[Openswan Users] Openswan and iphone L2TP/IPsec configuration example

Philipp Weirauch weirauch at checkmobile.de
Thu Nov 26 00:57:45 EST 2009


hi paul,
i am using netkey and i just upgraded xl2tpd from version xl2tpd-1.2.3 to 1.2.4
and i did  set the mtu on public interface on 1472. 
the output is the same...
Nov 26 06:48:26 vpn pluto[19901]: "l2tp-psk"[7] 80.187.101.1 #2848: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x036e0338 <0x8258b679 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Nov 26 06:48:28 vpn xl2tpd[5733]: get_call: allocating new tunnel for host 80.187.101.1, port 49171.
Nov 26 06:48:28 vpn xl2tpd[5733]: control_finish: Peer requested tunnel 8 twice, ignoring second one.
Nov 26 06:48:28 vpn xl2tpd[5733]: build_fdset: closing down tunnel 5961

how looks your /etc/ppp/options.xl2tp file? maybe i made a mistake in there?
some additional log info somewhere in the system?
regards,
philipp


Am 26.11.2009 um 00:18 schrieb Paul Wouters:

> On Wed, 25 Nov 2009, Philipp Weirauch wrote:
> 
>> i used your config to connect with an iphone  - only with different ips and passwords :-)
>> and i get the following in my /var/log/messages:
>> 
>> Nov 25 22:45:56 vpn pluto[19901]: "l2tp-psk"[4] 80.187.101.1 #2755: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
>> Nov 25 22:45:56 vpn pluto[19901]: "l2tp-psk"[4] 80.187.101.1 #2755: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x07bf04b4 <0x6b2e7b9d xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
>> Nov 25 22:45:58 vpn xl2tpd[3198]: get_call: allocating new tunnel for host 80.187.101.1, port 49166.
>> Nov 25 22:45:58 vpn xl2tpd[3198]: control_finish: Peer requested tunnel 3 twice, ignoring second one.
>> Nov 25 22:45:58 vpn xl2tpd[3198]: build_fdset: closing down tunnel 49666
>> Nov 25 22:45:59 vpn xl2tpd[3198]: get_call: allocating new tunnel for host 80.187.101.1, port 49166.
>> Nov 25 22:45:59 vpn xl2tpd[3198]: control_finish: Peer requested tunnel 3 twice, ignoring second one.
>> Nov 25 22:45:59 vpn xl2tpd[3198]: build_fdset: closing down tunnel 26668
>> Nov 25 22:45:59 vpn xl2tpd[3198]: network_thread: select timeout
> 
> Are you using NETKEY or KLIPS? In my case I was using NETKEY
> 
> What version of xl2tpd? I was using 1.2.4.
> 
> Did you set the MTU to 1472 on the public interface?
> 
> Paul


Philipp Weirauch
managing partner

*************************************************************
The Process Solution Company - 
http://www.checkmobile.de 
*************************************************************

CheckMobile GmbH -
The Process Solution Company
p.weirauch at checkmobile.de

Hamburg
--------
Neuer Wall 54
20354 Hamburg
Tel: +49 (0)40 519009333
Fax: +49 (0)40 519009339

Stuttgart
--------
Breitscheidstraße 10
70174 Stuttgart

Managing Director / 
Geschäftsführer: Markus Klatte, Philipp Weirauch
Handelsregister: Amtsgericht Hamburg
HRB 105834

++++ CheckMobile GmbH - The Process Solution Company ++++

Der Inhalt dieser E-Mail ist vertraulich und ausschließlich fuer den 
bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat 
dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, 
dass jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung 
oder Weitergabe des Inhalts dieser E-Mail unzulaessig ist. Wir bitten Sie, 
sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen.

The information contained in this email is confidential and intended 
solely for the addressee. Access to this email by anyone else is 
unauthorized. If you are not the intended recipient, any form of 
disclosure, reproduction, distribution or any action taken or refrained 
from in reliance on it, is prohibited and may be unlawful. Please notify 
the sender immediately.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1656 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20091126/0eaff96d/attachment.bin 


More information about the Users mailing list