While here add a small patch disabling flow control which seems broken,
see https://github.com/xelerance/xl2tpd/issues/133 - with it, xl2tpd is
somewhat usable against npppd/isakmpd. Been running with it since 6+
months.
Discussed with sthen@
Most of our patches merged upstream, and while here remove a -Os from
CFLAGS (spotted by jca@). With this update, i've (finally!) been able to
connect to an OpenBSD VPN running isakmpd with psk/npppd.
ok sthen@ (MAINTAINER)
fragmented ppp frames while reading from pty. From Sergey's mail:
=====
xl2tpd could not correctly handle fragmented ppp frame while read it
from pty if one of consequent read operation return an error.
That's happening because xl2tpd too often cleans the buffer and
assumes that each read frame operation is performed for new frame,
since xl2tpd uses single buffer for pty and for socket read operations.
The attached patch moves all pty related buffers into _call_ context
and corrects calculation of buffer position, what fixes issue with
handling of fragmented frames. Now we can use MTU > 1000. I tested
these changes with load (L2TP tunnel without IPSec) and all seems work
normally. No more "Protocol-Reject" frames.
=====
Performance is still poor (Sergey was seeing ~2Mb/s, I am seeing less
despite low cpu use) but the tunnel now seems reliable.
xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661),
which works by opening a pseudo-tty for communicating with pppd.
L2TP allows you to tunnel PPP over UDP. Some ISPs use L2TP to tunnel user
sessions from dial-in servers (modem banks, ADSL DSLAMs) to back-end PPP
servers. Another important application is Virtual Private Networks where
the IPsec protocol is used to secure the L2TP connection (L2TP/IPsec,
RFC 3193).
