[strongSwan] pppd dies after 10 seconds in L2TP/IPsec setup

Mark S. aikikid at hotmail.com
Wed Dec 22 05:45:31 CET 2010 

Hello,

I apologize if I am posting in the wrong section.
Just looking for clues as to why a pppd daemon would drop a connection after 10 seconds via a standard everyday XL2TP/IPSec setup.

The Strongswan portion builds an SA perfectly with my roadwarrior (Android 3g phone v2.2 Froyo), ikev1, pluto, psk. (thanks to Andreas for helping me recognize this!)
Linux kernel: 2.6.36
xl2tpd-1.2.6
pppd version 2.4.5 

I've tried about a hundred different combinations, with tons of google research and it just doesn't make sense why pppd would drop off without an error. The only interesting item is this "Dec 21 22:11:26 localhost pppd[11590]: rcvd [LCP TermReq id=0x2 "User request"]" I've googled it and did not find much in the way of ideas. 

It also fails when I remove charon from starting; using just plain pluto. I've tried both with and without NAT traversal aswell. I can get an SA, I can get through L2TP then onto pppd, get an IP then it immediately dies.

My linux box is directly on the net performing NAT. It's inside eth device is 192.168.2.1.
The below setup worked before on an earlier version of Strongswan(4.3.6) and an older Linux kernel.


Thank you for any help
Mark

xl2tpd.conf :
[global]
debug network = yes
debug tunnel = yes
[lns default]
ip range = 192.168.2.220-192.168.2.222
local ip = 192.168.2.219
require chap = yes
refuse pap = yes
require authentication = yes
name = blah-blah.net
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes


options.xl2tpd :
ipcp-accept-local
ipcp-accept-remote
ms-dns 192.168.2.1
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
lcp-echo-interval 60
lcp-echo-failure 20

Here's the pppd log:
Dec 21 22:11:11 localhost pppd[11590]: pppd 2.4.5 started by root, uid 0
Dec 21 22:11:11 localhost pppd[11590]: using channel 19
Dec 21 22:11:11 localhost pppd[11590]: Using interface ppp0
Dec 21 22:11:11 localhost pppd[11590]: Connect: ppp0 <--> /dev/pts/3
Dec 21 22:11:11 localhost pppd[11590]: sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MD5> <magic 0x3c83c99a> <pcomp> <accomp>]
Dec 21 22:11:11 localhost pppd[11590]: rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0xa82928a9> <pcomp> <accomp>]
Dec 21 22:11:11 localhost pppd[11590]: sent [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <magic 0xa82928a9> <pcomp> <accomp>]
Dec 21 22:11:14 localhost pppd[11590]: sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MD5> <magic 0x3c83c99a> <pcomp> <accomp>]
Dec 21 22:11:14 localhost pppd[11590]: rcvd [LCP ConfAck id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MD5> <magic 0x3c83c99a> <pcomp> <accomp>]
Dec 21 22:11:14 localhost pppd[11590]: sent [LCP EchoReq id=0x0 magic=0x3c83c99a]
Dec 21 22:11:14 localhost pppd[11590]: sent [CHAP Challenge id=0xda <04434176d7fc3b406cb2a0d0052ad95872>, name = "blah-blah.net"]
Dec 21 22:11:15 localhost pppd[11590]: rcvd [LCP EchoRep id=0x0 magic=0xa82928a9]
Dec 21 22:11:15 localhost pppd[11590]: rcvd [CHAP Response id=0xda <f68a964b721d0e15de8e3777fa50ab7a>, name = "m"]
Dec 21 22:11:15 localhost pppd[11590]: sent [CHAP Success id=0xda "Access granted"]
Dec 21 22:11:15 localhost pppd[11590]: sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.2.219>]
Dec 21 22:11:15 localhost pppd[11590]: rcvd [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
Dec 21 22:11:15 localhost pppd[11590]: Unsupported protocol 'Compression Control Protocol' (0x80fd) received
Dec 21 22:11:15 localhost pppd[11590]: sent [LCP ProtRej id=0x2 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
Dec 21 22:11:15 localhost pppd[11590]: rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
Dec 21 22:11:15 localhost pppd[11590]: sent [IPCP ConfNak id=0x1 <addr 192.168.2.220> <ms-dns1 192.168.2.1> <ms-dns2 192.168.2.1>]
Dec 21 22:11:15 localhost pppd[11590]: rcvd [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 192.168.2.219>]
Dec 21 22:11:15 localhost charon: 09[KNL] 192.168.2.219 appeared on ppp0
Dec 21 22:11:15 localhost charon: 09[KNL] 192.168.2.219 disappeared from ppp0
Dec 21 22:11:15 localhost charon: 09[KNL] 192.168.2.219 appeared on ppp0
Dec 21 22:11:15 localhost charon: 09[KNL] interface ppp0 activated
Dec 21 22:11:15 localhost pppd[11590]: rcvd [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 192.168.2.220> <ms-dns1 192.168.2.1> <ms-dns2 192.168.2.1>]
Dec 21 22:11:15 localhost pppd[11590]: sent [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 192.168.2.220> <ms-dns1 192.168.2.1> <ms-dns2 192.168.2.1>]
Dec 21 22:11:15 localhost pppd[11590]: found interface eth0 for proxy arp
Dec 21 22:11:15 localhost pppd[11590]: local  IP address 192.168.2.219
Dec 21 22:11:15 localhost pppd[11590]: remote IP address 192.168.2.220
Dec 21 22:11:15 localhost pppd[11590]: Script /etc/ppp/ip-up started (pid 11592)
Dec 21 22:11:15 localhost pppd[11590]: Script /etc/ppp/ip-up finished (pid 11592), status = 0x0
Dec 21 22:11:26 localhost pppd[11590]: rcvd [LCP TermReq id=0x2 "User request"]
Dec 21 22:11:26 localhost pppd[11590]: LCP terminated by peer (User request)
Dec 21 22:11:26 localhost pppd[11590]: Connect time 0.2 minutes.
Dec 21 22:11:26 localhost pppd[11590]: Sent 0 bytes, received 0 bytes.
Dec 21 22:11:26 localhost charon: 09[KNL] interface ppp0 deactivated
Dec 21 22:11:26 localhost charon: 09[KNL] 192.168.2.219 disappeared from ppp0

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101222/e14a9c21/attachment.html>

More information about the Users mailing list