Hi!
I have FreeBSD 8.0 i386 and mpd5.3 as vpn-server. All configs and setting are taked from working server on FreeBSD 7.2.
When users starts connecting there are messages:
in /var/log/messages:
kernel: ifa_add_loopback_route: insertion failed
in mpd log:
Nov 24 12:17:02 vpn5 mpd: [B-2] IPCP: state change Ack-Rcvd --> Opened
Nov 24 12:17:02 vpn5 mpd: [B-2] IPCP: LayerUp
Nov 24 12:17:02 vpn5 mpd: [B-2] 10.128.0.1 -> 10.16.6.246
Nov 24 12:17:02 vpn5 mpd: [B-2] IFACE: Adding IPv4 address to ng1 failed: File exists
Nov 24 12:17:02 vpn5 mpd: [B-2] IFACE: IfaceChangeAddr() error, closing IPCP
and user get Error 629.
Before cennecing IP address 10.16.6.246 is not present in routing table. When only one user try to connect to server - it's going fine. When more then one - I have this error.
Ma be the reason is http://gitorious.org/freebsd/freebsd/commit/c4f7ed40be50d6e4afc0d20be74f7a7d501fff71
Thank you.
PS. Before 8.0 release I tryed the same on 8.0RC1. Same result.

Sorry for offtopic. How are you install mpd5 on 8.0? I've give an error

...

/usr/include/netgraph/ng_message.h:51:1: warning: this is the location of the previous definition
ipacctctl.c:147: error: 'NG_PATHLEN' undeclared here (not in a function)
ipacctctl.c: In function 'ip_account_get_info':
ipacctctl.c:506: warning: unused variable 'path'
ipacctctl.c: In function 'ip_account_show':
ipacctctl.c:603: warning: unused variable 'path'
*** Error code 1

...

Sorry for offtopic. How are you install mpd5 on 8.0? I've give an error

From fresh ports.

Also having same issue with mpd 5.3 (and 5.4a1) on 8.0 rc1 rc2 and 8.0 release. 7.2-STABLE works fine with the same config.

Are you using 10.128.0.1 or 10.16.6.246 on any other interfaces on your mpd server?

Are you using 10.128.0.1 or 10.16.6.246 on any other interfaces on your mpd server?

10.128.0.1 - is server address for clients. one fore all
10.16.6.246 - is client address, going from RADIUS

mpd.conf:
set ipcp ranges 10.128.0.1/32 10.16.0.0/16

10.128.0.1 - is server address for clients. one fore all
10.16.6.246 - is client address, going from RADIUS
I am wondering if there are any other interfaces in your system (other than the ng interfaces) that have either of these addresses assigned to them? eg. any of the ethernet interfaces.

I am wondering if there are any other interfaces in your system (other than the ng interfaces) that have either of these addresses assigned to them? eg. any of the ethernet interfaces.

yes. there is 2 Gigabit Ethernet
rc.conf:
ifconfig_em1="inet 195.20.XXX.XXX/27 polling name ifreal"
ifconfig_em0="inet 172.22.0.249/24 polling name ifloc"

by the way i was told earlier, config from working FreeBSD 7.2

I am wondering if there are any other interfaces in your system (other than the ng interfaces) that have either of these addresses assigned to them? eg. any of the ethernet interfaces.

but tey don't have either of these addresses (10.128.0.1 or 10.16.6.246) assigned to them

Once again, excuse me for offtopic. I still can't install mpd5 after the portupgrade. Now another errors.

.......
ng_ipacct.c:612: error: dereferencing pointer to incomplete type
ng_ipacct.c:615: error: dereferencing pointer to incomplete type
ng_ipacct.c: In function 'ip_account_show':
ng_ipacct.c:743: error: dereferencing pointer to incomplete type
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct/work/ng_ipacct/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct/work/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net/mpd5.
*** Error code 1

Stop in /usr/ports/net/mpd5.
7th_ipfw#
Here is (http://dobryj.ru/hostit/mpd5_install_error.txt) the full listing.
What must I do? Thanks in advance.

Once again, excuse me for offtopic. I still can't install mpd5 after the portupgrade. Now another errors.

.......
ng_ipacct.c:612: error: dereferencing pointer to incomplete type
ng_ipacct.c:615: error: dereferencing pointer to incomplete type
ng_ipacct.c: In function 'ip_account_show':
ng_ipacct.c:743: error: dereferencing pointer to incomplete type
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct/work/ng_ipacct/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct/work/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net/mpd5.
*** Error code 1

Stop in /usr/ports/net/mpd5.
7th_ipfw#
Here is (http://dobryj.ru/hostit/mpd5_install_error.txt) the full listing.
What must I do? Thanks in advance.

I have compiled mpd5 without ipacct. do you really need mpd with ipacct?

Wow! I do it! Thanks a lot!
(for russians (http://otvety.google.ru/otvety/thread?tid=7bc59f61dc57b1f2&table=/otvety/user%3Fuserid%3D09411405497087614334%26tab%3Dwtmto a))

Hey! Offtop problem is solved! My problem IS NOT solved!

Again hi to all :)
So, now I have almost the same problem. I successfully connect to my server, but not ping anything except the server itself. And have the same line in /var/log/messages
Nov 30 12:35:09 7th_ipfw kernel: ifa_add_loopback_route: insertion failed
FreeBSD 8.0 RC3

Has anyone solution for that problem ?

http://forum.nag.ru/forum/index.php?showtopic=53212

any one has tested this http://lists.freebsd.org/pipermail/freebsd-net/2009-December/024030.html ?

Hi shtirlitsus

Woud you mind sharing your mpd configuration ?

/lbl

here is my mpd.conf


default:

startup:

load vpn_server

vpn_server:
create bundle template B
set iface enable proxy-arp
set iface idle 0
set iface enable tcpmssfix
set iface up-script /usr/local/etc/mpd5/linkup
set iface down-script /usr/local/etc/mpd5/linkdown
set ipcp no vjcomp
set ipcp dns aaa.aaa.aaa.aaa
set ipcp dns bbb.bbb.bbb.bbb
set ipcp ranges 10.128.0.1/32 10.16.0.0/16

set bundle disable compression

#set iface enable netflow-in
#set iface enable netflow-out

set mppc no e40
set mppc no e128
set mppc no stateless

create link template L pptp
set link action bundle B
set link disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 360 720
set link mtu 1492
set link enable peer-as-calling
set pptp self 172.22.0.251
# set pptp disable originate
set pptp disable windowing
load radius
set link enable incoming

radius:
set radius server xx.xx.xx.xx password 1812 1813
set radius retries 2
set radius timeout 10
set auth acct-update 120
set auth enable radius-auth
set auth enable radius-acct
set radius enable message-authentic

I more or less replicated your configuration now ...

A.A.A.A = <public ip 1>
B.B.B.B = <public ip 1>
C::2 = <ipv6 1>
C::1 = <ipv6 2>
D::X = <ipv6 extras)

Configuration and start up:

[root@atom2 /usr/local/etc/mpd5]# cat mpd.conf
default:

startup:

load vpn_server

vpn_server:
create bundle template B
set iface enable proxy-arp
set iface idle 0
set iface enable tcpmssfix
#set iface up-script /usr/local/etc/mpd5/linkup
#set iface down-script /usr/local/etc/mpd5/linkdown
set ipcp no vjcomp
set ipcp dns 8.8.8.8
set ipcp dns 4.4.2.2
set ipcp ranges 10.20.5.53/32 10.20.5.0/24

set bundle disable compression

set mppc no e40
set mppc no e128
set mppc no stateless

create link template L pptp
set link action bundle B
set link disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 360 720
set link mtu 1492
set link enable peer-as-calling
set pptp self A.A.A.A
set pptp disable windowing
set link enable incoming
[root@atom2 /usr/local/etc/mpd5]# cat mpd.secret
test test
You have new mail in /var/mail/root
[root@atom2 /usr/local/etc/mpd5]# mpd5
Multi-link PPP daemon for FreeBSD

process 14226 started, version 5.4 (root@atom2 12:19 22-Jan-2010)
PPTP: waiting for connection on A.A.A.A 1723
[L]

TCPDUMP/socks/netstat while trying to connect:

[root@atom2 /usr/local/etc/mpd5]# tcpdump -i vlan110 -n port 1723
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan110, link-type EN10MB (Ethernet), capture size 96 bytes
14:54:13.665145 IP 94.189.52.243.35504 > A.A.A.A.1723: Flags [S], seq 172474990, win 5840, options [mss 1380,sackOK,TS val 1640082 ecr 0,nop,wscale 1], length 0
14:54:15.194677 IP 94.189.52.243.35504 > A.A.A.A.1723: Flags [S], seq 172474990, win 5840, options [mss 1380,sackOK,TS val 1640382 ecr 0,nop,wscale 1], length 0
14:54:22.673092 IP 94.189.52.243.35504 > A.A.A.A.1723: Flags [S], seq 172474990, win 5840, options [mss 1380,sackOK,TS val 1640982 ecr 0,nop,wscale 1], length 0
^C
3 packets captured
51 packets received by filter
0 packets dropped by kernel
[root@atom2 /usr/local/etc/mpd5]# sockstat | grep 1723
root mpd5 14226 19 tcp4 A.A.A.A:1723 *:*
[root@atom2 /usr/local/etc/mpd5]# netstat | grep 1723
[root@atom2 /usr/local/etc/mpd5]# netstat -an | grep 1723
tcp4 0 0 A.A.A.A.1723 94.189.52.243.35504 SYN_RCVD
tcp4 0 0 A.A.A.A.1723 *.* LISTEN
[root@atom2 /usr/local/etc/mpd5]#

ifconfig:

[root@atom2 /usr/local/etc/mpd5]# ifconfig
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM, WOL_UCAST,WOL_MCAST,WOL_MAGIC>
ether 00:1c:c0:9b:72:16
inet6 fe80::21c:c0ff:fe9b:7216%re0 prefixlen 64 scopeid 0x1
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
vlan100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:1c:c0:9b:72:16
inet 10.20.5.52 netmask 0xffffff00 broadcast 10.20.5.255
inet6 fe80::21c:c0ff:fe9b:7216%vlan100 prefixlen 64 scopeid 0x4
inet6 D::1 prefixlen 48
inet6 D::52 prefixlen 48
inet 10.20.5.72 netmask 0xffffff00 broadcast 10.20.5.255
inet6 D::72 prefixlen 48
inet 10.20.5.73 netmask 0xffffff00 broadcast 10.20.5.255
inet6 D::73 prefixlen 48
inet 10.20.5.74 netmask 0xffffff00 broadcast 10.20.5.255
inet6 D::74 prefixlen 48
inet 10.20.5.75 netmask 0xffffff00 broadcast 10.20.5.255
inet6 D::75 prefixlen 48
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 100 parent interface: re0
vlan110: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:1c:c0:9b:72:16
inet6 fe80::21c:c0ff:fe9b:7216%vlan110 prefixlen 64 scopeid 0x5
inet A.A.A.A netmask 0xfffffe00 broadcast 89.150.139.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 110 parent interface: re0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether fa:f4:71:84:cf:77
inet B.B.B.B netmask 0xfffffe00 broadcast 89.150.139.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vlan110 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 5 priority 128 path cost 20000
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet A.A.A.A --> 90.185.0.134
inet6 C::2 --> C::1 prefixlen 128
inet6 fe80::21c:c0ff:fe9b:7216%gif0 prefixlen 64 scopeid 0x7
options=1<ACCEPT_REV_ETHIP_VER>
[root@atom2 /usr/local/etc/mpd5]#

I kinda knew that this wudent work but the clientent isent responding to the client at all.

Any clues to get closer ?

/lbl

any one has tested this http://lists.freebsd.org/pipermail/freebsd-net/2009-December/024030.html ?

this patch seems to solve the problem

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/in.c#rev1.143.2.13

Is it safe to use this version of in.c (1.143.2.13) on RELENG_8_0 (release)?

Is it safe to use this version of in.c (1.143.2.13) on RELENG_8_0 (release)?

There is not only one file patched

yep i tought so :(
I hope that devs will bring this to 8_0 too in near future.

I also request that.

2 days ago switched from RELENG_8_0 (release) to RELENG_8 (stable), rebuilded world and mpd5.5. And still have problems with proxy-arp.
After reading some posts on the list (http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2010-03/msg00319.html) I made some experimentings.

In my system one of ethernet adapters (dedicated to lan) has ip 192.168.0.2/24.

When in mpd.conf I set separate ip for the local end of vpn like this:
set ipcp ranges 192.168.0.200/32 ippool pool1
Proxy arp does not work. (error 256 in the log)


But, when I set the ip to be the same as my ethernet adapter's one:
set ipcp ranges 192.168.0.2/32 ippool pool1
everything is fine! :)

But I am not sure if this configuration (same ip for different adapters) is correct. Is it possible to expect problems?