With l2tp-0.70 , still no result... :(
It's the same...
Regards
Alex
----- Original Message -----
From: "Thierry Coutelier" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 26, 2003 11:54 AM
Subject: Re: l2tpd & Cisco (either a bug in l2tpd , either in Cisco)
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Here is a patch to l2tp-0.69.tgz which solves this and some other bugs.
> It's used on live systems since 3 weeks and should be fine.
>
> ftp://ftp.linux.lu/pub/people/thierry/
> l2tp-0.69.tgz
> l2tp-0.70.tgz
> l2tp-patch-0.70.gz
>
>
> What has changed in more details:
> log -> print_log (to not clash with math log )
> Bug fix for some avp values (stringcopy was 8 instead of 6)
> Accept ZLB with no call number in a ZLB (problem with some CISCO)
> Support Offset size as with CISCO's latest IOS
> Added a new feature that writes a file to tell the system l2tpd is still
> alive.
> And some more. I'll change the CHANGELOG next time.
>
>
> Cressatti, Dominique wrote:
> | Which version are you using?
> | plain l2tpd or rp-l2tp ?
> | While I prefer l2tpd (and use it in production)
> | I know that though rp-l2tp lack many features
> | that l2tpd has, rp-l2tp is better coded (though
> | the code make high use of OOP and not easy
> | to understand by a casual C coder).
> |
> | If you don't use it may be you should give a go
> | at rp-l2tp.
> |
> | Dom
> |
> |
> |> -----Original Message-----
> |>From: Alexandru Coseru [mailto:[EMAIL PROTECTED]
> |>Sent: 25 September 2003 17:27
> |>To: [EMAIL PROTECTED]
> |>Subject: l2tpd & Cisco (either a bug in l2tpd , either in Cisco)
> |>
> |>I've traced the packets with tcpdump..
> |>A serious challenge problem occured... Actually , it seems that l2tpd
doesn't
> send a correct packet , or Cisco doesn't recognize it..
> |>
> |>
> |>Here is the dump with linux on my box:
> |>
> |>
> |>20:38:57.714971 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP()
*BEARER_CAP()
> |...
> |>20:38:57.719261 193.138.97.25.l2tp >
cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](9055/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0)
*FRAMING_CAP(AS)
> *BEARER_CAP() |... (DF)
> |>20:38:58.723563 193.138.97.25.l2tp >
cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](9055/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0)
*FRAMING_CAP(AS)
> *BEARER_CAP() |... (DF)
> |>20:38:59.708557 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP()
*BEARER_CAP()
> |...
> |>20:38:59.711237 193.138.97.25.l2tp >
cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](9055/0)Ns=0,Nr=1 ZLB (DF)
> |>20:38:59.723544 193.138.97.25.l2tp >
cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](9055/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0)
*FRAMING_CAP(AS)
> *BEARER_CAP() |... (DF)
> |>20:39:00.723590 193.138.97.25.l2tp >
cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](9055/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0)
*FRAMING_CAP(AS)
> *BEARER_CAP() |... (DF)
> |>20:39:01.723630 193.138.97.25.l2tp >
cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](9055/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0)
*FRAMING_CAP(AS)
> *BEARER_CAP() |... (DF)
> |>20:39:02.733793 193.138.97.25.l2tp >
cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](9055/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9650)
*RESULT_CODE(1/0
> Timeout) (DF)
> |>20:39:03.719606 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9055) |...
> |>20:39:03.743539 193.138.97.25.l2tp >
cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](9055/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9650)
*RESULT_CODE(1/0
> Timeout) (DF)
> |>20:39:04.743571 193.138.97.25.l2tp >
cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](9055/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9650)
*RESULT_CODE(1/0
> Timeout) (DF)
> |>20:39:05.743643 193.138.97.25.l2tp >
cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](9055/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9650)
*RESULT_CODE(1/0
> Timeout) (DF)
> |>20:39:06.743656 193.138.97.25.l2tp >
cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](9055/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(9650)
*RESULT_CODE(1/0
> Timeout) (DF)
> |>
> |>
> |>
> |>
> |>
> |>
> |>
> |>
> |>
> |>Now , when I've replaced my linux box with a CISCO as5300:
> |>
> |>
> |>
> |>18:10:08.415406 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP()
*BEARER_CAP()
> |...
> |>18:10:08.417991 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](19412/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0)
*FRAMING_CAP()
> *BEARER_CAP() |... [tos 0xc0]
> |>18:10:08.488531 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[TLS](39348/0)Ns=1,Nr=1 *MSGTYPE(SCCCN)
> *CHALLENGE_RESP(570bb6ffbd772b4312fe940f83eea853)
> |>18:10:08.488549 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[TLS](39348/0)Ns=2,Nr=1 *MSGTYPE(ICRQ) *ASSND_SESS_ID(1988)
> *CALL_SER_NUM(334101314) *BEARER_TYPE() |...>
> |>18:10:08.489931 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](19412/0)Ns=1,Nr=2 ZLB [tos 0xc0]
> |>18:10:08.490749 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](19412/1988)Ns=1,Nr=3 *MSGTYPE(ICRP) *ASSND_SESS_ID(17) [tos
0xc0]
> |>18:10:08.564244 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[TLS](39348/17)Ns=3,Nr=2 *MSGTYPE(ICCN) *TX_CONN_SPEED(0)
*FRAMING_TYPE(S) |...
> |>18:10:08.565959 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[TLS](19412/0)Ns=2,Nr=4 ZLB [tos 0xc0]
> |>18:10:08.702892 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[L](19412/1988) {Succ(1), Msg=}
> |>18:10:08.703099 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[L](19412/1988) {Conf-Req(1), IP-Comp VJ-Comp, IP-Addr=93.38.97.39}
> |>18:10:08.703261 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[L](19412/1988) {Conf-Req(1), MPPC}
> |>18:10:08.914152 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[O](39348/17) {Conf-Req(4), MPPC}
> |>18:10:08.915455 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[L](19412/1988) {Conf-Ack(4), MPPC}
> |>18:10:08.973531 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[O](39348/17) {Conf-Req(5), IP-Comp VJ-Comp, IP-Addr=0.0.0.0,
Pri-DNS=0.0.0.0,
> Pri-NBNS=0.0.0.0, Sec-DNS=0.0.0.0, Sec-NBNS=0.0.0.0}
> |>18:10:08.978174 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[L](19412/1988) {Conf-Rej(5), Pri-NBNS=0.0.0.0, Sec-NBNS=0.0.0.0}
> |>18:10:09.014178 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[O](39348/17) {Conf-Ack(1), MPPC}
> |>18:10:09.214760 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[O](39348/17) {Conf-Req(6), IP-Comp VJ-Comp, IP-Addr=0.0.0.0,
Pri-DNS=0.0.0.0,
> Sec-DNS=0.0.0.0}
> |>18:10:09.216125 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[L](19412/1988) {Conf-Nak(6), IP-Addr=193.138.97.50,
Pri-DNS=93.38.97.33,
> Sec-DNS=distinct}
> |>18:10:09.474985 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[O](39348/17) {Conf-Req(7), IP-Comp VJ-Comp, IP-Addr=93.38.97.50,
> Pri-DNS=93.38.97.33, Sec-DNS=distinct}
> |>18:10:09.476485 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[L](19412/1988) {Conf-Ack(7), IP-Comp VJ-Comp, IP-Addr=93.38.97.50,
> Pri-DNS=93.38.97.33, Sec-DNS=distinct}
> |>18:10:10.314644 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[O](39348/17) {}
> |>18:10:10.535429 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[O](39348/17) {}
> |>18:10:10.701403 93.38.97.39.l2tp > cdma-3g1x-176-105.zappmobile.ro.l2tp:
> l2tp:[L](19412/1988) {Conf-Req(2), IP-Comp VJ-Comp, IP-Addr=93.38.97.39}
> |>18:10:10.735067 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[O](39348/17) {}
> |>18:10:10.735074 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[O](39348/17) {}
> |>18:10:10.735081 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[O](39348/17) {}
> |>18:10:10.955555 cdma-3g1x-176-105.zappmobile.ro.l2tp > 93.38.97.39.l2tp:
> l2tp:[O](39348/17) {Conf-Req(8), IP-Comp VJ-Comp, IP-Addr=93.38.97.50,
> Pri-DNS=93.38.97.33, Sec-DNS=distinct}
> |>
> |>
> |>
> |>
> |>
> |>
> |>
> |>
> |>Of I can see , there is a challenge problem....
> |>
> |>
> |>Anybody know something ?
> |>
> |>Regards
> |> Alex
> |>
> |>
> |>
> |>
> |>
> |>----- Original Message -----
> |>From: Alexandru Coseru <mailto:[EMAIL PROTECTED]>
> |>To:
> |>Sent: Thursday, September 25, 2003 4:45 PM
> |>Subject: l2tpd & Cisco
> |>
> |>
> |>Hello ..
> |>
> |>I'm having some trouble with a cisco..
> |>It seems that cisco in not receiving what i'm sending (i've looked with
tcpdump
> and the packets are going to the right direction)...It keeps retrying
until it gets
> disconnected...
> |>
> |>
> |>
> |>Anybody ca give me some hints ?
> |>
> |>
> |>
> |>Regards
> |>Alex
> |>
> |>
> |>Here is the debug part..
> |>
> |>
> |>Sep 25 17:52:01 distinct l2tpd[7108]: This binary does not support
kernel L2TP.>
> |>Sep 25 17:52:01 distinct l2tpd[7108]: l2tpd version 0.69 started on
distinct PID:7108
> |>Sep 25 17:52:01 distinct l2tpd[7108]: Written by Mark Spencer, Copyright
(C) 1998,
> Adtran, Inc.
> |>Sep 25 17:52:01 distinct l2tpd[7108]: Forked by Scott Balmos and David
Stipp, (C) 2001
> |>Sep 25 17:52:01 distinct l2tpd[7108]: Inhereted by Jeff McAdams, (C)
2002
> |>Sep 25 17:52:01 distinct l2tpd[7108]: Linux version 2.4.19-16mdk on a
i686, port 1701
> |>Sep 25 17:52:12 distinct l2tpd[7108]: ourtid = 57158, entropy_buf = df46
> |>Sep 25 17:52:12 distinct l2tpd[7108]: check_control: control, cid = 0,
Ns = 0, Nr = 0
> |>Sep 25 17:52:12 distinct l2tpd[7108]: handle_avps: handling avp's for
tunnel 57158,
> call 0
> |>Sep 25 17:52:12 distinct l2tpd[7108]: message_type_avp: message type 1
> (Start-Control-Connection-Request)
> |>Sep 25 17:52:12 distinct l2tpd[7108]: protocol_version_avp: peer is
using version
> 1, revision 0.
> |>Sep 25 17:52:12 distinct l2tpd[7108]: framing_caps_avp: supported peer
frames:
> |>Sep 25 17:52:12 distinct l2tpd[7108]: bearer_caps_avp: supported peer
bearers:
> |>Sep 25 17:52:12 distinct l2tpd[7108]: firmware_rev_avp: peer reports
firmware
> version 4400 (0x1130)
> |>Sep 25 17:52:12 distinct l2tpd[7108]: hostname_avp: peer reports
hostname 'bu-psd1'
> |>Sep 25 17:52:12 distinct l2tpd[7108]: vendor_avp: peer reports vendor
'Cisco
> Systems, Inc.\200^H'
> |>Sep 25 17:52:12 distinct l2tpd[7108]: assigned_tunnel_avp: using peer's
tunnel 26108
> |>Sep 25 17:52:12 distinct l2tpd[7108]: receive_window_size_avp: peer
wants RWS of
> 20050. Will use flow control.
> |>Sep 25 17:52:12 distinct l2tpd[7108]: challenge_avp: challenge avp found
> |>Sep 25 17:52:13 distinct l2tpd[7108]: ourtid = 6617, entropy_buf = 19d9
> |>Sep 25 17:52:13 distinct l2tpd[7108]: check_control: control, cid = 0,
Ns = 0, Nr = 0
> |>Sep 25 17:52:13 distinct l2tpd[7108]: handle_avps: handling avp's for
tunnel 6617,
> call 0
> |>Sep 25 17:52:13 distinct l2tpd[7108]: message_type_avp: message type 1
> (Start-Control-Connection-Request)
> |>Sep 25 17:52:13 distinct l2tpd[7108]: protocol_version_avp: peer is
using version
> 1, revision 0.
> |>Sep 25 17:52:13 distinct l2tpd[7108]: framing_caps_avp: supported peer
frames:
> |>Sep 25 17:52:13 distinct l2tpd[7108]: bearer_caps_avp: supported peer
bearers:
> |>Sep 25 17:52:13 distinct l2tpd[7108]: firmware_rev_avp: peer reports
firmware
> version 4400 (0x1130)
> |>Sep 25 17:52:13 distinct l2tpd[7108]: hostname_avp: peer reports
hostname 'bu-psd1'
> |>Sep 25 17:52:13 distinct l2tpd[7108]: vendor_avp: peer reports vendor
'Cisco
> Systems, Inc.\200^H'
> |>Sep 25 17:52:13 distinct l2tpd[7108]: assigned_tunnel_avp: using peer's
tunnel 26108
> |>Sep 25 17:52:13 distinct l2tpd[7108]: receive_window_size_avp: peer
wants RWS of
> 20050. Will use flow control.
> |>Sep 25 17:52:13 distinct l2tpd[7108]: challenge_avp: challenge avp found
> |>Sep 25 17:52:13 distinct l2tpd[7108]: control_finish: Peer requested
tunnel 26108
> twice, ignoring second one.
> |>Sep 25 17:52:15 distinct l2tpd[7108]: ourtid = 22708, entropy_buf = 58b4
> |>Sep 25 17:52:15 distinct l2tpd[7108]: ourcid = 61206, entropy_buf = ef16
> |>Sep 25 17:52:15 distinct l2tpd[7108]: check_control: control, cid = 0,
Ns = 0, Nr = 0
> |>Sep 25 17:52:15 distinct l2tpd[7108]: handle_avps: handling avp's for
tunnel 22708,
> call 61206
> |>Sep 25 17:52:15 distinct l2tpd[7108]: message_type_avp: message type 1
> (Start-Control-Connection-Request)
> |>Sep 25 17:52:15 distinct l2tpd[7108]: protocol_version_avp: peer is
using version
> 1, revision 0.
> |>Sep 25 17:52:15 distinct l2tpd[7108]: framing_caps_avp: supported peer
frames:
> |>Sep 25 17:52:15 distinct l2tpd[7108]: bearer_caps_avp: supported peer
bearers:
> |>Sep 25 17:52:15 distinct l2tpd[7108]: firmware_rev_avp: peer reports
firmware
> version 4400 (0x1130)
> |>Sep 25 17:52:15 distinct l2tpd[7108]: hostname_avp: peer reports
hostname 'bu-psd1'
> |>Sep 25 17:52:15 distinct l2tpd[7108]: vendor_avp: peer reports vendor
'Cisco
> Systems, Inc.> \200^H'
> |>Sep 25 17:52:15 distinct l2tpd[7108]: assigned_tunnel_avp: using peer's
tunnel 26108
> |>Sep 25 17:52:15 distinct l2tpd[7108]: receive_window_size_avp: peer
wants RWS of
> 20050. Will use flow control.
> |>Sep 25 17:52:15 distinct l2tpd[7108]: challenge_avp: challenge avp found
> |>Sep 25 17:52:15 distinct l2tpd[7108]: control_finish: Peer requested
tunnel 26108
> twice, ignoring second one.
> |>Sep 25 17:52:17 distinct l2tpd[7108]: control_xmit: Maximum retries
exceeded for
> tunnel 57158. Closing.
> |>Sep 25 17:52:17 distinct l2tpd[7108]: call_close : Connection 26108
closed to
> 180.197.176.105, port 1701 (Timeout)
> |>Sep 25 17:52:19 distinct l2tpd[7108]: ourtid = 20513, entropy_buf = 5021
> |>Sep 25 17:52:19 distinct l2tpd[7108]: check_control: control, cid = 0,
Ns = 1, Nr = 0
> |>Sep 25 17:52:19 distinct l2tpd[7108]: check_control: Received out of
order control
> packet on tunnel -1 (1 != 0)
> |>Sep 25 17:52:19 distinct l2tpd[7108]: handle_packet: bad control packet!
> |>Sep 25 17:52:22 distinct l2tpd[7108]: control_xmit: Unable to deliver
closing
> message for tunnel 57158. Destroying anyway.
> |>Sep 25 17:53:34 distinct l2tpd[7108]: death_handler: Fatal signal 2
received
> |>
> |>
> |>
> |>
> |>
> |>Here is l2tpd.conf
> |>
> |>
> |> [global]
; Global
> parameters:
> |> port = 1701 ; * Bind
to port 1701
> |> auth file = l2tp-secrets ; * Where our challenge secrets are
> |> access control = no ; * Refuse
connections
> without IP match
> |> rand source = dev ; Source for entropy for random
> |>; ; numbers, options are:
> |>; ; dev - reads of /dev/urandom
> |>; ; sys - uses rand()
> |>; ; egd - reads from egd socket
> |>; ; egd is not yet implemented
> |>;
> |> [lns distinctmedia]
; Our
> fallthrough LNS definition
> |> ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range
> |> no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
> |> ip range = 192.168.0.5 ; * But this one is okay
> |> lac = 180.197.176.105 ; * These can connect as LAC's
> |> hidden bit = no ; * Use hidden AVP's?
> |> refuse pap = yes ; *
Refuse PAP
> authentication
> |> refuse chap = no ; *
Refuse CHAP
> authentication
> |> ppp debug = yes ; * Turn
on PPP
> debugging
> |> call rws = -1 ; * RWS
for call
> (-1 is valid)
> |> tunnel rws = 14 ; * RWS
for tunnel
> (must be > 0)
> |> flow bit = yes ; * Include
sequence numbers
> |>
> |>
>
>
> - --
> Thierry Coutelier
> No Patents on Software: http://www.linux.lu/epatent
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/c/7aPOfrcNNQX7oRAgDFAJ9n9XxnSiofKinez7q/d9Uu/TP3nQCeNFRr
> h2vYrbeCLD+LADBtBOVQg9o=
> =X8Fe
> -----END PGP SIGNATURE-----
>
