Tunnel destroyed: no aknowledgements from peers

L2TP related questions
Post Reply
sbb
Posts: 3
Joined: 12 Jul 2020, 17:51

Tunnel destroyed: no aknowledgements from peers

Post by sbb »

Hello,
i kindly ask you a hint on what is wrong with my config.

I am having connection problems from a Windows 10 VPN client ( built-in client from the control panel ),
to a Linux VPN server running on a Linux AWS EC2 instance.
The security group is configured to allow all traffic from my home external IP.

The logs at /var/log/accel-ppp/accel-ppp.log say:

Code: Select all

[2020-07-12 18:12:37]:  info: l2tp: recv [L2TP tid=0 sid=0 Ns=0 Nr=0 <Message-Type Start-Ctrl-Conn-Request> <Protocol-Version 256> <Framing-Capabilities 1> <Bearer-Cap$
[2020-07-12 18:12:37]:  info: l2tp: handling SCCRQ from 94.66.223.221
[2020-07-12 18:12:37]:  info: l2tp: new tunnel 4246-12 created following reception of SCCRQ from 94.66.223.221:1701
[2020-07-12 18:12:37]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): sending SCCRP
[2020-07-12 18:12:37]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:12:37]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 1 message sent from send queue
[2020-07-12 18:12:38]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #1
[2020-07-12 18:12:38]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protoco$
[2020-07-12 18:12:38]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:12:40]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #2
[2020-07-12 18:12:40]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protoco$
[2020-07-12 18:12:40]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:12:44]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #3
[2020-07-12 18:12:44]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protoco$
[2020-07-12 18:12:44]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:12:52]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #4
[2020-07-12 18:12:52]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protoco$
[2020-07-12 18:12:52]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:13:08]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #5
[2020-07-12 18:13:08]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protoco$
[2020-07-12 18:13:08]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=0 Nr=1 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <$
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 1 message added to reception queue
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 1 message acked by peer
[2020-07-12 18:13:22]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): recv [L2TP tid=4246 sid=0 Ns=1 Nr=1 <Message-Type Start-Ctrl-Conn-Connected>]
[2020-07-12 18:13:22]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): handling SCCCN
[2020-07-12 18:13:22]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): established at 172.31.8.169:1701
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 1 message processed from reception queue
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 0 message sent from send queue
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): sending ZLB
[2020-07-12 18:13:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2]
[2020-07-12 18:14:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): sending HELLO
[2020-07-12 18:14:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:22]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): 1 message sent from send queue
[2020-07-12 18:14:23]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #1
[2020-07-12 18:14:23]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:23]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:25]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #2
[2020-07-12 18:14:25]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:25]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:29]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #3
[2020-07-12 18:14:29]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:29]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:37]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #4
[2020-07-12 18:14:37]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:37]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:53]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmission #5
[2020-07-12 18:14:53]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): retransmit (timeout) [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:14:53]: debug: l2tp tunnel 4246-12 (94.66.223.221:1701): send [L2TP tid=12 sid=0 Ns=1 Nr=2 <Message-Type Hello>]
[2020-07-12 18:15:09]:  warn: l2tp tunnel 4246-12 (94.66.223.221:1701): no acknowledgement from peer after 5 retransmissions, deleting tunnel
[2020-07-12 18:15:09]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): deleting tunnel
[2020-07-12 18:15:09]:  info: l2tp tunnel 4246-12 (94.66.223.221:1701): tunnel destroyed

My /etc/accel-ppp.conf :

Code: Select all

[modules]
log_file

pptp
l2tp

radius

ippool

pppd_compat



[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4

[common]

[ppp]
verbose=3
min-mtu=1280
mtu=1400
mru=1400
ipv4=require
ipv6=deny
ipv6-intf-id=0:0:0:1
ipv6-peer-intf-id=0:0:0:2
ipv6-accept-peer-intf-id=1
lcp-echo-interval=20
lcp-echo-timeout=120
unit-cache=1

[auth]

[pptp]
verbose=3
bind=172.31.8.169
echo-interval=30
mppe=prefer
ip-pool=pool1

[pppoe]
verbose=1
called-sid=mac
interface=eth0

[l2tp]
verbose=3
bind=172.31.8.169
host-name=ec2-52-214-19-54.eu-west-1.compute.amazonaws.com
mppe=prefer
ip-pool=pool2
hello-interval=60

[sstp]
verbose=1

[ipoe]
verbose=1
username=ifname
lease-time=600
renew-time=300
max-lease-time=3600
shared=0
ifcfg=1
mode=L2
start=dhcpv4
interface=eth0

[dns]
dns1=8.8.8.8
dns2=8.8.4.4

[wins]

[radius]
dictionary=/usr/local/share/accel-ppp/radius/dictionary
nas-identifier=accel-ppp
nas-ip-address=127.0.0.1
gw-ip-address=172.31.0.1
server=127.0.0.1,testing123,auth-port=1812,acct-port=1813,req-limit=50,fail-timeout=0,max-fail=10,weight=1
dae-server=127.0.0.1:3799,testing123
verbose=1
interim-verbose=1
acct-on=1
acct-interim-interval=500

[client-ip-range]
0.0.0.0/0

[ip-pool]
gw-ip-address=172.31.0.1
attr=Framed-Pool
172.31.0.2-254,name=pool1
172.31.0.2-254,name=pool2


[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
copy=1
level=5

[log-pgsql]
conninfo=user=log
log-table=log

[pppd-compat]
verbose=1
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
radattr-prefix=/var/run/radattr

[chap-secrets]
gw-ip-address=192.168.100.1


[shaper]
up-limiter=police
down-limiter=tbf
verbose=1


[cli]
verbose=1
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001

[snmp]
master=0
agent-name=accel-ppp

[connlimit]
limit=10/min
burst=3
timeout=60

[ipv6-pool]
fc00:0:1::/48,64
fc00:0:2::/48,64,name=pool1
fc00:0:3::/48,64,name=pool2,next=pool1
delegate=fc00:1::/36,48
delegate=fc00:2::/36,48,name=pool3
delegate=fc00:3::/36,48,name=pool4,next=pool3

[ipv6-dns]

[ipv6-dhcp]
verbose=1
pref-lifetime=604800
valid-lifetime=2592000
route-via-gw=1

My /etc/ipsec.conf :

Code: Select all

config setup
        plutodebug=none        
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.152.2.0/24
        protostack=netkey


conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT


conn L2TP-PSK-noNAT
    dpdaction=clear
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    ike=aes256-sha1,aes128-sha1,3des-sha1
    type=transport
    #left=127.0.0.1
    left=%defaultroute
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
    dpddelay=30
    dpdtimeout=120
dimka88
Posts: 866
Joined: 13 Oct 2014, 05:51
Contact:

Re: Tunnel destroyed: no aknowledgements from peers

Post by dimka88 »

Helo @sbb, do you have already connected some device from `94.66.223.221`?
sbb
Posts: 3
Joined: 12 Jul 2020, 17:51

Re: Tunnel destroyed: no aknowledgements from peers

Post by sbb »

dimka88 wrote: 13 Jul 2020, 08:22 Helo @sbb, do you have already connected some device from `94.66.223.221`?
That's my home address.

I was only connected to the server from it via SSH terminal, and i have tried connecting to VPN as well.

Maybe my ISP is blocking inbound packets to port UDP 1701, but not outgoing ones?

From the logs, it seems that the server received the request from 94.66.223.221:1701 , but was not able to reply to the same address and port.

So i have just to add a firewall rule (port forwarding) on my home router ?
sbb
Posts: 3
Joined: 12 Jul 2020, 17:51

Re: Tunnel destroyed: no aknowledgements from peers

Post by sbb »

I have tried forwarding the port 1701.
The result is the same...
Post Reply