# PPTP VPN Gateway



## vist (Sep 16, 2011)

I have to configure PPTP VPN gateway. I have a machine with two Ethernet adaters - for WAN and for LAN. WAN adapter is connected to the Internet via PPPoE. LAN adapter is connected to the office network.

I need to establish PPTP VPN connection to the remote VPN server and let the clients to work in the remote network. I have configured NAT between the adapters. Now I cannot configure VPN.

MPD5 establishes the connection, notes me about successful authorization and then tells "unknown CCP protocol found" and then the connection falls down.

Please, help me to find the bug!


----------



## aragon (Sep 16, 2011)

I suspect it'll be helpful if you could post your configuration and log output.


----------



## vist (Sep 17, 2011)

I used standard mpd5 configuration, pptp_client profile. I have found that I should use MPPE encryption for the connection. I copied settings block from the other profile of mpd.conf file.

The connection fails with the message:


```
Adding IPv4 address to ng1 failed: File exists
```


----------



## Anonymous (Sep 17, 2011)

vist said:
			
		

> I used standard mpd5 configuration, "pptp_client" profile...
> ... I copied settings block from the other profile of "mpd.conf" file.



The mpd5 configuration that I revealed in the following post is still working well for me:

http://forums.freebsd.org/showpost.php?p=137792&postcount=8


----------



## vist (Sep 18, 2011)

You are using VPN server, but I need to configure VPN client.

Here are some screenshots of my configuration and of the connection log.


----------



## aragon (Sep 18, 2011)

The route failure is probably because you already have a default route... and MPD is trying to add another one.


----------



## vist (Sep 18, 2011)

How can I solve the problem? I am a beginner in FreeBSD, so I can't now understand how it all works...

Maybe I'd try to delete the line "set iface route default"?


----------



## aragon (Sep 18, 2011)

Depends what you're trying to accomplish?  Yes, removing that line will stop the error, but then all traffic won't get routed out the VPN.


----------



## vist (Sep 18, 2011)

aragon said:
			
		

> Depends what you're trying to accomplish?  Yes, removing that line will stop the error, but then all traffic won't get routed out the VPN.



I need to establish VPN connection with the server and then let the clients connected to the other network adapter to work in the remote network.


----------



## vist (Sep 19, 2011)

The problem is that FreeBSD must be connected to the Windows VPN Server. The type of VPN is site-to-site.

I need to use MPPE encryption and MS CHAP v2, but the type of VPN is SITE-TO-SITE.

Can you give me some instructions?


----------



## ecazamir (Sep 19, 2011)

vist said:
			
		

> I need to establish VPN connection with the server and then let the clients connected to the other network adapter to work in the remote network.



You probably need to set some routes
Use 'set iface route' commands:

```
set iface route address[/width]
```
for example: 'set iface route 172.18.0.0/16'.
Proper routes needs to  be configured on both terminations of the VPN connection.

Below is a full example for a site-to-site VPN, using two FreeBSD gateways:
- each gateway is configured for networking, it has its own default gateway, NAT-ing on the external interface for [some] local networks
- each gateway uses mpd5, using the 'pptp_vpn' profile. Adjust the following parameters to suit your needs:

```
set ipcp ranges 192.168.1.1/32 192.168.2.1/32  # The IP Addresses used on the peer-to-peer connection
        set iface route 192.168.2.0/24  # The route to the remote network
        set auth authname "VpnLogin"
        set auth password "VpnPassword"
        set pptp self 1.2.3.4  # The external IP address used locally for the VPN endpoint
        set pptp peer 2.3.4.5  # The external IP address used on the remote VPN nedpoint
```
- Put 'pptp_vpn' on the 'startup' section of mpd.conf file, adjust the parameters for the administrative console
- check if the VPN endpoints can reach each other, 
	
	



```
ping remote_outer_address_2.3.4.5
```
 can help.
- start the connection, on both ends: 
	
	



```
/usr/local/etc/rc.d/mpd5 [force]start
```
- check if the connection has been established, use 
	
	



```
ping <remote_inner_address 192.168.2.1>
```
, /sbin/ifconfig should display a 'ng' interface, using the ip address listed at 'ipcp ranges'
- check (on both ends) if the routes are properly set-up, use 
	
	



```
ping <a_remote_LAN_side_address such as 192.168.2.2>
```


----------



## vist (Sep 19, 2011)

Here is my MPD5 config:

MPD.CONF


```
pptp_vpn:

create bundle static B1
set ipcp ranges 192.168.0.1/32 192.168.100.1/32
set iface route 192.168.100.0/24
# Enable Microsoft Point-to-Point encryption (MPPE)
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set bundle enable crypt-reqd
set mppc yes stateless

create link static L1 pptp
set link action bundle B1
# Enable both sides to authenticat each other with CHAP
set link no pap chap eap
set link yes chap
set auth authname "VpnLogin"
set auth password "VpnPassword"
set link mtu 1460
set link keep-alive 10 75
set link max-redial 0
# Configure PPTP and open link
set pptp self 1.2.3.4
set pptp peer 2.3.4.5
set link enable incoming
open
```


----------



## vist (Sep 19, 2011)

Here is my connetion log.


```
Multi-link PPP daemon for FreeBSD

process 2820 started, version 5.5 (root@freebsd.org 09:12 27-May-2010)
bind: Address already in use
CONSOLE: Can't listen for connections on 127.0.0.1 5005
bind: Address already in use
WebOpen: error http_server_start: 48
[B1] Bundle: Interface ng1 created
bind: Address already in use
PPTP: waiting for connection on 95.167.20.64 1723
[L1] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: SendConfigReq #1
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM f1ec2724
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: rec'd Configure Ack #1 (Req-Sent)
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM f1ec2724
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: state change Req-Sent --> Ack-Rcvd
[L1] LCP: rec'd Configure Request #1 (Ack-Rcvd)
[L1] MRU 1400
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MAGICNUM 5e2771f4
[L1] PROTOCOMP
[L1] ACFCOMP
[L1] CALLBACK 6
[L1] MP MRRU 1614
[L1] ENDPOINTDISC [LOCAL] 52 46 06 73 f5 80 45 2d 90 a1 fa 14 27 1c e0 a7 00 00 0
[L1] BACP
[L1] Not supported
[L1] LCP: SendConfigRej #1
[L1] CALLBACK 6
[L1] MP MRRU 1614
[L1] BACP
[L1] LCP: state change Ack-Rcvd --> Req-Sent
[L1] LCP: SendConfigReq #2
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM f1ec2724
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: rec'd Configure Request #2 (Req-Sent)
[L1] MRU 1400
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MAGICNUM 5e2771f4
[L1] PROTOCOMP
[L1] ACFCOMP
[L1] ENDPOINTDISC [LOCAL] 52 46 06 73 f5 80 45 2d 90 a1 fa 14 27 1c e0 a7 00 00 0
[L1] LCP: SendConfigAck #2
[L1] MRU 1400
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MAGICNUM 5e2771f4
[L1] PROTOCOMP
[L1] ACFCOMP
[L1] ENDPOINTDISC [LOCAL] 52 46 06 73 f5 80 45 2d 90 a1 fa 14 27 1c e0 a7 00 00 0
[L1] LCP: state change Req-Sent --> Ack-Sent
[L1] LCP: rec'd Configure Ack #2 (Ack-Sent)
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM f1ec2724
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: state change Ack-Sent --> Opened
[L1] LCP: auth: peer wants CHAP, I want CHAP
[L1] CHAP: sending CHALLENGE #1 len: 38
[L1] LCP: LayerUp
[L1] CHAP: rec'd CHALLENGE #0 len: 28
[L1] Name: "*****"
[L1] CHAP: Using authname "*****"
[L1] CHAP: sending RESPONSE #0 len: 71
[L1] LCP: rec'd Configure Request #4 (Opened)
[L1] MRU 1400
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MAGICNUM 790e5659
[L1] PROTOCOMP
[L1] ACFCOMP
[L1] CALLBACK 6
[L1] MP MRRU 1614
[L1] ENDPOINTDISC [LOCAL] 52 46 06 73 f5 80 45 2d 90 a1 fa 14 27 1c e0 a7 00 00 0
[L1] BACP
[L1] Not supported
[L1] LCP: LayerDown
[L1] LCP: SendConfigReq #3
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM f1ec2724
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigRej #4
[L1] CALLBACK 6
[L1] MP MRRU 1614
[L1] BACP
[L1] LCP: state change Opened --> Req-Sent
[L1] LCP: rec'd Configure Reject #3 (Req-Sent)
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #4
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM f1ec2724
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: rec'd Configure Request #5 (Req-Sent)
[L1] MRU 1400
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MAGICNUM 790e5659
[L1] PROTOCOMP
[L1] ACFCOMP
[L1] ENDPOINTDISC [LOCAL] 52 46 06 73 f5 80 45 2d 90 a1 fa 14 27 1c e0 a7 00 00 0
[L1] LCP: SendConfigAck #5
[L1] MRU 1400
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MAGICNUM 790e5659
[L1] PROTOCOMP
[L1] ACFCOMP
[L1] ENDPOINTDISC [LOCAL] 52 46 06 73 f5 80 45 2d 90 a1 fa 14 27 1c e0 a7 00 00 0
[L1] LCP: state change Req-Sent --> Ack-Sent
[L1] LCP: rec'd Configure Reject #4 (Ack-Sent)
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #5
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM f1ec2724
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: rec'd Configure Reject #5 (Ack-Sent)
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #6
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM f1ec2724
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: rec'd Configure Reject #6 (Ack-Sent)
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #7
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM f1ec2724
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: rec'd Configure Reject #7 (Ack-Sent)
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #8
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM f1ec2724
[L1] AUTHPROTO CHAP MSOFTv2
bind: Address already in use
```


----------



## vist (Sep 19, 2011)

Are there any ideas?

The error message is sent by bind, maybe I should include IP of the internal DNS server of the remote network in resolv.conf?


----------



## vist (Sep 19, 2011)

Here is new log. I've tried to deactivate CHAP from the remote server.


```
Multi-link PPP daemon for FreeBSD
 
process 1744 started, version 5.5 (root@freebsd.org 03:11 28-May-2010)
bind: Address already in use
CONSOLE: Can't listen for connections on 127.0.0.1 5005
bind: Address already in use
WebOpen: error http_server_start: 48
[B1] Bundle: Interface ng1 created
PPTP: waiting for connection on 0.0.0.0 1723
[L1] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: SendConfigReq #1
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM f34a1e70
[L1] LCP: rec'd Configure Request #0 (Req-Sent)
[L1]   MRU 1400
[L1]   AUTHPROTO CHAP MSOFTv2
[L1]   MAGICNUM 7d877342
[L1]   PROTOCOMP
[L1]   ACFCOMP
[L1]   CALLBACK 6
[L1]   MP MRRU 1614
[L1]   ENDPOINTDISC [LOCAL] 52 46 06 73 f5 80 45 2d 90 a1 fa 14 27 1c e0 a7 00 00 0
[L1]   BACP
[L1]     Not supported
[L1] LCP: SendConfigRej #0
[L1]   CALLBACK 6
[L1]   MP MRRU 1614
[L1]   BACP
[L1] LCP: rec'd Configure Ack #1 (Req-Sent)
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM f34a1e70
[L1] LCP: state change Req-Sent --> Ack-Rcvd
[L1] LCP: rec'd Configure Request #1 (Ack-Rcvd)
[L1]   MRU 1400
[L1]   AUTHPROTO CHAP MSOFTv2
[L1]   MAGICNUM 7d877342
[L1]   PROTOCOMP
[L1]   ACFCOMP
[L1]   ENDPOINTDISC [LOCAL] 52 46 06 73 f5 80 45 2d 90 a1 fa 14 27 1c e0 a7 00 00 0
[L1] LCP: SendConfigAck #1
[L1]   MRU 1400
[L1]   AUTHPROTO CHAP MSOFTv2
[L1]   MAGICNUM 7d877342
[L1]   PROTOCOMP
[L1]   ACFCOMP
[L1]   ENDPOINTDISC [LOCAL] 52 46 06 73 f5 80 45 2d 90 a1 fa 14 27 1c e0 a7 00 00 0
[L1] LCP: state change Ack-Rcvd --> Opened
[L1] LCP: auth: peer wants CHAP, I want nothing
[L1] LCP: LayerUp
[L1] CHAP: rec'd CHALLENGE #0 len: 28
[L1]   Name: "12345"
[L1] CHAP: Using authname "12345"
[L1] CHAP: sending RESPONSE #0 len: 71
[L1] CHAP: rec'd SUCCESS #0 len: 46
[L1]   MESG: S=8297846E0AA409D4122D24205E9D0B5F16BC8C18
[L1] LCP: authorization successful
[L1] Link: Matched action 'bundle "B1" ""'
[L1] Link: Join bundle "B1"
[B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
[B1] IPCP: Open event
[B1] IPCP: state change Initial --> Starting
[B1] IPCP: LayerStart
[B1] CCP: Open event
[B1] CCP: state change Initial --> Starting
[B1] CCP: LayerStart
[B1] IPCP: Up event
[B1] IPCP: state change Starting --> Req-Sent
[B1] IPCP: SendConfigReq #1
[B1]   IPADDR 192.168.1.1
[B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] CCP: Up event
[B1] CCP: state change Starting --> Req-Sent
[B1] CCP: SendConfigReq #1
[B1]   MPPC
[B1]     0x01000060:MPPE(40, 128 bits), stateless
[B1] CCP: rec'd Configure Request #3 (Req-Sent)
[B1]   MPPC
[B1]     0x010000e1:MPPC, MPPE(40, 56, 128 bits), stateless
[B1] CCP: SendConfigNak #3
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] IPCP: rec'd Configure Request #4 (Req-Sent)
[B1]   IPADDR 192.168.100.106
[B1]     NAKing with 192.168.100.1
[B1] IPCP: SendConfigNak #4
[B1]   IPADDR 192.168.100.1
[B1] IPCP: rec'd Configure Reject #1 (Req-Sent)
[B1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: SendConfigReq #2
[B1]   IPADDR 192.168.1.1
[B1] CCP: rec'd Configure Nak #1 (Req-Sent)
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] CCP: SendConfigReq #2
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] CCP: rec'd Configure Request #5 (Req-Sent)
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] CCP: SendConfigAck #5
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] CCP: state change Req-Sent --> Ack-Sent
[B1] IPCP: rec'd Configure Request #6 (Req-Sent)
[B1]   IPADDR 192.168.100.106
[B1]     NAKing with 192.168.100.1
[B1] IPCP: SendConfigNak #6
[B1]   IPADDR 192.168.100.1
[B1] IPCP: rec'd Configure Nak #2 (Req-Sent)
[B1]   IPADDR 192.168.100.188
[B1]     192.168.100.188 is unacceptable
[B1] IPCP: SendConfigReq #3
[B1]   IPADDR 192.168.1.1
[B1] CCP: rec'd Configure Ack #2 (Ack-Sent)
[B1]   MPPC
[B1]     0x01000040:MPPE(128 bits), stateless
[B1] CCP: state change Ack-Sent --> Opened
[B1] CCP: LayerUp
[B1] CCP: Compress using: mppc (MPPE(128 bits), stateless)
[B1] CCP: Decompress using: mppc (MPPE(128 bits), stateless)
[B1] IPCP: rec'd Configure Request #7 (Req-Sent)
[B1]   IPADDR 192.168.100.106
[B1]     NAKing with 192.168.100.1
[B1] IPCP: SendConfigNak #7
[B1]   IPADDR 192.168.100.1
[B1] IPCP: rec'd Configure Nak #3 (Req-Sent)
[B1]   IPADDR 192.168.100.69
[B1]     192.168.100.69 is unacceptable
[B1] IPCP: SendConfigReq #4
[B1]   IPADDR 192.168.1.1
[B1] IPCP: rec'd Configure Request #8 (Req-Sent)
[B1]   IPADDR 192.168.100.106
[B1]     NAKing with 192.168.100.1
[B1] IPCP: SendConfigNak #8
[B1]   IPADDR 192.168.100.1
[B1] IPCP: rec'd Configure Nak #4 (Req-Sent)
[B1]   IPADDR 192.168.100.216
[B1]     192.168.100.216 is unacceptable
[B1] IPCP: SendConfigReq #5
[B1]   IPADDR 192.168.1.1
[B1] IPCP: rec'd Configure Request #9 (Req-Sent)
[B1]   IPADDR 192.168.100.106
[B1]     NAKing with 192.168.100.1
[B1] IPCP: SendConfigNak #9
[B1]   IPADDR 192.168.100.1
[B1] IPCP: rec'd Configure Nak #5 (Req-Sent)
[B1]   IPADDR 192.168.100.142
[B1]     192.168.100.142 is unacceptable
[B1] IPCP: SendConfigReq #6
[B1]   IPADDR 192.168.1.1
[B1] IPCP: rec'd Configure Request #10 (Req-Sent)
[B1]   IPADDR 192.168.100.106
[B1]     NAKing with 192.168.100.1
[B1] IPCP: not converging
[B1] IPCP: parameter negotiation failed
[B1] IPCP: state change Req-Sent --> Stopped
```


----------



## ecazamir (Sep 20, 2011)

You have multiple messages like

```
bind: Address already in use
CONSOLE: Can't listen for connections on 127.0.0.1 5005
bind: Address already in use
```
Usually, this means you use multiple programs for the same listening port. You are trying to start multiple mpd instances ?

disabling chap is not a good idea, usually it works out of the box, I've tested with Windows clients.

Perhaps you should try first to use the BSD box as a server, with XP/W7 client, and later with Windows Server.

I see in the last log that the BSD box is blindly requesting to use 192.168.0.1, even if the server is assigning other ip addresses to the client. Finally, at IPCP layer, mpd gives up.
Try setting a more flexible configuration:

```
set ipcp ranges 192.168.[color="Red"]100[/color].1/[color="Red"]24[/color] 192.168.100.1/32
```


----------



## vist (Sep 20, 2011)

I've followed your advice. This is the log. It seems like the remote server does not reply in time.


```
process 3099 started, version 5.5 (root@freebsd.org 09:12 27-May-2010)
[B1] Bundle: Interface ng0 created
PPTP: waiting for connection on 1.2.3.4 1723
[L1] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: SendConfigReq #1
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 045c83e7
[L1]   AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #2
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 045c83e7
[L1]   AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #3
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 045c83e7
[L1]   AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #4
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 045c83e7
[L1]   AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #5
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 045c83e7
[L1]   AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #6
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 045c83e7
[L1]   AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #7
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 045c83e7
[L1]   AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #8
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 045c83e7
[L1]   AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #9
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 045c83e7
[L1]   AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigReq #10
[L1]   ACFCOMP
[L1]   PROTOCOMP
[L1]   ACCMAP 0x000a0000
[L1]   MRU 1500
[L1]   MAGICNUM 045c83e7
[L1]   AUTHPROTO CHAP MSOFTv2
[L1] LCP: parameter negotiation failed
[L1] LCP: state change Req-Sent --> Stopped
[L1] LCP: LayerFinish
[L1] PPTP call terminated
```


----------



## ecazamir (Sep 21, 2011)

```
PPTP: waiting for connection on 1.2.3.4 1723
```

If you don't really use the IP address '1.2.3.4', change the values at

```
set pptp self 1.2.3.4
set pptp peer 2.3.4.5
```
 with the real ones.
At 'self' you must put an IP address which is in use on the BSD machine, the peer is an IP address of the remote PPTP server reachable when the VPN link is down [a.k.a. Outer Tunnel Address]


----------

