|
OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
Poptop pptpd
Hi all I'm having some issues with getting poptop to work and I think I have it narrowed down to proxyarp but am stuck now. The setup is I'm using OpenBSD 4.8 as a firewall/router/dns/dhcp/vpn system and am trying to connect via Windows XP built in vpn client to poptop 1.34 on my openbsd box. I can connect fine and ping the openbsd box but can't ping any of the other hosts on the remote network. I ran a tcpdump on the LAN interface of my OpenBSD box filtering on the host I am trying to ping and see it make an arp request for the MAC of the IP of my remote client tunnel address and never receive a response. If I manually add an entry to the arp table for the tunnel ip with a MAC of my OpenBSD box's LAN interface everything works.
Before anyone responds, I am well aware of the inherent limitations of PPTP and that it is not the most secure solution, but in MY situation it is an acceptable trade off to not have to install 3rd party VPN client software on the remote clients or manage a PKI. Does anyone have any ideas? Do I need to write ip-up and ip-down scripts to add the arp entries? The following are the contents of my configuration files. pptpd.conf Code:
option /etc/ppp/options noipparam remoteip xxx.xxx.xxx.201-210 pidfile /var/run/pptpd.pid options Code:
lock auth usehostname proxyarp +MSChap-V2 mppe-128 mppe-stateless ppp.conf Code:
loop: set timeout 0 set log phase chat connect lcp ipcp command set device localhost:pptp set dial set login set mppe * stateful # Server (local) IP address, Range for Clients, and Netmask # Use the same IP addresses you specified in /etc/pppd.conf : set ifaddr xxx.xxx.xxx.200 xxx.xxx.xxx.201-xxx.xxx.xxx.210 255.255.255.255 set server /tmp/loop "" 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: load loop # Disable unsecured auth disable pap disable chap enable mschapv2 disable deflate pred1 deny deflate pred1 disable ipv6 accept mppe enable proxy accept dns # DNS Servers to assign client # Use your own DNS server IP address : set dns xxx.xxx.xxx.1 # NetBIOS/WINS Servers to assign client # Use your own WINS server IP address : set nbns xxx.xxx.xxx.1 set device !/etc/ppp/secure |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
poptop - Radioamateur needs help plz | oe1ssu | OpenBSD Packages and Ports | 10 | 22nd October 2009 05:22 PM |
poptop on OpenBSD 4.3 | bartman | OpenBSD Packages and Ports | 15 | 22nd September 2008 11:18 PM |