[Openswan Users] xl2tpd uses inactive mast0 interface

Sven Schiwek ml-openswan at svenux.de
Mon Nov 8 04:05:42 EST 2010 

Hi Paul,

thanks for your help.
"ifconfig mast 0000 down" or "ifconfig mast0 down" does not resolve the
problem. I think because the interface is already down.

I have recompiled Openswan with "USE_MAST=false" (I set this option in
Makefile.in is this correct?) but the interface is still available (with
ifconfig -a).

BTW: I have an error in "make minstall" (but an exitcode 0 !?) on a
standard Debian Squeeze System (with default Kernel-Headers installed
"apt-get install linux-headers-$(uname -r)"). I attached the Makefile
output.

Sven



On 11/5/2010 5:14 PM, Paul Wouters wrote:
> On Fri, 5 Nov 2010, Sven Schiwek wrote:
> 
>> I have a problem with a l2tp connection.
>> I have a W-Lan router connected to the Openswan server (via eth2),
>> Openswan is listening on eth3. When I initiate a l2tp connection from a
>> Windows 7 client via W-Lan the ipsec connection is coming up (not the
>> l2tp
>> part) but then I get this firewall log:
>>
>> Nov  5 10:51:21 misc1 kernel: [7155469.839899] iptables: INPUT deny
>> IN=mast0 OUT=
>> MAC=00:25:90:04:3d:cb:00:24:d7:01:d4:b8:08:00:45:00:00:8c:04:fa:00:00:80:11:e3:16:c0:a8:46:70:d5:dd:75:5a:06:a5:06:a5:00:78:f3:4f:c8:02:00:70:00:00:00:00:00:00:00:00:80:08
>>
>> SRC=192.168.70.112 DST=PUBLICIP LEN=140 TOS=0x00 PREC=0x00 TTL=128
>> ID=1274
>> PROTO=UDP SPT=1701 DPT=1701 LEN=120 MARK=0x80160000
>>
>> Yea, this is the mast0 interface but I have not enabled the saref patch
>> (ipsec.conf -> protostack=klips) and (xl2tpd.conf -> ipsec saref = no) so
>> why do I have traffic to this (disabled but available) interface?
>> Openswan 2.6.31 is listening on the external interface 'eth3' - so I want
>> to establish a connection from wlan-'eth2' to 'eth3'-Openswan.
> 
> Can you try: ifconfig mast 0000 down
> 
>> Btw. if I allow traffic on the (inactive) mast0 interface (no IP
>> assigned)
>> I get this xl2tpd messages:
> 
>> $> tail -f /var/log/syslog
>> Nov  5 11:54:15 misc1 xl2tpd[24410]: control_finish: Peer requested
>> tunnel
>> 11 twice, ignoring second one.
>> Nov  5 11:54:15 misc1 xl2tpd[24410]: Connection 11 closed to
>> 192.168.70.112, port 1701 (Timeout)
>> Nov  5 11:54:20 misc1 xl2tpd[24410]: Unable to deliver closing message
>> for
>> tunnel 1946. Destroying anyway.
> 
> hmm
> 
>> Any help is greatly appreciated.
> 
> I guess you can try recompiling with USE_MAST=false ?
> 
> Perhaps we should add an option to the klips module to initiate the mast0
> device or not when build as module?
> 
> Paul
> 
> 

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: make-minstall.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20101108/38f4cc6c/attachment.txt

More information about the Users mailing list