<div dir="ltr"><div><div><div><div>Hi all,<br><br></div> I just installed openswan 2.6.39 and xl2tp 1.3.1 on a PPC platform which is a IPSEC client off a VPN server running on Centos. I was able to create IPSEC channel. But, I had difficulty to get L2TP tunnel created. It looked L2TP traffic were unable to go though IPSEC NAT-d port. <br>
<br><br>Here is my ipsec.conf:<br><br><br>version 2.0 # conforms to second version of ipsec.conf specification<br><br>config setup<br># virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.0.100.0/24">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.0.100.0/24</a><br>
virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:!172.16.0.0/12">10.0.0.0/8,%v4:192.168.0.0/16,%v4:!172.16.0.0/12</a><br># virtual_private=%v4:0.0.0.0<br> nat_traversal=yes<br> protostack=netkey<br>
plutostderrlog=/var/log/pluto.log<br> oe=no<br> # Replace eth0 with your network interface<br> plutoopts="--interface=eth0"<br> plutodebug=crypt<br> nhelpers=0<br># keep_alive=600<br> <br>
conn L2TP-PSK<br> authby=secret<br> pfs=no<br> auto=add<br> keyingtries=3<br> forceencaps=yes<br> rekey=no<br># ikelifetime=8h<br># keylife=1h<br> type=transport<br> # Replace IP address with your local IP (private, behind NAT IP is okay as well)<br>
left=172.16.201.83<br> leftnexthop=%defaultroute<br> leftprotoport=17/1701<br> # Replace IP address with your VPN server's IP<br> right=172.16.201.199<br> rightprotoport=17/0<br> rightnexthop=%defaultroute<br>
dpddelay=30<br> dpdtimeout=120<br># dpdaction=clear<br><br><br><br><br></div>Here is my xl2tp.conf:<br><br>[global]<br>debug state = yes<br>debug packet = yes<br>debug network = yes<br>debug tunnel = yes<br><br>
[lac vpn-connection]<br>lns = 172.16.201.199<br>ppp debug = yes<br>pppoptfile = /etc/ppp/options.l2tpd.client<br>length bit = yes<br><br><br><br><br></div>Here is my options.l2tpd.client:<br><br>ipcp-accept-local<br>ipcp-accept-remote<br>
#refuse-eap<br>#require-mschap-v2<br>noccp<br>noauth<br>crtscts<br>idle 1800<br>mtu 1410<br>mru 1410<br>nodefaultroute<br>#usepeerdns<br>debug<br>lock<br>connect-delay 5000<br>name user1<br>password admin<br><br><br><br></div>
Here was dump from VPN server on port 4500:<br><br><br>15:34:58.784391 IP 172.16.201.83.ipsec-nat-t > 172.16.201.199.ipsec-nat-t: truncated-udplength 0<br>15:34:58.784398 IP 172.16.201.83.ipsec-nat-t > 172.16.201.199.ipsec-nat-t: truncated-udplength 0<br>
15:34:58.784400 IP 172.16.201.83.ipsec-nat-t > 172.16.201.199.ipsec-nat-t: truncated-udplength 0<br>15:34:58.784402 IP 172.16.201.83.ipsec-nat-t > 172.16.201.199.ipsec-nat-t: truncated-udplength 0<br>15:34:58.784405 IP 172.16.201.83.ipsec-nat-t > 172.16.201.199.ipsec-nat-t: truncated-udplength 0<br>
15:34:58.784407 IP 172.16.201.83.ipsec-nat-t > 172.16.201.199.ipsec-nat-t: truncated-udplength 0<br>15:34:58.784409 IP 172.16.201.83.ipsec-nat-t > 172.16.201.199.ipsec-nat-t: truncated-udplength 0<br><br><div><div><br>
<br></div><div>and xl2tpd had timeout on L2TP tunnel setup traffic:<br><br>2tpd[4476]: Connecting to host 172.16.201.199, port 1701<br>xl2tpd[4476]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.<br>packet dump: <br>
HEX: { C8 02 00 6E 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 01 00 08 00 00 00 02 01 00 00 0A 00 00 00 03 00 00 00 03 00 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 06 90 00 13 00 00 00 07 58 43 31 33 30 37 2D 31 35 35 32 34 38 00 13 00 00 00 08 78 65 6C 65 72 61 6E 63 65 2E 63 6F 6D 00 08 00 00 00 09 2F D7 00 08 00 00 00 0A 00 04 }<br>
ASCII: { n XC1307-155248 <a href="http://xelerance.com">xelerance.com</a> / }<br>xl2tpd[4476]: control_finish: sending SCCRQ<br>xl2tpd[4476]: network_thread: select timeout<br>
xl2tpd[4476]: network_thread: select timeout<br>xl2tpd[4476]: network_thread: select timeout<br>xl2tpd[4476]: network_thread: select timeout<br>xl2tpd[4476]: network_thread: select timeout<br>xl2tpd[4476]: Maximum retries exceeded for tunnel 12247. Closing.<br>
packet dump: <br>HEX: { C8 02 00 2D 00 00 00 00 00 01 00 00 00 08 00 00 00 00 00 04 00 08 00 00 00 09 2F D7 00 11 00 00 00 01 00 01 00 00 54 69 6D 65 6F 75 74 }<br>ASCII: { - / Timeout}<br>
xl2tpd[4476]: Connection 0 closed to 172.16.201.199, port 1701 (Timeout)<br>xl2tpd[4476]: network_thread: select timeout<br>xl2tpd[4476]: network_thread: select timeout<br>xl2tpd[4476]: network_thread: select timeout<br><br>
</div><div><br><br><br></div><div>Any helps are appreciated.<br><br><br><br><br><br><br></div><div>Willy <br></div><div><br></div></div></div>