[Openswan Users] openswan + l2tpd + iptables problem
Paul Wouters
paul at xelerance.com
Wed Oct 4 13:41:34 EDT 2006
On Wed, 4 Oct 2006, mechanix at debian.org wrote:
> the other amd64; Debian stable (but with the openswan 2.4 package from
> backports.org which is in essence a rebuild of the testing version -
> needed because 2.4 on the other gateway makes the 2.2 from stable crash,
> see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360735) on the
> working one vs Debian testing on the other, since the hardware is nowhere
> near working with stable; and single CPU on the working one vs dual-core
> on the other.
Commented on that off-list and to some debian people.
> However, it did seem to make a difference - the l2tp packets no longer hit
> the firewall.
> Still, I'm not there: l2tpd never seems to succeed on establishing a
> connection. I get a lot of debugging output, but what sticks out is these
> ones repeating itself about 6 times:
>
> Oct 5 00:31:11 scotos l2tpd[790]: message_type_avp: message type 1 (Start-Control-Connection-Request)
>
> and it never gets any further. On the other system, after 2 of the above,
> I get a message type 3 (Start-Control-Connection-Connected) and the
> connection handshake continues and all.
These might be MTU issues. Try setting the external mtu (eg ethX) to 1472.
Make sure the mtu/mru in options.l2tpd is about 1200-1300.
These might also be bugs in the 0.69 debian version of l2tpd. We have
forked that code into xl2tpd, as l2tpd is no longer maintained. I would
love to see xl2tpd replace l2tpd in Debian.
See: http://www.xelerance.com/software/xl2tpd/
Paul
More information about the Users
mailing list