From owner-freebsd-net  Sun Jan 26 20:17:24 2003
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4ED8B37B401
	for <net@freebsd.org>; Sun, 26 Jan 2003 20:17:20 -0800 (PST)
Received: from brainlink.com (mail.brainlink.com [66.228.0.129])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8429443E4A
	for <net@freebsd.org>; Sun, 26 Jan 2003 20:17:19 -0800 (PST)
	(envelope-from anthonyv@brainlink.com)
Received: from [24.189.7.159] (account anthonyv HELO brainlink.com)
  by brainlink.com (CommuniGate Pro SMTP 3.5.3)
  with ESMTP id 18010510 for net@freebsd.org; Sun, 26 Jan 2003 23:17:13 -0500
Message-ID: <3E34B2C7.2020200@brainlink.com>
Date: Sun, 26 Jan 2003 23:17:11 -0500
From: Anthony Volodkin <anthonyv@brainlink.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20021224
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: net@freebsd.org
Subject: MPD and Cisco PIX
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Hi,

Earlier today, I was attempting to connect a Cisco 515 firewall with a 
Freebsd 4.7-STABLE machine with PPTP using MPD 3.10.  It appears that 
while the session is established properly, I cannot send/receive any 
packets.  Then the session seems to time out because neither side is 
able to send/receive LCP echos.  Note that turning off mppe encryption 
on both sides does not solve this problem.  Anyone know what could be wrong?

Here is my mpd.conf:
default:
        load ciscopptp

ciscopptp:
        new -i ng1 vpn vpn
        set iface disable on-demand
        set iface idle 0

        set bundle disable multilink
        set bundle authname "username"
        set bundle password "password"
        set link no acfcomp protocomp
        set link mtu 1460
        set link accept chap
        set link disable pap
        set ccp yes mppc
        set ccp yes mpp-e40

mpd.links
vpn:
        set link type pptp
        set pptp self FREEBSD_PUBLIC_IP
        set pptp peer CISCO_PUBLIC_IP
        set pptp enable originate outcall

Cisco 515 configuration:
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe 40
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local

Here is my connection attempt:
Multi-link PPP for FreeBSD, by Archie L. Cobbs.
Based on iij-ppp, by Toshiharu OHNO.
mpd: pid 22895, version 3.10 (root@gate.local.non-standard.net 20:33 
26-Jan-2003)
[vpn] ppp node is "mpd22895-vpn"
[vpn] using interface ng1
[vpn:vpn] open
[vpn] IFACE: Open event
[vpn] IPCP: Open event
[vpn] IPCP: state change Initial --> Starting
[vpn] IPCP: LayerStart
[vpn:vpn] [vpn] bundle: OPEN event in state CLOSED
[vpn] opening link "vpn"...
[vpn] link: OPEN event
[vpn] LCP: Open event
[vpn] LCP: state change Initial --> Starting
[vpn] LCP: LayerStart
[vpn] device: OPEN event in state DOWN
pptp0: connecting to CISCO_PUBLIC_IP:1723
[vpn] device is now in state OPENING
pptp0: connected to CISCO_PUBLIC_IP:1723
pptp0: attached to connection with CISCO_PUBLIC_IP:1723
pptp0-0: outgoing call connected at 16384000 bps
[vpn] PPTP call successful
[vpn] device: UP event in state OPENING
[vpn] device is now in state UP
[vpn] link: UP event
[vpn] link: origination is local
[vpn] LCP: Up event
[vpn] LCP: state change Starting --> Req-Sent
[vpn] LCP: phase shift DEAD --> ESTABLISH
[vpn] LCP: SendConfigReq #1
 MRU 1500
 MAGICNUM 7bfb908b
[vpn] LCP: rec'd Configure Request #1 link 0 (Req-Sent)
 AUTHPROTO CHAP MSOFT
 MAGICNUM 087bc1c9
[vpn] LCP: SendConfigAck #1
 AUTHPROTO CHAP MSOFT
 MAGICNUM 087bc1c9
[vpn] LCP: state change Req-Sent --> Ack-Sent
[vpn] LCP: rec'd Configure Reject #1 link 0 (Ack-Sent)
 MRU 1500
[vpn] LCP: SendConfigReq #2
 MAGICNUM 7bfb908b
[vpn] LCP: rec'd Configure Ack #2 link 0 (Ack-Sent)
 MAGICNUM 7bfb908b
[vpn] LCP: state change Ack-Sent --> Opened
[vpn] LCP: phase shift ESTABLISH --> AUTHENTICATE
[vpn] LCP: auth: peer wants CHAP, I want nothing
[vpn] LCP: LayerUp
[vpn] CHAP: rec'd CHALLENGE #1
 Name: ""
 Using authname "anthony"
[vpn] CHAP: sending RESPONSE
[vpn] CHAP: rec'd SUCCESS #1
[vpn] LCP: authorization successful
[vpn] LCP: phase shift AUTHENTICATE --> NETWORK
[vpn] up: 1 link, total bandwidth 64000 bps
[vpn] IPCP: Up event
[vpn] IPCP: state change Starting --> Req-Sent
[vpn] IPCP: SendConfigReq #1
 IPADDR FREEBSD_PUBLIC_IP
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] IPCP: rec'd Configure Request #1 link 0 (Req-Sent)
 IPADDR CISCO_PUBLIC_IP
   CISCO_PUBLIC_IP is OK
[vpn] IPCP: SendConfigAck #1
 IPADDR CISCO_PUBLIC_IP
[vpn] IPCP: state change Req-Sent --> Ack-Sent
[vpn] IPCP: rec'd Configure Reject #1 link 0 (Ack-Sent)
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] IPCP: SendConfigReq #2
 IPADDR FREEBSD_PUBLIC_IP
[vpn] IPCP: rec'd Configure Nak #2 link 0 (Ack-Sent)
 IPADDR 10.10.6.101
   10.10.6.101 is OK
[vpn] IPCP: SendConfigReq #3
 IPADDR 10.10.6.101
[vpn] IPCP: rec'd Configure Ack #3 link 0 (Ack-Sent)
 IPADDR 10.10.6.101
[vpn] IPCP: state change Ack-Sent --> Opened
[vpn] IPCP: LayerUp
  10.10.6.101 -> CISCO_PUBLIC_IP
[vpn] IFACE: Up event
[vpn] exec: /sbin/ifconfig ng1 10.10.6.101 CISCO_PUBLIC_IP netmask 
0xffffffff -link0
[vpn] IFACE: Up event
[vpn] error writing len 12 frame to bypass: Resource deadlock avoided
[vpn] LCP: no reply to 1 echo request(s)
[vpn] error writing len 12 frame to bypass: Resource deadlock avoided
[vpn] LCP: no reply to 2 echo request(s)
[vpn] LCP: no reply to 3 echo request(s)
[vpn] LCP: no reply to 4 echo request(s)
[vpn] LCP: no reply to 5 echo request(s)
[vpn] LCP: no reply to 6 echo request(s)
[vpn] LCP: no reply to 7 echo request(s)
[vpn] LCP: peer not responding to echo requests
[vpn] LCP: LayerFinish
[vpn] LCP: LayerStart
[vpn] LCP: state change Opened --> Starting
[vpn] LCP: phase shift NETWORK --> DEAD
[vpn] up: 0 links, total bandwidth 9600 bps
[vpn] IPCP: Down event
[vpn] IPCP: state change Opened --> Starting
[vpn] IPCP: LayerDown
[vpn] IFACE: Down event
[vpn] exec: /sbin/ifconfig ng1 down delete -link0
[vpn] LCP: LayerDown
[vpn] device: CLOSE event in state UP
pptp0-0: clearing call
[vpn] device is now in state CLOSING
[vpn] device: OPEN event in state CLOSING
[vpn] device is now in state CLOSING
[vpn] device: DOWN event in state CLOSING
[vpn] device is now in state DOWN
[vpn] link: DOWN event
[vpn] LCP: Down event
[vpn] device: OPEN event in state DOWN
[vpn] pausing 9 seconds before open
[vpn] device is now in state DOWN
[vpn] device: OPEN event in state DOWN
[vpn] device is now in state DOWN
pptp0-0: peer call disconnected res=lost carrier err=none
pptp0-0: killing channel
pptp0: closing connection with CISCO_PUBLIC_IP:1723
pptp0: got StopCtrlConnRequest: reason=zero?
pptp0: killing connection with CISCO_PUBLIC_IP:1723



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message