MPD5 PPTP and L2TP server problem with FreeBSD 9.2-RELEASE-p1
Dr. Rolf Jansen
rj at obsigna.com
Sat Nov 16 21:48:45 UTC 2013
On my FreeBSD home server I installed MPD 5.7 for it providing PPTP and L2TP Dial-In VPN connectivity for external clients, which worked very well. In the last week, I upgraded my home server from 9.1 RELEASE-p7 to 9.2-RELEASE-p1, using freebsd-update.
Now, the server behaves strange after a PPTP or a L2TP/IPsec-VPN connection had been established. The VPN client can access resources on the server, but not in the LAN and WAN, as it could on 9.1. Even more bugging is, that LAN clients cannot access the internet anymore, once a VPN connection was made, and the problem persists even after the VPN was disconnected, and persists after the mpd5 and racoon were killed, and any dangling SA and SPD had been flushed. netstat -nr and sockstat -4 show nothing strange. For getting back WAN connectivity for LAN clients, I need to restart the server.
First, I thought that this could be a problem of the ipsec patches that I applied to my custom kernel, and I did some tests with PPTP by mpd5 using a pristine 9.2 GENERIC one. The same happened with that. Once an external client established a PPTP-VPN connection, all the internal LAN clients were effectively clipped from he internet.
For the time being, I disabled mpd5, and switched to sl2tps, which is also based on netgraph, and it doesn't show said problem in the otherwise unmodified L2TP/IPsec setup - PPTP stays disabled though.
I really would like to have back a working mpd5, since it is more versatile, and since sl2tps shows a different problem, namely it does not tear-down the proxy-arp routes, that it installed into the routing tables.
I did not send a PR up to now. Can somebody confirm this problem? My best educated guess is, that this is a kernel (or kernel module) regression, but I am not sure. So, what category should a PR have -- Kernel or ports net/mpd5?
More information about the freebsd-net