[Openswan Users] random l2tp/pppd failure, again
Joel Michael
joel at gimps-r-us.com
Sun Mar 5 21:09:33 CET 2006
The thread at http://lists.virus.org/users-openswan-0602/msg00222.html
seems to describe the thing that started biting one of my clients today,
after a DR exercise. Previously, the server had been serving VPN
connections without a hitch for about two months. Hopefully I can throw
a bit more light on the subject.
As part of the DR exercise, the client's VPN server was rebuilt. It
runs Fedora Core 4, uses Openswan for IPSec and l2tpd (from Fedora
Extras) for L2TP. The server was built entirely using Kickstart, with
all packages installed from a custom build CD, and all configuration
done in %post statements. The l2tpd.conf and Openswan configuration did
not change between the time the server was initially installed to the
time it was rebuilt.
What happens is that after a few successful VPN connections from WinXP
clients (Laptops and Desktops various, from a wireless network and from
the Internet, some on the Internet having NAT applied), it appears that
l2tpd locks up. When WinXP clients try to connect, they get the 678
connection error. It can be narrowed down to l2tpd, because if the
command 'service l2tpd restart' is run, everything comes back to life.
Of course, I can't get my client to restart l2tpd every time it dies,
that's just fixing the symptom, and they wouldn't be too happy because
"it used to be stable".
There are only two possible changes that I can see between the old
system and the new system.
The first change is the versions of packages installed - during the
installation, a 'yum update' is performed. This may have updated some
rather critical things that may affect the VPN, such as Openswan, l2tpd
and the Kernel. I know that l2tpd has not been updated since the server
was originally built.
The second thing that changed is that Hyper-Threading was enabled on the
new server, but was not on the old server. Both servers have a single
processor. The installation detected the "2nd" CPU provided by HT, and
installed the SMP kernel. This is what I'm thinking is causing the
problem. As the symptom only seems to occur occasionally, it suggests
that it is some kind of SMP race condition.
If this occurs tomorrow during production hours, I will try booting with
a UP kernel, to see if this eliminates the problem.
To the others that are having this problem: are you running a SMP or a
UP kernel? Have you been able to resolve the problem by means other
than repeatedly bashing l2tpd on the head?
Thanks for any help that anyone can provide!
--
jpm
More information about the Users
mailing list