[Openswan Users] L2TP problem... I think
tolboe at reaction-eng.com
Sun Mar 2 14:45:16 EST 2008
Jacco de Leeuw wrote:
> Andrew Tolboe wrote:
>> addresses), so I'm outside the firewall but still within our public ip
>> address subnet. But as soon as I go farther then that (like at home)
>> the VPN stops working.
>> [lns default]
>> ip range = 192.168.0.248 - 192.168.0.254
> You have to exclude your internal subnet, something like this:
> What is the DUNS error code that the client reports? Do you require
> MPPE encryption or MPPC compression?
ok I added virtual_private to the ipsec.conf but still no difference in
Ok, here are the order of events as I see them happen.
First the DUN connects without any errors (sends ipsec key and user/pass)
I get the correct ip address/dns/wins/subnet/gateway etc
here is a print out of that
PPP adapter vpn:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.248
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.0.248
DNS Servers . . . . . . . . . . . : 192.168.0.6
Primary WINS Server . . . . . . . : 192.168.0.6
Secondary WINS Server . . . . . . : 192.168.0.6
However, if I look at the sent/received packets on the client the sent
will continue to grow but the received will not (it usually stays around
297 or something while the sent grows around 10,000)
Then if I watch the ipsec server logs I see this error show up within a
minute of being connected
Mar 2 12:17:48 firewall pluto: ERROR: asynchronous network error
on br0 (sport=4500) for message to 188.8.131.52 port 4500, complainant
103.174: No route to host [errno 113, origin ICMP type 3 code 1 (not
then the client disconnects (without a error, but I assume its some sort
of timeout error) and I loose the connection.
Another test that I tried is pinging the client, i can ping the clients
ip before and after the attempted connection but during I get no route
to host (unless i'm on my public ip space) and I think its because of
something that gets added in my route tables.
lre-east-2-238. * 255.255.255.255 UH 0 0 0 br0 <-- Is this right? The lre-east bit is the client rdns
192.168.0.248 * 255.255.255.255 UH 0 0 0 ppp0 <-- This looks ok
But I have no idea why that route is getting added or how to stop it
from getting added when the ppp0 connection comes up.
Thanks for your time
More information about the Users