Vyos 1.5 nighty build - accel-ppp doesn't work, no error log

hook.ua · December 27, 2023, 10:33am

Hi there

I’m trying to use recent vyos 1.5 to upgrade year old 1.4 based firewalls
Everything looks fine during automated upgrade but l2tp remote access doesn’t started due to undefined error in accel-ppp service.

Is this bug or feature.
where should I search for problem root?

Thnks

Viacheslav · December 27, 2023, 10:54am

Could you share your config ?

show conf com | match l2tp

hook.ua · December 27, 2023, 1:32pm

Sure, please find below

set vpn l2tp remote-access authentication mode 'radius'
set vpn l2tp remote-access authentication mppe 'deny'
set vpn l2tp remote-access authentication radius server 10.1.0.xx key ''
set vpn l2tp remote-access authentication radius server 10.1.0.xx port '1812'
set vpn l2tp remote-access authentication radius source-address '10.1.0.yy'
set vpn l2tp remote-access authentication require 'mschap-v2'
set vpn l2tp remote-access ccp-disable
set vpn l2tp remote-access client-ip-pool def range '10.1.0.tt-10.1.0.pp'
set vpn l2tp remote-access default-pool 'def'
set vpn l2tp remote-access name-server '10.1.0.xx'
set vpn l2tp remote-access outside-address 'external ip'

After initial failed configuration conversion all l2tp comands were entered manually.
Message log has only below information

Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:10 DISTI-PRO kernel: [    2.548239] fail to initialize ptp_kvm
Dec 27 15:25:10 DISTI-PRO kernel: [    3.183512] piix4_smbus 0000:00:01.3: SMBus Host Controller not enabled!
Dec 27 15:25:10 DISTI-PRO kernel: [    3.331439] vbd vbd-5696: 19 xenbus_dev_probe on device/vbd/5696
Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:10 DISTI-PRO systemd[1]: Failed to start accel-ppp.service - Accel-PPP.
Dec 27 15:25:53 DISTI-PRO bgpd[1417]: [VCGF0-X62M1][EC 100663301] INTERFACE_STATE: Cannot find IF xfrmi-test-1862 in VRF 0
Dec 27 15:27:24 DISTI-PRO systemd[1]: Failed to start accel-ppp@l2tp.service - Accel-PPP - High performance VPN server application for Linux.
Dec 27 15:27:26 DISTI-PRO systemd[1]: Failed to start accel-ppp@l2tp.service - Accel-PPP - High performance VPN server application for Linux.

Thanks

a.apostoliuk · December 27, 2023, 2:21pm

Hi @hook.ua
This bug was fixed today.

github.com/vyos/vyos-1x

T5859: Fixed format of pool range in the accel-ppp config

vyos:current ← aapostoliuk:T5859-circinus

opened 10:52AM - 27 Dec 23 UTC

aapostoliuk

+12 -4

## Change Summary Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y' to '…x.x.x.x-y' ## Types of changes  - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Code style update (formatting, renaming) - [ ] Refactoring (no functional changes) - [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component - [ ] Other (please describe): ## Related Task(s) * https://vyos.dev/T5859 ## Related PR(s) ## Component(s) name l2tp, sstp, pptp, ipoe, pppoe ## Proposed changes Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y' to 'x.x.x.x-y' ## How to test  CLI Configuration: `set vpn pptp remote-access client-ip-pool TEST range '10.0.0.100-10.0.0.102'` /run/accel-pppd/pptp.conf Before: ``` [ip-pool] 10.0.0.100-10.0.0.102,name=TEST ``` After ``` [ip-pool] 10.0.0.100-102,name=TEST ``` ## Smoketest result  ``` vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_service_ipoe-server.py test_accel_ipv4_pool (__main__.TestServiceIPoEServer.test_accel_ipv4_pool) ... ok test_accel_local_authentication (__main__.TestServiceIPoEServer.test_accel_local_authentication) ... No IPoE interface configured ok test_accel_name_servers (__main__.TestServiceIPoEServer.test_accel_name_servers) ... ok test_accel_next_pool (__main__.TestServiceIPoEServer.test_accel_next_pool) ... ok test_accel_radius_authentication (__main__.TestServiceIPoEServer.test_accel_radius_authentication) ... ok ---------------------------------------------------------------------- Ran 5 tests in 18.508s OK vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_service_pppoe-server.py test_accel_ipv4_pool (__main__.TestServicePPPoEServer.test_accel_ipv4_pool) Test accel-ppp IPv4 pool ... ok test_accel_local_authentication (__main__.TestServicePPPoEServer.test_accel_local_authentication) ... User "test" has rate-limit configured for only one direction but both upload and download must be given! ok test_accel_name_servers (__main__.TestServicePPPoEServer.test_accel_name_servers) ... ok test_accel_next_pool (__main__.TestServicePPPoEServer.test_accel_next_pool) T5099 required specific order ... ok test_accel_radius_authentication (__main__.TestServicePPPoEServer.test_accel_radius_authentication) ... ok test_pppoe_server_authentication_protocols (__main__.TestServicePPPoEServer.test_pppoe_server_authentication_protocols) ... ok test_pppoe_server_client_ipv6_pool (__main__.TestServicePPPoEServer.test_pppoe_server_client_ipv6_pool) ... ok test_pppoe_server_ppp_options (__main__.TestServicePPPoEServer.test_pppoe_server_ppp_options) ... ok test_pppoe_server_shaper (__main__.TestServicePPPoEServer.test_pppoe_server_shaper) ... ok test_pppoe_server_vlan (__main__.TestServicePPPoEServer.test_pppoe_server_vlan) ... ok ---------------------------------------------------------------------- Ran 10 tests in 36.115s OK vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_vpn_l2tp.py test_accel_ipv4_pool (__main__.TestVPNL2TPServer.test_accel_ipv4_pool) Test accel-ppp IPv4 pool ... ok test_accel_local_authentication (__main__.TestVPNL2TPServer.test_accel_local_authentication) ... ok test_accel_name_servers (__main__.TestVPNL2TPServer.test_accel_name_servers) ... ok test_accel_next_pool (__main__.TestVPNL2TPServer.test_accel_next_pool) T5099 required specific order ... ok test_accel_radius_authentication (__main__.TestVPNL2TPServer.test_accel_radius_authentication) ... ok ---------------------------------------------------------------------- Ran 5 tests in 20.337s OK vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_vpn_sstp.py test_accel_ipv4_pool (__main__.TestVPNSSTPServer.test_accel_ipv4_pool) Test accel-ppp IPv4 pool ... ok test_accel_local_authentication (__main__.TestVPNSSTPServer.test_accel_local_authentication) ... User "test" has rate-limit configured for only one direction but both upload and download must be given! ok test_accel_name_servers (__main__.TestVPNSSTPServer.test_accel_name_servers) ... ok test_accel_next_pool (__main__.TestVPNSSTPServer.test_accel_next_pool) T5099 required specific order ... ok test_accel_radius_authentication (__main__.TestVPNSSTPServer.test_accel_radius_authentication) ... ok ---------------------------------------------------------------------- Ran 5 tests in 21.853s OK vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_vpn_pptp.py test_accel_ipv4_pool (__main__.TestVPNPPTPServer.test_accel_ipv4_pool) Test accel-ppp IPv4 pool ... ok test_accel_local_authentication (__main__.TestVPNPPTPServer.test_accel_local_authentication) ... ok test_accel_name_servers (__main__.TestVPNPPTPServer.test_accel_name_servers) ... ok test_accel_next_pool (__main__.TestVPNPPTPServer.test_accel_next_pool) T5099 required specific order ... ok test_accel_radius_authentication (__main__.TestVPNPPTPServer.test_accel_radius_authentication) ... ok ---------------------------------------------------------------------- Ran 5 tests in 20.351s OK ``` ## Checklist: - [x] I have read the [**CONTRIBUTING**](https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md) document - [x] I have linked this PR to one or more Phabricator Task(s) - [x] I have run the components [**SMOKETESTS**](https://github.com/vyos/vyos-1x/tree/current/smoketest/scripts/cli) if applicable - [x] My commit headlines contain a valid Task id - [ ] My change requires a change to the documentation - [ ] I have updated the documentation accordingly

hook.ua · December 27, 2023, 2:27pm

it’s great to know. Thanks
I just simply need latest nighty build, right? Tomorrow?
Because I’ve used recent today.

a.apostoliuk · December 27, 2023, 2:44pm

Yes. This fix was merged 18 minutes ago. It will be in the next nighty build or you can build and install a package yourself. Build VyOS — VyOS 1.5.x (circinus) documentation

hook.ua · December 27, 2023, 3:13pm

thanks, I could wait for a while.

hook.ua · December 29, 2023, 3:36pm

Caught the updated version just after 3 hours after publication.
Test shows good result - accel and l2tp VPN + RADIUS works fine.

Thanks