[Openswan Users] Basic help with configuration of L2TP/IPSEC

Gbenga stjames08 at yahoo.co.uk
Fri Jun 30 21:41:06 CEST 2006


HI Paul/list,

Thanks, I get the l2tpd working, ut I have a new problem. I cannot seem to be able to complete the authentication; windows client keep dying at verifying username and password. I did google and some site mentioned that I have to open GRE port/protocol on the firewall.

I got the following in the daemon.log file

Jun 30 21:30:07 aparo l2tpd[3639]: control_finish: Peer requested tunnel 28 twice, ignoring second one.
Jun 30 21:30:07 aparo l2tpd[3639]: Connection established to 193.95.xxx.xxx, 1701. Local: 39075, Remote: 28. LNS session is 'default'
Jun 30 21:30:07 aparo l2tpd[3639]: Call established with 193.95.xxx.xxx, Local: 47035, Remote: 1, Serial: 0
Jun 30 21:30:07 aparo l2tpd[3639]: control finish: connection closed to 193.95.xxx.xxx, serial 0 ()
Jun 30 21:30:07 aparo l2tpd[3639]: control finish: Peer tried to disconnect with invalid TID (28 != 39075)
Jun 30 21:30:07 aparo l2tpd[3639]: Maximum retries exceeded for tunnel 39075. Closing.
Jun 30 21:30:07 aparo l2tpd[3639]: Connection 28 closed to 193.95.xxx.xxx, port 1701 (Timeout)
Jun 30 21:30:07 aparo l2tpd[3639]: Unable to deliver closing message for tunnel 39075. Destroying anyway.

Any clues?

Thanks again,
Gbenga



----- Original Message ----
From: Paul Wouters <paul at xelerance.com>
To: Gbenga <stjames08 at yahoo.co.uk>
Cc: users at openswan.org
Sent: Thursday, 29 June, 2006 11:17:34 PM
Subject: Re: [Openswan Users] Basic help with configuration of L2TP/IPSEC

On Thu, 29 Jun 2006, Gbenga wrote:

> Thanks very much Paul, but I already have this in my /etc/l2tpd/l2tpd.conf & /etc/l2tp/l2tpd.conf:
>
> [global]
> listen-addr = 10.10.3.129
>
> [lns default]
> ip range = 10.10.3.128 - 10.10.3.250
> local ip = =10.10.3.130

The listen-addr should be your public IP address, not an address within the range that you
are assigning for l2tp tunnels. (Unless you are using complex port forwarding). You should
also not put local ip within the range of ip range.

Paul





More information about the Users mailing list