mpd and the evil vpn
Reid Linnemann
lreid at
Wed Jun 23 21:41:26 PDT 2004
I hope some of the readers out there are more experienced with mpd than I.. I'm
having some difficulties setting up a little vpn, and I need some fingers
pointing in the right direction.
Here is the setup -
one box is connected to the ISP. Let's call his external ip [extip] and his
internal lan ip is
The local area network consists of machines numbered to 192.168.1.
110. The subnet mask is
The VPN addresses should be assigned to or so, with
subnet mask
This box also acts as a NAT.
Here is the problem, and I will post my configs after stating it.
When an XP box (the only test platform so far) attempts to connect to mpd, the
client acts like it can't see the pptp server and freaks out, kicking back error
800 - which is the same message if there's no machine at the target address. I
have yet to get the 201 host to connect, so I haven't added the other hosts to
the config yet.
And as promised, my config (names have been changed to protect the innocent):
Here is the firewall rule list (no teasing, please):
00100 deny log ip from to any in recv rl0
00200 allow ip from to any
00300 deny log ip from to any in recv rl0
00400 deny log ip from to any in recv rl1
00500 deny log ip from any to via rl0
00600 deny log ip from any to via rl0
00700 deny log ip from any to via rl0
00800 allow tcp from any to any 1723
00900 allow udp from any to any 1723
01000 allow gre from any to any
01100 divert 8668 ip from any to any via rl0
01200 allow tcp from any to any established
01300 allow ip from any to any frag
01400 allow udp from any to [extip] 8767
01500 allow udp from any to any 14567
01600 allow udp from any to [extip] 22000
01700 allow udp from any to [extip] 23000-23009
01800 allow tcp from any to [extip] 8000 setup
01900 allow tcp from any to [extip] 22 setup
02000 allow tcp from any to 22 setup
02100 allow tcp from any to [extip] 2401 setup
02200 allow udp from any to [extip] 2401
02300 allow tcp from [extnet] to [extip] 515 setup
02400 allow tcp from [trustedmachine] to [extip] 515 setup
02500 deny log tcp from any to any in recv rl0 setup
02600 allow tcp from any to any out xmit rl0 setup
02700 allow udp from [extip] to any 53 keep-state
02800 allow udp from [extip] to any 123 keep-state
02900 allow ip from to any keep-state
03000 allow ip from [extip] to any keep-state via rl0
65535 allow ip from any to any
and mpd.links:
set link type pptp
set pptp self #ip address for mpd server
set pptp enable incoming
set pptp disable originate
and mpd.conf
new -i ng0 pptp pptp ## create a new interface of ng0
for the pptp connection
set iface disable on-demand ## disable on-deman dialing for
this connection
set iface enable proxy-arp ## enable the arp proxy for the
created interface
set bundle disable multilink ## disable multi link options
set bundle authname [user_in_mpd_secret]## define the username for this
set bundle enable encryption ## enable encryption for this
set link yes acfcomp protocomp ## address control and protocol
field compression
set link disable pap ## disable PAP authentication
for this link
set link enable chap ## enable CHAP authentication
for this link
set link keep-alive 10 60 ## keep alive settings for idle
set ipcp enable vjcomp ## enables header compression
for the link
set ipcp ranges ## sets IP of PPTP
server as well as initial link
#set ipcp dns ## sets IP of DNS server to be
given to client
#set ipcp nbns ## sets IP of the WINS server
to be given out
set bundle enable compression ## enables tunnel compression
set ccp enable mppc ## enables microsoft
point-to-point compression
set ccp enable mpp-e40 ## 40-bit MPP encryption
set ccp enable mpp-e128 ## 128-bit MPP encryption
set ccp yes mpp-stateless ## enables stateless mode for
faster recovery
set bundle enable crypt-reqd ## require client to have
encryption or drop link
More information about the freebsd-questions
mailing list