can't connect on iOS/Android

[cannotcode]

Connection works on Windows Xp/7/8 but it's not possible to connect on Android/iOS. This happens with the latest xl2tpd version from github. iOS/Android clients can connect on older xl2tpd version, such as the default one from debian repository. However, downgrading to that version is not a solution because the latest xl2tpd fixes other annoying bugs and it also works with l2tp_ppp kernel module which increases the download speed a lot

[tphelps]

Commit 83419fc90de766bf7b614b60603bd2af316a9a62 broke xl2tpd on Linux. Could you try again with aa1122481763f4559708a94e8b6950be84c07292 (or presumably later)?

[cannotcode]

thanks tphelps. I just tried the latest commit and the problem is still the same. No chance to connect from Android (JB 4.2.2) or iOS 6.1.3

This is the output from xl2tpd (foreground mode) when trying to connect from Android:

xl2tpd[3247]: network_thread: recv packet from A.B.C.D, size = 69, tunnel = 0, call = 0 ref=0 refhim=0 xl2tpd[3247]: get_call: allocating new tunnel for host A.B.C.D, port 52503. xl2tpd[3247]: network_thread: recv packet from A.B.C.D, size = 69, tunnel = 0, call = 0 ref=0 refhim=0 xl2tpd[3247]: get_call: allocating new tunnel for host A.B.C.D, port 52503. xl2tpd[3247]: control_finish: Peer requested tunnel 34320 twice, ignoring second one. xl2tpd[3247]: build_fdset: closing down tunnel 52114 xl2tpd[3247]: network_thread: select timeout xl2tpd[3247]: network_thread: select timeout xl2tpd[3247]: network_thread: select timeout xl2tpd[3247]: network_thread: select timeout xl2tpd[3247]: network_thread: select timeout xl2tpd[3247]: Maximum retries exceeded for tunnel 43391. Closing. xl2tpd[3247]: Connection 34320 closed to A.B.C.D, port 52503 (Timeout) xl2tpd[3247]: network_thread: select timeout xl2tpd[3247]: network_thread: select timeout xl2tpd[3247]: network_thread: select timeout

xl2tpd.conf:

[global] debug network = yes debug tunnel = yes [lns default] name = l2tp ip range = 10.10.30.10-10.10.30.254 local ip = 10.10.30.1 refuse chap = no refuse pap = yes require authentication = yes ppp debug = no pppoptfile = /etc/ppp/options.xl2tpd length bit = yes pass peer = yes

options.l2tp:

name l2tp require-mppe-128 ipcp-accept-local ipcp-accept-remote noccp ms-dns 8.8.4.4 ms-dns 8.8.8.8 auth crtscts idle 1800 mtu 1410 mru 1410 defaultroute lock plugin radius.so plugin radattr.so

ipsec.conf (openswan 2.6.39):

config setup nat_traversal=yes virtual_private=%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.0.0.0/8,%v4. oe=off protostack=netkey conn L2TP-PSK-NAT also=L2TP-PSK-noNAT conn L2TP-PSK authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=X.Y.Z.W leftprotoport=17/1701 right=%any rightprotoport=17/%any

[tphelps]

I don't suppose you'd be willing to git bisect to find the commit that broke this for you?

[xelerance]

I recommend he tries older versions first.

[cannotcode]

I tried older versions. I managed to get it to work using xl2tpd 1.3.0 applying the following 2 patches: https://gist.github.com/sigwall/1306094 https://dev.openwrt.org/attachment/ticket/11058/xl2tpd-lns.2.patch

It works now on Android, iOS and Windows. However, I am expecting to face other bugs which were fixed since 1.3.0. In fact, yesterday I was able to connect on Android after applying the 1st patch above but the connection hanged when doing more traffic than regular browsing, such as running a download speed test (~7-10 Mbps) After that I applied the 2nd patch and changed my /etc/ppp/options.xl2tpd to the following:

noccp novj novjccomp nopcomp noaccomp name l2tp ms-dns 8.8.8.8 ms-dns 8.8.4.4 asyncmap 0 auth lock local debug proxyarp lcp-echo-interval 30 lcp-echo-failure 4 crtscts

---

It seemed to work fine for large data transfers, at least not dying after the first 1-8 MBs transferred in speedtest, like it did when I only had the 1st patch and the options.xl2tpd posted in my previous message yesterday. I have no idea what caused the tunnel drop (though it was still connected but no traffic transferred). I suspect it was related either to the 2nd patch fix or the options.xl2tp options. Other strange thing I noticed was related to NAT traversal - if I connected a Windows OS first and the Android afterwards, both from same NATed network, it worked well on both - but if I connected the Android 1st, Windows was not able to connect afterwards. I'll do some more tests today and will share my findings.

[sfionov]

https://dev.openwrt.org/attachment/ticket/11058/xl2tpd-lns.2.patch

btw I forgot to add this patch to my kernel branch before pull request and this commit is missing in Git.

[tphelps]

Hi lfxx, thanks for checking that 1.3.0 + patches works. There are 48 commits between that and HEAD. If you could narrow that down further (ideally to a specific commit), it would really help us to work out what's gone wrong and fix it.

Thanks! -Ted

[wmasilva]

Hi, Using latest git (the patchs where include) the problem is still happen..

I'm configure it using debian squeeze, i try the package form repos and it work OK. you can get it and compile using: wge http://ftp.de.debian.org/debian/pool/main/x/xl2tpd/xl2tpd_1.3.1+dfsg-1

wget http://ftp.de.debian.org/debian/pool/main/x/xl2tpd/xl2tpd_1.3.1+dfsg-1.dsc wget http://ftp.de.debian.org/debian/pool/main/x/xl2tpd/xl2tpd_1.3.1+dfsg.orig.tar.gz wget http://ftp.de.debian.org/debian/pool/main/x/xl2tpd/xl2tpd_1.3.1+dfsg-1.debian.tar.gz dpkg-source -x xl2tpd_1.3.1+dfsg-1.dsc

I don't know from where to start to do a git bisec... hope the logs help you..

regards, António

Log latest git:

xl2tpd[20261]: setsockopt recvref[30]: Protocol not available xl2tpd[20261]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp) xl2tpd[20261]: xl2tpd version xl2tpd-1.3.1 started on ismael PID:20261 xl2tpd[20261]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[20261]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[20261]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[20261]: Forked again by Xelerance (www.xelerance.com) (C) 2006 xl2tpd[20261]: Listening on IP address 192.168.10.250, port 1701 xl2tpd[20261]: network_thread: recv packet from 192.168.10.100, size = 69, tunnel = 0, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 45 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0F 00 00 00 07 61 6E 6F 6E 79 6D 6F 75 73 80 0A 00 00 00 03 00 00 00 03 80 08 00 00 00 09 94 34 80 08 00 00 00 0A 00 01 } ASCII: { E anonymous 4 } xl2tpd[20261]: get_call: allocating new tunnel for host 192.168.10.100, port 45123. xl2tpd[20261]: handle_avps: handling avp's for tunnel 26931, call 0 xl2tpd[20261]: message_type_avp: message type 1 (Start-Control-Connection-Request) xl2tpd[20261]: protocol_version_avp: peer is using version 1, revision 0. xl2tpd[20261]: hostname_avp: peer reports hostname 'anonymous' xl2tpd[20261]: framing_caps_avp: supported peer frames: async sync xl2tpd[20261]: assigned_tunnel_avp: using peer's tunnel 37940 xl2tpd[20261]: receive_window_size_avp: peer wants RWS of 1. Will use flow control. xl2tpd[20261]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 37940, call is 0. packet dump: HEX: { C8 02 00 67 94 34 00 00 00 00 00 01 00 08 00 00 00 00 00 02 00 08 00 00 00 02 01 00 00 0A 00 00 00 03 00 00 00 03 00 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 06 90 00 0C 00 00 00 07 69 73 6D 61 65 6C 00 13 00 00 00 08 78 65 6C 65 72 61 6E 63 65 2E 63 6F 6D 00 08 00 00 00 09 69 33 00 08 00 00 00 0A 00 04 } ASCII: { g 4 ismael xelerance.com i3 } xl2tpd[20261]: control_finish: sending SCCRP xl2tpd[20261]: network_thread: select timeout xl2tpd[20261]: network_thread: select timeout xl2tpd[20261]: network_thread: select timeout xl2tpd[20261]: network_thread: select timeout xl2tpd[20261]: network_thread: select timeout xl2tpd[20261]: Maximum retries exceeded for tunnel 26931. Closing.

Log using debian package: xl2tpd[25601]: setsockopt recvref[22]: Protocol not available xl2tpd[25601]: This binary does not support kernel L2TP. xl2tpd[25601]: xl2tpd version xl2tpd-1.2.6 started on ismael PID:25601 xl2tpd[25601]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[25601]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[25601]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[25601]: Forked again by Xelerance (www.xelerance.com) (C) 2006 xl2tpd[25601]: Listening on IP address 192.168.10.250, port 1701 xl2tpd[25601]: network_thread: recv packet from 192.168.10.100, size = 69, tunnel = 0, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 45 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0F 00 00 00 07 61 6E 6F 6E 79 6D 6F 75 73 80 0A 00 00 00 03 00 00 00 03 80 08 00 00 00 09 9F 83 80 08 00 00 00 0A 00 01 } ASCII: { E anonymous } xl2tpd[25601]: get_call: allocating new tunnel for host 192.168.10.100, port 41225. xl2tpd[25601]: handle_avps: handling avp's for tunnel 49124, call 0 xl2tpd[25601]: message_type_avp: message type 1 (Start-Control-Connection-Request) xl2tpd[25601]: protocol_version_avp: peer is using version 1, revision 0. xl2tpd[25601]: hostname_avp: peer reports hostname 'anonymous' xl2tpd[25601]: framing_caps_avp: supported peer frames: async sync xl2tpd[25601]: assigned_tunnel_avp: using peer's tunnel 40835 xl2tpd[25601]: receive_window_size_avp: peer wants RWS of 1. Will use flow control. xl2tpd[25601]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 40835, call is 0. packet dump: HEX: { C8 02 00 67 9F 83 00 00 00 00 00 01 80 08 00 00 00 00 00 02 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 03 80 0A 00 00 00 04 00 00 00 00 80 08 00 00 00 06 06 90 80 0C 00 00 00 07 69 73 6D 61 65 6C 80 13 00 00 00 08 78 65 6C 65 72 61 6E 63 65 2E 63 6F 6D 80 08 00 00 00 09 BF E4 80 08 00 00 00 0A 00 04 } ASCII: { g ismael xelerance.com } xl2tpd[25601]: control_finish: sending SCCRP xl2tpd[25601]: network_thread: recv packet from 192.168.10.100, size = 69, tunnel = 0, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 45 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0F 00 00 00 07 61 6E 6F 6E 79 6D 6F 75 73 80 0A 00 00 00 03 00 00 00 03 80 08 00 00 00 09 9F 83 80 08 00 00 00 0A 00 01 } ASCII: { E anonymous } xl2tpd[25601]: get_call: allocating new tunnel for host 192.168.10.100, port 41225. xl2tpd[25601]: handle_avps: handling avp's for tunnel 5173, call 0 xl2tpd[25601]: message_type_avp: message type 1 (Start-Control-Connection-Request) xl2tpd[25601]: protocol_version_avp: peer is using version 1, revision 0. xl2tpd[25601]: hostname_avp: peer reports hostname 'anonymous' xl2tpd[25601]: framing_caps_avp: supported peer frames: async sync xl2tpd[25601]: assigned_tunnel_avp: using peer's tunnel 40835 xl2tpd[25601]: receive_window_size_avp: peer wants RWS of 1. Will use flow control. xl2tpd[25601]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 40835, call is 0. xl2tpd[25601]: control_finish: Peer requested tunnel 40835 twice, ignoring second one. xl2tpd[25601]: build_fdset: closing down tunnel 5173 xl2tpd[25601]: network_thread: recv packet from 192.168.10.100, size = 20, tunnel = 49124, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 14 00 E4 BF 00 00 01 00 01 00 80 08 00 00 00 00 00 03 } ASCII: { } xl2tpd[25601]: handle_avps: handling avp's for tunnel 49124, call 0 xl2tpd[25601]: message_type_avp: message type 3 (Start-Control-Connection-Connected) xl2tpd[25601]: control_finish: message type is Start-Control-Connection-Connected(3). Tunnel is 40835, call is 0. xl2tpd[25601]: Connection established to 192.168.10.100, 41225. Local: 49124, Remote: 40835 (ref=0/0). LNS session is 'default' xl2tpd[25601]: network_thread: recv packet from 192.168.10.100, size = 38, tunnel = 49124, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 26 00 E4 BF 00 00 02 00 01 00 80 08 00 00 00 00 00 0A 80 08 00 00 00 0E D4 C1 80 0A 00 00 00 0F 58 0D 81 14 } ASCII: { & X } xl2tpd[25601]: handle_avps: handling avp's for tunnel 49124, call 0 xl2tpd[25601]: message_type_avp: message type 10 (Incoming-Call-Request) xl2tpd[25601]: message_type_avp: new incoming call xl2tpd[25601]: assigned_call_avp: using peer's call 54465 xl2tpd[25601]: call_serno_avp: serial number is 1477280020 xl2tpd[25601]: control_finish: message type is Incoming-Call-Request(10). Tunnel is 40835, call is 0. packet dump: HEX: { C8 02 00 1C 9F 83 D4 C1 00 01 00 03 80 08 00 00 00 00 00 0B 80 08 00 00 00 0E 07 3C } ASCII: { <} xl2tpd[25601]: control_finish: Sending ICRP xl2tpd[25601]: network_thread: recv packet from 192.168.10.100, size = 40, tunnel = 49124, call = 1852 ref=0 refhim=0 packet dump: HEX: { 02 C8 28 00 E4 BF 3C 07 03 00 02 00 80 08 00 00 00 00 00 0C 80 0A 00 00 00 18 05 F5 E1 00 80 0A 00 00 00 13 00 00 00 03 } ASCII: { ( < } xl2tpd[25601]: handle_avps: handling avp's for tunnel 49124, call 1852 xl2tpd[25601]: message_type_avp: message type 12 (Incoming-Call-Connected) xl2tpd[25601]: tx_speed_avp: transmit baud rate is 100000000 xl2tpd[25601]: frame_type_avp: peer uses: async frames xl2tpd[25601]: control_finish: message type is Incoming-Call-Connected(12). Tunnel is 40835, call is 54465. xl2tpd[25601]: start_pppd: I'm running: xl2tpd[25601]: "/usr/sbin/pppd" xl2tpd[25601]: "passive" xl2tpd[25601]: "nodetach" xl2tpd[25601]: "10.10.10.1:10.10.10.10" xl2tpd[25601]: "refuse-pap" xl2tpd[25601]: "refuse-chap" xl2tpd[25601]: "auth" xl2tpd[25601]: "name" xl2tpd[25601]: "autenticacion" xl2tpd[25601]: "debug" xl2tpd[25601]: "file" xl2tpd[25601]: "/etc/xl2tpd/cm_conf/l2tp-server3_options" xl2tpd[25601]: "/dev/pts/4" xl2tpd[25601]: Call established with 192.168.10.100, Local: 1852, Remote: 54465, Serial: 1477280020

[tphelps]

I'm afraid that I don't know where to start looking in the logs. But git makes bisecting easy, and the on-line git book has some excellent documentation for bisecting:

http://git-scm.com/book/en/Git-Tools-Debugging-with-Git#Binary-Search

All you need to do is clone the xelerance/xl2tpd repo, tell git to start bisect, that the HEAD is bad and the v1.3.1 release is known good. Git will then choose a revision somewhere between those two versions and update the sources to match. You should be able to just run make, fire up xl2tpd and test to see if it exhibits the problem behavior. If it does, then tell git that that revision is bad and it'll select another. Similarly, if it doesn't exhibit the problem, tell git that it's good. Eventually you should be able to narrow the problem down to a single commit, which should at least give us a clue as to where to start looking.

-Ted

[cannotcode]

tried 1.3.1, 1.3.2rc1, 1.3.2rc2. They just won't work with android/iOS 1.3.0 works fine but i found another big problem with it: xl2tpd crashes when some Mac OS X 10.6 disconnects. Not all the time and so far I couldn't replicate the problem on a different Mac. I have a user connecting from a Mac OS X and he crashes xl2tpd every single day (pppd defunct/zombie, requiring a killall -9 xl2tpd). This is what remains in the syslog after the crash: "xl2tpd[18446]: network_thread: recvfrom returned error 113 (No route to host)"

So I was thinking that maybe a newer release of xl2tpd would fix the Mac issue, but I can't get it to work with Android, iOS etc If someone has xl2tpd 1.3.1 working with Android (with l2tp_ppp kernel support) please help.

[xelerance]

We need to know the exact Android version(s) that doesn't work with 1.3.1/1.3.2

[xelerance]

Please test with v1.3.6. We think we fixed it.

[xelerance]

We have reports that v1.3.6 works fine with Android, so I will close this ticket.