[Openswan Users] Help - WinXP l2tp over Ipsec into Openswan linux server

Bill Melotti Bill.Melotti at cognitomobile.com
Tue Apr 24 18:13:59 EDT 2007 

Dear all

I have followed two or three different guides to getting this working
and after a long period have eventually managed to get the IPSEC side of
things working (I think ! )

The WinXP client is behind a NATting ADSL router, so is the linux
server.

However when WinXP moves to the L2TP stage, if I am running tcpdump on
ipsec0 I can see l2tp packets arriving (which I assume means they came
in encrypted, have been de-scrambled and pushed into ipsec0 as clear
packets)

However l2tpd does not see these packets (it really weird actually,
l2tpd breaks out of the select its been sleeping in, with the fd
connected to the socket, but when it issues the recvmsg, gets EAGAIN, so
goes back to sleep, a quick test program that sends out a dummy UDP
packet on 1701 proves its not a programming error by waking and sending
data correctly)

I've tried using xl2tpd also, no joy.

Packet forwarding is on generally and for the interfaces ipsec0 and eth0
it is on and rp_filter is off. I've tried with ipsec0 having same and
slightly different address to eth0 which is where the internet
connection is made.

Currently I have no firewall rules on port 1701 (as mentioned above the
packet arrival does wake up l2tpd, but then no data is available for the
program. I also wrote a simple UDP server to see if I would get a wake
up after just sleeping on recvfrom. The process does not wake even as
tcpdump is reporting packets received on ipsec0)


Does anyone have any ideas why traffic is not being delivered to
processes?

I think I am using KLIPS, I ran a patch on my 2.4 kernel and then had a
load of ipsec options in the kernel config (I don't think they were
there bfore ! ) A new kernel was built and installed.

How can I tell if I am using KLIPS or NETKEY?

I have been stuck on this now for about a day, any help would be greatly
appreciated.

Many thanks in advance

Regards

Bill Melotti
Network Operations Manager

V 01635-508200
F 01635-550783
E bill.melotti at cognitomobile.com

Cognito Ltd
Block 4
Benham Valence
Newbury
Berks
RG20  8LU

www.cognitomobile.com






NOTICE: Cognito Limited. Benham Valence, Newbury, Berkshire, RG20 8LU.  UK. Company number 02723032
This e-mail message and any attachment is confidential. It may not be disclosed to or used by anyone other than the intended recipient. If you have received this e-mail in error please notify the sender immediately then delete it from your system. Whilst every effort has been made to check this mail is virus free we accept no responsibility for software viruses and you should check for viruses before opening any attachments. Opinions, conclusions and other information in this email and any attachments which do not relate to the official business of the company are neither given by the company nor endorsed by it.


This message has been scanned for viruses by Mail Controller - www.MailController.altohiway.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070424/600e26fe/attachment.html

More information about the Users mailing list