# Mpd5 setup help



## time4e (Jun 24, 2012)

Hello,

Following the below URL I am attempting to set up a PPTP VPN server on my FreebBSD 9 box using MPD5. I have configured both mpd.conf and mpd.secret with the same username and password but when I attempt to log in to http://192.168.1.31:5006/ or [cmd=]telnet 192.168.1.31 5006[/cmd] I keep getting authentication failures. *H*ave I not set the user/password correctly in the configuration file? *W*hat am I missing?

I used the instru*c*tions here: http://blog.up-link.ro/freebsd-how-to-install-and-configure-a-pptp-server-with-mpd5-on-freebsd-8-2/

My Mpd5.conf file reads as:


```
startup:
        # configure mpd users
        set user <pptpadmin> tim
        set user <pptpadmin> <astrongpassword>
        # configure the console
        set console self 0.0.0.0 5005
        set console open
        # configure the web server
        set web self 0.0.0.0 5006
        set web open

default:
        load pptp_server

pptp_server:
# Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
# Define dynamic IP address pool.
	set ippool add pool1 <192.168.1.40> <192.168.1.45>
# Create clonable bundle template named B
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp

# Specify IP address pool for dynamic assigment.
	set ipcp ranges <192.168.1.31>/<255.255.255.0> ippool pool1
	set ipcp dns <192.168.1.1>

# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

# Create clonable link template named L
        create link template L pptp

# Set bundle template to use
        set link action bundle B

# Multilink adds some overhead, but gives full 1500 MTU.
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap eap
        set link enable chap

# Enable utmp/wtmp logging
        set auth enable system-acct

# We reducing link mtu to avoid GRE packet fragmentation.
        set link mtu 1460

# Configure PPTP
        set pptp self <192.168.1.31>

# Allow to accept calls
        set link enable incoming
```

My mpd.secret file reads:


```
MyLogin         MyPassword
PeerLogin       PeerPassword


tim             "astrongpassword" 192.168.1.40
```

*T*hanks,
-Tim


----------



## codesweat (Jun 25, 2012)

*Seperate machine?*

I am guessing you are trying to connect via a separate machine correct? Could you post the error you get when trying to connect via telnet, and http?

Brian


----------



## time4e (Jun 25, 2012)

I am using another machine on the same network. It does not seem to be recognizing the credentials set in mpd.secret. I have also added the line 
	
	



```
set bundle authname MyLogin
```
 to mpd.secret. When logging into http://192.168.1.31:5006/ it keeps rejecting my login, same when using telnet to test the connection. I have also tried using an account on the FreeBSD box.

This is the telnet error I am getting: http://kellycloud.net/photo/index.php/error/Screenshot-from-2012-06-25-18-40-01

*H*ere are the instructions listed at the top of mpd.secret:


```
#################################################################
#
#       MPD secrets file
#
# This file contains login, password pairs, called "secrets".
# Entries are used for authentication in either or both directions,
# as well as telnet console login.
#
# For example, to use the "MyLogin" secret, use this command:
#
        set bundle authname MyLogin
#
# Each entry may have a third field containing an IP address range
# specifying the allowable address assignments for that # peer.
# 
# NOTE: this file should not be readable by anyone except root!
# 
# $Id: mpd.secret.sample,v 1.2 2007/01/27 13:28:44 amotin Exp $
#
```

Thanks,
-Tim


----------



## ecazamir (Jun 29, 2012)

It's not enough to supply the user and password, here's how I did it:

```
startup:
        # configure mpd users
        # set user foo bar admin
        set user [B]username password[/B] admin
        # set user foo1 bar1
        # configure the text console
        # This will be accessible only from the local machine or through a SSH tunnel
        # enable it [U]if[/U] you use the telnet-like CLI
        set console self 127.0.0.1 5005
        # Public accessible console, not recommended
        # set console self 192.0.2.1 # A routed address here
        set console open
        # configure the web server/ admin interface
        # This will be accessible only from the local machine or through a SSH tunnel
        # enable it [U]if[/U] you use the http console
        set web self 127.0.0.1 5006
        # set web self 192.0.2.1 5006 # A public accessible console, not recommended
        set web open
```


----------



## time4e (Jun 30, 2012)

Ecazamir, is this an example of mpd.conf or mpd.secert?  I have removed mpd5 via make deinstall and still when I access telnet 192.168.1.31 5005 I get login failures using the Ubuntu terminal and on windows after I enter the username, the password auto fills and than is rejected, before I have a chance to even enter the password. I edited the login information in ppp.conf with no luck. Can anyone recommend a pptp server that is easy to setup under FreeBSD 9? mpd5 is driving me nuts. 

Thanks,
-Tim 



```
Multi-link PPP daemon for FreeBSD

Username: tim
Password:
Login failed
Username:
```


----------



## ecazamir (Jun 30, 2012)

time4e said:
			
		

> Ecazamir, is this an example of mpd.conf or mpd.secert?



It's from mpd.conf. mpd.secret is used to hold username/password/ip combinations for local authentication. mpd.secret shouldn't be needed if you use mpd with RADIUS, but that's another matter.

I assume you removed the package without stopping mpd, that's why I assume it still responds to telnet connections.

IMO, mpd5 is the best VPN/PPPoE server suite available for FreeBSD, you just need to read carefully the examples located in /usr/local/etc/mpd5/ and the documentation.


----------



## Anonymous (Jun 30, 2012)

time4e said:
			
		

> ... Can anyone recommend a pptp server that is easy to setup under FreeBSD 9? mpd5 is driving me nuts. ...





			
				ecazamir said:
			
		

> ... IMO, mpd5 is the best VPN/PPPoE server suite available for FreeBSD, you just need to read carefully the examples located in /usr/local/etc/mpd5/ and the documentation.



I agree with ecazimir, I also consider net/mpd5 the best.

For me mpd5 was very easy to setup, and I found the mentioned mpd dcoumentation straight forward, and others seem to have setup PPTP with net/mpd5 also successfully.

I just checked telnet and web admin login with my setup, and it works as expected. So, this should simply work for you too.

In your first post you wrote:



			
				time4e said:
			
		

> ...
> My Mpd5.conf file reads as:
> 
> ```
> ...



Sorry, if this is obvious. In your actual configuration, you didn't use the triangular quotes "<" and ">" for embracing user names, passwords, and IP-addresses, did you? If you did, then remove  "<" and ">".

In addition, make sure, that the user pptpadmin exists in /usr/local/mpd5/mpd.secret, for example said file may have entries as follows - simple text without any quotes:


```
pptpadmin   pwAdmin
tim         pwTim
```

With that, the startup section of your /usr/local/mpd5/mpd.conf should look like:


```
startup:
        # configure mpd users
        set user pptpadmin pwAdmin admin
        # configure the console
        set console self 0.0.0.0 5005
        set console open
        # configure the web server
        set web self 0.0.0.0 5006
        set web open
```

Again, remove also "<" and ">" surronding the IP's from the remainder or your configuration file.

Best regards

Rolf


----------



## ecazamir (Jul 1, 2012)

rolfheinrich said:
			
		

> In addition, make sure, that the user pptpadmin exists in /usr/local/mpd5/mpd.secret, for example said file may have entries as follows - simple text without any quotes:
> 
> 
> ```
> ...


What you put in mpd.secret is used for authentication purposes, for the VPN/PPPoE connection. Adding pptpadmin there should be needed only if this account is used to test the connection from a PPTP/PPPoE client. In my opinion, it is not wise to use the pptpadmin user from the client side.

mpd.secret won't be used at all if you unset/disable the following configuration parameter 
	
	



```
set auth enable internal
```

I'm not so sure of the REQUIREMENT to have the pptpadmin user listed in mpd.secret. I've seen the web console working fine on a server with an empty mpd.secret file, on a server using RADIUS for authentication.


----------



## Anonymous (Jul 1, 2012)

ecazamir said:
			
		

> What you put in mpd.secret is used for authentication purposes, for the VPN/PPPoE connection. Adding pptpadmin there should be needed only if this account is used to test the connection from a PPTP/PPPoE client. ...
> 
> ... I'm not so sure of the REQUIREMENT to have the pptpadmin user listed in mpd.secret. I've seen the web console working fine on a server with an empty mpd.secret file, on a server using RADIUS for authentication.



Just checked it with my setup, using client authentication via mpd.secret, and you are correct, there is no need for listing pptpadmin in /usr/local/etc/mpd5/mpd.secret. As a matter of fact, for admin accesing the mpd5 daemon via telnet or web, it is sufficient to set the admin user only in /usr/local/etc/mpd5/mpd.conf by something like the following:


```
...
set user pptpadmin pwAdmin admin
...
```

@tim4e, i.e. plain text, no quotes, no "<>", nothing else.

Best regards

Rolf


----------



## time4e (Jul 3, 2012)

All,
Thanks so much I am making much progress. I can login via telnet 192.168.1.31 5005. When I attempt to connect to the VPN from another location I get the follow error within mpd5.log and 


```
tail -f  /var/log/mpd5.log

Jul  2 21:43:59 main mpd5: PPTP: waiting for connection on 192.168.1.31 1723
Jul  2 21:44:13 main mpd5: [L_pptp-1] Accepting PPTP connection
Jul  2 21:44:13 main mpd5: [L_pptp-1] Link: OPEN event
Jul  2 21:44:13 main mpd5: [L_pptp-1] LCP: Open event
Jul  2 21:44:13 main mpd5: [L_pptp-1] LCP: state change Initial --> Starting
Jul  2 21:44:13 main mpd5: [L_pptp-1] LCP: LayerStart
Jul  2 21:44:13 main mpd5: [L_pptp-1] PPTP: attaching to peer's outgoing call
Jul  2 21:44:13 main mpd5: [L_pptp-1] Link: UP event
Jul  2 21:44:13 main mpd5: [L_pptp-1] LCP: Up event
Jul  2 21:44:13 main mpd5: [L_pptp-1] LCP: state change Starting --> Req-Sent
Jul  2 21:44:13 main mpd5: [L_pptp-1] LCP: SendConfigReq #1
Jul  2 21:44:13 main mpd5: [L_pptp-1]   ACFCOMP
Jul  2 21:44:13 main mpd5: [L_pptp-1]   PROTOCOMP
Jul  2 21:44:13 main mpd5: [L_pptp-1]   MRU 1500
Jul  2 21:44:13 main mpd5: [L_pptp-1]   MAGICNUM 53877770
Jul  2 21:44:13 main mpd5: [L_pptp-1]   AUTHPROTO CHAP MSOFTv2
Jul  2 21:44:13 main mpd5: [L_pptp-1]   MP MRRU 2048
Jul  2 21:44:13 main mpd5: [L_pptp-1]   MP SHORTSEQ
Jul  2 21:44:13 main mpd5: [L_pptp-1]   ENDPOINTDISC [802.1] 00 e0 6f 0f 4c 66
Jul  2 21:44:15 main mpd5: [L_pptp-1] LCP: SendConfigReq #2
Jul  2 21:44:15 main mpd5: [L_pptp-1]   ACFCOMP
Jul  2 21:44:15 main mpd5: [L_pptp-1]   PROTOCOMP
Jul  2 21:44:15 main mpd5: [L_pptp-1]   MRU 1500
Jul  2 21:44:15 main mpd5: [L_pptp-1]   MAGICNUM 53877770
Jul  2 21:44:15 main mpd5: [L_pptp-1]   AUTHPROTO CHAP MSOFTv2
Jul  2 21:44:15 main mpd5: [L_pptp-1]   MP MRRU 2048
Jul  2 21:44:15 main mpd5: [L_pptp-1]   MP SHORTSEQ
Jul  2 21:44:15 main mpd5: [L_pptp-1]   ENDPOINTDISC [802.1] 00 e0 6f 0f 4c 66
Jul  2 21:44:17 main mpd5: [L_pptp-1] LCP: SendConfigReq #3
Jul  2 21:44:17 main mpd5: [L_pptp-1]   ACFCOMP
Jul  2 21:44:17 main mpd5: [L_pptp-1]   PROTOCOMP
Jul  2 21:44:17 main mpd5: [L_pptp-1]   MRU 1500
Jul  2 21:44:17 main mpd5: [L_pptp-1]   MAGICNUM 53877770
Jul  2 21:44:17 main mpd5: [L_pptp-1]   AUTHPROTO CHAP MSOFTv2
Jul  2 21:44:17 main mpd5: [L_pptp-1]   MP MRRU 2048
Jul  2 21:44:17 main mpd5: [L_pptp-1]   MP SHORTSEQ
Jul  2 21:44:17 main mpd5: [L_pptp-1]   ENDPOINTDISC [802.1] 00 e0 6f 0f 4c 66
Jul  2 21:44:19 main mpd5: [L_pptp-1] LCP: SendConfigReq #4
Jul  2 21:44:19 main mpd5: [L_pptp-1]   ACFCOMP
Jul  2 21:44:19 main mpd5: [L_pptp-1]   PROTOCOMP
Jul  2 21:44:19 main mpd5: [L_pptp-1]   MRU 1500
Jul  2 21:44:19 main mpd5: [L_pptp-1]   MAGICNUM 53877770
Jul  2 21:44:19 main mpd5: [L_pptp-1]   AUTHPROTO CHAP MSOFTv2
Jul  2 21:44:19 main mpd5: [L_pptp-1]   MP MRRU 2048
Jul  2 21:44:19 main mpd5: [L_pptp-1]   MP SHORTSEQ
Jul  2 21:44:19 main mpd5: [L_pptp-1]   ENDPOINTDISC [802.1] 00 e0 6f 0f 4c 66
Jul  2 21:44:21 main mpd5: [L_pptp-1] LCP: SendConfigReq #5
Jul  2 21:44:21 main mpd5: [L_pptp-1]   ACFCOMP
Jul  2 21:44:21 main mpd5: [L_pptp-1]   PROTOCOMP
Jul  2 21:44:21 main mpd5: [L_pptp-1]   MRU 1500
Jul  2 21:44:21 main mpd5: [L_pptp-1]   MAGICNUM 53877770
Jul  2 21:44:21 main mpd5: [L_pptp-1]   AUTHPROTO CHAP MSOFTv2
Jul  2 21:44:21 main mpd5: [L_pptp-1]   MP MRRU 2048
Jul  2 21:44:21 main mpd5: [L_pptp-1]   MP SHORTSEQ
Jul  2 21:44:21 main mpd5: [L_pptp-1]   ENDPOINTDISC [802.1] 00 e0 6f 0f 4c 66
Jul  2 21:44:23 main mpd5: [L_pptp-1] LCP: SendConfigReq #6
Jul  2 21:44:23 main mpd5: [L_pptp-1]   ACFCOMP
Jul  2 21:44:23 main mpd5: [L_pptp-1]   PROTOCOMP
Jul  2 21:44:23 main mpd5: [L_pptp-1]   MRU 1500
Jul  2 21:44:23 main mpd5: [L_pptp-1]   MAGICNUM 53877770
Jul  2 21:44:23 main mpd5: [L_pptp-1]   AUTHPROTO CHAP MSOFTv2
Jul  2 21:44:23 main mpd5: [L_pptp-1]   MP MRRU 2048
Jul  2 21:44:23 main mpd5: [L_pptp-1]   MP SHORTSEQ
Jul  2 21:44:23 main mpd5: [L_pptp-1]   ENDPOINTDISC [802.1] 00 e0 6f 0f 4c 66
Jul  2 21:44:25 main mpd5: [L_pptp-1] LCP: SendConfigReq #7
Jul  2 21:44:25 main mpd5: [L_pptp-1]   ACFCOMP
Jul  2 21:44:25 main mpd5: [L_pptp-1]   PROTOCOMP
Jul  2 21:44:25 main mpd5: [L_pptp-1]   MRU 1500
Jul  2 21:44:25 main mpd5: [L_pptp-1]   MAGICNUM 53877770
Jul  2 21:44:25 main mpd5: [L_pptp-1]   AUTHPROTO CHAP MSOFTv2
Jul  2 21:44:25 main mpd5: [L_pptp-1]   MP MRRU 2048
Jul  2 21:44:25 main mpd5: [L_pptp-1]   MP SHORTSEQ
Jul  2 21:44:25 main mpd5: [L_pptp-1]   ENDPOINTDISC [802.1] 00 e0 6f 0f 4c 66
Jul  2 21:44:27 main mpd5: [L_pptp-1] LCP: SendConfigReq #8
Jul  2 21:44:27 main mpd5: [L_pptp-1]   ACFCOMP
Jul  2 21:44:27 main mpd5: [L_pptp-1]   PROTOCOMP
Jul  2 21:44:27 main mpd5: [L_pptp-1]   MRU 1500
Jul  2 21:44:27 main mpd5: [L_pptp-1]   MAGICNUM 53877770
Jul  2 21:44:27 main mpd5: [L_pptp-1]   AUTHPROTO CHAP MSOFTv2
Jul  2 21:44:27 main mpd5: [L_pptp-1]   MP MRRU 2048
Jul  2 21:44:27 main mpd5: [L_pptp-1]   MP SHORTSEQ
Jul  2 21:44:27 main mpd5: [L_pptp-1]   ENDPOINTDISC [802.1] 00 e0 6f 0f 4c 66
Jul  2 21:44:29 main mpd5: [L_pptp-1] LCP: SendConfigReq #9
Jul  2 21:44:29 main mpd5: [L_pptp-1]   ACFCOMP
Jul  2 21:44:29 main mpd5: [L_pptp-1]   PROTOCOMP
Jul  2 21:44:29 main mpd5: [L_pptp-1]   MRU 1500
Jul  2 21:44:29 main mpd5: [L_pptp-1]   MAGICNUM 53877770
Jul  2 21:44:29 main mpd5: [L_pptp-1]   AUTHPROTO CHAP MSOFTv2
Jul  2 21:44:29 main mpd5: [L_pptp-1]   MP MRRU 2048
Jul  2 21:44:29 main mpd5: [L_pptp-1]   MP SHORTSEQ
Jul  2 21:44:29 main mpd5: [L_pptp-1]   ENDPOINTDISC [802.1] 00 e0 6f 0f 4c 66
Jul  2 21:44:31 main mpd5: [L_pptp-1] LCP: SendConfigReq #10
Jul  2 21:44:31 main mpd5: [L_pptp-1]   ACFCOMP
Jul  2 21:44:31 main mpd5: [L_pptp-1]   PROTOCOMP
Jul  2 21:44:31 main mpd5: [L_pptp-1]   MRU 1500
Jul  2 21:44:31 main mpd5: [L_pptp-1]   MAGICNUM 53877770
Jul  2 21:44:31 main mpd5: [L_pptp-1]   AUTHPROTO CHAP MSOFTv2
Jul  2 21:44:31 main mpd5: [L_pptp-1]   MP MRRU 2048
Jul  2 21:44:31 main mpd5: [L_pptp-1]   MP SHORTSEQ
Jul  2 21:44:31 main mpd5: [L_pptp-1]   ENDPOINTDISC [802.1] 00 e0 6f 0f 4c 66
Jul  2 21:44:33 main mpd5: [L_pptp-1] LCP: parameter negotiation failed
Jul  2 21:44:33 main mpd5: [L_pptp-1] LCP: state change Req-Sent --> Stopped
Jul  2 21:44:33 main mpd5: [L_pptp-1] LCP: LayerFinish
Jul  2 21:44:33 main mpd5: [L_pptp-1] PPTP call terminated
Jul  2 21:44:33 main mpd5: [L_pptp-1] Link: DOWN event
Jul  2 21:44:33 main mpd5: [L_pptp-1] LCP: Close event
Jul  2 21:44:33 main mpd5: [L_pptp-1] LCP: state change Stopped --> Closed
Jul  2 21:44:33 main mpd5: [L_pptp-1] LCP: Down event
Jul  2 21:44:33 main mpd5: [L_pptp-1] LCP: state change Closed --> Initial
Jul  2 21:44:33 main mpd5: [L_pptp-1] Link: SHUTDOWN event
Jul  2 21:44:33 main mpd5: [L_pptp-1] Link: Shutdown
```

Any thoughts?


----------



## ecazamir (Jul 4, 2012)

The PPtP client disconnects with error 619? If yes, it is possible to have a router (or a firewall) between the client and the server, which does not do NAT (or blocks) for IP packets with GRE protocol payload.
This can be confirmed with tcpdump or wireshark, which should display GRE traffic between server and client on both ends, and considering your diagnostic log, I assume GRE packets sent from the server on the LCP negotiation phase do not reach the client.


----------



## time4e (Jul 5, 2012)

I have tried this at a few locations, most of them using comcast or verizon for the ISP, and standard routers, I guess those NAT devices do not properly handle NAT for GRE  So far I have only been able to connect to my VPN from one other location. When connect to the vpn from said location I can access all my network resources but I am not able to access the Internet; I am not sure if it is related but mpd5.log reports 
	
	



```
No interface to proxy arp on for 192.168.0.20
```
 and that IP address was the one specified for in mpd.conf.

Thanks again everyone for the help
-Tim


----------



## time4e (Jul 5, 2012)

time4e said:
			
		

> I have tried this at a few locations, most of them using comcast or verizon for the ISP, and standard routers, I guess those NAT devices do not properly handle NAT for GRE  So far I have only been able to connect to my VPN from one other location. When connect to the vpn from said location I can access all my network resources but I am not able to access the Internet; I am not sure if it is related but mpd5.log reports
> 
> 
> 
> ...



Correction to my last reply. When connected to the VPN from a location that allows me to; the only other device on my network I can access over the VPN is the VPN server (192.168.1.31) I am not able to access other computers via SSH, RDP, or Samba. Any thoughts?

Thanks,
-TIm


----------



## Anonymous (Jul 5, 2012)

time4e said:
			
		

> ...
> 
> 
> 
> ...





			
				time4e said:
			
		

> ... is the VPN server (192.168.1.31) I am not able to access other computers via SSH, ...



The destination IP 192.168.0.20 is on a different network than the dynamic IP range that you assigned in your Mpd5.conf given in your very first post:



			
				time4e said:
			
		

> ...My Mpd5.conf file reads as:
> 
> ```
> ...
> ...



Without further routing this cannot work, all internal addresses that you want to reach must sit within the same network. This means:

You EITHER need to change the IP pool to something like:


```
...
# Define dynamic IP address pool.
	set ippool add pool1 192.168.1.40 192.168.1.45
...
...
# Specify IP address pool for dynamic assigment.
	set ipcp ranges 192.168.1.31/255.255.0.0 ippool pool1
...
```

OR you need to switch your internal network to 192.168.1.0/24


In addition make sure, that you allowed IP forwarding in file /etc/sysctl.conf on your VPN server:


```
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
```

Best regards

Rolf


----------



## time4e (Jul 11, 2012)

Per rolfheinrich's instructions I have changed my config files accordingly, I can now connect to the VPN from a remote location, The only network resources I can access is the VPN server, I am not able to access the file server on my network. When connected to the VPN I am also provide with an ip address provided by the remote network rather than 192.168.1.41.

mpd.conf


```
startup:
        # configure mpd users
        set user tim astrongpassword admin
        # configure the console
        set console self 192.168.1.31 5005
        set console open
        # configure the web server
        set web self 192.168.1.31 5006
        set web open
	

default:
        load pptp_server

pptp_server:
# Define dynamic IP address pool.
        set ippool add pool_pptp 192.168.1.40 192.168.1.45

# Create clonable bundle template named B_pptp
        create bundle template B_pptp
        set iface enable proxy-arp
        set iface enable tcpmssfix
        set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
        set ipcp ranges 192.168.1.31 /255.255.0.0 ippool pool_pptp
        set ipcp dns 192.168.1.1
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

# Create clonable link template named L_pptp
        create link template L_pptp pptp
# Set bundle template to use
        set link action bundle B_pptp
# Multilink adds some overhead, but gives full 1500 MTU.
        set link enable multilink
        set link no pap chap eap
        set link enable chap
        set link keep-alive 0 0
	set link fsm-timeout 5

# We reducing link mtu to avoid GRE packet fragmentation.
        set link mtu 1448
# Configure PPTP
        set pptp self 192.168.1.31
        set pptp enable always-ack
# Allow to accept calls
        set link enable incoming
```

mpd.secret 

```
MyLogin		MyPassword
PeerLogin	PeerPassword

tim             "astrongpassword" 192.168.1.41
```

Why am I not able to access any other internet resources on my network besides 192.168.1.31?

Thanks,
-Tim


----------



## time4e (Jul 11, 2012)

I mean Why am I not able to access any other network resources on my network besides 192.168.1.31?


----------



## Anonymous (Jul 12, 2012)

time4e said:
			
		

> ...When connected to the VPN I am also provide with an ip address provided by the remote network rather than 192.168.1.41...



The VPN server would provide one address from the ippool, which according to your mpd.conf is one address of the range from 192.168.1.40 to 192.168.1.45. Why do you expect it should be always 192.168.1.41? Is your VPN connection always the second one?



			
				time4e said:
			
		

> ...Why am I not able to access any other internet resources on my network besides 192.168.1.31?



Are you able to make connections to the internet and to your file server directly from the VPN machine, I mean, without having any VPN in the middle?


----------



## time4e (Jul 12, 2012)

I thought per mpd.secret the user tim would always get 192.168.1.41? From the Freebsd box I am able to ping the file server both by netbios name and ip address but when I attempt to connect to the Windows Share on my file server from the Freebsd box...

```
mount_smbfs -I //macuser@server/data /mnt
Unknown server error
mount_smbfs: can't get server address: syserr = Network is down
```

I am able to access the windows file server from a Mac and a linux box without issue. What's going on with the connection from FreeBSD? error syserr = Network is down also occurs if I attempt to connect to the samba share using the IP address of the server. I have also tried both mount_smbfs -I and -W which gives me an Operation timed out error. 

Thanks,
-Tim


----------



## Anonymous (Jul 12, 2012)

There is something wrong with your mount_smbfs() command. Try:

`# mount_smbfs -I 192.168.0.20 //macuser@server/data /mnt`

OR

`# mount_smbfs -I DNS_name //macuser@server/data /mnt`

Best regards

Rolf


----------



## time4e (Jul 12, 2012)

Thanks for the reply I have tried mount_smbfs -W WORKGROUP //user@server/share /mnt/folder 
and I now have access to my file server. Is this the only way I can connect to the server from VPN?

Thanks,
-Tim


----------



## Anonymous (Jul 12, 2012)

I guess that this does mean, that you could not mount the SMB share on your VPN machine by mount_smbfs() using the IP/DNS [-I] syntax of the command. Before anything else, you need to resolve this problem.

In my internal network, both forms [-W and -I] of said command do work, while mounting an internal share on a remote machine via VPN does work only using the [-I] syntax.

Best regards

Rolf


----------



## time4e (Jul 28, 2012)

Thanks everyone for the input/help. I now have the VPN server up and running as expected. 


Thanks again,
-Tim


----------



## time4e (Aug 4, 2012)

So is my configuration protected aginst the recent ms-chapv2 cracking tool?

https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/


----------



## kpa (Aug 4, 2012)

I would say not protected since there's no way to fix a badly designed authentication protocol that must stay compatible with existing software. Consider switching to something like security/openvpn if you don't trust PPTP.


----------

