[Openswan Users] NAT-Traversal not working with Openswan 2.6.20
Paul Wouters
paul at xelerance.com
Thu Mar 5 15:58:37 EST 2009
On Thu, 5 Mar 2009, Danny Woodruffe wrote:
> changing this rightsubnet=vhost:%priv,%no seemed to enable a tunnel to be created but I'm getting bug error messages (1) and Anb
> xl2tpd messages don't seem to be getting back to my client (2), config below (3)
>
> have you seen anything like this before?
>
> "Mar 5 15:08:37 s10-mail pluto[27287]: "west-l2tp-psk"[30] 81.99.206.244 #29: alloc_bytes1() was mistakenly asked to malloc 0 bytes for
> st_skey_ar in duplicate_state, please report to dev at openswan.org"
Upgrade to openswan 2.6.20.
> Mar 5 15:08:37 s10-mail pluto[27287]: "west-l2tp-psk"[30] 81.99.206.244 #30: STATE_QUICK_R2: IPsec SA established transport mode
> {ESP=>0xfa6a70fe <0x14cc4a96 xfrm=3DES_0-HMAC_MD5 NATOA=192.168.1.3 NATD=81.99.206.244:4500 DPD=none}
That seems ok.
> Mar 5 15:08:44 s10-mail pluto[27287]: "west-l2tp-psk"[30] 81.99.206.244 #29: received Delete SA(0xfa6a70fe) payload: deleting IPSEC
> State #30
But the windows client hung up on you.
> ASCII: { t s10-mail.lixxus.net xelerance.com t }
> packet dump:
> HEX: { 02 C8 6C 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00
> 04 00 00 00 00 00 08 00 00 00 06 05 00 80 15 00 00 00 07 69 6D 73 2D 39 39 37 33 63 62 35 62 39 38 63 00 0F 00 00 00 08 4D 69 63 72 6F
> 73 6F 66 74 80 08 00 00 00 09 00 1D 80 08 00 00 00 0A 00 08 }
> ASCII: { l ims-9973cb5b98c Microsoft }
> l2tpd[29506]: get_call: allocating new tunnel for host 81.99.206.244, port 1701.
Please try using xl2tpd. It is a dropin replacement that's not 3 years out of date.
You might also want to try and lower the external ethX MTU on your l2tp/ipsec gateway.
Try 1472 or 1460.
Paul
More information about the Users
mailing list