Multiple ppp connections and routing table with poptop

kisscool-fr

Active Member

Reaction score: 19
Messages: 196

Hi,


I have reinstalled a new pptp vpn with FreeBSD 7.3 and poptop recently and had a problem with multiple connections at a time. This problem already exists with my old vpn server running FreeBSD 7.0. This was a known problem with a patch available here that should be integrated in 7.2R or just after but it isn't. So I repatched again the ppp binary with and I can have multiple connections at a time.


But I have another problem which may be related to the first one.

When there are multiple clients connected and the first client closes his connection first, the routing table is altered too much.


After the first client connects
Code:
# netstat -rn | grep tun
10.1.1.131         10.1.1.130         UGH         0        1   tun0
ff01:5::/32                       link#5                        UC         tun0
ff02::%tun0/32                    fe80::250:baff:fe21:69ec%tun0 UGC        tun0
There is no problem, traffic is ok and routing table too.

After the second client connects
Code:
# netstat -rn | grep tun
10.1.1.131         10.1.1.130         UGH         0        6   tun0
10.1.1.132         10.1.1.130         UGH         0        0   tun1
ff01:5::/32                       link#5                        UC         tun0
ff01:6::/32                       link#6                        UC         tun1
ff02::%tun0/32                    fe80::250:baff:fe21:69ec%tun0 UGC        tun0
ff02::%tun1/32                    fe80::250:baff:fe21:69ec%tun1 UGC        tun1
Everything is ok too

But when the first client disconnects the routing table changes to this

Code:
# netstat -rn | grep tun
ff01:6::/32                       link#6                        UC         tun1
ff02::%tun1/32                    fe80::250:baff:fe21:69ec%tun1 UGC        tun1
and others client's traffic stops too.

This problem does not occur when the second client closes his connection first
Code:
# netstat -rn | grep tun
10.1.1.133         10.1.1.130         UGH         0        0   tun1
10.1.1.138         10.1.1.130         UGH         0       14   tun0
ff01:5::/32                       link#5                        UC         tun0
ff01:6::/32                       link#6                        UC         tun1
ff02::%tun0/32                    fe80::250:baff:fe21:69ec%tun0 UGC        tun0
ff02::%tun1/32                    fe80::250:baff:fe21:69ec%tun1 UGC        tun1
Code:
# netstat -rn | grep tun
10.1.1.138         10.1.1.130         UGH         0       62   tun0
ff01:5::/32                       link#5                        UC         tun0
ff02::%tun0/32                    fe80::250:baff:fe21:69ec%tun0 UGC        tun0
I can reproduce this on the old and the new pptp vpn servers.

Does anyone had any similar problem and found a solution/fix for this ?


Thanks,
 
OP
OP
K

kisscool-fr

Active Member

Reaction score: 19
Messages: 196

I don't know if they are necessary but they may be helpful informations

Code:
# uname -a
FreeBSD services.static.corp.lan 7.3-RELEASE-p2 FreeBSD 7.3-RELEASE-p2 #0: Wed Sep 15 17:04:16 CEST 2010     root@services.corp.lan:/usr/obj/usr/src/sys/GENERIC  i386
Code:
# egrep "^[aA-zZ]" /usr/local/etc/pptpd.conf
option pptpd
debug
logwtmp
remoteip 10.1.1.111-120
listen 10.1.1.253
Code:
# egrep -v "^#" /etc/ppp/ppp.conf

pptpd:
 set escape 0xff
 set device localhost:pptp
 set dial
 set timeout 0
 set log Phase Chat Connect LCP IPCP IPV6CP CCP tun command
 set ifaddr 10.1.1.110 10.1.1.111-10.1.1.120 255.255.255.255

 set mppe 128 stateful
 enable MSCHAPv2
 disable deflate pred1 lqr
 deny deflate pred1 lqr

 disable ipv6cp


 accept dns
 set dns 10.1.1.253
 set nbns 10.1.1.204


 enable proxy

Poptop allow different address assignement methods (range from lan, routable, nat-able). The config above is for the first method.


If any other informations are required, i'll be happy to provide them.

kisscool-fr,
 
OP
OP
K

kisscool-fr

Active Member

Reaction score: 19
Messages: 196

I do not have any 8.1 server currently. I'll try to make one server available for testing.

When i was installing the old vpn server, I read docs, forums, etc ... and the conclusion was that mpd was buggy and more difficult to configure. Maybe things have changed since. I'll try it ultimately if I have enough time.
 
OP
OP
K

kisscool-fr

Active Member

Reaction score: 19
Messages: 196

Changing poptop configuration to allow routable or nat-able ranges, the problem persist. If more than one user are connected and the first client disconnects, all other vpn clients routes are cleared.


Finally, I installed FreeBSD 8.1 with poptop on an available laptop and after some more tests, the problem is still here.

First client connects
Code:
root@pptpsrv:~# netstat -r | grep tun
10.1.2.52          link#5             UHS         0        1   tun0
root@pptpsrv:~#
Second client connect
Code:
root@pptpsrv:~# netstat -r | grep tun
10.1.2.52          link#5             UHS         0        3   tun0
10.1.2.53          link#6             UHS         0        0   tun1
root@pptpsrv:~#
And when the first client disconnect
Code:
root@pptpsrv:~# netstat -r | grep tun
root@pptpsrv:~#
And on the second client no more traffic is possible.


So I don't know, am I doing something wrong or is there really something buggy with the system (ppp) ?
 
OP
OP
K

kisscool-fr

Active Member

Reaction score: 19
Messages: 196

I tried mpd 5.5. on the laptop with 8.1.

I configured mpd following the pptp_server params in the sample file. Just made little adjustments for my lan.

I was pleasantly surprised when I see that I can have multiple connections at a time, clients can connect and disconnect in any order without altering other's clients routes. All connections are ok (web/ftp/ssh on remote lan and net) but i don't know why can't access any smb share (which is possible throught poptop). I tried playing with nbns and proxy-arp but smb don't work.

If I find the solution to the problems with smb shares, I'll try mpd on the 7.3 server and if it is concluant I will switch to mpd.


But it not fixes the case when running poptop. Can anyone reproduce the same issues with poptop ?
 
OP
OP
K

kisscool-fr

Active Member

Reaction score: 19
Messages: 196

smb share browsing is solved.
I did not change anything in mpd configuration. I don't know how but it just works.

I had send a bug report for the issue with poptop. I hope somebody will find something concluant.
 
Top