Re: Connecting to VPN Concentrator
From: nanard (nanard_at_crystunix.com)
Date: 11/21/03
- Previous message: Eric Anderson: "Re: Connecting to VPN Concentrator"
- In reply to: Eric Anderson: "Re: Connecting to VPN Concentrator"
- Next in thread: Eric Anderson: "Re: Connecting to VPN Concentrator"
- Reply: Eric Anderson: "Re: Connecting to VPN Concentrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "Eric Anderson" <anderson@centtech.com> Date: Fri, 21 Nov 2003 22:20:19 +0100
Hi Eric,
Ok i ve the same configuration on my FreeBSD server.
But on the FreeBSD client, i was using pptp:
crysto# pkg_info|grep pptp
pptpclient-1.3.1 PPTP client for establishing a VPN link with an NT
server
So, now, i m trying to connect the client with MPD.
But i didn't find the public adress of the VPN server in the mpd.conf.
> And on my client:
> default:
> load work
>
> work:
> new -i ng1 ms-pptp work
> set log +pptp +pptp2 +pptp3 +lcp +auth
> set ipcp ranges 0.0.0.0/0 0.0.0.0/0
> set ipcp yes vjcomp
> set ipcp dns 10.x.y.5 10.x.y.6
> set ipcp enable req-pri-dns req-sec-dns
> set link disable chap pap
> set link accept chap
> set link yes acfcomp protocomp
> set iface idle 0
> set bundle enable multilink
> set bundle yes crypt-reqd
> set bundle enable compression
> #set link enable no-orig-auth
> set link keep-alive 60 600
> set ccp yes mppc
> set ccp enable mpp-compress
> set ccp yes mpp-e40
> set ccp yes mpp-e56
> set ccp yes mpp-e128
> set ccp yes mpp-stateless
> set iface route 10.x.y.0/24
> set iface route 10.x.z.0/24
> set bundle authname "username"
> set bundle password "mypassword"
> set iface disable on-demand
> set link max-redial 9
> set iface mtu 1400
> open iface
>
>
> Then to start the connection, I run:
> # mpd work
>
> Once the connection is made, you should be running..
Where do you specify xxx.yyy.zzz.123 in the mpd configuration of the freebsd
client ? mpd.links ?
Thanks in advance.
Regards,
Nicolas
----- Original Message -----
From: "Eric Anderson" <anderson@centtech.com>
To: "nanard" <nanard@tou.nu>
Cc: <freebsd-isp@freebsd.org>
Sent: Friday, November 21, 2003 10:06 PM
Subject: Re: Connecting to VPN Concentrator
> nanard wrote:
>
> >Hi Eric,
> >
> >
> >
> >>In a previous email to this list, I thought you were asking how to
> >>connect FreeBSD and windows clients to a VPN server (of any kind,
> >>possibly FreeBSD)? If that's what you want, I can help you with that..
> >>
> >>
> >
> >Yes, i installed a VPN server on FreeBSD 4.9 with MPD. (and SaMBa in a
jail
> >of the server for the VPN user only).
> >
> >I managed to connect Windows users to it.
> >But I didn't manage to connect FreeBSD client to it (using pptp-client).
> >The connexion works but nothing go though the tunnel (i did nothing in
ipf)
> >and after 170 sec, the client close the connexion.
> >(i think because of idle ?). Maybe there is something wrong with my
route.
> >I don't know
> >
> >
> I put my config blurbs below.. maybe that will help.. if not, let me
know..
>
> >But now, i ve a VPN concentrator server (CISCO 3000) and i've some
clients
> >who would like to connect from FreeBSD.
> >I don't know if it s possible so, i m asking now here.
> >
> >
> I believe it is, but I'm not sure that mpd will do it.. I think the
> Cisco's use IPSEC, not pptp..
>
> >For my last question in this list, i m open to know how do you use mpd as
> >client to connect FreeBSD to FreeBSD MPD server.
> >
> >Thanks in advance.
> >
> >Nicolas
> >
> >OS: FreeBSD 4.9
> >
> >Configuration of the FreeBSD client :
> >
> >crysto$ cat /etc/ppp/ppp.conf
> >TEST:
> > set authname nanard
> > set authkey ******
> > set timeout 0
> > set ifaddr 0 0
> > add 192.168.0.142/24 HISADDR
> > alias enable yes
> >
> >
> ppp.conf? Hmm.. I use mpd.conf on my client.. (shown below)
>
> >When i launch :
> >
> ># pptp XX.YY.ZZ.AA TEST
> >
> is pptp a command for you? I don't have that command..
>
> >
> >tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1498
> > inet 192.168.0.142 --> XX.YY.ZZ.AA netmask 0xffffffff
> > Opened by PID 24918
> >
> >$ ping 192.168.0.142
> >PING 192.168.0.142 (192.168.0.142): 56 data bytes
> >ping: sendto: No route to host
> >ping: sendto: No route to host
> >^C
> >
> >
> >
> [..snip..]
>
> Ok, here's my configuration for the server:
> /usr/local/etc/mpd/mpd.conf: (10.x.y.50 is the internal IP of the vpn
> server, and 10.x.y.100/101 are the IPs that are assigned to the vpn
> connections once established)
> #####################
> default:
> load client0
> load client1
>
> client0:
> new -i ng0 pptp0 pptp0
> set ipcp ranges 10.x.y.50/32 10.x.y.100/32
> load pptp_standard
>
> client1:
> new -i ng1 pptp1 pptp1
> set ipcp ranges 10.x.y.50/32 10.x.y.101/32
> load pptp_standard
>
> pptp_standard:
> set iface disable on-demand
> set iface enable proxy-arp
> set iface idle 3600
> set iface mtu 1400
> set bundle disable multilink
> set bundle yes crypt-reqd
> set bundle enable compression
> set link no pap chap
> set link enable chap
> set link keep-alive 60 600
> set link mtu 1400
> set ipcp yes vjcomp
> set ipcp dns 10.x.y.5 10.x.y.6
> #nbns is for the WINs numbers for windows users
> set ipcp nbns 10.x.y.7 10.x.y.8
> set ccp yes mppc
> set ccp enable mpp-compress
> set ccp yes mpp-e40
> set ccp yes mpp-e56
> set ccp yes mpp-e128
> set ccp yes mpp-stateless
> #####################
>
> /usr/local/etc/mpd/mpd.links:
> (xxx.yyy.zzz.123 is my external IP on the FreeBSD VPN server)
> #####################
> pptp0:
> set link type pptp
> set pptp self xxx.yyy.zzz.123
> set pptp enable incoming
> set pptp disable originate
>
> pptp1:
> set link type pptp
> set pptp self xxx.yyy.zzz.123
> set pptp enable incoming
> set pptp disable originate
> #####################
>
> /usr/local/mpd/mpd.secret:
> #####################
> username "mypassword"
>
> And on my client:
> default:
> load work
>
> work:
> new -i ng1 ms-pptp work
> set log +pptp +pptp2 +pptp3 +lcp +auth
> set ipcp ranges 0.0.0.0/0 0.0.0.0/0
> set ipcp yes vjcomp
> set ipcp dns 10.x.y.5 10.x.y.6
> set ipcp enable req-pri-dns req-sec-dns
> set link disable chap pap
> set link accept chap
> set link yes acfcomp protocomp
> set iface idle 0
> set bundle enable multilink
> set bundle yes crypt-reqd
> set bundle enable compression
> #set link enable no-orig-auth
> set link keep-alive 60 600
> set ccp yes mppc
> set ccp enable mpp-compress
> set ccp yes mpp-e40
> set ccp yes mpp-e56
> set ccp yes mpp-e128
> set ccp yes mpp-stateless
> set iface route 10.x.y.0/24
> set iface route 10.x.z.0/24
> set bundle authname "username"
> set bundle password "mypassword"
> set iface disable on-demand
> set link max-redial 9
> set iface mtu 1400
> open iface
>
>
> Then to start the connection, I run:
> # mpd work
>
> Once the connection is made, you should be running..
>
> Eric
>
>
>
>
> --
> ------------------------------------------------------------------
> Eric Anderson Systems Administrator Centaur Technology
> All generalizations are false, including this one.
> ------------------------------------------------------------------
>
>
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Eric Anderson: "Re: Connecting to VPN Concentrator"
- In reply to: Eric Anderson: "Re: Connecting to VPN Concentrator"
- Next in thread: Eric Anderson: "Re: Connecting to VPN Concentrator"
- Reply: Eric Anderson: "Re: Connecting to VPN Concentrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
