Date: Tue, 2 Oct 2001 15:54:58 -0400 From: "John Graves" <johngraves@mindless.com> To: <freebsd-questions@FreeBSD.ORG> Subject: mpd-netgraph - can't ping internal network Message-ID: <OE46wKmykOFYZTyPvXb00002bf1@hotmail.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
I've been working on getting a vpn going for remote users using mpd-netgraph. I've installed it on 2 different machines, and the install went fine on both. So it has to be my mistake.
Windows 2000 machines can connect and authenticate to the mpd machine using credentials in the mpd.secret file. The remote machines can ping their ip assigned by mpd and also the mpd machine itself. However, when trying to ping any other machines on the network, no reply. Looks like data goes one way, but nothing comes back.
A FreeBSD box acts as the gateway/firewall for the internal network. This happens even with rules allowing all traffic to pass both ways, and nothing in firewall_logs has given me any indication anything is getting dropped. Nor is there any mpd output indicating any errors.
Also, I've tried running mpd on the firewall itself as well as on a machine behind the firewall with the same results.
What looks strange to me, is the WAN <PPP/SLIP> Interface on the remote client has an ip of 172.16.1.10 255.255.255.255 and a default gateway of 172.16.1.10.
Any help would be appreciated. Thanks.
Here are my config files...just in case!
172.16.1.0/24 is the internal network.
172.16.1.1 is the internal interface if the firewall running mpd
101.102.103.104 is the external ip of the firewall
Again, I've tried this on a machine behind the firewall with a nated ip and still can't reach hosts on the internal network.
[mpd.conf]
default:
load pptp1
pptp1:
new -i ng1 pptp1 pptp1
set iface enable proxy-ARP
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp ranges 172.16.1.1/32 172.16.1.10/32
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
[mpd.links]
pptp1:
set link type pptp
set pptp self 101.102.103.104
set pptp enable incoming
set pptp disable originate
[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4522.1800" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2> I've been working on getting a
vpn going for remote users using mpd-netgraph. I've installed it on 2 different
machines, and the install went fine on both. So it has to be my
mistake.</FONT></DIV>
<DIV><FONT face=Arial size=2> Windows 2000 machines can
connect and authenticate to the mpd machine using credentials in the mpd.secret
file. The remote machines can ping their ip assigned by mpd and also the mpd
machine itself. However, when trying to ping any other machines on the network,
no reply. Looks like data goes one way, but nothing comes back.</FONT></DIV>
<DIV><FONT face=Arial size=2> A FreeBSD box acts as the
gateway/firewall for the internal network. This happens even with rules allowing
all traffic to pass both ways, and nothing in firewall_logs has given me any
indication anything is getting dropped. Nor is there any mpd output indicating
any errors. </FONT></DIV>
<DIV><FONT face=Arial size=2> Also, I've tried running mpd on
the firewall itself as well as on a machine behind the firewall with the same
results.</FONT></DIV>
<DIV><FONT face=Arial size=2> What looks strange to me, is the
WAN <PPP/SLIP> Interface on the remote client has an ip of
172.16.1.10 255.255.255.255 and a default gateway of
172.16.1.10.</FONT></DIV>
<DIV><FONT face=Arial size=2> Any help would be appreciated.
Thanks.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Here are my config files...just in case!
</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>172.16.1.0/24 is the internal network.</FONT></DIV>
<DIV><FONT face=Arial size=2>172.16.1.1 is the internal interface if the
firewall running mpd</FONT></DIV>
<DIV><FONT face=Arial size=2>101.102.103.104 is the external ip of the
firewall</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Again, I've tried this on a machine behind the
firewall with a nated ip and still can't reach hosts on the internal
network.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>[mpd.conf]</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>default:<BR> load
pptp1<BR></FONT><FONT face=Arial size=2></FONT></DIV>
<DIV><FONT face=Arial
size=2>pptp1:<BR> new -i ng1
pptp1 pptp1<BR> set iface enable
proxy-ARP<BR> set bundle enable
multilink<BR> set link yes acfcomp
protocomp<BR> set link no pap
chap<BR> set link enable
chap<BR> set link keep-alive 10
60<BR> set ipcp yes
vjcomp<BR> set ipcp ranges
172.16.1.1/32 172.16.1.10/32</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2> set
bundle enable compression<BR> set ccp
yes mppc<BR> set ccp yes
mpp-e40<BR> set ccp yes
mpp-e128<BR> set ccp yes
mpp-stateless</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>[mpd.links]</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>pptp1:<BR> set link type
pptp<BR> set pptp
self 101.102.103.104<BR> set pptp
enable incoming<BR> set pptp disable
originate</FONT></DIV></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE46wKmykOFYZTyPvXb00002bf1>