[Openswan Users] pluto aborted
David Spear
dspear at telus.net
Wed Feb 9 14:08:44 CET 2005
Hi folks:
Not sure if maybe I should be posting to another newsgroup, as this
appears to be more of a PPP issue but:
I set up Openswan 2.3.0 as my IPSEC gateway using X.509 certs for
authentication. This works well with a manual ipsec connection (Marcus
Mueller's ipsec.exe, etc.)
For ease of roll-out and minimization of training, I'd like to use the
MS L2TP/IPSEC client (Win 2000/XP). So, I downloaded and configured
l2tpd. So far so good. Now, I've disabled ppp authentication by
putting
"noauth"
into /etc/ppp/options.l2tpd
I am hoping/guessing that this would override any settings in
/etc/l2tpd/l2tpd.conf such as:
"require chaps = yes" or
"refuse pap = yes"
so that I could eliminate ppp authentication as a source of error.
Please correct me on this one if I am mistaken. Anyway, the good news:
########## /relevant log entries / ################
Feb 9 13:39:05 explorer pluto[20540]: "roadwarrior-l2tp"[4]
192.168.1.102 #4: IPsec SA established {ESP=>0x8c0443e7 <0xaf46a723}
Feb 9 13:39:08 explorer l2tpd[20764]: control_finish: Connection
established to 192.168.1.102, 1701. Local: 7463, Remote: 4. LNS
session is 'default'
Feb 9 13:39:08 explorer l2tpd[20764]: control_finish: Call established
with 192.168.1.102, Local: 10376, Remote: 1, Serial: 0
############## end logs ##########################
So, near as I can tell, IPSEC tunnel has been established and l2tp
tunnel is established. Now, the bad news:
############## pppd log #############
Feb 9 13:39:08 explorer pppd[20779]: no device specified and stdin is
not a tty
Feb 9 13:39:08 explorer l2tpd[20764]: network_thread: tossing read
packet, error = Bad file descriptor (9). Closing call.
Feb 9 13:39:08 explorer l2tpd[20764]: call_close: Call 10376 to
192.168.1.102 disconnected
Feb 9 13:39:08 explorer l2tpd[20764]: write_packet: Bad file
descriptor(9)
############# end log ####################
So, it ain't quite there yet... I'm wondering if anybody has any clue
what is causing this? I am guessing maybe a missing /dev/ppp or
/dev/ppp0 to write to? I really don't know. I've gotten pppd working
as a dial-in server years ago and recall that it was just a bastard to
set up.
Thanks
Dave
More information about the Users
mailing list