par dotazu na VPN - mpd-5.1 pptp_client
Miroslav Lachman
000.fbsd at quip.cz
Tue Apr 15 15:58:15 CEST 2008
Dan Lukes wrote:
> Miroslav Lachman wrote:
[...]
>>[L1] LCP: state change Ack-Sent --> Opened
>>[L1] LCP: auth: peer wants CHAP, I want nothing
>>[L1] LCP: LayerUp
>>[L1] CHAP: rec'd CHALLENGE #1 len: 29
>>[L1] Name: "MikroTik"
>>[L1] CHAP: Using authname "MyLogin"
>>[L1] CHAP: sending RESPONSE #1 len: 60
>>[L1] CHAP: rec'd FAILURE #1 len: 79
>>[L1] MESG: E=691 R=0 C=8005258D6F3521B9817FF1FEF230D334 V=3 M=bad
>>username or password
>
>
> Tohle je, bohuzel, pomerne jednoznacne - obe strany se jasne dohodly na
> metode autentizace (CHAP), handshaking radne probehl (<-challenge;
> ->response; <-result) a vysledek rika, ze protistrana neni spokojena s
> heslem. To nema jine rozumne pravdepodobne vysvetleni nez to, ze
> autentizacni par neni platny.
>
> Spatne opsane heslo na tve nebo jejich(!) strane je s ohromnou prevahou
> nejpravdepodobnejsi vysvetleni.
Ty nejvetsi zahady maji vetsinou to nejjednodussi vysvetleni - ackoliv
jsem byl nekolikrat ujisten o spravnosti, samozrejme to bylo ve
skutecnosti jinak a celou dobu jsem mel uplne jiny login.
Aktualni funkcni konfigurace je nasledujici (kdyby se to nekomu do
budoucna hodilo)
---------- mpd.conf -----------
## mpd.conf for mpd-5.1
## PPTP VPN client connected to Mikrotik router
startup:
set console self 0.0.0.0 5005
set user admin somepass
set console open
default:
load pptp_client
pptp_client:
#
# PPTP client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle static B1
set iface route 192.168.0.0/24
set iface route 192.168.23.0/24
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
create link static L1 pptp
set link action bundle B1
set auth authname "MyLogin"
set auth password "MyPass"
set link max-redial 3
set link mtu 1460
set link keep-alive 20 75
set pptp peer 10.20.30.40
set pptp disable windowing
open
---------- mpd.conf -----------
Jeste bych k tomu mel pripadne jeden dotaz, pokud tu nekdo mate
zkusenosti s mpd - ted mam v systemu zarizeni ng0, pres ktere tahle VPN
pracuje:
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0
mtu 1456
inet 192.168.13.200 --> 192.168.13.254 netmask 0xffffffff
Nevite nekdo, jak v konfiguraci mpd5.1 zajistit, aby to zarizeni melo
vzdy stejne cislo a mohl jsem ho tedy s jistotou pouzit v pravidlech
firewallu PF?
Mirek
More information about the Users-l
mailing list