My PC(vpn client OS:win2k) 80.73.10.xx
||
||
NAT firewall 80.73.0.233
||
||
(^^^^^^^^^^^^^^^^^)
( Internet )
^^^^^^^^^^^^^^^^^
||
||
VPN server(freebsd 4.8+ipf+mpd) 212.42.77.xx
||
||
LAN 192.168.0.
==========================================================
#ipf.rules:
pass in quick on ng0 all
pass out quick on ng0 all
pass in quick on rl0 proto tcp from any to any port = 47 keep state
pass out quick on rl0 proto tcp from any port = 47 to any keep state
pass in quick on rl0 proto tcp from any to any port = 1723 keep state
pass out quick on rl0 proto tcp from any port = 1723 to any keep state
pass in proto gre from any to any keep state
pass out proto gre from any to any keep state
------------------------------------------------------------------------------------------------------------------
#mpd.conf:
default:
load client1
load client2
load client3
client1:
new -i ng0 pptp1 pptp1
set ipcp ranges 10.0.100.1/32 10.0.100.2/32
load pptp
client2:
new -i ng1 pptp2 pptp2
set ipcp ranges 10.0.100.1/32 10.0.100.3/32
load pptp
client3:
new -i ng2 pptp3 pptp3
set ipcp ranges 10.0.100.1/32 10.0.100.4/32
load pptp
pptp:
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link enable no-orig-auth
set link mtu 1460
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp dns 212.42.64.xx
# set ipcp nbns
#
#The five lines below enable Microsoft Point-to-Point encryption
#(MPPE) using the ng_mppc(8) netgraph node type.
#
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
------------------------------------------------------------------------------------------------------------------
#mpd.links:
pptp1:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
pptp2:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
pptp3:
set link type pptp
set pptp self 0.0.0.0
set pptp enable incoming
set pptp disable originate
=========================================================
The problem is :
When clients from LAN(192.168.0.) connect VPN server ,all works.
But from 80.73.10.xx reports error 619.
I thought it may be filter by NAT firewall (80.73.0.233),and just want
to give it up, typed "mpd" and going for some beer :) (i sshed to vpn
server from 80.73.10.xx ),when i came back,tried one more time,it
conneted....then i tried many times,the result is ssh to the vpn
server,mpd -k, wait about 20 min, it will connect,otherwise error 619.
=========================================================
successful connection:
mpd: PPTP connection from 80.73.0.233:1419
pptp0: attached to connection with 80.73.0.233:1419
[pptp1] IFACE: Open event
[pptp1] IPCP: Open event
[pptp1] IPCP: state change Initial --> Starting
[pptp1] IPCP: LayerStart
[pptp1] IPCP: Open event
[pptp1] bundle: OPEN event in state CLOSED
[pptp1] opening link "pptp1"...
[pptp1] link: OPEN event
[pptp1] LCP: Open event
[pptp1] LCP: state change Initial --> Starting
[pptp1] LCP: LayerStart
[pptp1] device: OPEN event in state DOWN
[pptp1] attaching to peer's outgoing call
[pptp1] device is now in state OPENING
[pptp1] device: UP event in state OPENING
[pptp1] device is now in state UP
[pptp1] link: UP event
[pptp1] link: origination is remote
[pptp1] LCP: Up event
[pptp1] LCP: state change Starting --> Req-Sent
[pptp1] LCP: phase shift DEAD --> ESTABLISH
[pptp1] LCP: SendConfigReq #11
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 155430c4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
pptp0-0: ignoring SetLinkInfo
[pptp1] LCP: rec'd Configure Request #0 link 0 (Req-Sent)
MAGICNUM 751f7a9f
PROTOCOMP
ACFCOMP
CALLBACK
Not supported
MP MRRU 1614
ENDPOINTDISC [802.1] 00 48 54 8a 29 9d
[pptp1] LCP: SendConfigRej #0
CALLBACK
[pptp1] LCP: rec'd Configure Reject #11 link 0 (Req-Sent)
MP SHORTSEQ
[pptp1] LCP: SendConfigReq #12
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 155430c4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
[pptp1] LCP: rec'd Configure Request #1 link 0 (Req-Sent)
MAGICNUM 751f7a9f
PROTOCOMP
ACFCOMP
MP MRRU 1614
ENDPOINTDISC [802.1] 00 48 54 8a 29 9d
[pptp1] LCP: SendConfigNak #1
MP MRRU 1600
[pptp1] LCP: rec'd Configure Ack #12 link 0 (Req-Sent)
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 155430c4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
[pptp1] LCP: state change Req-Sent --> Ack-Rcvd
[pptp1] LCP: rec'd Configure Request #2 link 0 (Ack-Rcvd)
MAGICNUM 751f7a9f
PROTOCOMP
ACFCOMP
MP MRRU 1600
ENDPOINTDISC [802.1] 00 48 54 8a 29 9d
[pptp1] LCP: SendConfigAck #2
MAGICNUM 751f7a9f
PROTOCOMP
ACFCOMP
MP MRRU 1600
ENDPOINTDISC [802.1] 00 48 54 8a 29 9d
[pptp1] LCP: state change Ack-Rcvd --> Opened
[pptp1] LCP: phase shift ESTABLISH --> AUTHENTICATE
[pptp1] LCP: auth: peer wants nothing, I want CHAP
[pptp1] CHAP: sending CHALLENGE
[pptp1] LCP: LayerUp
pptp0-0: ignoring SetLinkInfo
[pptp1] LCP: rec'd Ident #3 link 0 (Opened)
MESG: MSRASV5.00
[pptp1] LCP: rec'd Ident #4 link 0 (Opened)
MESG: MSRAS-1-UAINFO
[pptp1] CHAP: rec'd RESPONSE #1
Name: "test1"
Peer name: "test1"
Response is valid
[pptp1] CHAP: sending SUCCESS
[pptp1] LCP: authorization successful
[pptp1] LCP: phase shift AUTHENTICATE --> NETWORK
[pptp1] setting interface ng0 MTU to 1500 bytes
[pptp1] up: 1 link, total bandwidth 64000 bps
[pptp1] IPCP: Up event
[pptp1] IPCP: state change Starting --> Req-Sent
[pptp1] IPCP: SendConfigReq #1
IPADDR 10.0.100.1
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[pptp1] CCP: Open event
[pptp1] CCP: state change Initial --> Starting
[pptp1] CCP: LayerStart
[pptp1] CCP: Up event
[pptp1] CCP: state change Starting --> Req-Sent
[pptp1] CCP: SendConfigReq #1
MPPC
0x010000e0: MPPE, 40 bit, 56 bit, 128 bit, stateless
[pptp1] CCP: rec'd Configure Request #5 link 0 (Req-Sent)
MPPC
0x010000e1: MPPC MPPE, 40 bit, 56 bit, 128 bit, stateless
[pptp1] CCP: SendConfigNak #5
MPPC
0x01000040: MPPE, 128 bit, stateless
[pptp1] IPCP: rec'd Configure Request #6 link 0 (Req-Sent)
IPADDR 0.0.0.0
NAKing with 10.0.100.4
PRIDNS 0.0.0.0
NAKing with 10.0.100.1
PRINBNS 0.0.0.0
NAKing with 10.0.100.1
SECDNS 0.0.0.0
SECNBNS 0.0.0.0
[pptp1] IPCP: SendConfigRej #6
SECDNS 0.0.0.0
SECNBNS 0.0.0.0
[pptp1] IPCP: rec'd Configure Reject #1 link 0 (Req-Sent)
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[pptp1] IPCP: SendConfigReq #2
IPADDR 10.0.100.1
[pptp1] CCP: rec'd Configure Nak #1 link 0 (Req-Sent)
MPPC
0x01000040: MPPE, 128 bit, stateless
[pptp1] CCP: SendConfigReq #2
MPPC
0x01000040: MPPE, 128 bit, stateless
[pptp1] CCP: rec'd Configure Request #7 link 0 (Req-Sent)
MPPC
0x01000040: MPPE, 128 bit, stateless
[pptp1] CCP: SendConfigAck #7
MPPC
0x01000040: MPPE, 128 bit, stateless
[pptp1] CCP: state change Req-Sent --> Ack-Sent
[pptp1] IPCP: rec'd Configure Request #8 link 0 (Req-Sent)
IPADDR 0.0.0.0
NAKing with 10.0.100.4
PRIDNS 0.0.0.0
NAKing with 10.0.100.1
PRINBNS 0.0.0.0
NAKing with 10.0.100.1
[pptp1] IPCP: SendConfigNak #8
IPADDR 10.0.100.4
PRIDNS 10.0.100.1
PRINBNS 10.0.100.1
[pptp1] IPCP: rec'd Configure Ack #2 link 0 (Req-Sent)
IPADDR 10.0.100.1
[pptp1] IPCP: state change Req-Sent --> Ack-Rcvd
[pptp1] CCP: rec'd Configure Ack #2 link 0 (Ack-Sent)
MPPC
0x01000040: MPPE, 128 bit, stateless
[pptp1] CCP: state change Ack-Sent --> Opened
[pptp1] CCP: LayerUp
Compress using: MPPE, 128 bit, stateless
Decompress using: MPPE, 128 bit, stateless
[pptp1] setting interface ng0 MTU to 1500 bytes
[pptp1] IPCP: rec'd Configure Request #9 link 0 (Ack-Rcvd)
IPADDR 10.0.100.4
10.0.100.4 is OK
PRIDNS 10.0.100.1
PRINBNS 10.0.100.1
[pptp1] IPCP: SendConfigAck #9
IPADDR 10.0.100.4
PRIDNS 10.0.100.1
PRINBNS 10.0.100.1
[pptp1] IPCP: state change Ack-Rcvd --> Opened
[pptp1] IPCP: LayerUp
10.0.100.1 -> 10.0.100.4
[pptp1] IFACE: Up event
[pptp1] setting interface ng0 MTU to 1500 bytes
[pptp1] exec: /sbin/ifconfig ng0 10.0.100.1 10.0.100.4 netmask 0xffffffff -link0
[pptp1] no interface to proxy arp on for 10.0.100.4
[pptp1] exec: /sbin/route add 10.0.100.1 -iface lo0
[pptp1] IFACE: Up event
=========================================================
failed connection:
[pptp5:pptp5] mpd: PPTP connection from 80.73.0.233:1392
pptp0: attached to connection with 80.73.0.233:1392
[pptp1] IFACE: Open event
[pptp1] IPCP: Open event
[pptp1] IPCP: state change Initial --> Starting
[pptp1] IPCP: LayerStart
[pptp1] IPCP: Open event
[pptp1] bundle: OPEN event in state CLOSED
[pptp1] opening link "pptp1"...
[pptp1] link: OPEN event
[pptp1] LCP: Open event
[pptp1] LCP: state change Initial --> Starting
[pptp1] LCP: LayerStart
[pptp1] device: OPEN event in state DOWN
[pptp1] attaching to peer's outgoing call
[pptp1] device is now in state OPENING
[pptp1] device: UP event in state OPENING
[pptp1] device is now in state UP
[pptp1] link: UP event
[pptp1] link: origination is remote
[pptp1] LCP: Up event
[pptp1] LCP: state change Starting --> Req-Sent
[pptp1] LCP: phase shift DEAD --> ESTABLISH
[pptp1] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 73bae5f4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
pptp0-0: ignoring SetLinkInfo
[pptp1] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 73bae5f4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
[pptp1] LCP: SendConfigReq #3
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 73bae5f4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
[pptp1] LCP: SendConfigReq #4
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 73bae5f4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
[pptp1] LCP: SendConfigReq #5
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 73bae5f4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
[pptp1] LCP: SendConfigReq #6
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 73bae5f4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
[pptp1] LCP: SendConfigReq #7
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 73bae5f4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
[pptp1] LCP: SendConfigReq #8
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 73bae5f4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
[pptp1] LCP: SendConfigReq #9
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 73bae5f4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
[pptp1] LCP: SendConfigReq #10
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 73bae5f4
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 03 47 a3 ab 33
[pptp1] LCP: state change Req-Sent --> Stopped
[pptp1] LCP: LayerFinish
[pptp1] LCP: parameter negotiation failed
[pptp1] LCP: LayerFinish
[pptp1] device: CLOSE event in state UP
pptp0-0: clearing call
pptp0-0: killing channel
[pptp1] PPTP call terminated
[pptp1] IFACE: Close event
[pptp1] IPCP: Close event
[pptp1] IPCP: state change Starting --> Initial
[pptp1] IPCP: LayerFinish
[pptp1] IFACE: Close event
pptp0: closing connection with 80.73.0.233:1392
[pptp1] IFACE: Close event
[pptp1] device is now in state CLOSING
[pptp1] bundle: CLOSE event in state OPENED
[pptp1] closing link "pptp1"...
[pptp1] device: CLOSE event in state CLOSING
[pptp1] device is now in state CLOSING
[pptp1] link: CLOSE event
[pptp1] LCP: Close event
[pptp1] LCP: state change Stopped --> Closed
[pptp1] device: DOWN event in state CLOSING
[pptp1] device is now in state DOWN
[pptp1] link: DOWN event
[pptp1] LCP: Down event
[pptp1] LCP: state change Closed --> Initial
[pptp1] LCP: phase shift ESTABLISH --> DEAD
[pptp1] device: DOWN event in state DOWN
[pptp1] device is now in state DOWN
[pptp1] link: DOWN event
[pptp1] LCP: Down event
pptp0: killing connection with 80.73.0.233:1392
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
