L2TP link "freezes" when anything but pings are sent.



  • What would be the solution to this problem?  There are many question in the forums that are similar:  Access to clients, possibly NAT'ted ones via L2TP doesn't work.

    I have noticed the following:

    1. I have disabled IPSec in an effort to isolate the problem.
    2. L2TP connects and I can ping all the addresses on the VPN.
    3. As soon as I connect to a service (ie. http://192.168.121.10), sometimes a little of the page actually starts loading before the link "dies" (for lack of a more accurate description)
    4. There is not l2tp activity in the logs.
    5. The RAW /var/log/l2tps.log has the following:

    
    Feb 20 14:52:53 pfSense l2tps: L2TP: Control connection 0x80301bb08 connected
    Feb 20 14:52:53 pfSense l2tps: L2TP: Incoming call #1 via connection 0x80301bb08 received
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] L2TP: Incoming call #1 via control connection 0x80301bb08 accepted
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] opening link "l2tp0"...
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] link: OPEN event
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: Open event
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: state change Initial --> Starting
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: LayerStart
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] L2TP: Call #1 connected
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] link: UP event
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] link: origination is remote
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: Up event
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: state change Starting --> Req-Sent
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: SendConfigReq #18
    Feb 20 14:52:53 pfSense l2tps:  ACFCOMP
    Feb 20 14:52:53 pfSense l2tps:  PROTOCOMP
    Feb 20 14:52:53 pfSense l2tps:  MRU 1500
    Feb 20 14:52:53 pfSense l2tps:  MAGICNUM a628a980
    Feb 20 14:52:53 pfSense l2tps:  AUTHPROTO CHAP MD5
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: rec'd Configure Request #1 (Req-Sent)
    Feb 20 14:52:53 pfSense l2tps:  ACCMAP 0x00000000
    Feb 20 14:52:53 pfSense l2tps:  MAGICNUM 80ad49dd
    Feb 20 14:52:53 pfSense l2tps:  PROTOCOMP
    Feb 20 14:52:53 pfSense l2tps:  ACFCOMP
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: SendConfigAck #1
    Feb 20 14:52:53 pfSense l2tps:  ACCMAP 0x00000000
    Feb 20 14:52:53 pfSense l2tps:  MAGICNUM 80ad49dd
    Feb 20 14:52:53 pfSense l2tps:  PROTOCOMP
    Feb 20 14:52:53 pfSense l2tps:  ACFCOMP
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: state change Req-Sent --> Ack-Sent
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: rec'd Configure Nak #18 (Ack-Sent)
    Feb 20 14:52:53 pfSense l2tps:  AUTHPROTO CHAP MSOFTv2
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: SendConfigReq #19
    Feb 20 14:52:53 pfSense l2tps:  ACFCOMP
    Feb 20 14:52:53 pfSense l2tps:  PROTOCOMP
    Feb 20 14:52:53 pfSense l2tps:  MRU 1500
    Feb 20 14:52:53 pfSense l2tps:  MAGICNUM a628a980
    Feb 20 14:52:53 pfSense l2tps:  AUTHPROTO CHAP MSOFTv2
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: rec'd Configure Ack #19 (Ack-Sent)
    Feb 20 14:52:53 pfSense l2tps:  ACFCOMP
    Feb 20 14:52:53 pfSense l2tps:  PROTOCOMP
    Feb 20 14:52:53 pfSense l2tps:  MRU 1500
    Feb 20 14:52:53 pfSense l2tps:  MAGICNUM a628a980
    Feb 20 14:52:53 pfSense l2tps:  AUTHPROTO CHAP MSOFTv2
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: state change Ack-Sent --> Opened
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: auth: peer wants nothing, I want CHAP
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CHAP: sending CHALLENGE len:17
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: LayerUp
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CHAP: rec'd RESPONSE #1
    Feb 20 14:52:53 pfSense l2tps:  Name: "roland"
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] AUTH: Auth-Thread started
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] AUTH: Trying INTERNAL
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] AUTH: INTERNAL returned undefined
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] AUTH: Auth-Thread finished normally
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CHAP: ChapInputFinish: status undefined
    Feb 20 14:52:53 pfSense l2tps:  Response is valid
    Feb 20 14:52:53 pfSense l2tps:  Reply message: S=098CA97B7048BF0D24E71E3142E76D476CF1FDFE
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CHAP: sending SUCCESS len:42
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: authorization successful
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] Bundle up: 1 link, total bandwidth 64000 bps
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: Open event
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: state change Initial --> Starting
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: LayerStart
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: Open event
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: state change Initial --> Starting
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: LayerStart
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: Up event
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: state change Starting --> Req-Sent
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: SendConfigReq #5
    Feb 20 14:52:53 pfSense l2tps:  IPADDR 192.168.120.248
    Feb 20 14:52:53 pfSense l2tps:  COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: Up event
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: state change Starting --> Req-Sent
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: SendConfigReq #3
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: rec'd Configure Request #1 (Req-Sent)
    Feb 20 14:52:53 pfSense l2tps:  COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
    Feb 20 14:52:53 pfSense l2tps:  IPADDR 0.0.0.0
    Feb 20 14:52:53 pfSense l2tps:    NAKing with 192.168.120.240
    Feb 20 14:52:53 pfSense l2tps:  PRIDNS 0.0.0.0
    Feb 20 14:52:53 pfSense l2tps:    NAKing with 192.168.121.248
    Feb 20 14:52:53 pfSense l2tps:  SECDNS 0.0.0.0
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: SendConfigRej #1
    Feb 20 14:52:53 pfSense l2tps:  SECDNS 0.0.0.0
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: rec'd Configure Ack #5 (Req-Sent)
    Feb 20 14:52:53 pfSense l2tps:  IPADDR 192.168.120.248
    Feb 20 14:52:53 pfSense l2tps:  COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: state change Req-Sent --> Ack-Rcvd
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: rec'd Protocol Reject #2 (Opened)
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: protocol CCP was rejected
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: protocol was rejected by peer
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: state change Req-Sent --> Stopped
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: LayerFinish
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: rec'd Configure Request #2 (Ack-Rcvd)
    Feb 20 14:52:53 pfSense l2tps:  COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
    Feb 20 14:52:53 pfSense l2tps:  IPADDR 0.0.0.0
    Feb 20 14:52:53 pfSense l2tps:    NAKing with 192.168.120.240
    Feb 20 14:52:53 pfSense l2tps:  PRIDNS 0.0.0.0
    Feb 20 14:52:53 pfSense l2tps:    NAKing with 192.168.121.248
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: SendConfigNak #2
    Feb 20 14:52:53 pfSense l2tps:  IPADDR 192.168.120.240
    Feb 20 14:52:53 pfSense l2tps:  PRIDNS 192.168.121.248
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: rec'd Configure Request #3 (Ack-Rcvd)
    Feb 20 14:52:53 pfSense l2tps:  COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
    Feb 20 14:52:53 pfSense l2tps:  IPADDR 192.168.120.240
    Feb 20 14:52:53 pfSense l2tps:    192.168.120.240 is OK
    Feb 20 14:52:53 pfSense l2tps:  PRIDNS 192.168.121.248
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: SendConfigAck #3
    Feb 20 14:52:53 pfSense l2tps:  COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
    Feb 20 14:52:53 pfSense l2tps:  IPADDR 192.168.120.240
    Feb 20 14:52:53 pfSense l2tps:  PRIDNS 192.168.121.248
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: state change Ack-Rcvd --> Opened
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: LayerUp
    Feb 20 14:52:53 pfSense l2tps:   192.168.120.248 -> 192.168.120.240
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] IFACE: Up event
    Feb 20 14:52:53 pfSense l2tps: [l2tp0] no interface to proxy arp on for 192.168.120.240
    
    

    Then, when I attempt to connect to machine, this happens in the log:

    
    ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
    
    

    This is just a snippet of the huge volume of ^@'s I see.

    I have no idea what this means or what causes it, but although the link stays up (according to the client software on my Ubuntu Desktop), it is useless.



  • It turned out that the internet connection I use from home already employs IPSec/L2TP to create a tunnel via die wireless services the ISP uses, so instead of figuring out which PMTU, icmp and MTU and whatever else to use, the tunnel was simple established from my Mikrotik router instead of from my laptop, which works 100%.

    If I'm on the road then the tunnel from my laptop works fine.


Log in to reply