Re: IPsec with racoon
You don't have any firewall rules blocking it somewhere in the middle between the two endpoints, do you? Some ISP's will block all traffic except for certain types, but they don't tell you about it. We have a wireless internet provider in town that blocks ports to keep people from using certain types of internet services to save bandwidth. They are an http/email only provider in this sense. VPN will not work across this ISP, regardless of the fact that you have a real IP address with them. I disagree with ISP's doing this if people are paying full price for internet service. However, they charge a very low rate, so people get what they pay for in the end. Sincerely, Rick Duvall --- Adam Bayless [EMAIL PROTECTED] wrote: Rick, Thanks for the suggestion, but it is a publicly routable address. It actually appears to be getting all of phase 1 complete and most of phase 2 but just never passes any traffic across the VPN tunnel itself, so I am past the basic connectivity issues. Anyone else have any thoughts? Thanks, Adam At 03:06 PM 10/7/2003, [EMAIL PROTECTED] wrote: Is the external IP address of your VPN device an internet routable IP address? I know that if you are on an ADSL without static IP (like Qwest or MSN adsl) the IP address that is automatically assigned via DHCP by the DSL modem is private IP space, and therefore your VPN will not work. I resorted to getting an Alcatel Speedtouch USB modem and plugging it into a FreeBSD box for my Qwest MSN and set my VPN to go between the 2 FreeBSD boxes. This gave my firewall/gateway a real IP address. Granted, it is dynamic and I have to change my vpn every time my IP address get's re-negotiated, but at least it works. I am trying to figure out a way to dynamicly change the VPN config on both ends when ppp comes up so I don't have to do it manually. Sincerely, Rick Duvall --- Adam Bayless [EMAIL PROTECTED] wrote: I've followed a couple of the tutorials available on the web, including the one in the FreeBSD manual, for setting up an IPsec tunnel between two FreeBSD machines, but I am trying to connect to a netgear VPN device. I'm getting past phase 1 and getting an SA but the traffic will not flow. Without quoting every piece of config, does anybody have any pointers on what might differ between the tutorials on FreeBSD - FreeBSD and talking to a VPN device? Thanks, Adam Adam Bayless| vi /etc/mail/aliases Fibernet System Janitor | complaints: /dev/null [EMAIL PROTECTED] | :wq baylessfamily.org/~abayless | newaliases ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Adam Bayless| vi /etc/mail/aliases Fibernet System Janitor | complaints: /dev/null [EMAIL PROTECTED] | :wq baylessfamily.org/~abayless | newaliases ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ppp shell command and MYADDR
I have configured ppp to bring up my ADSL connection (PPPoA) on Qwest MSN. It
works great! However, for personal reasons which I won't mention here, I would
like ppp to write the dynamic IP address that was assigned to me to a file
called test.txt. As you can see by the config below, this *should* work via the
shell command in ppp.conf, which executes ipaddr.sh and sends MYADDR to the
script. However, when the script executes, it writes 10.0.0.2 to the file
instead of the IP assigned.
How do I get it to write the address assigned?
Here is my entry in ppp.conf
adsl:
set authname
set authkey xx
set device !/usr/local/sbin/pppoa2 -vpi 0 -vci 32
accept chap pap
set speed sync
set timeout 0
enable lqr
set lqrperiod 5
set redial 15 1
set dial
set ifaddr 10.0.0.2/0 10.0.0.1/0 255.255.255.0 0.0.0.0
add default HISADDR
shell /etc/ppp/ipaddr.sh MYADDR
Here is the shell script:
#!/bin/sh
MYADDR=$1
echo ${MYADDR} /etc/ppp/test.txt
exit;
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPsec with racoon
Is the external IP address of your VPN device an internet routable IP address? I know that if you are on an ADSL without static IP (like Qwest or MSN adsl) the IP address that is automatically assigned via DHCP by the DSL modem is private IP space, and therefore your VPN will not work. I resorted to getting an Alcatel Speedtouch USB modem and plugging it into a FreeBSD box for my Qwest MSN and set my VPN to go between the 2 FreeBSD boxes. This gave my firewall/gateway a real IP address. Granted, it is dynamic and I have to change my vpn every time my IP address get's re-negotiated, but at least it works. I am trying to figure out a way to dynamicly change the VPN config on both ends when ppp comes up so I don't have to do it manually. Sincerely, Rick Duvall --- Adam Bayless [EMAIL PROTECTED] wrote: I've followed a couple of the tutorials available on the web, including the one in the FreeBSD manual, for setting up an IPsec tunnel between two FreeBSD machines, but I am trying to connect to a netgear VPN device. I'm getting past phase 1 and getting an SA but the traffic will not flow. Without quoting every piece of config, does anybody have any pointers on what might differ between the tutorials on FreeBSD - FreeBSD and talking to a VPN device? Thanks, Adam Adam Bayless| vi /etc/mail/aliases Fibernet System Janitor | complaints: /dev/null [EMAIL PROTECTED] | :wq baylessfamily.org/~abayless | newaliases ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ppp shell command and MYADDR
I fixed the problem...
It seems that I cannot specify my shell command within ppp.conf, I have to use a
ppp.linkup file and specify from within there. It works correctly now.
Sincerely,
Rick Duvall
--- [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I have configured ppp to bring up my ADSL connection (PPPoA) on Qwest MSN. It
works great! However, for personal reasons which I won't mention here, I
would
like ppp to write the dynamic IP address that was assigned to me to a file
called test.txt. As you can see by the config below, this *should* work via
the
shell command in ppp.conf, which executes ipaddr.sh and sends MYADDR to the
script. However, when the script executes, it writes 10.0.0.2 to the file
instead of the IP assigned.
How do I get it to write the address assigned?
Here is my entry in ppp.conf
adsl:
set authname
set authkey xx
set device !/usr/local/sbin/pppoa2 -vpi 0 -vci 32
accept chap pap
set speed sync
set timeout 0
enable lqr
set lqrperiod 5
set redial 15 1
set dial
set ifaddr 10.0.0.2/0 10.0.0.1/0 255.255.255.0 0.0.0.0
add default HISADDR
shell /etc/ppp/ipaddr.sh MYADDR
Here is the shell script:
#!/bin/sh
MYADDR=$1
echo ${MYADDR} /etc/ppp/test.txt
exit;
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
SpeedTouch 330 with MSN Broadband through Qwest ADSL
I have an Alcatel SpeedTouch 330 ADSL modem. I have subscribed to MSN broadband
through Qwest's ADSL. Here are the requirements...
1. VPI and VCI are 0/32
2. PPPoA
It just doesn't connect at all. Below are my configs. Below that are from the
logs..
ppp.conf:
default:
ident user-ppp VERSION (1.2)
set log Phase Chat LCP IPCP CCP tun command
adsl:
set authname [EMAIL PROTECTED]
set authkey x
set device !/usr/local/sbin/pppoa2 -vpi 0 -vci 32 -v 1
accept chap
set speed sync
set timeout 0
enable lqr
set lqrperiod 5
set redial 15 1
set dial
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR
enable dns
adsl.sh:
#!/bin/sh
ISP=adsl
MODE=ddial
PREFIX=/usr/local
#if ! PREFIX=$(expr $0 : \(/.*\)/etc/rc\.d/$(basename $0)\$); then
#echo $0: Cannot determine the PREFIX 2
#exit 1
#fi
PATH=$PATH:$PREFIX/bin
case $1 in
start)
$PREFIX/sbin/modem_run -v 2 -f $PREFIX/libdata/mgmt.o
ppp -quiet -nat -$MODE $ISP \
echo -n ' ppp'
;;
stop)
killall modem_run
killall ppp
;;
*)
echo Usage: $0 {start|stop}
exit 1
esac
ppp.log:
Jul 2 18:37:05 server ppp[122]: tun0: Phase: deflink: HUPing 247
Jul 2 18:37:05 server ppp[122]: tun0: Phase: deflink: hangup - opening
Jul 2 18:37:05 server ppp[122]: tun0: Phase: deflink: Enter pause (3) for
redialing.
Jul 2 18:37:05 server ppp[122]: tun0: Chat: deflink: Reconnect try 15 of 0
Jul 2 18:37:08 server ppp[122]: tun0: Chat: deflink: Redial timer expired.
Jul 2 18:37:08 server ppp[122]: tun0: Phase: deflink: Connected!
Jul 2 18:37:08 server ppp[122]: tun0: Phase: deflink: opening - dial
Jul 2 18:37:08 server ppp[122]: tun0: Phase: deflink: dial - carrier
Jul 2 18:37:08 server ppp[122]: tun0: Phase: deflink: carrier - login
Jul 2 18:37:08 server ppp[122]: tun0: Phase: deflink: login - lcp
Jul 2 18:37:08 server ppp[122]: tun0: LCP: FSM: Using deflink as a transport
Jul 2 18:37:08 server ppp[122]: tun0: LCP: deflink: State change Initial --
Closed
Jul 2 18:37:08 server ppp[122]: tun0: LCP: deflink: State change Closed --
Stopped
Jul 2 18:37:09 server ppp[122]: tun0: LCP: deflink: LayerStart
Jul 2 18:37:09 server ppp[122]: tun0: LCP: deflink: SendConfigReq(1) state =
Stopped
Jul 2 18:37:09 server ppp[122]: tun0: LCP: MRU[4] 1500
Jul 2 18:37:09 server ppp[122]: tun0: LCP: MAGICNUM[6] 0xaaa7e2d5
Jul 2 18:37:09 server ppp[122]: tun0: LCP: QUALPROTO[8] proto c025, interval
5000ms
Jul 2 18:37:09 server ppp[122]: tun0: LCP: deflink: State change Stopped --
Req-Sent
Jul 2 18:37:12 server ppp[122]: tun0: LCP: deflink: SendConfigReq(1) state =
Req-Sent
Jul 2 18:37:12 server ppp[122]: tun0: LCP: MRU[4] 1500
Jul 2 18:37:12 server ppp[122]: tun0: LCP: MAGICNUM[6] 0xaaa7e2d5
Jul 2 18:37:12 server ppp[122]: tun0: LCP: QUALPROTO[8] proto c025, interval
5000ms
Jul 2 18:37:15 server ppp[122]: tun0: LCP: deflink: SendConfigReq(1) state =
Req-Sent
Jul 2 18:37:15 server ppp[122]: tun0: LCP: MRU[4] 1500
Jul 2 18:37:15 server ppp[122]: tun0: LCP: MAGICNUM[6] 0xaaa7e2d5
Jul 2 18:37:15 server ppp[122]: tun0: LCP: QUALPROTO[8] proto c025, interval
5000ms
Jul 2 18:37:18 server ppp[122]: tun0: LCP: deflink: SendConfigReq(1) state =
Req-Sent
Jul 2 18:37:18 server ppp[122]: tun0: LCP: MRU[4] 1500
Jul 2 18:37:18 server ppp[122]: tun0: LCP: MAGICNUM[6] 0xaaa7e2d5
Jul 2 18:37:18 server ppp[122]: tun0: LCP: QUALPROTO[8] proto c025, interval
5000ms
Jul 2 18:37:20 server ppp[122]: tun0: LCP: deflink: RecvConfigReq(209) state =
Req-Sent
Jul 2 18:37:20 server ppp[122]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP)
Jul 2 18:37:20 server ppp[122]: tun0: LCP: MAGICNUM[6] 0x48d5934e
Jul 2 18:37:20 server ppp[122]: tun0: LCP: deflink: SendConfigAck(209) state =
Req-Sent
Jul 2 18:37:20 server ppp[122]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP)
Jul 2 18:37:20 server ppp[122]: tun0: LCP: MAGICNUM[6] 0x48d5934e
Jul 2 18:37:20 server ppp[122]: tun0: LCP: deflink: State change Req-Sent --
Ack-Sent
Jul 2 18:37:21 server ppp[122]: tun0: LCP: deflink: SendConfigReq(1) state =
Ack-Sent
Jul 2 18:37:21 server ppp[122]: tun0: LCP: MRU[4] 1500
Jul 2 18:37:21 server ppp[122]: tun0: LCP: MAGICNUM[6] 0xaaa7e2d5
Jul 2 18:37:21 server ppp[122]: tun0: LCP: QUALPROTO[8] proto c025, interval
5000ms
Jul 2 18:37:22 server ppp[122]: tun0: LCP: deflink: RecvConfigReq(210) state =
Ack-Sent
Jul 2 18:37:22 server ppp[122]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP)
Jul 2 18:37:22 server ppp[122]: tun0: LCP: MAGICNUM[6] 0x48d5934e
Jul 2 18:37:22 server ppp[122]: tun0: LCP: deflink: SendConfigAck(210) state =
Ack-Sent
Jul 2 18:37:22 server ppp[122]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP)
Jul 2 18:37:22 server ppp[122]: tun0: LCP: MAGICNUM[6] 0x48d5934e
Jul 2 18:37:24 server ppp[122]: tun0: LCP: deflink: LayerFinish
Jul 2 18:37:24 server ppp[122]: tun0: LCP: deflink: State change Ack-Sent --
