From owner-freebsd-net@FreeBSD.ORG  Fri Feb 12 21:33:59 2010
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1AAFF106566B
	for <net@freebsd.org>; Fri, 12 Feb 2010 21:33:59 +0000 (UTC)
	(envelope-from brett@lariat.net)
Received: from lariat.net (lariat.net [66.119.58.2])
	by mx1.freebsd.org (Postfix) with ESMTP id AC3E38FC08
	for <net@freebsd.org>; Fri, 12 Feb 2010 21:33:58 +0000 (UTC)
Received: from anne-o1dpaayth1.lariat.net (IDENT:ppp1000.lariat.net@lariat.net
	[66.119.58.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id OAA16835;
	Fri, 12 Feb 2010 14:33:51 -0700 (MST)
Message-Id: <201002122133.OAA16835@lariat.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 12 Feb 2010 14:32:55 -0700
To: "Li, Qing" <qing.li@bluecoat.com>
From: Brett Glass <brett@lariat.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: net@freebsd.org
Subject: RE: Routing problems on VPN servers running FreeBSD 8.0-RELEASE
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2010 21:33:59 -0000

Qing:

Last night, I updated an 8.0-RELEASE test machine to 8.0-RELENG 
using csup, and then rebuilt the world and the kernel. I then 
tested both ppp(8) (with PoPTop) and mpd 5.3 on the machine. (I did 
not recompile mpd, but ppp(8) was of course recompiled when I 
rebuilt the world.)

Proxy ARP for users tunneling into the LAN via a PPTP VPN did not 
work. mpd produced no error message, but it did not create the 
proxy arp entry and the VPN connection was immediately broken.

ppp(8) gave the error message

Feb 12 14:16:02 <daemon.err> tester ppp[1078]: tun0: Error: Add 
proxy arp entry <address>: File exists

and then disconnected. Connections for which firewall NAT (rather 
than proxy arp) was used seemed to function properly. 
Unfortunately, this isn't an acceptable workaround for machines 
that need full access when tunneling through a firewall.

I've been told that the ARP and routing changes are new to 
8.0-RELEASE. Therefore, we may abandon 8-STABLE and try 7.3-RELEASE 
(assuming that we can find drivers for our hardware) if we can't 
get routing and ARP to work with the various PPP implementations 
soon. Please let me know if you can implement changes that will 
help us use 8-STABLE.

--Brett Glass