FreeBSD 8.0 and mpd5.3

shtirlitsus

New Member


Messages: 11

Hi!
I have FreeBSD 8.0 i386 and mpd5.3 as vpn-server. All configs and setting are taked from working server on FreeBSD 7.2.
When users starts connecting there are messages:
in /var/log/messages:
Code:
kernel: ifa_add_loopback_route: insertion failed
in mpd log:
Code:
Nov 24 12:17:02 vpn5 mpd: [B-2] IPCP: state change Ack-Rcvd --> Opened
Nov 24 12:17:02 vpn5 mpd: [B-2] IPCP: LayerUp
Nov 24 12:17:02 vpn5 mpd: [B-2]   10.128.0.1 -> 10.16.6.246
Nov 24 12:17:02 vpn5 mpd: [B-2] IFACE: Adding IPv4 address to ng1 failed: File exists
Nov 24 12:17:02 vpn5 mpd: [B-2] IFACE: IfaceChangeAddr() error, closing IPCP
and user get Error 629.
Before cennecing IP address 10.16.6.246 is not present in routing table. When only one user try to connect to server - it's going fine. When more then one - I have this error.
Ma be the reason is http://gitorious.org/freebsd/freebsd/commit/c4f7ed40be50d6e4afc0d20be74f7a7d501fff71
Thank you.
PS. Before 8.0 release I tryed the same on 8.0RC1. Same result.
 

seventh

New Member


Messages: 5

Sorry for offtopic. How are you install mpd5 on 8.0? I've give an error

Code:
...

/usr/include/netgraph/ng_message.h:51:1: warning: this is the location of the previous definition
ipacctctl.c:147: error: 'NG_PATHLEN' undeclared here (not in a function)
ipacctctl.c: In function 'ip_account_get_info':
ipacctctl.c:506: warning: unused variable 'path'
ipacctctl.c: In function 'ip_account_show':
ipacctctl.c:603: warning: unused variable 'path'
*** Error code 1

...
 

dir1212

New Member


Messages: 1

Also having same issue with mpd 5.3 (and 5.4a1) on 8.0 rc1 rc2 and 8.0 release. 7.2-STABLE works fine with the same config.
 

aragon

Daemon

Reaction score: 280
Messages: 2,029

Are you using 10.128.0.1 or 10.16.6.246 on any other interfaces on your mpd server?
 
OP
S

shtirlitsus

New Member


Messages: 11

aragon said:
Are you using 10.128.0.1 or 10.16.6.246 on any other interfaces on your mpd server?
10.128.0.1 - is server address for clients. one fore all
10.16.6.246 - is client address, going from RADIUS

mpd.conf:
Code:
set ipcp ranges 10.128.0.1/32 10.16.0.0/16
 

aragon

Daemon

Reaction score: 280
Messages: 2,029

shtirlitsus said:
10.128.0.1 - is server address for clients. one fore all
10.16.6.246 - is client address, going from RADIUS
I am wondering if there are any other interfaces in your system (other than the ng interfaces) that have either of these addresses assigned to them? eg. any of the ethernet interfaces.
 
OP
S

shtirlitsus

New Member


Messages: 11

aragon said:
I am wondering if there are any other interfaces in your system (other than the ng interfaces) that have either of these addresses assigned to them? eg. any of the ethernet interfaces.
yes. there is 2 Gigabit Ethernet
rc.conf:
Code:
ifconfig_em1="inet 195.20.XXX.XXX/27 polling name ifreal"
ifconfig_em0="inet 172.22.0.249/24 polling name ifloc"
by the way i was told earlier, config from working FreeBSD 7.2
 
OP
S

shtirlitsus

New Member


Messages: 11

aragon said:
I am wondering if there are any other interfaces in your system (other than the ng interfaces) that have either of these addresses assigned to them? eg. any of the ethernet interfaces.
but tey don't have either of these addresses (10.128.0.1 or 10.16.6.246) assigned to them
 

seventh

New Member


Messages: 5

Once again, excuse me for offtopic. I still can't install mpd5 after the portupgrade. Now another errors.

Code:
.......
ng_ipacct.c:612: error: dereferencing pointer to incomplete type
ng_ipacct.c:615: error: dereferencing pointer to incomplete type
ng_ipacct.c: In function 'ip_account_show':
ng_ipacct.c:743: error: dereferencing pointer to incomplete type
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct/work/ng_ipacct/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct/work/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net/mpd5.
*** Error code 1

Stop in /usr/ports/net/mpd5.
7th_ipfw#
Here is the full listing.
What must I do? Thanks in advance.
 
OP
S

shtirlitsus

New Member


Messages: 11

seventh said:
Once again, excuse me for offtopic. I still can't install mpd5 after the portupgrade. Now another errors.

Code:
.......
ng_ipacct.c:612: error: dereferencing pointer to incomplete type
ng_ipacct.c:615: error: dereferencing pointer to incomplete type
ng_ipacct.c: In function 'ip_account_show':
ng_ipacct.c:743: error: dereferencing pointer to incomplete type
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct/work/ng_ipacct/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct/work/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net/mpd5.
*** Error code 1

Stop in /usr/ports/net/mpd5.
7th_ipfw#
Here is the full listing.
What must I do? Thanks in advance.
I have compiled mpd5 without ipacct. do you really need mpd with ipacct?
 

seventh

New Member


Messages: 5

Again hi to all :)
So, now I have almost the same problem. I successfully connect to my server, but not ping anything except the server itself. And have the same line in /var/log/messages
Code:
Nov 30 12:35:09 7th_ipfw kernel: ifa_add_loopback_route: insertion failed
FreeBSD 8.0 RC3
 

lbl

Member

Reaction score: 8
Messages: 40

Hi shtirlitsus

Woud you mind sharing your mpd configuration ?

/lbl
 
OP
S

shtirlitsus

New Member


Messages: 11

here is my mpd.conf

Code:
default:

startup:

    load vpn_server

vpn_server:
    create bundle template B
    set iface enable proxy-arp
    set iface idle 0
    set iface enable tcpmssfix
    set iface up-script /usr/local/etc/mpd5/linkup
    set iface down-script /usr/local/etc/mpd5/linkdown
    set ipcp no vjcomp
    set ipcp dns aaa.aaa.aaa.aaa
    set ipcp dns bbb.bbb.bbb.bbb
    set ipcp ranges 10.128.0.1/32 10.16.0.0/16

    set bundle disable compression

    #set iface enable netflow-in
    #set iface enable netflow-out

    set mppc no e40
    set mppc no e128
    set mppc no stateless

    create link template L pptp
    set link action bundle B
    set link disable multilink
    set link yes acfcomp protocomp
    set link no pap chap
    set link enable chap
    set link keep-alive 360 720
    set link mtu 1492
    set link enable peer-as-calling
    set pptp self 172.22.0.251
#    set pptp disable originate
    set pptp disable windowing
    load radius
    set link enable incoming

radius:
    set radius server xx.xx.xx.xx password 1812 1813
    set radius retries 2
    set radius timeout 10
    set auth acct-update 120
    set auth enable radius-auth
    set auth enable radius-acct
    set radius enable message-authentic
 

lbl

Member

Reaction score: 8
Messages: 40

Not working here.

I more or less replicated your configuration now ...

A.A.A.A = <public ip 1>
B.B.B.B = <public ip 1>
C::2 = <ipv6 1>
C::1 = <ipv6 2>
D::X = <ipv6 extras)

Configuration and start up:

Code:
[root@atom2 /usr/local/etc/mpd5]# cat mpd.conf
default:

startup:

    load vpn_server

vpn_server:
    create bundle template B
    set iface enable proxy-arp
    set iface idle 0
    set iface enable tcpmssfix
    #set iface up-script /usr/local/etc/mpd5/linkup
    #set iface down-script /usr/local/etc/mpd5/linkdown
    set ipcp no vjcomp
    set ipcp dns 8.8.8.8
    set ipcp dns 4.4.2.2
    set ipcp ranges 10.20.5.53/32 10.20.5.0/24

    set bundle disable compression

    set mppc no e40
    set mppc no e128
    set mppc no stateless

    create link template L pptp
    set link action bundle B
    set link disable multilink
    set link yes acfcomp protocomp
    set link no pap chap
    set link enable chap
    set link keep-alive 360 720
    set link mtu 1492
    set link enable peer-as-calling
    set pptp self A.A.A.A
    set pptp disable windowing
    set link enable incoming
[root@atom2 /usr/local/etc/mpd5]# cat mpd.secret
test test
You have new mail in /var/mail/root
[root@atom2 /usr/local/etc/mpd5]# mpd5
Multi-link PPP daemon for FreeBSD
 
process 14226 started, version 5.4 (root@atom2 12:19 22-Jan-2010)
PPTP: waiting for connection on A.A.A.A 1723
[L]
TCPDUMP/socks/netstat while trying to connect:

Code:
[root@atom2 /usr/local/etc/mpd5]# tcpdump -i vlan110 -n port 1723
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan110, link-type EN10MB (Ethernet), capture size 96 bytes
14:54:13.665145 IP 94.189.52.243.35504 > A.A.A.A.1723: Flags [S], seq 172474990, win 5840, options [mss 1380,sackOK,TS val 1640082 ecr 0,nop,wscale 1], length 0
14:54:15.194677 IP 94.189.52.243.35504 > A.A.A.A.1723: Flags [S], seq 172474990, win 5840, options [mss 1380,sackOK,TS val 1640382 ecr 0,nop,wscale 1], length 0
14:54:22.673092 IP 94.189.52.243.35504 > A.A.A.A.1723: Flags [S], seq 172474990, win 5840, options [mss 1380,sackOK,TS val 1640982 ecr 0,nop,wscale 1], length 0
^C
3 packets captured
51 packets received by filter
0 packets dropped by kernel
[root@atom2 /usr/local/etc/mpd5]# sockstat | grep 1723
root     mpd5       14226 19 tcp4   A.A.A.A:1723   *:*
[root@atom2 /usr/local/etc/mpd5]# netstat | grep 1723
[root@atom2 /usr/local/etc/mpd5]# netstat -an | grep 1723
tcp4       0      0 A.A.A.A.1723    94.189.52.243.35504    SYN_RCVD
tcp4       0      0 A.A.A.A.1723    *.*                    LISTEN
[root@atom2 /usr/local/etc/mpd5]#
ifconfig:

Code:
[root@atom2 /usr/local/etc/mpd5]# ifconfig
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
	ether 00:1c:c0:9b:72:16
	inet6 fe80::21c:c0ff:fe9b:7216%re0 prefixlen 64 scopeid 0x1 
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
vlan100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:1c:c0:9b:72:16
	inet 10.20.5.52 netmask 0xffffff00 broadcast 10.20.5.255
	inet6 fe80::21c:c0ff:fe9b:7216%vlan100 prefixlen 64 scopeid 0x4 
	inet6 D::1 prefixlen 48 
	inet6 D::52 prefixlen 48 
	inet 10.20.5.72 netmask 0xffffff00 broadcast 10.20.5.255
	inet6 D::72 prefixlen 48 
	inet 10.20.5.73 netmask 0xffffff00 broadcast 10.20.5.255
	inet6 D::73 prefixlen 48 
	inet 10.20.5.74 netmask 0xffffff00 broadcast 10.20.5.255
	inet6 D::74 prefixlen 48 
	inet 10.20.5.75 netmask 0xffffff00 broadcast 10.20.5.255
	inet6 D::75 prefixlen 48 
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	vlan: 100 parent interface: re0
vlan110: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:1c:c0:9b:72:16
	inet6 fe80::21c:c0ff:fe9b:7216%vlan110 prefixlen 64 scopeid 0x5 
	inet A.A.A.A netmask 0xfffffe00 broadcast 89.150.139.255
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	vlan: 110 parent interface: re0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether fa:f4:71:84:cf:77
	inet B.B.B.B netmask 0xfffffe00 broadcast 89.150.139.255
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: vlan110 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 5 priority 128 path cost 20000
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
	tunnel inet A.A.A.A --> 90.185.0.134
	inet6 C::2 --> C::1 prefixlen 128 
	inet6 fe80::21c:c0ff:fe9b:7216%gif0 prefixlen 64 scopeid 0x7 
	options=1<ACCEPT_REV_ETHIP_VER>
[root@atom2 /usr/local/etc/mpd5]#
I kinda knew that this wudent work but the clientent isent responding to the client at all.

Any clues to get closer ?

/lbl
 

edhunter

Member

Reaction score: 10
Messages: 71

Is it safe to use this version of in.c (1.143.2.13) on RELENG_8_0 (release)?
 

edhunter

Member

Reaction score: 10
Messages: 71

yep i tought so :(
I hope that devs will bring this to 8_0 too in near future.
 
Top