From owner-freebsd-questions@FreeBSD.ORG Thu Jan 8 00:42:55 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F27816A4CE for ; Thu, 8 Jan 2004 00:42:55 -0800 (PST) Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9454B43D41 for ; Thu, 8 Jan 2004 00:42:52 -0800 (PST) (envelope-from marcus@marcuscom.com) Received: from creme-brulee.marcuscom.com (rrcs-midsouth-24-172-16-118.biz.rr.com [24.172.16.118]) i088gnov027809; Thu, 8 Jan 2004 03:42:49 -0500 (EST) Received: from [192.168.1.4] (shumai.marcuscom.com [192.168.1.4]) i088gbxc020957; Thu, 8 Jan 2004 03:42:37 -0500 (EST) (envelope-from marcus@marcuscom.com) From: Joe Marcus Clarke To: Chris Jones In-Reply-To: <20040108083430.GD357@gruntle.org> References: <20040108074911.GC357@gruntle.org> <1073549281.76587.12.camel@shumai.marcuscom.com> <20040108083430.GD357@gruntle.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-OFJQS6s2P7fHPtRttSOm" Organization: MarcusCom, Inc. Message-Id: <1073551365.76587.24.camel@shumai.marcuscom.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Thu, 08 Jan 2004 03:42:45 -0500 X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham version=2.61 X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on creme-brulee.marcuscom.com X-Virus-Scanned: Symantec AntiVirus Scan Engine cc: FreeBSD User Questions List Subject: Re: mpd PPTP to Cisco 3000 VPN Concentrator routing problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2004 08:42:55 -0000 --=-OFJQS6s2P7fHPtRttSOm Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2004-01-08 at 03:34, Chris Jones wrote: > Oh. :( I thought it negotiated the encryption ok because I see this: >=20 > [ciscovpn] CCP: LayerUp > Compress using: MPPE, 128 bit, stateless > Decompress using: MPPE, 128 bit, stateless This is fine. I get this, too. However, when trying to send data, I get decryption errors (the concentrator reports invalid packets). >=20 > And capturing on the interface, I see echo req's coming in from the > concentrator, but I encounter a routing loop when I try to send across > the tunnel. I was able to get past the routing loop by readdressing the interface as soon as it came up. This is a good starter howto on that procedure: http://www.cs.rpi.edu/~flemej/fbsd-cisco-vpn/fbsd-cisco-vpn.pdf >=20 > Disabling encryption isn't an option, even for testing, I'm afraid. Then you're probably not going have any luck getting this to work. You might also consider trying out security/vpnc if the concentrator also allows for IPSec clients using the Cisco VPN client. Joe >=20 >=20 > Original message from Joe Marcus Clarke: >=20 > > On Thu, 2004-01-08 at 02:49, Chris Jones wrote: > > > Hi. I've gone over list archives and seen this issue discussed befor= e, > > > but the sugggested solutions aren't working for me. I am using > > > mpd-3.15_1 on FreeBSD 4.9-STABLE to connect to a Cisco 3000 Series VP= N > > > Concentrator. I have negotiated CHAP and MPPE and the ng0 interface > > > comes up, but when I try to do anything I get this: > > >=20 > > > $ ping 10.10.58.7=20 > > > PING 10.10.58.7 (10.10.58.7): 56 data bytes =20 > > > ping: sendto: Resource deadlock avoided =20 > > > ping: sendto: No buffer space available =20 > > >=20 > > > A little investigation showed that this is a known routing issue and > > > that it is possible to work around by re-addressing the ng0 interface > > > with the VPN concentrator's private IP and set a default route to it.= I > > > did this, but I still have the same problem. :( > > >=20 > > > Does anyone see what I am doing wrong here? Below are my routing tab= le > > > and ifconfig before running mpd, after running mpd, and after running > > > the "fix". Below that is my mpd.conf and its output (verbose). > > >=20 > > > I appreciate any help on this, I've been going crazy trying to figure > > > out what I'm doing wrong. I can get it to work using the OSX PPTP > > > client, but not mpd. > >=20 > > Good luck. I have tried to get this working, but have never been able > > to get mpd encryption to work with the Concentrator's encryption > > (neither has anyone else to my knowledge). If you disable encryption o= n > > the concentrator, the tunnel will come up, and you will be able to pass > > traffic across it. Any other combination does not work. I haven't > > tried 3.16 yet, but looking at the ChangeLog, I doubt it addresses this > > problem. > >=20 > > Joe > >=20 > > --=20 > > PGP Key : http://www.marcuscom.com/pgp.asc --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-OFJQS6s2P7fHPtRttSOm Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQA//RgFb2iPiv4Uz4cRAr75AJ9nKbnHrCukO1qIgtqBSM5kQazeGQCgnWfq xeaMm7nN41DUFLINM6iSXxQ= =L9J/ -----END PGP SIGNATURE----- --=-OFJQS6s2P7fHPtRttSOm--