Re: IPsec with racoon
You don't have any firewall rules blocking it somewhere in the middle between the two endpoints, do you? Some ISP's will block all traffic except for certain types, but they don't tell you about it. We have a wireless internet provider in town that blocks ports to keep people from using certain types of internet services to save bandwidth. They are an http/email only provider in this sense. VPN will not work across this ISP, regardless of the fact that you have a real IP address with them. I disagree with ISP's doing this if people are paying full price for internet service. However, they charge a very low rate, so people get what they pay for in the end. Sincerely, Rick Duvall --- Adam Bayless [EMAIL PROTECTED] wrote: Rick, Thanks for the suggestion, but it is a publicly routable address. It actually appears to be getting all of phase 1 complete and most of phase 2 but just never passes any traffic across the VPN tunnel itself, so I am past the basic connectivity issues. Anyone else have any thoughts? Thanks, Adam At 03:06 PM 10/7/2003, [EMAIL PROTECTED] wrote: Is the external IP address of your VPN device an internet routable IP address? I know that if you are on an ADSL without static IP (like Qwest or MSN adsl) the IP address that is automatically assigned via DHCP by the DSL modem is private IP space, and therefore your VPN will not work. I resorted to getting an Alcatel Speedtouch USB modem and plugging it into a FreeBSD box for my Qwest MSN and set my VPN to go between the 2 FreeBSD boxes. This gave my firewall/gateway a real IP address. Granted, it is dynamic and I have to change my vpn every time my IP address get's re-negotiated, but at least it works. I am trying to figure out a way to dynamicly change the VPN config on both ends when ppp comes up so I don't have to do it manually. Sincerely, Rick Duvall --- Adam Bayless [EMAIL PROTECTED] wrote: I've followed a couple of the tutorials available on the web, including the one in the FreeBSD manual, for setting up an IPsec tunnel between two FreeBSD machines, but I am trying to connect to a netgear VPN device. I'm getting past phase 1 and getting an SA but the traffic will not flow. Without quoting every piece of config, does anybody have any pointers on what might differ between the tutorials on FreeBSD - FreeBSD and talking to a VPN device? Thanks, Adam Adam Bayless| vi /etc/mail/aliases Fibernet System Janitor | complaints: /dev/null [EMAIL PROTECTED] | :wq baylessfamily.org/~abayless | newaliases ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Adam Bayless| vi /etc/mail/aliases Fibernet System Janitor | complaints: /dev/null [EMAIL PROTECTED] | :wq baylessfamily.org/~abayless | newaliases ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ppp shell command and MYADDR
I have configured ppp to bring up my ADSL connection (PPPoA) on Qwest MSN. It works great! However, for personal reasons which I won't mention here, I would like ppp to write the dynamic IP address that was assigned to me to a file called test.txt. As you can see by the config below, this *should* work via the shell command in ppp.conf, which executes ipaddr.sh and sends MYADDR to the script. However, when the script executes, it writes 10.0.0.2 to the file instead of the IP assigned. How do I get it to write the address assigned? Here is my entry in ppp.conf adsl: set authname set authkey xx set device !/usr/local/sbin/pppoa2 -vpi 0 -vci 32 accept chap pap set speed sync set timeout 0 enable lqr set lqrperiod 5 set redial 15 1 set dial set ifaddr 10.0.0.2/0 10.0.0.1/0 255.255.255.0 0.0.0.0 add default HISADDR shell /etc/ppp/ipaddr.sh MYADDR Here is the shell script: #!/bin/sh MYADDR=$1 echo ${MYADDR} /etc/ppp/test.txt exit; ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPsec with racoon
Is the external IP address of your VPN device an internet routable IP address? I know that if you are on an ADSL without static IP (like Qwest or MSN adsl) the IP address that is automatically assigned via DHCP by the DSL modem is private IP space, and therefore your VPN will not work. I resorted to getting an Alcatel Speedtouch USB modem and plugging it into a FreeBSD box for my Qwest MSN and set my VPN to go between the 2 FreeBSD boxes. This gave my firewall/gateway a real IP address. Granted, it is dynamic and I have to change my vpn every time my IP address get's re-negotiated, but at least it works. I am trying to figure out a way to dynamicly change the VPN config on both ends when ppp comes up so I don't have to do it manually. Sincerely, Rick Duvall --- Adam Bayless [EMAIL PROTECTED] wrote: I've followed a couple of the tutorials available on the web, including the one in the FreeBSD manual, for setting up an IPsec tunnel between two FreeBSD machines, but I am trying to connect to a netgear VPN device. I'm getting past phase 1 and getting an SA but the traffic will not flow. Without quoting every piece of config, does anybody have any pointers on what might differ between the tutorials on FreeBSD - FreeBSD and talking to a VPN device? Thanks, Adam Adam Bayless| vi /etc/mail/aliases Fibernet System Janitor | complaints: /dev/null [EMAIL PROTECTED] | :wq baylessfamily.org/~abayless | newaliases ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ppp shell command and MYADDR
I fixed the problem... It seems that I cannot specify my shell command within ppp.conf, I have to use a ppp.linkup file and specify from within there. It works correctly now. Sincerely, Rick Duvall --- [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have configured ppp to bring up my ADSL connection (PPPoA) on Qwest MSN. It works great! However, for personal reasons which I won't mention here, I would like ppp to write the dynamic IP address that was assigned to me to a file called test.txt. As you can see by the config below, this *should* work via the shell command in ppp.conf, which executes ipaddr.sh and sends MYADDR to the script. However, when the script executes, it writes 10.0.0.2 to the file instead of the IP assigned. How do I get it to write the address assigned? Here is my entry in ppp.conf adsl: set authname set authkey xx set device !/usr/local/sbin/pppoa2 -vpi 0 -vci 32 accept chap pap set speed sync set timeout 0 enable lqr set lqrperiod 5 set redial 15 1 set dial set ifaddr 10.0.0.2/0 10.0.0.1/0 255.255.255.0 0.0.0.0 add default HISADDR shell /etc/ppp/ipaddr.sh MYADDR Here is the shell script: #!/bin/sh MYADDR=$1 echo ${MYADDR} /etc/ppp/test.txt exit; ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SpeedTouch 330 with MSN Broadband through Qwest ADSL
I have an Alcatel SpeedTouch 330 ADSL modem. I have subscribed to MSN broadband through Qwest's ADSL. Here are the requirements... 1. VPI and VCI are 0/32 2. PPPoA It just doesn't connect at all. Below are my configs. Below that are from the logs.. ppp.conf: default: ident user-ppp VERSION (1.2) set log Phase Chat LCP IPCP CCP tun command adsl: set authname [EMAIL PROTECTED] set authkey x set device !/usr/local/sbin/pppoa2 -vpi 0 -vci 32 -v 1 accept chap set speed sync set timeout 0 enable lqr set lqrperiod 5 set redial 15 1 set dial set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 add default HISADDR enable dns adsl.sh: #!/bin/sh ISP=adsl MODE=ddial PREFIX=/usr/local #if ! PREFIX=$(expr $0 : \(/.*\)/etc/rc\.d/$(basename $0)\$); then #echo $0: Cannot determine the PREFIX 2 #exit 1 #fi PATH=$PATH:$PREFIX/bin case $1 in start) $PREFIX/sbin/modem_run -v 2 -f $PREFIX/libdata/mgmt.o ppp -quiet -nat -$MODE $ISP \ echo -n ' ppp' ;; stop) killall modem_run killall ppp ;; *) echo Usage: $0 {start|stop} exit 1 esac ppp.log: Jul 2 18:37:05 server ppp[122]: tun0: Phase: deflink: HUPing 247 Jul 2 18:37:05 server ppp[122]: tun0: Phase: deflink: hangup - opening Jul 2 18:37:05 server ppp[122]: tun0: Phase: deflink: Enter pause (3) for redialing. Jul 2 18:37:05 server ppp[122]: tun0: Chat: deflink: Reconnect try 15 of 0 Jul 2 18:37:08 server ppp[122]: tun0: Chat: deflink: Redial timer expired. Jul 2 18:37:08 server ppp[122]: tun0: Phase: deflink: Connected! Jul 2 18:37:08 server ppp[122]: tun0: Phase: deflink: opening - dial Jul 2 18:37:08 server ppp[122]: tun0: Phase: deflink: dial - carrier Jul 2 18:37:08 server ppp[122]: tun0: Phase: deflink: carrier - login Jul 2 18:37:08 server ppp[122]: tun0: Phase: deflink: login - lcp Jul 2 18:37:08 server ppp[122]: tun0: LCP: FSM: Using deflink as a transport Jul 2 18:37:08 server ppp[122]: tun0: LCP: deflink: State change Initial -- Closed Jul 2 18:37:08 server ppp[122]: tun0: LCP: deflink: State change Closed -- Stopped Jul 2 18:37:09 server ppp[122]: tun0: LCP: deflink: LayerStart Jul 2 18:37:09 server ppp[122]: tun0: LCP: deflink: SendConfigReq(1) state = Stopped Jul 2 18:37:09 server ppp[122]: tun0: LCP: MRU[4] 1500 Jul 2 18:37:09 server ppp[122]: tun0: LCP: MAGICNUM[6] 0xaaa7e2d5 Jul 2 18:37:09 server ppp[122]: tun0: LCP: QUALPROTO[8] proto c025, interval 5000ms Jul 2 18:37:09 server ppp[122]: tun0: LCP: deflink: State change Stopped -- Req-Sent Jul 2 18:37:12 server ppp[122]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Jul 2 18:37:12 server ppp[122]: tun0: LCP: MRU[4] 1500 Jul 2 18:37:12 server ppp[122]: tun0: LCP: MAGICNUM[6] 0xaaa7e2d5 Jul 2 18:37:12 server ppp[122]: tun0: LCP: QUALPROTO[8] proto c025, interval 5000ms Jul 2 18:37:15 server ppp[122]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Jul 2 18:37:15 server ppp[122]: tun0: LCP: MRU[4] 1500 Jul 2 18:37:15 server ppp[122]: tun0: LCP: MAGICNUM[6] 0xaaa7e2d5 Jul 2 18:37:15 server ppp[122]: tun0: LCP: QUALPROTO[8] proto c025, interval 5000ms Jul 2 18:37:18 server ppp[122]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Jul 2 18:37:18 server ppp[122]: tun0: LCP: MRU[4] 1500 Jul 2 18:37:18 server ppp[122]: tun0: LCP: MAGICNUM[6] 0xaaa7e2d5 Jul 2 18:37:18 server ppp[122]: tun0: LCP: QUALPROTO[8] proto c025, interval 5000ms Jul 2 18:37:20 server ppp[122]: tun0: LCP: deflink: RecvConfigReq(209) state = Req-Sent Jul 2 18:37:20 server ppp[122]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP) Jul 2 18:37:20 server ppp[122]: tun0: LCP: MAGICNUM[6] 0x48d5934e Jul 2 18:37:20 server ppp[122]: tun0: LCP: deflink: SendConfigAck(209) state = Req-Sent Jul 2 18:37:20 server ppp[122]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP) Jul 2 18:37:20 server ppp[122]: tun0: LCP: MAGICNUM[6] 0x48d5934e Jul 2 18:37:20 server ppp[122]: tun0: LCP: deflink: State change Req-Sent -- Ack-Sent Jul 2 18:37:21 server ppp[122]: tun0: LCP: deflink: SendConfigReq(1) state = Ack-Sent Jul 2 18:37:21 server ppp[122]: tun0: LCP: MRU[4] 1500 Jul 2 18:37:21 server ppp[122]: tun0: LCP: MAGICNUM[6] 0xaaa7e2d5 Jul 2 18:37:21 server ppp[122]: tun0: LCP: QUALPROTO[8] proto c025, interval 5000ms Jul 2 18:37:22 server ppp[122]: tun0: LCP: deflink: RecvConfigReq(210) state = Ack-Sent Jul 2 18:37:22 server ppp[122]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP) Jul 2 18:37:22 server ppp[122]: tun0: LCP: MAGICNUM[6] 0x48d5934e Jul 2 18:37:22 server ppp[122]: tun0: LCP: deflink: SendConfigAck(210) state = Ack-Sent Jul 2 18:37:22 server ppp[122]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP) Jul 2 18:37:22 server ppp[122]: tun0: LCP: MAGICNUM[6] 0x48d5934e Jul 2 18:37:24 server ppp[122]: tun0: LCP: deflink: LayerFinish Jul 2 18:37:24 server ppp[122]: tun0: LCP: deflink: State change Ack-Sent --