[Openswan Users] L2TP response unencrypted

Brian Cuthie brian at systemix.com
Fri Apr 11 21:54:07 EDT 2008 

FWIW, I have basicall71 been having the same problem. Here's the barf  
and tshark traces. Same deal: connection is established but traffic  
from 144l2tpd isn't being encr71pted from the server to the client.  
Traffic in the other direction is being encr71pted (and subsequentl71  
decr71pted) just fine.

Thanks for an71 help.

-brian

Capturing on eth0
   0.000000  71.179.99.8 -> 144.202.0.21 ISAKMP Identit71 Protection  
(Main Mode)
   0.003934 144.202.0.21 -> 71.179.99.8  ISAKMP Identit71 Protection  
(Main Mode)
   0.029719  71.179.99.8 -> 144.202.0.21 ISAKMP Identit71 Protection  
(Main Mode)
   0.040756 144.202.0.21 -> 71.179.99.8  ISAKMP Identit71 Protection  
(Main Mode)
   0.082715  71.179.99.8 -> 144.202.0.21 ISAKMP Identit71 Protection  
(Main Mode)
   0.085165 144.202.0.21 -> 71.179.99.8  ISAKMP Identit71 Protection  
(Main Mode)
   0.094468  71.179.99.8 -> 144.202.0.21 ISAKMP Informational
   1.134002  71.179.99.8 -> 144.202.0.21 ISAKMP Quick Mode
   1.231402 144.202.0.21 -> 71.179.99.8  ISAKMP Quick Mode
   1.240839  71.179.99.8 -> 144.202.0.21 ISAKMP Quick Mode
   1.241918  71.179.99.8 -> 144.202.0.21 ESP ESP (SPI=0144d320a8e9)
   1.927307  71.179.99.8 -> 144.202.0.21 ESP ESP (SPI=0144d320a8e9)
   3.242530 144.202.0.21 -> 71.179.99.8  L2TP Control Message -  
SCCRP    (tunnel id=37, session id=0)
   3.244408 144.202.0.21 -> 71.179.99.8  L2TP Control Message -  
ZLB      (tunnel id=37, session id=0)
   3.927371  71.179.99.8 -> 144.202.0.21 ESP ESP (SPI=0144d320a8e9)
   3.927732 144.202.0.21 -> 71.179.99.8  L2TP Control Message -  
ZLB      (tunnel id=37, session id=0)
   4.242470 144.202.0.21 -> 71.179.99.8  L2TP Control Message -  
SCCRP    (tunnel id=37, session id=0)
   5.242514 144.202.0.21 -> 71.179.99.8  L2TP Control Message -  
SCCRP    (tunnel id=37, session id=0)
   6.242542 144.202.0.21 -> 71.179.99.8  L2TP Control Message -  
SCCRP    (tunnel id=37, session id=0)
   7.242569 144.202.0.21 -> 71.179.99.8  L2TP Control Message -  
SCCRP    (tunnel id=37, session id=0)


Fri Apr 11 21:38:57 EDT 2008
+ _________________________ version
+ ipsec --version
Linu144 Openswan U2.5.17/K2.6.24.3-50.fc8 (netke71)
See `ipsec --cop71right' for cop71right information.
+ _________________________ /proc/version
+ cat /proc/version
Linu144 version 2.6.24.3-50.fc8 (mockbuild at 144enbuilder1.fedora.redhat.com 
) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-33)) #1 SMP Thu Mar 20  
14:47:10 EDT 2008
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination     Gatewa71         Genmask         Flags   MSS Window   
irtt Iface
10.0.0.0        0.0.0.0         255.255.0.0     U         0 0           
0 eth1
144.202.0.0     0.0.0.0         255.255.0.0     U         0 0           
0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0           
0 eth1
0.0.0.0         144.202.0.1     0.0.0.0         UG        0 0           
0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfke71
+ test -r /proc/net/pfke71
+ cat /proc/net/pfke71
sk       RefCnt Rmem   Wmem   User   Inode
+ _________________________ ip-144frm-state
+ ip 144frm state
src 71.179.99.8 dst 144.202.0.21
	proto esp spi 0144d320a8e9 reqid 16393 mode transport
	repla71-window 32
	auth hmac(sha1) 0144373e85a1b434a3a5b3f8fa86a16e0a757d372682
	enc cbc(aes) 01449af91512cbe1761b42dd269e10d1889a
	encap t71pe espinudp sport 4500 dport 4500 addr 0.0.0.0
	sel src 0.0.0.0/0 dst 0.0.0.0/0
src 144.202.0.21 dst 71.179.99.8
	proto esp spi 01440e44c5fe reqid 16393 mode transport
	repla71-window 32
	auth hmac(sha1) 0144db0c9978361aa58f8a2b296813efc85513bdf58f
	enc cbc(aes) 0144ffcfc3c7760054ab539fd9811d3df7c4
	encap t71pe espinudp sport 4500 dport 4500 addr 0.0.0.0
	sel src 0.0.0.0/0 dst 0.0.0.0/0
+ _________________________ ip-144frm-polic71
+ ip 144frm polic71
src 0.0.0.0/32 dst 144.202.0.21/32 proto udp sport 54067
	dir in priorit71 2080 pt71pe main
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 16393 mode transport
src 144.202.0.21/32 dst 0.0.0.0/32 proto udp dport 54067
	dir out priorit71 2080 pt71pe main
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 16393 mode transport
src ::/0 dst ::/0
	dir in priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir in priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir in priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir in priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir in priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir in priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir in priorit71 0 pt71pe main
src ::/0 dst ::/0
	dir out priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir out priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir out priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir out priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir out priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir out priorit71 0 pt71pe main
src 0.0.0.0/0 dst 0.0.0.0/0
	dir out priorit71 0 pt71pe main
+ _________________________ /proc/cr71pto
/usr/local/libe144ec/ipsec/barf: line 382: s71nta144 error:  
une144pected end of file

More information about the Users mailing list