mpd
Howdy I have tried to install a server with VPN over pptp using mpd from ports. It starts fine but I cannot connect to it and nothing goes to /var/log/ppp.log The VPN box is my firewall. I am trying to connect to it from Windows2K with static inet IP creating connection directly to the outside inet IP of my VPN FreeBSD firewall. I have also this rule in my firewall script: ipfw add allow tcp from any to $oip1 1723 keep-state I have this entry in my syslog.conf !ppp *.* /var/log/ppp.log mpd is started with mpd -b option. sockstat -l4 doesnt show mpd either, i donno if it should tho... Any idea why it fails? The config files are following: /usr/local/etc/mpd/mpd.conf : vpn: load pptp pptp: new -i ng0 pptp pptp set iface disable on-demand set iface idle 1800 set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set link mtu 1460 set ipcp yes vjcomp # set ipcp ranges 0.0.0.0/0 set ipcp ranges 192.168.64.10/32 192.168.1.250/32 set ipcp dns 192.168.64.5 set ipcp nbns 192.168.64.3 # # The five lines below enable Microsoft Point-to-Point encryption # (MPPE) using the ng_mppc(8) netgraph node type. # set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 # set ccp no mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless /usr/local/etc/mpd/mpd.links: vpn: set link type pptp set pptp self 192.168.64.2 set pptp peer 11.223.34.56 set pptp enable originate incoming outcall and /usr/local/etc/mpd/mpd.secret : yazzy xxxyyyzzz -- Marcin M. Jessa Software developer/System Administrator Wireless Reading Systems ASA Skreddervn 9 N-1537 Moss Phone: +47 69 27 96 88 Cellular: +47 988 505 44 Just because it works does not make it right. Uptime: 11:27AM up 3 days, 19:04, 2 users, load averages: 0.06, 0.03, 0.00 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Pptpd , HDCP and LDAP or SQL authentication
Hi guys. Finally I managed to successfully setup mpd allowing me to access the other side of the VPN link. Thanks a lot for your suggestions. I have three remining questions before I will make a HowTo out of my experience. 1. How can I enable access to the whole LAN on the other side of my VPN link allowing users to browse it. 2. How to run DHCP over mpd's tunnel? 3. Do you know if there is a way to authenticate pptpd users with LDAP or SQL instead of the mpd.secret text file? Any suggestions and comments are welcome. Cheers. YazzY To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
VPN and roaming Windows 2K users
Hi guys. Do you know how to make a FreeBSD firewall a VPN server for roaming Win2K boxes (Win2k users without static IP's)? I've been playing with racoon for a few days but it seems that the only way it can authenticate roaming Windows VLAN users is with preshared certificates. This again excludes usage of manual keying (pre_shared_keys) which is nessesary for accepting connections from dynamic IP's.The preshared keys method can be configured to accept connections from specified hostnames and that could work with windows boxes that run a dyndns client. Again Windows and racoon can only communicate using certificates and not manual keyingan evil circle. Windows can speak with racoon if one makes racoon to automatically exchange keys but this works only if Windows clients have static IP's... Have any of you guys an idea about what to do to combine these methods? Or maybe there is a workaround? Please squeeze your brains and let me know about whatever you think may be of interest in this metter. Thanks in advance YazzY To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Vlan
Hi guys. What tool to use to make a FreeBSD firewall a VLAN host for connections from Windows 2K machines without static IP's. Racoon does not seem to handle that kind of thing properly...But i may be wrong. Any ideas, links? YazzY To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Network Troubles.
Hi guys. I have two subnets with static public IP's. Both point to my hardware SDSL router. One is 80.123.16.64-80.123.16.71 with 80.123.16.65 as the router IP and the other 123.234.173.128-255 with 123.234.173.129 as the router IP. I have LAN behind my firewall. It uses 80.123.16.66 to talk to the outside. 80.123.16.66 resides on one nic with a couple extra 80.123.16.64/224 IPs aliased on it. I run natd and NAT these IP's to misc services behind my firewall. When I add both 80.123.16.66 and 123.234.173.130 to my firewall I can connect to and from my LAN fine. I can ping both IP's from inside and outside and connect to the services on my DMZ and to my LAN boxes. But I also have a few boxes on the 123.234.173.128/128 subnet connected directly to my switch which is connected to the router. When I add 123.234.173.130 to a separate nic on my firewall, I cannot talk to the other boxes on that subnet anymore, even though they are not connected to my firewall but directly to a hub. Every connection attempt from the LAN or outside fails. But then I can speak to 123.234.173.130 just fine. One more thing. I have 80.123.16.68 also connected directly to my switch and it works just fine. I am pretty confused. Any idea what can cause that? INTERNET - Router with 80.123.16.64-71 123.234.173.128-255 - 3com Switch - Firewall with 80.123.16.66, 80.123.16.67, 80.123.16.69 123.234.173.130 - Lan DMZ x | | | x A few boxes with public IP's - on both 80.123.16.64-71 123.234.173.128-255 and firewalling directly on them. Another thing, can I run natd on two different nics? Something like natd_interface=dc1 xl0 ? I want LAN and DMZ to use 2 different gw IP's. Thanks in advance. YazzY To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Win2k - FreeBSD and VLAN
Hi guys. I have a FreeBSD firewall with a LAN behind it which I want to use as a VLAN server for VPN connections. How can I make it work when the VPN clients use Win2K/WinXP, FreeBSD and Linux with no static IP's ? What method and tool to chose? I've tried to make racoon to work with no luck. Thanks in advance. YazzY To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message