From owner-freebsd-questions@FreeBSD.ORG Fri Sep 2 06:32:08 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06B511065670 for ; Fri, 2 Sep 2011 06:32:08 +0000 (UTC) (envelope-from kes-kes@yandex.ru) Received: from forward15.mail.yandex.net (forward15.mail.yandex.net [IPv6:2a02:6b8:0:801::5]) by mx1.freebsd.org (Postfix) with ESMTP id E39CE8FC08 for ; Fri, 2 Sep 2011 06:32:06 +0000 (UTC) Received: from smtp14.mail.yandex.net (smtp14.mail.yandex.net [95.108.131.192]) by forward15.mail.yandex.net (Yandex) with ESMTP id 4A2619E36C4; Fri, 2 Sep 2011 10:32:05 +0400 (MSD) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1314945125; bh=CeLYFdNFzkaFoqLxAxNsYoxtmsiM2YTwHGXxl2CEp2o=; h=Date:From:Reply-To:Message-ID:To:CC:Subject:In-Reply-To: References:MIME-Version:Content-Type:Content-Transfer-Encoding; b=LVpj8H4U37psRWZTJbzCu91/1IbZ3bA0V5IFcPlYe6SRwiPa0CzyciRtfXnlhXRwx 2vnMq+fAyEKX4Ysl/6v607XScjGpXQz+zdhAs5ziW28WKJ07Hbczo9wErSluNDRLBy /CkLIN/OIl6AFh36fMq9ZNwLFol3BqDhDSGQLLAc= Received: from smtp14.mail.yandex.net (localhost [127.0.0.1]) by smtp14.mail.yandex.net (Yandex) with ESMTP id 2C9431B60481; Fri, 2 Sep 2011 10:32:05 +0400 (MSD) Received: from 46-185-28-188-mltp.broadband.kyivstar.net (46-185-28-188-mltp.broadband.kyivstar.net [46.185.28.188]) by smtp14.mail.yandex.net (nwsmtp/Yandex) with ESMTP id W4UuEMDB; Fri, 2 Sep 2011 10:32:04 +0400 X-Yandex-Spam: 1 Date: Fri, 2 Sep 2011 09:31:53 +0300 From: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= X-Mailer: The Bat! (v4.0.24) Professional Organization: =?windows-1251?B?188gyu7t/Oru4iwgRnJlZUxpbmU=?= X-Priority: 3 (Normal) Message-ID: <638737527.20110902093153@yandex.ru> To: Marco Beishuizen In-Reply-To: References: <4E5E8A93.1010006@sentex.net> <123778406.20110901225021@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org, Mike Tancsa Subject: Re[3]: vpn using pptpclient in FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2011 06:32:08 -0000 Здравствуйте, Marco. Вы писали 1 сентября 2011 г., 23:35:49: MB> On Thu, 1 Sep 2011, the wise Коньков Евгений wrote: >> Notice: [B1] IFACE: Add route 0.0.0.0/0 130.115.3.34 failed: File exists >> You already have default route in your system >> why you set up the default again? >> Notice in conf: >> set iface route default MB> With help from Mike Tancsa I've changed the config a bit and getting less MB> errors now, but still not a working vpn connection. My mpd.conf is now: MB> ... MB> # Default configuration is "pptp_client" MB> default: MB> load pptp_client MB> pptp_client: MB> # MB> # PPTP client: only outgoing calls, auto reconnect, MB> # ipcp-negotiated address, one-sided authentication, MB> # default route points on ISP's end MB> # MB> create bundle static B1 MB> set iface route 130.115.0.0/16 MB> set ipcp ranges 0.0.0.0/0 0.0.0.0/0 MB> set bundle enable compression MB> set ccp yes mppc MB> set mppc yes e40 MB> set mppc yes e128 MB> set bundle enable crypt-reqd MB> set mppc yes stateless MB> create link static L1 pptp MB> set link action bundle B1 MB> set auth authname xxxxxxxxxxxxxx MB> set auth password xxxxxxxxxxxxx MB> set link max-redial 0 MB> set link mtu 1460 MB> set link keep-alive 20 75 MB> set pptp peer vpn-eur-pptp.eur.nl MB> set pptp disable windowing MB> open MB> ... MB> It looks like it's setting up a correct connection, but the site of the MB> library I would like to access isn't accessible when mpd5 is running: MB> ... MB> process 2965 started, version 5.5 (root@yokozuna.lan 17:08 30-Jul-2011) MB> CONSOLE: listening on 127.0.0.1 5005 MB> web: listening on 0.0.0.0 5006 MB> [B1] Bundle: Interface ng0 created MB> [L1] [L1] Link: OPEN event MB> [L1] LCP: Open event MB> [L1] LCP: state change Initial --> Starting MB> [L1] LCP: LayerStart MB> [L1] PPTP call successful MB> [L1] Link: UP event MB> [L1] LCP: Up event MB> [L1] LCP: state change Starting --> Req-Sent MB> [L1] LCP: SendConfigReq #1 MB> [L1] ACFCOMP MB> [L1] PROTOCOMP MB> [L1] ACCMAP 0x000a0000 MB> [L1] MRU 1500 MB> [L1] MAGICNUM 0a9219e0 MB> [L1] LCP: SendConfigReq #2 MB> [L1] ACFCOMP MB> [L1] PROTOCOMP MB> [L1] ACCMAP 0x000a0000 MB> [L1] MRU 1500 MB> [L1] MAGICNUM 0a9219e0 MB> [L1] LCP: rec'd Configure Reject #2 (Req-Sent) MB> [L1] PROTOCOMP MB> [L1] LCP: SendConfigReq #3 MB> [L1] ACFCOMP MB> [L1] ACCMAP 0x000a0000 MB> [L1] MRU 1500 MB> [L1] MAGICNUM 0a9219e0 MB> [L1] LCP: rec'd Configure Reject #3 (Req-Sent) MB> [L1] ACFCOMP MB> [L1] LCP: SendConfigReq #4 MB> [L1] ACCMAP 0x000a0000 MB> [L1] MRU 1500 MB> [L1] MAGICNUM 0a9219e0 MB> [L1] LCP: rec'd Configure Nak #4 (Req-Sent) MB> [L1] ACCMAP 0x000a0000 MB> [L1] LCP: SendConfigReq #5 MB> [L1] ACCMAP 0x000a0000 MB> [L1] MRU 1500 MB> [L1] MAGICNUM 0a9219e0 MB> [L1] LCP: rec'd Configure Ack #5 (Req-Sent) MB> [L1] ACCMAP 0x000a0000 MB> [L1] MRU 1500 MB> [L1] MAGICNUM 0a9219e0 MB> [L1] LCP: state change Req-Sent --> Ack-Rcvd MB> [L1] LCP: rec'd Configure Request #1 (Ack-Rcvd) MB> [L1] AUTHPROTO CHAP MSOFTv2 MB> [L1] LCP: SendConfigAck #1 MB> [L1] AUTHPROTO CHAP MSOFTv2 MB> [L1] LCP: state change Ack-Rcvd --> Opened MB> [L1] LCP: auth: peer wants CHAP, I want nothing MB> [L1] LCP: LayerUp MB> [L1] CHAP: rec'd CHALLENGE #1 len: 21 MB> [L1] Name: "" MB> [L1] CHAP: Using authname "xxxxxxxxxxxxxxxxx" MB> [L1] CHAP: sending RESPONSE #1 len: 69 MB> [L1] CHAP: rec'd CHALLENGE #2 len: 21 MB> [L1] Name: "" MB> [L1] CHAP: Using authname "xxxxxxxxxxxxxxxxxx" MB> [L1] CHAP: sending RESPONSE #2 len: 69 MB> [L1] rec'd proto IPCP during authenticate phase MB> [L1] rec'd proto CCP during authenticate phase MB> [L1] CHAP: sending RESPONSE #2 len: 69 MB> [L1] CHAP: rec'd SUCCESS #2 len: 46 MB> [L1] MESG: S=F1619D8A3373D2F43E6652E992CA564D66B1C1A4 MB> [L1] LCP: authorization successful MB> [L1] Link: Matched action 'bundle "B1" ""' MB> [L1] Link: Join bundle "B1" MB> [B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps MB> [B1] IPCP: Open event MB> [B1] IPCP: state change Initial --> Starting MB> [B1] IPCP: LayerStart MB> [B1] CCP: Open event MB> [B1] CCP: state change Initial --> Starting MB> [B1] CCP: LayerStart MB> [B1] IPCP: Up event MB> [B1] IPCP: state change Starting --> Req-Sent MB> [B1] IPCP: SendConfigReq #1 MB> [B1] IPADDR 0.0.0.0 MB> [B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid MB> [B1] CCP: Up event MB> [B1] CCP: state change Starting --> Req-Sent MB> [B1] CCP: SendConfigReq #1 MB> [B1] MPPC MB> [B1] 0x01000060:MPPE(40, 128 bits), stateless MB> [B1] CCP: rec'd Configure Nak #1 (Req-Sent) MB> [B1] MPPC MB> [B1] 0x01000040:MPPE(128 bits), stateless MB> [B1] CCP: SendConfigReq #2 MB> [B1] MPPC MB> [B1] 0x01000040:MPPE(128 bits), stateless MB> [B1] CCP: rec'd Configure Ack #2 (Req-Sent) MB> [B1] MPPC MB> [B1] 0x01000040:MPPE(128 bits), stateless MB> [B1] CCP: state change Req-Sent --> Ack-Rcvd MB> [B1] IPCP: rec'd Configure Request #1 (Req-Sent) MB> [B1] IPADDR 130.115.3.35 MB> [B1] 130.115.3.35 is OK MB> [B1] IPCP: SendConfigAck #1 MB> [B1] IPADDR 130.115.3.35 MB> [B1] IPCP: state change Req-Sent --> Ack-Sent MB> [B1] CCP: rec'd Configure Request #1 (Ack-Rcvd) MB> [B1] MPPC MB> [B1] 0x01000060:MPPE(40, 128 bits), stateless MB> [B1] CCP: SendConfigNak #1 MB> [B1] MPPC MB> [B1] 0x01000040:MPPE(128 bits), stateless MB> [B1] CCP: rec'd Configure Request #2 (Ack-Rcvd) MB> [B1] MPPC MB> [B1] 0x01000040:MPPE(128 bits), stateless MB> [B1] CCP: SendConfigAck #2 MB> [B1] MPPC MB> [B1] 0x01000040:MPPE(128 bits), stateless MB> [B1] CCP: state change Ack-Rcvd --> Opened MB> [B1] CCP: LayerUp MB> [B1] CCP: Compress using: mppc (MPPE(128 bits), stateless) MB> [B1] CCP: Decompress using: mppc (MPPE(128 bits), stateless) MB> [B1] IPCP: SendConfigReq #2 MB> [B1] IPADDR 0.0.0.0 MB> [B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid MB> [B1] IPCP: rec'd Configure Reject #2 (Ack-Sent) MB> [B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid MB> [B1] IPCP: SendConfigReq #3 MB> [B1] IPADDR 0.0.0.0 MB> [B1] IPCP: rec'd Configure Nak #3 (Ack-Sent) MB> [B1] IPADDR 130.115.85.11 MB> [B1] 130.115.85.11 is OK MB> [B1] IPCP: SendConfigReq #4 MB> [B1] IPADDR 130.115.85.11 MB> [B1] IPCP: rec'd Configure Ack #4 (Ack-Sent) MB> [B1] IPADDR 130.115.85.11 MB> [B1] IPCP: state change Ack-Sent --> Opened MB> [B1] IPCP: LayerUp MB> [B1] 130.115.85.11 -> 130.115.3.35 MB> [B1] IFACE: Up event MB> ... MB> I also noticed some kernel messages when starting mpd5: MB> ... MB> WARNING: attempt to domain_add(netgraph) after domainfinalize() MB> Loop detected on ng0 MB> Loop detected on ng0 MB> Loop detected on ng0 MB> ... MB> So I get the impression that I'm almost there. MB> Marco Try: netstat -nr ifconfig ng0 >WARNING: attempt to domain_add(netgraph) after domainfinalize() you may ignore this message. >set iface route 130.115.0.0/16 you say that behind tunnele thereis 130.115.0.0/16 subnet, but MB> [B1] 130.115.85.11 -> 130.115.3.35 you have address from subnet 130.115.0.0/16 addres on local machine so you get this message: MB> Loop detected on ng0 add routes only for subnets that on the other end of tunnel and not local >>set iface route 130.115.0.0/16 also you may remove 'iface route' from config. and setup tunnel. after that try to ping the other end: ping 130.115.3.35 add route by hand: # route add XXXXXXXX/X 130.115.3.35 # route add YYYYYYYY/Y 130.115.3.35 -- С уважением, Коньков mailto:kes-kes@yandex.ru