Re: ng_eiface hangs on 4.6RC
On Thu, 23 May 2002 08:32:35 -0400, in sentex.lists.freebsd.net you wrote: >Hello! > >I updated to 4.6-RC on May 22. Posted to freebsd-stable >(I also made /usr/sbin/ngctl; but I did not do a complete buildworld. >Could that be a problem ?) Yes, it could very much be your problem. Do a complete buildworld first so you really do update to 4.6 and try again. ---Mike Mike Tancsa ([EMAIL PROTECTED]) Sentex Communications Corp, Waterloo, Ontario, Canada "Given enough time, 100 monkeys on 100 routers could setup a national IP network." (KDW2) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: ng_fwdswitch netgraph node
And why make it one-directional only? It shouldn't improve performance. So it's rather an "IP router" than "fwdswitch". many2many IP routing node would be useful in many situations. Yuri >The fwdswitch node, could be imagined as a 'many2many' node but > monodirectional only: packets flow from 'in' hooks to 'out' hooks > only. The decision about which 'out' hook to choose to forward a > packet is taken going through a forwarding table that associates > an IPaddress/netmask to an output hook index. Packets that are not > matched or frames that are not IP packets will be forwarded to the > 'default' hook. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: ng_fwdswitch netgraph node
And why make it one-directional only? It shouldn't improve performance. So it's rather an "IP router" than "fwdswitch". many2many IP routing node would be useful in many situations. Yuri >The fwdswitch node, could be imagined as a 'many2many' node but > monodirectional only: packets flow from 'in' hooks to 'out' hooks > only. The decision about which 'out' hook to choose to forward a > packet is taken going through a forwarding table that associates > an IPaddress/netmask to an output hook index. Packets that are not > matched or frames that are not IP packets will be forwarded to the > 'default' hook. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Question about Dummynet and Diffserv
On Thu, May 23, 2002 at 12:59:35PM -0400, Craig Rodrigues wrote:
...
> Hi,
>
> I merged from -CURRENT to my -STABLE tree some changes made in October 2000 to
> sys/netinet/ip_fw.{c,h} and sbin/ipfw/ipfw.c which add ipfw
> filtering based on iptos.
>
> However, from reading the documentation, it seems that only the
> older IP TOS precedence values are supported for filtering.
i am not sure but i seem to remember seeing keywords for the
newer codepoint values as well. In any case, they should not be
hard to add.
cheers
luigi
> Is it possible to use ipfw to filter based on any Diffserv codepoint value?
>
> This is from the man page:
>
> " iptos spec
> Match if the IP header contains the comma separated list
> of service types specified in spec. The supported IP
> types of service are:
>
> lowdelay (IPTOS_LOWDELAY), throughput (IPTOS_THROUGHPUT),
> reliability (IPTOS_RELIABILITY), mincost (IPTOS_MINCOST),
> congestion (IPTOS_CE). The absence of a particular type
> may be denoted with a `'!.
> "
>
> Thanks.
> --
> Craig RodriguesDistributed Systems and Logistics, Office 6/304
> [EMAIL PROTECTED] BBN Technologies, a Verizon company
> (617) 873-4725 Cambridge, MA
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
Re: ng_fwdswitch netgraph node
Re, On Friday, May 24th, 2002, alle 03:09 PM, Yuri Victorovich wrote: > And why make it one-directional only? It shouldn't improve performance. > So it's rather an "IP router" than "fwdswitch". > many2many IP routing node would be useful in many situations. > > Yuri > Well I needed a node that would have forwarded IP packets from a source interface pool to a destination interface pool analyzing source and destination addresses. The very task this node had to accomplish was to nicely behave as an IDS load balancer, whence the monodirectional nature. The source pool would be hooked to the span/mirroring ports to monitor, and the destination pool would be hooked to the IDS sensors. Because of the way a distributed IDS is working I needed to forward them packets in some coherent fashion. The quickest idea to implement was just tag or identify packets flowing to/from an IP network to monitor and forward them to the sensor which is supposed to analyze that data. In this case for each IP network we configure we have a destination hook to forward the traffic. Needless to say that if you want to monitor two different networks and forward them to different destination hooks, since the module does not copy data, it will forward to the first match when we sniff packets which come from one of those and go to the other one. As for treating ng_fwdswitch more like an IP router, well it is not intended to be that. I agree with you about the misleading name, I think I'd have called it something like "basicsrcdstpacketfwd" :-) I'm sorry about that. Rocco -- Rocco Lucia - [EMAIL PROTECTED] Iscanet Internet Services http://elisa.utopianet.net/~rluciaSystem and Network Admin C6E6 AC9A 1361 FB38 B47A 2792 9FC4 C52F 7A68 4468 Free unices for a free world. Support *BSD. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
lge driver and vlan
is it possible to do vlan tagging 802.11q with the lge driver under FreeBSD RELENG_4 (4-STABLE) ? If not ? does someone has patches so it can be done ? -- === Christophe PrevotauxEmail: [EMAIL PROTECTED] HEXANET SARLURL: http://www.hexanet.fr/ Z.A.C Les CharmillesTel: +33 (0)3 26 79 30 05 3 Allée Thierry Sabine Direct: +33 (0)3 26 79 08 02 BP202 Fax: +33 (0)3 26 79 30 06 51686 Reims Cedex 2 FRANCE HEXANET Network Operation Center === To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
lge question
Why do I get this messages on a regular basis even knowing that the interface is already up and running ? mymachine /kernel: lge0: gigabit link up -- === Christophe PrevotauxEmail: [EMAIL PROTECTED] HEXANET SARLURL: http://www.hexanet.fr/ Z.A.C Les CharmillesTel: +33 (0)3 26 79 30 05 3 Allée Thierry Sabine Direct: +33 (0)3 26 79 08 02 BP202 Fax: +33 (0)3 26 79 30 06 51686 Reims Cedex 2 FRANCE HEXANET Network Operation Center === To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: lge driver and vlan
On Fri, 24 May 2002, Christophe Prevotaux wrote: CP> is it possible to do vlan tagging 802.11q with the lge CP> driver under FreeBSD RELENG_4 (4-STABLE) ? CP> >From lge(4) manpage: The LXT1001 supports TCP/IP checksum offload for receive and VLAN-based filtering as well as a 64-bit multicast hash filter. It also supports jumbo frames, which can be configured via the interface MTU setting. Selecting an MTU larger than 1500 bytes with the ifconfig(8) utility con- figures the adapter to receive and transmit jumbo frames. Using jumbo frames can greatly improve performance for certain tasks, such as file transfers and data streaming. [Don't know whether VLAN support really works due to absense of lge cards ;-)] Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: ng_fwdswitch netgraph node
some comments.. 1/ it may be more useful to not make any distinction between 'in' and 'out' hooks but just have connections.. The hooks could be given purely arbitrary names e.g. "source1" and "suspicious" a hook could be configured as being 'read-only' by command rather than by special name.. (though special names are not a very bad way of doing it.. "out-normal" and "out-dubious" for example.. I haven't looked at the code yet, just the man page.. Julian On Fri, 24 May 2002, Rocco Lucia wrote: > Hello, >I tweaked a little the one2many node to realize some different > kind of packet switching node. I needed something that would help me > to split over different IDS sensors data coming from span/mirroring > session done on the network. At first I tried to glue some bpf nodes > but I had no luck since performance was very poor and I had tons of > packets lost (p3 866MHz, ~100kpt/s inbound). > >The fwdswitch node, could be imagined as a 'many2many' node but > monodirectional only: packets flow from 'in' hooks to 'out' hooks > only. The decision about which 'out' hook to choose to forward a > packet is taken going through a forwarding table that associates > an IPaddress/netmask to an output hook index. Packets that are not > matched or frames that are not IP packets will be forwarded to the > 'default' hook. > >I just finished to fix it, made some documentation so it is still > incomplete, requires cleanup and has some bugs in the configuration > part, but it is nicely working. Let me know if it can be of any > interest. > > It's downloadable at > http://elisa.utopianet.net/~rlucia/devel/ng_fwdswitch/ > It will compile on 4-STABLE. > > Ciao :) > Rocco > > -- > Rocco Lucia - [EMAIL PROTECTED] Iscanet Internet Services > http://elisa.utopianet.net/~rluciaSystem and Network Admin > C6E6 AC9A 1361 FB38 B47A 2792 9FC4 C52F 7A68 4468 > > Free unices for a free world. Support *BSD. > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
splimp() during panic?
Hi, I'm trying to debug a mbuf corruption bug in the kernel. I've added an mbuf sanity check routine which calls panic() if anything is amiss with the mbuf free list, etc. This function runs at splimp() and if/when it calls panic() the cpl is still at splimp(). My question is: does this guarantee that the mbuf free lists, etc. will not be modified between the time panic() is called and the time a core file is generated? For example, if an incoming packet causes a networking interrupt after panic() has been called but before the core file is written, will that interrupt be blocked when it calls splimp()? I've been working under this assumption but it seems to not be valid, because I seem to be seeing panics for situations that are not true in the core file. If this is not a valid assumption, is there an easy way to 'freeze' the mbuf free lists long enough to generate the core file when an inconsistency is found (other than adding the obvious hack)? Thanks, -Archie __ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: splimp() during panic?
Archie Cobbs wrote: > Hi, > > I'm trying to debug a mbuf corruption bug in the kernel. I've added > an mbuf sanity check routine which calls panic() if anything is amiss > with the mbuf free list, etc. This function runs at splimp() and if/when > it calls panic() the cpl is still at splimp(). > > My question is: does this guarantee that the mbuf free lists, etc. will > not be modified between the time panic() is called and the time a core > file is generated? For example, if an incoming packet causes a networking > interrupt after panic() has been called but before the core file is > written, will that interrupt be blocked when it calls splimp()? splimp() ensures that no driver handlers will be executed. Further, dumpsys() is called from panic() at splhigh() which would also mean that none of those potentially troublesome handlers will run. > I've been working under this assumption but it seems to not be > valid, because I seem to be seeing panics for situations that are > not true in the core file. Are you seeing invalid stuff from DDB but valid stuff from the core file? Because if so, that's REALLY WIERD. If you're just seeing two different but invalid things, then perhaps something is happening when Debugger() runs (is it possible that the cpl() is changed after or before a breakpoint()?). > If this is not a valid assumption, is there an easy way to 'freeze' > the mbuf free lists long enough to generate the core file when an > inconsistency is found (other than adding the obvious hack)? To make doubly-sure, what you can do is just keep a variable 'foo' which you initialize to 0. Before any mbuf free list manipulations, place a 'if (foo == 0)' check. Atomically set foo to 1 before the panic. See if the inconsistency changes. If you're seeing garbage in both cases, but the garbage is inconsistent, perhaps there's a memory problem or the dump isn't working properly (I've never heard of anything like this before). > Thanks, > -Archie > > __ > Archie Cobbs * Packet Design * http://www.packetdesign.com Regards, -- Bosko Milekic [EMAIL PROTECTED] [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
setting up batch files
whats the best way to execute a series of commands in freebsd?something like a batch file in MS-DOS. suppose i want to execute the two commands, defaultrouter="a.b.c.d" ifconfig_eth0="inet e.f.g.h netmask e.f.g.h" by typing something like 'change' on the terminal window;howdo i go about this? note these two commands are set in /etc/rc.conf and i want to execute the changes through a batch sort of file. Thanks in advance, vinod __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: setting up batch files
On Fri, 24 May 2002, Vinod wrote: > whats the best way to execute a series of commands in > freebsd?something like a batch file in MS-DOS. > > suppose i want to execute the two commands, > defaultrouter="a.b.c.d" > ifconfig_eth0="inet e.f.g.h netmask e.f.g.h" > by typing something like 'change' on the terminal > window;howdo i go about this? > note these two commands are set in /etc/rc.conf and i > want to execute the changes through a batch sort of > file. > Thanks in advance, > vinod > > __ > Do You Yahoo!? > LAUNCH - Your Yahoo! Music Experience > http://launch.yahoo.com > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-newbies" in the body of the message > You use a shell script; put the commands in the script as you would type them at the command line; make the shell script executable; run it. The commands aren't really set in /etc/rc.conf; only the values of the variables are set there. /etc/rc and scripts it calls actually run the commands. So if you don't want to reboot, do it at the command line or do a shell script. Annelise -- Annelise Anderson Author of: FreeBSD: An Open-Source Operating System for Your PC Available from: BSDmall.com and amazon.com Book Website:http://www.bittreepress.com/FreeBSD/introbook/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
mpd: pptp server
Hi, I am trying to implement a small vpn solutions with mpd as pptp server and pptpclient from home to office. I have setup also in other implementations and it works fine, but I need for this situations pptp server... The office is connected directly to the net, while at home I am using user ppp and a PPPoE connection. The situations is this one: Home : 10.254.254.1/24 pptpclient from the ports. Office: 192.168.0.1/24 , 194.243.20.91 real ip , mpd as pptp server This is the config for the mpd - pptp server: --- mpd.links --- pptp: set link type pptp set pptp self 194.243.20.91 set pptp enable incoming set pptp disable originate --- mpd.conf --- pptp: new -i ng0 pptp pptp set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.0.1/32 192.168.0.70/32 set ipcp dns 192.168.0.1 set bundle enable compression set ccp yes mppc set ccp no mpp-e40 set ccp yes mpp-e128 set ccp no mpp-stateless --- mpd.secret --- mylogin "mypwd" For the pptpclient I have added to my ppp.conf the following lines: --- ppp.conf --- vpn-pptp-cof: set authname mylogin set authkey mypwd set timeout 0 set ifaddr 0 0 add 192.168.0.1/24 HISADDR # alias enable yes I run on the server: mpd pptp and on the client: pptp 194.243.20.91 vpn-pptp-cof where 194.243.20.91 is the real ip of the server (like in the links section). I think the connections is fine because... On the CLIENT: a new tun device (the tun0 is the user ppp with the PPPoE on the DSL cable) is created on the client side with the requested ip address: tun1: flags=8051 mtu 1498 inet 192.168.0.70 --> 192.168.0.1 netmask 0xff00 Opened by PID 2152 and the appropriate routing added: 192.168.0 192.168.0.1UGSc0 0 tun1 192.168.0.1192.168.0.70 UH 1 3 tun1 On the SERVER: ng0: flags=88d1 mtu 1496 inet 192.168.0.1 --> 192.168.0.70 netmask 0x the netstat -rn: [...] 192.168.0.70 192.168.0.1UH 0 3ng0 192.168.0.70 00:10:5a:dc:21:f6 UHLS2 0 0xl1 But when I try to use a ping I receive: [...] [pptp] IPCP: state change Ack-Rcvd --> Opened [pptp] IPCP: LayerUp 192.168.0.1 -> 192.168.0.70 [pptp] IFACE: Up event [pptp] exec: /sbin/ifconfig ng0 192.168.0.1 192.168.0.70 netmask 0x -link0 [pptp] exec: /usr/sbin/arp -s 192.168.0.70 0:10:5a:dc:21:f6 pub [pptp] IFACE: Up event [pptp] CCP: rec'd Configure Request #3 link 0 (Ack-Rcvd) MPPC 0x0040: MPPE, 128 bit [pptp] CCP: SendConfigAck #3 MPPC 0x0040: MPPE, 128 bit [pptp] CCP: state change Ack-Rcvd --> Opened [pptp] CCP: LayerUp Compress using: MPPE, 128 bit Decompress using: MPPE, 128 bit [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected and on the client: ppp[2152]: tun1: IPCP: IPADDR[6] 192.168.0.70 ppp[2152]: tun1: IPCP: COMPPROTO[6] 16 VJ slots with slot compression ppp[2152]: tun1: CCP: deflink: RecvConfigNak(2) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x0040 (128 bits, stateful) ppp[2152]: tun1: CCP: deflink: SendConfigReq(3) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x0040 (128 bits, stateful) ppp[2152]: tun1: IPCP: deflink: RecvConfigAck(2) state = Ack-Sent ppp[2152]: tun1: IPCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: IPCP: deflink: LayerUp. ppp[2152]: tun1: IPCP: myaddr 192.168.0.70 hisaddr = 192.168.0.1 ppp[2152]: tun1: CCP: deflink: RecvConfigAck(3) state = Ack-Sent ppp[2152]: tun1: CCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: CCP: deflink: LayerUp. ppp[2152]: tun1: CCP: MPPE: Input channel initiated ppp[2152]: tun1: CCP: MPPE: Output channel initiated ppp[2152]: tun1: CCP: deflink: Out = MPPE[18], In = MPPE[18] ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) with the ssh from the client to the server I got: ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) last message repeated 9 times ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) ppp[2152]: tun1: Phase: deflink: HDLC errors -> FCS: 0, ADDR: 0, COMD: 0, PROTO: 11 and [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 0, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 174, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x
Re: splimp() during panic?
Bosko Milekic writes: > > My question is: does this guarantee that the mbuf free lists, etc. will > > not be modified between the time panic() is called and the time a core > > file is generated? For example, if an incoming packet causes a networking > > interrupt after panic() has been called but before the core file is > > written, will that interrupt be blocked when it calls splimp()? > > splimp() ensures that no driver handlers will be executed. Further, > dumpsys() is called from panic() at splhigh() which would also mean > that none of those potentially troublesome handlers will run. OK, good... > > I've been working under this assumption but it seems to not be > > valid, because I seem to be seeing panics for situations that are > > not true in the core file. > > Are you seeing invalid stuff from DDB but valid stuff from the core > file? Because if so, that's REALLY WIERD. If you're just seeing two > different but invalid things, then perhaps something is happening when > Debugger() runs (is it possible that the cpl() is changed after > or before a breakpoint()?). I'm not trying to use DDB for debugging.. just letting it panic and generate the core file and then using GDB to examine it. I got one panic that happened because mclfree was NULL (it was a bug in the debug code :-) but looking at mclfree in the core file with GDB showed it to be not NULL. So somehow some mbuf operation must have occurred in there somewhere that modified mclfree it seems. > > If this is not a valid assumption, is there an easy way to 'freeze' > > the mbuf free lists long enough to generate the core file when an > > inconsistency is found (other than adding the obvious hack)? > > To make doubly-sure, what you can do is just keep a variable 'foo' > which you initialize to 0. Before any mbuf free list manipulations, > place a 'if (foo == 0)' check. Atomically set foo to 1 before the > panic. See if the inconsistency changes. If you're seeing garbage in Yep, I'll probably do that as well.. thanks. Thanks, -Archie __ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: mpd: pptp server
GM GG ([EMAIL PROTECTED]) wrote: > Hi, > I am trying to implement a small vpn solutions with > mpd as pptp server and pptpclient from home to office. Just a thought - I have had much better luck using MPD for both sides of the pptp equation. pptpclient seemed quite unstable the last few times I tried it. -Mike To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: mpd: pptp server
--- "Mike A. Oligny" <[EMAIL PROTECTED]> ha
scritto: > GM GG ([EMAIL PROTECTED]) wrote:
>
> > Hi,
> > I am trying to implement a small vpn solutions
> with
> > mpd as pptp server and pptpclient from home to
> office.
>
> Just a thought - I have had much better luck using
> MPD
> for both sides of the pptp equation. pptpclient
> seemed
> quite unstable the last few times I tried it.
Can you suggest a config for mpd used like a pptp
client ? It seems to me there is not such config
sample in the provided mpd.conf default.
Or I have to use the vpn label perhaps ?
Btw I was testing with pptp client because I'd like to
use this vpn from a windows box too that has only the
pptp stuff ("virtual private network adapter)
Thanks for your kind reply...
__
Scommetti gratis sui Mondiali!
http://it.yahoo.com/mail_it/foot/?http://ads.unibet.com/adverts/it/yahoo/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
Re: ip src address in outgoing ipv4 multicast packets
* Naga Narayanaswamy ([EMAIL PROTECTED]) [020523 19:21]: > When you say src address is set to host group, what application generates > them? What is the src and dest address ? I quickly checked Rich Stevens vol > II. > Looks like the code has been like this since old days. > Is the application setting the src address as mc group intentionally? yes, it does in the call to bind, though I wouldn't think that one would have to use two sockets for outgoing / incoming traffic if we just wanted to restrict incoming traffic to have a dst address of the host's group. -r To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
mpd: pptp server
Hi, I am trying to implement a small vpn solutions with mpd as pptp server and pptpclient from home to office. I have setup also in other implementations and it works fine, but I need for this situations pptp server... The office is connected directly to the net, while at home I am using user ppp and a PPPoE connection. The situations is this one: Home : 10.254.254.1/24 pptpclient from the ports. Office: 192.168.0.1/24 , 194.243.20.91 real ip , mpd as pptp server This is the config for the mpd - pptp server: --- mpd.links --- pptp: set link type pptp set pptp self 194.243.20.91 set pptp enable incoming set pptp disable originate --- mpd.conf --- pptp: new -i ng0 pptp pptp set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.0.1/32 192.168.0.70/32 set ipcp dns 192.168.0.1 set bundle enable compression set ccp yes mppc set ccp no mpp-e40 set ccp yes mpp-e128 set ccp no mpp-stateless --- mpd.secret --- mylogin "mypwd" For the pptpclient I have added to my ppp.conf the following lines: --- ppp.conf --- vpn-pptp-cof: set authname mylogin set authkey mypwd set timeout 0 set ifaddr 0 0 add 192.168.0.1/24 HISADDR # alias enable yes I run on the server: mpd pptp and on the client: pptp 194.243.20.91 vpn-pptp-cof where 194.243.20.91 is the real ip of the server (like in the links section). I think the connections is fine because... On the CLIENT: a new tun device (the tun0 is the user ppp with the PPPoE on the DSL cable) is created on the client side with the requested ip address: tun1: flags=8051 mtu 1498 inet 192.168.0.70 --> 192.168.0.1 netmask 0xff00 Opened by PID 2152 and the appropriate routing added: 192.168.0 192.168.0.1UGSc00 tun1 192.168.0.1192.168.0.70 UH 13 tun1 On the SERVER: ng0: flags=88d1 mtu 1496 inet 192.168.0.1 --> 192.168.0.70 netmask 0x the netstat -rn: [...] 192.168.0.70 192.168.0.1UH 03ng0 192.168.0.70 00:10:5a:dc:21:f6 UHLS2 00xl1 But when I try to use a ping I receive: [...] [pptp] IPCP: state change Ack-Rcvd --> Opened [pptp] IPCP: LayerUp 192.168.0.1 -> 192.168.0.70 [pptp] IFACE: Up event [pptp] exec: /sbin/ifconfig ng0 192.168.0.1 192.168.0.70 netmask 0x - link0 [pptp] exec: /usr/sbin/arp -s 192.168.0.70 0:10:5a:dc:21:f6 pub [pptp] IFACE: Up event [pptp] CCP: rec'd Configure Request #3 link 0 (Ack-Rcvd) MPPC 0x0040: MPPE, 128 bit [pptp] CCP: SendConfigAck #3 MPPC 0x0040: MPPE, 128 bit [pptp] CCP: state change Ack-Rcvd --> Opened [pptp] CCP: LayerUp Compress using: MPPE, 128 bit Decompress using: MPPE, 128 bit [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected and on the client: ppp[2152]: tun1: IPCP: IPADDR[6] 192.168.0.70 ppp[2152]: tun1: IPCP: COMPPROTO[6] 16 VJ slots with slot compression ppp[2152]: tun1: CCP: deflink: RecvConfigNak(2) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x0040 (128 bits, stateful) ppp[2152]: tun1: CCP: deflink: SendConfigReq(3) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x0040 (128 bits, stateful) ppp[2152]: tun1: IPCP: deflink: RecvConfigAck(2) state = Ack-Sent ppp[2152]: tun1: IPCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: IPCP: deflink: LayerUp. ppp[2152]: tun1: IPCP: myaddr 192.168.0.70 hisaddr = 192.168.0.1 ppp[2152]: tun1: CCP: deflink: RecvConfigAck(3) state = Ack-Sent ppp[2152]: tun1: CCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: CCP: deflink: LayerUp. ppp[2152]: tun1: CCP: MPPE: Input channel initiated ppp[2152]: tun1: CCP: MPPE: Output channel initiated ppp[2152]: tun1: CCP: deflink: Out = MPPE[18], In = MPPE[18] ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) with the ssh from the client to the server I got: ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) last message repeated 9 times ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) ppp[2152]: tun1: Phase: deflink: HDLC errors -> FCS: 0, ADDR: 0, COMD: 0, PROTO: 11 and [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 0, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 174, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: proto
mpd: pptp server
Hi, I am trying to implement a small vpn solutions with mpd as pptp server and pptpclient from home to office. I have setup also in other implementations and it works fine, but I need for this situations pptp server... The office is connected directly to the net, while at home I am using user ppp and a PPPoE connection. The situations is this one: Home : 10.254.254.1/24 pptpclient from the ports. Office: 192.168.0.1/24 , 194.243.20.91 real ip , mpd as pptp server This is the config for the mpd - pptp server: --- mpd.links --- pptp: set link type pptp set pptp self 194.243.20.91 set pptp enable incoming set pptp disable originate --- mpd.conf --- pptp: new -i ng0 pptp pptp set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.0.1/32 192.168.0.70/32 set ipcp dns 192.168.0.1 set bundle enable compression set ccp yes mppc set ccp no mpp-e40 set ccp yes mpp-e128 set ccp no mpp-stateless --- mpd.secret --- mylogin "mypwd" For the pptpclient I have added to my ppp.conf the following lines: --- ppp.conf --- vpn-pptp-cof: set authname mylogin set authkey mypwd set timeout 0 set ifaddr 0 0 add 192.168.0.1/24 HISADDR # alias enable yes I run on the server: mpd pptp and on the client: pptp 194.243.20.91 vpn-pptp-cof where 194.243.20.91 is the real ip of the server (like in the links section). I think the connections is fine because... On the CLIENT: a new tun device (the tun0 is the user ppp with the PPPoE on the DSL cable) is created on the client side with the requested ip address: tun1: flags=8051 mtu 1498 inet 192.168.0.70 --> 192.168.0.1 netmask 0xff00 Opened by PID 2152 and the appropriate routing added: 192.168.0 192.168.0.1UGSc00 tun1 192.168.0.1192.168.0.70 UH 13 tun1 On the SERVER: ng0: flags=88d1 mtu 1496 inet 192.168.0.1 --> 192.168.0.70 netmask 0x the netstat -rn: [...] 192.168.0.70 192.168.0.1UH 03ng0 192.168.0.70 00:10:5a:dc:21:f6 UHLS2 00xl1 But when I try to use a ping I receive: [...] [pptp] IPCP: state change Ack-Rcvd --> Opened [pptp] IPCP: LayerUp 192.168.0.1 -> 192.168.0.70 [pptp] IFACE: Up event [pptp] exec: /sbin/ifconfig ng0 192.168.0.1 192.168.0.70 netmask 0x -link0 [pptp] exec: /usr/sbin/arp -s 192.168.0.70 0:10:5a:dc:21:f6 pub [pptp] IFACE: Up event [pptp] CCP: rec'd Configure Request #3 link 0 (Ack-Rcvd) MPPC 0x0040: MPPE, 128 bit [pptp] CCP: SendConfigAck #3 MPPC 0x0040: MPPE, 128 bit [pptp] CCP: state change Ack-Rcvd --> Opened [pptp] CCP: LayerUp Compress using: MPPE, 128 bit Decompress using: MPPE, 128 bit [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected and on the client: ppp[2152]: tun1: IPCP: IPADDR[6] 192.168.0.70 ppp[2152]: tun1: IPCP: COMPPROTO[6] 16 VJ slots with slot compression ppp[2152]: tun1: CCP: deflink: RecvConfigNak(2) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x0040 (128 bits, stateful) ppp[2152]: tun1: CCP: deflink: SendConfigReq(3) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x0040 (128 bits, stateful) ppp[2152]: tun1: IPCP: deflink: RecvConfigAck(2) state = Ack-Sent ppp[2152]: tun1: IPCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: IPCP: deflink: LayerUp. ppp[2152]: tun1: IPCP: myaddr 192.168.0.70 hisaddr = 192.168.0.1 ppp[2152]: tun1: CCP: deflink: RecvConfigAck(3) state = Ack-Sent ppp[2152]: tun1: CCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: CCP: deflink: LayerUp. ppp[2152]: tun1: CCP: MPPE: Input channel initiated ppp[2152]: tun1: CCP: MPPE: Output channel initiated ppp[2152]: tun1: CCP: deflink: Out = MPPE[18], In = MPPE[18] ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) with the ssh from the client to the server I got: ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) last message repeated 9 times ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) ppp[2152]: tun1: Phase: deflink: HDLC errors -> FCS: 0, ADDR: 0, COMD: 0, PROTO: 11 and [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 0, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 174, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 li
Re: mpd: pptp server
GM GG ([EMAIL PROTECTED]) wrote: > Can you suggest a config for mpd used like a > pptp client ? It seems to me there is not such > config sample in the provided mpd.conf default. Sure, I'll include some that I've used successfully - client configs are old and haven't been tested recently - they were last used with mpd 3.6. server configs work very well with W2K/XP clients, however, I think my IP calculations in .secrets may be incorrect. Perhaps this isn't even necessary with 3.7 - my goal was to have one user always get the same IP - this worked fine, except if that user disconnected and someone else connected on same interface, they ended up with the reserved IP. Eventually, I'd end up with a couple clients connected as 192.168.0.210. :( I find the same sort of thing happens if I log in twice with the same username unless I have the client request a specific IP. Probably just need to play with numbers in .secrets file. Any feedback/corrections would be appreciated! -Mike ** `client' mpd.conf ** default: load vpn vpn: new -i ng1 vpn vpn set iface disable on-demand # set iface addrs 192.168.1.1 192.168.2.1 set iface idle 0 set iface route 192.168.1.0/24 set bundle disable multilink set bundle authname "" set bundle password "" set link yes acfcomp protocomp set link no pap # set link yes chap set link enable no-orig-auth set link keep-alive 10 75 set ipcp yes vjcomp set ipcp ranges 0.0.0.0/0 192.168.1.0/24 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set bundle enable crypt-reqd set ccp yes mpp-stateless open ** `client' mpd.links ** vpn: set link type pptp set pptp self set pptp peer set pptp enable originate incoming outcall ** `server' mpd.conf ** default: load client1 load client2 . . . load client9 pptp_common_settings: set iface disable on-demand set iface enable proxy-arp set iface idle 0 set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 25 60 set ipcp yes vjcomp set ipcp dns 192.168.0.102 set ipcp nbns 192.168.0.102 set bundle enable compression set ccp yes mppc # I've been trying mpp-compress every couple # months... it doesn't work for me. :) # set ccp yes mpp-compress set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless client1: new -i ng0 pptp1 pptp1 set ipcp ranges 192.168.0.101/32 192.168.0.201/32 load pptp_common_settings client2: new -i ng1 pptp2 pptp2 set ipcp ranges 192.168.0.101/32 192.168.0.202/32 load pptp_common_settings . . . client9: new -i ng8 pptp9 pptp9 set ipcp ranges 192.168.0.101/32 192.168.0.209/32 load pptp_common_settings ** `server' mpd.links ** pptp1: set link type pptp set pptp self 192.168.0.101 set pptp enable incoming set pptp disable originate pptp2: set link type pptp set pptp self 192.168.0.101 set pptp enable incoming set pptp disable originate . . . pptp9: set link type pptp set pptp self 192.168.0.101 set pptp enable incoming set pptp disable originate ** `server' mpd.secret ** user1 "password" 192.168.0.210/32 user2 "password" 192.168.0.216/29 user3 "password" 192.168.0.224/29 user4 "password" 192.168.0.232/29 user5 "password" 192.168.0.240/29 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
data link layer protocol
Is there any module or well-known mechanism available for punting a data link layer PDU to a user process? Also for sending out PDUs? Say I'd like to implement ARP as a user process, or some other protocols. Thanks. Henry __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: data link layer protocol
On Fri, May 24, 2002 at 07:05:38PM -0700, Henry Fung wrote: > Is there any module or well-known mechanism available > for punting a data link layer PDU to a user process? > Also for sending out PDUs? > Say I'd like to implement ARP as a user process, or > some other protocols. > Thanks. > Henry Hi, Try reading the man page for the tap device: man tap There is also a web page with more information: http://vtun.sourceforge.net/ You may also wish to look at netgraph: man 4 netgraph http://www.elischer.org/netgraph/ -- Craig RodriguesDistributed Systems and Logistics, Office 6/304 [EMAIL PROTECTED] BBN Technologies, a Verizon company (617) 873-4725 Cambridge, MA To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
