From owner-freebsd-net  Tue Feb 19 10:45:13 2002
Delivered-To: freebsd-net@freebsd.org
Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26])
	by hub.freebsd.org (Postfix) with ESMTP id E122037B41E
	for <freebsd-net@FreeBSD.ORG>; Tue, 19 Feb 2002 10:45:03 -0800 (PST)
Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20])
	by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id KAA74727;
	Tue, 19 Feb 2002 10:25:42 -0800 (PST)
Received: (from archie@localhost)
	by arch20m.dellroad.org (8.11.6/8.11.6) id g1JIP4O96413;
	Tue, 19 Feb 2002 10:25:04 -0800 (PST)
	(envelope-from archie)
From: Archie Cobbs <archie@dellroad.org>
Message-Id: <200202191825.g1JIP4O96413@arch20m.dellroad.org>
Subject: Re: mpd-netgraph as VPN client to Cisco 2500
In-Reply-To: <3C728CA0.70809@isi.edu> "from Lars Eggert at Feb 19, 2002 09:34:24
 am"
To: Lars Eggert <larse@ISI.EDU>
Date: Tue, 19 Feb 2002 10:25:04 -0800 (PST)
Cc: Archie Cobbs <archie@dellroad.org>,
	Justin Hawkins <justin@hawkins.dropbear.id.au>,
	freebsd-net@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL88 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Lars Eggert writes:
> How did you stop the Cisco box from stupidly trying to hand its own IP 
> address to the clients over and over? I don't even get past negotiation, 
> since the Cisco won't hand out any other addresses... (It also doesn't 
> help that the box isn't under my direct administration, but if I could 
> tell the support people "go look at page X in Cisco manual Y", that'd 
> probably allow them to fix it.)

Newer versions of mpd will not even finish negotiation with a box
that uses the same IP address inside & out... this was added as a
safety check.. to disable this behavior and allow such negotiation,
apply the patch below.

-Archie

__________________________________________________________________________
Archie Cobbs     *     Packet Design     *     http://www.packetdesign.com

Index: ipcp.c
===================================================================
RCS file: /home/cvs/archie/mpd/src/ipcp.c,v
retrieving revision 1.3
retrieving revision 1.2
diff -u -r1.3 -r1.2
--- ipcp.c	2001/12/16 03:47:25	1.3
+++ ipcp.c	2001/04/12 17:03:31	1.2
@@ -19,7 +19,6 @@
 #include "custom.h"
 #include "msg.h"
 #include "ngfunc.h"
-#include "pptp.h"
 
 #include <netgraph.h>
 #include <sys/mbuf.h>
@@ -608,7 +607,7 @@
 	  switch (mode) {
 	    case MODE_REQ:
 	      if (!IpAddrInRange(&ipcp->conf.peer_allow, *ip) || !ip->s_addr) {
-nak_ip:		if (ipcp->peer_addr.s_addr == 0)
+		if (ipcp->peer_addr.s_addr == 0)
 		  Log(LG_IPCP, ("   %s", "no IP address available for peer!"));
 		if (Enabled(&ipcp->conf.options, IPCP_CONF_PRETENDIP)) {
 		  Log(LG_IPCP, ("   pretending that %s is OK, will ignore",
@@ -621,17 +620,6 @@
 		Log(LG_IPCP, ("   NAKing with %s", inet_ntoa(*ip)));
 		FsmNak(fp, opt);
 		break;
-	      }
-	      if (bund->links[0]->phys->type == &gPptpPhysType) {
-		struct in_addr pip;
-
-		lnk = bund->links[0];
-		pip = PptpGetPeerIp();
-		if (ip->s_addr == pip.s_addr) {
-		  Log(LG_IPCP,
-		    ("   Same as PPTP IP; would cause routing loop"));
-		  goto nak_ip;
-		}
 	      }
 	      Log(LG_IPCP, ("   %s is OK", inet_ntoa(*ip)));
 	      ipcp->peer_addr = *ip;

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message