MPD5 PPTP and L2TP server problem with FreeBSD 9.2-RELEASE-p1
Dr. Rolf Jansen
rj at obsigna.com
Sat Nov 16 22:52:15 UTC 2013
Am 16.11.2013 um 20:13 schrieb Florian Smeets <flo at smeets.im>:
> On 16/11/13 22:48, Dr. Rolf Jansen wrote:
>
>> Hello!
>>
>> Now, the server behaves strange after a PPTP or a L2TP/IPsec-VPN
>> connection had been established. The VPN client can access resources
>> on the server, but not in the LAN and WAN, as it could on 9.1. Even
>> more bugging is, that LAN clients cannot access the internet anymore,
>> once a VPN connection was made, and the problem persists even after
>> the VPN was disconnected, and persists after the mpd5 and racoon were
>> killed, and any dangling SA and SPD had been flushed. netstat -nr and
>> sockstat -4 show nothing strange. For getting back WAN connectivity
>> for LAN clients, I need to restart the server.
>
> Do you set net.inet.ip.forwarding in /etc/sysctl.conf? Try setting
> gateway_enable="YES" in /etc/rc.conf. This is caused by some changes in
> the rc system and the scripts it calls on interface creation. This bit
> me too.
>
> It looks like directly setting net.inet.ip.forwarding in sysctl.conf has
> never been officially supported. Though the last time I used
> gateway_enable was probably in the 4.X days, and setting it in
> sysctl.conf has always worked for me, until now :)
Yes, that was the problem. My configuration had net.inet.ip.forwarding=1 and net.inet6.ip.forwarding=1 in /etc/sysctl.conf instead of gateway_enable="YES" in /etc/rc.conf. I removed the respective sysctl assignments and set gateway_enable="YES", and the VPN servers work as before.
Many thanks for the helpful hint.
Best regards
Rolf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20131116/d9ec48b9/attachment.sig>
More information about the freebsd-net
mailing list