mpd5 problem when users are connected to other public network through PPTP or PPPOE

devil_devil · Mar 4, 2010

Hello All,

I have a strange problem with mpd 5. 3 on FreeBSD 7.2 Stable, when users are connected to other public network through PPTP or PPPOE can not connect with our mpd server. My mpd conf is :

Code:

startup:

default:
        load pptp_server

pptp_server:

       set ippool add pool1 192.168.10.190 192.168.10.240

# Create clonable bundle template named B
        create bundle template B
        set iface enable proxy-arp
        log +iface2
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
        set ipcp ranges 192.168.10.254/32 ippool pool1
        set ipcp dns 192.168.10.254
        #set ipcp nbns 192.168.1.4
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

# Create clonable link template named L
        create link template L pptp
# Set bundle template to use
        set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
#       load radius
        set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
        set link mtu 1460
# Configure PPTP
        set pptp self public ip address
# Allow to accept calls
        set link enable incoming

Do you have a similar problem or solution

?

sniper007 · Mar 4, 2010

Do you set mpd.secret file ?

devil_devil · Mar 4, 2010

Yes i have mpd.secret and i can connect to mpd server (for example, when ISP use real or private static or dynamic ip address) . The problem is when I'm behind ISP PPPOE server.

sniper007 · Mar 4, 2010

So if i understand you correctly: Users who using PPPoE to connect to internet can't connect to your PPTP server ?

devil_devil · Mar 4, 2010

Yes exactly, but I do not know why

sniper007 · Mar 4, 2010

It'd be usefull if you enable and check mpd logging. Also what type of error client received when try to connect ?

devil_devil · Mar 4, 2010

Windows error is 619, I started mpd log but unfortunately now there is no way to test

.

sniper007 · Mar 4, 2010

Error 619 may cause a problem with a firewall on the client machine, or the firewall the client is behind breaking PPTP.

devil_devil · Mar 4, 2010

Okay but before I change my vpn server from Microsoft vpn servers on FreeBSD mpd, those users connect to the old vpn server. I'm sure the problem is not in the Firewall client or server vpn machine. And users do successful telnet gw 1723, so no filtering and GRE protocol.

sniper007 · Mar 4, 2010

Hm

I use same version of mpd and same version fbsd and user can succesfuly connect to my PPTP server.

i'd check log file

devil_devil · Mar 4, 2010

mpd log

Code:

[root@gate /usr/home/someuser]# tail -f /var/log/mpd.log 


Mar  4 13:12:59 gate mpd: PPTP: waiting for connection on PUBLIC IP ADDRESS 1723
Mar  4 14:56:26 gate mpd: [L-1] Accepting PPTP connection
Mar  4 14:56:26 gate mpd: [L-1] Link: OPEN event
Mar  4 14:56:26 gate mpd: [L-1] LCP: Open event
Mar  4 14:56:26 gate mpd: [L-1] LCP: state change Initial --> Starting
Mar  4 14:56:26 gate mpd: [L-1] LCP: LayerStart
Mar  4 14:56:26 gate mpd: [L-1] PPTP: attaching to peer's outgoing call
Mar  4 14:56:26 gate mpd: [L-1] Link: UP event
Mar  4 14:56:26 gate mpd: [L-1] LCP: Up event
Mar  4 14:56:26 gate mpd: [L-1] LCP: state change Starting --> Req-Sent
Mar  4 14:56:26 gate mpd: [L-1] LCP: SendConfigReq #1
Mar  4 14:56:26 gate mpd: [L-1]   ACFCOMP
Mar  4 14:56:26 gate mpd: [L-1]   PROTOCOMP
Mar  4 14:56:26 gate mpd: [L-1]   MRU 1500
Mar  4 14:56:26 gate mpd: [L-1]   MAGICNUM fb56b520
Mar  4 14:56:26 gate mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Mar  4 14:56:26 gate mpd: [L-1]   MP MRRU 2048
Mar  4 14:56:26 gate mpd: [L-1]   MP SHORTSEQ
Mar  4 14:56:26 gate mpd: [L-1]   ENDPOINTDISC [802.1] 00 30 48 d9 ac 20
Mar  4 14:56:28 gate mpd: [L-1] LCP: SendConfigReq #2
Mar  4 14:56:28 gate mpd: [L-1]   ACFCOMP
Mar  4 14:56:28 gate mpd: [L-1]   PROTOCOMP
Mar  4 14:56:28 gate mpd: [L-1]   MRU 1500
Mar  4 14:56:28 gate mpd: [L-1]   MAGICNUM fb56b520
Mar  4 14:56:28 gate mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Mar  4 14:56:28 gate mpd: [L-1]   MP MRRU 2048
Mar  4 14:56:28 gate mpd: [L-1]   MP SHORTSEQ
Mar  4 14:56:28 gate mpd: [L-1]   ENDPOINTDISC [802.1] 00 30 48 d9 ac 20
Mar  4 14:56:30 gate mpd: [L-1] LCP: SendConfigReq #3
Mar  4 14:56:30 gate mpd: [L-1]   ACFCOMP
Mar  4 14:56:30 gate mpd: [L-1]   PROTOCOMP
Mar  4 14:56:30 gate mpd: [L-1]   MRU 1500
Mar  4 14:56:30 gate mpd: [L-1]   MAGICNUM fb56b520
Mar  4 14:56:30 gate mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Mar  4 14:56:30 gate mpd: [L-1]   MP MRRU 2048
Mar  4 14:56:30 gate mpd: [L-1]   MP SHORTSEQ
Mar  4 14:56:30 gate mpd: [L-1]   ENDPOINTDISC [802.1] 00 30 48 d9 ac 20
Mar  4 14:56:32 gate mpd: [L-1] LCP: SendConfigReq #4
Mar  4 14:56:32 gate mpd: [L-1]   ACFCOMP
Mar  4 14:56:32 gate mpd: [L-1]   PROTOCOMP
Mar  4 14:56:32 gate mpd: [L-1]   MRU 1500
Mar  4 14:56:32 gate mpd: [L-1]   MAGICNUM fb56b520
Mar  4 14:56:32 gate mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Mar  4 14:56:32 gate mpd: [L-1]   MP MRRU 2048
Mar  4 14:56:32 gate mpd: [L-1]   MP SHORTSEQ
Mar  4 14:56:32 gate mpd: [L-1]   ENDPOINTDISC [802.1] 00 30 48 d9 ac 20
Mar  4 14:56:34 gate mpd: [L-1] LCP: SendConfigReq #5
Mar  4 14:56:34 gate mpd: [L-1]   ACFCOMP
Mar  4 14:56:34 gate mpd: [L-1]   PROTOCOMP
Mar  4 14:56:34 gate mpd: [L-1]   MRU 1500
Mar  4 14:56:34 gate mpd: [L-1]   MAGICNUM fb56b520
Mar  4 14:56:34 gate mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Mar  4 14:56:34 gate mpd: [L-1]   MP MRRU 2048
Mar  4 14:56:34 gate mpd: [L-1]   MP SHORTSEQ
Mar  4 14:56:34 gate mpd: [L-1]   ENDPOINTDISC [802.1] 00 30 48 d9 ac 20
Mar  4 14:56:36 gate mpd: [L-1] LCP: SendConfigReq #6
Mar  4 14:56:36 gate mpd: [L-1]   ACFCOMP
Mar  4 14:56:36 gate mpd: [L-1]   PROTOCOMP
Mar  4 14:56:36 gate mpd: [L-1]   MRU 1500
Mar  4 14:56:36 gate mpd: [L-1]   MAGICNUM fb56b520
Mar  4 14:56:36 gate mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Mar  4 14:56:36 gate mpd: [L-1]   MP MRRU 2048
Mar  4 14:56:36 gate mpd: [L-1]   MP SHORTSEQ
Mar  4 14:56:36 gate mpd: [L-1]   ENDPOINTDISC [802.1] 00 30 48 d9 ac 20
Mar  4 14:56:38 gate mpd: [L-1] LCP: SendConfigReq #7
Mar  4 14:56:38 gate mpd: [L-1]   ACFCOMP
Mar  4 14:56:38 gate mpd: [L-1]   PROTOCOMP
Mar  4 14:56:38 gate mpd: [L-1]   MRU 1500
Mar  4 14:56:38 gate mpd: [L-1]   MAGICNUM fb56b520
Mar  4 14:56:38 gate mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Mar  4 14:56:38 gate mpd: [L-1]   MP MRRU 2048
Mar  4 14:56:38 gate mpd: [L-1]   MP SHORTSEQ
Mar  4 14:56:38 gate mpd: [L-1]   ENDPOINTDISC [802.1] 00 30 48 d9 ac 20
Mar  4 14:56:40 gate mpd: [L-1] LCP: SendConfigReq #8
Mar  4 14:56:40 gate mpd: [L-1]   ACFCOMP
Mar  4 14:56:40 gate mpd: [L-1]   PROTOCOMP
Mar  4 14:56:40 gate mpd: [L-1]   MRU 1500
Mar  4 14:56:40 gate mpd: [L-1]   MAGICNUM fb56b520
Mar  4 14:56:40 gate mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Mar  4 14:56:40 gate mpd: [L-1]   MP MRRU 2048
Mar  4 14:56:40 gate mpd: [L-1]   MP SHORTSEQ
Mar  4 14:56:40 gate mpd: [L-1]   ENDPOINTDISC [802.1] 00 30 48 d9 ac 20
Mar  4 14:56:42 gate mpd: [L-1] LCP: SendConfigReq #9
Mar  4 14:56:42 gate mpd: [L-1]   ACFCOMP
Mar  4 14:56:42 gate mpd: [L-1]   PROTOCOMP
Mar  4 14:56:42 gate mpd: [L-1]   MRU 1500
Mar  4 14:56:42 gate mpd: [L-1]   MAGICNUM fb56b520
Mar  4 14:56:42 gate mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Mar  4 14:56:42 gate mpd: [L-1]   MP MRRU 2048
Mar  4 14:56:42 gate mpd: [L-1]   MP SHORTSEQ
Mar  4 14:56:42 gate mpd: [L-1]   ENDPOINTDISC [802.1] 00 30 48 d9 ac 20
Mar  4 14:56:44 gate mpd: [L-1] LCP: SendConfigReq #10
Mar  4 14:56:44 gate mpd: [L-1]   ACFCOMP
Mar  4 14:56:44 gate mpd: [L-1]   PROTOCOMP
Mar  4 14:56:44 gate mpd: [L-1]   MRU 1500
Mar  4 14:56:44 gate mpd: [L-1]   MAGICNUM fb56b520
Mar  4 14:56:44 gate mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Mar  4 14:56:44 gate mpd: [L-1]   MP MRRU 2048
Mar  4 14:56:44 gate mpd: [L-1]   MP SHORTSEQ
Mar  4 14:56:44 gate mpd: [L-1]   ENDPOINTDISC [802.1] 00 30 48 d9 ac 20
Mar  4 14:56:46 gate mpd: [L-1] LCP: parameter negotiation failed
Mar  4 14:56:46 gate mpd: [L-1] LCP: state change Req-Sent --> Stopped
Mar  4 14:56:46 gate mpd: [L-1] LCP: LayerFinish
Mar  4 14:56:46 gate mpd: [L-1] PPTP call terminated
Mar  4 14:56:46 gate mpd: [L-1] Link: DOWN event
Mar  4 14:56:46 gate mpd: [L-1] LCP: Close event
Mar  4 14:56:46 gate mpd: [L-1] LCP: state change Stopped --> Closed
Mar  4 14:56:46 gate mpd: [L-1] LCP: Down event
Mar  4 14:56:46 gate mpd: [L-1] LCP: state change Closed --> Initial
Mar  4 14:56:46 gate mpd: [L-1] Link: SHUTDOWN event
Mar  4 14:56:46 gate mpd: [L-1] Link: Shutdown

I tested and this is mpd.log , windows error 619

Code:

 shema client --> router (with pppoe conection to ISP ) -> ISP -> Intrenet -> Frebsd MPD server

sniper007 · Mar 4, 2010

Do you using any firewall ?

devil_devil · Mar 4, 2010

Yes,

FreeBSD ip firewall rules:

Code:

00014 divert 8668 ip from any to any in via em0
00800 divert 8668 ip from any to any out via em0
65000 allow ip from any to any
65535 deny ip from any to any

and this is iptables rules before client:

Code:

 86532  7808851 MASQUERADE  all  --  *      *       192.168.9.0/24       0.0.0.0/0

any ideas ?

sniper007 · Mar 4, 2010

it looks like that the server is not responding to LCP config requests.

Perhaps GRE is blocked somewhere (Firewall)?

Try to temporary disable firewall and try again

devil_devil · Mar 4, 2010

Some Error, no change ...

devil_devil · Mar 4, 2010

What is your mpd.conf file sniper007

sniper007 · Mar 4, 2010

Code:

# Define dynamic IP address pool.
        set ippool add pool1 192.168.0.171 192.168.0.175

# Create clonable bundle template named B
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
        set ipcp ranges 192.168.0.1/32 ippool pool1
        set ipcp dns 0.0.0.0
#       set ipcp nbns 192.168.1.4
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

# Create clonable link template named L
        create link template L pptp
# Set bundle template to use
        set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
#       load radius
        set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
        set link mtu 1460
# Configure PPTP
        set pptp self [B]MY EXTERNAL IP ADDRESS HERE[/B]
# Allow to accept calls
        set link enable incoming

devil_devil · Mar 4, 2010

Ok

, and what is your command output

Code:

kldstat |grep ng_

btw 10x for your Help !

sniper007 · Mar 4, 2010

Code:

--$ kldstat | grep ng_
37    1 0xc39f4000 4000     ng_socket.ko
39    1 0xc3a0c000 4000     ng_mppc.ko
41    1 0xc3a12000 4000     ng_iface.ko
42    1 0xc3a20000 7000     ng_ppp.ko
43    1 0xc3a40000 3000     ng_tee.ko
44    1 0xc3a49000 4000     ng_ether.ko
45    1 0xc3a4d000 6000     ng_pppoe.ko
46    1 0xc3a63000 3000     ng_tcpmss.ko