|
Package: xl2tpd
Version: 1.3.6+dfsg-4 Severity: important Dear Maintainer, I set up a connection to a l2tp server using xl2tpd (echo 'c connection_name' > /var/run/xl2tpd/l2tp-control). If I use 'ps aux|grep xl2tpd', I can see the daemon is running. The daemon seems OK. However, when the disconnection is carried out (echo 'd connections_name' >/var/run/xl2tpd/l2tp-control), suddenly the xl2tpd daemon crashes. Then "ps aux|grep xl2tpd" shows the daemon vanishes. And if I use "echo 'c connection_name' > /var/run/xl2tpd/l2tp-control", the command is suspended. I have to restart the daemon. I try to debug the code. And I find the problem may from the patch 0003-Add-local-ip-range-option.patch for "call.c". After patching, the code between line 416-422 in "call.c" is #ifdef IP_ALLOCATION if (c->addr) unreserve_addr (c->addr); if (c->lns->localrange) unreserve_addr (c->lns->localaddr); #endif At line 420, if c->lns is NULL, the program will crash. In my opinion, line 420 rewriting to "if(c->lns && c->lns->localrange)" will fix the bug. #760602 also may partially caused by this bug because Jon Westgate <oryn@fsck.tv> pointed out the same bug in #760602. I think the xl2tpd may have other similar bugs. Maybe a thorough check is needed. But the check is out of my ability. Thank you Lu Wang -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.6.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages xl2tpd depends on: ii libc6 2.23-5 ii libpcap0.8 1.7.4-2 ii ppp 2.4.7-1+3 xl2tpd recommends no packages. xl2tpd suggests no packages. -- Configuration Files: /etc/xl2tpd/l2tp-secrets [Errno 13] Permission denied: u'/etc/xl2tpd/l2tp-secrets' /etc/xl2tpd/xl2tpd.conf changed: ; ; Sample l2tpd configuration file ; ; This example file should give you some idea of how the options for l2tpd ; should work. The best place to look for a list of all options is in ; the source code itself, until I have the time to write better documetation :) ; Specifically, the file "file.c" contains a list of commands at the end. ; ; You most definitely don't have to spell out everything as it is done here ; [global] ; Global parameters: listen-addr=10.14.129.9 port = 1701 ; * Bind to port 1701 auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets are access control = yes ; * Refuse connections without IP match rand source = dev ; Source for entropy for random ; ; numbers, options are: ; ; dev - reads of /dev/urandom ; ; sys - uses rand() ; ; egd - reads from egd socket ; ; egd is not yet implemented ; ; [lns default] ; Our fallthrough LNS definition ; exclusive = no ; * Only permit one tunnel per host ; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range ; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts ; ip range = 192.168.0.5 ; * But this one is okay ; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP ; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's ; no lac = untrusted.marko.net ; * This guy can't connect ; hidden bit = no ; * Use hidden AVP's? ; local ip = 192.168.1.2 ; * Our local IP to use ; local ip range = 192.168.200.0-192.168.200.20 ; Alternatively, use a range for local addressing ; length bit = yes ; * Use length bit in payload? ; require chap = yes ; * Require CHAP auth. by peer ; refuse pap = yes ; * Refuse PAP authentication ; refuse chap = no ; * Refuse CHAP authentication ; refuse authentication = no ; * Refuse authentication altogether ; require authentication = yes ; * Require peer to authenticate ; unix authentication = no ; * Use /etc/passwd for auth. ; name = myhostname ; * Report this as our hostname ; ppp debug = no ; * Turn on PPP debugging ; pppoptfile = /etc/ppp/options.l2tpd.lns ; * ppp options file ; call rws = 10 ; * RWS for call (-1 is valid) ; tunnel rws = 4 ; * RWS for tunnel (must be > 0) ; flow bit = yes ; * Include sequence numbers ; challenge = yes ; * Challenge authenticate peer ; ; rx bps = 10000000 ; Receive tunnel speed ; tx bps = 10000000 ; Transmit tunnel speed ; bps = 100000 ; Define both receive and transmit speed in one option ; [lac marko] ; Example VPN LAC definition ; lns = lns.marko.net ; * Who is our LNS? ; lns = lns2.marko.net ; * A backup LNS (not yet used) ; redial = yes ; * Redial if disconnected? ; redial timeout = 15 ; * Wait n seconds between redials ; max redials = 5 ; * Give up after n consecutive failures ; hidden bit = yes ; * User hidden AVP's? ; local ip = 192.168.1.1 ; * Force peer to use this IP for us ; remote ip = 192.168.1.2 ; * Force peer to use this as their IP ; length bit = no ; * Use length bit in payload? ; require pap = no ; * Require PAP auth. by peer ; require chap = yes ; * Require CHAP auth. by peer ; refuse pap = yes ; * Refuse PAP authentication ; refuse chap = no ; * Refuse CHAP authentication ; refuse authentication = no ; * Refuse authentication altogether ; require authentication = yes ; * Require peer to authenticate ; name = marko ; * Report this as our hostname ; ppp debug = no ; * Turn on PPP debugging ; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this lac ; call rws = 10 ; * RWS for call (-1 is valid) ; tunnel rws = 4 ; * RWS for tunnel (must be > 0) ; flow bit = yes ; * Include sequence numbers ; challenge = yes ; * Challenge authenticate peer ; ;add by Tony [lac ZJU_VPN] lns=10.5.1.9 ;lns=lns.zju.edu.cn redial=yes redial timeout=15 max redials=5 require pap=no require chap=yes require authentication=yes name=11006142@a ;name=cpsp@d ppp debug=no pppoptfile = /etc/ppp/options.xl2tpd.zju ; [lac cisco] ; Another quick LAC ; lns = cisco.marko.net ; * Required, but can take from default ; require authentication = yes ; [lac cisco] ; Another quick LAC ; lns = cisco.marko.net ; * Required, but can take from default ; require authentication = yes -- no debconf information |