[Openswan Users] Xl2tpd - Openswan possible routing issue

Janantha Marasinghe janantha at techcert.lk
Fri Sep 19 00:12:08 EDT 2008 

1. Thanks for the reply Paul. I checked the xl2tpd.conf for the ipsec 
saref option but there is no entry for ipsec saref. So does this mean 
its turned off ? But anyway I did a

ipsec saref = no just to make sure its off.

Please note that i have tunnel and network debugging enabledon the 
xl2tpd.conf file.

2. I changed the MTU to 1472 from the options.xl2tpd

3. The iptables on the VPN server as far as IPSec/L2tp is concerned is 
as follows

-A RH-Firewall-1-INPUT -i ppp+ -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 500 -j 
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4500 
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 4500 
-j ACCEPT

Regards
Janantha

Paul Wouters wrote:
> On Thu, 18 Sep 2008, Janantha Marasinghe wrote:
>
>   
>> STATE_QUICK_R2: IPsec SA established {ESP=>0x8832df54 <0xbf845b89
>> xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
>> Sep 18 09:08:11 vpnserv1 pluto[23435]: "L2TP-PSK"[1] vpn-client-public-ip #1:
>> received Delete SA(0x8832df54) payload: deleting IPSEC State #2
>>     
>
> Windows is hanging up. Your problem is not ipsec but l2tp/ppp related.
>
>   
>> Sep 18 08:38:28 vpnserv1 xl2tpd[2255]: death_handler: Fatal signal 15 received
>> Sep 18 08:38:28 vpnserv1 xl2tpd[23525]: setsockopt recvref: Protocol not
>> available
>>     
>
> did you enable ipsec saref? You prob need to disable that.
>
>   
>> Sep 18 09:07:48 vpnserv1 xl2tpd[23526]: Maximum retries exceeded for tunnel
>> 7508.  Closing.
>> Sep 18 09:07:48 vpnserv1 xl2tpd[23526]: Connection 1 closed to
>> vpn-client-pub-ip, port 1701 (Timeout)
>> Sep 18 09:08:03 vpnserv1 xl2tpd[23526]: Maximum retries exceeded for tunnel
>> 17567.  Closing.
>> Sep 18 09:08:03 vpnserv1 xl2tpd[23526]: Connection 1 closed to
>> vpn-client-pub-ip, port 1701 (Timeout)
>>     
>
> check your firewall rules. Check external mtu and make sure it is around 1472 or so.
>
> Paul
>   


-- 
-----------------------------------------------------
Best Regards
Janantha Marasinghe
****************************************************



No virus found in this outgoing message.
Checked by AVG - http://www.avg.com 
Version: 8.0.138 / Virus Database: 270.6.21/1677 - Release Date: 9/17/2008 5:07 PM

-------------- next part --------------
A non-text attachment was scrubbed...
Name: janantha.vcf
Type: text/x-vcard
Size: 371 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20080919/bad5483c/attachment-0001.vcf

More information about the Users mailing list