Date: Sat, 16 Nov 2013 20:52:06 -0200 From: "Dr. Rolf Jansen" <rj@obsigna.com> To: Florian Smeets <flo@smeets.im> Cc: freebsd-net@freebsd.org Subject: Re: MPD5 PPTP and L2TP server problem with FreeBSD 9.2-RELEASE-p1 Message-ID: <4CA8022F-E827-4417-9541-4E3EB4D6155E@obsigna.com> In-Reply-To: <5287EE0F.3070800@smeets.im> References: <6066426D-84BE-40F6-904D-9FF97B128555@obsigna.com> <5287EE0F.3070800@smeets.im>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Am 16.11.2013 um 20:13 schrieb Florian Smeets <flo@smeets.im>: > On 16/11/13 22:48, Dr. Rolf Jansen wrote: > >> Hello! >> >> Now, the server behaves strange after a PPTP or a L2TP/IPsec-VPN >> connection had been established. The VPN client can access resources >> on the server, but not in the LAN and WAN, as it could on 9.1. Even >> more bugging is, that LAN clients cannot access the internet anymore, >> once a VPN connection was made, and the problem persists even after >> the VPN was disconnected, and persists after the mpd5 and racoon were >> killed, and any dangling SA and SPD had been flushed. netstat -nr and >> sockstat -4 show nothing strange. For getting back WAN connectivity >> for LAN clients, I need to restart the server. > > Do you set net.inet.ip.forwarding in /etc/sysctl.conf? Try setting > gateway_enable="YES" in /etc/rc.conf. This is caused by some changes in > the rc system and the scripts it calls on interface creation. This bit > me too. > > It looks like directly setting net.inet.ip.forwarding in sysctl.conf has > never been officially supported. Though the last time I used > gateway_enable was probably in the 4.X days, and setting it in > sysctl.conf has always worked for me, until now :) Yes, that was the problem. My configuration had net.inet.ip.forwarding=1 and net.inet6.ip.forwarding=1 in /etc/sysctl.conf instead of gateway_enable="YES" in /etc/rc.conf. I removed the respective sysctl assignments and set gateway_enable="YES", and the VPN servers work as before. Many thanks for the helpful hint. Best regards Rolf [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJSh/cXAAoJENj77GPmvpID8yYH/36UumCaO0V335ki6Q91hN8z gRA/JLP5yBYVMqk1/W8lvmuZ+jB6aXhKbBDCQF/Q4NwbtjkPIxckYdfnSsC0zHCb 9aGIoeMa1GHVo2a2Wp49alajFNq+fK5LFqQjoKCiTo0eJ4Wq7KkEFBZukygqZtlw HaG2SJ6DWKckZUmpcmkTQCosvcYHQAWRRG8drAikPNfzlcFM465UnNamjtSEbmkx kYHQlOl2CqulVy0SF38+qckxQ7NRCvFDRbdIdVTnMw7V3iK1BEiOzXZWhspnAe0v tfq/KXpmy8uhIPoRfqQDgRCfvFhOIzVCchYgPaHZ9XgE25zIo+XNvQXstzH8hSw= =LgJW -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CA8022F-E827-4417-9541-4E3EB4D6155E>