PPP / Routing table

Max Laier max at love2party.net
Mon Dec 15 02:13:03 PST 2008 

On Monday 15 December 2008 10:17:38 Denis Mysenko wrote:
> Hello everybody!
>
> I got stuck here with PPP + Poptop :( I use Poptop 1.3.4 on FreeBSD
> 7.1-PRERELEASE for a VPN server.
>
> As far as I understand, the problem is related either to userland ppp or to
> FreeBSD itself and not to Poptop. So here it is:
>
> There is a Poptop server running for several VPN clients, MPPE is enabled
> for PPP. When somebody connects, tunnel interface is created and
> corresponding entry in the routing table is made, like this one:
> <client addr on tunnel dev> <my addr on tunnel dev>   UGH     0   0  tun0
>
> Everything works fine, both with MPPE turned on and off. The problem starts
> when second client connects to Poptop! New tunnel interface, let's say
> tun1, is created correctly, with proper IP address. However, routing table
> is updated with incorrect entry:
> <new client addr> <my addr on tunnel dev> UGH 0 0 tun0
>
> As we can see, FreeBSD added a routing entry going through the same tunnel
> interface - of the previous client! So obviously new VPN connection doesn't
> work. What is strange - is that it happens only when second client turns on
> MPPE. With MPPE turned off - everything works fine.
>
> I was playing a lot with different parameters and once I got everything
> working, but not anymore :) Since I don't see any logical reason - I cannot
> recover the proper config.
>
> As far as I understand, so far, PPP creates a tunnel interface and then
> FreeBSD, and not PPP, adds a routing table entry since a new network
> interface was added - am I true? Local IP (my side of the PtP) for all
> tunnel devices is the same - let's say 192.168.0.1. So as I see it, when
> detecting corresponding interface FreeBSD chooses the first tunnel
> interface because it has the same local IP. The question is - why does MPPE
> affect this process? And it used to work half a day ago anyway.
>
> Please - if anybody has any idea - could you help me!? :)

Looks to me as if poptop (which I am not familiar with) tries to do something 
clever and fails miserably.

# netstat -rnfinet | grep 10
# ifconfig tun0 create 10.0.1.1 10.0.1.2 
# ifconfig tun1 create 10.0.1.1 10.0.1.3
# netstat -rnfinet | grep 10
10.0.1.2           10.0.1.1           UH          0        0   tun0
10.0.1.3           10.0.1.1           UH          0        0   tun1

It is also unclear to me why you'd see RTF_GATEWAY on ptp routes.  It might 
help to ktrace poptop to see what kind of ioctl it is issuing.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

More information about the freebsd-net mailing list