[Openswan Users] ipsec + xl2tpd + maximum retries exceeded
Michael.Karlinsky at tieto.com
Michael.Karlinsky at tieto.com
Fri Jan 8 02:48:35 EST 2010
Hi.
Using
listen-addr = 192.168.0.1
Just checked my setup and without giving listen-addr it does no longer work. So uncommenting listen-add might do the trick.
HTH
Michael Karlinsky
________________________________
From: users-bounces at openswan.org [users-bounces at openswan.org] On Behalf Of Ronald [loloski at yahoo.com]
Sent: Thursday, January 07, 2010 8:07 PM
To: users at openswan.org
Subject: [Openswan Users] ipsec + xl2tpd + maximum retries exceeded
Hi List,
I have a centos 5.4 + xl2tpd 1.2.5 compiled from source, openswan stock from centos 5.4 2.6.21
ipsec was able to established, but an error in xl2tpd with maximum retries exceed appears on log file this is
the same config i have on different machine before without a hiccup. can some one shed some light thanks in advance
please find the following excerpt log,
Jan 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: responding to Quick Mode proposal {msgid:01000000}
Jan 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: us: 222.xx.xx.162<222.xx.xx.162>[+S=C]:17/1701---222.xx.xx.161
Jan 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: them: 58.69.86.62[192.168.2.254,+S=C]:17/1701===192.168.2.254/32
Jan 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan 8 03:02:29 tcmr pluto[10436]: "roadwarrior-l2tp"[1] 58.69.86.62 #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x0589839b <0xdfb44f01 xfrm=AES_128-HMAC_SHA1 NATOA=192.168.2.254 NATD=58.69.86.62:4500 DPD=none}
Jan 8 02:36:08 tcmr xl2tpd[6518]: Maximum retries exceeded for tunnel 1127. Closing.
Jan 8 02:45:04 tcmr xl2tpd[6518]: Connection 63 closed to 58.69.86.62, port 1701 (Timeout)
Jan 8 02:45:09 tcmr xl2tpd[6518]: Maximum retries exceeded for tunnel 5511. Closing.
my config snippet is
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
nat_traversal=yes
virtual_private=%v4:192.168.0.0/24,%v4:192.168.1.0/24,%v4:192.168.2.0/24
protostack=netkey
oe=off
conn %default
keyingtries=3
disablearrivalcheck=no
authby=secret
type=tunnel
keyexchange=ike
ikelifetime=240m
keylife=60m
conn roadwarrior-net
leftsubnet=192.168.0.0/24
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
conn roadwarrior-l2tp
leftprotoport=17/1701
rightprotoport=17/%any
also=roadwarrior
conn roadwarrior
pfs=no
left=222.xxx.xxx.162
leftnexthop=222.xx.xx.161
right=%any
rightsubnet=vhost:%no,%priv
auto=add
[global]
port=1701
;listen-addr = 192.168.0.1
;
; requires openswan-3.1 or higher
;ipsec saref = yes
;
debug tunnel = yes
[lns default]
ip range = 192.168.0.180-192.168.0.185
local ip = 192.168.0.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100108/2f86ab07/attachment-0001.html
More information about the Users
mailing list