[Openswan Users] Openswan + xl2tpd problem

bigcahuna bigcahuna at o2.pl
Wed Nov 7 05:50:38 EST 2007 

---- Wiadomość Oryginalna ----
Od: Paul Wouters <paul at xelerance.com>
Do: bigcahuna <bigcahuna at o2.pl>
Kopia do: users at openswan.org
Data: 7 listopada 2007 0:26
Temat: Re: Re: [Openswan Users] Openswan + xl2tpd problem

> On Tue, 6 Nov 2007, bigcahuna wrote:
> 
> > > > udp_xmit failed with err=-1:Operation not permitted
> > > > udp_xmit failed with err=-1:Operation not permitted
> > > > Nov  6 20:40:07 server xl2tpd[17625]: Unable to deliver closing message for tunnel 52530. Destroying anyway.
> > >
> > > I have never seen these.
> > > Are you using the pppol2tp kernel module? If so, try and disable it?
> > > Are you using SElinux? If som try to disable that?
> >
> > It's a Debian 4.1, i had compiled pppol2tp but now disabled it and recompiled and i have the same problem.
> >
> > >
> > > You should upgrade to openswan 2.4.10, as some UDP checksum thing have been changed.
> > >
> >
> > Now is upgraded but that's not help too :(
> > pluto[15341]: Starting Pluto (Openswan Version 2.4.10 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEtq^eUwVz_A)
> >
> > Still I have
> >
> > Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: responding to Quick Mode {msgid:9efa271d}
> > Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> > Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> > Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
> > Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xbaf2553c <0xeba18eb0 xfrm=3DES_0-HMAC_M
> > D5 NATD=none DPD=none}
> >
> >
> > and
> >
> >
> > Nov  6 23:33:13 server xl2tpd[15644]: Forked again by Xelerance (www.xelerance.com) (C) 2006
> > Nov  6 23:33:13 server xl2tpd[15644]: Listening on IP address 0.0.0.0, port 1701
> > Nov  6 23:34:19 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted
> > Nov  6 23:34:19 server xl2tpd[15644]: control_finish: Peer requested tunnel 10 twice, ignoring second one.
> > Nov  6 23:34:19 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted
> > Nov  6 23:34:20 server xl2tpd[15644]: control_finish: Peer requested tunnel 10 twice, ignoring second one.
> > Nov  6 23:34:20 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted
> > Nov  6 23:34:20 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted
> 
> 
> Try lowering the mtu of your external interface to 1472
> 
> Paul

Lowering MTU doesn't help too.
I changed xl2tp to l2tpd and when connect from public IP i have now in logs

Nov  7 11:36:56 intermap l2tpd[12743]: l2tpd version 0.69 started on intermap PID:12743
Nov  7 11:36:56 intermap l2tpd[12743]: Linux version 2.6.23.1 on a i686, listening on IP address 0.0.0.0, port 1701
Nov  7 11:41:16 intermap l2tpd[12743]: ourtid = 44041, entropy_buf = ac09
Nov  7 11:41:16 intermap l2tpd[12743]: check_control: control, cid = 0, Ns = 0, Nr = 0
Nov  7 11:41:16 intermap l2tpd[12743]: handle_avps: handling avp's for tunnel 44041, call 0
Nov  7 11:41:16 intermap l2tpd[12743]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Nov  7 11:41:16 intermap l2tpd[12743]: protocol_version_avp: peer is using version 1, revision 0.
Nov  7 11:41:16 intermap l2tpd[12743]: framing_caps_avp: supported peer frames: sync
Nov  7 11:41:16 intermap l2tpd[12743]: bearer_caps_avp: supported peer bearers:
Nov  7 11:41:16 intermap l2tpd[12743]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
Nov  7 11:41:16 intermap l2tpd[12743]: hostname_avp: peer reports hostname 'amila'
Nov  7 11:41:16 intermap l2tpd[12743]: vendor_avp: peer reports vendor 'Microsoft'
Nov  7 11:41:16 intermap l2tpd[12743]: assigned_tunnel_avp: using peer's tunnel 1
Nov  7 11:41:16 intermap l2tpd[12743]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
Nov  7 11:41:17 intermap l2tpd[12743]: ourtid = 44188, entropy_buf = ac9c
Nov  7 11:41:17 intermap l2tpd[12743]: check_control: control, cid = 0, Ns = 0, Nr = 0
Nov  7 11:41:17 intermap l2tpd[12743]: handle_avps: handling avp's for tunnel 44188, call 0
Nov  7 11:41:17 intermap l2tpd[12743]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Nov  7 11:41:17 intermap l2tpd[12743]: protocol_version_avp: peer is using version 1, revision 0.
Nov  7 11:41:17 intermap l2tpd[12743]: framing_caps_avp: supported peer frames: sync
Nov  7 11:41:17 intermap l2tpd[12743]: bearer_caps_avp: supported peer bearers:
Nov  7 11:41:17 intermap l2tpd[12743]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
Nov  7 11:41:17 intermap l2tpd[12743]: hostname_avp: peer reports hostname 'amila'
Nov  7 11:41:17 intermap l2tpd[12743]: vendor_avp: peer reports vendor 'Microsoft'
Nov  7 11:41:17 intermap l2tpd[12743]: assigned_tunnel_avp: using peer's tunnel 1
Nov  7 11:41:17 intermap l2tpd[12743]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
Nov  7 11:41:17 intermap l2tpd[12743]: control_finish: Peer requested tunnel 1 twice, ignoring second one.
Nov  7 11:41:19 intermap l2tpd[12743]: ourtid = 58609, entropy_buf = e4f1
Nov  7 11:41:19 intermap l2tpd[12743]: ourcid = 12123, entropy_buf = 2f5b
Nov  7 11:41:19 intermap l2tpd[12743]: check_control: control, cid = 0, Ns = 0, Nr = 0
Nov  7 11:41:19 intermap l2tpd[12743]: handle_avps: handling avp's for tunnel 58609, call 12123
Nov  7 11:41:19 intermap l2tpd[12743]: message_type_avp: message type 1 (Start-Control-Connection-Request)
Nov  7 11:41:19 intermap l2tpd[12743]: protocol_version_avp: peer is using version 1, revision 0.
Nov  7 11:41:19 intermap l2tpd[12743]: framing_caps_avp: supported peer frames: sync
Nov  7 11:41:19 intermap l2tpd[12743]: bearer_caps_avp: supported peer bearers:
Nov  7 11:41:19 intermap l2tpd[12743]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
Nov  7 11:41:19 intermap l2tpd[12743]: hostname_avp: peer reports hostname 'amila'
Nov  7 11:41:19 intermap l2tpd[12743]: vendor_avp: peer reports vendor 'Microsoft'
Nov  7 11:41:19 intermap l2tpd[12743]: assigned_tunnel_avp: using peer's tunnel 1
Nov  7 11:41:19 intermap l2tpd[12743]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
Nov  7 11:41:19 intermap l2tpd[12743]: control_finish: Peer requested tunnel 1 twice, ignoring second one.
Nov  7 11:41:21 intermap l2tpd[12743]: control_xmit: Maximum retries exceeded for tunnel 44041.  Closing.
Nov  7 11:41:21 intermap l2tpd[12743]: call_close : Connection 1 closed to 91.94.52.108, port 1701 (Timeout)

More information about the Users mailing list