From owner-freebsd-net Mon Feb 18 19: 0:10 2002 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id 51BDF37B400 for ; Mon, 18 Feb 2002 19:00:07 -0800 (PST) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id SAA69509; Mon, 18 Feb 2002 18:55:16 -0800 (PST) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g1J2seh91729; Mon, 18 Feb 2002 18:54:40 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200202190254.g1J2seh91729@arch20m.dellroad.org> Subject: Re: mpd-netgraph as VPN client to Cisco 2500 In-Reply-To: <000d01c1b7f7$c3383390$b27ba8c0@keg> "from Lars Eggert at Feb 17, 2002 01:12:09 pm" To: Lars Eggert Date: Mon, 18 Feb 2002 18:54:40 -0800 (PST) Cc: "'Justin Hawkins'" , freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Lars Eggert writes: > this doesn't look like the same bug described in the link you posted. > The other bug caused negotiation to completely fail, while it succeeds > in your case. > > Looks like there's something else wring. What does your ifconfig look > like after the link is up? > > > I'm trying to setup a VPN connection to my work's staff > > network. I think I'm running into the problem described here: > > > > http://www.geocrawler.com/mail/msg.php3?msg_id=7311422&list=165 > > > > IE: The physical IP address of the cisco device is the same > > as the tunnel endpoint address, and packets get encapsulated > > recursively. Yes, this is the same problem. Mpd and the kernel have both been modified since that posting: - mpd will disallow the 'fatal' scenario - the 'fatal' scenario is no longer fatal, i.e., instead of the kernel panicing, it will just return the 'deadlock avoided' error Unfortunately, there is no fix for this yet. However you can try one trick, which is to set up a host route to the remote IP address via your default gateway. I'm not sure if this will work but it might (please report success/failure if you try it). -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message