Project

General

Profile

Issue #897

5.3.0dr1 connmark (L2TP)

Added by Pavel Kopchyk over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
libcharon
Affected version:
dr|rc|master
Resolution:
No change required

Description

I try to use connmark in 5.3.0dr1.

I have a CentOS 6.6 system.

Mar 18 09:33:51 test charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.0dr1, Linux 2.6.32-504.12.2.el6.i686, i686)
Mar 18 09:33:51 test charon: 00[LIB] openssl FIPS mode(0) - disabled 
Mar 18 09:33:51 test charon: 00[KNL] received netlink error: Address family not supported by protocol (97)
Mar 18 09:33:51 test charon: 00[KNL] unable to create IPv6 routing table rule
Mar 18 09:33:51 test charon: 00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts'
Mar 18 09:33:51 test charon: 00[CFG]   loaded ca certificate "O=TEST CA CN=test VPN CA" from '/etc/strongswan/ipsec.d/cacerts/test_ca_cert.pem'
Mar 18 09:33:51 test charon: 00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts'
Mar 18 09:33:51 test charon: 00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts'
Mar 18 09:33:51 test charon: 00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts'
Mar 18 09:33:51 test charon: 00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls'
Mar 18 09:33:51 test charon: 00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets'
Mar 18 09:33:51 test charon: 00[CFG]   loaded RSA private key from '/etc/strongswan/ipsec.d/private/test_key.pem'
Mar 18 09:33:51 test charon: 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 
pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp xcbc cmac hmac ntru curl sqlite attr kernel-netlink resolve socket-default connmark 
stroke updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap
Mar 18 09:33:51 test charon: 00[JOB] spawning 16 worker threads
Mar 18 09:33:51 test charon: 07[CFG] received stroke: add connection 'L2TP-test'
Mar 18 09:33:51 test charon: 07[CFG] conn L2TP-test
Mar 18 09:33:51 test charon: 07[CFG]   left=192.0.2.12
Mar 18 09:33:51 test charon: 07[CFG]   leftauth=pubkey
Mar 18 09:33:51 test charon: 07[CFG]   leftid=O=TEST CA CN=test
Mar 18 09:33:51 test charon: 07[CFG]   leftrsakey=%cert
Mar 18 09:33:51 test charon: 07[CFG]   leftcert=test_cert.pem
Mar 18 09:33:51 test charon: 07[CFG]   right=%any
Mar 18 09:33:51 test charon: 07[CFG]   rightauth=pubkey
Mar 18 09:33:51 test charon: 07[CFG]   rightrsakey=%cert
Mar 18 09:33:51 test charon: 07[CFG]   rightca=%same
Mar 18 09:33:51 test charon: 07[CFG]   mediation=no
Mar 18 09:33:51 test charon: 07[CFG]   keyexchange=ikev1
Mar 18 09:33:51 test charon: 07[CFG]   loaded certificate "O=TEST CA CN=test" from 'test_cert.pem'
Mar 18 09:33:51 test charon: 07[CFG] added configuration 'L2TP-test'

The problem is that network traffic (L2TP) is not encrypted!

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
09:42:50.721844 IP 192.0.2.9.500 > 192.0.2.12.500: isakmp: phase 1 I ident
09:42:50.724011 ARP, Request who-has 192.0.2.9 tell 192.0.2.12, length 28
09:42:50.724023 ARP, Reply 192.0.2.9 is-at 52:54:00:bd:a0:88, length 28
09:42:50.724258 IP 192.0.2.12.500 > 192.0.2.9.500: isakmp: phase 1 R ident
09:42:50.730684 IP 192.0.2.9.500 > 192.0.2.12.500: isakmp: phase 1 I ident
09:42:50.744213 IP 192.0.2.12.500 > 192.0.2.9.500: isakmp: phase 1 R ident
09:42:50.756947 IP 192.0.2.9.4500 > 192.0.2.12.4500: NONESP-encap: isakmp: phase 1 I ident[E]
09:42:50.757057 IP 192.0.2.9 > 192.0.2.12: udp
09:42:50.768709 IP 192.0.2.12.4500 > 192.0.2.9.4500: NONESP-encap: isakmp: phase 1 R ident
09:42:50.768757 IP 192.0.2.12.4500 > 192.0.2.9.4500: NONESP-encap: isakmp: phase 1 R ident
09:42:50.768905 IP 192.0.2.12.4500 > 192.0.2.9.4500: NONESP-encap: isakmp: phase 1 R ident
09:42:50.769047 IP 192.0.2.12.4500 > 192.0.2.9.4500: NONESP-encap: isakmp: phase 1 R ident
09:42:50.771325 IP 192.0.2.9.4500 > 192.0.2.12.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
09:42:50.774288 IP 192.0.2.12.4500 > 192.0.2.9.4500: NONESP-encap: isakmp: phase 2/others R oakley-quick[E]
09:42:50.775292 IP 192.0.2.9.4500 > 192.0.2.12.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
09:42:50.776744 IP 192.0.2.9.4500 > 192.0.2.12.4500: UDP-encap: ESP(spi=0xc040371d,seq=0x1), length 148
09:42:50.777159 IP 192.0.2.12.1701 > 192.0.2.9.1701:  l2tp:[TLS](1/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
 *BEARER_CAP() FIRM_VER(1680) *HOST_NAME(test.host) VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(60799) *RECV_WIN_SIZE(4)
09:42:51.775229 IP 192.0.2.9.4500 > 192.0.2.12.4500: UDP-encap: ESP(spi=0xc040371d,seq=0x2), length 148
09:42:51.775855 IP 192.0.2.12.1701 > 192.0.2.9.1701:  l2tp:[TLS](1/0)Ns=0,Nr=1 ZLB
09:42:51.777293 IP 192.0.2.12.1701 > 192.0.2.9.1701:  l2tp:[TLS](1/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) 
*BEARER_CAP() FIRM_VER(1680) *HOST_NAME(test.host) VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(60799) *RECV_WIN_SIZE(4)
09:42:52.778314 IP 192.0.2.12.1701 > 192.0.2.9.1701:  l2tp:[TLS](1/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) 
*BEARER_CAP() FIRM_VER(1680) *HOST_NAME(test.host) VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(60799) *RECV_WIN_SIZE(4)
09:42:52.848823 IP 192.0.2.9.4500 > 192.0.2.12.4500: NONESP-encap: isakmp: phase 2/others I inf[E]
09:42:52.848972 IP 192.0.2.9.4500 > 192.0.2.12.4500: NONESP-encap: isakmp: phase 2/others I inf[E]
09:42:53.779594 IP 192.0.2.12.1701 > 192.0.2.9.1701:  l2tp:[TLS](1/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) 
*BEARER_CAP() FIRM_VER(1680) *HOST_NAME(test.host) VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(60799) *RECV_WIN_SIZE(4)
09:42:54.780457 IP 192.0.2.12.1701 > 192.0.2.9.1701:  l2tp:[TLS](1/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) 
*BEARER_CAP() FIRM_VER(1680) *HOST_NAME(test.host) VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(60799) *RECV_WIN_SIZE(4)
09:42:55.735471 ARP, Request who-has 192.0.2.12 tell 192.0.2.9, length 28
09:42:55.735885 ARP, Reply 192.0.2.12 is-at e2:c2:01:c4:ef:49, length 28
09:42:55.781601 IP 192.0.2.12.1701 > 192.0.2.9.1701:  l2tp:[TLS](1/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(60799) *RESULT_CODE(1/0 Timeout)
09:42:56.782701 IP 192.0.2.12.1701 > 192.0.2.9.1701:  l2tp:[TLS](1/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(60799) *RESULT_CODE(1/0 Timeout)

ip xfrm pol

src 192.0.2.9/32 dst 192.0.2.12/32 proto udp sport 1701 dport 1701 
    dir in priority 2816 ptype main 
    tmpl src 0.0.0.0 dst 0.0.0.0
        proto esp reqid 2 mode transport
src 192.0.2.12/32 dst 192.0.2.9/32 proto udp sport 1701 dport 1701 
    dir out priority 2816 ptype main 
    tmpl src 0.0.0.0 dst 0.0.0.0
        proto esp reqid 2 mode transport
src 0.0.0.0/0 dst 0.0.0.0/0 
    dir 3 priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    dir 4 priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    dir 3 priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    dir 4 priority 0 ptype main 

iptables -L -nvt mangle

Chain PREROUTING (policy ACCEPT 25 packets, 2185 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    3   528 MARK       udp  --  *      *       192.0.2.9      192.0.2.12     udp spt:4500 dpt:4500 MARK set 0x2 

Chain INPUT (policy ACCEPT 25 packets, 2185 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    3   381 CONNMARK   all  --  *      *       192.0.2.9      192.0.2.12     policy match dir in pol ipsec spi 0xf2104fca CONNMARK set 0x2 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 20 packets, 2094 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    8   878 CONNMARK   all  --  *      *       192.0.2.12      192.0.2.9     CONNMARK restore 

Chain POSTROUTING (policy ACCEPT 20 packets, 2094 bytes)
 pkts bytes target     prot opt in     out     source               destination         

If I remove the line "mark=%unique" in the config (connection working properly):

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
09:51:11.306656 IP 192.0.2.9.500 > 192.0.2.12.500: isakmp: phase 1 I ident
09:51:11.308495 IP 192.0.2.12.500 > 192.0.2.9.500: isakmp: phase 1 R ident
09:51:11.315001 IP 192.0.2.9.500 > 192.0.2.12.500: isakmp: phase 1 I ident
09:51:11.332581 IP 192.0.2.12.500 > 192.0.2.9.500: isakmp: phase 1 R ident
09:51:11.345475 IP 192.0.2.9.4500 > 192.0.2.12.4500: NONESP-encap: isakmp: phase 1 I ident[E]
09:51:11.345495 IP 192.0.2.9 > 192.0.2.12: udp
09:51:11.360105 IP 192.0.2.12.4500 > 192.0.2.9.4500: NONESP-encap: isakmp: phase 1 R ident
09:51:11.360181 IP 192.0.2.12.4500 > 192.0.2.9.4500: NONESP-encap: isakmp: phase 1 R ident
09:51:11.360192 IP 192.0.2.12.4500 > 192.0.2.9.4500: NONESP-encap: isakmp: phase 1 R ident
09:51:11.360430 IP 192.0.2.12.4500 > 192.0.2.9.4500: NONESP-encap: isakmp: phase 1 R ident
09:51:11.640810 IP 192.0.2.9.4500 > 192.0.2.12.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
09:51:11.643852 IP 192.0.2.12.4500 > 192.0.2.9.4500: NONESP-encap: isakmp: phase 2/others R oakley-quick[E]
09:51:11.645266 IP 192.0.2.9.4500 > 192.0.2.12.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
09:51:11.647586 IP 192.0.2.9.4500 > 192.0.2.12.4500: UDP-encap: ESP(spi=0xc9938f11,seq=0x1), length 148
09:51:11.648055 IP 192.0.2.12.4500 > 192.0.2.9.4500: UDP-encap: ESP(spi=0xd693e383,seq=0x1), length 164
09:51:11.648616 IP 192.0.2.9.4500 > 192.0.2.12.4500: UDP-encap: ESP(spi=0xc9938f11,seq=0x2), length 68
09:51:11.648647 IP 192.0.2.9.4500 > 192.0.2.12.4500: UDP-encap: ESP(spi=0xc9938f11,seq=0x3), length 116
09:51:11.649041 IP 192.0.2.12.4500 > 192.0.2.9.4500: UDP-encap: ESP(spi=0xd693e383,seq=0x2), length 68
09:51:11.649132 IP 192.0.2.12.4500 > 192.0.2.9.4500: UDP-encap: ESP(spi=0xd693e383,seq=0x3), length 84
09:51:11.649360 IP 192.0.2.12.4500 > 192.0.2.9.4500: UDP-encap: ESP(spi=0xd693e383,seq=0x4), length 68
...

History

#1 Updated by Martin Willi over 6 years ago

  • Status changed from New to Feedback

Pavel,

Thanks for testing the plugin.

00[DMN] Starting IKE charon daemon (strongSwan 5.3.0dr1, Linux 2.6.32-504.12.2.el6.i686, i686)

XFRM marks, which the connmark plugin relies on, have not been introduced before Linux 2.6.34. You most likely need to upgrade your kernel to use XFRM marks and the connmark plugin.

Regards
Martin

#2 Updated by Pavel Kopchyk over 6 years ago

Martin,

Thank you for creating a plugin!

I try 2.6.39-400.248.3 (Oracle UEK)

Starting IKE charon daemon (strongSwan 5.3.0dr1, Linux 2.6.39-400.248.3.el6uek.i686, i686)

Client 1 is connected, then try to connect the client number 2 and then there is a problem.

iptables -L -nvt mangle

Chain PREROUTING (policy ACCEPT 119 packets, 9877 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    8   826 MARK       udp  --  *      *       192.0.2.9      192.0.2.12     udp spt:4500 dpt:4500 MARK set 0x2 
   64 11914 MARK       udp  --  *      *       192.0.2.9      192.0.2.12     udp spt:1024 dpt:4500 MARK set 0x1 

Chain INPUT (policy ACCEPT 104 packets, 8988 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    6   468 CONNMARK   all  --  *      *       192.0.2.9      192.0.2.12     policy match dir in pol ipsec spi 0x2bba0ecb CONNMARK set 0x2 
   62  8560 CONNMARK   all  --  *      *       192.0.2.9      192.0.2.12     policy match dir in pol ipsec spi 0xc464accc CONNMARK set 0x1 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 71 packets, 6892 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   36  3332 CONNMARK   all  --  *      *       192.0.2.12      192.0.2.9     CONNMARK restore 
   77  8903 CONNMARK   all  --  *      *       192.0.2.12      192.0.2.9     CONNMARK restore 

Chain POSTROUTING (policy ACCEPT 71 packets, 6892 bytes)
 pkts bytes target     prot opt in     out     source               destination         

ip xfrm pol (looks like a problem, the same priority)

src 192.0.2.9/32 dst 192.0.2.12/32 proto udp sport 1701 dport 1701 
    dir in priority 2816 ptype main 
    tmpl src 0.0.0.0 dst 0.0.0.0
        proto esp reqid 2 mode transport
src 192.0.2.12/32 dst 192.0.2.9/32 proto udp sport 1701 dport 1701 
    dir out priority 2816 ptype main 
    tmpl src 0.0.0.0 dst 0.0.0.0
        proto esp reqid 2 mode transport
src 192.0.2.9/32 dst 192.0.2.12/32 proto udp sport 1701 dport 1701 
    dir in priority 2816 ptype main 
    tmpl src 0.0.0.0 dst 0.0.0.0
        proto esp reqid 1 mode transport
src 192.0.2.12/32 dst 192.0.2.9/32 proto udp sport 1701 dport 1701 
    dir out priority 2816 ptype main 
    tmpl src 0.0.0.0 dst 0.0.0.0
        proto esp reqid 1 mode transport
src 0.0.0.0/0 dst 0.0.0.0/0 
    dir 3 priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    dir 4 priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    dir 3 priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    dir 4 priority 0 ptype main 

#3 Updated by Martin Willi over 6 years ago

Client 1 is connected, then try to connect the client number 2 and then there is a problem.

What exactly is the problem?

ip xfrm pol (looks like a problem, the same priority)

The same priority is actually normal, as it is calculated from the selector size (which is the same).

src 192.0.2.9/32 dst 192.0.2.12/32 proto udp sport 1701 dport 1701 
    dir in priority 2816 ptype main 
    tmpl src 0.0.0.0 dst 0.0.0.0
        proto esp reqid 2 mode transport

What I still miss here is the mark associated to your policy. If your kernel (and iproute2 package!) supports XFRM marks, you should see these marks on the policies, as seen on that non-connmark testcase with marks.

#4 Updated by Pavel Kopchyk over 6 years ago

After update iproute2 package strongswan working properly.

ip xfrm pol

src 192.0.2.9/32 dst 192.0.2.12/32 proto udp sport 1701 dport 1701 
    dir in priority 2816 ptype main 
    mark 3/0xffffffff
    tmpl src 0.0.0.0 dst 0.0.0.0
        proto esp reqid 3 mode transport
src 192.0.2.12/32 dst 192.0.2.9/32 proto udp sport 1701 dport 1701 
    dir out priority 2816 ptype main 
    mark 3/0xffffffff
    tmpl src 0.0.0.0 dst 0.0.0.0
        proto esp reqid 3 mode transport
src 192.0.2.9/32 dst 192.0.2.12/32 proto udp sport 1701 dport 1701 
    dir in priority 2816 ptype main 
    mark 2/0xffffffff
    tmpl src 0.0.0.0 dst 0.0.0.0
        proto esp reqid 2 mode transport
src 192.0.2.12/32 dst 192.0.2.9/32 proto udp sport 1701 dport 1701 
    dir out priority 2816 ptype main 
    mark 2/0xffffffff
    tmpl src 0.0.0.0 dst 0.0.0.0
        proto esp reqid 2 mode transport
src 0.0.0.0/0 dst 0.0.0.0/0 
    socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    socket out priority 0 ptype main 

iptables -L -nvt mangle

Chain PREROUTING (policy ACCEPT 224 packets, 20970 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   10  1018 MARK       udp  --  *      *       192.0.2.9      192.0.2.12      udp spt:1024 dpt:4500 MARK set 0x3
   98 15015 MARK       udp  --  *      *       192.0.2.9      192.0.2.12      udp spt:4500 dpt:4500 MARK set 0x2

Chain INPUT (policy ACCEPT 223 packets, 20809 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    8   557 CONNMARK   all  --  *      *       192.0.2.9      192.0.2.12      policy match dir in pol ipsec spi 0x51692ec3 CONNMARK set 0x3
   95  9991 CONNMARK   all  --  *      *       192.0.2.9      192.0.2.12      policy match dir in pol ipsec spi 0xa68783c7 CONNMARK set 0x2

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 101 packets, 10716 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   40  3388 CONNMARK   all  --  *      *       192.0.2.12      192.0.2.9      CONNMARK restore
   79  8745 CONNMARK   all  --  *      *       192.0.2.12      192.0.2.9      CONNMARK restore

But the problem remains, and it is probably the xl2tpd (or pppd, ppp1 not up, xl2tpd breaking session of the first user):

  946 ?        Ss     0:00 xl2tpd
  991 ?        S      0:00  \_ /usr/sbin/pppd passive nodetach refuse-pap file /etc/ppp/options.xl2tpd plugin pppol2tp.so pppol2tp 8 pppol2tp_lns_mode pppol2tp_tunnel_id 29562 pppol2tp_session_id 14134
 1013 ?        S      0:00  \_ /usr/sbin/pppd passive nodetach refuse-pap file /etc/ppp/options.xl2tpd plugin pppol2tp.so pppol2tp 10 pppol2tp_lns_mode pppol2tp_tunnel_id 58733 pppol2tp_session_id 26715

Mar 20 14:06:33 test charon: 15[ENC] parsed QUICK_MODE request 1 [ HASH ]
Mar 20 14:06:33 test charon: 15[CHD]   using AES_CBC for encryption
Mar 20 14:06:33 test charon: 15[CHD]   using HMAC_SHA1_96 for integrity
Mar 20 14:06:33 test charon: 15[CHD] adding inbound ESP SA
Mar 20 14:06:33 test charon: 15[CHD]   SPI 0xced1d724, src 192.0.2.9 dst 192.0.2.12
Mar 20 14:06:33 test charon: 15[CHD] adding outbound ESP SA
Mar 20 14:06:33 test charon: 15[CHD]   SPI 0x846ecfa4, src 192.0.2.12 dst 192.0.2.9
Mar 20 14:06:33 test charon: 15[IKE] CHILD_SA rw-cert{8} established with SPIs ced1d724_i 846ecfa4_o and TS 192.0.2.12/32[udp/l2tp] === 192.0.2.9/32[udp/l2tp] 
Mar 20 14:06:34 test xl2tpd[946]: Connection established to 192.0.2.9, 1701.  Local: 56439, Remote: 9 (ref=0/0).  LNS session is 'default'
Mar 20 14:06:34 test xl2tpd[946]: Call established with 192.0.2.9, Local: 61288, Remote: 1, Serial: 0
Mar 20 14:06:34 test pppd[1081]: Plugin radius.so loaded.
Mar 20 14:06:34 test pppd[1081]: RADIUS plugin initialized.
Mar 20 14:06:34 test pppd[1081]: Plugin radattr.so loaded.
Mar 20 14:06:34 test pppd[1081]: RADATTR plugin initialized.
Mar 20 14:06:34 test pppd[1081]: Plugin pppol2tp.so loaded.
Mar 20 14:06:34 test pppd[1081]: pppd 2.4.5 started by root, uid 0
Mar 20 14:06:34 test pppd[1081]: Using interface ppp1
Mar 20 14:06:34 test pppd[1081]: Connect: ppp1 <--> 
Mar 20 14:06:34 test pppd[1081]: Overriding mtu 1500 to 1400
Mar 20 14:06:34 test pppd[1081]: Overriding mru 1500 to mtu value 1400
Mar 20 14:07:04 test pppd[1081]: LCP: timeout sending Config-Requests

#5 Updated by Tobias Brunner over 6 years ago

  • Status changed from Feedback to Closed
  • Assignee set to Martin Willi
  • Resolution set to No change required

Also available in: Atom PDF