[Openswan Users] xl2tpd refuse connection after some period of time

Dmitry Korzhevin dmitry.korzhevin at stidia.com
Tue Aug 7 09:18:43 EDT 2012 

Hello,

I configured xl2tdp with openswan (latest stable version compiled from
source 2.6.38) and it accept connection from Android phone, linux and
mac os x. But. after some period of time (for example 1 hour) it just
stop accept connections. I run xl2tpd in debug mode from server console:
"xl2tpd -D" and catch some log when it refuses connections from mac os x:

root at domU-12-31-39-00-8A-6B:~# xl2tpd -D
xl2tpd[16379]: setsockopt recvref[30]: Protocol not available
xl2tpd[16379]: This binary does not support kernel L2TP.
xl2tpd[16379]: xl2tpd version xl2tpd-1.3.1 started on
domU-12-31-39-00-8A-6B PID:16379
xl2tpd[16379]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[16379]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[16379]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[16379]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[16379]: Listening on IP address 10.254.141.149, port 1701
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size =
85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204,
port 64843.
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size =
85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204,
port 64843.
xl2tpd[16379]: control_finish: Peer requested tunnel 13 twice, ignoring
second one.
xl2tpd[16379]: build_fdset: closing down tunnel 31268
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size =
85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204,
port 64843.
xl2tpd[16379]: control_finish: Peer requested tunnel 13 twice, ignoring
second one.
xl2tpd[16379]: build_fdset: closing down tunnel 39311
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size =
85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204,
port 64843.
xl2tpd[16379]: control_finish: Peer requested tunnel 13 twice, ignoring
second one.
xl2tpd[16379]: build_fdset: closing down tunnel 64416
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: Maximum retries exceeded for tunnel 40270.  Closing.
xl2tpd[16379]: Connection 13 closed to 89.252.56.204, port 64843 (Timeout)
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size =
85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204,
port 64843.
xl2tpd[16379]: control_finish: Peer requested tunnel 13 twice, ignoring
second one.
xl2tpd[16379]: build_fdset: closing down tunnel 44389
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: Unable to deliver closing message for tunnel 40270.
Destroying anyway.
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size =
85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204,
port 64843.
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size =
85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204,
port 64843.
xl2tpd[16379]: control_finish: Peer requested tunnel 13 twice, ignoring
second one.
xl2tpd[16379]: build_fdset: closing down tunnel 43361
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: Maximum retries exceeded for tunnel 7393.  Closing.
xl2tpd[16379]: Connection 13 closed to 89.252.56.204, port 64843 (Timeout)
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: Unable to deliver closing message for tunnel 7393.
Destroying anyway.


-- System Information:
Debian Release: wheezy/sid
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored:
LC_ALL set to en_US.utf8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xl2tpd depends on:
ii  libc6                         2.13-31    Embedded GNU C Library:
Shared lib
ii  libpcap0.8                    1.2.1-1    system interface for
user-level pa
ii  ppp                           2.4.5-5    Point-to-Point Protocol
(PPP) - da

xl2tpd recommends no packages.

xl2tpd suggests no packages.

-- Configuration Files:
/etc/init.d/xl2tpd changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/xl2tpd
NAME=xl2tpd
DESC=xl2tpd
test -x $DAEMON || exit 0
if [ -f /etc/default/xl2tpd ] ; then
	. /etc/default/xl2tpd
fi
PIDFILE=/var/run/$NAME.pid
set -e
case "$1" in
  start)
	echo -n "Starting $DESC: "
	test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p
${XL2TPD_RUN_DIR:-/var/run/xl2tpd}
	start-stop-daemon --start --quiet --pidfile $PIDFILE \
		--exec $DAEMON -- $DAEMON_OPTS
	echo "$NAME."
	;;
  stop)
	echo -n "Stopping $DESC: "
	start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
		--exec $DAEMON
	echo "$NAME."
	;;
  force-reload)
	test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p
${XL2TPD_RUN_DIR:-/var/run/xl2tpd}
	# check whether $DAEMON is running. If so, restart
	start-stop-daemon --stop --test --quiet --pidfile \
		$PIDFILE --exec $DAEMON \
	&& $0 restart \
	|| exit 0
	;;
  restart)
	test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p
${XL2TPD_RUN_DIR:-/var/run/xl2tpd}
	#rm -fv /var/log/xl2tpd/*/*
	echo -n "Restarting $DESC: "
	start-stop-daemon --stop --quiet --pidfile \
		$PIDFILE --exec $DAEMON
	sleep 1
	start-stop-daemon --start --quiet --pidfile \
		$PIDFILE --exec $DAEMON -- $DAEMON_OPTS
	echo "$NAME."
	;;
  *)
	N=/etc/init.d/$NAME
	echo "Usage: $N {start|stop|restart|force-reload}" >&2
	exit 1
	;;
esac
exit 0

/etc/xl2tpd/xl2tpd.conf changed:
[global]                ; Global parameters:
debug network = yes
debug tunnel = yes
port = 1701             ; * Bind to port 1701
listen-addr = 176.9.1.119
auth file = /etc/xl2tpd/l2tp-secrets  ; * Where our challenge secrets are
access control = no         ; * Refuse connections without IP match
rand source = dev                     ; Source for entropy for random
[lns default]             ; Our fallthrough LNS definition
exclusive = no            ; * Only permit one tunnel per host
ip range = 10.3.1.2-10.3.2.255
local ip = 10.3.1.1
refuse authentication = yes     ; * Refuse authentication altogether
refuse pap = yes            ; * Refuse PAP authentication
refuse chap = yes
ppp debug = yes            ; * Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd ; * ppp options file
name =  granite.stidia.com
length bit = yes


-- no debconf information


Openswan is compiled from source, all deps from README file for Debian
GNU/Linux is installed.



Best Regards,
Dmitry

---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg

e: dmitry.korzhevin at stidia.com
m: +38 093 874 5453
w: http://www.stidia.com

More information about the Users mailing list