mpd PPTP to Cisco 3000 VPN Concentrator routing problem
Joe Marcus Clarke
marcus at marcuscom.com
Thu Jan 8 00:42:55 PST 2004
On Thu, 2004-01-08 at 03:34, Chris Jones wrote:
> Oh. :( I thought it negotiated the encryption ok because I see this:
>
> [ciscovpn] CCP: LayerUp
> Compress using: MPPE, 128 bit, stateless
> Decompress using: MPPE, 128 bit, stateless
This is fine. I get this, too. However, when trying to send data, I
get decryption errors (the concentrator reports invalid packets).
>
> And capturing on the interface, I see echo req's coming in from the
> concentrator, but I encounter a routing loop when I try to send across
> the tunnel.
I was able to get past the routing loop by readdressing the interface as
soon as it came up. This is a good starter howto on that procedure:
http://www.cs.rpi.edu/~flemej/fbsd-cisco-vpn/fbsd-cisco-vpn.pdf
>
> Disabling encryption isn't an option, even for testing, I'm afraid.
Then you're probably not going have any luck getting this to work. You
might also consider trying out security/vpnc if the concentrator also
allows for IPSec clients using the Cisco VPN client.
Joe
>
>
> Original message from Joe Marcus Clarke:
>
> > On Thu, 2004-01-08 at 02:49, Chris Jones wrote:
> > > Hi. I've gone over list archives and seen this issue discussed before,
> > > but the sugggested solutions aren't working for me. I am using
> > > mpd-3.15_1 on FreeBSD 4.9-STABLE to connect to a Cisco 3000 Series VPN
> > > Concentrator. I have negotiated CHAP and MPPE and the ng0 interface
> > > comes up, but when I try to do anything I get this:
> > >
> > > $ ping 10.10.58.7
> > > PING 10.10.58.7 (10.10.58.7): 56 data bytes
> > > ping: sendto: Resource deadlock avoided
> > > ping: sendto: No buffer space available
> > >
> > > A little investigation showed that this is a known routing issue and
> > > that it is possible to work around by re-addressing the ng0 interface
> > > with the VPN concentrator's private IP and set a default route to it. I
> > > did this, but I still have the same problem. :(
> > >
> > > Does anyone see what I am doing wrong here? Below are my routing table
> > > and ifconfig before running mpd, after running mpd, and after running
> > > the "fix". Below that is my mpd.conf and its output (verbose).
> > >
> > > I appreciate any help on this, I've been going crazy trying to figure
> > > out what I'm doing wrong. I can get it to work using the OSX PPTP
> > > client, but not mpd.
> >
> > Good luck. I have tried to get this working, but have never been able
> > to get mpd encryption to work with the Concentrator's encryption
> > (neither has anyone else to my knowledge). If you disable encryption on
> > the concentrator, the tunnel will come up, and you will be able to pass
> > traffic across it. Any other combination does not work. I haven't
> > tried 3.16 yet, but looking at the ChangeLog, I doubt it addresses this
> > problem.
> >
> > Joe
> >
> > --
> > PGP Key : http://www.marcuscom.com/pgp.asc
--
PGP Key : http://www.marcuscom.com/pgp.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040108/f6348787/attachment.bin
More information about the freebsd-questions
mailing list