Hi,
I'm trying to set up a VPN client on my FreeBSD laptop, so I can tunnel
through to work from home. I've played with both mpd and pptpclient from
ports, and mpd seems more robust (pptpclient likes to sometimes start
eating all CPU time). So I'd decided to to this with mpd; please let me
know if this was the wrong choice from the start.
Here's my setup:
LAPTOP <-----> NAT <--...INTERNET...--> VPN-SERVER <-----> INTRANET
I started with the examples under /usr/local/etc/mpd, slightly changing
the defaults to what I thought were the correct values for my setup.
I've created mpd.secret with the correct login/password mapping for
LOGIN.
Here's my mpd.conf:
default:
load vpn
vpn:
new -i ng1 vpn vpn
set iface disable on-demand
set iface addrs 192.168.1.1 192.168.2.1
set iface idle 0
set iface route 192.168.2.0/24
set bundle disable multilink
set bundle authname <LOGIN>
set link yes acfcomp protocomp
set link no pap
set link yes chap
# If remote machine is NT you need this..
# set link enable no-orig-auth
set link keep-alive 10 75
set ipcp yes vjcomp
set ipcp ranges 192.168.1.1/32 192.168.2.1/32
# If you wanted MPPE encryption and had ng_mppc(8)...
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set bundle enable crypt-reqd
set ccp yes mpp-stateless
open
And here's my mpd.links:
vpn:
set link type pptp
set pptp peer <VPN-SERVER>
set pptp enable originate incoming outcall
mpd starts negotioating security parameters (as far as I can tell), but
never succeeds. Attached is a log (VPN-SERVER.log) of the connection
attempt. Anyone have any ideas on what I'm doing wrong?
The VPN-SERVER I'm trying to connect to is a Windows RAS server, AFAIK.
We also have some Cisco hardware VPN server for evaluation. Attempting
to connect to that one is even worse, the negotiation terminates much
earlier. I've attached a second log (CISCO-SERVER.log) of that
connection attempt. I'd much rather get the tunnel to the Cisco working,
since it's faster.
Finally, I can connect to both the RAS and the Cisco server using
Windows PPTP, and Macintosh NTS Tunnelbuilder. Heck, if the Mac can do
it, so must FreeBSD! :-)
Thanks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
Multi-link PPP for FreeBSD, by Archie L. Cobbs.
Based on iij-ppp, by Toshiharu OHNO.
mpd: pid 89780, version 3.2 ([EMAIL PROTECTED] 18:38 13-Sep-2001)
[vpn] ppp node is "mpd89780-vpn"
[vpn] using interface ng1
mpd: local IP address for PPTP is 0.0.0.0
[vpn] IFACE: Open event
[vpn] IPCP: Open event
[vpn] IPCP: state change Initial --> Starting
[vpn] IPCP: LayerStart
[vpn:vpn] [vpn] bundle: OPEN event in state CLOSED
[vpn] opening link "vpn"...
[vpn] link: OPEN event
[vpn] LCP: Open event
[vpn] LCP: state change Initial --> Starting
[vpn] LCP: LayerStart
[vpn] device: OPEN event in state DOWN
pptp0: connecting to <VPN-SERVER>:1723
[vpn] device is now in state OPENING
pptp0: connected to <VPN-SERVER>:1723
pptp0: attached to connection with <VPN-SERVER>:1723
pptp0-0: outgoing call connected at 64000 bps
[vpn] PPTP call successful
[vpn] device: UP event in state OPENING
[vpn] device is now in state UP
[vpn] link: UP event
[vpn] link: origination is local
[vpn] LCP: Up event
[vpn] LCP: state change Starting --> Req-Sent
[vpn] LCP: phase shift DEAD --> ESTABLISH
[vpn] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM b3e88460
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM b3e88460
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Request #0 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFTv2
MAGICNUM 00006eb8
PROTOCOMP
ACFCOMP
MP MRRU 1614
ENDPOINTDISC [LOCAL] 4a a3 dd 5f e0 3b 40 5d 93 4b 5a 6d b7 d3 f1 f3 00 00 00 00
[vpn] LCP: SendConfigRej #0
MP MRRU 1614
[vpn] LCP: rec'd Configure Ack #2 link 0 (Req-Sent)
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM b3e88460
AUTHPROTO CHAP MSOFT
[vpn] LCP: state change Req-Sent --> Ack-Rcvd
[vpn] LCP: rec'd Configure Request #1 link 0 (Ack-Rcvd)
AUTHPROTO CHAP MSOFTv2
MAGICNUM 00006eb8
PROTOCOMP
ACFCOMP
ENDPOINTDISC [LOCAL] 4a a3 dd 5f e0 3b 40 5d 93 4b 5a 6d b7 d3 f1 f3 00 00 00 00
[vpn] LCP: SendConfigNak #1
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Request #2 link 0 (Ack-Rcvd)
AUTHPROTO CHAP MSOFT
MAGICNUM 00006eb8
PROTOCOMP
ACFCOMP
ENDPOINTDISC [LOCAL] 4a a3 dd 5f e0 3b 40 5d 93 4b 5a 6d b7 d3 f1 f3 00 00 00 00
[vpn] LCP: SendConfigAck #2
AUTHPROTO CHAP MSOFT
MAGICNUM 00006eb8
PROTOCOMP
ACFCOMP
ENDPOINTDISC [LOCAL] 4a a3 dd 5f e0 3b 40 5d 93 4b 5a 6d b7 d3 f1 f3 00 00 00 00
[vpn] LCP: state change Ack-Rcvd --> Opened
[vpn] LCP: phase shift ESTABLISH --> AUTHENTICATE
[vpn] LCP: auth: peer wants CHAP, I want CHAP
[vpn] CHAP: sending CHALLENGE
[vpn] LCP: LayerUp
pptp0: CID 0x00ba in SetLinkInfo not found
[vpn] CHAP: rec'd CHALLENGE #124
Name: "<VPN-SERVER>"
Using authname "<LOGIN>"
mpd: warning: line too long, truncated
[vpn] CHAP: sending RESPONSE
[vpn] CHAP: rec'd SUCCESS #124
[vpn] LCP: rec'd Configure Request #4 link 0 (Opened)
AUTHPROTO CHAP MSOFTv2
MAGICNUM 00006f5c
PROTOCOMP
ACFCOMP
MP MRRU 1614
ENDPOINTDISC [LOCAL] 4a a3 dd 5f e0 3b 40 5d 93 4b 5a 6d b7 d3 f1 f3 00 00 00 00
[vpn] LCP: LayerDown
[vpn] LCP: SendConfigReq #3
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM b3e88460
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigRej #4
MP MRRU 1614
[vpn] LCP: state change Opened --> Req-Sent
[vpn] LCP: phase shift AUTHENTICATE --> ESTABLISH
[vpn] LCP: rec'd Configure Reject #3 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #4
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM b3e88460
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Request #5 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFTv2
MAGICNUM 00006f5c
PROTOCOMP
ACFCOMP
ENDPOINTDISC [LOCAL] 4a a3 dd 5f e0 3b 40 5d 93 4b 5a 6d b7 d3 f1 f3 00 00 00 00
[vpn] LCP: SendConfigNak #5
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #4 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #5
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM b3e88460
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Request #6 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
MAGICNUM 00006f5c
PROTOCOMP
ACFCOMP
ENDPOINTDISC [LOCAL] 4a a3 dd 5f e0 3b 40 5d 93 4b 5a 6d b7 d3 f1 f3 00 00 00 00
[vpn] LCP: SendConfigAck #6
AUTHPROTO CHAP MSOFT
MAGICNUM 00006f5c
PROTOCOMP
ACFCOMP
ENDPOINTDISC [LOCAL] 4a a3 dd 5f e0 3b 40 5d 93 4b 5a 6d b7 d3 f1 f3 00 00 00 00
[vpn] LCP: state change Req-Sent --> Ack-Sent
[vpn] LCP: rec'd Configure Reject #5 link 0 (Ack-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #6
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM b3e88460
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #6 link 0 (Ack-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #7
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM b3e88460
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #7 link 0 (Ack-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #8
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM b3e88460
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Terminate Request #7 link 0 (Ack-Sent)
[vpn] LCP: state change Ack-Sent --> Req-Sent
[vpn] LCP: SendTerminateAck #9
pptp0: CID 0x00ba in SetLinkInfo not found
[vpn] LCP: rec'd Terminate Request #8 link 0 (Req-Sent)
[vpn] LCP: SendTerminateAck #10
[vpn] LCP: SendConfigReq #11
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM b3e88460
AUTHPROTO CHAP MSOFT
pptp0-0: peer call disconnected res=admin action err=none
pptp0-0: killing channel
[vpn] PPTP call terminated
pptp0: closing connection with <VPN-SERVER>:1723
[vpn] device: DOWN event in state UP
[vpn] device is now in state DOWN
[vpn] link: DOWN event
[vpn] LCP: Down event
[vpn] LCP: state change Req-Sent --> Starting
[vpn] LCP: phase shift ESTABLISH --> DEAD
pptp0: invalid length 16 for type 4
pptp0: killing connection with <VPN-SERVER>:1723
[vpn] device: OPEN event in state DOWN
[vpn] pausing 9 seconds before open
[vpn] device is now in state DOWN
[vpn] IPCP: Down event
[vpn] IFACE: Close event
[vpn] IPCP: Close event
[vpn] IPCP: state change Starting --> Initial
[vpn] IPCP: LayerFinish
mpd: process 89780 terminated
Multi-link PPP for FreeBSD, by Archie L. Cobbs.
Based on iij-ppp, by Toshiharu OHNO.
mpd: pid 89796, version 3.2 ([EMAIL PROTECTED] 18:38 13-Sep-2001)
[vpn] ppp node is "mpd89796-vpn"
[vpn] using interface ng1
mpd: local IP address for PPTP is 0.0.0.0
[vpn] IFACE: Open event
[vpn] IPCP: Open event
[vpn] IPCP: state change Initial --> Starting
[vpn] IPCP: LayerStart
[vpn:vpn] [vpn] bundle: OPEN event in state CLOSED
[vpn] opening link "vpn"...
[vpn] link: OPEN event
[vpn] LCP: Open event
[vpn] LCP: state change Initial --> Starting
[vpn] LCP: LayerStart
[vpn] device: OPEN event in state DOWN
pptp0: connecting to <CISCO-SERVER>:1723
[vpn] device is now in state OPENING
pptp0: connected to <CISCO-SERVER>:1723
pptp0: attached to connection with <CISCO-SERVER>:1723
pptp0-0: outgoing call connected at 10000000 bps
[vpn] PPTP call successful
[vpn] device: UP event in state OPENING
[vpn] device is now in state UP
[vpn] link: UP event
[vpn] link: origination is local
[vpn] LCP: Up event
[vpn] LCP: state change Starting --> Req-Sent
[vpn] LCP: phase shift DEAD --> ESTABLISH
[vpn] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 91fdfc70
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 91fdfc70
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #2 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #3
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 91fdfc70
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #3 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #4
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 91fdfc70
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #4 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #5
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 91fdfc70
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #5 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #6
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 91fdfc70
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #6 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #7
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 91fdfc70
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #7 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #8
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 91fdfc70
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #8 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #9
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 91fdfc70
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #9 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: SendConfigReq #10
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 91fdfc70
AUTHPROTO CHAP MSOFT
[vpn] LCP: rec'd Configure Reject #10 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[vpn] LCP: not converging
[vpn] LCP: parameter negotiation failed
[vpn] LCP: state change Req-Sent --> Stopped
[vpn] LCP: LayerFinish
[vpn] device: CLOSE event in state UP
pptp0-0: clearing call
[vpn] device is now in state CLOSING
[vpn] device: DOWN event in state CLOSING
[vpn] device is now in state DOWN
[vpn] link: DOWN event
[vpn] LCP: Down event
[vpn] LCP: state change Stopped --> Starting
[vpn] LCP: phase shift ESTABLISH --> DEAD
[vpn] LCP: LayerStart
[vpn] device: OPEN event in state DOWN
[vpn] pausing 7 seconds before open
[vpn] device is now in state DOWN
pptp0-0: peer call disconnected res=lost carrier err=none
pptp0-0: killing channel
pptp0: closing connection with <CISCO-SERVER>:1723
[vpn] device: OPEN event in state DOWN
[vpn] device is now in state DOWN
pptp0: invalid length 16 for type 4
pptp0: killing connection with <CISCO-SERVER>:1723
[vpn] IPCP: Down event
[vpn] IFACE: Close event
[vpn] IPCP: Close event
[vpn] IPCP: state change Starting --> Initial
[vpn] IPCP: LayerFinish
mpd: process 89796 terminated
S/MIME Cryptographic Signature
