[Openswan Users] Not able to communicate to other subnets

Bram Jansen bramsbox at gmail.com
Thu Apr 3 13:29:15 EDT 2008



I've configured openswan with Jacco's page "Using a Linux L2TP/IPsec VPN
server" almost successfully with the exception that I am not able to
communicate/ping to the openswan linux server when the connection is routed
to another subnet.

My Openswan server is an up to date Debian Etch server with all the latest


When I'm in the same subnet and the packages aren't routed, the
communication works flawlessly. This is all configured without NAT-T and is
tested in a private range subnet. Everything is configured according to
jacco's page and the debian defaults. The connection is established
"correctly", as in that everything connects and in the tray appears the
connected to OPENSWAN server icon. I also see that when it doesn't work the
ppp0 interface disappears after a number of seconds on the openswan gateway
and then 30 or more seconds later the connection on the windows box is


I've checked a few things:


1.	I disabled the firewall on my router so no traffic is blocked
2.	I connected my laptop in the same subnet and then it did work
3.	I tried the latest l2tp package from jacco's page, but I don't think
it is a l2tp/ppp problem anymore
4.	Upgraded Openswan, l2tpd and pppd to the Debian testing branche


I try not to bore you guys with too many log and config texts, but here's
the minimum I think that could be helpful

Thanks anyway,




In the logs I see the following message:





conn L2TP-PSK-noNAT





        # we cannot rekey for %any, let client rekey





        # or you can use: left=YourIPAddress


        # For updated Windows 2000/XP clients,

        # to support old clients as well, use leftprotoport=17/%any




        # The remote user.





Openswan log :

Apr  3 01:15:05 sector pluto[29980]: ERROR: asynchronous network error
report on eth0 (sport=500) for message to port

 500, complainant No route to host [errno 113, origin ICMP
type 3 code 1 (not authenticated)]


L2tpd log:

Apr  3 01:13:57 sector l2tpd[29801]: control_xmit: Maximum retries exceeded
for tunnel 46545.  Closing. 

Apr  3 01:13:58 sector l2tpd[29801]: call_close : Connection 1 closed to, port 1701 (Timeout) 

Apr  3 01:14:02 sector l2tpd[29801]: check_control: control, cid = 0, Ns =
4, Nr = 2 

Apr  3 01:14:02 sector l2tpd[29801]: handle_avps: handling avp's for tunnel
46545, call 29577 

Apr  3 01:14:02 sector l2tpd[29801]: message_type_avp: message type 6

Apr  3 01:14:02 sector l2tpd[29801]: control_xmit: Unable to deliver closing
message for tunnel 46545. Destroying anyway. 

Apr  3 01:14:12 sector l2tpd[29801]: get_call:can't find tunnel 46545 

Apr  3 01:14:12 sector l2tpd[29801]: network_thread: unable to find call or
tunnel to handle packet.  call = 0, tunnel = 46545 Dumpi


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080403/97fd8988/attachment.html 

More information about the Users mailing list