lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 27 Mar 2013 20:56:54 +0000
From:	James Chapman <jchapman@...alix.com>
To:	Tomas Agartz <tlund@....se>
CC:	netdev@...r.kernel.org
Subject: Re: unmanaged L2TPv3 ethernet pseudowire Cisco <=> Linux

On 27/03/13 20:08, Tomas Agartz wrote:
> On Tue, 26 Mar 2013, James Chapman wrote:
> 
>> The issue is that Linux and Cisco use a different default for the
>> L2SpecificSublayer header setting and neither implementation provides
>> a config option to change its setting. :-( The Linux default is to use
>> the Default L2SpecificSublayer as defined in the RFC. Unfortunately
>> the Cisco default is to use no L2SpecificSublayer.
>>
>> The kernel already has an API to allow the L2SpecificSublayer setting
>> to be configured. The missing piece is an iproute2 l2tp config option
>> to configure it. I'll work on an iproute2 patch now to allow this
>> setting to be configured.
> 
> I patched my iproute2 with your patch and now my tunnel is working.
> Thank you! :)

Great. Thanks for reporting back.

>> For unmanaged tunnels, these parameters must be manually configured
>> consistently at each side. Both Cisco and Linux default to use no
>> cookies and both already have config parameters to set cookie
>> parameters, if needed. However, for L2SpecificSublayer this isn't the
>> case. We need to add a config option on the Linux side to force the
>> same setting as Cisco is using.
> 
> Does the API in the kernel allow you to set the cookie? In that case it
> seems like a good idea to add that to iproute2 as well?

It is already supported. See the cookie and peer_cookie parameters of ip
l2tp add session.

ip l2tp help
or
man ip-l2tp

James

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ