[Openswan Users] Opwenswan and L2TP Problem !

Jacco de Leeuw jacco2 at dds.nl
Tue Jun 7 00:48:21 CEST 2005

Stanislav Nedelchev wrote:

> l2tpd-0.70-pre20031121.orig
> with this patch
> l2tpd_0.70-pre20031121-2.diff

Looks like the Debian version. Are you using Debian? What kernel
are you using? What version of Openswan? What do Openswan's startup
messages say?

>> If you are using KLIPS you cannot use NAT-T with a PSK (as far as I know).
> But one peer is not NAT-ed.

Ah, I see. It was not clear to me that you tried twice with and without NAT.

> conn roadwarrior
>        authby=secret
>        right=%any

Is this supported by KLIPS nowadays? What if you use the IP address of
the client here? (And also change the IP address in ipsec.secrets).

> This is the log file for peet that is not NAT-ed
> Jun  6 22:15:44 fw l2tpd[21242]: control_xmit: Unable to deliver closing
> message for tunnel 33619. Destroying anyway.

Did you clear rp_filter?
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter

If all else fails you can send me your (compressed) ipsec barf, or you
can upload it somewhere for anyone to investigate.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list