Date: Fri, 29 Jun 2001 09:10:13 -0700 From: "Dave Atkins" <dave@atkinshome.com> To: <freebsd-questions@FreeBSD.ORG> Subject: VPN using mpd and Win2K client - LCP errors Message-ID: <000a01c100b5$ffd87160$8c05a8c0@crhq.consumerreview.org> References: <472ojt840juc00m4tjo6k0o054h3mnhec0@4ax.com> <003801c1005a$9ba62c60$0a2d2d0a@battleship> <20010629065619.A28750@sympatico.ca> <rvsojtkudo5to60i5ql79l21mqoon8r734@4ax.com> <20010629091321.A18254@acadia.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Clark from this list has been helping me a lot, but I wanted to post
more specifics on my current problem in case anyone else has seen/resolved
this issue...
To summarize my questions:
1) Does anyone have a Windows 2000 client (Dial up networking/VPN) working
with mpd? I know lots of folks have Win98/etc, but what about Win2K?
2) Do I need the -pptpalias line in natd_flags?
3) What is this "CALLBACK" function the VPN client is requesting and is it
a fatal cause of the failure to negotiate LCP?
4) Does it matter that I am originating my VPN connection from a client
inside another private network (which uses Altheon switch/PIX firewall to
port address translate my connect out to the internet)?
Here is the problem as I currently understand it:
When I run mpd on my home firewall and attempt to connect from a Windows
2000 Server or Workstation from inside my company's LAN, it connects but
fails to negotiate LCP:
dave# mpd
Multi-link PPP for FreeBSD, by Archie L. Cobbs.
Based on iij-ppp, by Toshiharu OHNO.
mpd: pid 2774, version 3.2 (root@dave.atkinshome.com 06:48 26-Jun-2001)
[pptp0] ppp node is "mpd2774-pptp0"
[pptp0] using interface ng0
mpd: local IP address for PPTP is 64.121.139.66
...
[pptp0] LCP: rec'd Configure Request #5 link 0 (Req-Sent)
MAGICNUM 153a09b4
PROTOCOMP
ACFCOMP
CALLBACK
Not supported
MP MRRU 1614
ENDPOINTDISC [LOCAL] b9 3f 3f 81 17 38 45 e0 8e 45 0f 31 4b 2d 3f 3b 00 00
00 01
[pptp0] LCP: not converging
[pptp0] LCP: parameter negotiation failed
[pptp0] LCP: state change Req-Sent --> Stopped
[pptp0] LCP: LayerFinish
[pptp0] device: CLOSE event in state UP
pptp0-0: clearing call
pptp0-0: killing channel
I have freeBSD 4.3 set up as my home firewall/router successfully running
natd. I have a set of ipfw rules which appear to work for what I need. I
have attempted to resolve my VPN problems under both the restrictive set of
firewall rules that I normally run, and also by using the "open" default
firewall configuration, so I do not believe the problem is in the firewall
rules per se.
I have followed the many examples of how to set up mpd and attempted a few
extra things...
- originally my system did not have libdes installed. I downloaded the
crypto package, installed it, completely uninstalled mpd and
recompiled/reinstalled
- I tried adding "-pptpalias 192.168.0.1" to my natd_flags line in
rc.conf - this cause total chaos on my system--I lost my route to localhost,
the lo0 interface was not initialized properly, etc., so I took this out and
rebooted a few times. One reason for this was that in my rc.conf, I listed
my interfaces in network_interfaces="" and left out lo0...I reset this to:
network_interfaces="auto"
ifconfig_dc1_alias0="inet 64.121.139.66 netmask 255.255.255.248"
ifconfig_dc1_alias1="inet 64.121.139.68 netmask 255.255.255.248"
ifconfig_dc0="inet 192.168.0.1 netmask 255.255.255.0"
but still, if I set that pptpalias line, it craps out everything. I don't
know if this is even needed...so one question for the group here is whether
I need to try again on that...here is my natd stuff from rc.conf:
natd_enable="YES"
natd_interface="dc1"
natd_flags="-u -redirect_address 192.168.0.2 64.121.139.68 -interface
dc1 -log_denied -use_sockets"
The point of all that redirect/aliasing is that right now, I have a Win2K
server inside my firewall and am mapping it out through a real ip address to
allow traffic on on certain ports. Eventually my goal is to put several
servers behind the firewall and NAT out port 80 on several existing IP
addresses, but allow me in via VPN to administer the NT and Win2K Servers.
For now, I punched a hole through for terminal services on the 2K box.
Finally, here is my mpd setup:
.conf:
default:
load pptp0
...
pptp0:
new -i ng0 pptp0 pptp0
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp ranges 192.168.0.1/32 192.168.0.110/32
set ipcp dns 64.121.139.67
# set ipcp nbns 192.168.0.4
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
.link:
pptp0:
set link type pptp
set pptp self 64.121.139.66
set pptp enable incoming
set pptp disable originate
Thanks,
Dave
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000a01c100b5$ffd87160$8c05a8c0>