[Openswan Users] random l2tp/pppd failure, again

Paul Wouters paul at xelerance.com
Tue Mar 7 22:06:47 CET 2006

On Mon, 6 Mar 2006, Joel Michael wrote:

> > You can try the "xl2tpd" CVS soures at Xelerance. There are a few patches
> > that
> > have not made it into the l2tpd at fedora extras yet.
> >
> I'm not completely against running CVS software, but I'm wary.  The biggest
> issues for me are stability and upgradability.  What advantages does the
> xl2tpd have over the l2tpd in Fedora Extras?  You mentioned that a few patches
> are missing, what functionality do they provide, or what bugs do they fix?

Then try the link at www.xelerance.com/software/ for "xl2tpd". It is currently
version 1.0.4. See the Changelog for the fixes and enhancements.

> I'm trying to weigh up whether the cost of installing and maintaining xl2tpd
> will outweigh the benefits of running xl2tpd over the l2tpd in Fedora Extras,
> with the cost being what I will charge my client for my time to install and
> maintain xl2tpd.

I am not entirely sure yet how this will continue, but I am the maintainer of
that Fedora Extra package. Unfortunately, upstream is rather dead, and not
accepting our patches. l2tpd in FE is mostly up to date with xl2tpd, apart
from the last few weeks of development where we added support for multiple
clients behind the same NAT router and multiple clients with the same
virtual IP behind different NAT routers. These patches are essential for
deploying l2tp in a scenario with more then 1 user.

> In an attempt to avoid triggering the problem, I tried rebooting the system
> with a UP kernel before it went into production this morning.  It survived the
> whole day without a problem, with a maximum of 6 concurrent users.  When the
> problem triggered, it was only two people constantly connecting and
> disconnecting, and the problem triggered within a couple of hours.

We have seen an l2tpd/xl2tpd crasher where an unclean disconnect (eg laptop
closing lid without sending any notification) and a quick reconnect, would
crash the (x)l2tpd daemon. Unfortunately, when we run gdb on the l2tpd, the
gdb itself crashes and causes a kernel panic. So we are still investigating
this issue.

You might also be running into an issue where concurrent users behind different
NAT routers using the same internal IP are clashing. Xelerance has made great
progress in supporting this scenario, but currently released openswan versions
do not support this scenario.

If you run into these issues, please contact us.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list