Hello James,
On 09/05/2012 15:04, James Chapman wrote:
> On 09/05/12 13:32, Peter Hertting wrote:
>> I have a problem here and it's driving me mad. I have a persistent
>> tunnel with one session configured. And while the tunnel comes up again
>> after a connection loss the session remains in the WAITREPLY state. All
>
> WAITREPLY implies the peer is ignoring our ICRQ. But if so, I wouldn't
> expect openl2tp to start a new ppp instance.
But I can't see any such request being sent, not in the debug output nor
in wireshark.
>
>> I can see is the following debug output:
>>
>> Sep 9 08:23:02 OpenWrt daemon.debug openl2tpd[2017]: XPRT: tunl 44123:
>> zlb ack received: ns/nr=5/17
>> Sep 9 08:23:02 OpenWrt daemon.debug openl2tpd[2017]: XPRT: tunl 44123:
>> peer ns/nr is 5/17
>> Sep 9 08:23:02 OpenWrt daemon.debug openl2tpd[2017]: XPRT: tunl 44123:
>> pkt 16/5 is acked by nr 17
>> Sep 9 08:23:06 OpenWrt daemon.info openl2tpd[2017]: 9668/56219:
>> creating UNIX pppd context
>> Sep 9 08:23:16 OpenWrt daemon.info openl2tpd[2017]: 9668/56219:
>> creating UNIX pppd context
>> Sep 9 08:23:27 OpenWrt daemon.info openl2tpd[2017]: 9668/56219:
>> creating UNIX pppd context
>
> I'd expect to see much more debug being output, given the debug options
> that are set. What is your config?
/etc/openl2tpd.conf:
system modify tunnel_persist_pend_timeout=120
session_persist_pend_timeout=10
peer profile modify profile_name=default lac_lns=lac
The tunnel/session configuration is done via l2tpconfig
l2tpconfig tunnel create tunnel_name=peter dest_ipaddr=192.168.67.102
host_name=test auth_mode=challenge secret="secret" persist=yes persist=yes
l2tpconfig session create tunnel_name=peter session_name=peter
interface_name=l2tp-peter user_name=amazon user_password=amazon
Also, occasionally the session disappears completely when the tunnel
goes down (despite the persist option being set):
root@OpenWrt:/# l2tpconfig session show session_name=peter tunnel_name=peter
Operation failed: Tunnel not found
Error at or near 'show'
What's also weird: if I add the tunnel and session configuration to the
configuration file instead of using l2tpconfig I'm not seeing any of
those problems. The sessions are always established correctly after a
connection loss then.
>> l2tp> tunnel show tunnel_name=peter
>> Tunnel 44123, from 192.168.67.220 to 192.168.67.102:-
>> state: ESTABLISHED
>> created at: Sep 9 08:04:58 2011
>> administrative name: 'peter'
>> created by admin: YES, tunnel mode: LAC, persist: YES
>> local host name: OpenWrt
>> peer tunnel id: 1, host name: NOT SET
>
> peer_tunnel_id=1 is suspicious. What is the peer implementation?
I'm using l2tpns on the LNS.
>
>> UDP ports: local 58181, peer 1701
>> authorization mode: CHALLENGE, hide AVPs: OFF, allow PPP proxy: OFF
>> tunnel secret: 'secret'
>> session limit: 0, session count: 0
>> tunnel profile: default, peer profile: default
>> session profile: default, ppp profile: default
>> hello timeout: 60, retry timeout: 1, idle timeout: 0
>> rx window size: 10, tx window size: 10, max retries: 5
>> use udp checksums: ON
>> do pmtu discovery: OFF, mtu: 1460
>> framing capability: SYNC ASYNC, bearer capability: DIGITAL ANALOG
>> use tiebreaker: OFF
>> trace flags: PROTOCOL FSM API AVP AVPHIDE AVPDATA FUNC XPRT DATA PPP
>> SYSTEM
>> peer protocol version: 1.0, firmware 0
>> peer framing capability: SYNC ASYNC
>> peer bearer capability: NONE
>> peer rx window size: 4
>> negotiated tx window size: 4
>> Transport status:-
>> ns/nr: 15/5, peer 15/4
>> cwnd: 10, ssthresh: 10, congpkt_acc: 6
>> Transport statistics:-
>> out-of-sequence control/data discards: 0/0
>> zlbs tx/txfail/rx: 4/0/14
>> retransmits: 0, duplicate pkt discards: 0, data pkt discards: 0
>> hellos tx/txfail/rx: 13/0/4
>> control rx packets: 19, rx bytes: 337
>> control tx packets: 19, tx bytes: 481
>> data rx packets: 0, rx bytes: 0, rx errors: 0
>> data tx packets: 0, tx bytes: 0, tx errors: 0
>
> No data has been transmitted or received. So ppp will be timing out.
>
>> establish retries: 0
>> l2tp>
>>
>> l2tp> session show tunnel_name=peter session_name=peter
>> Session 56219 on tunnel 44123:-
>> type: LAC Incoming Call, state: WAITREPLY
>> created at: Sep 9 07:11:14 2011
>> administrative name: peter
>> created by admin: YES
>> ppp user name: amazon
>> ppp user password: amazon
>> ppp interface name: l2tp-peter
>> data sequencing required: OFF
>> use data sequence numbers: OFF
>> trace flags: PROTOCOL FSM API AVP AVPHIDE AVPDATA FUNC XPRT DATA PPP
>> SYSTEM
>> framing types: SYNC ASYNC
>> bearer types: DIGITAL ANALOG
>> call serial number: 2
>> connect speed: 1000000
>> use ppp proxy: NO
>> last peer response information:
>> result code: 10, error code: 0
>
> result_code=10 is "call was not established in time". Why is the peer
> saying that?
No idea.
>
>>
>> Peer configuration data:-
>> data sequencing required: OFF
>> framing types:
>> bearer types:
>> call serial number: 2
>> data rx packets: 0, rx bytes: 0, rx errors: 0
>> data tx packets: 0, tx bytes: 0, tx errors: 0
>> l2tp>
>>
>> l2tp> system show configuration
>> L2TP configuration:
>> UDP port: 1701
>> max tunnels: 0 (unlimited), max sessions: 0 (unlimited)
>> drain tunnels: NO
>> tunnel establish timeout: 120 seconds
>> session establish timeout: 120 seconds
>> tunnel persist pend timeout: 120 seconds
>> session persist pend timeout: 30 seconds
>> deny local tunnel creation: NO, deny remote tunnel creation: NO
>> trace flags: PROTOCOL FSM API AVP AVPHIDE AVPDATA FUNC XPRT DATA PPP
>> SYSTEM
>> l2tp>
>
> system show statistics ?
>
root@OpenWrt:~# l2tpconfig system show statistics
L2TP counters:-
Total messages sent: 35, received: 6, retransmitted: 22
illegal: 0, unsupported: 0, ignored AVPs: 0, vendor AVPs: 0
Setup failures: tunnels: 1, sessions: 0
Resource failures: control frames: 0, peers: 0
tunnels: 0, sessions: 0, ppp: 0
Limit exceeded errors: tunnels: 0, sessions: 0
Frame errors: short frames: 0, wrong version frames: 0
unexpected data frames: 1, bad frames: 0
Internal: authentication failures: 0, message encode failures: 0
no matching tunnel discards: 0, mismatched tunnel ids: 0
no matching session_discards: 0, mismatched session ids: 0
total control frame send failures: 0, event queue fulls: 0
Message counters:-
Message RX Good RX Bad TX
ILLEGAL 0 0 0
SCCRQ 0 0 14
SCCRP 2 0 0
SCCCN 0 0 2
STOPCCN 0 0 5
RESERVED1 0 0 0
HELLO 3 0 6
OCRQ 0 0 0
OCRP 0 0 0
OCCN 0 0 0
ICRQ 0 0 1
ICRP 1 0 0
ICCN 0 0 1
RESERVED2 0 0 0
CDN 0 0 6
WEN 0 0 0
SLI 0 0 0
root@OpenWrt:~#
Thanks,
Peter
--
Peter Hertting
Apeo Consulting
6 Belvedere Lawn
Douglas Road
Cork, Ireland
Phone: +353 21 4295904
Mobile: +353 86 1596329
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Openl2tp-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openl2tp-users
