npppd - problem with simultaneous sessions

Radek Wed, 06 Jan 2021 13:18:49 -0800

Hi @misc,

I have a box with relatively fresh install of 68/amd64, fully syspatched. There 
is a npppd server running on it. The problem is that I can have only one nppp 
session at one time. If the second vpn user connects the box, the first nppp 
session hangs/drops. I probably have missed something obvious in my setup but I 
really can't find what it is.


Please help me to solve the problem. 
Thank you.

$cat /etc/npppd/npppd.conf
authentication LOCAL type local {
        users-file "/etc/npppd/npppd-users"
}
tunnel L2TP protocol l2tp {
        listen on X.Y.Z.13
}
ipcp IPCP {
        pool-address 10.109.4.1-10.109.4.32
        dns-servers 1.1.1.1
}
# use pppx(4) interface.  use an interface per a ppp session.
interface pppx0 address 10.109.4.254 ipcp IPCP
bind tunnel from L2TP authenticated by LOCAL to pppx0
 
$cat /etc/hostname.enc0
up


$cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ipcomp.enable=1
net.inet.esp.enable=1
net.inet.gre.allow=1
net.pipex.enable=1

$cat /etc/rc.conf.local
ipsec=YES
ipsec_rules=/etc/ipsec.conf
isakmpd_flags="-K"
npppd_flags=""

$cat /etc/ipsec.conf
wan_ipv4 = X.Y.Z.13
ike passive esp transport \
 proto udp from $wan_ipv4 to any port 1701 \
 main auth "hmac-sha1" enc "3des" group modp1024 \
 quick auth "hmac-sha1" enc "aes" group modp1024 \
 psk "pskpskpsk"

$cat /etc/pf.conf
[...]
vpn_if     = "pppx"
vpn_local  = "10.109.4.0/24"

pass in on $ext_if proto udp from any to (egress:0) port 
{isakmp,ipsec-nat-t,l2tp}
pass in on $ext_if proto {ah,esp}
pass log proto { gre } from any to any keep state

# filter all IPSec traffic on the enc interface
pass on enc0 keep state (if-bound)

# allow all trafic in on and out to the VPN network
pass on $vpn_if from $vpn_local
pass on $vpn_if to $vpn_local

# NAT VPN traffic going out on the public interface with the public IP
match out log on $ext_if inet proto { tcp, udp, icmp } from $vpn_local nat-to 
($ext_if) set prio (3,7)

some logs...

Jan  6 20:53:14 fw-u last message repeated 4 times
Jan  6 20:53:16 fw-u isakmpd[11638]: attribute_unacceptable: 
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Jan  6 20:53:16 fw-u last message repeated 2 times
Jan  6 20:53:16 fw-u isakmpd[11638]: attribute_unacceptable: GROUP_DESCRIPTION: 
got MODP_2048, expected MODP_1024
Jan  6 20:53:16 fw-u npppd[82720]: l2tpd ctrl=1 logtype=Started RecvSCCRQ 
from=A.B.C.D:1701/udp tunnel_id=1/26 protocol=1.0 winsize=8 hostname=w520 
vendor=Microsoft firm=0601
Jan  6 20:53:16 fw-u npppd[82720]: l2tpd ctrl=1 SendSCCRP
Jan  6 20:53:16 fw-u npppd[82720]: l2tpd ctrl=1 RecvSCCN
Jan  6 20:53:16 fw-u npppd[82720]: l2tpd ctrl=1 SendZLB
Jan  6 20:53:16 fw-u npppd[82720]: l2tpd ctrl=1 RecvZLB
Jan  6 20:53:16 fw-u npppd[82720]: l2tpd ctrl=1 call=6499 RecvICRQ session_id=1
Jan  6 20:53:16 fw-u npppd[82720]: l2tpd ctrl=1 call=6499 SendICRP 
session_id=6499
Jan  6 20:53:16 fw-u npppd[82720]: l2tpd ctrl=1 call=6499 RecvICCN session_id=1 
calling_number= tx_conn_speed=100000000 framing=sync
Jan  6 20:53:16 fw-u npppd[82720]: l2tpd ctrl=1 call=6499 logtype=PPPBind ppp=0
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=base logtype=Started 
tunnel=L2TP(A.B.C.D:1701)
Jan  6 20:53:16 fw-u npppd[82720]: l2tpd ctrl=1 call=6499 SendZLB
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=lcp logtype=Opened 
mru=1360/1400 auth=MS-CHAP-V2 magic=e916be4d/3c630a24
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=lcp RecvId magic=3c630a24 
text=MSRASV5.20
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=lcp RecvId magic=3c630a24 
text=MSRAS-0-W520
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=lcp RecvId magic=3c630a24 
text=.=. .`.M........
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=chap proto=mschap_v2 
logtype=Success username="rdk" realm=LOCAL
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=mppe mismatch 
our=40bit,128bit,56bit,stateless peer=stateless
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=ipcp IP Address peer=0.0.0.0 
our=10.109.4.1.
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=ipcp logtype=Opened 
ip=10.109.4.1 assignType=dynamic
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=base logtype=TUNNELSTART 
user="rdk" duration=1sec layer2=L2TP layer2from=A.B.C.D:1701 auth=MS-CHAP-V2  
ip=10.109.4.1 iface=pppx0
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=mppe logtype=Opened 
our=128bit,stateless peer=128bit,stateless
Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=base Using pipex=yes
Jan  6 20:53:43 fw-u isakmpd[11638]: attribute_unacceptable: 
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Jan  6 20:53:43 fw-u last message repeated 2 times
Jan  6 20:53:43 fw-u isakmpd[11638]: attribute_unacceptable: GROUP_DESCRIPTION: 
got MODP_2048, expected MODP_1024
Jan  6 20:53:44 fw-u npppd[82720]: l2tpd ctrl=2 logtype=Started RecvSCCRQ 
from=A.B.C.D:1701/udp tunnel_id=2/20 protocol=1.0 winsize=8 hostname=x 
vendor=Microsoft firm=0601
Jan  6 20:53:44 fw-u npppd[82720]: l2tpd ctrl=2 SendSCCRP
Jan  6 20:53:44 fw-u npppd[82720]: l2tpd ctrl=2 RecvSCCN
Jan  6 20:53:44 fw-u npppd[82720]: l2tpd ctrl=2 SendZLB
Jan  6 20:53:44 fw-u npppd[82720]: l2tpd ctrl=2 RecvZLB
Jan  6 20:53:44 fw-u npppd[82720]: l2tpd ctrl=2 call=11788 RecvICRQ session_id=1
Jan  6 20:53:44 fw-u npppd[82720]: l2tpd ctrl=2 call=11788 SendICRP 
session_id=11788
Jan  6 20:53:44 fw-u npppd[82720]: l2tpd ctrl=2 call=11788 RecvICCN 
session_id=1 calling_number= tx_conn_speed=100000000 framing=sync
Jan  6 20:53:44 fw-u npppd[82720]: l2tpd ctrl=2 call=11788 logtype=PPPBind ppp=1
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=base logtype=Started 
tunnel=L2TP(A.B.C.D:1701)
Jan  6 20:53:44 fw-u npppd[82720]: l2tpd ctrl=2 call=11788 SendZLB
Jan  6 20:53:44 fw-u npppd[82720]: l2tpd ctrl=2 RecvZLB
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=lcp logtype=Opened 
mru=1360/1400 auth=MS-CHAP-V2 magic=9699e1a6/244d01eb
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=lcp RecvId magic=244d01eb 
text=MSRASV5.20
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=lcp RecvId magic=244d01eb 
text=MSRAS-0-X
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=lcp RecvId magic=244d01eb 
text=.*.(...N.....Z68
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=chap proto=mschap_v2 
logtype=Success username="rdk-test" realm=LOCAL
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=mppe mismatch 
our=40bit,128bit,56bit,stateless peer=stateless
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=ipcp IP Address peer=0.0.0.0 
our=10.109.4.11.
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=ipcp logtype=Opened 
ip=10.109.4.11 assignType=dynamic
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=base logtype=TUNNELSTART 
user="rdk-test" duration=1sec layer2=L2TP layer2from=A.B.C.D:1701 
auth=MS-CHAP-V2  ip=10.109.4.11 iface=pppx0
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=mppe logtype=Opened 
our=128bit,stateless peer=128bit,stateless
Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=base Using pipex=yes

-- 
Radek

npppd - problem with simultaneous sessions

Reply via email to