I just upgraded my i386 -CURRENT box from November 14 to today, and now my SSH-over-PPP VPN tunnel no longer works. I did some packet captures, and it appears that NAT is no longer working. If I send a telnet packet from my client side over the PPP tunnel, I see the SYN go out on the server side network properly translated. The destination host ACKs correctly, but the ACK never goes back across the tunnel. It's as if natd is no longer translating the packet on the inbound path. Besides the upgrade, nothing has changed in my environment. My ipfw show looks like: 00050 22974 4677637 divert 8668 ip4 from any to any via em0 00100 194 20696 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 24714 4934785 allow ip from any to any 65535 5 396 deny ip from any to any I am running natd as: /sbin/natd -s -m -skinny_port 2000 -n em0 The ifconfig for my tunnel interface is: tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1300 inet 10.1.1.1 --> 10.1.1.76 netmask 0xffffff00 inet6 fe80::211:11ff:fe10:461e%tun0 prefixlen 64 scopeid 0x5 Opened by PID 8018 My netstat on the server side looks like: Internet: Destination Gateway Flags Refs Use Netif Expire default 172.18.254.1 UGS 0 46685 em0 10.1.1.76 link#5 UGH 0 1735 tun0 127.0.0.1 link#3 UH 0 1171 lo0 172.18.254.0/24 link#1 U 0 0 em0 172.18.254.237/32 link#1 U 0 8 em0 The server's uname is: FreeBSD jclarke-pc.cisco.com 8.0-CURRENT FreeBSD 8.0-CURRENT #130: Tue Dec 16 15:42:09 EST 2008 marcus_at_jclarke-pc.cisco.com:/usr/obj/usr/src/sys/JCLARKE-PC i386 The previous, working uname was: FreeBSD 8.0-CURRENT #129: Fri Nov 14 13:51:50 EST 2008 marcus_at_jclarke-pc.cisco.com:/usr/obj/usr/src/sys/JCLARKE-PC Joe -- Joe Marcus Clarke FreeBSD GNOME Team :: gnome_at_FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnome
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:39 UTC