[Openswan Users] Re-2: VPN starts but fails two minutes later

Tue Aug 22 10:41:41 EDT 2006

> > When i try to create VPN, it works but it fails two minutes after!
> 
> Show us the log entries.

Here are the logs:

l2tpd[1090]: control_xmit: Maximum retries exceeded for tunnel 50027.  Closing.
Aug 22 09:08:23 pppd[1119]: Terminating on signal 15.
Aug 22 09:08:23 pppd[1119]: Modem hangup
Aug 22 09:08:23 pppd[1119]: Script /etc/ppp/ip-down started (pid 1463)
Aug 22 09:08:23 pppd[1119]: Connection terminated.
Aug 22 09:08:23 pppd[1119]: Connect time 1.1 minutes.
Aug 22 09:08:23 pppd[1119]: Sent 74 bytes, received 3808 bytes.
Aug 22 09:08:23 netsecure: PPP has gone down on ppp0
Aug 22 09:08:23 ipsec_setup: Stopping Openswan IPsec...
Aug 22 09:08:23 pluto[1393]: shutting down
Aug 22 09:08:23 pluto[1393]: forgetting secrets
Aug 22 09:08:23 pluto[1393]: "Test": deleting connection
Aug 22 09:08:23 pluto[1393]: shutting down interface ipsec0/eth2 192.168.9.235
Aug 22 09:08:23 pluto[1393]: shutting down interface ipsec0/eth2 192.168.9.235
Aug 22 09:08:24 pppd[1119]: Waiting for 1 child processes...
Aug 22 09:08:24 pppd[1119]:   script /etc/ppp/ip-down, pid 1463
Aug 22 09:08:24 kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Aug 22 09:08:24 ipsec_setup: ipsec: Device or resource busy
Aug 22 09:08:24 ipsec_setup: ...Openswan IPsec stopped
Aug 22 09:08:24 pppd[1119]: Script /etc/ppp/ip-down finished (pid 1463), status = 0x0
Aug 22 09:08:24 pppd[1119]: Exit.
Aug 22 09:08:24 l2tpd[1090]: call_close : Connection 1 closed to 192.168.9.185, port 1701 (Timeout)
Aug 22 09:08:28 l2tpd[1090]: control_xmit: Unable to deliver closing message for tunnel 50027. Destroying anyway.
Aug 22 09:32:35 l2tpd[1090]: death_handler: Fatal signal 15 received

> > When i look at connection status on winXP, i can see the total of bytes 
> > send increase but not the total of bytes received.
> 
> It is likely the Windows machine is hanging up for a reason.

Are you sure? It looks like the windows machine send some bytes but doesn't received from the linux box. Perhaps the linux box doesn't answer...

> > Also, i have a question about nat-transversal, openswan is already patched 
> > but i think this options should be on 'no'. Am i wrong?
>
> check 'ipsec --version'. If using KLIPs, you need to have the natt-patch
> applied. otherwise you do not. The startup messages in the logs will
> tell you if nat-t was detected or not.

#ipsec --version
Linux Openswan 1.0.7
See `ipsec --copyright' for copyright information.

> > I use Openswan 1.0.7, i know it's an old version but i can success to open 
> > VPN with that version, it's better!
> 
> "openvpn" is not ipsec, so you can't mean you are connecting openswan
> to openvpn.  openswan 1.0.7 is old, is lacking various security fixes,
> and the entire openswan-1 series has been EOL's a while back

Sorry, i don't use "openvpn", i would say open a VPN... My client is my windows XP. I don't use any other client.

To: paul at xelerance.com
Cc: users at openswan.org