From owner-freebsd-hackers@FreeBSD.ORG Tue Jul 1 19:29:43 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EED5E37B401; Tue, 1 Jul 2003 19:29:43 -0700 (PDT) Received: from mailgw2a.lmco.com (mailgw2a.lmco.com [192.91.147.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id A75C943FEC; Tue, 1 Jul 2003 19:29:42 -0700 (PDT) (envelope-from artem.n.tkachenko@lmco.com) Received: from emss01g01.ems.lmco.com ([129.197.181.54]) by mailgw2a.lmco.com (8.11.6p2/8.11.6) with ESMTP id h622TXi04950; Tue, 1 Jul 2003 22:29:33 -0400 (EDT) Received: from CONVERSION-DAEMON.lmco.com by lmco.com (PMDF V6.1-1 #40643) id <0HHD00J01LL8KP@lmco.com>; Tue, 01 Jul 2003 19:29:32 -0700 (PDT) Received: from EMSS01I00.us.lmco.com ([129.197.181.70]) by lmco.com (PMDF V6.1-1 #40643) with ESMTP id <0HHD00O1QLL7IO@lmco.com>; Tue, 01 Jul 2003 19:29:31 -0700 (PDT) Received: by EMSS01I00.us.lmco.com with Internet Mail Service (5.5.2653.19) id ; Tue, 01 Jul 2003 19:29:31 -0700 Content-return: allowed Date: Tue, 01 Jul 2003 19:29:27 -0700 From: "Tkachenko, Artem N" To: "Freebsd-Config (E-mail)" , "Freebsd-Hackers (E-mail)" , "Freebsd-Questions (E-mail)" , "'Dirk-Willem van Gulik'" , "'asa@gascom.ru'" , "'julian@elischer.org'" , "Brent Wiese (E-mail)" Message-id: <573562C6FDA9564A8EEE66D899BC190B02935D99@EMSS01M10.us.lmco.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Content-transfer-encoding: 7BIT Subject: VPN remote access server (continue) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jul 2003 02:29:44 -0000 Hi, I have the fallowing picture: Node1 ----------Internet----------Node2-----------LAN using IP Node1: Win2K VPN connection using PPTP IP (public) = 129.197.23.232 Node2: FreeBSD VPN server (using MPD) IP (public) = 129.197.244.6 IP (privet) = 10.77.5.2 LAN: 10.77.5/24 I set up a PPTP VPN connection between Node1 and Node2. Node1 gets privet IP address 10.77.5.50. When I try to ping some computer on the LAN (not Node2) with IP address 10.77.5.1 I know that computer gets the ping but does not know how to get back to Node1. It might be a problem with the ARP because I get an ARP error ([pptp1] no interface to proxy arp on for 10.77.5.50) when I start MPD. I am not sure about this. And I don't know how to resolve this problem. I have no control of 10.77.5/24 computers (except Node2) but I want those computers to see Node1 when it connects trough Node2. How can I make 10.77.5/24 computers to send packets to Node2 when they want to send it to Node1? Thank you very much for your help. Best regards Artem Tkachenko Here is some more info: mpd.conf default: load client1 load client2 load client3 load client4 load client5 load client6 load client7 load client8 load client9 load client10 pptp_common_settings: set iface disable on-demand set iface enable proxy-arp set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link mtu 1260 set ipcp yes vjcomp set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-stateless client1: new -i ng1 pptp1 pptp1 set iface enable proxy-arp set ipcp range 10.77.5.2/32 10.77.5.50/32 load pptp_common_settings . ------------------------------------------------- DELL2# mpd default Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 3694, version 3.13 (root@DELL2.lmms.lmco.com 09:44 23-Jun-2003) [pptp1] ppp node is "mpd3694-pptp1" mpd: local IP address for PPTP is 129.197.244.10 [pptp1] using interface ng1 [pptp2] ppp node is "mpd3694-pptp2" [pptp2] using interface ng2 . [pptp10:pptp10] mpd: PPTP connection from 129.197.23.232:1254 pptp0: attached to connection with 129.197.23.232:1254 [pptp1] IFACE: Open event [pptp1] IPCP: Open event [pptp1] IPCP: state change Initial --> Starting [pptp1] IPCP: LayerStart [pptp1] IPCP: Open event [pptp1] bundle: OPEN event in state CLOSED [pptp1] opening link "pptp1"... [pptp1] link: OPEN event [pptp1] LCP: Open event [pptp1] LCP: state change Initial --> Starting [pptp1] LCP: LayerStart [pptp1] device: OPEN event in state DOWN [pptp1] attaching to peer's outgoing call [pptp1] device is now in state OPENING [pptp1] device: UP event in state OPENING [pptp1] device is now in state UP [pptp1] link: UP event [pptp1] link: origination is remote [pptp1] LCP: Up event [pptp1] LCP: state change Starting --> Req-Sent [pptp1] LCP: phase shift DEAD --> ESTABLISH [pptp1] LCP: SendConfigReq #1 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 248388f6 AUTHPROTO CHAP MSOFTv2 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f pptp0-0: ignoring SetLinkInfo [pptp1] LCP: rec'd Configure Request #0 link 0 (Req-Sent) MAGICNUM 71ec1a47 PROTOCOMP ACFCOMP CALLBACK Not supported MP MRRU 1614 ENDPOINTDISC [LOCAL] 1f c1 5c 9a 42 93 47 f2 93 07 55 26 37 9c c1 10 00 00 00 08 [pptp1] LCP: SendConfigRej #0 CALLBACK [pptp1] LCP: rec'd Configure Request #1 link 0 (Req-Sent) MAGICNUM 71ec1a47 PROTOCOMP ACFCOMP MP MRRU 1614 ENDPOINTDISC [LOCAL] 1f c1 5c 9a 42 93 47 f2 93 07 55 26 37 9c c1 10 00 00 00 08 [pptp1] LCP: SendConfigNak #1 MP MRRU 1600 [pptp1] LCP: rec'd Configure Request #2 link 0 (Req-Sent) MAGICNUM 71ec1a47 PROTOCOMP ACFCOMP MP MRRU 1600 ENDPOINTDISC [LOCAL] 1f c1 5c 9a 42 93 47 f2 93 07 55 26 37 9c c1 10 00 00 00 08 [pptp1] LCP: SendConfigAck #2 MAGICNUM 71ec1a47 PROTOCOMP ACFCOMP MP MRRU 1600 ENDPOINTDISC [LOCAL] 1f c1 5c 9a 42 93 47 f2 93 07 55 26 37 9c c1 10 00 00 00 08 [pptp1] LCP: state change Req-Sent --> Ack-Sent [pptp1] LCP: SendConfigReq #2 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 248388f6 AUTHPROTO CHAP MSOFTv2 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f [pptp1] LCP: rec'd Configure Reject #2 link 0 (Ack-Sent) MP SHORTSEQ [pptp1] LCP: SendConfigReq #3 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 248388f6 AUTHPROTO CHAP MSOFTv2 MP MRRU 1600 ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f pptp0-0: ignoring SetLinkInfo [pptp1] LCP: rec'd Configure Ack #3 link 0 (Ack-Sent) ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 248388f6 AUTHPROTO CHAP MSOFTv2 MP MRRU 1600 ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f [pptp1] LCP: state change Ack-Sent --> Opened [pptp1] LCP: phase shift ESTABLISH --> AUTHENTICATE [pptp1] LCP: auth: peer wants nothing, I want CHAP [pptp1] CHAP: sending CHALLENGE [pptp1] LCP: LayerUp [pptp1] LCP: rec'd Ident #3 link 0 (Opened) MESG: MSRASV5.00 [pptp1] LCP: rec'd Ident #4 link 0 (Opened) MESG: MSRAS-1-SVLWKLHPW2A [pptp1] CHAP: rec'd RESPONSE #1 Name: "demo5" Peer name: "demo5" Response is valid [pptp1] CHAP: sending SUCCESS [pptp1] LCP: authorization successful [pptp1] LCP: phase shift AUTHENTICATE --> NETWORK [pptp1] setting interface ng1 MTU to 1500 bytes [pptp1] up: 1 link, total bandwidth 64000 bps [pptp1] IPCP: Up event [pptp1] IPCP: state change Starting --> Req-Sent [pptp1] IPCP: SendConfigReq #1 IPADDR 10.77.5.2 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [pptp1] CCP: Open event [pptp1] CCP: state change Initial --> Starting [pptp1] CCP: LayerStart [pptp1] CCP: Up event [pptp1] CCP: state change Starting --> Req-Sent [pptp1] CCP: SendConfigReq #1 MPPC 0x01000020: MPPE, 40 bit, stateless [pptp1] CCP: rec'd Configure Request #5 link 0 (Req-Sent) MPPC 0x010000e1: MPPC MPPE, 40 bit, 56 bit, 128 bit, stateless [pptp1] CCP: SendConfigNak #5 MPPC 0x01000020: MPPE, 40 bit, stateless [pptp1] IPCP: rec'd Configure Request #6 link 0 (Req-Sent) IPADDR 0.0.0.0 NAKing with 10.77.5.50 PRIDNS 0.0.0.0 PRINBNS 0.0.0.0 SECDNS 0.0.0.0 SECNBNS 0.0.0.0 [pptp1] IPCP: SendConfigRej #6 PRIDNS 0.0.0.0 PRINBNS 0.0.0.0 SECDNS 0.0.0.0 SECNBNS 0.0.0.0 [pptp1] IPCP: rec'd Configure Reject #1 link 0 (Req-Sent) COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [pptp1] IPCP: SendConfigReq #2 IPADDR 10.77.5.2 [pptp1] CCP: rec'd Configure Ack #1 link 0 (Req-Sent) MPPC 0x01000020: MPPE, 40 bit, stateless [pptp1] CCP: state change Req-Sent --> Ack-Rcvd [pptp1] CCP: rec'd Configure Request #7 link 0 (Ack-Rcvd) MPPC 0x01000020: MPPE, 40 bit, stateless [pptp1] CCP: SendConfigAck #7 MPPC 0x01000020: MPPE, 40 bit, stateless [pptp1] CCP: state change Ack-Rcvd --> Opened [pptp1] CCP: LayerUp Compress using: MPPE, 40 bit, stateless Decompress using: MPPE, 40 bit, stateless [pptp1] setting interface ng1 MTU to 1500 bytes [pptp1] IPCP: rec'd Configure Request #8 link 0 (Req-Sent) IPADDR 0.0.0.0 NAKing with 10.77.5.50 [pptp1] IPCP: SendConfigNak #8 IPADDR 10.77.5.50 [pptp1] IPCP: rec'd Configure Ack #2 link 0 (Req-Sent) IPADDR 10.77.5.2 [pptp1] IPCP: state change Req-Sent --> Ack-Rcvd [pptp1] IPCP: rec'd Configure Request #9 link 0 (Ack-Rcvd) IPADDR 10.77.5.50 10.77.5.50 is OK [pptp1] IPCP: SendConfigAck #9 IPADDR 10.77.5.50 [pptp1] IPCP: state change Ack-Rcvd --> Opened [pptp1] IPCP: LayerUp 10.77.5.2 -> 10.77.5.50 [pptp1] IFACE: Up event [pptp1] setting interface ng1 MTU to 1500 bytes [pptp1] exec: /sbin/ifconfig ng1 10.77.5.2 10.77.5.50 netmask 0xffffffff -link0 [pptp1] no interface to proxy arp on for 10.77.5.50 [pptp1] exec: /sbin/route add 10.77.5.2 -iface lo0 [pptp1] IFACE: Up event