I'm trying to establish a pptp tunnel to a Watchguard Firebox II with
mpd-netgraph.
I'm getting LCP rejects and the Firebox II is complaining about out-of-order
GRE packets but not sure if that is the cause of problems :-(
Also I think there is a problem negotiating an auth protocol. CHAP MSOFT vs
MSOFTv2?
Any ideas what is actually going wrong?
(fictitious ips)
FreeBSD 4.2 box: 195.41.555.555
Watchguard box: 194.203.444.444 (I have no console access to this one)
Private net behind watchguard: 192.168.199.0/24
mpd.conf:
othernet:
new -i ng0 othernet othernet
set iface disable on-demand
set iface addrs 192.168.1.1 192.168.2.1
set iface idle 0
set iface route 192.168.199.0/24
set bundle disable multilink
set bundle authname "netgroup"
set bundle password "request"
set link yes acfcomp protocomp
set link yes chap
set link keep-alive 10 75
set ipcp yes vjcomp
set ipcp ranges 195.41.555.555/24 192.168.199.0/24
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set bundle enable crypt-reqd
set ccp yes mpp-stateless
open
mpd.links:
othernet:
set link type pptp
set pptp self 195.41.555.555
set pptp peer 194.203.444.444
set pptp enable originate incoming
Watchguard log:
pptpd[134]: Watchguard pptpd 2.2.0 started
pptpd[134]: Using interface pptp0
kernel: pptp0: daemon attached.
pptpd[134]: Connect: pptp0 [0] <--> 195.41.555.555
kernel: GRE: out of order: as:0 seq:0 from:0xfdcaXXXX
pptpd[134]: Terminating on signal 2.
tunneld[100]: process_rfds: received bad packet from 195.41.555.555
pptpd[134]: Connection terminated.
FreeBSD mpd log:
<snip>
[nisaba] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM fc621317
AUTHPROTO CHAP MSOFT
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 60 f5 06 XX XX
[nisaba] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM fc621317
AUTHPROTO CHAP MSOFT
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 60 f5 06 XX XX
[nisaba] LCP: rec'd Configure Request #1 link 0 (Req-Sent)
MRU 338
AUTHPROTO CHAP MSOFTv2
MAGICNUM 78290436
PROTOCOMP
ACFCOMP
[nisaba] LCP: SendConfigNak #1
AUTHPROTO CHAP MSOFT
[nisaba] LCP: rec'd Configure Reject #2 link 0 (Req-Sent)
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 60 f5 06 XX XX
[nisaba] LCP: SendConfigReq #3
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM fc621317
AUTHPROTO CHAP MSOFT
[nisaba] LCP: rec'd Configure Nak #3 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFTv2
[nisaba] LCP: SendConfigReq #4
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM fc621317
AUTHPROTO CHAP MSOFT
[nisaba] LCP: rec'd Configure Nak #4 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFTv2
[nisaba] LCP: SendConfigReq #5
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM fc621317
AUTHPROTO CHAP MSOFT
[nisaba] LCP: rec'd Configure Nak #5 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFTv2
[nisaba] LCP: SendConfigReq #6
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM fc621317
AUTHPROTO CHAP MSOFT
[nisaba] LCP: rec'd Configure Nak #6 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFTv2
[nisaba] LCP: SendConfigReq #7
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM fc621317
AUTHPROTO CHAP MSOFT
[nisaba] LCP: rec'd Configure Nak #7 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFTv2
[nisaba] LCP: SendConfigReq #8
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM fc621317
AUTHPROTO CHAP MSOFT
[nisaba] LCP: rec'd Configure Reject #8 link 0 (Req-Sent)
AUTHPROTO CHAP MSOFT
[nisaba] LCP: SendConfigReq #9
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM fc621317
AUTHPROTO CHAP MSOFT
</snip>
--
Hroi Sigurdsson [EMAIL PROTECTED]
Netgroup A/S http://www.netgroup.dk
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
