[Openswan Users] Trouble with IPSEC/xl2tpd and multiple connections

The Adept adept at stephans.org
Mon Feb 19 17:37:41 EST 2007


Paul Wouters wrote:
> On Mon, 19 Feb 2007, The Adept wrote:
>
>   
>>>>>   I've recently set up an openswan/l2tpd VPN using certificates.
>>>>> Everything appears to work quite well except when multiple clients
>>>>> attempt to connect simultaneously.  A single client can stay on forever
>>>>> if another doesn't connect.  Once a second client attempts to connect,
>>>>> both clients start renegotiating continually.   If logs would help I can
>>>>> provide them in another email, I'm hoping I have something simple wrong
>>>>> that I've overlooked.
>>>>>           
>
>   
>> And to be extra clear, I've tested with 2 clients not behind NAT and the same
>> behavior happens.
>>     
>
> In that case, I'm interested to see the openswan logs (without plutodebug= or
> klipsdebug), and the xl2tpd logs (please recompile with the debug flags
> specified as illustrated in the Makefile).
>
> Which versions of xl2tpd and openswan are you using? Can you try openswan
> 2.4.x CVS and xl2tpd GIT?
>
> I will release xl2tpd 1.1.07 today, but I can't release openswan-2.4.8 yet
> without fixing the 2.6.19/2.6.20 crashers, so for that you should probably
> try the CVS version.
>
> Paul
>   

Here's some information on my system:

  Gentoo Linux with 2.6.19 kernel (NETKEY IPSEC obviously)
  openswan 2.4.7
  xl2tpd 1.1.06
  ppp 2.4.4-r4

I've since tested with a 2.6.17 kernel to eliminate the .19 kernel from being an issue and I run into the same problems.  I'm going to recompile xl2tpd outside of portage with the debug stuff enabled and I'll get some logs online asap.  I've been wrestling with this for 4 days now and I'm running out of ideas.

Dan




More information about the Users mailing list