Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] L2TP tunnel is unable to establish on the LNS router

0

0

Article ID: KB37604 KB Last Updated: 29 Sep 2021Version: 1.0
Summary:

This article explains the L2TP control plane messages. These messages are communicated during the L2TP tunnel building process. They are sent between LAC (L2TP access concentrator) and LNS (L2TP network server) routers. These messages can be useful for troubleshooting 'L2TP tunnel is unable to establish' issues.

Symptoms:

The L2TP tunnel is unable to establish on the LNS router. The command "show services l2tp tunnel" shows no tunnel.

Solution:
  1. To troubleshoot this L2TP tunnel issue, configure the L2TP traceoption, and check the trace log. While checking the L2TP trace logs, note the process of tunnel establishing with the following Control Plane message types to identify where the issue may be:

    • (SCCRQ) Start-Control-Connection-Request
    • (SCCRP) Start-Control-Connection-Reply
    • (SCCCN) Start-Control-Connection-Connected
    • (StopCCN) Stop-Control-Connection-Notification
  2. From the LNS router L2TP traceoption logs, review the log messages bellow.  This LNS router received SCCRQ message from LAC router. The LAC router sends SCCRQ message to request the tunnel building to LNS router.

    Sep 22 13:27:34.906404 receive: received L2TP packet type sccrq, from remote address 10.242.188.94, remote port  1701, for local address 10.242.189.85, local port 1701, tunnel Id 0x0, session Id 0x0
    Sep 22 13:27:34.906720 run: tunnel, runEventIndex = : state = idle, event = sccrq, next state = txSccrp
    Sep 22 13:27:34.906746 run: SM tunnel, L2tpTunnel 0x9, enter State idle, exit State txSccrp, current event sccrq
  3. Then the LNS router sends the SSCRP message to LAC, as shown below. The LNS router sends a reply message back to LAC. SSCRP is the reply message:

    Sep 22 13:27:34.907160 send: send L2TP packet type sccrp, for remote  address 10.242.188.94, remote port 1701, from local address 10.242.189.85, local port 1701, L2tpTunnel 0x9, remote tunnel Id 328, local tunnel Id 62019, remote session Id 0, local session Id 0, Ns 0, Nr 1, re-tries 0
    Sep 22 13:27:34.910039 run: SM tunnel, L2tpTunnel 0x9, enter State txSccrp, exit State waitCtlConn, current event txComplete
  4. The LNS router will receive the SCCCN message from LAC, which means the connection is made between them.

    Sep 22 13:27:34.909989 receive: received L2TP packet type scccn, from remote address 10.242.188.94, remote port  1701, for local address 10.242.189.85, local port 1701, tunnel Id 0x62019, session Id 0x0
    Sep 22 13:27:34.910154 run: tunnel, runEventIndex = : state = waitCtlConn, event = scccn, next state = established
    Sep 22 13:27:34.910172 run: SM tunnel, L2tpTunnel 0x9, enter State waitCtlConn, exit State established, current event scccn
  5. Once SCCCN message is received. The tunnel should go to an 'UP' state. The following message states the tunnel is established, and LNS router started to send L2TP packet zlb.

    Sep 22 13:27:34.911295 setMibState: L2tpTunnel 0x9, LocalTunnelId 0xf243, Changing tunnel mibState from connecting to established
    Sep 22 13:27:34.911361 sendZLB: send L2TP packet type zlb, for remote  address 10.242.188.94, remote port 1701, from local address 10.242.189.85, local port 1701, L2tpTunnel 0x9, tunnel Id 328, session Id 0, Ns 1, Nr 2
  6. In some cases, if the LNS router received a StopCCN message from LAC, which would cause a tunnel disconnection, then it would turn to a 'DOWN' state. The following log message is shows the StopCCN message is used to terminate the L2TP tunnel.

    Sep 22 13:27:39.914841 receive: received L2TP packet type stopCcn, from remote address 10.242.188.94, remote port  1701, for local address 10.242.189.85, local port 1701, tunnel Id 0x62019, session Id 0x0
    <-snip->
    Sep 22 13:27:39.914952 receiveStopCcn: Received stopCcn from 1 0x1fd 10.242.188.9410.242.189.85 - result code = error
    Sep 22 13:27:39.914975 run: tunnel, runEventIndex = : state = established, event = stopCcn, next state = disconnecting
    Sep 22 13:27:39.914995 run: SM tunnel, L2tpTunnel 0x9, enter State established, exit State disconnecting, current event stopCcn
    Sep 22 13:27:39.915645 run: tunnelRecovery, runEventIndex = : state = idle, event = terminate, next state = idle
    Sep 22 13:27:39.915682 run: SM tunnelRecovery, L2tpTunnel 0x9, enter State idle, exit State idle, current event terminate
    Sep 22 13:27:39.915703 setIfOperStatus: L2tpTunnel 0x9, LocalTunnelId 0xf243, Changing tunnel ifOperStatus from Up to Down


The recommendation is to check the following:

  • Why the LAC sends the StopCCN message
  • Configuraton on LNS
  • LAC routers

With the control messages during the L2TP tunnel building process, you should be able to find out what phase of tunnel establishment the issue occurred.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search