NATD no longer works for outgoing PPTP VPN?

From: Mike Jakubik (mikej_at_rogers.com)
Date: 07/21/04

  • Next message: James: "Re: IPFW2 versrcreach update" 
    Date: Tue, 20 Jul 2004 20:32:42 -0400 (EDT)
To: freebsd-current@freebsd.org, freebsd-net@freebsd.org

    Hello,

    I have recently discovered, after long periods of trying to debug a VPN
    server, that i can not establish PPTP VPN connections any more. The
    culprit seems to be natd not forwarding GRE properly. I have tried adding
    a 'redirect_proto gre' option to natd, but same behaviour occurs. I could
    swear that not too long ago all my PPTP connection worked fine, as i have
    a few clients defined in my windows pc. I have tried 3 different VPN
    server, ranging from Windows 2000 server to FBSD with MPD, none work.
    Plugging Internet directly to my PC works fine. Here is what the setup
    looks like:

    Me (Windows XP) FreeBSD 5-C w/ NATD Internet VPN server
    192.168.0.200 192.168.0.1 69.193.41.53 66.11.183.182

    Here is rc.conf 

    ---
gateway_enable="YES"
natd_enable="YES"
natd_interface="xl0"
natd_flags="-f /etc/natd.conf"
Here is natd.conf:
---
interface xl0
dynamic yes
use_sockets yes
same_ports yes
redirect_port tcp win2000:3389 3389
#redirect_proto gre win2000
And here is a log from natd -v when trying to estabish a VPN connection
(it looks like GRE is not being aliased correctly, windows pc just sits at
'Verifying username...'):
---
natd[32158]: Aliasing to 69.193.41.53, mtu 1500 bytes
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
Out {default} 0000ffff[47]    [47] 192.168.0.200 -> 66.11.183.182  aliased to
           [47] 192.168.0.200 -> 66.11.183.182
In  {default} 0000ffff[47]    [47] 66.11.183.182 -> 69.193.41.53  aliased to
           [47] 66.11.183.182 -> 69.193.41.53
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
Out {default} 0000ffff[TCP]  [TCP] 192.168.0.200:1108 ->
66.11.183.182:1723 aliased to
           [TCP] 69.193.41.53:1108 -> 66.11.183.182:1723
In  {default} 0000ffff[TCP]  [TCP] 66.11.183.182:1723 -> 69.193.41.53:1108
aliased to
           [TCP] 66.11.183.182:1723 -> 192.168.0.200:1108
Thank You.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
  • Next message: James: "Re: IPFW2 versrcreach update"

    Relevant Pages

    • RE: VPN Configuration error
      ... Remote Access wizard to configure VPN. ... How to move the client programs folder to another location in Windows Small ... or if the SBS SP1 did not finish the installation. ... On the SBS server, click Start, click Run, type "regedit" (without the ...
      (microsoft.public.windows.server.sbs)
    • Re: VPN with SBS Premuim
      ... Windows 2003 SP2 networking issues, and then re-ran the CEICW again this time ... I understand that after installing ISA 2004 on the SBS ... server, VPN does not work. ... if you installed SP2 on the SBS server without ...
      (microsoft.public.windows.server.sbs)
    • RE: VPN Problem, PC not Authenticating with Server
      ... is the VPN server, SBS or router? ... Regarding the configuration of L2TP VPN, please also refer to the following ... 818043 L2TP/IPsec NAT-T update for Windows XP and Windows 2000 ... Computer certificates for L2TP/IPSec VPN connections ...
      (microsoft.public.windows.server.sbs)
    • Re: VPN Problem, PC not Authenticating with Server
      ... do you mean you have configured L2TP/IPSec VPN ... is the VPN server, SBS or router? ... 818043 L2TP/IPsec NAT-T update for Windows XP and Windows 2000 ... Computer certificates for L2TP/IPSec VPN connections ...
      (microsoft.public.windows.server.sbs)
    • L2TP/IPSec Verbindung läuft mit XP SP2 nicht mehr
      ... workstation2 mit Windows.xp SP1a und IPSec NAT-T Traversal Update, ... Windows 2003 VPN RRAS Server, ...
      (microsoft.public.de.german.windowsxp.networking)