MPD problems connecting to a Cisco 3000 concentrator

Joe Marcus Clarke marcus at marcuscom.com
Sun Nov 9 16:16:29 PST 2003 

On Sun, 2003-11-09 at 18:37, Archie Cobbs wrote:
> Joe Marcus Clarke wrote:
> > I'm trying to establish an encrypted PPTP connection to a Cisco VPN
> > concentrator using mpd-3.14.  It works fine when I disable all
> > encryption, but with even 40-bit stateless, I get errors like:
> > 
> > [vpn] LCP: rec'd Protocol Reject #2 link 0 (Opened)
> > [vpn] LCP: protocol 0x32f7 was rejected
> > [vpn] LCP: rec'd Protocol Reject #10 link 0 (Opened)
> > [vpn] LCP: protocol 0xa785 was rejected
> > [vpn] LCP: rec'd Protocol Reject #11 link 0 (Opened)
> > [vpn] LCP: protocol 0x5a41 was rejected
> > [vpn] LCP: rec'd Protocol Reject #12 link 0 (Opened)
> > [vpn] LCP: protocol 0x5ceb was rejected
> 
> Almost certain that either the MPD side is incorrectly decrypting the
> packets or the Cisco side is incorrectly encrypting them. All known MPD
> bugs in this regard are fixed in the latest version of MPD & FreeBSD...
> try upgrading the Cisco box?? Or try MS-CHAPv1 instead of v2?

The packets aren't even going out on the wire, so the problem looks to
be on the mpd side encrypting the packets (that is, in my sniffer trace,
I never see any GRE packets going out to the concentrator).  All my
pings are sourced from the mpd client side.  Mpd-3.14 is the latest
version, correct? 

As for the CHAP, things work fine when using MS-CHAPv2 without
encryption (at least I thought that's what was being used).  I can try
MS-CHAPv1, but what I'm really trying to do is help Will with his PPTP
setup for access at school.  I have VPN 3000s in my lab that I can do
just about anything I want to, but Will has no access to his
concentrator.  Since the concentrator terminates Windows VPN sessions
correctly, is there anything else on the mpd side I can look at?  Thanks
for your help.

Joe

> 
> -Archie
> 
> __________________________________________________________________________
> Archie Cobbs     *    Halloo Communications    *     http://www.halloo.com
-- 
PGP Key : http://www.marcuscom.com/pgp.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20031109/6a7c1e87/attachment.bin

More information about the freebsd-questions mailing list