On Thu, 2004-01-08 at 03:34, Chris Jones wrote: > Oh. :( I thought it negotiated the encryption ok because I see this: > > [ciscovpn] CCP: LayerUp > Compress using: MPPE, 128 bit, stateless > Decompress using: MPPE, 128 bit, stateless
This is fine. I get this, too. However, when trying to send data, I get decryption errors (the concentrator reports invalid packets). > > And capturing on the interface, I see echo req's coming in from the > concentrator, but I encounter a routing loop when I try to send across > the tunnel. I was able to get past the routing loop by readdressing the interface as soon as it came up. This is a good starter howto on that procedure: http://www.cs.rpi.edu/~flemej/fbsd-cisco-vpn/fbsd-cisco-vpn.pdf > > Disabling encryption isn't an option, even for testing, I'm afraid. Then you're probably not going have any luck getting this to work. You might also consider trying out security/vpnc if the concentrator also allows for IPSec clients using the Cisco VPN client. Joe > > > Original message from Joe Marcus Clarke: > > > On Thu, 2004-01-08 at 02:49, Chris Jones wrote: > > > Hi. I've gone over list archives and seen this issue discussed before, > > > but the sugggested solutions aren't working for me. I am using > > > mpd-3.15_1 on FreeBSD 4.9-STABLE to connect to a Cisco 3000 Series VPN > > > Concentrator. I have negotiated CHAP and MPPE and the ng0 interface > > > comes up, but when I try to do anything I get this: > > > > > > $ ping 10.10.58.7 > > > PING 10.10.58.7 (10.10.58.7): 56 data bytes > > > ping: sendto: Resource deadlock avoided > > > ping: sendto: No buffer space available > > > > > > A little investigation showed that this is a known routing issue and > > > that it is possible to work around by re-addressing the ng0 interface > > > with the VPN concentrator's private IP and set a default route to it. I > > > did this, but I still have the same problem. :( > > > > > > Does anyone see what I am doing wrong here? Below are my routing table > > > and ifconfig before running mpd, after running mpd, and after running > > > the "fix". Below that is my mpd.conf and its output (verbose). > > > > > > I appreciate any help on this, I've been going crazy trying to figure > > > out what I'm doing wrong. I can get it to work using the OSX PPTP > > > client, but not mpd. > > > > Good luck. I have tried to get this working, but have never been able > > to get mpd encryption to work with the Concentrator's encryption > > (neither has anyone else to my knowledge). If you disable encryption on > > the concentrator, the tunnel will come up, and you will be able to pass > > traffic across it. Any other combination does not work. I haven't > > tried 3.16 yet, but looking at the ChangeLog, I doubt it addresses this > > problem. > > > > Joe > > > > -- > > PGP Key : http://www.marcuscom.com/pgp.asc -- PGP Key : http://www.marcuscom.com/pgp.asc
signature.asc
Description: This is a digitally signed message part