From owner-freebsd-net Tue Sep 5 20:35:21 2000 Delivered-To: freebsd-net@freebsd.org Received: from ebola.biohz.net (ebola.biohz.net [206.80.1.35]) by hub.freebsd.org (Postfix) with ESMTP id 2AF8C37B423 for ; Tue, 5 Sep 2000 20:35:15 -0700 (PDT) Received: from rabies (localhost [127.0.0.1]) by ebola.biohz.net (Postfix) with SMTP id 066DF3A338; Tue, 5 Sep 2000 20:35:09 -0700 (PDT) Message-ID: <002801c017b3$76ab5a60$0302010a@biohz.net> From: "Renaud Waldura" To: "Christopher T. Griffiths" Cc: References: Subject: Re: mpd-netgraph and vpn issues Date: Tue, 5 Sep 2000 20:35:04 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Maybe add: # the PPTP interface address set pptp self YOUR_ADDR to mpd.links? From what I'm guessing, YOUR_ADDR above is probably 192.168.1.1. I do not see why your setup would require you to use a route, although I can be mistaken. > The compression/encryption stuff is working great and I am sure it is Now tell me, how did you get the compression/encryption to work? I was under the impression that compression+encryption required code not present in the FreeBSD distribution, and hence was not available. Do Windows clients connect with the "Require data encryption" setting (on by default)? Thanks, --Renaud ----- Original Message ----- From: Christopher T. Griffiths To: Sent: Tuesday, September 05, 2000 5:53 PM Subject: mpd-netgraph and vpn issues > In my continued attempts to connect my win2k client to a mpd-netgraph > server I have gotten this far: > > My local lan behind my firewall in the dmz has internet routed address. > The mpd server is sitting in the dmz. > > I need to be able to add vpn users to some block of address in the dmz > so that they can access systems past my firewall. > > I am also getting the following error when I connect: > > [pptp] no interface to proxy arp on for 192.168.1.2 > > Do I need to change the 192.168.* address to my public dmz address to get > the systems to proxy arp? > > My attempts to do so have caused my server system to hop off the local > network and only talk to the vpn client. Not a good scenario. > > The compression/encryption stuff is working great and I am sure it is > something so stupid in order to get network connectivity working. > > If I add the following line I am able to ping back and forth between the > client and server machine but not out into the dmz: > > set iface route 192.168.1.0/24 > > any help would be greatly appreciated. > > Thanks > > Chris > > > config: > pptp: > new -i ng0 pptp pptp > set iface disable on-demand > set iface enable proxy-arp > set iface idle 1800 > set bundle disable multilink > set link yes acfcomp protocomp > set link no pap chap > set link enable chap > set link keep-alive 10 60 > set ipcp yes vjcomp > set ipcp ranges 192.168.1.1/32 192.168.1.2/32 > set ipcp dns 12.40.126.75 > set bundle enable compression > set ccp yes mppc > set ccp yes mpp-e40 > set ccp yes mpp-e128 > set bundle enable crypt-reqd > set ccp yes mpp-stateless > > > --- > Christopher T. Griffiths > Quansoo Group Inc. > cgriffiths@quansoo.com > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message