Date: Fri, 20 Apr 2007 09:28:58 -0400 From: "Jim Stapleton" <stapleton.41@gmail.com> To: freebsd-net@freebsd.org Subject: Re: attempting VPN again Message-ID: <80f4f2b20704200628g3228cedbhaf8e7c1a24b790f7@mail.gmail.com> In-Reply-To: <80f4f2b20704200524s3447e98et1990403b711e42f7@mail.gmail.com> References: <80f4f2b20704200524s3447e98et1990403b711e42f7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
OK, I figured ng0 stood for negraph, so I switched nve0 go ng0, and it had *some* improvement. I get a lot farther along. (When I man'ed ng0 - or attempted to, I accidentally did nge, and though that the sample was using a national semiconductors gigabit-ethernet controller, and I had to switch it to my own nvidia based system). Anyway, now I get a log string of connection setup stuff, which appears to connect until it gets this error: [vpn] CCP: state change Ack-Sent --> Opened [vpn] CCP: LayerUp Compress using: MPPE, 128 bit Decompress using: MPPE, 128 bit [vpn] setting interface ng0 MTU to 1500 bytes [vpn] IPCP: rec'd Configure Ack #4 link 0 (Ack-Sent) IPADDR [HIDDEN-VALID-IP] [vpn] IPCP: state change Ack-Sent --> Opened [vpn] IPCP: LayerUp [HIDDEN-VALID-IP] -> [HIDDEN-VALID-IP] [vpn] IFACE: Up event [vpn] setting interface ng0 MTU to 1500 bytes [vpn] exec: /sbin/ifconfig ng0 [HIDDEN-VALID-IP] [HIDDEN-VALID-IP] netmask 0xffffffff -link0 [vpn] exec: /sbin/route add [HIDDEN-VALID-IP] -iface lo0 [vpn] exec: /sbin/route add [HIDDEN-VALID-IP] [HIDDEN-VALID-IP] -netmask 0xffffff00 [vpn] IFACE: Up event [vpn] LCP: no reply to 1 echo request(s) [vpn] LCP: no reply to 2 echo request(s) [vpn] LCP: no reply to 3 echo request(s) [vpn] LCP: no reply to 4 echo request(s) [vpn] LCP: no reply to 5 echo request(s) [vpn] LCP: no reply to 6 echo request(s) [vpn] LCP: no reply to 7 echo request(s) [vpn] LCP: peer not responding to echo requests [vpn] LCP: LayerFinish [vpn] LCP: LayerStart [vpn] LCP: state change Opened --> Starting [vpn] LCP: phase shift NETWORK --> DEAD [vpn] setting interface ng0 MTU to 1500 bytes [vpn] up: 0 links, total bandwidth 9600 bps [vpn] IPCP: Down event [vpn] IPCP: state change Opened --> Starting [vpn] IPCP: LayerDown [vpn] IFACE: Down event [vpn] exec: /sbin/route delete [HIDDEN-VALID-IP] [HIDDEN-VALID-IP] -netmask 0xffffff00 [vpn] exec: /sbin/route delete [HIDDEN-VALID-IP] -iface lo0 [vpn] exec: /sbin/ifconfig ng0 down delete -link0 [vpn] CCP: Down event [vpn] CCP: state change Opened --> Starting [vpn] CCP: LayerDown [vpn] CCP: Close event [vpn] CCP: state change Starting --> Initial [vpn] CCP: LayerFinish [vpn] LCP: LayerDown [vpn] device: CLOSE event in state UP pptp0-0: clearing call [vpn] device is now in state CLOSING [vpn] device: OPEN event in state CLOSING [vpn] device is now in state CLOSING [vpn] device: DOWN event in state CLOSING [vpn] device is now in state DOWN [vpn] link: DOWN event [vpn] LCP: Down event [vpn] device: OPEN event in state DOWN [vpn] pausing 9 seconds before open [vpn] device is now in state DOWN [vpn] device: OPEN event in state DOWN [vpn] device is now in state DOWN pptp0-0: peer call disconnected res=zero? err=none pptp0-0: killing channel pptp0: closing connection with SERVER-VPN-IP-ADDR:1723 pptp0: killing connection with SERVER-VPN-IP-ADDR:1723 [vpn] closing link "vpn"... [vpn] link: CLOSE event [vpn] LCP: Close event [vpn] LCP: state change Starting --> Initial [vpn] LCP: LayerFinish [vpn] device: CLOSE event in state DOWN [vpn] device is now in state DOWN A few IPs have been cleaned out with anything else sensitive, there's a lot more, which I can clean up and send here, but, I don't know what is needed. Any ideas (or what more info should I send?) Thanks, -Jim Stapleton On 4/20/07, Jim Stapleton <stapleton.41@gmail.com> wrote: > OK, I found a Windows based VPN server at work (we have one windows + 2 cisco) > > I figured I'd try that because it was the least painful to setup > elsewhere (meaning fewer things that vary in configuration?), and I > found *some* references to connecting to it. > http://lists.freebsd.org/pipermail/freebsd-net/2006-June/010891.html > > Here are my files. Anything in ALL CAPS is a replacement for some > information I'd rather not display publically. > > /usr/local/etc/mpd/mpd.conf > ======================================== > vpn: > new -i nve0 vpn vpn > > set iface session 28800 > set bundle authname "WORK-DOMAIN\\WORK-USERNAME" > set bundle enable compression > set ccp yes mppc > set ccp yes mpp-e40 > set ccp yes mpp-e56 > set ccp yes mpp-e128 > # set this to your correct routing information > set iface route EXTERNAL-WORK-VPN-IP/24 > set link enable no-orig-auth > open > ======================================== > > /usr/local/etc/mpd/mpd.secret > ======================================== > WORK-DOMAIN\\WORK-USERNAME WORK-PASSWORD > ======================================== > > /usr/local/etc/mpd/mpd.secret > ======================================== > vpn: > set link type pptp > # set pptp self 1.2.3.4 > set pptp peer EXTERNAL-WORK-VPN-IP > set pptp enable originate outcall > ======================================== > > > > sjss@elrond 08:12:45 (1) /usr/local/etc/mpd > sudo mpd > ======================================== > Multi-link PPP for FreeBSD, by Archie L. Cobbs. > Based on iij-ppp, by Toshiharu OHNO. > mpd: pid 91637, version 3.18 (root@elrond.ameritech.net 22:07 19-Apr-2007) > [vpn] interface "nve0" is not a netgraph interface > [vpn] netgraph initialization failed > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > [:] > ======================================== > > > > Here's a point of confusion for me (I tested all using ipconfig): > (1) My machine at work is a windows machine, ip config reports a > netmask of 255.255.254.0 > (2) The machine I admin is also windows, with 255.255.255.0 as it's netmask > (3) My windows desktop, when VPNing in has a netmask of > 255.255.255.255 for the VPN interface. > > > > Any suggestions on how to get this up? This is one of only two tasks I > need to boot into windows (at home) to accomplish currently, and I'd > like to rectify that. > > It looks like I need to make a netgraph bridge, but I don't know where > to start looking for that one. Netgraph(4) wasn't enlightening for me. > The ipsec section of the handbook left me more confused then I was > when I started. > > Thanks, > -Jim Stapleton >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?80f4f2b20704200628g3228cedbhaf8e7c1a24b790f7>