xl2tpd-control command not working

[ghost]

I have an cisco vpn server which which i am trying to connect an endpoint through VPN(IPsec/L2TP). I have strongswan, xl2tpd and pppd running on my machine. IPsec conection is established successfully and i verified it by command "ipsec statusall" but sometimes command i use for l2tp connection is not working. Following are the commands which i am running for l2tp connection:

xl2tpd -c /etc/xl2tpd.conf -C /var/run/xl2tpd/l2tp-control

xl2tpd-control add l2tp lns=10.0.97.5

xl2tpd-control add l2tp local ip =10.0.97.74

xl2tpd-control connect l2tp A A

This does not seem to send any packet to router, I have checked router logs also. I have also used wireshark at endpoint but no packets are sent for l2tp connection. I don't know what is missing.

Note: this behaviour is not consistent, it is occurring a few times only.

[shussain]

What version of xl2tpd and Strongswan are you using?

[ghost]

I have strongswan 5.5.0 and xl2tpd 1.3.5.

[shussain]

Is it possible for you to test with the latest version of xl2tpd?

there have been several commits that deal with xl2tpd-control, memory leaks, etc.

[ghost]

I have one application to automatically control strongswan and xl2tpd. It will be bit difficult to update version of xl2tpd at this time. Could you please tell me the area of concern? i.e suspected area of issue

[shussain]

I am sorry, I can't troubleshoot/debug with the current info that has been provided. Will leave this ticket open incase anyone ever encountered this issue

[ghost]

Could you please specify what information you need,I'll try to provide those information. and i would like to know the prerequisites for running xl2tpd-control command ex: xl2tpd process should be running, config should beat place etc.

[ghost]

Is it fine to use xl2tpd 1.3.7 for our application?

[ghost]

I just want to add one observation, generally whenever i used to fire following commands, i used to get 00 OK on console: xl2tpd-control add l2tp lns=10.0.97.5

xl2tpd-control add l2tp local ip =10.0.97.74

xl2tpd-control connect l2tp A A

but when 00 OK is not displayed on the console then endpoint does not send any l2tp packets to cisco router. also when i fire cat var/run/xl2tpd/l2tp-control it waits indefinitely. it seems it is waiting for any information. it is showing echo response code 253.

[shussain]

@ervikash4 I would recommend using atleast 1.3.8 if not 1.3.9 since there are still some commits that impact xl2tpd-control

Are you using the -d option to specify xl2tpd-control to run in debug mode?

[ghost]

I have used xl2tpd version 1.3.7 but having same problem. I have not used 1.3.8 or 1.3.9 because it is showing unverified in tags. could you please suggest whether i use 1.3.7 or 1.3.9?

[shussain]

I would suggest testing with 1.3.9

Has the debug mode for xl2tpd-control provided any information?

[ghost]

I have used debug mode in command but it shows the command to be passed in /avr/run/xl2tp/l2tp-control. command output is not printed. it seems xl2tpd-control add command is not working as desired. following add command is not working: xl2tpd-control -d add nec_l2tp lns=10.0.97.5

[shussain]

@ervikash4 If I understand you correctly, are you saying that you are no longer able to get xl2tpd-control add command to work at all with 1.3.9?

[ghost]

I got the issue again. This time i have not used xl2tpd-control add command, instead i have added lns and lac in xl2tpd.conf file. credential is also added in chap-secrets file. I started xl2tpd daemon and stated connecting using echo command.following are the logs for the same: 10.0.97.8 # xl2tpd -c /etc/xl2tpd.conf -D & 10.0.97.8 # xl2tpd[1011]: Enabling IPsec SAref processing for L2TP transport mode SAs xl2tpd[1011]: IPsec SAref does not work with L2TP kernel mode yet, enabling force userspace=yes xl2tpd[1011]: setsockopt recvref[30]: Protocol not available xl2tpd[1011]: Not looking for kernel support. xl2tpd[1011]: xl2tpd version xl2tpd-1.3.6 started on nec_base PID:1011 xl2tpd[1011]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[1011]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[1011]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[1011]: Forked again by Xelerance (www.xelerance.com) (C) 2006 xl2tpd[1011]: Listening on IP address 0.0.0.0, port 1701 10.0.97.8 # echo "c nec_l2tp" > /var/run/xl2tpd/l2tp-control 10.0.97.8 # xl2tpd[1011]: Connecting to host 10.0.97.5, port 1701 xl2tpd[1011]: Maximum retries exceeded for tunnel 47004. Closing. xl2tpd[1011]: Connection 0 closed to 10.0.97.5, port 1701 (Timeout) xl2tpd[1011]: Unable to deliver closing message for tunnel 47004. Destroying anyway. xl2tpd[1011]: Will redial in 2 seconds xl2tpd[1011]: Connecting to host 10.0.97.5, port 1701 xl2tpd[1011]: Maximum retries exceeded for tunnel 23319. Closing. xl2tpd[1011]: Connection 0 closed to 10.0.97.5, port 1701 (Timeout) xl2tpd[1011]: Unable to deliver closing message for tunnel 23319. Destroying anyway. xl2tpd[1011]: Will redial in 2 seconds xl2tpd[1011]: Connecting to host 10.0.97.5, port 1701 xl2tpd[1011]: Maximum retries exceeded for tunnel 4839. Closing. xl2tpd[1011]: Connection 0 closed to 10.0.97.5, port 1701 (Timeout) xl2tpd[1011]: Unable to deliver closing message for tunnel 4839. Destroying anyway. xl2tpd[1011]: Will redial in 2 seconds xl2tpd[1011]: magic_lac_dial: maximum retries exceeded.

It seems thta endpoint has sent l2tp sccrq messages but i could not see any packet from endpoint in wireshark/tcpdump. i don't understand why endpoint is not able to send l2tp packets. Please note that i have tried the same on xl2tpd version 1.3.7 and got the same result.

[ghost]

Can anyone please suggest me any troubleshoot mechanism I could use?