[Openswan Users] no connection is known for...
Mark Frost
mfrost at westnet.com
Mon May 24 10:14:08 CEST 2004
Juha,
Well don't I ever feel stupid. Yes, that was it. My l2tpd was not
running (deliberately). I had assumed that the Windows side would show
an error immediately, not timeout. I fired it up and now it gets
further, but it still craps out.
Now on the Windows side after dialout, I get a TCP/IP CP error message
52 saying there's a duplicate name on the network. However, in the
messages log, on the Openswan/l2tpd server I see
May 24 09:11:24 outpost pppd[6629]: Couldn't set pass-filter in kernel:
Invalid argument
May 24 09:11:24 outpost pppd[6629]: CHAP peer authentication succeeded
for mfrost
May 24 09:11:24 outpost pppd[6629]: local IP address 172.16.0.49
May 24 09:11:24 outpost pppd[6629]: remote IP address 192.168.1.101
May 24 09:11:24 outpost pppd[6629]: IPCP terminated by peer
(^JM-ELM-v^@<M-Mt^@^@^@4)
May 24 09:11:24 outpost pppd[6629]: LCP terminated by peer
(^JM-ELM-v^@<M-Mt^@^@^@^@)
May 24 09:11:27 outpost pppd[6629]: Connection terminated.
I'm assuming that now I'd need to take this to another mailing list (if
there's one for l2tpd? or perhaps pppd?).
Thanks
Mark
Juha Pietikäinen wrote:
>Hi,
>
>I would suggest that you set up Openswan servers L2TP part and try with it.
>Plain IPsec should work if you get IPsec SA established in your secure log.
>
>I'm not familiar with ICMP 348. UDP 348 seems to be Cabletron Management
>Protocol and I've never heard about it. Maybe you have some kind of special
>application running on Windows XP client that tries to send these packets
>via IPsec tunnel to the Openswan server.
>
>I haven't tried connection without L2TPD installed on the Openswan server.
>
>If you are still having troubles, it would be good idea to test your
>L2TP/IPsec connection first from the same LAN as your Openswan server if
>this is possible. This will help you to ensure that you have working server
>configuration. Things come more complicated with Internet.
>
>
>Regards
>
>Juha Pietikäinen
>
>
>----- Original Message -----
>From: "Mark Frost" <mfrost at westnet.com>
>To: "Juha Pietikäinen" <juha.pietikainen at connet.net>
>Cc: <users at lists.openswan.org>
>Sent: Sunday, May 23, 2004 7:20 AM
>Subject: Re: [Openswan Users] no connection is known for...
>
>
>
>
>>Hmmm. I just ran a tcpdump on the OpenSwan gateway and after I start
>>the XP side, I see lots of
>>
>>00:09:47.142305 IP X.X.X.X > Y.Y.Y.Y: icmp 348: X.X.X.X udp port 500
>>unreachable
>>00:09:48.554227 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 I ident
>>
>>again,
>>where
>>X.X.X.X = public/external address of OpenSwan gateway
>>Y.Y.Y.Y = public/external address of local Linksys router (WinXP client
>>
>>
>end)
>
>
>>So if I'm reading this right, the OpenSwan gateway is not able to send
>>UDP packets to port 500 on my Linksys router. It's not clear to me how
>>I can tell why -- is it my ISP, or is it my Linksys box somehow?
>>
>>I am not currently trying to make L2TP work. The instructions I've been
>>going through on Jacco de Leeuw's web site talk about getting the
>>OpenSwan part working first, then once that's going, messing with L2TP.
>><http://www.jacco2.dds.nl/contact/index.html>
>>
>>Thanks
>>
>>Mark
>>
>>Juha Pietikäinen wrote:
>>
>>
>>
>>>Hi,
>>>
>>>according your secure log an IPsec connection is now established. I guess
>>>that you might have some kind of problem with upper layer protocols (UDP
>>>
>>>
>or
>
>
>>>L2TP).
>>>
>>>Have you tried to capture network traffic with Ethereal or tcpdump from
>>>
>>>
>your
>
>
>>>linux server?
>>>
>>>Is there any L2TP traffic between your remote Windows XP host and your
>>>
>>>
>Linux
>
>
>>>server?
>>>
>>>It seems to be that my own ADSL-router doesn't support directly ESP
>>>transport mode, which is needed by Windows XP:s L2TP/IPsec client (My
>>>previous messages handles this issue). I am waiting for new firmware and
>>>
>>>
>I
>
>
>>>hope that it will fix the problem with my router.
>>>
>>>It may be that you might also have problems with your ADSL-router. I have
>>>incorrect checksum errors with incoming UDP packets which contain L2TP
>>>packets inside. Packets are rejected due to checksum errors generated in
>>>ADSL-router.
>>>
>>>I have managed to get L2TP/IPsec connection working only in
>>>
>>>
>LAN-environment.
>
>
>>>Juha Pietikäinen
>>>
>>>
>>>
>>>
>>>
>>>>>>
>>>>>>
More information about the Users
mailing list