8:14 a.m.
Connection with L2TP plugin cannot be established if the "lock" option
is used. When running xl2tpd in terminal with the file content created
by the plugin following is reported and connection fails:
xl2tpd -D -C control -c connman-xl2tpd.conf
xl2tpd[17773]: setsockopt recvref[30]: Protocol not available
xl2tpd[17773]: Using l2tp kernel support.
xl2tpd[17773]: xl2tpd version xl2tpd-1.3.8 started on Sailfish PID:17773
xl2tpd[17773]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[17773]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[17773]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[17773]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[17773]: Listening on IP address a.b.c.d, port 32000
xl2tpd[17773]: Connecting to host w.x.y.z, port 1701
xl2tpd[17773]: Connection established to w.x.y.z, 1701. Local: 18554, Remote: 20429
(ref=0/0).
xl2tpd[17773]: Calling on tunnel 18554
xl2tpd[17773]: Call established with w.x.y.z, Local: 42029, Remote: 24137, Serial: 1
(ref=0/0)
xl2tpd[17773]: start_pppd: I'm running:
xl2tpd[17773]: "/usr/sbin/pppd"
xl2tpd[17773]: "plugin"
xl2tpd[17773]: "pppol2tp.so"
xl2tpd[17773]: "pppol2tp"
xl2tpd[17773]: "7"
xl2tpd[17773]: "passive"
xl2tpd[17773]: "nodetach"
xl2tpd[17773]: ":" §
xl2tpd[17773]: "name"
xl2tpd[17773]: "user"
xl2tpd[17773]: "file"
xl2tpd[17773]: "/path/to/l2tp/connman-ppp-option.conf"
/usr/sbin/pppd: In file /path/to/l2tp/connman-ppp-option.conf: unrecognized option
'lock'
xl2tpd[17773]: child_handler : pppd exited for call 24137 with code 2
xl2tpd[17773]: call_close: Call 42029 to w.x.y.z disconnected
xl2tpd[17773]: write_packet: tty is not open yet.
xl2tpd[17773]: Terminating pppd: sending TERM signal to pid 17774
xl2tpd[17773]: get_call: can't find call 42029 in tunnel 18554
(ref=0/0)xl2tpd[17773]: get_call: can't find call 42029 in tunnel 18554
Tested with PPP built from commit
8e77984ac5d7acbe68b2b2f590abd17564c9730d.
---
vpn/plugins/l2tp.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c
index 2255daaa..705c87af 100644
--- a/vpn/plugins/l2tp.c
+++ b/vpn/plugins/l2tp.c
@@ -381,7 +381,6 @@ static int write_pppd_option(struct vpn_provider *provider, int fd)
const char *opt_s;
l2tp_write_option(fd, "nodetach", NULL);
- l2tp_write_option(fd, "lock", NULL);
l2tp_write_option(fd, "logfd", "2");
l2tp_write_option(fd, "usepeerdns", NULL);
l2tp_write_option(fd, "noipdefault", NULL);
--
2.20.1
8:31 a.m.
Hi Daniel,
Please ignore this commit. I must have hit some odd bug with pppd such
as was reported in https://github.com/xelerance/xl2tpd/issues/108 - not
sure why or how but the problem with the "lock" option disappeared.
BR,
Jussi
On 10/24/19 11:14 AM, Jussi Laakkonen wrote:
> Connection with L2TP plugin cannot be established if the "lock" option
> is used. When running xl2tpd in terminal with the file content created
> by the plugin following is reported and connection fails:
>
> xl2tpd -D -C control -c connman-xl2tpd.conf
> xl2tpd[17773]: setsockopt recvref[30]: Protocol not available
> xl2tpd[17773]: Using l2tp kernel support.
> xl2tpd[17773]: xl2tpd version xl2tpd-1.3.8 started on Sailfish PID:17773
> xl2tpd[17773]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
> xl2tpd[17773]: Forked by Scott Balmos and David Stipp, (C) 2001
> xl2tpd[17773]: Inherited by Jeff McAdams, (C) 2002
> xl2tpd[17773]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
> xl2tpd[17773]: Listening on IP address a.b.c.d, port 32000
> xl2tpd[17773]: Connecting to host w.x.y.z, port 1701
> xl2tpd[17773]: Connection established to w.x.y.z, 1701. Local: 18554, Remote: 20429
(ref=0/0).
> xl2tpd[17773]: Calling on tunnel 18554
> xl2tpd[17773]: Call established with w.x.y.z, Local: 42029, Remote: 24137, Serial: 1
(ref=0/0)
> xl2tpd[17773]: start_pppd: I'm running:
> xl2tpd[17773]: "/usr/sbin/pppd"
> xl2tpd[17773]: "plugin"
> xl2tpd[17773]: "pppol2tp.so"
> xl2tpd[17773]: "pppol2tp"
> xl2tpd[17773]: "7"
> xl2tpd[17773]: "passive"
> xl2tpd[17773]: "nodetach"
> xl2tpd[17773]: ":" §
> xl2tpd[17773]: "name"
> xl2tpd[17773]: "user"
> xl2tpd[17773]: "file"
> xl2tpd[17773]: "/path/to/l2tp/connman-ppp-option.conf"
> /usr/sbin/pppd: In file /path/to/l2tp/connman-ppp-option.conf: unrecognized option
'lock'
> xl2tpd[17773]: child_handler : pppd exited for call 24137 with code 2
> xl2tpd[17773]: call_close: Call 42029 to w.x.y.z disconnected
> xl2tpd[17773]: write_packet: tty is not open yet.
> xl2tpd[17773]: Terminating pppd: sending TERM signal to pid 17774
> xl2tpd[17773]: get_call: can't find call 42029 in tunnel 18554
> (ref=0/0)xl2tpd[17773]: get_call: can't find call 42029 in tunnel 18554
>
> Tested with PPP built from commit
> 8e77984ac5d7acbe68b2b2f590abd17564c9730d.
> ---
> vpn/plugins/l2tp.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c
> index 2255daaa..705c87af 100644
> --- a/vpn/plugins/l2tp.c
> +++ b/vpn/plugins/l2tp.c
> @@ -381,7 +381,6 @@ static int write_pppd_option(struct vpn_provider *provider, int
fd)
> const char *opt_s;
>
> l2tp_write_option(fd, "nodetach", NULL);
> - l2tp_write_option(fd, "lock", NULL);
> l2tp_write_option(fd, "logfd", "2");
> l2tp_write_option(fd, "usepeerdns", NULL);
> l2tp_write_option(fd, "noipdefault", NULL);
>
9:30 a.m.
On 10/29/19 10:31 AM, Jussi Laakkonen wrote:
Hi Daniel,
Please ignore this commit. I must have hit some odd bug with pppd such
as was reported in https://github.com/xelerance/xl2tpd/issues/108 - not
sure why or how but the problem with the "lock" option disappeared.
BR,
Jussi
On 10/24/19 11:14 AM, Jussi Laakkonen wrote:
> Connection with L2TP plugin cannot be established if the "lock" option
> is used. When running xl2tpd in terminal with the file content created
> by the plugin following is reported and connection fails:
>
> xl2tpd -D -C control -c connman-xl2tpd.conf
...
> /usr/sbin/pppd: In file /path/to/l2tp/connman-ppp-option.conf:
> unrecognized option 'lock'
This is actually caused by the absence of "ipsec saref" in [global]
section of xl2tpd config file. Apparently that option must be set,
regardless of its value (yes|no), in order to accept the "lock" option
in ppp config for pppd. Did not see this in any of the documentations.
This issue seems to happen also with latest xl2tpd (1.3.15).
Problem did not persist anymore if "ipsec saref" had some value set in
the VPN setings, so the issue existed on new/unedited VPN connections.
I'll send a patch for this today as V2.
BR,
Jussi
9:54 a.m.
New subject: [PATCH v2] l2tp: Add default value for 'ipsec saref' to be able to use 'lock' with pppd
The absence of option 'ipsec saref' in xl2tpd config file will cause the
following error to stop pppd:
xl2tpd -D -C control -c connman-xl2tpd.conf
xl2tpd[17773]: setsockopt recvref[30]: Protocol not available
xl2tpd[17773]: Using l2tp kernel support.
xl2tpd[17773]: xl2tpd version xl2tpd-1.3.8 started on Sailfish PID:17773
xl2tpd[17773]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[17773]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[17773]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[17773]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[17773]: Listening on IP address a.b.c.d, port 32000
xl2tpd[17773]: Connecting to host w.x.y.z, port 1701
xl2tpd[17773]: Connection established to w.x.y.z, 1701. Local: 18554, Remote: 20429
(ref=0/0).
xl2tpd[17773]: Calling on tunnel 18554
xl2tpd[17773]: Call established with w.x.y.z, Local: 42029, Remote: 24137, Serial: 1
(ref=0/0)
xl2tpd[17773]: start_pppd: I'm running:
xl2tpd[17773]: "/usr/sbin/pppd"
xl2tpd[17773]: "plugin"
xl2tpd[17773]: "pppol2tp.so"
xl2tpd[17773]: "pppol2tp"
xl2tpd[17773]: "7"
xl2tpd[17773]: "passive"
xl2tpd[17773]: "nodetach"
xl2tpd[17773]: ":" §
xl2tpd[17773]: "name"
xl2tpd[17773]: "user"
xl2tpd[17773]: "file"
xl2tpd[17773]: "/path/to/l2tp/connman-ppp-option.conf"
/usr/sbin/pppd: In file /path/to/l2tp/connman-ppp-option.conf: unrecognized option
'lock'
xl2tpd[17773]: child_handler : pppd exited for call 24137 with code 2
xl2tpd[17773]: call_close: Call 42029 to w.x.y.z disconnected
xl2tpd[17773]: write_packet: tty is not open yet.
xl2tpd[17773]: Terminating pppd: sending TERM signal to pid 17774
xl2tpd[17773]: get_call: can't find call 42029 in tunnel 18554
(ref=0/0)xl2tpd[17773]: get_call: can't find call 42029 in tunnel 18554
By adding a default value for 'ipsec saref' connection can be
established also with new or unedited L2TP VPN connection. This was
tested with PPP (from commit 8e77984ac5d7acbe68b2b2f590abd17564c9730d)
and xl2tpd versions 1.3.8 + 1.3.15.
---
Changes since V2:
* The 'lock' option should not be removed, even though it was the
option pppd complained about.
vpn/plugins/l2tp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c
index 011f64bb..e0783bbd 100644
--- a/vpn/plugins/l2tp.c
+++ b/vpn/plugins/l2tp.c
@@ -97,7 +97,7 @@ struct {
{ "L2TP.ForceUserSpace", "force userspace", OPT_L2G, NULL,
OPT_STRING },
{ "L2TP.ListenAddr", "listen-addr", OPT_L2G, NULL, OPT_STRING },
{ "L2TP.Rand Source", "rand source", OPT_L2G, NULL, OPT_STRING },
- { "L2TP.IPsecSaref", "ipsec saref", OPT_L2G, NULL, OPT_STRING },
+ { "L2TP.IPsecSaref", "ipsec saref", OPT_L2G, "no",
OPT_STRING },
{ "L2TP.Port", "port", OPT_L2G, NULL, OPT_STRING },
{ "PPPD.EchoFailure", "lcp-echo-failure", OPT_PPPD, "0",
OPT_STRING },
{ "PPPD.EchoInterval", "lcp-echo-interval", OPT_PPPD, "0",
OPT_STRING },
--
2.20.1
10:28 a.m.
New subject: [PATCH v2] l2tp: Add default value for 'ipsec saref' to be able
to use 'lock' with pppd
Hi Jussi,
On Wed, Oct 30, 2019 at 11:54:51AM +0200, Jussi Laakkonen wrote:
The absence of option 'ipsec saref' in xl2tpd config file
will cause the
following error to stop pppd:
xl2tpd -D -C control -c connman-xl2tpd.conf
xl2tpd[17773]: setsockopt recvref[30]: Protocol not available
xl2tpd[17773]: Using l2tp kernel support.
xl2tpd[17773]: xl2tpd version xl2tpd-1.3.8 started on Sailfish PID:17773
xl2tpd[17773]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[17773]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[17773]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[17773]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[17773]: Listening on IP address a.b.c.d, port 32000
xl2tpd[17773]: Connecting to host w.x.y.z, port 1701
xl2tpd[17773]: Connection established to w.x.y.z, 1701. Local: 18554, Remote: 20429
(ref=0/0).
xl2tpd[17773]: Calling on tunnel 18554
xl2tpd[17773]: Call established with w.x.y.z, Local: 42029, Remote: 24137, Serial: 1
(ref=0/0)
xl2tpd[17773]: start_pppd: I'm running:
xl2tpd[17773]: "/usr/sbin/pppd"
xl2tpd[17773]: "plugin"
xl2tpd[17773]: "pppol2tp.so"
xl2tpd[17773]: "pppol2tp"
xl2tpd[17773]: "7"
xl2tpd[17773]: "passive"
xl2tpd[17773]: "nodetach"
xl2tpd[17773]: ":" §
xl2tpd[17773]: "name"
xl2tpd[17773]: "user"
xl2tpd[17773]: "file"
xl2tpd[17773]: "/path/to/l2tp/connman-ppp-option.conf"
/usr/sbin/pppd: In file /path/to/l2tp/connman-ppp-option.conf: unrecognized option
'lock'
xl2tpd[17773]: child_handler : pppd exited for call 24137 with code 2
xl2tpd[17773]: call_close: Call 42029 to w.x.y.z disconnected
xl2tpd[17773]: write_packet: tty is not open yet.
xl2tpd[17773]: Terminating pppd: sending TERM signal to pid 17774
xl2tpd[17773]: get_call: can't find call 42029 in tunnel 18554
(ref=0/0)xl2tpd[17773]: get_call: can't find call 42029 in tunnel 18554
By adding a default value for 'ipsec saref' connection can be
established also with new or unedited L2TP VPN connection. This was
tested with PPP (from commit 8e77984ac5d7acbe68b2b2f590abd17564c9730d)
and xl2tpd versions 1.3.8 + 1.3.15.
---
Changes since V2:
* The 'lock' option should not be removed, even though it was the
option pppd complained about.
Patch applied. Though the mail was base64 encoded for some reason and
git am was not able to decode it. I've done the change by hand, so please
check if I screw it up.
Thanks,
Daniel
8:40 a.m.
New subject: [PATCH v2] l2tp: Add default value for 'ipsec saref' to be able
to use 'lock' with pppd
base64? Ok, sorry, that was not intended. Not sure what caused that, nothing changed at my
end, except I think I had to use different email server for sending this patch. Please let
me know if this keeps happening.
479
days inactive
494
days old
5 comments
3 participants
participants (3)
-
Daniel Wagner -
Jussi Laakkonen -
jussi.laakkonen@jolla.com