ng_mppc_decompress: too many (4092) packets d

2011-12-18
2013-03-27
  • Sami Halabi

    Sami Halabi - 2011-12-18

    Hi,
    I see many messages like:
    Dec 18 08:27:25 mpd2 kernel: ng_mppc_decompress: too many (4092) packets dropped, disabling node 0xffffff00385bd400!
    Dec 18 08:27:25 mpd2 kernel:

    in the logs, any idea how to solve that?

    Sody

     
  • Sami Halabi

    Sami Halabi - 2011-12-20

    Hi,
    netgraph mppc and mpd that come in the freebsd and the ports is implementation of the properietary ?
    the link u gave me last updated 2007, should i use it in production fbsd-R8.2-p4??

    what other people do?

    Sami

     
  • Alexander Motin

    Alexander Motin - 2011-12-20

    MPPC compression algorithm is indeed patented in US and so not included into the base system. Referenced library fills that gap and should still work fine. But all that is not related to your problem. :)

    Message you see, supposed to be caused by too many sequential packet drops. I have seen such reports before, but difficult to say what was the reason. I assume it may happen because of packet reorder on a link. Packet counter in MPPC is 12 bit long, so difference of -4 looks more probable to me then difference 4092. Probably some check could be inserted there (into ng_mppc kernel module) to try to handle it. Another workaround could be in enabling multilink PPP. Multilink has own fragment counters and it should protect from reordering.

     
  • Sami Halabi

    Sami Halabi - 2011-12-20

    Hi amotin,
    Thanks for your replay, i enabled multilink, here is my pptp/l2tp config (its same just change ppt2p<==>l2tp):

    pptp_server:
    # Define dynamic IP address pool.
            set ippool add pool1 1.2.3.5 1.2.3.10

    # Create clonable bundle template named B
            create bundle template B
            set iface enable proxy-arp
            set iface idle 0
            set iface enable tcpmssfix
            set ipcp yes vjcomp
    # Specify IP address pool for dynamic assigment.
            set ipcp ranges 1.2.4.5/32 ippool pool1
            set ipcp dns 8.8.4.4 8.8.8.8
            set ipcp nbns 0.0.0.0
    # The five lines below enable Microsoft Point-to-Point encryption
    # (MPPE) using the ng_mppc(8) netgraph node type.
            set bundle enable compression
            set ccp yes mppc
            set mppc yes e40
            set mppc yes e56
            set mppc yes e128
            set mppc yes stateless

    # Create clonable link template named L
            create link template L pptp
    # Set bundle template to use
            set link action bundle B
    # Multilink adds some overhead, but gives full 1500 MTU.
            set link enable multilink
            set link yes acfcomp protocomp
            set link no pap chap eap
            set link enable chap pap
    # We can use use RADIUS authentication/accounting by including
    # another config section with label 'radius'.
            load radius
            set link keep-alive 10 60
    # We reducing link mtu to avoid GRE packet fragmentation.
            set link mtu 1460
    # Configure PPTP
            set pptp self 1.2.4.5
    # Allow to accept calls
            set link enable incoming

    please advise me what to do…

    Sami

     
  • Alexander Motin

    Alexander Motin - 2011-12-20

    Just note that multilink should be enabled on both sides to really work.

     
  • Sami Halabi

    Sami Halabi - 2011-12-21

    Hi,

    is default pptp connection from windows has multilink?, most routers i guess don't support multilink….

    how can we improve the 12 bit counter? is it possible?
    I asked this question on another forum but got no answer, what is the best server configuration (fbsd version, kernel options, and so on….) to get best performance for pptp/l2tp server.

    Sami

     

Log in to post a comment.