[Openswan Users] random l2tp/pppd failure, again

[Paul Wouters]

On Sun, 5 Mar 2006, Joel Michael wrote:

> What happens is that after a few successful VPN connections from WinXP clients
> (Laptops and Desktops various, from a wireless network and from the Internet,
> some on the Internet having NAT applied), it appears that l2tpd locks up.
> When WinXP clients try to connect, they get the 678 connection error.  It can
> be narrowed down to l2tpd, because if the command 'service l2tpd restart' is
> run, everything comes back to life. Of course, I can't get my client to
> restart l2tpd every time it dies, that's just fixing the symptom, and they
> wouldn't be too happy because "it used to be stable".

You can try the "xl2tpd" CVS soures at Xelerance. There are a few patches that
have not made it into the l2tpd at fedora extras yet.

Also, can you run it with l2tpd -D and see if that gives any clues as to what
the problem might be? Note that multiple l2tpd clients behind the same NAT
router and multiple clients using the same internal IP address behind different
NAT routers is not yet supported in openswan 2.4.x. This will be supported in
openswan 2.5.x (which we might call openswan 3.x). For more information on this,
contact me off-list.

> The second thing that changed is that Hyper-Threading was enabled on the new
> server, but was not on the old server.  Both servers have a single processor.
> The installation detected the "2nd" CPU provided by HT, and installed the SMP
> kernel.  This is what I'm thinking is causing the problem.  As the symptom
> only seems to occur occasionally, it suggests that it is some kind of SMP race
> condition.

The only problems we know about related to SMP is with KLIPS, and the problem is
that the kernel then completely locks up, which is not what you are experiencing.

Paul