Quoting Sly Midnight <slymidni...@yahoo.com>: > I got it to work exactly as you suggested using isakmpd.conf. > > It took me quite a bit of searching to find the correct sort of syntax > for that file to achieve what I wanted but it now allows me to connect. > > But I've run into another issue that I cannot resolve myself. > > Once I connect from ANY client, I can only move data on the VPN for a > few seconds then it goes dead. > > I thought it might be an MTU issue, but I tried setting the MRU setting > fairly low (such as 1200) in npppd and that didn't solve it. > > I tried setting skip on enc0 as well as pppx0 in pf rules and that > didn't work either. > > What else could I be missing? Why would it work, but only briefly? > Sly
Hi, If appropriate/practical, it may be useful to provide some details about your configuration to the list (ipsec.conf, isakmpd.conf, npppd.conf, pf.conf, sysctl.conf, etc).. From your description I am assuming that phase 2 dies on you but of course it is just a guess. I am in the process of migrating my 5.7 infrastructure to 5.9 and do not see any issues with npppd -- android, blackberry, and ios clients are able to use IPSec, and access dovecot, opensmtpd, and apache-httpd-openbsd without any problems. I tested native mobile device clients that use ActiveSync as well as imap and smtp -- no issues to report so far. I am also testing Windows clients from my home to my lab environment to test Samba 4.3.8 this weekend and so far so good with the VPN. I don't have "enterprise" type connections but have three ISP links at my office (ADSL that uses PPPoE, vDSL, and Cable) and two links at the lab (vDSL, Cable). Only place where I had to change MTU etc., was with ADSL and I had to do a "match on pppoe0 scrub (no-df max-mss 1340)" in my pf.conf re. ADSL for VPN to work properly. Looking through my logs I see long-lived connections such as (changed IP addresses but the rest are from the log): Apr 14 04:51:29 mx2 npppd[19526]: ppp id=175 layer=base logtype=TUNNELUSAGE user="xxxxxx" duration=58390sec layer2=L2TP_ipv4 layer2from=a.b.c.d:1701 auth=MS-CHAP-V2 data_in=277392bytes,3364packets data_out=235270bytes,2576packets error_in=1 error_out=0 mppe=yes mppe_in=128bits,stateless mppe_out=128bits,stateless iface=tun0 Vijay -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited vsan...@foretell.ca
