From owner-freebsd-net Sat Sep 22 13:35:57 2001 Delivered-To: freebsd-net@freebsd.org Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18]) by hub.freebsd.org (Postfix) with ESMTP id ABE3637B41A; Sat, 22 Sep 2001 13:35:51 -0700 (PDT) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [fec0::1:12]) by Awfulhak.org (8.11.6/8.11.6) with ESMTP id f8MKZnt42998; Sat, 22 Sep 2001 21:35:49 +0100 (BST) (envelope-from brian@freebsd-services.com) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.6/8.11.6) with ESMTP id f8MKZkR34433; Sat, 22 Sep 2001 21:35:46 +0100 (BST) (envelope-from brian@freebsd-services.com) Message-Id: <200109222035.f8MKZkR34433@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Lars Eggert Cc: net@FreeBSD.ORG, archie@FreeBSD.ORG, brian@freebsd-services.com Subject: Re: VPN client with mpd In-Reply-To: Message from Lars Eggert of "Sat, 22 Sep 2001 11:33:07 PDT." <3BACD963.1DC74B9B@isi.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 22 Sep 2001 21:35:46 +0100 From: Brian Somers Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hi, > > I'm trying to set up a VPN client on my FreeBSD laptop, so I can tunnel > through to work from home. I've played with both mpd and pptpclient from > ports, and mpd seems more robust (pptpclient likes to sometimes start > eating all CPU time). So I'd decided to to this with mpd; please let me > know if this was the wrong choice from the start. > > Here's my setup: > > LAPTOP <-----> NAT <--...INTERNET...--> VPN-SERVER <-----> INTRANET > > I started with the examples under /usr/local/etc/mpd, slightly changing > the defaults to what I thought were the correct values for my setup. > I've created mpd.secret with the correct login/password mapping for > LOGIN. > > Here's my mpd.conf: > > default: > load vpn > > vpn: > new -i ng1 vpn vpn > set iface disable on-demand > set iface addrs 192.168.1.1 192.168.2.1 > set iface idle 0 > set iface route 192.168.2.0/24 > set bundle disable multilink > set bundle authname > set link yes acfcomp protocomp > set link no pap > set link yes chap ^^^^^^^^^^^^^^^^^ I'm no mpd expert, but I believe this makes mpd insist that the peer authenticates itself. Try removing it. [.....] -- Brian http://www.freebsd-services.com/ Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message