Giters

wlanslovenija / tunneldigger

L2TPv3 VPN tunneling solution

Home Page:http://tunneldigger.readthedocs.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Failed to create tunnel while processing prepare request

kevin-olbrich opened this issue · comments

commented

After successfully establishing a single tunnel (sometimes none), I get these errors and hundreds of dead tunnel interfaces:

May 30 13:54:26 gateway01.hw.freifunk.net python2[975]: [INFO/tunneldigger.broker] Creating tunnel (30b5c2382c36) with id 129.
May 30 13:54:26 gateway01.hw.freifunk.net systemd-udevd[2118]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
May 30 13:54:26 gateway01.hw.freifunk.net python2[975]: [ERROR/tunneldigger.broker] Unhandled exception while creating tunnel 129:
May 30 13:54:26 gateway01.hw.freifunk.net python2[975]: [ERROR/tunneldigger.broker] Traceback (most recent call last):
May 30 13:54:26 gateway01.hw.freifunk.net python2[975]:   File "/usr/lib64/python2.7/site-packages/tunneldigger_broker/broker.py", line 115, in create_tunnel
May 30 13:54:26 gateway01.hw.freifunk.net python2[975]:     tunnel.setup_tunnel()
May 30 13:54:26 gateway01.hw.freifunk.net python2[975]:   File "/usr/lib64/python2.7/site-packages/tunneldigger_broker/tunnel.py", line 156, in setup_tunnel
May 30 13:54:26 gateway01.hw.freifunk.net python2[975]:     raise TunnelSetupFailed
May 30 13:54:26 gateway01.hw.freifunk.net python2[975]: TunnelSetupFailed
May 30 13:54:26 gateway01.hw.freifunk.net python2[975]: [WARNING/tunneldigger.protocol] Failed to create tunnel (30b5c2382c36) while processing prepare request.
commented

Seems like this fails (in tunnel.py):

        try:
            nat = netfilter.table.Table('nat')
            nat.append_rule('L2TP_PREROUTING_%s' % self.broker.tunnel_manager.namespace, self.prerouting_rule)
            nat.append_rule('L2TP_POSTROUTING_%s' % self.broker.tunnel_manager.namespace, self.postrouting_rule)
        except netfilter.table.IptablesError:
            raise TunnelSetupFailed

Unfortunately tunneldigger isn't great at error reporting, all the details are thrown away here. You could try replaying the last two lines by

        except netfilter.table.IptablesError as err:
            logger.error("Netfilter error while setting up NAT: %s" % err)
            raise TunnelSetupFailed

That should put a more useful error message into the log. What does it say?

commented

This should definitely be in the sources.
Error was:
message: iptables: No chain/target/match by that name.
We are handling iptables in our own firewall using shorewall which caused the chains to disappear on rule reload.
I commented out both nat rules and broker is working fine again.

commented

This should definitely be in the sources.

Probably not like this, but rather something that attaches the original error to the TunnelSetupFailed.

Could you open an issue to track throwing away error information? This is not the only place where errors gets dropped.

I commented out both nat rules and broker is working fine again.

You mean you changed tunneldigger to not emit these rules? That shouldn't work, these are needed for all the connections to share the same port on the server.