Can't reconnect/redial to a mpd5 vpn server?

Andy22 · Feb 27, 2012

Hi,

I managed to get a working FreeBSD 9 VPN server running so a Windows 7 client can connect to it, this works however only once. I can connect once fine and if I disconnect/reconnect in Windows 7 I get an error and no connection is established again. If I restart the mpd5 service I can again connect.

Any ideas?

mpd5.log:

Code:

Feb 27 14:58:27 vpn mpd5: [L-1] Accepting PPTP connection
Feb 27 14:58:27 vpn mpd5: [L-1] Link: OPEN event
Feb 27 14:58:27 vpn mpd5: [L-1] LCP: Open event
Feb 27 14:58:27 vpn mpd5: [L-1] LCP: state change Initial --> Starting
Feb 27 14:58:27 vpn mpd5: [L-1] LCP: LayerStart
Feb 27 14:58:27 vpn mpd5: [L-1] PPTP: attaching to peer's outgoing call
Feb 27 14:58:27 vpn mpd5: [L-1] Link: UP event
Feb 27 14:58:27 vpn mpd5: [L-1] LCP: Up event
Feb 27 14:58:27 vpn mpd5: [L-1] LCP: state change Starting --> Req-Sent
Feb 27 14:58:27 vpn mpd5: [L-1] LCP: SendConfigReq #1
Feb 27 14:58:27 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:27 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:27 vpn mpd5: [L-1]   MRU 1500
Feb 27 14:58:27 vpn mpd5: [L-1]   MAGICNUM f41f347d
Feb 27 14:58:27 vpn mpd5: [L-1]   AUTHPROTO CHAP MSOFTv2
Feb 27 14:58:27 vpn mpd5: [L-1]   MP MRRU 2048
Feb 27 14:58:27 vpn mpd5: [L-1]   MP SHORTSEQ
Feb 27 14:58:27 vpn mpd5: [L-1]   ENDPOINTDISC [802.1] 00 16 3c 6f 53 a9
Feb 27 14:58:28 vpn mpd5: [L-1] LCP: rec'd Configure Request #0 (Req-Sent)
Feb 27 14:58:28 vpn mpd5: [L-1]   MRU 1400
Feb 27 14:58:28 vpn mpd5: [L-1]   MAGICNUM 7b7f4990
Feb 27 14:58:28 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:28 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:28 vpn mpd5: [L-1]   CALLBACK 6
Feb 27 14:58:28 vpn mpd5: [L-1]   MP MRRU 1614
Feb 27 14:58:28 vpn mpd5: [L-1]   ENDPOINTDISC [LOCAL] 4d 03 95 ed 17 9e 46 1e 9e 07 7b 4e c5 89 76 12 00 00 0
Feb 27 14:58:28 vpn mpd5: [L-1] LCP: SendConfigRej #0
Feb 27 14:58:28 vpn mpd5: [L-1]   CALLBACK 6
Feb 27 14:58:29 vpn mpd5: [L-1] LCP: SendConfigReq #2
Feb 27 14:58:29 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:29 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:29 vpn mpd5: [L-1]   MRU 1500
Feb 27 14:58:29 vpn mpd5: [L-1]   MAGICNUM f41f347d
Feb 27 14:58:29 vpn mpd5: [L-1]   AUTHPROTO CHAP MSOFTv2
Feb 27 14:58:29 vpn mpd5: [L-1]   MP MRRU 2048
Feb 27 14:58:29 vpn mpd5: [L-1]   MP SHORTSEQ
Feb 27 14:58:29 vpn mpd5: [L-1]   ENDPOINTDISC [802.1] 00 16 3c 6f 53 a9
Feb 27 14:58:30 vpn mpd5: [L-1] LCP: rec'd Configure Request #1 (Req-Sent)
Feb 27 14:58:30 vpn mpd5: [L-1]   MRU 1400
Feb 27 14:58:30 vpn mpd5: [L-1]   MAGICNUM 7b7f4990
Feb 27 14:58:30 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:30 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:30 vpn mpd5: [L-1]   CALLBACK 6
Feb 27 14:58:30 vpn mpd5: [L-1]   MP MRRU 1614
Feb 27 14:58:30 vpn mpd5: [L-1]   ENDPOINTDISC [LOCAL] 4d 03 95 ed 17 9e 46 1e 9e 07 7b 4e c5 89 76 12 00 00 0
Feb 27 14:58:30 vpn mpd5: [L-1] LCP: SendConfigRej #1
Feb 27 14:58:30 vpn mpd5: [L-1]   CALLBACK 6
Feb 27 14:58:31 vpn mpd5: [L-1] LCP: SendConfigReq #3
Feb 27 14:58:31 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:31 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:31 vpn mpd5: [L-1]   MRU 1500
Feb 27 14:58:31 vpn mpd5: [L-1]   MAGICNUM f41f347d
Feb 27 14:58:31 vpn mpd5: [L-1]   AUTHPROTO CHAP MSOFTv2
Feb 27 14:58:31 vpn mpd5: [L-1]   MP MRRU 2048
Feb 27 14:58:31 vpn mpd5: [L-1]   MP SHORTSEQ
Feb 27 14:58:31 vpn mpd5: [L-1]   ENDPOINTDISC [802.1] 00 16 3c 6f 53 a9
Feb 27 14:58:33 vpn mpd5: [L-1] LCP: rec'd Configure Request #2 (Req-Sent)
Feb 27 14:58:33 vpn mpd5: [L-1]   MRU 1400
Feb 27 14:58:33 vpn mpd5: [L-1]   MAGICNUM 7b7f4990
Feb 27 14:58:33 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:33 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:33 vpn mpd5: [L-1]   CALLBACK 6
Feb 27 14:58:33 vpn mpd5: [L-1]   MP MRRU 1614
Feb 27 14:58:33 vpn mpd5: [L-1]   ENDPOINTDISC [LOCAL] 4d 03 95 ed 17 9e 46 1e 9e 07 7b 4e c5 89 76 12 00 00 0
Feb 27 14:58:33 vpn mpd5: [L-1] LCP: SendConfigRej #2
Feb 27 14:58:33 vpn mpd5: [L-1]   CALLBACK 6
Feb 27 14:58:33 vpn mpd5: [L-1] LCP: SendConfigReq #4
Feb 27 14:58:33 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:33 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:33 vpn mpd5: [L-1]   MRU 1500
Feb 27 14:58:33 vpn mpd5: [L-1]   MAGICNUM f41f347d
Feb 27 14:58:33 vpn mpd5: [L-1]   AUTHPROTO CHAP MSOFTv2
Feb 27 14:58:33 vpn mpd5: [L-1]   MP MRRU 2048
Feb 27 14:58:33 vpn mpd5: [L-1]   MP SHORTSEQ
Feb 27 14:58:33 vpn mpd5: [L-1]   ENDPOINTDISC [802.1] 00 16 3c 6f 53 a9
Feb 27 14:58:35 vpn mpd5: [L-1] LCP: SendConfigReq #5
Feb 27 14:58:35 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:35 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:35 vpn mpd5: [L-1]   MRU 1500
Feb 27 14:58:35 vpn mpd5: [L-1]   MAGICNUM f41f347d
Feb 27 14:58:35 vpn mpd5: [L-1]   AUTHPROTO CHAP MSOFTv2
Feb 27 14:58:35 vpn mpd5: [L-1]   MP MRRU 2048
Feb 27 14:58:35 vpn mpd5: [L-1]   MP SHORTSEQ
Feb 27 14:58:35 vpn mpd5: [L-1]   ENDPOINTDISC [802.1] 00 16 3c 6f 53 a9
Feb 27 14:58:37 vpn mpd5: [L-1] LCP: rec'd Configure Request #3 (Req-Sent)
Feb 27 14:58:37 vpn mpd5: [L-1]   MRU 1400
Feb 27 14:58:37 vpn mpd5: [L-1]   MAGICNUM 7b7f4990
Feb 27 14:58:37 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:37 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:37 vpn mpd5: [L-1]   CALLBACK 6
Feb 27 14:58:37 vpn mpd5: [L-1]   MP MRRU 1614
Feb 27 14:58:37 vpn mpd5: [L-1]   ENDPOINTDISC [LOCAL] 4d 03 95 ed 17 9e 46 1e 9e 07 7b 4e c5 89 76 12 00 00 0
Feb 27 14:58:37 vpn mpd5: [L-1] LCP: SendConfigRej #3
Feb 27 14:58:37 vpn mpd5: [L-1]   CALLBACK 6
Feb 27 14:58:37 vpn mpd5: [L-1] LCP: SendConfigReq #6
Feb 27 14:58:37 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:37 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:37 vpn mpd5: [L-1]   MRU 1500
Feb 27 14:58:37 vpn mpd5: [L-1]   MAGICNUM f41f347d
Feb 27 14:58:37 vpn mpd5: [L-1]   AUTHPROTO CHAP MSOFTv2
Feb 27 14:58:37 vpn mpd5: [L-1]   MP MRRU 2048
Feb 27 14:58:37 vpn mpd5: [L-1]   MP SHORTSEQ
Feb 27 14:58:37 vpn mpd5: [L-1]   ENDPOINTDISC [802.1] 00 16 3c 6f 53 a9
Feb 27 14:58:39 vpn mpd5: [L-1] LCP: SendConfigReq #7
Feb 27 14:58:39 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:39 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:39 vpn mpd5: [L-1]   MRU 1500
Feb 27 14:58:39 vpn mpd5: [L-1]   MAGICNUM f41f347d
Feb 27 14:58:39 vpn mpd5: [L-1]   AUTHPROTO CHAP MSOFTv2
Feb 27 14:58:39 vpn mpd5: [L-1]   MP MRRU 2048
Feb 27 14:58:39 vpn mpd5: [L-1]   MP SHORTSEQ
Feb 27 14:58:39 vpn mpd5: [L-1]   ENDPOINTDISC [802.1] 00 16 3c 6f 53 a9
Feb 27 14:58:41 vpn mpd5: [L-1] LCP: rec'd Configure Request #4 (Req-Sent)
Feb 27 14:58:41 vpn mpd5: [L-1]   MRU 1400
Feb 27 14:58:41 vpn mpd5: [L-1]   MAGICNUM 7b7f4990
Feb 27 14:58:41 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:41 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:41 vpn mpd5: [L-1]   CALLBACK 6
Feb 27 14:58:41 vpn mpd5: [L-1]   MP MRRU 1614
Feb 27 14:58:41 vpn mpd5: [L-1]   ENDPOINTDISC [LOCAL] 4d 03 95 ed 17 9e 46 1e 9e 07 7b 4e c5 89 76 12 00 00 0
Feb 27 14:58:41 vpn mpd5: [L-1] LCP: SendConfigRej #4
Feb 27 14:58:41 vpn mpd5: [L-1]   CALLBACK 6
Feb 27 14:58:41 vpn mpd5: [L-1] LCP: SendConfigReq #8
Feb 27 14:58:41 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:41 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:41 vpn mpd5: [L-1]   MRU 1500
Feb 27 14:58:41 vpn mpd5: [L-1]   MAGICNUM f41f347d
Feb 27 14:58:41 vpn mpd5: [L-1]   AUTHPROTO CHAP MSOFTv2
Feb 27 14:58:41 vpn mpd5: [L-1]   MP MRRU 2048
Feb 27 14:58:41 vpn mpd5: [L-1]   MP SHORTSEQ
Feb 27 14:58:41 vpn mpd5: [L-1]   ENDPOINTDISC [802.1] 00 16 3c 6f 53 a9
Feb 27 14:58:43 vpn mpd5: [L-1] LCP: SendConfigReq #9
Feb 27 14:58:43 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:43 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:43 vpn mpd5: [L-1]   MRU 1500
Feb 27 14:58:43 vpn mpd5: [L-1]   MAGICNUM f41f347d
Feb 27 14:58:43 vpn mpd5: [L-1]   AUTHPROTO CHAP MSOFTv2
Feb 27 14:58:43 vpn mpd5: [L-1]   MP MRRU 2048
Feb 27 14:58:43 vpn mpd5: [L-1]   MP SHORTSEQ
Feb 27 14:58:43 vpn mpd5: [L-1]   ENDPOINTDISC [802.1] 00 16 3c 6f 53 a9
Feb 27 14:58:45 vpn mpd5: [L-1] LCP: rec'd Configure Request #5 (Req-Sent)
Feb 27 14:58:45 vpn mpd5: [L-1]   MRU 1400
Feb 27 14:58:45 vpn mpd5: [L-1]   MAGICNUM 7b7f4990
Feb 27 14:58:45 vpn mpd5: [L-1]   PROTOCOMP
Feb 27 14:58:45 vpn mpd5: [L-1]   ACFCOMP
Feb 27 14:58:45 vpn mpd5: [L-1]   CALLBACK 6
Feb 27 14:58:45 vpn mpd5: [L-1]   MP MRRU 1614
Feb 27 14:58:45 vpn mpd5: [L-1]   ENDPOINTDISC [LOCAL] 4d 03 95 ed 17 9e 46 1e 9e 07 7b 4e c5 89 76 12 00 00 0
Feb 27 14:58:45 vpn mpd5: [L-1] LCP: not converging
Feb 27 14:58:45 vpn mpd5: [L-1] LCP: parameter negotiation failed
Feb 27 14:58:45 vpn mpd5: [L-1] LCP: state change Req-Sent --> Stopped
Feb 27 14:58:45 vpn mpd5: [L-1] LCP: LayerFinish
Feb 27 14:58:45 vpn mpd5: [L-1] PPTP call terminated
Feb 27 14:58:45 vpn mpd5: [L-1] Link: DOWN event
Feb 27 14:58:45 vpn mpd5: [L-1] LCP: Close event
Feb 27 14:58:45 vpn mpd5: [L-1] LCP: state change Stopped --> Closed
Feb 27 14:58:45 vpn mpd5: [L-1] LCP: Down event
Feb 27 14:58:45 vpn mpd5: [L-1] LCP: state change Closed --> Initial
Feb 27 14:58:45 vpn mpd5: [L-1] Link: SHUTDOWN event
Feb 27 14:58:45 vpn mpd5: [L-1] Link: Shutdown

Andy22 · Feb 28, 2012

Any hints what other logfiles I can check, or what parameters to change?

Code:

LCP: parameter negotiation failed

isn't this helpful, since the first connection using the same parameters works just fine. I suspect that somehow the disconnect of the windows client is not correctly noticed and therefore not reset correctly on the server side for this client?

Andy22 · Feb 28, 2012

Here is my mpd.conf:

Code:

startup:
	set console close
	set web close

default:
	load pptp_server

pptp_server:
	set ippool add pool1 10.0.3.240 10.0.3.250
	create bundle template B
	set iface enable proxy-arp
	set iface idle 1800
	set iface enable tcpmssfix
	set ipcp yes vjcomp
	set ipcp ranges 10.0.3.254/32 ippool pool1
	set ipcp dns 8.8.8.8
	set bundle enable compression

	#set ccp yes mppc
	#set mppc yes e40
	#set mppc yes e128
	#set mppc yes stateless

	create link template L pptp
	set link action bundle B
	set link enable multilink
	set link yes acfcomp protocomp
	set link no pap chap
	set link enable chap
	set link keep-alive 10 60
	set link mtu 1460
	set pptp self re0
	set link enable incoming

I also notice that the second time I try to connect the dial-in process is stuck at the

Code:

verifying username and password

under windows7. I guess the mpd server still has the old user logged in, but why?

Andy22 · Feb 28, 2012

Solved this issue, but maybe someone can explain why this solves my problem reproducible?

If I add

Code:

set link fsm-timeout 5

than I can successfully connect multiple times using the win7 client, if I remove this setting I can only connect once and need to restart mpd5 via shell. Even the manual reads

This command is analogous to the same command at the bundle layer, but it applies to link-layer FSM's such as Link Control Protocol (LCP). The default is two seconds; normally this value shouldn't be changed.

bye Andy

PS: Do I miss the edit button or is edit disabled in this forum?

Can't reconnect/redial to a mpd5 vpn server?

Andy22

Andy22

Andy22

Andy22