Need help to set up VPN client

I've already connected to a particular VPN server from my MacBook without any problems. However, I can't manage to get it working in FreeBSD on a different computer.The server seems to operate in Centos Linux and is a PPTP type.

The only suitable pptp client I could find in FreeBSD ports was net/pptpclient which seems designed to handle servers running in Windows. However, in the absence of an alternative, I installed this and configured it more or less as suggested here.

The configuration consisted in creating a /etc/ppp/ppp.conf file containing the server hostname (I also tried using the server IP), my account username and my password. When I run the client using
[cmd=]/usr/local/sbin/pptp "server IP" "server Label"[/cmd]
the terminal outputs two instances of
Code:
/bin/ip: not found
and the client then shuts down which doesn't seem right.
The ppp.log in /var/log shows the following which didn't help me a lot:
Code:
E520-FreeBS# cat ppp.log
Feb 21 17:45:53 E520-FreeBS newsyslog[527]: logfile first created
Feb 21 17:47:48 E520-FreeBS ppp[1685]: Phase: Using interface: tun0
Feb 21 17:47:48 E520-FreeBS ppp[1685]: Phase: deflink: Created in closed state
Feb 21 17:47:48 E520-FreeBS ppp[1685]: Warning: usage: add dest mask gateway
Feb 21 17:47:48 E520-FreeBS ppp[1685]: Warning: The alias command is deprecated
Feb 21 17:47:48 E520-FreeBS ppp[1685]: Phase: PPP Started (direct mode).
Feb 21 17:47:48 E520-FreeBS ppp[1685]: Phase: bundle: Establish
Feb 21 17:47:48 E520-FreeBS ppp[1685]: Phase: deflink: closed -> opening
Feb 21 17:47:48 E520-FreeBS ppp[1685]: Alert: deflink: Can't create /var/run/pts/3.if: No such file or directory
Feb 21 17:47:48 E520-FreeBS ppp[1685]: Phase: deflink: Connected!
Feb 21 17:47:48 E520-FreeBS ppp[1685]: Phase: deflink: opening -> carrier
Feb 21 17:47:49 E520-FreeBS ppp[1685]: Phase: deflink: /dev/pts/3: CD detected
Feb 21 17:47:49 E520-FreeBS ppp[1685]: Phase: deflink: carrier -> lcp
Feb 21 17:47:51 E520-FreeBS ppp[1685]: Phase: bundle: Authenticate
Feb 21 17:47:51 E520-FreeBS ppp[1685]: Phase: deflink: his = CHAP 0x81, mine = none
Feb 21 17:47:51 E520-FreeBS ppp[1685]: Phase: Chap Input: CHALLENGE (16 bytes from pptpd)
Feb 21 17:47:51 E520-FreeBS ppp[1685]: Phase: Chap Output: RESPONSE (ukim-1240)
Feb 21 17:47:51 E520-FreeBS ppp[1685]: Phase: Chap Input: SUCCESS (S=221C51C8A53B32C16772F3BCECE0A1BE4FF1B402)
Feb 21 17:47:51 E520-FreeBS ppp[1685]: Phase: deflink: lcp -> open
Feb 21 17:47:51 E520-FreeBS ppp[1685]: Phase: bundle: Network
Feb 21 17:47:51 E520-FreeBS ppp[1685]: Phase: deflink: open -> lcp
Feb 21 17:47:51 E520-FreeBS ppp[1685]: Phase: bundle: Terminate
Feb 21 17:47:51 E520-FreeBS ppp[1685]: Phase: Signal 15, terminate.
Feb 21 17:47:51 E520-FreeBS ppp[1685]: Phase: Signal 15, terminate.
Feb 21 17:47:54 E520-FreeBS ppp[1685]: Phase: deflink: Disconnected!
Feb 21 17:47:54 E520-FreeBS ppp[1685]: Phase: deflink: Connect time: 6 secs: 409 octets in, 364 octets out
Feb 21 17:47:54 E520-FreeBS ppp[1685]: Phase: deflink: 9 packets in, 10 packets out
Feb 21 17:47:54 E520-FreeBS ppp[1685]: Phase:  total 128 bytes/sec, peak 193 bytes/sec on Mon Feb 21 17:47:51 2011
Feb 21 17:47:54 E520-FreeBS ppp[1685]: Alert: deflink: Can't remove /var/run/pts/3.if: No such file or directory
Feb 21 17:47:54 E520-FreeBS ppp[1685]: Phase: deflink: lcp -> closed
Feb 21 17:47:54 E520-FreeBS ppp[1685]: Phase: bundle: Dead
Feb 21 17:47:54 E520-FreeBS ppp[1685]: Phase: PPP Terminated (normal).
Can anybody help me understand what's going wrong here?
 
From http://en.wikipedia.org/wiki/PPTP

A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage a second GRE tunnel to the same peer.

The PPTP GRE packet format is non standard, including an additional acknowledgement field replacing the typical routing field in the GRE header.

The GRE tunnel is used to carry encapsulated PPP packets, allowing the tunnelling of any protocols that can be carried within PPP, including IP, NetBEUI and IPX.

See man gre(4) how to make sure you have support for the gre protocol.

RE:/bin/ip: not found
This error is explained in http://lists.freebsd.org/pipermail/freebsd-questions/2008-August/181693.html
Looks like this issue still hasn't been fixed yet ;)
 
hedgehog said:
I use net/mpd5
Works like a charm as pptp/l2tp/ppoe client and pptp server on my desktop.
Thank you for both replies and I note that the second link in J65nko's post also recommends using mpd5 to set up a vpn-pptp client.
OK, so I installed mpd5, created a /usr/local/share/etc/mpd5/mpd.secret, and a very slimmed down /usr/local/share/etc/mpd.conf as shown below:
Code:
 startup:
default:
pptp_client:


	create bundle static B1
	set iface route default
	set ipcp ranges 0.0.0.0/0 0.0.0.0/0
	
	create link static L1 pptp
	set link action bundle B1
	set auth authname [B]MyLogin[/B]
	set auth password [B]MyPassword[/B]
	set link max-redial 0
	set link mtu 1460
	set link keep-alive 20 75
	set pptp peer [B]***.***.***.***[/B]
	set pptp disable windowing
	open
where the entries in Bold are the only ones I changed. In particular, I specified the VPN server that I'm trying to reach by placing its IP in the line "set pptp peer ***.***.***.***".

Well, when I run /usr/local/sbin/mpd5 (no parameters or arguments), something runs and doesn't stop, which is good. However, "ifconfig" doesn't show that any additional connection has been formed (other than em0 and lo). Also "netstat -rn" shows no change whatsoever in the routing table.

So, no connection to the VPN server is made.

I feel sure whatever problem I have lies in the mpd.conf file and this is where I need some help. Maybe if somebody could share a (suitably munged) version of the part of their working mpd.conf appropriate to the pptpclient?
 
Code:
default:
        load my_isp

Code:
my_isp:

        create bundle static B1
        set iface route default
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0

        create link static L1 pptp
        set link action bundle B1
        set link accept chap
        set auth authname USERNAME
        set auth password PASSWORD
        set link max-redial 0
        set link mtu 1460
        set link keep-alive 20 75
        set pptp peer VPN.SERVER.HERE
        set pptp disable windowing
        open

I'd like to see the output after launching mpd5.
 
hedgehog said:
I'd like to see the output after launching mpd5.
Thanks for the mpd.conf.
Well, that looks a lot better but still not quite there.
An additional connection is shown by "ifconfig" as follows:
Code:
ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1460
The terminal output keeps trying to reconnect.
Here's the first part of the output before it tries to reeconnect for the first time. Thereafter, it just repeats this stuff over and over:

Code:
Multi-link PPP daemon for FreeBSD
 
process 1941 started, version 5.5 (root@E520-FreeBS. 23:59 21-Feb-2011)
Label 'startup' not found
[B1] Bundle: Interface ng0 created
[L1] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: SendConfigReq #1
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 8a04e1cb
[L1] LCP: rec'd Configure Request #1 (Req-Sent)
[L1]   MRU 1492
[L1]   ACCMAP 0x00000000
[L1]   AUTHPROTO CHAP MSOFTv2
[L1]   MAGICNUM ed3ad8ab
[L1]   PROTOCOMP
[L1]   ACFCOMP
[L1] LCP: SendConfigAck #1
[L1]   MRU 1492
[L1]   ACCMAP 0x00000000
[L1]   AUTHPROTO CHAP MSOFTv2
[L1]   MAGICNUM ed3ad8ab
[L1]   PROTOCOMP
[L1]   ACFCOMP
[L1] LCP: state change Req-Sent --> Ack-Sent
[L1] LCP: rec'd Configure Ack #1 (Ack-Sent)
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 8a04e1cb
[L1] LCP: state change Ack-Sent --> Opened
[L1] LCP: auth: peer wants CHAP, I want nothing
[L1] LCP: LayerUp
[L1] CHAP: rec'd CHALLENGE #49 len: 26
[L1]   Name: "pptpd"
[L1] CHAP: Using authname "[B]MyUserName[/B]"
[L1] CHAP: sending RESPONSE #49 len: 63
[L1] CHAP: rec'd SUCCESS #49 len: 46
[L1]   MESG: S=5638DD5E874BA135D1E3B6AC71459FDA02DBCBDE
[L1] LCP: authorization successful
[L1] Link: Matched action 'bundle "B1" ""'
[L1] Link: Join bundle "B1"
[B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
[B1] IPCP: Open event
[B1] IPCP: state change Initial --> Starting
[B1] IPCP: LayerStart
[B1] IPCP: Up event
[B1] IPCP: state change Starting --> Req-Sent
[B1] IPCP: SendConfigReq #1
[B1]   IPADDR 0.0.0.0
[B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[L1] rec'd unexpected protocol CCP, rejecting
[B1] IPCP: rec'd Terminate Ack #1 (Req-Sent)
[L1] LCP: rec'd Terminate Request #2 (Opened)
[L1] LCP: state change Opened --> Stopping
[L1] Link: Leave bundle "B1"
[B1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
[B1] IPCP: Close event
[B1] IPCP: state change Req-Sent --> Closing
[B1] IPCP: SendTerminateReq #2
[B1] IPCP: Down event
[B1] IPCP: LayerFinish
[B1] Bundle: No NCPs left. Closing links...
[B1] IPCP: state change Closing --> Initial
[L1] LCP: SendTerminateAck #2
[L1] LCP: LayerDown
[L1] PPTP call terminated
[L1] Link: DOWN event
[L1] LCP: Down event
[L1] LCP: state change Stopping --> Starting
[L1] Link: reconnection attempt 1 in 1 seconds
[L1] Link: reconnection attempt 1
I am unable to find any mpd5 logs which might have provided some more detail.
 
Code:
[B1]   IPADDR 0.0.0.0
[B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[L1] rec'd unexpected protocol CCP, rejecting

I would recon that that is your problem. Perhaps you need to enable compression

Code:
set bundle enable compression

Just for comparison I have attached my pptp config.
Code:
create bundle static B1
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set iface route REMOTENETWORK/24

set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless

create link static L1 pptp
set link action bundle B1
set auth authname "VPN_USER"
set auth password "SUPERSUPERSECRET"
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp peer VPN.SERVER.HERE
set pptp disable windowing
set link enable incoming
open
 
mix_room said:
Perhaps you need to enable compression
Thanks for this suggestion.
So, I added these two lines to the mpd.conf that I displayed in my last post
Code:
set bundle enable compression
set mppc yes stateless
and tried mpd5 again.
However, once again I got a repeating termination and reconnect but with a different error. Here's the output to the first reconnect:
Code:
Multi-link PPP daemon for FreeBSD
 
process 3680 started, version 5.5 (root@E520-FreeBS. 23:59 21-Feb-2011)
Label 'startup' not found
[B1] Bundle: Interface ng0 created
[L1] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: SendConfigReq #1
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 4f4889c0
[L1] LCP: rec'd Configure Request #1 (Req-Sent)
[L1]   MRU 1492
[L1]   ACCMAP 0x00000000
[L1]   AUTHPROTO CHAP MSOFTv2
[L1]   MAGICNUM c24b16b0
[L1]   PROTOCOMP
[L1]   ACFCOMP
[L1] LCP: SendConfigAck #1
[L1]   MRU 1492
[L1]   ACCMAP 0x00000000
[L1]   AUTHPROTO CHAP MSOFTv2
[L1]   MAGICNUM c24b16b0
[L1]   PROTOCOMP
[L1]   ACFCOMP
[L1] LCP: state change Req-Sent --> Ack-Sent
[L1] LCP: rec'd Configure Ack #1 (Ack-Sent)
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 4f4889c0
[L1] LCP: state change Ack-Sent --> Opened
[L1] LCP: auth: peer wants CHAP, I want nothing
[L1] LCP: LayerUp
[L1] CHAP: rec'd CHALLENGE #3 len: 26
[L1]   Name: "pptpd"
[L1] CHAP: Using authname "[B]MyLogin[/B]"
[L1] CHAP: sending RESPONSE #3 len: 63
[L1] CHAP: rec'd SUCCESS #3 len: 46
[L1]   MESG: S=400087BF5E99A96990032577DD38747494431A6F
[L1] LCP: authorization successful
[L1] Link: Matched action 'bundle "B1" ""'
[L1] Link: Join bundle "B1"
[B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
[B1] IPCP: Open event
[B1] IPCP: state change Initial --> Starting
[B1] IPCP: LayerStart
[B1] CCP: Open event
[B1] CCP: state change Initial --> Starting
[B1] CCP: LayerStart
[B1] IPCP: Up event
[B1] IPCP: state change Starting --> Req-Sent
[B1] IPCP: SendConfigReq #1
[B1]   IPADDR 0.0.0.0
[B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] CCP: Up event
[B1] CCP: Protocol mppc disabled as useless for this setup
[B1] CCP: state change Starting --> Req-Sent
[B1] CCP: SendConfigReq #1
[B1] CCP: rec'd Configure Request #1 (Req-Sent)
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] CCP: SendConfigRej #1
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] IPCP: rec'd Terminate Ack #1 (Req-Sent)
[B1] CCP: rec'd Configure Ack #1 (Req-Sent)
[B1] CCP: state change Req-Sent --> Ack-Rcvd
[L1] LCP: rec'd Terminate Request #2 (Opened)
[L1] LCP: state change Opened --> Stopping
[L1] Link: Leave bundle "B1"
[B1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
[B1] IPCP: Close event
[B1] IPCP: state change Req-Sent --> Closing
[B1] IPCP: SendTerminateReq #2
[B1] CCP: Close event
[B1] CCP: state change Ack-Rcvd --> Closing
[B1] CCP: SendTerminateReq #2
[B1] IPCP: Down event
[B1] IPCP: LayerFinish
[B1] Bundle: No NCPs left. Closing links...
[B1] IPCP: state change Closing --> Initial
[B1] CCP: Down event
[B1] CCP: LayerFinish
[B1] CCP: state change Closing --> Initial
[L1] LCP: SendTerminateAck #2
[L1] LCP: LayerDown
[L1] PPTP call terminated
[L1] Link: DOWN event
[L1] LCP: Down event
[L1] LCP: state change Stopping --> Starting
[L1] Link: reconnection attempt 1 in 1 seconds
[L1] Link: reconnection attempt 1
I also tried your mpd.conf after substituting my user/password and IP but this time, there was no terminal output at all other than telling me that the mpd5 process had started.
Puzzling.
 
I'm also trying to set up a simple vpn connection with pptpclient for a long time now, without success. The ppp logfile shows exactly the same as in the first post above, it exits with a signal 15. The messages log shows something more but I've no idea what goes wrong:

Code:
Jul 30 14:04:06 yokozuna pptp[3923]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 30 14:04:06 yokozuna pptp[3928]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jul 30 14:04:06 yokozuna pptp[3928]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jul 30 14:04:06 yokozuna pptp[3928]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jul 30 14:04:07 yokozuna pptp[3928]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jul 30 14:04:07 yokozuna pptp[3928]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jul 30 14:04:07 yokozuna pptp[3928]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 7349).
Jul 30 14:04:08 yokozuna kernel: tun0: link state changed to UP
Jul 30 14:05:07 yokozuna pptp[3928]: anon log[logecho:pptp_ctrl.c:677]: Echo Request received.
Jul 30 14:05:07 yokozuna pptp[3928]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 6 'Echo-Reply'
Jul 30 14:06:07 yokozuna pptp[3928]: anon log[pptp_handle_timer:pptp_ctrl.c:1050]: closing control connection due to missing echo reply
Jul 30 14:06:07 yokozuna pptp[3928]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
Jul 30 14:06:07 yokozuna pptp[3928]: anon log[pptp_conn_close:pptp_ctrl.c:430]: Closing PPTP connection
Jul 30 14:06:07 yokozuna pptp[3928]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 3 'Stop-Control-Connection-Request'
Jul 30 14:06:07 yokozuna pptp[3928]: anon log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
Jul 30 14:06:37 yokozuna pptp[3939]: anon warn[decaps_hdlc:pptp_gre.c:204]: short read (0): No buffer space available
Jul 30 14:06:37 yokozuna kernel: tun0: link state changed to DOWN
Jul 30 14:11:50 yokozuna pptp[4055]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 30 14:11:50 yokozuna pptp[4060]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jul 30 14:11:50 yokozuna pptp[4060]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jul 30 14:11:50 yokozuna pptp[4060]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jul 30 14:11:51 yokozuna pptp[4060]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jul 30 14:11:51 yokozuna pptp[4060]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jul 30 14:11:51 yokozuna pptp[4060]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 30793).
Jul 30 14:11:51 yokozuna kernel: tun0: link state changed to UP
Jul 30 14:11:53 yokozuna pptp[4061]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 5 (expecting 4, lost or reordered)
Jul 30 14:11:53 yokozuna pptp[4061]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 8 (expecting 7, lost or reordered)
Jul 30 14:11:53 yokozuna pptp[4061]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 9 (expecting 7, lost or reordered)
Jul 30 14:12:51 yokozuna pptp[4060]: anon log[logecho:pptp_ctrl.c:677]: Echo Request received.
Jul 30 14:12:51 yokozuna pptp[4060]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 6 'Echo-Reply'
Jul 30 14:14:11 yokozuna pptp[4060]: anon log[pptp_read_some:pptp_ctrl.c:551]: read error: Operation timed out
Jul 30 14:14:11 yokozuna pptp[4060]: anon log[callmgr_main:pptp_callmgr.c:258]: Closing connection (shutdown)
Jul 30 14:14:11 yokozuna pptp[4060]: anon log[pptp_send_ctrl_packet:pptp_ctrl.c:622]: write error: Broken pipe
Jul 30 14:14:11 yokozuna pptp[4060]: anon log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
Jul 30 14:14:11 yokozuna pptp[4060]: anon log[pptp_read_some:pptp_ctrl.c:551]: read error: Bad file descriptor
Jul 30 14:14:11 yokozuna kernel: pid 4060 (pptp), uid 0: exited on signal 11 (core dumped)
Jul 30 14:14:41 yokozuna pptp[4061]: anon warn[decaps_hdlc:pptp_gre.c:204]: short read (0): No buffer space available
Jul 30 14:14:41 yokozuna kernel: tun0: link state changed to DOWN

So if anyone has successfully set up a connection with pptpclient, I'd be happy to hear it too.

Regards,
Marco
 
Back
Top