[Openswan Users] Fwd: Re: Please help: strange behaviour with OpenSwan/xl2tpd & Android vpn client

John Wells jfw at jfwhome.com
Thu Apr 15 12:53:44 EDT 2010


Thank you Will and Jacco -- actually the CentOS hint was what I needed 
-- I downloaded the 2.6.25 source (Karmic had 2.6.22) and compiled it -- 
and it works perfectly.

Problem I have now is that when I disconnect the VPN on the handset, the 
channel isn't killed. xl2tpd seems to close the tunnel, but the ipsec 
channel stays open. Then when I reconnect I get a "cannot install eroute 
-- it is in use for xx.xx.xx.xx". If I restart the ipsec daemon then it 
works again.

Any hints for closing the channel, or reusing the existing channel? 
Right now I've put a hack into /etc/ppp/ip-down to restart ipsec, but 
that obviously won't work for more than one user.

Thanks once again. After days trying, I can't believe I've got this far. 
Next step will be moving to private keys with any luck.

John

Will Roberts wrote:
>
>
> On Thu, Apr 15, 2010 at 5:26 AM, John Wells <jfw at jfwhome.com 
> <mailto:jfw at jfwhome.com>> wrote:
>
>     Jacco,
>     (apologies for responding directly -- this should be reposted to
>     the list I
>     believe)
>     > Quoting Jacco de Leeuw <jacco2 at dds.nl <mailto:jacco2 at dds.nl>>:
>     > This should work, but my setup was slightly different from yours...
>
>     Thank you very much -- I have made those changes. Now an IPSec
>     tunnel seems
>     to get established OK -- but xl2tpd never seems to succeed.
>
>     I assume it is a routing issue -- it looks from the debug logs
>     like the
>     xl2tpd never gets a response through (it keeps receiving
>     Start-Control-Connection-Request over and over again). The new
>     debug logs
>     showing xl2tpd & pppd output are below.
>
>
> John,
>
> I've got openswan running on Debian and had the exact same problem 
> when I first started. You need to use openswan 2.6.24 or newer (Debian 
> had 2.6.23).
>
> --Will


More information about the Users mailing list