From nobody@FreeBSD.org Thu Nov 25 10:59:19 2010 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E836106564A for ; Thu, 25 Nov 2010 10:59:19 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 717188FC18 for ; Thu, 25 Nov 2010 10:59:19 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id oAPAxIWX021209 for ; Thu, 25 Nov 2010 10:59:18 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id oAPAxI1T021208; Thu, 25 Nov 2010 10:59:18 GMT (envelope-from nobody) Message-Id: <201011251059.oAPAxI1T021208@red.freebsd.org> Date: Thu, 25 Nov 2010 10:59:18 GMT From: martin To: freebsd-gnats-submit@FreeBSD.org Subject: Multiple ppp connections and routing table problem with poptop X-Send-Pr-Version: www-3.1 X-GNATS-Notify: >Number: 152569 >Category: kern >Synopsis: [net]: Multiple ppp connections and routing table problem with poptop >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-net >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Nov 25 11:00:21 UTC 2010 >Closed-Date: >Last-Modified: Sat Dec 04 08:58:25 UTC 2010 >Originator: martin >Release: 7.3-RELEASE-p2 #0 and 8.1-RELEASE #0 >Organization: cifacom >Environment: FreeBSD services.static.cifap.lan 7.3-RELEASE-p2 FreeBSD 7.3-RELEASE-p2 #0: Wed Sep 15 17:04:16 CEST 2010 root@services.cifap.lan:/usr/obj/usr/src/sys/GENERIC i386 and FreeBSD pptpsrv 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: Freebsd running as a pptp vpn with poptop. When they are multiple clients connected to the vpn server and the first client disconnects first, the routing table is altered too much. When the first client connects # netstat -rn | grep tun 10.1.1.131 10.1.1.130 UGH 0 1 tun0 ff01:5::/32 link#5 UC tun0 ff02::%tun0/32 fe80::250:baff:fe21:69ec%tun0 UGC tun0 There is no problem, traffic is ok and routing table too. After the second client connects # netstat -rn | grep tun 10.1.1.131 10.1.1.130 UGH 0 6 tun0 10.1.1.132 10.1.1.130 UGH 0 0 tun1 ff01:5::/32 link#5 UC tun0 ff01:6::/32 link#6 UC tun1 ff02::%tun0/32 fe80::250:baff:fe21:69ec%tun0 UGC tun0 ff02::%tun1/32 fe80::250:baff:fe21:69ec%tun1 UGC tun1 Everything is ok too But when the first client disconnects the routing table changes to this # netstat -rn | grep tun ff01:6::/32 link#6 UC tun1 ff02::%tun1/32 fe80::250:baff:fe21:69ec%tun1 UGC tun1 and others client's traffic stops too. This problem does not occur when the second client closes his connection first # netstat -rn | grep tun 10.1.1.133 10.1.1.130 UGH 0 0 tun1 10.1.1.138 10.1.1.130 UGH 0 14 tun0 ff01:5::/32 link#5 UC tun0 ff01:6::/32 link#6 UC tun1 ff02::%tun0/32 fe80::250:baff:fe21:69ec%tun0 UGC tun0 ff02::%tun1/32 fe80::250:baff:fe21:69ec%tun1 UGC tun1 # netstat -rn | grep tun 10.1.1.138 10.1.1.130 UGH 0 62 tun0 ff01:5::/32 link#5 UC tun0 ff02::%tun0/32 fe80::250:baff:fe21:69ec%tun0 UGC tun0 I can reproduce this on the old (7.1 prerelease) and the new (7.3 release) pptp vpn servers. I can also reproduce it with a freshly 8.1 release installed system on a test laptop. I tried searching forums, mailing list, and bug reports but don't find anything that can help me with this. Sorry for the raw text, i don't know how to add some format tags. Thanks, >How-To-Repeat: Install poptop and put this in the /usr/local/etc/pptpd.conf file # egrep "^[aA-zZ]" /usr/local/etc/pptpd.conf option pptpd debug logwtmp remoteip 10.1.1.111-120 listen 10.1.1.253 Put this in the /etc/ppp/ppp.conf file # egrep -v "^#" /etc/ppp/ppp.conf pptpd: set escape 0xff set device localhost:pptp set dial set timeout 0 set log Phase Chat Connect LCP IPCP IPV6CP CCP tun command set ifaddr 10.1.1.110 10.1.1.111-10.1.1.120 255.255.255.255 set mppe 128 stateful enable MSCHAPv2 disable deflate pred1 lqr deny deflate pred1 lqr disable ipv6cp accept dns set dns 10.1.1.253 set nbns 10.1.1.204 enable proxy Enable ip forwarding and arpproxing sysctl net.inet.ip.forwarding=1 sysctl net.link.ether.inet.proxyall=1 >Fix: Do not have any >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-i386->freebsd-net Responsible-Changed-By: remko Responsible-Changed-When: Sat Dec 4 08:58:02 UTC 2010 Responsible-Changed-Why: This seems more like something for the networking team http://www.freebsd.org/cgi/query-pr.cgi?pr=152569 >Unformatted: