Pptp l2tp connection drops

djmatze

Hi There,
I am running pfsense 2.0 64bit as l2tp and pptp "dial in" server with radius authentification and accounting.

everthing is running fine (after some changes in the configuration via vpn.inc)

the only problem is, that the mpd is dropping connections from time to time.

the error in the log is: [l2tp2] L2TP: call #1 terminated: result=2 error=6 errmsg="control connection closing"

does anyone has an ideo where to look for this error??

many thanks (again),
Matze

outlet

What's required to get l2tp to work?  I am having no success

cmb

@djmatze:

everthing is running fine (after some changes in the configuration via vpn.inc)

what exactly did you change? If something isn't right out of the box we need to fix it.

@outlet:

What's required to get l2tp to work?  I am having no success

He's either configured the IPsec part manually, or is truly just using L2TP (i.e. with no encryption, what most people are really referring to with L2TP is L2TP/IPsec).

djmatze

Hi there,

yes it is true I am using L2TP without IPSEC (we have wireless links and we are using EAP with WPA2 Enterprise , so we don`t need additional encrypting)

The Changes are made:

we use different Ports for the radius Server, so I added them.
we don`t want to offer any kind of compression so we disabled it completly.

the new mpd.conf for l2tp looks like this

l2tp:
        load l2tp0
        load l2tp1
        load l2tp2
        load l2tp3
        load l2tp4
        load l2tp5
        load l2tp6
        load l2tp7
        load l2tp8
        load l2tp9
        load l2tp10
........

.....
l2tp1:
        new l2tp1 l2tp1
        set ipcp ranges 10.65.31.1/32 10.65.254.1/32
        load l2tp_standard

l2tp2:
        new l2tp2 l2tp2
        set ipcp ranges 10.65.31.1/32 10.65.254.2/32
        load l2tp_standard

......

l2tp_standard:
        set bundle disable multilink
       # set bundle enable compression
        #set bundle yes crypt-reqd
        set ipcp yes vjcomp
        # set ipcp ranges 131.188.69.161/32 131.188.69.170/28
        #set ccp yes mppc
        set iface disable on-demand
        #set iface enable proxy-arp
        set iface enable tcpmssfix
        set iface idle 0
        set iface up-script /usr/local/sbin/l2tp-linkup
        set iface down-script /usr/local/sbin/vpn-linkdown
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap-msv2
        set link mtu 1420
        set link keep-alive 60 660
        set link fsm-timeout 15
        set ipcp dns 10.64.1.1 10.64.1.235
        set radius server 10.64.1.235 "our secret passwd" 1860 1861
        set radius retries 3
        set radius timeout 10
        set auth enable radius-auth
        set radius me 10.64.1.1
        set auth enable radius-ac

so I tried to increase the keep alive timeouts and tried to set the link fsm-timeout to 15 (2 is std.)
but nevertheless our connections are dropping from time to time (avergage every 30 minutes)

any ideas about the connection drops?