Date: Tue, 25 Sep 2001 14:19:50 -0400 (EDT) From: Joe Clarke <marcus@marcuscom.com> To: Riccardo Torrini <riccardo@torrini.org> Cc: <esperti@gufi.org>, <freebsd-questions@FreeBSD.ORG> Subject: Re: VPN, mpd-netgraph, FreeBSD, win95 Message-ID: <20010925140916.J97094-100000@shumai.marcuscom.com> In-Reply-To: <XFMail.20010925191552.riccardo@torrini.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I think I userstand you, but please correct me if I'm wrong.
You're trying to get all of your remote Windows machines to access _all_
of your internal hosts by name and address, correct?
I haven't done any static route installation using mpd. Instead, I have
my Windows clients use the default route from the PPTP gateway. When data
cannot be sent on the local (non-VPN) network, it is sent over the VPN
connection. Now, this is available on Windows 2000. I haven't look at
Win 95 DUN 1.3 in a while.
I use the set ipcp dns command to pass DNS, and it works with my 98 and
2000 clients. I don't think I have any running 95.
Joe
On Tue, 25 Sep 2001, Riccardo Torrini wrote:
> Hi Joe,
>
> I'm trying VPN at work, but after reading all threads about VPN
> with mpd-netgraph I have a little question, but first my cfg:
> - we have a very large (complex?) network, with a lot of subnets
> (32 C-class from the private address space 192.168.x.0/24).
> - a firewall with FreeBSD (upgraded to 4.4-STABLE last week)
> - a lot of Cisco routers, at least one per geographical site.
> - every remote site has his private C-class for local host and
> a private C-class for the wan link (with only 2 address used).
> - the freebsd gateway works as firewall/nat/squid
> - mpd-netgraph runs linked to external (public) IP with his
> dedicated private C-class (192.168.254.0/24)
> - I opened a little hole on ipfw for proto GRE and pptp port.
>
> Win* clients succesfully connect to internet with dial-up
> account and then connect to out VPN using M$ software but
> without visibility to internal layout, only VPN local and
> remote address.
>
> I hacked route table on a client manually adding:
> C:\# route add 192.168.0.0 mask 255.255.0.0 {out_public_ip} metric 1
>
> After that all runs fine, all internal host are accessible, but
> _ONLY_ by theis IP address, not by name.
>
>
> The question:
> - how can I add route to win clients? Can mpd to this for me?
> - how can I use our internal-only DNS to resolve internal IP?
> (win seems to use ISP DNS instead, but winipcfg shows that
> out dns is configured as third choice).
>
>
> Yes, is confused, I hope the graph can help:
>
> internet
> |
> |
> freebsd--192.168.n.0/24--cisco---192.168.x.0/24--wanlink--...
> | \----192.168.y.0/24--wanlink--...
> | ...
> DMZ=192.168.z.0/24
>
>
> -----8<-----8<-----[ mpd.conf ]-----8<-----8<-----
> default:
> load pptp0
>
> pptp0:
> new -i ng0 pptp0 pptp0
>
> set iface disable on-demand
>
> set bundle disable multilink
> set bundle yes crypt-reqd
>
> set link yes acfcomp protocomp
> set link no pap chap
> set link enable chap
> set link keep-alive 60 180
>
> set ipcp yes vjcomp
> set ipcp ranges 192.168.254.254/32 192.168.254.1/32
> #??? set ipcp ranges 192.168.254.254/32 192.168.254.1/25
> set ipcp dns 192.168.1.1
>
> set bundle enable compression
> set ccp yes mppc
> set ccp yes mpp-e40
> #set ccp no mpp-e40
> set ccp yes mpp-e128
> set ccp yes mpp-stateless
>
>
> -----8<-----8<-----[ mpd.links ]-----8<-----8<-----
> pptp0:
> set link type pptp
> set link bandwidth 115200
> set pptp self __OUR_PUBLIC_IP__
> set pptp enable incoming
> set pptp disable originate
>
>
> Thanks in advance (and sorry for bad english)
> Riccardo.
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010925140916.J97094-100000>