Possible Solution (Re: mpd VPN won't work after upgrade from4.6-STABLE to 4.8-STABLE)

Archie Cobbs archie at dellroad.org
Thu Jun 26 19:00:07 PDT 2003 

Archie Cobbs wrote:
> > Re: the "protocol reject" errors; I left the original messages below
> > this for reference, but I'm not so much following directly onto
> > them...
> > 
> > Archie, I'm mildly embarrassed.  I just now found something you wrote
> > in November of last year advising the following patch to fix exactly
> > this problem.  I am running two 4.8-STABLE boxen, and it is not part
> > of /sys/netgraph/ng_ppp.c in CVS yet, apparently...
> > 
> > --- sys/netgraph/ng_ppp.c.orig  Thu Nov 21 12:39:06 2002
> > +++ sys/netgraph/ng_ppp.c       Thu Nov 21 12:39:26 2002
> > @@ -744,7 +744,7 @@
> >         case HOOK_INDEX_VJC_VJIP:
> >                 if (priv->conf.enableCompression
> >                     && priv->hooks[HOOK_INDEX_COMPRESS] != NULL) {
> > -                       if ((m = ng_ppp_addproto(m, proto, 1)) == NULL) {
> > +                       if ((m = ng_ppp_addproto(m, proto, 0)) == NULL) {
> >                                 NG_FREE_META(meta);
> >                                 return (ENOBUFS);
> >                         }
> > I patched ng_ppp.c, but I don't know if I can rebuild netgraph without
> > a make world, which takes a good 12 hours on this P166... advice on
> > that welcome.
> 
> All you need to do is rebuild/reinstall your kernel+modules.
> 
> > Should one of us submit a PR for this, or did I miss something?
> 
> This is (arguably) a bug in whatever is running on the other side
> of your link (it's not FreeBSD, right?). So that's why it was never
> checked in (because it's a workaround that costs an extra byte in
> every packet). However, you could argue that it should be I guess...

OK, just saw your next email where you said it was a FreeBSD box.
So this patch will probably not fix the problem (because I'm pretty
sure FreeBSD never had the problem that this patch works around)..
could you just try it out anyway just to confirm that? In which
case there is some other bug/problem.

In any case, the workaround of only authenticating in one
direction should get things working again.

-Archie

__________________________________________________________________________
Archie Cobbs     *    Halloo Communications    *     http://www.halloo.com

More information about the freebsd-stable mailing list