[Openswan Users] xl2tpd uses inactive mast0 interface

Fri Nov 12 04:33:07 EST 2010

Hi,

I have have done some more tests but I found no way to remove the mast0
interface.
Is there a hidden option to bypass all the MAST code? As mentioned
USE_MAST=false does not solve the problem.

Sven

On 11/8/2010 3:05 AM, Sven Schiwek wrote:
> Hi Paul,
> 
> thanks for your help.
> "ifconfig mast 0000 down" or "ifconfig mast0 down" does not resolve the
> problem. I think because the interface is already down.
> 
> I have recompiled Openswan with "USE_MAST=false" (I set this option in
> Makefile.in is this correct?) but the interface is still available (with
> ifconfig -a).
> 
> BTW: I have an error in "make minstall" (but an exitcode 0 !?) on a
> standard Debian Squeeze System (with default Kernel-Headers installed
> "apt-get install linux-headers-$(uname -r)"). I attached the Makefile
> output.
> 
> Sven
> 
> 
> 
> On 11/5/2010 5:14 PM, Paul Wouters wrote:
>> On Fri, 5 Nov 2010, Sven Schiwek wrote:
>>
>>> I have a problem with a l2tp connection.
>>> I have a W-Lan router connected to the Openswan server (via eth2),
>>> Openswan is listening on eth3. When I initiate a l2tp connection from a
>>> Windows 7 client via W-Lan the ipsec connection is coming up (not the
>>> l2tp
>>> part) but then I get this firewall log:
>>>
>>> Nov  5 10:51:21 misc1 kernel: [7155469.839899] iptables: INPUT deny
>>> IN=mast0 OUT=
>>> MAC=00:25:90:04:3d:cb:00:24:d7:01:d4:b8:08:00:45:00:00:8c:04:fa:00:00:80:11:e3:16:c0:a8:46:70:d5:dd:75:5a:06:a5:06:a5:00:78:f3:4f:c8:02:00:70:00:00:00:00:00:00:00:00:80:08
>>>
>>> SRC=192.168.70.112 DST=PUBLICIP LEN=140 TOS=0x00 PREC=0x00 TTL=128
>>> ID=1274
>>> PROTO=UDP SPT=1701 DPT=1701 LEN=120 MARK=0x80160000
>>>
>>> Yea, this is the mast0 interface but I have not enabled the saref patch
>>> (ipsec.conf -> protostack=klips) and (xl2tpd.conf -> ipsec saref = no) so
>>> why do I have traffic to this (disabled but available) interface?
>>> Openswan 2.6.31 is listening on the external interface 'eth3' - so I want
>>> to establish a connection from wlan-'eth2' to 'eth3'-Openswan.
>>
>> Can you try: ifconfig mast 0000 down
>>
>>> Btw. if I allow traffic on the (inactive) mast0 interface (no IP
>>> assigned)
>>> I get this xl2tpd messages:
>>
>>> $> tail -f /var/log/syslog
>>> Nov  5 11:54:15 misc1 xl2tpd[24410]: control_finish: Peer requested
>>> tunnel
>>> 11 twice, ignoring second one.
>>> Nov  5 11:54:15 misc1 xl2tpd[24410]: Connection 11 closed to
>>> 192.168.70.112, port 1701 (Timeout)
>>> Nov  5 11:54:20 misc1 xl2tpd[24410]: Unable to deliver closing message
>>> for
>>> tunnel 1946. Destroying anyway.
>>
>> hmm
>>
>>> Any help is greatly appreciated.
>>
>> I guess you can try recompiling with USE_MAST=false ?
>>
>> Perhaps we should add an option to the klips module to initiate the mast0
>> device or not when build as module?
>>
>> Paul
>>