From owner-freebsd-net@FreeBSD.ORG Sat Nov 16 22:13:51 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 853551DF for ; Sat, 16 Nov 2013 22:13:51 +0000 (UTC) Received: from mail.solomo.de (mail.solomo.de [5.9.87.18]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 3F11F27D8 for ; Sat, 16 Nov 2013 22:13:51 +0000 (UTC) Received: from cpos1.nexxtmobile.de (localhost [127.0.0.1]) by mail.solomo.de (Postfix) with ESMTP id 9226677B4; Sat, 16 Nov 2013 23:13:43 +0100 (CET) X-Virus-Scanned: amavisd-new at nexxtmobile.de Received: from mail.solomo.de ([127.0.0.1]) by cpos1.nexxtmobile.de (cpos1.nexxtmobile.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 2wTB5LM0xASJ; Sat, 16 Nov 2013 23:13:41 +0100 (CET) Received: from nibbler-lan.home.lan (unknown [IPv6:2001:4dd0:fd65:d00d:450e:10ea:a137:7acd]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.solomo.de (Postfix) with ESMTPSA id B708E77A5; Sat, 16 Nov 2013 23:13:40 +0100 (CET) Message-ID: <5287EE0F.3070800@smeets.im> Date: Sat, 16 Nov 2013 23:13:35 +0100 From: Florian Smeets User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:28.0) Gecko/20100101 Thunderbird/28.0a1 MIME-Version: 1.0 To: "Dr. Rolf Jansen" , freebsd-net@freebsd.org Subject: Re: MPD5 PPTP and L2TP server problem with FreeBSD 9.2-RELEASE-p1 References: <6066426D-84BE-40F6-904D-9FF97B128555@obsigna.com> In-Reply-To: <6066426D-84BE-40F6-904D-9FF97B128555@obsigna.com> X-Enigmail-Version: 1.7a1pre Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="gDT9FiLE0CcfnvM242jrxlHjlp6KMTSwq" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Nov 2013 22:13:51 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --gDT9FiLE0CcfnvM242jrxlHjlp6KMTSwq Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 16/11/13 22:48, Dr. Rolf Jansen wrote: > Hello! > > Now, the server behaves strange after a PPTP or a L2TP/IPsec-VPN > connection had been established. The VPN client can access resources > on the server, but not in the LAN and WAN, as it could on 9.1. Even > more bugging is, that LAN clients cannot access the internet anymore, > once a VPN connection was made, and the problem persists even after > the VPN was disconnected, and persists after the mpd5 and racoon were > killed, and any dangling SA and SPD had been flushed. netstat -nr and > sockstat -4 show nothing strange. For getting back WAN connectivity > for LAN clients, I need to restart the server. >=20 Do you set net.inet.ip.forwarding in /etc/sysctl.conf? Try setting gateway_enable=3D"YES" in /etc/rc.conf. This is caused by some changes in= the rc system and the scripts it calls on interface creation. This bit me too. It looks like directly setting net.inet.ip.forwarding in sysctl.conf has never been officially supported. Though the last time I used gateway_enable was probably in the 4.X days, and setting it in sysctl.conf has always worked for me, until now :) Florian --gDT9FiLE0CcfnvM242jrxlHjlp6KMTSwq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJSh+4TAAoJEOcFPfn/hvB2jQcP/iutldAF42tgiPPr66AKIvfu HZY1KjNHmZSp0HgFUPQgFY0osTrffDPhRDXyRXEPLaoJZJ7ozgf7i7dMuH8g10aW IDTydnBCISS03LGsh8X/81CengYpbgKH2av0SHbm/zbS+Hgr7ykkmvWsuwvuZaQ5 gcH9hQXRYQJbHhypdmDxoseiPhqV6XliWxwGqNGhYHJ2Ws9tUVhG0OKbEDM4v6Zi +8U+Na7KYafkK30lX3dX9bkYNLO5tWVPvvBz2Zrfl4ZOnHeOm7Vez6YcC1bpbbCu +sCk2K9AA1tRvyFmi/OVj4a8h35Hl7ZVQDsEb28dqvNrAg4+svuRd2mfdLEN+w+k 1iJPQtwZUucc/IfsS5zOXEbEgd8e9TD4m2s3yGSM+U7WTyG9OfjtWTyTAN95osuG PiduYmTsHkToKt9n4GyVrYZKX7WeFnNCdHGkxg+h6eoZFa56/F8stHtIFyHKdap8 gVMmQWEp2stCwhMO1ouH9JnNwlB+6JvzEtaXQg5AdPhYshH7RdCTuZX72CE2ETI8 z1e3OgIqodTM8pJBllGWXm7g+BcrFtf96ktwu7mWRVqg5mvLXuD2eCn6OShPNohX VhxgYlrr9s981PX4qOO9ylb7qMBuO8GI3Xz6fSStddfC7dY0ppKMlC97QfsAMvEP YQgsMUVrROCiAVh+HvJM =8RWC -----END PGP SIGNATURE----- --gDT9FiLE0CcfnvM242jrxlHjlp6KMTSwq--