From owner-freebsd-net Mon Feb 18 21:30:10 2002 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id 979AA37B405 for ; Mon, 18 Feb 2002 21:30:02 -0800 (PST) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id VAA70396; Mon, 18 Feb 2002 21:18:34 -0800 (PST) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g1J5Hwn93991; Mon, 18 Feb 2002 21:17:58 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200202190517.g1J5Hwn93991@arch20m.dellroad.org> Subject: Re: mpd-netgraph as VPN client to Cisco 2500 In-Reply-To: <20020219133856.J90345-100000@tardis.everard.bogus> "from Justin Hawkins at Feb 19, 2002 01:43:15 pm" To: Justin Hawkins Date: Mon, 18 Feb 2002 21:17:58 -0800 (PST) Cc: archie@dellroad.org, freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Justin Hawkins writes: > > Yes, this is the same problem. Mpd and the kernel have both > > been modified since that posting: > > > > - mpd will disallow the 'fatal' scenario > > - the 'fatal' scenario is no longer fatal, i.e., instead of the > > kernel panicing, it will just return the 'deadlock avoided' > > error > > > > Unfortunately, there is no fix for this yet. However you can > > try one trick, which is to set up a host route to the remote > > IP address via your default gateway. I'm not sure if this will > > work but it might (please report success/failure if you try it). > > I had a quick try just then, but I'm on the 'wrong' side of the link, so I > managed to lock myself out for a while :-) > > Will try again later when I'm at home. > > Is this a hard thing to fix 'properly'? There was implied that some kernel > changes were needed in that previous post. One semi-proper fix is for mpd to install a host route as described above (assuming that works). But you won't get packets between the two PPTP hosts encrypted (if you're doing that); packets going to other hosts through the tunnel will be though. The kernel doesn't know how to look into a packet to see if it's already been encapsulated or not, and say "if this packet to X has been encapsulated, then send it this way, otherwise send it that way". It only routes based on destination IP address, and in the case we're talking about they dest. IP is the same in both encapsulated and non-encapsulated forms. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message