Date: Mon, 10 Jan 2011 13:30:51 -0500 From: Mike Tancsa <mike@sentex.net> To: Melissa Jenkins <melissa-freebsd@littlebluecar.co.uk> Cc: freebsd-net@freebsd.org Subject: Re: PPP and Route Delete Message-ID: <4D2B505B.3070703@sentex.net> In-Reply-To: <9B789DC8-365B-4513-840A-1C0A3CFE4A44@littlebluecar.co.uk> References: <63A5C79A-B4C3-42C3-9B76-1F2EB04DB871@littlebluecar.co.uk> <4D2B38CD.4050707@sentex.net> <9B789DC8-365B-4513-840A-1C0A3CFE4A44@littlebluecar.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/10/2011 1:16 PM, Melissa Jenkins wrote: >>> I've been working on migrating a PPTP server from FreeBSD 7.1 to FreeBSD 8.1. The server is configured using PopTop (from ports) and PPP (/usr/sbin) rather than MPD. (Before anybody tells me to use MPD we can't because it doesn't inject packets into the kernel in the same way and it's not possible to filter on them correctly) >> >> I use mpd a lot. Can you expand on the problem you have with it ? I am not sure what you mean by cant filter on it. > > Packets sent over a VPN to mpd didn't enter PF at the same point as they do from PPP - i couldn't get RDR or BINAT to redirect on anything inbound over the VPN. > > I haven't tried MPD in almost two years so this may have changed. When netgraph interfaces come and go, you might need to do a reload of your rules, or dynamically add/delete them if your rule set specifically references ng interfaces. If thats all it was, its easy enough to hook into using something like set iface up-script /usr/local/etc/mpd5/up.sh mpd5.5 is worth checking out for other reasons. It can do a lot and is well supported for pptp stuff. ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D2B505B.3070703>