Date: Wed, 24 Feb 1999 22:15:53 +0100 (MET) From: Martin Husemann <martin@rumolt.teuto.de> To: freebsd-isdn@FreeBSD.ORG Subject: Problems with PAP authentication Message-ID: <199902242115.WAA01926@rumolt.teuto.de>
next in thread | raw e-mail | index | archive | help
We had a big problem with one router connecting to t-online.
Every now and then the authentication started to fail, so we got an
ISDN connection, but where rejected by the remote site. We dialed again
and where rejected again. This happened rappidly for a long time.
My boss nearly killed me when he got the bill...
I don't know what the problem is, every time I watch that system, everything
is fine, and t-online accepts the PAP authentication.
Anyway, the big problem is (IMHO) a big design flaw in isdnd: everything
works on the ISDN layer, so the retry-count/put interface down stuff
doesn't catch this. With PPP connections we should count a connection
attempt to be successful only if the connection got up (which the daemon
knows since the last release, due to the 'interface up' message used to
trigger the ip-up script).
I was in a hurry and didn't want to look that deep into the problem, so
I made the change attached below. Due to local policies at that site this
is an ideal solution for our problem: every time the PAP authentication
failes the interface is configured down and only reactivated "manualy" -
which in this case is an hourly job looking for mails.
Your mileage may vary, and of course we should realy fix the underlying
PAP problem as well as change isdnd as outlined above...
Martin
*** if_spppsubr.c.orig Wed Feb 24 11:27:41 1999
--- if_spppsubr.c Wed Feb 24 11:32:53 1999
***************
*** 3557,3569 ****
if (len > 5 && name_len) {
addlog(": ");
sppp_print_string((char*)(h+1), name_len);
}
addlog("\n");
! } else
! log(LOG_INFO, SPP_FMT "pap failure\n",
SPP_ARGS(ifp));
/* await LCP shutdown by authenticator */
break;
default:
/* Unknown PAP packet type -- ignore. */
--- 3557,3571 ----
if (len > 5 && name_len) {
addlog(": ");
sppp_print_string((char*)(h+1), name_len);
}
addlog("\n");
! } else {
! log(LOG_DEBUG, SPP_FMT "pap failure, setting if down\n",
SPP_ARGS(ifp));
+ ifp->if_flags &= ~IFF_UP;
+ }
/* await LCP shutdown by authenticator */
break;
default:
/* Unknown PAP packet type -- ignore. */
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902242115.WAA01926>