[Openswan Users] Problem with L2TP on Centos EL5

Oguz Yilmaz oguzyilmazlist at gmail.com
Wed Dec 24 16:51:05 EST 2008


Paul,

Do you mean this bug is NOT fixed and blocks all RHEL5 versions from
connecting L2TP clients?
Can you show me the link for the bug in some bugzilla or mantis.

What do you propose to do in that case? I can not change the distro. If you
know the kernel versions that fixed that bug, I can recompile the kernel.

Can you propose to go with KLIPS? Is it known to be compiling in RHEL5
kernel?

Best Regards,
Oguz.

Note:

"control" debug for pluto shows:

 Dec 24 20:37:03 2008 pluto[32179]: | route_and_eroute: instance
\"my.l2tp\"[2] 85.99.218.171, setting eroute_owner
{spd=0x94636e8,sr=0x94636e8} to #2 (was #0) (newest_ipsec_sa=#0)

Dec 24 20:37:03 2008 pluto[32179]: | complete state transition with STF_OK

Dec 24 20:37:03 2008 pluto[32179]: \"my.l2tp\"[2] 85.99.218.171 #2:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

Dec 24 20:37:03 2008 pluto[32179]: | inserting event EVENT_SA_REPLACE,
timeout in 3330 seconds for #2

Dec 24 20:37:03 2008 pluto[32179]: \"my.l2tp\"[2] 85.99.218.171 #2:
STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xd44e5524
<0x2554feed xfrm=AES_128-HMAC_SHA1 NATOA=192.168.2.2
NATD=85.99.218.171:4500DPD=none}

Dec 24 20:37:03 2008 pluto[32179]: | modecfg pull: noquirk policy:push
not-client

Dec 24 20:37:03 2008 pluto[32179]: | phase 1 is done, looking for phase 2 to
unpend

Dec 24 20:37:03 2008 pluto[32179]: | * processed 0 messages from
cryptographic helpers

Dec 24 20:37:03 2008 pluto[32179]: | next event EVENT_NAT_T_KEEPALIVE in 20
seconds



Dec 24 20:37:23 2008 pluto[32179]: |

Dec 24 20:37:23 2008 pluto[32179]: | *time to handle event

Dec 24 20:37:23 2008 pluto[32179]: | handling event EVENT_NAT_T_KEEPALIVE

Dec 24 20:37:23 2008 pluto[32179]: | event after this is
EVENT_PENDING_PHASE2 in 91 seconds

Dec 24 20:37:23 2008 pluto[32179]: | processing connection my.l2tp[2]
85.99.218.171

Dec 24 20:37:23 2008 pluto[32179]: | processing connection my.l2tp[2]
85.99.218.171

Dec 24 20:37:23 2008 pluto[32179]: | next event EVENT_PENDING_PHASE2 in 91
seconds


On Wed, Dec 24, 2008 at 10:26 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Wed, 24 Dec 2008, Oguz Yilmaz wrote:
>
> > I am using openswan-2.6.14-1.el5_2.1 and xl2tpd-1.1.12-1 on Centos EL5
> > (RHEL5). The result with l2tpd-0.69-0.4.20051030.el5 is also the same.
> > I can not establish L2TP vpn connection from Windows XP or Vista. On the
> > Windows side, it only says "Connecting".
> >
> > All the logs and config portions is attached below.
>
> The bug seems to be in wrong NETKEY policies installed in the kerel. It's
> a known bug, that needs some work to be fixed.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081224/ce92906d/attachment.html 


More information about the Users mailing list