On 09/05/12 15:30, Peter Hertting wrote: > Hello James, > > On 09/05/2012 15:04, James Chapman wrote: >> On 09/05/12 13:32, Peter Hertting wrote: > >>> I have a problem here and it's driving me mad. I have a persistent >>> tunnel with one session configured. And while the tunnel comes up again >>> after a connection loss the session remains in the WAITREPLY state. All >> >> WAITREPLY implies the peer is ignoring our ICRQ. But if so, I wouldn't >> expect openl2tp to start a new ppp instance. > > But I can't see any such request being sent, not in the debug output nor > in wireshark.
I can't explain that. >>> I can see is the following debug output: >>> >>> Sep 9 08:23:02 OpenWrt daemon.debug openl2tpd[2017]: XPRT: tunl 44123: >>> zlb ack received: ns/nr=5/17 >>> Sep 9 08:23:02 OpenWrt daemon.debug openl2tpd[2017]: XPRT: tunl 44123: >>> peer ns/nr is 5/17 >>> Sep 9 08:23:02 OpenWrt daemon.debug openl2tpd[2017]: XPRT: tunl 44123: >>> pkt 16/5 is acked by nr 17 >>> Sep 9 08:23:06 OpenWrt daemon.info openl2tpd[2017]: 9668/56219: >>> creating UNIX pppd context >>> Sep 9 08:23:16 OpenWrt daemon.info openl2tpd[2017]: 9668/56219: >>> creating UNIX pppd context >>> Sep 9 08:23:27 OpenWrt daemon.info openl2tpd[2017]: 9668/56219: >>> creating UNIX pppd context >> >> I'd expect to see much more debug being output, given the debug options >> that are set. What is your config? > /etc/openl2tpd.conf: > system modify tunnel_persist_pend_timeout=120 > session_persist_pend_timeout=10 > peer profile modify profile_name=default lac_lns=lac > > The tunnel/session configuration is done via l2tpconfig > l2tpconfig tunnel create tunnel_name=peter dest_ipaddr=192.168.67.102 > host_name=test auth_mode=challenge secret="secret" persist=yes persist=yes > l2tpconfig session create tunnel_name=peter session_name=peter > interface_name=l2tp-peter user_name=amazon user_password=amazon Set persist=yes in the session create. > Also, occasionally the session disappears completely when the tunnel > goes down (despite the persist option being set): > root@OpenWrt:/# l2tpconfig session show session_name=peter > tunnel_name=peter > Operation failed: Tunnel not found > Error at or near 'show' That is expected. When a session times out, it is destroyed and recreated after session_persist_pend_timeout seconds (10 seconds in your case). > What's also weird: if I add the tunnel and session configuration to the > configuration file instead of using l2tpconfig I'm not seeing any of > those problems. The sessions are always established correctly after a > connection loss then. > >>> l2tp> tunnel show tunnel_name=peter >>> Tunnel 44123, from 192.168.67.220 to 192.168.67.102:- >>> state: ESTABLISHED >>> created at: Sep 9 08:04:58 2011 >>> administrative name: 'peter' >>> created by admin: YES, tunnel mode: LAC, persist: YES >>> local host name: OpenWrt >>> peer tunnel id: 1, host name: NOT SET >> >> peer_tunnel_id=1 is suspicious. What is the peer implementation? > > I'm using l2tpns on the LNS. > >> >>> UDP ports: local 58181, peer 1701 >>> authorization mode: CHALLENGE, hide AVPs: OFF, allow PPP proxy: OFF >>> tunnel secret: 'secret' >>> session limit: 0, session count: 0 >>> tunnel profile: default, peer profile: default >>> session profile: default, ppp profile: default >>> hello timeout: 60, retry timeout: 1, idle timeout: 0 >>> rx window size: 10, tx window size: 10, max retries: 5 >>> use udp checksums: ON >>> do pmtu discovery: OFF, mtu: 1460 >>> framing capability: SYNC ASYNC, bearer capability: DIGITAL ANALOG >>> use tiebreaker: OFF >>> trace flags: PROTOCOL FSM API AVP AVPHIDE AVPDATA FUNC XPRT DATA PPP >>> SYSTEM >>> peer protocol version: 1.0, firmware 0 >>> peer framing capability: SYNC ASYNC >>> peer bearer capability: NONE >>> peer rx window size: 4 >>> negotiated tx window size: 4 >>> Transport status:- >>> ns/nr: 15/5, peer 15/4 >>> cwnd: 10, ssthresh: 10, congpkt_acc: 6 >>> Transport statistics:- >>> out-of-sequence control/data discards: 0/0 >>> zlbs tx/txfail/rx: 4/0/14 >>> retransmits: 0, duplicate pkt discards: 0, data pkt discards: 0 >>> hellos tx/txfail/rx: 13/0/4 >>> control rx packets: 19, rx bytes: 337 >>> control tx packets: 19, tx bytes: 481 >>> data rx packets: 0, rx bytes: 0, rx errors: 0 >>> data tx packets: 0, tx bytes: 0, tx errors: 0 >> >> No data has been transmitted or received. So ppp will be timing out. >> >>> establish retries: 0 >>> l2tp> >>> >>> l2tp> session show tunnel_name=peter session_name=peter >>> Session 56219 on tunnel 44123:- >>> type: LAC Incoming Call, state: WAITREPLY >>> created at: Sep 9 07:11:14 2011 >>> administrative name: peter >>> created by admin: YES >>> ppp user name: amazon >>> ppp user password: amazon >>> ppp interface name: l2tp-peter >>> data sequencing required: OFF >>> use data sequence numbers: OFF >>> trace flags: PROTOCOL FSM API AVP AVPHIDE AVPDATA FUNC XPRT DATA PPP >>> SYSTEM >>> framing types: SYNC ASYNC >>> bearer types: DIGITAL ANALOG >>> call serial number: 2 >>> connect speed: 1000000 >>> use ppp proxy: NO >>> last peer response information: >>> result code: 10, error code: 0 >> >> result_code=10 is "call was not established in time". Why is the peer >> saying that? > > No idea. > >> >>> >>> Peer configuration data:- >>> data sequencing required: OFF >>> framing types: >>> bearer types: >>> call serial number: 2 >>> data rx packets: 0, rx bytes: 0, rx errors: 0 >>> data tx packets: 0, tx bytes: 0, tx errors: 0 >>> l2tp> >>> >>> l2tp> system show configuration >>> L2TP configuration: >>> UDP port: 1701 >>> max tunnels: 0 (unlimited), max sessions: 0 (unlimited) >>> drain tunnels: NO >>> tunnel establish timeout: 120 seconds >>> session establish timeout: 120 seconds >>> tunnel persist pend timeout: 120 seconds >>> session persist pend timeout: 30 seconds >>> deny local tunnel creation: NO, deny remote tunnel creation: NO >>> trace flags: PROTOCOL FSM API AVP AVPHIDE AVPDATA FUNC XPRT DATA PPP >>> SYSTEM >>> l2tp> >> >> system show statistics ? >> > root@OpenWrt:~# l2tpconfig system show statistics > L2TP counters:- > Total messages sent: 35, received: 6, retransmitted: 22 > illegal: 0, unsupported: 0, ignored AVPs: 0, vendor AVPs: 0 > Setup failures: tunnels: 1, sessions: 0 > Resource failures: control frames: 0, peers: 0 > tunnels: 0, sessions: 0, ppp: 0 > Limit exceeded errors: tunnels: 0, sessions: 0 > Frame errors: short frames: 0, wrong version frames: 0 > unexpected data frames: 1, bad frames: 0 > Internal: authentication failures: 0, message encode failures: 0 > no matching tunnel discards: 0, mismatched tunnel ids: 0 > no matching session_discards: 0, mismatched session ids: 0 > total control frame send failures: 0, event queue fulls: 0 > > Message counters:- > Message RX Good RX Bad TX > ILLEGAL 0 0 0 > SCCRQ 0 0 14 > SCCRP 2 0 0 > SCCCN 0 0 2 > STOPCCN 0 0 5 > RESERVED1 0 0 0 > HELLO 3 0 6 > OCRQ 0 0 0 > OCRP 0 0 0 > OCCN 0 0 0 > ICRQ 0 0 1 > ICRP 1 0 0 > ICCN 0 0 1 This suggests a session was successfuly established once and no further sessions were attempted. > RESERVED2 0 0 0 > CDN 0 0 6 6 CDNs sent but only one session? Weird. > WEN 0 0 0 > SLI 0 0 0 > root@OpenWrt:~# > > > Thanks, > > Peter > -- James Chapman Katalix Systems Ltd http://www.katalix.com Catalysts for your Embedded Linux software development ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Openl2tp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openl2tp-users
