[Openswan Users] openswan + l2tpd + iptables problem

Jacco de Leeuw jacco2 at dds.nl
Wed Oct 18 08:32:54 EDT 2006


Filip wrote:

> And here is one important rule missing:
> iptables -t mangle -A PREROUTING -p UDP -i eth1 --dport 4500 --set-mark 50

I now remember that I wanted to inform Chris Andrews about this...
(http://www.funknet.org/doc/tunnel/l2tp.xml)
Sorry about that.

> plugin winbind.so
> ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1'

Is this against a Samba server? Just curious.

> sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]

Hm, I didn't realise that pppd defaulted to PPP compression enabled.

> rcvd [CCP ConfReq id=0x11 <mppe +H -M -S -L -D +C>]
> sent [CCP ConfRej id=0x11 <mppe +H -M -S -L -D +C>]

The Windows client keeps asking for MPPE encryption. Did you configure
the VPN Wizard to use "Advanced (custom settings)" or
"Geavanceerd (aangepaste instellingen)"? Disable "Encryption required"
or "Codering vereisen".

Alternative, you could add "noccp" to options.ppp.l2tpd

> Oct 18 15:24:37 scotos l2tpd[16079]: child_handler : pppd exited for call 1 with code 16 
> Oct 18 15:24:38 scotos l2tpd[16079]: write_packet: tty is not open yet. 
> Oct 18 15:24:41 scotos l2tpd[16079]: write_packet: tty is not open yet. 
> Oct 18 15:24:42 scotos l2tpd[16079]: control_xmit: Maximum retries exceeded for tunnel 57393.  Closing. 
> Oct 18 15:24:43 scotos l2tpd[16079]: get_call: can't find call 43087 in tunnel 57393 
> Oct 18 15:24:47 scotos l2tpd[16079]: control_xmit: Unable to deliver closing message for tunnel 57393. Destroying anyway. 
> Oct 18 15:24:48 scotos l2tpd[16079]: get_call:can't find tunnel 57393 

Hm, this is not a graceful exit of l2tpd. Are you using Debian's
l2tpd-pre0.70? I believe a number of issues have been fixed in
Xelerance's version xl2tpd.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list