[Openswan Users] l2tpd problem?

Tomasz Grzelak tgrzelak at wktpolska.com.pl
Wed Mar 23 08:55:05 CET 2005


Dnia wtorek, 22 marca 2005 17:33, napisałeś:
> Tomasz Grzelak wrote:
> > I use OpenSwan 2.2.0 on the Linux server (Debian Woody) to allow win xp
> > native clients establish vpn sessions. But all sessions are destroyed
> > sooner or later

> > Mar 20 17:30:30 guardian l2tpd[31255]: control_xmit: Maximum retries
> > exceeded for tunnel 6816.  Closing.
> > Mar 20 17:30:30 guardian pppd[10098]: Terminating on signal 15.
> > Mar 20 17:30:30 guardian pppd[10098]: Script /etc/ppp/ip-down started
> > (pid Mar 20 17:30:57 guardian l2tpd[31255]: network_thread: unable to
> > find call or tunnel to handle packet.  call = 41672, tunnel = 6816
> > Dumping.
>
> It seems to me that for some reason the client is not responding to echo
> requests so the server believes that the link is dead and it disconnects.
> Then the packets show up late.
>
> You could fiddle with the lcp-echo-failure and lcp-echo-interval
> parameters in options.l2tpd (see man pppd). This will not do anything
> about the cause of the problem but perhaps the link stays up.

ok, I'll try these params.

> Perhaps there is some capacity problem (network congestion? CPU overload?).

this might be the case... but rather network congestion

> If the problem shows up when there a lot of clients or when there is lots
> of traffic, you could try a faster uplink or a faster CPU. Or you could
> replace l2tpd with one of the other 3 L2TP daemons that are probably
> faster: http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#L2TPoverview

ok, I could try another l2tp daemon, but which one could give me something 
like this:
 * road warriors establish vpn sessions, so there aren't any known IP 
  addresses
 * each client is always given the well known IP addres as the ppp session has 
  been  established (defined in /etc/ppp/chap-secrets), for example: user_A 
  gets 172.22.22.2, user_B gets 172.22.22.3, and so on, and this never changes

I compiled l2tpns, but I didn't find in the man where to send ppp options 
(something similar to the 'pppoptfile' when using l2tpd from www.l2tpd.org).
I also looked at the link and l2tpns example configuration, but can't figure 
it out how to achieve equivalent configuration of l2tpns to the following 
configuration:

[lns default]
ip range = 172.22.22.2-172.22.22.30
local ip = 172.22.22.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNServer
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

and /etc/ppp/options.l2tpd:

ipcp-accept-local
ipcp-accept-remote
ms-dns 10.51.8.15
ms-dns 10.51.8.243
noccp
auth
#require-mschap
require-mschap-v2
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
nodetach
debug
lock
#proxyarp
connect-delay 5000

Am I able to get the config above working with l2tpns? I didn't find any 
examples of configuring l2tpns in such a manner. I looked at Alan Whinery's 
example config, but couldn't have found answer to my question.

Can you help me and give little more understanding of another l2tp daemon?
Which one could give me the above solution?

Thank you very much!
Tomasz Grzelak


More information about the Users mailing list