Hi Daniel,<br><br>Thanks for your response!<br>Indeed it can be quite useful when someone explains what he tries to do....<br>uuugh...<br>Ok, So I have a VPS server running ubuntu 10.04. <br>I've been using openvpn which works perfectly, but I wanted to use ipsec because it's more secure (not really an issue actually but it's just sounds cool :) and I wanted native support for my android phone.<br>
So my requirements were an ipsec solution with the obvious choice of l2tp and xl2tpd as it's the main documented option... well at least for as my google skills go...<br>I need this to work in a roadwarrior setup as I'm using it from my laptop and from my phone, both switch ip's often...<br>
Ok...<br>found the problem... it's the firewall of the internet connection at my friends place... <br>He was kind enough to let me stay at his house while he's on vacation, but now I found out his router is the fault and I'm chasing a ghost... When I make a connection from my phone with wifi turned off it works! Next step is going to be hacking his router... ;)<br>
<br>Anyways thanks for your attention...<br><br>Regards,<br><br><div class="gmail_quote">On Wed, Jul 18, 2012 at 11:39 PM, Daniel Cave <span dir="ltr"><<a href="mailto:dan.cave@me.com" target="_blank">dan.cave@me.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Geert,<br>
<br>
Having read your email and its obvious you're doing as much diagnostic to work out whats happening here, but I've not used L2tp over ipsec, however I'm just trying to get a handle on where you're stuck.<br>
<br>
Am I right in thinking your L2TP tunnel is failing to establish? so that you can run IP between it and setup routing between your local subnets?<br>
<br>
I'm guessing that either your configuration at both/one end is not correct or you're trying to do something rather unusual. Can you explain to us exactly what you're trying to achieve and why/what you're expecting to happen<br>
<br>
An ansi scematic might help of your LHS/RHS and overlay of L2TP and routing requirements ?<br>
<br>
Hope to help<br>
<br>
Regards<br>
Dan<br>
<div><div class="h5"><br>
<br>
On 18 Jul 2012, at 19:47, geert geurts wrote:<br>
<br>
> Hi all!<br>
><br>
> ok got a bit further...<br>
> below the output of tcpdump -vv host XX.XX.XX.0 and proto 17 to dump all UDP packet from XX.XX.XX.0 to check if packets actually get in...<br>
> 20:32:28.881603 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 120)<br>
> 85.17.206.174.isakmp > ip0-139-173-82.adsl2.static.versatel.nl.isakmp: isakmp 1.0 msgid cookie ->: phase 2/others ? inf[E]: [encrypted hash]<br>
> 20:32:58.913884 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 120)<br>
> ip0-139-173-82.adsl2.static.versatel.nl.isakmp > 85.17.206.174.isakmp: [no cksum] isakmp 1.0 msgid cookie ->: phase 2/others ? inf[E]: [encrypted hash]<br>
><br>
> Then I've check strace of xl2tpd to see how it responds to these packets.<br>
> below the output of strace xltpd -D (server-side):<br>
> execve("/usr/sbin/xl2tpd", ["xl2tpd", "-D"], [/* 18 vars */]) = 0<br>
> brk(0) = 0x1d23000<br>
><br>
> ...(I left out allot of messages concerning xl2tpd startup)<br>
><br>
> write(2, "xl2tpd[8571]: Listening on IP ad"..., 63xl2tpd[8571]: Listening on IP address XX.XX.XX.174, port 1701<br>
> ) = 63<br>
> select(5, [3 4], NULL, NULL, NULL<br>
><br>
> And it stays there...<br>
> No output after this, so somehow the packets do endup at the server, but are not picked up by xl2tpd...<br>
> I'm completely stuck here...<br>
><br>
> Any suggestions are more then welcome!<br>
><br>
> Thanks!<br>
><br>
> Regards,<br>
> Geert<br>
><br>
</div></div>> _______________________________________________<br>
> <a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
> <a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br>
Regards<br>
<br>
Dan.<br>
<br>
</blockquote></div><br>