[Openswan Users] RDP from internal NET to VPN client fails, and some other strangness..

Brett Curtis dashnu at gmail.com
Tue Nov 14 15:47:45 EST 2006 

After looking around a bit more I am thinking this is a MTU issue :(
This client uses qwest.net DSL. My clients that connect over Cable
work just fine.

I tried setting the mtu on my interfaces lower and that cause all
sorts of non VPN related problems.

The only other thing I can think of is to try the reg hack in XP to
set the mtu lower on the client machine.

If anyone has any other suggestions let me know.

Thanks..

On 11/14/06, Brett Curtis <dashnu at gmail.com> wrote:
> Hello all.
>
> Every time I try to rdp into a users laptop over the VPN the
> connection fails. This happens after the connection is made and the
> username and password is entered for RDP.
>
> This is the tcpdump.
>
> 14:31:15.091694 IP defender.mydomain.net.ipsec-nat-t >
> 65-102-18-11.ptld.qwest.net.ipsec-nat-t: UDP-encap:
> ESP(spi=0xf5c876e9,seq=0x6ff), length 52
> 14:31:15.260882 IP 65-102-18-11.ptld.qwest.net.ipsec-nat-t >
> defender.mydomain.net.ipsec-nat-t: UDP-encap:
> ESP(spi=0x4a30d4e9,seq=0x555), length 76
> 14:31:15.261063 IP defender.mydomain.net.ipsec-nat-t >
> 65-102-18-11.ptld.qwest.net.ipsec-nat-t: UDP-encap:
> ESP(spi=0xf5c876e9,seq=0x700), length 52
> 14:31:15.429966 IP 65-102-18-11.ptld.qwest.net.ipsec-nat-t >
> defender.mydomain.net.ipsec-nat-t: NONESP-encap: [|isakmp]
> 14:31:15.430334 IP defender.mydomain.net.ipsec-nat-t >
> 65-102-18-11.ptld.qwest.net.ipsec-nat-t: NONESP-encap: [|isakmp]
> 14:31:15.435176 IP 65-102-18-11.ptld.qwest.net.ipsec-nat-t >
> defender.mydomain.net.ipsec-nat-t: NONESP-encap: [|isakmp]
> 14:31:15.450702 IP defender.mydomain.net.ipsec-nat-t >
> 65-102-18-11.ptld.qwest.net.ipsec-nat-t: NONESP-encap: [|isakmp]
> 14:31:27.360698 IP 65-102-18-11.ptld.qwest.net.ipsec-nat-t >
> defender.mydomain.net.ipsec-nat-t: isakmp-nat-keep-alive
> 14:31:47.391051 IP 65-102-18-11.ptld.qwest.net.ipsec-nat-t >
> defender.mydomain.net.ipsec-nat-t: isakmp-nat-keep-alive
> 14:32:07.425524 IP 65-102-18-11.ptld.qwest.net.ipsec-nat-t >
> defender.mydomain.net.ipsec-nat-t: isakmp-nat-keep-alive
> 14:32:11.492669 IP defender.mydomain.net.l2tp >
> 65-102-18-11.ptld.qwest.net.l2tp:  l2tp:[TLS](10/0)Ns=10,Nr=6
> *MSGTYPE(HELLO)
> 14:32:12.496807 IP defender.mydomain.net.l2tp >
> 65-102-18-11.ptld.qwest.net.l2tp:  l2tp:[TLS](10/0)Ns=10,Nr=6
> *MSGTYPE(HELLO)
> 14:32:13.500883 IP defender.mydomain.net.l2tp >
> 65-102-18-11.ptld.qwest.net.l2tp:  l2tp:[TLS](10/0)Ns=10,Nr=6
> *MSGTYPE(HELLO)
> 14:32:14.505005 IP defender.mydomain.net.l2tp >
> 65-102-18-11.ptld.qwest.net.l2tp:  l2tp:[TLS](10/0)Ns=10,Nr=6
> *MSGTYPE(HELLO)
> 14:32:15.509169 IP defender.mydomain.net.l2tp >
> 65-102-18-11.ptld.qwest.net.l2tp:  l2tp:[TLS](10/0)Ns=10,Nr=6
> *MSGTYPE(HELLO)
> 14:32:16.513421 IP defender.mydomain.net.l2tp >
> 65-102-18-11.ptld.qwest.net.l2tp:  l2tp:[TLS](10/0)Ns=11,Nr=6
> *MSGTYPE(StopCCN) |...
> 14:32:17.517415 IP defender.mydomain.net.l2tp >
> 65-102-18-11.ptld.qwest.net.l2tp:  l2tp:[TLS](10/0)Ns=11,Nr=6
> *MSGTYPE(StopCCN) |...
> 14:32:18.521542 IP defender.mydomain.net.l2tp >
> 65-102-18-11.ptld.qwest.net.l2tp:  l2tp:[TLS](10/0)Ns=11,Nr=6
> *MSGTYPE(StopCCN) |...
> 14:32:19.525660 IP defender.mydomain.net.l2tp >
> 65-102-18-11.ptld.qwest.net.l2tp:  l2tp:[TLS](10/0)Ns=11,Nr=6
> *MSGTYPE(StopCCN) |...
> 14:32:20.529808 IP defender.mydomain.net.l2tp >
> 65-102-18-11.ptld.qwest.net.l2tp:  l2tp:[TLS](10/0)Ns=11,Nr=6
> *MSGTYPE(StopCCN) |...
>
> This is my ppp & l2tp errors
>
> Nov 14 14:31:14 defender64 pppd[27693]: rcvd [LCP TermReq id=0x8 0f af
> 2f e9 00 3c cd 74 00 00 00 00]
> Nov 14 14:31:14 defender64 pppd[27693]: LCP terminated by peer
> (^OM-//M-i^@<M-Mt^@^@^@^@)
> Nov 14 14:31:14 defender64 pppd[27693]: Connect time 8.1 minutes.
> Nov 14 14:31:14 defender64 pppd[27693]: Sent 1304290 bytes, received
> 123111 bytes.
> Nov 14 14:31:14 defender64 pppd[27693]: Script /etc/ppp/ip-down
> started (pid 28123)
> Nov 14 14:31:14 defender64 pppd[27693]: sent [LCP TermAck id=0x8]
> Nov 14 14:31:14 defender64 pppd[27693]: Script /etc/ppp/ip-down
> finished (pid 28123), status = 0x1
> Nov 14 14:31:15 defender64 l2tpd[26646]: control_finish: Connection
> closed to 65.102.18.11, serial 0 ()
> Nov 14 14:31:15 defender64 pppd[27693]: Terminating on signal 15
> Nov 14 14:31:15 defender64 pppd[27693]: Modem hangup
> Nov 14 14:31:15 defender64 pppd[27693]: Connection terminated.
> Nov 14 14:31:15 defender64 pppd[27693]: Exit.
> Nov 14 14:31:15 defender64 l2tpd[26646]: control_finish: Peer tried to
> disconnect with invalid TID (10 != 57399)
> Nov 14 14:32:16 defender64 l2tpd[26646]: Maximum retries exceeded for
> tunnel 57399.  Closing.
> Nov 14 14:32:16 defender64 l2tpd[26646]: Connection 10 closed to
> 65.102.18.11, port 1701 (Timeout)
> Nov 14 14:32:21 defender64 l2tpd[26646]: Unable to deliver closing
> message for tunnel 57399. Destroying anyway.
>
> The only other time I see these errors are with Mac clients. They lose
> their connect after X number of minutes. This is a problem that I also
> have yet to reslove.
>
> Another issue :
> It seems no matter what I setup in XP he can not use our DNS server
> for machines that have an external DNS(via DynDNS) ip and an internal
> DNS ip. He always pulls the external IP however for machines that are
> only resovable internally work fine.
>
> Has anyone seen anything like this?
>
> I am using openswan 2.4.4, kernel 2.6.17 and xltpd-1.1.05
>

More information about the Users mailing list