<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:10pt"><DIV>Hi List,</DIV>
<DIV>&nbsp;</DIV>
<DIV>I have a centos 5.4 + xl2tpd 1.2.5 compiled from source, openswan stock from centos 5.4&nbsp;2.6.21</DIV>
<DIV>&nbsp;</DIV>
<DIV>ipsec was able to established, but an error in xl2tpd with maximum retries exceed appears on log file this is</DIV>
<DIV>the same config i have on different machine before without a hiccup. can some one shed some light thanks in advance</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>please find the following excerpt log,</DIV>
<DIV>&nbsp;</DIV>
<DIV>Jan&nbsp; 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: responding to Quick Mode proposal {msgid:01000000}<BR>Jan&nbsp; 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2:&nbsp;&nbsp;&nbsp;&nbsp; us: 222.xx.xx.162&lt;222.xx.xx.162&gt;[+S=C]:17/1701---222.xx.xx.161<BR>Jan&nbsp; 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2:&nbsp;&nbsp; them: 58.69.86.62[192.168.2.254,+S=C]:17/1701===192.168.2.254/32<BR>Jan&nbsp; 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1<BR>Jan&nbsp; 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2<BR>Jan&nbsp; 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<BR>Jan&nbsp; 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1]
 58.69.86.62 #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=&gt;0x0589839b &lt;0xdfb44f01 xfrm=AES_128-HMAC_SHA1 NATOA=192.168.2.254 NATD=58.69.86.62:4500 DPD=none}</DIV>
<DIV>&nbsp;</DIV>
<DIV>Jan&nbsp; 8 02:36:08 tcmr xl2tpd[6518]: Maximum retries exceeded for tunnel 1127.&nbsp; Closing.<BR>Jan&nbsp; 8 02:45:04 tcmr xl2tpd[6518]: Connection 63 closed to 58.69.86.62, port 1701 (Timeout)<BR>Jan&nbsp; 8 02:45:09 tcmr xl2tpd[6518]: Maximum retries exceeded for tunnel 5511.&nbsp; Closing.</DIV>
<DIV>&nbsp;</DIV>
<DIV>my config snippet is</DIV>
<DIV>&nbsp;</DIV>
<DIV>version 2.0&nbsp;&nbsp;&nbsp;&nbsp; # conforms to second version of ipsec.conf specification<BR>config setup<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; interfaces=%defaultroute<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; klipsdebug=none<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; plutodebug=none<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; nat_traversal=yes<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; virtual_private=%v4:192.168.0.0/24,%v4:192.168.1.0/24,%v4:192.168.2.0/24<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; protostack=netkey<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; oe=off</DIV>
<DIV>conn %default<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyingtries=3<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; disablearrivalcheck=no<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authby=secret<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; type=tunnel<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyexchange=ike<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ikelifetime=240m<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keylife=60m</DIV>
<DIV>conn roadwarrior-net<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftsubnet=192.168.0.0/24<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; also=roadwarrior</DIV>
<DIV>conn roadwarrior-all<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftsubnet=0.0.0.0/0<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; also=roadwarrior</DIV>
<DIV>conn roadwarrior-l2tp<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftprotoport=17/1701<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightprotoport=17/%any<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; also=roadwarrior</DIV>
<DIV>conn roadwarrior<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pfs=no<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; left=222.xxx.xxx.162<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftnexthop=222.xx.xx.161<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; right=%any<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightsubnet=vhost:%no,%priv<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auto=add<BR></DIV>
<DIV>&nbsp;</DIV>
<DIV>[global]<BR>port=1701<BR>;listen-addr = 192.168.0.1<BR>;<BR>; requires openswan-3.1 or higher<BR>;ipsec saref = yes<BR>;<BR>debug tunnel = yes</DIV>
<DIV>[lns default]<BR>ip range = 192.168.0.180-192.168.0.185<BR>local ip = 192.168.0.1<BR>require chap = yes<BR>refuse pap = yes<BR>require authentication = yes<BR>name = LinuxVPNserver<BR>ppp debug = yes<BR>pppoptfile = /etc/ppp/options.xl2tpd<BR>length bit = yes<BR></DIV><!-- cg26.c1.mail.mud.yahoo.com compressed/chunked Wed Jan  6 17:35:15 PST 2010 --></div><br>



      </body></html>