Hi. THis bug was reported today against the Debian xl2tpd package, but the submitter tagged it as upstream. My reading of the described behavior makes me also think that this is an upstream issue. Is this something that has already been reported?
Regards,
-Roberto
On Fri, Jul 16, 2010 at 03:55:27PM +0100, Guillaume wrote:
> Package: xl2tpd
> Version: 1.2.6+dfsg-1
> Severity: normal
> Tags: upstream
>
> When connecting to the xl2tpd server, the ipsec tunnel is established well
> (with openswan) but when xl2tpd calls ppp, it doesn't take into account the
> ip range parameter in the config and assigns an IP address 0.0.0.0 to the
> client. If I try with manually setting up the IP on the client side, the
> connection works fine.
> Here.s xl2tpd.conf:
> [global] ;
> Global parameters:
> ipsec saref = yes
> listen-addr = 172.56.252.2
> [lns default] ; Our
> fallthrough LNS definition
> exclusive = yes ; * Only permit one
> tunnel per host
> assign ip = yes
> ip range = 172.56.252.207-208 ; * Allocate from this IP range
> local ip = 172.56.252.206 ; * Our local IP to
> use
> length bit = yes ; * Use
> length bit in payload?
> refuse pap = yes ; * Refuse
> PAP authentication
> refuse chap = yes ; * Refuse
> CHAP authentication
> require authentication = yes ; * Require peer to
> authenticate
> ppp debug = yes ; * Turn on PPP debugging
> pppoptfile = /etc/ppp/options.xl2tpd ; * ppp options file
>
>
> Here.s the Syslog info:
> XXX.XXX.XXX.XXX is my client address
> The interesting line, when xl2tpd calls ppp : Jul 16 15:49:35 srvguigui
> xl2tpd[1732]: "172.56.252.206:0.0.0.0"
>
>
> Jul 16 15:49:34 srvguigui xl2tpd[1732]: Connection established to
> XXX.XXX.XXX.XXX, 1701. Local: 1353, Remote: 2 (ref=0/0). LNS session is
> 'default'
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: start_pppd: I'm running:
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: "/usr/sbin/pppd"
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: "passive"
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: "nodetach"
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: "172.56.252.206:0.0.0.0"
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: "refuse-pap"
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: "refuse-chap"
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: "auth"
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: "debug"
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: "file"
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: "/etc/ppp/options.xl2tpd"
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: "/dev/pts/3"
> Jul 16 15:49:35 srvguigui xl2tpd[1732]: Call established with
> XXX.XXX.XXX.XXX, Local: 56822, Remote: 1, Serial: 0
> Jul 16 15:49:35 srvguigui pppd[24344]: pppd 2.4.4 started by root, uid 0
> Jul 16 15:49:35 srvguigui pppd[24344]: using channel 2
> Jul 16 15:49:35 srvguigui pppd[24344]: Using interface ppp0
> Jul 16 15:49:35 srvguigui pppd[24344]: Connect: ppp0 <--> /dev/pts/3
> Jul 16 15:49:35 srvguigui pppd[24344]: sent [LCP ConfReq id=0x1 <asyncmap
> 0x0> <auth eap> <magic 0x1945126> <pcomp> <accomp>]
> Jul 16 15:49:36 srvguigui pppd[24344]: rcvd [LCP ConfNak id=0x1 <auth chap
> MS-v2>]
> Jul 16 15:49:36 srvguigui pppd[24344]: sent [LCP ConfReq id=0x2 <asyncmap
> 0x0> <auth chap MS-v2> <magic 0x1945126> <pcomp> <accomp>]
> Jul 16 15:49:36 srvguigui pppd[24344]: rcvd [LCP ConfAck id=0x2 <asyncmap
> 0x0> <auth chap MS-v2> <magic 0x1945126> <pcomp> <accomp>]
> Jul 16 15:49:37 srvguigui pppd[24344]: rcvd [LCP ConfReq id=0x1 <mru 1400>
> <magic 0x75a53dc2> <pcomp> <accomp> <callback CBCP>]
> Jul 16 15:49:37 srvguigui pppd[24344]: sent [LCP ConfRej id=0x1 <callback
> CBCP>]
> Jul 16 15:49:38 srvguigui pppd[24344]: rcvd [LCP ConfReq id=0x2 <mru 1400>
> <magic 0x75a53dc2> <pcomp> <accomp>]
> Jul 16 15:49:38 srvguigui pppd[24344]: sent [LCP ConfAck id=0x2 <mru 1400>
> <magic 0x75a53dc2> <pcomp> <accomp>]
> Jul 16 15:49:38 srvguigui pppd[24344]: sent [LCP EchoReq id=0x0
> magic=0x1945126]
> Jul 16 15:49:38 srvguigui pppd[24344]: sent [CHAP Challenge id=0xf9
> <f4a8dc42a69833747a641f92ce0a3f52>, name = "xl2tpd"]
> Jul 16 15:49:38 srvguigui pppd[24344]: rcvd [LCP Ident id=0x3
> magic=0x75a53dc2 "MSRASV5.10"]
> Jul 16 15:49:38 srvguigui pppd[24344]: rcvd [LCP Ident id=0x4
> magic=0x75a53dc2 "MSRAS-0-UKGVOIRIOT"]
> Jul 16 15:49:38 srvguigui pppd[24344]: rcvd [LCP EchoRep id=0x0
> magic=0x75a53dc2]
> Jul 16 15:49:38 srvguigui pppd[24344]: rcvd [CHAP Response id=0xf9
> <861274882a67081b2da56f25e79ffe62000000000000000091c1d5d4dd4a1f86ba2cd32e82431f6330a261c559033f5e00>,
> name = "usertest"]
> Jul 16 15:49:38 srvguigui pppd[24344]: sent [CHAP Success id=0xf9
> "S=A8B110D80B67722D2531F4233A890D4584C44630 M=Access granted"]
> Jul 16 15:49:38 srvguigui pppd[24344]: sent [CCP ConfReq id=0x1 <deflate 15>
> <deflate(old#) 15> <bsd v1 15>]
> Jul 16 15:49:38 srvguigui pppd[24344]: sent [IPCP ConfReq id=0x1 <compress VJ
> 0f 01> <addr 172.56.252.206>]
> Jul 16 15:49:39 srvguigui pppd[24344]: rcvd [CCP ConfReq id=0x5 <mppe +H -M
> -S -L -D +C>]
> Jul 16 15:49:39 srvguigui pppd[24344]: sent [CCP ConfRej id=0x5 <mppe +H -M
> -S -L -D +C>]
> Jul 16 15:49:39 srvguigui pppd[24344]: rcvd [IPCP ConfReq id=0x6 <addr
> 0.0.0.0> <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>]
> Jul 16 15:49:39 srvguigui pppd[24344]: sent [IPCP ConfRej id=0x6 <addr
> 0.0.0.0> <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>]
> Jul 16 15:49:39 srvguigui pppd[24344]: rcvd [CCP ConfRej id=0x1 <deflate 15>
> <deflate(old#) 15> <bsd v1 15>]
> Jul 16 15:49:39 srvguigui pppd[24344]: sent [CCP ConfReq id=0x2]
> Jul 16 15:49:39 srvguigui pppd[24344]: rcvd [IPCP ConfRej id=0x1 <compress VJ
> 0f 01>]
> Jul 16 15:49:39 srvguigui pppd[24344]: sent [IPCP ConfReq id=0x2 <addr
> 172.56.252.206>]
> Jul 16 15:49:39 srvguigui pppd[24344]: rcvd [CCP TermReq
> id=0x7"u\37777777645=\37777777702\000<\37777777715t\000\000\002\37777777734"]
> Jul 16 15:49:39 srvguigui pppd[24344]: sent [CCP TermAck id=0x7]
> Jul 16 15:49:39 srvguigui pppd[24344]: rcvd [IPCP ConfReq id=0x8 <addr
> 0.0.0.0>]
> Jul 16 15:49:39 srvguigui pppd[24344]: sent [IPCP ConfRej id=0x8 <addr
> 0.0.0.0>]
> Jul 16 15:49:39 srvguigui pppd[24344]: rcvd [IPCP ConfAck id=0x2 <addr
> 172.56.252.206>]
> Jul 16 15:49:39 srvguigui pppd[24344]: rcvd [IPCP TermReq id=0x9
> "u\37777777645=\37777777702\000<\37777777715t\000\000\002\37777777742"]
> Jul 16 15:49:39 srvguigui pppd[24344]: sent [IPCP TermAck id=0x9]
> Jul 16 15:49:40 srvguigui pppd[24344]: rcvd [LCP TermReq id=0xa
> "u\37777777645=\37777777702\000<\37777777715t\000\000\000\000"]
> Jul 16 15:49:40 srvguigui pppd[24344]: LCP terminated by peer
> (uM-%=M-B^@<m-...@^@^...@^@)
> Jul 16 15:49:40 srvguigui pppd[24344]: sent [LCP TermAck id=0xa]
> Jul 16 15:49:41 srvguigui xl2tpd[1732]: control_finish: Connection closed to
> XXX.XXX.XXX.XXX, serial 0 ()
> Jul 16 15:49:41 srvguigui xl2tpd[1732]: Terminating pppd: sending TERM signal
> to pid 24344
> Jul 16 15:49:41 srvguigui pppd[24344]: Terminating on signal 15
> Jul 16 15:49:41 srvguigui pppd[24344]: Modem hangup
> Jul 16 15:49:41 srvguigui pppd[24344]: Connection terminated.
> Jul 16 15:49:41 srvguigui pppd[24344]: Connect time 0.1 minutes.
> Jul 16 15:49:41 srvguigui pppd[24344]: Sent 95 bytes, received 109 bytes.
> Jul 16 15:49:41 srvguigui pppd[24344]: Exit.
> Jul 16 15:49:41 srvguigui xl2tpd[1732]: pppd 24344 successfully terminated
> Jul 16 15:49:41 srvguigui xl2tpd[1732]: control_finish: Connection closed to
> XXX.XXX.XXX.XXX, port 1701 (), Local: 1353, Remote: 2
>
>
> -- System Information:
> Debian Release: squeeze/sid
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.32-5-486
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages xl2tpd depends on:
> ii libc6 2.11.2-2 Embedded GNU C Library: Shared
> lib
> ii libpcap0.8 1.1.1-2 system interface for user-level
> pa
> ii ppp 2.4.4rel-10.1 Point-to-Point Protocol (PPP) -
> da
>
> xl2tpd recommends no packages.
>
> xl2tpd suggests no packages.
>
> -- Configuration Files:
> /etc/init.d/xl2tpd changed:
> PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
> DAEMON=/usr/sbin/xl2tpd
> NAME=xl2tpd
> DESC=xl2tpd
> test -x $DAEMON || exit 0
> if [ -f /etc/default/xl2tpd ] ; then
> . /etc/default/xl2tpd
> fi
> if !([ -f /var/run/xl2tpd/l2tp-control ]); then
> touch /var/run/xl2tpd/l2tp-control
> fi
> PIDFILE=/var/run/$NAME.pid
> set -e
> case "$1" in
> start)
> echo -n "Starting $DESC: "
> test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p
> ${XL2TPD_RUN_DIR:-/var/run/xl2tpd}
> start-stop-daemon --start --quiet --pidfile $PIDFILE \
> --exec $DAEMON -- $DAEMON_OPTS
> echo "$NAME."
> ;;
> stop)
> echo -n "Stopping $DESC: "
> start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
> --exec $DAEMON
> echo "$NAME."
> ;;
> force-reload)
> test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p
> ${XL2TPD_RUN_DIR:-/var/run/xl2tpd}
> # check whether $DAEMON is running. If so, restart
> start-stop-daemon --stop --test --quiet --pidfile \
> $PIDFILE --exec $DAEMON \
> && $0 restart \
> || exit 0
> ;;
> restart)
> test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p
> ${XL2TPD_RUN_DIR:-/var/run/xl2tpd}
> echo -n "Restarting $DESC: "
> start-stop-daemon --stop --quiet --pidfile \
> $PIDFILE --exec $DAEMON
> sleep 1
> start-stop-daemon --start --quiet --pidfile \
> $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
> echo "$NAME."
> ;;
> *)
> N=/etc/init.d/$NAME
> echo "Usage: $N {start|stop|restart|force-reload}" >&2
> exit 1
> ;;
> esac
> exit 0
>
> /etc/xl2tpd/xl2tpd.conf changed:
> ;
> ; Sample l2tpd configuration file
> ;
> ; This example file should give you some idea of how the options for l2tpd
> ; should work. The best place to look for a list of all options is in
> ; the source code itself, until I have the time to write better documetation
> :)
> ; Specifically, the file "file.c" contains a list of commands at the end.
> ;
> ; You most definitely don't have to spell out everything as it is done here
> ;
> [global] ;
> Global parameters:
> ipsec saref = yes
> listen-addr = 172.56.252.2
> ; port = 1701 ; * Bind to
> port 1701
> ; auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets
> are
> ; access control = yes ; * Refuse
> connections without IP match
> ; rand source = dev ; Source for entropy for random
> ; ; numbers, options are:
> ; ; dev - reads of /dev/urandom
> ; ; sys - uses rand()
> ; ; egd - reads from egd socket
> ; ; egd is not yet implemented
> ;
> [lns default] ; Our
> fallthrough LNS definition
> exclusive = yes ; * Only permit
> one tunnel per host
> assign ip = yes
> ip range = 172.56.252.207 ; * Allocate from this IP range
> ; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
> ; ip range = 192.168.0.5 ; * But this one is okay
> ; ip range = lac1-lac2 ; * And
> anything from lac1 to lac2's IP
> ; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's
> ; no lac = untrusted.marko.net ; * This guy can't
> connect
> ; hidden bit = no ; * Use hidden
> AVP's?
> local ip = 172.56.252.206 ; * Our local IP to use
> length bit = yes ; * Use length
> bit in payload?
> ; require chap = yes ; * Require CHAP auth.
> by peer
> refuse pap = yes ; * Refuse PAP
> authentication
> refuse chap = yes ; * Refuse CHAP
> authentication
> ; refuse authentication = no ; * Refuse authentication
> altogether
> require authentication = yes ; * Require peer to authenticate
> ; unix authentication = no ; * Use /etc/passwd for
> auth.
> ; name = myhostname ; * Report this
> as our hostname
> ppp debug = yes ; * Turn on PPP
> debugging
> pppoptfile = /etc/ppp/options.xl2tpd ; * ppp options file
> ; call rws = 10 ; * RWS
> for call (-1 is valid)
> ; tunnel rws = 4 ; * RWS for
> tunnel (must be > 0)
> ; flow bit = yes ; * Include
> sequence numbers
> ; challenge = yes ; * Challenge
> authenticate peer ;
> ;
> ; [lac marko] ; Example VPN
> LAC definition
> ; lns = lns.marko.net ; * Who is our LNS?
> ; lns = lns2.marko.net ; * A backup
> LNS (not yet used)
> ; redial = yes ; *
> Redial if disconnected?
> ; redial timeout = 15 ; * Wait n seconds
> between redials
> ; max redials = 5 ; * Give up
> after n consecutive failures
> ; hidden bit = yes ; * User hidden
> AVP's?
> ; local ip = 192.168.1.1 ; * Force peer to use
> this IP for us
> ; remote ip = 192.168.1.2 ; * Force peer to use
> this as their IP
> ; length bit = no ; * Use length
> bit in payload?
> ; require pap = no ; * Require PAP
> auth. by peer
> ; require chap = yes ; * Require CHAP auth.
> by peer
> ; refuse pap = yes ; * Refuse PAP
> authentication
> ; refuse chap = no ; * Refuse CHAP
> authentication
> ; refuse authentication = no ; * Refuse authentication
> altogether
> ; require authentication = yes ; * Require peer to
> authenticate
> ; name = marko ; *
> Report this as our hostname
> ; ppp debug = no ; * Turn on PPP
> debugging
> ; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this
> lac
> ; call rws = 10 ; * RWS
> for call (-1 is valid)
> ; tunnel rws = 4 ; * RWS for
> tunnel (must be > 0)
> ; flow bit = yes ; * Include
> sequence numbers
> ; challenge = yes ; * Challenge
> authenticate peer
> ;
> ; [lac cisco] ; Another quick
> LAC
> ; lns = cisco.marko.net ; * Required,
> but can take from default
> ; require authentication = yes
>
>
> -- no debconf information
>
>
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
