Vyos lns problem

aserkin · March 24, 2022, 3:13pm

Dear all
Can you please help troubleshooting my vyos lns configuration. I did the config according to 1.4 l2tp network server documentation, but something goes wrong. I’m getting the following in show log output (see below) from accel-l2tp. Any attempts to monitor the process are unsuccessful - monitor vpn l2tp shows nothing. Is there any helpful commands like we can do on cisco routers like debug l2tp … , debug ppp … , terminal monitor… I cant find the docs on troubleshooting the problem.

Mar 24 17:17:26 accel-l2tp[19857]: l2tp: recv [L2TP tid=0 sid=0 Ns=0 Nr=0 <Protocol-Version 256> <Framing-Ca
pabilities 3> <Bearer-Capabilities 3> <Firmware-Revision 256> <Assigned-Tunnel-ID 21

<Recv-Window-Size 16> ]
Mar 24 17:17:26 accel-l2tp[19857]: l2tp: handling SCCRQ from 10.10.10.10
Mar 24 17:17:26 accel-l2tp[19857]: l2tp: new tunnel 51419-21 created following reception of SCCRQ from 10.10.10.10:1701
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): sending SCCRP
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): send [L2TP tid=21 sid=0 Ns=0 Nr=1
<Protocol-Version 256> <Framing-Capabilities 3> <Assigned-Tunnel-ID -14117> <Recv-Window-Size 16> ]
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 1 message sent from send queue
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 1 message added to reception queue
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 1 message acked by peer
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): recv [L2TP tid=51419 sid=0 Ns=1 Nr=1 ]
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): handling SCCCN
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): established at 10.10.10.1:1701
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 1 message processed from reception queue
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message sent from send queue
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): sending ZLB
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): send [L2TP tid=21 sid=0 Ns=1 Nr=2]
Mar 24 17:17:26 accel-l2tp[19857]: l2tp: incorrect avp received (type=25, M=1, must be 0)
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message added to reception queue
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message acked by peer
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message processed from reception queue
Mar 24 17:17:26 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message sent from send queue
Mar 24 17:17:27 accel-l2tp[19857]: l2tp: incorrect avp received (type=25, M=1, must be 0)
Mar 24 17:17:27 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message added to reception queue
Mar 24 17:17:27 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message acked by peer
Mar 24 17:17:27 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message processed from reception queue
Mar 24 17:17:27 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message sent from send queue
Mar 24 17:17:29 accel-l2tp[19857]: l2tp: incorrect avp received (type=25, M=1, must be 0)
Mar 24 17:17:29 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message added to reception queue
Mar 24 17:17:29 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message acked by peer
Mar 24 17:17:29 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message processed from reception queue
Mar 24 17:17:29 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message sent from send queue
Mar 24 17:17:33 accel-l2tp[19857]: l2tp: incorrect avp received (type=25, M=1, must be 0)
Mar 24 17:17:33 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message added to reception queue
Mar 24 17:17:33 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message acked by peer
Mar 24 17:17:33 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message processed from reception queue
Mar 24 17:17:33 accel-l2tp[19857]: l2tp tunnel 51419-21 (10.10.10.10:1701): 0 message sent from send queue

config:
set interfaces dummy dum0 address ‘10.10.10.1/32’
set interfaces dummy dum0 description ‘LNS loopback to terminate L2TP’
…
set vpn l2tp remote-access authentication mode ‘radius’
set vpn l2tp remote-access authentication radius server 10.20.1.18 key ‘secret’
set vpn l2tp remote-access authentication require ‘pap’
set vpn l2tp remote-access ccp-disable
set vpn l2tp remote-access client-ip-pool start ‘192.168.0.1’
set vpn l2tp remote-access client-ip-pool stop ‘192.168.0.100’
set vpn l2tp remote-access lns host-name ‘vyos-lns-1’
set vpn l2tp remote-access lns shared-secret ‘secret’
set vpn l2tp remote-access outside-address ‘10.10.10.1’

e.khudiyev · March 25, 2022, 8:37am

Hi @aserkin , from the logs (l2tp: incorrect avp received (type=25, M=1, must be 0)) it seems similar to what is mentioned here: Welcome to accel-ppp’s documentation! — accel-ppp latest documentation

Also, you could refer to this thread on accel-ppp forum: Incorrect AVP type 6,8 - accel-ppp.org

aserkin · March 25, 2022, 11:44am

Hi Elchin
thank you for the hint. Not quite the same but close to the mentioned topic. I changed M=0 to M=1 in the l2tp dictionary for avp 25 and this worked.

system · March 27, 2022, 11:44am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.