The following reply was made to PR kern/147720; it has been noted by GNATS.
From: Vadim Goncharov <[email protected]> To: "[email protected]" <[email protected]> Cc: [email protected] Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd Date: Tue, 12 Jul 2011 22:45:47 +0700 Hi [email protected]! On Tue, 21 Jun 2011 07:10:07 GMT; [email protected] <[email protected]> wrote: > I tested patch-1.diff and found several problems. When I use 2 channels > my VPN (I use mpd with connect type pptp) stop working. This problem > appears not on all servers. > > Here my results of tests: > > 1) FreeBSD 8.1 amd64 (VPN server), 2 external real IPs - doesn't work VPN > 2) FreeBSD 8.2 i386 , 1 external real IP (second - doesn't real) - > doesn't work connect on second (not real) IP > 3) FreeBSD 8.1 i386 (VPN client), 2 external real IPs - all works fine > 4) FreeBSD 8.2 i386 (VPN client), 1 external real IP (second - doesn't > real) - connect from 2 external IPs works, but doesn't work VPN. This is not really problem with the patch, as PPTP is using not only TCP connection, but also establish a GRE tunnel, independent from that TCP connection from the dynamic rules' point of view. There must be something tracking packet data payload (e.g. libalias-based NAT engine supports this) which will link two connections together. This message, still, does not provide any useful information even to conclude if there some regression with this patch. Personally I think this is the architectural problem with PPTP, and patch was just used in a non-appropriate conditions, i.e. such configuration should be avoided, and patch itself is OK. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:[email protected] [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
