From owner-freebsd-net@FreeBSD.ORG Fri Apr 20 12:51:24 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3935216A403 for ; Fri, 20 Apr 2007 12:51:24 +0000 (UTC) (envelope-from stapleton.41@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.185]) by mx1.freebsd.org (Postfix) with ESMTP id 9ABC313C4C1 for ; Fri, 20 Apr 2007 12:51:22 +0000 (UTC) (envelope-from stapleton.41@gmail.com) Received: by mu-out-0910.google.com with SMTP id g7so1056664muf for ; Fri, 20 Apr 2007 05:51:21 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=EpBYBpMRNhrGIeE6axhOz/E2VRkMTK6W4TFw2Bk5iG4wcBo9vqU/JnR71R4TLPKqJUGPvRihiKPQdLdLcGc0ZibmM6I8AVLBr4t50TUT0G0SgrF6aJ7cCbmd708f9FWFs1D4fJst3agSRSm0ujT6r7YLA+BdRTNsM/ebbmwvElA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=tSocAbh6DvCqE5z/SRA0gEZPPK/TSLjkfaqkKG/TZSXv4IVsF/XzEHu3Q2qUuLZvIYyKOB2uH5Lx7t7ToOMpipAivaI6dLm6BKujnZILFrjCnIvc6tQzx7qbp1Pg7SVNJGPG9rwSHPINELeESgcWjDkFtauzxdbxR9NNpFqlCOU= Received: by 10.82.163.13 with SMTP id l13mr4486709bue.1177071858017; Fri, 20 Apr 2007 05:24:18 -0700 (PDT) Received: by 10.82.191.16 with HTTP; Fri, 20 Apr 2007 05:24:17 -0700 (PDT) Message-ID: <80f4f2b20704200524s3447e98et1990403b711e42f7@mail.gmail.com> Date: Fri, 20 Apr 2007 08:24:17 -0400 From: "Jim Stapleton" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: attempting VPN again X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Apr 2007 12:51:24 -0000 OK, I found a Windows based VPN server at work (we have one windows + 2 cisco) I figured I'd try that because it was the least painful to setup elsewhere (meaning fewer things that vary in configuration?), and I found *some* references to connecting to it. http://lists.freebsd.org/pipermail/freebsd-net/2006-June/010891.html Here are my files. Anything in ALL CAPS is a replacement for some information I'd rather not display publically. /usr/local/etc/mpd/mpd.conf ======================================== vpn: new -i nve0 vpn vpn set iface session 28800 set bundle authname "WORK-DOMAIN\\WORK-USERNAME" set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e56 set ccp yes mpp-e128 # set this to your correct routing information set iface route EXTERNAL-WORK-VPN-IP/24 set link enable no-orig-auth open ======================================== /usr/local/etc/mpd/mpd.secret ======================================== WORK-DOMAIN\\WORK-USERNAME WORK-PASSWORD ======================================== /usr/local/etc/mpd/mpd.secret ======================================== vpn: set link type pptp # set pptp self 1.2.3.4 set pptp peer EXTERNAL-WORK-VPN-IP set pptp enable originate outcall ======================================== sjss@elrond 08:12:45 (1) /usr/local/etc/mpd > sudo mpd ======================================== Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 91637, version 3.18 (root@elrond.ameritech.net 22:07 19-Apr-2007) [vpn] interface "nve0" is not a netgraph interface [vpn] netgraph initialization failed mpd: no bundles defined mpd: no bundles defined mpd: no bundles defined mpd: no bundles defined mpd: no bundles defined mpd: no bundles defined mpd: no bundles defined mpd: no bundles defined mpd: no bundles defined mpd: no bundles defined [:] ======================================== Here's a point of confusion for me (I tested all using ipconfig): (1) My machine at work is a windows machine, ip config reports a netmask of 255.255.254.0 (2) The machine I admin is also windows, with 255.255.255.0 as it's netmask (3) My windows desktop, when VPNing in has a netmask of 255.255.255.255 for the VPN interface. Any suggestions on how to get this up? This is one of only two tasks I need to boot into windows (at home) to accomplish currently, and I'd like to rectify that. It looks like I need to make a netgraph bridge, but I don't know where to start looking for that one. Netgraph(4) wasn't enlightening for me. The ipsec section of the handbook left me more confused then I was when I started. Thanks, -Jim Stapleton