Hi,
I have an openBSD 4.3 as firewall/router/vpn Server ( Server A production)( local ip 10.10.100.254 mask 255.255.0.0 ) I just got it working when I give to pptp clients an IP of the same subnet as VPN Server ( 10.10.9/24). I know/read about proxy arp issue, so I installed an OpenBSD 4.4( server B ) and I am trying to configure it but with no success yet. All conf files are the same as I use on 4.3 ( production ). # cat pptpd.conf speed 230400 debug option /etc/ppp/ppp.conf logfile /var/log/pptpd.log localip 172.16.0.1 remoteip 172.16.0.1-20 listen 189.57.43.4 nobsdcomp +chapms-v2 mppe-40 mppe-128 mppe-stateless noipparam # ppp.conf (http://189.57.43.4/ppp.conf <http://189.57.43.4/ppp.conf> ) I just paste here the changes I made. loop: set timeout 0 set log phase chat connect lcp ipcp command set device localhost:pptp set dial set login set mppe * stateful set ifaddr 172.16.0.1 255.255.255.0 255.255.255.0 set server /var/tmp/loop "" 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: set timeout 0 set speed 115200 set log phase chat connect lcp ipcp command set dial set login enable mssfixup # set ifaddr 10.10.100.253 10.10.9.5-10.10.9.20 255.255.255.0 255.255.255.255 set ifaddr 172.16.0.1 172.16.0.2-172.16.0.20 255.255.255.0 255.255.255.0 enable chap disable pap enable mschapv2 disable deflate pred1 deny deflate pred1 disable ipv6 accept mppe enable proxy accept dns set device !/etc/ppp/secure # cat /etc/modules.conf alias char-major-108 ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias net-pf-47 ip_gre # # cat ppp.secret # Authname Authkey Peer's IP address Label Callback loja1 passwd 172.16.0.2 loja1 * # I am able to connect using loja1. /var/log/messages Feb 26 11:26:02 Tico pptpd[9667]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Feb 26 11:26:02 Tico ppp[5686]: Warning: 172.16.0.8: Cannot determine ethernet address for proxy ARP Feb 26 11:26:02 Tico ppp[5686]: Warning: 172.16.0.2: Cannot determine ethernet address for proxy ARP Feb 26 11:26:02 Tico last message repeated 2 times Feb 26 11:26:02 Tico ppp[5686]: Warning: ff01:a::/32: Change route failed: errno: Network is unreachable Feb 26 11:26:02 Tico ppp[5686]: Warning: ff02:a::/32: Change route failed: errno: Network is unreachable Feb 26 12:00:01 Tico syslogd: restart Ifconfig: tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400 groups: tun inet 255.255.255.0 --> 172.16.0.2 netmask 0xffffff00 # tcpdump -i tun0 tcpdump: listening on tun0, link-type LOOP 12:06:08.075096 172.16.0.2 > 172.16.0.1: icmp: echo request 12:06:11.104257 172.16.0.2 > 172.16.0.1: icmp: echo request 12:06:16.618617 172.16.0.2 > 172.16.0.1: icmp: echo request As I can see the packets are arriving at my Server B but its still 'wrong'. I read about proxy arp (http://poptop.sourceforge.net/dox/qna.html <http://poptop.sourceforge.net/dox/qna.html> ) but when I try to add arp I got an error # arp -s 172.16.0.2 00:0c:29:22:bb:cf pub cannot intuit interface index and type for 172.16.0.2 # Can anyone help me please? Thanks
