[Openswan Users] no connection is known for...

Mark Frost mfrost at westnet.com
Mon May 24 10:14:08 CEST 2004


Juha,

Well don't I ever feel stupid.  Yes, that was it.  My l2tpd was not 
running (deliberately).  I had assumed that the Windows side would show 
an error immediately, not timeout.  I fired it up and now it gets 
further, but it still craps out.

Now on the Windows side after dialout, I get a TCP/IP CP error message 
52 saying there's a duplicate name on the network.  However, in the 
messages log, on the Openswan/l2tpd server I see

May 24 09:11:24 outpost pppd[6629]: Couldn't set pass-filter in kernel: 
Invalid argument
May 24 09:11:24 outpost pppd[6629]: CHAP peer authentication succeeded 
for mfrost
May 24 09:11:24 outpost pppd[6629]: local  IP address 172.16.0.49
May 24 09:11:24 outpost pppd[6629]: remote IP address 192.168.1.101
May 24 09:11:24 outpost pppd[6629]: IPCP terminated by peer 
(^JM-ELM-v^@<M-Mt^@^@^@4)
May 24 09:11:24 outpost pppd[6629]: LCP terminated by peer 
(^JM-ELM-v^@<M-Mt^@^@^@^@)
May 24 09:11:27 outpost pppd[6629]: Connection terminated.

I'm assuming that now I'd need to take this to another mailing list (if 
there's one for l2tpd? or perhaps pppd?).

Thanks

Mark

Juha Pietikäinen wrote:

>Hi,
>
>I would suggest that you set up Openswan servers L2TP part and try with it.
>Plain IPsec should work if you get IPsec SA established in your secure log.
>
>I'm not familiar with ICMP 348. UDP 348 seems to be Cabletron Management
>Protocol and I've never heard about it. Maybe you have some kind of special
>application running on Windows XP client that tries to send these packets
>via IPsec tunnel to the Openswan server.
>
>I haven't tried connection without L2TPD installed on the Openswan server.
>
>If you are still having troubles, it would be good idea to test your
>L2TP/IPsec connection first from the same LAN as your Openswan server if
>this is possible. This will help you to ensure that you have working server
>configuration. Things come more complicated with Internet.
>
>
>Regards
>
>Juha Pietikäinen
>
>
>----- Original Message ----- 
>From: "Mark Frost" <mfrost at westnet.com>
>To: "Juha Pietikäinen" <juha.pietikainen at connet.net>
>Cc: <users at lists.openswan.org>
>Sent: Sunday, May 23, 2004 7:20 AM
>Subject: Re: [Openswan Users] no connection is known for...
>
>
>  
>
>>Hmmm.  I just ran a tcpdump on the OpenSwan gateway and after I start
>>the XP side, I see lots of
>>
>>00:09:47.142305 IP X.X.X.X > Y.Y.Y.Y: icmp 348: X.X.X.X udp port 500
>>unreachable
>>00:09:48.554227 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 I ident
>>
>>again,
>>where
>>X.X.X.X = public/external address of OpenSwan gateway
>>Y.Y.Y.Y = public/external address of local Linksys router (WinXP client
>>    
>>
>end)
>  
>
>>So if I'm reading this right, the OpenSwan gateway is not able to send
>>UDP packets to port 500 on my Linksys router.  It's not clear to me how
>>I can tell why -- is it my ISP, or is it my Linksys box somehow?
>>
>>I am not currently trying to make L2TP work.  The instructions I've been
>>going through on Jacco de Leeuw's web site talk about getting the
>>OpenSwan part working first, then once that's going, messing with L2TP.
>><http://www.jacco2.dds.nl/contact/index.html>
>>
>>Thanks
>>
>>Mark
>>
>>Juha Pietikäinen wrote:
>>
>>    
>>
>>>Hi,
>>>
>>>according your secure log an IPsec connection is now established. I guess
>>>that you might have some kind of problem with upper layer protocols (UDP
>>>      
>>>
>or
>  
>
>>>L2TP).
>>>
>>>Have you tried to capture network traffic with Ethereal or tcpdump from
>>>      
>>>
>your
>  
>
>>>linux server?
>>>
>>>Is there any L2TP traffic between your remote Windows XP host and your
>>>      
>>>
>Linux
>  
>
>>>server?
>>>
>>>It seems to be that my own ADSL-router doesn't support directly ESP
>>>transport mode, which is needed by Windows XP:s L2TP/IPsec client (My
>>>previous messages handles this issue).  I am waiting for new firmware and
>>>      
>>>
>I
>  
>
>>>hope that it will fix the problem with my router.
>>>
>>>It may be that you might also have problems with your ADSL-router. I have
>>>incorrect checksum errors with incoming UDP packets which contain L2TP
>>>packets inside. Packets are rejected due to checksum errors generated in
>>>ADSL-router.
>>>
>>>I have managed to get L2TP/IPsec connection working only in
>>>      
>>>
>LAN-environment.
>  
>
>>>Juha Pietikäinen
>>>
>>>
>>>
>>>      
>>>
>>>>>>            
>>>>>>


More information about the Users mailing list