Thursday, February 24, 2011

Still trying to pptp-client from FreeBSD to VPN server

I posted about this project a day or two ago.
Unfortunately, despite getting a few useful suggestions from the FreeBSD forum , and making a little progress, the issue remains unresolved.
Essentially, reading the /usr/local/etc/mpd5/mpd.conf.sample file is what allowed me to make most progress and I ended up with a mpd.cond which had a default of

default:
load pptp_client

and a pptp_client section as shown below:
pptp_client:
#
# PPTP client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#


create bundle static B1
set iface route default
set ipcp ranges 0.0.0.0/0 0.0.0.0/0

set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set bundle enable crypt-reqd
set mppc yes stateless


create link static L1 pptp
set link action bundle B1
set auth authname MyLogin
set auth password MyPassword
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp peer VNP Server IP
set ipcp dns 208.67.222.222
set pptp disable windowing
open

Running mpd5 then gave the follwoing terminal output:
mpd5
Multi-link PPP daemon for FreeBSD

process 2243 started, version 5.5 (root@E520-FreeBS. 23:59 21-Feb-2011)
CONSOLE: listening on 127.0.0.1 5005
web: listening on 0.0.0.0 5006
[B1] Bundle: Interface ng0 created
[L1] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: SendConfigReq #1
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM 5598b766
[L1] LCP: rec'd Configure Ack #1 (Req-Sent)
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM 5598b766
[L1] LCP: state change Req-Sent --> Ack-Rcvd
[L1] LCP: state change Ack-Rcvd --> Req-Sent
[L1] LCP: SendConfigReq #2
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM 5598b766
[L1] LCP: rec'd Configure Ack #2 (Req-Sent)
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM 5598b766
[L1] LCP: state change Req-Sent --> Ack-Rcvd
[L1] LCP: rec'd Configure Request #1 (Ack-Rcvd)
[L1] MRU 1492
[L1] ACCMAP 0x00000000
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MAGICNUM f655b17b
[L1] PROTOCOMP
[L1] ACFCOMP
[L1] LCP: SendConfigAck #1
[L1] MRU 1492
[L1] ACCMAP 0x00000000
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MAGICNUM f655b17b
[L1] PROTOCOMP
[L1] ACFCOMP
[L1] LCP: state change Ack-Rcvd --> Opened
[L1] LCP: auth: peer wants CHAP, I want nothing
[L1] LCP: LayerUp
[L1] CHAP: rec'd CHALLENGE #112 len: 26
[L1] Name: "pptpd"
[L1] CHAP: Using authname "MyLogin"
[L1] CHAP: sending RESPONSE #112 len: 63
[L1] CHAP: rec'd SUCCESS #112 len: 46
[L1] MESG: S=B9F7084FC98AEFD5424668C16D88899EB49ABE8D
[L1] LCP: authorization successful
[L1] Link: Matched action 'bundle "B1" ""'
[L1] Link: Join bundle "B1"
[B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
[B1] IPCP: Open event
[B1] IPCP: state change Initial --> Starting
[B1] IPCP: LayerStart
[B1] CCP: Open event
[B1] CCP: state change Initial --> Starting
[B1] CCP: LayerStart
[B1] IPCP: Up event
[B1] IPCP: state change Starting --> Req-Sent
[B1] IPCP: SendConfigReq #1
[B1] IPADDR 0.0.0.0
[B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] CCP: Up event
[B1] CCP: state change Starting --> Req-Sent
[B1] CCP: SendConfigReq #1
[B1] MPPC
[B1] 0x01000060:MPPE(40, 128 bits), stateless
[B1] CCP: rec'd Configure Request #1 (Req-Sent)
[B1] MPPC
[B1] 0x01000040:MPPE(128 bits), stateless
[B1] CCP: SendConfigAck #1
[B1] MPPC
[B1] 0x01000040:MPPE(128 bits), stateless
[B1] CCP: state change Req-Sent --> Ack-Sent
[B1] IPCP: rec'd Terminate Ack #1 (Req-Sent)
[B1] CCP: rec'd Configure Nak #1 (Ack-Sent)
[B1] MPPC
[B1] 0x01000040:MPPE(128 bits), stateless
[B1] CCP: SendConfigReq #2
[B1] MPPC
[B1] 0x01000040:MPPE(128 bits), stateless
[B1] CCP: rec'd Configure Ack #2 (Ack-Sent)
[B1] MPPC
[B1] 0x01000040:MPPE(128 bits), stateless
[B1] CCP: state change Ack-Sent --> Opened
[B1] CCP: LayerUp
[B1] CCP: Compress using: mppc (MPPE(128 bits), stateless)
[B1] CCP: Decompress using: mppc (MPPE(128 bits), stateless)
[B1] IPCP: rec'd Configure Request #1 (Req-Sent)
[B1] COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
[B1] IPADDR 192.168.0.1
[B1] 192.168.0.1 is OK
[B1] IPCP: SendConfigAck #1
[B1] COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
[B1] IPADDR 192.168.0.1
[B1] IPCP: state change Req-Sent --> Ack-Sent
[B1] IPCP: SendConfigReq #2
[B1] IPADDR 0.0.0.0
[B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: rec'd Configure Nak #2 (Ack-Sent)
[B1] IPADDR 192.168.0.72
[B1] 192.168.0.72 is OK
[B1] IPCP: SendConfigReq #3
[B1] IPADDR 192.168.0.72
[B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: rec'd Configure Ack #3 (Ack-Sent)
[B1] IPADDR 192.168.0.72
[B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: state change Ack-Sent --> Opened
[B1] IPCP: LayerUp
[B1] 192.168.0.72 -> 192.168.0.1
[B1] IFACE: Add route 0.0.0.0/0 192.168.0.1 failed: File exists
[B1] IFACE: Up event


OK, not quite there but a lot better than before. In particular, "ifconfig" now included the following stanza in addition to what was already there:
ng0: flags=88d1 metric 0 mtu 1456
inet 192.168.0.87 --> 192.168.0.1 netmask 0xffffffff

Also "netstat -rn" changed from this (IPv4 only):
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.254 UGS 5 10724 em0
127.0.0.1 link#2 UH 0 2020 lo0
192.168.1.0/24 link#1 U 0 997 em0
192.168.1.9 link#1 UHS 0 0 lo0

to this:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.254 UGS 2 1294 em0
127.0.0.1 link#2 UH 0 113 lo0
192.168.0.1 link#3 UH 0 0 ng0
192.168.0.63 link#3 UHS 0 0 lo0
192.168.1.0/24 link#1 U 0 38 em0
192.168.1.9 link#1 UHS 0 0 lo0

However, this latter is nowhere near as complete as the "netstat -rn" output that I got in Ubuntu with the client running:
Destination Gateway Genmask Flags MSS Window irtt Iface
aaa.bbb.ccc.ddd 192.168.1.254 255.255.255.255 UGH 0 0 0 eth0
aaa.bbb.ccc.ddd 192.168.1.254 255.255.255.255 UGH 0 0 0 eth0
192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0

where aaa.bbb.ccc.ddd is the VPN server IP address which did not show up at all in the FreeBSD version.
Going back to the terminal output from when I ran mpd5, everything seemed to stop dead when this line was issued:
IFACE: Add route 0.0.0.0/0 192.168.0.1 failed: File exists

Interestingly, I googled this line and came up with an informative thread dealing with almost the same problem.
Unfortunately, the issue was not resolved. This coupled with the fact that I have received no further suggestions from the forum thread possibly means that there is no ready solution to this.
Nevertheless, in the UKiVPN setup, a link is provided to setting up a client in Ubuntu using the command line. There may be some useful tips here.
Also of value are the mpd5 User Manual and this great series of howtos on getting pptp-client working in many Linux distros. NetBSD is included but the link, from 2003, is now broken.

1 comment:

  1. You could see here http://am-productions.biz/docs/freebsd-windows-pptp-vpn-setup.php

    ReplyDelete