Bug 37269

Summary: mpd-3.7 fails PPTP with working-with-3.2 config
Product: Ports & Packages Reporter: Brandon S Allbery KF8NH <allbery>
Component: Individual Port(s)Assignee: Archie Cobbs <archie>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Brandon S Allbery KF8NH 2002-04-20 05:30:01 UTC 
mpd 3.7 refuses connection to a Cisco VPN 3000 concentrator; this worked
with mpd 3.3, which I ran until recent kernel changes caused that to panic
in the netgraph code.  Specifically:

[vpn] LCP: phase shift AUTHENTICATE --> NETWORK^M
[vpn] up: 1 link, total bandwidth 64000 bps^M
[vpn] IPCP: Up event^M
[vpn] IPCP: state change Starting --> Req-Sent^M
[vpn] IPCP: SendConfigReq #1^M
 IPADDR 128.2.138.1^M
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid^M
[vpn] IPCP: rec'd Configure Request #0 link 0 (Req-Sent)^M
 IPADDR 128.2.128.10^M
   Same as PPTP IP; would cause routing loop^M
   NAKing with 128.2.128.10^M
[vpn] IPCP: SendConfigNak #0^M
 IPADDR 128.2.128.10^M
[vpn] IPCP: rec'd Configure Request #1 link 0 (Req-Sent)^M
 IPADDR 128.2.128.10^M
   Same as PPTP IP; would cause routing loop^M
   NAKing with 128.2.128.10^M
[vpn] IPCP: SendConfigNak #1^M
 IPADDR 128.2.128.10^M

(repeat until it gives up)

The VPN3000 works fine with Windows clients.

How-To-Repeat: 
mpd configuration files attached.  (naturally I cannot provide account
information to connect to our server.)  simply running /usr/local/sbin/mpd
results in the above failure.

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	mpd.conf
#	mpd.links
#
echo x - mpd.conf
sed 's/^X//' >mpd.conf << 'END-of-mpd.conf'
X#################################################################
X#
X#	MPD configuration file
X#
X# This file defines the configuration for mpd: what the
X# bundles are, what the links are in those bundles, how
X# the interface should be configured, various PPP parameters,
X# etc. It contains commands just as you would type them
X# in at the console. A blank line ends an entry. Lines
X# starting with a "#" are comments and get completely
X# ignored.
X#
X# $Id: mpd.conf.sample,v 1.6 2000/10/01 22:11:04 archie Exp $
X#
X#################################################################
X
X#
X# Default configuration is "myisp"
X
Xdefault:
X	load ecevpn
X
Xecevpn:
X	new -i ng1 vpn vpn
X	set iface disable on-demand
X	#set iface addrs 192.168.1.1 128.2.138.1
X	set iface idle 0
X	# routes for the zservers are now done in the ifup script
X	set iface up-script /usr/local/etc/mpd/mpd.ifup
X	set iface down-script /usr/local/etc/mpd/mpd.ifdown
X	set bundle disable multilink
X	set bundle authname "ECE\\allbery"
X	set link yes acfcomp protocomp
X	set link no pap
X	set link yes chap
X	set link enable no-orig-auth
X	set link keep-alive 10 75
X	set ipcp yes vjcomp
X	#set ipcp ranges 128.2.138.1/24 128.2.128.10/20
X	set ipcp ranges 128.2.138.1/0 128.2.128.10/0
X	open
END-of-mpd.conf
echo x - mpd.links
sed 's/^X//' >mpd.links << 'END-of-mpd.links'
Xvpn:
X        set link type pptp
X        set pptp peer 128.2.128.10
X        set pptp enable originate outcall
END-of-mpd.links
exit
Comment 1 Ying-Chieh Liao freebsd_committer freebsd_triage 2002-04-20 16:18:45 UTC 
Responsible Changed
From-To: freebsd-ports->archie

over to maintainer
Comment 2 Archie Cobbs freebsd_committer freebsd_triage 2002-05-06 20:04:05 UTC 
State Changed
From-To: open->closed

Upgrade to mpd-3.8; it no longer prevents you from negotiating 
equivalent internal and external IP addresses. You should also 
upgrade to 4.5-REL to avoid the kernel panic. But in any case, 
it won't work unless you first install a host route to the 
remote peer, so that the PPTP packets don't get routed back 
through the PPTP tunnel (which is the root of the problem).