Marko Zec wrote: > On Wednesday 17 December 2008 10:34:54 Paolo Pisati wrote: >> Joe Marcus Clarke wrote: >>> I just upgraded my i386 -CURRENT box from November 14 to today, and >>> now my SSH-over-PPP VPN tunnel no longer works. I did some packet >>> captures, and it appears that NAT is no longer working. If I send >>> a telnet packet from my client side over the PPP tunnel, I see the >>> SYN go out on the server side network properly translated. The >>> destination host ACKs correctly, but the ACK never goes back across >>> the tunnel. It's as if natd is no longer translating the packet on >>> the inbound path. Besides the upgrade, nothing has changed in my >>> environment. >> lately some work has been done on the vimage and routing tree stuff, >> thus your best bet is to go back >> some days and try again. > > Hi Joe, > > could you try building your kernel with options VIMAGE_GLOBALS and tell > us whether this makes any difference - turning on VIMAGE_GLOBALS should > revert certain aspects of virtualization changes that recently got > merged into the tree. Thanks for the suggestion, but the results are the same. I turned on -verbose on natd, and I see the ACK packet come back from the destination, and natd is translating it correctly. However, I never see the ACK on the remote end of the tunnel. It looks like a routing problem at this point. It's as if the kernel doesn't know on what interface to encapsulate the reply packet. Joe > > Cheers, > > Marko > > -- Joe Marcus Clarke FreeBSD GNOME Team :: gnome_at_FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnomeReceived on Wed Dec 17 2008 - 14:34:53 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:39 UTC