Re: npppd, framed_ip_address
On Sat, 29 Sep 2012 02:27:07 -0400 Andrew Ngo andrew@gmail.com wrote: On 28 September 2012 03:17, YASUOKA Masahiko yasu...@yasuoka.netjavascript:; wrote: On Thu, 27 Sep 2012 13:41:52 -0400 Andrew Ngo andrew@gmail.com javascript:; wrote: (By the way, the daemon goes absolutely bananas if you use a framed-ip-address on a different subnet than those in the pool. Bananas! I don't recommend this error. ^^) npppd will assign ip address dynamically on that case. Can you explain your recommendation? I only managed to replicate the error using pool-address [ip4] [ip4] for static in the pre-patched npppd, so it's probably a result of the same bug. (When I said bananas, I was just talking about the deluge of unhandled option messages. :) Anyway, I've attached the output -- it looks like a consequence of npppd thinking it has no addresses to allocate. I see, 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. 10:15:35:INFO: ppp id=0 layer=base unhandled protocol ipv6cp, 32855(8057) 10:15:35:INFO: ppp id=0 layer=ccp CCP is stopped 10:15:35:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:36:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 Because npppd could not allocate any ip address, iOS fallbacked to use old options of IPCP. The messages are to complain for the old options. Thank you for your report. --yasuoka
npppd, framed_ip_address
Hello again, On 28 September 2012 03:17, YASUOKA Masahiko yasu...@yasuoka.netjavascript:; wrote: Hi, On Thu, 27 Sep 2012 13:41:52 -0400 Andrew Ngo andrew@gmail.com javascript:; wrote: Hm. I can't seem to get npppd to map users to static addresses in the npppd-users file, after trying various permutations of pool-address ##-## for static and such. The client is an iPhone running iOS 6.0, and is definitely able to set up a working vpn over l2tp/ipsec with the npppd server (many thx, btw), but the client is then always assigned a random address from the pool (and never the static one, incidentally... but that could just be chance). Did I screw something up in the configuration or has this particular feature not been implemented yet? Has anyone else had troubles with this? The feature was broken by the my configuration syntax change work. Thank you for your report. Attached diff will fix the problem. I tested the diff and it works over here; thanks. (By the way, the daemon goes absolutely bananas if you use a framed-ip-address on a different subnet than those in the pool. Bananas! I don't recommend this error. ^^) npppd will assign ip address dynamically on that case. Can you explain your recommendation? I only managed to replicate the error using pool-address [ip4] [ip4] for static in the pre-patched npppd, so it's probably a result of the same bug. (When I said bananas, I was just talking about the deluge of unhandled option messages. :) Anyway, I've attached the output -- it looks like a consequence of npppd thinking it has no addresses to allocate. 10:15:17:NOTICE: Starting npppd pid=12849 version=5.0.0 10:15:17:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully. 10:15:17:INFO: pppx0 Started pppx 10:15:17:INFO: Listening /var/run/npppd_ctl (npppd_ctl) 10:15:17:INFO: ipcp=IPCP pool pool=[ 172.16.2.2/31,172.16.2.4/31,172.16.2.6/32] 10:15:17:INFO: Loading pool config successfully. 10:15:17:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP_ipv4] 10:15:17:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP_ipv6] 10:15:27:NOTICE: l2tpd ctrl=1 logtype=Started RecvSCCRQ from=[...]:49950/udp tunnel_id=1/38 protocol=1.0 winsize=4 hostname=Rhinoceros vendor=(no vendorname) firm= 10:15:27:INFO: l2tpd ctrl=1 SendSCCRP 10:15:27:NOTICE: l2tpd ctrl=2 logtype=Started RecvSCCRQ from=[...]:49950/udp tunnel_id=2/38 protocol=1.0 winsize=4 hostname=Rhinoceros vendor=(no vendorname) firm= 10:15:27:INFO: l2tpd ctrl=2 SendSCCRP 10:15:28:INFO: l2tpd ctrl=1 RecvSCCN 10:15:28:INFO: l2tpd ctrl=1 SendZLB 10:15:28:INFO: l2tpd ctrl=1 call=4645 RecvICRQ session_id=849 10:15:28:INFO: l2tpd ctrl=1 call=4645 SendICRP session_id=4645 10:15:28:INFO: l2tpd ctrl=1 RecvZLB 10:15:29:INFO: l2tpd ctrl=1 call=4645 RecvICCN session_id=849 calling_number= tx_conn_speed=100 framing=async 10:15:29:NOTICE: l2tpd ctrl=1 call=4645 logtype=PPPBind ppp=0 10:15:29:INFO: ppp id=0 layer=base logtype=Started tunnel=L2TP_ipv4([...]:49950) 10:15:29:INFO: l2tpd ctrl=1 call=4645 SendZLB 10:15:29:DEBUG: l2tpd ctrl=1 SendZLB 10:15:30:INFO: l2tpd ctrl=1 RecvZLB 10:15:33:INFO: ppp id=0 layer=lcp logtype=Opened mru=1360/1360 auth=MS-CHAP-V2 magic=[...]/[...] 10:15:34:INFO: ppp id=0 layer=chap proto=mschap_v2 logtype=Success username=turnip realm=LOCAL 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. 10:15:35:INFO: ppp id=0 layer=base unhandled protocol ipv6cp, 32855(8057) 10:15:35:INFO: ppp id=0 layer=ccp CCP is stopped 10:15:35:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:36:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:36:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:37:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:38:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:38:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:39:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:39:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:40:NOTICE: l2tpd ctrl=2 timeout waiting ack for ctrl packets. 10:15:40:NOTICE: l2tpd ctrl=2 logtype=Finished 10:15:40:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:40:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:41:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:41:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:42:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:42:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:43:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:43:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 ^C 10:15:44:INFO: l2tpd ctrl=1 call=4645 SendCDN result=ADMINISTRATIVE_REASON/3 10:15:44:NOTICE: l2tpd ctrl=1 call=4645 logtype=PPPUnbind 10:15:44:NOTICE: ppp id=0 layer=base logtype=TUNNELUSAGE user=turnip duration=15sec layer2=L2TP_ipv4 layer2from=[...]:49950 auth=MS-CHAP-V2 data_in=701bytes,28packets data_out=563bytes,31packets error_in=1 error_out=0 mppe=no
Re: npppd, framed_ip_address
Hi,
On Thu, 27 Sep 2012 13:41:52 -0400
Andrew Ngo andrew@gmail.com wrote:
Hm. I can't seem to get npppd to map users to static addresses in the
npppd-users file, after trying various permutations of pool-address
##-## for static and such. The client is an iPhone running iOS 6.0,
and is definitely able to set up a working vpn over l2tp/ipsec with
the npppd server (many thx, btw), but the client is then always
assigned a random address from the pool (and never the static one,
incidentally... but that could just be chance).
Did I screw something up in the configuration or has this particular
feature not been implemented yet? Has anyone else had troubles with
this?
The feature was broken by the my configuration syntax change work.
Thank you for your report. Attached diff will fix the problem.
(By the way, the daemon goes absolutely bananas if you use a
framed-ip-address on a different subnet than those in the pool.
Bananas! I don't recommend this error. ^^)
npppd will assign ip address dynamically on that case.
Can you explain your recommendation?
Index: npppd.c
===
RCS file: /cvs/src/usr.sbin/npppd/npppd/npppd.c,v
retrieving revision 1.23
diff -u -p -r1.23 npppd.c
--- npppd.c 20 Sep 2012 20:28:09 - 1.23
+++ npppd.c 28 Sep 2012 07:01:14 -
@@ -1545,6 +1545,7 @@ npppd_assign_ip_addr(npppd *_this, npppd
goto dyna_assign;
return 1;
}
+ ppp-assigned_pool = pool;
ppp-ppp_framed_ip_address.s_addr = htonl(ip4);
ppp-ppp_framed_ip_netmask.s_addr = htonl(ip4mask);
Index: privsep.c
===
RCS file: /cvs/src/usr.sbin/npppd/npppd/privsep.c,v
retrieving revision 1.6
diff -u -p -r1.6 privsep.c
--- privsep.c 18 Sep 2012 13:14:08 - 1.6
+++ privsep.c 28 Sep 2012 07:01:14 -
@@ -447,6 +447,9 @@ priv_get_user_info(const char *path, con
n = strlcpy(cp, r.calling_number, sz);
cp += ++n; sz -= n;
+ u-framed_ip_address = r.framed_ip_address;
+ u-framed_ip_netmask = r.framed_ip_netmask;
+
*puser = u;
return 0;
@@ -731,6 +734,8 @@ privsep_priv_on_sockio(int sock, short e
a = (struct PRIVSEP_GET_USER_INFO_ARG *)rbuf;
memset(r, 0, sizeof(r));
+ r.framed_ip_address.s_addr = INADDR_NAS_SELECT;
+ r.framed_ip_netmask.s_addr = INADDR_NONE;
db[0] = a-path;
if (privsep_npppd_check_get_user_info(a)) {
npppd, framed_ip_address
Hm. I can't seem to get npppd to map users to static addresses in the
npppd-users file, after trying various permutations of pool-address
##-## for static and such. The client is an iPhone running iOS 6.0,
and is definitely able to set up a working vpn over l2tp/ipsec with
the npppd server (many thx, btw), but the client is then always
assigned a random address from the pool (and never the static one,
incidentally... but that could just be chance).
Did I screw something up in the configuration or has this particular
feature not been implemented yet? Has anyone else had troubles with
this?
(By the way, the daemon goes absolutely bananas if you use a
framed-ip-address on a different subnet than those in the pool.
Bananas! I don't recommend this error. ^^)
/etc/npppd/npppd-users
turnip:\
:password=[...]:\
:framed-ip-address=172.16.2.2:
/etc/npppd/npppd.conf
authentication LOCAL type local {
users-file /etc/npppd/npppd-users
}
tunnel L2TP_ipv4 protocol l2tp {
listen on 0.0.0.0
}
tunnel L2TP_ipv6 protocol l2tp {
listen on ::
}
ipcp IPCP {
pool-address 172.16.2.2-172.16.2.6
dns-servers 172.16.2.1
}
interface pppx0 address 172.16.2.1 ipcp IPCP
bind tunnel from L2TP_ipv4 authenticated by LOCAL to pppx0
bind tunnel from L2TP_ipv6 authenticated by LOCAL to pppx0
/etc/ipsec.conf
ike passive esp transport \
proto udp from pppoe0 to any port 1701 \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc aes \
psk [...]
(npppd -d) output
3:15:21:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully.
3:15:21:INFO: pppx0 Started pppx
3:15:21:INFO: Listening /var/run/npppd_ctl (npppd_ctl)
3:15:21:INFO: ipcp=IPCP pool
dyn_pool=[172.16.2.2/31,172.16.2.4/31,172.16.2.6/32]
pool=[172.16.2.2/31,172.16.2.4/31,172.16.2.6/32]
3:15:21:INFO: Loading pool config successfully.
3:15:21:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP_ipv4]
3:15:21:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP_ipv6]
3:15:37:NOTICE: l2tpd ctrl=1 logtype=Started RecvSCCRQ
from=[...]:65293/udp tunnel_id=1/28 protocol=1.0 winsize=4
hostname=Elephant-Triumph vendor=(no vendorname) firm=
3:15:37:INFO: l2tpd ctrl=1 SendSCCRP
3:15:38:INFO: l2tpd ctrl=1 RecvSCCN
3:15:38:INFO: l2tpd ctrl=1 SendZLB
3:15:38:INFO: l2tpd ctrl=1 call=24105 RecvICRQ session_id=362
3:15:38:INFO: l2tpd ctrl=1 call=24105 SendICRP session_id=24105
3:15:39:INFO: l2tpd ctrl=1 call=24105 RecvICCN session_id=362
calling_number= tx_conn_speed=100 framing=async
3:15:39:NOTICE: l2tpd ctrl=1 call=24105 logtype=PPPBind ppp=0
3:15:39:INFO: ppp id=0 layer=base logtype=Started tunnel=L2TP_ipv4([...]:65293)
3:15:39:INFO: l2tpd ctrl=1 call=24105 SendZLB
3:15:42:INFO: ppp id=0 layer=lcp logtype=Opened mru=1360/1360
auth=MS-CHAP-V2 magic=[...]/[...]
3:15:43:INFO: ppp id=0 layer=chap proto=mschap_v2 logtype=Success
username=radish realm=LOCAL
3:15:44:INFO: ppp id=0 layer=ipcp IP Address peer=0.0.0.0 our=172.16.2.6.
3:15:44:INFO: ppp id=0 layer=base unhandled protocol ipv6cp, 32855(8057)
3:15:45:INFO: ppp id=0 layer=ccp CCP is stopped
3:15:45:INFO: ppp id=0 layer=ipcp logtype=Opened ip=172.16.2.6
assignType=dynamic
3:15:45:NOTICE: ppp id=0 layer=base logtype=TUNNELSTART user=turnip
duration=6sec layer2=L2TP_ipv4 layer2from=[...]:65293 auth=MS-CHAP-V2
ip=172.16.2.6 iface=pppx0
3:15:45:NOTICE: ppp id=0 layer=base Using pipex=yes
--
Drew
