Date: Sat, 16 Nov 2013 19:48:38 -0200 From: "Dr. Rolf Jansen" <rj@obsigna.com> To: freebsd-net@freebsd.org Subject: MPD5 PPTP and L2TP server problem with FreeBSD 9.2-RELEASE-p1 Message-ID: <6066426D-84BE-40F6-904D-9FF97B128555@obsigna.com>
next in thread | raw e-mail | index | archive | help
Hello! On my FreeBSD home server I installed MPD 5.7 for it providing PPTP and = L2TP Dial-In VPN connectivity for external clients, which worked very = well. In the last week, I upgraded my home server from 9.1 RELEASE-p7 to = 9.2-RELEASE-p1, using freebsd-update. Now, the server behaves strange after a PPTP or a L2TP/IPsec-VPN = connection had been established. The VPN client can access resources on = the server, but not in the LAN and WAN, as it could on 9.1. Even more = bugging is, that LAN clients cannot access the internet anymore, once a = VPN connection was made, and the problem persists even after the VPN was = disconnected, and persists after the mpd5 and racoon were killed, and = any dangling SA and SPD had been flushed. netstat -nr and sockstat -4 = show nothing strange. For getting back WAN connectivity for LAN clients, = I need to restart the server. First, I thought that this could be a problem of the ipsec patches that = I applied to my custom kernel, and I did some tests with PPTP by mpd5 = using a pristine 9.2 GENERIC one. The same happened with that. Once an = external client established a PPTP-VPN connection, all the internal LAN = clients were effectively clipped from he internet. For the time being, I disabled mpd5, and switched to sl2tps, which is = also based on netgraph, and it doesn't show said problem in the = otherwise unmodified L2TP/IPsec setup - PPTP stays disabled though. I really would like to have back a working mpd5, since it is more = versatile, and since sl2tps shows a different problem, namely it does = not tear-down the proxy-arp routes, that it installed into the routing = tables. I did not send a PR up to now. Can somebody confirm this problem? My = best educated guess is, that this is a kernel (or kernel module) = regression, but I am not sure. So, what category should a PR have -- = Kernel or ports net/mpd5? Best regards Rolf=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6066426D-84BE-40F6-904D-9FF97B128555>