[Openswan Users] Prb with xl2tpd

Christophe Ngo Van Duc cngovanduc at gmail.com
Wed Aug 29 08:52:06 EDT 2007


Dear Tomasz & all,

 

  This did solve my problem, I am still wondering why I need to put this
explicit parameter.

 

  The default route gateway point to the same gateway I now use in
leftnexthop.

 

Many thanks for the help,

Christophe.

 

  _____  

From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Tomasz Grzelak
Sent: mardi 28 août 2007 02:30
To: users at openswan.org
Subject: Re: [Openswan Users] Prb with xl2tpd

 

2007/8/28, Christophe Ngo Van Duc <cngovanduc at gmail.com>:

Dear all,

  I am encountering a problem with a roadwarrior setup with netkey
(ipsec/l2tpd/ppp/radius)

  I can establish the IPSec SA, then I use the mangling rule to forward to
l2tp:

  $IPT -t mangle -A PREROUTING -p esp -j MARK --set-mark 1 
  $IPT -t nat -A PREROUTING -m mark --mark 1 -p udp --dport 1701 -j DNAT
--to internal-ip

  I am getting the following error on l2tpd side:

xl2tpd[11438]: control_finish: Peer requested tunnel 15 twice, ignoring 
second one.
xl2tpd[11438]: control_finish: Peer requested tunnel 15 twice, ignoring
second one.
xl2tpd[11438]: Maximum retries exceeded for tunnel 14572.  Closing.

  A tcpdump also show me that no ESP traffic is sent back to the 
roadwarrior.


hello,

it looks like incoming traffic is arriving, but can't be send back.
first idea - do you have leftnexthop/rightnexthop set in your ipsec.conf to
your default gateway to Internet? 
If not, try to set it up.

Regards,
Tomasz Grzelak

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070829/44cc4dba/attachment-0001.html 


More information about the Users mailing list