From allbery@pyanfar.ece.cmu.edu  Fri Apr 19 21:24:25 2002
Return-Path: <allbery@pyanfar.ece.cmu.edu>
Received: from pyanfar.ece.cmu.edu (VPN100.ECE.CMU.EDU [128.2.138.100])
	by hub.freebsd.org (Postfix) with ESMTP id 008A837B400
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 19 Apr 2002 21:24:22 -0700 (PDT)
Received: from pyanfar.ece.cmu.edu (allbery@localhost [127.0.0.1])
	by pyanfar.ece.cmu.edu (8.12.3/8.12.2) with ESMTP id g3K4OI6n063045
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 20 Apr 2002 00:24:19 -0400 (EDT)
	(envelope-from allbery@pyanfar.ece.cmu.edu)
Received: (from allbery@localhost)
	by pyanfar.ece.cmu.edu (8.12.3/8.12.3/Submit) id g3K4OGgS062974;
	Sat, 20 Apr 2002 00:24:16 -0400 (EDT)
Message-Id: <200204200424.g3K4OGgS062974@pyanfar.ece.cmu.edu>
Date: Sat, 20 Apr 2002 00:24:16 -0400 (EDT)
From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Reply-To: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: mpd-3.7 fails PPTP with working-with-3.2 config
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         37269
>Category:       ports
>Synopsis:       mpd-3.7 fails PPTP with working-with-3.2 config
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    archie
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 19 21:30:01 PDT 2002
>Closed-Date:    Mon May 06 12:05:44 PDT 2002
>Last-Modified:  Mon May 06 12:05:44 PDT 2002
>Originator:     Brandon S. Allbery KF8NH
>Release:        FreeBSD 4.5-STABLE i386
>Organization:
Carnegie Mellon University, ECE Computing Facilities
>Environment:
System: FreeBSD pyanfar.ece.cmu.edu 4.5-STABLE FreeBSD 4.5-STABLE #0: Fri Apr 19 16:06:02 EDT 2002 allbery@pyanfar.ece.cmu.edu:/usr/obj/usr/src/sys/PYANFAR i386

mpd-3.7
Cisco VPN 3000

>Description:

mpd 3.7 refuses connection to a Cisco VPN 3000 concentrator; this worked
with mpd 3.3, which I ran until recent kernel changes caused that to panic
in the netgraph code.  Specifically:

[vpn] LCP: phase shift AUTHENTICATE --> NETWORK^M
[vpn] up: 1 link, total bandwidth 64000 bps^M
[vpn] IPCP: Up event^M
[vpn] IPCP: state change Starting --> Req-Sent^M
[vpn] IPCP: SendConfigReq #1^M
 IPADDR 128.2.138.1^M
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid^M
[vpn] IPCP: rec'd Configure Request #0 link 0 (Req-Sent)^M
 IPADDR 128.2.128.10^M
   Same as PPTP IP; would cause routing loop^M
   NAKing with 128.2.128.10^M
[vpn] IPCP: SendConfigNak #0^M
 IPADDR 128.2.128.10^M
[vpn] IPCP: rec'd Configure Request #1 link 0 (Req-Sent)^M
 IPADDR 128.2.128.10^M
   Same as PPTP IP; would cause routing loop^M
   NAKing with 128.2.128.10^M
[vpn] IPCP: SendConfigNak #1^M
 IPADDR 128.2.128.10^M

(repeat until it gives up)

The VPN3000 works fine with Windows clients.

>How-To-Repeat:

mpd configuration files attached.  (naturally I cannot provide account
information to connect to our server.)  simply running /usr/local/sbin/mpd
results in the above failure.

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	mpd.conf
#	mpd.links
#
echo x - mpd.conf
sed 's/^X//' >mpd.conf << 'END-of-mpd.conf'
X#################################################################
X#
X#	MPD configuration file
X#
X# This file defines the configuration for mpd: what the
X# bundles are, what the links are in those bundles, how
X# the interface should be configured, various PPP parameters,
X# etc. It contains commands just as you would type them
X# in at the console. A blank line ends an entry. Lines
X# starting with a "#" are comments and get completely
X# ignored.
X#
X# $Id: mpd.conf.sample,v 1.6 2000/10/01 22:11:04 archie Exp $
X#
X#################################################################
X
X#
X# Default configuration is "myisp"
X
Xdefault:
X	load ecevpn
X
Xecevpn:
X	new -i ng1 vpn vpn
X	set iface disable on-demand
X	#set iface addrs 192.168.1.1 128.2.138.1
X	set iface idle 0
X	# routes for the zservers are now done in the ifup script
X	set iface up-script /usr/local/etc/mpd/mpd.ifup
X	set iface down-script /usr/local/etc/mpd/mpd.ifdown
X	set bundle disable multilink
X	set bundle authname "ECE\\allbery"
X	set link yes acfcomp protocomp
X	set link no pap
X	set link yes chap
X	set link enable no-orig-auth
X	set link keep-alive 10 75
X	set ipcp yes vjcomp
X	#set ipcp ranges 128.2.138.1/24 128.2.128.10/20
X	set ipcp ranges 128.2.138.1/0 128.2.128.10/0
X	open
END-of-mpd.conf
echo x - mpd.links
sed 's/^X//' >mpd.links << 'END-of-mpd.links'
Xvpn:
X        set link type pptp
X        set pptp peer 128.2.128.10
X        set pptp enable originate outcall
END-of-mpd.links
exit

>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->archie 
Responsible-Changed-By: ijliao 
Responsible-Changed-When: Sat Apr 20 08:18:45 PDT 2002 
Responsible-Changed-Why:  
over to maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37269 
State-Changed-From-To: open->closed 
State-Changed-By: archie 
State-Changed-When: Mon May 6 12:04:05 PDT 2002 
State-Changed-Why:  
Upgrade to mpd-3.8; it no longer prevents you from negotiating 
equivalent internal and external IP addresses. You should also 
upgrade to 4.5-REL to avoid the kernel panic. But in any case, 
it won't work unless you first install a host route to the 
remote peer, so that the PPTP packets don't get routed back 
through the PPTP tunnel (which is the root of the problem). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37269 
>Unformatted:
