From owner-freebsd-net@FreeBSD.ORG Mon Jan 10 18:30:57 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A1F4106566B for ; Mon, 10 Jan 2011 18:30:57 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1-6.sentex.ca [IPv6:2607:f3e0:0:1::12]) by mx1.freebsd.org (Postfix) with ESMTP id 1282A8FC19 for ; Mon, 10 Jan 2011 18:30:56 +0000 (UTC) Received: from [IPv6:2607:f3e0:0:4:356c:daf:ee13:13d1] ([IPv6:2607:f3e0:0:4:356c:daf:ee13:13d1]) by smarthost1.sentex.ca (8.14.4/8.14.4) with ESMTP id p0AIUsQJ047455 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Mon, 10 Jan 2011 13:30:55 -0500 (EST) (envelope-from mike@sentex.net) Message-ID: <4D2B505B.3070703@sentex.net> Date: Mon, 10 Jan 2011 13:30:51 -0500 From: Mike Tancsa User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Melissa Jenkins References: <63A5C79A-B4C3-42C3-9B76-1F2EB04DB871@littlebluecar.co.uk> <4D2B38CD.4050707@sentex.net> <9B789DC8-365B-4513-840A-1C0A3CFE4A44@littlebluecar.co.uk> In-Reply-To: <9B789DC8-365B-4513-840A-1C0A3CFE4A44@littlebluecar.co.uk> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on IPv6:2607:f3e0:0:1::12 Cc: freebsd-net@freebsd.org Subject: Re: PPP and Route Delete X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jan 2011 18:30:57 -0000 On 1/10/2011 1:16 PM, Melissa Jenkins wrote: >>> I've been working on migrating a PPTP server from FreeBSD 7.1 to FreeBSD 8.1. The server is configured using PopTop (from ports) and PPP (/usr/sbin) rather than MPD. (Before anybody tells me to use MPD we can't because it doesn't inject packets into the kernel in the same way and it's not possible to filter on them correctly) >> >> I use mpd a lot. Can you expand on the problem you have with it ? I am not sure what you mean by cant filter on it. > > Packets sent over a VPN to mpd didn't enter PF at the same point as they do from PPP - i couldn't get RDR or BINAT to redirect on anything inbound over the VPN. > > I haven't tried MPD in almost two years so this may have changed. When netgraph interfaces come and go, you might need to do a reload of your rules, or dynamically add/delete them if your rule set specifically references ng interfaces. If thats all it was, its easy enough to hook into using something like set iface up-script /usr/local/etc/mpd5/up.sh mpd5.5 is worth checking out for other reasons. It can do a lot and is well supported for pptp stuff. ---Mike