[Openswan Users] l2tp stops with pocket PC 2003 (MDA3) client

Nico Schmoigl mailinglisten at schmoigl-online.de
Sat Sep 10 22:41:39 CEST 2005


Hi experts out there,

after your marvelous help with my last certificate issue, I managed to 
get it working on Windows 2000/XP clients with a set of reduced 
certificates. As I've read on 
http://www.jacco2.dds.nl/networking/freeswan-pocketpc.html that also my 
smartphone could do the same VPN stuff as my Windows Notebook, I decided 
to have a look on it. Importing is not easy, but feasable. However, I 
get stopped at a point where at least two other's got stopped too. Look at

http://lists.openswan.org/pipermail/users/2004-December/003239.html
and
http://lists.virus.org/users-openswan-0409/msg00106.html

To make it short: NAT and X509 is no problem; the secure channel gets 
created without any problem. L2TP then invoked, however, the entire 
protocol does not go right through. It stops after the message "will use 
flow control". This reads for example like this:

Sep 10 21:17:02 boss l2tpd[8800]: ourcid = 7411, entropy_buf = 1cf3
Sep 10 21:17:02 boss l2tpd[8800]: check_control: control, cid = 0, Ns = 
0, Nr = 0
Sep 10 21:17:02 boss l2tpd[8800]: handle_avps: handling avp's for tunnel 
51937, call 7411
Sep 10 21:17:02 boss l2tpd[8800]: message_type_avp: message type 1 
(Start-Control-Connection-Request)
Sep 10 21:17:02 boss l2tpd[8800]: protocol_version_avp: peer is using 
version 1, revision 0.
Sep 10 21:17:02 boss l2tpd[8800]: framing_caps_avp: supported peer 
frames: sync
Sep 10 21:17:02 boss l2tpd[8800]: bearer_caps_avp: supported peer bearers:
Sep 10 21:17:02 boss l2tpd[8800]: firmware_rev_avp: peer reports 
firmware version 1026 (0x0402)
Sep 10 21:17:02 boss l2tpd[8800]: hostname_avp: peer reports hostname 
'Pocket_PC_Nico'
Sep 10 21:17:02 boss l2tpd[8800]: vendor_avp: peer reports vendor 
'Microsoft200^H'
Sep 10 21:17:02 boss l2tpd[8800]: assigned_tunnel_avp: using peer's 
tunnel 16
Sep 10 21:17:02 boss l2tpd[8800]: receive_window_size_avp: peer wants 
RWS of 8.  Will use flow control.
Sep 10 21:17:02 boss l2tpd[8800]: control_finish: Peer requested tunnel 
16 twice, ignoring second one.

And after 2 seconds, l2tpd gets timed out.

Sep 10 21:17:04 boss l2tpd[8800]: control_xmit: Maximum retries exceeded 
for tunnel 46089.  Closing.
Sep 10 21:17:04 boss l2tpd[8800]: call_close : Connection 16 closed to 
192.168.1.40, port 1701 (Timeout)

My first assumption then was that I do have a MTU issue, thus I tried 
different overridemtu= settings. No change
Then I thought about the fact, that l2tpd is quite oldish and that 
perhaps the PocketPC stuff might have some nasty stuff in there, which 
the server implementation does not like (wouldn't be the first time). I 
then tried to switch to RP-L2TP but did not succeed either.
My latest idea was that there might be some packets dropping due to NAT. 
I switched klips into debug mode, but you'll see packets flow through 
back and forth.

Does someone have another idea on this issue?

Thanks for your help!


73
  Nico

--

EMail: nico at schmoigl-online.de
PGP-fingerprint: 5DDB 09E4 3FF3 CD09 7559  1117 9C03 46E3 38FC 9E03
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s-:-- a-- C++ UL++ P L+++ E- W++ N+ o- K- w
O- M- V- PS PE Y+ PGP++ t+ 5++ X R tv- b- DI- D
G e h-- r- y+
------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please note my special spam and email virus information at
http://www.schmoigl-online.de/spam/spam.html . Thank you!

Bitte beachten Sie meine speziellen Informationen zu Spam und
EMail-Viren auf der Seite
http://www.schmoigl-online.de/spam/spam.html .
Vielen Dank!

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPwk70ZwDRuM4/J4DEQKc2gCg73ROAg86gwuECwjbOu8eRxMPRasAoI9Q
IZoZSWmFmSz0Dq53f7CsReUz
=1U0h
-----END PGP SIGNATURE-----



More information about the Users mailing list