Pages

15/12/2021

Mikrotik RouterOS - "received unsupported protocol 0x2145"

I've recently been playing with L2TP tunnels between Cisco and Mikrotik gear in an LAC/LNS type configuration. The L2TP tunnel was coming up but any traffic across the tunnel would fail. Enabling l2tp logging on the Mikrotik router revealed the error "received unsupported protocol 0x2145"

Google didn't give any direct solutions but did give a few clues suggesting it might be related to "Protocol Field Compression" (PFC),  and reading RFC 1661 yielded a bit more information on how it should work.

Fortunately I was able to find a fix.

 
https://humornama.com/wp-content/uploads/2020/08/Leonardo-DiCaprio-laughing-meme-template-of-Django-Unchained-1024x1024.jpg
A Mikrotik bug? Never!


Preface

I experienced this issue with RouterOS version 6.48.6 on an RB4011 and IOS version 15.3(3)XB12 on a Cisco 3825. I've not checked other versions to see if the issue is present, or indeed if the fix works.

Troubleshooting

Armed with the information I found on a mailing list and the RFC I had a rough idea that I needed to look at PFC, so I ran some packet captures whilst bringing up the L2TP tunnel.
 
PPP Encapsulated ping


 
 Looking at the PPP encapsulated ICMP ping from the Cisco router, we can see it's sent the single byte '21' for the protocol field. Note the byte next to it is '45'

If we look at the PPP LCP rejection response from the Mikrotik, we can see it's rejecting the unknown protocol field 0x2145, suggesting its attempting to read 2 bytes instead of 1.


PPP LCP Reject message
 
So at this stage I'm pretty confident I've identified the issue, but how can I fix it?
 

The fix(es)

Unfortunately I wasn't able to find any information on getting the Mikrotik (RouterOS v6) to work with a compressed protocol field and there's no relevant settings in the L2TP or PPP sections. Upgrading the Mikrotik to RouterOS v7 resolves the issue, however it only came out recently so some caution should be used before using it in production...
 
After much googling, with the usual frustration of dead links and 404s from the Cisco website, I finally found a relevant document ACFC and PFC Handling During PPP Negotiation - it doesn't entirely match my setup with a GroupAsync interface, but I thought I'd try it. With a little trial and error I found the required command that disables the Protocol Field Compression and gets things working:

interface Group-Async0
  ppp pfc local forbid


 
With the required command entered I restarted the L2TP tunnel and I could successfully ping across the tunnel - success! I thought I'd take another packet capture to be sure, and it confirmed that 2 byte protocol fields were being sent:

PPP encapsulated ICMP Ping with 2 Byte Protocol Field

Whilst looking through various bits of documentation I wondered if it could also be fixed on the the other side of the PPP connection. In my case I'm using wvdial and pppd on Debian.

Looking in /etc/ppp/options I found a relevant section:

# Disable protocol field compression negotiation (use default, i.e.
# protocol field compression disabled).
#-pc

And sure enough uncommenting the -pc line resolved the issue. Possibly less useful as it requires changes to every client, but still worth knowing.

Summary

So to conclude, it seems like the Mikrotik L2TP server is misbehaving. I suspect it should reject PCF if it doesn't support it, but I've looked at enough RFCs for one day. Disabling PCF elsewhere in the chain fixes the issue, and that's good enough for me.


No comments:

Post a Comment