Re: [Accel-ppp-users] discarding message with invalid tid 0

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Thu, Oct 04, 2018 at 11:16:40PM +0200, Alarig Le Lay wrote:
> Hi,
> 
> I’m currently setting up a new LNS. When I try to route a line to this
> LNS, the L2TP tunnel doesn’t come up.
> 
> [2018-10-04 22:12:59]: error: genl: error talking to kernel
> [2018-10-04 22:12:59]:  warn: vlan_mon: kernel module is not loaded
> [2018-10-04 22:12:59]:  warn: l2tp: iprange module disabled, improper IP configuration of PPP interfaces may cause kernel soft lockup
> [2018-10-04 22:12:59]:  info: net-snmp: NET-SNMP version 5.7.3 AgentX subagent connected
> [2018-10-04 22:16:58]:  info: l2tp: recv [L2TP tid=0 sid=0 <Message-Type Start-Ctrl-Conn-Request> <Protocol-Version 256> <Framing-Capabilities 0> <Firmware-Revision 4400> <Host-Name ASR1002-2.PAR05> <Vendor-Name Cisco Systems, Inc.> <Assigned-Tunnel-ID 7530> <Recv-Window-Size 1024> <PPPoE-Relay-Response-Capability-AVP> <PPPoE-Service-Relay-Forward-Capability-AVP>]
> [2018-10-04 22:16:58]:  info: l2tp: handling SCCRQ from 78.41.184.80
> [2018-10-04 22:16:58]:  info: l2tp: new tunnel 803-7530 created following reception of SCCRQ from 78.41.184.80:1701
> [2018-10-04 22:16:58]:  info: l2tp tunnel 803-7530 (78.41.184.80:1701): sending SCCRP
> [2018-10-04 22:16:58]:  info: l2tp tunnel 803-7530 (78.41.184.80:1701): send [L2TP tid=7530 sid=0 <Message-Type Start-Ctrl-Conn-Reply> <Protocol-Version 256> <Host-Name accel-ppp> <Framing-Capabilities 0> <Assigned-Tunnel-ID 803> <Vendor-Name accel-ppp> <Recv-Window-Size 16>]
> [2018-10-04 22:16:59]:  warn: l2tp tunnel 803-7530 (78.41.184.80:1701): discarding message with invalid tid 0
> 
> From what I red, this kind of message should be displayed when a tunnel
> is already established, but it’s not my case.
> 
Well, the tunnel is not established yet, but it has been allocated and
associated with the 5-tuple of the original SCCRQ. Given that a SCCRP
message has been set, accel-ppp now expects a SCCCN message from the
client and that message must contain a valid Tunnel ID.

The "discarding message with invalid tid 0" may comes from a
retransmission of the original SCCRQ, which is rightfully ignored.
If it comes from a SCCCN message then you will probably need to enable
the "dir300_quirk" l2tp option, but I would be really surprised if that
was the issue.

Most likely, either the LAC does not receive the SCCRP, or the LNS
(accel-ppp) does not receive the SCCCN. Do you have some filtering
involved?

> I tried to use use-ephemeral-ports=1 but in this case there is just
> several tunnels in the starting phase.
> 
Well "use-ephemeral-ports" would ensure a unique 5-tuple for the
tunnel, but that requires the LAC and the potential middle-boxes to
accept that the LNS port can change. That is standard behaviour, but
many of them don't support it.

> This is my L2TP configuration:
> 
> [l2tp]
> verbose=1
> dictionary=/usr/share/accel-ppp/l2tp/dictionary
> mppe=deny
> dataseq=prefer
Not related to your problem, but I would advise to disable sequencing
on the data channel unless you really have a good reason for it.

> host-name=accel-ppp
> 
> And the tcpdump output:
> 22:16:58.548673 IP (tos 0xc0, ttl 249, id 16595, offset 0, flags [none], proto UDP (17), length 160)
>     asr1002-2.par05.phibee-telecom.net.l2tp > lns02.grifon.fr.l2tp: [udp sum ok]  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP() FIRM_VER(4400) *HOST_NAME(ASR1002-2.PAR05) VENDOR_NAME(Cisco Systems, Inc.) *ASSND_TUN_ID(7530) *RECV_WIN_SIZE(1024) AVP-#56() AVP-#57() VENDOR0009:ATTR006e() VENDOR0009:ATTR006f()
> 22:16:58.549454 IP (tos 0x0, ttl 64, id 55219, offset 0, flags [DF], proto UDP (17), length 112)
>     lns02.grifon.fr.l2tp > asr1002-2.par05.phibee-telecom.net.l2tp: [bad udp cksum 0x1ade -> 0x1ef0!]  l2tp:[TLS](7530/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *HOST_NAME(accel-ppp) *FRAMING_CAP() *ASSND_TUN_ID(803) VENDOR_NAME(accel-ppp) *RECV_WIN_SIZE(16)
> 
The incoming message triggering the "discarding message with invalid tid 0"
error is not shown in this capture. Could you send a more complete one? Or
even a full pcap?

Guillaume