[Openswan Users] openswan + l2tpd + iptables problem

mechanix at debian.org mechanix at debian.org
Wed Oct 4 14:17:40 EDT 2006


On Wed, Oct 04, 2006 at 07:41:34PM +0200, Paul Wouters wrote:
> On Wed, 4 Oct 2006, mechanix at debian.org wrote:
> >
> > it did seem to make a difference - the l2tp packets no longer hit
> > the firewall.
> > Still, I'm not there: l2tpd never seems to succeed on establishing a
> > connection. I get a lot of debugging output, but what sticks out is these
> > ones repeating itself about 6 times:
> >
> > Oct  5 00:31:11 scotos l2tpd[790]: message_type_avp: message type 1 (Start-Control-Connection-Request)
> >
> > and it never gets any further. On the other system, after 2 of the above,
> > I get a message type 3 (Start-Control-Connection-Connected) and the
> > connection handshake continues and all.
> 
> These might be MTU issues. Try setting the external mtu (eg ethX) to 1472.
> Make sure the mtu/mru in options.l2tpd is about 1200-1300.

That's a pppd options file, right? l2tpd even never got as far as launching
pppd.

Still, I tried setting mtu on eth1 to 1472 (was 1500), but it made ipsec
negotiation fail, probably because the packets which contain certificates
are too big. Log attached.

I noticed something else in the log: the gateway appears to be negotiating
the connection twice. I checked, the previous attempts showed the same
symptom.
Is there a way to make it not too? Even if the gateway would receive the
same initiation packet twice?


Regards,

Filip


More information about the Users mailing list