From owner-freebsd-net@FreeBSD.ORG Sat Nov 16 22:52:15 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E1FFF90F for ; Sat, 16 Nov 2013 22:52:14 +0000 (UTC) Received: from mo6-p00-ob.rzone.de (mo6-p00-ob.rzone.de [IPv6:2a01:238:20a:202:5300::1]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 711C92985 for ; Sat, 16 Nov 2013 22:52:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1384642332; l=2629; s=domk; d=obsigna.com; h=To:References:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:X-RZG-CLASS-ID:X-RZG-AUTH; bh=/p9Kydwidwxw52UoGyHXrcmXBSk=; b=mj6unmRqSQ/+RQAGDmw0onAQ+Z65/SRtSFpiu7CSix3dwjc3ZS8YSSPvRdDvSowfZUb VFLq48z/XBrXa572Yob498th0dVlOKcBxyrTRNqwKfs8V8HuOpcMTmjI7T1tetvsvqJqS rk7s6QW4KSfNxrXPzakTlsQRfELd8yPVVv4= X-RZG-AUTH: :O2kGeEG7b/pS1EK7WHa0hxqKZr4lnx6UhToX1IWHkW4X7v2ImaU2BqlKi/2sgPjP5gc7 X-RZG-CLASS-ID: mo00 Received: from mail.obsigna.com (bd1db303.virtua.com.br [189.29.179.3]) by smtp.strato.de (RZmta 32.13 DYNA|AUTH) with (TLSv1.2:DHE-RSA-AES256-GCM-SHA384 encrypted) ESMTPSA id V050fbpAGMqBqUh ; Sat, 16 Nov 2013 23:52:11 +0100 (CET) Received: from rolf.projectworld.net (rolf.projectworld.net [192.168.222.5]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.obsigna.com (Postfix) with ESMTPSA id AAEA9142AF428; Sat, 16 Nov 2013 20:52:07 -0200 (BRST) Content-Type: multipart/signed; boundary="Apple-Mail=_BB9E9702-1340-4456-94C0-6F4AF37ABF91"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: MPD5 PPTP and L2TP server problem with FreeBSD 9.2-RELEASE-p1 From: "Dr. Rolf Jansen" In-Reply-To: <5287EE0F.3070800@smeets.im> Date: Sat, 16 Nov 2013 20:52:06 -0200 Message-Id: <4CA8022F-E827-4417-9541-4E3EB4D6155E@obsigna.com> References: <6066426D-84BE-40F6-904D-9FF97B128555@obsigna.com> <5287EE0F.3070800@smeets.im> To: Florian Smeets X-Mailer: Apple Mail (2.1510) Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Nov 2013 22:52:15 -0000 --Apple-Mail=_BB9E9702-1340-4456-94C0-6F4AF37ABF91 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Am 16.11.2013 um 20:13 schrieb Florian Smeets : > On 16/11/13 22:48, Dr. Rolf Jansen wrote: >=20 >> Hello! >>=20 >> Now, the server behaves strange after a PPTP or a L2TP/IPsec-VPN >> connection had been established. The VPN client can access resources >> on the server, but not in the LAN and WAN, as it could on 9.1. Even >> more bugging is, that LAN clients cannot access the internet anymore, >> once a VPN connection was made, and the problem persists even after >> the VPN was disconnected, and persists after the mpd5 and racoon were >> killed, and any dangling SA and SPD had been flushed. netstat -nr and >> sockstat -4 show nothing strange. For getting back WAN connectivity >> for LAN clients, I need to restart the server. >=20 > Do you set net.inet.ip.forwarding in /etc/sysctl.conf? Try setting > gateway_enable=3D"YES" in /etc/rc.conf. This is caused by some changes = in > the rc system and the scripts it calls on interface creation. This bit > me too. >=20 > It looks like directly setting net.inet.ip.forwarding in sysctl.conf = has > never been officially supported. Though the last time I used > gateway_enable was probably in the 4.X days, and setting it in > sysctl.conf has always worked for me, until now :) Yes, that was the problem. My configuration had net.inet.ip.forwarding=3D1= and net.inet6.ip.forwarding=3D1 in /etc/sysctl.conf instead of = gateway_enable=3D"YES" in /etc/rc.conf. I removed the respective sysctl = assignments and set gateway_enable=3D"YES", and the VPN servers work as = before. Many thanks for the helpful hint. Best regards Rolf --Apple-Mail=_BB9E9702-1340-4456-94C0-6F4AF37ABF91 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJSh/cXAAoJENj77GPmvpID8yYH/36UumCaO0V335ki6Q91hN8z gRA/JLP5yBYVMqk1/W8lvmuZ+jB6aXhKbBDCQF/Q4NwbtjkPIxckYdfnSsC0zHCb 9aGIoeMa1GHVo2a2Wp49alajFNq+fK5LFqQjoKCiTo0eJ4Wq7KkEFBZukygqZtlw HaG2SJ6DWKckZUmpcmkTQCosvcYHQAWRRG8drAikPNfzlcFM465UnNamjtSEbmkx kYHQlOl2CqulVy0SF38+qckxQ7NRCvFDRbdIdVTnMw7V3iK1BEiOzXZWhspnAe0v tfq/KXpmy8uhIPoRfqQDgRCfvFhOIzVCchYgPaHZ9XgE25zIo+XNvQXstzH8hSw= =LgJW -----END PGP SIGNATURE----- --Apple-Mail=_BB9E9702-1340-4456-94C0-6F4AF37ABF91--