Routing problems on VPN servers running FreeBSD 8.0-RELEASE

Sat Feb 13 02:23:06 UTC 2010

This patch seems to have had a positive effect on ppp(8)/PoPToP, 
though more testing is needed. However, It appears that mpd uses 
arp(8) rather than the socket interface to set up proxy ARP. Here's 
the code (from the file iface.c in mpd 5.3):

     if (Enabled(&iface->options, IFACE_CONF_PROXY)) {
         if (u_addrempty(&iface->peer_addr)) {
             Log(LG_IFACE,
                 ("[%s] IFACE: Can't proxy arp for %s",
                 b->name, 
u_addrtoa(&iface->peer_addr,hisaddr,sizeof(hisaddr))));
         } else if (GetEther(&iface->peer_addr, &hwa) < 0) {
             Log(LG_IFACE,
                 ("[%s] IFACE: No interface to proxy arp on for %s",
                 b->name, 
u_addrtoa(&iface->peer_addr,hisaddr,sizeof(hisaddr))));
         } else {
             ether = (u_char *) LLADDR(&hwa);
             if (ExecCmdNosh(LG_IFACE2, b->name,
                 "%s -S %s %x:%x:%x:%x:%x:%x pub",
                 PATH_ARP, 
u_addrtoa(&iface->peer_addr,hisaddr,sizeof(hisaddr)),
                 ether[0], ether[1], ether[2],
                 ether[3], ether[4], ether[5]) == 0)
             iface->proxy_addr = iface->peer_addr;
         }
     }

When this executes, I do not get an error message but nothing 
actually happens. Must something be done to arp(8) or to mpd to 
make the code above work?

--Brett

At 07:03 PM 2/12/2010, Li, Qing wrote:

> >
> > It'd be good to resolve this as soon as possible, because I have
> > two clients who need servers installed this weekend. (They wanted
> > them last week, but I was trapped away from the office by a
>snowstorm.)
> >
>
>Luiz Otavio and I have been discussing offline about an issue with
>the file /usr.sbin/ppp/arp.c in the past week or so. The ARP related
>code in arp.c was missing a flag bit called "RTF_LLDATA".
>
>Luiz Otavio and I just had a debug session on your issue. He was
>able to reproduce it, and due to the missing RTF_LLDATA bit, the
>proxy-arp entry made it into the routing table, which was not
>suppose to happen. Since there is already a PPP host entry
>for the remote end, you get the FILE EXIST error.
>I believe the reason was due to its confusing the kernel code as
>if mpd is installing a routing entry as in
>"route add x.x.x.x/y -iface em0".
>
>So you can wait for Luiz's patch, or you could do it yourself
>and try the following 1 line fix:
>
>========================================================================
>========
>-- usr.sbin/ppp/arp.c   (revision 203430)
>+++ usr.sbin/ppp/arp.c  (working copy)
>@@ -119,7 +119,7 @@
>      return 0;
>    }
>    arpmsg.hdr.rtm_type = add ? RTM_ADD : RTM_DELETE;
>-  arpmsg.hdr.rtm_flags = RTF_ANNOUNCE | RTF_HOST | RTF_STATIC;
>+  arpmsg.hdr.rtm_flags = RTF_ANNOUNCE | RTF_HOST | RTF_STATIC |
>RTF_LLDATA;
>    arpmsg.hdr.rtm_version = RTM_VERSION;
>    arpmsg.hdr.rtm_seq = ++bundle->routing_seq;
>    arpmsg.hdr.rtm_addrs = RTA_DST | RTA_GATEWAY;
>========================================================================
>========
>
>I had to reintroduce the RTF_LLDATA flag for compatibility in r187094
>back
>in Jan. 2009. This change appears to be missing from the ppp port.
>
>Please give the above fix a try and see if it resolves your issue.
>
>-- Qing