L2TP link "freezes" when anything but pings are sent.
-
What would be the solution to this problem? There are many question in the forums that are similar: Access to clients, possibly NAT'ted ones via L2TP doesn't work.
I have noticed the following:
1. I have disabled IPSec in an effort to isolate the problem.
2. L2TP connects and I can ping all the addresses on the VPN.
3. As soon as I connect to a service (ie. http://192.168.121.10), sometimes a little of the page actually starts loading before the link "dies" (for lack of a more accurate description)
4. There is not l2tp activity in the logs.
5. The RAW /var/log/l2tps.log has the following:Feb 20 14:52:53 pfSense l2tps: L2TP: Control connection 0x80301bb08 connected Feb 20 14:52:53 pfSense l2tps: L2TP: Incoming call #1 via connection 0x80301bb08 received Feb 20 14:52:53 pfSense l2tps: [l2tp0] L2TP: Incoming call #1 via control connection 0x80301bb08 accepted Feb 20 14:52:53 pfSense l2tps: [l2tp0] opening link "l2tp0"... Feb 20 14:52:53 pfSense l2tps: [l2tp0] link: OPEN event Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: Open event Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: state change Initial --> Starting Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: LayerStart Feb 20 14:52:53 pfSense l2tps: [l2tp0] L2TP: Call #1 connected Feb 20 14:52:53 pfSense l2tps: [l2tp0] link: UP event Feb 20 14:52:53 pfSense l2tps: [l2tp0] link: origination is remote Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: Up event Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: state change Starting --> Req-Sent Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: SendConfigReq #18 Feb 20 14:52:53 pfSense l2tps: ACFCOMP Feb 20 14:52:53 pfSense l2tps: PROTOCOMP Feb 20 14:52:53 pfSense l2tps: MRU 1500 Feb 20 14:52:53 pfSense l2tps: MAGICNUM a628a980 Feb 20 14:52:53 pfSense l2tps: AUTHPROTO CHAP MD5 Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: rec'd Configure Request #1 (Req-Sent) Feb 20 14:52:53 pfSense l2tps: ACCMAP 0x00000000 Feb 20 14:52:53 pfSense l2tps: MAGICNUM 80ad49dd Feb 20 14:52:53 pfSense l2tps: PROTOCOMP Feb 20 14:52:53 pfSense l2tps: ACFCOMP Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: SendConfigAck #1 Feb 20 14:52:53 pfSense l2tps: ACCMAP 0x00000000 Feb 20 14:52:53 pfSense l2tps: MAGICNUM 80ad49dd Feb 20 14:52:53 pfSense l2tps: PROTOCOMP Feb 20 14:52:53 pfSense l2tps: ACFCOMP Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: state change Req-Sent --> Ack-Sent Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: rec'd Configure Nak #18 (Ack-Sent) Feb 20 14:52:53 pfSense l2tps: AUTHPROTO CHAP MSOFTv2 Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: SendConfigReq #19 Feb 20 14:52:53 pfSense l2tps: ACFCOMP Feb 20 14:52:53 pfSense l2tps: PROTOCOMP Feb 20 14:52:53 pfSense l2tps: MRU 1500 Feb 20 14:52:53 pfSense l2tps: MAGICNUM a628a980 Feb 20 14:52:53 pfSense l2tps: AUTHPROTO CHAP MSOFTv2 Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: rec'd Configure Ack #19 (Ack-Sent) Feb 20 14:52:53 pfSense l2tps: ACFCOMP Feb 20 14:52:53 pfSense l2tps: PROTOCOMP Feb 20 14:52:53 pfSense l2tps: MRU 1500 Feb 20 14:52:53 pfSense l2tps: MAGICNUM a628a980 Feb 20 14:52:53 pfSense l2tps: AUTHPROTO CHAP MSOFTv2 Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: state change Ack-Sent --> Opened Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: auth: peer wants nothing, I want CHAP Feb 20 14:52:53 pfSense l2tps: [l2tp0] CHAP: sending CHALLENGE len:17 Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: LayerUp Feb 20 14:52:53 pfSense l2tps: [l2tp0] CHAP: rec'd RESPONSE #1 Feb 20 14:52:53 pfSense l2tps: Name: "roland" Feb 20 14:52:53 pfSense l2tps: [l2tp0] AUTH: Auth-Thread started Feb 20 14:52:53 pfSense l2tps: [l2tp0] AUTH: Trying INTERNAL Feb 20 14:52:53 pfSense l2tps: [l2tp0] AUTH: INTERNAL returned undefined Feb 20 14:52:53 pfSense l2tps: [l2tp0] AUTH: Auth-Thread finished normally Feb 20 14:52:53 pfSense l2tps: [l2tp0] CHAP: ChapInputFinish: status undefined Feb 20 14:52:53 pfSense l2tps: Response is valid Feb 20 14:52:53 pfSense l2tps: Reply message: S=098CA97B7048BF0D24E71E3142E76D476CF1FDFE Feb 20 14:52:53 pfSense l2tps: [l2tp0] CHAP: sending SUCCESS len:42 Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: authorization successful Feb 20 14:52:53 pfSense l2tps: [l2tp0] Bundle up: 1 link, total bandwidth 64000 bps Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: Open event Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: state change Initial --> Starting Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: LayerStart Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: Open event Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: state change Initial --> Starting Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: LayerStart Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: Up event Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: state change Starting --> Req-Sent Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: SendConfigReq #5 Feb 20 14:52:53 pfSense l2tps: IPADDR 192.168.120.248 Feb 20 14:52:53 pfSense l2tps: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: Up event Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: state change Starting --> Req-Sent Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: SendConfigReq #3 Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: rec'd Configure Request #1 (Req-Sent) Feb 20 14:52:53 pfSense l2tps: COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid Feb 20 14:52:53 pfSense l2tps: IPADDR 0.0.0.0 Feb 20 14:52:53 pfSense l2tps: NAKing with 192.168.120.240 Feb 20 14:52:53 pfSense l2tps: PRIDNS 0.0.0.0 Feb 20 14:52:53 pfSense l2tps: NAKing with 192.168.121.248 Feb 20 14:52:53 pfSense l2tps: SECDNS 0.0.0.0 Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: SendConfigRej #1 Feb 20 14:52:53 pfSense l2tps: SECDNS 0.0.0.0 Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: rec'd Configure Ack #5 (Req-Sent) Feb 20 14:52:53 pfSense l2tps: IPADDR 192.168.120.248 Feb 20 14:52:53 pfSense l2tps: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: state change Req-Sent --> Ack-Rcvd Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: rec'd Protocol Reject #2 (Opened) Feb 20 14:52:53 pfSense l2tps: [l2tp0] LCP: protocol CCP was rejected Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: protocol was rejected by peer Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: state change Req-Sent --> Stopped Feb 20 14:52:53 pfSense l2tps: [l2tp0] CCP: LayerFinish Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: rec'd Configure Request #2 (Ack-Rcvd) Feb 20 14:52:53 pfSense l2tps: COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid Feb 20 14:52:53 pfSense l2tps: IPADDR 0.0.0.0 Feb 20 14:52:53 pfSense l2tps: NAKing with 192.168.120.240 Feb 20 14:52:53 pfSense l2tps: PRIDNS 0.0.0.0 Feb 20 14:52:53 pfSense l2tps: NAKing with 192.168.121.248 Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: SendConfigNak #2 Feb 20 14:52:53 pfSense l2tps: IPADDR 192.168.120.240 Feb 20 14:52:53 pfSense l2tps: PRIDNS 192.168.121.248 Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: rec'd Configure Request #3 (Ack-Rcvd) Feb 20 14:52:53 pfSense l2tps: COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid Feb 20 14:52:53 pfSense l2tps: IPADDR 192.168.120.240 Feb 20 14:52:53 pfSense l2tps: 192.168.120.240 is OK Feb 20 14:52:53 pfSense l2tps: PRIDNS 192.168.121.248 Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: SendConfigAck #3 Feb 20 14:52:53 pfSense l2tps: COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid Feb 20 14:52:53 pfSense l2tps: IPADDR 192.168.120.240 Feb 20 14:52:53 pfSense l2tps: PRIDNS 192.168.121.248 Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: state change Ack-Rcvd --> Opened Feb 20 14:52:53 pfSense l2tps: [l2tp0] IPCP: LayerUp Feb 20 14:52:53 pfSense l2tps: 192.168.120.248 -> 192.168.120.240 Feb 20 14:52:53 pfSense l2tps: [l2tp0] IFACE: Up event Feb 20 14:52:53 pfSense l2tps: [l2tp0] no interface to proxy arp on for 192.168.120.240
Then, when I attempt to connect to machine, this happens in the log:
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
This is just a snippet of the huge volume of ^@'s I see.
I have no idea what this means or what causes it, but although the link stays up (according to the client software on my Ubuntu Desktop), it is useless.
-
It turned out that the internet connection I use from home already employs IPSec/L2TP to create a tunnel via die wireless services the ISP uses, so instead of figuring out which PMTU, icmp and MTU and whatever else to use, the tunnel was simple established from my Mikrotik router instead of from my laptop, which works 100%.
If I'm on the road then the tunnel from my laptop works fine.