[Openswan Users] Openswan + xl2tpd problem

Paul Wouters paul at xelerance.com
Tue Nov 6 18:26:09 EST 2007 

On Tue, 6 Nov 2007, bigcahuna wrote:

> > > udp_xmit failed with err=-1:Operation not permitted
> > > udp_xmit failed with err=-1:Operation not permitted
> > > Nov  6 20:40:07 server xl2tpd[17625]: Unable to deliver closing message for tunnel 52530. Destroying anyway.
> >
> > I have never seen these.
> > Are you using the pppol2tp kernel module? If so, try and disable it?
> > Are you using SElinux? If som try to disable that?
>
> It's a Debian 4.1, i had compiled pppol2tp but now disabled it and recompiled and i have the same problem.
>
> >
> > You should upgrade to openswan 2.4.10, as some UDP checksum thing have been changed.
> >
>
> Now is upgraded but that's not help too :(
> pluto[15341]: Starting Pluto (Openswan Version 2.4.10 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEtq^eUwVz_A)
>
> Still I have
>
> Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: responding to Quick Mode {msgid:9efa271d}
> Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
> Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xbaf2553c <0xeba18eb0 xfrm=3DES_0-HMAC_M
> D5 NATD=none DPD=none}
>
>
> and
>
>
> Nov  6 23:33:13 server xl2tpd[15644]: Forked again by Xelerance (www.xelerance.com) (C) 2006
> Nov  6 23:33:13 server xl2tpd[15644]: Listening on IP address 0.0.0.0, port 1701
> Nov  6 23:34:19 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted
> Nov  6 23:34:19 server xl2tpd[15644]: control_finish: Peer requested tunnel 10 twice, ignoring second one.
> Nov  6 23:34:19 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted
> Nov  6 23:34:20 server xl2tpd[15644]: control_finish: Peer requested tunnel 10 twice, ignoring second one.
> Nov  6 23:34:20 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted
> Nov  6 23:34:20 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted


Try lowering the mtu of your external interface to 1472

Paul

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list