mpd PPTP to Cisco 3000 VPN Concentrator routing problem
Chris Jones
cjones at gruntle.org
Wed Jan 7 23:49:15 PST 2004
Hi. I've gone over list archives and seen this issue discussed before,
but the sugggested solutions aren't working for me. I am using
mpd-3.15_1 on FreeBSD 4.9-STABLE to connect to a Cisco 3000 Series VPN
Concentrator. I have negotiated CHAP and MPPE and the ng0 interface
comes up, but when I try to do anything I get this:
$ ping 10.10.58.7
PING 10.10.58.7 (10.10.58.7): 56 data bytes
ping: sendto: Resource deadlock avoided
ping: sendto: No buffer space available
A little investigation showed that this is a known routing issue and
that it is possible to work around by re-addressing the ng0 interface
with the VPN concentrator's private IP and set a default route to it. I
did this, but I still have the same problem. :(
Does anyone see what I am doing wrong here? Below are my routing table
and ifconfig before running mpd, after running mpd, and after running
the "fix". Below that is my mpd.conf and its output (verbose).
I appreciate any help on this, I've been going crazy trying to figure
out what I'm doing wrong. I can get it to work using the OSX PPTP
client, but not mpd.
- Chris
VPN External IP: C.O.R.P
VPN Interal IP: 10.10.58.7
*** before running mpd
Destination Gateway Flags Refs Use Netif Expire
default 192.168.131.254 UGS 0 0 de0
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.131 link#1 UC 0 0 de0
192.168.131.254 00:00:0f:00:00:00 UHLW 1 0 de0 36
*** after running mpd
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1494
inet 10.10.58.156 --> C.O.R.P netmask 0xffffffff
inet6 fe80::203:ffff:fe73:504c%ng0 prefixlen 64 scopeid 0x3
Destination Gateway Flags Refs Use Netif Expire
default 192.168.131.254 UGS 0 30 de0
10.10.58.156 lo0 UHS 0 0 lo0
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.131 link#1 UC 0 0 de0
192.168.131.254 00:00:0f:00:00:00 UHLW 1 0 de0 4
C.O.R.P 10.10.58.156 UH 0 0 ng0
*** run fix from iface up-script
ifconfig ng0 inet 10.10.58.156 10.10.58.7 netmask 0xffffffff
route delete default
route add default -interface ng0
*** after running fix
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1494
inet6 fe80::203:ffff:fe73:504c%ng0 prefixlen 64 scopeid 0x3
inet 10.10.58.156 --> 10.10.58.7 netmask 0xffffffff
Destination Gateway Flags Refs Use Netif Expire
default ng0 US 0 0 ng0
10.10.58.7 10.10.58.156 UH 0 0 ng0
10.10.58.156 lo0 UHS 0 0 lo0
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.131 link#1 UC 0 0 de0
192.168.131.254 00:00:0f:00:00:00 UHLW 0 0 de0
ciscovpn:
new -i ng0 ciscovpn work
set bundle authname "user"
set bundle password "password"
set ipcp ranges 10.10.58.0/23 C.O.R.P/32
set link max-redial -1
set link keep-alive 0 0
set link disable acfcomp protocomp
set bundle no crypt-reqd
set bundle enable compression encryption
set ccp yes mppc
set ccp yes mpp-e128
set ccp no mpp-e40
set ccp yes mpp-stateless
set link disable pap chap
set link no chap-md5
set link no chap-msv2
set link no pap
set link accept chap-msv1
set iface idle 0
set ipcp disable vjcomp
set ipcp enable req-pri-dns req-sec-dns
set iface up-script /usr/local/etc/mpd/ciscovpn-iface-up.sh
open
*** mpd.links
work:
set link type pptp
set pptp peer C.O.R.P
set pptp enable originate outcall
*** mpd output
# mpd
Multi-link PPP for FreeBSD, by Archie L. Cobbs.
Based on iij-ppp, by Toshiharu OHNO.
mpd: pid 1033, version 3.15 (root at mymachine 00:39 7-Jan-2004)
[ciscovpn] ppp node is "mpd1033-ciscovpn"
[ciscovpn] using interface ng0
[ciscovpn] IFACE: Open event
[ciscovpn] IPCP: Open event
[ciscovpn] IPCP: state change Initial --> Starting
[ciscovpn] IPCP: LayerStart
[ciscovpn:work] [ciscovpn] bundle: OPEN event in state CLOSED
[ciscovpn] opening link "work"...
[work] link: OPEN event
[work] LCP: Open event
[work] LCP: state change Initial --> Starting
[work] LCP: LayerStart
[work] device: OPEN event in state DOWN
pptp0: connecting to C.O.R.P:1723
[work] device is now in state OPENING
pptp0: connected to C.O.R.P:1723
pptp0: attached to connection with C.O.R.P:1723
pptp0-0: outgoing call connected at 10000000 bps
[work] PPTP call successful
[work] device: UP event in state OPENING
[work] device is now in state UP
[work] link: UP event
[work] link: origination is local
[work] LCP: Up event
[work] LCP: state change Starting --> Req-Sent
[work] LCP: phase shift DEAD --> ESTABLISH
[work] LCP: SendConfigReq #1
MRU 1500
MAGICNUM 3aa7e9cd
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 ff 73 50 4c
[work] LCP: SendConfigReq #2
MRU 1500
MAGICNUM 3aa7e9cd
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 ff 73 50 4c
[work] LCP: rec'd Configure Reject #2 link 0 (Req-Sent)
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 ff 73 50 4c
[work] LCP: SendConfigReq #3
MRU 1500
MAGICNUM 3aa7e9cd
[work] LCP: rec'd Configure Ack #3 link 0 (Req-Sent)
MRU 1500
MAGICNUM 3aa7e9cd
[work] LCP: state change Req-Sent --> Ack-Rcvd
[work] LCP: rec'd Configure Request #1 link 0 (Ack-Rcvd)
AUTHPROTO CHAP MSOFT
[work] LCP: SendConfigAck #1
AUTHPROTO CHAP MSOFT
[work] LCP: state change Ack-Rcvd --> Opened
[work] LCP: phase shift ESTABLISH --> AUTHENTICATE
[work] LCP: auth: peer wants CHAP, I want nothing
[work] LCP: LayerUp
[work] CHAP: rec'd CHALLENGE #1
Name: ""
Using authname "user"
[work] CHAP: sending RESPONSE
[work] CHAP: rec'd CHALLENGE #2
Name: ""
Using authname "user"
[work] CHAP: sending RESPONSE
[work] CHAP: rec'd SUCCESS #2
[work] LCP: authorization successful
[work] LCP: phase shift AUTHENTICATE --> NETWORK
[ciscovpn] setting interface ng0 MTU to 1500 bytes
[ciscovpn] up: 1 link, total bandwidth 64000 bps
[ciscovpn] IPCP: Up event
[ciscovpn] IPCP: state change Starting --> Req-Sent
[ciscovpn] IPCP: SendConfigReq #1
IPADDR 10.10.58.0
PRIDNS 0.0.0.0
SECDNS 0.0.0.0
[ciscovpn] CCP: Open event
[ciscovpn] CCP: state change Initial --> Starting
[ciscovpn] CCP: LayerStart
[ciscovpn] CCP: Up event
[ciscovpn] CCP: state change Starting --> Req-Sent
[ciscovpn] CCP: SendConfigReq #1
[work] CCP: Checking wether 40 bits are enabled -> no
[work] CCP: Checking wether 56 bits are enabled -> no
[work] CCP: Checking wether 128 bits are enabled -> yes
MPPC
0x01000040: MPPE, 128 bit, stateless
[ciscovpn] ECP: Open event
[ciscovpn] ECP: state change Initial --> Starting
[ciscovpn] ECP: LayerStart
[ciscovpn] ECP: Up event
[ciscovpn] ECP: state change Starting --> Req-Sent
[ciscovpn] ECP: SendConfigReq #1
[ciscovpn] IPCP: rec'd Configure Request #0 link 0 (Req-Sent)
IPADDR C.O.R.P
C.O.R.P is OK
[ciscovpn] IPCP: SendConfigAck #0
IPADDR C.O.R.P
[ciscovpn] IPCP: state change Req-Sent --> Ack-Sent
[ciscovpn] CCP: rec'd Configure Request #0 link 0 (Req-Sent)
MPPC
0x01000060: MPPE, 40 bit, 128 bit, stateless
[work] CCP: Checking wether 40 bits are acceptable -> no
[work] CCP: Checking wether 128 bits are acceptable -> yes
[ciscovpn] CCP: SendConfigNak #0
MPPC
0x01000040: MPPE, 128 bit, stateless
[ciscovpn] CCP: rec'd Configure Nak #1 link 0 (Req-Sent)
MPPC
0x01000040: MPPE, 128 bit, stateless
[ciscovpn] CCP: SendConfigReq #2
[work] CCP: Checking wether 40 bits are enabled -> no
[work] CCP: Checking wether 56 bits are enabled -> no
[work] CCP: Checking wether 128 bits are enabled -> yes
MPPC
0x01000040: MPPE, 128 bit, stateless
[work] LCP: rec'd Protocol Reject #2 link 0 (Opened)
[work] LCP: protocol ECP was rejected
[ciscovpn] ECP: protocol was rejected by peer
[ciscovpn] ECP: state change Req-Sent --> Stopped
[ciscovpn] ECP: LayerFinish
[ciscovpn] CCP: rec'd Configure Request #1 link 0 (Req-Sent)
MPPC
0x01000040: MPPE, 128 bit, stateless
[work] CCP: Checking wether 128 bits are acceptable -> yes
[ciscovpn] CCP: SendConfigAck #1
MPPC
0x01000040: MPPE, 128 bit, stateless
[ciscovpn] CCP: state change Req-Sent --> Ack-Sent
[ciscovpn] CCP: rec'd Configure Ack #2 link 0 (Ack-Sent)
MPPC
0x01000040: MPPE, 128 bit, stateless
[ciscovpn] CCP: state change Ack-Sent --> Opened
[ciscovpn] CCP: LayerUp
Compress using: MPPE, 128 bit, stateless
Decompress using: MPPE, 128 bit, stateless
[ciscovpn] setting interface ng0 MTU to 1494 bytes
[ciscovpn] IPCP: SendConfigReq #2
IPADDR 10.10.58.0
PRIDNS 0.0.0.0
SECDNS 0.0.0.0
[ciscovpn] IPCP: rec'd Configure Nak #2 link 0 (Ack-Sent)
IPADDR 10.10.58.156
10.10.58.156 is OK
PRIDNS 10.10.10.100
SECDNS 10.10.10.85
[ciscovpn] IPCP: SendConfigReq #3
IPADDR 10.10.58.156
PRIDNS 10.10.10.100
SECDNS 10.10.10.85
[ciscovpn] IPCP: rec'd Configure Ack #3 link 0 (Ack-Sent)
IPADDR 10.10.58.156
PRIDNS 10.10.10.100
SECDNS 10.10.10.85
[ciscovpn] IPCP: state change Ack-Sent --> Opened
[ciscovpn] IPCP: LayerUp
10.10.58.156 -> C.O.R.P
[ciscovpn] IFACE: Up event
[ciscovpn] setting interface ng0 MTU to 1494 bytes
[ciscovpn] exec: /sbin/ifconfig ng0 10.10.58.156 C.O.R.P netmask 0xffffffff -link0
[ciscovpn] exec: /sbin/route add 10.10.58.156 -iface lo0
[ciscovpn] exec: /usr/local/etc/mpd/ciscovpn-iface-up.sh ng0 inet 10.10.58.156 C.O.R.P dns1 10.10.10.100 dns2 10.10.10.85
[ciscovpn] IFACE: Up event
--
Chris
More information about the freebsd-questions
mailing list