From owner-freebsd-questions@FreeBSD.ORG Mon May 3 16:34:19 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4CEC16A4CF for ; Mon, 3 May 2004 16:34:19 -0700 (PDT) Received: from mx01.sohotech.ca (ottawa-hs-64-26-169-251.s-ip.magma.ca [64.26.169.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14D2A43D41 for ; Mon, 3 May 2004 16:34:19 -0700 (PDT) (envelope-from ebudd@grokking.org) Received: from asimov.sohotech.ca (asimov.sohotech.ca [192.168.1.6]) (authenticated bits=0) by mx01.sohotech.ca (8.12.10/8.12.10) with ESMTP id i43NYHSE029465 for ; Mon, 3 May 2004 19:34:17 -0400 (EDT) (envelope-from ebudd@grokking.org) Date: Mon, 3 May 2004 19:34:23 -0400 From: Ed Budd To: freebsd-questions@freebsd.org Message-Id: <20040503193423.1202faf9.ebudd@grokking.org> In-Reply-To: <4096D192.5080409@idlemind.net> References: <4096D192.5080409@idlemind.net> X-Mailer: Sylpheed version 0.9.4 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.42 Subject: Re: need help setting up PPTP VPN using mpd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 May 2004 23:34:19 -0000 On Mon, 03 May 2004 18:11:14 -0500 Brad Tarver wrote: > I'm trying to setup PPTP connectivity in a lab environment before I > attempt to implement in a real-world situation. > > I have two routers and four PCs (two laptops running Windows XP and > two desktops running FreeBSD 5.2.1). > > I haven't configured any ipfw or ipfirewall rules yet to keep my > configuration 'simple'. > > Both FreeBSD boxes are configured to nat the two Windows boxes to my > lab 'internet'. > > Can anyone look at the setup below and tell me what I'm missing? > > Here is my setup: > > > LaptopA > | > | > | 10.1.2.0/24 > | > | .1 > FreebsdA > | .2 > | > | 27.40.15.0/24 > | > | .1 > RouterA > | .25 > | > | 26.215.152.0/24 > | > | .26 > RouterB > | .1 > | > | 28.80.30.0/24 > | > | .2 > FreebsdB > | .1 > | > | 192.168.44.0/24 > | > | > LaptopB > > > I have MPD running on FreebsdA (27.40.15.2). Ipnat is configured on > both freebsd boxes. When I open a new pptp vpn session on my laptopB, > it gets to a 'verifying username and pass' stage and then errors. > Brad: <-- insert big disclaimer here --> I'm certainly no expert on PPTP but I believe you're going to need to set up some kind of "passthrough" functionality to get protocol 47 through NAT. What you describe above may be symptomatic of packets related to tcp 1723 getting through (to initiate authentication) but not protocol 47 (GRE) which is needed for the tunnel itself. I haven't used ipnat in some time but I seem to recall some carefully placed redirect rules as facilitating this. Sorry I can't be more specific. If I find the documentation I'm thinking about I'll post a link. Maybe you should try it first without NAT, just straight routing. Another useful thing might be to enable bpf in the kernel config and run a packet capture at appropriate chokepoints using tcpdump while you're testing. Please post a followup as I'd be interested in hearing (reading) how things go since I unfortunately don't have time to spare right now in trying it myself. Cheers, EB