Package: xl2tpd
Version: 1.3.6+dfsg-4
Severity: critical
Justification: breaks the whole system
Dear Maintainer,
I want to set a client of the l2tp vpn for my campus using this technique to
connect to the internet.
I have set the client for Debian 7. But now, when I try to do the same thing
for a computer with Debian 9, I failed.
I set use the configuration for the Debian 7 mechine, including
/etc/xl2tpd/xl2tpd /etc/ppp/chap-secrets and /etc/ppp/options.xl2tpd.zju.
The first one is the configuration for xl2tp, and the last two are for the ppp.
Following is what I do.
I find the xl2tpd is running after the initialization through lots of
init-scripts. Then I use "echo 'c ZJU_VPN' > /var/run/xl2tpd/l2tp-control" to
connect the vpn server in my campus. At the beginning everything is fine, I use
"ip link" and I find that there is ppp0. But few time later, about 20-30
seconds I am not sure, the keybroad is useless. I can type nothing. And I find
there are some words on the screen.
NMI watchdog: BUG: soft lockup CPU#0 stuck for 23s ... And the mechine begins
to beep.
-- System Information:
Debian Release: stretch/sid
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.5.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages xl2tpd depends on:
ii libc6 2.22-7
ii libpcap0.8 1.7.4-2
ii ppp 2.4.7-1+2
xl2tpd recommends no packages.
xl2tpd suggests no packages.
-- Configuration Files:
/etc/xl2tpd/l2tp-secrets [Errno 13] Permission denied:
u'/etc/xl2tpd/l2tp-secrets'
/etc/xl2tpd/xl2tpd.conf changed:
;
; Sample l2tpd configuration file
;
; This example file should give you some idea of how the options for l2tpd
; should work. The best place to look for a list of all options is in
; the source code itself, until I have the time to write better documetation :)
; Specifically, the file "file.c" contains a list of commands at the end.
;
; You most definitely don't have to spell out everything as it is done here
;
[global]; Global parameters:
port = 1701 ; * Bind to port 1701
auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets are
access control = yes; * Refuse connections without IP match
rand source = dev ; Source for entropy for random
; ; numbers, options are:
; ; dev - reads of /dev/urandom
; ; sys - uses rand()
; ; egd - reads from egd socket
; ; egd is not yet implemented
;
; [lns default]; Our fallthrough LNS definition
; exclusive = no; * Only permit one tunnel per host
; ip range = 192.168.0.1-192.168.0.20; * Allocate from this IP range
; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
; ip range = 192.168.0.5; * But this one is okay
; ip range = lac1-lac2; * And anything from lac1 to lac2's
IP
; lac = 192.168.1.4 - 192.168.1.8; * These can connect as LAC's
; no lac = untrusted.marko.net; * This guy can't connect
; hidden bit = no; * Use hidden AVP's?
; local ip = 192.168.1.2; * Our local IP to use
; length bit = yes; * Use length bit in payload?
; require chap = yes; * Require CHAP auth. by peer
; refuse pap = yes; * Refuse PAP authentication
; refuse chap = no; * Refuse CHAP authentication
; refuse authentication = no; * Refuse authentication altogether
; require authentication = yes; * Require peer to authenticate
; unix authentication = no; * Use /etc/passwd for auth.
; name = myhostname; * Report this as our hostname
; ppp debug = no; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.lns; * ppp options file
; call rws = 10; * RWS for call (-1 is valid)
; tunnel rws = 4; * RWS for tunnel (must be > 0)
; flow bit = yes; * Include sequence numbers
; challenge = yes; * Challenge authenticate peer ;
; rx bps = 1000; Receive tunnel speed
; tx bps = 1000; Transmit tunnel speed
; bps = 10; Define both receive and transmit speed in
one option
; [lac marko]; Example VPN LAC definition
; lns = lns.marko.net; * Who is our LNS?
; lns = lns2.marko.net; * A backup LNS (not yet used)
;