Page MenuHomeVyOS Platform
Create Task
Maniphest T3159

L2TP MTU mismatch between client and server
Needs reporter action, NormalPublicBUG
Actions

Description

We configured an L2TP server on VyOS and L2TP client on Teltonika router (using FRR 5.0.2).

We configured an explicit MTU of 1454 on VyOS configuration (parsed as max-mtu on AccelPPP config).

So funny, on VyOS server:

13: l2tp1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 3
    link/ppp

On remote side:

108: l2tp-client_Exo: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1454 qdisc fq_codel state UNKNOWN group default qlen 3
    link/ppp 
    inet 10.0.0.245 peer 192.168.255.1/32 scope global l2tp-client_Exo
       valid_lft forever preferred_lft forever

VyOS (AccelPPP) it's taking -4 while I have configured:

vyos@oobm# show vpn l2tp remote-access mtu
 mtu 1454

This avoid OSPF being established because we have MTU mismatch, so we are changing MTU of tunnel using "ip link set ... mtu 1454" but sometimes tunnel gets reconnected because we are using LTE on remote sides.

Details

Difficulty level
Normal (likely a few hours)
Version
vyos-1.3-rolling-202012271303-amd64
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Bug (incorrect behavior)

Event Timeline

nadeu assigned this task to Unknown Object (User).Dec 29 2020, 1:15 AM
nadeu created this task.

Here you have mate. :)

drac added a subscriber: drac.EditedDec 31 2020, 3:14 AM

The MTU setting is well described "max-mtu", i.e. a lower one can be negotiated.
Can you capture the LCP stage of PPP negotiation from either the client or server, it sounds like it's negotiating a smaller one for some reason.

drac added a comment.Dec 31 2020, 3:27 AM

Also I'd expect something is wrong on the client side, can you see the PPP config options the Teltonika is using?

drac added a comment.Dec 31 2020, 3:40 AM

On server, what is in /var/run/accel-pppd/l2tp.conf ?
The setting should read ppp-max-mtu=1454 under l2tp section

pasik added a subscriber: pasik.Dec 31 2020, 9:47 AM
nadeu added a comment.EditedDec 31 2020, 3:49 PM
vyos@oobm:~$ cat  /var/run/accel-pppd/l2tp.conf
### generated by accel_l2tp.py ###
[modules]
log_syslog
l2tp
chap-secrets
auth_mschap_v2


ippool
shaper
ipv6pool
ipv6_nd
ipv6_dhcp

[core]
thread-count=1

[log]
syslog=accel-l2tp,daemon
copy=1
level=5




[l2tp]
verbose=1
ifname=l2tp%d
ppp-max-mtu=1450
mppe=prefer
bind=89.145.160.86

[client-ip-range]
0.0.0.0/0

[ip-pool]
192.168.255.1-254
gw-ip-address=192.168.255.1

[chap-secrets]
chap-secrets=/run/accel-pppd/l2tp.chap-secrets
gw-ip-address=192.168.255.1

[ppp]
verbose=1
check-ip=1
single-session=replace
lcp-echo-timeout=0
lcp-echo-interval=30
lcp-echo-failure=3

PCAP from VyOS will be enough?

Unknown Object (User) added a comment.Dec 31 2020, 4:42 PM

So we have configured option max-mtu this means

ppp-max-mtu=n
Set the maximum MTU value that can be negotiated for PPP over L2TP sessions.

But I think we need to provide possibility set min-mtu

[ppp]
min-mtu=n

Minimum acceptable MTU. If client will try to negotiate less than the specified MTU then it will be NAKed or disconnected if rejects greater MTU.
drac added a comment.Jan 2 2021, 6:49 AM

The config you posted has the following which is not correct, it should read 1454.
ppp-max-mtu=1450

On the server, do you have the following
set vpn l2tp remote-access mtu 1454

If so could you post output of
show vpn l2tp

drac added a comment.Jan 2 2021, 7:03 AM

The default in code is 1436 - so I really don't understand how the value of 1450 has got there unless there is a problem generating the file at /var/run/accel-pppd/l2tp.conf and it isn't being re-written.

Could confirm it is being re-written (check timestamp of l2tp.conf file) if you make a modification to the l2tp settings?

drac added a comment.Jan 2 2021, 7:10 AM

Also, your client should still not end up with 1454 set.
On our system, we have mtu set to 1500, and various clients appear to negotiate both 1500 and 1492 settings successfully via LCP stage of ppp.

A Pcap from the server should shed some light as to whether it is being negotiated or not (I think it might not be getting negotiated).

drac added a comment.Jan 3 2021, 1:41 AM

I've just realised, if you look in /var/log/messages you should see the LCP negotiation of MRU (i.e. the agreed MTU)

nadeu added a comment.Jan 5 2021, 1:39 PM

qmimux0.pcap112 KBDownload
from Teltonika.
capture.pcap122 KBDownload
from VyOS.

nadeu added a comment.Jan 6 2021, 5:48 PM

Seems both sides negotiating at 1450... but Linux interface gets 4 bytes less.

image.png (300×1 px, 61 KB)
what Length 4 means in this context?

nadeu added a comment.Jan 11 2021, 6:22 PM

Hello.
Do you need something else?

drac added a comment.Jan 12 2021, 12:04 AM

Line 478 and 479 seem to be the important ones here.
The MRU of 1450 appears to be correctly negotiated. i.e. Vyos is setting the remote side to a maximum of 1450 bytes, because that is what the remote side requested!

If you want it to be 1454, the remote side should be requesting 1454.
On the Vyos side the MTU is MAXIMUM transmission unit it is configured to support, if the remote side wants to negotiate less, then Vyos will give it less. This is by design of PPP protocol.
Vyos (and any other PPP server I've come across) expects the client to ask for the largest possible MTU first, then negotiate downwards if one of the sides can't go that high.

It looks to me like this is a problem with the remote side not correctly requesting 1454, if it did then there wouldn't be a problem.

Either you haven't configured the remote side correctly, or it has a bug.

To me Vyos appears to be behaving correctly and as designed.

drac added a comment.Jan 12 2021, 12:05 AM

p.s. 478 and 479 referred to qmimux0.pcap

erkin renamed this task from L2TP MTU Missmatch to L2TP MTU mismatch between client and server.Aug 29 2021, 11:45 AM
erkin set Issue type to Bug (incorrect behavior).
erkin removed a subscriber: Active contributors.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:24 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:04 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:40 PM
syncer reassigned this task from Unknown Object (User) to Viacheslav.Jul 16 2023, 9:28 PM
syncer added a subscriber: Unknown Object (User).
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:29 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:37 PM
dmbaturin triaged this task as Normal priority.Jan 9 2024, 8:23 PM
dmbaturin added projects: VyOS 1.4 Sagitta, VyOS 1.5 Circinus.
Viacheslav changed the task status from Open to Needs reporter action.EditedJan 19 2024, 9:52 PM

If the problem exists, it should be fixed on accel-ppp site.
I am not sure that I can help here as it is written on C

@drac Could you re-check, and if the bug exists, create a bug report on accel-ppp https://phabricator.accel-ppp.org/?

syncer edited projects, added VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).Feb 10 2024, 9:17 AM
Viacheslav removed Viacheslav as the assignee of this task.Sun, Apr 7, 5:11 PM
Viacheslav added a subscriber: Viacheslav.