Date: Thu, 25 Oct 2001 02:22:57 -0400 (EDT) From: Joe Clarke <marcus@marcuscom.com> To: Drew Tomlinson <drew@mykitchentable.net> Cc: questions@FreeBSD.ORG Subject: Re: VPN Server & Win2K Client Not Connecting Message-ID: <20011025022036.H37420-100000@shumai.marcuscom.com> In-Reply-To: <00cc01c15d18$5a0108a0$0301a8c0@bigdaddy>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 24 Oct 2001, Drew Tomlinson wrote: > ----- Original Message ----- > From: "Joe Clarke" <marcus@marcuscom.com> > To: "Drew Tomlinson" <drew@mykitchentable.net> > Cc: <questions@FreeBSD.ORG> > Sent: Wednesday, October 24, 2001 2:41 PM > Subject: Re: VPN Server & Win2K Client Not Connecting > > > > > > > > On Mon, 22 Oct 2001, Drew Tomlinson wrote: > > > > > I apologize if this is a duplicate. I'm not sure my first post > made it > > > out as I received an error when sending it. > > > > > > I'm trying to setup a VPN server on my home network. I have > installed > > > mpd-netgraph 3.3 from ports and followed the directions in the > user > > > guide and sample files. I'm attempting to connect from a Win2K > client > > > but am not successful. I have searched the list archives and > found one > > > message that was close to my problem but did not find any replies. > > > Below is my log from an attempted connection. I don't really > understand > > > what's going on and hope someone can point out my error and let me > know > > > where to look next. > > > > I usually respond to PPTP/mpd questions. I have this working on > FreeBSD > > 4.4-stable with 2000, 98, and Me clients. I compiled mpd-netgraph > 3.2 (I > > haven't upgraded to 3.3 yet) from ports. I also made sure I had all > the > > crypto sources installed first (this is the only way to get MS CHAP > > support [that is, you need the DES libs]). > > > > This works out of the box with pretty much the default pptp config > in > > mpd.conf. I only had to add user and IP address info. I'm also > able to > > get 128-bit MPPE. > > > > It looks like your clients are trying to use MS CHAP, but mpd wasn't > > compiled with it. Try adding the crypto sources and libraries to > your > > machine, then recompile the port. > > Thank you for looking into my problem. > > Since I posted this message, I have done a little more > troubleshooting. What I found is that if I connect from a Win2K > machine on my private LAN to the VPN server (on the same private LAN), > a tunnel is established. My interpretation of the successful log is > that the Win2K client sends a Config Request. The request is rejected > by the VPN server. Then the VPN server sends a message along the > lines of "how 'bout this?". The message is received by the Win2K > client that says "OK" and then the tunnel is established. > > My internet connection for my home network is ADSL. When I try to > connect to the VPN server via the Internet, it seems as the "how 'bout > this?" message from the VPN server doesn't make it to the Win2K > client. My FBSD firewall is not an issue as I've tried it with the > firewall wide open. I log deny packets and have log_in_vain set. No > errors show up in the logs. Here's my network config: > > ISP > | > | IP is DHCP (RFC 1918 & draft-manning nets > | inbound blocked here) > | > ADSL Modem/Router (provides DNS & NAT) > |192.168.10.1 (RFC 1918 & draft-manning nets > | outbound blocked here) > | > |192.168.10.2 (ed1) > Firewall > | > |192.168.1.2 (ed0) > | > Internal Network 192.168.1.0/24 > > I know NAT and VPN don't necessarily get along real well so it may be > a NAT issue with my 3Com router/modem. But it could also be a > firewall issue at my place of employment. I am able to connect to a > VPN server at my work from home through the 3Com router/modem. > Connecting to my home from work via VPN fails. Do you have any idea > which problem is more likely? Or some other possibility I haven't > even thought of? I'll be out of town for a few days but when I > return, I plan to do a little more testing. Any advice, pointers, > things to look for, etc. will be greatly appreciated. PPTP is GRE. GRE is an IP protocol like UDP or TCP. Many companies have a tendancy to block it on their firewalls. ipfw/natd has a built-in ALG for PPTP, nat is probably not your issue in that case (I'm not sure about ipf/ipnat). Make sure you allow TCP 1723 and GRE through all firewalls (GRE is protocol 47). Joe > > Thanks, > > Drew > > > > Joe > > > > > > > > Thanks, > > > > > > Drew > > > > > > ----------------------------------------------- > > > Multi-link PPP for FreeBSD, by Archie L. Cobbs. > > > Based on iij-ppp, by Toshiharu OHNO. > > > mpd: pid 27386, version 3.3 (root@blacksheep.mykitchentable.net > 07:08 > > > 21-Oct-2001) > > > [pptp] ppp node is "mpd27386-pptp" > > > mpd: local IP address for PPTP is 192.168.10.2 > > > [pptp] using interface ng0 > > > [pptp:vpn1] mpd: PPTP connection from xxx.xxx.xxx.xxx:2166 > > > pptp0: attached to connection with xxx.xxx.xxx.xxx:2166 > > > [pptp] IFACE: Open event > > > [pptp] IPCP: Open event > > > [pptp] IPCP: state change Initial --> Starting > > > [pptp] IPCP: LayerStart > > > [pptp] IPCP: Open event > > > [pptp] bundle: OPEN event in state CLOSED > > > [pptp] opening link "vpn1"... > > > [vpn1] link: OPEN event > > > [vpn1] LCP: Open event > > > [vpn1] LCP: state change Initial --> Starting > > > [vpn1] LCP: LayerStart > > > [vpn1] device: OPEN event in state DOWN > > > [vpn1] attaching to peer's outgoing call > > > [vpn1] device is now in state OPENING > > > [vpn1] device: UP event in state OPENING > > > [vpn1] device is now in state UP > > > [vpn1] link: UP event > > > [vpn1] link: origination is remote > > > [vpn1] LCP: Up event > > > [vpn1] LCP: state change Starting --> Req-Sent > > > [vpn1] LCP: phase shift DEAD --> ESTABLISH > > > [vpn1] LCP: SendConfigReq #1 > > > ACFCOMP > > > PROTOCOMP > > > MRU 1500 > > > MAGICNUM c45f0870 > > > AUTHPROTO CHAP MSOFT > > > pptp0-0: ignoring SetLinkInfo > > > [vpn1] LCP: rec'd Configure Request #0 link 0 (Req-Sent) > > > MAGICNUM 75e54257 > > > PROTOCOMP > > > ACFCOMP > > > CALLBACK > > > Not supported > > > MP MRRU 1614 > > > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8 > b2 00 > > > 00 00 08 > > > [vpn1] LCP: SendConfigRej #0 > > > CALLBACK > > > MP MRRU 1614 > > > [vpn1] LCP: SendConfigReq #2 > > > ACFCOMP > > > PROTOCOMP > > > MRU 1500 > > > MAGICNUM c45f0870 > > > AUTHPROTO CHAP MSOFT > > > [vpn1] LCP: rec'd Configure Request #1 link 0 (Req-Sent) > > > MAGICNUM 75e54257 > > > PROTOCOMP > > > ACFCOMP > > > CALLBACK > > > Not supported > > > MP MRRU 1614 > > > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8 > b2 00 > > > 00 00 08 > > > [vpn1] LCP: SendConfigRej #1 > > > CALLBACK > > > MP MRRU 1614 > > > [vpn1] LCP: SendConfigReq #3 > > > ACFCOMP > > > PROTOCOMP > > > MRU 1500 > > > MAGICNUM c45f0870 > > > AUTHPROTO CHAP MSOFT > > > [vpn1] LCP: rec'd Configure Request #2 link 0 (Req-Sent) > > > MAGICNUM 75e54257 > > > PROTOCOMP > > > ACFCOMP > > > CALLBACK > > > Not supported > > > MP MRRU 1614 > > > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8 > b2 00 > > > 00 00 08 > > > [vpn1] LCP: SendConfigRej #2 > > > CALLBACK > > > MP MRRU 1614 > > > [vpn1] LCP: SendConfigReq #4 > > > ACFCOMP > > > PROTOCOMP > > > MRU 1500 > > > MAGICNUM c45f0870 > > > AUTHPROTO CHAP MSOFT > > > [vpn1] LCP: SendConfigReq #5 > > > ACFCOMP > > > PROTOCOMP > > > MRU 1500 > > > MAGICNUM c45f0870 > > > AUTHPROTO CHAP MSOFT > > > [vpn1] LCP: rec'd Configure Request #3 link 0 (Req-Sent) > > > MAGICNUM 75e54257 > > > PROTOCOMP > > > ACFCOMP > > > CALLBACK > > > Not supported > > > MP MRRU 1614 > > > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8 > b2 00 > > > 00 00 08 > > > [vpn1] LCP: SendConfigRej #3 > > > CALLBACK > > > MP MRRU 1614 > > > [vpn1] LCP: SendConfigReq #6 > > > ACFCOMP > > > PROTOCOMP > > > MRU 1500 > > > MAGICNUM c45f0870 > > > AUTHPROTO CHAP MSOFT > > > [vpn1] LCP: SendConfigReq #7 > > > ACFCOMP > > > PROTOCOMP > > > MRU 1500 > > > MAGICNUM c45f0870 > > > AUTHPROTO CHAP MSOFT > > > [vpn1] LCP: rec'd Configure Request #4 link 0 (Req-Sent) > > > MAGICNUM 75e54257 > > > PROTOCOMP > > > ACFCOMP > > > CALLBACK > > > Not supported > > > MP MRRU 1614 > > > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8 > b2 00 > > > 00 00 08 > > > [vpn1] LCP: SendConfigRej #4 > > > CALLBACK > > > MP MRRU 1614 > > > [vpn1] LCP: SendConfigReq #8 > > > ACFCOMP > > > PROTOCOMP > > > MRU 1500 > > > MAGICNUM c45f0870 > > > AUTHPROTO CHAP MSOFT > > > [vpn1] LCP: SendConfigReq #9 > > > ACFCOMP > > > PROTOCOMP > > > MRU 1500 > > > MAGICNUM c45f0870 > > > AUTHPROTO CHAP MSOFT > > > [vpn1] LCP: SendConfigReq #10 > > > ACFCOMP > > > PROTOCOMP > > > MRU 1500 > > > MAGICNUM c45f0870 > > > AUTHPROTO CHAP MSOFT > > > [vpn1] LCP: rec'd Configure Request #5 link 0 (Req-Sent) > > > MAGICNUM 75e54257 > > > PROTOCOMP > > > ACFCOMP > > > CALLBACK > > > Not supported > > > MP MRRU 1614 > > > ENDPOINTDISC [LOCAL] 69 76 c7 95 cb 9d 4c 7f a7 61 ea a3 ef ba a8 > b2 00 > > > 00 00 08 > > > [vpn1] LCP: not converging > > > [vpn1] LCP: parameter negotiation failed > > > [vpn1] LCP: state change Req-Sent --> Stopped > > > [vpn1] LCP: LayerFinish > > > [vpn1] device: CLOSE event in state UP > > > pptp0-0: clearing call > > > pptp0-0: killing channel > > > [vpn1] PPTP call terminated > > > [pptp] IFACE: Close event > > > [pptp] IPCP: Close event > > > [pptp] IPCP: state change Starting --> Initial > > > [pptp] IPCP: LayerFinish > > > [pptp] IFACE: Close event > > > pptp0: closing connection with xxx.xxx.xxx.xxx:2166 > > > [pptp] IFACE: Close event > > > [vpn1] device is now in state CLOSING > > > [pptp] bundle: CLOSE event in state OPENED > > > [pptp] closing link "vpn1"... > > > [vpn1] device: DOWN event in state CLOSING > > > [vpn1] device is now in state DOWN > > > [vpn1] link: CLOSE event > > > [vpn1] LCP: Close event > > > [vpn1] LCP: state change Stopped --> Closed > > > [vpn1] device: DOWN event in state DOWN > > > [vpn1] device is now in state DOWN > > > [vpn1] link: DOWN event > > > [vpn1] LCP: Down event > > > [vpn1] LCP: state change Closed --> Initial > > > [vpn1] LCP: phase shift ESTABLISH --> DEAD > > > pptp0: invalid length 16 for type 4 > > > pptp0: killing connection with xxx.xxx.xxx.xxx:2166 > > > [vpn1] link: DOWN event > > > [vpn1] LCP: Down event > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011025022036.H37420-100000>