dhcp + vpnc results in broken routes (routing loop)

Lothar Braun freebsd-questions at lobraun.de
Tue Nov 6 07:04:43 PST 2007 

Dear list members,

i'm running FreeBSD 7.0 BETA-2 on a laptop within a network that assigns
addresses from 10.32.136.0/24 via dhcp to it's members. After obtaining
the 10.32.136.0/24 address, we are supposed to connect to a vpn-gateway
using e.g. vpnc. After connecting to the gateway the laptop gets a valid
public IP address, which is used to connect to the internet.

This works pretty well, until dhclient tries to get a new private
address from the dhcp-server. After that i get a message similar to

Nov  6 11:43:26 fitu vpnc[5560]: routing loop to yyy.yyy.yyy.yyy (where
yyy.yyy.yyy.yyy is the ip address of the vpn-gateway)

Here's what happens to routing table. After invoking dhclient for the
first time, i get this table (ipv4 part only):

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            10.32.136.254      UGS         0        3   iwi0
10.32.136.0/24     link#1             UC          0        0   iwi0
10.32.136.254      00:12:43:a2:f2:c0  UHLW        2        0   iwi0   1188
127.0.0.1          127.0.0.1          UH          0        0    lo0

Looking at the arp tables i get:

[root at fitu /usr/home/lothar]# arp -a
? (10.32.136.254) at 00:12:43:a2:f2:c0 on iwi0 [ethernet]

When i start vpnc, the routing table changes to:

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            134.2.166.51       UGS         0        0   tun0
10.32.136.0/24     link#1             UC          0        0   iwi0
10.32.136.254      00:12:43:a2:f2:c0  UHLW        2        0   iwi0   1174
127.0.0.1          127.0.0.1          UH          0        0    lo0
xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    UH          1        0   tun0
yyy.yyy.yyy.yyy    10.32.136.254      UGHS        0        0   iwi0

where xxx.xxx.xxx.xxx is my new public ip address and yyy.yyy.yyy.yyy is
the vpn gatways address.

Everything works fine (aka. i can normally connect to the internet),
until dhclient tries to get a new lease:

Nov  6 11:24:36 fitu dhclient: New IP Address (iwi0): 10.32.136.128
Nov  6 11:24:36 fitu dhclient: New Subnet Mask (iwi0): 255.255.255.0
Nov  6 11:24:36 fitu dhclient: New Broadcast Address (iwi0): 10.32.136.255
Nov  6 11:24:36 fitu dhclient: New Routers (iwi0): 10.32.136.254
Nov  6 11:24:48 fitu vpnc[3108]: routing loop to yyy.yyy.yyy.yyy
Nov  6 11:24:48 fitu last message repeated 212 times

where yyy.yyy.yyy.yyy is still the vpn gateway.
(note that the problem occurs even if the new ip address is exactly the
same as the old address).
The routing table changed to:

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            xxx.xxx.xxx.xxx    UGS         0      570   tun0
10.32.136.0/24     link#1             UC          0        0   iwi0
10.32.136.254      link#1             UHLW        1        0   iwi0
127.0.0.1          127.0.0.1          UH          0        0    lo0
xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    UH          1        0   tun0

and arp -a does provide:

[root at fitu /usr/home/lothar]# arp -a
? (10.32.136.254) at (incomplete) on iwi0 [ethernet]

One can see that the vpn-gateways ip address and the local routers mac
address disappeared.

The same dhcp/vpnc configuration does work without problems on a linux
box on the same network.

Can someone tell me where i have to look to find the error? I'm
wondering if this a problem with my local setup, a problem within the
network, a problem with vpnc on FreeBSD, or a problem with FreeBSD
itself? Can i provide any additional information?

Best regards,
  Lothar

More information about the freebsd-questions mailing list