[Openswan Users] pluto: deleting connection instance with peer -- why?

Peter McGill petermcgill at goco.net
Tue May 15 14:35:53 EDT 2007


> -----Original Message-----
> From: JOR HAY [mailto:flexbumpchest at gmail.com] 
> Sent: May 15, 2007 2:18 PM
> To: petermcgill at goco.net
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] pluto: deleting connection 
> instance with peer -- why?
> 
> On 5/14/07, Peter McGill <petermcgill at goco.net> wrote:
> > > -----Original Message-----
> > > Date: Sun, 13 May 2007 21:02:39 -0500
> > > From: "JOR HAY" <flexbumpchest at gmail.com>
> > > Subject: [Openswan Users] pluto: deleting connection instance with
> > >       peer -- why?
> > > To: users at openswan.org
> > >
> >
> > First set plutodebug=none, we don't usually need this much 
> info, and it's
> > A real pain to look through. All the below lines which we 
> need are still
> > There without the debuging options.
> >
> Ok, I thought you guys would laugh at me for picking none and trying
> to get help, but that looks about right, now.  Thanks
> 
> >
> > > Contents of /var/log/secure
> > > May 13 18:47:39 myserver pluto[28835]: "L2TP-WINXP"[2]
> > > xxx.xxx.xxx.xxx #1:
> > > STATE_MAIN_R3: sent MR3, ISAKMP SA established
> > > {auth=OAKLEY_PRESHARED_KEY
> > > cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
> >
> > > May 13 18:47:48 myserver pluto[28835]: "L2TP-WINXP"[2]
> > > xxx.xxx.xxx.xxx #3:
> > > STATE_QUICK_R2: IPsec SA established {ESP=>0x4e864e6a <0x697cc74c
> > > xfrm=3DES_0-HMAC_MD5 NATD=xxx.xxx.xxx.xxx:22155 DPD=none}
> >
> > The above two lines indicate that the IPSec connection was made
> > Correctly, so the IPSec portion is working.
> >
> > > May 13 18:48:19 myserver pluto[28835]: "L2TP-WINXP"[2]
> > > xxx.xxx.xxx.xxx #1:
> > > received Delete SA(0x4e864e6a) payload: deleting IPSEC State #3
> >
> > This line indicates the the Windows machine asked for a disconnect.
> >
> > The thing to remember with windows is it's not using IPSec 
> but rather
> > L2TP over/in IPSec. And L2TP itself uses PPP in it's tunnel. Since
> > windows said it didn't get a response, and You can clearly see the
> > IPSec part is working, the problem must lie in The L2TP or 
> PPP portion
> > of the connection. Did you install and configure a L2TP and PPP
> > daemon/server on your linux box? If so try looking in it's 
> logs. If not
> > try downloading xl2tpd from Xelerance. Be sure to read 
> Jacco's docs on
> > L2TP/IPSec connections.
> >
> > http://www.xelerance.com/software/xl2tpd/
> >
> > http://www.jacco2.dds.nl/networking/index.html
> >
> > Peter
> >
> >
> I do indeed have xl2tpd installed and configured, but NOTHING shows up
> in the log after turning the service on.  I'm not sure how to start
> pppd, and I don't see it running, but I guess that's a different
> story.  Thanks for clearing things up.

Xl2tpd will start a pppd process for each incomming connection when it
The connection is made. There should be log entries at that time.

Try this to look for the log entries.
egrep -e '(l2tp|ppp)d' /var/log/*

Also use ps -ef to verify that it is running.

What does your l2tpd.conf file look like?

Peter



More information about the Users mailing list