par dotazu na VPN - mpd-5.1 pptp_client

Miroslav Lachman 000.fbsd at quip.cz
Tue Apr 15 15:58:15 CEST 2008 

Dan Lukes wrote:
> Miroslav Lachman wrote:

[...]

>>[L1] LCP: state change Ack-Sent --> Opened
>>[L1] LCP: auth: peer wants CHAP, I want nothing
>>[L1] LCP: LayerUp
>>[L1] CHAP: rec'd CHALLENGE #1 len: 29
>>[L1]   Name: "MikroTik"
>>[L1] CHAP: Using authname "MyLogin"
>>[L1] CHAP: sending RESPONSE #1 len: 60
>>[L1] CHAP: rec'd FAILURE #1 len: 79
>>[L1]   MESG: E=691 R=0 C=8005258D6F3521B9817FF1FEF230D334 V=3 M=bad 
>>username or password
> 
> 
> 	Tohle je, bohuzel, pomerne jednoznacne - obe strany se jasne dohodly na 
> metode autentizace (CHAP), handshaking radne probehl (<-challenge; 
> ->response; <-result) a vysledek rika, ze protistrana neni spokojena s 
> heslem. To nema jine rozumne pravdepodobne vysvetleni nez to, ze 
> autentizacni par neni platny.
> 
> 	Spatne opsane heslo na tve nebo jejich(!) strane je s ohromnou prevahou 
> nejpravdepodobnejsi vysvetleni.

Ty nejvetsi zahady maji vetsinou to nejjednodussi vysvetleni - ackoliv 
jsem byl nekolikrat ujisten o spravnosti, samozrejme to bylo ve 
skutecnosti jinak a celou dobu jsem mel uplne jiny login.

Aktualni funkcni konfigurace je nasledujici (kdyby se to nekomu do 
budoucna hodilo)

---------- mpd.conf -----------
## mpd.conf for mpd-5.1
## PPTP VPN client connected to Mikrotik router
startup:
	set console self 0.0.0.0 5005
	set user admin somepass
	set console open

default:
	load pptp_client

pptp_client:
#
# PPTP client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
	create bundle static B1
	set iface route 192.168.0.0/24
	set iface route 192.168.23.0/24
	set ipcp ranges 0.0.0.0/0 0.0.0.0/0
# (MPPE) using the ng_mppc(8) netgraph node type.
	set bundle enable compression
	set ccp yes mppc
	set mppc yes e40
	set mppc yes e128
	set mppc yes stateless

	create link static L1 pptp
	set link action bundle B1
	set auth authname "MyLogin"
	set auth password "MyPass"
	set link max-redial 3
	set link mtu 1460
	set link keep-alive 20 75
	set pptp peer 10.20.30.40
	set pptp disable windowing
	open
---------- mpd.conf -----------

Jeste bych k tomu mel pripadne jeden dotaz, pokud tu nekdo mate 
zkusenosti s mpd - ted mam v systemu zarizeni ng0, pres ktere tahle VPN 
pracuje:
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 
mtu 1456
         inet 192.168.13.200 --> 192.168.13.254 netmask 0xffffffff

Nevite nekdo, jak v konfiguraci mpd5.1 zajistit, aby to zarizeni melo 
vzdy stejne cislo a mohl jsem ho tedy s jistotou pouzit v pravidlech 
firewallu PF?

Mirek

More information about the Users-l mailing list