Mpd 4.1 User Manual
: Introduction
: Change history
Previous: Organization of this manual
Next: Installation
1.4. Change history
Changes since version 4.1rc2:
- Changes:
- Default value of link's max-redial parameter changed to -1.
- Bundle's noretry option is enabled by default now.
- Bugfixes:
- Better up/down reason tracking.
Mpd version was bumped from 4.0rc2 to 4.1rc2 due to large number of changes
done since 4.0b4 and FreeBSD ports version number conflict.
Changes since version 4.0rc1:
- Bugfixes:
- Idle timeout fixed.
- Fixed bug with 'set l2tp self ' specified at the server side.
- Device type check for device-specific commands added.
- IPCP reject is not fatal by itself now.
- Up/down-script will now be called not for the whole interface,
but for each of negotiated protocols. Proto parameter should
be checked in the script!
- Fixed ng_ppp link bandwidth configuration.
Changes since version 4.0b5:
- New features:
- Integrated Web server added.
- NAT support by ng_nat(4) added.
- L2TP (RFC 2661) device type implemented.
- UDP device type was completely rewritten. Now it:
- does not require manual 'open' command on the server side,
it behaves just like any other device type;
- allows many connections to the same server UDP port;
- allows not to specify peer address/port for incoming
connections (so it will work through different
NATs and firewalls);
- allows not to specify self address/port for outgoing
connections (so it is easier to configure);
- TCP device type was completely rewritten. It has some minor issues
due to limitation of ng_ksocket module, but now IT WORKS! :)
- Compression Predictor-1 (RFC 1978) added.
- Compression Deflate (RFC 1979) added.
- Encryption DESE (RFC 1969) support was reimplemented.
- Encryption DESE-bis (RFC 2419) support added.
- New command 'show phys' added.
- New command 'show summary' added.
- Support for ipfw tables added to RADIUS ACL's.
- New commands 'set global start...' added..
- Added support of calling/called numbers (mostly for PPTP/L2TP).
- Changes:
- "lcp" layer in open/close commands replaced by "link".
- Auth configuration (set auth ...) moved from bundle layer to lcp.
It works per link now.
- MPPE policy option moved from auth layer to ccp.
- Bugfixes:
- Fixed a few bugs on amd64 and sparc64 platforms.
- Phys layer was made stateless to remove race condition.
- Link layer changed to remove race conditions on LinkDown().
- Fixed race condition in accepting PPPoE connections.
- Link up/down reason recording is now more accurate.
- Complete link shutdown procedure on auth failure implemented.
- Fixed several small PPTP level processing issues.
- Removed limitation about PPTP which must be in the bundle alone.
- Fixed MSCHAP auth which was broken in 4.0b5.
- Fixed memory leak in PAP and CHAP auth on the client side.
- Fixed some CCP negotiation issues.
- Fixed threads-related crash in internal auth.
- Fixed crash on incoming when no free PPTP link found.
- Bug in "rubber bandwidth" algorithm fixed.
- Bug and possible crash fixed in DoD code.
- Fixed bug in AUTHPROTO negotiation.
- Fixed bug in RAD_MICROSOFT_MS_CHAP2_SUCCESS handeling.
Needs testing.
Changes since version 4.0b4:
- New features:
- IPv6 support:
- IPV6CP support added, NCPs and IFACE calls was
rewritten to support many NCPs.
- Console now supports IPv6.
- UDP and TCP link types now support IPv6.
- PPTP link type is ready to support IPv6,
but requires ng_pptpgre(4) to support IPv6.
- NetFlow export over IPv6 is supported.
- The following features don't yet support IPv6:
TcpMSSFix, NetFlow, Tee, DialOnDemand.
- TCP link type now compiles and works
(but isn't yet ready for production usage).
- NetFlow data generation on outgoing interface is supported.
- Added a possibility to use an existing ng_netflow(4) node.
- Added a possibility to specify network interface names
instead of IP addresses.
- Added more log levels to decrease log file size.
- Changes:
- Default argument of open/close commands changed from iface to lcp.
- Bugfixes:
- Fixed races between startup process and client connecting.
- Fixed a few crashes in console.
- Incoming call processing significantly reworked to
fix some aspects of multilink server functionality.
- The shutdown of mpd is now much more graceful:
the netgraph nodes are closed, the accounting RADIUS
packets for closing links are sent, new connections
aren't accepted during shutdown.
- Fixed races in filling of RADIUS packets. In particular,
RAD_NAS_PORT value in the RADIUS could be wrong.
- RADIUS support rewritten to use poll(2) instead of
select(2), allowing to create a bigger number of links.
- Fixed a problem with identifying correct interface
for proxy-arp when alias addresses are used.
- Fixed memory leaks and crashes when more than 256 PPTP
bundles are in use.
- Fixed crash in PPPoE when more than 64 parent Ethernet
interfaces used.
- Performance improvements:
- Message and PPPoE subsystems reworked to decrease number
of open files per bundle.
Changes since version 4.0b3:
- BugFix: fix crash in processing of MS domain name from
RADIUS server.
- New feature: automatic creation, configuring and attaching
of ng_netflow(4) node.
- ng_tee(4) now can be inserted on a per bundle basis.
- New feature: on FreeBSD 6.0 and higher ng_tcpmss(4) is
utilized if doing TCP MSS fixup.
- BugFix: tcpmssfix now works for both incoming and outgoing
TCP segments.
- New options: update-limit-in, update-limit-out.
- Fixed loss of statistics when -t options is used.
- Fixed chat scripting, modem links not broken anymore.
Changes since version 4.0b2:
- BugFix: make PPPoE interface control events recurring, PPPoE is
not broken anymore.
- Added a new
startup
section to the config-file, wich
is loaded once at startup.
- Added a new
global
config space for all the global
settings.
- BugFix: don't generate new challenges, while retransmitting
them.
- Fix
va_args
bug on certain non-i386 platforms.
- Auto-load
ng_ether
for PPPoE connections;
fix default path for undefined service.
- Rewrite the console-stuff. Multiple telnet connections are now
allowed. There is no input-console anymore, must use telnet
instead.
- BugFix: The directly configured password wasn't taken into
account when using PAP.
- Disallow empty usernames safely.
Changes since version 4.0b1:
- Fixed a race-condition wich caused a dead-lock.
- RADIUS
- Fixed several race-conditions when sending accounting requests.
- Use the username from the access-accept packet (if present) for
accounting requests.
Changes since version 3 (most of this work was sponsored by
SURFnet SURFnet):
- Design changes:
Mpd uses now a thread-based event system using libpdel, these libpdel parts are now
integrated:
- typed_mem(3)
- pevent(3)
- alog(3)
Mpd uses a "Giant Mutex" for protecting its resources.
- Major new features:
- Implemented the Extensible Authentication Protocol RFC 2284 (EAP). Currently only
EAP-MD5 is supported (client and server side).
EAP negotiaton can be enabled at link level.
- Implemented OPIE (One-time Passwords In Everything).
- Implemented authentication against systems password database
master.passwd
.
- utmp/wtmp logging.
- Rewrites of the authentication subsystem:
- Make authentication and accounting requests asynchronous using paction(3).
- Authentication backends are acting now independently from the rest of Mpd, using
some internal structs as interface.
- The
mpd.secrets
file is now used as one authentication backends of many, it
has no special role anymore, i.e. it could be disabled.
- Generate a session-id at bundle and link level for using with accounting requests.
- RADIUS related changes:
- IMPORTANT: Mpd needs now an enhanced libradius, here are the patchsets:
4-STABLE
5-CURRENT
- Remember and send the RAD_STATE attribute.
- Message-Authenticator support.
- EAP Proxy Support.
- Added a new option for PPTP links for disabling the windowing mechanism
specified by the protocol. Disabling this will cause Mpd to violate
the protocol, possibly confusing other PPTP peers, but often results
in better performance. The windowing mechanism is a design error in
the PPTP protocol; L2TP, the successor to PPTP, removes it. You need
a recent version of FreeBSD (NGM_PPTPGRE_COOKIE >= 1082548365) in order
to get this feature.
set pptp disable windowing
- Added a new commandline option
-t
for adding ng_tee into the netgraph.
Submitted by: Gleb Smirnoff, glebius at cell dot sick dot ru
- Removed configuration parameters:
- bundle:
radius-fallback
- iface:
radius-session
, radius-idle
, radius-mtu
,
radius-route
, radius-acl
- ipcp:
radius-ip
Moved configuration parameters:
- bundle to auth:
radius-auth
, radius-acct
, authname
,
password
, max-logins
- radius to auth:
acct-update
- ccp to auth:
radius
and renamed to mppc-pol
New configuration parameters:
- link:
keep-ms-domain
, this prevents Mpd from stripping the MS-Domain,
this is can be useful when using IAS as RADIUS server.
- radius:
message-authentic
, this adds the Message-Authenticator
attribute to the RADIUS request.
- auth:
internal
, controles the usage of the mpd.secrets
file
(internal authentication backend).
- auth:
opie
, enables/disables the OPIE authentication backend.
- auth:
system
, enables/disables authentication against systems password
database.
- auth:
utmp-wtmp
, enables/disables utmp/wtmp logging.
database.
- auth:
timeout
, configureable timeout for the authentication phase.
- eap:
radius-proxy
, this causes Mpd to proxy all EAP requests to
the RADIUS server, Mpd only makes the initial Identity-Request
(this saves one round-trip), every other requests are forwarded to the RADIUS server.
This adds the possibility supporting every EAP-Type of the RADIUS server, without
implementing each EAP-Type into Mpd.
- eap:
md5
, EAP-Type MD5, it's the same as CHAP-MD5, but inside EAP frames.
- Removed defines
ENCRYPTION_MPPE
and COMPRESSION_MPPC
, they are now built in.
- Get rid of
IA_CUSTOM
define.
- BugFix: Fixed a mem-leak in the pptp-ctrl stuff.
Mpd 4.1 User Manual
: Introduction
: Change history
Previous: Organization of this manual
Next: Installation