Problems establishing L2TP/PPTP connection to Internet (Cabl

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4  Next
Author Message
gute1
DD-WRT Novice


Joined: 30 May 2009
Posts: 6

PostPosted: Thu Jun 11, 2009 7:12    Post subject: Reply with quote
me too. (surprised)

I use the PPTP instead. it is not working with the FireWall, so I have disabled it for now. I am going to try soon the PPoE too.

by the way I brought 4 units of WRT54GL and I need to install 3 so I have 1 spare for tests. if you want to do it togethr.
Sponsor
jobnik
DD-WRT Novice


Joined: 27 Jun 2010
Posts: 1

PostPosted: Sun Jun 27, 2010 18:27    Post subject: Reply with quote
Hi,

I have the same problem as you guys from Israel.
I've upgraded my connection from 5Mb to 12Mb UFI and Bezeqint changed my connection type from MPLS to Dialing mode.

I couldn't connect with any provided firmwares on this website (but when it was a direct connection there was no problem at all)

Thanks to information in this thread I've downgraded my firmware to the original of Linksys and then I could connect using L2TP.

But for now I've found another good firmware from tomato:
http://www.polarcloud.com/tomato/

It has a lot of features and does connect with L2TP without any problem.

I would like to go back using the DD-WRT firmware, so please do something so it will connect using L2TP...

I see that this is not a problem of my device, but the firmware.

Thank you!
Bauer
DD-WRT Novice


Joined: 27 Jun 2007
Posts: 8

PostPosted: Sun Jun 27, 2010 20:02    Post subject: Reply with quote
jobnik wrote:
Hi,

I have the same problem as you guys from Israel.
I've upgraded my connection from 5Mb to 12Mb UFI and Bezeqint changed my connection type from MPLS to Dialing mode.

I couldn't connect with any provided firmwares on this website (but when it was a direct connection there was no problem at all)

Thanks to information in this thread I've downgraded my firmware to the original of Linksys and then I could connect using L2TP.

But for now I've found another good firmware from tomato:
http://www.polarcloud.com/tomato/

It has a lot of features and does connect with L2TP without any problem.

I would like to go back using the DD-WRT firmware, so please do something so it will connect using L2TP...

I see that this is not a problem of my device, but the firmware.

Thank you!



Glad to hear this thread has helped you.
you might want to call Bezeqint, ask them to put you back on MPLS/no dialer... if one says no, demand to speak to the supervisor, they were always friendly and allowed changing connection types like that.

I wish the DD-WRT dev team would take this seriously and ask us for further info, whatever they need to solve the problem... but doubt this is going to happen :(

another solution you could try, is maybe chain 2 routers together. 1 will dial with normal firmware, the other will DHCP from it, and have the upgraded firmware, with all the cool options :)

But I didn't have 2+ linksys routers to toy with Razz
aviad_ra
DD-WRT User


Joined: 17 Jun 2006
Posts: 103

PostPosted: Wed Jul 07, 2010 20:28    Post subject: Half working solution! Reply with quote
I found the problem! and i have a CLI fix!
now it is time for the devs to have a glance and enable the fix for everyone and for good.

I am using DD-WRT v24-sp2 (06/03/10) mega.

"teknetik" was right on the money, I found that in the configuration file /tmp/xl2tpd/xl2tpd.conf there is an entry "refuse pap". I changed it from yes to no so it looks like:
Quote:
refuse pap = no


Once I've done that the next automatic dial attempt SUCCEEDED!!!
I am now able to ping, surf, download, you name it!

However there is one problem...
as far as i can see it right now, this configuration is rather hard-coded... So any configuration change and needless to say router reboot, causes the file to be regenerated with the incorrect settings.

I say hard-coded because there is no way to change this in the web-GUI nor have I found an NVRAM setting to control this configuration... I may be wrong and suggestions are welcomed.

DEVs, please please PLEASE make this a configuration option in the web-GUI.

Thank you, Aviad.

P.S.

I'm going to file a bug report for this, so I apologize in advance for the duplication.

Also, at first i changed "require chap" to no as well but further testing proved that only the "refuse pap" change is necessary.

http://hotfortech.wikispaces.com
Bauer
DD-WRT Novice


Joined: 27 Jun 2007
Posts: 8

PostPosted: Wed Jul 07, 2010 20:56    Post subject: Re: Half working solution! Reply with quote
aviad_ra wrote:
I found the problem! and i have a CLI fix!
now it is time for the devs to have a glance and enable the fix for everyone and for good.

I am using DD-WRT v24-sp2 (06/03/10) mega.

"teknetik" was right on the money, I found that in the configuration file /tmp/xl2tpd/xl2tpd.conf there is an entry "refuse pap". I changed it from yes to no so it looks like:
Quote:
refuse pap = no


Once I've done that the next automatic dial attempt SUCCEEDED!!!
I am now able to ping, surf, download, you name it!

However there is one problem...
as far as i can see it right now, this configuration is rather hard-coded... So any configuration change and needless to say router reboot, causes the file to be regenerated with the incorrect settings.

I say hard-coded because there is no way to change this in the web-GUI nor have I found an NVRAM setting to control this configuration... I may be wrong and suggestions are welcomed.

DEVs, please please PLEASE make this a configuration option in the web-GUI.

Thank you, Aviad.

P.S.

I'm going to file a bug report for this, so I apologize in advance for the duplication.

Also, at first i changed "require chap" to no as well but further testing proved that only the "refuse pap" change is necessary.

http://hotfortech.wikispaces.com



After opening this 3+ years ago, great to see we found a solution! well done Aviad! Cool

Just out of curiosity, how did you find the file where to do it?

My old Linksys router is still working at parent's home, but I am rarely there or have a need for it unfortunately...
aviad_ra
DD-WRT User


Joined: 17 Jun 2006
Posts: 103

PostPosted: Thu Jul 08, 2010 12:00    Post subject: Reply with quote
Bauer: At first I switched to Tomato exclusively and then when i missed all my DD-WRT features (like you suggested in a previous post, even though i didn't see your post until yesterday) I brought another router from work temporarily.

So one would have Tomato and connect using L2TP and the other used DHCP (gr8 minds think alike ^_^).

Anyhow i figured that it is possible that the problem is a simple configuration change, not realizing at the time that DD-WRT uses xl2tp and tomato doesn't, so when hunting for the L2TP configurations on the two firmwares, I did not find correspondences.
with that said, as a former ISP tech supporter, I have created the dialer about 10,000 times by now, so its not that I remember that PAP needs to be checked, its that i cant forget Smile... and as the config files are in plain text the leap of understanding wasn't that high this time around.

oh and i have been working with the assumption that i have to have an MPLS connection because L2TP doesn't work with DD-WRT for 5 years now...

I'm glad the rain of terror is finely, almost over :)

BTW until this is fixed i have created a script for myself that will correct the problem automatically.

If anyone is interested its publicly available here along with other stuff I have done to my router.
sigp229
DD-WRT Novice


Joined: 08 Jul 2010
Posts: 6

PostPosted: Fri Jul 09, 2010 13:46    Post subject: Priority Tagging Reply with quote
Bauer wrote:
jobnik wrote:
Hi,

I have the same problem as you guys from Israel.
I've upgraded my connection from 5Mb to 12Mb UFI and Bezeqint changed my connection type from MPLS to Dialing mode.

I couldn't connect with any provided firmwares on this website (but when it was a direct connection there was no problem at all)

Thanks to information in this thread I've downgraded my firmware to the original of Linksys and then I could connect using L2TP.

But for now I've found another good firmware from tomato:
http://www.polarcloud.com/tomato/

It has a lot of features and does connect with L2TP without any problem.

I would like to go back using the DD-WRT firmware, so please do something so it will connect using L2TP...

I see that this is not a problem of my device, but the firmware.

Thank you!



Glad to hear this thread has helped you.
you might want to call Bezeqint, ask them to put you back on MPLS/no dialer... if one says no, demand to speak to the supervisor, they were always friendly and allowed changing connection types like that.

I wish the DD-WRT dev team would take this seriously and ask us for further info, whatever they need to solve the problem... but doubt this is going to happen :(

another solution you could try, is maybe chain 2 routers together. 1 will dial with normal firmware, the other will DHCP from it, and have the upgraded firmware, with all the cool options :)

But I didn't have 2+ linksys routers to toy with Razz


The problem with requesting no dialer is that you lose the priority tagging gained with the higher speed. At least this is the case for Bezeq Bein Leumi when speaking to their techs.
gute1
DD-WRT Novice


Joined: 30 May 2009
Posts: 6

PostPosted: Fri Jul 09, 2010 20:36    Post subject: plain instraction Reply with quote
can anyone help me how to make this fix?
my firmware version probably does not support SSH, because it is grey.
sdenn
DD-WRT Novice


Joined: 10 Jul 2010
Posts: 1

PostPosted: Sat Jul 10, 2010 12:50    Post subject: Slow L2TP connections. Overloaded WRT54GL Router Reply with quote
However, WRT54GL router is useless with UFI >12M using L2TP connection. As l2tp daemon overloaded (CPU use >80%) when downloading at >500 kByte/s (>700 kByte/s for Tomato firmware and ~600kB/s Original firmware), (Changing firmaware or overclocking will not help too much).
Until now I have not found solution to this. I have spare PC wich I will turn to router.

SO, STAY AWAY FROM WRT54GL ROUTER for >6Mbit over L2TP. You will download maximum at 750kByte/s

----
gute1
Go to Services and enable SSHd
Using WinSCP you can alter this file (by F4 on it)

Router:
http://www.speedtest.net/result/875144024.png
Direct:
http://www.speedtest.net/result/875146807.png

UPDATE:
Connecting using PPTP is still around 750 kB/s.

----
My KB: http://en.sdenn.com/



L2TP_WRT54GL.png
 Description:
Snapshoot of TOP command
 Filesize:  64.96 KB
 Viewed:  32202 Time(s)

L2TP_WRT54GL.png


aviad_ra
DD-WRT User


Joined: 17 Jun 2006
Posts: 103

PostPosted: Sat Jul 10, 2010 18:21    Post subject: Reply with quote
sdenn: as my internet connection is currently only 3Mb/s, I am not even close to seeing the problem your reporting.

Thanks for letting us know, I'll keep it in mind when its time for the upgrade.

gute1: As sdenn said you can enable SSH in the "Services" tab and then edit the file, however you could just as well perform the operation through telnet which should be enabled by default.

one more point to note is that if you manually edit the configuration file /tmp/xl2tpd/xl2tpd.conf, the change will not survive a router reboot and not even some web-GUI changes.

That is why I've created the script, but unfortunately it does require JFFS to be enabled and have some free space on it.

My script is just a stop gap solution, I am keeping up the hope that a DEV would pick up the glove and make the adjustments to the web-GUI...

however if that doesn't happen soon, with enough demand i'll make a startup script that doesn't require JFFS.

fair enough?
gute1
DD-WRT Novice


Joined: 30 May 2009
Posts: 6

PostPosted: Sat Jul 10, 2010 22:41    Post subject: Reply with quote
Hi guys,
thank you very much for the quick response.
I have 4 WRT54GL routers for about 2 years.
3 are connectet to cables thrue PPTP, and one to ADSL thrue PPPoE.
I have now upgraded 2 of the Cable connection to 12Mb
of course I get only 2-3Mb on the download, but the main reason for the upgrade was the upload.

what do you think about using an old PC as a router?
which software should I use? is DD-WRT will be the best?

I am waiting for the better script to make the move to L2TP and take advantage of the bandwidth.
aviad_ra
DD-WRT User


Joined: 17 Jun 2006
Posts: 103

PostPosted: Sun Jul 11, 2010 6:35    Post subject: Reply with quote
Hi gute1
According to sdenn's findings, the L2TP would not help with the download speed as its killing the CPU as well.

My main issue with using an old PC as a router is that the power draw of such a "router" will be between 15 to 20 times that of the linksys.

To put it bluntly, my linksys router consumes about 6W of power, and here is a list of computers I have measured with their respective power draw.

Pentium III - 45W
Athlon 64 3000+ (no HD) - 80W
C2D Q9300 +ATI HD4870 + Two HDs - 110W
C2D Q6600 +ATI HF5850 + HD - 180W

The real kicker?...Laptops...
Almost any laptop was from 15W without the screen on to about 35W with the screen and WiFi at full blast for the highest end laptop i could put my hands on.

Netbooks?
even lower at about 7 ~ 12W

Now its time to ask your self, what do you really want from DD-WRT?... I found that 90% of what i want from DD-WRT are the server abilities like the PPTP VPN and the ipkg knocked package.

So if you want my real recommendation, start thinking about splitting the router functions to a router that doesn't have the speed limitation problem and reproduce the server functions with a Laptop that you've designated to be a "Server" on your home network.

The entire rant about this is on my site.
http://hotfortech.wikispaces.com/How+to+setup+your+home+server+%26+network

I do realize that usually you cant use a laptop as the router because it doesn't have two wired network cards, but with a bit of investment that could be overcome too, but thats just an unnecessary headache.

So if you still really want to go a head with the PC as a router route, despite the power bill, here are some recommendations:

Do NOT use Pfsense, no no no !!! it is not a router it is a walking trap! trust me, you don't want to deal with "The case of the runaway broadcast" to say the least.

For a Debian based web-GUI manageable solution, this one looks like a good start:
http://www.hak5.org/episodes/episode-720

A friend of mine suggested I give ClearOS a go, while it looks good I still haven't had a chance to.
http://www.clearfoundation.com/


I'll make an effort to create a non-JFFS dependent script as soon as i get my hands on a spare Linksys.

Hope this rant helped you in any way.
aviad_ra
DD-WRT User


Joined: 17 Jun 2006
Posts: 103

PostPosted: Sun Jul 11, 2010 17:31    Post subject: non JFFS dependent l2tp fixer script Reply with quote
OK, i was able to adjust the script for non-JFFS dependent use.
(it was simple, only had to remove one segment)

I used a freshly flashed and restored to factory defaults WRT54GL v1.1 with DD-WRT v24-sp2 (06/12/10) std - r14594.

(The original JFFS dependent script is running on a WRT54GSv3)

Anyhow, here is what you need to do:
1. Set your L2TP dialer settings.
2. Go to the "Administration" tab and then "Commands".
3. Paste the script below into the text-box.

Quote:
#!/bin/sh
logger -s -p local0.notice -t L2TP_fixer "Started working, giving 20 secs for router boot"
sleep 20

logger -s -p local0.notice -t L2TP_fixer "Entering big while loop"
while [ -e /dev/null ] ;do
if [[ -e /tmp/xl2tpd/xl2tpd.conf && -n "`cat /tmp/xl2tpd/xl2tpd.conf | grep "refuse pap = yes"`" ]]
then
logger -s -p local0.notice -t L2TP_fixer "Entering small while loop"
while ! ping -c 1 www.d.co.il; do
cat /tmp/xl2tpd/xl2tpd.conf | sed s/"refuse pap = yes"/"refuse pap = no"/g > /tmp/xl2tpd/xl2tpd.conf.tmp
logger -s -p local0.notice -t L2TP_fixer "created altered file"
mv /tmp/xl2tpd/xl2tpd.conf.tmp /tmp/xl2tpd/xl2tpd.conf
logger -s -p local0.notice -t L2TP_fixer "moved the altered file into the real file place"
logger -s -p local0.notice -t L2TP_fixer "###########Blink the SES Leds###########"
tmp=50
while [ $tmp -ge 0 ]
do
/sbin/gpio enable 3
ping www.d.co.il -c 1
/sbin/gpio disable 2
/sbin/gpio enable 2
# /sbin/gpio disable 3
tmp=`expr $tmp - 1`
done

/sbin/gpio enable 2
/sbin/gpio disable 3

sleep 15
done
fi
logger -s -p local0.notice -t L2TP_fixer "sleeping for 60 seconds"
sleep 60
done


4.Hit the "Save Startup" button.
5.Reboot the router and wait for it to connect.

Assuming your settings are correct, the router should get connected (and blink the front white led) within a minute or so.
gute1
DD-WRT Novice


Joined: 30 May 2009
Posts: 6

PostPosted: Sun Jul 11, 2010 21:12    Post subject: Reply with quote
WOW you are great!!!
I will test it in a few days.
my main target of the router is for the office so PC is not a problem.
I mesured 100W on idle computer, so it is about 36NIS in the electricity bill.

I need a good VPN, firewall, complex network include vlans, multiple DHCP, multiple WAN, and if posible connection to USB cellular modem.
for my othe location I need a VoIP aware router to translate NAT for SIP protocol.
I am not a linux expert although I administrate a linux PBX in the office.

questions:
- why not use DD-WRT?
- what about the ready made router distrebutions?
- to have JFFS I need the SD card mod?
- I can do the mod, but what benafit it will gave me?
- do you know about the problem in milkfish in the voip vertion?
aviad_ra
DD-WRT User


Joined: 17 Jun 2006
Posts: 103

PostPosted: Mon Jul 12, 2010 8:05    Post subject: Reply with quote
Thank you for the compliment, i humbly accept it :)

Here are some of my opinions:
Quote:
why not use DD-WRT?

DD-WRT is really good for what it's doing, which is running on embedded devices.
I understand that you are very new to Linux (don't worry, baby steps), so u'll have to trust me... other distributions are way better to administer and my personal preference are Debian and Debian based.
again, the entire rant is on my site.

Update: one more point is that the WRT54GL can't give you wire-speed performance, and when were talking 100Mb/s thats not that great to begin with...
(remember the 6Mb/s due to CPU overload?... your probably going to run into that too)
practically any other solution of the ones below will give you at least x10 times the performance which is really going to come into play when your talking about Vlan to Vlan communication.

Quote:
what about the ready made router distrebutions?

Personally I had the distinct unfortune of using only one called Pfsense.
The experience was so bad, we coined a new phrase in our company saying:
"PfSense doesn't... make any sense that is."

But the one introduced on hak5 seems nice.

Quote:
- to have JFFS I need the SD card mod?
- I can do the mod, but what benafit it will gave me?

Not really, if for example you use the mini version you will have some space for JFFS. but doing the mod would give you a lot of space.
with that said, if your doing this for the office?
you cant rely on your soldering and DD-WRT skills (note that its not really Linux skills at this point) to hold all of your users.

in regards to the benefits, you will have enough space to start having some server services on the router... but this brings us again to the do you need a server or do you need a router question.

Quote:
- do you know about the problem in milkfish in the voip vertion?

Sorry not part of my expertise...

Quote:
I need a good VPN, firewall, complex network include vlans, multiple DHCP, multiple WAN, and if posible connection to USB cellular modem.
for my othe location I need a VoIP aware router to translate NAT for SIP protocol.
I am not a linux expert although I administrate a linux PBX in the office.


Really man... get hold of one of our ISPs or Bynet or something and ask for a Fortigate...
At our company we use the Fortinet Fortigate 110c, AFTER we ruled out a Juniper 210SRX (due to non-intuitive management interface) to do:
* multi-WAN (2 ADSLs, and 1 cable) - and we use routing rules for traffic distribution, but you could configure it to do load balancing.
* SSL VPN with client side certificate - their client is very easy to install with GPO or by going to the web-portal and agreeing to the plugin install, and this is a integrated, supported solution that just works.
* multi-DMZs - we have configured detached Vlans on it, therefore it is possible to dedicate a Vlan to be a DMZ.
* surfing AV filter - all user traffic is automatically scanned for viruses on the wire.

and we are only using about a 10th of its actual power.

try PMing me, if you wan more information about any part of this rant.
Goto page Previous  1, 2, 3, 4  Next Display posts from previous:    Page 2 of 4
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum