Date: Tue, 13 Nov 2001 13:24:35 -0500 From: Doug Lee <dgl@visi.com> To: freebsd-questions@freebsd.org Subject: Second try: Multiple VPNs possible under mpd? Message-ID: <20011113132434.B90890@kirk.sector14.net>
next in thread | raw e-mail | index | archive | help
[I asked this here on 9/29/01 but saw no reply; I thought I'd try one
more time.]
I use mpd to build VPN connections to one Unix machine and a number of
Windows machines. The Unix VPN is LAN-to-LAN and works fine
regardless of whatever else is going on (though I'm not sure I've ever
had a Windows machine try to get a VPN first). My problem is figuring
out how to allow more than one Windows machine to connect at once.
The Windows machines want to be nodes on the LAN (ptp). There is a
small set of valid login ids for the Windows VPN connections, listed
in mpd.secret. I even gave each one its own ip range, though this is
not necessary and neither fixed nor worsened the problem. The first
Windows machine can authenticate using any valid login and does (I
think) get its correct ip assignment; but then the other Windows
machines can't connect. ("Valid login" here means a key/password pair
from mpd.secret.)
I will include mpd.conf and mpd.links here. 192.168.14 is the local
net for this machine, and 192.168.2 is the remote LAN for the Unix
VPN. I use "new -i ng9" for the vpnwin link because I figured that
would create enough ng* interfaces to support the connections we need.
I'm sure I'm missing something here though...
Thanks much for any help.
*** mpd.conf:
default:
set login <adm_id> # for telnet control of mpd
load doug_lan # the Unix (LAN-to-LAN config)
load vpnwin # The Windows (ptp) config)
doug_lan:
new -i ng0 lan_vpn lan_vpn
set iface disable on-demand
set iface addrs 10.0.0.1 10.0.0.2
set iface idle 0
set iface route 192.168.2.0/24
set bundle disable multilink
set bundle authname <l2l_auth>
set link yes acfcomp protocomp
set link no pap
set link yes chap
# If remote machine is NT you need this..
# set link enable no-orig-auth
set link keep-alive 10 75
set ipcp yes vjcomp
set ipcp ranges 10.0.0.1/32 10.0.0.2/32
# set iface enable proxy-arp
# If you wanted MPPE encryption and had ng_mppc(8)...
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set bundle enable crypt-reqd
set ccp yes mpp-stateless
open
vpnwin:
new -i ng9 vpnwin vpnwin
set iface disable on-demand
set iface enable proxy-arp
set iface idle 0
set bundle disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp ranges 192.168.14.5/32 192.168.14.128/28
set ipcp nbns 192.168.14.9
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set bundle enable crypt-reqd
set ccp yes mpp-stateless
*** mpd.links:
lan_vpn:
set link type pptp
set pptp self <my_public_ip>
set pptp peer <other_Unix_public_ip>
set pptp enable incoming
set pptp disable originate outcall
vpnwin:
set link type pptp
set pptp self <my_public_ip>
set pptp enable incoming
set pptp disable originate outcall
--
Doug Lee dgl@visi.com http://www.visi.com/~dgl
Bartimaeus Group doug@bartsite.com http://www.bartsite.com
"No person is your friend who demands your silence or denies your
right to grow." --unknown source
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011113132434.B90890>