From owner-freebsd-net@FreeBSD.ORG Fri Jul 15 18:21:31 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4034516A422 for ; Fri, 15 Jul 2005 18:21:31 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: from mail.seekingfire.com (caliban.seekingfire.com [24.72.123.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FEC743D45 for ; Fri, 15 Jul 2005 18:21:30 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id 329651A7; Fri, 15 Jul 2005 12:21:29 -0600 (CST) Date: Fri, 15 Jul 2005 12:21:29 -0600 From: Tillman Hodgson To: freebsd-net@freebsd.org Message-ID: <20050715182129.GP71740@seekingfire.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/personal/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers X-Tillman-rules: yes he does User-Agent: Mutt/1.5.9i Subject: Trouble connecting OS X 10.4.1 client to FreeBSD -current (on sparc64) mpd server for pptp tunneling X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2005 18:21:31 -0000 [I originally posted to -questions ... after a week with no reponses I thought I'd try on -net.] Howdy, I've been googling for information about getting a Mac OS X client (a powerbook running 10.4.1) to work with a VPN server of some sort on FreeBSD (-current as of April 25 running on sparc64). The VPN server has a static IP and acts as a firewall and BGP/OSPF router as well (over tunnels to other internal networks, not to the outside world). I've tried sl2tps but rapidly gave up on it -- no real documentation and it appears to be an abandoned project. I've also tried OpenVPN (which is my preferred solution, detailed at http://metanetwork.seekingfire.com if you're curious) but OS X support appears to be weak. While I can get the tunnel up and running manually, my normal OpenVPN practice of running OSPF on the client isn't an option for the OS X road-warrior case that I have. The GUI doesn't like the Spotlight position on the menu bar and appears to be a semi-abandoned project (I had to dig through an archived older version of the web page to get it). So I tried mpd to implement PPTP. In theory, with native OS X support and proxy-arp replacing OSPF (no dynamic routing needed if I think I'm local) this looked like the ticket. I ran into what appears to be the same issue that Robert Watson posted to freebsd-questions@ about May 5 2004: http://lists.freebsd.org/pipermail/freebsd-questions/2004-May/045705.html I get 10 attempts to SendConfigReq and then negotiation fails. ***snip*** [pptp1] IPCP: SendConfigReq #10 IPADDR 192.168.23.30 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [pptp1] CCP: SendConfigReq #10 [pptp1] CCP: Checking whether 40 bits are enabled -> yes [pptp1] CCP: Checking whether 56 bits are enabled -> no [pptp1] CCP: Checking whether 128 bits are enabled -> yes MPPC 0x00000000: [pptp1] IPCP: state change Req-Sent --> Stopped [pptp1] IPCP: LayerFinish [pptp1] IPCP: parameter negotiation failed [pptp1] IPCP: LayerFinish ***snip*** Has anyone gotten mpd working with OS X and could share their config files and setup with me? Alternatively, has anyone gotten any other sort of decent tunneling for OS X -> FreeBSD infrastructure in place that could share what they're running and their experiences with setting it up? Thanks muchly, -T