From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 13:06:55 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8ACF516A4CE for ; Fri, 21 Nov 2003 13:06:55 -0800 (PST) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1169D43FB1 for ; Fri, 21 Nov 2003 13:06:54 -0800 (PST) (envelope-from anderson@centtech.com) Received: from centtech.com (neutrino.centtech.com [10.177.171.220]) by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id hALL6q6T085878; Fri, 21 Nov 2003 15:06:53 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <3FBE7E62.50207@centtech.com> Date: Fri, 21 Nov 2003 15:06:42 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: nanard References: <02e701c3b039$caaebea0$51fd210a@orion> <3FBE2185.1040204@centtech.com> <030d01c3b046$fcaf92f0$51fd210a@orion> In-Reply-To: <030d01c3b046$fcaf92f0$51fd210a@orion> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: Connecting to VPN Concentrator X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 21:06:55 -0000 nanard wrote: >Hi Eric, > > > >>In a previous email to this list, I thought you were asking how to >>connect FreeBSD and windows clients to a VPN server (of any kind, >>possibly FreeBSD)? If that's what you want, I can help you with that.. >> >> > >Yes, i installed a VPN server on FreeBSD 4.9 with MPD. (and SaMBa in a jail >of the server for the VPN user only). > >I managed to connect Windows users to it. >But I didn't manage to connect FreeBSD client to it (using pptp-client). >The connexion works but nothing go though the tunnel (i did nothing in ipf) >and after 170 sec, the client close the connexion. >(i think because of idle ?). Maybe there is something wrong with my route. >I don't know > > I put my config blurbs below.. maybe that will help.. if not, let me know.. >But now, i ve a VPN concentrator server (CISCO 3000) and i've some clients >who would like to connect from FreeBSD. >I don't know if it s possible so, i m asking now here. > > I believe it is, but I'm not sure that mpd will do it.. I think the Cisco's use IPSEC, not pptp.. >For my last question in this list, i m open to know how do you use mpd as >client to connect FreeBSD to FreeBSD MPD server. > >Thanks in advance. > >Nicolas > >OS: FreeBSD 4.9 > >Configuration of the FreeBSD client : > >crysto$ cat /etc/ppp/ppp.conf >TEST: > set authname nanard > set authkey ****** > set timeout 0 > set ifaddr 0 0 > add 192.168.0.142/24 HISADDR > alias enable yes > > ppp.conf? Hmm.. I use mpd.conf on my client.. (shown below) >When i launch : > ># pptp XX.YY.ZZ.AA TEST > is pptp a command for you? I don't have that command.. > >tun0: flags=8051 mtu 1498 > inet 192.168.0.142 --> XX.YY.ZZ.AA netmask 0xffffffff > Opened by PID 24918 > >$ ping 192.168.0.142 >PING 192.168.0.142 (192.168.0.142): 56 data bytes >ping: sendto: No route to host >ping: sendto: No route to host >^C > > > [..snip..] Ok, here's my configuration for the server: /usr/local/etc/mpd/mpd.conf: (10.x.y.50 is the internal IP of the vpn server, and 10.x.y.100/101 are the IPs that are assigned to the vpn connections once established) ##################### default: load client0 load client1 client0: new -i ng0 pptp0 pptp0 set ipcp ranges 10.x.y.50/32 10.x.y.100/32 load pptp_standard client1: new -i ng1 pptp1 pptp1 set ipcp ranges 10.x.y.50/32 10.x.y.101/32 load pptp_standard pptp_standard: set iface disable on-demand set iface enable proxy-arp set iface idle 3600 set iface mtu 1400 set bundle disable multilink set bundle yes crypt-reqd set bundle enable compression set link no pap chap set link enable chap set link keep-alive 60 600 set link mtu 1400 set ipcp yes vjcomp set ipcp dns 10.x.y.5 10.x.y.6 #nbns is for the WINs numbers for windows users set ipcp nbns 10.x.y.7 10.x.y.8 set ccp yes mppc set ccp enable mpp-compress set ccp yes mpp-e40 set ccp yes mpp-e56 set ccp yes mpp-e128 set ccp yes mpp-stateless ##################### /usr/local/etc/mpd/mpd.links: (xxx.yyy.zzz.123 is my external IP on the FreeBSD VPN server) ##################### pptp0: set link type pptp set pptp self xxx.yyy.zzz.123 set pptp enable incoming set pptp disable originate pptp1: set link type pptp set pptp self xxx.yyy.zzz.123 set pptp enable incoming set pptp disable originate ##################### /usr/local/mpd/mpd.secret: ##################### username "mypassword" And on my client: default: load work work: new -i ng1 ms-pptp work set log +pptp +pptp2 +pptp3 +lcp +auth set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set ipcp yes vjcomp set ipcp dns 10.x.y.5 10.x.y.6 set ipcp enable req-pri-dns req-sec-dns set link disable chap pap set link accept chap set link yes acfcomp protocomp set iface idle 0 set bundle enable multilink set bundle yes crypt-reqd set bundle enable compression #set link enable no-orig-auth set link keep-alive 60 600 set ccp yes mppc set ccp enable mpp-compress set ccp yes mpp-e40 set ccp yes mpp-e56 set ccp yes mpp-e128 set ccp yes mpp-stateless set iface route 10.x.y.0/24 set iface route 10.x.z.0/24 set bundle authname "username" set bundle password "mypassword" set iface disable on-demand set link max-redial 9 set iface mtu 1400 open iface Then to start the connection, I run: # mpd work Once the connection is made, you should be running.. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology All generalizations are false, including this one. ------------------------------------------------------------------