Re: Connecting to VPN Concentrator
From: Eric Anderson (anderson_at_centtech.com)
Date: 11/21/03
- Previous message: nanard: "Re: Connecting to VPN Concentrator"
- In reply to: nanard: "Re: Connecting to VPN Concentrator"
- Next in thread: nanard: "Re: Connecting to VPN Concentrator"
- Reply: nanard: "Re: Connecting to VPN Concentrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 21 Nov 2003 15:06:42 -0600 To: nanard <nanard@tou.nu>
nanard wrote:
>Hi Eric,
>
>
>
>>In a previous email to this list, I thought you were asking how to
>>connect FreeBSD and windows clients to a VPN server (of any kind,
>>possibly FreeBSD)? If that's what you want, I can help you with that..
>>
>>
>
>Yes, i installed a VPN server on FreeBSD 4.9 with MPD. (and SaMBa in a jail
>of the server for the VPN user only).
>
>I managed to connect Windows users to it.
>But I didn't manage to connect FreeBSD client to it (using pptp-client).
>The connexion works but nothing go though the tunnel (i did nothing in ipf)
>and after 170 sec, the client close the connexion.
>(i think because of idle ?). Maybe there is something wrong with my route.
>I don't know
>
>
I put my config blurbs below.. maybe that will help.. if not, let me know..
>But now, i ve a VPN concentrator server (CISCO 3000) and i've some clients
>who would like to connect from FreeBSD.
>I don't know if it s possible so, i m asking now here.
>
>
I believe it is, but I'm not sure that mpd will do it.. I think the
Cisco's use IPSEC, not pptp..
>For my last question in this list, i m open to know how do you use mpd as
>client to connect FreeBSD to FreeBSD MPD server.
>
>Thanks in advance.
>
>Nicolas
>
>OS: FreeBSD 4.9
>
>Configuration of the FreeBSD client :
>
>crysto$ cat /etc/ppp/ppp.conf
>TEST:
> set authname nanard
> set authkey ******
> set timeout 0
> set ifaddr 0 0
> add 192.168.0.142/24 HISADDR
> alias enable yes
>
>
ppp.conf? Hmm.. I use mpd.conf on my client.. (shown below)
>When i launch :
>
># pptp XX.YY.ZZ.AA TEST
>
is pptp a command for you? I don't have that command..
>
>tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1498
> inet 192.168.0.142 --> XX.YY.ZZ.AA netmask 0xffffffff
> Opened by PID 24918
>
>$ ping 192.168.0.142
>PING 192.168.0.142 (192.168.0.142): 56 data bytes
>ping: sendto: No route to host
>ping: sendto: No route to host
>^C
>
>
>
[..snip..]
Ok, here's my configuration for the server:
/usr/local/etc/mpd/mpd.conf: (10.x.y.50 is the internal IP of the vpn
server, and 10.x.y.100/101 are the IPs that are assigned to the vpn
connections once established)
#####################
default:
load client0
load client1
client0:
new -i ng0 pptp0 pptp0
set ipcp ranges 10.x.y.50/32 10.x.y.100/32
load pptp_standard
client1:
new -i ng1 pptp1 pptp1
set ipcp ranges 10.x.y.50/32 10.x.y.101/32
load pptp_standard
pptp_standard:
set iface disable on-demand
set iface enable proxy-arp
set iface idle 3600
set iface mtu 1400
set bundle disable multilink
set bundle yes crypt-reqd
set bundle enable compression
set link no pap chap
set link enable chap
set link keep-alive 60 600
set link mtu 1400
set ipcp yes vjcomp
set ipcp dns 10.x.y.5 10.x.y.6
#nbns is for the WINs numbers for windows users
set ipcp nbns 10.x.y.7 10.x.y.8
set ccp yes mppc
set ccp enable mpp-compress
set ccp yes mpp-e40
set ccp yes mpp-e56
set ccp yes mpp-e128
set ccp yes mpp-stateless
#####################
/usr/local/etc/mpd/mpd.links:
(xxx.yyy.zzz.123 is my external IP on the FreeBSD VPN server)
#####################
pptp0:
set link type pptp
set pptp self xxx.yyy.zzz.123
set pptp enable incoming
set pptp disable originate
pptp1:
set link type pptp
set pptp self xxx.yyy.zzz.123
set pptp enable incoming
set pptp disable originate
#####################
/usr/local/mpd/mpd.secret:
#####################
username "mypassword"
And on my client:
default:
load work
work:
new -i ng1 ms-pptp work
set log +pptp +pptp2 +pptp3 +lcp +auth
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp yes vjcomp
set ipcp dns 10.x.y.5 10.x.y.6
set ipcp enable req-pri-dns req-sec-dns
set link disable chap pap
set link accept chap
set link yes acfcomp protocomp
set iface idle 0
set bundle enable multilink
set bundle yes crypt-reqd
set bundle enable compression
#set link enable no-orig-auth
set link keep-alive 60 600
set ccp yes mppc
set ccp enable mpp-compress
set ccp yes mpp-e40
set ccp yes mpp-e56
set ccp yes mpp-e128
set ccp yes mpp-stateless
set iface route 10.x.y.0/24
set iface route 10.x.z.0/24
set bundle authname "username"
set bundle password "mypassword"
set iface disable on-demand
set link max-redial 9
set iface mtu 1400
open iface
Then to start the connection, I run:
# mpd work
Once the connection is made, you should be running..
Eric
-- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology All generalizations are false, including this one. ------------------------------------------------------------------ _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: nanard: "Re: Connecting to VPN Concentrator"
- In reply to: nanard: "Re: Connecting to VPN Concentrator"
- Next in thread: nanard: "Re: Connecting to VPN Concentrator"
- Reply: nanard: "Re: Connecting to VPN Concentrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
