PPTP server and client on the same Cisco router

A

Archangel2014-01-07 22:11:16

VPN

Archangel, 2014-01-07 22:11:16

I have a Cisco ISR 2801 router with IOS 15.1(4)M4 C2801-ADVENTERPRISEK9-M.
It looks to the outside world through PPPoE inside ADSL, which goes through a modem / bridge.
A PPTP server is configured and running on it (it hangs on the PPPoE interface). I am setting up a PPTP client. The tunnel does not even try to rise (I watch tcpdump from the server side).

version 15.1
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service internal
!
hostname ISR2801
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
memory-size iomem 20
dot11 syslog
ip source-route
!
!
!
ip dhcp relay information option
!
!
ip cef
ip domain name aslanyan.me
ip inspect WAAS flush-timeout 10
ip ddns update method DynDNS
 HTTP
  add http://<login>:<pass>@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
 interval maximum 0 0 10 0
 interval minimum 0 0 2 0
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
vpdn enable
vpdn authorize directed-request
vpdn tunnel authorization virtual-template 1
!
vpdn-group 1
 ! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
 l2tp tunnel timeout no-session 15
 ip pmtu
 ip mtu adjust
!
vpdn-group VPS
 request-dialin
  protocol pptp
  rotary-group 4
 initiate-to ip xxx.xxx.xxx.xxx
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
username xxxxxx privilege 15 secret 4 <secret>
username yyyyyy privilege 0 password 7 <pass>
username zzzzzz privilege 15 password 7 <pass>
!
redundancy
!
!
! 
!
!
!
!
!
!
!
interface FastEthernet0/0
 description WAN-Phys
!
interface FastEthernet0/0.91
 description WAN1
 encapsulation dot1Q 91
 ip address 192.168.1.5 255.255.255.0
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet0/0.92
 description WAN2
!
interface FastEthernet0/1
 description LAN-Phys
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.2
 description LAN
!
interface FastEthernet0/1.5
 description guest
!
interface FastEthernet0/1.10
 description LAN2
!
interface Virtual-Template1
 ip unnumbered Dialer0
 ip mtu 1492
 ip virtual-reassembly in
 ip tcp adjust-mss 1400
 autodetect encapsulation ppp
 peer default ip address pool vpn-pool
 ppp encrypt mppe auto
 ppp authentication ms-chap-v2 callin
!
interface Dialer0
 description WAN
 mtu 1492
 ip ddns update hostname <dyndnsname>.dyndns-ip.com
 ip ddns update DynDNS
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 ppp authentication pap callin
 ppp pap sent-username <PPPoE_Username> password 7 <PPPoE_pass>
 ppp ipcp dns request
!
interface Dialer4
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer in-band
 dialer idle-timeout 0
 dialer string 123
 dialer vpdn
 dialer-group 4
 ppp pfc local request
 ppp pfc remote apply
 ppp encrypt mppe auto
 ppp authentication ms-chap ms-chap-v2 callin
 ppp eap refuse
 ppp chap hostname <login>
 ppp chap password 7 <pass>
 no cdp enable
!
ip local pool vpn-pool 10.50.50.20 10.50.50.30 recycle delay 10
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip nat inside source list Guest-to-NAT interface Dialer0 overload
ip nat inside source list LAN-to-NAT interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 99
ip route xxx.xxx.xxx.xxx 255.255.255.255 Dialer0
!
ip access-list standard VTY
 permit any
!
ip access-list extended LAN-to-NAT
 permit ip 10.50.50.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 session-timeout 60 
 access-class VTY in
 access-class VTY out
 transport input all
 transport output all
!
scheduler allocate 20000 1000
end

sh int di4 produces the following

ISR2801#sh int di4
Dialer4 is up (spoofing), line protocol is up (spoofing)
  Hardware is Unknown
  Internet address will be negotiated using IPCP
  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closed, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 00:49:43
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
     Conversations  0/0/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 42 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     0 packets output, 0 bytes

debug vpdn events is silent like a partisan. debug ppp events - too.
Prompt at least in what broad gull to look.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Archangel, 2014-02-22
@Archangel

I'm still a dumb idiot. The elephant did not notice.
All you had to do was add permission to the Dialer group of interfaces to skip the ip protocol in the config.
dialer-list <номер_группы> protocol ip permit