I'm trying to setup pptpd to enable VPN connections. This worked well in all versions of FreeBSD prior to 7. Now, however, the interface in the routing table is incorrectly set to that of the ethernet card, rather than the appropriate tun interface. There is a months-old bug report detailing this: http://www.freebsd.org/cgi/query-pr.cgi?pr=122068&cat He mentions two workarounds: there are two way to fix it. 1. use differenet subnet for vpn. Don't use the same subnet for vpn routing. user-ppp will set the correct routing table. 2. downgrade to FreeBSD 6.2 #2 isn't really an option, and #1 isn't clear to me. I tried a couple of different configurations and the interface never seems to get set correctly. Suggestions? Thanks, Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Sorry I should add, in the second 'for' it should start with 0 if you're not using the first interface for another vpn (ie openvpn) or connection (ie dsl/dialup). Andy Dills wrote:> I'm trying to setup pptpd to enable VPN connections. This worked well in > all versions of FreeBSD prior to 7. > > Now, however, the interface in the routing table is incorrectly set to > that of the ethernet card, rather than the appropriate tun interface. > > There is a months-old bug report detailing this: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=122068&cat> > He mentions two workarounds: > > there are two way to fix it. > 1. use differenet subnet for vpn. Don't use the same subnet for vpn > routing. user-ppp will set the correct routing table. > 2. downgrade to FreeBSD 6.2 > > #2 isn't really an option, and #1 isn't clear to me. I tried a couple of > different configurations and the interface never seems to get set > correctly. >I have a similar problem on one server that I manage. I run the following script every 30 secs. not exactly elegant, but does the job. #!/usr/local/bin/bash LNET='10.10' # local network DEFIP='254' # default gateway ip INT='fxp0' # interface for i in `/usr/bin/netstat -nr |grep $INT |awk '{print $1}'|grep $LNET|grep -v $DEFIP|grep -v '/'`; do /sbin/route delete $i done for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do IP=`ifconfig tun$i 2>/dev/null|grep inet|head -n 2 |tail -n 1|awk '{print $4}'` if [ -n "$IP" ];then RO=`netstat -nr | grep $IP |grep tun$i` if [ -z "$RO" ]; then /sbin/route add $IP -iface tun$i fi fi done HTH cya Andrew> > Suggestions? > > Thanks, > Andy > > --- > Andy Dills > Xecunet, Inc. > www.xecu.net > 301-682-9972 > --- > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
Andy Dills wrote:> I'm trying to setup pptpd to enable VPN connections. This worked well in > all versions of FreeBSD prior to 7. > > Now, however, the interface in the routing table is incorrectly set to > that of the ethernet card, rather than the appropriate tun interface. > > There is a months-old bug report detailing this: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=122068&cat> > He mentions two workarounds: > > there are two way to fix it. > 1. use differenet subnet for vpn. Don't use the same subnet for vpn > routing. user-ppp will set the correct routing table. > 2. downgrade to FreeBSD 6.2 > > #2 isn't really an option, and #1 isn't clear to me. I tried a couple of > different configurations and the interface never seems to get set > correctly. >I have a similar problem on one server that I manage. I run the following script every 30 secs. not exactly elegant, but does the job. #!/usr/local/bin/bash LNET='10.10' # local network DEFIP='254' # default gateway ip INT='fxp0' # interface for i in `/usr/bin/netstat -nr |grep $INT |awk '{print $1}'|grep $LNET|grep -v $DEFIP|grep -v '/'`; do /sbin/route delete $i done for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do IP=`ifconfig tun$i 2>/dev/null|grep inet|head -n 2 |tail -n 1|awk '{print $4}'` if [ -n "$IP" ];then RO=`netstat -nr | grep $IP |grep tun$i` if [ -z "$RO" ]; then /sbin/route add $IP -iface tun$i fi fi done HTH cya Andrew> > Suggestions? > > Thanks, > Andy > > --- > Andy Dills > Xecunet, Inc. > www.xecu.net > 301-682-9972 > --- > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
At 10:16 AM 8/6/2008, Andy Dills wrote:>I'm trying to setup pptpd to enable VPN connections. This worked well in >all versions of FreeBSD prior to 7.I would turf pptpd and look at mpd51 from the ports. It is far, far better maintained and is quite solid as an LNS as well as PPTP termination server. ---Mike