Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pptp l2tp connection drops

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    4 Posts 3 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      djmatze
      last edited by

      Hi There,
      I am running pfsense 2.0 64bit as l2tp and pptp "dial in" server with radius authentification and accounting.

      everthing is running fine (after some changes in the configuration via vpn.inc)

      the only problem is, that the mpd is dropping connections from time to time.

      the error in the log is: [l2tp2] L2TP: call #1 terminated: result=2 error=6 errmsg="control connection closing"

      does anyone has an ideo where to look for this error??

      many thanks (again),
      Matze

      1 Reply Last reply Reply Quote 0
      • O
        outlet
        last edited by

        What's required to get l2tp to work?  I am having no success

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          @djmatze:

          everthing is running fine (after some changes in the configuration via vpn.inc)

          what exactly did you change? If something isn't right out of the box we need to fix it.

          @outlet:

          What's required to get l2tp to work?  I am having no success

          He's either configured the IPsec part manually, or is truly just using L2TP (i.e. with no encryption, what most people are really referring to with L2TP is L2TP/IPsec).

          1 Reply Last reply Reply Quote 0
          • D
            djmatze
            last edited by

            Hi there,

            yes it is true I am using L2TP without IPSEC (we have wireless links and we are using EAP with WPA2 Enterprise , so we don`t need additional encrypting)

            The Changes are made:

            we use different Ports for the radius Server, so I added them.
            we don`t want to offer any kind of compression so we disabled it completly.

            the new mpd.conf for l2tp looks like this

            
            l2tp:
                    load l2tp0
                    load l2tp1
                    load l2tp2
                    load l2tp3
                    load l2tp4
                    load l2tp5
                    load l2tp6
                    load l2tp7
                    load l2tp8
                    load l2tp9
                    load l2tp10
            ........
            
            
            
            .....
            l2tp1:
                    new l2tp1 l2tp1
                    set ipcp ranges 10.65.31.1/32 10.65.254.1/32
                    load l2tp_standard
            
            l2tp2:
                    new l2tp2 l2tp2
                    set ipcp ranges 10.65.31.1/32 10.65.254.2/32
                    load l2tp_standard
            
            ......
            
            
            
            l2tp_standard:
                    set bundle disable multilink
                   # set bundle enable compression
                    #set bundle yes crypt-reqd
                    set ipcp yes vjcomp
                    # set ipcp ranges 131.188.69.161/32 131.188.69.170/28
                    #set ccp yes mppc
                    set iface disable on-demand
                    #set iface enable proxy-arp
                    set iface enable tcpmssfix
                    set iface idle 0
                    set iface up-script /usr/local/sbin/l2tp-linkup
                    set iface down-script /usr/local/sbin/vpn-linkdown
                    set link yes acfcomp protocomp
                    set link no pap chap
                    set link enable chap-msv2
                    set link mtu 1420
                    set link keep-alive 60 660
                    set link fsm-timeout 15
                    set ipcp dns 10.64.1.1 10.64.1.235
                    set radius server 10.64.1.235 "our secret passwd" 1860 1861
                    set radius retries 3
                    set radius timeout 10
                    set auth enable radius-auth
                    set radius me 10.64.1.1
                    set auth enable radius-ac
            
            

            so I tried to increase the keep alive timeouts and tried to set the link fsm-timeout to 15 (2 is std.)
            but nevertheless our connections are dropping from time to time (avergage every 30 minutes)

            any ideas about the connection drops?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.