[Openswan Users] no connection is known for...
Mark Frost
mfrost at westnet.com
Sun May 23 01:20:30 CEST 2004
Hmmm. I just ran a tcpdump on the OpenSwan gateway and after I start
the XP side, I see lots of
00:09:47.142305 IP X.X.X.X > Y.Y.Y.Y: icmp 348: X.X.X.X udp port 500
unreachable
00:09:48.554227 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 I ident
again,
where
X.X.X.X = public/external address of OpenSwan gateway
Y.Y.Y.Y = public/external address of local Linksys router (WinXP client end)
So if I'm reading this right, the OpenSwan gateway is not able to send
UDP packets to port 500 on my Linksys router. It's not clear to me how
I can tell why -- is it my ISP, or is it my Linksys box somehow?
I am not currently trying to make L2TP work. The instructions I've been
going through on Jacco de Leeuw's web site talk about getting the
OpenSwan part working first, then once that's going, messing with L2TP.
<http://www.jacco2.dds.nl/contact/index.html>
Thanks
Mark
Juha Pietikäinen wrote:
>Hi,
>
>according your secure log an IPsec connection is now established. I guess
>that you might have some kind of problem with upper layer protocols (UDP or
>L2TP).
>
>Have you tried to capture network traffic with Ethereal or tcpdump from your
>linux server?
>
>Is there any L2TP traffic between your remote Windows XP host and your Linux
>server?
>
>It seems to be that my own ADSL-router doesn't support directly ESP
>transport mode, which is needed by Windows XP:s L2TP/IPsec client (My
>previous messages handles this issue). I am waiting for new firmware and I
>hope that it will fix the problem with my router.
>
>It may be that you might also have problems with your ADSL-router. I have
>incorrect checksum errors with incoming UDP packets which contain L2TP
>packets inside. Packets are rejected due to checksum errors generated in
>ADSL-router.
>
>I have managed to get L2TP/IPsec connection working only in LAN-environment.
>
>
>Juha Pietikäinen
>
>
>
>>>>
>>>>
More information about the Users
mailing list