[Openswan Users] Opwenswan and L2TP Problem !
Stanislav Nedelchev
stanislav.nedelchev at gmail.com
Tue Jun 7 02:23:23 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Linux fw 2.4.29 #7 Mon Apr 4 17:52:13 EEST 2005 i686 unknown
5 18:45:17 fw pluto[1296]: Starting Pluto (Openswan Version 1.0.9)
i'm using slackware on this mashine .
At my home with same configuration
i can conect from my work but at home i'm using
openswan 2.2 and gentoo with kernel 2.6.11
interesting is that is have
interfaces="ipsec0=eth0" in my ipsec.conf
but there is no added ipsec0 interface
is it some reason for that ?
Jacco de Leeuw wrote:
> Stanislav Nedelchev wrote:
>
>> l2tpd-0.70-pre20031121.orig
>> with this patch
>> l2tpd_0.70-pre20031121-2.diff
>
>
> Looks like the Debian version. Are you using Debian? What kernel
> are you using? What version of Openswan? What do Openswan's startup
> messages say?
>
>>> If you are using KLIPS you cannot use NAT-T with a PSK (as far as I
>>> know).
>>
>> But one peer is not NAT-ed.
>
>
> Ah, I see. It was not clear to me that you tried twice with and without
> NAT.
>
>> conn roadwarrior
>> authby=secret
>> right=%any
>
>
> Is this supported by KLIPS nowadays? What if you use the IP address of
> the client here? (And also change the IP address in ipsec.secrets).
>
>> This is the log file for peet that is not NAT-ed
>>
>> Jun 6 22:15:44 fw l2tpd[21242]: control_xmit: Unable to deliver closing
>> message for tunnel 33619. Destroying anyway.
>
>
> Did you clear rp_filter?
> echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
>
> If all else fails you can send me your (compressed) ipsec barf, or you
> can upload it somewhere for anyone to investigate.
>
> Jacco
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCpMzaI1Upp0RIqpERAiBdAJ4r50vEXr1akYP8kaWh6LJB9b3F7gCfbBXz
0yZEiVaxHg+WmEY/lydEX9A=
=Y+nt
-----END PGP SIGNATURE-----
More information about the Users
mailing list