VPN setup problem - proxy arp I think
Brent Wiese
brently at bjwcs.com
Wed Jul 9 23:08:50 PDT 2003
Set gateway="YES" in rc.conf and reboot.
Then look into ipfw so you don't end up passing bogus traffic.
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of
> Koroush Saraf
> Sent: Monday, June 30, 2003 7:09 PM
> To: freebsd-questions at FreeBSD.ORG
> Subject: VPN setup problem - proxy arp I think
>
>
>
>
>
> Hi all,
>
> I read the setup at
> http://www.blackh0le.net/articles/vpn-dun-howto.html to setup
> my VPN. However, I'm having a problem which I think is
> proxy-ARP not working. I like to ask you to see if you know
> what's going on. When I ping 10.77.1.1 from windows XP
> machine the packets get to the 10.77.1.1 machine, but they
> don't have a return path to get back. When I do ping the
> windows machine from 10.77.1.1 I get:
> ping: sendto: Host is down
>
> When I add static route to 10.77.1.1 the machines can talk to
> each other.
> (route add 10.77.1.50/32 10.77.1.2)
> But I don't think I need to setup a static route if Proxy ARP worked!
>
> I've included my config files in this email. Please note
> that the I get a message back saying "[pptp1] no interface to
> proxy arp on for 10.77.1.50" could this be my problem? how
> can I fix it? Thanks very much, ~koroush
>
>
> =========================
>
>
> I network looks as follows
>
> Freebsd 4.6
> IP 10.77.1.1/24
> |
> |
> fxp0:10.77.1.2/24
> Freebsd 4.8 (DELL2) (only 1 network card)
> ng0: 10.77.13
> |
> |
> Windows XP machine with tunnel.
> 10.77.1.50
>
>
>
> ==================
> Config files for Dell 2:
> DELL2# ifconfig -a
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 129.197.244.10 netmask 0xfffffff0 broadcast
> 129.197.244.15
> inet 10.0.0.249 netmask 0xffffff00 broadcast 10.0.0.255
> inet 10.77.1.2 netmask 0xffffff00 broadcast 10.77.1.255
> inet 10.77.2.2 netmask 0xffffff00 broadcast 10.77.2.255
> inet 10.77.3.2 netmask 0xffffff00 broadcast 10.77.3.255
> inet 10.77.4.2 netmask 0xffffff00 broadcast 10.77.4.255
> inet 10.77.5.2 netmask 0xffffff00 broadcast 10.77.5.255
> ether 00:07:e9:87:ca:4f
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> inet 127.0.0.1 netmask 0xff000000
> lo1: flags=8008<LOOPBACK,MULTICAST> mtu 16384
> ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
> faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
> ng0:
> flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1256
> inet 10.77.1.2 --> 10.77.1.50 netmask 0xffffffff
> ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng2: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng3: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
> ng4: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
>
> ===============
>
> DELL2# pwd
> /usr/local/etc/mpd
> DELL2# cat mpd.conf
> default:
> load client1
> load client2
> load client3
> load client4
> load client5
>
> pptp_common_settings:
> set link type pptp
> set pptp enable incoming
> set pptp disable originate
> set iface disable on-demand
> set iface enable proxy-arp
> # set iface idle 1800
> set bundle enable multilink
> set link yes acfcomp protocomp
> set link no pap chap
> set link enable chap
> # set link keep-alive 10 60
> set link mtu 1260
> set ipcp yes vjcomp
> # set ipcp ranges 10.77.1.1/32 10.77.1.50/32
> # set ipcp dns 10.77.1.1
> # set ipcp nbns 10.77.1.1
> set bundle enable compression
> set ccp yes mppc
> set ccp yes mpp-e40
> # set ccp yes mpp-e128
> set ccp yes mpp-stateless
>
> client1:
> new -i ng0 pptp1 pptp1
> set ipcp range 10.77.1.2/24 10.77.1.50/24
> load pptp_common_settings
>
> client2:
> new -i ng1 pptp2 pptp2
> set ipcp range 10.77.2.2/32 10.77.2.50/32
> load pptp_common_settings
>
> client3:
> new -i ng2 pptp3 pptp3
> set ipcp range 10.77.3.3/32 10.77.3.50/32
> load pptp_common_settings
>
> client4:
> new -i ng3 pptp4 pptp4
> set ipcp range 10.77.4.3/32 10.77.4.50/32
> load pptp_common_settings
>
> client5:
> new -i ng4 pptp5 pptp5
> set ipcp range 10.77.5.3/32 10.77.5.50/32
> load pptp_common_settings
>
> DELL2#
> =====================
> DELL2# cat mpd.secret
> demo1 "demo1" 10.77.1.50/24
> demo2 "demo2" 10.77.2.50/24
> demo3 "demo3" 10.77.3.50/24
> demo4 "demo4" 10.77.4.50/24
> demo5 "demo5" 10.77.5.50/24
>
> ========RUN TIME ========
>
> DELL2# mdp default
> mdp: Command not found.
> DELL2# mpd default
> Multi-link PPP for FreeBSD, by Archie L. Cobbs.
> Based on iij-ppp, by Toshiharu OHNO.
> mpd: pid 281, version 3.13 (root at DELL2.lmms.lmco.com 09:44
> 23-Jun-2003) [pptp1] ppp node is "mpd281-pptp1"
> mpd: local IP address for PPTP is 129.197.244.10
> [pptp1] using interface ng0
> [pptp1] device type already set to pptp
> [pptp2] ppp node is "mpd281-pptp2"
> [pptp2] using interface ng1
> [pptp2] device type already set to pptp
> [pptp3] ppp node is "mpd281-pptp3"
> [pptp3] using interface ng2
> [pptp3] device type already set to pptp
> [pptp4] ppp node is "mpd281-pptp4"
> [pptp4] using interface ng3
> [pptp4] device type already set to pptp
> [pptp5] ppp node is "mpd281-pptp5"
> [pptp5] using interface ng4
> [pptp5] device type already set to pptp
> [pptp5:pptp5] mpd: PPTP connection from 129.197.244.12:1127
> pptp0: attached to connection with 129.197.244.12:1127
> [pptp1] IFACE: Open event
> [pptp1] IPCP: Open event
> [pptp1] IPCP: state change Initial --> Starting
> [pptp1] IPCP: LayerStart
> [pptp1] IPCP: Open event
> [pptp1] bundle: OPEN event in state CLOSED
> [pptp1] opening link "pptp1"...
> [pptp1] link: OPEN event
> [pptp1] LCP: Open event
> [pptp1] LCP: state change Initial --> Starting
> [pptp1] LCP: LayerStart
> [pptp1] device: OPEN event in state DOWN
> [pptp1] attaching to peer's outgoing call
> [pptp1] device is now in state OPENING
> [pptp1] device: UP event in state OPENING
> [pptp1] device is now in state UP
> [pptp1] link: UP event
> [pptp1] link: origination is remote
> [pptp1] LCP: Up event
> [pptp1] LCP: state change Starting --> Req-Sent
> [pptp1] LCP: phase shift DEAD --> ESTABLISH
> [pptp1] LCP: SendConfigReq #1
> ACFCOMP
> PROTOCOMP
> MRU 1500
> MAGICNUM 5611757b
> AUTHPROTO CHAP MSOFTv2
> MP MRRU 1600
> MP SHORTSEQ
> ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f
> pptp0-0: ignoring SetLinkInfo
> [pptp1] LCP: rec'd Configure Request #0 link 0 (Req-Sent)
> MRU 1400
> MAGICNUM 4d905023
> PROTOCOMP
> ACFCOMP
> CALLBACK
> Not supported
> [pptp1] LCP: SendConfigRej #0
> CALLBACK
> [pptp1] LCP: rec'd Configure Request #1 link 0 (Req-Sent)
> MRU 1400
> MAGICNUM 4d905023
> PROTOCOMP
> ACFCOMP
> [pptp1] LCP: SendConfigAck #1
> MRU 1400
> MAGICNUM 4d905023
> PROTOCOMP
> ACFCOMP
> [pptp1] LCP: state change Req-Sent --> Ack-Sent
> [pptp1] LCP: SendConfigReq #2
> ACFCOMP
> PROTOCOMP
> MRU 1500
> MAGICNUM 5611757b
> AUTHPROTO CHAP MSOFTv2
> MP MRRU 1600
> MP SHORTSEQ
> ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f
> [pptp1] LCP: rec'd Configure Reject #2 link 0 (Ack-Sent)
> MP MRRU 1600
> MP SHORTSEQ
> ENDPOINTDISC [802.1] 00 07 e9 87 ca 4f
> [pptp1] LCP: SendConfigReq #3
> ACFCOMP
> PROTOCOMP
> MRU 1500
> MAGICNUM 5611757b
> AUTHPROTO CHAP MSOFTv2
> [pptp1] LCP: rec'd Configure Ack #3 link 0 (Ack-Sent)
> ACFCOMP
> PROTOCOMP
> MRU 1500
> MAGICNUM 5611757b
> AUTHPROTO CHAP MSOFTv2
> [pptp1] LCP: state change Ack-Sent --> Opened
> [pptp1] LCP: phase shift ESTABLISH --> AUTHENTICATE
> [pptp1] LCP: auth: peer wants nothing, I want CHAP
> [pptp1] CHAP: sending CHALLENGE
> [pptp1] LCP: LayerUp
> [pptp1] LCP: rec'd Ident #2 link 0 (Opened)
> MESG: MSRASV5.10
> pptp0-0: ignoring SetLinkInfo
> [pptp1] LCP: rec'd Ident #3 link 0 (Opened)
> MESG: MSRAS-1-DELL4
> [pptp1] CHAP: rec'd RESPONSE #1
> Name: "demo1"
> Peer name: "demo1"
> Response is valid
> [pptp1] CHAP: sending SUCCESS
> [pptp1] LCP: authorization successful
> [pptp1] LCP: phase shift AUTHENTICATE --> NETWORK
> [pptp1] setting interface ng0 MTU to 1260 bytes
> [pptp1] up: 1 link, total bandwidth 64000 bps
> [pptp1] IPCP: Up event
> [pptp1] IPCP: state change Starting --> Req-Sent
> [pptp1] IPCP: SendConfigReq #1
> IPADDR 10.77.1.2
> COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
> [pptp1] CCP: Open event
> [pptp1] CCP: state change Initial --> Starting
> [pptp1] CCP: LayerStart
> [pptp1] CCP: Up event
> [pptp1] CCP: state change Starting --> Req-Sent
> [pptp1] CCP: SendConfigReq #1
> MPPC
> 0x01000020: MPPE, 40 bit, stateless
> [pptp1] CCP: rec'd Configure Request #4 link 0 (Req-Sent)
> MPPC
> 0x01000001: MPPC
> [pptp1] CCP: SendConfigNak #4
> MPPC
> 0x01000020: MPPE, 40 bit, stateless
> [pptp1] IPCP: rec'd Configure Request #5 link 0 (Req-Sent)
> IPADDR 0.0.0.0
> NAKing with 10.77.1.50
> PRIDNS 0.0.0.0
> PRINBNS 0.0.0.0
> SECDNS 0.0.0.0
> SECNBNS 0.0.0.0
> [pptp1] IPCP: SendConfigRej #5
> PRIDNS 0.0.0.0
> PRINBNS 0.0.0.0
> SECDNS 0.0.0.0
> SECNBNS 0.0.0.0
> [pptp1] IPCP: rec'd Configure Reject #1 link 0 (Req-Sent)
> COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [pptp1]
> IPCP: SendConfigReq #2 IPADDR 10.77.1.2 [pptp1] CCP: rec'd
> Configure Ack #1 link 0 (Req-Sent) MPPC
> 0x01000020: MPPE, 40 bit, stateless
> [pptp1] CCP: state change Req-Sent --> Ack-Rcvd
> [pptp1] CCP: rec'd Configure Request #6 link 0 (Ack-Rcvd)
> MPPC
> 0x01000020: MPPE, 40 bit, stateless
> [pptp1] CCP: SendConfigAck #6
> MPPC
> 0x01000020: MPPE, 40 bit, stateless
> [pptp1] CCP: state change Ack-Rcvd --> Opened
> [pptp1] CCP: LayerUp
> Compress using: MPPE, 40 bit, stateless
> Decompress using: MPPE, 40 bit, stateless
> [pptp1] setting interface ng0 MTU to 1256 bytes
> [pptp1] IPCP: rec'd Configure Request #7 link 0 (Req-Sent)
> IPADDR 0.0.0.0
> NAKing with 10.77.1.50
> [pptp1] IPCP: SendConfigNak #7
> IPADDR 10.77.1.50
> [pptp1] IPCP: rec'd Configure Ack #2 link 0 (Req-Sent)
> IPADDR 10.77.1.2
> [pptp1] IPCP: state change Req-Sent --> Ack-Rcvd
> [pptp1] IPCP: rec'd Configure Request #8 link 0 (Ack-Rcvd)
> IPADDR 10.77.1.50
> 10.77.1.50 is OK
> [pptp1] IPCP: SendConfigAck #8
> IPADDR 10.77.1.50
> [pptp1] IPCP: state change Ack-Rcvd --> Opened
> [pptp1] IPCP: LayerUp
> 10.77.1.2 -> 10.77.1.50
> [pptp1] IFACE: Up event
> [pptp1] setting interface ng0 MTU to 1256 bytes
> [pptp1] exec: /sbin/ifconfig ng0 10.77.1.2 10.77.1.50 netmask
> 0xffffffff -link0 [pptp1] no interface to proxy arp on for
> 10.77.1.50 [pptp1] exec: /sbin/route add 10.77.1.2 -iface lo0
> [pptp1] IFACE: Up event
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-> questions
>
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>
More information about the freebsd-questions
mailing list