From owner-freebsd-net@FreeBSD.ORG Thu Oct 9 09:27:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E9A5E16A4B3 for ; Thu, 9 Oct 2003 09:27:19 -0700 (PDT) Received: from mail.gmx.net (pop.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 7EF0443FBF for ; Thu, 9 Oct 2003 09:27:18 -0700 (PDT) (envelope-from pcc@gmx.net) Received: (qmail 26088 invoked by uid 0); 9 Oct 2003 16:27:17 -0000 Received: from 80.131.156.116 by www25.gmx.net with HTTP; Thu, 9 Oct 2003 18:27:16 +0200 (MEST) Date: Thu, 9 Oct 2003 18:27:16 +0200 (MEST) From: "Peter Cornelius" To: Michael Bretterklieber MIME-Version: 1.0 References: X-Priority: 5 (Lowest) X-Authenticated: #491680 Message-ID: <1445.1065716836@www25.gmx.net> X-Mailer: WWW-Mail 1.6 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit cc: freebsd-net@FreeBSD.ORG Subject: Re: mpd, MS-vpn and growing confusion. (apparently solved) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2003 16:27:20 -0000 HEUREKA! Hi, > > set link yes chap > if you are using mpd in client mode, then please don't use "yes" or > "enable", just use accept: > set link no pap chap > set link accept chap This apparently makes the difference. I can't check detailed now, but I have an IP address and routing entries, so I believe that it works. I'll check later as I have to leave now. > > set ccp yes mpp-compress > > set ccp yes stac > I assume you removed already these two lines. I now have: vpn: new -i ng0 vpn vpn0 set iface disable on-demand set iface addrs 172.16.26.129 172.16.26.127 set iface idle 0 #### disconnect the client after 8 hours set iface session 28800 set iface route 172.16.26.0/16 set bundle disable multilink set bundle authname "nt-domain\\user" set link yes acfcomp protocomp set link no pap # !!! MUST USE ACCEPT HERE IN CLIENT MODE !!! #set link yes chap set link accept chap set link mtu 1460 #### If remote machine is NT you need this.. set link enable no-orig-auth set link keep-alive 61 753 set ipcp yes vjcomp set ipcp ranges 172.16.26.129/16 172.16.26.127/16 #### The five lines below enable Microsoft Point-to-Point encryption #### (MPPE) using the ng_mppc(8) netgraph node type. set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e56 set ccp yes mpp-e128 set bundle enable crypt-reqd set ccp yes mpp-stateless # !!! MUST NOT USE mpp-compress WITH NT SERVER HERE !!! #set ccp yes mpp-compress # stac is not recommended but neither compiled in nor effective. #set ccp yes stac open Thanks a lot for the help, All the best, Peter. -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++