Ubuntu
l2tp-ipsec-vpn package

l2tp-ipsec-vpn failed trying to connect to l2tp VPN

Bug #933139 reported by Julian Alarcon
24
This bug affects 5 people
Affects Status Importance Assigned to Milestone
L2TP over IPsec VPN Manager
Fix Released
Low
Werner Jaeger
Openswan
Invalid
Undecided
Unassigned
l2tp-ipsec-vpn (Ubuntu)
Fix Released
Undecided
Werner Jaeger
openswan (Ubuntu)
Invalid
Undecided
Unassigned
xl2tpd (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

l2tp-ipsec-vpn failed trying to connect to l2tp VPN.

I already tried the packages from the repositorie (https://launchpad.net/~werner-jaeger/+archive/ppa-werner-vpn) and the officia packages in ubuntu 12.04.

I think that maybe the problem is in xl2tpd but I don't know how can I trace it.

The VPN packages in the repo works fine in others version of Ubuntu (10.04, 11.10, 11.04, 11.10 (replacing the xl2tpd with error)) but not in Precise.

BTW I already tried the packages of Debian Wheezy in a Linux Mint Debian installation and I got the same error.

This is the error:
Feb 15 17:38:52.288 xl2tpd[9935]: death_handler: Fatal signal 15 received
Feb 15 17:38:52.288 Stopping xl2tpd: xl2tpd.
Feb 15 17:38:52.320 ipsec_setup: Openswan IPsec apparently already active, start aborted
Feb 15 17:38:52.354 recvref[30]: Protocol not available
Feb 15 17:38:52.354 xl2tpd[10809]: This binary does not support kernel L2TP.
Feb 15 17:38:52.355 Starting xl2tpd: xl2tpd.
Feb 15 17:38:52.357 xl2tpd[10810]: xl2tpd version xl2tpd-1.3.1 started on telintel26 PID:10810
Feb 15 17:38:52.357 xl2tpd[10810]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Feb 15 17:38:52.358 xl2tpd[10810]: Forked by Scott Balmos and David Stipp, (C) 2001
Feb 15 17:38:52.360 xl2tpd[10810]: Inherited by Jeff McAdams, (C) 2002
Feb 15 17:38:52.361 xl2tpd[10810]: Forked again by Xelerance (www.xelerance.com) (C) 2006Feb 15 17:39:10.004 xl2tpd[10810]: Can not find tunnel 26330 (refhim=0)
Feb 15 17:39:10.005 xl2tpd[10810]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 26330 Dumping.
Feb 15 17:39:11.005 xl2tpd[10810]: Can not find tunnel 26330 (refhim=0)
Feb 15 17:39:11.005 xl2tpd[10810]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 26330 Dumping.
Feb 15 17:39:12.006 xl2tpd[10810]: Can not find tunnel 26330 (refhim=0)
Feb 15 17:39:12.007 xl2tpd[10810]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 26330 Dumping.
Feb 15 17:39:13.007 xl2tpd[10810]: Can not find tunnel 26330 (refhim=0)
Feb 15 17:39:13.010 xl2tpd[10810]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 26330 Dumping.
Feb 15 17:39:14.007 xl2tpd[10810]: Can not find tunnel 26330 (refhim=0)
Feb 15 17:39:14.007 xl2tpd[10810]: network_thread: unable to find call or tunnel to handle packet. call = 0, tunnel = 26330 Dumping.Feb 15 17:39:32.242 Last command timed out

Feb 15 17:38:52.361 xl2tpd[10810]: Listening on IP address 0.0.0.0, port 1701

Other logs...

Feb 15 17:38:09.907 xl2tpd[9935]: Connection established to MYVPNSERVER, 1701. Local: 26330, Remote: 4759 (ref=0/0).
Feb 15 17:38:09.929 xl2tpd[9935]: Calling on tunnel 26330
Feb 15 17:38:09.930 xl2tpd[9935]: check_control: Received out of order control packet on tunnel 4759 (got 0, expected 1)
Feb 15 17:38:09.930 xl2tpd[9935]: handle_packet: bad control packet!
Feb 15 17:38:09.930 xl2tpd[9935]: check_control: Received out of order control packet on tunnel 4759 (got 0, expected 1)
Feb 15 17:38:09.931 xl2tpd[9935]: handle_packet: bad control packet!
Feb 15 17:38:09.980 xl2tpd[9935]: Call established with MYVPNSERVER, Local: 62944, Remote: 25548, Serial: 1 (ref=0/0)
Feb 15 17:38:09.984 xl2tpd[9935]: start_pppd: I'm running:
Feb 15 17:38:09.985 xl2tpd[9935]: "/usr/sbin/pppd"
Feb 15 17:38:09.985 xl2tpd[9935]: "passive"
Feb 15 17:38:09.985 xl2tpd[9935]: "nodetach"
Feb 15 17:38:09.985 xl2tpd[9935]: ":"
Feb 15 17:38:09.986 xl2tpd[9935]: "file"
Feb 15 17:38:09.986 xl2tpd[9935]: "/etc/ppp/TELINTEL.options.xl2tpd"
Feb 15 17:38:09.986 xl2tpd[9935]: "ipparam"
Feb 15 17:38:09.987 xl2tpd[9935]: "MYVPNSERVER"
Feb 15 17:38:09.987 xl2tpd[9935]: "/dev/pts/0"
Feb 15 17:38:10.124 pppd[10060]: Plugin passprompt.so loaded.
Feb 15 17:38:10.140 pppd[10060]: pppd 2.4.5 started by root, uid 0
Feb 15 17:38:10.260 pppd[10060]: Using interface ppp0
Feb 15 17:38:10.260 pppd[10060]: Connect: ppp0 <--> /dev/pts/0

Feb 15 17:16:46.997 ipsec_setup: Starting Openswan IPsec U2.6.37/K3.2.0-16-generic...
Feb 15 17:16:47.828 ipsec__plutorun: Starting Pluto subsystem...
Feb 15 17:16:48.646 recvref[30]: Protocol not available
Feb 15 17:16:48.704 xl2tpd[17816]: This binary does not support kernel L2TP.
Feb 15 17:16:48.704 xl2tpd[17817]: xl2tpd version xl2tpd-1.3.1 started on telintel26 PID:17817
Feb 15 17:16:48.705 xl2tpd[17817]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Feb 15 17:16:48.705 xl2tpd[17817]: Forked by Scott Balmos and David Stipp, (C) 2001
Feb 15 17:16:48.706 xl2tpd[17817]: Inherited by Jeff McAdams, (C) 2002
Feb 15 17:16:48.707 xl2tpd[17817]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Feb 15 17:16:48.708 xl2tpd[17817]: Listening on IP address 0.0.0.0, port 1701
Feb 15 17:16:48.708 Starting xl2tpd: xl2tpd.
Feb 15 17:16:49.080 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Feb 15 17:16:49.234 ipsec__plutorun: 002 added connection description "TELINTEL"
Feb 15 17:17:25.709 Last command timed out
Feb 15 17:17:25.853 xl2tpd[17817]: death_handler: Fatal signal 15 received
Feb 15 17:17:25.854 Stopping xl2tpd: xl2tpd.
Feb 15 17:17:25.883 ipsec_setup: Stopping Openswan IPsec...

For security I just change the VPN server address to MYVPNSERVER

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: l2tp-ipsec-vpn 1.0.3-1
ProcVersionSignature: Ubuntu 3.2.0-16.25-generic 3.2.6
Uname: Linux 3.2.0-16-generic x86_64
ApportVersion: 1.91-0ubuntu1
Architecture: amd64
Date: Wed Feb 15 17:32:54 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha amd64 (20120102)
ProcEnviron:
 LANGUAGE=es_CO:es
 PATH=(custom, no user)
 LANG=es_CO.UTF-8
 SHELL=/bin/bash
SourcePackage: l2tp-ipsec-vpn
UpgradeStatus: Upgraded to precise on 2012-02-15 (0 days ago)

Revision history for this message
Julian Alarcon (julian-alarcon) wrote :
Revision history for this message
Julian Alarcon (julian-alarcon) wrote :

My VPN is set using this parameters:

VPN Server Address
Pre-shared Key
Protocols (PAP, CHAP)
Username and password
Route (internal route, 192.168.0.0, netmask 255.255.255.0)

Everything is left by default in L2tpIPsecVpn

Using the same settings works really great in other Ubuntu versions (10.04 to 11.10).

Changed in l2tp-ipsec-vpn:
assignee: nobody → Werner Jaeger (werner-jaeger)
Revision history for this message
Julian Alarcon (julian-alarcon) wrote :

I thing that this bug is really critial, because the next version of Ubuntu (12.04) is going to be LTS, and we don't want that thing like in 11.10 with the xl2tpd package happens.

I you need more info just ask me ;)

Revision history for this message
Werner Jaeger (werner-jaeger) wrote :

I just uploaded a new version to my ppa repository.

Could you please check out this version to see if this it solves the issue ?

Unfortunately the ipparam problem with the xl2tp package continues in precise, so you still have to downgrade it version 1.2.7

Werner Jaeger (werner-jaeger)
Changed in l2tp-ipsec-vpn (Ubuntu):
assignee: nobody → Werner Jaeger (werner-jaeger)
status: New → Fix Released
Changed in l2tp-ipsec-vpn:
status: New → Fix Released
importance: Undecided → Low
Revision history for this message
Julian Alarcon (julian-alarcon) wrote :

Great!!!

My VPN is finally working in Precise!!!1, but... The applet icon indicate a disconnection (red x), but it's working, already tested.

Thanks!

Revision history for this message
Julian Alarcon (julian-alarcon) wrote :

Wait!!

I tried to disconnect and reconnect, and finally all is working!! Thanks!

BTW I'm using the version of xl2tpd of Oneiric. Is a shame that this bug is still present.

This is the reported bug, maybe you can help more than me.
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/947404

Changed in openswan:
status: New → Invalid
Changed in openswan (Ubuntu):
status: New → Invalid
Revision history for this message
Werner Jaeger (werner-jaeger) wrote :

Hi Julian,

I've implemented a workaround for the xl2tpd IPPARAM bug in version 1.0,6. So, with this version it should be possible to use the newest xl2tpd version (that one delivered with precise distribution).

Tell me if it is not working anyway!

Revision history for this message
Julian Alarcon (julian-alarcon) wrote :

The workaround works OK. Thanks

Revision history for this message
bing (bing000) wrote :
Download full text (4.5 KiB)

Hello,

I just installed l2tp-ipsec-vpn 1.0.6-1, l2tp-ipsec-vpn-daemon 0.9.8-1, xl2tpd 1.3.1+dfsg-1, and ppp 2.4.5-5ubuntu1 and am unable to connect to my work L2TP/IPSec VPN.

Here are the logs from l2tp-ipsec-vpn, and they aren't too informative.

May 15 11:07:19.827 ipsec_setup: Stopping Openswan IPsec...
May 15 11:07:20.938 ipsec_setup: ERROR: Module xfrm4_mode_transport is in use
May 15 11:07:21.024 ipsec_setup: ERROR: Module esp4 is in use
May 15 11:07:21.221 Stopping xl2tpd: xl2tpd.
May 15 11:07:21.222 xl2tpd[2824]: death_handler: Fatal signal 15 received
May 15 11:07:21.223 pppd[2874]: Modem hangup
May 15 11:07:21.223 pppd[2874]: Connection terminated.
May 15 11:07:21.242 ipsec_setup: Starting Openswan IPsec U2.6.37/K3.2.0-24-generic...
May 15 11:07:21.244 pppd[2874]: Exit.
May 15 11:07:21.445 ipsec__plutorun: Starting Pluto subsystem...
May 15 11:07:21.453 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
May 15 11:07:21.472 recvref[30]: Protocol not available
May 15 11:07:21.472 xl2tpd[3447]: This binary does not support kernel L2TP.
May 15 11:07:21.472 xl2tpd[3450]: xl2tpd version xl2tpd-1.3.1 started on biho-ThinkPad-W700 PID:3450
May 15 11:07:21.472 xl2tpd[3450]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
May 15 11:07:21.473 xl2tpd[3450]: Forked by Scott Balmos and David Stipp, (C) 2001
May 15 11:07:21.474 xl2tpd[3450]: Inherited by Jeff McAdams, (C) 2002
May 15 11:07:21.474 xl2tpd[3450]: Forked again by Xelerance (www.xelerance.com) (C) 2006
May 15 11:07:21.474 xl2tpd[3450]: Listening on IP address 0.0.0.0, port 1701
May 15 11:07:21.474 Starting xl2tpd: xl2tpd.
May 15 11:07:21.514 ipsec__plutorun: 002 added connection description "VPN"
May 15 11:07:21.561 104 "VPN" #1: STATE_MAIN_I1: initiate
May 15 11:07:21.562 003 "VPN" #1: received Vendor ID payload [RFC 3947] method set to=109
May 15 11:07:21.562 003 "VPN" #1: ignoring Vendor ID payload [Cisco IKE Fragmentation]
May 15 11:07:21.562 106 "VPN" #1: STATE_MAIN_I2: sent MI2, expecting MR2
May 15 11:07:21.562 003 "VPN" #1: received Vendor ID payload [Cisco-Unity]
May 15 11:07:21.563 003 "VPN" #1: received Vendor ID payload [XAUTH]
May 15 11:07:21.563 003 "VPN" #1: ignoring unknown Vendor ID payload [3a15d9c7957f87ca797bfda12a778ce3]
May 15 11:07:21.563 003 "VPN" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
May 15 11:07:21.563 003 "VPN" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
May 15 11:07:21.564 108 "VPN" #1: STATE_MAIN_I3: sent MI3, expecting MR3
May 15 11:07:21.564 003 "VPN" #1: received Vendor ID payload [Dead Peer Detection]
May 15 11:07:21.564 004 "VPN" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
May 15 11:07:21.564 117 "VPN" #2: STATE_QUICK_I1: initiate
May 15 11:07:21.565 003 "VPN" #2: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed
May 15 11:07:21.565 003 "VPN" #2: our client subnet returned doesn't match my proposal - us:10.xxx.xxx.xxx/32 vs them:xxx.xxx.xxx.xxx/32
May 15 11:07:21.565 003 "VPN" #2: Allowing questionable proposal anyway [ALLOW_MICROSOFT_BAD_PROPOSAL]
May 15 11:07:21.565 003 "VPN" #2: our client peer returned port ...

Read more...

Revision history for this message
Ma Hsiao-chun (mahsiaochun) wrote :

Does this still affect xl2tpd?

Changed in xl2tpd (Ubuntu):
status: New → Incomplete
Revision history for this message
Arne (arneanonymous) wrote :

I have this problem in Ubuntu 12.04 (with the latest updates). The "death_handler: Fatal signal 15 received" comes after a couple of minutes.
Has the fix been applied to 12.04? (Unfortunately I can not upgrade due to HW incompatibilitites with later versions).

Revision history for this message
Sylvain Viart (sylvain-viart) wrote :
Download full text (7.2 KiB)

Hi,

what is involved in this bug exactly?

I'm using xubuntu 14.04
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.2 LTS
Release: 14.04
Codename: trusty

I also get:

death_handler: Fatal signal 15 received

and the connection, is closed after a few seconds. The VPN connection was working, but throught another country.

Here is an anonymized log, from "L2TP IPsec VPN Manager 1.0.9":

févr. 25 07:15:02.147 ipsec_setup: Stopping Openswan IPsec...
févr. 25 07:15:04.100 ipsec_setup: Starting Openswan IPsec U2.6.38/K3.13.0-46-generic...
févr. 25 07:15:05.032 ipsec__plutorun: Starting Pluto subsystem...
févr. 25 07:15:05.065 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
févr. 25 07:15:05.131 recvref[30]: Protocol not available
févr. 25 07:15:05.131 xl2tpd[3257]: This binary does not support kernel L2TP.
févr. 25 07:15:05.133 xl2tpd[3263]: xl2tpd version xl2tpd-1.3.6 started on sylvain-laptop PID:3263
févr. 25 07:15:05.134 xl2tpd[3263]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
févr. 25 07:15:05.134 xl2tpd[3263]: Forked by Scott Balmos and David Stipp, (C) 2001
févr. 25 07:15:05.134 xl2tpd[3263]: Inherited by Jeff McAdams, (C) 2002
févr. 25 07:15:05.135 xl2tpd[3263]: Forked again by Xelerance (www.xelerance.com) (C) 2006
févr. 25 07:15:05.135 xl2tpd[3263]: Listening on IP address 0.0.0.0, port 1701
févr. 25 07:15:05.135 Starting xl2tpd: xl2tpd.
févr. 25 07:15:05.197 ipsec__plutorun: 002 added connection description "vpn-name"
févr. 25 07:15:06.072 104 "vpn-name" #1: STATE_MAIN_I1: initiate
févr. 25 07:15:06.072 003 "vpn-name" #1: ignoring unknown Vendor ID payload [f758f22668750f03b08df6ebe1d00403]
févr. 25 07:15:06.072 003 "vpn-name" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]
févr. 25 07:15:06.072 003 "vpn-name" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] method set to=107
févr. 25 07:15:06.072 003 "vpn-name" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 107
févr. 25 07:15:06.072 003 "vpn-name" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108
févr. 25 07:15:06.073 003 "vpn-name" #1: received Vendor ID payload [RFC 3947] method set to=115
févr. 25 07:15:06.073 003 "vpn-name" #1: received Vendor ID payload [Dead Peer Detection]
févr. 25 07:15:06.073 003 "vpn-name" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]
févr. 25 07:15:06.073 106 "vpn-name" #1: STATE_MAIN_I2: sent MI2, expecting MR2
févr. 25 07:15:06.073 003 "vpn-name" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed
févr. 25 07:15:06.073 108 "vpn-name" #1: STATE_MAIN_I3: sent MI3, expecting MR3
févr. 25 07:15:06.073 004 "vpn-name" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
févr. 25 07:15:06.073 117 "vpn-name" #2: STATE_QUICK_I1: initiate
févr. 25 07:15:06.073 003 "vpn-name" #2: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed
févr. 25 07:15:06.073 004 "vpn-name" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x7a9b2...

Read more...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.