From owner-freebsd-questions Sun Apr 28 4:40:27 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mailout04.sul.t-online.com (mailout04.sul.t-online.com [194.25.134.18]) by hub.freebsd.org (Postfix) with ESMTP id 5A86C37B41A for ; Sun, 28 Apr 2002 04:40:07 -0700 (PDT) Received: from fwd09.sul.t-online.de by mailout04.sul.t-online.com with smtp id 171mxN-00053J-09; Sun, 28 Apr 2002 13:35:05 +0200 Received: from boss.home.folkerts-net.de (07031388170-0001@[217.230.29.122]) by fmrl09.sul.t-online.com with esmtp id 171mxA-0ieFLkC; Sun, 28 Apr 2002 13:34:52 +0200 Received: from localhost (localhost [127.0.0.1]) by boss.home.folkerts-net.de (8.11.6/8.9.3) with ESMTP id g3SBYp200700 for ; Sun, 28 Apr 2002 13:34:51 +0200 (CEST) (envelope-from ralf.folkerts@epost.de) Content-Transfer-Encoding: 7bit Content-Type: text/plain Date: 28 Apr 2002 14:34:32 +0300 From: Ralf Folkerts Message-Id: <1019993672.321.68.camel@beastie.home.folkerts-net.de> Mime-Version: 1.0 Received: from freebsd.home.folkerts-net.de (beastie.home.folkerts-net.de [10.0.0.6]) by pentium (AvMailGate-6.13.0.2) id 00696-23F720A1; Sun, 28 Apr 2002 13:34:31 +0200 Subject: MPD-(PPTP) Config Problem... To: freebsd-questions@freebsd.org X-AntiVirus: OK! AvMailGate Version 6.13.0.12 at boss.home.folkerts-net.de has not found any known virus in this email. X-Mailer: Ximian Evolution 1.0.3 X-Sender: 07031388170-0001@t-dialin.net Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I'd like to access "my" Company's Net through a VPN from my FreeBSD box. However, I was unable to configure mpd (and pptp) to work.I then tried from my Win-Box - and it worked (so there must a be a way to configure mpd to get it to work, too). In a "short" Overview: I have a small Network @ home (10.0.0.0/24) and access the IN through a DSL-Router (10.0.0.254/32 local, a.b.c.d/32 as assigned by ISP,. remote). The company's internal Network is on address 192.168.1.0/24. The company's VPN-Router can be reached via Internet at address "c.o.m.p" It will assign ne an address 192.168.7.101/32 which, however, is fix for my Login-Name. FreeBSD is 4.5STABLE, mpd is mpd-3.7. I tried with several Configs, but either MPD won't connect at all, or it will connect and I also can ping the remote machines but not e.g. telnet to them (which works fine from my Win-machine, so it shouldn't be a Routing Problem of the Server's of the Company) or it does establish a link but then produces errors. Here is my "latest" config that produces the last symptom (connects but the produces errors). ---<<>>--- default: load vpn vpn: new -i ng0 vpn vpn set iface disable on-demand set iface addrs 192.168.7.101 c.o.m.p set iface idle 0 set iface route 192.168.1.0/24 set bundle disable multilink set bundle authname "abc" set link yes acfcomp protocomp set link disable pap chap set link accept chap # If remote machine is NT you need this.. set link enable no-orig-auth set link keep-alive 10 75 set ipcp yes vjcomp set ipcp ranges 192.168.7.101/32 c.o.m.p/32 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set bundle enable crypt-reqd set ccp yes mpp-stateless open ---<<>>--- ---<<>>--- vpn: set link type pptp set pptp self 192.168.7.101 set pptp peer c.o.m.p set pptp disable incoming set pptp enable originate outcall ---<<>> ---<<>>--- beastie:root#mpd Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 668, version 3.7 (root@freebsd.home.folkerts-net.de 17:43 18-Apr-2002) [vpn] ppp node is "mpd668-vpn" [vpn] using interface ng0 [vpn] IFACE: Open event [vpn] IPCP: Open event [vpn] IPCP: state change Initial --> Starting [vpn] IPCP: LayerStart [vpn:vpn] [vpn] bundle: OPEN event in state CLOSED [vpn] opening link "vpn"... [vpn] link: OPEN event [vpn] LCP: Open event [vpn] LCP: state change Initial --> Starting [vpn] LCP: LayerStart [vpn] device: OPEN event in state DOWN pptp0: connecting to c.o.m.p:1723 [vpn] device is now in state OPENING pptp0: connected to c.o.m.p:1723 pptp0: attached to connection with c.o.m.p:1723 pptp0-0: outgoing call connected at 64000 bps [vpn] PPTP call successful [vpn] device: UP event in state OPENING [vpn] device is now in state UP [vpn] link: UP event [vpn] link: origination is local [vpn] LCP: Up event [vpn] LCP: state change Starting --> Req-Sent [vpn] LCP: phase shift DEAD --> ESTABLISH [vpn] LCP: SendConfigReq #1 ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 12345678 [vpn] rec'd unknown ctrl message, cookie=942710669 cmd=4 [vpn] LCP: rec'd Configure Request #1 link 0 (Req-Sent) MRU 1524 AUTHPROTO CHAP MD5 MAGICNUM 12345678 PROTOCOMP ACFCOMP [vpn] LCP: SendConfigAck #1 MRU 1524 AUTHPROTO CHAP MD5 MAGICNUM 12345678 PROTOCOMP ACFCOMP [vpn] LCP: state change Req-Sent --> Ack-Sent [vpn] LCP: rec'd Configure Ack #1 link 0 (Ack-Sent) ACFCOMP PROTOCOMP MRU 1500 MAGICNUM 12345678 [vpn] LCP: state change Ack-Sent --> Opened [vpn] LCP: phase shift ESTABLISH --> AUTHENTICATE [vpn] LCP: auth: peer wants CHAP, I want nothing [vpn] LCP: LayerUp [vpn] CHAP: rec'd CHALLENGE #1 Name: "company" Using authname "abc" [vpn] CHAP: sending RESPONSE [vpn] CHAP: rec'd SUCCESS #1 [vpn] LCP: authorization successful [vpn] LCP: phase shift AUTHENTICATE --> NETWORK [vpn] up: 1 link, total bandwidth 64000 bps [vpn] IPCP: Up event [vpn] IPCP: state change Starting --> Req-Sent [vpn] IPCP: SendConfigReq #1 IPADDR 192.168.7.101 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [vpn] CCP: Open event [vpn] CCP: state change Initial --> Starting [vpn] CCP: LayerStart [vpn] CCP: Up event [vpn] CCP: state change Starting --> Req-Sent [vpn] CCP: SendConfigReq #1 MPPC 0x01000060: MPPE, 40 bit, 128 bit, stateless [vpn] CCP: rec'd Configure Request #1 link 0 (Req-Sent) MPPC 0x00000020: MPPE, 40 bit [vpn] CCP: SendConfigAck #1 MPPC 0x00000020: MPPE, 40 bit [vpn] CCP: state change Req-Sent --> Ack-Sent [vpn] IPCP: rec'd Configure Request #1 link 0 (Req-Sent) IPADDR c.o.m.p Same as PPTP IP; would cause routing loop NAKing with c.o.m.p [vpn] IPCP: SendConfigNak #1 IPADDR c.o.m.p [vpn] IPCP: rec'd Configure Reject #1 link 0 (Req-Sent) COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [vpn] IPCP: SendConfigReq #2 IPADDR 192.168.7.101 [vpn] CCP: SendConfigReq #2 MPPC 0x01000060: MPPE, 40 bit, 128 bit, stateless [vpn] IPCP: rec'd Configure Ack #2 link 0 (Req-Sent) IPADDR 192.168.7.101 [vpn] IPCP: state change Req-Sent --> Ack-Rcvd [vpn] CCP: rec'd Configure Nak #2 link 0 (Ack-Sent) MPPC 0x00000020: MPPE, 40 bit [vpn] CCP: SendConfigReq #3 MPPC 0x00000020: MPPE, 40 bit [vpn] CCP: rec'd Configure Ack #3 link 0 (Ack-Sent) MPPC 0x00000020: MPPE, 40 bit [vpn] CCP: state change Ack-Sent --> Opened [vpn] CCP: LayerUp [vpn] "accept chap" required for MPPE [vpn] can't determine credentials for MPPE [vpn] CCP: failed to negotiate required encryption [vpn] CCP: Close event [vpn] CCP: state change Opened --> Closing [vpn] CCP: SendTerminateReq #4 [vpn] CCP: LayerDown [vpn] CCP: state change Closing --> Closed [vpn] CCP: LayerFinish [vpn] "accept chap" required for MPPE [vpn] can't determine credentials for MPPE [vpn] CCP: failed to negotiate required encryption [vpn] CCP: Close event [vpn] CCP: LayerFinish Compress using: MPPE, 40 bit Decompress using: MPPE, 40 bit [vpn] CCP: rec'd Terminate Ack #4 link 0 (Closed) [vpn] CCP: rec'd Configure Request #2 link 0 (Closed) [vpn] CCP: SendTerminateAck #5 [vpn] IPCP: rec'd Configure Request #2 link 0 (Ack-Rcvd) IPADDR c.o.m.p Same as PPTP IP; would cause routing loop NAKing with c.o.m.p [vpn] IPCP: SendConfigNak #2 IPADDR c.o.m.p [vpn] IPCP: rec'd Configure Request #3 link 0 (Ack-Rcvd) [vpn] IPCP: SendConfigAck #3 [vpn] IPCP: state change Ack-Rcvd --> Opened [vpn] IPCP: LayerUp 192.168.7.101 -> c.o.m.p [vpn] IFACE: Up event [vpn] exec: /sbin/ifconfig ng0 192.168.7.101 c.o.m.p netmask 0xffffffff -link0 [vpn] exec: /sbin/route add 192.168.1.0 c.o.m.p -netmask 0xffffff00 [vpn] IFACE: Up event ---<<>>--- When I try to ping a Server I get (I put the DNS-Zone for "company.lan" on my local DNS!): ---<<<>>>--- beastie:mpd#ping test.company.lan PING test.company.lan (192.168.1.9): 56 data bytes ping: sendto: Resource deadlock avoided ping: sendto: Resource deadlock avoided ping: sendto: No buffer space available ping: sendto: No buffer space available ping: sendto: No buffer space available ping: sendto: No buffer space available ---<<>>--- Could someone out there please put me on the right track?? I first assumed my NATting router be a problem, but as my Win-Box establishes the pptp-Link w/o any problems (I can ping and telnet and ftp to all Servers I tried) I hope hat this should not be the problem?! Would be great if someone could help me with this! Regards, _ralf_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message