(still) Received out of order control packet

[pedro-nonfree]

I would not like to interfere with #136 as it looks is useful for some people.

build

git clone https://github.com/xelerance/xl2tpd/
cd xl2tpd
sudo apt-get build-dep xl2tpd
make
sudo ./xl2tpd -D
# commen the line suggested in #136

log

xl2tpd[17043]: Not looking for kernel SAref support.
xl2tpd[17043]: Using l2tp kernel support.
xl2tpd[17043]: xl2tpd version xl2tpd-1.3.12 started on host PID:17043
xl2tpd[17043]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[17043]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[17043]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[17043]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[17043]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[17043]: Connecting to host [masked_ip_l2tp_server], port 1701
xl2tpd[17043]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[17043]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[17043]: framing_caps_avp: supported peer frames: sync
xl2tpd[17043]: bearer_caps_avp: supported peer bearers:
xl2tpd[17043]: firmware_rev_avp: peer reports firmware version 1 (0x0001)
xl2tpd[17043]: hostname_avp: peer reports hostname '[masked_hostname_l2tp_server]'
xl2tpd[17043]: vendor_avp: peer reports vendor 'MikroTik'
xl2tpd[17043]: assigned_tunnel_avp: using peer's tunnel 3475
xl2tpd[17043]: receive_window_size_avp: peer wants RWS of 4.  Will use flow control.
xl2tpd[17043]: Connection established to [masked_ip_l2tp_server], 1701.  Local: 29146, Remote: 3475 (ref=0/0).
xl2tpd[17043]: Calling on tunnel 29146
xl2tpd[17043]: message_type_avp: message type 11 (Incoming-Call-Reply)
xl2tpd[17043]: assigned_call_avp: using peer's call 1
xl2tpd[17043]: Call established with [masked_ip_l2tp_server], Local: 40611, Remote: 1, Serial: 1 (ref=0/0)
xl2tpd[17043]: start_pppd: I'm running: 
xl2tpd[17043]: "/usr/sbin/pppd" 
xl2tpd[17043]: "plugin" 
xl2tpd[17043]: "pppol2tp.so" 
xl2tpd[17043]: "pppol2tp" 
xl2tpd[17043]: "7" 
xl2tpd[17043]: "passive" 
xl2tpd[17043]: "nodetach" 
xl2tpd[17043]: ":" 
xl2tpd[17043]: "refuse-pap" 
xl2tpd[17043]: "name" 
xl2tpd[17043]: "masked_name_l2tp_client" 
xl2tpd[17043]: "debug" 

xl2tpd[17043]: message_type_avp: message type 6 (Hello)
xl2tpd[17043]: check_control: Received out of order control packet on tunnel 3475 (got 2, expected 3)
xl2tpd[17043]: handle_packet: bad control packet!
xl2tpd[17043]: check_control: Received out of order control packet on tunnel 3475 (got 2, expected 3)
xl2tpd[17043]: handle_packet: bad control packet!
xl2tpd[17043]: check_control: Received out of order control packet on tunnel 3475 (got 2, expected 3)
xl2tpd[17043]: handle_packet: bad control packet!
xl2tpd[17043]: check_control: Received out of order control packet on tunnel 3475 (got 2, expected 3)
xl2tpd[17043]: handle_packet: bad control packet!
xl2tpd[17043]: check_control: Received out of order control packet on tunnel 3475 (got 2, expected 3)
xl2tpd[17043]: handle_packet: bad control packet!
xl2tpd[17043]: Maximum retries exceeded for tunnel 29146.  Closing.
xl2tpd[17043]: Terminating pppd: sending TERM signal to pid 17044
xl2tpd[17043]: Connection 3475 closed to [masked_ip_l2tp_server], port 1701 (Timeout)

This is what I try move all traffic through the tunnel

sudo iptables --policy FORWARD ACCEPT
sudo ip route add default dev ppp0 #l2tp interface

configs

/etc/xl2tpd/xl2tpd.conf

[global]
port = 1701
access control = no
auth file = /etc/ppp/chap-secrets
debug avp = yes

[lac default]
lns = <l2tp server ip>
;redial = yes
;redial timeout = 5
require chap = yes
ppp debug = yes
require pap = no
autodial = yes
name = <l2tp client username>
refuse pap = yes

/etc/ppp/options

extra details

• https://gitlab.com/guifi-exo/wiki/blob/master/howto/l2tp-configuration/README.md#todo-report-bug-to-debian-result_code_avp-avp-is-incorrect-size
• https://gitlab.com/guifi-exo/wiki/blob/master/howto/l2tp-configuration/README.md#bug-out-of-order-when-trying-to-route-traffic-through-the-tunnel

[snippins]

I met this error upgrading my computer to Ubuntu 20.04, I tried compile from master and met the same problem. For now I just manually patch to disable the the max retries check. Everything seems to work despite the error.

[pedro-nonfree]

I'm going to close this, as we are not experiencing problems anymore, I think we finally adjusted configuration in a better way

this is no longer for mikrotik, but we find it very good config in general

but yea, let me put here the configs in a fast way

/etc/xl2tpd/xl2tpd.conf

; general note: see debug output in /var/log/syslog

[global]
port = 1701
debug avp = no ; enable for debug

[lac exo]
lns = ip_l2tp_server_here
redial = yes
redial timeout = 5
autodial = yes
ppp debug = no ; enable for debug
pppoptfile = /etc/ppp/options.xl2tpd

/etc/ppp/chap-secrets

"targetuser" * "targetpwd" *

/etc/ppp/options.xl2tpd

# optional parameter only available through a custom patch from suse and copied in debian (thanks pespin) https://comp.protocols.ppp.narkive.com/E29wCWqW/unrecognizecd-option-replacedefaultroute
#replacedefaultroute
# "noauth" option is mandatory for accelppp (if not says "peer refused to authenticate")
#   -> src https://serverfault.com/questions/418830/pppoe-connection-generic-error-rp-pppoe-child-pppd-process-terminated/419003#419003
noauth
# l2tp user
name "targetuser"
defaultroute
persist
maxfail 0
# Don't wait for LCP term responses; exit immediately when killed.
lcp-max-terminate 0
noproxyarp
mtu 1420
mru 1420

here is a more permanent link http://web.archive.org/web/20200822181242/https://gitlab.com/guifi-exo/wiki/-/blob/master/howto/l2tp-client-configuration/README.md