L2TP - VyOS 1.3

Hello,

Hope you’re all well.

I am currently trying to configure VyOS as an LNS and authenticate against RADIUS for PPP sessions.

It seems L2TP is not listening when looking at netstat.

I can see the process running:

ps axf | grep l2tp
24999 pts/1 S+ 0:00 _ grep l2tp
1784 ? Ssl 0:04 /usr/sbin/accel-pppd -c /etc/accel-ppp/l2tp/l2tp.config -p /var/run/accel_l2tp.pid -d

Here is my configuration (IPs omitted):

vpn {
l2tp {
remote-access {
authentication {
mode radius
radius {
server x.x.x.x {
key ***************
}
source-address x.x.x.x
}
}
ccp-disable
client-ip-pool {
start 100.126.0.2
stop 100.126.0.254
}
gateway-address 100.126.0.1
lns {
shared-secret LNS-SHARED-KEY
}
outside-address x.x.x.x
}
}
}

One thing I noticed when trying to commit the configuration is the following:

[ vpn l2tp ]
Connection to “localhost:2004” failed

[ vpn ]
sed: can’t read /etc/ipsec.d/tunnels/remote-access: No such file or directory

Any assistance would be much appreciated.

Kind regards,
Padraig

Hello @mr_padraig, which exactly VyOS version are you using?
show version

I think this issue was resolved a few days ago.

@Dmitry

Thanks for the prompt response.

The output from show version:

Version: VyOS 1.3-rolling-202001090730
Built by: autobuild@vyos.net
Built on: Thu 09 Jan 2020 07:30 UTC
Build UUID: 6170e084-8098-48e0-971a-bd995d3900e2
Build Commit ID: 2b332ea0c3cd73

Yes, I think you need to try latest rolling release.

@Dmitry

Upgrading to the latest rolling release fixed the problem and the l2tp daemon started listening, although after I made a minor change to the L2TP configuration the l2tp daemon stopped listening on localhost:2004. I get the error: “Connection to “localhost:2004” failed”

I get the following when checking the status:

systemctl status accel-ppp.service

● accel-ppp.service - Accel-PPP

Loaded: loaded (/lib/systemd/system/accel-ppp.service; disabled; vendor preset: enabled)

Active: failed (Result: exit-code) since Thu 2020-01-16 15:09:55 GMT; 1min 45s ago

Process: 8091 ExecStart=/usr/sbin/accel-pppd -d -p /var/run/accel-pppd.pid -c /etc/accel-ppp.conf (code=exited, status=1/FAILURE)

Jan 16 15:09:55 vylns01 systemd[1]: accel-ppp.service: Service RestartSec=100ms expired, scheduling restart.
Jan 16 15:09:55 vylns01 systemd[1]: accel-ppp.service: Scheduled restart job, restart counter is at 5.
Jan 16 15:09:55 vylns01 systemd[1]: Stopped Accel-PPP.
Jan 16 15:09:55 vylns01 systemd[1]: accel-ppp.service: Start request repeated too quickly.
Jan 16 15:09:55 vylns01 systemd[1]: accel-ppp.service: Failed with result ‘exit-code’.
Jan 16 15:09:55 vylns01 systemd[1]: Failed to start Accel-PPP.

The change I made was “set vpn l2tp remote-access authentication require chap” - When I commit the change it stops accel-ppp from working.

A reboot seems to fix problem and restarts the accel-ppp process.