xl2tpd regularly disconnects Mikrotik client with "result_code_avp: avp is incorrect size. 8 < 10"

[zorun]

When using xl2tpd as server and a Mikrotik device as client, the server regularly disconnects the client, and then reconnects it immediately (by launching a new instance of pppd). The error on the server side is result_code_avp: avp is incorrect size. 8 < 10.

This happens with xl2tp 1.3.6 as server on Debian jessie (without kernel support), and RouterOS 6.33 as client. The exact same setup with RouterOS 6.15 works fine.

The condition triggering this bug is unclear. When a small amount of traffic is forwarded on the tunnel, everything works fine. When artificially loading the link with 150 Mbps of large UDP packets, everything works fine. However, when production traffic (about 80 Mbps) is forwarded on the tunnel, the bug occurs every few minutes, at irregular intervals.

Here are the logs of the server when the condition triggers:

Dec 20 09:30:15 server xl2tpd[19206]: result_code_avp: avp is incorrect size.  8 < 10
Dec 20 09:30:15 server xl2tpd[19206]: handle_avps: Bad exit status handling attribute 1 (Result Code) on mandatory packet.
Dec 20 09:30:15 server xl2tpd[19206]: call_close: Call 49534 to CC.CC.CC.CC disconnected
Dec 20 09:30:15 server xl2tpd[19206]: start_pppd: I'm running:
Dec 20 09:30:15 server xl2tpd[19206]: "/usr/sbin/pppd"
Dec 20 09:30:15 server xl2tpd[19206]: "passive"
Dec 20 09:30:15 server xl2tpd[19206]: "nodetach"
Dec 20 09:30:15 server xl2tpd[19206]: "SS.SS.SS.1:0.0.0.0"
Dec 20 09:30:15 server xl2tpd[19206]: "refuse-pap"
Dec 20 09:30:15 server xl2tpd[19206]: "auth"
Dec 20 09:30:15 server xl2tpd[19206]: "require-chap"
Dec 20 09:30:15 server xl2tpd[19206]: "name"
Dec 20 09:30:15 server xl2tpd[19206]: "server-xl2tpd"
Dec 20 09:30:15 server xl2tpd[19206]: "/dev/pts/3"
Dec 20 09:30:15 server xl2tpd[19206]: Call established with CC.CC.CC.CC, Local: 8971, Remote: 55, Serial: 77
Dec 20 09:32:26 server xl2tpd[19206]: child_handler : pppd exited for call 54 with code 16

Here is the corresponding log on the client side (Mikrotik). Sorry, there is no accurate time synchronisation.

dec/20 09:30:13 l2tp,ppp,info tun-l2tp: terminating... - hungup 
dec/20 09:30:13 l2tp,ppp,info tun-l2tp: disconnected 
dec/20 09:30:13 l2tp,ppp,info tun-l2tp: initializing... 
dec/20 09:30:13 l2tp,ppp,info tun-l2tp: connecting... 
dec/20 09:30:13 route,ospf,info OSPFv2 neighbor SS.SS.SS.1: state change from Full to Down 
dec/20 09:30:14 l2tp,ppp,info tun-l2tp: authenticated 
dec/20 09:30:14 l2tp,ppp,info tun-l2tp: connected 

This is annoying, because the new ppp interface is created immediately on the server, while the old ppp interface lingers for more than two minutes (see the last line in the logs of the server). This causes OSPF to keep trying to use the old interface, which doesn't work anymore, until the neighbouring relation timeouts.

It seems to be the same issue as #44, which was apparently resolved on the client side (Android). Any idea on what could go wrong? The RouterOS changelog mentions several changes in the ppp client between versions 6.15 and 6.33, which could explain this new behaviour.

Below are the configuration of the server and clients. Server side:

# /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = SS.SS.SS.21

[lns default]
local ip = SS.SS.SS.1
assign ip = no
require chap = yes
refuse pap = yes
require authentication = yes
name = server-xl2tpd
length bit = yes

Client side:

name="tun-l2tp" max-mtu=1450 max-mru=1450 mrru=disabled
connect-to=SS.SS.SS.21 user="myusername" password="mypassword"
profile=default-encryption keepalive-timeout=disabled use-ipsec=no ipsec-secret=""
add-default-route=yes default-route-distance=1 dial-on-demand=no
allow=pap,chap,mschap1,mschap2

[mulder999]

Could you post your full configuration please ? XL2TP does not even sends ZLB after SCCCN in my setup, hence preventing session establish.

[dagelf]

For the record, I set up an L2TP connection to a Mikrotik server device from xl2tpd client and had the same issue - until I added:

/ip pool
add name=vpn ranges=172.16.22.100-172.16.22.199
/ppp profile
set [find name=default-encryption] local-address=172.16.22.1 remote-address=vpn

To the Mikrotik L2TP server. (Also took me a few minutes to remember that the server command needs and extra server parameter to configure: /int l2tp-server server print). My L2TP server uses the default-encryption profile, of course, but needed the pool added.

Running xl2tpd -D helped a lot, of course.

Lol @ this being an issue that only receives responses every December. Hurray for hobby coding and networking and github.

[pedro-nonfree]

I managed to solve this problem with this:

https://gitlab.com/guifi-exo/wiki/blob/master/howto/l2tp-configuration/README.md#todo-report-bug-to-debian-result_code_avp-avp-is-incorrect-size

but I got this error

https://gitlab.com/guifi-exo/wiki/blob/master/howto/l2tp-configuration/README.md#bug-out-of-order-when-trying-to-route-traffic-through-the-tunnel

I reported here in #156

[QuocurIQ]

I want to connect from a Raspberry Pi running Raspbian running 1.3.8+dfsg-1 armhf. Can't get passed the avp is incorrect size error. The server is a Mikrotik, connection works from other clients. Any news? Is this a non-standard usage of the package? Or is it related only to Mikrotik?

[pedro-nonfree]

I could connect from debian to mikrotik using this configuration https://gitlab.com/guifi-exo/wiki/blob/master/howto/l2tp-client-configuration/README.md#configuraci%C3%B3-de-t%C3%BAnels-l2tp-per-debian-i-derivats (translate from Catalan to English). Let me know if it works for you

[pedro-nonfree]

Lot of time that we are not dealing anymore with a l2tp mikrotik server (phew!) and we are happy with the current x2ltpd client configuration, this time, I give you a more eternal link to our docs http://web.archive.org/web/20200822181242/https://gitlab.com/guifi-exo/wiki/-/blob/master/howto/l2tp-client-configuration/README.md

[MasterDimmy]

same to me routerOs 6.49.6 ubuntu 20 , all up to date