From owner-freebsd-questions@FreeBSD.ORG Wed Nov 19 17:08:16 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43AC816A4CE; Wed, 19 Nov 2003 17:08:16 -0800 (PST) Received: from mail.lambdabroadband.com (mail.lambdabroadband.com [81.17.78.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A78E43F3F; Wed, 19 Nov 2003 17:08:14 -0800 (PST) (envelope-from sb.mailinglist@lambdabroadband.com) Received: from blackbox ([81.17.78.11]) by mail.lambdabroadband.com (Kerio MailServer 5.7.1); Thu, 20 Nov 2003 01:04:38 +0000 Message-ID: <01ab01c3af02$caa85250$0b4e1151@blackbox> From: "Colin Watson" To: , Date: Thu, 20 Nov 2003 01:08:21 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Subject: Connecting subnet over PPP X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Colin Watson List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 01:08:16 -0000 Hi, I am using the userland ppp with pppoe daemon to setup a pppoe server to authenticate incoming clients. I want to route a /29 subnet (81.19.79.24/29) to a client. Now I authenticate via a radius server, which frames the IP, Protocol, and route attributes: Framed-Protocol = PPP Framed-IP-Address = 81.19.79.25 Framed-Route = 81.19.79.24/29 81.19.79.25 1 This appears to assign the connection without problem, and the machines on the clients side of the network, when assigned one of the subnet's IP's have no issue pinging out to all hosts. However, when a remote PC attempts to access one of the public IP's - i.e. ping it - this fails. The FreeBSD Gateway / PPPoE Server shows lots of ARP unable to resolve messages - I presume this means it cannot find a mac address for the client. I have checked the routing table - netstat -ran, and an entry is created for the subnet in question (via the returned radius attributes): Internet Dest: Gateway: Flags: Refs: Use: Netif: Expire: 81.19.79.24/29 81.19.79.25 UGSc 1 147 tun0 81.19.79.25 81.19.78.1 UH 0 256 tun0 81.19.79.25 00:05:5b:71.. UHLS2 0 0 ste1 A tcpdump of 'ste0' (the PPPoE Daemon Interface) from an IP the clients subnet pinging out, shows that the replies are occuring: 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.25 > 81.19.79.34: icmp: echo request 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo reply However, if this role is reversed, and a remote IP - in this case 81.19.79.34 (on a different /27 (32->63) network) attempts to ping a PC on the client network: 17:37:45.214386 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo request 17:37:45.221413 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo request 17:37:45.223422 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo request 17:37:45.321455 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo request 17:37:45.623212 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo request The client uses a D-Link Router which is set to allow all traffic - It is of course possible this is misconfigured, however I would like to know if this configuration *should* be working, or if I have made some grevious error somewhere, which is preventing the traffic reaching the clients network. Many Thanks Colin Watson.