[Openswan Users] xl2tpd timeouts over openswan ipsec

Rob Emanuele rje at crystalfontz.com
Thu Aug 21 01:18:18 EDT 2008 

Greetings,

I'm running Fedora 9 with openswan and xl2tpd as a VPN server.  My
ipsec transport comes up fine but xt2tpd timesout.

I see some questions about this online but no firm solutions.  The
only solution I've seen talks about setting leftnexthop which errors
out if set to %defaultroute.

Any help is greatly appreciated.  This is with using WinXP SP2 or
another Fedora box as a client.

Thanks,

Rob

===============SYSLOG
Aug 20 19:22:25 vpn kernel: NET: Registered protocol family 15
Aug 20 19:22:25 vpn ipsec_setup: Using NETKEY(XFRM) stack
Aug 20 19:22:26 vpn kernel: intel_rng: FWH not detected
Aug 20 19:22:26 vpn kernel: padlock: VIA PadLock not detected.
Aug 20 19:22:26 vpn kernel: padlock: VIA PadLock Hash Engine not detected.
Aug 20 19:22:26 vpn ipsec_setup: ...Openswan IPsec started
Aug 20 19:22:26 vpn ipsec_setup: Starting Openswan IPsec
U2.6.14/K2.6.25.14-108.fc9.i686...
Aug 20 19:22:26 vpn ipsec_setup:
Aug 20 19:22:26 vpn ipsec_setup:
Aug 20 19:22:27 vpn ipsec__plutorun: 002 added connection description
"roadwarrior-l2tp-updatedwin"
Aug 20 19:22:27 vpn ipsec__plutorun: 002 added connection description
"roadwarrior-l2tp"
Aug 20 19:22:27 vpn ipsec__plutorun: 002 added connection description
"macintosh-l2tp"
Aug 20 19:22:27 vpn ipsec__plutorun: 002 added connection description
"roadwarrior"
Aug 20 19:22:27 vpn ipsec__plutorun: 002 added connection description
"office-to-colo"
Aug 20 19:22:44 vpn xl2tpd[572]: Maximum retries exceeded for tunnel
34377.  Closing.
Aug 20 19:22:44 vpn xl2tpd[572]: Connection 24 closed to 70.89.140.6,
port 1701 (Timeout)
Aug 20 19:22:59 vpn xl2tpd[572]: Maximum retries exceeded for tunnel
62551.  Closing.
Aug 20 19:22:59 vpn xl2tpd[572]: Connection 24 closed to 70.89.140.6,
port 1701 (Timeout)


=========ipsec.conf:==========

config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for
lots.
        # klipsdebug=none
        #plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave
protostack=netkey
        protostack=netkey
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        uniqueids=yes

conn %default
     keyingtries=1
     compress=yes
     disablearrivalcheck=no
     authby=secret
     pfs=no

conn roadwarrior-l2tp-updatedwin
     pfs=no
     leftprotoport=17/1701
     rightprotoport=17/1701
     also=roadwarrior

conn roadwarrior-l2tp
     pfs=no
     leftprotoport=17/0
     rightprotoport=17/1701
     also=roadwarrior

conn macintosh-l2tp
     pfs=no
     leftprotoport=17/1701
     rightprotoport=17/%any
     also=roadwarrior

conn roadwarrior
     left=66.66.66.66
     right=%any
     rightsubnet=vhost:%priv,%no
     auto=add
     type=transport


===============xl2tpd=========

[global]
debug tunnel = yes
debug network = yes

[lns default]
ip range = 192.168.113.150-192.168.201.175
local ip = 192.168.113.253
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

More information about the Users mailing list