mpd PPTP to Cisco 3000 VPN Concentrator routing problem

Chris Jones cjones at gruntle.org
Thu Jan 8 00:34:32 PST 2004 

Oh. :(  I thought it negotiated the encryption ok because I see this:

[ciscovpn] CCP: LayerUp
  Compress using: MPPE, 128 bit, stateless
  Decompress using: MPPE, 128 bit, stateless

And capturing on the interface, I see echo req's coming in from the
concentrator, but I encounter a routing loop when I try to send across
the tunnel.

Disabling encryption isn't an option, even for testing, I'm afraid.


Original message from Joe Marcus Clarke:

> On Thu, 2004-01-08 at 02:49, Chris Jones wrote:
> > Hi.  I've gone over list archives and seen this issue discussed before,
> > but the sugggested solutions aren't working for me.  I am using
> > mpd-3.15_1 on FreeBSD 4.9-STABLE to connect to a Cisco 3000 Series VPN
> > Concentrator.  I have negotiated CHAP and MPPE and the ng0 interface
> > comes up, but when I try to do anything I get this:
> > 
> > $ ping 10.10.58.7 
> > PING 10.10.58.7 (10.10.58.7): 56 data bytes       
> > ping: sendto: Resource deadlock avoided           
> > ping: sendto: No buffer space available           
> > 
> > A little investigation showed that this is a known routing issue and
> > that it is possible to work around by re-addressing the ng0 interface
> > with the VPN concentrator's private IP and set a default route to it.  I
> > did this, but I still have the same problem.  :(
> > 
> > Does anyone see what I am doing wrong here?  Below are my routing table
> > and ifconfig before running mpd, after running mpd, and after running
> > the "fix".  Below that is my mpd.conf and its output (verbose).
> > 
> > I appreciate any help on this, I've been going crazy trying to figure
> > out what I'm doing wrong.  I can get it to work using the OSX PPTP
> > client, but not mpd.
> 
> Good luck.  I have tried to get this working, but have never been able
> to get mpd encryption to work with the Concentrator's encryption
> (neither has anyone else to my knowledge).  If you disable encryption on
> the concentrator, the tunnel will come up, and you will be able to pass
> traffic across it.  Any other combination does not work.  I haven't
> tried 3.16 yet, but looking at the ChangeLog, I doubt it addresses this
> problem.
> 
> Joe
> 
> -- 
> PGP Key : http://www.marcuscom.com/pgp.asc



-- 
Chris

More information about the freebsd-questions mailing list