Date: Tue, 25 Sep 2001 14:19:50 -0400 (EDT) From: Joe Clarke <marcus@marcuscom.com> To: Riccardo Torrini <riccardo@torrini.org> Cc: <esperti@gufi.org>, <freebsd-questions@FreeBSD.ORG> Subject: Re: VPN, mpd-netgraph, FreeBSD, win95 Message-ID: <20010925140916.J97094-100000@shumai.marcuscom.com> In-Reply-To: <XFMail.20010925191552.riccardo@torrini.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I think I userstand you, but please correct me if I'm wrong. You're trying to get all of your remote Windows machines to access _all_ of your internal hosts by name and address, correct? I haven't done any static route installation using mpd. Instead, I have my Windows clients use the default route from the PPTP gateway. When data cannot be sent on the local (non-VPN) network, it is sent over the VPN connection. Now, this is available on Windows 2000. I haven't look at Win 95 DUN 1.3 in a while. I use the set ipcp dns command to pass DNS, and it works with my 98 and 2000 clients. I don't think I have any running 95. Joe On Tue, 25 Sep 2001, Riccardo Torrini wrote: > Hi Joe, > > I'm trying VPN at work, but after reading all threads about VPN > with mpd-netgraph I have a little question, but first my cfg: > - we have a very large (complex?) network, with a lot of subnets > (32 C-class from the private address space 192.168.x.0/24). > - a firewall with FreeBSD (upgraded to 4.4-STABLE last week) > - a lot of Cisco routers, at least one per geographical site. > - every remote site has his private C-class for local host and > a private C-class for the wan link (with only 2 address used). > - the freebsd gateway works as firewall/nat/squid > - mpd-netgraph runs linked to external (public) IP with his > dedicated private C-class (192.168.254.0/24) > - I opened a little hole on ipfw for proto GRE and pptp port. > > Win* clients succesfully connect to internet with dial-up > account and then connect to out VPN using M$ software but > without visibility to internal layout, only VPN local and > remote address. > > I hacked route table on a client manually adding: > C:\# route add 192.168.0.0 mask 255.255.0.0 {out_public_ip} metric 1 > > After that all runs fine, all internal host are accessible, but > _ONLY_ by theis IP address, not by name. > > > The question: > - how can I add route to win clients? Can mpd to this for me? > - how can I use our internal-only DNS to resolve internal IP? > (win seems to use ISP DNS instead, but winipcfg shows that > out dns is configured as third choice). > > > Yes, is confused, I hope the graph can help: > > internet > | > | > freebsd--192.168.n.0/24--cisco---192.168.x.0/24--wanlink--... > | \----192.168.y.0/24--wanlink--... > | ... > DMZ=192.168.z.0/24 > > > -----8<-----8<-----[ mpd.conf ]-----8<-----8<----- > default: > load pptp0 > > pptp0: > new -i ng0 pptp0 pptp0 > > set iface disable on-demand > > set bundle disable multilink > set bundle yes crypt-reqd > > set link yes acfcomp protocomp > set link no pap chap > set link enable chap > set link keep-alive 60 180 > > set ipcp yes vjcomp > set ipcp ranges 192.168.254.254/32 192.168.254.1/32 > #??? set ipcp ranges 192.168.254.254/32 192.168.254.1/25 > set ipcp dns 192.168.1.1 > > set bundle enable compression > set ccp yes mppc > set ccp yes mpp-e40 > #set ccp no mpp-e40 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > > > -----8<-----8<-----[ mpd.links ]-----8<-----8<----- > pptp0: > set link type pptp > set link bandwidth 115200 > set pptp self __OUR_PUBLIC_IP__ > set pptp enable incoming > set pptp disable originate > > > Thanks in advance (and sorry for bad english) > Riccardo. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010925140916.J97094-100000>