[Openswan Users] Re-2: VPN starts but fails two minutes later

Paul Wouters paul at xelerance.com
Tue Aug 22 10:44:03 EDT 2006

On Tue, 22 Aug 2006, Ludovic MARCILLY wrote:

> > > When i try to create VPN, it works but it fails two minutes after!
> >
> > Show us the log entries.
> Here are the logs:


you only showed /var/log/messages. but most of openswan logs in
/var/log/secure (or /var/log/auth.log)

> > > When i look at connection status on winXP, i can see the total of bytes
> > > send increase but not the total of bytes received.
> >
> > It is likely the Windows machine is hanging up for a reason.
> Are you sure? It looks like the windows machine send some bytes but doesn't received from the linux box. Perhaps the linux box doesn't answer...

could be, the logs should tell us.

> > check 'ipsec --version'. If using KLIPs, you need to have the natt-patch
> > applied. otherwise you do not. The startup messages in the logs will
> > tell you if nat-t was detected or not.
> #ipsec --version
> Linux Openswan 1.0.7
> See `ipsec --copyright' for copyright information.
> > > I use Openswan 1.0.7, i know it's an old version but i can success to open
> > > VPN with that version, it's better!
> >
> > "openvpn" is not ipsec, so you can't mean you are connecting openswan
> > to openvpn.  openswan 1.0.7 is old, is lacking various security fixes,
> > and the entire openswan-1 series has been EOL's a while back
> Sorry, i don't use "openvpn", i would say open a VPN... My client is my windows XP. I don't use any other client.

openswan-1 will not work properly for use with l2tp. It is too old and
missing a bunch of fixes/workarounds.


More information about the Users mailing list