[Openswan Users] Windows roadwarrior issues

Yiannis Mavroukakis yiannis at jaguarfreight.com
Tue Jul 18 16:44:30 CEST 2006 

Here you go. Recompiled the daemon with nearly all the debugging info
and this is what I get

l2tpd[13859]: parse_config: global context descriptor
l2tpd[13859]: parse_config: field is ip range, value is
192.168.5.10-192.168.5.15
l2tpd[13859]: range start = c0a8050a, end = c0a8050f, sense=4294967295d
l2tpd[13859]: parse_config: field is local ip, value is 192.168.5.9
l2tpd[13859]: parse_config: field is require chap, value is yes
l2tpd[13859]: set_require chap: require chap  flag to 'yes'
l2tpd[13859]: parse_config: field is refuse pap, value is yes
l2tpd[13859]: set_refuse pap: refuse pap  flag to 'yes'
l2tpd[13859]: parse_config: field is require authentication, value is
yes
l2tpd[13859]: set_require authentication: require authentication  flag
to 'yes'
l2tpd[13859]: parse_config: field is name, value is JaguarFreightVPN
l2tpd[13859]: set_name: name  flag to 'JaguarFreightVPN'
l2tpd[13859]: parse_config: field is ppp debug, value is yes
l2tpd[13859]: set_ppp debug: ppp debug  flag to 'yes'
l2tpd[13859]: parse_config: field is pppoptfile, value is
/etc/ppp/options.l2tpd
l2tpd[13859]: set_pppoptfile: pppoptfile  flag to
'/etc/ppp/options.l2tpd'
l2tpd[13859]: parse_config: field is length bit, value is yes
l2tpd[13859]: set_length bit: length bit  flag to 'yes'
l2tpd[13859]: This binary does not support kernel L2TP.
l2tpd[13859]: l2tpd version 1.04-X started on firewall PID:13859
l2tpd[13859]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
l2tpd[13859]: Forked by Scott Balmos and David Stipp, (C) 2001
l2tpd[13859]: Inherited by Jeff McAdams, (C) 2002
l2tpd[13859]: Listening on IP address 0.0.0.0, port 1701
l2tpd[13859]: check_control: control, cid = 0, Ns = 0, Nr = 0
l2tpd[13859]: check_control: control, cid = 0, Ns = 0, Nr = 0
l2tpd[13859]: control_finish: Peer requested tunnel 4 twice, ignoring
second one.
l2tpd[13859]: control_zlb: sending control ZLB on tunnel 4
l2tpd[13859]: call_close: Actually closing tunnel 6654
l2tpd[13859]: check_control: control, cid = 0, Ns = 0, Nr = 0
l2tpd[13859]: control_finish: Peer requested tunnel 4 twice, ignoring
second one.
l2tpd[13859]: control_zlb: sending control ZLB on tunnel 4
l2tpd[13859]: call_close: Actually closing tunnel 61969
l2tpd[13859]: check_control: control, cid = 0, Ns = 0, Nr = 0
l2tpd[13859]: control_finish: Peer requested tunnel 4 twice, ignoring
second one.
l2tpd[13859]: control_zlb: sending control ZLB on tunnel 4
l2tpd[13859]: call_close: Actually closing tunnel 18627
l2tpd[13859]: Maximum retries exceeded for tunnel 57832.  Closing.
l2tpd[13859]: call_close: enqueing close message for tunnel
l2tpd[13859]: Connection 4 closed to 80.225.97.9, port 1701 (Timeout)
l2tpd[13859]: Unable to deliver closing message for tunnel 57832.
Destroying anyway.
l2tpd[13859]: call_close: Actually closing tunnel 57832
l2tpd[13859]: check_control: control, cid = 0, Ns = 0, Nr = 0
l2tpd[13859]: Maximum retries exceeded for tunnel 61468.  Closing.
l2tpd[13859]: call_close: enqueing close message for tunnel
l2tpd[13859]: Connection 4 closed to 80.225.97.9, port 1701 (Timeout)
l2tpd[13859]: check_control: control, cid = 0, Ns = 0, Nr = 0
l2tpd[13859]: control_finish: Peer requested tunnel 4 twice, ignoring
second one.
l2tpd[13859]: control_zlb: sending control ZLB on tunnel 4
l2tpd[13859]: call_close: Actually closing tunnel 12853
l2tpd[13859]: Unable to deliver closing message for tunnel 61468.
Destroying anyway. 


Hope this helps :)

Y.
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: 18 July 2006 14:58
To: Yiannis Mavroukakis
Cc: Jacco de Leeuw; users at openswan.org
Subject: RE: [Openswan Users] Windows roadwarrior issues

On Tue, 18 Jul 2006, Yiannis Mavroukakis wrote:

> ipcp-accept-local
> ipcp-accept-remote
> ms-dns 192.168.5.2
> ms-wins 192.168.5.2
> auth
> idle 1800
> mtu 1200
> mru 1200
> nodefaultroute
> debug
> lock
> proxyarp
> connect-delay 5000
> nologfd
>
> Would noccp and nomppe cause the issue?

Probably not, since those are configurable on XP as well.

> The l2tpd server listens on all interfaces btw, which is an issue I 
> know, but it will be fixed when I can get a connection going..

That's fine for now. I think it might be packet mtu issues. Can you try
to give the XP a public address and then see if you can connect fine?

You can also run l2tpd -D and recompile it with additional debug
information.

Paul
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: 18 July 2006 14:29
> To: Yiannis Mavroukakis
> Cc: Jacco de Leeuw; users at openswan.org
> Subject: RE: [Openswan Users] Windows roadwarrior issues
>
> On Tue, 18 Jul 2006, Yiannis Mavroukakis wrote:
>
> > Here you go, I'm using the Xelerance l2tpd
>
> Good :)
>
> > [global]
> > ;listen-addr = 192.168.5.1
> > [lns default]
> > ip range = 192.168.5.10-192.168.5.15 local ip = 192.168.5.9 require 
> > chap = yes refuse pap = yes require authentication = yes name = 
> > JaguarFreightVPN ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd

> > length bit = yes
>
> Can you show us /etc/ppp/options.l2tpd ?
>
> Specifically, does it contain:
>
> mru 1360
> mtu 1360
> proxyarp
> connect-delay 5000
> noccp
> nomppe
>
> Paul
>
> ______________________________________________________________________
> __ This e-mail has been scanned for all known viruses.
>
> Note:_________________________________________________________________
> _ This message is for the named person's use only. It may contain 
> confidential, proprietary or legally privileged information. No 
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please immediately delete it and

> all copies of it from your system, destroy any hard copies of it and 
> notify the sender. You must not, directly or indirectly, use, 
> disclose, distribute, print, or copy any part of this message if you 
> are not the intended recipient. Jaguar Freight Services and any of its

> subsidiaries each reserve the right to monitor all e-mail 
> communications through its networks.
> Any views expressed in this message are those of the individual 
> sender, except where the message states otherwise and the sender is 
> authorized to state them to be the views of any such entity.
> ______________________________________________________________________
> __ This e-mail has been scanned for all known viruses.
>

--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

________________________________________________________________________
This e-mail has been scanned for all known viruses.

Note:__________________________________________________________________
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Jaguar Freight Services and any of its subsidiaries
each reserve the right to monitor all e-mail communications through its
networks.
Any views expressed in this message are those of the individual sender,
except where the message states otherwise and the sender is authorized
to state them to be the views of any such entity.
________________________________________________________________________
This e-mail has been scanned for all known viruses.

More information about the Users mailing list