From owner-freebsd-questions@FreeBSD.ORG  Sun Jun 13 20:02:26 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 725381065687
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jun 2010 20:02:26 +0000 (UTC) (envelope-from lobo@bsd.com.br)
Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com [74.125.83.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 38E7D8FC2B
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jun 2010 20:02:25 +0000 (UTC)
Received: by gwj20 with SMTP id 20so2567721gwj.13
	for <freebsd-questions@freebsd.org>;
	Sun, 13 Jun 2010 13:02:25 -0700 (PDT)
Received: by 10.151.16.36 with SMTP id t36mr5662861ybi.277.1276459345283;
	Sun, 13 Jun 2010 13:02:25 -0700 (PDT)
Received: from papi.localnet ([189.70.246.40])
	by mx.google.com with ESMTPS id f2sm26980724ybi.17.2010.06.13.13.02.23
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Sun, 13 Jun 2010 13:02:24 -0700 (PDT)
From: Mario Lobo <lobo@bsd.com.br>
To: "freebsd-questions" <freebsd-questions@freebsd.org>
Date: Sun, 13 Jun 2010 17:01:46 +0000
User-Agent: KMail/1.12.4 (FreeBSD/8.1-PRERELEASE; KDE/4.3.5; amd64; ; )
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <201006131701.46166.lobo@bsd.com.br>
Subject: pptp VPN dropping
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jun 2010 20:02:26 -0000

Hi;

I have the following situation:

FBSD 8-STABLE firewall/vpn server (poptop)to a windows network, authenticating 
to an AD 2008 as radius.

Everything seems working ok. I connect to the LAN through an XP machine. Auth 
works fine, the tunnel is up, and I can ping and "see" every server on the LAN 
and run terminal services sessions on the servers from the XP machine.

However, when I try accessing the exchange 2008 server (https / owa) via web 
through its LAN ip, the page starts loading, the outlook page with the list of 
e-mails shows up but just before it finishes, the tunnel drops as if I had 
disconnected the VPN interface.

log:

Jun 13 13:44:24 AllenFW ppp[1987]: Phase: Radius(acct): START data sent
Jun 13 13:44:24 AllenFW ppp[1987]: LCP: Reducing MTU from 1400 to 1398 (CCP 
requirement)
Jun 13 13:46:03 AllenFW ppp[1987]: LCP: deflink: SendEchoRequest(5) state = 
Opened
Jun 13 13:46:03 AllenFW ppp[1987]: LCP: deflink: RecvEchoReply(5) state = 
Opened
---- up to here, the VPN is nomal (pinging, etc..)

---- just before the owa page finishes
Jun 13 13:46:12 AllenFW ppp[1987]: Phase: deflink: read (0): Got zero bytes
Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: Closing due to CCP completion
Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: LayerDown
Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: SendTerminateReq(4) state = 
Opened
Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: State change Opened --> 
Closing
Jun 13 13:46:12 AllenFW ppp[1987]: Phase: deflink: open -> lcp
Jun 13 13:46:12 AllenFW ppp[1987]: IPCP: deflink: LayerDown: 172.16.3.200
Jun 13 13:46:12 AllenFW ppp[1987]: Phase: Radius(acct): STOP data sent
Jun 13 13:46:12 AllenFW ppp[1987]: Command: pptp: delete! HISADDR
J

I had enabled lqr echo on ppp.conf to see if it could keep things going but it 
made no difference.

*** ppp.conf:

loop:
  set timeout 0
  #set lqrperiod 20
  #set echoperiod 20
  #enable lqr echo
  set log phase chat connect lcp ipcp command
  set device localhost:pptp
  set dial
  set login
  # Server (local) IP address, Range for Clients, and Netmask
  # if you want to use NAT use private IP addresses
  set ifaddr 172.16.3.200 172.16.3.201-172.16.3.239 255.255.255.0
  # add 172.16.3.0 0 HISADDR
  # add default HISADDR
  set server /tmp/loop "" 0177

loop-in:
  set timeout 0
  set log phase lcp ipcp command
  allow mode direct

pptp:
  load loop
  # Authenticate against /etc/passwd
  # enable passwdauth
  disable pap
  disable chap
  disable ipv6
  enable proxy
  accept dns
  enable MSChapV2
  enable mppe
  # set mppe 128 stateless
  set mppe * stateful
  # enable mppc
  disable deflate pred1
  set dns 172.16.3.133
  set nbns 172.16.3.133
  set device !/etc/ppp/secure
  set radius /etc/ppp/radius.conf
  set rad_alive 60

*** pptpd.conf:

debug
nobsdcomp
proxyarp
logwtmp
localip 172.16.3.200
remoteip 172.16.3.201-239
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless


Any suggestion for tweaks/adjustments ?

Thanks,
-- 
Mario Lobo
http://www.mallavoodoo.com.br
FreeBSD since 2.2.8 [not Pro-Audio.... YET!!] (99% winfoes FREE)