diff -Naur pptpd-1.3.4.orig/ChangeLog pptpd-1.3.4/ChangeLog
--- pptpd-1.3.4.orig/ChangeLog	2007-04-16 04:32:45.000000000 +0400
+++ pptpd-1.3.4/ChangeLog	2007-05-01 21:42:12.000000000 +0400
@@ -1,3 +1,17 @@
+Tue Apr 24 13:11:28 2007  Phil Oester  <kernel@linuxace.com>
+
+	* pptpgre.c (decaps_gre): further testing has revealed a couple
+	more problems with the packet reordering/buffering code:
+
+	1) Some clients (notably the PPTP client) start their sequence
+	   numbers at 1 instead of 0 as the RFC mandates.  My previous fix
+	   caused problems with these clients.
+
+	2) Duplicate packets were causing corruption when they were placed
+	   on the queue but never used -or- when they were placed on the
+	   queue but already existed on the queue (i.e. they previously
+	   arrived out of order).
+
 Mon Apr 16 10:32:40 2007  James Cameron  <quozl@us.netrek.org>
 
 	* pptpd-1.3.4.tar.gz: released.
diff -Naur pptpd-1.3.4.orig/NEWS pptpd-1.3.4/NEWS
--- pptpd-1.3.4.orig/NEWS	2007-04-16 04:32:20.000000000 +0400
+++ pptpd-1.3.4/NEWS	2007-05-01 21:42:15.000000000 +0400
@@ -1,3 +1,5 @@
+- fix reordering some more [Oester]
+
 1.3.4: released 2007-04-16
 
 - fix two release critical packet reordering bugs [Oester]
diff -Naur pptpd-1.3.4.orig/pptpgre.c pptpd-1.3.4/pptpgre.c
--- pptpd-1.3.4.orig/pptpgre.c	2007-05-01 21:35:31.000000000 +0400
+++ pptpd-1.3.4/pptpgre.c	2007-05-01 21:41:17.000000000 +0400
@@ -403,8 +403,13 @@
 			stats.rx_truncated++;
 			return 0;
 		}
-		/* check for out-of-order sequence number */
-		if (seq == gre.seq_recv + 1) {
+		/* check for out-of-order sequence number
+		 * N.B.: some client implementations violate RFC 2637
+		 * and start their sequence numbers at 1 instead of 0,
+		 * so we have to introduce a kludge to deal with it.
+		 * on wrap we may allow an out of order packet to pass
+		 */
+		if (seq == gre.seq_recv + 1 || seq == 1) {
 #ifdef LOG_DEBUG_GRE_ACCEPTING_PACKET
 			if (pptpctrl_debug)
 				syslog(LOG_DEBUG, "GRE: accepting packet #%d", 
@@ -413,7 +418,7 @@
 			stats.rx_accepted++;
 			gre.seq_recv = seq;
 			return cb(cl, buffer + ip_len + headersize, payload_len);
-		} else if (seq == gre.seq_recv) {
+		} else if (!seq_greater(seq, gre.seq_recv)) {
 			if (pptpctrl_debug)
 				syslog(LOG_DEBUG,
 				       "GRE: discarding duplicate or old packet #%d (expecting #%d)",