It is currently Sun Aug 19, 2018 8:19 am

All times are UTC [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: How to run with another port?
PostPosted: Mon Aug 30, 2010 7:24 pm 

Joined: Mon Aug 30, 2010 7:10 pm
Posts: 15
Hi all
I need open another port for listening l2tp. When daemon started whith key -u 443, my l2tp connect to server not worked. I have l2tp tunnel to my provider and want to create l2tp server an my comp too, but on port 443.

Log without -u
Code:
Aug 30 19:43:43 orion33 openl2tpd[6076]: Start, trace_flags=00000000
Aug 30 19:43:43 orion33 openl2tpd[6076]: OpenL2TP V1.7, (c) Copyright 2004-2010 Katalix Systems Ltd.
Aug 30 19:43:43 orion33 openl2tpd[6076]: Loading plugin /usr/lib/openl2tp/ppp_unix.so, version V1.5
Aug 30 19:43:43 orion33 openl2tpd[6076]: Using config file: /etc/openl2tpd.conf
Aug 30 19:43:43 orion33 pppd[6077]: Plugin pppol2tp.so loaded.
Aug 30 19:43:43 orion33 pppd[6077]: Plugin openl2tp.so loaded.
Aug 30 19:43:43 orion33 pppd[6077]: pppd 2.4.5 started by root, uid 0
Aug 30 19:43:43 orion33 pppd[6077]: Using interface ppp0
Aug 30 19:43:43 orion33 pppd[6077]: Connect: ppp0 <-->
Aug 30 19:43:43 orion33 pppd[6077]: CHAP authentication succeeded
Aug 30 19:43:43 orion33 pppd[6077]: CHAP authentication succeeded
Aug 30 19:43:43 orion33 pppd[6077]: local  IP address 95.28.181.48
Aug 30 19:43:43 orion33 pppd[6077]: remote IP address 83.102.254.213

Log with -u 443
Code:
Aug 30 20:50:42 orion33 openl2tpd[6076]: Exiting
Aug 30 20:50:42 orion33 openl2tpd[6076]: Cleaning up before exiting
Aug 30 20:50:42 orion33 openl2tpd[6076]: L2TP: tunl 24586/8231: free when use_count=3
Aug 30 20:50:42 orion33 openl2tpd[6076]: tunl 24586: free when use_count=4
Aug 30 20:50:42 orion33 openl2tpd[6076]: Unloading plugin /usr/lib/openl2tp/ppp_unix.so
Aug 30 20:50:42 orion33 pppd[6077]: Terminating on signal 15
Aug 30 20:50:42 orion33 pppd[6077]: openl2tp send: Connection refused
Aug 30 20:50:42 orion33 pppd[6077]: openl2tp send: unexpected byte count -1, expected 48
Aug 30 20:50:42 orion33 pppd[6077]: Connect time 67.0 minutes.
Aug 30 20:50:42 orion33 pppd[6077]: Sent 3532247 bytes, received 25606412 bytes.
Aug 30 20:50:42 orion33 pppd[6077]: Connection terminated.
Aug 30 20:50:42 orion33 pppd[6077]: Exit.
Aug 30 20:50:43 orion33 modprobe: FATAL: Module pppol2tp not found.
Aug 30 20:50:43 orion33 modprobe: FATAL: Module l2tp_ppp not found.

Modules are including in kernel... I don't understand this error...
I thinkd, that client try connect to exsternal server to port 443 too, and try write udp_port=1701 as parameter for tunnel, but parser not understud this word:
Code:
Start, trace_flags=ffffffff (debug enabled)
OpenL2TP V1.7, (c) Copyright 2004-2010 Katalix Systems Ltd.
Loading plugin /usr/lib/openl2tp/ppp_unix.so, version V1.5
Using config file: /etc/openl2tpd.conf
parse error: line 49: syntax error at [udp_port]
parse failed, line 49
Cleaning up before exiting
Unloading plugin /usr/lib/openl2tp/ppp_unix.so


My version openl2tpd is 1.7, OS - Linux Fedora 12 Config:
Code:
# system
system modify \
max_sessions=0 \
tunnel_establish_timeout=120 \
session_establish_timeout=60 \
deny_remote_tunnel_creates=no \
tunnel_persist_pend_timeout=10 \
session_persist_pend_timeout=5 \

# peer profiles
peer profile create profile_name=peer1
peer profile modify profile_name=peer1 \
        ppp_profile_name=peer1 \
        peer_ipaddr=194.190.210.186 \
        tunnel_profile_name=peer1 \


# tunnel profiles
tunnel profile create profile_name=peer1 \
        ppp_profile_name=peer1 \
        peer_profile_name=peer1 \

tunnel profile modify profile_name=peer1 \
        our_udp_port=443 \

tunnel profile modify profile_name=default \


# session profiles

# ppp profiles
ppp profile create profile_name=peer1
ppp profile modify profile_name=peer1 \
        trace_flags=0 \
        mru=1460 \
        mtu=1460 \
        auth_pap=no \
        auth_chap=yes \
        auth_none=no \
        auth_peer=no \
        lcp_echo_interval=10 \
        local_ipaddr=192.168.0.10 \
        remote_ipaddr=10.10.0.1 \
        multilink=no \


# locally created tunnels and sessions
tunnel create tunnel_name=corbina \
        dest_ipaddr=83.102.254.213 \
        persist=yes \

session create tunnel_name=corbina \
        user_name=orion33 \
        user_password=XXX \

83.102.254.213 is pool my provider, 194.190.210.186 is remote computer, where i try to connect to openl2tpd


Top
 Profile  
 
 Post subject: Re: How to run with another port?
PostPosted: Thu Sep 09, 2010 11:06 pm 
Site Admin

Joined: Sun Jul 27, 2008 1:39 pm
Posts: 122
Orion33 wrote:
Hi all
I need open another port for listening l2tp. When daemon started whith key -u 443, my l2tp connect to server not worked. I have l2tp tunnel to my provider and want to create l2tp server an my comp too, but on port 443.

You can't run L2TP over HTTPS (port 443). Your web server will probably be listening on this port anyway.

If you want secure L2TP tunnels use IPSec.


Top
 Profile  
 
 Post subject: Re: How to run with another port?
PostPosted: Fri Sep 10, 2010 4:54 am 

Joined: Mon Aug 30, 2010 7:10 pm
Posts: 15
jchapman wrote:
You can't run L2TP over HTTPS (port 443). Your web server will probably be listening on this port anyway.

If you want secure L2TP tunnels use IPSec.

I have'nt HTTP server, and port 443 is not listening.

Code:
[root@orion33 ~]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:858                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:3690                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
tcp        0      0 192.168.0.10:50081          192.168.0.11:445            ESTABLISHED
tcp        0      0 192.168.0.10:22             192.168.0.11:2228           ESTABLISHED
udp        0      0 0.0.0.0:857                 0.0.0.0:*
udp        0      0 0.0.0.0:111                 0.0.0.0:*
udp        0      0 0.0.0.0:1701                0.0.0.0:*
udp        0      0 0.0.0.0:805                 0.0.0.0:*
udp        0      0 10.120.xxx.xxx:39606         83.102.xxx.xxx:1701         ESTABLISHED
raw    34408      0 0.0.0.0:2                   0.0.0.0:*                   7
raw        0      0 0.0.0.0:2                   0.0.0.0:*                   7



I try to run with another port 1703, but tunnel ty my provider was not created too. Openl2tpd was running, listening port (443 or 1703), but tunnel not created to port 1701. I think, this is a bug


Top
 Profile  
 
 Post subject: Re: How to run with another port?
PostPosted: Wed Sep 29, 2010 10:25 pm 
Site Admin

Joined: Sun Jul 27, 2008 1:39 pm
Posts: 122
Orion33 wrote:
I try to run with another port 1703, but tunnel ty my provider was not created too. Openl2tpd was running, listening port (443 or 1703), but tunnel not created to port 1701. I think, this is a bug

I don't understand what you are trying to do. If you set openl2tpd to listen on port 443, that's the port that the L2TP client will need to use to setup the L2TP tunnel to your box.

To verify openl2tpd works as expected, I set it to listen on port 49999 and then create a loopback tunnel to that port. See below.

I expect that there is a firewall in the way and it is dropping either the initial SCCRQ or the SCCRP that your server sends back. Try to get packet logs at each side.

Code:
# start openl2tp server, listening on port 49999
# openl2tpd -d all -u 49999

# prove that it is listening
# netstat -anu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
udp        0      0 0.0.0.0:39937               0.0.0.0:*
udp        0      0 127.0.0.1:4500              0.0.0.0:*
udp        0      0 127.0.0.1:53                0.0.0.0:*
.......
udp        0      0 0.0.0.0:49999               0.0.0.0:*
.......
udp        0      0 ::1:53                      :::*
udp        0      0 ::1:500                     :::*
udp        0      0 ::1:123                     :::*
udp        0      0 :::123                      :::*

# create a loopback tunnel to port 49999
# l2tpconfig
l2tp> tunnel create dest_ipaddr=127.0.0.1 peer_udp_port=49999 tunnel_name=one
Created tunnel 9898
l2tp> tunnel list
   TunId             Peer            Local  PeerTId ConfigId            State
    9898        127.0.0.1        127.0.0.1    25670        1      ESTABLISHED
*  25670        127.0.0.1        127.0.0.1     9898        2      ESTABLISHED

# Dump info about the tunnel.
# Note the UDP ports are ephemeral - they have been negotiated with the peer
# during L2TP tunnel setup
l2tp> tunnel show tunnel_name=one
Tunnel 9898, from 127.0.0.1 to 127.0.0.1:-
  state: ESTABLISHED
  created at:  Sep 29 17:29:37 2010
  administrative name: 'one'
  created by admin: YES, tunnel mode: LAC
  peer tunnel id: 25670, host name: NOT SET
  UDP ports: local 55372, peer 40161
  authorization mode: NONE, hide AVPs: OFF, allow PPP proxy: OFF
  session limit: 0, session count: 0
  tunnel profile: default, peer profile: default
  session profile: default, ppp profile: default
  hello timeout: 60, retry timeout: 1, idle timeout: 0
  rx window size: 10, tx window size: 10, max retries: 5
  use udp checksums: ON
  do pmtu discovery: OFF, mtu: 1460
  framing capability: SYNC ASYNC, bearer capability: DIGITAL ANALOG
  use tiebreaker: OFF
  trace flags: NONE
  peer vendor name: Katalix Systems Ltd. Linux-2.6.25.14-108.fc9.x86_64 (x86_64)
  peer protocol version: 1.0, firmware 263
  peer framing capability: SYNC ASYNC
  peer bearer capability: DIGITAL ANALOG
  peer rx window size: 10
  Transport status:-
    ns/nr: 2/1, peer 2/1
    cwnd: 3, ssthresh: 10, congpkt_acc: 0
  Transport statistics:-
    out-of-sequence control/data discards: 0/0
    zlbs tx/txfail/rx: 1/0/1
    retransmits: 0, duplicate pkt discards: 0, data pkt discards: 0
    hellos tx/txfail/rx: 0/0/0
    control rx packets: 2, rx bytes: 172
    control tx packets: 3, tx bytes: 192
    data rx packets: 0, rx bytes: 0, rx errors: 0
    data tx packets: 0, tx bytes: 0, tx errors: 0
    establish retries: 0
l2tp>


Top
 Profile  
 
 Post subject: Re: How to run with another port?
PostPosted: Thu Sep 30, 2010 9:37 am 

Joined: Mon Aug 30, 2010 7:10 pm
Posts: 15
jchapman wrote:
I don't understand what you are trying to do. If you set openl2tpd to listen on port 443, that's the port that the L2TP client will need to use to setup the L2TP tunnel to your box.

I don't want to ask my office admin to open 1701 port and try to use opened: ftp, https, proxy ect
jchapman wrote:
To verify openl2tpd works as expected, I set it to listen on port 49999 and then create a loopback tunnel to that port. See below.

Ok, I create tunnel from local computer to opened port too, but I can't to connect to my provider, who listen port 1701 as default. Maybe when server start with other port it's use this to connect with provider too? I could set udp_port=1701 in tunnel profile, but parser not understant this parameter...
jchapman wrote:
I expect that there is a firewall in the way and it is dropping either the initial SCCRQ or the SCCRP that your server sends back. Try to get packet logs at each side.

Firewall rules is accept by default


Top
 Profile  
 
 Post subject: Re: How to run with another port?
PostPosted: Wed Oct 06, 2010 10:30 pm 
Site Admin

Joined: Sun Jul 27, 2008 1:39 pm
Posts: 122
Orion33 wrote:
Ok, I create tunnel from local computer to opened port too, but I can't to connect to my provider, who listen port 1701 as default. Maybe when server start with other port it's use this to connect with provider too? I could set udp_port=1701 in tunnel profile, but parser not understant this parameter...

If you choose to use a non-standard port, the peer must also be configured to use that same port. It sounds like you don't have control of both sides. So you have to use the port your peer expects (port 1701).


Top
 Profile  
 
 Post subject: Re: How to run with another port?
PostPosted: Thu Oct 07, 2010 9:24 am 

Joined: Mon Aug 30, 2010 7:10 pm
Posts: 15
jchapman wrote:
If you choose to use a non-standard port, the peer must also be configured to use that same port.

Why? It's limitation protocol or your programm?


Top
 Profile  
 
 Post subject: Re: How to run with another port?
PostPosted: Thu Oct 07, 2010 11:09 am 
Site Admin

Joined: Sun Jul 27, 2008 1:39 pm
Posts: 122
Orion33 wrote:
jchapman wrote:
If you choose to use a non-standard port, the peer must also be configured to use that same port.

Why? It's limitation protocol or your programm?

Of course not. It's the way TCP/UDP communications work. If I have a server listening on port 4242, any client will need to direct its packets to port 4242 in order to open a connection with that server. You can't change port numbers like you are trying to do unless you change both sides.

You must use the port number expected by the peer. In your case, you don't own the box you are trying to connect to so you can't change the port number it uses.


Top
 Profile  
 
 Post subject: Re: How to run with another port?
PostPosted: Thu Oct 07, 2010 2:57 pm 

Joined: Mon Aug 30, 2010 7:10 pm
Posts: 15
jchapman wrote:
Of course not. It's the way TCP/UDP communications work. If I have a server listening on port 4242, any client will need to direct its packets to port 4242 in order to open a connection with that server. You can't change port numbers like you are trying to do unless you change both sides.

You must use the port number expected by the peer. In your case, you don't own the box you are trying to connect to so you can't change the port number it uses.

Ok. And if I try use two daemoon? One for listening port 4242, other for connect to my provider by port 1701 - will it work?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group