[Openswan Users] Openswan 2.6.26 + mast + saref + xl2tpd

Vincent Bernat bernat at luffy.cx
Tue Jun 8 08:35:54 EDT 2010


Hello!

I am using Openswan 2.6.26 with a 2.6.32 kernel. I have applied the SAref
patch on top of the kernel as well as the regular Openswan patch. I can
establish a tunnel without problem. xl2tpd is 1.2.5 with saref support. On
start, it does not complain with missing SAref support, so I suppose that
everything is OK from the kernel side.

If I try to establish an L2TP connection, I receive no answer from xl2tpd
daemon. I can see with tcpdump the packets flying out to mast0 interface
but they don't turn into ESP packets. If I enable debug in xl2tpd, I get:

xl2tpd[3549]: network_thread: recv packet from 10.X.X.X, size = 101,
tunnel = 0, call = 0 ref=2 refhim=1
xl2tpd[3549]: sending with saref=1

If I enable klipsdebug, I get:

Jun  8 14:02:04 svbg3exvpn06 kernel: ipsec_sa_get: ipsec_sa f6a7d800
SA:esp.88ad1433 at 193.X.X.2, ref:1 reference count (3++) incremented by
ipsec_sa_getbyref:591.
Jun  8 14:02:04 svbg3exvpn06 kernel: ipsec_sa_put: ipsec_sa f6a7d800
SA:esp.88ad1433 at 193.X.X.2, ref:1 reference count (4--) decremented by
ip_cmsg_send_ipsec:143.
Jun  8 14:02:04 svbg3exvpn06 kernel: ipsec_sa_get: ipsec_sa f6a7d800
SA:esp.88ad1433 at 193.X.X.2, ref:1 reference count (3++) incremented by
ipsec_sa_getbyref:591.
Jun  8 14:02:04 svbg3exvpn06 kernel: ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=0 of SA:unk0:0@<invalid> requested.
Jun  8 14:02:04 svbg3exvpn06 kernel: ipsec_sa_getbyid: no entries in
ipsec_sa table for hash=0 of SA:unk0:0@<invalid>.
Jun  8 14:02:04 svbg3exvpn06 kernel: klips_debug:ipsec_xsm: no ipsec_sa
for SA: (error): outgoing packet with no SA dropped

Any idea on why Openswan is not able to find the correct saref and
therefore is unable to send answers?

Thanks.


More information about the Users mailing list