Re: net/mpd causes a kernel freeze

From: Deomid Ryabkov <myself@xxxxxxxxxxx>
Date: Mon, 25 Dec 2006 15:18:02 +0000

Gonzalo Arana wrote:

Hi,

When I open a pptp tunnel with net/mpd, my PC freezes (numlock stops
responding, for instance).

exactly. a complete freeze, not even being able to break into DDB (i.e. even ctrl-alt-esc stops working)

I am using 6.1-RELEASE with GENERIC kernel. I've recompiled removing
USB, SCSI/RAID controllers, with the same result.

also occurs on -CURRENT as of Nov 4.

The freeze occurs right after the tunnel is up.

actually, it's after the first packet is sent. i.e., i can have tunnel up as long as i want,
but as soon as a packet is sent down the route, the system freezes.

Does anyone expierence the same problem?

yes. and i'm glad to report that i found a solution for at least my instance.
it turned out to be a config error.

so what happened was this. i created an entry for a new tunnel in my mpd.conf nad of course done that
by just copy-pasting the previous entry. ended up with these mysterious freezes.
because this happened on -CURRENT, i went through great pains to try it on something more -STABLE,
but to my complete astonishment it was all the same on -STABLE. and i positively knew that -STABLE
was previously able to handle a tunnel to this very same endpoint. now i knew something was not right.
my -CURRENT is vanilla GENERIC, so it already had WITNESS, INVARIANTS and DDB, but neither did i see any messages
on the console, nor could i break into debugger (i could, prior to the freeze, but not after).
so anyway, some fairly long time into the whole process, i just decided to start commenting my config line by line,
to maybe see if any particular option would trigger this freeze. and bingo, there it was:
i used _wrong_ up_script for this connection. i wrote the right one, but forgot to change the config line i copied from previous entry.
so yeh, it's 100% reproducible: wrong up_script - freeze, no up_script or the right one - no freeze.
so what's in the script? here it is in its entirety:

IF=$1

/sbin/route delete default
/sbin/route add 10.1.0.0/16 10.2.0.1
/sbin/route add default -iface $IF

that's it. now what is important here, is that the network and gateway in the second line are wrong for this network configuration.
in particular, 10.2.0.1 is not directly reachable.
it's worth noting that this configuration would hang the machine only if used for the very first time.
if used after the correct configuration, it would not make machine hang.
e.g., if i boot a machine, set up a tunnel with "up_script wrong_script.sh" and then ping an external host, the machine hangs.
however, if i boot, set up a tunnel with "up_script right_script.sh" (at this point the tunnel works as expected and external host is pingable),
then tear it down, replace "up_script right_script.sh" with "up_script wrong_script.sh", the machine does not hang and external host is not pingable (no route to host).

my guess is that this incorrect route somehow messes up routing table.

Here are the relevant configs:

/usr/local/etc/mpd/mpd.conf:

default:
load vpn

vpn:
new -i ng0 vpn vpn
set iface disable on-demand
set iface idle 0
# disconnect the client after 8 hours
set iface session 28800
#set iface route 192.168.2.0/24
set bundle disable multilink
set bundle authname my_username
set bundle password my_password
set link yes acfcomp protocomp
set link no pap chap
set link accept pap
set link mtu 1460
# If remote machine is NT you need this..
# set link enable no-orig-auth
set link keep-alive 10 75
set ipcp no vjcomp

/usr/local/etc/mpd/mpd.links:
vpn:
set link type pptp
set pptp self ZZZ
set pptp peer YYY
set pptp enable originate incoming outcall
set pptp disable windowing

where:
ZZZ my ethernet IP address
YYY ip address of TCP peer

Thank you very much in advance,

--
Deomid Ryabkov aka Rojer
myself@xxxxxxxxxxx
rojer@xxxxxxxxxxxx
ICQ: 8025844

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Prev by Date: Re: Locking fundamentals
Next by Date: mounting uzip image: Invalid argument
Previous by thread: Properly controlling CFLAGS/CXXFLAGS
Next by thread: mounting uzip image: Invalid argument
Index(es):
- Date
- Thread

Relevant Pages

Re: mpd pptp server?
... set link yes acfcomp protocomp ... set ipcp ranges 192.168.1.4/32 192.168.1.151/32 ... set ccp yes mppc ... set link type pptp ## define the link type protocol as PPTP ...
(freebsd-questions)
Re: mpd lcp question
... > capabilities are rejected by mpd server. ... > load pptp ... > set iface disable on-demand ... > set link yes acfcomp protocomp ...
(freebsd-net)
Freebsd MPD PPTP
... I'm using MPD4 to establish a PPTP VPN from my FreeBSD 6.2 server to some clients and I've started encountering some strange problems. ... set iface route 192.168.1.130/32 ... set link no pap chap ... set ccp yes mpp-e40 ...
(freebsd-net)
Re: Fw: VPN setup problem - proxy arp I think
... Couple of notes included within your config. ... The way this works is that when the PPTP client connects to MPD it is actually ...
(FreeBSD-Security)
Re: mpd5 stoped working after subnet change
... I'm using mpd5 for pptp connections and last night I had to change our ... iface enable tcpmssfix set ipcp yes vjcomp set ipcp ranges 10.1.10.1/32 ... set mppc yes e40 set mppc yes e128 set mppc yes stateless ... create link template L pptp set link action bundle B set link enable ...
(freebsd-questions)