mpd5 PPT VPN & Mac OS X Snow Leopard

C

chrisup

I'm trying to connect my Mac to my FreeBSD 7.3 RELEASE PPTP VPN running mpd5. The server sits behind a Comcast Gateway, GRE and PPTP are forwarded to the FreeBSD box. I can connect my Windows client to the FreeBSD mpd5 PPTP VPN just fine. I can connect this Mac to a m0n0wall PPTP VPN without trouble. My research tells me I need the mpd5 PPTP VPN to support mppe-128, mschap-v2 and a stateless connection. I read the mpd5 manual and tried to enable the required options, but couldn't get it right. Please see my config and sample errors below. Can anyone provide a sample config that works with Snow Leopard? BTW, my iPhone connects without trouble.

My Config:

Code: 
startup:
#        set user adminuser adminpass admin
#        set console self 127.0.0.1 5005
#        set console open
#       set web self 0.0.0.0 5006
#        set web open

default:
        load pptp_server

pptp_server:
        set ippool add pool1 10.1.10.50 10.1.10.58
        create bundle template MYVPN
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
        set ipcp ranges 10.1.10.253/32 ippool pool1
        set ipcp dns 10.1.10.1
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

# START TEST
        set ccp yes mpp
        set ccp yes mpp-e128
        set ccp yes mpp-stateless
        set bundle enable crypt-reqd
        set link yes chap-msv2
# END TEST

        create link template MYVPN pptp
        set link action bundle MYVPN
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
        set link keep-alive 10 60
        set link mtu 1460
        set pptp self 10.1.10.253
        set link enable incoming


Sample mpd5 server errors:

SNIPET 1
Code: 
Jan 11 22:10:35 VPN mpd5: option "mpp-e128" unknown
Jan 11 22:10:35 VPN mpd5: option "mpp-e128" unknown
Jan 11 22:10:35 VPN mpd5: option "mpp-stateless" unknown
Jan 11 22:10:35 VPN mpd5: option "mpp-stateless" unknown
Jan 11 22:10:35 VPN mpd5: mpd.conf:31: Incorrect context for: 'set link accept chap-msv2'

SNIPET 2
Code: 
Jan 11 21:33:20 VPN mpd5: process 30947 started, version 5.5 (root@localhost 12:52 10-Jan-2011)
Jan 11 21:33:20 VPN mpd5: CONSOLE: listening on 127.0.0.1 5005
Jan 11 21:33:20 VPN mpd5: web: listening on 0.0.0.0 5006
Jan 11 21:33:20 VPN mpd5: PPTP: waiting for connection on 10.1.10.253 1723
Jan 11 21:33:20 VPN mpd5: mpd.conf:37: Incorrect context for: 'set ccp accept encryption'
Jan 11 21:33:20 VPN mpd5: mpd.conf:38: Incorrect context for: 'set ccp accept mpp-stateless'
Jan 11 21:33:20 VPN mpd5: mpd.conf:39: Incorrect context for: 'set ccp accept mpp-e128'

Sample client log:
Code: 
Tue Jan 11 22:22:28 2011 : PPTP connecting to server 'XXX.XXX.XXX.XXX' (XXX.XXX.XXX.XXX)...
Tue Jan 11 22:22:28 2011 : PPTP connection established.
Tue Jan 11 22:22:28 2011 : using link 0
Tue Jan 11 22:22:28 2011 : Using interface ppp0
Tue Jan 11 22:22:28 2011 : Connect: ppp0 <--> socket[34]
Tue Jan 11 22:22:28 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x242f9213> <pcomp> <accomp>]
Tue Jan 11 22:22:31 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x242f9213> <pcomp> <accomp>]
Tue Jan 11 22:22:34 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x242f9213> <pcomp> <accomp>]
Tue Jan 11 22:22:37 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x242f9213> <pcomp> <accomp>]
Tue Jan 11 22:22:40 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x242f9213> <pcomp> <accomp>]
Tue Jan 11 22:22:43 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x242f9213> <pcomp> <accomp>]
Tue Jan 11 22:22:46 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x242f9213> <pcomp> <accomp>]
Tue Jan 11 22:22:48 2011 : PPTP received Call Disconnect Notify message
Tue Jan 11 22:22:58 2011 : PPTP received unexpected message type = 6699
Tue Jan 11 22:22:58 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x242f9213> <pcomp> <accomp>]
Tue Jan 11 22:23:01 2011 : PPTP error when reading socket : EOF
Tue Jan 11 22:23:01 2011 : PPTP error when reading header : read -1, expected 12 bytes
Tue Jan 11 22:23:01 2011 : PPTP hangup
Tue Jan 11 22:23:01 2011 : Connection terminated.
Tue Jan 11 22:23:01 2011 : PPTP disconnecting...
Tue Jan 11 22:23:01 2011 : PPTP disconnected
 
Hi,

I'm in a situation similar to your's (FreeBSD 7.3 mpd5) and had little issues with vpn connections.

I took a look at your site and juste wonder if your conf file pasted is complete? Because there is a whole part of the config that is missing in comparison of my conf file and the default mpd conf file.
 
mpd5.conf corrected

Hi kisscool-fr. You are correct, I cut off the link layer of the config in my howto. I corrected the howto and pasted a copy of my complete config below. Let me know if you need help. The config has to be indented as you see below or it will not work.


Code: 
startup:
        set user admin password admin
        set console self 127.0.0.1 5005
        set console open
        set web self 0.0.0.0 5006
        set web open

default:
        load pptp_server

pptp_server:
        set ippool add pool1 172.16.1.50 172.16.1.58
        create bundle template MYVPN
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
        set ipcp ranges 172.16.1.253/32 ippool pool1
        set ipcp dns 172.16.1.1
        set bundle enable compression
        set bundle enable encryption
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

        create link template MYVPN pptp
        set link action bundle MYVPN
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link eap accept
        set link enable chap-msv2
        set link enable chap
        set auth enable system-auth
        set link keep-alive 10 60
        set link mtu 1460
        set pptp self 172.16.1.253
        set link enable incoming
 
I have little differences in my config file. I will try to adjust from yours to see if it resolv my issues.

Have you ever tried connecting a Linux client to this vpn ?
 
Linux client

No, I have not tried connecting a Linux client. Post the client log and the PPTP server log if you still have trouble.
 
You must log in or register to reply here.
Back
Top