[Openswan Users] Linux IPsec/L2TP client?

Paul Wouters paul at xelerance.com
Mon Sep 11 18:14:00 EDT 2006


On Mon, 11 Sep 2006, Rick Romero wrote:

> > http://www.jacco2.dds.nl/networking/openswan-l2tp.html#Client
> >
> > Perhaps I should have moved this section to a separate webpage.
>
> I tried those docs, they're the furthest I've gotten, but still not
> quite there :(
>
> I can create the tunnel:

> Sep 11 16:09:10 localhost pluto[16228]: "L2TP-CERT-CLIENT" #9: sent QI2,
> IPsec SA established {ESP=>0x0f7c8ee3 <0x2d6ac2f3 xfrm=AES_0-HMAC_SHA1}
>
> But I can't do the l2tp part:
>
> Sep 11 15:02:03 localhost l2tpd[16642]: Connecting to host 1.2.3.5, port
> 1701
> Sep 11 15:02:08 localhost l2tpd[16642]: Maximum retries exceeded for
> tunnel 4977.  Closing.

Can you ping the remote IP?

> When I do a traceroute to 1.2.3.5 - I get a normal route back.  It
> doesn't seem to be going through the tunnel.

> ipsec setup --status says 0 tunnels - though it appears in ipsec auto
> --status there is a connection..  so I'm kind of confused.
>
> Also, ipsec look on either end doesn't show the remote IP.   But I'll
> admit I'm still not totally on-base with what tunnel should show up
> where :/

ipsec look does not work properly on netkey.

Try setting the mtu of the l2tpd to 1472. Run ipsec verify on the server
and fix any warnings about proc settings.

If that does not help, show us your l2tpd.conf and ipsec.conf.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list