From owner-freebsd-net@FreeBSD.ORG Fri Apr 20 13:29:01 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 361AD16A40F for ; Fri, 20 Apr 2007 13:29:01 +0000 (UTC) (envelope-from stapleton.41@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.189]) by mx1.freebsd.org (Postfix) with ESMTP id 6E34A13C48A for ; Fri, 20 Apr 2007 13:29:00 +0000 (UTC) (envelope-from stapleton.41@gmail.com) Received: by mu-out-0910.google.com with SMTP id g7so1069149muf for ; Fri, 20 Apr 2007 06:28:59 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UYOsBxdAbZN7nI7uU6LKu6YTCVPrc8NuVsOXLi+uMiPSnQPOpfQBjLVGqMI1wy6eRsQWSTA7dus2VbDx/XcmhVCSOJP/Ky4kiStJk3prOZW1tfFRuT5bKvxVhgF6w0JbKA/N6Lnz9zAj0qVQLPDcXo6r5lJRMIZ9G1U+VgKJVSY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZI4ezBFzB+KnHPr0y2Nb2Cb0AHBjnm1uWvm4aJ5GPt/MhS31b27XpX8WuTPjA+IS+rsf0Ti3tcTgAvyK5uiOQ/QaYl2uk+Ag2T+KpwgrEnV3F3q+WhBTyJewfxhdl8DQ5f1VwIfMuFiRTRXGO9wUN/CO9JSX9gocmTbFYol0wjA= Received: by 10.82.162.14 with SMTP id k14mr4604104bue.1177075738050; Fri, 20 Apr 2007 06:28:58 -0700 (PDT) Received: by 10.82.191.16 with HTTP; Fri, 20 Apr 2007 06:28:58 -0700 (PDT) Message-ID: <80f4f2b20704200628g3228cedbhaf8e7c1a24b790f7@mail.gmail.com> Date: Fri, 20 Apr 2007 09:28:58 -0400 From: "Jim Stapleton" To: freebsd-net@freebsd.org In-Reply-To: <80f4f2b20704200524s3447e98et1990403b711e42f7@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <80f4f2b20704200524s3447e98et1990403b711e42f7@mail.gmail.com> Subject: Re: attempting VPN again X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Apr 2007 13:29:01 -0000 OK, I figured ng0 stood for negraph, so I switched nve0 go ng0, and it had *some* improvement. I get a lot farther along. (When I man'ed ng0 - or attempted to, I accidentally did nge, and though that the sample was using a national semiconductors gigabit-ethernet controller, and I had to switch it to my own nvidia based system). Anyway, now I get a log string of connection setup stuff, which appears to connect until it gets this error: [vpn] CCP: state change Ack-Sent --> Opened [vpn] CCP: LayerUp Compress using: MPPE, 128 bit Decompress using: MPPE, 128 bit [vpn] setting interface ng0 MTU to 1500 bytes [vpn] IPCP: rec'd Configure Ack #4 link 0 (Ack-Sent) IPADDR [HIDDEN-VALID-IP] [vpn] IPCP: state change Ack-Sent --> Opened [vpn] IPCP: LayerUp [HIDDEN-VALID-IP] -> [HIDDEN-VALID-IP] [vpn] IFACE: Up event [vpn] setting interface ng0 MTU to 1500 bytes [vpn] exec: /sbin/ifconfig ng0 [HIDDEN-VALID-IP] [HIDDEN-VALID-IP] netmask 0xffffffff -link0 [vpn] exec: /sbin/route add [HIDDEN-VALID-IP] -iface lo0 [vpn] exec: /sbin/route add [HIDDEN-VALID-IP] [HIDDEN-VALID-IP] -netmask 0xffffff00 [vpn] IFACE: Up event [vpn] LCP: no reply to 1 echo request(s) [vpn] LCP: no reply to 2 echo request(s) [vpn] LCP: no reply to 3 echo request(s) [vpn] LCP: no reply to 4 echo request(s) [vpn] LCP: no reply to 5 echo request(s) [vpn] LCP: no reply to 6 echo request(s) [vpn] LCP: no reply to 7 echo request(s) [vpn] LCP: peer not responding to echo requests [vpn] LCP: LayerFinish [vpn] LCP: LayerStart [vpn] LCP: state change Opened --> Starting [vpn] LCP: phase shift NETWORK --> DEAD [vpn] setting interface ng0 MTU to 1500 bytes [vpn] up: 0 links, total bandwidth 9600 bps [vpn] IPCP: Down event [vpn] IPCP: state change Opened --> Starting [vpn] IPCP: LayerDown [vpn] IFACE: Down event [vpn] exec: /sbin/route delete [HIDDEN-VALID-IP] [HIDDEN-VALID-IP] -netmask 0xffffff00 [vpn] exec: /sbin/route delete [HIDDEN-VALID-IP] -iface lo0 [vpn] exec: /sbin/ifconfig ng0 down delete -link0 [vpn] CCP: Down event [vpn] CCP: state change Opened --> Starting [vpn] CCP: LayerDown [vpn] CCP: Close event [vpn] CCP: state change Starting --> Initial [vpn] CCP: LayerFinish [vpn] LCP: LayerDown [vpn] device: CLOSE event in state UP pptp0-0: clearing call [vpn] device is now in state CLOSING [vpn] device: OPEN event in state CLOSING [vpn] device is now in state CLOSING [vpn] device: DOWN event in state CLOSING [vpn] device is now in state DOWN [vpn] link: DOWN event [vpn] LCP: Down event [vpn] device: OPEN event in state DOWN [vpn] pausing 9 seconds before open [vpn] device is now in state DOWN [vpn] device: OPEN event in state DOWN [vpn] device is now in state DOWN pptp0-0: peer call disconnected res=zero? err=none pptp0-0: killing channel pptp0: closing connection with SERVER-VPN-IP-ADDR:1723 pptp0: killing connection with SERVER-VPN-IP-ADDR:1723 [vpn] closing link "vpn"... [vpn] link: CLOSE event [vpn] LCP: Close event [vpn] LCP: state change Starting --> Initial [vpn] LCP: LayerFinish [vpn] device: CLOSE event in state DOWN [vpn] device is now in state DOWN A few IPs have been cleaned out with anything else sensitive, there's a lot more, which I can clean up and send here, but, I don't know what is needed. Any ideas (or what more info should I send?) Thanks, -Jim Stapleton On 4/20/07, Jim Stapleton wrote: > OK, I found a Windows based VPN server at work (we have one windows + 2 cisco) > > I figured I'd try that because it was the least painful to setup > elsewhere (meaning fewer things that vary in configuration?), and I > found *some* references to connecting to it. > http://lists.freebsd.org/pipermail/freebsd-net/2006-June/010891.html > > Here are my files. Anything in ALL CAPS is a replacement for some > information I'd rather not display publically. > > /usr/local/etc/mpd/mpd.conf > ======================================== > vpn: > new -i nve0 vpn vpn > > set iface session 28800 > set bundle authname "WORK-DOMAIN\\WORK-USERNAME" > set bundle enable compression > set ccp yes mppc > set ccp yes mpp-e40 > set ccp yes mpp-e56 > set ccp yes mpp-e128 > # set this to your correct routing information > set iface route EXTERNAL-WORK-VPN-IP/24 > set link enable no-orig-auth > open > ======================================== > > /usr/local/etc/mpd/mpd.secret > ======================================== > WORK-DOMAIN\\WORK-USERNAME WORK-PASSWORD > ======================================== > > /usr/local/etc/mpd/mpd.secret > ======================================== > vpn: > set link type pptp > # set pptp self 1.2.3.4 > set pptp peer EXTERNAL-WORK-VPN-IP > set pptp enable originate outcall > ======================================== > > > > sjss@elrond 08:12:45 (1) /usr/local/etc/mpd > sudo mpd > ======================================== > Multi-link PPP for FreeBSD, by Archie L. Cobbs. > Based on iij-ppp, by Toshiharu OHNO. > mpd: pid 91637, version 3.18 (root@elrond.ameritech.net 22:07 19-Apr-2007) > [vpn] interface "nve0" is not a netgraph interface > [vpn] netgraph initialization failed > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > mpd: no bundles defined > [:] > ======================================== > > > > Here's a point of confusion for me (I tested all using ipconfig): > (1) My machine at work is a windows machine, ip config reports a > netmask of 255.255.254.0 > (2) The machine I admin is also windows, with 255.255.255.0 as it's netmask > (3) My windows desktop, when VPNing in has a netmask of > 255.255.255.255 for the VPN interface. > > > > Any suggestions on how to get this up? This is one of only two tasks I > need to boot into windows (at home) to accomplish currently, and I'd > like to rectify that. > > It looks like I need to make a netgraph bridge, but I don't know where > to start looking for that one. Netgraph(4) wasn't enlightening for me. > The ipsec section of the handbook left me more confused then I was > when I started. > > Thanks, > -Jim Stapleton >