From owner-freebsd-isp@FreeBSD.ORG Fri Nov 21 13:25:02 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9FBDD16A4D0 for ; Fri, 21 Nov 2003 13:25:02 -0800 (PST) Received: from crystunix.com (crystunix.com [195.68.88.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C73DB43FE5 for ; Fri, 21 Nov 2003 13:25:00 -0800 (PST) (envelope-from nanard@crystunix.com) Received: from [192.168.1.2] (port=3392 helo=thot) by crystunix.com with esmtp (Exim) id 1ANImW-00017y-1p; Fri, 21 Nov 2003 22:25:36 +0100 Message-ID: <00df01c3b075$e4f29070$0201a8c0@thot> From: "nanard" To: "Eric Anderson" References: <02e701c3b039$caaebea0$51fd210a@orion><3FBE2185.1040204@centtech.com> <030d01c3b046$fcaf92f0$51fd210a@orion> <3FBE7E62.50207@centtech.com> Date: Fri, 21 Nov 2003 22:20:19 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Scanner: Crysto-ClamAV cc: freebsd-isp@freebsd.org Subject: Re: Connecting to VPN Concentrator X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 21:25:02 -0000 Hi Eric, Ok i ve the same configuration on my FreeBSD server. But on the FreeBSD client, i was using pptp: crysto# pkg_info|grep pptp pptpclient-1.3.1 PPTP client for establishing a VPN link with an NT server So, now, i m trying to connect the client with MPD. But i didn't find the public adress of the VPN server in the mpd.conf. > And on my client: > default: > load work > > work: > new -i ng1 ms-pptp work > set log +pptp +pptp2 +pptp3 +lcp +auth > set ipcp ranges 0.0.0.0/0 0.0.0.0/0 > set ipcp yes vjcomp > set ipcp dns 10.x.y.5 10.x.y.6 > set ipcp enable req-pri-dns req-sec-dns > set link disable chap pap > set link accept chap > set link yes acfcomp protocomp > set iface idle 0 > set bundle enable multilink > set bundle yes crypt-reqd > set bundle enable compression > #set link enable no-orig-auth > set link keep-alive 60 600 > set ccp yes mppc > set ccp enable mpp-compress > set ccp yes mpp-e40 > set ccp yes mpp-e56 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > set iface route 10.x.y.0/24 > set iface route 10.x.z.0/24 > set bundle authname "username" > set bundle password "mypassword" > set iface disable on-demand > set link max-redial 9 > set iface mtu 1400 > open iface > > > Then to start the connection, I run: > # mpd work > > Once the connection is made, you should be running.. Where do you specify xxx.yyy.zzz.123 in the mpd configuration of the freebsd client ? mpd.links ? Thanks in advance. Regards, Nicolas ----- Original Message ----- From: "Eric Anderson" To: "nanard" Cc: Sent: Friday, November 21, 2003 10:06 PM Subject: Re: Connecting to VPN Concentrator > nanard wrote: > > >Hi Eric, > > > > > > > >>In a previous email to this list, I thought you were asking how to > >>connect FreeBSD and windows clients to a VPN server (of any kind, > >>possibly FreeBSD)? If that's what you want, I can help you with that.. > >> > >> > > > >Yes, i installed a VPN server on FreeBSD 4.9 with MPD. (and SaMBa in a jail > >of the server for the VPN user only). > > > >I managed to connect Windows users to it. > >But I didn't manage to connect FreeBSD client to it (using pptp-client). > >The connexion works but nothing go though the tunnel (i did nothing in ipf) > >and after 170 sec, the client close the connexion. > >(i think because of idle ?). Maybe there is something wrong with my route. > >I don't know > > > > > I put my config blurbs below.. maybe that will help.. if not, let me know.. > > >But now, i ve a VPN concentrator server (CISCO 3000) and i've some clients > >who would like to connect from FreeBSD. > >I don't know if it s possible so, i m asking now here. > > > > > I believe it is, but I'm not sure that mpd will do it.. I think the > Cisco's use IPSEC, not pptp.. > > >For my last question in this list, i m open to know how do you use mpd as > >client to connect FreeBSD to FreeBSD MPD server. > > > >Thanks in advance. > > > >Nicolas > > > >OS: FreeBSD 4.9 > > > >Configuration of the FreeBSD client : > > > >crysto$ cat /etc/ppp/ppp.conf > >TEST: > > set authname nanard > > set authkey ****** > > set timeout 0 > > set ifaddr 0 0 > > add 192.168.0.142/24 HISADDR > > alias enable yes > > > > > ppp.conf? Hmm.. I use mpd.conf on my client.. (shown below) > > >When i launch : > > > ># pptp XX.YY.ZZ.AA TEST > > > is pptp a command for you? I don't have that command.. > > > > >tun0: flags=8051 mtu 1498 > > inet 192.168.0.142 --> XX.YY.ZZ.AA netmask 0xffffffff > > Opened by PID 24918 > > > >$ ping 192.168.0.142 > >PING 192.168.0.142 (192.168.0.142): 56 data bytes > >ping: sendto: No route to host > >ping: sendto: No route to host > >^C > > > > > > > [..snip..] > > Ok, here's my configuration for the server: > /usr/local/etc/mpd/mpd.conf: (10.x.y.50 is the internal IP of the vpn > server, and 10.x.y.100/101 are the IPs that are assigned to the vpn > connections once established) > ##################### > default: > load client0 > load client1 > > client0: > new -i ng0 pptp0 pptp0 > set ipcp ranges 10.x.y.50/32 10.x.y.100/32 > load pptp_standard > > client1: > new -i ng1 pptp1 pptp1 > set ipcp ranges 10.x.y.50/32 10.x.y.101/32 > load pptp_standard > > pptp_standard: > set iface disable on-demand > set iface enable proxy-arp > set iface idle 3600 > set iface mtu 1400 > set bundle disable multilink > set bundle yes crypt-reqd > set bundle enable compression > set link no pap chap > set link enable chap > set link keep-alive 60 600 > set link mtu 1400 > set ipcp yes vjcomp > set ipcp dns 10.x.y.5 10.x.y.6 > #nbns is for the WINs numbers for windows users > set ipcp nbns 10.x.y.7 10.x.y.8 > set ccp yes mppc > set ccp enable mpp-compress > set ccp yes mpp-e40 > set ccp yes mpp-e56 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > ##################### > > /usr/local/etc/mpd/mpd.links: > (xxx.yyy.zzz.123 is my external IP on the FreeBSD VPN server) > ##################### > pptp0: > set link type pptp > set pptp self xxx.yyy.zzz.123 > set pptp enable incoming > set pptp disable originate > > pptp1: > set link type pptp > set pptp self xxx.yyy.zzz.123 > set pptp enable incoming > set pptp disable originate > ##################### > > /usr/local/mpd/mpd.secret: > ##################### > username "mypassword" > > And on my client: > default: > load work > > work: > new -i ng1 ms-pptp work > set log +pptp +pptp2 +pptp3 +lcp +auth > set ipcp ranges 0.0.0.0/0 0.0.0.0/0 > set ipcp yes vjcomp > set ipcp dns 10.x.y.5 10.x.y.6 > set ipcp enable req-pri-dns req-sec-dns > set link disable chap pap > set link accept chap > set link yes acfcomp protocomp > set iface idle 0 > set bundle enable multilink > set bundle yes crypt-reqd > set bundle enable compression > #set link enable no-orig-auth > set link keep-alive 60 600 > set ccp yes mppc > set ccp enable mpp-compress > set ccp yes mpp-e40 > set ccp yes mpp-e56 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > set iface route 10.x.y.0/24 > set iface route 10.x.z.0/24 > set bundle authname "username" > set bundle password "mypassword" > set iface disable on-demand > set link max-redial 9 > set iface mtu 1400 > open iface > > > Then to start the connection, I run: > # mpd work > > Once the connection is made, you should be running.. > > Eric > > > > > -- > ------------------------------------------------------------------ > Eric Anderson Systems Administrator Centaur Technology > All generalizations are false, including this one. > ------------------------------------------------------------------ > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >