[Openswan Users] openswan + l2tpd + iptables problem
mechanix at debian.org
mechanix at debian.org
Thu Oct 5 03:18:04 EDT 2006
On Wed, Oct 04, 2006 at 08:53:29PM +0200, Paul Wouters wrote:
> On Wed, 4 Oct 2006, mechanix at debian.org wrote:
>
> > > > Oct 5 00:31:11 scotos l2tpd[790]: message_type_avp: message type 1 (Start-Control-Connection-Request)
> > > >
> > > > and it never gets any further. On the other system, after 2 of the above,
> > > > I get a message type 3 (Start-Control-Connection-Connected) and the
> > > > connection handshake continues and all.
> > >
> > > These might be MTU issues. Try setting the external mtu (eg ethX) to 1472.
> > > Make sure the mtu/mru in options.l2tpd is about 1200-1300.
> >
> > That's a pppd options file, right? l2tpd even never got as far as launching
> > pppd.
>
> Yes. What's in your l2tpd.conf?
[global]
auth file = /etc/l2tpd/l2tp-secrets ; is empty except for comments
[lns default]
ip range = 192.168.2.201-192.168.2.205
length bit = yes
require authentication = yes
name = scotos
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.lns
> > I noticed something else in the log: the gateway appears to be negotiating
> > the connection twice. I checked, the previous attempts showed the same
> > symptom.
> > Is there a way to make it not too? Even if the gateway would receive the
> > same initiation packet twice?
>
> No, because it could be a second client behind the same NAT router IP address.
In this particular case, the client is not even behind NAT.
> I am not sure why your client appears to initiate twice though. What client
> is this?
Windows XP Pro SP2 (with NAT-T patch), using DUN l2tp connection.
I'm not sure the client _is_ actually initiating twice, though.
I'm testing from Belgium, with the (faulty) gateway being in Singapore.
Connectivity in SG is not like it is over here...
The working gateway is in BE; when I connect to it the client does not
initiate twice. So I suspect it either retransmits (because it takes too
long before it receives an answer), but that seems to be contradicted
because the SG gateway sees both packets at or near the same time
according to the logs.
Or, the packet gets duplicated somewhere along the way - is this possible
in IPv4? I would suspect it is, but am not sure.
Regards,
Filip
More information about the Users
mailing list