Hi all,<br><br>I'm having problems with my VPN.<br>ipsec section seems to work:<br>ipsec auto --up IPSECCON<br>104 "IPSECCON" #18: STATE_MAIN_I1: initiate<br>003 "IPSECCON" #18: ignoring unknown Vendor ID payload [4f454a4572405c6072657963]<br>
003 "IPSECCON" #18: received Vendor ID payload [Dead Peer Detection]<br>106 "IPSECCON" #18: STATE_MAIN_I2: sent MI2, expecting MR2<br>108 "IPSECCON" #18: STATE_MAIN_I3: sent MI3, expecting MR3<br>
003 "IPSECCON" #18: received Vendor ID payload [CAN-IKEv2]<br>004 "IPSECCON" #18: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}<br>117 "IPSECCON" #19: STATE_QUICK_I1: initiate<br>
004 "IPSECCON" #19: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x3bc11632 <0x674c80ed xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br><br>But then the l2tp tunnel won't get up...<br>
I'm running xl2tpd -D on the client side:<br>xl2tpd -D<br>xl2tpd[3159]: setsockopt recvref[22]: Protocol not available<br>xl2tpd[3159]: This binary does not support kernel L2TP.<br>xl2tpd[3159]: xl2tpd version xl2tpd-1.2.5 started on geert-K53SD PID:3159<br>
xl2tpd[3159]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.<br>xl2tpd[3159]: Forked by Scott Balmos and David Stipp, (C) 2001<br>xl2tpd[3159]: Inherited by Jeff McAdams, (C) 2002<br>xl2tpd[3159]: Forked again by Xelerance (<a href="http://www.xelerance.com">www.xelerance.com</a>) (C) 2006<br>
xl2tpd[3159]: Listening on IP address 0.0.0.0, port 1701<br><br>Then after a echo "c tunnel">/var/run/xl2tpd/l2tp-control<br>I get the following on the client side:<br><br>xl2tpd[3159]: get_call: allocating new tunnel for host XX.XX.XX.174, port 1701.<br>
xl2tpd[3159]: Connecting to host XX.XX.XX.174, port 1701<br>xl2tpd[3159]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.<br>packet dump: <br>HEX: { C8 02 00 6C 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 03 80 0A 00 00 00 04 00 00 00 00 80 08 00 00 00 06 06 90 80 11 00 00 00 07 67 65 65 72 74 2D 4B 35 33 53 44 80 13 00 00 00 08 78 65 6C 65 72 61 6E 63 65 2E 63 6F 6D 80 08 00 00 00 09 D3 B3 80 08 00 00 00 0A 00 04 }<br>
ASCII: { l geert-K53SD <a href="http://xelerance.com">xelerance.com</a> }<br>xl2tpd[3159]: control_finish: sending SCCRQ<br>xl2tpd[3159]: network_thread: select timeout<br>
xl2tpd[3159]: network_thread: select timeout<br>xl2tpd[3159]: network_thread: select timeout<br>xl2tpd[3159]: network_thread: select timeout<br>xl2tpd[3159]: network_thread: select timeout<br>xl2tpd[3159]: Maximum retries exceeded for tunnel 54195. Closing.<br>
<br>On the server side I'm running xl2tpd -D but nothing is shown there...<br>I've checked the firewall, I'm even able to connect using nc -u SERVERIP 1701, and responses are getting trough.<br>typing "fddggf" in the nc -u SERVERIP 1701 gives the following in the xl2tpd -D (server-side):<br>
<br>xl2tpd[5045]: network_thread: recv packet from XX.XX.XX.0, size = 7, tunnel = 26215, call = 2560 ref=0 refhim=0<br>packet dump: <br>HEX: { 66 64 64 67 67 66 00 }<br>ASCII: { fddggf }<br>xl2tpd[5045]: Can not find tunnel 26215 (refhim=0)<br>
xl2tpd[5045]: network_thread: unable to find call or tunnel to handle packet. call = 2560, tunnel = 26215 Dumping.<br><br><br>I don't have much experience with openswan, but I'm completely stuck here... No idea what to try...<br>
It would be great if someone could make a few suggestions.<br><br>Oh... coming to think of it xl2tpd version 1.2.7+dfsg-1 on both sides and openswan server-side: 1:2.6.32~rc3-1xelerance1, openswan client-side: 1:2.6.37-1<br>
<br>Thanks!<br><br>Regards,<br>Geert<br>