From owner-freebsd-net@FreeBSD.ORG Thu Sep 16 00:32:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CF0716A4CE for ; Thu, 16 Sep 2004 00:32:10 +0000 (GMT) Received: from mail.minutemenu.com (mail.minutemenu.com [69.93.74.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD2C243D49 for ; Thu, 16 Sep 2004 00:32:09 +0000 (GMT) (envelope-from jreeder@minutemenu.com) Received: from localhost (localhost.minutemenu.com [127.0.0.1]) by mail.minutemenu.com (Postfix) with ESMTP id 4AE9222869B for ; Mon, 13 Sep 2004 09:53:16 -0500 (CDT) Received: from mail.minutemenu.com ([69.93.74.12]) by localhost (lisa.minutemenu.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 70643-01 for ; Mon, 13 Sep 2004 09:53:15 -0500 (CDT) Received: from jreed (unknown [216.138.72.218]) by mail.minutemenu.com (Postfix) with SMTP id 733892286B7 for ; Mon, 13 Sep 2004 09:53:15 -0500 (CDT) From: "Jonathan Reeder" To: Date: Mon, 13 Sep 2004 09:56:19 -0500 Message-ID: MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by amavisd-new at mail.minutemenu.com Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: MPD 3.18 Trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 00:32:10 -0000 First off, sorry if this has come through twice, I tried to send it last week but don't think it made it through: I've got MPD v3.18 up and running on my FreeBSD 4.9. All seems to be going well, clients can connect via PPTP, but once connected, they cannot actually access my internal network. Some background on my configuration: # ifconfig dc0: flags=8843 mtu 1500 inet a.b.c.d netmask 0xfffffff8 broadcast a.b.c.e inet6 fe80::2a0:ffff:feff:9cfc%dc0 prefixlen 64 scopeid 0x1 ether 00:a0:ff:ff:9c:fc media: Ethernet 10baseT/UTP status: active rl0: flags=8843 mtu 1500 inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::220:edff:fe2c:fe68%rl0 prefixlen 64 scopeid 0x2 ether 00:20:ed:2c:fe:68 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 faith0: flags=8002 mtu 1500 ng0: flags=8890 mtu 1500 ng1: flags=8890 mtu 1500 That is for the server that runs MPD. Also, here are my mpd.conf and mpd.links: # cat /usr/local/etc/mpd/mpd.conf default: log +auth +pptp load vpn0 load vpn1 vpn0: new -i ng0 vpn0 vpn0 set iface disable on-demand set iface enable proxy-arp set bundle disable multilink set link yes acfcomp protocomp set link mtu 1400 set link no pap chap set link enable chap set link keep-alive 60 180 set ipcp yes vjcomp set ipcp ranges 192.168.1.254/32 192.168.1.200/32 set ipcp dns x.x.x.x set bundle enable compression set ccp yes mppc #set ccp yes mpp-e40 set ccp no mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set bundle yes crypt-reqd vpn1: same as vpn0 # cat /usr/local/etc/mpd/mpd.links vpn0: set link type pptp set pptp self a.b.c.d set pptp enable incoming set pptp disable originate MPD runs fine, listens on port 1723, accepts connections, authenticates, and then once a user is connected, my ifconfig changes from what you saw above to something similar to the following: ng0: flags=88d1 mtu 1396 inet 192.168.1.254 --> 192.168.1.200 netmask 0xffffffff inet6 fe80::2a0:ffff:feff:9cfc%ng0 prefixlen 64 scopeid 0x5 So, I'm thinking that I should be set, right? Nope. No traffic actually makes it from the client to my internal 192.168.1.0/24 network. When I ping a 192.168.1 client from the remote VPN user, if I watch a tcpdump -i ng0 I can see the ping come through from dc0 (via GRE) to ng0, but that ping never seems to get passed to the rl0 interface like I would expect. (Yes, I do have gateway_enable='YES' and the sysctl has been confirmed to be on). Same type of problem if I try to ping 192.168.1.200 from a host on my local network. I get a reply from 192.168.1.10 (the local address of my FreeBSD machine) saying "Destination host unreachable". If I try to ping 192.168.1.200 from my BSD box, I get ping: sendto: No route to host This is the one that really kills me, because it has a perfect route to that host sitting right in front of it. It just refuses to pass the packets to the proper device. I'm hoping someone might have run into this same type of problem before. Is there something about my mpd.conf that would keep ng0 from passing packets off to my local network (rl0) and vice-versa? If anyone is kind enough to respond, let me know if there is any other info about my configuration that would be helpful to you. Thanks a bunch, Jonathan Reeder