Date: Thu, 14 Dec 2000 16:12:04 +0100 (CET) From: Patrik Astrom <patrik@astrom.net> To: Alexey <Alexey.Dementsov@oggi.spb.ru> Cc: freebsd-questions@freebsd.org Subject: Re: your mail Message-ID: <Pine.BSF.4.21.0012141603080.21178-100000@styx.astrom.net> In-Reply-To: <001601c065d8$8949cb70$0201040a@oggi.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
When I did this I needed to modify my firewall settings to allow the GRE protocol. Eg "ipfw add pass GRE from any to any" See if that help and check your /var/log/ppp.log and see what you can find there. Regards Patrik Astrom On Dec 14, 2000 at 17:17, Alexey wrote: > Date: Thu, 14 Dec 2000 17:17:04 +0300 > From: Alexey <Alexey.Dementsov@oggi.spb.ru> > To: questions@FreeBSD.ORG > > Good day. > I have a same dificult problem with tooling VPN based package poptop. I uses FreeBDS 3.1 operation system. Client is VPN Microsoft. Connection in the Local Aria Network was succesful on 10.4.1.1 IP. > FreeBSD is connected with Internet by PPP with fixed ip adress x.x.x.x > Client computer is connected whith Internet by dual-up with fixed ip-adress y.y.y.y > Then I tried to connect through Internet on x.x.x.x IP. The messages "650 The Remote Access server is not responding" appeard after the check username password. > > > Configuration files are wrote below: > /etc/rc.conf > ifconfig_ed1="inet 10.4.1.1 netmask 255.255.255.0" > defaultrouter="NO" > network_interfaces="ed1 lo0" > hostname="mail.oggi.spb.ru" > keymap=ru.koi8-r > keychange="61 ^[[K" > scrnmap=koi8-r2cp866 > font8x16=cpp866b-8x16 > font8x14=cpp866-8x14 > font8x8=cp866-8x8 > firewall_enable = "YES" > natd_enable="YES" > natd_interface="tun0" > natd_flags="-dynamic" > ppp_enable="YES" > ppp_mode="auto" > ppp_nat="YES" > > /etc/rc.firewall > fwcmd="/sbin/ipfw" > > $fwcmd -f flush > > > # Divert all packets through the tunnel interface. > $fwcmd add divert natd all from any to any via tun0 > > # Allow all data from my network card and localhost. Make sure you > # change your network card (mine was fxp0) before you reboot. :) > $fwcmd add allow ip from any to any via lo0 > $fwcmd add allow ip from any to any via ed1 > > #Allow all data from warehouse > $fwcmd add allow all from y.y.y.y to any > # Allow all connections that I initiate. > $fwcmd add allow tcp from any to any out xmit tun0 setup > > # Once connections are made, allow them to stay open. > $fwcmd add allow tcp from any to any via tun0 established > > # Everyone on the internet is allowed to connect to the following > # services on the machine. This example shows that people may connect > # to ssh and apache > $fwcmd add allow tcp from any to any 25 setup > > $fwcmd add reset log tcp from any to any 113 in recv tun0 > . > $fwcmd add allow udp from any to 212.44.130.6 53 out xmit tun0 > $fwcmd add allow udp from 212.44.130.6 53 to any in recv tun0 > > $fwcmd add 65435 allow icmp from any to any > > > $fwcmd add 65435 deny log ip from any to any > > > /etc/ppp/ppp.conf > > default: > set redial 1 0 > set filter dial 0 deny udp src eq 53 > set filter dial 1 deny udp dst eq 53 > set filter dial 2 permit 0/0 0/0 > internet: > set device /dev/cuaa0 > set speed 115200 > disable pred1 > deny pred1 > disable lqr > deny lqr > set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK > set authname name > set authkey password > set phone 123456 > set timeout 600 > set openmode active > accept chap > set ifaddr x.x.x.x 127.2.2.2/0 255.255.255.0 > add 0 0 127.2.2.2 > /etc/ppp/options > debug > name x.x.x.x > lock > require-chap > auth > proxyarp > > /etc/ppp/chap-secrets > > billy x.x.x.x bob * > > /etc/pptpd.conf > > speed 115200 > options /etc/ppp/options > debug > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012141603080.21178-100000>