Date: Sat, 16 Nov 2013 20:52:06 -0200 From: "Dr. Rolf Jansen" <rj@obsigna.com> To: Florian Smeets <flo@smeets.im> Cc: freebsd-net@freebsd.org Subject: Re: MPD5 PPTP and L2TP server problem with FreeBSD 9.2-RELEASE-p1 Message-ID: <4CA8022F-E827-4417-9541-4E3EB4D6155E@obsigna.com> In-Reply-To: <5287EE0F.3070800@smeets.im> References: <6066426D-84BE-40F6-904D-9FF97B128555@obsigna.com> <5287EE0F.3070800@smeets.im>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_BB9E9702-1340-4456-94C0-6F4AF37ABF91 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Am 16.11.2013 um 20:13 schrieb Florian Smeets <flo@smeets.im>: > On 16/11/13 22:48, Dr. Rolf Jansen wrote: >=20 >> Hello! >>=20 >> Now, the server behaves strange after a PPTP or a L2TP/IPsec-VPN >> connection had been established. The VPN client can access resources >> on the server, but not in the LAN and WAN, as it could on 9.1. Even >> more bugging is, that LAN clients cannot access the internet anymore, >> once a VPN connection was made, and the problem persists even after >> the VPN was disconnected, and persists after the mpd5 and racoon were >> killed, and any dangling SA and SPD had been flushed. netstat -nr and >> sockstat -4 show nothing strange. For getting back WAN connectivity >> for LAN clients, I need to restart the server. >=20 > Do you set net.inet.ip.forwarding in /etc/sysctl.conf? Try setting > gateway_enable=3D"YES" in /etc/rc.conf. This is caused by some changes = in > the rc system and the scripts it calls on interface creation. This bit > me too. >=20 > It looks like directly setting net.inet.ip.forwarding in sysctl.conf = has > never been officially supported. Though the last time I used > gateway_enable was probably in the 4.X days, and setting it in > sysctl.conf has always worked for me, until now :) Yes, that was the problem. My configuration had net.inet.ip.forwarding=3D1= and net.inet6.ip.forwarding=3D1 in /etc/sysctl.conf instead of = gateway_enable=3D"YES" in /etc/rc.conf. I removed the respective sysctl = assignments and set gateway_enable=3D"YES", and the VPN servers work as = before. Many thanks for the helpful hint. Best regards Rolf --Apple-Mail=_BB9E9702-1340-4456-94C0-6F4AF37ABF91 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJSh/cXAAoJENj77GPmvpID8yYH/36UumCaO0V335ki6Q91hN8z gRA/JLP5yBYVMqk1/W8lvmuZ+jB6aXhKbBDCQF/Q4NwbtjkPIxckYdfnSsC0zHCb 9aGIoeMa1GHVo2a2Wp49alajFNq+fK5LFqQjoKCiTo0eJ4Wq7KkEFBZukygqZtlw HaG2SJ6DWKckZUmpcmkTQCosvcYHQAWRRG8drAikPNfzlcFM465UnNamjtSEbmkx kYHQlOl2CqulVy0SF38+qckxQ7NRCvFDRbdIdVTnMw7V3iK1BEiOzXZWhspnAe0v tfq/KXpmy8uhIPoRfqQDgRCfvFhOIzVCchYgPaHZ9XgE25zIo+XNvQXstzH8hSw= =LgJW -----END PGP SIGNATURE----- --Apple-Mail=_BB9E9702-1340-4456-94C0-6F4AF37ABF91--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CA8022F-E827-4417-9541-4E3EB4D6155E>