[Openswan Users] l2tpd problem?
Jacco de Leeuw
jacco2 at dds.nl
Tue Mar 22 17:33:00 CET 2005
Tomasz Grzelak wrote:
> I use OpenSwan 2.2.0 on the Linux server (Debian Woody) to allow win xp native
> clients establish vpn sessions. But all sessions are destroyed sooner or
> later
This is not an Openswan problem but you've probably noticed that the
l2tpd.org website has vanished.
> Mar 20 17:29:28 guardian pppd[10098]: rcvd [LCP EchoRep id=0xe
> magic=0x7661506]
> Mar 20 17:29:58 guardian pppd[10098]: sent [LCP EchoReq id=0xf
> magic=0xef39349f]
> Mar 20 17:30:28 guardian pppd[10098]: sent [LCP EchoReq id=0x10
> magic=0xef39349f]
> Mar 20 17:30:30 guardian l2tpd[31255]: control_xmit: Maximum retries exceeded
> for tunnel 6816. Closing.
> Mar 20 17:30:30 guardian pppd[10098]: Terminating on signal 15.
> Mar 20 17:30:30 guardian pppd[10098]: Script /etc/ppp/ip-down started (pid
> Mar 20 17:30:57 guardian l2tpd[31255]: network_thread: unable to find call or
> tunnel to handle packet. call = 41672, tunnel = 6816 Dumping.
It seems to me that for some reason the client is not responding to echo
requests so the server believes that the link is dead and it disconnects.
Then the packets show up late.
You could fiddle with the lcp-echo-failure and lcp-echo-interval
parameters in options.l2tpd (see man pppd). This will not do anything
about the cause of the problem but perhaps the link stays up.
Perhaps there is some capacity problem (network congestion? CPU overload?).
If the problem shows up when there a lot of clients or when there is lots
of traffic, you could try a faster uplink or a faster CPU. Or you could
replace l2tpd with one of the other 3 L2TP daemons that are probably faster:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#L2TPoverview
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list