Re: npppd, framed_ip_address
On Sat, 29 Sep 2012 02:27:07 -0400 Andrew Ngo wrote: > On 28 September 2012 03:17, YASUOKA Masahiko > > > wrote: >> On Thu, 27 Sep 2012 13:41:52 -0400 >> Andrew Ngo > wrote: >>> (By the way, the daemon goes absolutely bananas if you use a >>> "framed-ip-address" on a different subnet than those in the pool. >>> Bananas! I don't recommend this error. ^^) >> >> npppd will assign ip address dynamically on that case. >> Can you explain your recommendation? > > I only managed to replicate the error using "pool-address [ip4] [ip4] for > static" in the pre-patched npppd, so it's probably a result of the same > bug. (When I said "bananas", I was just talking about the deluge of > "unhandled option" messages. :) Anyway, I've attached the output -- it > looks like a consequence of npppd thinking it has no addresses to allocate. I see, > 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. > 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. > 10:15:35:INFO: ppp id=0 layer=base unhandled protocol ipv6cp, 32855(8057) > 10:15:35:INFO: ppp id=0 layer=ccp CCP is stopped > 10:15:35:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 > 10:15:36:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 Because npppd could not allocate any ip address, iOS fallbacked to use old options of IPCP. The messages are to complain for the old options. Thank you for your report. --yasuoka
npppd, framed_ip_address
Hello again, On 28 September 2012 03:17, YASUOKA Masahiko > wrote: > Hi, > > On Thu, 27 Sep 2012 13:41:52 -0400 > Andrew Ngo > wrote: >> Hm. I can't seem to get npppd to map users to static addresses in the >> npppd-users file, after trying various permutations of "pool-address >> ##-## " and such. The client is an iPhone running iOS 6.0, >> and is definitely able to set up a working vpn over l2tp/ipsec with >> the npppd server (many thx, btw), but the client is then always >> assigned a random address from the pool (and never the static one, >> incidentally... but that could just be chance). >> >> Did I screw something up in the configuration or has this particular >> feature not been implemented yet? Has anyone else had troubles with >> this? > > The feature was broken by the my configuration syntax change work. > Thank you for your report. Attached diff will fix the problem. > I tested the diff and it works over here; thanks. >> (By the way, the daemon goes absolutely bananas if you use a >> "framed-ip-address" on a different subnet than those in the pool. >> Bananas! I don't recommend this error. ^^) > > npppd will assign ip address dynamically on that case. > Can you explain your recommendation? I only managed to replicate the error using "pool-address [ip4] [ip4] for static" in the pre-patched npppd, so it's probably a result of the same bug. (When I said "bananas", I was just talking about the deluge of "unhandled option" messages. :) Anyway, I've attached the output -- it looks like a consequence of npppd thinking it has no addresses to allocate. 10:15:17:NOTICE: Starting npppd pid=12849 version=5.0.0 10:15:17:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully. 10:15:17:INFO: pppx0 Started pppx 10:15:17:INFO: Listening /var/run/npppd_ctl (npppd_ctl) 10:15:17:INFO: ipcp=IPCP pool pool=[ 172.16.2.2/31,172.16.2.4/31,172.16.2.6/32] 10:15:17:INFO: Loading pool config successfully. 10:15:17:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP_ipv4] 10:15:17:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP_ipv6] 10:15:27:NOTICE: l2tpd ctrl=1 logtype=Started RecvSCCRQ from=[...]:49950/udp tunnel_id=1/38 protocol=1.0 winsize=4 hostname=Rhinoceros vendor=(no vendorname) firm= 10:15:27:INFO: l2tpd ctrl=1 SendSCCRP 10:15:27:NOTICE: l2tpd ctrl=2 logtype=Started RecvSCCRQ from=[...]:49950/udp tunnel_id=2/38 protocol=1.0 winsize=4 hostname=Rhinoceros vendor=(no vendorname) firm= 10:15:27:INFO: l2tpd ctrl=2 SendSCCRP 10:15:28:INFO: l2tpd ctrl=1 RecvSCCN 10:15:28:INFO: l2tpd ctrl=1 SendZLB 10:15:28:INFO: l2tpd ctrl=1 call=4645 RecvICRQ session_id=849 10:15:28:INFO: l2tpd ctrl=1 call=4645 SendICRP session_id=4645 10:15:28:INFO: l2tpd ctrl=1 RecvZLB 10:15:29:INFO: l2tpd ctrl=1 call=4645 RecvICCN session_id=849 calling_number= tx_conn_speed=100 framing=async 10:15:29:NOTICE: l2tpd ctrl=1 call=4645 logtype=PPPBind ppp=0 10:15:29:INFO: ppp id=0 layer=base logtype=Started tunnel=L2TP_ipv4([...]:49950) 10:15:29:INFO: l2tpd ctrl=1 call=4645 SendZLB 10:15:29:DEBUG: l2tpd ctrl=1 SendZLB 10:15:30:INFO: l2tpd ctrl=1 RecvZLB 10:15:33:INFO: ppp id=0 layer=lcp logtype=Opened mru=1360/1360 auth=MS-CHAP-V2 magic=[...]/[...] 10:15:34:INFO: ppp id=0 layer=chap proto=mschap_v2 logtype=Success username="turnip" realm=LOCAL 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. 10:15:35:INFO: ppp id=0 layer=base unhandled protocol ipv6cp, 32855(8057) 10:15:35:INFO: ppp id=0 layer=ccp CCP is stopped 10:15:35:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:36:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:36:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:37:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:38:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:38:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:39:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:39:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:40:NOTICE: l2tpd ctrl=2 timeout waiting ack for ctrl packets. 10:15:40:NOTICE: l2tpd ctrl=2 logtype=Finished 10:15:40:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:40:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:41:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:41:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:42:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:42:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:43:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:43:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 ^C 10:15:44:INFO: l2tpd ctrl=1 call=4645 SendCDN result=ADMINISTRATIVE_REASON/3 10:15:44:NOTICE: l2tpd ctrl=1 call=4645 logtype=PPPUnbind 10:15:44:NOTICE: ppp id=0 layer=base logtype=TUNNELUSAGE user="turnip" duration=15sec layer2=L2TP_ipv4 layer2from=[...]:49950 auth=MS-CHAP-V2 data_in=701bytes,28packets data_out=563bytes,31packets error_in=1 error_out=0 mppe=no iface=pppx0 10:15:44:I
Re: npppd, framed_ip_address
Hi, On Thu, 27 Sep 2012 13:41:52 -0400 Andrew Ngo wrote: > Hm. I can't seem to get npppd to map users to static addresses in the > npppd-users file, after trying various permutations of "pool-address > ##-## " and such. The client is an iPhone running iOS 6.0, > and is definitely able to set up a working vpn over l2tp/ipsec with > the npppd server (many thx, btw), but the client is then always > assigned a random address from the pool (and never the static one, > incidentally... but that could just be chance). > > Did I screw something up in the configuration or has this particular > feature not been implemented yet? Has anyone else had troubles with > this? The feature was broken by the my configuration syntax change work. Thank you for your report. Attached diff will fix the problem. > (By the way, the daemon goes absolutely bananas if you use a > "framed-ip-address" on a different subnet than those in the pool. > Bananas! I don't recommend this error. ^^) npppd will assign ip address dynamically on that case. Can you explain your recommendation? Index: npppd.c === RCS file: /cvs/src/usr.sbin/npppd/npppd/npppd.c,v retrieving revision 1.23 diff -u -p -r1.23 npppd.c --- npppd.c 20 Sep 2012 20:28:09 - 1.23 +++ npppd.c 28 Sep 2012 07:01:14 - @@ -1545,6 +1545,7 @@ npppd_assign_ip_addr(npppd *_this, npppd goto dyna_assign; return 1; } + ppp->assigned_pool = pool; ppp->ppp_framed_ip_address.s_addr = htonl(ip4); ppp->ppp_framed_ip_netmask.s_addr = htonl(ip4mask); Index: privsep.c === RCS file: /cvs/src/usr.sbin/npppd/npppd/privsep.c,v retrieving revision 1.6 diff -u -p -r1.6 privsep.c --- privsep.c 18 Sep 2012 13:14:08 - 1.6 +++ privsep.c 28 Sep 2012 07:01:14 - @@ -447,6 +447,9 @@ priv_get_user_info(const char *path, con n = strlcpy(cp, r.calling_number, sz); cp += ++n; sz -= n; + u->framed_ip_address = r.framed_ip_address; + u->framed_ip_netmask = r.framed_ip_netmask; + *puser = u; return 0; @@ -731,6 +734,8 @@ privsep_priv_on_sockio(int sock, short e a = (struct PRIVSEP_GET_USER_INFO_ARG *)rbuf; memset(&r, 0, sizeof(r)); + r.framed_ip_address.s_addr = INADDR_NAS_SELECT; + r.framed_ip_netmask.s_addr = INADDR_NONE; db[0] = a->path; if (privsep_npppd_check_get_user_info(a)) {
npppd, framed_ip_address
Hm. I can't seem to get npppd to map users to static addresses in the npppd-users file, after trying various permutations of "pool-address ##-## " and such. The client is an iPhone running iOS 6.0, and is definitely able to set up a working vpn over l2tp/ipsec with the npppd server (many thx, btw), but the client is then always assigned a random address from the pool (and never the static one, incidentally... but that could just be chance). Did I screw something up in the configuration or has this particular feature not been implemented yet? Has anyone else had troubles with this? (By the way, the daemon goes absolutely bananas if you use a "framed-ip-address" on a different subnet than those in the pool. Bananas! I don't recommend this error. ^^) /etc/npppd/npppd-users turnip:\ :password=[...]:\ :framed-ip-address=172.16.2.2: /etc/npppd/npppd.conf authentication LOCAL type local { users-file "/etc/npppd/npppd-users" } tunnel L2TP_ipv4 protocol l2tp { listen on 0.0.0.0 } tunnel L2TP_ipv6 protocol l2tp { listen on :: } ipcp IPCP { pool-address 172.16.2.2-172.16.2.6 dns-servers 172.16.2.1 } interface pppx0 address 172.16.2.1 ipcp IPCP bind tunnel from L2TP_ipv4 authenticated by LOCAL to pppx0 bind tunnel from L2TP_ipv6 authenticated by LOCAL to pppx0 /etc/ipsec.conf ike passive esp transport \ proto udp from pppoe0 to any port 1701 \ main auth "hmac-sha1" enc "3des" group modp1024 \ quick auth "hmac-sha1" enc "aes" \ psk [...] (npppd -d) output 3:15:21:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully. 3:15:21:INFO: pppx0 Started pppx 3:15:21:INFO: Listening /var/run/npppd_ctl (npppd_ctl) 3:15:21:INFO: ipcp=IPCP pool dyn_pool=[172.16.2.2/31,172.16.2.4/31,172.16.2.6/32] pool=[172.16.2.2/31,172.16.2.4/31,172.16.2.6/32] 3:15:21:INFO: Loading pool config successfully. 3:15:21:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP_ipv4] 3:15:21:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP_ipv6] 3:15:37:NOTICE: l2tpd ctrl=1 logtype=Started RecvSCCRQ from=[...]:65293/udp tunnel_id=1/28 protocol=1.0 winsize=4 hostname=Elephant-Triumph vendor=(no vendorname) firm= 3:15:37:INFO: l2tpd ctrl=1 SendSCCRP 3:15:38:INFO: l2tpd ctrl=1 RecvSCCN 3:15:38:INFO: l2tpd ctrl=1 SendZLB 3:15:38:INFO: l2tpd ctrl=1 call=24105 RecvICRQ session_id=362 3:15:38:INFO: l2tpd ctrl=1 call=24105 SendICRP session_id=24105 3:15:39:INFO: l2tpd ctrl=1 call=24105 RecvICCN session_id=362 calling_number= tx_conn_speed=100 framing=async 3:15:39:NOTICE: l2tpd ctrl=1 call=24105 logtype=PPPBind ppp=0 3:15:39:INFO: ppp id=0 layer=base logtype=Started tunnel=L2TP_ipv4([...]:65293) 3:15:39:INFO: l2tpd ctrl=1 call=24105 SendZLB 3:15:42:INFO: ppp id=0 layer=lcp logtype=Opened mru=1360/1360 auth=MS-CHAP-V2 magic=[...]/[...] 3:15:43:INFO: ppp id=0 layer=chap proto=mschap_v2 logtype=Success username="radish" realm=LOCAL 3:15:44:INFO: ppp id=0 layer=ipcp IP Address peer=0.0.0.0 our=172.16.2.6. 3:15:44:INFO: ppp id=0 layer=base unhandled protocol ipv6cp, 32855(8057) 3:15:45:INFO: ppp id=0 layer=ccp CCP is stopped 3:15:45:INFO: ppp id=0 layer=ipcp logtype=Opened ip=172.16.2.6 assignType=dynamic 3:15:45:NOTICE: ppp id=0 layer=base logtype=TUNNELSTART user="turnip" duration=6sec layer2=L2TP_ipv4 layer2from=[...]:65293 auth=MS-CHAP-V2 ip=172.16.2.6 iface=pppx0 3:15:45:NOTICE: ppp id=0 layer=base Using pipex=yes -- Drew