Dear list members
sorry to bother you again with kernel-level pppoe.
I think i'm just to stupid to get it work properly.
The problem seems to be that the mtu adjustment (scrub max-mss 1440)
does not always work after a session reset. (pppoe comes up and I can
ping, but f.e. http does not work)
I can provoke the behaviour by just rebooting the device. The mtu
adjustment does not work about every other time the device is booted.
The rest of the time everything works without any flaw until for some
reason the pppoe connection is reset (f.e. by provider, disconnecting
adsl bridge, ...)
I do not have a clue how I could debug this problem. I assume it is pf
related (f. e. my rule order). (I do /sbin/pfctl -F states invoked by
ifstated when the pppoe connection goes up, so I guess old states
shouldn't be the problem here...)
I'll be happy to provide all data you might find useful or even access
to the device...
This setup has been tested on openbsd 4.7-stable and openbsd 4.8
(OPENBSD_4_8 as of 2010-08-20)
Any hints and debugging tipps are welcome!
My settings:
# pfctl -sr
pass quick on lo0 all flags S/SA keep state
pass quick on vr1 all flags S/SA keep state
block drop on pppoe0 all
match on pppoe0 all scrub (max-mss 1440)
match out on pppoe0 from (vr1:network) to any nat-to (pppoe0:0)
pass in on pppoe0 proto udp from any to any port = domain keep state
pass in on pppoe0 proto udp from any to any port = ntp keep state
pass out on pppoe0 proto udp all keep state
pass out on pppoe0 proto icmp all keep state
pass on pppoe0 inet proto icmp all icmp-type echoreq code 0 keep state
pass out on pppoe0 proto tcp all flags S/SA modulate state
pass in on pppoe0 proto tcp from any to any port = ssh flags S/SA keep state
anchor "ftp-proxy/*" all
match in inet proto tcp from any to any port = ftp rdr-to 127.0.0.1 port
8021
pass in quick inet proto tcp from any to any port = ftp flags S/SA keep
state rdr-to 127.0.0.1 port 8021
# ifconfig pppoe0
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
priority: 0
dev: vr0 state: session
sid: 0x1235 PADI retries: 0 PADR retries: 0 time: 00:04:16
sppp: phase network authproto chap authname "XXX_username_XXX"
groups: pppoe egress
status: active
inet6 fe80::20d:b9ff:fe1d:916c%pppoe0 -> prefixlen 64 scopeid 0x6
inet XXX_localip_XXX --> XXX_lnsip_XXX netmask 0xffffffff
# ifconfig vr0
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0d:b9:1d:91:6c
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::20d:b9ff:fe1d:916c%vr0 prefixlen 64 scopeid 0x1
Thank you and regards
andre
