Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 14 Dec 2000 16:12:04 +0100 (CET)
From:      Patrik Astrom <patrik@astrom.net>
To:        Alexey <Alexey.Dementsov@oggi.spb.ru>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: your mail
Message-ID:  <Pine.BSF.4.21.0012141603080.21178-100000@styx.astrom.net>
In-Reply-To: <001601c065d8$8949cb70$0201040a@oggi.spb.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
When I did this I needed to modify my firewall settings to allow the GRE
protocol.

Eg "ipfw add pass GRE from any to any"

See if that help and check your /var/log/ppp.log and see what you can find
there.

Regards
Patrik Astrom




On Dec 14, 2000 at 17:17, Alexey wrote:

> Date: Thu, 14 Dec 2000 17:17:04 +0300
> From: Alexey <Alexey.Dementsov@oggi.spb.ru>
> To: questions@FreeBSD.ORG
> 
> Good day.
> I have a same dificult problem with tooling VPN based package poptop. I uses FreeBDS 3.1 operation system. Client is VPN Microsoft. Connection in the Local Aria Network was succesful on 10.4.1.1 IP. 
> FreeBSD is connected with Internet by PPP with fixed ip adress x.x.x.x
> Client computer is connected whith Internet by dual-up with fixed ip-adress y.y.y.y
> Then I tried to connect through Internet on x.x.x.x IP. The messages "650 The Remote Access server is not responding" appeard after the check username password.
> 
> 
> Configuration files are wrote below:
>  /etc/rc.conf
> ifconfig_ed1="inet 10.4.1.1  netmask 255.255.255.0"
> defaultrouter="NO"
> network_interfaces="ed1 lo0"
> hostname="mail.oggi.spb.ru"
> keymap=ru.koi8-r
> keychange="61 ^[[K"
> scrnmap=koi8-r2cp866
> font8x16=cpp866b-8x16
> font8x14=cpp866-8x14
> font8x8=cp866-8x8
> firewall_enable = "YES"
> natd_enable="YES"
> natd_interface="tun0"
> natd_flags="-dynamic"
> ppp_enable="YES"
> ppp_mode="auto"
> ppp_nat="YES"
> 
> /etc/rc.firewall
>    fwcmd="/sbin/ipfw"
> 
>     $fwcmd -f flush
> 
> 
>     # Divert all packets through the tunnel interface.
>     $fwcmd add divert natd all from any to any via tun0
> 
>     # Allow all data from my network card and localhost.  Make sure you
>     # change your network card (mine was fxp0) before you reboot.  :)
>     $fwcmd add allow ip from any to any via lo0
>     $fwcmd add allow ip from any to any via ed1
> 
>     #Allow all data from warehouse
>     $fwcmd add allow all from y.y.y.y to any
>        # Allow all connections that I initiate.
>     $fwcmd add allow tcp from any to any out xmit tun0 setup
> 
>     # Once connections are made, allow them to stay open.
>     $fwcmd add allow tcp from any to any via tun0 established
> 
>     # Everyone on the internet is allowed to connect to the following
>     # services on the machine.  This example shows that people may connect
>     # to ssh and apache
>    $fwcmd add allow tcp from any to any 25 setup
>     
>     $fwcmd add reset log tcp from any to any 113 in recv tun0
> .
>     $fwcmd add allow udp from any to 212.44.130.6 53 out xmit tun0
>     $fwcmd add allow udp from 212.44.130.6 53 to any in recv tun0
> 
>     $fwcmd add 65435 allow icmp from any to any
> 
>   
>     $fwcmd add 65435 deny log ip from any to any
>                                                 
> 
> /etc/ppp/ppp.conf
> 
> default:
>     set redial 1 0
>     set filter dial 0 deny udp src eq 53
>     set filter dial 1 deny udp dst eq 53
>     set filter dial 2 permit 0/0 0/0
> internet:
>     set device /dev/cuaa0
>     set speed 115200
>     disable pred1
>     deny pred1
>     disable lqr
>     deny lqr
>     set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK
>     set authname name
>    set authkey password
>    set phone 123456
>    set timeout 600
>     set openmode active
>     accept chap
>     set ifaddr x.x.x.x 127.2.2.2/0 255.255.255.0
>     add 0 0 127.2.2.2
> /etc/ppp/options
> debug
> name x.x.x.x
> lock
> require-chap
> auth
> proxyarp
> 
> /etc/ppp/chap-secrets
> 
> billy x.x.x.x bob *  
> 
> /etc/pptpd.conf
> 
> speed 115200
> options /etc/ppp/options
> debug
> 
> 




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012141603080.21178-100000>