[Openswan Users] Setting up a VPN: xl2tpd errors at control_finish, or Openswan fails to connect

[Paul Wouters]

On Fri, 4 Sep 2009, Colin Cogle wrote:

> I'm trying to set up a L2TP/IPsec VPN for my company's road warriors.
> However, I can't get any clients to connect.  My iPhone (3.0.1) can
> connect via IPsec, but L2TP fails.  A Windows XP (SP3) box inside my
> LAN requests about fifty IPsec sessions, but doesn't complete logging
> into any of them.

If the "lan" is the same as the range you hand out l2tp IP addresses
from, that will not work.

> | Sep  4 14:13:32 hostname pluto[2389]: "roadwarrior-ipv4"[4]
> 32.140.219.57 #509: STATE_QUICK_R2: IPsec SA established {ESP/
> NAT=>0x03c99b13 <0x6b8596e9 xfrm=AES_128-HMAC_SHA1
> NATD=32.140.219.57:4500 DPD=enabled}

Since this is NAT'ed, I guess it did not come from the inside?

> | Sep  4 14:13:34 hostname xl2tpd[23602]: control_finish: Peer
> requested tunnel 29 twice, ignoring second one.
> | Sep  4 14:13:34 hostname xl2tpd[23602]: control_finish: Peer
> requested tunnel 29 twice, ignoring second one.
> | Sep  4 14:13:39 hostname xl2tpd[23602]: Maximum retries exceeded for
> tunnel 9984.  Closing.
> | Sep  4 14:13:39 hostname xl2tpd[23602]: control_finish: Peer
> requested tunnel 29 twice, ignoring second one.
> | Sep  4 14:13:39 hostname xl2tpd[23602]: Connection 29 closed to
> 32.140.219.57, port 49180 (Timeout)

I am not sure why you are seeing these.

> | Sep  4 13:42:29 hostname pluto[2389]: packet from 172.16.2.146:500:
> ignoring Vendor ID payload [Vid-Initial-Contact]

That one does not seem to properly do ipsec even.....

Paul