[Openswan Users] xl2tpd uses inactive mast0 interface
ml-openswan at svenux.de
Fri Nov 12 04:33:07 EST 2010
I have have done some more tests but I found no way to remove the mast0
Is there a hidden option to bypass all the MAST code? As mentioned
USE_MAST=false does not solve the problem.
On 11/8/2010 3:05 AM, Sven Schiwek wrote:
> Hi Paul,
> thanks for your help.
> "ifconfig mast 0000 down" or "ifconfig mast0 down" does not resolve the
> problem. I think because the interface is already down.
> I have recompiled Openswan with "USE_MAST=false" (I set this option in
> Makefile.in is this correct?) but the interface is still available (with
> ifconfig -a).
> BTW: I have an error in "make minstall" (but an exitcode 0 !?) on a
> standard Debian Squeeze System (with default Kernel-Headers installed
> "apt-get install linux-headers-$(uname -r)"). I attached the Makefile
> On 11/5/2010 5:14 PM, Paul Wouters wrote:
>> On Fri, 5 Nov 2010, Sven Schiwek wrote:
>>> I have a problem with a l2tp connection.
>>> I have a W-Lan router connected to the Openswan server (via eth2),
>>> Openswan is listening on eth3. When I initiate a l2tp connection from a
>>> Windows 7 client via W-Lan the ipsec connection is coming up (not the
>>> part) but then I get this firewall log:
>>> Nov 5 10:51:21 misc1 kernel: [7155469.839899] iptables: INPUT deny
>>> IN=mast0 OUT=
>>> SRC=192.168.70.112 DST=PUBLICIP LEN=140 TOS=0x00 PREC=0x00 TTL=128
>>> PROTO=UDP SPT=1701 DPT=1701 LEN=120 MARK=0x80160000
>>> Yea, this is the mast0 interface but I have not enabled the saref patch
>>> (ipsec.conf -> protostack=klips) and (xl2tpd.conf -> ipsec saref = no) so
>>> why do I have traffic to this (disabled but available) interface?
>>> Openswan 2.6.31 is listening on the external interface 'eth3' - so I want
>>> to establish a connection from wlan-'eth2' to 'eth3'-Openswan.
>> Can you try: ifconfig mast 0000 down
>>> Btw. if I allow traffic on the (inactive) mast0 interface (no IP
>>> I get this xl2tpd messages:
>>> $> tail -f /var/log/syslog
>>> Nov 5 11:54:15 misc1 xl2tpd: control_finish: Peer requested
>>> 11 twice, ignoring second one.
>>> Nov 5 11:54:15 misc1 xl2tpd: Connection 11 closed to
>>> 192.168.70.112, port 1701 (Timeout)
>>> Nov 5 11:54:20 misc1 xl2tpd: Unable to deliver closing message
>>> tunnel 1946. Destroying anyway.
>>> Any help is greatly appreciated.
>> I guess you can try recompiling with USE_MAST=false ?
>> Perhaps we should add an option to the klips module to initiate the mast0
>> device or not when build as module?
More information about the Users