYYYYYY/Y 130.115.3.35


-- 
С уважением,
 Коньков                          mailto:kes-kes@yandex.ru




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?638737527.20110902093153>