[Openswan Users] Openswan + xl2tpd problem

Paul Wouters paul at xelerance.com
Wed Nov 7 09:16:09 EST 2007


On Wed, 7 Nov 2007, bigcahuna wrote:

Now you're failing negotiation, so you are not even starting to send
packets, so you dont see your udp send errors.

I do not know why you are seeing those, if these are not mtu issues.

Paul

> Date: Wed, 07 Nov 2007 11:50:38 +0100
> From: bigcahuna <bigcahuna at o2.pl>
> Cc:  <users at openswan.org>
> To: Paul Wouters <paul at xelerance.com>
> Subject: Re: Re: Re: [Openswan Users] Openswan + xl2tpd problem
>
> ---- Wiadomo?? Oryginalna ----
> Od: Paul Wouters <paul at xelerance.com>
> Do: bigcahuna <bigcahuna at o2.pl>
> Kopia do: users at openswan.org
> Data: 7 listopada 2007 0:26
> Temat: Re: Re: [Openswan Users] Openswan + xl2tpd problem
>
> > On Tue, 6 Nov 2007, bigcahuna wrote:
> >
> > > > > udp_xmit failed with err=-1:Operation not permitted
> > > > > udp_xmit failed with err=-1:Operation not permitted
> > > > > Nov  6 20:40:07 server xl2tpd[17625]: Unable to deliver closing message for tunnel 52530. Destroying anyway.
> > > >
> > > > I have never seen these.
> > > > Are you using the pppol2tp kernel module? If so, try and disable it?
> > > > Are you using SElinux? If som try to disable that?
> > >
> > > It's a Debian 4.1, i had compiled pppol2tp but now disabled it and recompiled and i have the same problem.
> > >
> > > >
> > > > You should upgrade to openswan 2.4.10, as some UDP checksum thing have been changed.
> > > >
> > >
> > > Now is upgraded but that's not help too :(
> > > pluto[15341]: Starting Pluto (Openswan Version 2.4.10 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEtq^eUwVz_A)
> > >
> > > Still I have
> > >
> > > Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: responding to Quick Mode {msgid:9efa271d}
> > > Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> > > Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> > > Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
> > > Nov  6 23:21:13 server pluto[15341]: "L2TP-CERT"[2] 193.238.14.196 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xbaf2553c <0xeba18eb0 xfrm=3DES_0-HMAC_M
> > > D5 NATD=none DPD=none}
> > >
> > >
> > > and
> > >
> > >
> > > Nov  6 23:33:13 server xl2tpd[15644]: Forked again by Xelerance (www.xelerance.com) (C) 2006
> > > Nov  6 23:33:13 server xl2tpd[15644]: Listening on IP address 0.0.0.0, port 1701
> > > Nov  6 23:34:19 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted
> > > Nov  6 23:34:19 server xl2tpd[15644]: control_finish: Peer requested tunnel 10 twice, ignoring second one.
> > > Nov  6 23:34:19 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted
> > > Nov  6 23:34:20 server xl2tpd[15644]: control_finish: Peer requested tunnel 10 twice, ignoring second one.
> > > Nov  6 23:34:20 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted
> > > Nov  6 23:34:20 server xl2tpd[15644]: udp_xmit failed with err=-1:Operation not permitted
> >
> >
> > Try lowering the mtu of your external interface to 1472
> >
> > Paul
>
> Lowering MTU doesn't help too.
> I changed xl2tp to l2tpd and when connect from public IP i have now in logs
>
> Nov  7 11:36:56 intermap l2tpd[12743]: l2tpd version 0.69 started on intermap PID:12743
> Nov  7 11:36:56 intermap l2tpd[12743]: Linux version 2.6.23.1 on a i686, listening on IP address 0.0.0.0, port 1701
> Nov  7 11:41:16 intermap l2tpd[12743]: ourtid = 44041, entropy_buf = ac09
> Nov  7 11:41:16 intermap l2tpd[12743]: check_control: control, cid = 0, Ns = 0, Nr = 0
> Nov  7 11:41:16 intermap l2tpd[12743]: handle_avps: handling avp's for tunnel 44041, call 0
> Nov  7 11:41:16 intermap l2tpd[12743]: message_type_avp: message type 1 (Start-Control-Connection-Request)
> Nov  7 11:41:16 intermap l2tpd[12743]: protocol_version_avp: peer is using version 1, revision 0.
> Nov  7 11:41:16 intermap l2tpd[12743]: framing_caps_avp: supported peer frames: sync
> Nov  7 11:41:16 intermap l2tpd[12743]: bearer_caps_avp: supported peer bearers:
> Nov  7 11:41:16 intermap l2tpd[12743]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
> Nov  7 11:41:16 intermap l2tpd[12743]: hostname_avp: peer reports hostname 'amila'
> Nov  7 11:41:16 intermap l2tpd[12743]: vendor_avp: peer reports vendor 'Microsoft'
> Nov  7 11:41:16 intermap l2tpd[12743]: assigned_tunnel_avp: using peer's tunnel 1
> Nov  7 11:41:16 intermap l2tpd[12743]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
> Nov  7 11:41:17 intermap l2tpd[12743]: ourtid = 44188, entropy_buf = ac9c
> Nov  7 11:41:17 intermap l2tpd[12743]: check_control: control, cid = 0, Ns = 0, Nr = 0
> Nov  7 11:41:17 intermap l2tpd[12743]: handle_avps: handling avp's for tunnel 44188, call 0
> Nov  7 11:41:17 intermap l2tpd[12743]: message_type_avp: message type 1 (Start-Control-Connection-Request)
> Nov  7 11:41:17 intermap l2tpd[12743]: protocol_version_avp: peer is using version 1, revision 0.
> Nov  7 11:41:17 intermap l2tpd[12743]: framing_caps_avp: supported peer frames: sync
> Nov  7 11:41:17 intermap l2tpd[12743]: bearer_caps_avp: supported peer bearers:
> Nov  7 11:41:17 intermap l2tpd[12743]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
> Nov  7 11:41:17 intermap l2tpd[12743]: hostname_avp: peer reports hostname 'amila'
> Nov  7 11:41:17 intermap l2tpd[12743]: vendor_avp: peer reports vendor 'Microsoft'
> Nov  7 11:41:17 intermap l2tpd[12743]: assigned_tunnel_avp: using peer's tunnel 1
> Nov  7 11:41:17 intermap l2tpd[12743]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
> Nov  7 11:41:17 intermap l2tpd[12743]: control_finish: Peer requested tunnel 1 twice, ignoring second one.
> Nov  7 11:41:19 intermap l2tpd[12743]: ourtid = 58609, entropy_buf = e4f1
> Nov  7 11:41:19 intermap l2tpd[12743]: ourcid = 12123, entropy_buf = 2f5b
> Nov  7 11:41:19 intermap l2tpd[12743]: check_control: control, cid = 0, Ns = 0, Nr = 0
> Nov  7 11:41:19 intermap l2tpd[12743]: handle_avps: handling avp's for tunnel 58609, call 12123
> Nov  7 11:41:19 intermap l2tpd[12743]: message_type_avp: message type 1 (Start-Control-Connection-Request)
> Nov  7 11:41:19 intermap l2tpd[12743]: protocol_version_avp: peer is using version 1, revision 0.
> Nov  7 11:41:19 intermap l2tpd[12743]: framing_caps_avp: supported peer frames: sync
> Nov  7 11:41:19 intermap l2tpd[12743]: bearer_caps_avp: supported peer bearers:
> Nov  7 11:41:19 intermap l2tpd[12743]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
> Nov  7 11:41:19 intermap l2tpd[12743]: hostname_avp: peer reports hostname 'amila'
> Nov  7 11:41:19 intermap l2tpd[12743]: vendor_avp: peer reports vendor 'Microsoft'
> Nov  7 11:41:19 intermap l2tpd[12743]: assigned_tunnel_avp: using peer's tunnel 1
> Nov  7 11:41:19 intermap l2tpd[12743]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
> Nov  7 11:41:19 intermap l2tpd[12743]: control_finish: Peer requested tunnel 1 twice, ignoring second one.
> Nov  7 11:41:21 intermap l2tpd[12743]: control_xmit: Maximum retries exceeded for tunnel 44041.  Closing.
> Nov  7 11:41:21 intermap l2tpd[12743]: call_close : Connection 1 closed to 91.94.52.108, port 1701 (Timeout)
>
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list