Re: [m0n0wall] WAN PPTP problem with 1.1b17

From:	"Fred Mol" <fredlist at xs4all dot nl>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] WAN PPTP problem with 1.1b17
Date:	Fri, 13 Aug 2004 23:21:42 +0200 (CEST)
Manuel Kasper said:
> On 13.08.2004 11:33 +0200, Luc Naus wrote:
>
>> I have upgraded to 1.1b17
>> After having problems with my connection on version 1.0 and 1.1b16
>> (see mailinglist with item WRAP slows down), it seems to have been
>> resolved in 1.1b16 with a hotfix from Fred Mol.
>> I hoped it would be solved in 1.1b17, but unfortunatly it is not.
>
> Can you confirm that the "set pptp disable delayed-ack" option alone
> makes the problem go away? The tcpmssfix really shouldn't make any
> difference, as m0n0wall already does MSS clamping within ipnat.

I've been testing several configurations:

1) 1.1b16 + disable delayed-ack + tcpmssfix
   Seems to work, but the general concensus is that tcpmssfix shouldn't
   make any difference
2) 1.1b16 + disable delayed-ack
   Seems to work. Has been running for two weeks without any problems.
3) 1.1b17 + disable delayed-ack
   Does NOT seem to work, unfortunately. Same problems showed up within
   6 hours after reboot.
4) 1.1b17 + "set pptp disable windowing"
   This combination does seem to work. Has been running for 4 days without
   problems.

It would be nice if other people having these problems could test
configurations 3) and 4) to see whethere their findings are the same as mine.

I stared at some tcpdumps after the last freeze and I noticed the same
problems as before: packets from m0n0wall -> internet on the ng0 interface
don't have corresponding packets on the interface that talks to the adsl modem.
That's probably because of the following lines in ng_pptpgre.c:

477                 /* Check if windowing is enabled */
478                 if (priv->conf.enableWindowing) {
479                         /* Is our transmit window full? */
480                         if ((u_int32_t)PPTP_SEQ_DIFF(priv->xmitSeq,
481                             priv->recvAck) >= a->xmitWin) {
482                                 priv->stats.xmitDrops++;
483                                 NG_FREE_M(m);
484                                 NG_FREE_ITEM(item);
485                                 return (ENOBUFS);
486                         }
487                 }

Apparently when the packets are dropped, the transmit window is full, or
at least the pptp module thinks it's full. By disabling windowing, packets
are always sent, regardless of the transmit window. If we assume that the
transmit window is not really full, but the whole flow control has somehow
gotton out of sync, that option should fix the problem.
I also noticed that the exact same change (disable delayed-ack -> disable
windowing) was done in 1.1b17 for incoming (vpn) pptp connections.

> If disabling delayed ACKs fixes it, I'll probably add an option to do
> that to the WAN PPTP config section, because I'm not sure that
> disabling it by default in all cases is a good idea (it might
> seriously affect performance in other situations).
>

Maybe we need an option to disable windowing instead :-)

> - Manuel
>

--Fred