[Openswan Users] l2tpd problem

Federico fviel at comune.belluno.it
Thu May 11 18:23:50 CEST 2006 

Hello,

I'm trying to configure openswan 2.2.0 +  l2tpd 0.70 (from unstable) on
debian sarge 3.1 kernel 2.6.8 as vpn server for win xp clients

IPSEC Tunnel starts correctly (As you can see below), but l2tp won't to
start.. 

I follow http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html to
configure the windows XP client.

Connection is NOT NATED! And there are no Firewall problem as I can't see
any packet rejected coming from client (I log every rejected packet)

Perhaps as these message appear in log files:

May 11 16:57:19 localhost l2tpd[5069]: control_xmit: Unable to deliver
closing message for tunnel 22079. Destroying anyway.

The l2tpd daemon could not send response to l2tpd client through the ipsec
tunnel. Am I right? And if yes why?

Thank you in advance!

F

 

 

 

 

 

Those are my config  files and the logs about connection.

 

IPSEC.CONF

 

conn L2TP-PSK

        authby=secret

        pfs=no

        rekey=no

        keyingtries=3

        left=xxx.xxx.xxx.xx6

        leftprotoport=17/1701

        # Allow incoming connections from any IP address.

        right=%any

        rightprotoport=17/%any

        auto=add

 

 

L2TPD.CONF

 

[global]

;listen-addr=10.6.100.254

;port=1701

 

[lns default]

ip range = 10.6.100.231-10.6.100.240

local ip = 10.6.100.241

require chap = yes

refuse pap = yes

require authentication = yes

name = LinuxVPNserver

ppp debug = yes

pppoptfile = /etc/ppp/options.l2tpd

length bit = yes

 

 

OPTIONS.L2TP

 

ms-dns  10.6.100.1

ms-dns  10.6.100.2

require-chapms-v2

proxyarp

connect-delay 5000

 

 

IPSEC:

May 11 16:56:52 localhost pluto[4985]: packet from 80.104.115.108:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

May 11 16:56:52 localhost pluto[4985]: packet from 80.104.115.108:500:
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]

May 11 16:56:52 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1:
responding to Main Mode from unknown peer 80.104.115.108

May 11 16:56:52 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1:
transition from state (null) to state STATE_MAIN_R1

May 11 16:56:53 localhost pluto[4985]: packet from 80.104.115.108:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]

May 11 16:56:53 localhost pluto[4985]: packet from 80.104.115.108:500:
ignoring Vendor ID payload [FRAGMENTATION]

May 11 16:56:53 localhost pluto[4985]: packet from 80.104.115.108:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

May 11 16:56:53 localhost pluto[4985]: packet from 80.104.115.108:500:
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]

May 11 16:56:53 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #2:
responding to Main Mode from unknown peer 80.104.115.108

May 11 16:56:53 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #2:
transition from state (null) to state STATE_MAIN_R1

May 11 16:56:53 localhost pluto[4985]: packet from 80.104.115.108:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]

May 11 16:56:53 localhost pluto[4985]: packet from 80.104.115.108:500:
ignoring Vendor ID payload [FRAGMENTATION]

May 11 16:56:53 localhost pluto[4985]: packet from 80.104.115.108:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

May 11 16:56:53 localhost pluto[4985]: packet from 80.104.115.108:500:
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]

May 11 16:56:53 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #3:
responding to Main Mode from unknown peer 80.104.115.108

May 11 16:56:53 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #3:
transition from state (null) to state STATE_MAIN_R1

May 11 16:56:53 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected

May 11 16:56:53 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

May 11 16:56:53 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1:
discarding duplicate packet; already STATE_MAIN_R2

May 11 16:56:54 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1: Peer
ID is ID_IPV4_ADDR: '80.104.115.108'

May 11 16:56:54 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1: I
did not send a certificate because I do not have one.

May 11 16:56:54 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

May 11 16:56:54 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1: sent
MR3, ISAKMP SA established

May 11 16:56:54 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #4:
responding to Quick Mode

May 11 16:56:54 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #4:
transition from state (null) to state STATE_QUICK_R1

May 11 16:56:54 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #4:
route-host output: /usr/lib/ipsec/_updown: doroute `ip route add
80.104.115.108/32 via 80.104.115.108 dev eth0 ' failed (RTNETLINK answers:
Network is unreachable)

May 11 16:56:54 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #4:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

May 11 16:56:54 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #4:
IPsec SA established {ESP=>0x793ac3f8 <0x3e9c2448}

May 11 16:57:29 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1:
received Delete SA(0x793ac3f8) payload: deleting IPSEC State #4

May 11 16:57:29 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #4:
unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete
80.104.115.108/32 via 80.104.115.108 dev eth0 ' failed (RTNETLINK answers:
No such process)

May 11 16:57:29 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1:
received and ignored informational message

May 11 16:57:29 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #1:
received Delete SA payload: deleting ISAKMP State #1

May 11 16:57:29 localhost pluto[4985]: packet from 80.104.115.108:500:
received and ignored informational message

May 11 16:58:03 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #3: max
number of retransmissions (2) reached STATE_MAIN_R1

May 11 16:58:03 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108 #2: max
number of retransmissions (2) reached STATE_MAIN_R1

May 11 16:58:03 localhost pluto[4985]: "L2TP-PSK"[1] 80.104.115.108:
deleting connection "L2TP-PSK" instance with peer 80.104.115.108
{isakmp=#0/ipsec=#0}

 

 

L2TPD

 

May 11 16:56:54 localhost l2tpd[5069]: ourtid = 19374, entropy_buf = 4bae

May 11 16:56:54 localhost l2tpd[5069]: check_control: control, cid = 0, Ns =
0, Nr = 0

May 11 16:56:54 localhost l2tpd[5069]: handle_avps: handling avp's for
tunnel 19374, call 0

May 11 16:56:54 localhost l2tpd[5069]: message_type_avp: message type 1
(Start-Control-Connection-Request)

May 11 16:56:54 localhost l2tpd[5069]: protocol_version_avp: peer is using
version 1, revision 0.

May 11 16:56:54 localhost l2tpd[5069]: framing_caps_avp: supported peer
frames: sync

May 11 16:56:54 localhost l2tpd[5069]: bearer_caps_avp: supported peer
bearers: 

May 11 16:56:54 localhost l2tpd[5069]: firmware_rev_avp: peer reports
firmware version 1280 (0x0500)

May 11 16:56:54 localhost l2tpd[5069]: hostname_avp: peer reports hostname
'X-ONYX'

May 11 16:56:54 localhost l2tpd[5069]: vendor_avp: peer reports vendor
'Microsoft'

May 11 16:56:54 localhost l2tpd[5069]: assigned_tunnel_avp: using peer's
tunnel 1

May 11 16:56:54 localhost l2tpd[5069]: receive_window_size_avp: peer wants
RWS of 8.  Will use flow control.

May 11 16:56:55 localhost l2tpd[5069]: ourtid = 24572, entropy_buf = 5ffc

May 11 16:56:55 localhost l2tpd[5069]: check_control: control, cid = 0, Ns =
0, Nr = 0

May 11 16:56:55 localhost l2tpd[5069]: handle_avps: handling avp's for
tunnel 24572, call 0

May 11 16:56:55 localhost l2tpd[5069]: message_type_avp: message type 1
(Start-Control-Connection-Request)

May 11 16:56:55 localhost l2tpd[5069]: protocol_version_avp: peer is using
version 1, revision 0.

May 11 16:56:55 localhost l2tpd[5069]: framing_caps_avp: supported peer
frames: sync

May 11 16:56:55 localhost l2tpd[5069]: bearer_caps_avp: supported peer
bearers: 

May 11 16:56:55 localhost l2tpd[5069]: firmware_rev_avp: peer reports
firmware version 1280 (0x0500)

May 11 16:56:55 localhost l2tpd[5069]: hostname_avp: peer reports hostname
'X-ONYX'

May 11 16:56:55 localhost l2tpd[5069]: vendor_avp: peer reports vendor
'Microsoft'

May 11 16:56:55 localhost l2tpd[5069]: assigned_tunnel_avp: using peer's
tunnel 1

May 11 16:56:55 localhost l2tpd[5069]: receive_window_size_avp: peer wants
RWS of 8.  Will use flow control.

May 11 16:56:55 localhost l2tpd[5069]: control_finish: Peer requested tunnel
1 twice, ignoring second one.

May 11 16:56:57 localhost l2tpd[5069]: ourtid = 30375, entropy_buf = 76a7

May 11 16:56:57 localhost l2tpd[5069]: check_control: control, cid = 0, Ns =
0, Nr = 0

May 11 16:56:57 localhost l2tpd[5069]: handle_avps: handling avp's for
tunnel 30375, call 0

May 11 16:56:57 localhost l2tpd[5069]: message_type_avp: message type 1
(Start-Control-Connection-Request)

May 11 16:56:57 localhost l2tpd[5069]: protocol_version_avp: peer is using
version 1, revision 0.

May 11 16:56:57 localhost l2tpd[5069]: framing_caps_avp: supported peer
frames: sync

May 11 16:56:57 localhost l2tpd[5069]: bearer_caps_avp: supported peer
bearers: 

May 11 16:56:57 localhost l2tpd[5069]: firmware_rev_avp: peer reports
firmware version 1280 (0x0500)

May 11 16:56:57 localhost l2tpd[5069]: hostname_avp: peer reports hostname
'X-ONYX'

May 11 16:56:57 localhost l2tpd[5069]: vendor_avp: peer reports vendor
'Microsoft'

May 11 16:56:57 localhost l2tpd[5069]: assigned_tunnel_avp: using peer's
tunnel 1

May 11 16:56:57 localhost l2tpd[5069]: receive_window_size_avp: peer wants
RWS of 8.  Will use flow control.

May 11 16:56:57 localhost l2tpd[5069]: control_finish: Peer requested tunnel
1 twice, ignoring second one.

May 11 16:56:59 localhost l2tpd[5069]: control_xmit: Maximum retries
exceeded for tunnel 19374.  Closing.

May 11 16:56:59 localhost l2tpd[5069]: call_close : Connection 1 closed to
80.104.115.108, port 1701 (Timeout)

May 11 16:57:01 localhost l2tpd[5069]: ourtid = 15968, entropy_buf = 3e60

May 11 16:57:01 localhost l2tpd[5069]: ourcid = 51213, entropy_buf = c80d

May 11 16:57:01 localhost l2tpd[5069]: check_control: control, cid = 0, Ns =
0, Nr = 0

May 11 16:57:01 localhost l2tpd[5069]: handle_avps: handling avp's for
tunnel 15968, call 51213

May 11 16:57:01 localhost l2tpd[5069]: message_type_avp: message type 1
(Start-Control-Connection-Request)

May 11 16:57:01 localhost l2tpd[5069]: protocol_version_avp: peer is using
version 1, revision 0.

May 11 16:57:01 localhost l2tpd[5069]: framing_caps_avp: supported peer
frames: sync

May 11 16:57:01 localhost l2tpd[5069]: bearer_caps_avp: supported peer
bearers: 

May 11 16:57:01 localhost l2tpd[5069]: firmware_rev_avp: peer reports
firmware version 1280 (0x0500)

May 11 16:57:01 localhost l2tpd[5069]: hostname_avp: peer reports hostname
'X-ONYX'

May 11 16:57:01 localhost l2tpd[5069]: vendor_avp: peer reports vendor
'Microsoft'

May 11 16:57:01 localhost l2tpd[5069]: assigned_tunnel_avp: using peer's
tunnel 1

May 11 16:57:01 localhost l2tpd[5069]: receive_window_size_avp: peer wants
RWS of 8.  Will use flow control.

May 11 16:57:01 localhost l2tpd[5069]: control_finish: Peer requested tunnel
1 twice, ignoring second one.

May 11 16:57:04 localhost l2tpd[5069]: control_xmit: Unable to deliver
closing message for tunnel 19374. Destroying anyway.

May 11 16:57:09 localhost l2tpd[5069]: ourtid = 22079, entropy_buf = 563f

May 11 16:57:09 localhost l2tpd[5069]: ourcid = 31018, entropy_buf = 792a

May 11 16:57:09 localhost l2tpd[5069]: check_control: control, cid = 0, Ns =
0, Nr = 0

May 11 16:57:09 localhost l2tpd[5069]: handle_avps: handling avp's for
tunnel 22079, call 31018

May 11 16:57:09 localhost l2tpd[5069]: message_type_avp: message type 1
(Start-Control-Connection-Request)

May 11 16:57:09 localhost l2tpd[5069]: protocol_version_avp: peer is using
version 1, revision 0.

May 11 16:57:09 localhost l2tpd[5069]: framing_caps_avp: supported peer
frames: sync

May 11 16:57:09 localhost l2tpd[5069]: bearer_caps_avp: supported peer
bearers: 

May 11 16:57:09 localhost l2tpd[5069]: firmware_rev_avp: peer reports
firmware version 1280 (0x0500)

May 11 16:57:09 localhost l2tpd[5069]: hostname_avp: peer reports hostname
'X-ONYX'

May 11 16:57:09 localhost l2tpd[5069]: vendor_avp: peer reports vendor
'Microsoft'

May 11 16:57:09 localhost l2tpd[5069]: assigned_tunnel_avp: using peer's
tunnel 1

May 11 16:57:09 localhost l2tpd[5069]: receive_window_size_avp: peer wants
RWS of 8.  Will use flow control.

May 11 16:57:14 localhost l2tpd[5069]: control_xmit: Maximum retries
exceeded for tunnel 22079.  Closing.

May 11 16:57:14 localhost l2tpd[5069]: call_close : Connection 1 closed to
80.104.115.108, port 1701 (Timeout)

May 11 16:57:19 localhost l2tpd[5069]: ourtid = 60471, entropy_buf = ec37

May 11 16:57:19 localhost l2tpd[5069]: ourcid = 5300, entropy_buf = 14b4

May 11 16:57:19 localhost l2tpd[5069]: check_control: control, cid = 0, Ns =
0, Nr = 0

May 11 16:57:19 localhost l2tpd[5069]: handle_avps: handling avp's for
tunnel 60471, call 5300

May 11 16:57:19 localhost l2tpd[5069]: message_type_avp: message type 1
(Start-Control-Connection-Request)

May 11 16:57:19 localhost l2tpd[5069]: protocol_version_avp: peer is using
version 1, revision 0.

May 11 16:57:19 localhost l2tpd[5069]: framing_caps_avp: supported peer
frames: sync

May 11 16:57:19 localhost l2tpd[5069]: bearer_caps_avp: supported peer
bearers: 

May 11 16:57:19 localhost l2tpd[5069]: firmware_rev_avp: peer reports
firmware version 1280 (0x0500)

May 11 16:57:19 localhost l2tpd[5069]: hostname_avp: peer reports hostname
'X-ONYX'

May 11 16:57:19 localhost l2tpd[5069]: vendor_avp: peer reports vendor
'Microsoft'

May 11 16:57:19 localhost l2tpd[5069]: assigned_tunnel_avp: using peer's
tunnel 1

May 11 16:57:19 localhost l2tpd[5069]: receive_window_size_avp: peer wants
RWS of 8.  Will use flow control.

May 11 16:57:19 localhost l2tpd[5069]: control_finish: Peer requested tunnel
1 twice, ignoring second one.

May 11 16:57:19 localhost l2tpd[5069]: control_xmit: Unable to deliver
closing message for tunnel 22079. Destroying anyway.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060511/9a7a2e09/attachment-0001.htm

More information about the Users mailing list