L2TP: Control connection 0x803859310 destroyed

jimp

Older versions were not properly propagating the Secret field value into the L2TP config. If you set that incorrectly, the misconfiguration would not have been a problem until now.

Check your L2TP server config and erase anything in the Secret and confirm box next to it, then save and see if clients can connect.

U-351

Yes, i solved problem by clearing field "Secret".

Previously, when I was set up L2TP/IPsec, it think the "Secret" completely mean IPSec secret.

Thx!

erselbey

This time it doesn't work with radius @jimp :(

There are users added manually, but not with radius. The secret in Radius cannot be saved when it is left blank.

viktor_g

@erselbey said in L2TP: Control connection 0x803859310 destroyed:

This time it doesn't work with radius @jimp :(

There are users added manually, but not with radius. The secret in Radius cannot be saved when it is left blank.

Can you explain it more detail?
I can see radius secrets in both config.xml and mpd.conf:

/cf/conf/config:
<l2tp>
		<radius>
			<server>192.168.1.10</server>
			<secret>123</secret>
			<enable></enable>
			<accounting></accounting>
			<radiusissueips></radiusissueips>
		</radius>

# grep radius /var/etc/l2tp-vpn/mpd.conf 
	set radius server 192.168.1.10 "123"
	set radius retries 3
	set radius timeout 10
	set auth enable radius-auth
	set auth enable radius-acct

ercell

@viktor_g said in L2TP: Control connection 0x803859310 destroyed:

Can you explain it more detail?
I can see radius secrets in both config.xml and mpd.conf:

Thank you for your answer, Victor. I will try this as soon as I get to the computer.

erselbey

@viktor_g said in L2TP: Control connection 0x803859310 destroyed:

grep radiu

Hi @viktor_g

config.xml output >

<l2tp>
                <radius>
                        <server>x.x.x.x</server>
                        <secret>xxxx</secret>
                        <accounting></accounting>
                        <enable></enable>
                </radius>
                <remoteip>x.x.x.x</remoteip>
                <localip>x.x.x.x</localip>
                <l2tp_subnet>28</l2tp_subnet>
                <mode>server</mode>
                <interface>wan</interface>
                <n_l2tp_units>16</n_l2tp_units>
                <paporchap>chap</paporchap>
                <dns1>x.x.x.x</dns1>
                <dns2>x.x.x.x</dns2>
                <user>
                        <name>invio-dev</name>
                        <ip></ip>
                        <password><![CDATA[xxxx]]></password>
                </user>
                <secret></secret>
        </l2tp>

mpd.conf output >

grep radius /var/etc/l2tp-vpn/mpd.conf
	set radius server x.x.x.x “xxxx”
	set radius retries 3
	set radius timeout 10
	set auth enable radius-auth
	set auth enable radius-acct

viktor_g

@erselbey said in L2TP: Control connection 0x803859310 destroyed:

There are users added manually, but not with radius. The secret in Radius cannot be saved when it is left blank.

It looks like the Radius secret was successfully saved in your config

Please try this patch: https://redmine.pfsense.org/issues/10710

erselbey

@viktor_g Sorry, it didn't work =(

ercell

???

viktor_g

@ercell Please show your full L2TP configuration from the config.xml
and full /var/etc/l2tp-vpn/mpd.conf file content

@erselbey Have you successfully applied this patch and still see these errors?

erselbey

@viktor_g I applied but the result is the same. It doesn't work with Radius.

viktor_g

I tested 2.4.5-p1 L2TP VPN server with RADIUS (local FreeRADIUS pkg) authentication - client connected successfully

Server:

Client:

pfSense 2.4.5-p1 (KVM) L2TP VPN server (w/o IPsec)
pfSense 2.5 L2TP client

erselbey

I'm using a different radius server but it didn't work.

viktor_g

@erselbey said in L2TP: Control connection 0x803859310 destroyed:

I'm using a different radius server but it didn't work.

Please provide more info - RADIUS server version, configuration, logs

erselbey

Nothing has been done on the radius server and the latest version of freeradius is being used. I don't think there will be a situation there.

erselbey

@viktor_g @jimp ???????

viktor_g

Have you tried https://redmine.pfsense.org/issues/10710 patch?
Are there any changes on your clients?
Why aren't you using IKEv2 for your clients?
Are you able to connect from other pfSense appliance?
You can install pfSense VM and check L2TP connection as me

Also try to use FreeRADIUS pkg for testing

erselbey

@viktor_g Hello Viktor

I trying this methods and not running. Sorry.

erselbey

I started to tamper with the problem and I could not understand what to do with this method. I understand that I just need to delete the secret key. Is it correct? If it is true, it does not work, unfortunately.

viktor_g

@erselbey You need to apply Patch ID 58b9baeef7281ba19fafdc790344d4c3d03e1541 first, see https://docs.netgate.com/pfsense/en/latest/development/system-patches.html, then delete Secret key

You can also test it with another pfSense appliance as L2TP client