|
Package: xl2tpd
Version: 1.3.6+dfsg-4
Severity: critical
Justification: breaks the whole system
Dear Maintainer,
I want to set a client of the l2tp vpn for my campus using this technique to connect to the internet.
I have set the client for Debian 7. But now, when I try to do the same thing for a computer with Debian 9, I failed.
I set use the configuration for the Debian 7 mechine, including /etc/xl2tpd/xl2tpd /etc/ppp/chap-secrets and /etc/ppp/options.xl2tpd.zju.
The first one is the configuration for xl2tp, and the last two are for the ppp.
Following is what I do.
I find the xl2tpd is running after the initialization through lots of init-scripts. Then I use "echo 'c ZJU_VPN' > /var/run/xl2tpd/l2tp-control" to connect the vpn server in my campus. At the beginning everything is fine, I use "ip link" and I find that there is ppp0. But few time later, about 20-30 seconds I am not sure, the keybroad is useless. I can type nothing. And I find there are some words on the screen.
NMI watchdog: BUG: soft lockup CPU#0 stuck for 23s ... And the mechine begins to beep.
-- System Information:
Debian Release: stretch/sid
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.5.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages xl2tpd depends on:
ii libc6 2.22-7
ii libpcap0.8 1.7.4-2
ii ppp 2.4.7-1+2
xl2tpd recommends no packages.
xl2tpd suggests no packages.
-- Configuration Files:
/etc/xl2tpd/l2tp-secrets [Errno 13] Permission denied: u'/etc/xl2tpd/l2tp-secrets'
/etc/xl2tpd/xl2tpd.conf changed:
;
; Sample l2tpd configuration file
;
; This example file should give you some idea of how the options for l2tpd
; should work. The best place to look for a list of all options is in
; the source code itself, until I have the time to write better documetation :)
; Specifically, the file "file.c" contains a list of commands at the end.
;
; You most definitely don't have to spell out everything as it is done here
;
[global] ; Global parameters:
port = 1701 ; * Bind to port 1701
auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets are
access control = yes ; * Refuse connections without IP match
rand source = dev ; Source for entropy for random
; ; numbers, options are:
; ; dev - reads of /dev/urandom
; ; sys - uses rand()
; ; egd - reads from egd socket
; ; egd is not yet implemented
;
; [lns default] ; Our fallthrough LNS definition
; exclusive = no ; * Only permit one tunnel per host
; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range
; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
; ip range = 192.168.0.5 ; * But this one is okay
; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP
; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's
; no lac = untrusted.marko.net ; * This guy can't connect
; hidden bit = no ; * Use hidden AVP's?
; local ip = 192.168.1.2 ; * Our local IP to use
; length bit = yes ; * Use length bit in payload?
; require chap = yes ; * Require CHAP auth. by peer
; refuse pap = yes ; * Refuse PAP authentication
; refuse chap = no ; * Refuse CHAP authentication
; refuse authentication = no ; * Refuse authentication altogether
; require authentication = yes ; * Require peer to authenticate
; unix authentication = no ; * Use /etc/passwd for auth.
; name = myhostname ; * Report this as our hostname
; ppp debug = no ; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.lns ; * ppp options file
; call rws = 10 ; * RWS for call (-1 is valid)
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
; flow bit = yes ; * Include sequence numbers
; challenge = yes ; * Challenge authenticate peer ;
; rx bps = 10000000 ; Receive tunnel speed
; tx bps = 10000000 ; Transmit tunnel speed
; bps = 100000 ; Define both receive and transmit speed in one option
; [lac marko] ; Example VPN LAC definition
; lns = lns.marko.net ; * Who is our LNS?
; lns = lns2.marko.net ; * A backup LNS (not yet used)
; redial = yes ; * Redial if disconnected?
; redial timeout = 15 ; * Wait n seconds between redials
; max redials = 5 ; * Give up after n consecutive failures
; hidden bit = yes ; * User hidden AVP's?
; local ip = 192.168.1.1 ; * Force peer to use this IP for us
; remote ip = 192.168.1.2 ; * Force peer to use this as their IP
; length bit = no ; * Use length bit in payload?
; require pap = no ; * Require PAP auth. by peer
; require chap = yes ; * Require CHAP auth. by peer
; refuse pap = yes ; * Refuse PAP authentication
; refuse chap = no ; * Refuse CHAP authentication
; refuse authentication = no ; * Refuse authentication altogether
; require authentication = yes ; * Require peer to authenticate
; name = marko ; * Report this as our hostname
; ppp debug = no ; * Turn on PPP debugging
; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this lac
; call rws = 10 ; * RWS for call (-1 is valid)
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
; flow bit = yes ; * Include sequence numbers
; challenge = yes ; * Challenge authenticate peer
;
;add by Tony
[lac ZJU_VPN]
lns=10.5.1.7
;lns=lns.zju.edu.cn
redial=yes
redial timeout=15
max redials=5
require pap=no
require chap=yes
require authentication=yes
name=11006142@a
ppp debug=no
pppoptfile = /etc/ppp/options.xl2tpd.zju
; [lac cisco] ; Another quick LAC
; lns = cisco.marko.net ; * Required, but can take from default
; require authentication = yes
-- no debconf information
|