[Openswan Users] Openswan/xl2tpd behind Linksys NAT firewall
Rich Goodin
rich at goodin.com
Sun Nov 23 11:36:44 EST 2008
Hi All,
I'm trying what the Openswan book calls "a long and painful
experience" of getting an Openswan VPN server behind a linksys
firewall using port forwarding connecting to an iPhone to work. I'm at
the point where I can establish the IPSEC tunnel but it appears that I
am only getting traffic inbound to xl2tpd. I don't see any outbound
traffic using tcpdump. Any help you folks could give me would be
greatly appreciated.
Rich Goodin
basic topology:
iPhone <------> NAT? <----- internet ----- 66.57.62.130--> Linksys
WRT54G (forward 500, 4500)<--10.33.3.1-->^<----- 10.33.3.0/24
|
|
10.33.3.2
VPN Server
os: Fedora 9 (NETKEY) 2.6.26.6-79.fc9.i686
openswan: 2.6.14
xl2tpd: 1.1.12
/etc/ipsec.conf:
============================================================
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
interfaces=%defaultroute
nat_traversal=yes
virtual_private=
%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!10.33.3.0/24
include /etc/ipsec.d/*.conf
include /etc/ipsec.d/examples/no_oe.conf
============================================================
/etc/ipsec.d/L2TP-PSK.conf
============================================================
conn L2TP-PSK
#
authby=secret
pfs=no
compress=no
rekey=no
keyingtries=3
type=transport
#
# ----------------------------------------------------------
# The VPN server.
#
left=10.33.3.2
leftprotoport=17/1701
leftsourceip=66.57.62.130
leftnexthop=10.33.3.1
#
# ----------------------------------------------------------
# The remote user(s).
#
right=%any
rightsubnet=vhost:%no,%priv
rightprotoport=17/%any
#
# ----------------------------------------------------------
#
auto=add
=================================================
/etc/ipsec.d/L2TP-PSK.secrets
=================================================
# Preshared Key
10.33.3.2 %any: PSK "secret"
: RSA {
.........
}
=================================================
/etc/ipsec.d/examples/no_oe.conf
=================================================
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
=================================================
/etc/xl2tpd/xl2tpd.conf
=================================================
;
; This is a minimal sample xl2tpd configuration file for use
; with L2TP over IPsec.
;
; The idea is to provide an L2TP daemon to which remote Windows L2TP/
IPsec
; clients connect. In this example, the internal (protected) network
; is 192.168.1.0/24. A special IP range within this network is reserved
; for the remote clients: 192.168.1.128/25
; (i.e. 192.168.1.128 ... 192.168.1.254)
;
; The listen-addr parameter can be used if you want to bind the L2TP
daemon
; to a specific IP address instead of to all interfaces. For instance,
; you could bind it to the interface of the internal LAN (e.g.
192.168.1.98
; in the example below). Yet another IP address (local ip, e.g.
192.168.1.99)
; will be used by xl2tpd as its address on pppX interfaces.
[global]
; listen-addr = 192.168.1.98
;
; requires openswan-3.1 or higher
; ipsec saref = yes
;
; debug tunnel = yes
debug avp = yes
debug network = yes
debug packet = yes
debug state = yes
debug tunnel = yes
[lns default]
ip range = 10.33.3.128-10.33.3.254
local ip = 10.33.3.99
require chap = yes
refuse pap = yes
require authentication = no
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
=================================================
/var/log/secure:
=================================================
Nov 23 11:27:44 goodin pluto[4693]: Using Linux 2.6 IPsec interface
code on 2.6.26.6-79.fc9.i686 (experimental code)
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_register_enc(): Activating
<NULL>: Ok (ret=0)
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_add(): ERROR: Algorithm
already exists
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_add(): ERROR: Algorithm
already exists
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_add(): ERROR: Algorithm
already exists
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_add(): ERROR: Algorithm
already exists
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)Nov 23 11:27:44 goodin pluto[4693]:
ike_alg_register_enc(): WARNING: enc alg=0 not found in
constants.c:oakley_enc_names
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_add(): ERROR: Algorithm
already exists
Nov 23 11:27:44 goodin pluto[4693]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Nov 23 11:27:44 goodin pluto[4693]: Could not change to directory '/
etc/ipsec.d/cacerts': /
Nov 23 11:27:44 goodin pluto[4693]: Could not change to directory '/
etc/ipsec.d/aacerts': /
Nov 23 11:27:44 goodin pluto[4693]: Could not change to directory '/
etc/ipsec.d/ocspcerts': /
Nov 23 11:27:44 goodin pluto[4693]: Could not change to directory '/
etc/ipsec.d/crls'
Nov 23 11:27:44 goodin pluto[4693]: Changing back to directory '/'
failed - (2 No such file or directory)
Nov 23 11:27:44 goodin pluto[4693]: Changing back to directory '/'
failed - (2 No such file or directory)
Nov 23 11:27:44 goodin pluto[4693]: added connection description "L2TP-
PSK"
Nov 23 11:27:44 goodin pluto[4693]: listening for IKE messages
Nov 23 11:27:44 goodin pluto[4693]: adding interface eth0/eth0
66.57.62.130:500
Nov 23 11:27:44 goodin pluto[4693]: adding interface eth0/eth0
66.57.62.130:4500
Nov 23 11:27:44 goodin pluto[4693]: adding interface eth0/eth0
10.33.3.2:500
Nov 23 11:27:44 goodin pluto[4693]: adding interface eth0/eth0
10.33.3.2:4500
Nov 23 11:27:44 goodin pluto[4693]: adding interface lo/lo 127.0.0.1:500
Nov 23 11:27:44 goodin pluto[4693]: adding interface lo/lo
127.0.0.1:4500
Nov 23 11:27:44 goodin pluto[4693]: adding interface lo/lo ::1:500
Nov 23 11:27:44 goodin pluto[4693]: loading secrets from "/etc/
ipsec.secrets"
Nov 23 11:27:44 goodin pluto[4693]: loading secrets from "/etc/ipsec.d/
L2TP-PSK.secrets"
Nov 23 11:27:44 goodin pluto[4693]: loaded private key for keyid:
PPK_RSA:AQNYvRRH4
Nov 23 11:28:50 goodin pluto[4693]: packet from 32.162.37.181:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 23 11:28:50 goodin pluto[4693]: packet from 32.162.37.181:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
to=110
Nov 23 11:28:50 goodin pluto[4693]: packet from 32.162.37.181:500:
ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 23 11:28:50 goodin pluto[4693]: packet from 32.162.37.181:500:
ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 23 11:28:50 goodin pluto[4693]: packet from 32.162.37.181:500:
ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 23 11:28:50 goodin pluto[4693]: packet from 32.162.37.181:500:
ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 23 11:28:50 goodin pluto[4693]: packet from 32.162.37.181:500:
ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 23 11:28:50 goodin pluto[4693]: packet from 32.162.37.181:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
but already using method 110
Nov 23 11:28:50 goodin pluto[4693]: packet from 32.162.37.181:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
but already using method 110
Nov 23 11:28:50 goodin pluto[4693]: packet from 32.162.37.181:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 110
Nov 23 11:28:50 goodin pluto[4693]: packet from 32.162.37.181:500:
received Vendor ID payload [Dead Peer Detection]
Nov 23 11:28:50 goodin pluto[4693]: "L2TP-PSK"[1] 32.162.37.181 #1:
responding to Main Mode from unknown peer 32.162.37.181
Nov 23 11:28:50 goodin pluto[4693]: "L2TP-PSK"[1] 32.162.37.181 #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 23 11:28:50 goodin pluto[4693]: "L2TP-PSK"[1] 32.162.37.181 #1:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 23 11:28:51 goodin pluto[4693]: "L2TP-PSK"[1] 32.162.37.181 #1:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both
are NATed
Nov 23 11:28:51 goodin pluto[4693]: "L2TP-PSK"[1] 32.162.37.181 #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 23 11:28:51 goodin pluto[4693]: "L2TP-PSK"[1] 32.162.37.181 #1:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 23 11:28:52 goodin pluto[4693]: "L2TP-PSK"[1] 32.162.37.181 #1:
Main mode peer ID is ID_IPV4_ADDR: '10.26.157.54'
Nov 23 11:28:52 goodin pluto[4693]: "L2TP-PSK"[1] 32.162.37.181 #1:
switched from "L2TP-PSK" to "L2TP-PSK"
Nov 23 11:28:52 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #1:
deleting connection "L2TP-PSK" instance with peer 32.162.37.181
{isakmp=#0/ipsec=#0}
Nov 23 11:28:52 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 23 11:28:52 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #1:
new NAT mapping for #1, was 32.162.37.181:500, now 32.162.37.181:4500
Nov 23 11:28:52 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
Nov 23 11:28:53 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #1:
ignoring informational payload, type IPSEC_INITIAL_CONTACT
msgid=00000000
Nov 23 11:28:53 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #1:
received and ignored informational message
Nov 23 11:28:54 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #1:
the peer proposed: 66.57.62.130/32:17/1701 -> 10.26.157.54/32:17/0
Nov 23 11:28:54 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #1:
alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_ar
in duplicate_state, please report to dev at openswan.org
Nov 23 11:28:54 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #1:
alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_er
in duplicate_state, please report to dev at openswan.org
Nov 23 11:28:54 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #1:
alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pi
in duplicate_state, please report to dev at openswan.org
Nov 23 11:28:54 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #1:
alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pr
in duplicate_state, please report to dev at openswan.org
Nov 23 11:28:54 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #2:
responding to Quick Mode proposal {msgid:80e6d994}
Nov 23 11:28:54 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181
#2: us: 66.57.62.130/32===10.33.3.2<10.33.3.2>[+S=C]:
17/1701---10.33.3.1
Nov 23 11:28:54 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #2:
them: 32.162.37.181[10.26.157.54,+S=C]:17/49162===?
Nov 23 11:28:54 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #2:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov 23 11:28:54 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #2:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Nov 23 11:28:55 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #2:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov 23 11:28:55 goodin pluto[4693]: "L2TP-PSK"[2] 32.162.37.181 #2:
STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x086c0326
<0x225e16a6 xfrm=AES_128-HMAC_SHA1 NATOA=<invalid> NATD=<invalid>:4500
DPD=enabled}
=================================================
/var/log/debug
=================================================
Nov 23 11:28:55 goodin xl2tpd[4770]: network_thread: recv packet from
32.162.37.181, size = 60, tunnel = 0, call = 0 ref=0 refhim=0
Nov 23 11:28:55 goodin xl2tpd[4770]: get_call: allocating new tunnel
for host 32.162.37.181, port 49162.
Nov 23 11:28:55 goodin xl2tpd[4770]: ourtid = 55984, entropy_buf = dab0
Nov 23 11:28:55 goodin xl2tpd[4770]: check_control: control, cid = 0,
Ns = 0, Nr = 0
Nov 23 11:28:55 goodin xl2tpd[4770]: handle_avps: handling avp's for
tunnel 55984, call 0
Nov 23 11:28:55 goodin xl2tpd[4770]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Nov 23 11:28:55 goodin xl2tpd[4770]: protocol_version_avp: peer is
using version 1, revision 0.
Nov 23 11:28:55 goodin xl2tpd[4770]: framing_caps_avp: supported peer
frames: async sync
Nov 23 11:28:55 goodin xl2tpd[4770]: hostname_avp: peer reports
hostname ''
Nov 23 11:28:55 goodin xl2tpd[4770]: assigned_tunnel_avp: using peer's
tunnel 14
Nov 23 11:28:55 goodin xl2tpd[4770]: receive_window_size_avp: peer
wants RWS of 4. Will use flow control.
Nov 23 11:28:55 goodin xl2tpd[4770]: control_finish: message type is
Start-Control-Connection-Request(1). Tunnel is 14, call is 0.
Nov 23 11:28:55 goodin xl2tpd[4770]: control_finish: sending SCCRP
Nov 23 11:28:57 goodin xl2tpd[4770]: network_thread: recv packet from
32.162.37.181, size = 60, tunnel = 0, call = 0 ref=0 refhim=0
Nov 23 11:28:57 goodin xl2tpd[4770]: get_call: allocating new tunnel
for host 32.162.37.181, port 49162.
Nov 23 11:28:57 goodin xl2tpd[4770]: ourtid = 12474, entropy_buf = 30ba
Nov 23 11:28:57 goodin xl2tpd[4770]: check_control: control, cid = 0,
Ns = 0, Nr = 0
Nov 23 11:28:57 goodin xl2tpd[4770]: handle_avps: handling avp's for
tunnel 12474, call 0
Nov 23 11:28:57 goodin xl2tpd[4770]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Nov 23 11:28:57 goodin xl2tpd[4770]: protocol_version_avp: peer is
using version 1, revision 0.
Nov 23 11:28:57 goodin xl2tpd[4770]: framing_caps_avp: supported peer
frames: async sync
Nov 23 11:28:57 goodin xl2tpd[4770]: hostname_avp: peer reports
hostname ''
Nov 23 11:28:57 goodin xl2tpd[4770]: assigned_tunnel_avp: using peer's
tunnel 14
Nov 23 11:28:57 goodin xl2tpd[4770]: receive_window_size_avp: peer
wants RWS of 4. Will use flow control.
Nov 23 11:28:57 goodin xl2tpd[4770]: control_finish: message type is
Start-Control-Connection-Request(1). Tunnel is 14, call is 0.
Nov 23 11:28:57 goodin xl2tpd[4770]: control_finish: Peer requested
tunnel 14 twice, ignoring second one.
Nov 23 11:28:57 goodin xl2tpd[4770]: build_fdset: closing down tunnel
12474
Nov 23 11:28:58 goodin xl2tpd[4770]: network_thread: recv packet from
32.162.37.181, size = 60, tunnel = 0, call = 0 ref=0 refhim=0
Nov 23 11:28:58 goodin xl2tpd[4770]: get_call: allocating new tunnel
for host 32.162.37.181, port 49162.
Nov 23 11:28:58 goodin xl2tpd[4770]: ourtid = 52635, entropy_buf = cd9b
Nov 23 11:28:58 goodin xl2tpd[4770]: ourcid = 35029, entropy_buf = 88d5
Nov 23 11:28:58 goodin xl2tpd[4770]: check_control: control, cid = 0,
Ns = 0, Nr = 0
Nov 23 11:28:58 goodin xl2tpd[4770]: handle_avps: handling avp's for
tunnel 52635, call 35029
Nov 23 11:28:58 goodin xl2tpd[4770]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Nov 23 11:28:58 goodin xl2tpd[4770]: protocol_version_avp: peer is
using version 1, revision 0.
Nov 23 11:28:58 goodin xl2tpd[4770]: framing_caps_avp: supported peer
frames: async sync
Nov 23 11:28:58 goodin xl2tpd[4770]: hostname_avp: peer reports
hostname ''
Nov 23 11:28:58 goodin xl2tpd[4770]: assigned_tunnel_avp: using peer's
tunnel 14
Nov 23 11:28:58 goodin xl2tpd[4770]: receive_window_size_avp: peer
wants RWS of 4. Will use flow control.
Nov 23 11:28:58 goodin xl2tpd[4770]: control_finish: message type is
Start-Control-Connection-Request(1). Tunnel is 14, call is 0.
Nov 23 11:28:58 goodin xl2tpd[4770]: control_finish: Peer requested
tunnel 14 twice, ignoring second one.
Nov 23 11:28:58 goodin xl2tpd[4770]: build_fdset: closing down tunnel
52635
Nov 23 11:29:02 goodin xl2tpd[4770]: network_thread: recv packet from
32.162.37.181, size = 60, tunnel = 0, call = 0 ref=0 refhim=0
Nov 23 11:29:02 goodin xl2tpd[4770]: get_call: allocating new tunnel
for host 32.162.37.181, port 49162.
Nov 23 11:29:02 goodin xl2tpd[4770]: ourtid = 4290, entropy_buf = 10c2
Nov 23 11:29:02 goodin xl2tpd[4770]: ourcid = 64320, entropy_buf = fb40
Nov 23 11:29:02 goodin xl2tpd[4770]: check_control: control, cid = 0,
Ns = 0, Nr = 0
Nov 23 11:29:02 goodin xl2tpd[4770]: handle_avps: handling avp's for
tunnel 4290, call 64320
Nov 23 11:29:02 goodin xl2tpd[4770]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Nov 23 11:29:02 goodin xl2tpd[4770]: protocol_version_avp: peer is
using version 1, revision 0.
Nov 23 11:29:02 goodin xl2tpd[4770]: framing_caps_avp: supported peer
frames: async sync
Nov 23 11:29:02 goodin xl2tpd[4770]: hostname_avp: peer reports
hostname ''
Nov 23 11:29:02 goodin xl2tpd[4770]: assigned_tunnel_avp: using peer's
tunnel 14
Nov 23 11:29:02 goodin xl2tpd[4770]: receive_window_size_avp: peer
wants RWS of 4. Will use flow control.
Nov 23 11:29:02 goodin xl2tpd[4770]: control_finish: message type is
Start-Control-Connection-Request(1). Tunnel is 14, call is 0.
Nov 23 11:29:02 goodin xl2tpd[4770]: control_finish: Peer requested
tunnel 14 twice, ignoring second one.
Nov 23 11:29:02 goodin xl2tpd[4770]: build_fdset: closing down tunnel
4290
Nov 23 11:29:02 goodin xl2tpd[4770]: Maximum retries exceeded for
tunnel 55984. Closing.
Nov 23 11:29:02 goodin xl2tpd[4770]: build_fdset: closing down tunnel
55984
Nov 23 11:29:02 goodin xl2tpd[4770]: Connection 14 closed to
32.162.37.181, port 49162 (Timeout)
Nov 23 11:29:07 goodin xl2tpd[4770]: Unable to deliver closing message
for tunnel 55984. Destroying anyway.
Nov 23 11:29:07 goodin xl2tpd[4770]: build_fdset: closing down tunnel
55984
Nov 23 11:29:10 goodin xl2tpd[4770]: network_thread: recv packet from
32.162.37.181, size = 60, tunnel = 0, call = 0 ref=0 refhim=0
Nov 23 11:29:10 goodin xl2tpd[4770]: get_call: allocating new tunnel
for host 32.162.37.181, port 49162.
Nov 23 11:29:10 goodin xl2tpd[4770]: ourtid = 26367, entropy_buf = 66ff
Nov 23 11:29:10 goodin xl2tpd[4770]: ourcid = 18509, entropy_buf = 484d
Nov 23 11:29:10 goodin xl2tpd[4770]: check_control: control, cid = 0,
Ns = 0, Nr = 0
Nov 23 11:29:10 goodin xl2tpd[4770]: handle_avps: handling avp's for
tunnel 26367, call 18509
Nov 23 11:29:10 goodin xl2tpd[4770]: message_type_avp: message type 1
(Start-Control-Connection-Request)
Nov 23 11:29:10 goodin xl2tpd[4770]: protocol_version_avp: peer is
using version 1, revision 0.
Nov 23 11:29:10 goodin xl2tpd[4770]: framing_caps_avp: supported peer
frames: async sync
Nov 23 11:29:10 goodin xl2tpd[4770]: hostname_avp: peer reports
hostname ''
Nov 23 11:29:10 goodin xl2tpd[4770]: assigned_tunnel_avp: using peer's
tunnel 14
Nov 23 11:29:10 goodin xl2tpd[4770]: receive_window_size_avp: peer
wants RWS of 4. Will use flow control.
Nov 23 11:29:10 goodin xl2tpd[4770]: control_finish: message type is
Start-Control-Connection-Request(1). Tunnel is 14, call is 0.
Nov 23 11:29:10 goodin xl2tpd[4770]: control_finish: sending SCCRP
Nov 23 11:29:17 goodin xl2tpd[4770]: Maximum retries exceeded for
tunnel 26367. Closing.
Nov 23 11:29:17 goodin xl2tpd[4770]: build_fdset: closing down tunnel
26367
Nov 23 11:29:17 goodin xl2tpd[4770]: Connection 14 closed to
32.162.37.181, port 49162 (Timeout)
Nov 23 11:29:22 goodin xl2tpd[4770]: Unable to deliver closing message
for tunnel 26367. Destroying anyway.
Nov 23 11:29:22 goodin xl2tpd[4770]: build_fdset: closing down tunnel
26367
=================================================
tcpdump -i eth0 -n -p udp port 1701
=================================================
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:28:57.247495 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
11:28:57.247965 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 ZLB
11:28:58.046863 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 ZLB
11:28:58.247496 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
11:28:59.247512 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
11:29:00.247550 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
11:29:01.247561 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
11:29:02.187010 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 ZLB
11:29:02.247762 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(55984)
*RESULT_CODE(1/0 Timeout)
11:29:03.247777 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(55984)
*RESULT_CODE(1/0 Timeout)
11:29:04.247797 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(55984)
*RESULT_CODE(1/0 Timeout)
11:29:05.247825 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(55984)
*RESULT_CODE(1/0 Timeout)
11:29:06.247850 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(55984)
*RESULT_CODE(1/0 Timeout)
11:29:12.187749 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
11:29:13.187774 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
11:29:14.187788 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
11:29:15.187819 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
11:29:16.187831 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...
11:29:17.187942 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(26367)
*RESULT_CODE(1/0 Timeout)
11:29:18.187964 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(26367)
*RESULT_CODE(1/0 Timeout)
11:29:19.187978 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(26367)
*RESULT_CODE(1/0 Timeout)
11:29:20.188007 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(26367)
*RESULT_CODE(1/0 Timeout)
11:29:21.188023 IP 10.33.3.2.l2tp > 32.162.37.181.49162: l2tp:[TLS]
(14/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(26367)
*RESULT_CODE(1/0 Timeout)
=================================================
More information about the Users
mailing list