[Openswan Users] l2tpd does not finish pppd connection
Paul Wouters
paul at xelerance.com
Tue May 15 18:23:42 EDT 2007
On Tue, 15 May 2007, Rafael Andara wrote:
> I was able to setup a lab vpn server with IPsec/l2tpd without any problem,
> but when I put it on production my connection suddenly dies after a minute
> or so, I was able to see that pppd was sending LCP EchoReq but it wasn't
> getting any response.
> I stoped testing and 2 days after it's worse the connection isn't
> established, the chap challenge doesn't get to client and I see this with
> tcpdump:
>
> 12:16:46.007191 IP vpn-server > roadwarrior: ESP(spi=0x3b2c8ac1,seq=0x6),
> length 84
> 12:16:46.009699 IP vpn-server > roadwarrior: ESP(spi=0x3b2c8ac1,seq=0x7),
> length 68
> 12:16:46.896071 IP roadwarrior > vpn-server: ESP(spi=0x707a54a7,seq=0x8),
> length 84
> 12:16:46.898789 arp who-has roadwarrior tell vpn-server
> 12:16:47.898825 arp who-has roadwarrior tell vpn-server
> 12:16:48.898892 arp who-has roadwarrior tell vpn-server
> 12:16:49.902972 arp who-has roadwarrior tell vpn-server
> 12:16:50.903013 arp who-has roadwarrior tell vpn-server
> 12:16:51.903077 arp who-has roadwarrior tell vpn-server
> 12:16:52.907159 arp who-has roadwarrior tell vpn-server
>
> VPN-server is a NAT server also, with iptables.
- Run ipsec verify
- Check/lower your external mtu to 1440
- disable firewall rules to see if that is the problem
Paul
More information about the Users
mailing list