Date: Wed, 9 Jul 2003 23:08:44 -0700 From: "Brent Wiese" <brently@bjwcs.com> To: "'Koroush Saraf'" <koroush.saraf@lmco.com>, <freebsd-questions@FreeBSD.ORG> Subject: RE: VPN setup problem - proxy arp I think Message-ID: <001d01c346a9$ba518d70$0a0114ac@home.bjwcs.com> In-Reply-To: <005601c33f75$b89853a0$04f4c581@BSDWIN2KKOROUSH>
next in thread | previous in thread | raw e-mail | index | archive | help
Set gateway="YES" in rc.conf and reboot. Then look into ipfw so you don't end up passing bogus traffic. > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of > Koroush Saraf > Sent: Monday, June 30, 2003 7:09 PM > To: freebsd-questions@FreeBSD.ORG > Subject: VPN setup problem - proxy arp I think > > > > > > Hi all, > > I read the setup at > http://www.blackh0le.net/articles/vpn-dun-howto.html to setup > my VPN. However, I'm having a problem which I think is > proxy-ARP not working. I like to ask you to see if you know > what's going on. When I ping 10.77.1.1 from windows XP > machine the packets get to the 10.77.1.1 machine, but they > don't have a return path to get back. When I do ping the > windows machine from 10.77.1.1 I get: > ping: sendto: Host is down > > When I add static route to 10.77.1.1 the machines can talk to > each other. > (route add 10.77.1.50/32 10.77.1.2) > But I don't think I need to setup a static route if Proxy ARP worked! > > I've included my config files in this email. Please note > that the I get a message back saying "[pptp1] no interface to > proxy arp on for 10.77.1.50" could this be my problem? how > can I fix it? Thanks very much, ~koroush > > > ========================= > > > I network looks as follows > > Freebsd 4.6 > IP 10.77.1.1/24 > | > | > fxp0:10.77.1.2/24 > Freebsd 4.8 (DELL2) (only 1 network card) > ng0: 10.77.13 > | > | > Windows XP machine with tunnel. > 10.77.1.50 > > > > ================== > Config files for Dell 2: > DELL2# ifconfig -a > fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 129.197.244.10 netmask 0xfffffff0 broadcast > 129.197.244.15 > inet 10.0.0.249 netmask 0xffffff00 broadcast 10.0.0.255 > inet 10.77.1.2 netmask 0xffffff00 broadcast 10.77.1.255 > inet 10.77.2.2 netmask 0xffffff00 broadcast 10.77.2.255 > inet 10.77.3.2 netmask 0xffffff00 broadcast 10.77.3.255 > inet 10.77.4.2 netmask 0xffffff00 broadcast 10.77.4.255 > inet 10.77.5.2 netmask 0xffffff00 broadcast 10.77.5.255 > ether 00:07:e9:87:ca:4f > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > lo1: flags=8008<LOOPBACK,MULTICAST> mtu 16384 > ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 > sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 > faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 > ng0: > flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1256 > inet 10.77.1.2 --> 10.77.1.50 netmask 0xffffffff > ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500 > ng2: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500 > ng3: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500 > ng4: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500 > > =============== > > DELL2# pwd > /usr/local/etc/mpd > DELL2# cat mpd.conf > default: > load client1 > load client2 > load client3 > load client4 > load client5 > > pptp_common_settings: > set link type pptp > set pptp enable incoming > set pptp disable originate > set iface disable on-demand > set iface enable proxy-arp > # set iface idle 1800 > set bundle enable multilink > set link yes acfcomp protocomp > set link no pap chap > set link enable chap > # set link keep-alive 10 60 > set link mtu 1260 > set ipcp yes vjcomp > # set ipcp ranges 10.77.1.1/32 10.77.1.50/32 > # set ipcp dns 10.77.1.1 > # set ipcp nbns 10.77.1.1 > set bundle enable compression > set ccp yes mppc > set ccp yes mpp-e40 > # set ccp yes mpp-e128 > set ccp yes mpp-stateless > > client1: > new -i ng0 pptp1 pptp1 > set ipcp range 10.77.1.2/24 10.77.1.50/24 > load pptp_common_settings > > client2: > new -i ng1 pptp2 pptp2 > set ipcp range 10.77.2.2/32 10.77.2.50/32 > load pptp_common_settings > > client3: > new -i ng2 pptp3 pptp3 > set ipcp range 10.77.3.3/32 10.77.3.50/32 > load pptp_common_settings > > client4: > new -i ng3 pptp4 pptp4 > set ipcp range 10.77.4.3/32 10.77.4.50/32 > load pptp_common_settings > > client5: > new -i ng4 pptp5 pptp5 > set ipcp range 10.77.5.3/32 10.77.5.50/32 > load pptp_common_settings > > DELL2# > ===================== > DELL2# cat mpd.secret > demo1 "demo1" 10.77.1.50/24 > demo2 "demo2" 10.77.2.50/24 > demo3 "demo3" 10.77.3.50/24 > demo4 "demo4" 10.77.4.50/24 > demo5 "demo5" 10.77.5.50/24 > > ========RUN TIME ======== > > DELL2# mdp default > mdp: Command not found. > DELL2# mpd default > Multi-link PPP for FreeBSD, by Archie L. Cobbs. > Based on iij-ppp, by Toshiharu OHNO. > mpd: pid 281, version 3.13 (root@DELL2.lmms.lmco.com 09:44 > 23-Jun-2003) [pptp1] ppp node is "mpd281-pptp1" > mpd: local IP address for PPTP is 129.197.244.10 > [pptp1] using interface ng0 > [pptp1] device type already set to pptp > [pptp2] ppp node is "mpd281-pptp2" > [pptp2] using interface ng1 > [pptp2] device type already set to pptp > [pptp3] ppp node is "mpd281-pptp3" > [pptp3] using interface ng2 > [pptp3] device type already set to pptp > [pptp4] ppp node is "mpd281-pptp4" > [pptp4] using interface ng3 > [pptp4] device type already set to pptp > [pptp5] ppp node is "mpd281-pptp5" > [pptp5] using interface ng4 > [pptp5] device type already set to pptp > [pptp5:pptp5] mpd: PPTP connection from 129.197.244.12:1127 > pptp0: attached to connection with 129.197.244.12:1127 > [pptp1] IFACE: Open event > [pptp1] IPCP: Open event > [pptp1] IPCP: state change Initial --> Starting > [pptp1] IPCP: LayerStart > [pptp1] IPCP: Open event > [pptp1] bundle: OPEN event in state CLOSED > [pptp1] opening link "pptp1"... > [pptp1] link: OPEN event > [pptp1] LCP: Open event > [pptp1] LCP: state change Initial --> Starting > [pptp1] LCP: LayerStart > [pptp1] device: OPEN event in state DOWN > [pptp1] attaching to peer's outgoing call > [pptp1] device is now in state OPENING > [pptp1] device: UP event in state OPENING > [pptp1] device is now in state UP > [pptp1] link: UP event > [pptp1] link: origination is remote > [pptp1] LCP: Up event > [pptp1] LCP: state change Starting --> Req-Sent > [pptp1] LCP: phase shift DEAD --> ESTABLISH > [pptp1] LCP: SendConfigReq #1 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM 5611757b > AUTHPROTO CHAP MSOFTv2 > MP MRRU 1600 > MP SHORTSEQ > ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f > pptp0-0: ignoring SetLinkInfo > [pptp1] LCP: rec'd Configure Request #0 link 0 (Req-Sent) > MRU 1400 > MAGICNUM 4d905023 > PROTOCOMP > ACFCOMP > CALLBACK > Not supported > [pptp1] LCP: SendConfigRej #0 > CALLBACK > [pptp1] LCP: rec'd Configure Request #1 link 0 (Req-Sent) > MRU 1400 > MAGICNUM 4d905023 > PROTOCOMP > ACFCOMP > [pptp1] LCP: SendConfigAck #1 > MRU 1400 > MAGICNUM 4d905023 > PROTOCOMP > ACFCOMP > [pptp1] LCP: state change Req-Sent --> Ack-Sent > [pptp1] LCP: SendConfigReq #2 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM 5611757b > AUTHPROTO CHAP MSOFTv2 > MP MRRU 1600 > MP SHORTSEQ > ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f > [pptp1] LCP: rec'd Configure Reject #2 link 0 (Ack-Sent) > MP MRRU 1600 > MP SHORTSEQ > ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f > [pptp1] LCP: SendConfigReq #3 > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM 5611757b > AUTHPROTO CHAP MSOFTv2 > [pptp1] LCP: rec'd Configure Ack #3 link 0 (Ack-Sent) > ACFCOMP > PROTOCOMP > MRU 1500 > MAGICNUM 5611757b > AUTHPROTO CHAP MSOFTv2 > [pptp1] LCP: state change Ack-Sent --> Opened > [pptp1] LCP: phase shift ESTABLISH --> AUTHENTICATE > [pptp1] LCP: auth: peer wants nothing, I want CHAP > [pptp1] CHAP: sending CHALLENGE > [pptp1] LCP: LayerUp > [pptp1] LCP: rec'd Ident #2 link 0 (Opened) > MESG: MSRASV5.10 > pptp0-0: ignoring SetLinkInfo > [pptp1] LCP: rec'd Ident #3 link 0 (Opened) > MESG: MSRAS-1-DELL4 > [pptp1] CHAP: rec'd RESPONSE #1 > Name: "demo1" > Peer name: "demo1" > Response is valid > [pptp1] CHAP: sending SUCCESS > [pptp1] LCP: authorization successful > [pptp1] LCP: phase shift AUTHENTICATE --> NETWORK > [pptp1] setting interface ng0 MTU to 1260 bytes > [pptp1] up: 1 link, total bandwidth 64000 bps > [pptp1] IPCP: Up event > [pptp1] IPCP: state change Starting --> Req-Sent > [pptp1] IPCP: SendConfigReq #1 > IPADDR 10.77.1.2 > COMPPROTO VJCOMP, 16 comp. channels, no comp-cid > [pptp1] CCP: Open event > [pptp1] CCP: state change Initial --> Starting > [pptp1] CCP: LayerStart > [pptp1] CCP: Up event > [pptp1] CCP: state change Starting --> Req-Sent > [pptp1] CCP: SendConfigReq #1 > MPPC > 0x01000020: MPPE, 40 bit, stateless > [pptp1] CCP: rec'd Configure Request #4 link 0 (Req-Sent) > MPPC > 0x01000001: MPPC > [pptp1] CCP: SendConfigNak #4 > MPPC > 0x01000020: MPPE, 40 bit, stateless > [pptp1] IPCP: rec'd Configure Request #5 link 0 (Req-Sent) > IPADDR 0.0.0.0 > NAKing with 10.77.1.50 > PRIDNS 0.0.0.0 > PRINBNS 0.0.0.0 > SECDNS 0.0.0.0 > SECNBNS 0.0.0.0 > [pptp1] IPCP: SendConfigRej #5 > PRIDNS 0.0.0.0 > PRINBNS 0.0.0.0 > SECDNS 0.0.0.0 > SECNBNS 0.0.0.0 > [pptp1] IPCP: rec'd Configure Reject #1 link 0 (Req-Sent) > COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [pptp1] > IPCP: SendConfigReq #2 IPADDR 10.77.1.2 [pptp1] CCP: rec'd > Configure Ack #1 link 0 (Req-Sent) MPPC > 0x01000020: MPPE, 40 bit, stateless > [pptp1] CCP: state change Req-Sent --> Ack-Rcvd > [pptp1] CCP: rec'd Configure Request #6 link 0 (Ack-Rcvd) > MPPC > 0x01000020: MPPE, 40 bit, stateless > [pptp1] CCP: SendConfigAck #6 > MPPC > 0x01000020: MPPE, 40 bit, stateless > [pptp1] CCP: state change Ack-Rcvd --> Opened > [pptp1] CCP: LayerUp > Compress using: MPPE, 40 bit, stateless > Decompress using: MPPE, 40 bit, stateless > [pptp1] setting interface ng0 MTU to 1256 bytes > [pptp1] IPCP: rec'd Configure Request #7 link 0 (Req-Sent) > IPADDR 0.0.0.0 > NAKing with 10.77.1.50 > [pptp1] IPCP: SendConfigNak #7 > IPADDR 10.77.1.50 > [pptp1] IPCP: rec'd Configure Ack #2 link 0 (Req-Sent) > IPADDR 10.77.1.2 > [pptp1] IPCP: state change Req-Sent --> Ack-Rcvd > [pptp1] IPCP: rec'd Configure Request #8 link 0 (Ack-Rcvd) > IPADDR 10.77.1.50 > 10.77.1.50 is OK > [pptp1] IPCP: SendConfigAck #8 > IPADDR 10.77.1.50 > [pptp1] IPCP: state change Ack-Rcvd --> Opened > [pptp1] IPCP: LayerUp > 10.77.1.2 -> 10.77.1.50 > [pptp1] IFACE: Up event > [pptp1] setting interface ng0 MTU to 1256 bytes > [pptp1] exec: /sbin/ifconfig ng0 10.77.1.2 10.77.1.50 netmask > 0xffffffff -link0 [pptp1] no interface to proxy arp on for > 10.77.1.50 [pptp1] exec: /sbin/route add 10.77.1.2 -iface lo0 > [pptp1] IFACE: Up event > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd->; questions > > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001d01c346a9$ba518d70$0a0114ac>