[Openswan Users] ipsec + xl2tpd + maximum retries exceeded

Thu Jan 7 14:07:13 EST 2010

Hi List,

I have a centos 5.4 + xl2tpd 1.2.5 compiled from source, openswan stock from centos 5.4 2.6.21

ipsec was able to established, but an error in xl2tpd with maximum retries exceed appears on log file this is
the same config i have on different machine before without a hiccup. can some one shed some light thanks in advance

please find the following excerpt log,

Jan  8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: responding to Quick Mode proposal {msgid:01000000}
Jan  8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2:     us: 222.xx.xx.162<222.xx.xx.162>[+S=C]:17/1701---222.xx.xx.161
Jan  8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2:   them: 58.69.86.62[192.168.2.254,+S=C]:17/1701===192.168.2.254/32
Jan  8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan  8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan  8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan  8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x0589839b <0xdfb44f01 xfrm=AES_128-HMAC_SHA1 NATOA=192.168.2.254 NATD=58.69.86.62:4500 DPD=none}

Jan  8 02:36:08 tcmr xl2tpd[6518]: Maximum retries exceeded for tunnel 1127.  Closing.
Jan  8 02:45:04 tcmr xl2tpd[6518]: Connection 63 closed to 58.69.86.62, port 1701 (Timeout)
Jan  8 02:45:09 tcmr xl2tpd[6518]: Maximum retries exceeded for tunnel 5511.  Closing.

my config snippet is

version 2.0     # conforms to second version of ipsec.conf specification
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        nat_traversal=yes
        virtual_private=%v4:192.168.0.0/24,%v4:192.168.1.0/24,%v4:192.168.2.0/24
        protostack=netkey
        oe=off
conn %default
        keyingtries=3
        disablearrivalcheck=no
        authby=secret
        type=tunnel
        keyexchange=ike
        ikelifetime=240m
        keylife=60m
conn roadwarrior-net
        leftsubnet=192.168.0.0/24
        also=roadwarrior
conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior
conn roadwarrior-l2tp
        leftprotoport=17/1701
        rightprotoport=17/%any
        also=roadwarrior
conn roadwarrior
        pfs=no
        left=222.xxx.xxx.162
        leftnexthop=222.xx.xx.161
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add

[global]
port=1701
;listen-addr = 192.168.0.1
;
; requires openswan-3.1 or higher
;ipsec saref = yes
;
debug tunnel = yes
[lns default]
ip range = 192.168.0.180-192.168.0.185
local ip = 192.168.0.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100107/da5bddf8/attachment.html 