TRB500: ipsec tool missing?

mediamaster · May 18, 2025, 4:40pm

Hi,

Since FW 7.14 my l2tp-over-ipsec server stopped working properly. When I tried to connect to the VPN (e.g., from an iPhone), the logs on my TRB500 said it ran out of IP addresses. This happened for any connection, even for the very first one after a TRB500 reboot.

After digging through the config, I found in /etc/xl2tpd/xl2tpd.conf

pppoptfile = /var/etc/xl2tpd/options.xl2tpd

But this files seems to be in /var/run/, not /var/etc => I fixed this.

Furthermore, /etc/rc.d/S60xl2tpd fails to extend /var/run/xl2tpd/options.xl2tpd by the required start and end IPs: These lines never get executed:

        [ -n "$remoteip" ] && [ -n "$localip" ] && {
                SERVER=1
                echo "local ip = $localip" >> $CONFIG
                echo "ip range = $remoteip" >> $CONFIG
                echo "ms-dns $localip" >> $OPTIONS
        }

The reason is, that the check_bind() function called here

config_foreach check_bind connection "$section"

sets BIND_STOP to “yes”. This happens because

lines=$(ipsec status "${remote}-${section}" | wc -l)

evaluates to 0. If I comment out the line that checks BIND_STOP in S60xl2tpd, my iPhone connects to the L2TP server again.

Now I wonder: What is this ipsec tool? Apparently, it is not a script or an executable (at least, it is not in the PATH of my TRB500). But I think it should be part of strongswan (which is installed).

Any help is appreciated,
Adrian

Martynas · May 29, 2025, 7:47am

Hello,

Apologies for the delay. To clarify, there was a known bug affecting L2TP over IPsec where the log message Out of IP addresses on tunnel [ID]! would appear, even with no active connections, preventing new clients from connecting. This issue was addressed and resolved with the 7.14.3 firmware release.

Could you please confirm whether the issue you described is now resolved after updating to 7.14.3? Installation instructions for upgrading from 7.14 are available here.

Let me know if there are still any issues with the L2TP over IPsec VPN.

Best regards,

mediamaster · June 2, 2025, 6:07pm

Hi Martynas

Thanks for responding. I was on 17.4.2, and 17.4.3 fixed it, indeed I was unaware that this was a known bug: Is there a bug tracker somewhere?

Regards,
Adrian

Martynas · June 3, 2025, 5:35am

Hello Adrian,

Thank you for the update. I’m glad to hear that the latest firmware resolved the issue.

Unfortunately, we don’t maintain a public bug tracker. Instead, any announcements about known bugs and their fixes are typically shared in the relevant forum threads. If you’re looking for similar information in the future, you can search our forum by keywords (e.g., “L2TP,” “IPsec”) and look for posts tagged On-Hold-RND. That’s where our team updates users on upcoming fixes.

Best regards,

system · June 5, 2025, 5:36pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.