[Openswan Users] openswan 2.6.24rc4 pushed, please test!

Paul Wouters paul at xelerance.com
Mon Jan 4 13:20:35 EST 2010

On Mon, 4 Jan 2010, Marc Fisher wrote:

> Paul, you just made my day! After so many hours it turned out to be "simple" 
> misconfiguration problem.


> If you can establish the tunnel successfully (i.e. you see "STATE_QUICK_R2: 
> IPsec SA established transport mode" line in /var/log/secure) but then the 
> server keeps trying to connect to client on port 1701 until it times out with
> xl2tpd[10131]: Maximum retries exceeded for tunnel 63039.  Closing.
> xl2tpd[10131]: Connection 1 closed to "client_IP" , port 1701 (Timeout)
> try changing the "rightprotoport=17/1701" in /etc/ipsec.conf to 
> "rightprotoport=17/%any", if it doesn't help check Paul's config in his mail 
> below.

If only NETKEY had some kind of logging/debugging option, so you could actually
tell it dropped the packet because it wasn't coming from port 1701.

I guess we might be able to query the kernel for the xfrm policy and check this


More information about the Users mailing list