Date: Sun, 13 Jun 2010 17:01:46 +0000 From: Mario Lobo <lobo@bsd.com.br> To: "freebsd-questions" <freebsd-questions@freebsd.org> Subject: pptp VPN dropping Message-ID: <201006131701.46166.lobo@bsd.com.br>
next in thread | raw e-mail | index | archive | help
Hi; I have the following situation: FBSD 8-STABLE firewall/vpn server (poptop)to a windows network, authenticating to an AD 2008 as radius. Everything seems working ok. I connect to the LAN through an XP machine. Auth works fine, the tunnel is up, and I can ping and "see" every server on the LAN and run terminal services sessions on the servers from the XP machine. However, when I try accessing the exchange 2008 server (https / owa) via web through its LAN ip, the page starts loading, the outlook page with the list of e-mails shows up but just before it finishes, the tunnel drops as if I had disconnected the VPN interface. log: Jun 13 13:44:24 AllenFW ppp[1987]: Phase: Radius(acct): START data sent Jun 13 13:44:24 AllenFW ppp[1987]: LCP: Reducing MTU from 1400 to 1398 (CCP requirement) Jun 13 13:46:03 AllenFW ppp[1987]: LCP: deflink: SendEchoRequest(5) state = Opened Jun 13 13:46:03 AllenFW ppp[1987]: LCP: deflink: RecvEchoReply(5) state = Opened ---- up to here, the VPN is nomal (pinging, etc..) ---- just before the owa page finishes Jun 13 13:46:12 AllenFW ppp[1987]: Phase: deflink: read (0): Got zero bytes Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: Closing due to CCP completion Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: LayerDown Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: SendTerminateReq(4) state = Opened Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: State change Opened --> Closing Jun 13 13:46:12 AllenFW ppp[1987]: Phase: deflink: open -> lcp Jun 13 13:46:12 AllenFW ppp[1987]: IPCP: deflink: LayerDown: 172.16.3.200 Jun 13 13:46:12 AllenFW ppp[1987]: Phase: Radius(acct): STOP data sent Jun 13 13:46:12 AllenFW ppp[1987]: Command: pptp: delete! HISADDR J I had enabled lqr echo on ppp.conf to see if it could keep things going but it made no difference. *** ppp.conf: loop: set timeout 0 #set lqrperiod 20 #set echoperiod 20 #enable lqr echo set log phase chat connect lcp ipcp command set device localhost:pptp set dial set login # Server (local) IP address, Range for Clients, and Netmask # if you want to use NAT use private IP addresses set ifaddr 172.16.3.200 172.16.3.201-172.16.3.239 255.255.255.0 # add 172.16.3.0 0 HISADDR # add default HISADDR set server /tmp/loop "" 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: load loop # Authenticate against /etc/passwd # enable passwdauth disable pap disable chap disable ipv6 enable proxy accept dns enable MSChapV2 enable mppe # set mppe 128 stateless set mppe * stateful # enable mppc disable deflate pred1 set dns 172.16.3.133 set nbns 172.16.3.133 set device !/etc/ppp/secure set radius /etc/ppp/radius.conf set rad_alive 60 *** pptpd.conf: debug nobsdcomp proxyarp logwtmp localip 172.16.3.200 remoteip 172.16.3.201-239 pidfile /var/run/pptpd.pid +chapms-v2 mppe-40 mppe-128 mppe-stateless Any suggestion for tweaks/adjustments ? Thanks, -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio.... YET!!] (99% winfoes FREE)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006131701.46166.lobo>