# need help with mpd5 and Ipredator VPN



## Dre (Nov 20, 2010)

Iâ€™m trying to setup a VPN tunnel with the Ipredator VPN service provider. I just canâ€™t get it to work though. Iâ€™ve been following the instructions on 
http://kaiw27.wordpress.com/2010/08/19/ipredator-and-freebsd/
but it just wonâ€™t work.
To me it looks like everything should be working just fine but I canâ€™t access the net through the VPN tunnel.
There is a lot of traffic to the VPN (93.182.153.2) in the form of PPP and GRE frames (tshark..). 
Is there something wrong with the routing table? Any ideas?

Netstat before starting mpd5

```
# netstat -r
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.0.1        UGS         8        6    em0
10.1.1.1           link#3             UH          0        0    lo1
localhost          link#2             UH          0        0    lo0
192.168.0.0        link#1             U           3     1298    em0
192.168.0.10       link#1             UHS         0        0    lo0

Internet6:
Destination        Gateway            Flags      Netif Expire
localhost          localhost          UH          lo0
fe80::%lo0         link#2             U           lo0
fe80::1%lo0        link#2             UHS         lo0
ff01:2::           fe80::1%lo0        U           lo0
ff02::%lo0         fe80::1%lo0        U           lo0
```

Netstat after mpd5 is started


```
# netstat -r
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            93.182.153.2       UGS         0     2539    ng0
10.1.1.1           link#3             UH          0        0    lo1
93.182.153.2       192.168.0.1        UGHS        4     2603    em0
93.182.153.77      link#5             UHS         0        0    lo0
localhost          link#2             UH          0        0    lo0
192.168.0.0        link#1             U           1     1092    em0
192.168.0.10       link#1             UHS         0        0    lo0

Internet6:
Destination        Gateway            Flags      Netif Expire
localhost          localhost          UH          lo0
fe80::%lo0         link#2             U           lo0
fe80::1%lo0        link#2             UHS         lo0
ff01:2::           fe80::1%lo0        U           lo0
ff02::%lo0         fe80::1%lo0        U           lo0
```

Output from mpd5


```
# mpd5
Multi-link PPP daemon for FreeBSD

process 1535 started, version 5.5 (root@xxx 11:04 20-Nov-2010)
Label 'startup' not found
[B1] Bundle: Interface ng0 created
[L1] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: SendConfigReq #1
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 52d69de1
[L1] LCP: rec'd Configure Ack #1 (Req-Sent)
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 52d69de1
[L1] LCP: state change Req-Sent --> Ack-Rcvd
[L1] LCP: state change Ack-Rcvd --> Req-Sent
[L1] LCP: SendConfigReq #2
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 52d69de1
[L1] LCP: rec'd Configure Ack #2 (Req-Sent)
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 52d69de1
[L1] LCP: state change Req-Sent --> Ack-Rcvd
[L1] LCP: rec'd Configure Request #1 (Ack-Rcvd)
[L1]   ACCMAP 0x00000000
[L1]   AUTHPROTO CHAP MSOFTv2
[L1]   MAGICNUM 5260f924
[L1]   PROTOCOMP
[L1]   ACFCOMP
[L1] LCP: SendConfigAck #1
[L1]   ACCMAP 0x00000000
[L1]   AUTHPROTO CHAP MSOFTv2
[L1]   MAGICNUM 5260f924
[L1]   PROTOCOMP
[L1]   ACFCOMP
[L1] LCP: state change Ack-Rcvd --> Opened
[L1] LCP: auth: peer wants CHAP, I want nothing
[L1] LCP: LayerUp
[L1] CHAP: rec'd CHALLENGE #97 len: 26
[L1]   Name: "pptpd"
[L1] CHAP: Using authname "yes, my acc name is written hereâ€¦"
[L1] CHAP: sending RESPONSE #97 len: 61
[L1] CHAP: rec'd SUCCESS #97 len: 46
[L1]   MESG: S=12FB060FB71424205EF3F833673DB815F145B8C7
[L1] LCP: authorization successful
[L1] Link: Matched action 'bundle "B1" ""'
[L1] Link: Join bundle "B1"
[B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
[B1] IPCP: Open event
[B1] IPCP: state change Initial --> Starting
[B1] IPCP: LayerStart
[B1] CCP: Open event
[B1] CCP: state change Initial --> Starting
[B1] CCP: LayerStart
[B1] IPCP: Up event
[B1] IPCP: state change Starting --> Req-Sent
[B1] IPCP: SendConfigReq #1
[B1]   IPADDR 0.0.0.0
[B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] CCP: Up event
[B1] CCP: state change Starting --> Req-Sent
[B1] CCP: SendConfigReq #1
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] CCP: rec'd Configure Request #1 (Req-Sent)
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] CCP: SendConfigAck #1
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] CCP: state change Req-Sent --> Ack-Sent
[B1] IPCP: rec'd Terminate Ack #1 (Req-Sent)
[B1] CCP: rec'd Configure Ack #1 (Ack-Sent)
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] CCP: state change Ack-Sent --> Opened
[B1] CCP: LayerUp
[B1] CCP: Compress using: mppc (MPPE(128 bits), stateless)
[B1] CCP: Decompress using: mppc (MPPE(128 bits), stateless)
[B1] IPCP: rec'd Configure Request #1 (Req-Sent)
[B1]   COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
[B1]   IPADDR 93.182.153.2
[B1]     93.182.153.2 is OK
[B1] IPCP: SendConfigAck #1
[B1]   COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
[B1]   IPADDR 93.182.153.2
[B1] IPCP: state change Req-Sent --> Ack-Sent
[B1] IPCP: SendConfigReq #2
[B1]   IPADDR 0.0.0.0
[B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: rec'd Configure Nak #2 (Ack-Sent)
[B1]   IPADDR 93.182.153.77
[B1]     93.182.153.77 is OK
[B1] IPCP: SendConfigReq #3
[B1]   IPADDR 93.182.153.77
[B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: rec'd Configure Ack #3 (Ack-Sent)
[B1]   IPADDR 93.182.153.77
[B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: state change Ack-Sent --> Opened
[B1] IPCP: LayerUp
[B1]   93.182.153.77 -> 93.182.153.2
[B1] IFACE: Up event
```


----------



## Dre (Nov 21, 2010)

The connection is not established if I send the wrong password (or username).

I can ping the router on the receiving end of the VPN tunnel (93.182.153.2). That shows up as a normal ICMP request/reply in the datastream captured with tshark. 
I can also ping my â€œnewâ€ VPN ip address (93.182.153.77). However, that ping is sent through the tunnel (only GRE and PPP frames shows up in the capture). 
Iâ€™ve found addresses in the entire subnet of 93.182. that I can ping. These requests are also routed through the tunnel and not directly sent as ICMP frames.
I can probably ping the entire subnet that the Ipredator VPN service holds.

Pinging an address from outside of that subnet returns noting. I have to use ctrl-C to terminate the request.


```
# ping 214.132.126.26
PING 214.132.126.26 (214.132.126.26): 56 data bytes
^C
--- 214.132.126.26 ping statistics ---
452 packets transmitted, 0 packets received, 100.0% packet loss
```


----------

