Re: par dotazu na VPN - mpd-5.1 pptp_client

Tue, 15 Apr 2008 06:59:03 -0700 

Dan Lukes wrote:
> Miroslav Lachman wrote:

[...]

>>[L1] LCP: state change Ack-Sent --> Opened
>>[L1] LCP: auth: peer wants CHAP, I want nothing
>>[L1] LCP: LayerUp
>>[L1] CHAP: rec'd CHALLENGE #1 len: 29
>>[L1]   Name: "MikroTik"
>>[L1] CHAP: Using authname "MyLogin"
>>[L1] CHAP: sending RESPONSE #1 len: 60
>>[L1] CHAP: rec'd FAILURE #1 len: 79
>>[L1]   MESG: E=691 R=0 C=8005258D6F3521B9817FF1FEF230D334 V=3 M=bad 
>>username or password
> 
> 
>       Tohle je, bohuzel, pomerne jednoznacne - obe strany se jasne dohodly na 
> metode autentizace (CHAP), handshaking radne probehl (<-challenge; 
> ->response; <-result) a vysledek rika, ze protistrana neni spokojena s 
> heslem. To nema jine rozumne pravdepodobne vysvetleni nez to, ze 
> autentizacni par neni platny.
> 
>       Spatne opsane heslo na tve nebo jejich(!) strane je s ohromnou prevahou 
> nejpravdepodobnejsi vysvetleni.

Ty nejvetsi zahady maji vetsinou to nejjednodussi vysvetleni - ackoliv 
jsem byl nekolikrat ujisten o spravnosti, samozrejme to bylo ve 
skutecnosti jinak a celou dobu jsem mel uplne jiny login.

Aktualni funkcni konfigurace je nasledujici (kdyby se to nekomu do 
budoucna hodilo)

---------- mpd.conf -----------
## mpd.conf for mpd-5.1
## PPTP VPN client connected to Mikrotik router
startup:
        set console self 0.0.0.0 5005
        set user admin somepass
        set console open

default:
        load pptp_client

pptp_client:
#
# PPTP client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
        create bundle static B1
        set iface route 192.168.0.0/24
        set iface route 192.168.23.0/24
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

        create link static L1 pptp
        set link action bundle B1
        set auth authname "MyLogin"
        set auth password "MyPass"
        set link max-redial 3
        set link mtu 1460
        set link keep-alive 20 75
        set pptp peer 10.20.30.40
        set pptp disable windowing
        open
---------- mpd.conf -----------

Jeste bych k tomu mel pripadne jeden dotaz, pokud tu nekdo mate 
zkusenosti s mpd - ted mam v systemu zarizeni ng0, pres ktere tahle VPN 
pracuje:
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 
mtu 1456
         inet 192.168.13.200 --> 192.168.13.254 netmask 0xffffffff

Nevite nekdo, jak v konfiguraci mpd5.1 zajistit, aby to zarizeni melo 
vzdy stejne cislo a mohl jsem ho tedy s jistotou pouzit v pravidlech 
firewallu PF?

Mirek
-- 
FreeBSD mailing list ([email protected])
http://www.freebsd.cz/listserv/listinfo/users-l

Odpovedet emailem