Date: Sun, 26 Jan 2003 23:17:11 -0500 From: Anthony Volodkin <anthonyv@brainlink.com> To: net@freebsd.org Subject: MPD and Cisco PIX Message-ID: <3E34B2C7.2020200@brainlink.com>
next in thread | raw e-mail | index | archive | help
Hi,
Earlier today, I was attempting to connect a Cisco 515 firewall with a
Freebsd 4.7-STABLE machine with PPTP using MPD 3.10. It appears that
while the session is established properly, I cannot send/receive any
packets. Then the session seems to time out because neither side is
able to send/receive LCP echos. Note that turning off mppe encryption
on both sides does not solve this problem. Anyone know what could be wrong?
Here is my mpd.conf:
default:
load ciscopptp
ciscopptp:
new -i ng1 vpn vpn
set iface disable on-demand
set iface idle 0
set bundle disable multilink
set bundle authname "username"
set bundle password "password"
set link no acfcomp protocomp
set link mtu 1460
set link accept chap
set link disable pap
set ccp yes mppc
set ccp yes mpp-e40
mpd.links
vpn:
set link type pptp
set pptp self FREEBSD_PUBLIC_IP
set pptp peer CISCO_PUBLIC_IP
set pptp enable originate outcall
Cisco 515 configuration:
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe 40
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
Here is my connection attempt:
Multi-link PPP for FreeBSD, by Archie L. Cobbs.
Based on iij-ppp, by Toshiharu OHNO.
mpd: pid 22895, version 3.10 (root@gate.local.non-standard.net 20:33
26-Jan-2003)
[vpn] ppp node is "mpd22895-vpn"
[vpn] using interface ng1
[vpn:vpn] open
[vpn] IFACE: Open event
[vpn] IPCP: Open event
[vpn] IPCP: state change Initial --> Starting
[vpn] IPCP: LayerStart
[vpn:vpn] [vpn] bundle: OPEN event in state CLOSED
[vpn] opening link "vpn"...
[vpn] link: OPEN event
[vpn] LCP: Open event
[vpn] LCP: state change Initial --> Starting
[vpn] LCP: LayerStart
[vpn] device: OPEN event in state DOWN
pptp0: connecting to CISCO_PUBLIC_IP:1723
[vpn] device is now in state OPENING
pptp0: connected to CISCO_PUBLIC_IP:1723
pptp0: attached to connection with CISCO_PUBLIC_IP:1723
pptp0-0: outgoing call connected at 16384000 bps
[vpn] PPTP call successful
[vpn] device: UP event in state OPENING
[vpn] device is now in state UP
[vpn] link: UP event
[vpn] link: origination is local
[vpn] LCP: Up event
[vpn] LCP: state change Starting --> Req-Sent
[vpn] LCP: phase shift DEAD --> ESTABLISH
[vpn] LCP: SendConfigReq #1
MRU 1500
MAGICNUM 7bfb908b
[vpn] LCP: rec'd Configure Request #1 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
MAGICNUM 087bc1c9
[vpn] LCP: SendConfigAck #1
AUTHPROTO CHAP MSOFT
MAGICNUM 087bc1c9
[vpn] LCP: state change Req-Sent --> Ack-Sent
[vpn] LCP: rec'd Configure Reject #1 link 0 (Ack-Sent)
MRU 1500
[vpn] LCP: SendConfigReq #2
MAGICNUM 7bfb908b
[vpn] LCP: rec'd Configure Ack #2 link 0 (Ack-Sent)
MAGICNUM 7bfb908b
[vpn] LCP: state change Ack-Sent --> Opened
[vpn] LCP: phase shift ESTABLISH --> AUTHENTICATE
[vpn] LCP: auth: peer wants CHAP, I want nothing
[vpn] LCP: LayerUp
[vpn] CHAP: rec'd CHALLENGE #1
Name: ""
Using authname "anthony"
[vpn] CHAP: sending RESPONSE
[vpn] CHAP: rec'd SUCCESS #1
[vpn] LCP: authorization successful
[vpn] LCP: phase shift AUTHENTICATE --> NETWORK
[vpn] up: 1 link, total bandwidth 64000 bps
[vpn] IPCP: Up event
[vpn] IPCP: state change Starting --> Req-Sent
[vpn] IPCP: SendConfigReq #1
IPADDR FREEBSD_PUBLIC_IP
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] IPCP: rec'd Configure Request #1 link 0 (Req-Sent)
IPADDR CISCO_PUBLIC_IP
CISCO_PUBLIC_IP is OK
[vpn] IPCP: SendConfigAck #1
IPADDR CISCO_PUBLIC_IP
[vpn] IPCP: state change Req-Sent --> Ack-Sent
[vpn] IPCP: rec'd Configure Reject #1 link 0 (Ack-Sent)
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] IPCP: SendConfigReq #2
IPADDR FREEBSD_PUBLIC_IP
[vpn] IPCP: rec'd Configure Nak #2 link 0 (Ack-Sent)
IPADDR 10.10.6.101
10.10.6.101 is OK
[vpn] IPCP: SendConfigReq #3
IPADDR 10.10.6.101
[vpn] IPCP: rec'd Configure Ack #3 link 0 (Ack-Sent)
IPADDR 10.10.6.101
[vpn] IPCP: state change Ack-Sent --> Opened
[vpn] IPCP: LayerUp
10.10.6.101 -> CISCO_PUBLIC_IP
[vpn] IFACE: Up event
[vpn] exec: /sbin/ifconfig ng1 10.10.6.101 CISCO_PUBLIC_IP netmask
0xffffffff -link0
[vpn] IFACE: Up event
[vpn] error writing len 12 frame to bypass: Resource deadlock avoided
[vpn] LCP: no reply to 1 echo request(s)
[vpn] error writing len 12 frame to bypass: Resource deadlock avoided
[vpn] LCP: no reply to 2 echo request(s)
[vpn] LCP: no reply to 3 echo request(s)
[vpn] LCP: no reply to 4 echo request(s)
[vpn] LCP: no reply to 5 echo request(s)
[vpn] LCP: no reply to 6 echo request(s)
[vpn] LCP: no reply to 7 echo request(s)
[vpn] LCP: peer not responding to echo requests
[vpn] LCP: LayerFinish
[vpn] LCP: LayerStart
[vpn] LCP: state change Opened --> Starting
[vpn] LCP: phase shift NETWORK --> DEAD
[vpn] up: 0 links, total bandwidth 9600 bps
[vpn] IPCP: Down event
[vpn] IPCP: state change Opened --> Starting
[vpn] IPCP: LayerDown
[vpn] IFACE: Down event
[vpn] exec: /sbin/ifconfig ng1 down delete -link0
[vpn] LCP: LayerDown
[vpn] device: CLOSE event in state UP
pptp0-0: clearing call
[vpn] device is now in state CLOSING
[vpn] device: OPEN event in state CLOSING
[vpn] device is now in state CLOSING
[vpn] device: DOWN event in state CLOSING
[vpn] device is now in state DOWN
[vpn] link: DOWN event
[vpn] LCP: Down event
[vpn] device: OPEN event in state DOWN
[vpn] pausing 9 seconds before open
[vpn] device is now in state DOWN
[vpn] device: OPEN event in state DOWN
[vpn] device is now in state DOWN
pptp0-0: peer call disconnected res=lost carrier err=none
pptp0-0: killing channel
pptp0: closing connection with CISCO_PUBLIC_IP:1723
pptp0: got StopCtrlConnRequest: reason=zero?
pptp0: killing connection with CISCO_PUBLIC_IP:1723
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E34B2C7.2020200>