From owner-freebsd-questions@FreeBSD.ORG Mon May 3 16:11:46 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F75F16A4CE for ; Mon, 3 May 2004 16:11:46 -0700 (PDT) Received: from imf19aec.mail.bellsouth.net (imf19aec.mail.bellsouth.net [205.152.59.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7E5943D53 for ; Mon, 3 May 2004 16:11:45 -0700 (PDT) (envelope-from btarver@idlemind.net) Received: from idlemind.net ([68.19.175.208]) by imf19aec.mail.bellsouth.netESMTP <20040503231144.QLVN1774.imf19aec.mail.bellsouth.net@idlemind.net> for ; Mon, 3 May 2004 19:11:44 -0400 Message-ID: <4096D192.5080409@idlemind.net> Date: Mon, 03 May 2004 18:11:14 -0500 From: Brad Tarver User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: need help setting up PPTP VPN using mpd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 May 2004 23:11:46 -0000 I'm trying to setup PPTP connectivity in a lab environment before I attempt to implement in a real-world situation. I have two routers and four PCs (two laptops running Windows XP and two desktops running FreeBSD 5.2.1). I haven't configured any ipfw or ipfirewall rules yet to keep my configuration 'simple'. Both FreeBSD boxes are configured to nat the two Windows boxes to my lab 'internet'. Can anyone look at the setup below and tell me what I'm missing? Here is my setup: LaptopA | | | 10.1.2.0/24 | | .1 FreebsdA | .2 | | 27.40.15.0/24 | | .1 RouterA | .25 | | 26.215.152.0/24 | | .26 RouterB | .1 | | 28.80.30.0/24 | | .2 FreebsdB | .1 | | 192.168.44.0/24 | | LaptopB I have MPD running on FreebsdA (27.40.15.2). Ipnat is configured on both freebsd boxes. When I open a new pptp vpn session on my laptopB, it gets to a 'verifying username and pass' stage and then errors. Here is my log: ---SNIP--- May 3 16:43:10 laurel0 kernel: mpd May 3 16:43:10 laurel0 mpd: mpd: pid 475, version 3.17 (root@laurel0.idlemind.net 21:09 2-May-2004) May 3 16:43:10 laurel0 mpd: [pptp0] ppp node is "mpd475-pptp0" May 3 16:43:11 laurel0 mpd: mpd: local IP address for PPTP is 27.40.15.2 May 3 16:43:11 laurel0 mpd: [pptp0] using interface ng0 May 3 16:43:11 laurel0 mpd: set yes: unknown command. Try "help". May 3 16:43:11 laurel0 mpd: [pptp1] ppp node is "mpd475-pptp1" May 3 16:43:11 laurel0 mpd: [pptp1] using interface ng1 May 3 16:43:11 laurel0 mpd: set yes: unknown command. Try "help". May 3 16:43:39 laurel0 mpd: mpd: PPTP connection from 28.80.30.2:4234 May 3 16:43:39 laurel0 mpd: pptp0: attached to connection with 28.80.30.2:4234 May 3 16:43:39 laurel0 mpd: [pptp0] IFACE: Open event May 3 16:43:39 laurel0 mpd: [pptp0] IPCP: Open event May 3 16:43:39 laurel0 mpd: [pptp0] IPCP: state change Initial --> Starting May 3 16:43:39 laurel0 mpd: [pptp0] IPCP: LayerStart May 3 16:43:39 laurel0 mpd: [pptp0] IPCP: Open event May 3 16:43:39 laurel0 mpd: [pptp0] bundle: OPEN event in state CLOSED May 3 16:43:39 laurel0 mpd: [pptp0] opening link "pptp0"... May 3 16:43:39 laurel0 mpd: [pptp0] link: OPEN event May 3 16:43:39 laurel0 mpd: [pptp0] LCP: Open event May 3 16:43:39 laurel0 mpd: [pptp0] LCP: state change Initial --> Starting May 3 16:43:39 laurel0 mpd: [pptp0] LCP: LayerStart May 3 16:43:39 laurel0 mpd: [pptp0] device: OPEN event in state DOWN May 3 16:43:39 laurel0 mpd: [pptp0] attaching to peer's outgoing call May 3 16:43:39 laurel0 mpd: [pptp0] device is now in state OPENING May 3 16:43:39 laurel0 mpd: [pptp0] device: UP event in state OPENING May 3 16:43:39 laurel0 mpd: [pptp0] device is now in state UP May 3 16:43:39 laurel0 mpd: [pptp0] link: UP event May 3 16:43:39 laurel0 mpd: [pptp0] link: origination is remote May 3 16:43:39 laurel0 mpd: [pptp0] LCP: Up event May 3 16:43:39 laurel0 mpd: [pptp0] LCP: state change Starting --> Req-Sent May 3 16:43:39 laurel0 mpd: [pptp0] LCP: phase shift DEAD --> ESTABLISH May 3 16:43:39 laurel0 mpd: [pptp0] LCP: SendConfigReq #1 May 3 16:43:39 laurel0 mpd: ACFCOMP May 3 16:43:39 laurel0 mpd: PROTOCOMP May 3 16:43:39 laurel0 mpd: MRU 1500 May 3 16:43:39 laurel0 mpd: MAGICNUM b960d589 May 3 16:43:39 laurel0 mpd: AUTHPROTO CHAP MSOFTv2 May 3 16:43:39 laurel0 mpd: [pptp0] error writing len 27 frame to bypass: No route to host May 3 16:43:39 laurel0 mpd: pptp0-0: ignoring SetLinkInfo May 3 16:43:39 laurel0 mpd: [pptp0] LCP: rec'd Configure Request #0 link 0 (Req-Sent) May 3 16:43:39 laurel0 mpd: MRU 1400 May 3 16:43:39 laurel0 mpd: MAGICNUM 44842fcf May 3 16:43:39 laurel0 mpd: PROTOCOMP May 3 16:43:39 laurel0 mpd: ACFCOMP May 3 16:43:39 laurel0 mpd: CALLBACK May 3 16:43:39 laurel0 mpd: Not supported May 3 16:43:39 laurel0 mpd: [pptp0] LCP: SendConfigRej #0 May 3 16:43:39 laurel0 mpd: CALLBACK May 3 16:43:39 laurel0 mpd: [pptp0] LCP: rec'd Configure Request #1 link 0 (Req-Sent) May 3 16:43:39 laurel0 mpd: MRU 1400 May 3 16:43:39 laurel0 mpd: MAGICNUM 44842fcf May 3 16:43:39 laurel0 mpd: PROTOCOMP May 3 16:43:39 laurel0 mpd: ACFCOMP May 3 16:43:39 laurel0 mpd: [pptp0] LCP: SendConfigAck #1 May 3 16:43:39 laurel0 mpd: MRU 1400 May 3 16:43:39 laurel0 mpd: MAGICNUM 44842fcf May 3 16:43:39 laurel0 mpd: PROTOCOMP May 3 16:43:39 laurel0 mpd: ACFCOMP May 3 16:43:39 laurel0 mpd: [pptp0] LCP: state change Req-Sent --> Ack-Sent May 3 16:43:41 laurel0 mpd: [pptp0] LCP: SendConfigReq #2 May 3 16:43:41 laurel0 mpd: ACFCOMP May 3 16:43:41 laurel0 mpd: PROTOCOMP May 3 16:43:41 laurel0 mpd: MRU 1500 May 3 16:43:41 laurel0 mpd: MAGICNUM b960d589 May 3 16:43:41 laurel0 mpd: AUTHPROTO CHAP MSOFTv2 May 3 16:43:41 laurel0 mpd: [pptp0] LCP: rec'd Configure Ack #2 link 0 (Ack-Sent) May 3 16:43:41 laurel0 mpd: ACFCOMP May 3 16:43:41 laurel0 mpd: PROTOCOMP May 3 16:43:41 laurel0 mpd: MRU 1500 May 3 16:43:41 laurel0 mpd: MAGICNUM b960d589 May 3 16:43:41 laurel0 mpd: AUTHPROTO CHAP MSOFTv2 May 3 16:43:41 laurel0 mpd: [pptp0] LCP: state change Ack-Sent --> Opened May 3 16:43:41 laurel0 mpd: [pptp0] LCP: phase shift ESTABLISH --> AUTHENTICATE May 3 16:43:41 laurel0 mpd: [pptp0] LCP: auth: peer wants nothing, I want CHAP May 3 16:43:41 laurel0 mpd: [pptp0] CHAP: sending CHALLENGE May 3 16:43:41 laurel0 mpd: [pptp0] LCP: LayerUp May 3 16:43:41 laurel0 mpd: [pptp0] LCP: rec'd Ident #2 link 0 (Opened) May 3 16:43:41 laurel0 mpd: MESG: MSRASV5.10 May 3 16:43:41 laurel0 mpd: pptp0-0: ignoring SetLinkInfo May 3 16:43:41 laurel0 mpd: [pptp0] LCP: rec'd Ident #3 link 0 (Opened) May 3 16:43:41 laurel0 mpd: MESG: MSRAS-0-PEARTREE May 3 16:43:41 laurel0 mpd: [pptp0] CHAP: rec'd RESPONSE #1 May 3 16:43:41 laurel0 mpd: Name: "btarver0" May 3 16:43:41 laurel0 mpd: Peer name: "btarver0" May 3 16:46:11 laurel0 mpd: Response is valid May 3 16:46:11 laurel0 mpd: [pptp0] CHAP: sending SUCCESS May 3 16:46:11 laurel0 mpd: [pptp0] error writing len 50 frame to bypass: No route to host May 3 16:46:11 laurel0 mpd: [pptp0] LCP: authorization successful May 3 16:46:11 laurel0 mpd: [pptp0] LCP: phase shift AUTHENTICATE --> NETWORK May 3 16:46:11 laurel0 mpd: [pptp0] setting interface ng0 MTU to 1400 bytes May 3 16:46:11 laurel0 mpd: [pptp0] up: 1 link, total bandwidth 64000 bps May 3 16:46:11 laurel0 mpd: [pptp0] IPCP: Up event May 3 16:46:11 laurel0 mpd: [pptp0] IPCP: state change Starting --> Req-Sent May 3 16:46:11 laurel0 mpd: [pptp0] IPCP: SendConfigReq #1 May 3 16:46:11 laurel0 mpd: IPADDR 10.1.2.1 May 3 16:46:11 laurel0 mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid May 3 16:46:11 laurel0 mpd: [pptp0] error writing len 20 frame to bypass: No route to host May 3 16:46:11 laurel0 mpd: [pptp0] CCP: Open event May 3 16:46:11 laurel0 mpd: [pptp0] CCP: state change Initial --> Starting May 3 16:46:11 laurel0 mpd: [pptp0] CCP: LayerStart May 3 16:46:11 laurel0 mpd: [pptp0] CCP: Up event May 3 16:46:11 laurel0 mpd: [pptp0] CCP: state change Starting --> Req-Sent May 3 16:46:11 laurel0 mpd: [pptp0] CCP: SendConfigReq #1 May 3 16:46:11 laurel0 mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> no May 3 16:46:11 laurel0 mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no May 3 16:46:11 laurel0 mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes May 3 16:46:11 laurel0 mpd: MPPC May 3 16:46:11 laurel0 mpd: 0x01000040: MPPE, 128 bit, stateless May 3 16:46:11 laurel0 mpd: pptp0: write: Broken pipe May 3 16:46:11 laurel0 mpd: pptp0: killing connection with 28.80.30.2:4234 May 3 16:46:11 laurel0 mpd: pptp0-0: killing channel May 3 16:46:11 laurel0 mpd: [pptp0] PPTP call terminated May 3 16:46:11 laurel0 mpd: [pptp0] IFACE: Close event May 3 16:46:11 laurel0 mpd: [pptp0] IPCP: Close event May 3 16:46:11 laurel0 mpd: [pptp0] IPCP: state change Req-Sent --> Closing May 3 16:46:11 laurel0 mpd: [pptp0] IPCP: SendTerminateReq #2 May 3 16:46:11 laurel0 mpd: [pptp0] error writing len 8 frame to bypass: Network is down May 3 16:46:11 laurel0 mpd: [pptp0] IFACE: Close event May 3 16:46:11 laurel0 mpd: [pptp0] CCP: SendConfigReq #2 May 3 16:46:11 laurel0 mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> no May 3 16:46:11 laurel0 mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no May 3 16:46:11 laurel0 mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes May 3 16:46:11 laurel0 mpd: MPPC May 3 16:46:11 laurel0 mpd: 0x01000040: MPPE, 128 bit, stateless May 3 16:46:11 laurel0 mpd: [pptp0] error writing len 14 frame to bypass: Network is down May 3 16:46:11 laurel0 mpd: mpd: accept: Software caused connection abort May 3 16:46:11 laurel0 mpd: [pptp0] CHAP: rec'd RESPONSE #1 May 3 16:46:11 laurel0 mpd: Not expected, but that's OK May 3 16:46:11 laurel0 mpd: Name: "btarver0" May 3 16:46:11 laurel0 mpd: Peer name: "btarver0" ---SNIP--- Here is my mpd.conf: ---SNIP--- default: load pptp0 load pptp1 pptp0: new -i ng0 pptp0 pptp0 set ipcp ranges 10.1.2.1/32 10.1.2.5/32 load clientStandard pptp1: new -i ng1 pptp1 pptp1 set ipcp ranges 10.1.2.1/32 10.1.2.9/32 load clientStandard clientStandard: set iface disable on-demand #set iface enable proxy-arp set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 60 180 set ipcp yes vjcomp set ipcp dns 10.1.2.1 set ipcp nbns 10.1.2.1 set bundle enable compression set ccp yes mppc #set ccp yes mpp-e40 set ccp no mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set bundle yes crypt-reqd ---SNIP--- And here is my mpd.links: ---SNIP--- pptp0: set link type pptp set pptp self 27.40.15.2 set pptp enable incoming set pptp disable originate pptp1: set link type pptp set pptp self 27.40.15.2 set pptp enable incoming set pptp disable originate ---SNIP--- -- Brad Tarver, CCNA btarver[at]idlemind[dot]net