[Openswan Users] Re-6: VPN starts but fails two minutes later
Ludovic MARCILLY
lmarcilly at aressi.fr
Wed Aug 23 04:01:28 EDT 2006
> Yes, to find out any potential failure or success, we would need to see the
> logs that detail the failure or success.
Aug 23 09:47:42 ipsec_setup: Stopping Openswan IPsec...
Aug 23 09:47:42 ipsec_setup: stop ordered, but IPsec does not appear to be running!
Aug 23 09:47:42 ipsec_setup: doing cleanup anyway...
Aug 23 09:47:42 ipsec_setup: ipsec: Device or resource busy
Aug 23 09:47:42 ipsec_setup: ...Openswan IPsec stopped
Aug 23 09:47:42 ipsec_setup: Starting Openswan IPsec 1.0.7...
Aug 23 09:47:42 ipsec_setup: KLIPS debug `none'
Aug 23 09:47:42 ipsec_setup: KLIPS ipsec0 on eth2 192.168.9.235/255.255.255.0 broadcast 192.168.9.255
Aug 23 09:47:42 ipsec__plutorun: Starting Pluto subsystem...
Aug 23 09:47:42 pluto[1707]: Starting Pluto (Openswan Version 1.0.7)
Aug 23 09:47:42 ipsec_setup: ...Openswan IPsec started
Aug 23 09:47:42 pluto[1707]: including X.509 patch with traffic selectors (Version 0.9.42)
Aug 23 09:47:42 pluto[1707]: including NAT-Traversal patch (Version 0.6)
Aug 23 09:47:42 pluto[1707]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Aug 23 09:47:42 pluto[1707]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Aug 23 09:47:42 pluto[1707]: ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Aug 23 09:47:42 pluto[1707]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Aug 23 09:47:42 pluto[1707]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Aug 23 09:47:42 pluto[1707]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Aug 23 09:47:42 pluto[1707]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Aug 23 09:47:42 pluto[1707]: ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Aug 23 09:47:42 pluto[1707]: Changing to directory '/etc/ipsec.d/cacerts'
Aug 23 09:47:42 pluto[1707]: loaded cacert file 'cakey.pem' (1679 bytes)
Aug 23 09:47:42 pluto[1707]: error in X.509 certificate
Aug 23 09:47:42 pluto[1707]: loaded cacert file 'cacert.pem' (1501 bytes)
Aug 23 09:47:42 pluto[1707]: Changing to directory '/etc/ipsec.d/crls'
Aug 23 09:47:42 pluto[1707]: loaded crl file 'cacrl.pem' (646 bytes)
Aug 23 09:47:42 pluto[1707]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
Aug 23 09:47:43 pluto[1707]: | from whack: got --esp=3des
Aug 23 09:47:43 pluto[1707]: | from whack: got --ike=3des
Aug 23 09:47:43 pluto[1707]: added connection description "Test"
Aug 23 09:47:43 pluto[1707]: listening for IKE messages
Aug 23 09:47:43 pluto[1707]: adding interface ipsec0/eth2 192.168.9.235
Aug 23 09:47:43 pluto[1707]: adding interface ipsec0/eth2 192.168.9.235:4500
Aug 23 09:47:43 pluto[1707]: loading secrets from "/etc/ipsec.secrets"
Aug 23 09:47:45 l2tpd[1761]: This binary does not support kernel L2TP.
Aug 23 09:47:45 l2tpd[1762]: l2tpd version 0.69 started on NetSecureLUDO.nsdemo.2 PID:1762
Aug 23 09:47:45 l2tpd[1762]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Aug 23 09:47:45 l2tpd[1762]: Forked by Scott Balmos and David Stipp, (C) 2001
Aug 23 09:47:45 l2tpd[1762]: Inhereted by Jeff McAdams, (C) 2002
Aug 23 09:47:45 l2tpd[1762]: Linux version 2.4.27-smp on a i686, listening on IP address 192.168.9.235, port 1701
Aug 23 09:47:50 pluto[1707]: packet from 192.168.9.185:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug 23 09:47:50 pluto[1707]: packet from 192.168.9.185:500: ignoring Vendor ID payload [FRAGMENTATION]
Aug 23 09:47:50 pluto[1707]: packet from 192.168.9.185:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Aug 23 09:47:50 pluto[1707]: packet from 192.168.9.185:500: ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]
Aug 23 09:47:50 pluto[1707]: "Test" #1: responding to Main Mode
Aug 23 09:47:50 pluto[1707]: "Test" #1: transition from state (null) to state STATE_MAIN_R1
Aug 23 09:47:50 pluto[1707]: "Test" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Aug 23 09:47:50 pluto[1707]: "Test" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 23 09:47:50 pluto[1707]: "Test" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.9.185'
Aug 23 09:47:50 pluto[1707]: "Test" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 23 09:47:50 pluto[1707]: "Test" #1: sent MR3, ISAKMP SA established
Aug 23 09:47:50 pluto[1707]: "Test" #2: responding to Quick Mode
Aug 23 09:47:50 pluto[1707]: "Test" #2: transition from state (null) to state STATE_QUICK_R1
Aug 23 09:47:50 l2tpd[1762]: ourtid = 7350, entropy_buf = 1cb6
Aug 23 09:47:50 l2tpd[1762]: check_control: control, cid = 0, Ns = 0, Nr = 0
Aug 23 09:47:50 l2tpd[1762]: handle_avps: handling avp's for tunnel 7350, call 0
Aug 23 09:47:50 l2tpd[1762]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Aug 23 09:47:50 l2tpd[1762]: protocol_version_avp: peer is using version 1, revision 0.
Aug 23 09:47:50 l2tpd[1762]: framing_caps_avp: supported peer frames: sync
Aug 23 09:47:50 l2tpd[1762]: bearer_caps_avp: supported peer bearers:
Aug 23 09:47:50 l2tpd[1762]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
Aug 23 09:47:50 l2tpd[1762]: hostname_avp: peer reports hostname 'aressi-ludovic.ares51.net'
Aug 23 09:47:50 l2tpd[1762]: vendor_avp: peer reports vendor 'Microsoft\200^H'
Aug 23 09:47:50 l2tpd[1762]: assigned_tunnel_avp: using peer's tunnel 3
Aug 23 09:47:50 l2tpd[1762]: receive_window_size_avp: peer wants RWS of 8. Will use flow control.
Aug 23 09:47:50 pluto[1707]: "Test" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Aug 23 09:47:50 pluto[1707]: "Test" #2: IPsec SA established
Aug 23 09:47:51 l2tpd[1762]: ourtid = 63088, entropy_buf = f670
Aug 23 09:47:51 l2tpd[1762]: check_control: control, cid = 0, Ns = 0, Nr = 0
Aug 23 09:47:51 l2tpd[1762]: handle_avps: handling avp's for tunnel 63088, call 0
Aug 23 09:47:51 l2tpd[1762]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Aug 23 09:47:51 l2tpd[1762]: protocol_version_avp: peer is using version 1, revision 0.
Aug 23 09:47:51 l2tpd[1762]: framing_caps_avp: supported peer frames: sync
Aug 23 09:47:51 l2tpd[1762]: bearer_caps_avp: supported peer bearers:
Aug 23 09:47:51 l2tpd[1762]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
Aug 23 09:47:51 l2tpd[1762]: hostname_avp: peer reports hostname 'aressi-ludovic.ares51.net'
Aug 23 09:47:51 l2tpd[1762]: vendor_avp: peer reports vendor 'Microsoft\200^H'
Aug 23 09:47:51 l2tpd[1762]: assigned_tunnel_avp: using peer's tunnel 3
Aug 23 09:47:51 l2tpd[1762]: receive_window_size_avp: peer wants RWS of 8. Will use flow control.
Aug 23 09:47:51 l2tpd[1762]: control_finish: Peer requested tunnel 3 twice, ignoring second one.
Aug 23 09:47:53 l2tpd[1762]: ourtid = 40698, entropy_buf = 9efa
Aug 23 09:47:53 l2tpd[1762]: ourcid = 63821, entropy_buf = f94d
Aug 23 09:47:53 l2tpd[1762]: check_control: control, cid = 0, Ns = 0, Nr = 0
Aug 23 09:47:53 l2tpd[1762]: handle_avps: handling avp's for tunnel 40698, call 63821
Aug 23 09:47:53 l2tpd[1762]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Aug 23 09:47:53 l2tpd[1762]: protocol_version_avp: peer is using version 1, revision 0.
Aug 23 09:47:53 l2tpd[1762]: framing_caps_avp: supported peer frames: sync
Aug 23 09:47:53 l2tpd[1762]: bearer_caps_avp: supported peer bearers:
Aug 23 09:47:53 l2tpd[1762]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
Aug 23 09:47:53 l2tpd[1762]: hostname_avp: peer reports hostname 'aressi-ludovic.ares51.net'
Aug 23 09:47:53 l2tpd[1762]: vendor_avp: peer reports vendor 'Microsoft\200^H'
Aug 23 09:47:53 l2tpd[1762]: assigned_tunnel_avp: using peer's tunnel 3
Aug 23 09:47:53 l2tpd[1762]: receive_window_size_avp: peer wants RWS of 8. Will use flow control.
Aug 23 09:47:53 l2tpd[1762]: control_finish: Peer requested tunnel 3 twice, ignoring second one.
Aug 23 09:47:53 l2tpd[1762]: check_control: control, cid = 0, Ns = 1, Nr = 1
Aug 23 09:47:53 l2tpd[1762]: handle_avps: handling avp's for tunnel 7350, call 0
Aug 23 09:47:53 l2tpd[1762]: message_type_avp: message type 3 (Start-Control-Connection-Connected)
Aug 23 09:47:53 l2tpd[1762]: control_finish: Connection established to 192.168.9.185, 1701. Local: 7350, Remote: 3. LNS session is 'default'
Aug 23 09:47:53 l2tpd[1762]: check_control: control, cid = 0, Ns = 2, Nr = 1
Aug 23 09:47:53 l2tpd[1762]: handle_avps: handling avp's for tunnel 7350, call 0
Aug 23 09:47:53 l2tpd[1762]: message_type_avp: message type 10 (Incoming-Call-Request)
Aug 23 09:47:53 l2tpd[1762]: message_type_avp: new incoming call
Aug 23 09:47:53 l2tpd[1762]: ourcid = 17695, entropy_buf = 451f
Aug 23 09:47:53 l2tpd[1762]: assigned_call_avp: using peer's call 1
Aug 23 09:47:53 l2tpd[1762]: call_serno_avp: serial number is 0
Aug 23 09:47:53 l2tpd[1762]: bearer_type_avp: peer bears: analog
Aug 23 09:47:53 l2tpd[1762]: check_control: control, cid = 0, Ns = 3, Nr = 1
Aug 23 09:47:53 l2tpd[1762]: check_control: control, cid = 1, Ns = 3, Nr = 2
Aug 23 09:47:53 l2tpd[1762]: handle_avps: handling avp's for tunnel 7350, call 17695
Aug 23 09:47:53 l2tpd[1762]: message_type_avp: message type 12 (Incoming-Call-Connected)
Aug 23 09:47:53 l2tpd[1762]: tx_speed_avp: transmit baud rate is 100000000
Aug 23 09:47:53 l2tpd[1762]: frame_type_avp: peer uses:sync frames
Aug 23 09:47:53 l2tpd[1762]: ignore_avp : Ignoring AVP
Aug 23 09:47:53 l2tpd[1762]: start_pppd: I'm running:
Aug 23 09:47:53 l2tpd[1762]: "/usr/sbin/pppd"
Aug 23 09:47:53 l2tpd[1762]: "passive"
Aug 23 09:47:53 l2tpd[1762]: "-detach"
Aug 23 09:47:53 l2tpd[1762]: "192.168.5.239:192.168.5.240"
Aug 23 09:47:53 l2tpd[1762]: "name"
Aug 23 09:47:53 l2tpd[1762]: "LinuxVPNserver"
Aug 23 09:47:53 l2tpd[1762]: "debug"
Aug 23 09:47:53 l2tpd[1762]: "file"
Aug 23 09:47:53 l2tpd[1762]: "/etc/ppp/options.l2tpd"
Aug 23 09:47:53 l2tpd[1762]: "/dev/ttyp0"
Aug 23 09:47:53 l2tpd[1762]:
Aug 23 09:47:53 l2tpd[1762]: control_finish: Call established with 192.168.9.185, Local: 17695, Remote: 1, Serial: 0
Aug 23 09:47:53 pppd[1775]: pppd 2.4.2 started by root, uid 0
Aug 23 09:47:53 l2tpd[1762]: check_control: control, cid = 0, Ns = 4, Nr = 2
Aug 23 09:47:53 pppd[1775]: using channel 2
Aug 23 09:47:53 pppd[1775]: Using interface ppp0
Aug 23 09:47:53 pppd[1775]: Connect: ppp0 <--> /dev/ttyp0
Aug 23 09:47:53 pppd[1775]: Warning - secret file /etc/ppp/pap-secrets has world and/or group access
Aug 23 09:47:53 pppd[1775]: sent [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0xe75a54d9> <pcomp> <accomp>]
Aug 23 09:47:53 pppd[1775]: rcvd [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <magic 0xe75a54d9> <pcomp> <accomp>]
Aug 23 09:47:55 pppd[1775]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x7068120b> <pcomp> <accomp> <callback CBCP>]
Aug 23 09:47:55 pppd[1775]: sent [LCP ConfRej id=0x1 <callback CBCP>]
Aug 23 09:47:55 pppd[1775]: rcvd [LCP ConfReq id=0x2 <mru 1400> <magic 0x7068120b> <pcomp> <accomp>]
Aug 23 09:47:55 pppd[1775]: sent [LCP ConfAck id=0x2 <mru 1400> <magic 0x7068120b> <pcomp> <accomp>]
Aug 23 09:47:55 pppd[1775]: sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.5.239>]
Aug 23 09:47:55 pppd[1775]: rcvd [LCP code=0xc id=0x3 70 68 12 0b 4d 53 52 41 53 56 35 2e 31 30]
Aug 23 09:47:55 pppd[1775]: sent [LCP CodeRej id=0x2 0c 03 00 12 70 68 12 0b 4d 53 52 41 53 56 35 2e 31 30]
Aug 23 09:47:55 pppd[1775]: rcvd [LCP code=0xc id=0x4 70 68 12 0b 4d 53 52 41 53 2d 30 2d 41 52 45 53 53 49 2d 4c 55 44 4f 56 49 43]
Aug 23 09:47:55 pppd[1775]: sent [LCP CodeRej id=0x3 0c 04 00 1e 70 68 12 0b 4d 53 52 41 53 2d 30 2d 41 52 45 53 53 49 2d 4c 55 44 4f 56 49 43]
Aug 23 09:47:55 pppd[1775]: rcvd [IPCP ConfReq id=0x5 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Aug 23 09:47:55 pppd[1775]: sent [IPCP ConfRej id=0x5 <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Aug 23 09:47:55 pppd[1775]: rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
Aug 23 09:47:55 pppd[1775]: sent [IPCP ConfReq id=0x2 <addr 192.168.5.239>]
Aug 23 09:47:55 pppd[1775]: rcvd [IPCP ConfReq id=0x6 <addr 0.0.0.0>]
Aug 23 09:47:55 pppd[1775]: sent [IPCP ConfNak id=0x6 <addr 192.168.5.240>]
Aug 23 09:47:55 pppd[1775]: rcvd [IPCP ConfAck id=0x2 <addr 192.168.5.239>]
Aug 23 09:47:55 pppd[1775]: rcvd [IPCP ConfReq id=0x7 <addr 192.168.5.240>]
Aug 23 09:47:55 pppd[1775]: sent [IPCP ConfAck id=0x7 <addr 192.168.5.240>]
Aug 23 09:47:55 pppd[1775]: found interface eth0 for proxy arp
Aug 23 09:47:55 pppd[1775]: local IP address 192.168.5.239
Aug 23 09:47:55 pppd[1775]: remote IP address 192.168.5.240
Aug 23 09:47:55 pppd[1775]: Script /etc/ppp/ip-up started (pid 1777)
Aug 23 09:47:55 netsecure: PPP has gone up on ppp0
Aug 23 09:48:05 ipsec_setup: Stopping Openswan IPsec...
Aug 23 09:48:05 pluto[1707]: shutting down
Aug 23 09:48:05 pluto[1707]: forgetting secrets
Aug 23 09:48:05 pluto[1707]: "Test": deleting connection
Aug 23 09:48:05 pluto[1707]: "Test" #2: deleting state (STATE_QUICK_R2)
Aug 23 09:48:05 pluto[1707]: ERROR: "Test" #2: sendto on eth2 to 192.168.9.185:500 failed in delete notify. Errno 22: Invalid argument
Aug 23 09:48:05 pluto[1707]: "Test" #1: deleting state (STATE_MAIN_R3)
Aug 23 09:48:05 pluto[1707]: ERROR: "Test" #1: sendto on eth2 to 192.168.9.185:500 failed in delete notify. Errno 22: Invalid argument
Aug 23 09:48:05 pluto[1707]: shutting down interface ipsec0/eth2 192.168.9.235
Aug 23 09:48:05 pluto[1707]: shutting down interface ipsec0/eth2 192.168.9.235
Aug 23 09:48:06 ipsec_setup: /usr/lib/ipsec/tncfg: Socket ioctl failed on detach -- No such device. Is the virtual device valid? The ipsec module may not be linked into the kernel or loaded as a module.
Aug 23 09:48:06 kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Aug 23 09:48:06 ipsec_setup: ipsec: Device or resource busy
Aug 23 09:48:06 ipsec_setup: ...Openswan IPsec stopped
Aug 23 09:48:06 ipsec_setup: Starting Openswan IPsec 1.0.7...
Aug 23 09:48:06 ipsec_setup: KLIPS debug `none'
Aug 23 09:48:06 ipsec_setup: KLIPS ipsec0 on eth2 192.168.9.235/255.255.255.0 broadcast 192.168.9.255
Aug 23 09:48:07 ipsec__plutorun: Starting Pluto subsystem...
Aug 23 09:48:07 pluto[2047]: Starting Pluto (Openswan Version 1.0.7)
Aug 23 09:48:07 ipsec_setup: ...Openswan IPsec started
Aug 23 09:48:07 pppd[1775]: Script /etc/ppp/ip-up finished (pid 1777), status = 0x0
Aug 23 09:48:07 pluto[2047]: including X.509 patch with traffic selectors (Version 0.9.42)
Aug 23 09:48:07 pluto[2047]: including NAT-Traversal patch (Version 0.6)
Aug 23 09:48:07 pluto[2047]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Aug 23 09:48:07 pluto[2047]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Aug 23 09:48:07 pluto[2047]: ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Aug 23 09:48:07 pluto[2047]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Aug 23 09:48:07 pluto[2047]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Aug 23 09:48:07 pluto[2047]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Aug 23 09:48:07 pluto[2047]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Aug 23 09:48:07 pluto[2047]: ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Aug 23 09:48:07 pluto[2047]: Changing to directory '/etc/ipsec.d/cacerts'
Aug 23 09:48:07 pluto[2047]: loaded cacert file 'cakey.pem' (1679 bytes)
Aug 23 09:48:07 pluto[2047]: error in X.509 certificate
Aug 23 09:48:07 pluto[2047]: loaded cacert file 'cacert.pem' (1501 bytes)
Aug 23 09:48:07 pluto[2047]: Changing to directory '/etc/ipsec.d/crls'
Aug 23 09:48:07 pluto[2047]: loaded crl file 'cacrl.pem' (646 bytes)
Aug 23 09:48:07 pluto[2047]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
Aug 23 09:48:07 pluto[2047]: | from whack: got --esp=3des
Aug 23 09:48:07 pluto[2047]: | from whack: got --ike=3des
Aug 23 09:48:07 pluto[2047]: added connection description "Test"
Aug 23 09:48:07 pluto[2047]: listening for IKE messages
Aug 23 09:48:07 pluto[2047]: adding interface ipsec0/eth2 192.168.9.235
Aug 23 09:48:07 pluto[2047]: adding interface ipsec0/eth2 192.168.9.235:4500
Aug 23 09:48:07 pluto[2047]: loading secrets from "/etc/ipsec.secrets"
Aug 23 09:48:58 l2tpd[1762]: control_xmit: Maximum retries exceeded for tunnel 7350. Closing.
Aug 23 09:49:53 pppd[1775]: Terminating on signal 15.
Aug 23 09:49:53 pppd[1775]: Modem hangup
Aug 23 09:49:53 pppd[1775]: Script /etc/ppp/ip-down started (pid 2103)
Aug 23 09:49:53 pppd[1775]: Connection terminated.
Aug 23 09:49:53 pppd[1775]: Connect time 2.0 minutes.
Aug 23 09:49:53 pppd[1775]: Sent 74 bytes, received 3808 bytes.
Aug 23 09:49:53 machine: PPP has gone down on ppp0
Aug 23 09:49:53 ipsec_setup: Stopping Openswan IPsec...
Aug 23 09:49:53 pluto[2047]: shutting down
Aug 23 09:49:53 pluto[2047]: forgetting secrets
Aug 23 09:49:53 pluto[2047]: "Test": deleting connection
Aug 23 09:49:53 pluto[2047]: shutting down interface ipsec0/eth2 192.168.9.235
Aug 23 09:49:53 pluto[2047]: shutting down interface ipsec0/eth2 192.168.9.235
Aug 23 09:49:54 pppd[1775]: Waiting for 1 child processes...
Aug 23 09:49:54 pppd[1775]: script /etc/ppp/ip-down, pid 2103
Aug 23 09:49:54 kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Aug 23 09:49:54 ipsec_setup: ipsec: Device or resource busy
Aug 23 09:49:54 ipsec_setup: ...Openswan IPsec stopped
Aug 23 09:49:55 pppd[1775]: Script /etc/ppp/ip-down finished (pid 2103), status = 0x0
Aug 23 09:49:55 pppd[1775]: Exit.
Aug 23 09:49:55 l2tpd[1762]: call_close : Connection 3 closed to 192.168.9.185, port 1701 (Timeout)
Aug 23 09:49:59 l2tpd[1762]: control_xmit: Unable to deliver closing message for tunnel 7350. Destroying anyway.
> > > openswan-1 will not work properly for use with l2tp. It is too old and
> > > missing a bunch of fixes/workarounds.
> >
> > Do you want to say that i can't create L2TP IpSec VPN with openswan 1.0.7 ?
>
> I am saying that at Xelerance, we have never tried to use IPsec transport
> mode with l2tp for Windows with openswan-1. I know for sure we added
> work arounds for various bugs, so I'm pretty sure it will not work.
>
> > I don't want to upgrade openswan because they are patches to apply to
> > kernel and it is not possible to update kernel for the moment...
>
> You would not need to update the kernel. You would just need to upgrade
> KLIPS in the
> kernel and upgrade to the openswan-2 userland. But if you cannot do that,
> then it
> is extremely likely l2tp will not work.
Yes, but i have to patch kernel so, even if i stay with my kernel version, i have to use the new kernel...
To: paul at xelerance.com
Cc: users at openswan.org
More information about the Users
mailing list