[ previous ] [ next ] [ threads ]
 
 From:  "Frans King" <frans dot king at f333 dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] 1.2b6 traffic shaper PPTP breakage
 Date:  Sat, 5 Mar 2005 17:29:01 -0000 
> -----Original Message-----
> From: Chris Buechler [mailto:cbuechler at gmail dot com]
> Sent: 04 March 2005 05:10
> To: Manuel Kasper
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] 1.2b6 traffic shaper PPTP breakage
> 
> On Thu, 03 Mar 2005 22:05:50 +0100, Manuel Kasper <mk at neon1 dot net> wrote:
> > On 03.03.2005 15:36 -0500, Chris Buechler wrote:
> >
> > > A whole lot of us are having some sort of problems with it.  It's
> > > not the traffic getting dropped, I can telnet to 1723 on my m0n0
> > > box, but PPTP won't successfully connect.  Full logs from mpd from
> > > a single connection attempt from an XP client at the bottom of this
> > > message.  Client gets error 619.
> >
> > > Mar 3 15:32:01        mpd: [pt0] error writing len 42 frame to bypass:
> > > Can't assign requested address
> >
> > And this is the problem (I think). I've had that happen a single time
> > when I was testing PPTP VPN in 1.2b5, but couldn't reproduce it
> > again. I searched the MPD mailing list and Google, but to no avail.
> > Could be triggered by some changes to netgraph in 5.3-RELEASE...
> > Maybe someone could place a post on the MPD mailing list to ask if
> > that's a known problem.
> >
> 
> 1 - I'm an idiot.  :)  My problem description was totally wrong.  The
> error above is caused by NAT implementations that aren't setup
> properly for, or don't work with PPTP.  Sorry for the confusion.
> 
> 2 - The real problem is with traffic shaper enabled, and any traffic
> shaping rules inbound on WAN matching * proto, * src and * dst,
> m0n0wall no longer answers on port 1723 at all.
> 
> To replicate:  Enable magic shaper with default rules, enable PPTP,
> try to telnet to 1723 on WAN.  Won't work.  PPTP will work from LAN.
> Disable the rules "m_Small Pkt Download" and "m_Catch-All Download"
> (only two that match previous criteria) and it will immediately work
> again.
> 
> Nothing in the logs or netstat when trying to connect with any rules
> matching the above criteria enabled.  tcpdump on the WAN side of
> m0n0wall shows the traffic coming in, and absolutely nothing going out
> in return.
> 
> Thanks to Brian Zushi (a.k.a. D-side) for helping me test and verify
> this on a second system.
> 
> Hopefully that's more helpful!
> 
> -Chris
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

I can confirm that this works.