pptp VPN dropping

Mario Lobo lobo at bsd.com.br
Sun Jun 13 20:02:26 UTC 2010 

Hi;

I have the following situation:

FBSD 8-STABLE firewall/vpn server (poptop)to a windows network, authenticating 
to an AD 2008 as radius.

Everything seems working ok. I connect to the LAN through an XP machine. Auth 
works fine, the tunnel is up, and I can ping and "see" every server on the LAN 
and run terminal services sessions on the servers from the XP machine.

However, when I try accessing the exchange 2008 server (https / owa) via web 
through its LAN ip, the page starts loading, the outlook page with the list of 
e-mails shows up but just before it finishes, the tunnel drops as if I had 
disconnected the VPN interface.

log:

Jun 13 13:44:24 AllenFW ppp[1987]: Phase: Radius(acct): START data sent
Jun 13 13:44:24 AllenFW ppp[1987]: LCP: Reducing MTU from 1400 to 1398 (CCP 
requirement)
Jun 13 13:46:03 AllenFW ppp[1987]: LCP: deflink: SendEchoRequest(5) state = 
Opened
Jun 13 13:46:03 AllenFW ppp[1987]: LCP: deflink: RecvEchoReply(5) state = 
Opened
---- up to here, the VPN is nomal (pinging, etc..)

---- just before the owa page finishes
Jun 13 13:46:12 AllenFW ppp[1987]: Phase: deflink: read (0): Got zero bytes
Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: Closing due to CCP completion
Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: LayerDown
Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: SendTerminateReq(4) state = 
Opened
Jun 13 13:46:12 AllenFW ppp[1987]: LCP: deflink: State change Opened --> 
Closing
Jun 13 13:46:12 AllenFW ppp[1987]: Phase: deflink: open -> lcp
Jun 13 13:46:12 AllenFW ppp[1987]: IPCP: deflink: LayerDown: 172.16.3.200
Jun 13 13:46:12 AllenFW ppp[1987]: Phase: Radius(acct): STOP data sent
Jun 13 13:46:12 AllenFW ppp[1987]: Command: pptp: delete! HISADDR
J

I had enabled lqr echo on ppp.conf to see if it could keep things going but it 
made no difference.

*** ppp.conf:

loop:
  set timeout 0
  #set lqrperiod 20
  #set echoperiod 20
  #enable lqr echo
  set log phase chat connect lcp ipcp command
  set device localhost:pptp
  set dial
  set login
  # Server (local) IP address, Range for Clients, and Netmask
  # if you want to use NAT use private IP addresses
  set ifaddr 172.16.3.200 172.16.3.201-172.16.3.239 255.255.255.0
  # add 172.16.3.0 0 HISADDR
  # add default HISADDR
  set server /tmp/loop "" 0177

loop-in:
  set timeout 0
  set log phase lcp ipcp command
  allow mode direct

pptp:
  load loop
  # Authenticate against /etc/passwd
  # enable passwdauth
  disable pap
  disable chap
  disable ipv6
  enable proxy
  accept dns
  enable MSChapV2
  enable mppe
  # set mppe 128 stateless
  set mppe * stateful
  # enable mppc
  disable deflate pred1
  set dns 172.16.3.133
  set nbns 172.16.3.133
  set device !/etc/ppp/secure
  set radius /etc/ppp/radius.conf
  set rad_alive 60

*** pptpd.conf:

debug
nobsdcomp
proxyarp
logwtmp
localip 172.16.3.200
remoteip 172.16.3.201-239
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless


Any suggestion for tweaks/adjustments ?

Thanks,
-- 
Mario Lobo
http://www.mallavoodoo.com.br
FreeBSD since 2.2.8 [not Pro-Audio.... YET!!] (99% winfoes FREE)

More information about the freebsd-questions mailing list