pptpclient vpn connection with FreeBSD 6.0-BETA4

G B bsd-daemon at spray.se
Mon Sep 12 03:49:36 PDT 2005 

Hello all,
I'm trying to connect a FreeBSD client computer to a Watchguard company firewall that only has PPTP VPN connectivity.

# uname -sr
FreeBSD 6.0-BETA4

pptpclient 1.7.0 + patch-aa and patch-ac from ports (also tried the older 1.5.0 from ports)

/etc/ppp/ppp.conf
company:
 set authname username
 set authkey password
 set timeout 0
 set ifaddr 0 0
 add 192.168.100.0/24 HISADDR
 disable ipv6cp

/var/log/messages
Sep 12 11:35:30 thinkpad pptp[819]: anon log[main:pptp.c:267]: The synchronous pptp option is NOT activated
Sep 12 11:35:30 thinkpad pptp[822]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Sep 12 11:35:30 thinkpad pptp[822]: anon log[ctrlp_disp:pptp_ctrl.c:738]: Received Start Control Connection Reply
Sep 12 11:35:30 thinkpad pptp[822]: anon log[ctrlp_disp:pptp_ctrl.c:772]: Client connection established.
Sep 12 11:35:31 thinkpad pptp[822]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Sep 12 11:35:31 thinkpad pptp[822]: anon log[ctrlp_disp:pptp_ctrl.c:857]: Received Outgoing Call Reply.
Sep 12 11:35:31 thinkpad pptp[822]: anon log[ctrlp_disp:pptp_ctrl.c:896]: Outgoing call established (call ID 0, peer's call ID 1).
Sep 12 11:35:34 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 1
Sep 12 11:35:34 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 2
Sep 12 11:35:34 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 3
Sep 12 11:35:34 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 4
Sep 12 11:35:34 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 5
Sep 12 11:35:34 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 6
Sep 12 11:35:35 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 7
Sep 12 11:35:35 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 8
Sep 12 11:35:35 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 9
Sep 12 11:35:35 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 10
Sep 12 11:35:35 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 11
Sep 12 11:35:35 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 12
Sep 12 11:35:35 thinkpad pptp[823]: anon log[decaps_gre:pptp_gre.c:388]: accepting packet 13
Sep 12 11:36:31 thinkpad pptp[822]: anon log[logecho:pptp_ctrl.c:676]: Echo Reply received.
Sep 12 11:37:31 thinkpad pptp[822]: anon log[logecho:pptp_ctrl.c:676]: Echo Reply received.
Sep 12 11:39:31 thinkpad last message repeated 2 times

/var/log/ppp.log
Sep 12 11:35:32 thinkpad ppp[819]: Phase: Using interface: tun0
Sep 12 11:35:32 thinkpad ppp[819]: Phase: deflink: Created in closed state
Sep 12 11:35:32 thinkpad ppp[819]: Phase: PPP Started (direct mode).
Sep 12 11:35:32 thinkpad ppp[819]: Phase: bundle: Establish
Sep 12 11:35:32 thinkpad ppp[819]: Phase: deflink: closed -> opening
Sep 12 11:35:32 thinkpad ppp[819]: Phase: deflink: Connected!
Sep 12 11:35:32 thinkpad ppp[819]: Phase: deflink: opening -> carrier
Sep 12 11:35:33 thinkpad ppp[819]: Phase: deflink: carrier -> lcp
Sep 12 11:35:34 thinkpad ppp[819]: Phase: bundle: Authenticate
Sep 12 11:35:34 thinkpad ppp[819]: Phase: deflink: his = CHAP 0x81, mine = none
Sep 12 11:35:34 thinkpad ppp[819]: Phase: Chap Input: CHALLENGE (16 bytes from watchguard)
Sep 12 11:35:34 thinkpad ppp[819]: Phase: Chap Output: RESPONSE (username)
Sep 12 11:35:34 thinkpad ppp[819]: Phase: Chap Input: SUCCESS (S=XXXXXXXXXXXXXXXXXXXXXXXXX)
Sep 12 11:35:34 thinkpad ppp[819]: Phase: deflink: lcp -> open
Sep 12 11:35:34 thinkpad ppp[819]: Phase: bundle: Network

# ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 336
        inet 192.168.100.242 --> 192.168.100.1 netmask 0xffffffff
        Opened by PID 819

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            213.199.xx.xx      UGS         0       81   fxp0
127.0.0.1          127.0.0.1          UH          0       10    lo0
192.168.100        192.168.100.1      UGS         0       12   tun0
192.168.100.1      192.168.100.242    UH          1       18   tun0
213.199.xx         link#2             UC          0        0   fxp0
213.199.xx.xx      00:00:0c:xx:xx:xx  UHLW        2        0   fxp0    577

So the tunnel seems to be up, but there seems to be no traffic reaching the other side:
# ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1): 56 data bytes
^C
--- 192.168.100.1 ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss

Is pptp broken on FreeBSD 6.x or is there another problem?
FWIW the connection works from another computer running Mac OS X 10.3

More information about the freebsd-net mailing list