Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 17 Feb 2002 10:05:19 +1030 (CST)
From:      Justin Hawkins <justin@hawkins.dropbear.id.au>
To:        freebsd-net@freebsd.org
Subject:   mpd-netgraph as VPN client to Cisco 2500
Message-ID:  <20020217094933.D9233-100000@tardis.everard.bogus>
next in thread | raw e-mail | index | archive | help 

Hi folks,

I'm trying to setup a VPN connection to my work's staff network. I think
I'm running into the problem described here:

http://www.geocrawler.com/mail/msg.php3?msg_id=7311422&list=165

IE: The physical IP address of the cisco device is the same as the tunnel
endpoint address, and packets get encapsulated recursively.

Here's what my routing table and interface look like after I bring the
link up:

Routing tables:

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            xxx.xxx.xxx.xxx    UGSc       27     1545    ed1
127.0.0.1          127.0.0.1          UH         13     7493    lo0
[snip]
yyy.yyy.yyy.30      yyy.yyy.yyy.228     UH          2       11    ng0

ifconfig:

ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::500:dead:beef:1234%ng0 prefixlen 64 scopeid 0x9
        inet yyy.yyy.yyy.228 --> yyy.yyy.yyy.30 netmask 0xffffffff

Where yyy.yyy.yyy is my staff network class C, .30 is the VPN server
(Cisco 2511), .228 is the negotiated client address for my FreeBSD box.

When I try to ping I get:

tardis:~ > ping yyy.yyy.yyy.30
PING yyy.yyy.yyy.30 (yyy.yyy.yyy.30): 56 data bytes
ping: sendto: Resource deadlock avoided
ping: sendto: Resource deadlock avoided
ping: sendto: No buffer space available
ping: sendto: No buffer space available

During the opening of the connection with mpd-netgraph, I see this:

[vpn] IPCP: rec'd Configure Request #50 link 0 (Req-Sent)
 IPADDR yyy.yyy.yyy.30
   Same as PPTP IP; would cause routing loop
   NAKing with yyy.yyy.yyy.30

which is referenced in the geocrawler link above.

Is the tunnel endpoint having the same IP as the physical interface
completely unsupported?

Could I possibly solve this by use of an ethernet alias on the 2511?

Can provide more of the debug output from mpd while bringing up the link
if necessary.

Thanks!

	- Justin

-- 
justin@hawkins.dropbear.id.au  |    "Don't sweat it --
http://hawkins.dropbear.id.au  |  it's only 1's and 0's"



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020217094933.D9233-100000>