[Openswan Users] L2TP connection dies after successful dial in

Werner Stocker werner.stocker at libersec.li
Mon Jan 3 17:44:37 EST 2011 

Dear all

I configured OpenSWAN for L2TP with a tutorial. Everything works fine
except, that the connection is disconnected each time it is set up. As
far as I can see, the problem lies in the ppp, where ccp compression is
used, even if I add noccp to the options.xl2tpd configuration file. Can
someone help me out, how to really disable ccp?

Software versions:

OS: OpenSUSE 11.3
openswan: 2.6.16-2.37
xl2tpd: 1.2.4-2.7
pppd: 2.4.5_git200910141435-5.2


xl2tpd.conf:

[lns default]
ip range = 192.168.0.201-192.168.0.219
local ip = 192.168.0.200
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes


options.xl2tpd:

ipcp-accept-local
ipcp-accept-remote
ms-dns  192.168.0.1
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000


options:

noipdefault
debug
crtscts
asyncmap 0
nodetach
lcp-echo-interval 30
lcp-echo-failure 4
lcp-max-configure 60
lcp-restart 2
idle 600
noipx
file /etc/ppp/filters
proxyarp
local
auth
ms-dns 192.168.0.1

Logs:
Jan  3 23:16:18 delta pluto[12774]: "roadwarrior-net"[1] 213.55.131.185
#1: switched from "roadwarrior-net" to "roadwarrior-net"
Jan  3 23:16:18 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: deleting connection "roadwarrior-net" instance with peer
213.55.131.185 {isakmp=#0/ipsec=#0}
Jan  3 23:16:18 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan  3 23:16:18 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: new NAT mapping for #1, was 213.55.131.185:10513, now
213.55.131.185:35883
Jan  3 23:16:18 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
Jan  3 23:16:19 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
msgid=00000000
Jan  3 23:16:19 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: received and ignored informational message
Jan  3 23:16:20 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: the peer proposed: 217.173.232.37/32:0/0 -> 10.31.114.16/32:0/0
Jan  3 23:16:20 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: cannot respond to IPsec SA request because no connection is known
for
217.173.232.37:17/1701...213.55.131.185[10.31.114.16]:17/0===10.31.114.16/32
Jan  3 23:16:20 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: sending encrypted notification INVALID_ID_INFORMATION to
213.55.131.185:35883
Jan  3 23:16:26 delta dhcpd: DHCPREQUEST for 192.168.0.105 from
00:1c:df:cc:4b:c1 via eth0
Jan  3 23:16:26 delta dhcpd: DHCPACK on 192.168.0.105 to
00:1c:df:cc:4b:c1 via eth0
Jan  3 23:16:32 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: the peer proposed: 217.173.232.37/32:0/0 -> 10.31.114.16/32:0/0
Jan  3 23:16:32 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: cannot respond to IPsec SA request because no connection is known
for
217.173.232.37:17/1701...213.55.131.185[10.31.114.16]:17/0===10.31.114.16/32
Jan  3 23:16:32 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: sending encrypted notification INVALID_ID_INFORMATION to
213.55.131.185:35883
Jan  3 23:16:39 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: the peer proposed: 217.173.232.37/32:0/0 -> 10.31.114.16/32:0/0
Jan  3 23:16:39 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: cannot respond to IPsec SA request because no connection is known
for
217.173.232.37:17/1701...213.55.131.185[10.31.114.16]:17/0===10.31.114.16/32
Jan  3 23:16:39 delta pluto[12774]: "roadwarrior-net"[2] 213.55.131.185
#1: sending encrypted notification INVALID_ID_INFORMATION to
213.55.131.185:35883
Jan  3 23:16:52 delta xl2tpd[514]: control_finish: Peer requested tunnel
22888 twice, ignoring second one.
Jan  3 23:16:52 delta xl2tpd[514]: Connection established to
213.55.131.185, 10522.  Local: 6929, Remote: 22888 (ref=0/0).  LNS
session is 'default'
Jan  3 23:16:52 delta xl2tpd[514]: Call established with 213.55.131.185,
Local: 5031, Remote: 1601, Serial: -1574880949
Jan  3 23:16:52 delta pppd[12842]: pppd 2.4.5 started by root, uid 0
Jan  3 23:16:52 delta pppd[12842]: using channel 29
Jan  3 23:16:52 delta pppd[12842]: Using interface ppp0
Jan  3 23:16:52 delta pppd[12842]: Connect: ppp0 <--> /dev/pts/3
Jan  3 23:16:52 delta pppd[12842]: sent [LCP ConfReq id=0x1 <mru 1410>
<asyncmap 0x0> <auth chap MD5> <magic 0x1cba394a> <pcomp> <accomp>]
Jan  3 23:16:53 delta pppd[12842]: rcvd [LCP ConfReq id=0x1 <mru 1400>
<asyncmap 0x0> <magic 0xf774f011> <pcomp> <accomp>]
Jan  3 23:16:53 delta pppd[12842]: sent [LCP ConfAck id=0x1 <mru 1400>
<asyncmap 0x0> <magic 0xf774f011> <pcomp> <accomp>]
Jan  3 23:16:53 delta pppd[12842]: rcvd [LCP ConfAck id=0x1 <mru 1410>
<asyncmap 0x0> <auth chap MD5> <magic 0x1cba394a> <pcomp> <accomp>]
Jan  3 23:16:53 delta pppd[12842]: sent [LCP EchoReq id=0x0
magic=0x1cba394a]
Jan  3 23:16:53 delta pppd[12842]: sent [CHAP Challenge id=0xcf
<855d63b70227e4ed0fc6d48a16209c00093cb44a3716a1>, name = "LinuxVPNserver"]
Jan  3 23:16:53 delta pppd[12842]: rcvd [LCP EchoRep id=0x0
magic=0xf774f011]
Jan  3 23:16:53 delta pppd[12842]: rcvd [CHAP Response id=0xcf
<a535999c9bebdcbcc3305bb7559502e5>, name = "wstocker"]
Jan  3 23:16:53 delta pppd[12842]: sent [CHAP Success id=0xcf "Access
granted"]
Jan  3 23:16:53 delta pppd[12842]: sent [IPCP ConfReq id=0x1 <compress
VJ 0f 01> <addr 192.168.0.200>]
Jan  3 23:16:53 delta pppd[12842]: rcvd [CCP ConfReq id=0x1 <deflate 15>
<deflate(old#) 15> <bsd v1 15>]
Jan  3 23:16:53 delta pppd[12842]: Unsupported protocol 'Compression
Control Protocol' (0x80fd) received
Jan  3 23:16:53 delta pppd[12842]: sent [LCP ProtRej id=0x2 80 fd 01 01
00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
Jan  3 23:16:53 delta pppd[12842]: rcvd [IPCP ConfReq id=0x1 <compress
VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
Jan  3 23:16:53 delta pppd[12842]: sent [IPCP ConfNak id=0x1 <addr
192.168.0.201> <ms-dns1 192.168.0.1> <ms-dns2 192.168.0.1>]
Jan  3 23:16:53 delta pppd[12842]: rcvd [IPCP ConfAck id=0x1 <compress
VJ 0f 01> <addr 192.168.0.200>]
Jan  3 23:16:53 delta pppd[12842]: rcvd [IPCP ConfReq id=0x2 <compress
VJ 0f 01> <addr 192.168.0.201> <ms-dns1 192.168.0.1> <ms-dns2 192.168.0.1>]
Jan  3 23:16:53 delta pppd[12842]: sent [IPCP ConfAck id=0x2 <compress
VJ 0f 01> <addr 192.168.0.201> <ms-dns1 192.168.0.1> <ms-dns2 192.168.0.1>]
Jan  3 23:16:53 delta pppd[12842]: found interface eth0 for proxy arp
Jan  3 23:16:53 delta pppd[12842]: local  IP address 192.168.0.200
Jan  3 23:16:53 delta pppd[12842]: remote IP address 192.168.0.201
Jan  3 23:16:53 delta pppd[12842]: Script /etc/ppp/ip-up started (pid 12850)
Jan  3 23:16:54 delta pppd[12842]: Script /etc/ppp/ip-up finished (pid
12850), status = 0x0
Jan  3 23:17:05 delta pppd[12842]: rcvd [LCP TermReq id=0x2 "User request"]
Jan  3 23:17:05 delta pppd[12842]: LCP terminated by peer (User request)
Jan  3 23:17:05 delta pppd[12842]: Connect time 0.2 minutes.
Jan  3 23:17:05 delta pppd[12842]: Sent 0 bytes, received 0 bytes.
Jan  3 23:17:05 delta pppd[12842]: Script /etc/ppp/ip-down started (pid
12995)
Jan  3 23:17:05 delta pppd[12842]: sent [LCP TermAck id=0x2]
Jan  3 23:17:05 delta pppd[12842]: Script /etc/ppp/ip-down finished (pid
12995), status = 0x0
Jan  3 23:17:06 delta xl2tpd[514]: result_code_avp: avp is incorrect
size.  8 < 10
Jan  3 23:17:06 delta xl2tpd[514]: handle_avps: Bad exit status handling
attribute 1 (Result Code) on mandatory packet.
Jan  3 23:17:06 delta xl2tpd[514]: Connection 22888 closed to
213.55.131.185, port 10522 (Result Code: expected at least 10, got 8)
Jan  3 23:17:11 delta xl2tpd[514]: Unable to deliver closing message for
tunnel 6929. Destroying anyway.

Best regards
Werner Stocker

More information about the Users mailing list