Date: Mon, 14 Jul 2014 15:57:26 -0400 From: Zaphod Beeblebrox <zbeeble@gmail.com> To: FreeBSD Net <freebsd-net@freebsd.org> Subject: ng_iface regression from 9.2 to 10.0 Message-ID: <CACpH0MdXQEXi5qM4RoX-9XOtQaKC6_pfdN-dzfBiqAAAuNWeJg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I'm going to post again with some new information. I have a 10.0p6 machine
running mpd5 terminating a bunch of l2tp tunnels from subscribers (not
encrypted).
The specific regression between 9.2 and 10.0 is that hosts on the tunnels
cannot communicate with local services. They can ping local IPs, and the
server can ping them, but no userland connections can be had.
IE:
[2:15:315]root@owl:~> ifconfig ng29
ng29: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0
mtu 1436
inet xx.yy.31.6 --> xx.yy.16.50 netmask 0xffffffff
inet6 fe80::219:b9ff:fef9:b9e7%ng29 prefixlen 64 scopeid 0x23
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
[2:16:316]root@owl:~> ping xx.yy.16.50
PING xx.yy.16.50 (xx.yy.16.50): 56 data bytes
64 bytes from xx.yy.16.50: icmp_seq=0 ttl=64 time=11.580 ms
64 bytes from xx.yy.16.50: icmp_seq=1 ttl=64 time=16.515 ms
64 bytes from xx.yy.16.50: icmp_seq=2 ttl=64 time=6.253 ms
^C
--- xx.yy.16.50 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 6.253/11.449/16.515/4.190 ms
[2:17:317]root@owl:~> ssh xx.yy.16.50
ssh: connect to host xx.yy.16.50 port 22: Operation timed out
It's worth noting, too, that all tunnel-connected hosts have full internet
connectivity as does the tunnel server. Connections from one hop away (ie:
not involving the tunnel server to run the process) work as usual.
It's also worth noting that localhost and local-ip communication on the
server are fine (ie: mpd5 communicates with radiusd running on the same
machine).
For interest's sake, xx.yy.16.50 is running mpd5 on 9.2.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACpH0MdXQEXi5qM4RoX-9XOtQaKC6_pfdN-dzfBiqAAAuNWeJg>