[Openswan Users] Route created by openswan

Jim Talbut jtalbut at spudsoft.co.uk
Sat May 10 02:00:40 EDT 2008 

Firstly, I'm sorry this has taken me so long to respond - I had to do 
work :(.

Jacco de Leeuw wrote:
> Jim Talbut wrote:
>   
>> I'm using OpenSwan and xl2tpd to connect to a SonicWall VPN.
>>     
> So, you're using it as a client? Can I chalk it up as working?
>   
Sort of.
It's taken a lot of fiddling to get it working, but yes, I am able to 
use the VPN.
The important thing was to give up on XAuth and go for L2TPD - the 
OpenSwan XAuth doesn't work with the SonicWall.
After that I just had to figure out this route issue.
>> 1. When I run "ipsec auto --show --verbose --up OMG" it automatically 
>> creates a useless route to the VPN server.
>> This route prevents xl2tpd from working,
>>     
> How does this prevent x2ltpd from working?
>   
I don't know how, but it does.
 From my log (global IP's hidden):
May 10 06:32:41 slave xl2tpd[24910]: This binary does not support kernel 
L2TP.
May 10 06:32:41 slave xl2tpd[24911]: xl2tpd version xl2tpd-1.1.12 
started on slave PID:24911
May 10 06:32:41 slave xl2tpd[24911]: Written by Mark Spencer, Copyright 
(C) 1998, Adtran, Inc.
May 10 06:32:41 slave xl2tpd[24911]: Forked by Scott Balmos and David 
Stipp, (C) 2001
May 10 06:32:41 slave xl2tpd[24911]: Inherited by Jeff McAdams, (C) 2002
May 10 06:32:41 slave xl2tpd[24911]: Forked again by Xelerance 
(www.xelerance.com) (C) 2006
May 10 06:32:41 slave xl2tpd[24911]: Listening on IP address 0.0.0.0, 
port 1701
May 10 06:33:00 slave xl2tpd[24911]: get_call: allocating new tunnel for 
host w.x.y.z, port 1701.
May 10 06:33:00 slave xl2tpd[24911]: Connecting to host w.x.y.z, port 1701
May 10 06:33:05 slave xl2tpd[24911]: Maximum retries exceeded for tunnel 
32661.  Closing.
May 10 06:33:05 slave xl2tpd[24911]: build_fdset: closing down tunnel 32661
May 10 06:33:05 slave xl2tpd[24911]: Connection 0 closed to w.x.y.z, 
port 1701 (Timeout)
May 10 06:33:10 slave xl2tpd[24911]: Unable to deliver closing message 
for tunnel 32661. Destroying anyway.
May 10 06:33:10 slave xl2tpd[24911]: build_fdset: closing down tunnel 32661

My routing table is:
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
w.x.y.z         0.0.0.0         255.255.255.255 UH        0 0          0 
eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 
eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 br0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 
eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 br0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 
eth0
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 br0

If I run
slave ~ # route del w.x.y.z
slave ~ # echo "c OMG_l2tp" > /var/run/xl2tpd/l2tp-control

And then look in the log, I get:
May 10 06:35:42 slave xl2tpd[24911]: get_call: allocating new tunnel for 
host w.x.y.z, port 1701.
May 10 06:35:42 slave xl2tpd[24911]: Connecting to host  w.x.y.z, port 1701
May 10 06:35:42 slave xl2tpd[24911]: Connection established to w.x.y.z, 
1701.  Local: 43108, Remote: 31529 (ref=0/0).
May 10 06:35:42 slave xl2tpd[24911]: Calling on tunnel 43108
May 10 06:35:42 slave xl2tpd[24911]: Call established with  w.x.y.z, 
Local: 31536, Remote: 49863, Serial: 1 (ref=0/0)
May 10 06:35:42 slave xl2tpd[24911]: start_pppd: I'm running:
May 10 06:35:42 slave xl2tpd[24911]: "/usr/sbin/pppd"
May 10 06:35:42 slave xl2tpd[24911]: "passive"
May 10 06:35:42 slave xl2tpd[24911]: "-detach"
May 10 06:35:42 slave xl2tpd[24911]: ":"

Successfully connected to the VPN.
If I then do
route add -net 172.16.130.0 gw 172.16.130.1 netmask 255.255.255.0
I am actually able to use the VPN.

I do worry that my PPP may not be going over the IPSEC, but wireshark 
seems to indicate that it is - all the traffic is "ESP"

>> 2. (off-topic for this group) When I start xl2tpd by poking to 
>> /var/run/xl2tpd/l2tp-control I don't have any way of knowing whether it 
>> has completed.
>> Is there some way to find out?
>>     
> There should be some logging to log files such as /var/log/messages.
> Is that not the case?
>   
There is logging, but parsing the log files will make for an awfully 
ugly script.
I'm tyring to make a simple script so that I can provide instructions 
for others wanting to connect the same way.
Is there something simpler, like a file that is created when ppp comes up?

Thanks

Jim

More information about the Users mailing list