[Openswan Users] random l2tp/pppd failure

[Agent Smith]

I had the same problem, I ended up writting a stupid
script that kills the PPP process if the IP is not
detected in ipsec eroute

this worked well for a while until I found that
sometimes when a client disconnects, the ipsec eroute
shows either %hold or %trap and that doesn't clear by
itself for rekey period.

so now I've given up on l2tp/ipsec and am seriously
thinking about poptop, mppe128 is good enough
encryption and always works. 

you can try l2tpns its somewhat stable in my opinion,
but then it doesn't do mschapv2 and also you'll still
run into problems with ipsec eroute in %hold or %trap.

--- Ben Willmore <bwillmore at berkeley.edu> wrote:

> I now have a successful ipsec/l2tp/ppp setup, which
> works 2/3 of the
> time but has one annoying problem: seemingly
> randomly, l2tpd fails to
> kill pppd when the client disconnects.  When this
> happens, it wedges
> the whole system for all users -- existing
> connections freeze and new
> ones can't be established.
> 
> My claim that it's random comes from multiple
> reconnects/disconnects
> from the same client.  It will work about 2/3 of the
> time with no
> problems.  On the remaining 1/3, when the client
> disconnects, the pppd
> process remains behind, wedging l2tpd etc.
> 
> Thanks again for any insight into what's making it
> flaky.
> 
> Ben
> 
> Here is a sample log from a failed
> connect/disconnect cycle:
> Feb 18 12:15:01 lithium l2tpd[19210]: ourtid =
> 31427, entropy_buf = 7ac3
> Feb 18 12:15:01 lithium l2tpd[19210]: ourcid =
> 33679, entropy_buf = 838f
> Feb 18 12:15:01 lithium l2tpd[19210]: check_control:
> control, cid = 0,
> Ns = 0, Nr = 0
> Feb 18 12:15:01 lithium l2tpd[19210]: handle_avps:
> handling avp's for
> tunnel 31427, call 33679
> Feb 18 12:15:01 lithium l2tpd[19210]:
> message_type_avp: message type 1
> (Start-Control-Connection-Request)
> Feb 18 12:15:01 lithium l2tpd[19210]:
> protocol_version_avp: peer is
> using version 1, revision 0.
> Feb 18 12:15:01 lithium l2tpd[19210]:
> framing_caps_avp: supported peer
> frames:async sync
> Feb 18 12:15:01 lithium l2tpd[19210]: hostname_avp:
> peer reports hostname ''
> Feb 18 12:15:01 lithium l2tpd[19210]:
> assigned_tunnel_avp: using
> peer's tunnel 102
> Feb 18 12:15:01 lithium l2tpd[19210]:
> receive_window_size_avp: peer
> wants RWS of 4.  Will use flow control.
> Feb 18 12:15:01 lithium l2tpd[19210]: check_control:
> control, cid = 0,
> Ns = 1, Nr = 1
> Feb 18 12:15:01 lithium l2tpd[19210]: handle_avps:
> handling avp's for
> tunnel 31427, call 33679
> Feb 18 12:15:01 lithium l2tpd[19210]:
> message_type_avp: message type 3
> (Start-Control-Connection-Connected)
> Feb 18 12:15:01 lithium l2tpd[19210]:
> control_finish: Connection
> established to xx.xx.xx.xx, 50902.  Local: 31427,
> Remote: 102.  LNS
> session is 'default'
> Feb 18 12:15:01 lithium l2tpd[19210]: check_control:
> control, cid = 0,
> Ns = 2, Nr = 1
> Feb 18 12:15:01 lithium l2tpd[19210]: handle_avps:
> handling avp's for
> tunnel 31427, call 33679
> Feb 18 12:15:01 lithium l2tpd[19210]:
> message_type_avp: message type
> 10 (Incoming-Call-Request)
> Feb 18 12:15:01 lithium l2tpd[19210]:
> message_type_avp: new incoming call
> Feb 18 12:15:01 lithium l2tpd[19210]: ourcid =
> 45349, entropy_buf = b125
> Feb 18 12:15:01 lithium l2tpd[19210]:
> assigned_session_avp: assigned
> session id: 4736
> Feb 18 12:15:01 lithium l2tpd[19210]:
> call_serno_avp: serial number is 1
> Feb 18 12:15:01 lithium l2tpd[19210]: check_control:
> control, cid =
> 4736, Ns = 3, Nr = 2
> Feb 18 12:15:01 lithium l2tpd[19210]: handle_avps:
> handling avp's for
> tunnel 31427, call 45349
> Feb 18 12:15:01 lithium l2tpd[19210]:
> message_type_avp: message type
> 12 (Incoming-Call-Connected)
> Feb 18 12:15:01 lithium l2tpd[19210]: tx_speed_avp:
> transmit baud rate
> is 1000000
> Feb 18 12:15:01 lithium l2tpd[19210]:
> frame_type_avp: peer uses:async frames
> Feb 18 12:15:01 lithium l2tpd[19210]: start_pppd:
> I'm running:
> Feb 18 12:15:01 lithium l2tpd[19210]:
> "/usr/sbin/pppd"
> Feb 18 12:15:01 lithium l2tpd[19210]: "passive"
> Feb 18 12:15:01 lithium l2tpd[19210]: "-detach"
> Feb 18 12:15:01 lithium l2tpd[19210]:
> "192.168.2.203:192.168.2.204"
> Feb 18 12:15:01 lithium l2tpd[19210]: "refuse-pap"
> Feb 18 12:15:01 lithium l2tpd[19210]: "auth"
> Feb 18 12:15:01 lithium l2tpd[19210]: "require-chap"
> Feb 18 12:15:01 lithium l2tpd[19210]: "name"
> Feb 18 12:15:01 lithium l2tpd[19210]: "Test"
> Feb 18 12:15:01 lithium l2tpd[19210]: "debug"
> Feb 18 12:15:01 lithium l2tpd[19210]: "file"
> Feb 18 12:15:01 lithium l2tpd[19210]:
> "/etc/ppp/options.l2tpd"
> Feb 18 12:15:01 lithium l2tpd[19210]: "/dev/ttyp0"
> Feb 18 12:15:01 lithium l2tpd[19210]:
> Feb 18 12:15:01 lithium pppd[17661]: pppd options in
> effect:
> Feb 18 12:15:01 lithium l2tpd[19210]:
> control_finish: Call established
> with xx.xx.xx.xx, Local: 45349, Remote: 4736,
> Serial: 1
> Feb 18 12:15:01 lithium pppd[17661]: debug
> debug^I^I# (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: -detach^I^I#
> (from command line)
> Feb 18 12:15:01 lithium pppd[17661]: idle 1800^I^I#
> (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: nologfd^I^I#
> (from /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: connect-delay
> 5000^I^I# (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: dump^I^I# (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: auth^I^I# (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: refuse-pap^I^I#
> (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]:
> refuse-chap^I^I# (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]:
> refuse-mschap^I^I# (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: name
> hostname^I^I# (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: /dev/ttyp0^I^I#
> (from command line)
> Feb 18 12:15:01 lithium pppd[17661]: lock^I^I# (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: crtscts^I^I#
> (from /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: modem^I^I#
> (from /etc/ppp/options)
> Feb 18 12:15:01 lithium pppd[17661]: asyncmap 0^I^I#
> (from /etc/ppp/options)
> Feb 18 12:15:01 lithium pppd[17661]: mru 1400^I^I#
> (from /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: mtu 1400^I^I#
> (from /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: passive^I^I#
> (from command line)
> Feb 18 12:15:01 lithium pppd[17661]:
> lcp-echo-failure 1^I^I# (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]:
> lcp-echo-interval 2^I^I# (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]:
> hide-password^I^I# (from /etc/ppp/options)
> Feb 18 12:15:01 lithium pppd[17661]: ms-dns xxx #
> [don't know how to
> print value]^I^I# (from /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: proxyarp^I^I#
> (from /etc/ppp/options)
> Feb 18 12:15:01 lithium pppd[17661]: netmask
> 255.255.255.0^I^I# (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]:
> 192.168.2.203:192.168.2.204^I^I#
> (from command line)
> Feb 18 12:15:01 lithium pppd[17661]: nobsdcomp^I^I#
> (from
> /etc/ppp/options.l2tpd)
> Feb 18 12:15:01 lithium pppd[17661]: noipx^I^I#
> (from /etc/ppp/options)
> Feb 18 12:15:01 lithium pppd[17661]: pppd 2.4.2
> started by root, uid 0
> Feb 18 12:15:01 lithium pppd[17661]: using channel
> 86
> Feb 18 12:15:01 lithium pppd[17661]: Using interface
> ppp0
> Feb 18 12:15:01 lithium pppd[17661]: Connect: ppp0
> <--> /dev/ttyp0
> Feb 18 12:15:01 lithium pppd[17661]: sent [LCP
> ConfReq 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com