From owner-freebsd-net@FreeBSD.ORG  Fri Sep 17 01:11:58 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 70EF016A4CE
	for <freebsd-net@freebsd.org>; Fri, 17 Sep 2004 01:11:58 +0000 (GMT)
Received: from mail.minutemenu.com (mail.minutemenu.com [69.93.74.12])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1F13E43D1F
	for <freebsd-net@freebsd.org>; Fri, 17 Sep 2004 01:11:58 +0000 (GMT)
	(envelope-from jreeder@minutemenu.com)
Received: from localhost (localhost.minutemenu.com [127.0.0.1])
	by mail.minutemenu.com (Postfix) with ESMTP
	id 41B722286B1; Thu, 16 Sep 2004 20:16:35 -0500 (CDT)
Received: from mail.minutemenu.com ([69.93.74.12])
 by localhost (lisa.minutemenu.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 96375-03; Thu, 16 Sep 2004 20:16:34 -0500 (CDT)
Received: from jreed (unknown [216.138.72.218])
	by mail.minutemenu.com (Postfix) with SMTP
	id 83F3C22869C; Thu, 16 Sep 2004 20:16:34 -0500 (CDT)
From: "Jonathan Reeder" <jreeder@minutemenu.com>
To: "Tim Pushor" <timp@crossthread.com>
Date: Thu, 16 Sep 2004 20:20:18 -0500
Message-ID: <NIECLIJFBLKHJMOALIKPMEGPCLAA.jreeder@minutemenu.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <4148E318.4090506@crossthread.com>
X-Virus-Scanned: by amavisd-new at mail.minutemenu.com
cc: freebsd-net@freebsd.org
Subject: RE: MPD 3.18 Trouble
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2004 01:11:58 -0000

Thanks for the reply, Tim.

I do run ipfilter, but I allow incoming tcp port 1723 and also GRE.  A look
through my ipf.log shows no blocked packets.

Also, I can see the GRE traffic coming into my dc0 (external if) in tcpdump,
and I can then see the unencapsulated traffic on my ng0 interface in
tcpdump.  Problem is, the traffic just never gets off of ng0.  I would think
the proper series of events would be:

GRE encapsulated traffic comes in on dc0 (external) -> unencapsulation of
traffic and then retransmission from ng0 (vpn pseudo-if) -> if the traffic
is destined for my local lan, ng0 passes it off to rl0 (internal if).

I see steps one and two of that in tcpdump, but not three.


-----Original Message-----
From: Tim Pushor [mailto:timp@crossthread.com]
Sent: Wednesday, September 15, 2004 7:49 PM
To: Jonathan Reeder
Cc: freebsd-net@freebsd.org
Subject: Re: MPD 3.18 Trouble


Jonathan,

A cursory look through your config looks ok, similar to mine (which *is*
working ;-).

One question, could the packets be being dropped by a firewall? Are you
running ipf/ipfirewall/ipfw?

Jonathan Reeder wrote:

>First off, sorry if this has come through twice, I tried to send it last
>week but don't think it made it through:
>
>I've got MPD v3.18 up and running on my FreeBSD 4.9.  All seems to be going
>well, clients can connect via PPTP, but once connected, they cannot
actually
>access my internal network.  Some background on my configuration:
>
># ifconfig
>dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        inet a.b.c.d netmask 0xfffffff8 broadcast a.b.c.e
>        inet6 fe80::2a0:ffff:feff:9cfc%dc0 prefixlen 64 scopeid 0x1
>        ether 00:a0:ff:ff:9c:fc
>        media: Ethernet 10baseT/UTP
>        status: active
>rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
>        inet6 fe80::220:edff:fe2c:fe68%rl0 prefixlen 64 scopeid 0x2
>        ether 00:20:ed:2c:fe:68
>        media: Ethernet autoselect (100baseTX <full-duplex>)
>        status: active
>lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>        inet6 ::1 prefixlen 128
>        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
>        inet 127.0.0.1 netmask 0xff000000
>faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
>ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
>ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
>
>That is for the server that runs MPD.  Also, here are my mpd.conf and
>mpd.links:
>
># cat /usr/local/etc/mpd/mpd.conf
>default:
>        log +auth +pptp
>        load vpn0
>        load vpn1
>
>vpn0:
>        new -i ng0 vpn0 vpn0
>        set iface disable on-demand
>        set iface enable proxy-arp
>        set bundle disable multilink
>        set link yes acfcomp protocomp
>        set link mtu 1400
>        set link no pap chap
>        set link enable chap
>        set link keep-alive 60 180
>        set ipcp yes vjcomp
>        set ipcp ranges 192.168.1.254/32 192.168.1.200/32
>        set ipcp dns x.x.x.x
>
>        set bundle enable compression
>        set ccp yes mppc
>        #set ccp yes mpp-e40
>        set ccp no mpp-e40
>        set ccp yes mpp-e128
>        set ccp yes mpp-stateless
>        set bundle yes crypt-reqd
>
>vpn1:
>    same as vpn0
>
># cat /usr/local/etc/mpd/mpd.links
>vpn0:
>        set link type pptp
>        set pptp self a.b.c.d
>        set pptp enable incoming
>        set pptp disable originate
>
>MPD runs fine, listens on port 1723, accepts connections, authenticates,
and
>then once a user is connected, my ifconfig changes from what you saw above
>to something similar to the following:
>
>ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1396
>        inet 192.168.1.254 --> 192.168.1.200 netmask 0xffffffff
>        inet6 fe80::2a0:ffff:feff:9cfc%ng0 prefixlen 64 scopeid 0x5
>
>So, I'm thinking that I should be set, right?  Nope.  No traffic actually
>makes it from the client to my internal 192.168.1.0/24 network.  When I
ping
>a 192.168.1 client from the remote VPN user, if I watch a tcpdump -i ng0 I
>can see the ping come through from dc0 (via GRE) to ng0, but that ping
never
>seems to get passed to the rl0 interface like I would expect.  (Yes, I do
>have gateway_enable='YES' and the sysctl has been confirmed to be on).
Same
>type of problem if I try to ping 192.168.1.200 from a host on my local
>network.  I get a reply from 192.168.1.10 (the local address of my FreeBSD
>machine) saying "Destination host unreachable".  If I try to ping
>192.168.1.200 from my BSD box, I get
>
>ping: sendto: No route to host
>
>This is the one that really kills me, because it has a perfect route to
that
>host sitting right in front of it.  It just refuses to pass the packets to
>the proper device.
>
>I'm hoping someone might have run into this same type of problem before.
Is
>there something about my mpd.conf that would keep ng0 from passing packets
>off to my local network (rl0) and vice-versa?  If anyone is kind enough to
>respond, let me know if there is any other info about my configuration that
>would be helpful to you.
>
>Thanks a bunch,
>
>Jonathan Reeder
>_______________________________________________
>freebsd-net@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-net
>To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
>