Closed Oberonc closed 1 year ago
I'm not sure which version of NetworkManager you are using, but if it is >= 1.36 you might be experiencing one of the routing bugs introduced with the newer NetworkManager. e.g. spurious route with no metric (i.e. metric 0) and/or spurious IP address. See:
NetworkManager --version 1.30.4
I tried setting "ipv4.ignore-auto-routes" to yes / no I created the script file "/etc/ppp/ip-up.d/0001routes"
Still behaves exactly the same.
Routing table before bringing up the connection:
default via 10.100.102.1 dev eth0 proto dhcp src 10.100.102.8 metric 1003
10.100.102.0/24 dev eth0 proto dhcp scope link src 10.100.102.8 metric 1003
After bringing up the connection:
default dev ppp0 proto static scope link metric 50
default via 10.100.102.1 dev eth0 proto dhcp src 10.100.102.8 metric 1003
10.100.102.0/24 dev eth0 proto dhcp scope link src 10.100.102.8 metric 1003
10.100.102.1 dev eth0 proto static scope link metric 100
[server ip] via 10.100.102.1 dev eth0 proto static metric 100
192.168.42.1 dev ppp0 proto kernel scope link src 192.168.42.10 metric 50
Regarding the This binary does not support kernel L2TP
message, could you try removing the blacklisting of the L2TP kernel modules, the following should do it:
sudo sed -e '/blacklist l2tp_netlink/s/^b/#b/g' -i /etc/modprobe.d/l2tp_netlink-blacklist.conf
sudo sed -e '/blacklist l2tp_ppp/s/^b/#b/g' -i /etc/modprobe.d/l2tp_ppp-blacklist.conf
See the following for more details:
I dont have those files:
$ ls -l /etc/modprobe.d/
total 0
I dont have those modules (l2tp_ppp, l2tp_netlink) in Linux 5.10.104 kernel. What I do have is: PPP over L2TP - pppox.ko
I loaded that module and got same results
On RedHat and Fedora the L2TP kernel modules are in the kernel-modules-extra package (PPPoX isn't specifically PPP over L2TP, but does provide support for the l2tp_ppp kernel module to do so). Not sure if there other Linux distros that don't package the L2TP kernel modules in the main kernel package.
Theses are the L2TP kernel modules I see after xl2tpd is run with NetworkManager-l2tp :
$ lsmod | grep l2tp
l2tp_ppp 28672 0
l2tp_netlink 28672 1 l2tp_ppp
l2tp_core 32768 2 l2tp_ppp,l2tp_netlink
pppox 16384 1 l2tp_ppp
ppp_generic 45056 2 pppox,l2tp_ppp
ip6_udp_tunnel 16384 1 l2tp_core
udp_tunnel 16384 1 l2tp_core
I was also going to suggest trying kl2tpd
instead of xl2tpd
if you still have issues, but kl2tpd
requires the l2tp_ppp
and l2tp_netlink
kernel modules. kl2tpd
can be installed with the Go language by doing the following:
go install "github.com/katalix/go-l2tp/...@latest"
sudo mkdir /usr/local/sbin
sudo cp go/bin/kl2tpd /usr/local/sbin
NetworkManager-l2tp will use kl2tpd by default and fall back to xl2tpd if it can't find kl2tpd.
Thing is that once the connection is made it works perfectly fine .. for 20 seconds. I can even ssh from one side to the other (server to client or client to server). If some needed kernel module wasn't loaded I believe the connection wouldn't be created or be usable. It makes sense the problem has something to do with configuration files or transient state (routing table, etc).
Question is - how do I debug this and figure the cause ? log doesn't seem to provide any information.
Well, I got the connection to last much longer with this disgusting hack (not my finest work ever):
diff -uarN git.orig/src/nm-l2tp-service.c git/src/nm-l2tp-service.c
--- git.orig/src/nm-l2tp-service.c 2022-06-15 16:56:15.502164195 +0300
+++ git/src/nm-l2tp-service.c 2022-06-15 17:04:15.516262857 +0300
@@ -1120,6 +1120,7 @@
write_config_option(fd, "access control = yes\n");
write_config_option(fd, "port = %d\n", port);
+ write_config_option(fd, "max retries = 20000\n");
if (_LOGD_enabled()) {
/* write_config_option (fd, "debug network = yes\n"); */
write_config_option(fd, "debug state = yes\n");
I hope this helps somebody Maybe you can add this to the nm configuration
Thanks for the bug report. I've added an NM_L2TP_XL2TPD_MAX_RETRIES
env variable which allows settings `max retries in commit# https://github.com/nm-l2tp/NetworkManager-l2tp/commit/2e5a163eda9f969044eae1aa00aba4eb32b9c6f9
Will look into adding a GUI option in the future.
Connection is lost after about 20 seconds after being up and working.
When I bring up the connection with "nmcli c up vpn":
At this point the connection is working just fine, but after about 20 seconds I get this:
StrongSwan 5.9.2 nm-l2tp 1.20.4 xl2tpd 1.3.14
Connection configuration file: