Thursday, 2 February 2023

UnifiUSG latest release still has PPPoE Promiscuous issue - Reconnection leaves connection in bad state

Copied from my post on Unifi's community:

Hopefully this will be of some use to people.

========8<=======

Hi all,

Just received latest update of Unifi USG-3P (4.4.57) and it still has the ppp promiscuous reconnect issue.

See my earlier post for how I tracked down the problem:

https://community.ui.com/questions/USG-pppoe-bad-packet-filtering-and-mysterious-Promiscuous-mode-on-reconnect/56283429-70e9-43d2-aad5-d36ca06c75b2

Symptoms:

  • Connecting OK via PPPoE using a VLAN.
  • Connection dropped by provider - as part of periodic maintenance
  • USG succesfully reconnects but then receives spurious packet meant for another device on the provider's network
  • USG kernel ppp acks that and then the connection goes in to an unknown state.

Reason:

  • On reconnect - the VLAN Device that the PPP connects over is Promiscuous and there's a bug in the PPP Kernel driver that does not correctly filter packets.

User Solution:

  • Drop the following file into /etc/ppp/ip-pre-up.d/0001-turn-promisc-off and make it executable:
#!/bin/sh
if [ "$DEVICE" = "" ]
then
	echo "========= 0001-turn-promisc-off: Expecting DEVICE"
	exit 0
fi


if ip link show "$DEVICE" | fgrep -q PROMISC
then
	echo "========= 0001-turn-promisc-off: Clearing PROMISC on $DEVICE"
	ip link set "$DEVICE" promisc off
fi
exit 0

Real Solution

Of course rather than dropping the above file to work around the issue - the real fix is two-fold.

  1. Unifi needs to investigate why Vyatta code is bringing up the interface in promiscuous mode - maybe there is a later version of Vyatta that has this resolved.
  2. Unifi should pull the later kernel release that has the PPP Kernel filtering bug fixed (See https://bugzilla.kernel.org/show_bug.cgi?id=207597 )
========8<=======

No comments:

Post a Comment