[Openswan Users] Tunnel but no l2tp connection with openswan-2.6.19 and xltpd-1.2.3

No Body is Perfect news.listener at gmail.com
Wed Dec 17 09:29:02 EST 2008 

Hello Comunnity !
I updated our VPN server from Fedora FC6 (Kernel
2.6.22/openswan-2.4.5/xl2tpd-1.1.11) to Fedora 10 (Kernel
2.6.27/openswan-2.6.19/xl2tpd-1.2.3) successfully  but ...
now the WinXP Clients can't connect to my network.
Tunnel work but no connection to xl2tp.

ipsec auto --status say ...

000 "roadwarrior-all"[3]: 0.0.0.0/0===217.110.71.112[C=DE, ST=BW, L=ST,
O=Company, OU=EDV, CN=server]...95.112.243.191[C=DE, ST=BW, L=ST,
O=Company, OU=EDV, CN=mycn]===?; unrouted; eroute owner: #0
000 "roadwarrior-l2tp"[2]: 217.110.71.112[C=DE, ST=BW, L=ST, O=Company,
OU=EDV, CN=server]:17/1701---217.110.71.111...95.112.243.191[C=DE,
ST=BW, L=ST, O=Company, OU=EDV, CN=mycn]:17/1701; erouted; eroute owner: #45
000 #44: "roadwarrior-all"[3] 95.112.243.191:4500 STATE_MAIN_R3 (sent
MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3304s; newest ISAKMP; nodpd
000 #45: "roadwarrior-l2tp"[2] 95.112.243.191:4500 STATE_QUICK_R2 (IPsec
SA established); EVENT_SA_REPLACE in 3304s; newest IPSEC; eroute owner
000 #45: "roadwarrior-l2tp"[2] 95.112.243.191 esp.9cdcf1e at 95.112.243.191
esp.c3fd3fad at 217.110.71.112

and on /var/log/messages ...

Dec 14 11:04:29 linda xl2tpd[4912]: Maximum retries exceeded for tunnel
53196.  Closing.
Dec 14 11:04:29 linda xl2tpd[4912]: Connection 1 closed to
95.112.243.191, port 1701 (Timeout)
Dec 14 11:04:35 linda xl2tpd[4912]: Can not find tunnel 53196 (refhim=0)


now my ipsec.conf ..


config setup
   # klipsdebug=none
   # plutodebug="control parsing"
   uniqueids=no
   myid=@XXXXXXXXXX
   plutowait=yes
   nat_traversal=yes

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.1.0/24
   #interfaces=%defaultroute
   oe=no
   protostack=netkey
   nhelpers=1

conn %default
   keyingtries=3
   authby=rsasig
   disablearrivalcheck=no
   left=%defaultroute
   leftrsasigkey=%cert
   rightrsasigkey=%cert

conn roadwarrior-net
    leftsubnet=172.30.10.0/24
    also=roadwarrior

conn roadwarrior-all
    leftsubnet=0.0.0.0/0
    also=roadwarrior

conn roadwarrior-l2tp
    pfs=no
    leftnexthop=217.110.71.111
    leftprotoport=17/1701
    rightprotoport=17/%any
    also=roadwarrior

conn roadwarrior
    left=%defaultroute
    leftcert=server-cert.pem
    right=%any
    rightsubnet=vhost:%no,%priv
    auto=add

and my xl2tpd.conf
[global]
port = 1701
debug tunnel = yes
debug avp = yes
debug network = yes
debug state = yes

[lns default]
exclusive=yes
ip range = 172.30.99.2-172.30.99.254
local ip = 172.30.99.1
require chap = yes
refuse pap = yes
require authentication = yes
refuse authentication = no
name =  LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

Any hints ?  Same config worked on older system ....
Thanks in advance

More information about the Users mailing list