2006NX - L2TP futsch

M Goeres · Beitrag von **M Goeres** » Do 05.04.2007, 10:46

Sry das der Beitrag Off-Topic ist, aber 2006er sind auch noch im Einsatz

Habe im Zuge der Wartung mal einige Systeme auf den letzten Stand gebracht (P10), was ja auch einen Reboot nach sich zieht.
Bei einer Appliance ist nun der L2TP-Dienst "verloren" gegangen. Im Manger ist er unter den Diensten nicht mehr vorhanden und im System-Log erscheinen folgende Eintraege:

---schnipp
Apr 5 10:26:57 securepoint keytable:
Apr 5 10:26:57 securepoint rc: Starting keytable: succeeded
Apr 5 10:26:57 securepoint random: Initializing random number generator: succeeded
Apr 5 10:26:57 securepoint ipsec: ipsec_setup: Starting strongSwan IPsec 2.5.7...
Apr 5 10:26:57 securepoint ipsec: ipsec_setup: Using /lib/modules/2.4.33.2-grsec/kernel/net/ipsec/ipsec.o
Apr 5 10:26:58 securepoint ipsec: ipsec_setup: WARNING: changing route filtering on ppp0 (changing /proc/sys/net/ipv4/conf/ppp0/rp_filter from 1 to 0)
Apr 5 10:26:59 securepoint ipsec: OK
Apr 5 10:26:59 securepoint rc: Starting ipsec: succeeded
Apr 5 10:26:59 securepoint pptpd: pptpd startup succeeded
Apr 5 10:27:03 securepoint sendmail: sendmail startup succeeded
Apr 5 10:27:03 securepoint sendmail: sm-client startup succeeded
Apr 5 10:27:04 securepoint squid: Starting squid:
Apr 5 10:27:06 securepoint squid: .
Apr 5 10:27:06 securepoint squid:
Apr 5 10:27:06 securepoint rc: Starting squid: succeeded
Apr 5 10:27:06 securepoint l2tpd: This binary does not support kernel L2TP.
Apr 5 10:27:06 securepoint l2tpd: l2tpd startup succeeded
Apr 5 10:27:08 securepoint virusscan: pop3proxy startup succeeded
Apr 5 10:27:08 securepoint sshd: succeeded
Apr 5 10:27:08 securepoint correctpermissions: Correct Directory- and Filepermissions...
Apr 5 10:27:09 securepoint correctpermissions: completed.
Apr 5 10:27:09 securepoint rc: Starting correctpermissions: succeeded
Apr 5 10:27:10 securepoint lighttpd: lighttpd startup succeeded
Apr 5 10:27:10 securepoint sec-server: Starting sec-server:
Apr 5 10:27:12 securepoint ddclient: WARNING: file /etc/ddclient.conf: file /etc/ddclient.conf must be accessible only by its owner (fixed).
Apr 5 10:27:12 securepoint ddclient: ddclient startup succeeded
Apr 5 10:27:15 securepoint sec-server:
Apr 5 10:27:16 securepoint rc: Starting sec-server: succeeded
Apr 5 10:27:16 securepoint crond: crond startup succeeded
Apr 5 10:27:17 securepoint dnsrelay: dnsmasq startup succeeded
Apr 5 10:27:19 securepoint spuva: Opening Database...
Apr 5 10:27:19 securepoint spuva: OK
Apr 5 10:27:19 securepoint spuva: spuva startup succeeded
Apr 5 10:27:19 securepoint rc: Starting netlog: succeeded
Apr 5 10:27:19 securepoint rc: Starting shaper: succeeded
Apr 5 10:27:19 securepoint rc: Starting src_route: succeeded
Apr 5 10:27:21 securepoint trafficd: mkdir:
Apr 5 10:27:21 securepoint rc: Starting trafficd: succeeded
Apr 5 10:27:58 securepoint l2tpd: l2tpd shutdown failed
Apr 5 10:27:58 securepoint l2tpd: init_network: Unable to bind socket. Terminating.
Apr 5 10:27:58 securepoint l2tpd: l2tpd startup failed
Apr 5 10:38:19 securepoint l2tpd: l2tpd shutdown succeeded
Apr 5 10:38:19 securepoint l2tpd: This binary does not support kernel L2TP.
Apr 5 10:38:19 securepoint l2tpd: l2tpd startup succeeded
---schnapp

Der letzte Eintrag kann nicht stimmen, denn alle Anfragen per L2TP werden als "Payload_Malformed" abgewiesen.

Wo kann/soll ich ansetzen um alles wieder an den Start zu bekommen....?

Gruss

M.Goeres

achim · Beitrag von **achim** » Do 05.04.2007, 11:14

Wenn im Manager der Eintrag fehlt, könnte in der Datei /var/opt/securepoint5.0/conf etwas verloren gegangen sein.

Für l2TP sollten dies folgende Einträge sein:

Service12=l2tpd
Execute12=/etc/rc.d/init.d/l2tpd
Setstartup12=1
Startup12=S26l2tpd
Process12=l2tpd

Ich würde die Datei jedoch mal mit einer "funktionierenden" vergleichen.
Wir hatten dieses Problem früher nach einem "Re-Configuration" im Boot-Menü.

Vieleicht hilft's.

Achim

philipp · Beitrag von **philipp** » Do 05.04.2007, 11:28

Hallo Herr Goeres,
die Datei /opt/securepoint5.0/conf/services.ini scheint nicht vollständig zu sein.
Eine vollständige Datei sieht wie folgt aus:

Code: Alles auswählen

Service01=squid
Execute01=/etc/rc.d/init.d/squid
Setstartup01=0
Startup01=S25squid
Process01=squid

Service02=pptp
Execute02=/etc/rc.d/init.d/pptp
Setstartup02=0
Startup02=S25pptpd
Process02=pptpd

Service03=ipsec
Execute03=/etc/rc.d/init.d/ipsec
Setstartup03=0
Startup03=S25ipsec
Process03=pluto

Service04=sendmail
Execute04=/etc/rc.d/init.d/sendmail
Setstartup04=1
Startup04=S25sendmail
Process04=sendmail

Service05=dhcpd
Execute05=/etc/rc.d/init.d/dhcpd
Setstartup05=0;
Startup05=S70dhcpd
Process05=dhcpd

Service06=pppoe
Execute06=/etc/rc.d/init.d/pppoe
Setstartup06=0
Startup06=S11pppoe
Process06=pppd

Service07=ddclient
Execute07=/etc/rc.d/init.d/ddclient
Setstartup07=0
Startup07=S99ddclient
Process07=ddclient

Service08=lighttpd
Execute08=/etc/rc.d/init.d/lighttpd
Setstartup08=1
Startup08=S75lighttpd
Process08=lighttpd

Service09=spuva
Execute09=/etc/rc.d/init.d/spuva
Setstartup09=1
Startup09=S94spuva
Process09=spuva

Service10=dnsrelay
Execute10=/etc/rc.d/init.d/dnsrelay
Setstartup10=0
Startup10=S93dnsrelay
Process10=dnsmasq

Service11=virusscan
Execute11=/etc/rc.d/init.d/virusscan
Setstartup11=0
Startup11=S30virusscan
Process11=dansguardian

Service12=l2tpd
Execute12=/etc/rc.d/init.d/l2tpd
Setstartup12=0
Startup12=S26l2tpd
Process12=l2tpd

Wahrscheinlich fehlen die beiden letzten Einträge. Fügen Sie diese einfach wieder hinzu.

M Goeres · Beitrag von **M Goeres** » Do 05.04.2007, 16:07

Danke fuer die schnelle Hilfe.
virusscan und l2tp waren nicht mehr in der Konfiguration (ini).

Gruss

M.Goeres