From owner-freebsd-questions@FreeBSD.ORG  Wed Jun 18 19:13:11 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 32BD637B401
	for <freebsd-questions@freebsd.org>;
	Wed, 18 Jun 2003 19:13:11 -0700 (PDT)
Received: from kirk.dlee.org (pool-138-88-67-6.res.east.verizon.net
	[138.88.67.6])	by mx1.FreeBSD.org (Postfix) with ESMTP id 3620643FDD
	for <freebsd-questions@freebsd.org>;
	Wed, 18 Jun 2003 19:13:10 -0700 (PDT)
	(envelope-from dgl@kirk.dlee.org)
Received: from kirk.dlee.org (dgl@localhost.dlee.org [127.0.0.1])
	by kirk.dlee.org (8.12.8/8.12.9) with ESMTP id h5J2D91V025066
	for <freebsd-questions@freebsd.org>;
	Wed, 18 Jun 2003 22:13:09 -0400 (EDT)
	(envelope-from dgl@kirk.dlee.org)
Received: (from dgl@localhost)
	by kirk.dlee.org (8.12.8/8.12.9/Submit) id h5J2D8HH025065
	for freebsd-questions@freebsd.org;
	Wed, 18 Jun 2003 22:13:08 -0400 (EDT)
Date: Wed, 18 Jun 2003 22:13:07 -0400
From: Doug Lee <dgl@dlee.org>
To: freebsd-questions@freebsd.org
Message-ID: <20030619021307.GE645@kirk.dlee.org>
Mail-Followup-To: Doug Lee <dgl@dlee.org>,
	freebsd-questions@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.25i
Subject: mpd 3.13 problem - man-in-the-middle or legit. issue?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jun 2003 02:13:11 -0000

I upgraded to FreeBSD 4.8-STABLE from 4.6-STABLE this weekend without
major incident (trouble with terminal left/right arrows, but that's
another matter), and my mpd-based VPN seemed unaffected... until
this morning, when it suddenly went down after functioning properly
under load for a while, then refused to come up.  I got connected
but couldn't negotiate parameters.  This evening it did come up but
began spewing protocol rejections on my side and unexpected protocol
alerts on the other side, like the data stream was being corrupted.
Last week, a Windows user in my office (the destination of my VPN)
informed me that attempts to set up a VPN link from XP to the
office's mpd-based VPN host locks up his machine now.

Is there any chance someone is trying to pull off a man-in-the-middle
attack on us, or are these more likely separate issues?  I have noted
a few such protocol rejections mentioned on this list and/or
FreeBSD-STABLE but little or no remarks on why.

I'm using mpd 3.13 at both ends, btw, as installed from ports.  The
link is usually running with 128-bit MPPE.

Much thanks for any info.


-- 
Doug Lee           dgl@dlee.org        http://www.dlee.org
"It's not easy to be crafty and winsome at the same time, and few accomplish
it after the age of six." --John W. Gardner and Francesca Gardner Reese