Connecting to VPN Concentrator

Eric Anderson anderson at centtech.com
Fri Nov 21 13:06:55 PST 2003 

nanard wrote:

>Hi Eric,
>
>  
>
>>In a previous email to this list, I thought you were asking how to
>>connect FreeBSD and windows clients to  a VPN server (of any kind,
>>possibly FreeBSD)?  If that's what you want, I can help you with that..
>>    
>>
>
>Yes, i installed a VPN server on FreeBSD 4.9 with MPD. (and SaMBa in a jail
>of the server for the VPN user only).
>
>I managed to connect Windows users to it.
>But I didn't manage to connect FreeBSD client to it (using pptp-client).
>The connexion works but nothing go though the tunnel (i did nothing in ipf)
>and after 170 sec, the client close the connexion.
>(i think because of idle  ?). Maybe there is something wrong with my route.
>I don't know
>  
>
I put my config blurbs below.. maybe that will help.. if not, let me know..

>But now, i ve a VPN concentrator server (CISCO 3000) and i've some clients
>who would  like to connect from FreeBSD.
>I don't know if it s possible so, i m asking now here.
>  
>
I believe it is, but I'm not sure that mpd will do it.. I think the 
Cisco's use IPSEC, not pptp..

>For my last question in this list, i m open to know how do you use mpd as
>client to connect FreeBSD to FreeBSD MPD server.
>
>Thanks in advance.
>
>Nicolas
>
>OS: FreeBSD 4.9
>
>Configuration of the FreeBSD client :
>
>crysto$ cat /etc/ppp/ppp.conf
>TEST:
>        set authname nanard
>        set authkey ******
>        set timeout 0
>        set ifaddr 0 0
>        add 192.168.0.142/24 HISADDR
>        alias enable yes
>  
>
ppp.conf?  Hmm.. I use mpd.conf on my client.. (shown below)

>When i launch :
>
># pptp XX.YY.ZZ.AA TEST
>
is pptp a command for you?  I don't have that command..

>
>tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1498
>        inet 192.168.0.142 --> XX.YY.ZZ.AA netmask 0xffffffff
>        Opened by PID 24918
>
>$ ping 192.168.0.142
>PING 192.168.0.142 (192.168.0.142): 56 data bytes
>ping: sendto: No route to host
>ping: sendto: No route to host
>^C
>
>  
>
[..snip..]

Ok, here's my configuration for the server:
/usr/local/etc/mpd/mpd.conf: (10.x.y.50 is the internal IP of the vpn 
server, and 10.x.y.100/101 are the IPs that are assigned to the vpn 
connections once established)
#####################
default:
        load client0
        load client1

client0:
        new -i ng0 pptp0 pptp0
        set ipcp ranges 10.x.y.50/32 10.x.y.100/32
        load pptp_standard

client1:
        new -i ng1 pptp1 pptp1
        set ipcp ranges 10.x.y.50/32 10.x.y.101/32
        load pptp_standard

pptp_standard:
        set iface disable on-demand
        set iface enable proxy-arp
        set iface idle 3600
        set iface mtu 1400
        set bundle disable multilink
        set bundle yes crypt-reqd
        set bundle enable compression
        set link no pap chap
        set link enable chap 
        set link keep-alive 60 600
        set link mtu 1400
        set ipcp yes vjcomp
        set ipcp dns 10.x.y.5 10.x.y.6
       #nbns is for the WINs numbers for windows users
        set ipcp nbns 10.x.y.7 10.x.y.8
        set ccp yes mppc
        set ccp enable mpp-compress
        set ccp yes mpp-e40
        set ccp yes mpp-e56
        set ccp yes mpp-e128
        set ccp yes mpp-stateless
#####################

/usr/local/etc/mpd/mpd.links:
(xxx.yyy.zzz.123 is my external IP on the FreeBSD VPN server)
#####################
pptp0:
        set link type pptp
        set pptp self xxx.yyy.zzz.123
        set pptp enable incoming
        set pptp disable originate

pptp1:
        set link type pptp
        set pptp self xxx.yyy.zzz.123
        set pptp enable incoming
        set pptp disable originate
#####################

/usr/local/mpd/mpd.secret:
#####################
username                     "mypassword"

And on my client:
default:
         load work

work:
      new -i ng1 ms-pptp work
      set log +pptp +pptp2 +pptp3 +lcp +auth
         set ipcp ranges 0.0.0.0/0 0.0.0.0/0
         set ipcp yes vjcomp
         set ipcp dns 10.x.y.5 10.x.y.6
         set ipcp enable req-pri-dns req-sec-dns
         set link disable chap pap
         set link accept chap
         set link yes acfcomp protocomp
         set iface idle 0
         set bundle enable multilink
         set bundle yes crypt-reqd
         set bundle enable compression
         #set link enable no-orig-auth
         set link keep-alive 60 600
         set ccp yes mppc
         set ccp enable mpp-compress
         set ccp yes mpp-e40
         set ccp yes mpp-e56
         set ccp yes mpp-e128
         set ccp yes mpp-stateless
         set iface route 10.x.y.0/24
         set iface route 10.x.z.0/24
         set bundle authname "username"
         set bundle password "mypassword"
         set iface disable on-demand
         set link max-redial 9
         set iface mtu 1400
         open iface


Then to start the connection, I run:
# mpd work

Once the connection is made, you should be running..

Eric




-- 
------------------------------------------------------------------
Eric Anderson	   Systems Administrator      Centaur Technology
All generalizations are false, including this one.
------------------------------------------------------------------

More information about the freebsd-isp mailing list