VPN remote access server (continue)

Tkachenko, Artem N artem.n.tkachenko at lmco.com
Tue Jul 1 19:29:44 PDT 2003 

Hi,

I have the fallowing picture:

Node1 ----------Internet----------Node2-----------LAN using IP

Node1:
Win2K
VPN connection using PPTP
IP (public) = 129.197.23.232

Node2: 
FreeBSD
VPN server (using MPD)
IP (public) = 129.197.244.6
IP (privet) = 10.77.5.2

LAN:
10.77.5/24

I set up a PPTP VPN connection between Node1 and Node2. Node1 gets privet IP
address 10.77.5.50. When I try to ping some computer on the LAN (not Node2)
with IP address 10.77.5.1 I know that computer gets the ping but does not
know how to get back to Node1. It might be a problem with the ARP because I
get an ARP error ([pptp1] no interface to proxy arp on for 10.77.5.50) when
I start MPD. I am not sure about this. And I don't know how to resolve this
problem. 
I have no control of 10.77.5/24 computers (except Node2) but I want those
computers to see Node1 when it connects trough Node2. How can I make
10.77.5/24 computers to send packets to Node2 when they want to send it to
Node1? Thank you very much for your help. Best regards

Artem Tkachenko

Here is some more info:

mpd.conf
default:
        load client1
        load client2
        load client3
        load client4
        load client5
        load client6
        load client7
        load client8
        load client9
        load client10
 
pptp_common_settings:
        set iface disable on-demand
        set iface enable proxy-arp
        set bundle enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
        set link mtu 1260
        set ipcp yes vjcomp
        set bundle enable compression
        set ccp yes mppc
        set ccp yes mpp-e40
        set ccp yes mpp-stateless
 
client1:
        new -i ng1 pptp1 pptp1
        set iface enable proxy-arp
        set ipcp range 10.77.5.2/32 10.77.5.50/32
        load pptp_common_settings
.
-------------------------------------------------

DELL2# mpd default
Multi-link PPP for FreeBSD, by Archie L. Cobbs.
Based on iij-ppp, by Toshiharu OHNO.
mpd: pid 3694, version 3.13 (root at DELL2.lmms.lmco.com 09:44 23-Jun-2003)
[pptp1] ppp node is "mpd3694-pptp1"
mpd: local IP address for PPTP is 129.197.244.10
[pptp1] using interface ng1
[pptp2] ppp node is "mpd3694-pptp2"
[pptp2] using interface ng2
.
[pptp10:pptp10] mpd: PPTP connection from 129.197.23.232:1254
pptp0: attached to connection with 129.197.23.232:1254
[pptp1] IFACE: Open event
[pptp1] IPCP: Open event
[pptp1] IPCP: state change Initial --> Starting
[pptp1] IPCP: LayerStart
[pptp1] IPCP: Open event
[pptp1] bundle: OPEN event in state CLOSED
[pptp1] opening link "pptp1"...
[pptp1] link: OPEN event
[pptp1] LCP: Open event
[pptp1] LCP: state change Initial --> Starting
[pptp1] LCP: LayerStart
[pptp1] device: OPEN event in state DOWN
[pptp1] attaching to peer's outgoing call
[pptp1] device is now in state OPENING
[pptp1] device: UP event in state OPENING
[pptp1] device is now in state UP
[pptp1] link: UP event
[pptp1] link: origination is remote
[pptp1] LCP: Up event
[pptp1] LCP: state change Starting --> Req-Sent
[pptp1] LCP: phase shift DEAD --> ESTABLISH
[pptp1] LCP: SendConfigReq #1
 ACFCOMP
 PROTOCOMP
 MRU 1500
 MAGICNUM 248388f6
 AUTHPROTO CHAP MSOFTv2
 MP MRRU 1600
 MP SHORTSEQ
 ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f
pptp0-0: ignoring SetLinkInfo
[pptp1] LCP: rec'd Configure Request #0 link 0 (Req-Sent)
 MAGICNUM 71ec1a47
 PROTOCOMP
 ACFCOMP
 CALLBACK
   Not supported
 MP MRRU 1614
 ENDPOINTDISC [LOCAL] 1f c1 5c 9a 42 93 47 f2 93 07 55 26 37 9c c1 10 00 00
00 08
[pptp1] LCP: SendConfigRej #0
 CALLBACK
[pptp1] LCP: rec'd Configure Request #1 link 0 (Req-Sent)
 MAGICNUM 71ec1a47
 PROTOCOMP
 ACFCOMP
 MP MRRU 1614
 ENDPOINTDISC [LOCAL] 1f c1 5c 9a 42 93 47 f2 93 07 55 26 37 9c c1 10 00 00
00 08
[pptp1] LCP: SendConfigNak #1
 MP MRRU 1600
[pptp1] LCP: rec'd Configure Request #2 link 0 (Req-Sent)
 MAGICNUM 71ec1a47
 PROTOCOMP
 ACFCOMP
 MP MRRU 1600
 ENDPOINTDISC [LOCAL] 1f c1 5c 9a 42 93 47 f2 93 07 55 26 37 9c c1 10 00 00
00 08
[pptp1] LCP: SendConfigAck #2
 MAGICNUM 71ec1a47
 PROTOCOMP
 ACFCOMP
 MP MRRU 1600
 ENDPOINTDISC [LOCAL] 1f c1 5c 9a 42 93 47 f2 93 07 55 26 37 9c c1 10 00 00
00 08
[pptp1] LCP: state change Req-Sent --> Ack-Sent
[pptp1] LCP: SendConfigReq #2
 ACFCOMP
 PROTOCOMP
 MRU 1500
 MAGICNUM 248388f6
 AUTHPROTO CHAP MSOFTv2
 MP MRRU 1600
 MP SHORTSEQ
 ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f
[pptp1] LCP: rec'd Configure Reject #2 link 0 (Ack-Sent)
 MP SHORTSEQ
[pptp1] LCP: SendConfigReq #3
 ACFCOMP
 PROTOCOMP
 MRU 1500
 MAGICNUM 248388f6
 AUTHPROTO CHAP MSOFTv2
 MP MRRU 1600
 ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f
pptp0-0: ignoring SetLinkInfo
[pptp1] LCP: rec'd Configure Ack #3 link 0 (Ack-Sent)
 ACFCOMP
 PROTOCOMP
 MRU 1500
 MAGICNUM 248388f6
 AUTHPROTO CHAP MSOFTv2
 MP MRRU 1600
 ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f
[pptp1] LCP: state change Ack-Sent --> Opened
[pptp1] LCP: phase shift ESTABLISH --> AUTHENTICATE
[pptp1] LCP: auth: peer wants nothing, I want CHAP
[pptp1] CHAP: sending CHALLENGE
[pptp1] LCP: LayerUp
[pptp1] LCP: rec'd Ident #3 link 0 (Opened)
 MESG: MSRASV5.00
[pptp1] LCP: rec'd Ident #4 link 0 (Opened)
 MESG: MSRAS-1-SVLWKLHPW2A
[pptp1] CHAP: rec'd RESPONSE #1
 Name: "demo5"
 Peer name: "demo5"
 Response is valid
[pptp1] CHAP: sending SUCCESS
[pptp1] LCP: authorization successful
[pptp1] LCP: phase shift AUTHENTICATE --> NETWORK
[pptp1] setting interface ng1 MTU to 1500 bytes
[pptp1] up: 1 link, total bandwidth 64000 bps
[pptp1] IPCP: Up event
[pptp1] IPCP: state change Starting --> Req-Sent
[pptp1] IPCP: SendConfigReq #1
 IPADDR 10.77.5.2
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[pptp1] CCP: Open event
[pptp1] CCP: state change Initial --> Starting
[pptp1] CCP: LayerStart
[pptp1] CCP: Up event
[pptp1] CCP: state change Starting --> Req-Sent
[pptp1] CCP: SendConfigReq #1
 MPPC
   0x01000020: MPPE, 40 bit, stateless
[pptp1] CCP: rec'd Configure Request #5 link 0 (Req-Sent)
 MPPC
   0x010000e1: MPPC MPPE, 40 bit, 56 bit, 128 bit, stateless
[pptp1] CCP: SendConfigNak #5
 MPPC
   0x01000020: MPPE, 40 bit, stateless
[pptp1] IPCP: rec'd Configure Request #6 link 0 (Req-Sent)
 IPADDR 0.0.0.0
   NAKing with 10.77.5.50
 PRIDNS 0.0.0.0
 PRINBNS 0.0.0.0
 SECDNS 0.0.0.0
 SECNBNS 0.0.0.0
[pptp1] IPCP: SendConfigRej #6
 PRIDNS 0.0.0.0
 PRINBNS 0.0.0.0
 SECDNS 0.0.0.0
 SECNBNS 0.0.0.0
[pptp1] IPCP: rec'd Configure Reject #1 link 0 (Req-Sent)
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[pptp1] IPCP: SendConfigReq #2
 IPADDR 10.77.5.2
[pptp1] CCP: rec'd Configure Ack #1 link 0 (Req-Sent)
 MPPC
   0x01000020: MPPE, 40 bit, stateless
[pptp1] CCP: state change Req-Sent --> Ack-Rcvd
[pptp1] CCP: rec'd Configure Request #7 link 0 (Ack-Rcvd)
 MPPC
   0x01000020: MPPE, 40 bit, stateless
[pptp1] CCP: SendConfigAck #7
 MPPC
   0x01000020: MPPE, 40 bit, stateless
[pptp1] CCP: state change Ack-Rcvd --> Opened
[pptp1] CCP: LayerUp
  Compress using: MPPE, 40 bit, stateless
Decompress using: MPPE, 40 bit, stateless
[pptp1] setting interface ng1 MTU to 1500 bytes
[pptp1] IPCP: rec'd Configure Request #8 link 0 (Req-Sent)
 IPADDR 0.0.0.0
   NAKing with 10.77.5.50
[pptp1] IPCP: SendConfigNak #8
 IPADDR 10.77.5.50
[pptp1] IPCP: rec'd Configure Ack #2 link 0 (Req-Sent)
 IPADDR 10.77.5.2
[pptp1] IPCP: state change Req-Sent --> Ack-Rcvd
[pptp1] IPCP: rec'd Configure Request #9 link 0 (Ack-Rcvd)
 IPADDR 10.77.5.50
   10.77.5.50 is OK
[pptp1] IPCP: SendConfigAck #9
 IPADDR 10.77.5.50
[pptp1] IPCP: state change Ack-Rcvd --> Opened
[pptp1] IPCP: LayerUp
  10.77.5.2 -> 10.77.5.50
[pptp1] IFACE: Up event
[pptp1] setting interface ng1 MTU to 1500 bytes
[pptp1] exec: /sbin/ifconfig ng1 10.77.5.2 10.77.5.50 netmask 0xffffffff
-link0
[pptp1] no interface to proxy arp on for 10.77.5.50
[pptp1] exec: /sbin/route add 10.77.5.2 -iface lo0
[pptp1] IFACE: Up event

More information about the freebsd-questions mailing list