Re: Using pptp as VPN on FB7

Still something wrong...

There is log from the command line when runing mpd5[1], for some the secure aspect, I changed some auth name, IP address:
10.0.0.1 is the address of the VPN server, it is also the IP address of VPN gateway when I connected to the VPN tunnel.
192.168.0.1 The real gateway of the network I am in.
192.168.0.2 My real IP address.
10.0.0.2 My VPN tunnel IP allocated from the VPN server/VPN gateway.

My conf file for mpd5 is also show below.[2]

When I run mpd5, the log from command stops at
"[B1] IFACE: Add route 0.0.0.0/0 10.0.0.1 failed: File exists
[B1] IFACE: Up event"
in the log[1].

It said File exists, I think may be the route command in the mpd5 is something wrong or out-of-date?
But it seems not matter the whole procedure.
Then I do things as you suggest:

route add -inet 10.0.0.1/32 192.168.0.1
route delete -inet default
route add -inet default 10.0.0.1

The difference is that the IP of VPN server and IP of VPN-internal Gateway is the same.
I can check this because the log and ifconfig tell me the 10.0.0.2->10.0.0.1 and 10.0.0.1 is just the IP of my VPN server.

But it also gave complaint on File exists, so I remove the -inet from the command and do such things below:
route add 10.0.0.1/32 192.168.0.1
route delete default
route add default 10.0.0.1

It gave some complaint about "network unreachable" and when I ping to some IP, it said "Cannot allocate memory" or things like that, sorry for I can not remeber clearly.

Then after sometime the connection terminated automatically, it shows in the log[1].
Though I remember that I sai the timeout to 300, but it seems shorter than that time.

Should this a problem that I did not set the conf / route properly, or something else?

--Kemian




1, Log:
*********************************************************************
Multi-link PPP daemon for FreeBSD

process 1368 started, version 5.0rc2 (root@myCompaq 13:38 7- 1-2008)
[B1] Bundle: Interface ng0 created
Usage: set ipcp ranges {self}[/{width}] {peer}[/{width}]|ippool {pool}
[L1] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] Link: origination is local
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
ACCMAP 0x000a0000
MRU 1500
MAGICNUM 532336d8
[L1] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
ACCMAP 0x000a0000
MRU 1500
MAGICNUM 532336d8
[L1] LCP: rec'd Configure Reject #2 (Req-Sent)
PROTOCOMP
[L1] LCP: SendConfigReq #3
ACFCOMP
ACCMAP 0x000a0000
MRU 1500
MAGICNUM 532336d8
[L1] LCP: rec'd Configure Reject #3 (Req-Sent)
ACFCOMP
[L1] LCP: SendConfigReq #4
ACCMAP 0x000a0000
MRU 1500
MAGICNUM 532336d8
[L1] LCP: rec'd Configure Nak #4 (Req-Sent)
ACCMAP 0x000a0000
[L1] LCP: SendConfigReq #5
ACCMAP 0x000a0000
MRU 1500
MAGICNUM 532336d8
[L1] LCP: rec'd Configure Ack #5 (Req-Sent)
ACCMAP 0x000a0000
MRU 1500
MAGICNUM 532336d8
[L1] LCP: state change Req-Sent --> Ack-Rcvd
[L1] LCP: rec'd Configure Request #1 (Ack-Rcvd)
AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigAck #1
AUTHPROTO CHAP MSOFTv2
[L1] LCP: state change Ack-Rcvd --> Opened
[L1] LCP: auth: peer wants CHAP, I want nothing
[L1] LCP: LayerUp
[L1] CHAP: rec'd CHALLENGE #1 len: 21
Name: ""
Using authname "xxxxxxxx"
[L1] CHAP: sending RESPONSE #1 len: 62
[L1] CHAP: rec'd CHALLENGE #2 len: 21
Name: ""
Using authname "xxxxxxxx"
[L1] CHAP: sending RESPONSE #2 len: 62
[L1] CHAP: rec'd SUCCESS #2 len: 46
MESG: S=312864A319DEE71FF91EA1649774E8638125C042
[L1] LCP: authorization successful
[L1] Link: Matched action 'bundle "B1" ""'
[B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
[B1] IPCP: Open event
[B1] IPCP: state change Initial --> Starting
[B1] IPCP: LayerStart
[B1] CCP: Open event
[B1] CCP: state change Initial --> Starting
[B1] CCP: LayerStart
[B1] IPCP: Up event
[B1] IPCP: state change Starting --> Req-Sent
[B1] IPCP: SendConfigReq #1
IPADDR 192.168.0.2
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] CCP: Up event
[B1] CCP: state change Starting --> Req-Sent
[B1] CCP: SendConfigReq #1
MPPC
0x01000060:MPPE(40, 128 bits), stateless
[B1] IPCP: rec'd Configure Request #0 (Req-Sent)
IPADDR 10.0.0.1
10.0.0.1 is OK
[B1] IPCP: SendConfigAck #0
IPADDR 10.0.0.1
[B1] IPCP: state change Req-Sent --> Ack-Sent
[B1] CCP: rec'd Configure Request #0 (Req-Sent)
MPPC
0x01000061:MPPC, MPPE(40, 128 bits), stateless
[B1] CCP: SendConfigNak #0
MPPC
0x01000040:MPPE(128 bits), stateless
[B1] CCP: rec'd Configure Nak #1 (Req-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B1] CCP: SendConfigReq #2
MPPC
0x01000040:MPPE(128 bits), stateless
[B1] CCP: rec'd Configure Request #1 (Req-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B1] CCP: SendConfigAck #1
MPPC
0x01000040:MPPE(128 bits), stateless
[B1] CCP: state change Req-Sent --> Ack-Sent
[B1] CCP: rec'd Configure Ack #2 (Ack-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[B1] CCP: state change Ack-Sent --> Opened
[B1] CCP: LayerUp
Compress using: mppc (MPPE(128 bits), stateless)
Decompress using: mppc (MPPE(128 bits), stateless)
[B1] IPCP: SendConfigReq #2
IPADDR 192.168.0.2
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: rec'd Configure Reject #2 (Ack-Sent)
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: SendConfigReq #3
IPADDR 192.168.0.2
[B1] IPCP: rec'd Configure Nak #3 (Ack-Sent)
IPADDR 10.0.0.2
10.0.0.2 is OK
[B1] IPCP: SendConfigReq #4
IPADDR 10.0.0.2
[B1] IPCP: rec'd Configure Ack #4 (Ack-Sent)
IPADDR 10.0.0.2
[B1] IPCP: state change Ack-Sent --> Opened
[B1] IPCP: LayerUp
10.0.0.2 -> 10.0.0.1
[B1] IFACE: Add route 0.0.0.0/0 10.0.0.1 failed: File exists
[B1] IFACE: Up event
[L1] PPTP call terminated
[L1] Link: DOWN event
[L1] LCP: Down event
[L1] LCP: state change Opened --> Starting
[B1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
[B1] IPCP: Close event
[B1] IPCP: state change Opened --> Closing
[B1] IPCP: SendTerminateReq #5
[B1] IPCP: LayerDown
[B1] IFACE: Down event
[B1] CCP: Close event
[B1] CCP: state change Opened --> Closing
[B1] CCP: SendTerminateReq #3
[B1] CCP: LayerDown
[B1] IPCP: Down event
[B1] IPCP: LayerFinish
[B1] Bundle: No NCPs left. Closing links...
[B1] IPCP: state change Closing --> Initial
[B1] CCP: Down event
[B1] CCP: LayerFinish
[B1] CCP: state change Closing --> Initial
[L1] LCP: LayerDown
[L1] Link: reconnection attempt 1 in 3 seconds
caught fatal signal int
[B1] IFACE: Close event
[B1] IPCP: Close event
[B1] CCP: Close event
[L1] LCP: Close event
[L1] LCP: state change Starting --> Initial
[L1] LCP: LayerFinish
[B1] Bundle: Shutdown
[L1] Link: Shutdown
process 1368 terminated
***************************************************

2, mpd.Conf:
***************************************************
startup:


default:
load pptp_client

pptp_client:

create bundle static B1
set iface route default
set ipcp ranges 0.0.0.0/0


set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set bundle enable crypt-reqd
set mppc yes stateless

create link static L1 pptp
set link action bundle B1
set auth authname s0790948
set auth password shuimaoer222316
set link max-redial 0
set link mtu 1460
set link keep-alive 20 300
set pptp peer vpngate.net.ed.ac.uk
set pptp disable windowing
open
*****************************************************






"Cory Albrecht" <coryalbrecht@xxxxxxxxxxx> 写入消息 news:m8bc55x0se.ln2@xxxxxxxxxxxxxxxxxxxxxxxx
Kemian Dang wrote, on 2008/01/08 06:34:
I want use this VPN to connect the world, in another words, I am in a stricted network, and I can only use this VPN connection to get to the outside.

I want to route all the traffic through the VPN, so I think I should use "route flush" to remove the default and add "route add default vpn.server".

If you do a route flush, then you will remove all routes, including the route used by the packets to your VPN server.

Before you remove the original default gateway, from before starting the VPN, you will need to add a specific route to the VPN server after the VPN tunnel is up.

For example, say you are 192.168.1.2, your initial gateway is 192.168.1.1 and your VPN server is 10.0.0.1, and after the VPN tunnel is up it's tunnel device is 172.16.0.2 and the VPN-internal gateway is 172.16.0.1. You need to have you commands similar to the following:

route add -inet 10.0.0.1/32 192.168.1.1
route delete -inet default
route add -inet default 172.16.0.1

The first line is to ensure that you still have a route to the VPN server for the tunnelled packets after you delete the initial default route. The third line sets up the new default route through the VPN.


It seems the problem, because if I do not connect to the real link, I can not use the VPN. I am a little confused...

Should I add "route add previous.gateway vpn.server" to make this work?

--Kemian

"Mike Tancsa" <mike@xxxxxxxxxx> ???? news:tsj5o35c9cg76ksb2qtilb6lcbrijtfg68@xxxxxxxxxx
On Mon, 7 Jan 2008 20:17:55 -0000, "Kemian Dang" <K.dang@xxxxxxxxxxxx>
wrote:

Then I do "route flush" to remove the previous default route, and "route add
default address.of.server"

I dont think you want to do a route flush. This will kill your
default route, and then you pptp connection wont be up anymore. If
there is a subet on the other side you want to reach (e.g
192.168.0.0/24), add that route to the other side of the ng interface.

eg if your ng0 interface is
172.13.14.154 --> 172.13.14.33

try
route add 192.168.0.0/24 172.13.14.33

---Mike


It said the server is unreacheble, though I can find it when I do
"netstat -r".

But I can not get a response from ping to any host...

So, I do not know whether my wayu of set route is wrong or I should do
something else to get the connect?



"Mike Tancsa" <mike@xxxxxxxxxx> ????
news:6ql2o3t2a5oaps145gsgnncgdqd3uukups@xxxxxxxxxx
On Sun, 6 Jan 2008 15:55:19 -0000, "Kemian Dang" <K.dang@xxxxxxxxxxxx>
wrote:

Hi, there,

I run a FreeBSD 7.0 RC1 box and I want to connect to the VPN server.
The server gives instructions on how to connect using pptp of Windows and
I
can connect using Windows.

Try using mpd4 from the ports. It works very well as a PPTP client or
server.

---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
mike@xxxxxxxxxx, (http://www.tancsa.com)

--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
mike@xxxxxxxxxx, (http://www.tancsa.com)




.

Relevant Pages

  • Re: Using pptp as VPN on FB7
    ... is the address of the VPN server, it is also the IP address of VPN gateway when I connected to the VPN tunnel. ... I think may be the route command in the mpd5 is something wrong or out-of-date? ... IPCP: LayerStart ... CCP: LayerStart ...
    (comp.unix.bsd.freebsd.misc)
  • Re: net/mpd4: Unable to pass pass traffic as pptp client
    ... I'm trying to use mpd4 to connect my work's Cisco VPN concentrator. ... set ipcp enable req-pri-dns ... set ccp yes mpp-e40 ... LCP: LayerStart ...
    (freebsd-net)
  • net/mpd4: Unable to pass pass traffic as pptp client
    ... I'm trying to use mpd4 to connect my work's Cisco VPN concentrator. ... set ipcp enable req-pri-dns ... set ccp yes mpp-e40 ... LCP: LayerStart ...
    (freebsd-net)
  • Problems with mpd on FreeBSD 5.2
    ... I can't connect to VPN server on my ISP. ... CCP: LayerDown ... failed to negotiate required encryption ... IPCP: LayerFinish ...
    (freebsd-questions)
  • Re: VPN Routing Problem
    ... "route print" showed the absence of any path for 172.16.200.0 traffic, which of course is why it was getting routed through the default gateway. ... Of course, when the VPN Server decides to allocate a different IP address to the client, I wonder if the route will once more fail? ... I can't put IP reservations onto the DCHP server associated with the VPN service, so can only influence the range of IP addresses given. ...
    (alt.os.windows-xp)