misc/89108: Problem in PPP implementatin on FreeBSD 5.4
Valery Marchuk
vmarchuk at argocom.cv.ua
Wed Nov 16 10:30:24 GMT 2005
>Number: 89108
>Category: misc
>Synopsis: Problem in PPP implementatin on FreeBSD 5.4
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Nov 16 10:30:12 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Valery Marchuk
>Release: FreeBSD 5.4
>Organization:
ArgoCom Ltd
>Environment:
FreeBSD xxx.xx 5.4-RELEASE FreeBSD 5.4-RELEASE #3: Tue May 31 15:07:10 EEST 2005 root at xxx.xx:/usr/obj/usr/src/sys/vpn_kernel i386
FreeBSD xxx.xx 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed Jun 8 13:35:51 UTC 2005 sergi at xxx:/usr/src/sys/i386/compile/IPFKERNEL i386
>Description:
Hi!
We have discovered a problem in PPP implementation on FreeBSD 5.4 with poptop installed. The problem is in the way PPP handles VPN clients with static IP addresses. More than one user can successfully establish VPN connections under the same login and password at the same time to the VPN server. For example:
tun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400
inet xxx.xxx.xxx.xxx --> 172.20.6.3 netmask 0xffffffff
Opened by PID 25411
tun7: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400
inet xxx.xxx.xxx.xxx --> 172.20.6.3 netmask 0xffffffff
Opened by PID 25413
The real problem occurs when vpn tunnel fails on the client side, but still exists on the server one and user creates another VPN connection (lqr period is set to 12, so it could happen when user establishes a new connection within 1 minute). The first tunnel becomes a zombie and PPP doesnt drop it.
If there are more than one zombie tunnel on the system, it is impossible for user to use Internet. The user just can send information through the last tunnel, but the previous one receives all the replies.
Tested on PPP
PPP Version 3.1 - Jun 8 2005
PPP Version 3.4.2 - May 8 2005
If You`ll need, I could send you my configuration files.
Hope for cooperation
Valery Marchuk
>How-To-Repeat:
1. Install poptop and configure ppp to use static ip addresses for each login (each user must receive his IP address from the server)
2. Create 2 or more VPN connections from different PCs under the same user account (e.g. login, password)
3. try to ping something from all PCs
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list