Using pptp as VPN on FB7 - BSD

This is a discussion on Using pptp as VPN on FB7 - BSD ; Hi, there, I run a FreeBSD 7.0 RC1 box and I want to connect to the VPN server. The server gives instructions on how to connect using pptp of Windows and I can connect using Windows. When I turn to ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Using pptp as VPN on FB7

  1. Using pptp as VPN on FB7

    Hi, there,

    I run a FreeBSD 7.0 RC1 box and I want to connect to the VPN server.
    The server gives instructions on how to connect using pptp of Windows and I
    can connect using Windows.
    When I turn to FreeBSD, I find the pptp-client in the ports and install it,
    then I change the ppp.conf as it suggested. But when I was trying to
    connect, it always got something wrong.

    The output of the ppp.log is listed below:
    Jan 1 15:04:11 myCompaq ppp[60382]: Phase: Using interface: tun0
    Jan 1 15:04:11 myCompaq ppp[60382]: Phase: deflink: Created in closed state
    Jan 1 15:04:11 myCompaq ppp[60382]: Warning: The alias command is
    deprecated
    Jan 1 15:04:11 myCompaq ppp[60382]: Phase: PPP Started (direct mode).
    Jan 1 15:04:11 myCompaq ppp[60382]: Phase: bundle: Establish
    Jan 1 15:04:11 myCompaq ppp[60382]: Phase: deflink: closed -> opening
    Jan 1 15:04:11 myCompaq ppp[60382]: Phase: deflink: Connected!
    Jan 1 15:04:11 myCompaq ppp[60382]: Phase: deflink: opening -> carrier
    Jan 1 15:04:12 myCompaq ppp[60382]: Phase: deflink: carrier -> lcp
    Jan 1 15:04:13 myCompaq ppp[60382]: Phase: bundle: Authenticate
    Jan 1 15:04:13 myCompaq ppp[60382]: Phase: deflink: his = CHAP 0x81, mine =
    non
    e
    Jan 1 15:04:13 myCompaq ppp[60382]: Phase: Chap Input: CHALLENGE (16 bytes)
    Jan 1 15:04:13 myCompaq ppp[60382]: Phase: Chap Output: RESPONSE (s0790948)
    Jan 1 15:04:13 myCompaq ppp[60382]: Phase: Chap Input: CHALLENGE (16 bytes)
    Jan 1 15:04:13 myCompaq ppp[60382]: Phase: Chap Output: RESPONSE (s0790948)
    Jan 1 15:04:13 myCompaq ppp[60382]: Phase: Chap Input: SUCCESS
    (S=B5BFDEC73511C
    1CD58AD456D5F39390574C61BDB)
    Jan 1 15:04:13 myCompaq ppp[60382]: Phase: deflink: lcp -> open
    Jan 1 15:04:13 myCompaq ppp[60382]: Phase: bundle: Network
    Jan 1 15:04:13 myCompaq ppp[60382]: Phase: deflink: IPV6CP protocol reject
    clos
    es IPV6CP !
    Jan 1 15:04:13 myCompaq ppp[60382]: Phase: deflink: IPV6CP protocol reject
    clos
    es IPV6CP !
    Jan 1 15:04:13 myCompaq ppp[60382]: Warning: ff02:5::/32: Change route
    failed:
    errno: Network is unreachable
    Jan 1 15:04:16 myCompaq ppp[60382]: Phase: deflink: IPV6CP protocol reject
    clos
    es IPV6CP !
    Jan 1 15:04:16 myCompaq ppp[60382]: Warning: ff02:5::/32: Change route
    failed:
    errno: Network is unreachable
    Jan 1 15:04:17 myCompaq ppp[60382]: Phase: deflink: read (0): Got zero
    bytes
    Jan 1 15:04:17 myCompaq ppp[60382]: Phase: deflink: open -> lcp
    Jan 1 15:04:17 myCompaq ppp[60382]: Warning: ff02:5::/32: Change route
    failed:
    erno: Network is unreachable
    Jan 1 15:04:17 myCompaq ppp[60382]: Phase: bundle: Terminate
    Jan 1 15:04:17 myCompaq ppp[60382]: Phase: deflink: Disconnected!
    Jan 1 15:04:17 myCompaq ppp[60382]: Phase: deflink: Connect time: 6 secs:
    595 o
    ctets in, 786055 octets out
    Jan 1 15:04:17 myCompaq ppp[60382]: Phase: deflink: 19 packets in, 1106
    packets
    out
    Jan 1 15:04:17 myCompaq ppp[60382]: Phase: total 131108 bytes/sec, peak
    256 by
    tes/sec on Tue Jan 1 15:04:14 2008
    Jan 1 15:04:17 myCompaq ppp[60382]: Phase: deflink: lcp -> closed
    Jan 1 15:04:17 myCompaq ppp[60382]: Phase: bundle: Dead

    It said :Change route failed: errno: Network is unreachable.
    But I can get echo of ping from the VPN server.

    Any suggestions appreciated....

    Best wishes,
    Kemian


  2. Re: Using pptp as VPN on FB7

    On Sun, 6 Jan 2008 15:55:19 -0000, "Kemian Dang"
    wrote:

    >Hi, there,
    >
    >I run a FreeBSD 7.0 RC1 box and I want to connect to the VPN server.
    >The server gives instructions on how to connect using pptp of Windows and I
    >can connect using Windows.


    Try using mpd4 from the ports. It works very well as a PPTP client or
    server.

    ---Mike
    --------------------------------------------------------
    Mike Tancsa, Sentex communications http://www.sentex.net
    Providing Internet Access since 1994
    mike@sentex.net, (http://www.tancsa.com)

  3. Re: Using pptp as VPN on FB7

    Thank you for the information, I will try it later.

    Kemian

    "Mike Tancsa" ????
    news:6ql2o3t2a5oaps145gsgnncgdqd3uukups@4ax.com...
    > On Sun, 6 Jan 2008 15:55:19 -0000, "Kemian Dang"
    > wrote:
    >
    >>Hi, there,
    >>
    >>I run a FreeBSD 7.0 RC1 box and I want to connect to the VPN server.
    >>The server gives instructions on how to connect using pptp of Windows and
    >>I
    >>can connect using Windows.

    >
    > Try using mpd4 from the ports. It works very well as a PPTP client or
    > server.
    >
    > ---Mike
    > --------------------------------------------------------
    > Mike Tancsa, Sentex communications http://www.sentex.net
    > Providing Internet Access since 1994
    > mike@sentex.net, (http://www.tancsa.com)



  4. Re: Using pptp as VPN on FB7

    As I find the mpd5 in the port, so I installed the mpd5 and configure it the
    whole afternoon. It seems connected to the server, but I can not get a
    access, things is strange.

    I get the "authtication success" from the console,
    I get the interface is up msg,
    I get "ng0" fron the ifconfig,

    Then I do "route flush" to remove the previous default route, and "route add
    default address.of.server"

    It said the server is unreacheble, though I can find it when I do
    "netstat -r".

    But I can not get a response from ping to any host...

    So, I do not know whether my wayu of set route is wrong or I should do
    something else to get the connect?



    "Mike Tancsa" ????
    news:6ql2o3t2a5oaps145gsgnncgdqd3uukups@4ax.com...
    > On Sun, 6 Jan 2008 15:55:19 -0000, "Kemian Dang"
    > wrote:
    >
    >>Hi, there,
    >>
    >>I run a FreeBSD 7.0 RC1 box and I want to connect to the VPN server.
    >>The server gives instructions on how to connect using pptp of Windows and
    >>I
    >>can connect using Windows.

    >
    > Try using mpd4 from the ports. It works very well as a PPTP client or
    > server.
    >
    > ---Mike
    > --------------------------------------------------------
    > Mike Tancsa, Sentex communications http://www.sentex.net
    > Providing Internet Access since 1994
    > mike@sentex.net, (http://www.tancsa.com)



  5. Re: Using pptp as VPN on FB7

    On Mon, 7 Jan 2008 20:17:55 -0000, "Kemian Dang"
    wrote:

    >Then I do "route flush" to remove the previous default route, and "route add
    >default address.of.server"


    I dont think you want to do a route flush. This will kill your
    default route, and then you pptp connection wont be up anymore. If
    there is a subet on the other side you want to reach (e.g
    192.168.0.0/24), add that route to the other side of the ng interface.

    eg if your ng0 interface is
    172.13.14.154 --> 172.13.14.33

    try
    route add 192.168.0.0/24 172.13.14.33

    ---Mike

    >
    >It said the server is unreacheble, though I can find it when I do
    >"netstat -r".
    >
    >But I can not get a response from ping to any host...
    >
    >So, I do not know whether my wayu of set route is wrong or I should do
    >something else to get the connect?
    >
    >
    >
    >"Mike Tancsa" ????
    >news:6ql2o3t2a5oaps145gsgnncgdqd3uukups@4ax.com...
    >> On Sun, 6 Jan 2008 15:55:19 -0000, "Kemian Dang"
    >> wrote:
    >>
    >>>Hi, there,
    >>>
    >>>I run a FreeBSD 7.0 RC1 box and I want to connect to the VPN server.
    >>>The server gives instructions on how to connect using pptp of Windows and
    >>>I
    >>>can connect using Windows.

    >>
    >> Try using mpd4 from the ports. It works very well as a PPTP client or
    >> server.
    >>
    >> ---Mike
    >> --------------------------------------------------------
    >> Mike Tancsa, Sentex communications http://www.sentex.net
    >> Providing Internet Access since 1994
    >> mike@sentex.net, (http://www.tancsa.com)


    --------------------------------------------------------
    Mike Tancsa, Sentex communications http://www.sentex.net
    Providing Internet Access since 1994
    mike@sentex.net, (http://www.tancsa.com)

  6. Re: Using pptp as VPN on FB7

    I want use this VPN to connect the world, in another words, I am in a
    stricted network, and I can only use this VPN connection to get to the
    outside.

    I want to route all the traffic through the VPN, so I think I should use
    "route flush" to remove the default and add "route add default vpn.server".

    It seems the problem, because if I do not connect to the real link, I can
    not use the VPN. I am a little confused...

    Should I add "route add previous.gateway vpn.server" to make this work?

    --Kemian

    "Mike Tancsa" ????
    news:tsj5o35c9cg76ksb2qtilb6lcbrijtfg68@4ax.com...
    > On Mon, 7 Jan 2008 20:17:55 -0000, "Kemian Dang"
    > wrote:
    >
    >>Then I do "route flush" to remove the previous default route, and "route
    >>add
    >>default address.of.server"

    >
    > I dont think you want to do a route flush. This will kill your
    > default route, and then you pptp connection wont be up anymore. If
    > there is a subet on the other side you want to reach (e.g
    > 192.168.0.0/24), add that route to the other side of the ng interface.
    >
    > eg if your ng0 interface is
    > 172.13.14.154 --> 172.13.14.33
    >
    > try
    > route add 192.168.0.0/24 172.13.14.33
    >
    > ---Mike
    >
    >>
    >>It said the server is unreacheble, though I can find it when I do
    >>"netstat -r".
    >>
    >>But I can not get a response from ping to any host...
    >>
    >>So, I do not know whether my wayu of set route is wrong or I should do
    >>something else to get the connect?
    >>
    >>
    >>
    >>"Mike Tancsa" ????
    >>news:6ql2o3t2a5oaps145gsgnncgdqd3uukups@4ax.com...
    >>> On Sun, 6 Jan 2008 15:55:19 -0000, "Kemian Dang"
    >>> wrote:
    >>>
    >>>>Hi, there,
    >>>>
    >>>>I run a FreeBSD 7.0 RC1 box and I want to connect to the VPN server.
    >>>>The server gives instructions on how to connect using pptp of Windows
    >>>>and
    >>>>I
    >>>>can connect using Windows.
    >>>
    >>> Try using mpd4 from the ports. It works very well as a PPTP client or
    >>> server.
    >>>
    >>> ---Mike
    >>> --------------------------------------------------------
    >>> Mike Tancsa, Sentex communications http://www.sentex.net
    >>> Providing Internet Access since 1994
    >>> mike@sentex.net, (http://www.tancsa.com)

    >
    > --------------------------------------------------------
    > Mike Tancsa, Sentex communications http://www.sentex.net
    > Providing Internet Access since 1994
    > mike@sentex.net, (http://www.tancsa.com)



  7. Re: Using pptp as VPN on FB7

    Kemian Dang wrote, on 2008/01/08 06:34:
    > I want use this VPN to connect the world, in another words, I am in a
    > stricted network, and I can only use this VPN connection to get to the
    > outside.
    >
    > I want to route all the traffic through the VPN, so I think I should use
    > "route flush" to remove the default and add "route add default vpn.server".


    If you do a route flush, then you will remove all routes, including the
    route used by the packets to your VPN server.

    Before you remove the original default gateway, from before starting the
    VPN, you will need to add a specific route to the VPN server after the
    VPN tunnel is up.

    For example, say you are 192.168.1.2, your initial gateway is
    192.168.1.1 and your VPN server is 10.0.0.1, and after the VPN tunnel is
    up it's tunnel device is 172.16.0.2 and the VPN-internal gateway is
    172.16.0.1. You need to have you commands similar to the following:

    route add -inet 10.0.0.1/32 192.168.1.1
    route delete -inet default
    route add -inet default 172.16.0.1

    The first line is to ensure that you still have a route to the VPN
    server for the tunnelled packets after you delete the initial default
    route. The third line sets up the new default route through the VPN.

    >
    > It seems the problem, because if I do not connect to the real link, I
    > can not use the VPN. I am a little confused...
    >
    > Should I add "route add previous.gateway vpn.server" to make this work?
    >
    > --Kemian
    >
    > "Mike Tancsa" ????
    > news:tsj5o35c9cg76ksb2qtilb6lcbrijtfg68@4ax.com...
    >> On Mon, 7 Jan 2008 20:17:55 -0000, "Kemian Dang"
    >> wrote:
    >>
    >>> Then I do "route flush" to remove the previous default route, and
    >>> "route add
    >>> default address.of.server"

    >>
    >> I dont think you want to do a route flush. This will kill your
    >> default route, and then you pptp connection wont be up anymore. If
    >> there is a subet on the other side you want to reach (e.g
    >> 192.168.0.0/24), add that route to the other side of the ng interface.
    >>
    >> eg if your ng0 interface is
    >> 172.13.14.154 --> 172.13.14.33
    >>
    >> try
    >> route add 192.168.0.0/24 172.13.14.33
    >>
    >> ---Mike
    >>
    >>>
    >>> It said the server is unreacheble, though I can find it when I do
    >>> "netstat -r".
    >>>
    >>> But I can not get a response from ping to any host...
    >>>
    >>> So, I do not know whether my wayu of set route is wrong or I should do
    >>> something else to get the connect?
    >>>
    >>>
    >>>
    >>> "Mike Tancsa" ????
    >>> news:6ql2o3t2a5oaps145gsgnncgdqd3uukups@4ax.com...
    >>>> On Sun, 6 Jan 2008 15:55:19 -0000, "Kemian Dang"
    >>>> wrote:
    >>>>
    >>>>> Hi, there,
    >>>>>
    >>>>> I run a FreeBSD 7.0 RC1 box and I want to connect to the VPN server.
    >>>>> The server gives instructions on how to connect using pptp of
    >>>>> Windows and
    >>>>> I
    >>>>> can connect using Windows.
    >>>>
    >>>> Try using mpd4 from the ports. It works very well as a PPTP client or
    >>>> server.
    >>>>
    >>>> ---Mike
    >>>> --------------------------------------------------------
    >>>> Mike Tancsa, Sentex communications http://www.sentex.net
    >>>> Providing Internet Access since 1994
    >>>> mike@sentex.net, (http://www.tancsa.com)

    >>
    >> --------------------------------------------------------
    >> Mike Tancsa, Sentex communications http://www.sentex.net
    >> Providing Internet Access since 1994
    >> mike@sentex.net, (http://www.tancsa.com)

    >


  8. Re: Using pptp as VPN on FB7

    Still something wrong...

    There is log from the command line when runing mpd5[1], for some the secure
    aspect, I changed some auth name, IP address:
    10.0.0.1 is the address of the VPN server, it is also the IP address of VPN
    gateway when I connected to the VPN tunnel.
    192.168.0.1 The real gateway of the network I am in.
    192.168.0.2 My real IP address.
    10.0.0.2 My VPN tunnel IP allocated from the VPN server/VPN gateway.

    My conf file for mpd5 is also show below.[2]

    When I run mpd5, the log from command stops at
    "[B1] IFACE: Add route 0.0.0.0/0 10.0.0.1 failed: File exists
    [B1] IFACE: Up event"
    in the log[1].

    It said File exists, I think may be the route command in the mpd5 is
    something wrong or out-of-date?
    But it seems not matter the whole procedure.
    Then I do things as you suggest:

    route add -inet 10.0.0.1/32 192.168.0.1
    route delete -inet default
    route add -inet default 10.0.0.1

    The difference is that the IP of VPN server and IP of VPN-internal Gateway
    is the same.
    I can check this because the log and ifconfig tell me the 10.0.0.2->10.0.0.1
    and 10.0.0.1 is just the IP of my VPN server.

    But it also gave complaint on File exists, so I remove the -inet from the
    command and do such things below:
    route add 10.0.0.1/32 192.168.0.1
    route delete default
    route add default 10.0.0.1

    It gave some complaint about "network unreachable" and when I ping to some
    IP, it said "Cannot allocate memory" or things like that, sorry for I can
    not remeber clearly.

    Then after sometime the connection terminated automatically, it shows in the
    log[1].
    Though I remember that I sai the timeout to 300, but it seems shorter than
    that time.

    Should this a problem that I did not set the conf / route properly, or
    something else?

    --Kemian




    1, Log:
    ************************************************** *******************
    Multi-link PPP daemon for FreeBSD

    process 1368 started, version 5.0rc2 (root@myCompaq 13:38 7- 1-2008)
    [B1] Bundle: Interface ng0 created
    Usage: set ipcp ranges {self}[/{width}] {peer}[/{width}]|ippool {pool}
    [L1] [L1] Link: OPEN event
    [L1] LCP: Open event
    [L1] LCP: state change Initial --> Starting
    [L1] LCP: LayerStart
    [L1] PPTP call successful
    [L1] Link: UP event
    [L1] Link: origination is local
    [L1] LCP: Up event
    [L1] LCP: state change Starting --> Req-Sent
    [L1] LCP: SendConfigReq #1
    ACFCOMP
    PROTOCOMP
    ACCMAP 0x000a0000
    MRU 1500
    MAGICNUM 532336d8
    [L1] LCP: SendConfigReq #2
    ACFCOMP
    PROTOCOMP
    ACCMAP 0x000a0000
    MRU 1500
    MAGICNUM 532336d8
    [L1] LCP: rec'd Configure Reject #2 (Req-Sent)
    PROTOCOMP
    [L1] LCP: SendConfigReq #3
    ACFCOMP
    ACCMAP 0x000a0000
    MRU 1500
    MAGICNUM 532336d8
    [L1] LCP: rec'd Configure Reject #3 (Req-Sent)
    ACFCOMP
    [L1] LCP: SendConfigReq #4
    ACCMAP 0x000a0000
    MRU 1500
    MAGICNUM 532336d8
    [L1] LCP: rec'd Configure Nak #4 (Req-Sent)
    ACCMAP 0x000a0000
    [L1] LCP: SendConfigReq #5
    ACCMAP 0x000a0000
    MRU 1500
    MAGICNUM 532336d8
    [L1] LCP: rec'd Configure Ack #5 (Req-Sent)
    ACCMAP 0x000a0000
    MRU 1500
    MAGICNUM 532336d8
    [L1] LCP: state change Req-Sent --> Ack-Rcvd
    [L1] LCP: rec'd Configure Request #1 (Ack-Rcvd)
    AUTHPROTO CHAP MSOFTv2
    [L1] LCP: SendConfigAck #1
    AUTHPROTO CHAP MSOFTv2
    [L1] LCP: state change Ack-Rcvd --> Opened
    [L1] LCP: auth: peer wants CHAP, I want nothing
    [L1] LCP: LayerUp
    [L1] CHAP: rec'd CHALLENGE #1 len: 21
    Name: ""
    Using authname "xxxxxxxx"
    [L1] CHAP: sending RESPONSE #1 len: 62
    [L1] CHAP: rec'd CHALLENGE #2 len: 21
    Name: ""
    Using authname "xxxxxxxx"
    [L1] CHAP: sending RESPONSE #2 len: 62
    [L1] CHAP: rec'd SUCCESS #2 len: 46
    MESG: S=312864A319DEE71FF91EA1649774E8638125C042
    [L1] LCP: authorization successful
    [L1] Link: Matched action 'bundle "B1" ""'
    [B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
    [B1] IPCP: Open event
    [B1] IPCP: state change Initial --> Starting
    [B1] IPCP: LayerStart
    [B1] CCP: Open event
    [B1] CCP: state change Initial --> Starting
    [B1] CCP: LayerStart
    [B1] IPCP: Up event
    [B1] IPCP: state change Starting --> Req-Sent
    [B1] IPCP: SendConfigReq #1
    IPADDR 192.168.0.2
    COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
    [B1] CCP: Up event
    [B1] CCP: state change Starting --> Req-Sent
    [B1] CCP: SendConfigReq #1
    MPPC
    0x01000060:MPPE(40, 128 bits), stateless
    [B1] IPCP: rec'd Configure Request #0 (Req-Sent)
    IPADDR 10.0.0.1
    10.0.0.1 is OK
    [B1] IPCP: SendConfigAck #0
    IPADDR 10.0.0.1
    [B1] IPCP: state change Req-Sent --> Ack-Sent
    [B1] CCP: rec'd Configure Request #0 (Req-Sent)
    MPPC
    0x01000061:MPPC, MPPE(40, 128 bits), stateless
    [B1] CCP: SendConfigNak #0
    MPPC
    0x01000040:MPPE(128 bits), stateless
    [B1] CCP: rec'd Configure Nak #1 (Req-Sent)
    MPPC
    0x01000040:MPPE(128 bits), stateless
    [B1] CCP: SendConfigReq #2
    MPPC
    0x01000040:MPPE(128 bits), stateless
    [B1] CCP: rec'd Configure Request #1 (Req-Sent)
    MPPC
    0x01000040:MPPE(128 bits), stateless
    [B1] CCP: SendConfigAck #1
    MPPC
    0x01000040:MPPE(128 bits), stateless
    [B1] CCP: state change Req-Sent --> Ack-Sent
    [B1] CCP: rec'd Configure Ack #2 (Ack-Sent)
    MPPC
    0x01000040:MPPE(128 bits), stateless
    [B1] CCP: state change Ack-Sent --> Opened
    [B1] CCP: LayerUp
    Compress using: mppc (MPPE(128 bits), stateless)
    Decompress using: mppc (MPPE(128 bits), stateless)
    [B1] IPCP: SendConfigReq #2
    IPADDR 192.168.0.2
    COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
    [B1] IPCP: rec'd Configure Reject #2 (Ack-Sent)
    COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
    [B1] IPCP: SendConfigReq #3
    IPADDR 192.168.0.2
    [B1] IPCP: rec'd Configure Nak #3 (Ack-Sent)
    IPADDR 10.0.0.2
    10.0.0.2 is OK
    [B1] IPCP: SendConfigReq #4
    IPADDR 10.0.0.2
    [B1] IPCP: rec'd Configure Ack #4 (Ack-Sent)
    IPADDR 10.0.0.2
    [B1] IPCP: state change Ack-Sent --> Opened
    [B1] IPCP: LayerUp
    10.0.0.2 -> 10.0.0.1
    [B1] IFACE: Add route 0.0.0.0/0 10.0.0.1 failed: File exists
    [B1] IFACE: Up event
    [L1] PPTP call terminated
    [L1] Link: DOWN event
    [L1] LCP: Down event
    [L1] LCP: state change Opened --> Starting
    [B1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
    [B1] IPCP: Close event
    [B1] IPCP: state change Opened --> Closing
    [B1] IPCP: SendTerminateReq #5
    [B1] IPCP: LayerDown
    [B1] IFACE: Down event
    [B1] CCP: Close event
    [B1] CCP: state change Opened --> Closing
    [B1] CCP: SendTerminateReq #3
    [B1] CCP: LayerDown
    [B1] IPCP: Down event
    [B1] IPCP: LayerFinish
    [B1] Bundle: No NCPs left. Closing links...
    [B1] IPCP: state change Closing --> Initial
    [B1] CCP: Down event
    [B1] CCP: LayerFinish
    [B1] CCP: state change Closing --> Initial
    [L1] LCP: LayerDown
    [L1] Link: reconnection attempt 1 in 3 seconds
    caught fatal signal int
    [B1] IFACE: Close event
    [B1] IPCP: Close event
    [B1] CCP: Close event
    [L1] LCP: Close event
    [L1] LCP: state change Starting --> Initial
    [L1] LCP: LayerFinish
    [B1] Bundle: Shutdown
    [L1] Link: Shutdown
    process 1368 terminated
    ************************************************** *

    2, mpd.Conf:
    ************************************************** *
    startup:


    default:
    load pptp_client

    pptp_client:

    create bundle static B1
    set iface route default
    set ipcp ranges 0.0.0.0/0


    set bundle enable compression
    set ccp yes mppc
    set mppc yes e40
    set mppc yes e128
    set bundle enable crypt-reqd
    set mppc yes stateless

    create link static L1 pptp
    set link action bundle B1
    set auth authname s0790948
    set auth password shuimaoer222316
    set link max-redial 0
    set link mtu 1460
    set link keep-alive 20 300
    set pptp peer vpngate.net.ed.ac.uk
    set pptp disable windowing
    open
    ************************************************** ***






    "Cory Albrecht" 写入消息
    news:m8bc55x0se.ln2@xanadu.fenris.cjb.net...
    > Kemian Dang wrote, on 2008/01/08 06:34:
    >> I want use this VPN to connect the world, in another words, I am in a
    >> stricted network, and I can only use this VPN connection to get to the
    >> outside.
    >>
    >> I want to route all the traffic through the VPN, so I think I should use
    >> "route flush" to remove the default and add "route add default
    >> vpn.server".

    >
    > If you do a route flush, then you will remove all routes, including the
    > route used by the packets to your VPN server.
    >
    > Before you remove the original default gateway, from before starting the
    > VPN, you will need to add a specific route to the VPN server after the VPN
    > tunnel is up.
    >
    > For example, say you are 192.168.1.2, your initial gateway is 192.168.1.1
    > and your VPN server is 10.0.0.1, and after the VPN tunnel is up it's
    > tunnel device is 172.16.0.2 and the VPN-internal gateway is 172.16.0.1.
    > You need to have you commands similar to the following:
    >
    > route add -inet 10.0.0.1/32 192.168.1.1
    > route delete -inet default
    > route add -inet default 172.16.0.1
    >
    > The first line is to ensure that you still have a route to the VPN server
    > for the tunnelled packets after you delete the initial default route. The
    > third line sets up the new default route through the VPN.
    >
    >>
    >> It seems the problem, because if I do not connect to the real link, I can
    >> not use the VPN. I am a little confused...
    >>
    >> Should I add "route add previous.gateway vpn.server" to make this work?
    >>
    >> --Kemian
    >>
    >> "Mike Tancsa" ????
    >> news:tsj5o35c9cg76ksb2qtilb6lcbrijtfg68@4ax.com...
    >>> On Mon, 7 Jan 2008 20:17:55 -0000, "Kemian Dang"
    >>> wrote:
    >>>
    >>>> Then I do "route flush" to remove the previous default route, and
    >>>> "route add
    >>>> default address.of.server"
    >>>
    >>> I dont think you want to do a route flush. This will kill your
    >>> default route, and then you pptp connection wont be up anymore. If
    >>> there is a subet on the other side you want to reach (e.g
    >>> 192.168.0.0/24), add that route to the other side of the ng interface.
    >>>
    >>> eg if your ng0 interface is
    >>> 172.13.14.154 --> 172.13.14.33
    >>>
    >>> try
    >>> route add 192.168.0.0/24 172.13.14.33
    >>>
    >>> ---Mike
    >>>
    >>>>
    >>>> It said the server is unreacheble, though I can find it when I do
    >>>> "netstat -r".
    >>>>
    >>>> But I can not get a response from ping to any host...
    >>>>
    >>>> So, I do not know whether my wayu of set route is wrong or I should do
    >>>> something else to get the connect?
    >>>>
    >>>>
    >>>>
    >>>> "Mike Tancsa" ????
    >>>> news:6ql2o3t2a5oaps145gsgnncgdqd3uukups@4ax.com...
    >>>>> On Sun, 6 Jan 2008 15:55:19 -0000, "Kemian Dang"
    >>>>> wrote:
    >>>>>
    >>>>>> Hi, there,
    >>>>>>
    >>>>>> I run a FreeBSD 7.0 RC1 box and I want to connect to the VPN server.
    >>>>>> The server gives instructions on how to connect using pptp of Windows
    >>>>>> and
    >>>>>> I
    >>>>>> can connect using Windows.
    >>>>>
    >>>>> Try using mpd4 from the ports. It works very well as a PPTP client or
    >>>>> server.
    >>>>>
    >>>>> ---Mike
    >>>>> --------------------------------------------------------
    >>>>> Mike Tancsa, Sentex communications http://www.sentex.net
    >>>>> Providing Internet Access since 1994
    >>>>> mike@sentex.net, (http://www.tancsa.com)
    >>>
    >>> --------------------------------------------------------
    >>> Mike Tancsa, Sentex communications http://www.sentex.net
    >>> Providing Internet Access since 1994
    >>> mike@sentex.net, (http://www.tancsa.com)

    >>





  9. Re: Using pptp as VPN on FB7

    Finally,I change to use vpnc on the port, very easy to use I think, easy to
    configure, and the most important thing is: It works.
    But it is base on Ipsec.

    --Kemian


    "Kemian Dang" 写入消息
    news:fm0vtd$jsi$1@scotsman.ed.ac.uk...
    > Still something wrong...
    >
    > There is log from the command line when runing mpd5[1], for some the
    > secure aspect, I changed some auth name, IP address:
    > 10.0.0.1 is the address of the VPN server, it is also the IP address of
    > VPN gateway when I connected to the VPN tunnel.
    > 192.168.0.1 The real gateway of the network I am in.
    > 192.168.0.2 My real IP address.
    > 10.0.0.2 My VPN tunnel IP allocated from the VPN server/VPN gateway.
    >
    > My conf file for mpd5 is also show below.[2]
    >
    > When I run mpd5, the log from command stops at
    > "[B1] IFACE: Add route 0.0.0.0/0 10.0.0.1 failed: File exists
    > [B1] IFACE: Up event"
    > in the log[1].
    >
    > It said File exists, I think may be the route command in the mpd5 is
    > something wrong or out-of-date?
    > But it seems not matter the whole procedure.
    > Then I do things as you suggest:
    >
    > route add -inet 10.0.0.1/32 192.168.0.1
    > route delete -inet default
    > route add -inet default 10.0.0.1
    >
    > The difference is that the IP of VPN server and IP of VPN-internal Gateway
    > is the same.
    > I can check this because the log and ifconfig tell me the
    > 10.0.0.2->10.0.0.1 and 10.0.0.1 is just the IP of my VPN server.
    >
    > But it also gave complaint on File exists, so I remove the -inet from the
    > command and do such things below:
    > route add 10.0.0.1/32 192.168.0.1
    > route delete default
    > route add default 10.0.0.1
    >
    > It gave some complaint about "network unreachable" and when I ping to some
    > IP, it said "Cannot allocate memory" or things like that, sorry for I can
    > not remeber clearly.
    >
    > Then after sometime the connection terminated automatically, it shows in
    > the log[1].
    > Though I remember that I sai the timeout to 300, but it seems shorter than
    > that time.
    >
    > Should this a problem that I did not set the conf / route properly, or
    > something else?
    >
    > --Kemian
    >
    >
    >
    >
    > 1, Log:
    > ************************************************** *******************
    > Multi-link PPP daemon for FreeBSD
    >
    > process 1368 started, version 5.0rc2 (root@myCompaq 13:38 7- 1-2008)
    > [B1] Bundle: Interface ng0 created
    > Usage: set ipcp ranges {self}[/{width}] {peer}[/{width}]|ippool {pool}
    > [L1] [L1] Link: OPEN event
    > [L1] LCP: Open event
    > [L1] LCP: state change Initial --> Starting
    > [L1] LCP: LayerStart
    > [L1] PPTP call successful
    > [L1] Link: UP event
    > [L1] Link: origination is local
    > [L1] LCP: Up event
    > [L1] LCP: state change Starting --> Req-Sent
    > [L1] LCP: SendConfigReq #1
    > ACFCOMP
    > PROTOCOMP
    > ACCMAP 0x000a0000
    > MRU 1500
    > MAGICNUM 532336d8
    > [L1] LCP: SendConfigReq #2
    > ACFCOMP
    > PROTOCOMP
    > ACCMAP 0x000a0000
    > MRU 1500
    > MAGICNUM 532336d8
    > [L1] LCP: rec'd Configure Reject #2 (Req-Sent)
    > PROTOCOMP
    > [L1] LCP: SendConfigReq #3
    > ACFCOMP
    > ACCMAP 0x000a0000
    > MRU 1500
    > MAGICNUM 532336d8
    > [L1] LCP: rec'd Configure Reject #3 (Req-Sent)
    > ACFCOMP
    > [L1] LCP: SendConfigReq #4
    > ACCMAP 0x000a0000
    > MRU 1500
    > MAGICNUM 532336d8
    > [L1] LCP: rec'd Configure Nak #4 (Req-Sent)
    > ACCMAP 0x000a0000
    > [L1] LCP: SendConfigReq #5
    > ACCMAP 0x000a0000
    > MRU 1500
    > MAGICNUM 532336d8
    > [L1] LCP: rec'd Configure Ack #5 (Req-Sent)
    > ACCMAP 0x000a0000
    > MRU 1500
    > MAGICNUM 532336d8
    > [L1] LCP: state change Req-Sent --> Ack-Rcvd
    > [L1] LCP: rec'd Configure Request #1 (Ack-Rcvd)
    > AUTHPROTO CHAP MSOFTv2
    > [L1] LCP: SendConfigAck #1
    > AUTHPROTO CHAP MSOFTv2
    > [L1] LCP: state change Ack-Rcvd --> Opened
    > [L1] LCP: auth: peer wants CHAP, I want nothing
    > [L1] LCP: LayerUp
    > [L1] CHAP: rec'd CHALLENGE #1 len: 21
    > Name: ""
    > Using authname "xxxxxxxx"
    > [L1] CHAP: sending RESPONSE #1 len: 62
    > [L1] CHAP: rec'd CHALLENGE #2 len: 21
    > Name: ""
    > Using authname "xxxxxxxx"
    > [L1] CHAP: sending RESPONSE #2 len: 62
    > [L1] CHAP: rec'd SUCCESS #2 len: 46
    > MESG: S=312864A319DEE71FF91EA1649774E8638125C042
    > [L1] LCP: authorization successful
    > [L1] Link: Matched action 'bundle "B1" ""'
    > [B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
    > [B1] IPCP: Open event
    > [B1] IPCP: state change Initial --> Starting
    > [B1] IPCP: LayerStart
    > [B1] CCP: Open event
    > [B1] CCP: state change Initial --> Starting
    > [B1] CCP: LayerStart
    > [B1] IPCP: Up event
    > [B1] IPCP: state change Starting --> Req-Sent
    > [B1] IPCP: SendConfigReq #1
    > IPADDR 192.168.0.2
    > COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
    > [B1] CCP: Up event
    > [B1] CCP: state change Starting --> Req-Sent
    > [B1] CCP: SendConfigReq #1
    > MPPC
    > 0x01000060:MPPE(40, 128 bits), stateless
    > [B1] IPCP: rec'd Configure Request #0 (Req-Sent)
    > IPADDR 10.0.0.1
    > 10.0.0.1 is OK
    > [B1] IPCP: SendConfigAck #0
    > IPADDR 10.0.0.1
    > [B1] IPCP: state change Req-Sent --> Ack-Sent
    > [B1] CCP: rec'd Configure Request #0 (Req-Sent)
    > MPPC
    > 0x01000061:MPPC, MPPE(40, 128 bits), stateless
    > [B1] CCP: SendConfigNak #0
    > MPPC
    > 0x01000040:MPPE(128 bits), stateless
    > [B1] CCP: rec'd Configure Nak #1 (Req-Sent)
    > MPPC
    > 0x01000040:MPPE(128 bits), stateless
    > [B1] CCP: SendConfigReq #2
    > MPPC
    > 0x01000040:MPPE(128 bits), stateless
    > [B1] CCP: rec'd Configure Request #1 (Req-Sent)
    > MPPC
    > 0x01000040:MPPE(128 bits), stateless
    > [B1] CCP: SendConfigAck #1
    > MPPC
    > 0x01000040:MPPE(128 bits), stateless
    > [B1] CCP: state change Req-Sent --> Ack-Sent
    > [B1] CCP: rec'd Configure Ack #2 (Ack-Sent)
    > MPPC
    > 0x01000040:MPPE(128 bits), stateless
    > [B1] CCP: state change Ack-Sent --> Opened
    > [B1] CCP: LayerUp
    > Compress using: mppc (MPPE(128 bits), stateless)
    > Decompress using: mppc (MPPE(128 bits), stateless)
    > [B1] IPCP: SendConfigReq #2
    > IPADDR 192.168.0.2
    > COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
    > [B1] IPCP: rec'd Configure Reject #2 (Ack-Sent)
    > COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
    > [B1] IPCP: SendConfigReq #3
    > IPADDR 192.168.0.2
    > [B1] IPCP: rec'd Configure Nak #3 (Ack-Sent)
    > IPADDR 10.0.0.2
    > 10.0.0.2 is OK
    > [B1] IPCP: SendConfigReq #4
    > IPADDR 10.0.0.2
    > [B1] IPCP: rec'd Configure Ack #4 (Ack-Sent)
    > IPADDR 10.0.0.2
    > [B1] IPCP: state change Ack-Sent --> Opened
    > [B1] IPCP: LayerUp
    > 10.0.0.2 -> 10.0.0.1
    > [B1] IFACE: Add route 0.0.0.0/0 10.0.0.1 failed: File exists
    > [B1] IFACE: Up event
    > [L1] PPTP call terminated
    > [L1] Link: DOWN event
    > [L1] LCP: Down event
    > [L1] LCP: state change Opened --> Starting
    > [B1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
    > [B1] IPCP: Close event
    > [B1] IPCP: state change Opened --> Closing
    > [B1] IPCP: SendTerminateReq #5
    > [B1] IPCP: LayerDown
    > [B1] IFACE: Down event
    > [B1] CCP: Close event
    > [B1] CCP: state change Opened --> Closing
    > [B1] CCP: SendTerminateReq #3
    > [B1] CCP: LayerDown
    > [B1] IPCP: Down event
    > [B1] IPCP: LayerFinish
    > [B1] Bundle: No NCPs left. Closing links...
    > [B1] IPCP: state change Closing --> Initial
    > [B1] CCP: Down event
    > [B1] CCP: LayerFinish
    > [B1] CCP: state change Closing --> Initial
    > [L1] LCP: LayerDown
    > [L1] Link: reconnection attempt 1 in 3 seconds
    > caught fatal signal int
    > [B1] IFACE: Close event
    > [B1] IPCP: Close event
    > [B1] CCP: Close event
    > [L1] LCP: Close event
    > [L1] LCP: state change Starting --> Initial
    > [L1] LCP: LayerFinish
    > [B1] Bundle: Shutdown
    > [L1] Link: Shutdown
    > process 1368 terminated
    > ************************************************** *
    >
    > 2, mpd.Conf:
    > ************************************************** *
    > startup:
    >
    >
    > default:
    > load pptp_client
    >
    > pptp_client:
    >
    > create bundle static B1
    > set iface route default
    > set ipcp ranges 0.0.0.0/0
    >
    >
    > set bundle enable compression
    > set ccp yes mppc
    > set mppc yes e40
    > set mppc yes e128
    > set bundle enable crypt-reqd
    > set mppc yes stateless
    >
    > create link static L1 pptp
    > set link action bundle B1
    > set auth authname s0790948
    > set auth password shuimaoer222316
    > set link max-redial 0
    > set link mtu 1460
    > set link keep-alive 20 300
    > set pptp peer vpngate.net.ed.ac.uk
    > set pptp disable windowing
    > open
    > ************************************************** ***
    >
    >
    >
    >
    >
    >
    > "Cory Albrecht" 写入消息
    > news:m8bc55x0se.ln2@xanadu.fenris.cjb.net...
    >> Kemian Dang wrote, on 2008/01/08 06:34:
    >>> I want use this VPN to connect the world, in another words, I am in a
    >>> stricted network, and I can only use this VPN connection to get to the
    >>> outside.
    >>>
    >>> I want to route all the traffic through the VPN, so I think I should use
    >>> "route flush" to remove the default and add "route add default
    >>> vpn.server".

    >>
    >> If you do a route flush, then you will remove all routes, including the
    >> route used by the packets to your VPN server.
    >>
    >> Before you remove the original default gateway, from before starting the
    >> VPN, you will need to add a specific route to the VPN server after the
    >> VPN tunnel is up.
    >>
    >> For example, say you are 192.168.1.2, your initial gateway is 192.168.1.1
    >> and your VPN server is 10.0.0.1, and after the VPN tunnel is up it's
    >> tunnel device is 172.16.0.2 and the VPN-internal gateway is 172.16.0.1.
    >> You need to have you commands similar to the following:
    >>
    >> route add -inet 10.0.0.1/32 192.168.1.1
    >> route delete -inet default
    >> route add -inet default 172.16.0.1
    >>
    >> The first line is to ensure that you still have a route to the VPN server
    >> for the tunnelled packets after you delete the initial default route. The
    >> third line sets up the new default route through the VPN.
    >>
    >>>
    >>> It seems the problem, because if I do not connect to the real link, I
    >>> can not use the VPN. I am a little confused...
    >>>
    >>> Should I add "route add previous.gateway vpn.server" to make this work?
    >>>
    >>> --Kemian
    >>>
    >>> "Mike Tancsa" ????
    >>> news:tsj5o35c9cg76ksb2qtilb6lcbrijtfg68@4ax.com...
    >>>> On Mon, 7 Jan 2008 20:17:55 -0000, "Kemian Dang"
    >>>> wrote:
    >>>>
    >>>>> Then I do "route flush" to remove the previous default route, and
    >>>>> "route add
    >>>>> default address.of.server"
    >>>>
    >>>> I dont think you want to do a route flush. This will kill your
    >>>> default route, and then you pptp connection wont be up anymore. If
    >>>> there is a subet on the other side you want to reach (e.g
    >>>> 192.168.0.0/24), add that route to the other side of the ng interface.
    >>>>
    >>>> eg if your ng0 interface is
    >>>> 172.13.14.154 --> 172.13.14.33
    >>>>
    >>>> try
    >>>> route add 192.168.0.0/24 172.13.14.33
    >>>>
    >>>> ---Mike
    >>>>
    >>>>>
    >>>>> It said the server is unreacheble, though I can find it when I do
    >>>>> "netstat -r".
    >>>>>
    >>>>> But I can not get a response from ping to any host...
    >>>>>
    >>>>> So, I do not know whether my wayu of set route is wrong or I should do
    >>>>> something else to get the connect?
    >>>>>
    >>>>>
    >>>>>
    >>>>> "Mike Tancsa" ????
    >>>>> news:6ql2o3t2a5oaps145gsgnncgdqd3uukups@4ax.com...
    >>>>>> On Sun, 6 Jan 2008 15:55:19 -0000, "Kemian Dang"
    >>>>>>
    >>>>>> wrote:
    >>>>>>
    >>>>>>> Hi, there,
    >>>>>>>
    >>>>>>> I run a FreeBSD 7.0 RC1 box and I want to connect to the VPN server.
    >>>>>>> The server gives instructions on how to connect using pptp of
    >>>>>>> Windows and
    >>>>>>> I
    >>>>>>> can connect using Windows.
    >>>>>>
    >>>>>> Try using mpd4 from the ports. It works very well as a PPTP client or
    >>>>>> server.
    >>>>>>
    >>>>>> ---Mike
    >>>>>> --------------------------------------------------------
    >>>>>> Mike Tancsa, Sentex communications http://www.sentex.net
    >>>>>> Providing Internet Access since 1994
    >>>>>> mike@sentex.net, (http://www.tancsa.com)
    >>>>
    >>>> --------------------------------------------------------
    >>>> Mike Tancsa, Sentex communications http://www.sentex.net
    >>>> Providing Internet Access since 1994
    >>>> mike@sentex.net, (http://www.tancsa.com)
    >>>

    >
    >
    >



+ Reply to Thread