Re: PPTP tunneling over PPPoE link

Julian Elischer Thu, 09 Jan 2003 18:10:23 -0800

mpd can do both pppoe and pptp.


On Thu, 9 Jan 2003, Brett Glass wrote:

> I'm having trouble doing something which I'd THOUGHT would just work... but it's 
>not. Any help would be much appreciated.
> 
> Here's the story. A client's LAN is connected to the Internet via a FreeBSD 
>firewall/router. The FreeBSD box is using PPPoE (userland PPP plus NetGraph PPPOE) to 
>connect to the upstream router. The LAN inside the firewall is NATted to 192.168/16. 
>It works perfectly; it even correctly passes SMTP connections on to an internal 
>machine with the address 192.168.0.2 (see the configuration file below).
> 
> The client calls and says that expects to be away for awhile, and wants to tunnel 
>back into the LAN with his Windows laptop. Since userland PPP is already running on 
>the machine and works fine, I set up PPTP on his server, using PopTop (yes, it's 
>GPLed, but there's no actively maintained alternative) and userland PPP. The result, 
>in theory, will be a tunnel that uses PPTP (which is encrypted PPP over GRE) over PPP 
>over Ethernet. A bit awkward, but necessary given the need for an encrypted tunnel.
> 
> Alas, try as I might, I can't tunnel in from the outside world. I can verify that 
>TCP port 1723 (which is used by PPTP for a control channel) is open on the firewall 
>and accepting connections. But attempts to establish a tunnel fail; the client 
>reports that the server isn't responding to it. The log looks like this:
> 
> Jan  9 09:55:00 www ppp[3119]: Phase: Using interface: tun1
> Jan  9 09:55:00 www ppp[3119]: Phase: deflink: Created in closed state
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: default: ident user-ppp VERSION (built 
>COMPILATIONDATE)
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: set timeout 0
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: set dial
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: set login
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: set ifaddr 192.168.0.1/32
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: set server /var/run/pptp_ppp_%d 
>******** 0700
> Jan  9 09:55:00 www ppp[3119]: tun1: Phase: Listening at local socket 
>/var/run/pptp_ppp_1.
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: disable chap
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: deny chap
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: disable pap
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: disable passwdauth
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: disable deflate pred1
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: deny deflate pred1
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: disable utmp
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: enable mschapv2 mppe
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: set mppe * stateless
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: disable proxy
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: accept dns
> Jan  9 09:55:00 www ppp[3119]: tun1: Command: pptp: set dns 192.168.0.1
> Jan  9 09:55:00 www ppp[3119]: tun1: Phase: PPP Started (direct mode).
> Jan  9 09:55:00 www ppp[3119]: tun1: Phase: bundle: Establish
> Jan  9 09:55:00 www ppp[3119]: tun1: Phase: deflink: closed -> opening
> Jan  9 09:55:00 www ppp[3119]: tun1: Phase: deflink: Connected!
> Jan  9 09:55:00 www ppp[3119]: tun1: Phase: deflink: opening -> carrier
> Jan  9 09:55:00 www ppp[3119]: tun1: Phase: deflink: carrier -> lcp
> Jan  9 09:55:00 www ppp[3119]: tun1: LCP: FSM: Using "deflink" as a transport
> Jan  9 09:55:00 www ppp[3119]: tun1: LCP: deflink: State change Initial --> Closed
> Jan  9 09:55:00 www ppp[3119]: tun1: LCP: deflink: State change Closed --> Stopped
> Jan  9 09:55:01 www ppp[3119]: tun1: LCP: deflink: LayerStart
> Jan  9 09:55:01 www ppp[3119]: tun1: LCP: deflink: SendConfigReq(1) state = Stopped
> Jan  9 09:55:01 www ppp[3119]: tun1: LCP:  ACFCOMP[2]
> Jan  9 09:55:01 www ppp[3119]: tun1: LCP:  PROTOCOMP[2]
> Jan  9 09:55:01 www ppp[3119]: tun1: LCP:  ACCMAP[6] 0x00000000
> Jan  9 09:55:01 www ppp[3119]: tun1: LCP:  MRU[4] 1500
> Jan  9 09:55:01 www ppp[3119]: tun1: LCP:  MAGICNUM[6] 0x02b7e69a
> Jan  9 09:55:01 www ppp[3119]: tun1: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
> Jan  9 09:55:01 www ppp[3119]: tun1: LCP: deflink: State change Stopped --> Req-Sent
> Jan  9 09:55:04 www ppp[3119]: tun1: LCP: deflink: SendConfigReq(1) state = Req-Sent
> Jan  9 09:55:04 www ppp[3119]: tun1: LCP:  ACFCOMP[2]
> Jan  9 09:55:04 www ppp[3119]: tun1: LCP:  PROTOCOMP[2]
> Jan  9 09:55:04 www ppp[3119]: tun1: LCP:  ACCMAP[6] 0x00000000
> Jan  9 09:55:04 www ppp[3119]: tun1: LCP:  MRU[4] 1500
> Jan  9 09:55:04 www ppp[3119]: tun1: LCP:  MAGICNUM[6] 0x02b7e69a
> Jan  9 09:55:04 www ppp[3119]: tun1: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
> Jan  9 09:55:07 www ppp[3119]: tun1: LCP: deflink: SendConfigReq(1) state = Req-Sent
> Jan  9 09:55:07 www ppp[3119]: tun1: LCP:  ACFCOMP[2]
> Jan  9 09:55:07 www ppp[3119]: tun1: LCP:  PROTOCOMP[2]
> Jan  9 09:55:07 www ppp[3119]: tun1: LCP:  ACCMAP[6] 0x00000000
> Jan  9 09:55:07 www ppp[3119]: tun1: LCP:  MRU[4] 1500
> Jan  9 09:55:07 www ppp[3119]: tun1: LCP:  MAGICNUM[6] 0x02b7e69a
> Jan  9 09:55:07 www ppp[3119]: tun1: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
> Jan  9 09:55:10 www ppp[3119]: tun1: LCP: deflink: SendConfigReq(1) state = Req-Sent
> Jan  9 09:55:10 www ppp[3119]: tun1: LCP:  ACFCOMP[2]
> Jan  9 09:55:10 www ppp[3119]: tun1: LCP:  PROTOCOMP[2]
> Jan  9 09:55:10 www ppp[3119]: tun1: LCP:  ACCMAP[6] 0x00000000
> Jan  9 09:55:10 www ppp[3119]: tun1: LCP:  MRU[4] 1500
> Jan  9 09:55:10 www ppp[3119]: tun1: LCP:  MAGICNUM[6] 0x02b7e69a
> Jan  9 09:55:10 www ppp[3119]: tun1: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
> Jan  9 09:55:13 www ppp[3119]: tun1: LCP: deflink: SendConfigReq(1) state = Req-Sent
> Jan  9 09:55:13 www ppp[3119]: tun1: LCP:  ACFCOMP[2]
> Jan  9 09:55:13 www ppp[3119]: tun1: LCP:  PROTOCOMP[2]
> Jan  9 09:55:13 www ppp[3119]: tun1: LCP:  ACCMAP[6] 0x00000000
> Jan  9 09:55:13 www ppp[3119]: tun1: LCP:  MRU[4] 1500
> Jan  9 09:55:13 www ppp[3119]: tun1: LCP:  MAGICNUM[6] 0x02b7e69a
> Jan  9 09:55:13 www ppp[3119]: tun1: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
> Jan  9 09:55:16 www ppp[3119]: tun1: LCP: deflink: LayerFinish
> Jan  9 09:55:16 www ppp[3119]: tun1: LCP: deflink: State change Req-Sent --> Stopped
> Jan  9 09:55:16 www ppp[3119]: tun1: LCP: deflink: State change Stopped --> Closed
> Jan  9 09:55:16 www ppp[3119]: tun1: LCP: deflink: State change Closed --> Initial
> Jan  9 09:55:16 www ppp[3119]: tun1: Phase: deflink: Disconnected!
> Jan  9 09:55:16 www ppp[3119]: tun1: Phase: deflink: Connect time: 16 secs: 0 octets 
>in, 300 octets out
> Jan  9 09:55:16 www ppp[3119]: tun1: Phase: deflink: : 0 packets in, 5 packets out
> Jan  9 09:55:16 www ppp[3119]: tun1: Phase:  total 18 bytes/sec, peak 24 bytes/sec 
>on Thu Jan  9 09:55:16 2003
> Jan  9 09:55:16 www ppp[3119]: tun1: Phase: deflink: lcp -> closed
> Jan  9 09:55:16 www ppp[3119]: tun1: Phase: bundle: Dead
> Jan  9 09:55:16 www ppp[3119]: tun1: Phase: PPP Terminated (normal).
> 
> What's wrong? It looks (though I'm not positive) as if the GRE packets, which carry 
>the underlying PPP session, can't get through the PPPoE link. I've checked the 
>documentation for userland PPP, and there's nothing to indicate that they wouldn't 
>(or how to allow them to pass if they're blocked by default).
> 
> The /etc/ppp.conf file looks like this, with passwords erased to protect the guilty. 
>Note that the top portion is for the PPPoE connection and the bottom portion is for 
>PPTP:
> 
> default:
>       set log Phase Chat LCP IPCP CCP tun command
>       ident user-ppp VERSION (built COMPILATIONDATE)
> 
> lariat:
>       set device PPPoE:fxp1:provider
>       set mru 1492
>       set mtu 1492
>       set speed sync
>       set authname USERID
>       set authkey PASSWORD
>       set timeout 0
>       set cd 5
>       enable lqr
>       set lqrperiod 15
>       disable chap
>       disable pap
>       disable mppe
>       deny mppe
>       nat enable yes
>       nat unregistered_only yes
>       nat same_ports yes
>       nat port tcp 192.168.0.2:smtp  smtp
>       set dial
>       set login
>       set redial 0 0
> 
> pptp:
>       set timeout 0
>       set dial
>       set login
>       set ifaddr 192.168.0.1/32
>       set server /var/run/pptp_ppp_%d "" 0700
>       disable chap
>       deny chap
>       disable pap
>       disable passwdauth
>       disable deflate pred1
>       deny deflate pred1
>       disable utmp
>       enable mschapv2 mppe
>       set mppe * stateless
>       disable proxy
>       accept dns
>       set dns 192.168.0.1
> 
> --Brett Glass
> 
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
> 


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: PPTP tunneling over PPPoE link

Reply via email to