VPN setup problem - proxy arp I think
Hi all, I read the setup at http://www.blackh0le.net/articles/vpn-dun-howto.html to setup my VPN. However, I'm having a problem which I think is proxy-ARP not working. I like to ask you to see if you know what's going on. When I ping 10.77.1.1 from windows XP machine the packets get to the 10.77.1.1 machine, but they don't have a return path to get back. When I do ping the windows machine from 10.77.1.1 I get: ping: sendto: Host is down When I add static route to 10.77.1.1 the machines can talk to each other. (route add 10.77.1.50/32 10.77.1.2) But I don't think I need to setup a static route if Proxy ARP worked! I've included my config files in this email. Please note that the I get a message back saying "[pptp1] no interface to proxy arp on for 10.77.1.50" could this be my problem? how can I fix it? Thanks very much, ~koroush = I network looks as follows Freebsd 4.6 IP 10.77.1.1/24 | | fxp0:10.77.1.2/24 Freebsd 4.8 (DELL2) (only 1 network card) ng0: 10.77.13 | | Windows XP machine with tunnel. 10.77.1.50 == Config files for Dell 2: DELL2# ifconfig -a fxp0: flags=8843 mtu 1500 inet 129.197.244.10 netmask 0xfff0 broadcast 129.197.244.15 inet 10.0.0.249 netmask 0xff00 broadcast 10.0.0.255 inet 10.77.1.2 netmask 0xff00 broadcast 10.77.1.255 inet 10.77.2.2 netmask 0xff00 broadcast 10.77.2.255 inet 10.77.3.2 netmask 0xff00 broadcast 10.77.3.255 inet 10.77.4.2 netmask 0xff00 broadcast 10.77.4.255 inet 10.77.5.2 netmask 0xff00 broadcast 10.77.5.255 ether 00:07:e9:87:ca:4f media: Ethernet autoselect (100baseTX ) status: active lp0: flags=8810 mtu 1500 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff00 lo1: flags=8008 mtu 16384 ppp0: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 faith0: flags=8002 mtu 1500 ng0: flags=88d1 mtu 1256 inet 10.77.1.2 --> 10.77.1.50 netmask 0x ng1: flags=8890 mtu 1500 ng2: flags=8890 mtu 1500 ng3: flags=8890 mtu 1500 ng4: flags=8890 mtu 1500 === DELL2# pwd /usr/local/etc/mpd DELL2# cat mpd.conf default: load client1 load client2 load client3 load client4 load client5 pptp_common_settings: set link type pptp set pptp enable incoming set pptp disable originate set iface disable on-demand set iface enable proxy-arp # set iface idle 1800 set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap # set link keep-alive 10 60 set link mtu 1260 set ipcp yes vjcomp # set ipcp ranges 10.77.1.1/32 10.77.1.50/32 # set ipcp dns 10.77.1.1 # set ipcp nbns 10.77.1.1 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 # set ccp yes mpp-e128 set ccp yes mpp-stateless client1: new -i ng0 pptp1 pptp1 set ipcp range 10.77.1.2/24 10.77.1.50/24 load pptp_common_settings client2: new -i ng1 pptp2 pptp2 set ipcp range 10.77.2.2/32 10.77.2.50/32 load pptp_common_settings client3: new -i ng2 pptp3 pptp3 set ipcp range 10.77.3.3/32 10.77.3.50/32 load pptp_common_settings client4: new -i ng3 pptp4 pptp4 set ipcp range 10.77.4.3/32 10.77.4.50/32 load pptp_common_settings client5: new -i ng4 pptp5 pptp5 set ipcp range 10.77.5.3/32 10.77.5.50/32 load pptp_common_settings DELL2# = DELL2# cat mpd.secret demo1 "demo1" 10.77.1.50/24 demo2 "demo2" 10.77.2.50/24 demo3 "demo3" 10.77.3.50/24 demo4 "demo4" 10.77.4.50/24 demo5 "demo5" 10.77.5.50/24 RUN TIME DELL2# mdp default mdp: Command not found. DELL2# mpd default Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 281, version 3.13 ([EMAIL PROTECTED] 09:44 23-Jun-2003) [pptp1] ppp node is "mpd281-pptp1" mpd: local IP address for PPTP is 129.197.244.10 [pptp1] using interface ng0 [pptp1] device type already set to pptp [pptp2] ppp node is "mpd281-pptp2" [pptp2] using interface ng1 [pptp2] device type already set to pptp [pptp3] ppp node is "mpd281-pptp3" [pptp3] using interface ng2 [pptp3] device type already set to pptp [pptp4] ppp node is "mpd281-pptp4" [pptp4] using interface ng3 [pptp4] device type already set to pptp [pptp5] ppp node is "mpd281-pptp5" [pptp5] using interface ng4 [pptp5] device type already set to pptp [pptp5:pptp5] mpd: PPTP connection from 129.197.244.12:1127 pptp0: attached to connection with 129.197.244.12:1127 [pptp1] IFACE: Open event [pptp1] IPCP: Open event [pptp1] IPCP: state change Initial --> Starting [pptp1] IPCP: LayerStart [pptp1] IPCP: Open event [pptp1] bundle: OPEN event in state CLOSED [pptp1] opening link "pptp1"... [pptp1] link: OPEN event [pptp1] LCP: Open ev
Re: MTU Path Discovery Problem
PMTUD Black Hole ProblemCode Problem? Is this a code problem in ip_input.c, This code is from FreeBSD 4.8 that I just installed on my computers. ip_forward ? It looks to me like case EMSGSIZE can never be reached. Is this breaking mtu path discovery responses ? ip_forward(struct mbuf *m, int srcrt, struct sockaddr_in *next_hop) switch (error) { case 0: /* forwarded, but need redirect */ /* type, code set above */ break; case ENETUNREACH: /* shouldn't happen, checked above */ case EHOSTUNREACH: case ENETDOWN: case EHOSTDOWN: default: type = ICMP_UNREACH; code = ICMP_UNREACH_HOST; break; case EMSGSIZE: type = ICMP_UNREACH; code = ICMP_UNREACH_NEEDFRAG; - Original Message - From: Saraf, Koroush (N-Norman SubSystems) To: [EMAIL PROTECTED] Sent: Thursday, June 19, 2003 9:32 AM Subject: PMTUD Black Hole Problem Hi All, I have the following network in the lap WINXP <---mtu1500--->FREEBSD4.4<---mtu1280(gif tunnel--->FREEBSD4.4<---mtu1500--->WINXP The BSD computers are setup as gateway routers. As you might see from diagram above, the MTU of the link between the two BSD computers is 1280Bytes because of a tunnel. When I try to transfer a file between the XP endpoints, the PMTUD goes off by sending a 1514B packet to the other end with the Don't fragment bit set. However this packet never generates the ICMP unreachable message back to the XP box during Path MTU discovery. So that's why I have concluded that the BSD router is the black hole. Now I would like to know how to make my BSD router to participate in the MTU discovery. Changing the MTU of the windows computers is not an option for me. Also please note that the BSD computers only have one NIC interface, and the network is logically sperate but physically all connected to a switch, so playing with the MTU of the interface connecting the BSD computers is not an option either. I hope that this is a known problem and easy to fix and thanks for taking the time to respond. ~koroush ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
PMTUD Black Hole Problem
Hi All, I have the following network in the lap WINXP <---mtu1500--->FREEBSD4.4<---mtu1280(gif tunnel--->FREEBSD4.4<---mtu1500--->WINXP The BSD computers are setup as gateway routers. As you might see from diagram above, the MTU of the link between the two BSD computers is 1280Bytes because of a tunnel. When I try to transfer a file between the XP endpoints, the PMTUD goes off by sending a 1514B packet to the other end with the Don't fragment bit set. However this packet never generates the ICMP unreachable message back to the XP box during Path MTU discovery. So that's why I have concluded that the BSD router is the black hole. Now I would like to know how to make my BSD router to participate in the MTU discovery. Changing the MTU of the windows computers is not an option for me. Also please note that the BSD computers only have one NIC interface, and the network is logically sperate but physically all connected to a switch, so playing with the MTU of the interface connecting the BSD computers is not an option either. I hope that this is a known problem and easy to fix and thanks for taking the time to respond. ~koroush ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NAT Question
Hi all, I'm trying to setup a BSD box to act as a NAT gateway between private net and public Internet. My requirements is to map the src and destination of the packet according to a set of rules. The BSD box has two public IP addresses. Depending on which interface the packet arrives on it will get routed to a different private destination address. I'm using ipnat with the following mapping on the NAT box. The Nat box has only 1 interface xl0 the ip addresses of this interface are: public 129.197,244.6/24,129.197.244.7/24, 129.197.244.8/24 private 10.77.1.2/24, 10.77.2.2/24 The servers on the private lan are 10.77.1.1/24 and 10.77.2.1/24 on two different subnets. to List of active MAP/Redirect filters: map xl0 129.197.244.7/32 -> 10.77.1.1/32 map xl0 129.197.244.8/32 -> 10.77.2.1/32 map xl0 10.77.1.1/32 -> 129.197.244.7/32 map xl0 10.77.2.1/32 -> 129.197.244.8/32 However I'm not getting the desired results. From a computer with ip address of 129.197.244.2 I ping 129.197.244.8. I expect the icmp packet to reach the BSDNAT box and get translated to the 10.77.2.1 address and forwarded with src address of 10.77.2.2 out of xl0 to the particular server. Then the server would reply back to 10.77.2.2 and it would get translated back to 129.197.244.2 with a source address of 129.197.244.8. But this is not happening. If the source of the Ping is a BSD box, the reply comes back as if I was routed to the destination server, but in reality its not being routed since the destination server doesn't see the packet for example: ping from Freebsd box Pinging 129.197.244.8 with 32 bytes of data: Reply from 10.77.2.1: bytes=32 time<10ms TTL=255 But 10.77.2.1 doesn't really see the ping packets. (verified using tcpdump and the delay metric which remains the same whether I ping 129.197.244.6) and ping from a windows box doesn't even get translated and times out. So In short I need someone to tell me the correct synthax to setup the mapping so that I can map any src and dst IP address into any other Src and dst address and retain the return path as well. thanks for your thoughts in advance, ~koroush ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NAT Question
Hi all, I'm trying to setup a BSD box to act as a NAT gateway between private net and public Internet. My requirements is to map the src and destination of the packet according to a set of rules. The BSD box has two public IP addresses. Depending on which interface the packet arrives on it will get routed to a different private destination address. I'm using ipnat with the following mapping on the NAT box. The Nat box has only 1 interface xl0 the ip addresses of this interface are: public 129.197,244.6/24,129.197.244.7/24, 129.197.244.8/24 private 10.77.1.2/24, 10.77.2.2/24 The servers on the private lan are 10.77.1.1/24 and 10.77.2.1/24 on two different subnets. to List of active MAP/Redirect filters: map xl0 129.197.244.7/32 -> 10.77.1.1/32 map xl0 129.197.244.8/32 -> 10.77.2.1/32 map xl0 10.77.1.1/32 -> 129.197.244.7/32 map xl0 10.77.2.1/32 -> 129.197.244.8/32 However I'm not getting the desired results. >From a computer with ip address of 129.197.244.2 I ping 129.197.244.8. I expect the >icmp packet to reach the BSDNAT box and get translated to the 10.77.2.1 address and >forwarded with src address of 10.77.2.2 out of xl0 to the particular server. Then >the server would reply back to 10.77.2.2 and it would get translated back to >129.197.244.2 with a source address of 129.197.244.8. But this is not happening. If the source of the Ping is a BSD box, the reply comes back as if I was routed to the destination server, but in reality its not being routed since the destination server doesn't see the packet for example: ping from Freebsd box Pinging 129.197.244.8 with 32 bytes of data: Reply from 10.77.2.1: bytes=32 time<10ms TTL=255 But 10.77.2.1 doesn't really see the ping packets. (verified using tcpdump and the delay metric which remains the same whether I ping 129.197.244.6) and ping from a windows box doesn't even get translated and times out. So In short I need someone to tell me the correct synthax to setup the mapping so that I can map any src and dst IP address into any other Src and dst address and retain the return path as well. thanks for your thoughts in advance, ~koroush ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Monitor IP Traffic from many BSD computers
I have a pool of bsd computers, connected together via an ethernet switch. I like to monitor the traffic that is exchanged between all the computers, and capture and display them on a console computer. Since I'm using a switch, I will not be able to see the traffic and also the switch is a 3com superstack II -3300 which can only monitor one port at a time, so that option is out also. I like to know how I can setup the pool of bsd computers, so that they send a copy of whatever packet they receive to the console computer so that I can capture and graph it using a utility like etherape. thanks for your help, ~koroush To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
XFree86 runs as root but not as user!
This is probably a trivial and old question, but I havn't found an answer yet. I just installed BSD 4.6 and can't get XFree86 to run as a user. It works fine as root. So I figure some permission is not set correctly somewhere. I tried to chmod 4755 on startx just to see what happens, and nothing exciting happened! The error is below: Please help! and include this email address in the reply > Fatal server error: > Cannot open log file "/var/log/XFree86.0.log" > > giving up. > xinit: No such file or directory (errno 2): unable to connect to X server > xinit: No such process (errno 3): Server error To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message