Date: Sat, 08 Nov 2003 18:38:52 -0500 From: Joe Marcus Clarke <marcus@marcuscom.com> To: questions@freebsd.org Cc: wca@freebsd.org Subject: MPD problems connecting to a Cisco 3000 concentrator Message-ID: <1068334731.37279.19.camel@shumai.marcuscom.com>
next in thread | raw e-mail | index | archive | help
--=-0VNbRIz17FmqGfqa5sjP Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I'm trying to establish an encrypted PPTP connection to a Cisco VPN concentrator using mpd-3.14. It works fine when I disable all encryption, but with even 40-bit stateless, I get errors like: [vpn] LCP: rec'd Protocol Reject #2 link 0 (Opened) [vpn] LCP: protocol 0x32f7 was rejected [vpn] LCP: rec'd Protocol Reject #10 link 0 (Opened) [vpn] LCP: protocol 0xa785 was rejected [vpn] LCP: rec'd Protocol Reject #11 link 0 (Opened) [vpn] LCP: protocol 0x5a41 was rejected [vpn] LCP: rec'd Protocol Reject #12 link 0 (Opened) [vpn] LCP: protocol 0x5ceb was rejected Note, each reject is a simple ping packet, but the protocol number is different every time. I've tried Archie's patch to ng_ppp.c from November 2002, but it did not help. Here is the relevant config: ciscovpn: new -i ng0 ciscovpn vpn set bundle authname "marcus" set ipcp ranges 1.1.1.1/8 172.18.124.132/24 set link keep-alive 0 0 set ipcp yes vjcomp set link mtu 1460 set link no pap set link disable pap chap set link yes acfcomp protocomp set bundle disable multilink set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set bundle enable crypt-reqd set ccp yes mpp-stateless open I've also tried setting vjcomp to no as well as acfcomp protocomp. The only config that successfully passes data is one without MPPE. Note, this config does work when connecting to another mpd server. Here is a little more of the connection startup: [vpn] LCP: rec'd Configure Request #1 link 0 (Ack-Rcvd) AUTHPROTO CHAP MSOFTv2 [vpn] LCP: SendConfigAck #1 AUTHPROTO CHAP MSOFTv2 [vpn] LCP: state change Ack-Rcvd --> Opened [vpn] LCP: phase shift ESTABLISH --> AUTHENTICATE [vpn] LCP: auth: peer wants CHAP, I want nothing [vpn] LCP: LayerUp [vpn] CHAP: rec'd CHALLENGE #1 Name: "" Using authname "marcus" [vpn] CHAP: sending RESPONSE [vpn] CHAP: sending RESPONSE [vpn] CHAP: sending RESPONSE [vpn] CHAP: rec'd CHALLENGE #2 Name: "" Using authname "marcus" [vpn] CHAP: sending RESPONSE [vpn] CHAP: rec'd SUCCESS #2 MESG: S=3D87F6D876968EC6AEF15CD4CF1777518CE9A4F108 [vpn] LCP: authorization successful [vpn] LCP: phase shift AUTHENTICATE --> NETWORK [ciscovpn] setting interface ng0 MTU to 1460 bytes [ciscovpn] up: 1 link, total bandwidth 64000 bps [ciscovpn] IPCP: Up event [ciscovpn] IPCP: state change Starting --> Req-Sent [ciscovpn] IPCP: SendConfigReq #1 IPADDR 1.1.1.1 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [ciscovpn] CCP: Open event [ciscovpn] CCP: state change Initial --> Starting [ciscovpn] CCP: LayerStart [ciscovpn] CCP: Up event [ciscovpn] CCP: state change Starting --> Req-Sent [ciscovpn] CCP: SendConfigReq #1 [vpn] CCP: Checking wether 40 bits are enabled -> yes [vpn] CCP: Checking wether 56 bits are enabled -> no [vpn] CCP: Checking wether 128 bits are enabled -> yes MPPC 0x01000060: MPPE, 40 bit, 128 bit, stateless [ciscovpn] IPCP: rec'd Configure Request #0 link 0 (Req-Sent) IPADDR 172.18.124.132 172.18.124.132 is OK [ciscovpn] IPCP: SendConfigAck #0 IPADDR 172.18.124.132 [ciscovpn] IPCP: state change Req-Sent --> Ack-Sent [ciscovpn] CCP: rec'd Configure Request #0 link 0 (Req-Sent) MPPC 0x01000060: MPPE, 40 bit, 128 bit, stateless [vpn] CCP: Checking wether 40 bits are acceptable -> yes [vpn] CCP: Checking wether 128 bits are acceptable -> yes [ciscovpn] CCP: SendConfigNak #0 MPPC 0x01000040: MPPE, 128 bit, stateless [ciscovpn] CCP: rec'd Configure Nak #1 link 0 (Req-Sent) MPPC 0x01000040: MPPE, 128 bit, stateless [ciscovpn] CCP: SendConfigReq #2 [vpn] CCP: Checking wether 40 bits are enabled -> no [vpn] CCP: Checking wether 56 bits are enabled -> no [vpn] CCP: Checking wether 128 bits are enabled -> yes MPPC 0x01000040: MPPE, 128 bit, stateless [ciscovpn] CCP: rec'd Configure Request #1 link 0 (Req-Sent) MPPC 0x01000040: MPPE, 128 bit, stateless [vpn] CCP: Checking wether 128 bits are acceptable -> yes [ciscovpn] CCP: SendConfigAck #1 MPPC 0x01000040: MPPE, 128 bit, stateless [ciscovpn] CCP: state change Req-Sent --> Ack-Sent [ciscovpn] CCP: rec'd Configure Ack #2 link 0 (Ack-Sent) MPPC 0x01000040: MPPE, 128 bit, stateless [ciscovpn] CCP: state change Ack-Sent --> Opened [ciscovpn] CCP: LayerUp Compress using: MPPE, 128 bit, stateless Decompress using: MPPE, 128 bit, stateless [ciscovpn] setting interface ng0 MTU to 1456 bytes [ciscovpn] IPCP: SendConfigReq #2 IPADDR 1.1.1.1 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [ciscovpn] IPCP: rec'd Configure Request #1 link 0 (Ack-Sent) IPADDR 172.18.124.132 172.18.124.132 is OK [ciscovpn] IPCP: SendConfigAck #1 IPADDR 172.18.124.132 [ciscovpn] IPCP: SendConfigReq #3 IPADDR 1.1.1.1 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [ciscovpn] IPCP: SendConfigReq #4 IPADDR 1.1.1.1 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [ciscovpn] IPCP: rec'd Configure Request #2 link 0 (Ack-Sent) IPADDR 172.18.124.132 172.18.124.132 is OK [ciscovpn] IPCP: SendConfigAck #2 IPADDR 172.18.124.132 [ciscovpn] IPCP: SendConfigReq #5 IPADDR 1.1.1.1 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [ciscovpn] IPCP: rec'd Configure Request #3 link 0 (Ack-Sent) IPADDR 172.18.124.132 172.18.124.132 is OK [ciscovpn] IPCP: SendConfigAck #3 IPADDR 172.18.124.132 [ciscovpn] IPCP: SendConfigReq #6 IPADDR 1.1.1.1 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [ciscovpn] IPCP: rec'd Configure Reject #6 link 0 (Ack-Sent) COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [ciscovpn] IPCP: SendConfigReq #7 IPADDR 1.1.1.1 [ciscovpn] IPCP: rec'd Configure Ack #7 link 0 (Ack-Sent) IPADDR 1.1.1.1 [ciscovpn] IPCP: state change Ack-Sent --> Opened [ciscovpn] IPCP: LayerUp 1.1.1.1 -> 172.18.124.132 [ciscovpn] IFACE: Up event [ciscovpn] setting interface ng0 MTU to 1456 bytes [ciscovpn] exec: /sbin/ifconfig ng0 1.1.1.1 172.18.124.132 netmask 0xffffffff -link0 [ciscovpn] exec: /sbin/route add 1.1.1.1 -iface lo0 [ciscovpn] IFACE: Up event Thanks for any advice you may have. Joe --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-0VNbRIz17FmqGfqa5sjP Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQA/rX6Lb2iPiv4Uz4cRAtLSAJ9H6C7EzPaOcV8xY8Ttq/1tkxcomQCgrhSt fGXicvSrlzHxRr+YRkZpfVQ= =If6i -----END PGP SIGNATURE----- --=-0VNbRIz17FmqGfqa5sjP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1068334731.37279.19.camel>