[Openswan Users] l2tpd problem?

Tomasz Grzelak tgrzelak at wktpolska.com.pl
Wed Mar 23 08:55:05 CET 2005

Dnia wtorek, 22 marca 2005 17:33, napisałeś:
> Tomasz Grzelak wrote:
> > I use OpenSwan 2.2.0 on the Linux server (Debian Woody) to allow win xp
> > native clients establish vpn sessions. But all sessions are destroyed
> > sooner or later

> > Mar 20 17:30:30 guardian l2tpd[31255]: control_xmit: Maximum retries
> > exceeded for tunnel 6816.  Closing.
> > Mar 20 17:30:30 guardian pppd[10098]: Terminating on signal 15.
> > Mar 20 17:30:30 guardian pppd[10098]: Script /etc/ppp/ip-down started
> > (pid Mar 20 17:30:57 guardian l2tpd[31255]: network_thread: unable to
> > find call or tunnel to handle packet.  call = 41672, tunnel = 6816
> > Dumping.
> It seems to me that for some reason the client is not responding to echo
> requests so the server believes that the link is dead and it disconnects.
> Then the packets show up late.
> You could fiddle with the lcp-echo-failure and lcp-echo-interval
> parameters in options.l2tpd (see man pppd). This will not do anything
> about the cause of the problem but perhaps the link stays up.

ok, I'll try these params.

> Perhaps there is some capacity problem (network congestion? CPU overload?).

this might be the case... but rather network congestion

> If the problem shows up when there a lot of clients or when there is lots
> of traffic, you could try a faster uplink or a faster CPU. Or you could
> replace l2tpd with one of the other 3 L2TP daemons that are probably
> faster: http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#L2TPoverview

ok, I could try another l2tp daemon, but which one could give me something 
like this:
 * road warriors establish vpn sessions, so there aren't any known IP 
 * each client is always given the well known IP addres as the ppp session has 
  been  established (defined in /etc/ppp/chap-secrets), for example: user_A 
  gets, user_B gets, and so on, and this never changes

I compiled l2tpns, but I didn't find in the man where to send ppp options 
(something similar to the 'pppoptfile' when using l2tpd from www.l2tpd.org).
I also looked at the link and l2tpns example configuration, but can't figure 
it out how to achieve equivalent configuration of l2tpns to the following 

[lns default]
ip range =
local ip =
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNServer
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

and /etc/ppp/options.l2tpd:

idle 1800
mtu 1200
mru 1200
connect-delay 5000

Am I able to get the config above working with l2tpns? I didn't find any 
examples of configuring l2tpns in such a manner. I looked at Alan Whinery's 
example config, but couldn't have found answer to my question.

Can you help me and give little more understanding of another l2tp daemon?
Which one could give me the above solution?

Thank you very much!
Tomasz Grzelak

More information about the Users mailing list