Subject: pptp client behind NAT - transfer hangs up
To: None <netbsd-users@netbsd.org>
From: Egervary Gergely <egervary@expertlan.hu>
List: netbsd-users
Date: 01/08/2005 11:14:42
(sorry for my bad english)

scenario: NetBSD nat box, PPTP server at some ISP w/public IP,
PPTP clients on my private network behind the NetBSD nat.

first of all: this setup works with NetBSD 1.6.2 flawlessly, the problem
was triggered by the upgrade to NetBSD 2.0

related NAT configuration is unchanged, probably this is a bug/feature
in the new IPFILTER/IPNAT code.

the problem:

PPTP client can connect to the PPTP server, but the link hangs up if
there's no data transer from the PPTP client to the PPTP server for 2-3
seconds.

If I start a simple ``ping'' on the client, the connection stays up and
running, and everyting is okay. If I stop pinging the server, the the
connection hangs, I can't even ping the client from the server. If I
start any data transfer from the client again, the link is back and
working again.

Of course, if there's no traffic from the client for several minutes,
the link not only hangs, but server disconnects, as LCP echo queries
cannot reach the client.

this is 100% reproduceable on my box.

my ipnat rules:

map ex0 10.0.0.0/8 -> my.external.ip.addr/32 proxy port ftp ftp/tcp
map ex0 10.0.0.0/8 -> my.external.ip.addr/32 portmap tcp/udp 20000:40000
map ex0 10.0.0.0/8 -> my.external.ip.addr/32

thank you for your ideas.

-- 
Egerváry Gergely
egervary@expertlan.hu