[Openswan Users] [Xl2tpd] xl2tpd stops processing connect/disconnect requests if host is unreachable

Will Roberts ironwill42 at gmail.com
Mon Jul 25 23:05:51 EDT 2011 

Sorry... resending from the right email address...

I think this happens when a previous IPsec connection is still available 
to the down machine. One of my machines has an external firewall at the 
moment (no idea, ticket open with the provider) and it's blocking IPsec 
traffic, however, there's still a connection leftover:

sudo ipsec auto --status
<snip>
000 "washington": 
174.143.153.180[+S=C]:17/1701...64.34.210.222<washington.wonderproxy.com>[+S=C]:17/1701; 
erouted HOLD; eroute owner: #0
000 "washington":     myip=unset; hisip=unset;
000 "washington":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 
540s; rekey_fuzz: 100%; keyingtries: 3
000 "washington":   policy: PSK+ENCRYPT+DONTREKEY+IKEv2ALLOW+lKOD+rKOD; 
prio: 32,32; interface: eth0;
000 "washington":   newest ISAKMP SA: #0; newest IPsec SA: #0;

000 #21486: "washington":500 STATE_MAIN_I1 (sent MI1, expecting MR1); 
EVENT_RETRANSMIT in 11s; nodpd; idle; import:admin initiate
000 #21486: pending Phase 2 for "washington" replacing #0


xl2tpd hasn't logged anything since it printed this:
Jul 25 22:53:41 monitor xl2tpd[5353]: Connecting to host 
washington.wonderproxy.com, port 1701

existing ppp connections have timed out:
ul 25 22:55:47 monitor pppd[8519]: No response to 4 echo-requests
Jul 25 22:55:47 monitor pppd[8519]: Serial link appears to be disconnected.
Jul 25 22:55:47 monitor pppd[8519]: Connect time 3.0 minutes.
Jul 25 22:55:47 monitor pppd[8519]: Sent 360 bytes, received 0 bytes.
Jul 25 22:55:47 monitor pppd[8519]: Script /etc/ppp/ip-down started (pid 
17894)
Jul 25 22:55:47 monitor pppd[8519]: sent [LCP TermReq id=0x2 "Peer not 
responding"]
Jul 25 22:55:47 monitor pppd[8519]: Script /etc/ppp/ip-down finished 
(pid 17894), status = 0x0
Jul 25 22:55:50 monitor pppd[8519]: sent [LCP TermReq id=0x3 "Peer not 
responding"]
Jul 25 22:55:53 monitor pppd[8519]: Connection terminated.
Jul 25 22:55:53 monitor pppd[8519]: Modem hangup
Jul 25 22:55:53 monitor pppd[8519]: Exit.


I rebuilt the current debian package 1.2.8+dfsg-1 without stripping the 
binary, so I'm sitting in gdb and I've got a backtrace (I know little 
about gdb, so if there's something else that'd be helpful, let me know):

(gdb) bt
#0  0x00007f55741c5fb0 in __sendmsg_nocancel () at 
../sysdeps/unix/syscall-template.S:82
#1  0x000000000040ce96 in udp_xmit (buf=<value optimized out>, 
t=0x626d30) at network.c:306
#2  0x0000000000406d28 in control_finish (t=0x626d30, c=<value optimized 
out>) at control.c:782
#3  0x00000000004031b9 in l2tp_call (host=0x621f10 
"washington.wonderproxy.com", port=<value optimized out>, lac=0x621ca0, 
lns=0x0)
     at xl2tpd.c:663
#4  0x0000000000403958 in do_control () at xl2tpd.c:959
#5  0x000000000040d662 in network_thread () at network.c:429
#6  0x0000000000403566 in main (argc=<value optimized out>, argv=<value 
optimized out>) at xl2tpd.c:1313


This is without the patch for https://gsoc.xelerance.com/issues/1236 but 
since it still occurred with that patch, I didn't bother applying it.

Any thoughts?

--Will


On 07/17/2011 06:48 PM, Will Roberts wrote:
> Hi,
>
> Sorry for letting this drop for a while. I built the head of the xl2tpd
> git repository about a week ago and I'm still seeing this problem. It
> happens sporadically and all my attempts to manually reproduce it have
> so far failed.
>
> Is there anything else I can do to help track this down?
>
> Thanks,
> --Will
>
> On 06/04/2011 06:42 AM, Andrey Cherny wrote:
>> I don't subscribe to openswan maillist, so i miss first email.
>> This problem is deffer than mine and i cant reproduce it.
>> But partially i understand the reason. So you can try attached patch and
>> may be it fix issue.
>>
>>> Andrey there was a snippet of my log file in my first email, but there
>>> were no messages from the point where it hung until it recovered 9
>>> hours later.
>>>
>>> I can try again with debug options to see if anything else is printed.
>>>
>>> --Will
>>>
>>> On Jun 3, 2011 6:05 PM, "Andrey Cherny"<Andrey.Cherny at kaspersky.com>
>>> wrote:
>>>>
>>>>> I recompiled xl2tpd 1.2.7+dfsg-1 with that patch, and unfortunately
>>> it
>>>>> didn't seem to help. I believe I can force the issue to occur, what
>>>>> kind of debugging information could I provide to help determine
>>> where
>>>>> things might still be going wrong?
>>>>
>>>> Could you, please, send xl2tpd log as a first step? I had similar
>>> issue
>>>> (https://gsoc.xelerance.com/issues/1236) and may be i can help
>>>>
>>>>
>>>> --
>>>> Best regards,
>>>>
>>>> Andrey Cherny
>>>>
>>>>
>>>> _______________________________________________
>>>> Users at openswan.org
>>>> http://lists.openswan.org/mailman/listinfo/users
>>>> Micropayments:
>>> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>>
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>

More information about the Users mailing list