7.1. Troubleshooting

Some tips for troubleshooting. (This section is under construction).

For further help, subscribe to the freebsd-net@freebsd.org mailing list and ask your question there.

Packets won't flow.

Make sure you have set gateway_enable="YES" in /etc/rc.conf, otherwise your FreeBSD box will not route packets. Alternately, invoke sysctl -w net.inet.ip.forwarding=1 for immediate effect.

Also, check your firewall settings. Mpd will create new interfaces which may need to be incorporated into your firewall rules. If you're doing PPTP, you need to allow TCP port 1723 and IP protocol 47 (GRE).

It doesn't work, and there are strange netgraph-related errors in the log.

Make sure you have all the required netgraph KLD's loaded. You can check them by doing kldstat -v | grep ng_ .

Usually these are loaded on demand. If not, you can load them manually using kldload(8).

The following node types are or may be needed:

• ng_ppp
• ng_socket
• ng_iface
• ng_bpf
• ng_vjc
• ng_mppc
• ng_pptpgre
• ng_ksocket
• ng_tty
• ng_pppoe

Poor performance with Mac OS X PPTP clients.

Upgrade to a version of FreeBSD newer than 4.7-RELEASE. Or apply this patch manually.

My configuration doesn't seem to be working as expected.

Make sure your mpd.conf and mpd.links files are formatted properly. Labels must be left-justified, and blank lines must exist between sections to separate them.

I'm getting no valid response from the RADIUS server.

Double-check the shared secret in the RADIUS servers config and the one specified in mpd.conf or radius.conf. Check the ports of the RADIUS server: they should be 1812 (authentication) and 1813 (accounting), wich are also the default ports of mpd. In the past unofficial port numbers (1645 and 1646) were used for RADIUS, but these are deprecated.

I'm getting ``Operation not permitted'' errors trying to run mpd.

This is often caused by a combination of (a) using netgraph in KLD module form instead of statically compiling the various modules into the kernel via kernel config(8) options, and (b) increasing your kernel security level (see the init(8) man page), which prevents KLD modules from being loaded. Change one of these things to fix the problem.

I've configured a link for dial-in, and sometimes after disconnecting mpd gets into some kind of infinite loop.

This is because mpd is trying to ``redial,'' which of course is not appropriate for dial-in links. Use set link max-redial -1 to disable the redial function.

I've configured lots and lots of bundles. But after creating 100 of them (or some other power of 10) mpd starts getting ``Address already in use'' errors.

This is because the names assigned to the netgraph nodes are too long, being truncated, and the conflicting with existing names. The maximum length of a netgraph node name is 15 characters. The names are derived from the bundle names assigned in mpd.conf. So try shortening your bundle names.

I'm using mpd as PPTP server for Windows XP clients, when accessing bigger websites, or listing larger ftp directories, then the connection seems to hang.

Windows XP insists on a very low MTU (usualy 1396 Bytes), this needs fragmentation, if bigger packets should be transmited over the link. Fragmentation is negotiated at ICMP level, if there is a bad router somewhere in the network, who drops such packets, then the connection seems to hang. The first thing what you can try is reducing mpd's MTU value, by setting: set link mtu 1300 and set bundle disable multilink, this should help in most cases. For TCP connections it's possible enabling the TCP-MSS-Fix: set iface enable tcpmssfix (available since mpd-3.15).