From owner-freebsd-net@FreeBSD.ORG Sat Nov 16 21:48:44 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EC94AC68 for ; Sat, 16 Nov 2013 21:48:44 +0000 (UTC) Received: from mo6-p00-ob.rzone.de (mo6-p00-ob.rzone.de [IPv6:2a01:238:20a:202:5300::1]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 848EA26CD for ; Sat, 16 Nov 2013 21:48:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1384638522; l=1950; s=domk; d=obsigna.com; h=Mime-Version:To:Date:Subject:Content-Transfer-Encoding:Content-Type: From:X-RZG-CLASS-ID:X-RZG-AUTH; bh=2UVKiaq7rdD+tDpNbMZz1LK7zHo=; b=aPyQ2vkMhRPssOZqEsYICf02hulGPvI55dmXF3BRyql3iM/buBEEBSCQoX9Af9R6jIm Ddqsccsy5CdkU9aAZ1Q7Pp+1Ie/Hfs5HABWSIq8sEDZRPmrfPhcd1xYa1bACWWjQ4yWnU C1Fu42btkDiD+sF+32vZ7LQ6LZ2++raRd0M= X-RZG-AUTH: :O2kGeEG7b/pS1EK7WHa0hxqKZr4lnx6UhToX1IWHkW4X7v2ImaU2BqlKi/2sgPjP5gc7 X-RZG-CLASS-ID: mo00 Received: from mail.obsigna.com (bd1db303.virtua.com.br [189.29.179.3]) by smtp.strato.de (RZmta 32.13 DYNA|AUTH) with (TLSv1.2:DHE-RSA-AES256-GCM-SHA384 encrypted) ESMTPSA id m028a4pAGLmfpfG for ; Sat, 16 Nov 2013 22:48:41 +0100 (CET) Received: from rolf.projectworld.net (rolf.projectworld.net [192.168.222.5]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.obsigna.com (Postfix) with ESMTPSA id 6BDA7142AF428 for ; Sat, 16 Nov 2013 19:48:38 -0200 (BRST) From: "Dr. Rolf Jansen" Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: MPD5 PPTP and L2TP server problem with FreeBSD 9.2-RELEASE-p1 Message-Id: <6066426D-84BE-40F6-904D-9FF97B128555@obsigna.com> Date: Sat, 16 Nov 2013 19:48:38 -0200 To: freebsd-net@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) X-Mailer: Apple Mail (2.1510) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Nov 2013 21:48:45 -0000 Hello! On my FreeBSD home server I installed MPD 5.7 for it providing PPTP and = L2TP Dial-In VPN connectivity for external clients, which worked very = well. In the last week, I upgraded my home server from 9.1 RELEASE-p7 to = 9.2-RELEASE-p1, using freebsd-update. Now, the server behaves strange after a PPTP or a L2TP/IPsec-VPN = connection had been established. The VPN client can access resources on = the server, but not in the LAN and WAN, as it could on 9.1. Even more = bugging is, that LAN clients cannot access the internet anymore, once a = VPN connection was made, and the problem persists even after the VPN was = disconnected, and persists after the mpd5 and racoon were killed, and = any dangling SA and SPD had been flushed. netstat -nr and sockstat -4 = show nothing strange. For getting back WAN connectivity for LAN clients, = I need to restart the server. First, I thought that this could be a problem of the ipsec patches that = I applied to my custom kernel, and I did some tests with PPTP by mpd5 = using a pristine 9.2 GENERIC one. The same happened with that. Once an = external client established a PPTP-VPN connection, all the internal LAN = clients were effectively clipped from he internet. For the time being, I disabled mpd5, and switched to sl2tps, which is = also based on netgraph, and it doesn't show said problem in the = otherwise unmodified L2TP/IPsec setup - PPTP stays disabled though. I really would like to have back a working mpd5, since it is more = versatile, and since sl2tps shows a different problem, namely it does = not tear-down the proxy-arp routes, that it installed into the routing = tables. I did not send a PR up to now. Can somebody confirm this problem? My = best educated guess is, that this is a kernel (or kernel module) = regression, but I am not sure. So, what category should a PR have -- = Kernel or ports net/mpd5? Best regards Rolf=