VPN by mpd5 from VPS

Vovas

Member

Reaction score: 2
Messages: 57

Hi folks!
I've installed mpd5 on VPS with FreeBSD 12 box.
ifconfig
Bash:
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 52:54:00:c9:7e:b4
        inet 21.22.11.14 netmask 0xffffff00 broadcast 212.224.112.255
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
cat /usr/local/etc/mpd5/mpd.conf
Bash:
startup:
        set user foo bar admin
        set user foo1 bar1
        set console self 127.0.0.1 5005
        set console open
        set web self 127.0.0.1 5006
        set web open
default:
        load pptp_server
pptp_server:
        set ippool add pool1 192.168.1.50 192.168.1.99
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
        set ipcp ranges 192.168.1.1/32 ippool pool1
        set ipcp dns 192.168.1.1
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless
        create link template L pptp
        set link action bundle B
        #set link accept chap-msv2
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
        set link keep-alive 10 60
        set link mtu 1460
        set pptp self 21.22.11.14
        set link enable incoming
Tryed to connect several time, but no success.
% tail -f /var/log/mpd.log
Bash:
Sep 11 23:05:14 proxy mpd[909]: [L-1] Accepting PPTP connection
Sep 11 23:05:14 proxy mpd[909]: [L-1] Link: OPEN event
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: Open event
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: state change Initial --> Starting
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: LayerStart
Sep 11 23:05:14 proxy mpd[909]: [L-1] PPTP: attaching to peer's outgoing call
Sep 11 23:05:14 proxy mpd[909]: [L-1] Link: UP event
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: Up event
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: state change Starting --> Req-Sent
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: SendConfigReq #1
Sep 11 23:05:14 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:14 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:14 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:14 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:14 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:14 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:14 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:14 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:16 proxy mpd[909]: [L-1] LCP: SendConfigReq #2
Sep 11 23:05:16 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:16 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:16 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:16 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:16 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:16 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:16 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:16 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:18 proxy mpd[909]: [L-1] LCP: SendConfigReq #3
Sep 11 23:05:18 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:18 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:18 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:18 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:18 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:18 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:18 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:18 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:20 proxy mpd[909]: [L-1] LCP: SendConfigReq #4
Sep 11 23:05:20 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:20 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:20 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:20 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:20 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:20 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:20 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:20 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:22 proxy mpd[909]: [L-1] LCP: SendConfigReq #5
Sep 11 23:05:22 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:22 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:22 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:22 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:22 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:22 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:22 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:22 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:24 proxy mpd[909]: [L-1] LCP: SendConfigReq #6
Sep 11 23:05:24 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:24 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:24 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:24 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:24 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:24 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:24 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:24 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:26 proxy mpd[909]: [L-1] LCP: SendConfigReq #7
Sep 11 23:05:26 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:26 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:26 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:26 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:26 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:26 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:26 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:26 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:28 proxy mpd[909]: [L-1] LCP: SendConfigReq #8
Sep 11 23:05:28 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:28 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:28 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:28 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:28 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:28 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:28 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:28 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:30 proxy mpd[909]: [L-1] LCP: SendConfigReq #9
Sep 11 23:05:30 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:30 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:30 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:30 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:30 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:30 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:30 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:30 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:32 proxy mpd[909]: [L-1] LCP: SendConfigReq #10
Sep 11 23:05:32 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:32 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:32 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:32 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:32 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:32 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:32 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:32 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: parameter negotiation failed
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: state change Req-Sent --> Stopped
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: LayerFinish
Sep 11 23:05:34 proxy mpd[909]: [L-1] PPTP call terminated
Sep 11 23:05:34 proxy mpd[909]: [L-1] Link: DOWN event
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: Close event
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: state change Stopped --> Closed
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: Down event
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: state change Closed --> Initial
Sep 11 23:05:34 proxy mpd[909]: [L-1] Link: SHUTDOWN event
Sep 11 23:05:34 proxy mpd[909]: [L-1] Link: Shutdown
What's wrong?
 

Lamia

Well-Known Member

Reaction score: 52
Messages: 326

Are aware that OpenVPN Is strongly advised over MPD5? I spent days on it last week. I could telnet into it but no access to Internet. I dropped it owing to that recommendation.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,771
Messages: 30,912

Keep in mind that PPTP isn't encrypted. So it may not be the best option for a VPN connection. OpenVPN is encrypted and relatively easy to set up. More complex way is to use IPSec with security/strongswan. That's definitely trickier to set up, especially if you've never set up an IPSec tunnel before.

Code:
root@maelcum:~ # swanctl --list-conn
gw-gw: IKEv2, no reauthentication, rekeying every 14400s
  local:  A.A.A.A
  remote: B.B.B.B
  local pre-shared key authentication:
    id: home.example.com
  remote pre-shared key authentication:
    id: server.example.com
  net-net: TUNNEL, rekeying every 3600s
    local:  192.168.10.0/24 192.168.11.0/24
    remote: 192.168.21.0/24
 
OP
OP
Vovas

Vovas

Member

Reaction score: 2
Messages: 57

That's definitely trickier to set up, especially if you've never set up an IPSec tunnel before.
Thanks for answer. But how can I config it? I want to connect from Windows 10 box to VPN server. I don't need connect two networks.
On FreeBSD machine I have only one network interface vtnet0 and only one ip address. It's located at another contry.
My scheme: Home PC--->FreeBSD VPN---->Internet
 

xtaz

Well-Known Member

Reaction score: 114
Messages: 418

I thought PPTP was encrypted? But that the encryption and authentication is so weak that it can be cracked in minutes these days. Definitely not recommended either way.

Personally I use net/wireguard https://www.wireguard.com/ which is far easier to configure than OpenVPN and works wonderfully for me on FreeBSD, Windows 10, and my iPhone.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,771
Messages: 30,912

I thought PPTP was encrypted?
Nope.
The PPTP specification does not describe encryption or authentication features and relies on the Point-to-Point Protocol being tunneled to implement any and all security functionalities.

The PPTP implementation that ships with the Microsoft Windows product families implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack.
 

obsigna

Aspiring Daemon

Reaction score: 575
Messages: 967

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,771
Messages: 30,912

he wants to connect using Windows 10 and this PPTP-VPN would be encrypted.
To be honest I'm not so sure about that. It might be true for Windows to Windows (since both sides would use the Microsoft implementation) but this may not be the case for Windows to mpd. Mpd does support a few of the Microsoft authentication schemes but this has nothing to do with encryption.

Reading the documentation (it's been a really long time since I last used mpd) there is some encryption. It's off by default and the available encryption is rather poor and quite CPU hungry.

 

obsigna

Aspiring Daemon

Reaction score: 575
Messages: 967

Hi folks!
I've installed mpd5 on VPS with FreeBSD 12 box.
ifconfig
Bash:
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 52:54:00:c9:7e:b4
        inet 21.22.11.14 netmask 0xffffff00 broadcast 212.224.112.255
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
cat /usr/local/etc/mpd5/mpd.conf
Bash:
startup:
        set user foo bar admin
        set user foo1 bar1
        set console self 127.0.0.1 5005
        set console open
        set web self 127.0.0.1 5006
        set web open
default:
        load pptp_server
pptp_server:
        set ippool add pool1 192.168.1.50 192.168.1.99
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
        set ipcp ranges 192.168.1.1/32 ippool pool1
        set ipcp dns 192.168.1.1
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless
        create link template L pptp
        set link action bundle B
        #set link accept chap-msv2
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
        set link keep-alive 10 60
        set link mtu 1460
        set pptp self 21.22.11.14
        set link enable incoming
Tryed to connect several time, but no success.
% tail -f /var/log/mpd.log
Bash:
Sep 11 23:05:14 proxy mpd[909]: [L-1] Accepting PPTP connection
Sep 11 23:05:14 proxy mpd[909]: [L-1] Link: OPEN event
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: Open event
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: state change Initial --> Starting
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: LayerStart
Sep 11 23:05:14 proxy mpd[909]: [L-1] PPTP: attaching to peer's outgoing call
Sep 11 23:05:14 proxy mpd[909]: [L-1] Link: UP event
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: Up event
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: state change Starting --> Req-Sent
Sep 11 23:05:14 proxy mpd[909]: [L-1] LCP: SendConfigReq #1
Sep 11 23:05:14 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:14 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:14 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:14 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:14 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:14 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:14 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:14 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:16 proxy mpd[909]: [L-1] LCP: SendConfigReq #2
Sep 11 23:05:16 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:16 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:16 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:16 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:16 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:16 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:16 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:16 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:18 proxy mpd[909]: [L-1] LCP: SendConfigReq #3
Sep 11 23:05:18 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:18 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:18 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:18 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:18 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:18 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:18 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:18 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:20 proxy mpd[909]: [L-1] LCP: SendConfigReq #4
Sep 11 23:05:20 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:20 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:20 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:20 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:20 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:20 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:20 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:20 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:22 proxy mpd[909]: [L-1] LCP: SendConfigReq #5
Sep 11 23:05:22 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:22 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:22 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:22 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:22 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:22 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:22 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:22 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:24 proxy mpd[909]: [L-1] LCP: SendConfigReq #6
Sep 11 23:05:24 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:24 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:24 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:24 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:24 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:24 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:24 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:24 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:26 proxy mpd[909]: [L-1] LCP: SendConfigReq #7
Sep 11 23:05:26 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:26 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:26 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:26 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:26 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:26 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:26 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:26 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:28 proxy mpd[909]: [L-1] LCP: SendConfigReq #8
Sep 11 23:05:28 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:28 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:28 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:28 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:28 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:28 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:28 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:28 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:30 proxy mpd[909]: [L-1] LCP: SendConfigReq #9
Sep 11 23:05:30 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:30 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:30 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:30 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:30 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:30 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:30 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:30 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:32 proxy mpd[909]: [L-1] LCP: SendConfigReq #10
Sep 11 23:05:32 proxy mpd[909]: [L-1]   ACFCOMP
Sep 11 23:05:32 proxy mpd[909]: [L-1]   PROTOCOMP
Sep 11 23:05:32 proxy mpd[909]: [L-1]   MRU 1500
Sep 11 23:05:32 proxy mpd[909]: [L-1]   MAGICNUM 0xcbf3eea2
Sep 11 23:05:32 proxy mpd[909]: [L-1]   AUTHPROTO CHAP MSOFTv2
Sep 11 23:05:32 proxy mpd[909]: [L-1]   MP MRRU 2048
Sep 11 23:05:32 proxy mpd[909]: [L-1]   MP SHORTSEQ
Sep 11 23:05:32 proxy mpd[909]: [L-1]   ENDPOINTDISC [802.1] 52 54 00 c9 7e b4
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: parameter negotiation failed
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: state change Req-Sent --> Stopped
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: LayerFinish
Sep 11 23:05:34 proxy mpd[909]: [L-1] PPTP call terminated
Sep 11 23:05:34 proxy mpd[909]: [L-1] Link: DOWN event
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: Close event
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: state change Stopped --> Closed
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: Down event
Sep 11 23:05:34 proxy mpd[909]: [L-1] LCP: state change Closed --> Initial
Sep 11 23:05:34 proxy mpd[909]: [L-1] Link: SHUTDOWN event
Sep 11 23:05:34 proxy mpd[909]: [L-1] Link: Shutdown
What's wrong?
I am a bit rusty with PPTP, because I stopped using it more than 5 years ago in favour of L2TP/IPsec provided by the combo of net/mpd5 and security/strongswan because of the various security flaws of PPTP which were revealed at that time.
Anyway, I remember vaguely that I needed on the server a valid end point which matches the ipcp ranges ranges and its ippool. I have running a few L2TP/IPsec VPN service on AWS EC2 instances and here, I usually create the required local IP range for VPN by aliasing it to the virtual network adapter. In your case, you want to try to add the following to your /etc/rc.conf:
ifconfig_vtnet0_alias0="inet 192.168.1.1 netmask 255.255.255.0"

Also it is very important that this IP range is different from the local IP range of the VPN client.

Finally, check your firewall rules, if any. The firewall must not block the GRE network protocol.
 

obsigna

Aspiring Daemon

Reaction score: 575
Messages: 967

To be honest I'm not so sure about that. It might be true for Windows to Windows (since both sides would use the Microsoft implementation) but this may not be the case for Windows to mpd. Mpd does support a few of the Microsoft authentication schemes but this has nothing to do with encryption.

Reading the documentation (it's been a really long time since I last used mpd) there is some encryption. It's off by default and the available encryption is rather poor and quite CPU hungry.

This is handled by the mpd5 settings for the encryption, and the OP got this part straight:
Code:
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless
Mpd implements Microsoft Point-to-point compression (MPPC) CCP subprotol. To enable it, 'mppc' option should be enabled at the CCP layer.

MPPC CCP subprotocol consists of MPPC compression and MPPE encryption parts. To make MPPC CCP actually do something you should enable some of them using options below.



set mppc accept option ...set mppc deny option ...set mppc enable option ...set mppc disable option ...set mppc yes option ...set mppc no option ...
These commands configure various MPPC options.

compress
Enables MPPC compression. This is the only compression method supported by Microsoft Windows RAS.

Note: This option requires ng_mppc node to be built with compression support, which is disabled by default, requiring external compressor code. Open-source implementation of this code, based on RFC2118, could be found at http://mavhome.dp.ua/MPPC/. But MPPC compression algorithm itself covered by US patent, so you may need to contact Hi/Fn Inc. to obtain their proprietary implementation. If kernel support is not detected, compression will not be negotiated. Use 'show version' command to get actual status.

The default is disable.

e40
Enables 40-bit MPPE encryption.

The default is disable.

e56
Enables 56-bit MPPE encryption.

The default is disable.

e128
Enables 128-bit MPPE encryption.

Note: in order for MPPE encryption to work, MS-CHAPv1 or MS-CHAPv2 auth is mandatory, because the MPPE keys are generated using the authentication results. If MS-CHAP auth is not used by link, encryption will not be negotiated.

The default is disable.

stateless
Enables stateless mode. This mode requires more CPU time and is somewhat less secure, but allows faster recovery in the face of lost packets.

The default is disable.

policy
If enabled, Mpd uses the MPPE-Types and MPPE-Policy info from the authentication backend.

The default is disable.
 
Top