l2tpd & Cisco (either a bug in l2tpd , either in Cisco)

Thu, 25 Sep 2003 09:31:24 -0700

I've traced the packets with tcpdump..
A serious challenge problem occured...   Actually , it seems that l2tpd doesn't send a correct packet , or Cisco doesn't recognize it..
 
 
Here is the dump with linux on my box:
 
 
20:38:57.714971 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP() *BEARER_CAP() |...
20:38:57.719261 193.138.97.25.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](9055/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF)
20:38:58.723563 193.138.97.25.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](9055/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF)
20:38:59.708557 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP() *BEARER_CAP() |...
20:38:59.711237 193.138.97.25.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](9055/0)Ns=0,Nr=1 ZLB (DF)
20:38:59.723544 193.138.97.25.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](9055/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF)
20:39:00.723590 193.138.97.25.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](9055/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF)
20:39:01.723630 193.138.97.25.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](9055/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF)
20:39:02.733793 193.138.97.25.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](9055/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9650) *RESULT_CODE(1/0 Timeout) (DF)
20:39:03.719606 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9055) |...
20:39:03.743539 193.138.97.25.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](9055/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9650) *RESULT_CODE(1/0 Timeout) (DF)
20:39:04.743571 193.138.97.25.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](9055/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9650) *RESULT_CODE(1/0 Timeout) (DF)
20:39:05.743643 193.138.97.25.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](9055/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9650) *RESULT_CODE(1/0 Timeout) (DF)
20:39:06.743656 193.138.97.25.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](9055/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9650) *RESULT_CODE(1/0 Timeout) (DF)
 
 
 
 
 
 
 
 
Now , when I've replaced my linux box with a CISCO as5300:
 
 
 
18:10:08.415406 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP() *BEARER_CAP() |...
18:10:08.417991 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](19412/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP() *BEARER_CAP() |... [tos 0xc0]
18:10:08.488531 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[TLS](39348/0)Ns=1,Nr=1 *MSGTYPE(SCCCN) *CHALLENGE_RESP(570bb6ffbd772b4312fe940f83eea853)
18:10:08.488549 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[TLS](39348/0)Ns=2,Nr=1 *MSGTYPE(ICRQ) *ASSND_SESS_ID(1988) *CALL_SER_NUM(334101314) *BEARER_TYPE() |...
18:10:08.489931 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](19412/0)Ns=1,Nr=2 ZLB [tos 0xc0]
18:10:08.490749 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](19412/1988)Ns=1,Nr=3 *MSGTYPE(ICRP) *ASSND_SESS_ID(17) [tos 0xc0]
18:10:08.564244 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[TLS](39348/17)Ns=3,Nr=2 *MSGTYPE(ICCN) *TX_CONN_SPEED(0) *FRAMING_TYPE(S) |...
18:10:08.565959 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[TLS](19412/0)Ns=2,Nr=4 ZLB [tos 0xc0]
18:10:08.702892 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[L](19412/1988) {Succ(1), Msg=}
18:10:08.703099 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[L](19412/1988) {Conf-Req(1), IP-Comp VJ-Comp, IP-Addr=93.38.97.39}
18:10:08.703261 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[L](19412/1988) {Conf-Req(1), MPPC}
18:10:08.914152 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[O](39348/17) {Conf-Req(4), MPPC}
18:10:08.915455 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[L](19412/1988) {Conf-Ack(4), MPPC}
18:10:08.973531 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[O](39348/17) {Conf-Req(5), IP-Comp VJ-Comp, IP-Addr=0.0.0.0, Pri-DNS=0.0.0.0, Pri-NBNS=0.0.0.0, Sec-DNS=0.0.0.0, Sec-NBNS=0.0.0.0}
18:10:08.978174 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[L](19412/1988) {Conf-Rej(5), Pri-NBNS=0.0.0.0, Sec-NBNS=0.0.0.0}
18:10:09.014178 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[O](39348/17) {Conf-Ack(1), MPPC}
18:10:09.214760 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[O](39348/17) {Conf-Req(6), IP-Comp VJ-Comp, IP-Addr=0.0.0.0, Pri-DNS=0.0.0.0, Sec-DNS=0.0.0.0}
18:10:09.216125 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[L](19412/1988) {Conf-Nak(6), IP-Addr=193.138.97.50, Pri-DNS=93.38.97.33, Sec-DNS=distinct}
18:10:09.474985 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[O](39348/17) {Conf-Req(7), IP-Comp VJ-Comp, IP-Addr=93.38.97.50, Pri-DNS=93.38.97.33, Sec-DNS=distinct}
18:10:09.476485 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[L](19412/1988) {Conf-Ack(7), IP-Comp VJ-Comp, IP-Addr=93.38.97.50, Pri-DNS=93.38.97.33, Sec-DNS=distinct}
18:10:10.314644 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[O](39348/17) {}
18:10:10.535429 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[O](39348/17) {}
18:10:10.701403 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:  l2tp:[L](19412/1988) {Conf-Req(2), IP-Comp VJ-Comp, IP-Addr=93.38.97.39}
18:10:10.735067 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[O](39348/17) {}
18:10:10.735074 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[O](39348/17) {}
18:10:10.735081 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[O](39348/17) {}
18:10:10.955555 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:  l2tp:[O](39348/17) {Conf-Req(8), IP-Comp VJ-Comp, IP-Addr=93.38.97.50, Pri-DNS=93.38.97.33, Sec-DNS=distinct}
 
 
 
 
 
 
 
Of I can see , there is a challenge problem....
 
 
Anybody know something ?
 
Regards
    Alex
 
 
 
 
 
----- Original Message -----
To:    
Sent: Thursday, September 25, 2003 4:45 PM
Subject: l2tpd & Cisco

 
Hello ..
 
I'm having some trouble with a cisco..
It seems that cisco in not receiving what i'm sending  (i've looked with tcpdump and the packets are going to the right direction)...It keeps retrying until it gets disconnected...
 
 
 
Anybody ca give me some hints ?
 
 
 
Regards
Alex
 
 
Here is the debug part..
 
Sep 25 17:52:01 distinct l2tpd[7108]: This binary does not support kernel L2TP.
Sep 25 17:52:01 distinct l2tpd[7108]: l2tpd version 0.69 started on distinct PID:7108
Sep 25 17:52:01 distinct l2tpd[7108]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Sep 25 17:52:01 distinct l2tpd[7108]: Forked by Scott Balmos and David Stipp, (C) 2001
Sep 25 17:52:01 distinct l2tpd[7108]: Inhereted by Jeff McAdams, (C) 2002
Sep 25 17:52:01 distinct l2tpd[7108]: Linux version 2.4.19-16mdk on a i686, port 1701
Sep 25 17:52:12 distinct l2tpd[7108]: ourtid = 57158, entropy_buf = df46
Sep 25 17:52:12 distinct l2tpd[7108]: check_control: control, cid = 0, Ns = 0, Nr = 0
Sep 25 17:52:12 distinct l2tpd[7108]: handle_avps: handling avp's for tunnel 57158, call 0
Sep 25 17:52:12 distinct l2tpd[7108]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Sep 25 17:52:12 distinct l2tpd[7108]: protocol_version_avp: peer is using version 1, revision 0.
Sep 25 17:52:12 distinct l2tpd[7108]: framing_caps_avp: supported peer frames:
Sep 25 17:52:12 distinct l2tpd[7108]: bearer_caps_avp: supported peer bearers:
Sep 25 17:52:12 distinct l2tpd[7108]: firmware_rev_avp: peer reports firmware version 4400 (0x1130)
Sep 25 17:52:12 distinct l2tpd[7108]: hostname_avp: peer reports hostname 'bu-psd1'
Sep 25 17:52:12 distinct l2tpd[7108]: vendor_avp: peer reports vendor 'Cisco Systems, Inc.\200^H'
Sep 25 17:52:12 distinct l2tpd[7108]: assigned_tunnel_avp: using peer's tunnel 26108
Sep 25 17:52:12 distinct l2tpd[7108]: receive_window_size_avp: peer wants RWS of 20050.  Will use flow control.
Sep 25 17:52:12 distinct l2tpd[7108]: challenge_avp: challenge avp found
Sep 25 17:52:13 distinct l2tpd[7108]: ourtid = 6617, entropy_buf = 19d9
Sep 25 17:52:13 distinct l2tpd[7108]: check_control: control, cid = 0, Ns = 0, Nr = 0
Sep 25 17:52:13 distinct l2tpd[7108]: handle_avps: handling avp's for tunnel 6617, call 0
Sep 25 17:52:13 distinct l2tpd[7108]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Sep 25 17:52:13 distinct l2tpd[7108]: protocol_version_avp: peer is using version 1, revision 0.
Sep 25 17:52:13 distinct l2tpd[7108]: framing_caps_avp: supported peer frames:
Sep 25 17:52:13 distinct l2tpd[7108]: bearer_caps_avp: supported peer bearers:
Sep 25 17:52:13 distinct l2tpd[7108]: firmware_rev_avp: peer reports firmware version 4400 (0x1130)
Sep 25 17:52:13 distinct l2tpd[7108]: hostname_avp: peer reports hostname 'bu-psd1'
Sep 25 17:52:13 distinct l2tpd[7108]: vendor_avp: peer reports vendor 'Cisco Systems, Inc.\200^H'
Sep 25 17:52:13 distinct l2tpd[7108]: assigned_tunnel_avp: using peer's tunnel 26108
Sep 25 17:52:13 distinct l2tpd[7108]: receive_window_size_avp: peer wants RWS of 20050.  Will use flow control.
Sep 25 17:52:13 distinct l2tpd[7108]: challenge_avp: challenge avp found
Sep 25 17:52:13 distinct l2tpd[7108]: control_finish: Peer requested tunnel 26108 twice, ignoring second one.
Sep 25 17:52:15 distinct l2tpd[7108]: ourtid = 22708, entropy_buf = 58b4
Sep 25 17:52:15 distinct l2tpd[7108]: ourcid = 61206, entropy_buf = ef16
Sep 25 17:52:15 distinct l2tpd[7108]: check_control: control, cid = 0, Ns = 0, Nr = 0
Sep 25 17:52:15 distinct l2tpd[7108]: handle_avps: handling avp's for tunnel 22708, call 61206
Sep 25 17:52:15 distinct l2tpd[7108]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Sep 25 17:52:15 distinct l2tpd[7108]: protocol_version_avp: peer is using version 1, revision 0.
Sep 25 17:52:15 distinct l2tpd[7108]: framing_caps_avp: supported peer frames:
Sep 25 17:52:15 distinct l2tpd[7108]: bearer_caps_avp: supported peer bearers:
Sep 25 17:52:15 distinct l2tpd[7108]: firmware_rev_avp: peer reports firmware version 4400 (0x1130)
Sep 25 17:52:15 distinct l2tpd[7108]: hostname_avp: peer reports hostname 'bu-psd1'
Sep 25 17:52:15 distinct l2tpd[7108]: vendor_avp: peer reports vendor 'Cisco Systems, Inc.\200^H'
Sep 25 17:52:15 distinct l2tpd[7108]: assigned_tunnel_avp: using peer's tunnel 26108
Sep 25 17:52:15 distinct l2tpd[7108]: receive_window_size_avp: peer wants RWS of 20050.  Will use flow control.
Sep 25 17:52:15 distinct l2tpd[7108]: challenge_avp: challenge avp found
Sep 25 17:52:15 distinct l2tpd[7108]: control_finish: Peer requested tunnel 26108 twice, ignoring second one.
Sep 25 17:52:17 distinct l2tpd[7108]: control_xmit: Maximum retries exceeded for tunnel 57158.  Closing.
Sep 25 17:52:17 distinct l2tpd[7108]: call_close : Connection 26108 closed to 180.197.176.105, port 1701 (Timeout)
Sep 25 17:52:19 distinct l2tpd[7108]: ourtid = 20513, entropy_buf = 5021
Sep 25 17:52:19 distinct l2tpd[7108]: check_control: control, cid = 0, Ns = 1, Nr = 0
Sep 25 17:52:19 distinct l2tpd[7108]: check_control: Received out of order control packet on tunnel -1 (1 != 0)
Sep 25 17:52:19 distinct l2tpd[7108]: handle_packet: bad control packet!
Sep 25 17:52:22 distinct l2tpd[7108]: control_xmit: Unable to deliver closing message for tunnel 57158. Destroying anyway.
Sep 25 17:53:34 distinct l2tpd[7108]: death_handler: Fatal signal 2 received
 
 
 
 
 
Here is l2tpd.conf
 
 
 [global]                                                               ; Global parameters:
 port = 1701                                                    ; * Bind to port 1701
 auth file = l2tp-secrets       ; * Where our challenge secrets are
 access control = no                                    ; * Refuse connections without IP match
 rand source = dev                     ; Source for entropy for random
;                                       ; numbers, options are:
;                                       ; dev - reads of /dev/urandom
;                                       ; sys - uses rand()
;                                       ; egd - reads from egd socket
;                                       ; egd is not yet implemented
;
 [lns distinctmedia]                                                    ; Our fallthrough LNS definition
 ip range = 192.168.0.1-192.168.0.20    ; * Allocate from this IP range
 no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
 ip range = 192.168.0.5                         ; * But this one is okay
 lac = 180.197.176.105            ; * These can connect as LAC's
 hidden bit = no                        ; * Use hidden AVP's?
 refuse pap = yes                                               ; * Refuse PAP authentication
 refuse chap = no                                               ; * Refuse CHAP authentication
 ppp debug = yes                                                ; * Turn on PPP debugging
 call rws = -1                                                  ; * RWS for call (-1 is valid)
 tunnel rws = 14                                                ; * RWS for tunnel (must be > 0)
 flow bit = yes                                         ; * Include sequence numbers

Reply via email to