[Openswan Users] openswan 2.6.24rc4 pushed, please test!
paul at xelerance.com
Mon Jan 4 13:20:35 EST 2010
On Mon, 4 Jan 2010, Marc Fisher wrote:
> Paul, you just made my day! After so many hours it turned out to be "simple"
> misconfiguration problem.
> If you can establish the tunnel successfully (i.e. you see "STATE_QUICK_R2:
> IPsec SA established transport mode" line in /var/log/secure) but then the
> server keeps trying to connect to client on port 1701 until it times out with
> xl2tpd: Maximum retries exceeded for tunnel 63039. Closing.
> xl2tpd: Connection 1 closed to "client_IP" , port 1701 (Timeout)
> try changing the "rightprotoport=17/1701" in /etc/ipsec.conf to
> "rightprotoport=17/%any", if it doesn't help check Paul's config in his mail
If only NETKEY had some kind of logging/debugging option, so you could actually
tell it dropped the packet because it wasn't coming from port 1701.
I guess we might be able to query the kernel for the xfrm policy and check this
More information about the Users