[Openswan Users] l2tpd error receive_window_size
weirauch at checkmobile.de
weirauch at checkmobile.de
Fri Feb 6 06:41:53 EST 2009
hi all,
try to connect to my openswan box from mac osx road warrior. bought the
openswan book, congrats. cool book. read jaccos page more than a douzen
times but still miss something.
ipsec comes up, tunnel is established, but l2tpd only repeats the
following entries (see below)
l2tpd only answers if NOT bound to internal interface (eth0 in my case)
which seems to be a problem with the forwarding iptables rules?
i tried to diseable the suse firewall and applied the iptables command
from openswan (...mangle and mark ....) but then l2tpd does not answer at
all.
turning the firewall on and telling it to allow ipsec and udp 500, 4500
and 1701 leads to the output below (l2tpd anwers, but does not finish...)
helpless :-(
(i have no dhcp running, ok?)
any suggestions?
best regards,
philipp
config
Linux Openswan U2.6.19/K2.6.25.20-0.1-pw0602 (netkey)
l2tpd problem logs:
var/log/messages
Feb 6 12:27:05 vpn l2tpd[5303]: ourtid = 13259, entropy_buf = 33cb
Feb 6 12:27:05 vpn l2tpd[5303]: check_control: control, cid = 0, Ns = 0,
Nr = 0
Feb 6 12:27:05 vpn l2tpd[5303]: handle_avps: handling avp's for tunnel
13259, call 0
Feb 6 12:27:05 vpn l2tpd[5303]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 6 12:27:05 vpn l2tpd[5303]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 6 12:27:05 vpn l2tpd[5303]: framing_caps_avp: supported peer frames:
async sync
Feb 6 12:27:05 vpn l2tpd[5303]: hostname_avp: peer reports hostname ''
Feb 6 12:27:05 vpn l2tpd[5303]: assigned_tunnel_avp: using peer's tunnel
34
Feb 6 12:27:05 vpn l2tpd[5303]: receive_window_size_avp: peer wants RWS
of 4. Will use flow control.
Feb 6 12:27:05 vpn l2tpd[5303]: ourtid = 49483, entropy_buf = c14b
Feb 6 12:27:05 vpn l2tpd[5303]: check_control: control, cid = 0, Ns = 0,
Nr = 0
Feb 6 12:27:05 vpn l2tpd[5303]: handle_avps: handling avp's for tunnel
49483, call 0
Feb 6 12:27:05 vpn l2tpd[5303]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 6 12:27:05 vpn l2tpd[5303]: protocol_version_avp: peer is using
version 1, revision 0.
Feb 6 12:27:05 vpn l2tpd[5303]: framing_caps_avp: supported peer frames:
async sync
Feb 6 12:27:05 vpn l2tpd[5303]: hostname_avp: peer reports hostname ''
Feb 6 12:27:05 vpn l2tpd[5303]: assigned_tunnel_avp: using peer's tunnel
34
system configuration:
ipsec.conf
# basic configuration
config setup
nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
virtual_private=%v4:10.0.0.0/8,%v4:!192.168.229.0/24,%v4:172.31.13.0/24,%v4:192.168.178.0/24
# OE is now off by default. Uncomment and change to on, to enable.
#OE=off
#include /etc/ipsec.d/examples/no_oe.conf
# which IPsec stack to use. netkey,klips,mast,auto or none
#protostack=netkey
conn nw-l2tp-psk
left=87.253.184.140
#left=%defaultroute
#leftsubnet=192.168.229.0/24
#leftnexthop=87.253.184.28
leftprotoport=17/1701
rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
right=%any
auto=add
authby=secret
pfs=no
forceencaps=yes
my l2tpd.conf:
[global]
;listen-addr = 192.168.229.128
port= 1701
[lns default]
ip range = 192.168.229.1-192.168.229.102
local ip = 192.168.229.128
require chap = yes
refuse pap = yes
require authentication = yes
name = VPNLinuxServer
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
Philipp Weirauch
More information about the Users
mailing list