[Openswan Users] SCCRQ Permission Denied Error (L2TP not working?)

baron baron.openswan at mailnull.com
Tue Jan 8 20:01:27 EST 2008

Hello folks,

I've had a working L2TP/IPSec (using openswan) on Ubuntu for quite  
some time. Recently, and not by choice, it all stopped working when my  
roadwarrior (Mac OS X Leopard) wouldn't connect.

Ubuntu Gutsy
2.6.22-14-server kernel
Linux Openswan U2.4.6/K2.6.22-14-server (netkey)

Mac OS X Leopard
Machine authentication via certificate
User authentication via password

Other tidbits:
- This all worked with Leopard and Gutsy until around Dec 19.
- On Dec 19, I noticed I upgraded my kernel and in, or around that  
time, things stopped working.
- When trying to establish the connection, the server logs indicate  
the IPSec session has been established:

-- /var/log/auth.log snip --

Jan  8 08:23:58 cerberus pluto[5815]: "roadwarrior-l2tp-osx"[1]  
xxx.xxx.xxx.xxxx #2: STATE_QUICK_R2: IPsec SA established  
{ESP=>0x00333334 <0x30adde4a xfrm=AES_128-HMAC_SHA1 NATD=none DPD=none}

--end snip --

- I have always had an ADSL connection that requires PPPoE, but just  
now (perhaps because I never looked before), it makes mention of using  
KLIPS for some reason.

-- /var/log/syslog snip --

Jan  8 12:15:50 cerberus ipsec_setup: KLIPS ipsec0 on ppp0  
xxx.xxx.xxx.xxx/ pointopoint

-- end snip --

- From what I can tell, it almost seems like it's not being handled  
off to L2TP for some reason.
- I'm getting the following strange and non-informative error on my Mac:

-- system.log snip --

1/8/08 6:55:42 PM pppd[272] pppd 2.4.2 (Apple version 314) started by  
root, uid 501
1/8/08 6:55:43 PM kernel L2TP domain init
1/8/08 6:55:43 PM kernel L2TP domain init complete
1/8/08 6:55:57 PM pppd[272] L2TP connecting to server  
'lagoon.epartment54.com' (xxx.xxx.xxx.xxx)...
1/8/08 6:56:01 PM pppd[272] IPSec connection started
1/8/08 6:56:01 PM /usr/sbin/ocspd[277] starting
1/8/08 6:56:02 PM pppd[272] IPSec connection established
1/8/08 6:56:02 PM pppd[272] L2TP error sending SCCRQ (Permission denied)

-- end snip --

So at this point, I'm pretty stuck. I have not been able to figure out  
for the life of me what is causing this problem. The only suspect that  
I can point at is the updated kernel. I was hoping that maybe some  
folks on this list might have ideas or ran into the same thing themself.

Thanks in advance!

More information about the Users mailing list