[Openswan Users] xl2tpd problem

Fatih Özerol fatih.ozerol at kamilkoc.com.tr
Tue Jun 2 06:43:45 EDT 2009 

Hello all

we use openswan and xl2tpd on debian with verison

openswan                          1:2.4.12+dfsg-1.3
xl2tpd                                  1.2.0+dfsg-1

clients are over 200 windows xp connects with l2tpd/ipsec
that system works without any problems along  weeks

but sometimes, something happens xl2tpd  and all connection drops

here is a part of the syslog
--------------------------
Jun  2 12:44:44 metrotunel xl2tpd[25375]: start_pppd: I'm running:
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "/usr/sbin/pppd"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "passive"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "-detach"
Jun  2 12:44:44 metrotunel xl2tpd[25375]:
"192.168.100.1:192.168.100.206"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "refuse-pap"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "auth"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "require-chap"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "name"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "WRAPVPN"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "debug"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "file"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "/etc/ppp/options.l2tp"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: "/dev/pts/205"
Jun  2 12:44:44 metrotunel xl2tpd[25375]: Call established with
88.250.185.215, Local: 21154, Remote: 1, Serial: 0
Jun  2 12:44:44 metrotunel pppd[17808]: pppd 2.4.4 started by root, uid
0
Jun  2 12:44:44 metrotunel xl2tpd[25375]: control_finish: Connection
closed to 88.250.185.215, serial 0 ()
Jun  2 12:44:44 metrotunel xl2tpd[25375]: Trustingly terminating pppd:
sending TERM signal to pid 17808
Jun  2 12:44:44 metrotunel pppd[17758]: Terminating on signal 15
Jun  2 12:44:44 metrotunel pppd[17571]: Terminating on signal 15
.
.
.
.
.
.
Jun  2 12:44:44 metrotunel xl2tpd[25375]: death_handler: Fatal signal 15
received
---------------------------------


after restarting xl2tpd service no connection allowed 
here is the another part of the syslog


---------------------------------
Jun  2 12:55:30 metrotunel xl2tpd[26117]: Maximum retries exceeded for
tunnel 62370.  Closing.
Jun  2 12:55:32 metrotunel xl2tpd[26117]: Connection 4 closed to
78.189.90.23, port 1701 (Timeout)
Jun  2 12:55:32 metrotunel xl2tpd[26117]: Maximum retries exceeded for
tunnel 38453.  Closing.
Jun  2 12:55:32 metrotunel xl2tpd[26117]: Unable to deliver closing
message for tunnel 5067. Destroying anyway.
Jun  2 12:55:32 metrotunel xl2tpd[26117]: Unable to deliver closing
message for tunnel 1720. Destroying anyway.
Jun  2 12:55:32 metrotunel xl2tpd[26117]: Can not find tunnel 26122
(refhim=0)
Jun  2 12:55:32 metrotunel xl2tpd[26117]: network_thread: unable to find
call or tunnel to handle packet.  call = 0, tunnel = 26122 Dumping.
Jun  2 12:55:32 metrotunel xl2tpd[26117]: Connection 5 closed to
78.186.19.162, port 1701 (Timeout)
Jun  2 12:55:32 metrotunel xl2tpd[26117]: Can not find tunnel 26122
(refhim=0)
Jun  2 12:55:32 metrotunel xl2tpd[26117]: network_thread: unable to find
call or tunnel to handle packet.  call = 0, tunnel = 26122 Dumping.
Jun  2 12:55:32 metrotunel xl2tpd[26117]: Can not find tunnel 39349
(refhim=0)
Jun  2 12:55:32 metrotunel xl2tpd[26117]: network_thread: unable to find
call or tunnel to handle packet.  call = 0, tunnel = 39349 Dumping.
Jun  2 12:55:32 metrotunel xl2tpd[26117]: Can not find tunnel 26122
(refhim=0)
Jun  2 12:55:32 metrotunel xl2tpd[26117]: network_thread: unable to find
call or tunnel to handle packet.  call = 0, tunnel = 26122 Dumping.
Jun  2 12:55:34 metrotunel xl2tpd[26117]: Maximum retries exceeded for
tunnel 9295.  Closing.
Jun  2 12:55:34 metrotunel xl2tpd[26117]: control_finish: Peer requested
tunnel 5 twice, ignoring second one.
Jun  2 12:55:34 metrotunel xl2tpd[26117]: Connection 5 closed to
88.247.124.93, port 1701 (Timeout)
Jun  2 12:55:34 metrotunel xl2tpd[26117]: Can not find tunnel 36156
(refhim=0)
Jun  2 12:55:34 metrotunel xl2tpd[26117]: network_thread: unable to find
call or tunnel to handle packet.  call = 0, tunnel = 36156 Dumping.
Jun  2 12:55:36 metrotunel xl2tpd[26117]: Maximum retries exceeded for
tunnel 2760.  Closing.
Jun  2 12:55:36 metrotunel xl2tpd[26117]: Unable to deliver closing
message for tunnel 29297. Destroying anyway.
Jun  2 12:55:36 metrotunel xl2tpd[26117]: Can not find tunnel 50918
(refhim=0)
Jun  2 12:55:36 metrotunel xl2tpd[26117]: network_thread: unable to find
call or tunnel to handle packet.  call = 0, tunnel = 50918 Dumping.
Jun  2 12:55:36 metrotunel xl2tpd[26117]: Connection 1 closed to
78.189.56.227, port 1701 (Timeout)
Jun  2 12:55:38 metrotunel xl2tpd[26117]: Maximum retries exceeded for
tunnel 13161.  Closing.
---------------------------------
after approximately 1 hour users can connect

any suggestion ?

thanks for your replies

ipsec.conf

config setup
        interfaces="ipsec0=eth1"
        klipsdebug=none
        plutodebug=none
        overridemtu=1424
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%
v4:192.168.0.0/16,%v4:!192.168.1.0/24
conn %default
        keyingtries=3
        #compress=yes
        #disablearrivalcheck=no
        authby=secret
        type=tunnel
        keyexchange=ike
        ikelifetime=240m
        keylife=60m
conn roadwarrior
        pfs=no
        leftprotoport=17/0
        rightprotoport=17/1701
        left=XXXX
        leftnexthop=YYYYY
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add

and xl2tpd.conf

[global]
port = 1701
listen-addr = 0.0.0.0

[lns default]
ip range = 192.168.100.1-192.168.100.254
local ip = 192.168.100.1
require chap = yes
refuse pap = yes
require authentication = yes
name = WRAPVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tp
length bit = yes






***************************************************************************

Bu elektronik posta ve onunla iletilen bütün dosyalar sadece göndericisi
tarafýndan almasý amaçlanan yetkili gerçek ya da tüzel kiþinin kullanýmý
içindir.  Eðer söz konusu yetkili alýcý deðilseniz bu elektronik postanýn
içeriðini açýklamanýz, kopyalamanýz, yönlendirmeniz ve kullanmanýz
kesinlikle yasaktýr ve bu elektronik postayý derhal silmeniz gerekmektedir.
KAMÝLKOÇ OTOBÜSLERÝ A.Þ.bu mesajýn içerdiði bilgilerin doðruluðu veya
eksiksiz olduðu konusunda herhangi bir garanti vermemektedir.  Bu nedenle bu
bilgilerin ne þekilde olursa olsun içeriðinden, iletilmesinden, alýnmasýndan
ve saklanmasýndan sorumlu deðildir. Bu mesajdaki görüþler yalnýzca gönderen
kiþiye aittir ve KAMÝLKOÇ OTOBÜSLERÝ A.Þ.nin görüþlerini yansýtmayabilir. 
Bu e-posta bilinen bütün bilgisayar virüslerine karþý taranmýþtýr.

***************************************************************************

This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you are not the intended recipient you are hereby notified that any
dissemination, forwarding, copying or use of any of theinformation is
strictly prohibited, and the e-mail should immediately be deleted.KAMILKOC
OTOBUSLERI AS. makes no warranty as to the accuracy or completeness of any
information contained in this message and hereby excludes any liability of
any kind for the information contained therein or for the information
transmission, reception, storage or use of such in any way whatsoever. The
opinions expressed in this message belong to sender alone and may not
necessarily reflect the opinions of KAMILKOC OTOBUSLERI A.S.
This e-mail has been scanned for all known computer viruses.

***************************************************************************

More information about the Users mailing list