mpd- no ng_l2tp coming up
Da Rock
freebsd-net at herveybayaustralia.com.au
Thu Mar 17 06:45:46 UTC 2011
On 03/17/11 13:59, Mike Tancsa wrote:
> On 3/16/2011 9:32 PM, Da Rock wrote:
>
>> I'm running into all sorts of issues setting up l2tp networking. I think
>> I have the IPSEC part worked out, but testing parts at a time l2tp dies
>> in a hole.
>>
> Try without IPSEC first to make sure you have the l2tp portion correct.
> Also, make sure no firewall rules are getting in the way.
>
Check the last note- local net only atm for testing, though the result
is the same through the firewall and on the public net. IPSEC works (I
think), but has been bypassed to resolve the l2tp issues anyway. So the
only thing between the server and client is the local network.
> I have this simple mpd5 config file to act as an l2tp server in my test
> environment
>
>
> startup:
> # configure mpd users
> set user admin xxx admin
> # configure the console
> set console self 127.0.0.1 5005
> set console open
> # configure the web server
> set web self 192.168.255.254 5006
> set web open
> log +IPV6CP
> log +IPV6CP2
>
> default:
> load l2tpserver
>
>
>
> l2tpserver:
> # Define dynamic IP address pool.
> set ippool add pool1 xx.159.245.1 xx.159.245.5
> set ippool add pool1 10.241.241.20 10.241.241.99
> set ippool add rfc1918 172.11.22.140 172.11.22.180
>
>
>
> # Create clonable bundle template named B
> create bundle template B
> set iface idle 1800
> set iface enable tcpmssfix
> set ipcp disable vjcomp
> set bundle enable ipv6cp
> set ipcp deny vjcomp
> set ipcp ranges xx.43.128.6/32 ippool pool1
> set ipcp dns yy.211.164.51 zz.212.134.12
> #set ipcp nbns 127.0.0.1
> # Set bundle template to use
> create link template L l2tp
> set l2tp hostname sentex
> set l2tp disable dataseq
> set link action bundle B
> # Enable peer authentication
> set link disable eap
> set link enable pap
> set link disable acfcomp
> set link disable protocomp
> set link disable check-magic
> set link deny acfcomp
> set link keep-alive 10 60
> set link deny protocomp
> #load radius
> set link mtu 1492
> set link mru 1492
> set link enable incoming
> set link disable peer-as-calling
>
>
>
>
> For the client, mpd5 works with the following config
>
> l2tp_client:
> #
> # PPPoE client: only outgoing calls, auto reconnect,
> # ipcp-negotiated address, one-sided authentication,
> # default route points on ISP's end
> #
>
> create bundle static B1
> set iface route default
> set ipcp ranges 0.0.0.0/0 0.0.0.0/0
>
> create link static L1 l2tp
> set link action bundle B1
> set auth authname testaccount-in-mpd-secret-file
> set auth password thepass
> set link max-redial 0
> set link mtu 1460
> set link keep-alive 20 75
> set l2tp peer 64.7.128.195
> open
>
>
>
>> I also had an unscheduled reboot (power failure) and that showed up a
>> warning: "attempt to domain_add(netgraph) after domainfinalize()" which
>> I could never quite figure was fatal or not.
>>
> Thats ok. Its not an issue and is more informational than anything
>
Ok. So then my main question is going to be: when should I see a ng node
through ifconfig? Is it "enabled" (for want of a better term) when the
server is started, or once a connection is established? Is it the same
for mpd4 and mpd5?
And shouldn't I see something in the nglist as well?
>
>> It appears the control connection is setup and then fails for some
>> inexplicable reason. The client (android) logs show the same, but it is
>> definitely the server that kills the connection. Anything I've missed?
>>
> Make sure there are no firewall rules getting in the way. And if
> possible, use a client that you know "works". The above server works
> with Windows clients with IPSEC disabled. Start there, or with a
> FreeBSD client.
>
>
Windows "works"? Interesting premise :) Sorry, can't help myself...
I have now only got a "clean" network- FBSD only ;) so I'll have to try
with an mpd client then.
Thanks Mike, I'll be back with some more results soon- it will take time
to install mpd.
Cheers
More information about the freebsd-net
mailing list