ng_iface regression from 9.2 to 10.0

[Zaphod Beeblebrox]

I'm going to post again with some new information.  I have a 10.0p6 machine
running mpd5 terminating a bunch of l2tp tunnels from subscribers (not
encrypted).

The specific regression between 9.2 and 10.0 is that hosts on the tunnels
cannot communicate with local services.  They can ping local IPs, and the
server can ping them, but no userland connections can be had.

IE:

[2:15:315]root at owl:~> ifconfig ng29
ng29: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0
mtu 1436
        inet xx.yy.31.6 --> xx.yy.16.50 netmask 0xffffffff
        inet6 fe80::219:b9ff:fef9:b9e7%ng29 prefixlen 64 scopeid 0x23
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
[2:16:316]root at owl:~> ping xx.yy.16.50
PING xx.yy.16.50 (xx.yy.16.50): 56 data bytes
64 bytes from xx.yy.16.50: icmp_seq=0 ttl=64 time=11.580 ms
64 bytes from xx.yy.16.50: icmp_seq=1 ttl=64 time=16.515 ms
64 bytes from xx.yy.16.50: icmp_seq=2 ttl=64 time=6.253 ms
^C
--- xx.yy.16.50 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 6.253/11.449/16.515/4.190 ms
[2:17:317]root at owl:~> ssh xx.yy.16.50
ssh: connect to host xx.yy.16.50 port 22: Operation timed out

It's worth noting, too, that all tunnel-connected hosts have full internet
connectivity as does the tunnel server.  Connections from one hop away (ie:
not involving the tunnel server to run the process) work as usual.

It's also worth noting that localhost and local-ip communication on the
server are fine (ie: mpd5 communicates with radiusd running on the same
machine).

For interest's sake, xx.yy.16.50 is running mpd5 on 9.2.