[Openswan Users] Fwd: Re: Please help: strange behaviour with OpenSwan/xl2tpd & Android vpn client
John Wells
jfw at jfwhome.com
Thu Apr 15 12:53:44 EDT 2010
Thank you Will and Jacco -- actually the CentOS hint was what I needed
-- I downloaded the 2.6.25 source (Karmic had 2.6.22) and compiled it --
and it works perfectly.
Problem I have now is that when I disconnect the VPN on the handset, the
channel isn't killed. xl2tpd seems to close the tunnel, but the ipsec
channel stays open. Then when I reconnect I get a "cannot install eroute
-- it is in use for xx.xx.xx.xx". If I restart the ipsec daemon then it
works again.
Any hints for closing the channel, or reusing the existing channel?
Right now I've put a hack into /etc/ppp/ip-down to restart ipsec, but
that obviously won't work for more than one user.
Thanks once again. After days trying, I can't believe I've got this far.
Next step will be moving to private keys with any luck.
John
Will Roberts wrote:
>
>
> On Thu, Apr 15, 2010 at 5:26 AM, John Wells <jfw at jfwhome.com
> <mailto:jfw at jfwhome.com>> wrote:
>
> Jacco,
> (apologies for responding directly -- this should be reposted to
> the list I
> believe)
> > Quoting Jacco de Leeuw <jacco2 at dds.nl <mailto:jacco2 at dds.nl>>:
> > This should work, but my setup was slightly different from yours...
>
> Thank you very much -- I have made those changes. Now an IPSec
> tunnel seems
> to get established OK -- but xl2tpd never seems to succeed.
>
> I assume it is a routing issue -- it looks from the debug logs
> like the
> xl2tpd never gets a response through (it keeps receiving
> Start-Control-Connection-Request over and over again). The new
> debug logs
> showing xl2tpd & pppd output are below.
>
>
> John,
>
> I've got openswan running on Debian and had the exact same problem
> when I first started. You need to use openswan 2.6.24 or newer (Debian
> had 2.6.23).
>
> --Will
More information about the Users
mailing list