Date: Thu, 08 Jan 2004 03:42:45 -0500 From: Joe Marcus Clarke <marcus@marcuscom.com> To: Chris Jones <cjones@gruntle.org> Cc: FreeBSD User Questions List <freebsd-questions@freebsd.org> Subject: Re: mpd PPTP to Cisco 3000 VPN Concentrator routing problem Message-ID: <1073551365.76587.24.camel@shumai.marcuscom.com> In-Reply-To: <20040108083430.GD357@gruntle.org> References: <20040108074911.GC357@gruntle.org> <1073549281.76587.12.camel@shumai.marcuscom.com> <20040108083430.GD357@gruntle.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-OFJQS6s2P7fHPtRttSOm Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2004-01-08 at 03:34, Chris Jones wrote: > Oh. :( I thought it negotiated the encryption ok because I see this: >=20 > [ciscovpn] CCP: LayerUp > Compress using: MPPE, 128 bit, stateless > Decompress using: MPPE, 128 bit, stateless This is fine. I get this, too. However, when trying to send data, I get decryption errors (the concentrator reports invalid packets). >=20 > And capturing on the interface, I see echo req's coming in from the > concentrator, but I encounter a routing loop when I try to send across > the tunnel. I was able to get past the routing loop by readdressing the interface as soon as it came up. This is a good starter howto on that procedure: http://www.cs.rpi.edu/~flemej/fbsd-cisco-vpn/fbsd-cisco-vpn.pdf >=20 > Disabling encryption isn't an option, even for testing, I'm afraid. Then you're probably not going have any luck getting this to work. You might also consider trying out security/vpnc if the concentrator also allows for IPSec clients using the Cisco VPN client. Joe >=20 >=20 > Original message from Joe Marcus Clarke: >=20 > > On Thu, 2004-01-08 at 02:49, Chris Jones wrote: > > > Hi. I've gone over list archives and seen this issue discussed befor= e, > > > but the sugggested solutions aren't working for me. I am using > > > mpd-3.15_1 on FreeBSD 4.9-STABLE to connect to a Cisco 3000 Series VP= N > > > Concentrator. I have negotiated CHAP and MPPE and the ng0 interface > > > comes up, but when I try to do anything I get this: > > >=20 > > > $ ping 10.10.58.7=20 > > > PING 10.10.58.7 (10.10.58.7): 56 data bytes =20 > > > ping: sendto: Resource deadlock avoided =20 > > > ping: sendto: No buffer space available =20 > > >=20 > > > A little investigation showed that this is a known routing issue and > > > that it is possible to work around by re-addressing the ng0 interface > > > with the VPN concentrator's private IP and set a default route to it.= I > > > did this, but I still have the same problem. :( > > >=20 > > > Does anyone see what I am doing wrong here? Below are my routing tab= le > > > and ifconfig before running mpd, after running mpd, and after running > > > the "fix". Below that is my mpd.conf and its output (verbose). > > >=20 > > > I appreciate any help on this, I've been going crazy trying to figure > > > out what I'm doing wrong. I can get it to work using the OSX PPTP > > > client, but not mpd. > >=20 > > Good luck. I have tried to get this working, but have never been able > > to get mpd encryption to work with the Concentrator's encryption > > (neither has anyone else to my knowledge). If you disable encryption o= n > > the concentrator, the tunnel will come up, and you will be able to pass > > traffic across it. Any other combination does not work. I haven't > > tried 3.16 yet, but looking at the ChangeLog, I doubt it addresses this > > problem. > >=20 > > Joe > >=20 > > --=20 > > PGP Key : http://www.marcuscom.com/pgp.asc --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-OFJQS6s2P7fHPtRttSOm Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQA//RgFb2iPiv4Uz4cRAr75AJ9nKbnHrCukO1qIgtqBSM5kQazeGQCgnWfq xeaMm7nN41DUFLINM6iSXxQ= =L9J/ -----END PGP SIGNATURE----- --=-OFJQS6s2P7fHPtRttSOm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1073551365.76587.24.camel>