I'm setting up an l2tp-over-ipsec VPN. It sort of works, but I'm seeing a high packet loss (10% to 70% when pinging with 800 byte packets). The loss is because some fraction of the outgoing packets are corrupted -- not dropped, but garbage, therefore not valid pings.
I've tracked this down to the ppp layer. Sniffing the ppp0 interface shows normal pings going out. Sniffing the ipsec0 interface shows these pings wrapped in ppp, wrapped in l2tp, wrapped in UDP, etc., but some fraction of the ppp packets are corrupted: they consist of a piece of the ping data (the payload of the icmp ping packet), therefore the ppp "header" is garbage. That is, instead of a valid ppp header and payload, there's just a piece of the data from the icmp echo request. For what it's worth, the l2tp encapsulation of this garbage looks OK.
So it looks like the pppd-l2tp daemon is either broken or misconfigured. I noticed that it is attached to /dev/ttyp0, which seems odd -- could it be that pppd is confused, sends some of the bytes to ttyp0 instead of the l2tp layer, and therefore l2tp gets junk? Any other ideas?
This thread was automatically locked due to age.