Connecting to VPN Concentrator

nanard nanard at crystunix.com
Fri Nov 21 13:25:02 PST 2003 

Hi Eric,

Ok i ve the same configuration on my FreeBSD server.

But on the FreeBSD client, i was using pptp:

crysto# pkg_info|grep pptp
pptpclient-1.3.1    PPTP client for establishing a VPN link with an NT
server


So, now, i m trying to connect the client with MPD.

But i didn't find the public adress of the VPN server in the mpd.conf.

> And on my client:
> default:
>          load work
>
> work:
>       new -i ng1 ms-pptp work
>       set log +pptp +pptp2 +pptp3 +lcp +auth
>          set ipcp ranges 0.0.0.0/0 0.0.0.0/0
>          set ipcp yes vjcomp
>          set ipcp dns 10.x.y.5 10.x.y.6
>          set ipcp enable req-pri-dns req-sec-dns
>          set link disable chap pap
>          set link accept chap
>          set link yes acfcomp protocomp
>          set iface idle 0
>          set bundle enable multilink
>          set bundle yes crypt-reqd
>          set bundle enable compression
>          #set link enable no-orig-auth
>          set link keep-alive 60 600
>          set ccp yes mppc
>          set ccp enable mpp-compress
>          set ccp yes mpp-e40
>          set ccp yes mpp-e56
>          set ccp yes mpp-e128
>          set ccp yes mpp-stateless
>          set iface route 10.x.y.0/24
>          set iface route 10.x.z.0/24
>          set bundle authname "username"
>          set bundle password "mypassword"
>          set iface disable on-demand
>          set link max-redial 9
>          set iface mtu 1400
>          open iface
>
>
> Then to start the connection, I run:
> # mpd work
>
> Once the connection is made, you should be running..


Where do you specify xxx.yyy.zzz.123 in the mpd configuration of the freebsd
client ? mpd.links ?

Thanks in advance.

Regards,

Nicolas


----- Original Message -----
From: "Eric Anderson" <anderson at centtech.com>
To: "nanard" <nanard at tou.nu>
Cc: <freebsd-isp at freebsd.org>
Sent: Friday, November 21, 2003 10:06 PM
Subject: Re: Connecting to VPN Concentrator


> nanard wrote:
>
> >Hi Eric,
> >
> >
> >
> >>In a previous email to this list, I thought you were asking how to
> >>connect FreeBSD and windows clients to  a VPN server (of any kind,
> >>possibly FreeBSD)?  If that's what you want, I can help you with that..
> >>
> >>
> >
> >Yes, i installed a VPN server on FreeBSD 4.9 with MPD. (and SaMBa in a
jail
> >of the server for the VPN user only).
> >
> >I managed to connect Windows users to it.
> >But I didn't manage to connect FreeBSD client to it (using pptp-client).
> >The connexion works but nothing go though the tunnel (i did nothing in
ipf)
> >and after 170 sec, the client close the connexion.
> >(i think because of idle  ?). Maybe there is something wrong with my
route.
> >I don't know
> >
> >
> I put my config blurbs below.. maybe that will help.. if not, let me
know..
>
> >But now, i ve a VPN concentrator server (CISCO 3000) and i've some
clients
> >who would  like to connect from FreeBSD.
> >I don't know if it s possible so, i m asking now here.
> >
> >
> I believe it is, but I'm not sure that mpd will do it.. I think the
> Cisco's use IPSEC, not pptp..
>
> >For my last question in this list, i m open to know how do you use mpd as
> >client to connect FreeBSD to FreeBSD MPD server.
> >
> >Thanks in advance.
> >
> >Nicolas
> >
> >OS: FreeBSD 4.9
> >
> >Configuration of the FreeBSD client :
> >
> >crysto$ cat /etc/ppp/ppp.conf
> >TEST:
> >        set authname nanard
> >        set authkey ******
> >        set timeout 0
> >        set ifaddr 0 0
> >        add 192.168.0.142/24 HISADDR
> >        alias enable yes
> >
> >
> ppp.conf?  Hmm.. I use mpd.conf on my client.. (shown below)
>
> >When i launch :
> >
> ># pptp XX.YY.ZZ.AA TEST
> >
> is pptp a command for you?  I don't have that command..
>
> >
> >tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1498
> >        inet 192.168.0.142 --> XX.YY.ZZ.AA netmask 0xffffffff
> >        Opened by PID 24918
> >
> >$ ping 192.168.0.142
> >PING 192.168.0.142 (192.168.0.142): 56 data bytes
> >ping: sendto: No route to host
> >ping: sendto: No route to host
> >^C
> >
> >
> >
> [..snip..]
>
> Ok, here's my configuration for the server:
> /usr/local/etc/mpd/mpd.conf: (10.x.y.50 is the internal IP of the vpn
> server, and 10.x.y.100/101 are the IPs that are assigned to the vpn
> connections once established)
> #####################
> default:
>         load client0
>         load client1
>
> client0:
>         new -i ng0 pptp0 pptp0
>         set ipcp ranges 10.x.y.50/32 10.x.y.100/32
>         load pptp_standard
>
> client1:
>         new -i ng1 pptp1 pptp1
>         set ipcp ranges 10.x.y.50/32 10.x.y.101/32
>         load pptp_standard
>
> pptp_standard:
>         set iface disable on-demand
>         set iface enable proxy-arp
>         set iface idle 3600
>         set iface mtu 1400
>         set bundle disable multilink
>         set bundle yes crypt-reqd
>         set bundle enable compression
>         set link no pap chap
>         set link enable chap
>         set link keep-alive 60 600
>         set link mtu 1400
>         set ipcp yes vjcomp
>         set ipcp dns 10.x.y.5 10.x.y.6
>        #nbns is for the WINs numbers for windows users
>         set ipcp nbns 10.x.y.7 10.x.y.8
>         set ccp yes mppc
>         set ccp enable mpp-compress
>         set ccp yes mpp-e40
>         set ccp yes mpp-e56
>         set ccp yes mpp-e128
>         set ccp yes mpp-stateless
> #####################
>
> /usr/local/etc/mpd/mpd.links:
> (xxx.yyy.zzz.123 is my external IP on the FreeBSD VPN server)
> #####################
> pptp0:
>         set link type pptp
>         set pptp self xxx.yyy.zzz.123
>         set pptp enable incoming
>         set pptp disable originate
>
> pptp1:
>         set link type pptp
>         set pptp self xxx.yyy.zzz.123
>         set pptp enable incoming
>         set pptp disable originate
> #####################
>
> /usr/local/mpd/mpd.secret:
> #####################
> username                     "mypassword"
>
> And on my client:
> default:
>          load work
>
> work:
>       new -i ng1 ms-pptp work
>       set log +pptp +pptp2 +pptp3 +lcp +auth
>          set ipcp ranges 0.0.0.0/0 0.0.0.0/0
>          set ipcp yes vjcomp
>          set ipcp dns 10.x.y.5 10.x.y.6
>          set ipcp enable req-pri-dns req-sec-dns
>          set link disable chap pap
>          set link accept chap
>          set link yes acfcomp protocomp
>          set iface idle 0
>          set bundle enable multilink
>          set bundle yes crypt-reqd
>          set bundle enable compression
>          #set link enable no-orig-auth
>          set link keep-alive 60 600
>          set ccp yes mppc
>          set ccp enable mpp-compress
>          set ccp yes mpp-e40
>          set ccp yes mpp-e56
>          set ccp yes mpp-e128
>          set ccp yes mpp-stateless
>          set iface route 10.x.y.0/24
>          set iface route 10.x.z.0/24
>          set bundle authname "username"
>          set bundle password "mypassword"
>          set iface disable on-demand
>          set link max-redial 9
>          set iface mtu 1400
>          open iface
>
>
> Then to start the connection, I run:
> # mpd work
>
> Once the connection is made, you should be running..
>
> Eric
>
>
>
>
> --
> ------------------------------------------------------------------
> Eric Anderson    Systems Administrator      Centaur Technology
> All generalizations are false, including this one.
> ------------------------------------------------------------------
>
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>

More information about the freebsd-isp mailing list