# FreeBSD 8.0 and mpd5.3



## shtirlitsus (Nov 24, 2009)

Hi!
I have FreeBSD 8.0 i386 and mpd5.3 as vpn-server. All configs and setting are taked from working server on FreeBSD 7.2.
When users starts connecting there are messages:
in /var/log/messages:

```
kernel: ifa_add_loopback_route: insertion failed
```
in mpd log:

```
Nov 24 12:17:02 vpn5 mpd: [B-2] IPCP: state change Ack-Rcvd --> Opened
Nov 24 12:17:02 vpn5 mpd: [B-2] IPCP: LayerUp
Nov 24 12:17:02 vpn5 mpd: [B-2]   10.128.0.1 -> 10.16.6.246
Nov 24 12:17:02 vpn5 mpd: [B-2] IFACE: Adding IPv4 address to ng1 failed: File exists
Nov 24 12:17:02 vpn5 mpd: [B-2] IFACE: IfaceChangeAddr() error, closing IPCP
```
and user get Error 629.
Before cennecing IP address 10.16.6.246 is not present in routing table. When only one user try to connect to server - it's going fine. When more then one - I have this error. 
Ma be the reason is http://gitorious.org/freebsd/freebsd/commit/c4f7ed40be50d6e4afc0d20be74f7a7d501fff71
Thank you.
PS. Before 8.0 release I tryed the same on 8.0RC1. Same result.


----------



## seventh (Nov 24, 2009)

Sorry for offtopic. How are you install mpd5 on 8.0? I've give an error


```
...

/usr/include/netgraph/ng_message.h:51:1: warning: this is the location of the previous definition
ipacctctl.c:147: error: 'NG_PATHLEN' undeclared here (not in a function)
ipacctctl.c: In function 'ip_account_get_info':
ipacctctl.c:506: warning: unused variable 'path'
ipacctctl.c: In function 'ip_account_show':
ipacctctl.c:603: warning: unused variable 'path'
*** Error code 1

...
```


----------



## shtirlitsus (Nov 24, 2009)

seventh said:
			
		

> Sorry for offtopic. How are you install mpd5 on 8.0? I've give an error


From fresh ports.


----------



## dir1212 (Nov 24, 2009)

Also having same issue with mpd 5.3 (and 5.4a1) on 8.0 rc1 rc2 and 8.0 release. 7.2-STABLE works fine with the same config.


----------



## aragon (Nov 25, 2009)

Are you using 10.128.0.1 or 10.16.6.246 on any other interfaces on your mpd server?


----------



## shtirlitsus (Nov 25, 2009)

aragon said:
			
		

> Are you using 10.128.0.1 or 10.16.6.246 on any other interfaces on your mpd server?



10.128.0.1 - is server address for clients. one fore all
10.16.6.246 - is client address, going from RADIUS

mpd.conf:

```
set ipcp ranges 10.128.0.1/32 10.16.0.0/16
```


----------



## aragon (Nov 25, 2009)

shtirlitsus said:
			
		

> 10.128.0.1 - is server address for clients. one fore all
> 10.16.6.246 - is client address, going from RADIUS


I am wondering if there are any other interfaces in your system (other than the ng interfaces) that have either of these addresses assigned to them?  eg. any of the ethernet interfaces.


----------



## shtirlitsus (Nov 25, 2009)

aragon said:
			
		

> I am wondering if there are any other interfaces in your system (other than the ng interfaces) that have either of these addresses assigned to them?  eg. any of the ethernet interfaces.



yes. there is 2 Gigabit Ethernet
rc.conf:

```
ifconfig_em1="inet 195.20.XXX.XXX/27 polling name ifreal"
ifconfig_em0="inet 172.22.0.249/24 polling name ifloc"
```

by the way i was told earlier, config from working FreeBSD 7.2


----------



## shtirlitsus (Nov 25, 2009)

aragon said:
			
		

> I am wondering if there are any other interfaces in your system (other than the ng interfaces) that have either of these addresses assigned to them?  eg. any of the ethernet interfaces.



but tey don't have either of these addresses (10.128.0.1 or 10.16.6.246) assigned to them


----------



## seventh (Nov 26, 2009)

Once again, excuse me for offtopic. I still can't install mpd5 after the portupgrade. Now another errors.


```
.......
ng_ipacct.c:612: error: dereferencing pointer to incomplete type
ng_ipacct.c:615: error: dereferencing pointer to incomplete type
ng_ipacct.c: In function 'ip_account_show':
ng_ipacct.c:743: error: dereferencing pointer to incomplete type
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct/work/ng_ipacct/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct/work/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net-mgmt/ng_ipacct.
*** Error code 1

Stop in /usr/ports/net/mpd5.
*** Error code 1

Stop in /usr/ports/net/mpd5.
7th_ipfw#
```
Here is the full listing.
What must I do? Thanks in advance.


----------



## shtirlitsus (Nov 27, 2009)

seventh said:
			
		

> Once again, excuse me for offtopic. I still can't install mpd5 after the portupgrade. Now another errors.
> 
> 
> ```
> ...



I have compiled mpd5 without ipacct. do you really need mpd with ipacct?


----------



## seventh (Nov 27, 2009)

Wow! I do it! Thanks a lot!
(for russians)


----------



## shtirlitsus (Nov 27, 2009)

Hey! Offtop problem is solved! My problem IS NOT solved!


----------



## seventh (Nov 30, 2009)

Again hi to all 
So, now I have almost the same problem. I successfully connect to my server, but not ping anything except the server itself. And have the same line in /var/log/messages

```
Nov 30 12:35:09 7th_ipfw kernel: ifa_add_loopback_route: insertion failed
```
FreeBSD 8.0 RC3


----------



## Base (Dec 8, 2009)

Has anyone solution for that problem ?


----------



## seventh (Dec 9, 2009)

http://forum.nag.ru/forum/index.php?showtopic=53212


----------



## hshh (Dec 17, 2009)

any one has tested this http://lists.freebsd.org/pipermail/freebsd-net/2009-December/024030.html ?


----------



## lbl (Jan 22, 2010)

Hi shtirlitsus

Woud you mind sharing your mpd configuration ?

/lbl


----------



## shtirlitsus (Jan 22, 2010)

here is my mpd.conf


```
default:

startup:

    load vpn_server

vpn_server:
    create bundle template B
    set iface enable proxy-arp
    set iface idle 0
    set iface enable tcpmssfix
    set iface up-script /usr/local/etc/mpd5/linkup
    set iface down-script /usr/local/etc/mpd5/linkdown
    set ipcp no vjcomp
    set ipcp dns aaa.aaa.aaa.aaa
    set ipcp dns bbb.bbb.bbb.bbb
    set ipcp ranges 10.128.0.1/32 10.16.0.0/16

    set bundle disable compression

    #set iface enable netflow-in
    #set iface enable netflow-out

    set mppc no e40
    set mppc no e128
    set mppc no stateless

    create link template L pptp
    set link action bundle B
    set link disable multilink
    set link yes acfcomp protocomp
    set link no pap chap
    set link enable chap
    set link keep-alive 360 720
    set link mtu 1492
    set link enable peer-as-calling
    set pptp self 172.22.0.251
#    set pptp disable originate
    set pptp disable windowing
    load radius
    set link enable incoming

radius:
    set radius server xx.xx.xx.xx password 1812 1813
    set radius retries 2
    set radius timeout 10
    set auth acct-update 120
    set auth enable radius-auth
    set auth enable radius-acct
    set radius enable message-authentic
```


----------



## lbl (Jan 22, 2010)

*Not working here.*

I more or less replicated your configuration now ...

A.A.A.A = <public ip 1>
B.B.B.B = <public ip 1>
C::2 = <ipv6 1>
C::1 = <ipv6 2>
D::X = <ipv6 extras)

Configuration and start up:


```
[root@atom2 /usr/local/etc/mpd5]# cat mpd.conf
default:

startup:

    load vpn_server

vpn_server:
    create bundle template B
    set iface enable proxy-arp
    set iface idle 0
    set iface enable tcpmssfix
    #set iface up-script /usr/local/etc/mpd5/linkup
    #set iface down-script /usr/local/etc/mpd5/linkdown
    set ipcp no vjcomp
    set ipcp dns 8.8.8.8
    set ipcp dns 4.4.2.2
    set ipcp ranges 10.20.5.53/32 10.20.5.0/24

    set bundle disable compression

    set mppc no e40
    set mppc no e128
    set mppc no stateless

    create link template L pptp
    set link action bundle B
    set link disable multilink
    set link yes acfcomp protocomp
    set link no pap chap
    set link enable chap
    set link keep-alive 360 720
    set link mtu 1492
    set link enable peer-as-calling
    set pptp self A.A.A.A
    set pptp disable windowing
    set link enable incoming
[root@atom2 /usr/local/etc/mpd5]# cat mpd.secret
test test
You have new mail in /var/mail/root
[root@atom2 /usr/local/etc/mpd5]# mpd5
Multi-link PPP daemon for FreeBSD
 
process 14226 started, version 5.4 (root@atom2 12:19 22-Jan-2010)
PPTP: waiting for connection on A.A.A.A 1723
[L]
```

TCPDUMP/socks/netstat while trying to connect:


```
[root@atom2 /usr/local/etc/mpd5]# tcpdump -i vlan110 -n port 1723
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan110, link-type EN10MB (Ethernet), capture size 96 bytes
14:54:13.665145 IP 94.189.52.243.35504 > A.A.A.A.1723: Flags [S], seq 172474990, win 5840, options [mss 1380,sackOK,TS val 1640082 ecr 0,nop,wscale 1], length 0
14:54:15.194677 IP 94.189.52.243.35504 > A.A.A.A.1723: Flags [S], seq 172474990, win 5840, options [mss 1380,sackOK,TS val 1640382 ecr 0,nop,wscale 1], length 0
14:54:22.673092 IP 94.189.52.243.35504 > A.A.A.A.1723: Flags [S], seq 172474990, win 5840, options [mss 1380,sackOK,TS val 1640982 ecr 0,nop,wscale 1], length 0
^C
3 packets captured
51 packets received by filter
0 packets dropped by kernel
[root@atom2 /usr/local/etc/mpd5]# sockstat | grep 1723
root     mpd5       14226 19 tcp4   A.A.A.A:1723   *:*
[root@atom2 /usr/local/etc/mpd5]# netstat | grep 1723
[root@atom2 /usr/local/etc/mpd5]# netstat -an | grep 1723
tcp4       0      0 A.A.A.A.1723    94.189.52.243.35504    SYN_RCVD
tcp4       0      0 A.A.A.A.1723    *.*                    LISTEN
[root@atom2 /usr/local/etc/mpd5]#
```

ifconfig:


```
[root@atom2 /usr/local/etc/mpd5]# ifconfig
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
	ether 00:1c:c0:9b:72:16
	inet6 fe80::21c:c0ff:fe9b:7216%re0 prefixlen 64 scopeid 0x1 
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
vlan100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:1c:c0:9b:72:16
	inet 10.20.5.52 netmask 0xffffff00 broadcast 10.20.5.255
	inet6 fe80::21c:c0ff:fe9b:7216%vlan100 prefixlen 64 scopeid 0x4 
	inet6 D::1 prefixlen 48 
	inet6 D::52 prefixlen 48 
	inet 10.20.5.72 netmask 0xffffff00 broadcast 10.20.5.255
	inet6 D::72 prefixlen 48 
	inet 10.20.5.73 netmask 0xffffff00 broadcast 10.20.5.255
	inet6 D::73 prefixlen 48 
	inet 10.20.5.74 netmask 0xffffff00 broadcast 10.20.5.255
	inet6 D::74 prefixlen 48 
	inet 10.20.5.75 netmask 0xffffff00 broadcast 10.20.5.255
	inet6 D::75 prefixlen 48 
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	vlan: 100 parent interface: re0
vlan110: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:1c:c0:9b:72:16
	inet6 fe80::21c:c0ff:fe9b:7216%vlan110 prefixlen 64 scopeid 0x5 
	inet A.A.A.A netmask 0xfffffe00 broadcast 89.150.139.255
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	vlan: 110 parent interface: re0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether fa:f4:71:84:cf:77
	inet B.B.B.B netmask 0xfffffe00 broadcast 89.150.139.255
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: vlan110 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 5 priority 128 path cost 20000
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
	tunnel inet A.A.A.A --> 90.185.0.134
	inet6 C::2 --> C::1 prefixlen 128 
	inet6 fe80::21c:c0ff:fe9b:7216%gif0 prefixlen 64 scopeid 0x7 
	options=1<ACCEPT_REV_ETHIP_VER>
[root@atom2 /usr/local/etc/mpd5]#
```

I kinda knew that this wudent work but the clientent isent responding to the client at all.

Any clues to get closer ?

/lbl


----------



## shtirlitsus (Feb 5, 2010)

hshh said:
			
		

> any one has tested this http://lists.freebsd.org/pipermail/freebsd-net/2009-December/024030.html ?



this patch seems to solve the problem


----------



## shtirlitsus (Feb 10, 2010)

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/in.c#rev1.143.2.13


----------



## edhunter (Feb 26, 2010)

Is it safe to use this version of in.c (1.143.2.13) on RELENG_8_0 (release)?


----------



## hshh (Feb 27, 2010)

edhunter said:
			
		

> Is it safe to use this version of in.c (1.143.2.13) on RELENG_8_0 (release)?



There is not only one file patched


----------



## edhunter (Feb 27, 2010)

yep i tought so 
I hope that devs will bring this to 8_0 too in near future.


----------



## hshh (Feb 28, 2010)

I also request that.


----------



## edhunter (Apr 12, 2010)

2 days ago switched from RELENG_8_0 (release) to RELENG_8 (stable), rebuilded world and mpd5.5. And still have problems with proxy-arp. 
After reading some posts on the list (http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2010-03/msg00319.html) I made some experimentings.

In my system one of ethernet adapters (dedicated to lan) has ip 192.168.0.2/24.

When in mpd.conf I set separate ip for the local end of vpn like this:

```
set ipcp ranges 192.168.0.200/32 ippool pool1
```
Proxy arp does *not* work. (error 256 in the log)


But, when I set the ip to be the same as my ethernet adapter's one:

```
set ipcp ranges 192.168.0.2/32 ippool pool1
```
everything is fine! 

But I am not sure if this configuration (same ip for different adapters) is correct. Is it possible to expect problems?


----------

