[Openswan Users] Spam: Re: Help - WinXP l2tp over Ipsec into Openswan linux server

Bill Melotti Bill.Melotti at cognitomobile.com
Thu Apr 26 09:46:31 EDT 2007 

Hi 

My setup is still broken. I got a fresh kernel from kernel.org and
re-patched using instructions for 2.4 (make nattpatch...) 

I had not done this step before, having used two files
openswan-2.4.7-klips-patch  and openswan-2.4.7-natt-patch.

It seems the difference is using the first method (as defined in README)
you get only a NATT option in kernel config and have to load a module
ipsec.o

Using the other files, seems to give a number of ipsec ooptions in
kernel and build everything into kernel.

However now with the new kernel booted and module loaded, setup exactly
the same, I get exactly same result. Tcpdump on ipsec0 reveals l2tp
packets coming in. The l2tpd daemon wakes from its select, but when it
call recvmsg, gets no data.

The l2tpd daemon is not bound to any interface and I have proved I can
wake it up and get errors messages about corrupt packets if I send dummy
udp packets to correct port on either 127.0.0.1 or my local Ethernet
address.

Can anyone help ?

Regards
 
Bill Melotti
Network Operations Manager
 
V 01635-508200
F 01635-550783
E bill.melotti at cognitomobile.com
 
Cognito Ltd
Block 4
Benham Valence
Newbury
Berks
RG20  8LU
 
www.cognitomobile.com
 
 

-----Original Message-----
From: Jacco de Leeuw [mailto:jacco2 at dds.nl] 
Sent: 25 April 2007 16:17
To: users at openswan.org
Subject: Spam: Re: [Openswan Users] Help - WinXP l2tp over Ipsec into
Openswan linux server


Bill Melotti wrote:

> Does anyone have any ideas why traffic is not being delivered to
> processes? 

Perhaps the L2TP daemon is bound to the internal interface and you
do not forward the packets from the ipsec0 interface to it? Or your
L2TP daemon is compiled for a tty type (BSD, Unix98) that your kernel
does not support?

> How can I tell if I am using KLIPS or NETKEY?

Check the Openswan startup messages in the logs (often /var/log/secure).
For example, "Using NETKEY IPsec interface code on 2.6.xxxx"

> any help would be greatly appreciated.

Some more info would be useful. Can you upload the output of
'ipsec barf > out.txt' somewhere, after you connected with the
Windows client?

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl



This message has been scanned for viruses by MailController -
www.MailController.altohiway.com


NOTICE: Cognito Limited. Benham Valence, Newbury, Berkshire, RG20 8LU.  UK. Company number 02723032
This e-mail message and any attachment is confidential. It may not be disclosed to or used by anyone other than the intended recipient. If you have received this e-mail in error please notify the sender immediately then delete it from your system. Whilst every effort has been made to check this mail is virus free we accept no responsibility for software viruses and you should check for viruses before opening any attachments. Opinions, conclusions and other information in this email and any attachments which do not relate to the official business of the company are neither given by the company nor endorsed by it.


This message has been scanned for viruses by Mail Controller - www.MailController.altohiway.com

More information about the Users mailing list