[Openswan Users] openswan + l2tpd + iptables problem

Paul Wouters paul at xelerance.com
Wed Oct 4 13:41:34 EDT 2006


On Wed, 4 Oct 2006, mechanix at debian.org wrote:

> the other amd64; Debian stable (but with the openswan 2.4 package from
> backports.org which is in essence a rebuild of the testing version -
> needed because 2.4 on the other gateway makes the 2.2 from stable crash,
> see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360735) on the
> working one vs Debian testing on the other, since the hardware is nowhere
> near working with stable; and single CPU on the working one vs dual-core
> on the other.

Commented on that off-list and to some debian people.

> However, it did seem to make a difference - the l2tp packets no longer hit
> the firewall.
> Still, I'm not there: l2tpd never seems to succeed on establishing a
> connection. I get a lot of debugging output, but what sticks out is these
> ones repeating itself about 6 times:
>
> Oct  5 00:31:11 scotos l2tpd[790]: message_type_avp: message type 1 (Start-Control-Connection-Request)
>
> and it never gets any further. On the other system, after 2 of the above,
> I get a message type 3 (Start-Control-Connection-Connected) and the
> connection handshake continues and all.

These might be MTU issues. Try setting the external mtu (eg ethX) to 1472.
Make sure the mtu/mru in options.l2tpd is about 1200-1300.

These might also be bugs in the 0.69 debian version of l2tpd. We have
forked that code into xl2tpd, as l2tpd is no longer maintained. I would
love to see xl2tpd replace l2tpd in Debian.

See: http://www.xelerance.com/software/xl2tpd/

Paul


More information about the Users mailing list