[Openswan Users] unencrypted l2tp packets
Ben Willmore
bwillmore at berkeley.edu
Fri Feb 10 14:43:36 CET 2006
Hi Jacco,
On 2/10/06, Jacco de Leeuw <jacco2 at dds.nl> wrote:
> Is your server behind NAT? Did you read my remarks on NATed servers?
Yes, it is and yes I did. Many thanks, they were invaluable in getting this far.
Previously, I chopped up the original config files to avoid rambling.
Here are the complete ones, except for comments, and corrected as you
suggested.
ipsec.conf:
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
#plutodebug="all"
nat_traversal="yes"
virtual_private=%v4:172.16.0.0/12
conn L2TP-PSK
authby=secret
pfs=no
rekey=no
keyingtries=3
left=%defaultroute
leftsubnet=xx.xx.xx.xx/32
leftprotoport=17/1701
right=%any
rightsubnet=vhost:%no,%priv
rightprotoport=17/%any
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
l2tpd.conf:
[global] ; Global parameters:
port = 1701 ; * Bind to port 1701
[lns default]
ip range = 192.168.2.204-192.168.2.214
local ip = 192.168.2.203
require chap = yes
refuse pap = yes
require authentication = yes
name = Test
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
I still have the same problem as before, i.e.:
Feb 10 14:38:02 lithium l2tpd[29354]: ourtid = 54641, entropy_buf = d571
Feb 10 14:38:02 lithium l2tpd[29354]: check_control: control, cid = 0,
Ns = 0, Nr = 0
Feb 10 14:38:02 lithium l2tpd[29354]: handle_avps: handling avp's for
tunnel 54641, call 0
Feb 10 14:38:02 lithium l2tpd[29354]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 10 14:38:02 lithium l2tpd[29354]: protocol_version_avp: peer is
using version 1, revision 0.
Feb 10 14:38:02 lithium l2tpd[29354]: framing_caps_avp: supported peer
frames:async sync
Feb 10 14:38:02 lithium l2tpd[29354]: hostname_avp: peer reports hostname ''
Feb 10 14:38:02 lithium l2tpd[29354]: assigned_tunnel_avp: using
peer's tunnel 173
Feb 10 14:38:02 lithium l2tpd[29354]: receive_window_size_avp: peer
wants RWS of 4. Will use flow control.
Feb 10 14:38:03 lithium l2tpd[29354]: ourtid = 20127, entropy_buf = 4e9f
Feb 10 14:38:03 lithium l2tpd[29354]: check_control: control, cid = 0,
Ns = 0, Nr = 0
Feb 10 14:38:03 lithium l2tpd[29354]: handle_avps: handling avp's for
tunnel 20127, call 0
Feb 10 14:38:03 lithium l2tpd[29354]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Feb 10 14:38:03 lithium l2tpd[29354]: protocol_version_avp: peer is
using version 1, revision 0.
... endless repeat untill client gives up
A couple of things strike me as strange, first, when l2tpd starts, it
claims to be listening on 0.0.0.0:
Feb 10 14:37:09 lithium l2tpd[29354]: l2tpd version 0.69 started on
lithium.jlg.berkeley.edu PID:29354
Feb 10 14:37:09 lithium l2tpd[29354]: Linux version 2.6.10-5-386 on a
i686, listening on IP address 0.0.0.0, port 1701
Also, 'hostname_avp: peer reports hostname '''. The hostname _is_ set
on the client machine (OS X).
I'm using OpenSwan 2.4.5rc4 and the debian-special pre-0.7 l2tpd.
Am I making more mistakes, or is it most likely that the EPS packets
are getting filtered? Many thanks for any insight,
Ben
More information about the Users
mailing list