From nobody@FreeBSD.org  Wed Nov 16 10:26:00 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CAF5816A41F
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 16 Nov 2005 10:26:00 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7BFC143D46
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 16 Nov 2005 10:26:00 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id jAGAPxTk096487
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 16 Nov 2005 10:25:59 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id jAGAPxu4096486;
	Wed, 16 Nov 2005 10:25:59 GMT
	(envelope-from nobody)
Message-Id: <200511161025.jAGAPxu4096486@www.freebsd.org>
Date: Wed, 16 Nov 2005 10:25:59 GMT
From: Valery Marchuk <vmarchuk@argocom.cv.ua>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Problem in PPP implementatin on FreeBSD 5.4
X-Send-Pr-Version: www-2.3

>Number:         89108
>Category:       bin
>Synopsis:       [ppp] Problem in PPP implementation on FreeBSD 5.4
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 16 10:30:12 GMT 2005
>Closed-Date:    Fri Dec 09 10:33:40 GMT 2005
>Last-Modified:  Fri Dec 09 10:33:40 GMT 2005
>Originator:     Valery Marchuk
>Release:        FreeBSD 5.4
>Organization:
ArgoCom Ltd
>Environment:
FreeBSD xxx.xx 5.4-RELEASE FreeBSD 5.4-RELEASE #3: Tue May 31 15:07:10 EEST 2005     root@xxx.xx:/usr/obj/usr/src/sys/vpn_kernel  i386

FreeBSD xxx.xx 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed Jun  8 13:35:51 UTC 2005     sergi@xxx:/usr/src/sys/i386/compile/IPFKERNEL i386 

>Description:
Hi!
We have discovered a problem in PPP implementation on FreeBSD 5.4 with poptop installed. The problem is in the way PPP handles VPN clients with static IP addresses. More than one user can successfully establish VPN connections under the same login and password at the same time to the VPN server. For example:
tun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400
        inet xxx.xxx.xxx.xxx --> 172.20.6.3 netmask 0xffffffff   
        Opened by PID 25411                                
tun7: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400
        inet xxx.xxx.xxx.xxx --> 172.20.6.3 netmask 0xffffffff   
        Opened by PID 25413                                

The real problem occurs when vpn tunnel fails on the client side, but still exists on the server one and user creates another VPN connection (lqr period is set to 12, so it could happen when user establishes a new connection within 1 minute). The first tunnel becomes a zombie and PPP doesnt drop it. 
If there are more than one zombie tunnel on the system, it is impossible for user to use Internet. The user just can send information through the last tunnel, but the previous one receives all the replies.
Tested on PPP
PPP Version 3.1 - Jun  8 2005
PPP Version 3.4.2 - May  8 2005


If You`ll need, I could send you my configuration files.
Hope for cooperation
Valery Marchuk
>How-To-Repeat:
1. Install poptop and configure ppp to use static ip addresses for each login (each user must receive his IP address from the server)
2. Create 2 or more VPN connections from different PCs under the same user account (e.g. login, password)
3. try to ping something from all PCs
>Fix:
              
>Release-Note:
>Audit-Trail:

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Valery Marchuk <vmarchuk@argocom.cv.ua>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/89108: Problem in PPP implementatin on FreeBSD 5.4
Date: Wed, 16 Nov 2005 18:18:25 +0300

   Valery,
 
   is your PR related to user-level ppp(4) or to kernel level ppp(4),
 driven by pppd(8) daemon?
 
 -- 
 Totus tuus, Glebius.
 GLEBIUS-RIPN GLEB-RIPE
State-Changed-From-To: open->feedback 
State-Changed-By: glebius 
State-Changed-When: Tue Dec 6 11:22:04 GMT 2005 
State-Changed-Why:  
Some time ago the submitter was asked fro feedback. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=89108 

From: "Valery Marchuk" <security@nightmail.ru>
To: "Gleb Smirnoff" <glebius@FreeBSD.org>,
	<bug-followup@FreeBSD.org>
Cc:  
Subject: Re: bin/89108: [ppp] Problem in PPP implementation on FreeBSD 5.4
Date: Fri, 9 Dec 2005 12:12:48 +0200

 >Valery,
 
 > is your PR related to user-level ppp(4) or to kernel level ppp(4),
 > driven by pppd(8) daemon?
 
 Actually both. And it does not matter wether poptop is compiled with 
 PPPD_IP_ALLOC or not.
 
 ----- Original Message ----- 
 From: "Gleb Smirnoff" <glebius@FreeBSD.org>
 To: <vmarchuk@argocom.cv.ua>; <glebius@FreeBSD.org>;
 <freebsd-bugs@FreeBSD.org>
 Sent: Tuesday, December 06, 2005 1:22 PM
 Subject: Re: bin/89108: [ppp] Problem in PPP implementation on FreeBSD 5.4
 
 
 > Synopsis: [ppp] Problem in PPP implementation on FreeBSD 5.4
 >
 > State-Changed-From-To: open->feedback
 > State-Changed-By: glebius
 > State-Changed-When: Tue Dec 6 11:22:04 GMT 2005
 > State-Changed-Why:
 > Some time ago the submitter was asked fro feedback.
 >
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=89108
 

From: "Valery Marchuk" <tecklord@securitylab.ru>
To: "Gleb Smirnoff" <glebius@FreeBSD.org>, <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: bin/89108: [ppp] Problem in PPP implementation on FreeBSD 5.4
Date: Fri, 9 Dec 2005 12:14:24 +0200

 >Valery,
 
 > is your PR related to user-level ppp(4) or to kernel level ppp(4),
 > driven by pppd(8) daemon?
 
 Actually both. And it does not matter wether poptop is compiled with 
 PPPD_IP_ALLOC or not.
 
 ----- Original Message ----- 
 From: "Gleb Smirnoff" <glebius@FreeBSD.org>
 To: <vmarchuk@argocom.cv.ua>; <glebius@FreeBSD.org>;
 <freebsd-bugs@FreeBSD.org>
 Sent: Tuesday, December 06, 2005 1:22 PM
 Subject: Re: bin/89108: [ppp] Problem in PPP implementation on FreeBSD 5.4
 
 
 > Synopsis: [ppp] Problem in PPP implementation on FreeBSD 5.4
 >
 > State-Changed-From-To: open->feedback
 > State-Changed-By: glebius
 > State-Changed-When: Tue Dec 6 11:22:04 GMT 2005
 > State-Changed-Why:
 > Some time ago the submitter was asked fro feedback.
 >
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=89108
 
State-Changed-From-To: feedback->closed 
State-Changed-By: glebius 
State-Changed-When: Fri Dec 9 10:33:10 GMT 2005 
State-Changed-Why:  
Actually the PPP software or RADIUS should take care about colliding 
client IP addresses. Historically PPP software didn't do this relying 
on the fact that kernel will refuse such configuration. Meanwhile 
this configuration is valid and in some cases it is useful, and thus 
since FreeBSD 5.4-RELEASE kernel doesn't refuse same IP addresses 
on different interfaces. 

To assist software that relies on the old behavior a helper sysctl 
is available - net.inet.ip.same_prefix_carp_only. To get the old 
behavior you need to add the following line to your /etc/sysctl.conf: 

net.inet.ip.same_prefix_carp_only=1 

http://www.freebsd.org/cgi/query-pr.cgi?pr=89108 
>Unformatted:
