On Mon, Mar 30, 2020 at 12:47:13PM +0200, Marko Cupać wrote:
> On Sat, 28 Mar 2020 01:46:41 +0300
> Vitaliy Makkoveev <henscheltig...@yahoo.com> wrote:
>
> > Can you try latest snapshot?
>
> Unfortunately, the box that runs npppd is the most important machine on
> my network (GRE/IPsec hub for multiple branch offices), I can't take the
> risk.
>
> > Can you share your npppd.conf?
>
> Below, I have redacted sensitive information. Perhaps it is worth
> mentioning that npppd listens on IP address of CARP interface.
>
> ---npppd.conf.start---
> # GLOBAL
> set max-session 200
> set user-max-session 1
>
> # TUNNEL
> tunnel EXAMPLEORG protocol pptp {
> listen on IP.ADD.RE.SS
> pptp-hostname vpn.example.org
> pptp-vendor-name "openbsd-npppd"
> ingress-filter yes
> pipex no
> mppe required
> mppe-key-length 128
> mppe-key-state stateless
> idle-timeout 1800
> }
>
> # IPCP
> ipcp KAPPASTAR {
> pool-address "IP.ADD.RE.SS/24"
> dns-servers IP.ADD.RE.SS
> allow-user-selected-address no
> }
>
> # INTERFACE
> interface tun1 address IP.ADD.RE.SS ipcp EXAMPLEORG
>
> # AUTHENTICATION
> authentication RADIUS type radius {
> strip-nt-domain yes
> strip-atmark-realm yes
> authentication-server {
> address IP.ADD.RE.SS secret "ThisIsNotRealPassword"
> }
> accounting-server {
> address IP.ADD.RE.SS secret "ThisIsNotRealPassword"
> }
> }
>
> bind tunnel from EXAMPLEORG authenticated by RADIUS to tun1
> ---npppd.conf.end---
>
> Thank you in advance for looking into it.
> --
> Before enlightenment - chop wood, draw water.
> After enlightenment - chop wood, draw water.
>
> Marko Cupać
> https://www.mimar.rs/
>
You have pipex(4) disabled. Is it still hangs with disabled pipex(4)?
As I discovered (https://marc.info/?t=158529976800001&r=1&w=2), npppd
with pipex(4) enabled and non-NULL "idle-timeout" option will crash
kernel. You can disable this option in yout npppd.conf an reenable
pipex(4). Looks like crashes should gone.
