Bug in network stack on 2015/12/19 snapshot?

Thu, 24 Dec 2015 05:02:11 -0800 

Hello,

These days I'm playing with npppd trying to setup a nice VPN gateway for
windows users. I managed to have a simple working configuration that
authenticates users in a local file (later on, I'll try with RADIUS).

With the configuration listed below, I can successfully connect a Win7
client to OpenBSD 5.8 and I can ping the tun IP from the Win7 host.

If I try that same configuration on the snapshot from 2015/12/19 the npppd
daemon enters on a strange case and I cannot kill it anymore with ^C when I
started it in foreground (npppd -d -f ...)

Note that the configuration works with pppx & pipex, but failed with tun.

Any advice is welcome :)



Here are the configurations:

l2tp58:/etc # ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 08:00:27:c8:6d:77
        priority: 0
        groups: egress
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 172.16.1.108 netmask 0xffffff00 broadcast 172.16.1.255

l2tp58:/etc # cat /etc/ipsec.conf
ip_pub="172.16.1.108"
PSK="test123123"

ike passive esp transport proto udp from $ip_pub to any port 1701 \
        main auth hmac-md5 enc 3des group modp2048 \
        quick auth hmac-md5 enc 3des \
        psk $PSK

ike passive esp transport proto udp from $ip_pub to any port 1701 \
        main auth hmac-sha enc aes group modp2048 \
        quick auth hmac-sha enc aes \
        psk $PSK

ike passive esp transport proto udp from $ip_pub to any port 1701 \
        main auth hmac-md5 enc 3des group modp1024 \
        quick auth hmac-md5 enc 3des \
        psk $PSK

ike passive esp transport proto udp from $ip_pub to any port 1701 \
        main auth hmac-md5 enc aes group modp1024 \
        quick auth hmac-md5 enc 3des \
        psk $PSK

l2tp58:/etc # cat npppd/npppd.conf
authentication LOCAL type local {
        users-file "/etc/npppd/npppd-users"
}

tunnel L2TP_ipv4 protocol l2tp {
        listen on 172.16.1.108
        l2tp-accept-dialin yes
        l2tp-vendor-name "OpenBSD"
        authentication-method mschapv2
        tcp-mss-adjust yes
        pipex no
        mppe no
}

ipcp IPCP {
        pool-address 10.11.1.2-10.11.1.7
        dns-servers 192.168.78.201 192.168.78.202
}

interface tun1  address  10.11.1.1 ipcp IPCP
bind tunnel from L2TP_ipv4 authenticated by LOCAL to tun1

l2tp58:/etc # cat sysctl.conf
net.inet.ip.forwarding=1
net.inet.ipcomp.enable=1
net.inet.gre.allow=1

# isakmpd -4K
# ipsecctl -f /etc/ipsec.conf
# npppd -f /etc/npppd/npppd.conf
# 

Claer

Reply via email to