Jonathan,
A cursory look through your config looks ok, similar to mine (which *is* working ;-).
One question, could the packets be being dropped by a firewall? Are you running ipf/ipfirewall/ipfw?
Jonathan Reeder wrote:
First off, sorry if this has come through twice, I tried to send it last week but don't think it made it through:
I've got MPD v3.18 up and running on my FreeBSD 4.9. All seems to be going well, clients can connect via PPTP, but once connected, they cannot actually access my internal network. Some background on my configuration:
# ifconfig dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet a.b.c.d netmask 0xfffffff8 broadcast a.b.c.e inet6 fe80::2a0:ffff:feff:9cfc%dc0 prefixlen 64 scopeid 0x1 ether 00:a0:ff:ff:9c:fc media: Ethernet 10baseT/UTP status: active rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::220:edff:fe2c:fe68%rl0 prefixlen 64 scopeid 0x2 ether 00:20:ed:2c:fe:68 media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500 ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
That is for the server that runs MPD. Also, here are my mpd.conf and mpd.links:
# cat /usr/local/etc/mpd/mpd.conf default: log +auth +pptp load vpn0 load vpn1
vpn0: new -i ng0 vpn0 vpn0 set iface disable on-demand set iface enable proxy-arp set bundle disable multilink set link yes acfcomp protocomp set link mtu 1400 set link no pap chap set link enable chap set link keep-alive 60 180 set ipcp yes vjcomp set ipcp ranges 192.168.1.254/32 192.168.1.200/32 set ipcp dns x.x.x.x
set bundle enable compression set ccp yes mppc #set ccp yes mpp-e40 set ccp no mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set bundle yes crypt-reqd
vpn1: same as vpn0
# cat /usr/local/etc/mpd/mpd.links vpn0: set link type pptp set pptp self a.b.c.d set pptp enable incoming set pptp disable originate
MPD runs fine, listens on port 1723, accepts connections, authenticates, and then once a user is connected, my ifconfig changes from what you saw above to something similar to the following:
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1396 inet 192.168.1.254 --> 192.168.1.200 netmask 0xffffffff inet6 fe80::2a0:ffff:feff:9cfc%ng0 prefixlen 64 scopeid 0x5
So, I'm thinking that I should be set, right? Nope. No traffic actually makes it from the client to my internal 192.168.1.0/24 network. When I ping a 192.168.1 client from the remote VPN user, if I watch a tcpdump -i ng0 I can see the ping come through from dc0 (via GRE) to ng0, but that ping never seems to get passed to the rl0 interface like I would expect. (Yes, I do have gateway_enable='YES' and the sysctl has been confirmed to be on). Same type of problem if I try to ping 192.168.1.200 from a host on my local network. I get a reply from 192.168.1.10 (the local address of my FreeBSD machine) saying "Destination host unreachable". If I try to ping 192.168.1.200 from my BSD box, I get
ping: sendto: No route to host
This is the one that really kills me, because it has a perfect route to that host sitting right in front of it. It just refuses to pass the packets to the proper device.
I'm hoping someone might have run into this same type of problem before. Is there something about my mpd.conf that would keep ng0 from passing packets off to my local network (rl0) and vice-versa? If anyone is kind enough to respond, let me know if there is any other info about my configuration that would be helpful to you.
Thanks a bunch,
Jonathan Reeder
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
