Routing problems on VPN servers running FreeBSD 8.0-RELEASE

[Brett Glass]

At 02:35 AM 2/3/2010, Li, Qing wrote:

>Proxy ARP entries are not installed into the routing table.

Not since the ARP table and the routing table have been split. 
However, the addresses for which the machine is doing proxy ARP do 
need to show up there, and they do not.

>I believe I have fixed this issue in svn r201282 and merged
>into 8-STABLE
>
>http://svn.freebsd.org/viewvc/base?view=revision&revision=201282
>
>http://svn.freebsd.org/viewvc/base?view=revision&revision=201614

Is there a way to get patches to run against 8.0-RELEASE? If I do 
not install -RELEASE on a machine, I can't use freebsd-update to maintain it.

>The keyword "only", as documented in the manpage, requires a
>host route to be present or else the proxy arp command will fail.

The entry is not being set up from the command line but by a PPP 
program (mpd or ppp(8)).

>(b) the PPP
>daemon can't create or destroy many of the routes that the
>connections need to work.
>
>The above patch also include fixes for routing related problem as
>you will note in the commit message, although I am uncertain if
>your problems fall into this category.

I do not know. What I do know is that all PPP implementations I've 
tried -- including Somers ppp(8) and mpd 5.3 -- are failing to set 
up the host routes for the PPP endpoints and also the loopback 
routes for the pseudo-interfaces (ng or tun).

>Various users reported problems in the vpn/ppp area and those
>were addressed before the release.

Some of these actually worsened after the release. When the test 
machine was updated recently using freebsd-update, we began to get 
even more problems and error messages.

In any event, to put -STABLE on the machine would require either 
downloading a snapshot or wiping out a lot of work or setting up 
CVS on machines that won't need it in production, so please let me 
know if patches are available that will add the recent fixes to 8.0-RELEASE.

--Brett Glass