Page MenuHomeVyOS Platform
Create Task
Maniphest T1142

l2tp remote access fails due to bad options in options.xl2tpd
Closed, InvalidPublicBUG
Actions

Description

When attempting to configure l2tp remote access (not site-to-site) the connection fails. Reviewing the logs reveals the issue.

pppd[3287]: In file /etc/ppp/options.xl2tpd: unrecognized option 'crtscts'
pppd[3398]: In file /etc/ppp/options.xl2tpd: unrecognized option 'lock'

Removing these two options from /etc/ppp/options.xl2tpd allows immediate dial-in, until the file is overwritten by a config change.

It existed in a build from the summer I have been using, and remained through RC-7. I am using a build of RC-9 that does not have the issue. Now it is back in RC-11.

Details

Difficulty level
Easy (less than an hour)
Version
1.2.0 rc-11
Why the issue appeared?
Will be filled on close

Event Timeline

patanne created this task.Dec 28 2018, 3:03 AM
patanne updated the task description. (Show Details)Dec 28 2018, 3:07 AM
c-po added a subscriber: c-po.Dec 28 2018, 2:19 PM

Can you share your configuration please? I use rc11, too as l2tp/ipsec access concentrator and everything is fine here.

patanne added a comment.Jan 3 2019, 8:57 AM

digging a little deeper, all installations having this issue also have had the package xl2tpd replaced. you ship with 1.3.6+dfsg-2-vyos0. somehow it got replaced with 1.3.8+dfsg-1~bpo8+1

according to these posts below an issue was introduced with 1.3.7.

c-po added a comment.Jan 3 2019, 9:03 AM

@patanne

cpo@BR1:~$ dpkg --list | grep xl2tp
ii  xl2tpd                           1.3.6+dfsg-2-vyos0                amd64        layer 2 tunneling protocol implementation

cpo@BR1:~$ show version
Version:          VyOS 1.2.0-epa2

EPA2 image uses our custom xl2tpd version which has a backported bugfix by me for trouble with Kernel > 4.16 on L2TP/IPSec.

Are you sure you did not add any debian repositories to your sources.list file and ran a manual apt-get upgrade?

patanne added a comment.Jan 3 2019, 10:06 AM

we write a lot of packages for ourselves that are in our own repo. we layer them on top of your distro. someone probably issued a global upgrade, rather than for just our stuff.

pasik added a subscriber: pasik.Jan 3 2019, 10:21 AM
patanne added a comment.Jan 3 2019, 10:37 AM

since we have the need to add some packages but not upgrade or interfere with what you have done, this does the trick.

cat << EOF > /etc/apt/preferences.d/block-debian-upgrades
# use apt-cache policy to determine

Package: *
Pin: release o=Debian Backports
Pin-Priority: 50

Package: *
Pin: release o=Debian
Pin-Priority: 50
EOF
c-po closed this task as Invalid.Jan 3 2019, 12:25 PM

Thanks for the update. May I ask which distro?

patanne added a comment.Jan 3 2019, 1:21 PM

We have been waiting for 1.2 to roll for a long time. We have some running in Vyatta (Lenny), some on Vyatta (Squeeze), some on Vyos Hydrogen, and now a summer build from '18, plus RC7 & RC11. Trying to get packages to run the same way across all so change management is consistent has been fun.

syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-GA); removed VyOS 1.2 Crux.Jan 12 2019, 6:37 PM
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-GA) board.
syncer added a project: VyOS-1.2.0-GA.Jan 25 2019, 2:40 PM