mpd- no ng_l2tp coming up

Mike Tancsa mike at sentex.net
Thu Mar 17 03:59:33 UTC 2011 

On 3/16/2011 9:32 PM, Da Rock wrote:
> I'm running into all sorts of issues setting up l2tp networking. I think
> I have the IPSEC part worked out, but testing parts at a time l2tp dies
> in a hole.

Try without IPSEC first to make sure you have the l2tp portion correct.
Also, make sure no firewall rules are getting in the way.

I have this simple mpd5 config file to act as an l2tp server in my test
environment


startup:
        # configure mpd users
        set user admin xxx admin
        # configure the console
        set console self 127.0.0.1 5005
        set console open
        # configure the web server
        set web self 192.168.255.254 5006
        set web open
        log +IPV6CP
        log +IPV6CP2

default:
        load l2tpserver



l2tpserver:
# Define dynamic IP address pool.
        set ippool add pool1 xx.159.245.1 xx.159.245.5
        set ippool add pool1 10.241.241.20 10.241.241.99
        set ippool add rfc1918 172.11.22.140 172.11.22.180



# Create clonable bundle template named B
        create bundle template B
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp disable vjcomp
        set bundle enable ipv6cp
        set ipcp deny vjcomp
        set ipcp ranges xx.43.128.6/32 ippool pool1
        set ipcp dns yy.211.164.51 zz.212.134.12
        #set ipcp nbns 127.0.0.1
# Set bundle template to use
        create link template L l2tp
        set l2tp hostname sentex
        set l2tp disable dataseq
        set link action bundle B
# Enable peer authentication
        set link disable eap
        set link enable pap
        set link disable acfcomp
        set link disable protocomp
        set link disable check-magic
        set link deny acfcomp
        set link keep-alive 10 60
        set link deny protocomp
        #load radius
        set link mtu 1492
        set link mru 1492
        set link enable incoming
        set link disable peer-as-calling




For the client, mpd5 works with the following config

l2tp_client:
#
# PPPoE client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#

        create bundle static B1
        set iface route default
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0

        create link static L1 l2tp
        set link action bundle B1
        set auth authname testaccount-in-mpd-secret-file
        set auth password thepass
        set link max-redial 0
        set link mtu 1460
        set link keep-alive 20 75
        set l2tp peer 64.7.128.195
        open


> I also had an unscheduled reboot (power failure) and that showed up a
> warning: "attempt to domain_add(netgraph) after domainfinalize()" which
> I could never quite figure was fatal or not.

Thats ok. Its not an issue and is more informational than anything

> It appears the control connection is setup and then fails for some
> inexplicable reason. The client (android) logs show the same, but it is
> definitely the server that kills the connection. Anything I've missed?

Make sure there are no firewall rules getting in the way.  And if
possible, use a client that you know "works".  The above server works
with Windows clients with IPSEC disabled.  Start there, or with a
FreeBSD client.


	---Mike
-- 
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/

More information about the freebsd-net mailing list