I have a home server running Archlinux (ITXBox), which among other things, is acting as a router for my home network, including firewall.
Up until yesterday, I was able to establish a pptp VPN connection between any machine on my network and an external server. In order for this to work, I had to add the following to ITXBox's "/etc/modules.load.d/pptp-forward.conf":
However, last night, I upgraded the kernel from 4.6.4 to the latest version in Archlinux's repositories - 4.7.
This has caused the VPN connections mentioned above to stop working.
Reverting back to 4.6.4 fixes the issue.
I did not perform a proper regression testing, since I don't currently have enough time for that (I guess it's not "silly season" for everyone), but some quick research indicated this(1) commit could have something to do with it. It was the only thing I found related to GRE traffic.
This should be easily reproducible provided the required networking infrastructure is present.
I'd just like to add that I did not find any changes to Archlinux's kernel config relevant for breaking this. You can consult these changes here:
There are a couple of ipv6 new modules added, but I don't think they are relevant to the issue (I could be wrong, though).
I used Gentoo Linux, and upgrade from 4.6.3 to 4.7.
Also has pptp pass through issue .
Another possible cause for the issue is this commit(1).
Although it's only supposed to deal with GRE under ipv6. It's from the same author and committer as the previously mentioned suspect commit, so no need to add anyone else to the cc list.
Created attachment 228831 [details]
Fixes the cleanup of gre module
Would any of you experiencing this bug try the attached patch?
(In reply to Johanna from comment #4)
> Created attachment 228831 [details]
> Fixes the cleanup of gre module
> Would any of you experiencing this bug try the attached patch?
sry, this patch doesn't really make sense, I misread. You don't need to try it.
Thank you @Konstantin.
Confirming that adding
to /etc/sysctl.d/30-pptp_passthrough.conf solves the issue for me.
Just out of curiosity: Is this option new to 4.7 or did it exist before and the default value was changed?
> Just out of curiosity: Is this option new to 4.7 or did it exist before and
> the default value was changed?
My testing shows that the default value has been changed.
I didn't look in the code, though -- just compared two ELRepo's kernels