Date: Thu, 14 Sep 2000 11:14:51 -0700 From: Julian Elischer <julian@elischer.org> To: Renaud Waldura <renaud@waldura.com> Cc: freebsd-net@freebsd.org Subject: Re: mpd-netgraph with multiple PPTP clients? Message-ID: <39C1159B.167EB0E7@elischer.org> References: <017b01c01e74$52d7fc20$0302010a@biohz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Renaud Waldura wrote:
>
> SUMMARY
>
> Does mpd-netgraph, configured as a PPTP server, allow multiple client
> connections?
>
> LONG VERSION
>
> Dear FreeBSD developers,
>
> I'm running mpd-netgraph on a 4.1 STABLE system. First allow me to
> congratulate the author(s) : this is a beautiful piece of software, well
> implemented and with excellent documentation -- a feature unfortunately too
> rare with open-source projects !
>
> I configured mpd-netgraph (version 3.0) as a PPTP server, allowing VPN
> access to my internal network. I use the default configuration from
> mpd.conf_sample included in the distribution:
>
> ========= mpd.conf =========
>
> pptp:
> new -i ng0 pptp pptp
> set iface disable on-demand
> set iface enable proxy-arp
> set iface idle 1800
> set bundle disable multilink
> set link yes acfcomp protocomp
> set link no pap chap
> set link enable chap
> set link keep-alive 10 60
> set ipcp yes vjcomp
> #set ipcp ranges 192.168.1.1/32 192.168.1.2/32
> set ipcp ranges 192.168.1.1/32 192.168.1.222/24 <-- *
> set ipcp dns 192.168.1.1
>
> (*) only change to the original config
>
> ========= mpd.links ==========
>
> pptp:
> set link type pptp
> set pptp self a.b.c.d
> set pptp enable incoming
> set pptp disable originate
>
you duplicate the config for each potential incoming session
and give it a different ng device to use. e.g. ng0, ng1, ng2....
(with a differnt address.)
Each incoming session needs a different interface to use.
You can then specify which address each login should be assigned,
(in the secrets file I think from memory)
and that in turn implies which ng interfave should be used..
Archie can give you more exact info of course, and maybe there should
be a better example of this..
====
here's a sample files I'm using.....
(all IP addresses etc. are fictional..)
(mpd.conf)
default:
load default-log
load client
client:
load Pptp0
load Pptp1
load Pptp2
load Pptp3
load Pptp4
load Pptp5
load Pptp6
load Pptp7
load Pptp8
load Pptp9
Pptp0:
new -i ng0 Pptp0 Pptp0
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp ranges 108.206.78.1/32 108.206.78.4/29
set ipcp dns 108.206.78.1 108.206.78.2
set ipcp nbns 108.206.78.1
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set bundle enable crypt-reqd
set ccp yes mpp-stateless
Pptp1:
new -i ng1 Pptp1 Pptp1
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp ranges 108.206.78.1/32 108.206.78.4/29
set ipcp dns 108.206.78.1 108.206.78.2
set ipcp nbns 108.206.78.1
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set bundle enable crypt-reqd
set ccp yes mpp-stateless
[....... etc.]
default-log:
log +bund +link +chat +lcp +auth +fsm +phys +ipcp +ccp +pptp
=== end of mpd.conf===
in mpd.links I have:
# mpd links file for pptp
Pptp0:
set link type pptp
set pptp self 108.218.234.250
set pptp enable incoming
set pptp disable originate
Pptp1:
set link type pptp
set pptp self 108.218.234.250
set pptp enable incoming
set pptp disable originate
[... etc.]
==== end of mpd.links ===
In the mpd.secret file I have:
julian mypasswd 108.206.78.4
freddy passwd01 108.206.78.5
employee1 passwd02 108.206.78.6
employee2 passwd03 108.206.78.7
this will support 10 simultanious connections (assuming you
extend the conf and links files ou to the right number of entries).
Each login has a FIXED address it is given for it's tunnel.
Also since this was on a special system, I'm not sure if all the
encryption/compression modes in these config files are supported
in public freebsd/mpd. If not just delete those config file lines.
> One Windows client (98/2000) connects perfectly. The performance is OK. I'm
> happy!
> But a second client, attempting to connect while the first client is still
> connected, is bounced with error "751 The remote computer refused the VPN
> connection". On the server side, mpd says:
>
> Sep 13 21:49:09 ebola mpd: pptp1: peer's outgoing call request denied
>
> Needless to say I went through the documentation, but even the "PPTP hints"
> section does not mention anything special about multiple client connections.
> At least they don't seem prohibited, although the original configuration
> (above) provisions for a single address. Which leaves with a strong doubt as
> to mpd's ability to actually handle multiple client connections...
>
> I browsed through the source code, and discovered the error message I'm
> getting means that no outgoing link is defined. This seems coherent to me,
> since I do not want to allow outgoing connections using this link. But I'm
> confused: why would the "peer" be requesting a "outgoing call"? Is there
> something fundamental I'm missing?
>
> I tried to configure mpd with multiple PPTP links, apparently this is not
> allowed. What am I missing here?
>
> Thank you very much for your time, your comments and suggestions are very
> much appreciated,
>
> --Renaud
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
--
__--_|\ Julian Elischer
/ \ julian@elischer.org
( OZ ) World tour 2000
---> X_.---._/ presently in: Perth
v
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39C1159B.167EB0E7>