# Poptop / iphone problem



## NuLL3rr0r (Apr 11, 2011)

Hi Folks,

I setup my PPTP VPN Server on FreeBSD using the configuration on this thread:

```
http://forums.freebsd.org/showthread.php?t=15313
```

For the first time, I tried connecting to my server from an iPod Touch.
But it refuses to connect. When I saw the logs, I got:

```
$ tail -f /var/log/messages

Apr 11 17:19:58 t5r9 kernel: tun1: link state changed to UP
Apr 11 17:20:05 t5r9 pptpd[26231]: CTRL: EOF or bad error reading ctrl packet length.
Apr 11 17:20:05 t5r9 pptpd[26231]: CTRL: couldn't read packet header (exit)
Apr 11 17:20:05 t5r9 pptpd[26231]: CTRL: CTRL read failed
Apr 11 17:20:05 t5r9 ppp[26232]: tun1: Warning: 192.168.1.230: Cannot determine ethernet address for proxy ARP
Apr 11 17:20:05 t5r9 kernel: tun1: link state changed to DOWN
```


Then I found this http://poptop.sourceforge.net/dox/qna.html:

```
Cannot determine ethernet address for proxy ARP

This is due to an issue with the pppd program, which attempts to find a hardware interface on 
the subnet to which the pppd client has been assigned. In this case its looking for a hardware 
interface on the 192.168.5.0 subnet. It will fail to find one, and will drop the proxyarp 
request.

The simplest way around this problem, and the one that is suggested in the pppd documentation, 
is to set the pppd client IP assignment to be on the local subnet. An example in this case might 
be 192.168.56.129. However, it may not be possible to do that. In the case of a fully loaded 
subnet, there may not be any addresses to spare. Or there may be some security issues with 
giving out local subnet addresses. What to do?

The place to look is in the arp table. If you run tcpdump on host (192.168.56.12) during the 
time when client is pinging, you will see unanswered arp requests from host attempting to find 
the hardware address for 192.168.5.12. You need to proxy the hardware address of the pptp_srvr 
for client in order for this request to be fulfilled. This is the job of proxyarp. However, 
proxyarp has let us down in this instance, and we need to find a workaround.

This can be done manually using the arp command on pptp_srvr. For example, if the ethernet card 
on pptp_srvr is eth0, you could force the arp to proxy the client pptp address by saying


	arp --use-device --set 192.168.5.12 eth0 pub
You should now be able to ping from client to host through the pptp connection.

This can be a problem, however, in a dynamic environment when clients are logging into and out 
of the pptp server on a continuous basis. One way around this problem is to write a script that 
will execute upon the initiation of each ppp connection.

The place to do this is in /etc/ppp/ip-up. This script is executed each time a new ppp 
connection is started. It gets some variables passed into it, one of which is the assigned IP 
address of the client. Note that Red Hat systems use ip-up.local as the place for you to make 
the script. Don't forget to chmod +x !

#!/bin/sh

REMOTE_IP_ADDRESS=$5

date > /var/run/ppp-${REMOTE_IP_ADDRESS}.up
arp --use-device --set $REMOTE_IP_ADDRESS eth0 pub >> /var/run/ppp-${REMOTE_IP_ADDRESS}.up

exit 0
This should put you in business for accessing the remote subnet under this scenario. A 
corresponding ip-down.local script, that will remove the arp proxy when client disconnected, 
looks as follows:

#!/bin/sh

REMOTE_IP_ADDRESS=$5

arp --delete $REMOTE_IP_ADDRESS --device eth0 pub
rm -f /var/run/ppp-${REMOTE_IP_ADDRESS}.up

exit 0
```

As it suggests I created /etc/ppp/ip-up and /etc/ppp/ip-down. Even /etc/ppp/ip-down.local and /etc/ppp/ip-up.local. But there is no luck.


----------



## Zare (Apr 11, 2011)

Tail a bit more, that's just the dying breath.


----------



## NuLL3rr0r (Apr 12, 2011)

Tnx for reply.


/var/log/messages

```
Apr 12 10:22:35 t5r9 kernel: tun0: link state changed to UP
Apr 12 10:22:37 t5r9 pptpd[30437]: CTRL: EOF or bad error reading ctrl packet length.
Apr 12 10:22:37 t5r9 pptpd[30437]: CTRL: couldn't read packet header (exit)
Apr 12 10:22:37 t5r9 pptpd[30437]: CTRL: CTRL read failed
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Warning: 192.168.1.225: Cannot determine ethernet address for proxy ARP
Apr 12 10:22:37 t5r9 kernel: tun0: link state changed to DOWN
```

/var/log/ppp.log Part 1

```
Apr 12 10:22:35 t5r9 ppp[30438]: Phase: Using interface: tun0
Apr 12 10:22:35 t5r9 ppp[30438]: Phase: deflink: Created in closed state
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: default: ident user-ppp VERSION
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: default: set device /dev/cuau1
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: default: set speed 115200
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: default: set dial ABORT BUSY ABORT NO\sCARRIER TIMEOUT 5            
"" AT OK-AT-OK ATE1Q0 OK \dATDT\T TIMEOUT 40 CONNECT
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: default: set timeout 180
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: default: enable dns
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: set escape 0xff
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: set device localhost:pptp
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: set dial
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: set timeout 0
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: set log Phase Chat Connect hdlc LCP IPCP IPV6CP CCP tun command
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: set ifaddr 192.168.1.1 192.168.1.210-192.168.1.238 255.255.255.255
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: IPCP: Selected IP address 192.168.1.225
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: set mppe 128 stateful
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: enable MSCHAPv2
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: disable deflate pred1
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: deny deflate pred1
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: enable proxyall
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: accept dns
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Command: pptp: set dns 8.8.4.4 8.8.8.8
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Phase: PPP Started (direct mode).
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Phase: bundle: Establish
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Phase: deflink: closed -> opening
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Phase: deflink: Connected!
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Phase: deflink: opening -> carrier
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: Phase: deflink: carrier -> lcp
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: LCP: FSM: Using "deflink" as a transport
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: LCP: deflink: State change Initial --> Closed
Apr 12 10:22:35 t5r9 ppp[30438]: tun0: LCP: deflink: State change Closed --> Stopped
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP: deflink: LayerStart
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP: deflink: SendConfigReq(1) state = Stopped
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  ACFCOMP[2]
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  PROTOCOMP[2]
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  ACCMAP[6] 0x00000000
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  MRU[4] 1500
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  MAGICNUM[6] 0x450f83dd
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC: hdlc_Output
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  ff 03 c0 21 01 01 00 1d 08 02 07 02 02 06 00 00  ...!............
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  00 00 01 04 05 dc 05 06 45 0f 83 dd 03 05 c2 23  ........E......#
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  81 d9 20                                         .. 
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP: deflink: State change Stopped --> Req-Sent
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC: hdlc_LayerPull:
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  ff 03 c0 21 01 01 00 14 02 06 00 00 00 00 05 06  ...!............
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  6d 7e e3 2b 07 02 08 02 8d 46                    m~.+.....F
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP: deflink: RecvConfigReq(1) state = Req-Sent
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  ACCMAP[6] 0x00000000
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  MAGICNUM[6] 0x6d7ee32b
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  PROTOCOMP[2]
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  ACFCOMP[2]
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP: deflink: SendConfigAck(1) state = Req-Sent
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  ACCMAP[6] 0x00000000
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  MAGICNUM[6] 0x6d7ee32b
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  PROTOCOMP[2]
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  ACFCOMP[2]
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC: hdlc_Output
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  ff 03 c0 21 02 01 00 14 02 06 00 00 00 00 05 06  ...!............
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  6d 7e e3 2b 07 02 08 02 66 2f                    m~.+....f/
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP: deflink: State change Req-Sent --> Ack-Sent
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC: hdlc_LayerPull:
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  ff 03 c0 21 02 01 00 1d 08 02 07 02 02 06 00 00  ...!............
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  00 00 01 04 05 dc 05 06 45 0f 83 dd 03 05 c2 23  ........E......#
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  81 9b 23                                         ..#
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP: deflink: RecvConfigAck(1) state = Ack-Sent
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  ACFCOMP[2]
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  PROTOCOMP[2]
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  ACCMAP[6] 0x00000000
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  MRU[4] 1500
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  MAGICNUM[6] 0x450f83dd
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP: deflink: State change Ack-Sent --> Opened
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP: deflink: LayerUp
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP: deflink: SendIdent(0) state = Opened
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC: hdlc_Output
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  ff 03 c0 21 0c 00 00 16 45 0f 83 dd 75 73 65 72  ...!....E...user
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  2d 70 70 70 20 33 2e 34 2e 32 cd fc              -ppp 3.4.2..
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  MAGICNUM 450f83dd
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: LCP:  TEXT user-ppp 3.4.2
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: Phase: bundle: Authenticate
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: Phase: deflink: his = none, mine = CHAP 0x81
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: Phase: Chap Output: CHALLENGE
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC: hdlc_Output
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  c2 23 01 01 00 15 10 00 00 00 00 00 00 00 00 00  .#..............
Apr 12 10:22:36 t5r9 ppp[30438]: tun0: HDLC:  00 00 00 00 00 00 00 e5 52                       ........R
```


----------



## NuLL3rr0r (Apr 12, 2011)

/var/log/ppp.log Part 2

```
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC: hdlc_LayerPull:
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  ff 03 c0 21 09 00 00 08 6d 7e e3 2b 33 b0        ...!....m~.+3.
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: LCP: deflink: RecvEchoRequest(0) state = Opened
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: LCP: deflink: SendEchoReply(0) state = Opened
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC: hdlc_Output
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  ff 03 c0 21 0a 00 00 08 45 0f 83 dd 80 7d        ...!....E....}
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC: hdlc_LayerPull:
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  ff 03 c0 21 07 02 00 1a 0c 00 00 16 45 0f 83 dd  ...!........E...
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  75 73 65 72 2d 70 70 70 20 33 2e 34 2e 32 27 e8  user-ppp 3.4.2'.
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: LCP: deflink: RecvCodeRej(2) state = Opened
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC: hdlc_LayerPull:
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  c2 23 02 01 00 3c 31 c3 f2 a7 1a d7 9f 07 22 aa  .#...<1.......".
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  6f bc ec 38 bd 6a c6 00 00 00 00 00 00 00 00 98  o..8.j..........
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  ba 17 54 0a 6b 64 89 62 b4 c7 76 61 f3 8e cb db  ..T.kd.b..va....
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  5a a5 63 8d 5a b5 68 00 62 73 64 36 37 37 f7 d5  Z.c.Z.h.bsd677..
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: Chap Input: RESPONSE (49 bytes from bsd677)
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: Chap Output: SUCCESS
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC: hdlc_Output
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  c2 23 03 01 00 2e 53 3d 34 46 36 42 36 45 41 37  .#....S=4F6B6EA7
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  36 36 45 39 42 33 41 39 43 41 39 36 45 33 32 46  66E9B3A9CA96E32F
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  45 31 36 35 33 43 31 36 36 30 31 35 42 39 44 32  E1653C166015B9D2
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  5d b4                                            ].
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: CCP: FSM: Using "deflink" as a transport
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: CCP: deflink: State change Initial --> Closed
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: CCP: deflink: LayerStart.
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: CCP: deflink: SendConfigReq(1) state = Closed
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: CCP:  MPPE[6] value 0x00000040 (128 bits, stateful)
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC: hdlc_Output
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  80 fd 01 01 00 0a 12 06 00 00 00 40 56 0e        ...........@V.
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: CCP: deflink: State change Closed --> Req-Sent
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: deflink: lcp -> open
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: bundle: Network
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP: FSM: Using "deflink" as a transport
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP: deflink: State change Initial --> Closed
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP: deflink: LayerStart.
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP: deflink: SendConfigReq(1) state = Closed
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP:  IPADDR[6] 192.168.1.1
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP:  COMPPROTO[6] 16 VJ slots with slot compression
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP:  PRIDNS[6] 8.8.4.4
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP:  SECDNS[6] 8.8.8.8
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC: hdlc_Output
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  80 21 01 01 00 1c 03 06 c0 a8 01 01 02 06 00 2d  .!.............-
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  0f 01 81 06 08 08 04 04 83 06 08 08 08 08 e0 6d  ...............m
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP: deflink: State change Closed --> Req-Sent
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP: FSM: Using "deflink" as a transport
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP: deflink: State change Initial --> Closed
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP: deflink: LayerStart.
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP: deflink: SendConfigReq(1) state = Closed
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP:  IFACEID[10] 0x02163efffe350a48
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC: hdlc_Output
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  80 57 01 01 00 0e 01 0a 02 16 3e ff fe 35 0a 48  .W........>..5.H
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  a5 00                                            ..
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP: deflink: State change Closed --> Req-Sent
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: deflink: read (0): Got zero bytes
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: CCP: deflink: State change Req-Sent --> Starting
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: CCP: deflink: LayerFinish.
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: LCP: deflink: Closing due to CCP completion
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: LCP: deflink: LayerDown
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: LCP: deflink: SendTerminateReq(2) state = Opened
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC: hdlc_Output
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: HDLC:  ff 03 c0 21 05 02 00 04 59 28                    ...!....Y(
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: LCP: deflink: State change Opened --> Closing
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: CCP: deflink: LayerFinish.
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: CCP: deflink: State change Starting --> Initial
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: deflink: open -> lcp
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP: deflink: State change Req-Sent --> Starting
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP: deflink: LayerFinish.
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP: Connect time: 0 secs: 0 octets in, 0 octets out
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP: 0 packets in, 0 packets out
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP:  total 0 bytes/sec, peak 0 bytes/sec on Tue Apr 12 10:22:37 2011
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPCP: deflink: State change Starting --> Initial
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP: deflink: State change Req-Sent --> Starting
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP: deflink: LayerFinish.
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP: Connect time: 0 secs: 0 octets in, 0 octets out
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP: 0 packets in, 0 packets out
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP:  total 0 bytes/sec, peak 0 bytes/sec on Tue Apr 12 10:22:37 2011
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: IPV6CP: deflink: State change Starting --> Initial
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: bundle: Terminate
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: CCP: deflink: State change Initial --> Initial
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: LCP: deflink: LayerFinish
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: LCP: deflink: State change Closing --> Initial
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: deflink: Disconnected!
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: deflink: Connect time: 2 secs: 254 octets in, 337 octets out
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: deflink: 4 packets in, 10 packets out
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase:  total 295 bytes/sec, peak 190 bytes/sec on Tue Apr 12 10:22:37 2011
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: deflink: lcp -> closed
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: bundle: Dead
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Phase: PPP Terminated (normal).
Apr 12 10:22:37 t5r9 ppp[30438]: tun0: Warning: 192.168.1.225: Cannot determine ethernet address for proxy ARP
```


----------



## sanjay (Apr 27, 2011)

I am also having same issue



```
Apr 27 12:17:30 server ppp[70064]: Phase: Using interface: tun0
Apr 27 12:17:30 server ppp[70064]: Phase: deflink: Created in closed state
Apr 27 12:17:30 server ppp[70064]: Command: loop: set device localhost:pptp
Apr 27 12:17:30 server ppp[70064]: Command: loop: set dial
Apr 27 12:17:30 server ppp[70064]: Command: loop: set login
Apr 27 12:17:30 server ppp[70064]: Command: loop: set ifaddr 192.168.50.1 192.168.50.201-192.168.50.205 255.255.255.0
Apr 27 12:17:30 server ppp[70064]: IPCP: Selected IP address 192.168.50.201
Apr 27 12:17:30 server ppp[70064]: Command: loop: add default HISADDR
Apr 27 12:17:30 server ppp[70064]: Warning: Add route failed: 0.0.0.0/0 already exists
Apr 27 12:17:30 server ppp[70064]: Command: loop: set server /tmp/loop ******** 0177
Apr 27 12:17:30 server ppp[70064]: Phase: Listening at local socket /tmp/loop.
Apr 27 12:17:30 server ppp[70064]: Command: pptp: disable pap
Apr 27 12:17:30 server ppp[70064]: Command: pptp: enable passwdauth
Apr 27 12:17:30 server ppp[70064]: Command: pptp: disable ipv6cp
Apr 27 12:17:30 server ppp[70064]: Command: pptp: enable proxy
Apr 27 12:17:30 server ppp[70064]: Command: pptp: accept dns
Apr 27 12:17:30 server ppp[70064]: Command: pptp: enable MSChapV2
Apr 27 12:17:30 server ppp[70064]: Command: pptp: enable mppe
Apr 27 12:17:30 server ppp[70064]: Command: pptp: disable deflate pred1
Apr 27 12:17:30 server ppp[70064]: Command: pptp: deny deflate pred1
Apr 27 12:17:30 server ppp[70064]: Command: pptp: set dns 8.8.8.8
Apr 27 12:17:30 server ppp[70064]: Command: pptp: set device !/etc/ppp/secure
Apr 27 12:17:30 server ppp[70064]: Phase: PPP Started (direct mode).
Apr 27 12:17:30 server ppp[70064]: Phase: bundle: Establish
Apr 27 12:17:30 server ppp[70064]: Phase: deflink: closed -> opening
Apr 27 12:17:30 server ppp[70064]: Phase: deflink: Connected!
Apr 27 12:17:30 server ppp[70064]: Phase: deflink: opening -> carrier
Apr 27 12:17:30 server ppp[70064]: Phase: deflink: carrier -> lcp
Apr 27 12:17:30 server ppp[70064]: LCP: FSM: Using "deflink" as a transport
Apr 27 12:17:30 server ppp[70064]: LCP: deflink: State change Initial --> Closed
Apr 27 12:17:30 server ppp[70064]: LCP: deflink: State change Closed --> Stopped
Apr 27 12:17:31 server ppp[70064]: LCP: deflink: LayerStart
Apr 27 12:17:31 server ppp[70064]: LCP: deflink: SendConfigReq(1) state = Stopped
Apr 27 12:17:31 server ppp[70064]: LCP:  ACFCOMP[2]
Apr 27 12:17:31 server ppp[70064]: LCP:  PROTOCOMP[2]
Apr 27 12:17:31 server ppp[70064]: LCP:  ACCMAP[6] 0x00000000
Apr 27 12:17:31 server ppp[70064]: LCP:  MRU[4] 1500
Apr 27 12:17:31 server ppp[70064]: LCP:  MAGICNUM[6] 0xfdcf5d7d
Apr 27 12:17:31 server ppp[70064]: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
Apr 27 12:17:31 server ppp[70064]: LCP: deflink: State change Stopped --> Req-Sent
Apr 27 12:17:34 server ppp[70064]: LCP: deflink: SendConfigReq(1) state = Req-Sent
Apr 27 12:17:34 server ppp[70064]: LCP:  ACFCOMP[2]
Apr 27 12:17:34 server ppp[70064]: LCP:  PROTOCOMP[2]
Apr 27 12:17:34 server ppp[70064]: LCP:  ACCMAP[6] 0x00000000
Apr 27 12:17:34 server ppp[70064]: LCP:  MRU[4] 1500
Apr 27 12:17:34 server ppp[70064]: LCP:  MAGICNUM[6] 0xfdcf5d7d
Apr 27 12:17:34 server ppp[70064]: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
Apr 27 12:17:37 server ppp[70064]: LCP: deflink: SendConfigReq(1) state = Req-Sent
Apr 27 12:17:37 server ppp[70064]: LCP:  ACFCOMP[2]
Apr 27 12:17:37 server ppp[70064]: LCP:  PROTOCOMP[2]
Apr 27 12:17:37 server ppp[70064]: LCP:  ACCMAP[6] 0x00000000
Apr 27 12:17:37 server ppp[70064]: LCP:  MRU[4] 1500
Apr 27 12:17:37 server ppp[70064]: LCP:  MAGICNUM[6] 0xfdcf5d7d
Apr 27 12:17:37 server ppp[70064]: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
Apr 27 12:17:40 server ppp[70064]: LCP: deflink: SendConfigReq(1) state = Req-Sent
Apr 27 12:17:40 server ppp[70064]: LCP:  ACFCOMP[2]
Apr 27 12:17:40 server ppp[70064]: LCP:  PROTOCOMP[2]
Apr 27 12:17:40 server ppp[70064]: LCP:  ACCMAP[6] 0x00000000
Apr 27 12:17:40 server ppp[70064]: LCP:  MRU[4] 1500
Apr 27 12:17:40 server ppp[70064]: LCP:  MAGICNUM[6] 0xfdcf5d7d
Apr 27 12:17:40 server ppp[70064]: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
Apr 27 12:17:43 server ppp[70064]: LCP: deflink: SendConfigReq(1) state = Req-Sent
Apr 27 12:17:43 server ppp[70064]: LCP:  ACFCOMP[2]
Apr 27 12:17:43 server ppp[70064]: LCP:  PROTOCOMP[2]
Apr 27 12:17:43 server ppp[70064]: LCP:  ACCMAP[6] 0x00000000
Apr 27 12:17:43 server ppp[70064]: LCP:  MRU[4] 1500
Apr 27 12:17:43 server ppp[70064]: LCP:  MAGICNUM[6] 0xfdcf5d7d
Apr 27 12:17:43 server ppp[70064]: LCP:  AUTHPROTO[5] 0xc223 (CHAP 0x81)
Apr 27 12:17:46 server ppp[70064]: LCP: deflink: LayerFinish
Apr 27 12:17:46 server ppp[70064]: LCP: deflink: State change Req-Sent --> Stopped
Apr 27 12:17:46 server ppp[70064]: LCP: deflink: State change Stopped --> Closed
Apr 27 12:17:46 server ppp[70064]: LCP: deflink: State change Closed --> Initial
Apr 27 12:17:46 server ppp[70064]: Phase: deflink: Disconnected!
Apr 27 12:17:46 server ppp[70064]: Phase: deflink: Connect time: 16 secs: 0 octets in, 300 octets out
Apr 27 12:17:46 server ppp[70064]: Phase: deflink: 0 packets in, 5 packets out
Apr 27 12:17:46 server ppp[70064]: Phase:  total 18 bytes/sec, peak 24 bytes/sec on Wed Apr 27 12:17:34 2011
Apr 27 12:17:46 server ppp[70064]: Phase: deflink: lcp -> closed
Apr 27 12:17:46 server ppp[70064]: Phase: bundle: Dead
Apr 27 12:17:46 server ppp[70064]: Phase: PPP Terminated (normal).
Apr 27 12:17:46 server ppp[70064]: Warning: 192.168.50.201: Cannot determine ethernet address for proxy ARP
```



```
server# arp --use-device --set 192.168.50.201 tun0 pub
arp: illegal option -- -
usage: arp [-n] [-i interface] hostname
       arp [-n] [-i interface] -a
       arp -d hostname [pub]
       arp -d [-i interface] -a
       arp -s hostname ether_addr [temp] [reject | blackhole] [pub [only]]
       arp -S hostname ether_addr [temp] [reject | blackhole] [pub [only]]
       arp -f filename
```


----------



## Anonymous (Apr 28, 2011)

I cannot be of any help with net/poptop.

I only would like to let you know, that I managed to setup a PPTP-VPN server at my FreeBSD 8.2 machine utilizing net/mpd5, that works perfectly together with my iPhone and my Macs. It was quite easy to set up. I could offer some help in setting up PPTP and L2TP/IPsec VPN servers using mpd5.

Best regards

Rolf


----------



## NuLL3rr0r (Jun 17, 2011)

@rolfheinrich

Sorry for the delay in replying to the post, I was very busy with a project. I'll be very thankful if you share your MPD5 configuration and steps you take (in order to make it work), with me.

Thanks in advance.


----------



## Anonymous (Jun 18, 2011)

*Setting up PPTP-VPN using mpd5*



			
				NuLL3rr0r said:
			
		

> ... share your MPD5 configuration and steps you take (in order to make it work)...



Hello!

If not already done, install net/mpd5:
[CMD=""]cd /usr/ports/net/mpd5; make install clean[/CMD]

Change to the configuration directory, and create/edit some files:
[CMD=""]cd /usr/local/etc/mpd5[/CMD]

Instead of nano, you may want to use your preferred editor for this
[CMD=""]cp mpd.secret.sample mpd.secret; nano mpd.secret[/CMD]

```
#################################################################
#
#       MPD secrets file
#
# This file contains login, password pairs, called "secrets".
# Entries are used for authentication in either or both directions,
# as well as telnet console login.
#
# For example, to use the "MyLogin" secret, use this command:
#
#       set bundle authname MyLogin
#
# Each entry may have a third field containing an IP address range
# specifying the allowable address assignments for that # peer.
#
# NOTE: this file should not be readable by anyone except root!
#
# $Id: mpd.secret.sample,v 1.2 2007/01/27 13:28:44 amotin Exp $
#
#################################################################

MyLogin         MyPassword
PeerLogin       PeerPassword

fred            "fred-pw"
joe             "foobar"        192.168.1.1
bob             "\x34\"foo\n"   192.168.1.10/24
sal             "yipee"         192.168.1.254
```

Here you basically setup the credentials for the administrator of mpd5 (MyLogin/MyPassword) and for the users who may connect to the VPN service (PeerLogins/PeerPasswords). For example my entries look roughly like this:

```
super      "pwSuper"
rolf       "pwRolf"
thomas     "pwThomas"
alex       "pwAlex"
anna       "pwAnna"
etc        "pwEtc"
```

Remember the login-id of the admin user (in the above example super, because you need this in the next step, i.e. creation and editing the principal configuration file. You could start with a copy of mpd.conf.sample, however this contains configurations for a lot of different operation modes of mpd5. So, I suggest, to create a new file, and copy my configuration suggestion below into it. You might want to review the file mpd5.conf.sample at some point in time later, though.

[CMD=""]nano mpd.conf[/CMD]


```
startup:
        # configure mpd users
        set user super pwSuper admin
        # configure the console
        set console self 127.0.0.1 5005
        set console open
        # configure the web server
        set web self 0.0.0.0 5006
        set web open


default:
        load pptp_server

pptp_server:
# Define dynamic IP address pool.
        set ippool add pool_pptp 192.168.0.150 192.168.0.199

# Create clonable bundle template named B_pptp
        create bundle template B_pptp
        set iface enable proxy-arp
        set iface enable tcpmssfix
        set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
        set ipcp ranges 192.168.0.1/24 ippool pool_pptp
        set ipcp dns 192.168.0.1
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

# Create clonable link template named L_pptp
        create link template L_pptp pptp
# Set bundle template to use
        set link action bundle B_pptp
# Multilink adds some overhead, but gives full 1500 MTU.
        set link enable multilink
        set link no pap chap eap
        set link enable chap
        set link keep-alive 0 0
# We reducing link mtu to avoid GRE packet fragmentation.
        set link mtu 1448
# Configure PPTP
        set pptp self 192.168.0.1
        set pptp enable always-ack
# Allow to accept calls
        set link enable incoming
```

The above setup assumes that the local network is 192.168.0.0/24, and that the PPTP-VPN host has the IP 192.168.0.1. Furthermore, an IP range from 192.168.0.150 to 192.168.0.199 is reserved for VPN.

"set iface enable proxy-arp" is required, if VPN clients are allowed to connect to other machines in- and outside of your local network. If VPN clients should be restricted to services of the VPN host only, then remove this setting. By default, proxy-arp is disabled.

In my setup the VPN host, hosts also the DNS server. If you have another DNS, change "set ipcp dns 192.168.0.1" accordingly. Of course, this would mean also that proxy-arp should be enabled, since otherwise, VPN clients cannot connect to another DNS.

Enable mpd in /etc/rc.conf

```
mpd_enable="YES"
```

Make sure, that your firewall is open for 1723 TCP and 47 GRE.

Finally, start mpd5 by:
[CMD=""]service mpd5 start[/CMD]

Check, if everything is working, and eventually restart the machine.

Hopefully this helps.

Best regards

Rolf


----------



## amao (Sep 29, 2011)

rolfheinrich said:
			
		

> I cannot be of any help with net/poptop.
> 
> I only would like to let you know, that I managed to setup a PPTP-VPN server at my FreeBSD 8.2 machine utilizing net/mpd5, that works perfectly together with my iPhone and my Macs. It was quite easy to set up. I could offer some help in setting up PPTP and L2TP/IPsec VPN servers using mpd5.
> 
> ...



   I can setup pure l2tp server and pure ipsec server on FreeBSD 8.2 .
   But I don't know how to setup l2tp/ipsec server using mpd5 and ipsec-tools together.

   Can you give my some document? 

   Thanks


----------



## Anonymous (Sep 29, 2011)

amao said:
			
		

> ... But I don't know how to setup l2tp/ipsec server using mpd5 and ipsec-tools together ...



Yeah, this is quite a big write-up. Please give me some time for carefully completing this. I promise that I will submit this to the Howto-Forum by the end of this weekend.

Many thanks for your patience.

Best regards

Rolf

PS: I just submitted the promised howto. See here Howto set up a L2TP/IPsec VPN Dial-In Server.


----------



## NuLL3rr0r (Oct 3, 2011)

@*rolfheinrich*
You are rockinggggggggg man!!

I was been busy for a while and forgot about this VPN thing until today I saw an email about this thread in my inbox. You're guide is very very straight forward. It just took less than 10 minutes to build mpd5 and set it up using your guide. And on first try it simply worked on both Android and iOS.
I'm using SSH Tunnel on Android (never using VPN), but my friends are using iOS (they just have VPN option since setting up SSH Tunnel on iOS is a little complicated thing to do) _and they are saying thanks too_. You saved us from a lot of trouble.

Thanks again.


----------



## rblon (Jul 29, 2012)

I'm trying to route all my internet traffic from my iPad through my FreeBSD box. So it seems PPTP-VPN could do the trick. However my problem with these instructions is that my FreeBSD server doesn't host the DNS server. And the router that it uses doesn't accept other clients. Any tips how to adjust for this situation?


----------



## Anonymous (Jul 29, 2012)

rblon said:
			
		

> ... my FreeBSD server doesn't host the DNS server. And the router that it uses doesn't accept other clients.



I am not sure if I got that correctly.

So, please clarify:

1) - The router does not accept other DNS traffic than from/to your FreeBSD box, but passes everything else?
2) - The router does not accept ANY other traffic than from/to your FreeBSD box?

In the first case, you may want to try adjusting a public DNS, e.g. 8.8.8.8 in /usr/local/etc/mpd5:


```
...
set iface enable proxy-arp
...
set ipcp dns 8.8.8.8
...
```

Also make sure that IP forwarding is enabled on your server; in file /etc/sysctl.conf:


```
...
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
...
```

In case 2, I have no good idea.


----------



## rblon (Jul 30, 2012)

Let me try to explain better.
I'm using a VPS and my provider provided me with a fixed IP (xx.150.50.120) for my VPS, a gateway (xx.150.50.1) and two DNS server addresses that I can use.
The problem is that I'm not sure what IP address pool to use and/or which DNS server.
I have tried several combinations, including your suggestion for a public DNS server.
I can from the outside access the console via telnet. 
Also, in /etc/rc.conf I have set gateway_enable="YES"
In the log I see the following when I try to connect with my iPad:

```
Jul 30 09:25:35 vps mpd5: [L-1] Accepting PPTP connection
Jul 30 09:25:35 vps mpd5: [L-1] Link: OPEN event
Jul 30 09:25:35 vps mpd5: [L-1] LCP: Open event
Jul 30 09:25:35 vps mpd5: [L-1] LCP: state change Initial --> Starting
Jul 30 09:25:35 vps mpd5: [L-1] LCP: LayerStart
Jul 30 09:25:35 vps mpd5: [L-1] PPTP: attaching to peer's outgoing call
Jul 30 09:25:35 vps mpd5: [L-1] Link: UP event
Jul 30 09:25:35 vps mpd5: [L-1] LCP: Up event
Jul 30 09:25:35 vps mpd5: [L-1] LCP: state change Starting --> Req-Sent
Jul 30 09:25:35 vps mpd5: [L-1] LCP: SendConfigReq #1
Jul 30 09:25:35 vps mpd5: [L-1]   ACFCOMP
Jul 30 09:25:35 vps mpd5: [L-1]   PROTOCOMP
Jul 30 09:25:35 vps mpd5: [L-1]   MRU 1500
Jul 30 09:25:35 vps mpd5: [L-1]   MAGICNUM 77721792
Jul 30 09:25:35 vps mpd5: [L-1]   AUTHPROTO CHAP MSOFTv2
Jul 30 09:25:35 vps mpd5: [L-1]   MP MRRU 2048
Jul 30 09:25:35 vps mpd5: [L-1]   MP SHORTSEQ
Jul 30 09:25:35 vps mpd5: [L-1]   ENDPOINTDISC [802.1] 52 54 2d 97 f8 da

...

Jul 30 09:25:53 vps mpd5: [L-1] LCP: SendConfigReq #10
Jul 30 09:25:53 vps mpd5: [L-1]   ACFCOMP
Jul 30 09:25:53 vps mpd5: [L-1]   PROTOCOMP
Jul 30 09:25:53 vps mpd5: [L-1]   MRU 1500
Jul 30 09:25:53 vps mpd5: [L-1]   MAGICNUM 77721792
Jul 30 09:25:53 vps mpd5: [L-1]   AUTHPROTO CHAP MSOFTv2
Jul 30 09:25:53 vps mpd5: [L-1]   MP MRRU 2048
Jul 30 09:25:53 vps mpd5: [L-1]   MP SHORTSEQ
Jul 30 09:25:53 vps mpd5: [L-1]   ENDPOINTDISC [802.1] 52 54 2d 97 f8 da
Jul 30 09:25:55 vps mpd5: [L-1] LCP: parameter negotiation failed
Jul 30 09:25:55 vps mpd5: [L-1] LCP: state change Req-Sent --> Stopped
Jul 30 09:25:55 vps mpd5: [L-1] LCP: LayerFinish
Jul 30 09:25:55 vps mpd5: [L-1] PPTP call terminated
Jul 30 09:25:55 vps mpd5: [L-1] Link: DOWN event
Jul 30 09:25:55 vps mpd5: [L-1] LCP: Close event
Jul 30 09:25:55 vps mpd5: [L-1] LCP: state change Stopped --> Closed
Jul 30 09:25:55 vps mpd5: [L-1] LCP: Down event
Jul 30 09:25:55 vps mpd5: [L-1] LCP: state change Closed --> Initial
Jul 30 09:25:55 vps mpd5: [L-1] Link: SHUTDOWN event
Jul 30 09:25:55 vps mpd5: [L-1] Link: Shutdown
```


----------

