From owner-freebsd-isdn Wed Feb 24 13:26: 0 1999 Delivered-To: freebsd-isdn@freebsd.org Received: from linteuto.teuto.de (linteuto.teuto.de [194.77.23.26]) by hub.freebsd.org (Postfix) with ESMTP id B43D911579 for ; Wed, 24 Feb 1999 13:23:40 -0800 (PST) (envelope-from martin@rumolt.teuto.de) Received: from rumolt.teuto.de (root@rumolt.teuto.de [212.8.203.81]) by linteuto.teuto.de (8.8.7/8.8.7) with ESMTP id WAA30505 for ; Wed, 24 Feb 1999 22:15:52 +0100 Received: (from martin@localhost) by rumolt.teuto.de (8.8.8/8.8.7) id WAA01926 for freebsd-isdn@FreeBSD.ORG; Wed, 24 Feb 1999 22:15:58 +0100 (MET) From: Martin Husemann Message-Id: <199902242115.WAA01926@rumolt.teuto.de> Subject: Problems with PAP authentication To: freebsd-isdn@FreeBSD.ORG Date: Wed, 24 Feb 1999 22:15:53 +0100 (MET) Organization: Crusaders Catering Services Inc. ;-) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isdn@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We had a big problem with one router connecting to t-online. Every now and then the authentication started to fail, so we got an ISDN connection, but where rejected by the remote site. We dialed again and where rejected again. This happened rappidly for a long time. My boss nearly killed me when he got the bill... I don't know what the problem is, every time I watch that system, everything is fine, and t-online accepts the PAP authentication. Anyway, the big problem is (IMHO) a big design flaw in isdnd: everything works on the ISDN layer, so the retry-count/put interface down stuff doesn't catch this. With PPP connections we should count a connection attempt to be successful only if the connection got up (which the daemon knows since the last release, due to the 'interface up' message used to trigger the ip-up script). I was in a hurry and didn't want to look that deep into the problem, so I made the change attached below. Due to local policies at that site this is an ideal solution for our problem: every time the PAP authentication failes the interface is configured down and only reactivated "manualy" - which in this case is an hourly job looking for mails. Your mileage may vary, and of course we should realy fix the underlying PAP problem as well as change isdnd as outlined above... Martin *** if_spppsubr.c.orig Wed Feb 24 11:27:41 1999 --- if_spppsubr.c Wed Feb 24 11:32:53 1999 *************** *** 3557,3569 **** if (len > 5 && name_len) { addlog(": "); sppp_print_string((char*)(h+1), name_len); } addlog("\n"); ! } else ! log(LOG_INFO, SPP_FMT "pap failure\n", SPP_ARGS(ifp)); /* await LCP shutdown by authenticator */ break; default: /* Unknown PAP packet type -- ignore. */ --- 3557,3571 ---- if (len > 5 && name_len) { addlog(": "); sppp_print_string((char*)(h+1), name_len); } addlog("\n"); ! } else { ! log(LOG_DEBUG, SPP_FMT "pap failure, setting if down\n", SPP_ARGS(ifp)); + ifp->if_flags &= ~IFF_UP; + } /* await LCP shutdown by authenticator */ break; default: /* Unknown PAP packet type -- ignore. */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message