misc/89108: Problem in PPP implementatin on FreeBSD 5.4

Valery Marchuk vmarchuk at argocom.cv.ua
Wed Nov 16 10:30:24 GMT 2005 

>Number:         89108
>Category:       misc
>Synopsis:       Problem in PPP implementatin on FreeBSD 5.4
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 16 10:30:12 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Valery Marchuk
>Release:        FreeBSD 5.4
>Organization:
ArgoCom Ltd
>Environment:
FreeBSD xxx.xx 5.4-RELEASE FreeBSD 5.4-RELEASE #3: Tue May 31 15:07:10 EEST 2005     root at xxx.xx:/usr/obj/usr/src/sys/vpn_kernel  i386

FreeBSD xxx.xx 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed Jun  8 13:35:51 UTC 2005     sergi at xxx:/usr/src/sys/i386/compile/IPFKERNEL i386 

>Description:
Hi!
We have discovered a problem in PPP implementation on FreeBSD 5.4 with poptop installed. The problem is in the way PPP handles VPN clients with static IP addresses. More than one user can successfully establish VPN connections under the same login and password at the same time to the VPN server. For example:
tun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400
        inet xxx.xxx.xxx.xxx --> 172.20.6.3 netmask 0xffffffff   
        Opened by PID 25411                                
tun7: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400
        inet xxx.xxx.xxx.xxx --> 172.20.6.3 netmask 0xffffffff   
        Opened by PID 25413                                

The real problem occurs when vpn tunnel fails on the client side, but still exists on the server one and user creates another VPN connection (lqr period is set to 12, so it could happen when user establishes a new connection within 1 minute). The first tunnel becomes “a zombie” and PPP doesn’t drop it. 
If there are more than one “zombie” tunnel on the system, it is impossible for user to use Internet. The user just can send information through the last tunnel, but the previous one receives all the replies.
Tested on PPP
PPP Version 3.1 - Jun  8 2005
PPP Version 3.4.2 - May  8 2005


If You`ll need, I could send you my configuration files.
Hope for cooperation
Valery Marchuk
>How-To-Repeat:
1. Install poptop and configure ppp to use static ip addresses for each login (each user must receive his IP address from the server)
2. Create 2 or more VPN connections from different PCs under the same user account (e.g. login, password)
3. try to ping something from all PCs
>Fix:
              
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list